diff -Nru sudo-1.8.31/aclocal.m4 sudo-1.9.0/aclocal.m4 --- sudo-1.8.31/aclocal.m4 2020-01-30 12:52:41.000000000 +0000 +++ sudo-1.9.0/aclocal.m4 2020-05-11 16:28:22.000000000 +0000 @@ -1,6 +1,6 @@ -# generated automatically by aclocal 1.15.1 -*- Autoconf -*- +# generated automatically by aclocal 1.16.1 -*- Autoconf -*- -# Copyright (C) 1996-2017 Free Software Foundation, Inc. +# Copyright (C) 1996-2018 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -12,6 +12,261 @@ # PARTICULAR PURPOSE. m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])]) +# Copyright (C) 1999-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + + +# AM_PATH_PYTHON([MINIMUM-VERSION], [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +# --------------------------------------------------------------------------- +# Adds support for distributing Python modules and packages. To +# install modules, copy them to $(pythondir), using the python_PYTHON +# automake variable. To install a package with the same name as the +# automake package, install to $(pkgpythondir), or use the +# pkgpython_PYTHON automake variable. +# +# The variables $(pyexecdir) and $(pkgpyexecdir) are provided as +# locations to install python extension modules (shared libraries). +# Another macro is required to find the appropriate flags to compile +# extension modules. +# +# If your package is configured with a different prefix to python, +# users will have to add the install directory to the PYTHONPATH +# environment variable, or create a .pth file (see the python +# documentation for details). +# +# If the MINIMUM-VERSION argument is passed, AM_PATH_PYTHON will +# cause an error if the version of python installed on the system +# doesn't meet the requirement. MINIMUM-VERSION should consist of +# numbers and dots only. +AC_DEFUN([AM_PATH_PYTHON], + [ + dnl Find a Python interpreter. Python versions prior to 2.0 are not + dnl supported. (2.0 was released on October 16, 2000). + m4_define_default([_AM_PYTHON_INTERPRETER_LIST], +[python python2 python3 dnl + python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 dnl + python3.2 python3.1 python3.0 dnl + python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 dnl + python2.0]) + + AC_ARG_VAR([PYTHON], [the Python interpreter]) + + m4_if([$1],[],[ + dnl No version check is needed. + # Find any Python interpreter. + if test -z "$PYTHON"; then + AC_PATH_PROGS([PYTHON], _AM_PYTHON_INTERPRETER_LIST, :) + fi + am_display_PYTHON=python + ], [ + dnl A version check is needed. + if test -n "$PYTHON"; then + # If the user set $PYTHON, use it and don't search something else. + AC_MSG_CHECKING([whether $PYTHON version is >= $1]) + AM_PYTHON_CHECK_VERSION([$PYTHON], [$1], + [AC_MSG_RESULT([yes])], + [AC_MSG_RESULT([no]) + AC_MSG_ERROR([Python interpreter is too old])]) + am_display_PYTHON=$PYTHON + else + # Otherwise, try each interpreter until we find one that satisfies + # VERSION. + AC_CACHE_CHECK([for a Python interpreter with version >= $1], + [am_cv_pathless_PYTHON],[ + for am_cv_pathless_PYTHON in _AM_PYTHON_INTERPRETER_LIST none; do + test "$am_cv_pathless_PYTHON" = none && break + AM_PYTHON_CHECK_VERSION([$am_cv_pathless_PYTHON], [$1], [break]) + done]) + # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON. + if test "$am_cv_pathless_PYTHON" = none; then + PYTHON=: + else + AC_PATH_PROG([PYTHON], [$am_cv_pathless_PYTHON]) + fi + am_display_PYTHON=$am_cv_pathless_PYTHON + fi + ]) + + if test "$PYTHON" = :; then + dnl Run any user-specified action, or abort. + m4_default([$3], [AC_MSG_ERROR([no suitable Python interpreter found])]) + else + + dnl Query Python for its version number. Getting [:3] seems to be + dnl the best way to do this; it's what "site.py" does in the standard + dnl library. + + AC_CACHE_CHECK([for $am_display_PYTHON version], [am_cv_python_version], + [am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[[:3]])"`]) + AC_SUBST([PYTHON_VERSION], [$am_cv_python_version]) + + dnl Use the values of $prefix and $exec_prefix for the corresponding + dnl values of PYTHON_PREFIX and PYTHON_EXEC_PREFIX. These are made + dnl distinct variables so they can be overridden if need be. However, + dnl general consensus is that you shouldn't need this ability. + + AC_SUBST([PYTHON_PREFIX], ['${prefix}']) + AC_SUBST([PYTHON_EXEC_PREFIX], ['${exec_prefix}']) + + dnl At times (like when building shared libraries) you may want + dnl to know which OS platform Python thinks this is. + + AC_CACHE_CHECK([for $am_display_PYTHON platform], [am_cv_python_platform], + [am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`]) + AC_SUBST([PYTHON_PLATFORM], [$am_cv_python_platform]) + + # Just factor out some code duplication. + am_python_setup_sysconfig="\ +import sys +# Prefer sysconfig over distutils.sysconfig, for better compatibility +# with python 3.x. See automake bug#10227. +try: + import sysconfig +except ImportError: + can_use_sysconfig = 0 +else: + can_use_sysconfig = 1 +# Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs: +# +try: + from platform import python_implementation + if python_implementation() == 'CPython' and sys.version[[:3]] == '2.7': + can_use_sysconfig = 0 +except ImportError: + pass" + + dnl Set up 4 directories: + + dnl pythondir -- where to install python scripts. This is the + dnl site-packages directory, not the python standard library + dnl directory like in previous automake betas. This behavior + dnl is more consistent with lispdir.m4 for example. + dnl Query distutils for this directory. + AC_CACHE_CHECK([for $am_display_PYTHON script directory], + [am_cv_python_pythondir], + [if test "x$prefix" = xNONE + then + am_py_prefix=$ac_default_prefix + else + am_py_prefix=$prefix + fi + am_cv_python_pythondir=`$PYTHON -c " +$am_python_setup_sysconfig +if can_use_sysconfig: + sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'}) +else: + from distutils import sysconfig + sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix') +sys.stdout.write(sitedir)"` + case $am_cv_python_pythondir in + $am_py_prefix*) + am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'` + am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"` + ;; + *) + case $am_py_prefix in + /usr|/System*) ;; + *) + am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages + ;; + esac + ;; + esac + ]) + AC_SUBST([pythondir], [$am_cv_python_pythondir]) + + dnl pkgpythondir -- $PACKAGE directory under pythondir. Was + dnl PYTHON_SITE_PACKAGE in previous betas, but this naming is + dnl more consistent with the rest of automake. + + AC_SUBST([pkgpythondir], [\${pythondir}/$PACKAGE]) + + dnl pyexecdir -- directory for installing python extension modules + dnl (shared libraries) + dnl Query distutils for this directory. + AC_CACHE_CHECK([for $am_display_PYTHON extension module directory], + [am_cv_python_pyexecdir], + [if test "x$exec_prefix" = xNONE + then + am_py_exec_prefix=$am_py_prefix + else + am_py_exec_prefix=$exec_prefix + fi + am_cv_python_pyexecdir=`$PYTHON -c " +$am_python_setup_sysconfig +if can_use_sysconfig: + sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'}) +else: + from distutils import sysconfig + sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix') +sys.stdout.write(sitedir)"` + case $am_cv_python_pyexecdir in + $am_py_exec_prefix*) + am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'` + am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"` + ;; + *) + case $am_py_exec_prefix in + /usr|/System*) ;; + *) + am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages + ;; + esac + ;; + esac + ]) + AC_SUBST([pyexecdir], [$am_cv_python_pyexecdir]) + + dnl pkgpyexecdir -- $(pyexecdir)/$(PACKAGE) + + AC_SUBST([pkgpyexecdir], [\${pyexecdir}/$PACKAGE]) + + dnl Run any user-specified action. + $2 + fi + +]) + + +# AM_PYTHON_CHECK_VERSION(PROG, VERSION, [ACTION-IF-TRUE], [ACTION-IF-FALSE]) +# --------------------------------------------------------------------------- +# Run ACTION-IF-TRUE if the Python interpreter PROG has version >= VERSION. +# Run ACTION-IF-FALSE otherwise. +# This test uses sys.hexversion instead of the string equivalent (first +# word of sys.version), in order to cope with versions such as 2.2c1. +# This supports Python 2.0 or higher. (2.0 was released on October 16, 2000). +AC_DEFUN([AM_PYTHON_CHECK_VERSION], + [prog="import sys +# split strings by '.' and convert to numeric. Append some zeros +# because we need at least 4 digits for the hex conversion. +# map returns an iterator in Python 3.0 and a list in 2.x +minver = list(map(int, '$2'.split('.'))) + [[0, 0, 0]] +minverhex = 0 +# xrange is not present in Python 3.0 and range returns an iterator +for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[[i]] +sys.exit(sys.hexversion < minverhex)" + AS_IF([AM_RUN_LOG([$1 -c "$prog"])], [$3], [$4])]) + +# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_RUN_LOG(COMMAND) +# ------------------- +# Run COMMAND, save the exit status in ac_status, and log it. +# (This has been adapted from Autoconf's _AC_RUN_LOG macro.) +AC_DEFUN([AM_RUN_LOG], +[{ echo "$as_me:$LINENO: $1" >&AS_MESSAGE_LOG_FD + ($1) >&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD + (exit $ac_status); }]) + m4_include([m4/ax_append_flag.m4]) m4_include([m4/ax_check_compile_flag.m4]) m4_include([m4/ax_check_link_flag.m4]) diff -Nru sudo-1.8.31/autogen.sh sudo-1.9.0/autogen.sh --- sudo-1.8.31/autogen.sh 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/autogen.sh 2020-05-11 16:28:22.000000000 +0000 @@ -4,7 +4,7 @@ # If the user hasn't chosen one themselves, we do here. if [ "`/usr/bin/uname 2>&1`" = "OpenBSD" ]; then if [ X"$AUTOMAKE_VERSION" = X"" ]; then - AUTOMAKE_VERSION=1.15; export AUTOMAKE_VERSION + AUTOMAKE_VERSION=1.16; export AUTOMAKE_VERSION fi if [ X"$AUTOCONF_VERSION" = X"" ]; then AUTOCONF_VERSION=2.69; export AUTOCONF_VERSION diff -Nru sudo-1.8.31/ChangeLog sudo-1.9.0/ChangeLog --- sudo-1.8.31/ChangeLog 2020-01-30 12:56:19.000000000 +0000 +++ sudo-1.9.0/ChangeLog 2020-05-11 16:29:28.000000000 +0000 @@ -1,26642 +1,27960 @@ -2020-01-30 Todd C. Miller +2020-05-11 Todd C. Miller * .hgtags: - Added tag SUDO_1_8_31 for changeset d14f7d0f6174 - [57a9df806149] [tip] <1.8> + Added tag SUDO_1_9_0 for changeset 706d726a2f8e + [d1f2b4ee59d5] [tip] <1.9> - * configure, configure.ac, doc/LICENSE: - Sudo 1.8.31 - [d14f7d0f6174] [SUDO_1_8_31] <1.8> + * MANIFEST, include/sudo_iolog.h, include/sudo_util.h, + lib/iolog/Makefile.in, lib/iolog/host_port.c, + lib/iolog/regress/host_port/host_port_test.c, lib/util/Makefile.in, + lib/util/host_port.c, lib/util/regress/host_port/host_port_test.c, + lib/util/util.exp.in, logsrvd/logsrvd_conf.c, + plugins/sudoers/iolog_client.c: + Rename sudo_parse_host_port -> iolog_parse_host_port and mv to + lib/iolog It is not used outside of the I/O log client and server + and the host:port syntax may change in the future. + [706d726a2f8e] [SUDO_1_9_0] -2020-01-29 Todd C. Miller + * plugins/sudoers/sudoreplay.c: + Remove duplicate inclusion of time.h + [f560858325d5] - * NEWS: - Sudo 1.8.31 changes. - [56a903dbf5a0] <1.8> +2020-05-08 Todd C. Miller - * src/tgetpass.c: - Fix a buffer overflow when pwfeedback is enabled and input is a not - a tty. In getln() if the user enters ^U (erase line) and the - write(2) fails, the remaining buffer size is reset but the current - pointer is not. While here, fix an incorrect break for erase when - write(2) fails. Also disable pwfeedback when input is not a tty as - it cannot work. CVE-2019-18634 Credit: Joe Vennix from Apple - Information Security. - [84640592b0ff] <1.8> + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c, + plugins/sudoers/iolog_client.c: + Only enable TLS listener by default if we have a cert for it. We + want the log server to work with the default configuration. If the + default certificate path exists, it will be used with the default + listener. If the user explicitly enabled a TLS listener we always + attempt to use it. If TLS was specified but no cert file was set, + the default location will be used (and an error will occur if the + cert cannot be loaded). + [16ade34c38ee] -2020-01-28 Todd C. Miller +2020-05-07 Todd C. Miller - * lib/util/getentropy.c: - Allow getentropy.c to compile when MAP_ANON is unavailable. - [32676c5ab0fe] <1.8> + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen for 1.9.0 final + [99e507035253] - * MANIFEST, lib/util/Makefile.in, lib/util/arc4random.c, - lib/util/arc4random.h: - Remove multi-thread support from arc4random. Sudo is not multi- - threaded so we don't need the added complexity. - [50d219f43811] <1.8> + * logsrvd/Makefile.in: + regen + [555d817825b0] - * lib/util/arc4random.h, lib/util/getentropy.c: - Backed out changeset 1371cff82ebd MAP_SGI_ANYADDR cannot be used in - place of MAP_ANON - [b71b2f99ab82] <1.8> + * doc/sudo.man.in, doc/sudo.mdoc.in, src/parse_args.c: + The --preserve-env=list option may be specified more than once. + [8066a9d1b04b] -2020-01-27 Todd C. Miller + * doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in: + Quiet some warnings from igor. + [4df4fd274023] - * lib/util/arc4random.h, lib/util/getentropy.c: - Fix compilation on IRIX; Bug #915 IRIX lacks MAP_ANON (and - MAP_ANONYMOUS) but we can use the IRIX-specific flag MAP_SGI_ANYADDR - instead. From Kazuo Kuroi - [1371cff82ebd] <1.8> + * MANIFEST, Makefile.in, etc/codespell.exclude, etc/codespell.ignore, + etc/codespell.skip: + Plumb in codespell with a "make spell" target. + [4b1de7ee8648] + + * configure, configure.ac, install-sh: + Fix a few more typos. + [d22a8c46c743] + +2020-05-06 Todd C. Miller + + * NEWS, doc/sudo.man.in, doc/sudo.mdoc.in, src/parse_args.c: + Don't allow duplicate values for command line options that take an + argument. Previously, if multiple instances of the same command line + option were specified, the last one would be used. This meant that, + for example, "sudo -u someuser -u otheruser id" would run the + command as "otheruser". This has the potential to cause problems for + programs that run sudo with a user-specified command that do not use + the "--" option to indicate that no more options should be + processed. While this is a bug in the calling program, there is + little downside to erroring out when multiple options of the same + type are specified on the command line. Bug #924 + [66e2612e7672] -2020-01-24 Todd C. Miller + * NEWS: + Debian bug #734752 + [d3285c45ac4b] - * plugins/sudoers/check.c: - Fix crash in sudo 1.8.30 when suspending sudo at the password - prompt. The closure pointer in sudo_conv_callback was being filled - in with a struct getpass_closure ** instead of a struct - getpass_closure *. The bug was introduced in the fix for Bug #910; - previously the closure variable was a struct getpass_closure, not a - pointer. Fix from Michael Norton; Bug #914. - [d792c6769a98] <1.8> + * src/sudo.c, src/sudo.h: + Look up runas user by name, not euid, where possible. Fixes a + problem when there are multiple users with the same user-ID where + the PAM session modules could be called with the wrong user name. + Debian bug #734752 + [b45608f29a02] -2020-01-16 Todd C. Miller + * src/sesh.c: + Fix ironic typo in spelling fixes. Bug #925 + [73de90df6ff9] - * src/sudo_edit.c: - Treat EROFS (like EACCES) as a non-fatal error in dir_is_writable(). - Fixes sudoedit on macOS 10.15 and above where the root file system - is mounted read-only. See https://support.apple.com/en-us/HT210650. - From Dan Villiom Podlaski Christiansen. Bug #913 - [b5ba461a0c1c] <1.8> + * scripts/pp: + Sync PolyPkg from upstream. + [ac5e4b830177] + + * NEWS, TODO, config.h.in, configure.ac, + doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in, + etc/sudo.pp, include/compat/getaddrinfo.h, include/sudo_event.h, + include/sudo_util.h, lib/util/fnmatch.c, lib/util/getaddrinfo.c, + lib/util/regress/vsyslog/vsyslog_test.c, logsrvd/logsrvd.c, + plugins/audit_json/audit_json.c, + plugins/python/example_debugging.py, + plugins/python/regress/check_python_examples.c, + plugins/python/regress/testhelpers.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_client.c, plugins/sudoers/parse.h, + plugins/sudoers/pwutil.h, + plugins/sudoers/regress/cvtsudoers/test30.sh, scripts/mkdep.pl, + src/exec.c, src/exec_monitor.c, src/exec_pty.c, src/sesh.c: + Apply spelling fixes. Fixes from PR #30 (ka7) and Bug #925 + (fossies.org codespell) + [1fb13dc3991b] + +2020-05-05 Todd C. Miller + + * Makefile.in, etc/sudo-python.pp: + Use the proper python version in the libpython dependency on Debian. + The configure script already detects the python version, we just + need to use it. + [4e49c53f206f] -2020-01-11 Todd C. Miller + * plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, po/ja.mo, + po/ja.po, po/sv.mo, po/sv.po: + Updated translations from translationproject.org + [abdb2d6fe7cb] - * src/sudo_edit.c: - For sudoedit_checkdir consider a user-owner directory to be - writable. The non-faccessat() code already did this so this just - brings the faccessat() path into alignment. Bug #912 - [78d401155aa6] <1.8> + * NEWS: + Bug #922 and Bug #923 + [7a77f74c436f] -2019-12-31 Todd C. Miller +2020-05-04 Todd C. Miller - * .hgtags: - Added tag SUDO_1_8_30 for changeset 19286fe67981 - [062dfc2927a1] <1.8> + * etc/sudo.pp: + Fix Debian ldap dependency broken in last commit. + [4980b1b653ef] + + * etc/sudo.pp: + Fix "make package" on Debian when linux_audit is not set. + [a00d7dec5821] + + * doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in, + include/log_server.pb-c.h, lib/logsrv/log_server.pb-c.c, + lib/logsrv/log_server.proto, logsrvd/logsrvd.c, logsrvd/sendlog.c, + plugins/sudoers/iolog_client.c: + Add a ClientHello message that client sends to the server. This + makes it easier to detect a plaintext client sending to a TLS port. + Without this, the TLS server will be silent as it waits for the + client to initiate the TLS connection. + [22c033bcf456] + + * logsrvd/sendlog.c, plugins/sudoers/iolog_client.c: + Better error messages when there is a problem with the TLS + connection. If SSL_read, SSL_write or SSL_connect fails we can use + the reason string to let the user know what the problem is. + [92f603e37e40] + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + logsrvd/logsrvd_conf.c: + Make the default certificate and key paths match the example file. + [f642836bfcf0] + + * logsrvd/logsrvd.c, plugins/sudoers/iolog_client.c: + Warn about tls errors during startup so the user has a clue. We + write messages to stderr until we become a daemon. + [25ad61aa7dab] + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, include/log_server.pb-c.h, + lib/logsrv/log_server.pb-c.c, lib/logsrv/log_server.proto, + logsrvd/logsrvd.c, logsrvd/sendlog.c: + Remove the tls parameter from the ServerHello message. The TLS + connection is now initiated before ServerHello is received. + [9d8b76f14cda] - * doc/UPGRADE: - fix typo in previous - [19286fe67981] [SUDO_1_8_30] <1.8> + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h, + plugins/sudoers/policy.c: + Adapt sudoers iolog client to log server dual port changes. The TLS + handshake now occurs before the ServerHello message is read. This + fixes potential man-in-the-middle attacks and works better with TLS + 1.3. + [8137b029a3fe] + + * doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in, + doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + examples/sudo_logsrvd.conf, logsrvd/logsrv_util.h, + logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, + logsrvd/sendlog.c: + Use port 30343 for plaintext and port 30344 for TLS. For TLS + connections we now do the TLS handshake immediately before the + ServerHello message. This lets the client recieve an alert from the + server is there is a handshake error after the TLS connect has + succeeded. It also means that the contents of the ServerHello are + protected from a man-in-the-middle attack. + [bb4d8b57b3dd] + + * include/sudo_util.h, lib/util/host_port.c, + lib/util/regress/host_port/host_port_test.c, logsrvd/logsrvd_conf.c, + plugins/sudoers/iolog_client.c: + Add support for a tls flag in sudo_parse_host_port(). If the string + "(tls)" appears at the end, the tls flag is set to true and the + default tls port is used if necessary. + [f0d9a225cd75] + + * logsrvd/sendlog.c, plugins/sudoers/iolog_client.c: + Plug memory leaks in sudo_sendlog + [886254bcae6a] + + * lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c: + Handle EAGAIN like we do ENOMEM from poll() and select(). On some + systems, poll() and select() can return EAGAIN instead of ENOMEM if + there is a kernel resource shortage. In this case we just re-enter + the event loop and retry. + [048df2548dcc] + +2020-05-03 Todd C. Miller * configure, configure.ac: - Sudo 1.8.30 - [a2f006190698] <1.8> + Use the --embed when running "python3-config --ldflags" if + supported. Newer versions of python3-config only include libpython + in the output when the --embed is used. Otherwise, "python3-config + --libs" and "python3-config --ldflags" only list the libraries + python is dependent on and not the python library itself. + [d90dc892c726] + +2020-04-30 Todd C. Miller + + * logsrvd/sendlog.c, plugins/sudoers/iolog_client.c: + On error, remove the connection with an error without freeing the + closure. Fixes the final message at the end when there is a network + error. + [0e1952eb707b] - * NEWS, doc/UPGRADE: - Changes in sudo 1.8.30 - [1e84449b338d] <1.8> + * lib/util/event_poll.c: + Do not call poll(2) or ppoll(2) with nfds > RLIMIT_NOFILE. Both + poll(2) and ppoll(2) will return EINVAL if the nfds function + argument is larger than the max files per process resource limit. + Prevent this by limiting the max number entries in the pfds[] array + to the RLIMIT_NOFILE soft limit. + [ab0f798bb024] -2019-12-26 Todd C. Miller +2020-04-29 Todd C. Miller - * plugins/sudoers/def_data.h: - Regenerate def_data.h, I_RUNAS_CHECK_SHELL should be 118, not 123. - From Zhang Xiao - [2f5a0086a76a] <1.8> + * include/sudo_event.h, lib/util/event.c: + The timeout parameter of sudo_ev_add() should be const. + [de85c8897aad] -2019-12-25 Todd C. Miller +2020-04-28 Todd C. Miller - * src/limits.c: - Use 64-bit resource limits on AIX. - [5912858111bb] <1.8> + * plugins/sudoers/iolog_client.c: + Don't free TLS on error in tls_init(), it is freed in + client_closure_free(). Fixes a double free on error introduced with + the TLS state cleanup in client_closure_free(). + [f1b478f2ec13] + + * logsrvd/logsrvd.c: + Check for tls_config->dhparams_path being non-NULL before using it. + [09348a25bfd2] + +2020-04-23 Todd C. Miller + + * doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in: + Document the TLS and test options. + [e5f6b6c46c25] + + * logsrvd/sendlog.c: + Allow -t option even without OpenSSL Also add -t to the usage + message + [d874c9a67ed6] + + * logsrvd/sendlog.c: + Use sudo_strtonum() instead of relying on strtoll(). Older, pre-C99, + systems may not include strtoll() in their C library. + [a1a610bbe022] + + * include/protobuf-c/protobuf-c.h: + Allow this to build on systems without stdint.h by using config.h. + Old, pre-C99, systems may have inttypes.h but not stdint.h. + [72e603875b82] + +2020-04-22 Todd C. Miller + + * etc/sudo-logsrvd.pp, scripts/pp: + Fix support for pp_systemd_disabled and check for systemd existence. + On our build schroots we don't have systemctl installed but do have + the /etc/systemd and /lib/systemd (or /usr/lib/systemd) directories. + [93917f4130b0] + + * etc/sudo-logsrvd.pp: + Set pp_macos_service_id instead of + pp_macos_default_service_id_prefix. It is only effective to set + pp_macos_default_service_id_prefix in the indivisual %service + sections (and not %set) so we may was well use pp_macos_service_id + which includes the service name. + [84ccf13e7076] + + * etc/sudo-logsrvd.pp: + Set launchd service id prefix to "ws.sudo." The default value in + PolyPkg is "com.quest.rc." + [eb581d74573e] + + * scripts/pp: + Fix macOS package creation. + [556c0051c0fc] + +2020-04-21 Todd C. Miller + + * plugins/sudoers/iolog_client.c: + Shut down the TLS connection cleanly in client_closure_free(). Also + free the SSL data which is part of the client closure. + [258ec8832cbd] + + * src/exec_monitor.c, src/exec_nopty.c, src/selinux.c, src/sudo.c, + src/sudo.h, src/sudo_edit.c, src/sudo_exec.h: + Fix sudoedit when running with SELinux RBAC mode. We can't use + run_command() to run sesh, that will use the sudo event loop (and + might run it in a pty!). There's no need to relabel the tty when + copying files. Get the path to sesh from sudo.conf. + + Currently, for SELinux RBAC, the editor runs with the target user's + security context. This defeats the purpose of sudoedit. Fixing that + requires passing file descriptors between the main sudo process + (running with the invoking user's security context) and sesh + (runnning with the target user's security context). + [81c9ec600894] + + * MANIFEST, src/Makefile.in, src/copy_file.c, src/sesh.c, + src/sudo_edit.c, src/sudo_exec.h: + Refactor the sudoedit code to copy files so it can be shared. The + SELinux sudoedit code now extends the destination file the same way + the non-SELinux version does. + [82c44299309e] - * src/limits.c: - When restoring old resource limits, try to recover if we receive - EINVAL. On NetBSD, setrlimit(2) can return EINVAL if the new soft - limit is lower than the current resource usage. This can be a - problem when restoring the old stack limit if sudo has raised it. - [29bcc747a988] <1.8> + * src/sudo_edit.c: + Do not remove sudoedit temporary files if we cannot overwrite the + real file. The warning message says the files were preserved but + they actually got removed. + [685f2de6bb2e] - * src/limits.c: - Sudo doesn't require such a large stack. - [05b16a7546f8] <1.8> + * include/compat/glob.h, lib/util/glob.c: + Make gl_pathc, gl_matchc and gl_offs size_t in glob_t to match + POSIX. + [c3586082d3ea] + + * scripts/pp: + Only remove the systemd unit service file if we copied it manually. + If the service file was installed as part of the package it will be + removed automatically when the package is uninstalled. + [e98e1493c5bf] + +2020-04-20 Todd C. Miller + + * doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in: + Document TLS settings in ServerHello + [22ae16f41585] - * plugins/sudoers/Makefile.in: - Restore check for readable /etc/sudoers in pre-install target. If - there is no installed sudoers there is nothing to check... - [15d85f56a780] <1.8> +2020-04-17 Todd C. Miller - * config.h.in, configure, configure.ac: - Enable OpenBSD extensions on NetBSD to get reallocarray(3) - prototype. - [18b54eb14231] <1.8> + * src/sudo_edit.c: + Extend the original file before to the new size before updating it. + Instead of opening the original file for writing w/ tuncation, we + first extend the file with zeroes (by writing, not seeking), then + overwrite it. This should allow sudo to fail early if the disk is + out of space before it overwrites the original file. + [aef4db03e9e1] - * include/sudo_event.h: - Add forward declaration of struct timeval for deprecated APIs. - [7445ee8e2ec9] <1.8> + * src/sudo.c: + I/O log plugins should be closed *before* the policy plugin, not + after. + [dec6fccf63d4] - * lib/util/sig2str.c, lib/util/str2sig.c: - Fix compilation on systems with SIGRTMIN/SIGRTMAX but not - _SC_RTSIG_MAX. - [5abea9a42fdc] <1.8> + * plugins/sudoers/set_perms.c: + Fix typo + [82b0efbb6c26] - * include/sudo_compat.h: - Older systems may not support WCONTINUED. - [c8aa5924b42b] <1.8> + * plugins/sudoers/iolog.c: + Only display error string once on I/O error. We already include the + error string in the format so no need to use errno too. + [59795855d6a2] - * plugins/sudoers/logging.c: - Support systems that have nl_langinfo(3) but not the CODESET define. - Fixes compilation on old NetBSD versions. - [5435d054b427] <1.8> + * plugins/sudoers/iolog.c, plugins/sudoers/policy.c: + Free passwd and group caches in I/O plugin after log_warning(), not + before. The logging functions may try to use the cache via + set_perms(PERM_ROOT). + [652b925b9658] - * plugins/sudoers/starttime.c: - Fix a typo; HAVE_KINFO_PROC2_NETBSD not HAVE_KINFO_PROC2_NETBSD2 - [59e8a0eab142] <1.8> +2020-04-17 Laszlo Orban -2019-12-18 Todd C. Miller + * logsrvd/logsrvd.c: + add missing shudown of TLS connection + [14b25a0f4f6b] - * plugins/sudoers/sudoers.c, src/limits.c: - Output the name of the limit when warning about setrlimit or - getrlimit. From Kimmo Suominen. - [31b1ee0352ac] <1.8> +2020-04-16 Todd C. Miller -2019-12-11 Todd C. Miller + * etc/sudo-logsrvd.pp, scripts/pp: + Disable systemd support on Linux systems that don't use it. + [3c01c91dbfb2] - * src/selinux.c: - Save/restore the raw form of the file context in case mctrans is not - available. - [614f2b6a358e] <1.8> +2020-04-14 Todd C. Miller -2019-12-09 Todd C. Miller + * configure, configure.ac: + 1.9.0 final + [acf3b4592384] - * MANIFEST, config.h.in, configure, configure.ac, doc/sudoers.man.in, - doc/sudoers.mdoc.in, include/sudo_compat.h, lib/util/Makefile.in, - lib/util/getusershell.c, mkdep.pl, plugins/sudoers/check.c, - plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, - plugins/sudoers/def_data.in, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h: - Add runas_check_shell flag to require a runas user to have a valid - shell. Not enabled by default. - [ed6db31729cd] <1.8> + * etc/sudo-logsrvd.pp, scripts/pp: + Update PolyPkg from my branch with systemd support. + [a7a487496209] + +2020-04-09 Todd C. Miller + + * plugins/python/example_conversation.py, + plugins/python/example_io_plugin.py, plugins/python/regress/testdata + /check_example_io_plugin_fails_with_python_backtrace.stdout: + If the signal.Signals enum is not present, search the dictionary. + The Signals enum was added in Python 3.5. If it is not present we + need to iterate over the dictionary items, looking for signal name + to number mappings. Fixes the signal tests with Python 3.4. + [22811794ed46] + + * plugins/python/regress/check_python_examples.c, + plugins/python/sudo_python_module.c: + Python dictionaries are sparse so we cannot use pos as an index. + When converting sudo options from a dictionary to a tuple we need to + track the current index into the tuple separately from the position + of the dictionary entry. + [07cb8a0c7f21] + +2020-04-08 Todd C. Miller + + * etc/sudo-logsrvd.pp: + Fix handling of /etc/sudo_logsrvd.conf in the sudo-logsrvd package. + For rpm and deb we include the file directly and mark it volatile. + For all others we copy it in the postinstall script from the example + dir if the file doesn't already exist. + [83264a96b923] + + * scripts/mkpkg: + Check for the Sun Studio C compiler on Solaris under /opt. Also + intialize with_python to false. + [52e28d55f9a6] - * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, - plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, - plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c: - Add a new flag "allow_unknown_runas_id" to control matching of - unknown IDs. Previous, sudo would always allow unknown user or group - IDs if the sudoers entry permitted it. This included the "ALL" - alias. With this change, the admin must explicitly enable support - for unknown IDs. - [c571f211f131] <1.8> + * po/sudo.pot: + regen + [faaacb7777d4] -2019-12-04 Todd C. Miller + * lib/util/parseln.c: + Explicitly include stdio.h for getdelim(3) + [3b0bff3ef388] - * plugins/sudoers/check.c: - Only update the time stamp entry after the approval function has - succeeded. Bug #910 - [b8df50a7c3ee] <1.8> + * logsrvd/logsrvd.c: + Reload sudo.conf upon SIGUP This makes it possible to update the + Debug settings in sudo.conf and have them take effect on reload. + [9fb7baf9a3ad] + + * logsrvd/logsrvd.c, logsrvd/sendlog.c, + plugins/sudoers/iolog_client.c: + Store the result of ERR_get_error() so we can use it for both warn + and debug. Otherwise, only the debug framework gets the actual error + and the user won't see the problem. + [039565f16d13] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c: + Disable IPv4-mapped IPv6 addresses in the listener. Also store the + host + port string and use it in error messages. + [3fbac477ef6b] + + * configure, configure.ac, examples/Makefile.in: + Install the example sudo_logsrvd.conf unless one already exists + [89c41b936c44] + +2020-04-07 Todd C. Miller + + * examples/sudo_logsrvd.conf: + Make the path to logsrvd_cert.pem match the documentation. + [b2a45e7c9cdb] + + * etc/sudo-logsrvd.pp, logsrvd/logsrvd.c: + Create the pid file parent directory if it doesn't already exist. + Also package the run directory in the sudo_logsrvd PolyPkg file. + [ac8b573e8545] -2019-11-20 Todd C. Miller + * configure, configure.ac: + Sudo 1.9.0rc1 + [7d437646afc2] - * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, - plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, - plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, - plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, - plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, - plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo, - po/cs.po, po/fi.mo, po/fi.po, po/nb.mo, po/nb.po, po/zh_CN.mo, - po/zh_CN.po: - Updated translations from translationproject.org - [df05f0166963] <1.8> + * MANIFEST: + Include all python plugin files in MANIFEST, not the directory + itself. + [4aa09dd70b9e] -2019-11-19 Todd C. Miller + * plugins/python/example_approval_plugin.py, + plugins/python/example_audit_plugin.py, + plugins/python/example_group_plugin.py, + plugins/python/example_io_plugin.py, + plugins/python/example_policy_plugin.py, plugins/python/regress/test + data/check_example_io_plugin_fails_with_python_backtrace.stdout: + Avoid using typing annotations so tests run with Python 3.4. + [88b7048bc4a6] + + * plugins/python/python_plugin_common.c, plugins/python/regress/testda + ta/check_loading_fails_missing_classname.stderr: + Sort the list of possible plugins before printing it. This gives + more reproducible error messages for the tests. + [ea33f4970268] + + * plugins/python/regress/iohelpers.h, plugins/python/regress/testdata/ + check_example_group_plugin_is_able_to_debug.log, plugins/python/regr + ess/testdata/check_example_io_plugin_command_log.stored, plugins/pyt + hon/regress/testdata/check_example_io_plugin_command_log_multiple1.s + tored, plugins/python/regress/testdata/check_example_io_plugin_comma + nd_log_multiple2.stored, plugins/python/regress/testdata/check_examp + le_io_plugin_failed_to_start_command.stored, plugins/python/regress/ + testdata/check_example_io_plugin_fails_with_python_backtrace.stderr, + plugins/python/regress/testdata/check_loading_fails_wrong_path.stder + r, plugins/python/regress/testdata/check_multiple_approval_plugin_an + d_arguments.stdout, plugins/python/regress/testdata/check_python_plu + gins_do_not_affect_each_other.stdout, + plugins/python/regress/testhelpers.h: + Use regular expressions when matching expected and actual text. + [f2562728481a] + + * plugins/python/regress/iohelpers.h, plugins/python/regress/testdata/ + check_example_debugging_c_calls@info.log, plugins/python/regress/tes + tdata/check_example_debugging_plugin@info.log, + plugins/python/regress/testhelpers.c: + Use regex to match __init__.py instead of hacking it in + verify_log_lines() + [8bf71289e585] + + * plugins/python/pyhelpers.c, plugins/python/python_plugin_common.c, + plugins/python/regress/check_python_examples.c, + plugins/python/regress/iohelpers.c, + plugins/python/regress/plugin_approval_test.py, plugins/python/regre + ss/testdata/check_example_debugging_c_calls@diag.log, plugins/python + /regress/testdata/check_example_debugging_c_calls@info.log, plugins/ + python/regress/testdata/check_example_debugging_py_calls@diag.log, p + lugins/python/regress/testdata/check_example_debugging_py_calls@info + .log, plugins/python/regress/testdata/check_example_policy_plugin_va + lidate_invalidate.log, plugins/python/regress/testdata/check_loading + _fails_wrong_classname.stderr, plugins/python/regress/testdata/check + _multiple_approval_plugin_and_arguments.stdout, + plugins/python/regress/testhelpers.h: + Make most python tests pass with Python 3.4 Dictionary order is not + stable in Python < 3.6 so we need to sort by key to have consistent + results. The LogHandler output is also different on older Python + versions. Also, don't stop running python tests after the first + error. + [aaa06cb5fac1] - * plugins/group_file/plugin_test.c: - Sync with argument handling in group_plugin.c - [3ade83ffbf05] <1.8> + * plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c: + Increase the maximum delay again for slower systems. Otherwise we + may get a spurious test failure. + [6660908aa93d] + + * plugins/python/Makefile.in, plugins/sudoers/Makefile.in, + scripts/mkdep.pl: + Handle dependencies for .h files in the same directory as the + source. Fixes missing header dependencies for the sudoers and python + plugins. + [3109dd5cf61e] + + * etc/sudo.pp: + Remove bits for Tru64 kit-style packages + [0e9a9580d76c] + + * MANIFEST, Makefile.in, configure, configure.ac, etc/sudo-logsrvd.pp, + etc/sudo-python.pp, etc/sudo.pp: + Split sudo_logsrvd and the python plugin into their own packages. + [9aee8247f0ba] + + * scripts/mkpkg: + Build python packages where possible. + [7a2b993bb8ac] + +2020-04-06 Todd C. Miller + + * plugins/sudoers/iolog_client.c: + Don't pass a NULL submitcwd or ttyname value to the server. It is + possible for the cwd and/or tty to be missing. If we send a NULL + pointer to the server where it expects a string the AcceptMessage + will fail to parse. + [4f96d1c6e41c] - * plugins/sudoers/group_plugin.c: - If a group plugin has optional arguments, NULL terminate the vector. - Otherwise, the plugin cannot determine the end of arguments. The - behavior now matches the plugin documentation. - [518382245a88] <1.8> + * include/sudo_plugin.h: + Disable -Wstrict-prototypes for sudo_hook_fn_t typedef. + [15d2a1332865] -2019-11-12 Todd C. Miller + * plugins/python/python_plugin_common.c: + Fall back to using Py_Finalize() for Python version < 3.6 + [e7ad63e57c79] - * src/limits.c: - Simplify resource limit fallback logic a bit. - [22d95f175a32] <1.8> +2020-04-06 Robert Manner -2019-11-11 Todd C. Miller + * logsrvd/eventlog.c: + logsrvd/eventlog.c: add a newline after each log message for logfile + output + [457f77b8f3be] - * src/limits.c: - Don't set the RLIMIT_STACK soft/hard limits to unlimited. Use 8Mb - for soft and 64Mb for hard. Works around issues on macOS and docker. - See also Bug #908 - [98fe708cd0f6] <1.8> + * lib/iolog/iolog_fileio.c: + lib/iolog/iolog_fileio.c: do not call fchown on invalid fd - * src/tgetpass.c: - Restore resource limits before executing the askpass program. Linux - with docker seems to have issues executing a program when the stack - size is unlimited. Bug #908 - [fbc2900ec544] <1.8> + Fixes the warning in the log: iolog_write_info_file_json: unable to + fchown 0:0 /var/log/...: Bad file descriptor + [bccdaf007db8] - * src/conversation.c: - Check for replies pointer being NULL just in case. - [71f620a9741f] <1.8> + * logsrvd/iolog_writer.c: + logsrvd/iolog_writer.c: treat runuid, rungid 0 as valid (usually + ==root) + [5a7c447e9619] -2019-11-06 Todd C. Miller +2020-04-05 Todd C. Miller - * plugins/sudoers/env.c: - Do not warn about a missing /etc/environment file on Linux without - PAM. Bug #907 - [bedf54a2775b] <1.8> + * po/eo.mo, po/eo.po, po/sr.mo, po/sr.po: + Updated translations from translationproject.org + [6e47dbfdba2c] -2019-11-05 Todd C. Miller +2020-04-03 Todd C. Miller - * doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/parse.h, - plugins/sudoers/regress/parser/check_fill.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, - plugins/sudoers/testsudoers.c, plugins/sudoers/toke_util.c, - plugins/sudoers/visudo.c: - Transparently handle the "sudo sudoedit" problem. Some admin are - confused about how to give users sudoedit permission and many users - try to run sudoedit via sudo instead of directly. If the user runs - "sudo sudoedit" sudo will now treat it as plain "sudoedit" after - issuing a warning. If the admin has specified a fully-qualified path - for sudoedit in sudoers, sudo will treat it as just "sudoedit" and - match accordingly. In visudo (but not sudo), a fully-qualified path - for sudoedit is now treated as an error. - [e571ee6e950b] <1.8> + * examples/Makefile.in: + Install example sudo_logsrvd.conf file + [c1c6f4c8119d] -2019-11-02 Todd C. Miller + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Make it clear in the sudoers grammar that sudoedit needs file args. + Debian bug #571621 + [b6358b602623] + +2020-04-02 Todd C. Miller + + * NEWS: + Fixed Debian bugs #571621, #596631 and #669687 + [6058c1c46739] + + * doc/sudo.man.in, doc/sudo.mdoc.in, plugins/sudoers/env.c: + Truncate the command args at 4096 chars when formatting + SUDO_COMMAND. We have to limit the length of SUDO_COMMAND to avoid + getting E2BIG from execve(2) for very long argument vectors. The + command's environment also counts against the ARG_MAX limit. Debian + bug #596631 + [ff1fa8e3377f] - * plugins/sudoers/logging.c, src/exec_monitor.c, src/exec_pty.c, - src/tgetpass.c: - Open all pipes using pipe2() with O_CLOEXEC. We no longer depend on - calling closefrom() before exec. - [f13ecdbe4b6d] <1.8> + * plugins/sudoers/auth/pam.c: + Do not try to delete creds we did not set. If pam_setcred() fails + when opening the PAM session, we don't want to call it with + PAM_DELETE_CRED when closing the session. + [c31039431c46] - * src/exec.c, src/tgetpass.c: - Call closefrom() before we change to a non-root UID. This prevents - another process from changing the NOFILE resource limit of the child - process and defeating the closefrom() call. Reported by Joe Vennix - from Apple Information Security. - [7207f993d347] <1.8> +2020-04-01 Todd C. Miller -2019-11-01 Todd C. Miller + * plugins/sudoers/auth/API, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c, + plugins/sudoers/sudoers.h: + Add a force flag to sudo_auth_cleanup() to force immediate cleanup. + This is used for PAM authentication to make sure pam_end() is called + via sudo_auth_cleanup() when the user authenticates successfully but + sudoers denies the command. Debian bug #669687 + [98cb9d98f547] - * doc/sudo.man.in, doc/sudo.mdoc.in: - Reference timestamp_type and timestamp_timeout in sudoers. This - should help users find details on how time stamp files work. - [1d7e880af1a8] <1.8> + * plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c: + Increase the maximum delay for slower systems. Otherwise we may get + a spurious test failure. + [e4c1fffd427c] -2019-10-29 Todd C. Miller + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: + Document when cwd_optional was added. + [165447e1d7fa] - * src/limits.c: - macOS does not allow rlim_cur to be set to RLIM_INFINITY for - RLIMIT_NOFILE. We need to use OPEN_MAX instead as per the macOS - setrlimit manual. Bug #904 - [d8bb162d78e9] <1.8> +2020-03-31 Todd C. Miller -2019-10-28 Todd C. Miller + * NEWS, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + plugins/sudoers/policy.c, src/exec.c, src/sudo.c, src/sudo.h: + Add cwd_optional to command details and enable it in the sudoers + plugin. If cwd_optional is set to true, a failure to set the cwd + will be a warning, not an error, and the command will still run. + Debian bug #598519 + [a6694704d92f] - * .hgtags: - Added tag SUDO_1_8_29 for changeset e36c1e564efa - [e0f35f614a93] <1.8> + * doc/sudo.man.in, doc/sudo.mdoc.in: + The policy close function is responsible for closing the PAM + session. + [db4af211ff75] - * Makefile.in: - Fix ChangeLog generation on a branch. - [e36c1e564efa] [SUDO_1_8_29] <1.8> + * .clang-format: + Config file for clang-format 8.x and higher based on webkit style. + This approximates what I want the sudo coding style to look like. + Only deviations from webkit style are included. + [d3ec3a8401cf] - * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + * src/exec_pty.c: + Don't kill the command just because the loop exited unexpectedly. We + currently have no good way to distinguish between an error executing + the command and an error while the command is running. + + In the future, we should have additional status codes so we can tell + what type of condition caused the loop to exit. + + For now, only kill the command if cstat is left uninitialized. + [9492d60783fe] + +2020-03-29 Todd C. Miller + + * logsrvd/logsrvd.c: + Write process ID as an unsigned int (with a cast). On Solaris, pid_t + may be typedef'd as a long but the actual range is 32 bits at most. + [b9a818d77142] + + * doc/LICENSE: + Add license info for a few other files. These are all ISC licensed + but it is still best to have them all listed in one place. + [dd37dc484ea5] + + * plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po, + plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po, plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, - plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/de.mo, - po/de.po, po/eo.mo, po/eo.po, po/fr.mo, po/fr.po, po/hr.mo, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/ca.mo, + po/ca.po, po/cs.mo, po/cs.po, po/de.mo, po/de.po, po/eo.mo, + po/eo.po, po/fi.mo, po/fi.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/it.mo, po/it.po, po/ja.mo, po/ja.po, po/ko.mo, - po/ko.po, po/pl.mo, po/pl.po, po/pt.mo, po/pt.po, po/pt_BR.mo, - po/pt_BR.po, po/sv.mo, po/sv.po, po/tr.mo, po/tr.po, po/uk.mo, - po/uk.po, po/zh_TW.mo, po/zh_TW.po: + po/ko.po, po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt.mo, + po/pt.po, po/pt_BR.mo, po/pt_BR.po, po/sv.mo, po/sv.po, po/tr.mo, + po/tr.po, po/uk.mo, po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, + po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po: Updated translations from translationproject.org - [cb43f71bd622] <1.8> + [58d62352abff] - * NEWS, config.h.in, configure, configure.ac, doc/sudo.man.in, - doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in, doc/sudoers.man.in, - doc/visudo.man.in, lib/util/Makefile.in, lib/util/getgrouplist.c, - lib/util/regress/atofoo/atofoo_test.c, - plugins/group_file/Makefile.in, plugins/sudoers/Makefile.in, - plugins/sudoers/boottime.c, plugins/sudoers/iolog.c, - plugins/sudoers/logging.c, plugins/sudoers/match.c, - plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, - plugins/sudoers/visudo.c, po/sudo.pot, src/Makefile.in, - src/parse_args.c, src/sudo.c, src/ttyname.c: - Merge sudo 1.8.29 into the 1.8 branch. - [743b37fb1153] <1.8> + * lib/util/getusershell.c, lib/util/host_port.c, lib/util/roundup.c, + logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, + logsrvd/logsrv_util.h, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c, logsrvd/sendlog.c, logsrvd/sendlog.h, + plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h: + Some new source files got created with my old email address. + [ede435f55f5c] + + * .gitignore, .hgignore: + Ignore __pycache__ directories. + [5901cfb35a74] -2019-10-24 Todd C. Miller + * include/sudo_iolog.h, lib/iolog/iolog_util.c, logsrvd/sendlog.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/sudoreplay.c: + iolog_parse_loginfo() now opens the log file itself. + [bf03f505fc94] - * lib/util/strtonum.c: - Avoid invalid read when minval > maxval - [7f1a6f992e4f] + * include/sudo_iolog.h, lib/iolog/Makefile.in, + lib/iolog/iolog_fileio.c, lib/iolog/iolog_util.c, + logsrvd/eventlog.c, logsrvd/iolog_writer.c, logsrvd/logsrvd.h, + logsrvd/sendlog.c, plugins/sudoers/Makefile.in, + plugins/sudoers/iolog.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/sudoreplay.c: + Write an extended I/O info log in JSON format. This will be used by + sudoreplay if it exists to get more information about the command + being replayed. + [5fc89148c214] + + * MANIFEST, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, + include/sudo_iolog.h, lib/iolog/Makefile.in, lib/iolog/iolog_json.c, + lib/iolog/iolog_util.c, plugins/sudoers/sudoreplay.c: + Parse I/O JSON info file in JSON if present. The JSON version + includes more information than the original "log" file in the I/O + log dir. + [269ae210ea34] + + * logsrvd/iolog_writer.c, logsrvd/logsrvd.h: + Store runenv in the I/O log info file too. + [15f90fb3748f] -2019-10-23 Todd C. Miller + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c: + Create files for check_iolog_plugin in the build dir, not src dir. + [bdaea95b47fc] + + * include/sudo_json.h, lib/iolog/iolog_fileio.c, lib/util/json.c, + logsrvd/eventlog.c, logsrvd/iolog_writer.c, logsrvd/logsrvd.h, + plugins/audit_json/audit_json.c: + Do not use JSON_ARRAY with sudo_json_add_value() + [c74b75adb90f] + + * MANIFEST, lib/iolog/Makefile.in, lib/iolog/iolog_json.c, + lib/iolog/iolog_json.h, + lib/iolog/regress/iolog_json/check_iolog_json.c, + lib/iolog/regress/iolog_json/test1.in, + lib/iolog/regress/iolog_json/test2.in, + lib/iolog/regress/iolog_json/test2.out.ok, + lib/iolog/regress/iolog_json/test3.in, lib/util/json.c: + Add tests for the simple json parser. + [9ede5000f4c7] + + * lib/iolog/iolog_json.c: + Simply the JSON parsing code a bit. We can use a single stack for + nested objects and arrays. There is also no need to track the + current object and array separately. This allows us to remove the + array special case when assigning a value. + [4a34e528d9f0] + + * NEWS: + Update NEWS for 1.9.0b5 changes + [bf8db62788d3] + + * logsrvd/logsrvd.c: + sudo_logsrvd now exits with an error if it cannot open any listen + sockets. + [47a22f71e286] + + * configure, doc/sudo_logsrvd.conf.man.in, + doc/sudo_logsrvd.conf.mdoc.in, doc/sudo_logsrvd.man.in, + doc/sudo_logsrvd.mdoc.in, examples/sudo_logsrvd.conf, + logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, + m4/sudo.m4, pathnames.h.in: + Create a pidfile for sudo_logsrvd when not run with the -n flag. + [9f1b8edff6cc] + + * etc/sudo.pp: + Add sudo_logsrvd as a service so it gets started at boot. + [d2ac9eb87dbf] - * NEWS, plugins/sudoers/policy.c, src/sudo.c: - Don't pass an invalid session or process group ID to the plugin. - Fixes a regression in 1.8.28 when there is no terminal session - leader. - [d9c626167b3c] + * plugins/sudoers/po/sudoers.pot: + Update sudoers.pot with json parser warnings. + [2b277f799d2e] -2019-10-21 Todd C. Miller +2020-03-19 Todd C. Miller - * plugins/sudoers/po/sudoers.pot, po/sudo.pot: - regen - [70f4543f177c] + * scripts/mkpkg: + Enable OpenSSL on systems that can support it. + [976370b9d9db] + +2020-03-17 Todd C. Miller + + * config.h.in, configure, configure.ac, logsrvd/logsrvd.c: + Add configure check for SSL_CTX_get0_certificate(). Dummy out + verify_server_cert() if it is not present to allow building on older + OpenSSL versions. Rewriting this to work with old OpenSSL is not + worth the trouble. + [61349d2533fe] + + * lib/iolog/hostcheck.c: + Include stdlib.h for malloc(3) prototype. We shouldn't rely on it to + be implicitly included via OpenSSL headers. + [9f4f7d3d3662] + +2020-03-16 Todd C. Miller + + * plugins/sudoers/policy.c: + Only set errstr for plugin API version 1.15 and above. + [780722091e9f] + +2020-03-14 Todd C. Miller + + * NEWS: + Sudo 1.8.31p1 + [40629e6fd692] * src/limits.c: - Not all systems support RLIMIT_NPROC and RLIMIT_RSS - [26b8e2afe755] + Ignore a failure to restore the RLIMIT_CORE resource limit. Linux + containers don't allow RLIMIT_CORE to be set back to RLIM_INFINITY + if we set the limit to zero, even for root. This is not a problem + outside the container. + [1064b906ca68] - * doc/Makefile.in, examples/Makefile.in, include/Makefile.in, - lib/util/Makefile.in, lib/zlib/Makefile.in, - plugins/group_file/Makefile.in, plugins/sample/Makefile.in, - plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, - src/Makefile.in: - Add depend target to all Makefile.in files. - [0a22d80ef716] +2020-03-12 Todd C. Miller - * NEWS, configure, configure.ac, doc/UPGRADE: - Sudo 1.8.29 - [736c9a5c3720] + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [72ca06a294b4] - * MANIFEST, lib/util/Makefile.in, src/Makefile.in, src/exec.c, - src/limits.c, src/sudo.c, src/sudo.h: - Set resource limits in the sudo process to unlimited. We don't want - sudo to be limited by the caller's resource limits. The original - resource limits are restore before session setup. - [6c3bf214caf0] + * include/sudo_event.h, lib/util/event.c: + Add SUDO_EV_MASK to mask off invalid event values. Now used by + sudo_ev_init() to avoid bogus events. + [10a5d1afa1c9] + +2020-03-11 Todd C. Miller + + * plugins/python/regress/iohelpers.c, + plugins/python/regress/testhelpers.c: + Avoid using sprintf(), vsprintf(), strcat(), and strncat(). It is + less error-prone to use functions with a return value that indicates + when truncation ocurred. + [21938a3b1548] -2019-10-20 Todd C. Miller + * plugins/sudoers/match_digest.c: + Work around two Coverity false positives; CID 208813 208815 + [389bf3749ed2] - * plugins/sudoers/starttime.c, src/ttyname.c: - Older FreeBSD needs sys/param.h included before sys/user.h. From - Darren Tucker - [88c060df0439] + * logsrvd/logsrvd.c: + Fix potential use-after-free; Coverity CID 208814 + [e575532efe35] + + * plugins/python/regress/iohelpers.h, plugins/python/regress/testdata/ + check_example_debugging_c_calls@info.log, plugins/python/regress/tes + tdata/check_example_debugging_plugin@info.log, + plugins/python/regress/testhelpers.c: + Don't hard-code path to logging/__init__.py or line numbers. Allows + python plugin tests to success on versions other than 3.7. + [659d3d3fcb8b] - * include/sudo_util.h, lib/util/getgrouplist.c, lib/util/gidlist.c, - lib/util/regress/strtofoo/strtoid_test.c, lib/util/strtoid.c, - lib/util/util.exp.in, plugins/group_file/getgrent.c, - plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c, - plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/iolog.c, - plugins/sudoers/match.c, plugins/sudoers/policy.c, - plugins/sudoers/pwutil.c, - plugins/sudoers/regress/iolog_path/check_iolog_path.c, - plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, - plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, - plugins/system_group/system_group.c, src/sudo.c: - Rename sudo_strtoid() to sudo_strtoidx() and add simplified - sudo_strtoid() - [94a418cdbae6] + * doc/LICENSE: + Add copyright for the Python bindings. + [cc64df1f85f2] -2019-10-19 Todd C. Miller + * plugins/sudoers/match_command.c: + Fix typo introduced on systems with O_PATH or O_EXEC + [e8fea3eabf99] - * doc/UPGRADE, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, - doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in, - doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in, - doc/visudo.man.in, doc/visudo.mdoc.in, - plugins/sudoers/cvtsudoers_json.c, plugins/sudoers/iolog.c, - plugins/sudoers/ldap.c, plugins/sudoers/policy.c, - plugins/sudoers/pwutil.c, plugins/sudoers/sssd.c, - plugins/sudoers/testsudoers.c, src/exec.c: - Refer to user-ID and group-ID instead of "user ID" and "group ID" - [36d7bd4ab52d] + * NEWS: + Update for sudo 1.9.0 + [39158cb4af26] -2019-10-18 Todd C. Miller + * doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/match.c, plugins/sudoers/match_command.c, + plugins/sudoers/regress/sudoers/test14.in, + plugins/sudoers/regress/sudoers/test14.json.ok, + plugins/sudoers/regress/sudoers/test14.ldif.ok, + plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test14.out.ok, + plugins/sudoers/regress/sudoers/test14.toke.ok, + plugins/sudoers/sudoers_version.h: + Allow the ALL keyword to be specified with a digest list. + [9856ed3cde7f] - * doc/sudoers.man.in, doc/sudoers.mdoc.in: - sudoedit doesn't create a new PAM session so PAM umask does not - apply. - [8ae167d0ae7c] + * doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/ldap_util.c, plugins/sudoers/match.c, + plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c, + plugins/sudoers/parse.h, plugins/sudoers/regress/sudoers/test14.in, + plugins/sudoers/regress/sudoers/test14.json.ok, + plugins/sudoers/regress/sudoers/test14.ldif.ok, + plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test14.out.ok, + plugins/sudoers/regress/sudoers/test14.toke.ok, + plugins/sudoers/sudo_ldap.h: + Allow a list of digests to be specified for a command. + [e0e9ecee870b] - * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.man.in, - doc/sudoers.mdoc.in, include/sudo_plugin.h, - plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, src/exec.c, src/sudo.c, src/sudo.h: - Change how the umask is handled with PAM and login.conf. If the - umask is explicitly set in sudoers, use that value regardless of - what is in PAM or login.conf. If using the default umask from - sudoers, allow PAM or login.conf to override it. Bug #900 - [7c0a835ac512] + * plugins/sudoers/ldap_util.c, plugins/sudoers/parse_ldif.c: + A struct member of type ALL should have its name field set to NULL. + [484b9af004af] -2019-10-17 Todd C. Miller + * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Allow Cmd_Alias in addition to Cmnd_Alias. Some people find using + Cmd_Alias more natural. + [55edb5057091] - * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/audit.c, +2020-03-01 Todd C. Miller + + * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, - plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, - plugins/sudoers/logging.c: - Add log_allowed and log_denied sudoers flags, defaulting to true. - [fb1e188a3d05] + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c: + Add pam_ruser and pam_rhost sudoers flags. + [b1d494440004] - * lib/util/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: - Enable security auditing malloc options for "make check". - [333632dd3134] + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/sendlog.c, + logsrvd/sendlog.h: + Store the event base in the client closure. Explicitly passing the + event base removes the need to set a default base. + [0e4ae8d810f8] -2019-10-16 Todd C. Miller + * plugins/sudoers/iolog.c: + Revert change to initialize io_operations earlier. Instead, check + io_operations.open for NULL which is the case for "sudo -V". Also + move the early return in sudoers_io_open() for "sudo -V" until after + we have initialized debugging. + [0e9e7a99725d] - * doc/sudoers.man.in, doc/sudoers.mdoc.in: - Be more consistent with how we talk about sudoers Defaults settings. - Use "flag" not "option" when referring to boolean flags. Use - "setting" in place of "Defaults setting" in most places. Use "the - foo option" instead of "sudo's foo option" for command line options. - [8058378c4b35] +2020-02-28 Todd C. Miller - * plugins/sudoers/Makefile.in: - No need to check existing sudoers file when installing to DESTDIR - This check can cause problems on systems where /etc/sudoers.d is not - readable. - [2ec01e9fe408] + * plugins/sudoers/iolog.c: + Initialize io_operations earlier. + [ab235d88f8ae] - * lib/util/str2sig.c: - Inclue sudo_util.h to get sudo_strtonum() prototype. - [8b0b4ee28d5f] +2020-02-27 Todd C. Miller - * lib/util/str2sig.c: - strtonum -> sudo_strtonum - [4d2363678583] + * plugins/sudoers/iolog_client.c: + Mark up some remaining TODOs + [847c9328a7b5] - * MANIFEST: - Add split out strtofoo tests. - [0cc598502faf] + * src/conversation.c: + Sudo's -S option should override the SUDO_CONV_PREFER_TTY flag. + [f5737b68c0bf] - * lib/util/strtonum.c: - Make sure we don't go past the end of the string when out of range. - [2b89961c524a] + * plugins/python/pyhelpers.c, plugins/python/python_plugin_policy.c, + plugins/python/sudo_python_module.c: + Use C99 __func__ instead of gcc-specific __PRETTY_FUNCTION__ + [db4f5d7c200e] + +2020-02-27 Robert Manner + + * plugins/python/example_debugging.py, plugins/python/regress/testdata + /check_example_debugging_c_calls@diag.log, plugins/python/regress/te + stdata/check_example_debugging_c_calls@info.log, plugins/python/regr + ess/testdata/check_example_debugging_plugin@err.log, plugins/python/ + regress/testdata/check_example_debugging_plugin@info.log: + plugins/python/regress: add a test and example of using the python + logger + [ed23b3ba375f] + + * MANIFEST, doc/sudo_plugin_python.man.in, + doc/sudo_plugin_python.mdoc.in, plugins/python/Makefile.in, + plugins/python/python_baseplugin.c, + plugins/python/python_convmessage.c, + plugins/python/python_importblocker.c, + plugins/python/python_loghandler.c, + plugins/python/python_plugin_common.c, + plugins/python/sudo_python_module.c, + plugins/python/sudo_python_module.h: + plugins/python/sudo_module: add sudo.LogHandler + + so python log system can be used with sudo logsystem. Loggers use it + by default (the handler is set on the root logger). If that is not + the intent, it can be overridden explicitly. + [45b8902ce188] + +2020-02-26 Todd C. Miller + + * INSTALL, Makefile.in, config.h.in, configure, configure.ac, + lib/iolog/iolog_fileio.c, plugins/sudoers/Makefile.in, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c, + plugins/sudoers/iolog_plugin.h, plugins/sudoers/sudoers.c: + Add --disable-log-server and --disable-log-client configure options. + These can be used to optionally disable building sudo_logsrvd and + support for remote I/O logging in the sudoers plugin respectively. + [bc802e022f22] + +2020-02-26 Robert Manner + + * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in, + plugins/python/python_plugin_common.c, + plugins/python/regress/check_python_examples.c, plugins/python/regre + ss/testdata/check_loading_fails_missing_classname.stderr, plugins/py + thon/regress/testdata/check_loading_succeeds_with_missing_classname. + stdout: + plugins/python: autodetect ClassName field + + If "ClassName" is not specified, load the one and only sudo.Plugin + from the module (if so), otherwise display which plugins are + available from which the system admin can choose. + [b9dbbf1b6e97] + + * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in, + plugins/python/Makefile.in, plugins/python/python_plugin_common.c: + plugins/python/plugin_common: add a default search path for python + plugins + + If the ModulePath is relative, assume it is under + "/usr/local/libexec/sudo/python" or wherever the sudo plugins are in + a "python" subdirectory. + [5f75db882754] + + * plugins/python/regress/check_python_examples.c, plugins/python/regre + ss/testdata/check_example_audit_plugin_version_display.stdout, plugi + ns/python/regress/testdata/check_example_debugging_py_calls@info.log + , plugins/python/regress/testdata/check_example_io_plugin_version_di + splay_full.stdout, plugins/python/regress/testdata/check_example_pol + icy_plugin_version_display_full.stdout, plugins/python/regress/testd + ata/check_multiple_approval_plugin_and_arguments.stdout: + plugins/python/regress: update tests for show_version changes + + - plugin->show_version is not marked NULL any more. + - if verbose, it also displays which python class was loaded from + which file + [e30a1e43e3c2] + + * plugins/python/python_plugin_approval.c, + plugins/python/python_plugin_audit.c, + plugins/python/python_plugin_common.c, + plugins/python/python_plugin_common.h, + plugins/python/python_plugin_io.c, + plugins/python/python_plugin_policy.c: + plugins/python: make show_version display the plugin in verbose mode + + Before it only displayed the plugin version, now it also displays + which python plugin is loaded to be more useful. + [8c94175ead70] + + * plugins/python/python_plugin_approval.c, + plugins/python/python_plugin_common.c: + plugins/python/approval: fix show_version crash when it is not + implemented - * lib/util/regress/strtofoo/strtonum_test.c, lib/util/strtonum.c: - Fix stronum() regress test and the errno value for out of range - numbers. - [3547d022bead] + For approval plugins show_version is not optional. + [61f6b4679d6b] - * lib/util/Makefile.in, lib/util/regress/atofoo/atofoo_test.c, - lib/util/regress/strtofoo/strtobool_test.c, - lib/util/regress/strtofoo/strtoid_test.c, - lib/util/regress/strtofoo/strtomode_test.c, - lib/util/regress/strtofoo/strtonum_test.c: - Split atofoo.c regress into multiple tests. - [75b7547e33bd] +2020-02-24 Todd C. Miller - * .hgtags: - Added tag SUDO_1_8_28p1 for changeset 69d6caf0c3e0 - [11c029ffdad3] <1.8> + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c: + Avoid calling sudoers_policy_exec_setup() on error. We only want to + pass the execution environment back for commands that are accepted + or rejected. Also avoid potentially freeing the wrong pointer when + garbage collection is enabled. + [a3a202e89951] + +2020-02-22 Todd C. Miller + + * logsrvd/eventlog.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c: + Open event log at config time instead of open/close for each entry. + If logging via syslog, do the openlog() at config time instead. We + still lock the log file prior to writing to it but unlock + immediately after. + [3236bd001160] - * NEWS, configure, configure.ac: - Sudo 1.8.28p1 - [69d6caf0c3e0] [SUDO_1_8_28p1] <1.8> + * lib/util/locking.c: + Fix unlocking of an entire file with lockf(). Since lockf() uses the + files's current offset, we need to seek to the start of the file to + unlock the entire file. + [e415af1de6ca] + +2020-02-21 Robert Manner + + * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in: + doc/sudo_plugin_python: add approval plugin to supported plugins + [5034917e6902] - * NEWS, configure, configure.ac: - Sudo 1.8.28p1 - [09ceaddc94f9] +2020-02-20 Todd C. Miller -2019-10-15 Todd C. Miller + * lib/util/util.exp.in: + Add sudo_json_free_v1 to symbol exports file too. + [0a91a2986952] - * plugins/sudoers/parse.c: - The fix for bug #869 broke "sudo -v" when verifypw=all (the default) - [718dc5caf5fd] <1.8> + * lib/util/Makefile.in, logsrvd/Makefile.in, + plugins/sudoers/Makefile.in: + Regenerate dependencies to match the recent JSON changes. + [5da86c77629c] - * plugins/sudoers/parse.c: - The fix for bug #869 broke "sudo -v" when verifypw=all (the default) - [aac35bcd8584] + * plugins/python/python_convmessage.c: + Add missing check for calloc(3) failure. + [589c32ff2cf1] + +2020-02-19 Robert Manner + + * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in: + doc/sudo_plugin_python: document approval plugin and PluginReject + [9e61203dcb8d] + + * plugins/python/sudo_python_module.c: + plugins/python/sudo_python_module.c: remove unused declaration + + We do not use structsequence any more. + [a5570ba5ad8b] + +2020-02-18 Todd C. Miller + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h: + Re-register listeners on SIGHUP. Previously, a config reload would + refresh the listener address list but the changes had no effect on + the actual addresses being listened on. + [c1c0ada6c594] + + * logsrvd/logsrvd.c: + Fix compilation error when not built with OpenSSL support. Adds a + missing #ifdef HAVE_OPENSSL and reorders code to avoid the need for + a static init_tls_server_context() prototype. + [976c469eeb57] + +2020-02-18 Robert Manner + + * plugins/python/python_plugin_common.c: + plugins/python: restore the original python inittab after + interpreter deinit + [b78a5d995de9] + +2020-02-17 Todd C. Miller + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + include/sudo_json.h, lib/util/json.c, logsrvd/eventlog.c: + Add support for JSON structured logging using syslog. Note that + depending on the system, the default syslog buffer may not be large + enough to store all the logging data. + [15a6667b1198] + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + examples/sudo_logsrvd.conf, logsrvd/eventlog.c, + logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c: + Add support for JSON logging in sudo_logsrvd. + [8b013b899e3b] -2019-10-14 Todd C. Miller + * include/sudo_json.h, lib/util/json.c, lib/util/util.exp.in, + plugins/audit_json/audit_json.c, plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/regress/sudoers/test10.json.ok, + plugins/sudoers/regress/sudoers/test9.json.ok: + Rework the JSON API to write to a memory buffer, not a stdio stream. + [ec4e4053e95e] - * include/sudo_compat.h, include/sudo_util.h, lib/util/Makefile.in, - lib/util/closefrom.c, lib/util/getaddrinfo.c, lib/util/strtonum.c, - lib/util/sudo_conf.c, lib/util/ttysize.c, - plugins/sudoers/boottime.c, plugins/sudoers/cvtsudoers.c, - plugins/sudoers/defaults.c, plugins/sudoers/iolog.c, - plugins/sudoers/iolog_util.c, plugins/sudoers/ldap_conf.c, - plugins/sudoers/match_addr.c, plugins/sudoers/policy.c, - plugins/sudoers/regress/logging/check_wrap.c, - plugins/sudoers/regress/parser/check_addr.c, - plugins/sudoers/regress/starttime/check_starttime.c, - src/parse_args.c, src/sesh.c, src/sudo.c, src/ttyname.c: - Use sudo_strtonum() explicitly instead of via a macro. - [f75f786eddd5] + * logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c: + Fix support for reloading the config in sudo_logsrvd. We need to re- + initialize the TLS server context. Also fix a memory leak of the TLS + parameters on reload. + [c4ca45502f3e] + +2020-02-17 Robert Manner + + * plugins/python/pyhelpers.c, plugins/python/pyhelpers.h, + plugins/python/python_plugin_common.c, + plugins/python/regress/check_python_examples.c, plugins/python/regre + ss/testdata/check_example_debugging_load@diag.log, + plugins/python/regress/testhelpers.c: + plugins/python: only deinit interpreters when sudo unlinks the + plugin + + This only happens when sudo unloads the last python plugin. The + reason doing so is because there are some python modules which does + not support importing them again after destroying the interpreter + which has imported them previously. + + Another solution would be to just leak the interpreters (let the + kernel free up), but then there might be some python resources like + open files would not get cleaned up correctly if the plugin is badly + written. + + Tests are meant to test the scenario sudo does, so I have modified + them to generally do not unlink but only a few times (~per plugin + type) so it does not use 48 interpreters (one gets started on every + plugin->open) and it is visible at least which type of plugin fails + deinit if there is an error. + [13cdead652aa] + + * plugins/python/python_plugin_common.c, + plugins/python/sudo_python_debug.c: + plugins/python/debug: adapt debug refcount solution of sudoers + plugin + [dc815e383c39] + +2020-02-16 Todd C. Miller + + * plugins/sudoers/iolog_client.c: + The environment in the accept message is runenv not submitenv. The + I/O logging plugin is passed the environment the command will run + with, not the user's original environment. + [b3e1ee513001] + +2020-02-15 Todd C. Miller + + * include/sudo_compat.h, lib/iolog/iolog_fileio.c, + plugins/audit_json/audit_json.c, src/utmp.c: + Add compatibility define for fseeko(3). This is better than + cluttering up the code with #ifdefs for obsolete systems. + [a9123f768fe0] + +2020-02-14 Todd C. Miller + + * MANIFEST, plugins/sudoers/regress/testsudoers/test8.out.ok, + plugins/sudoers/regress/testsudoers/test8.sh: + Add test for #include directive without a trailing newline. + [dfcfad5c7c41] - * config.h.in, configure, configure.ac, include/sudo_compat.h, - lib/util/Makefile.in, lib/util/strtoid.c, lib/util/strtonum.c, - lib/util/util.exp.in, mkdep.pl: - Always use our own strtonum and implement sudo_strtoid in terms of - it. - [94b1114ef79d] + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Don't require a newline at the end of include or includedir + directives. + [3d6aa5531609] - * plugins/sudoers/pwutil.c: - Use errno in warning when sudo_make_*_item() fails. Previously we - always said "out of memory" if not ENOENT. - [68e5a208c242] +2020-02-14 Robert Manner - * plugins/sudoers/Makefile.in, plugins/sudoers/parse_ldif.c, - plugins/sudoers/regress/cvtsudoers/test26.err.ok, - plugins/sudoers/regress/cvtsudoers/test26.sh: - Reject non-LDIF input when converting from LDIF to sudoers or JSON. - [2d08d4aa0e01] + * plugins/python/regress/testhelpers.c: + plugins/python/regress/testhelpers.c: replace fromisoformat - * .hgtags: - Added tag SUDO_1_8_28 for changeset 3b5377478dfa - [0dadefd5968e] <1.8> + fromisoformat is only supported from python >=3.7 + [86bf6de82376] -2019-10-10 Todd C. Miller +2020-02-13 Robert Manner - * INSTALL, Makefile.in, NEWS, config.h.in, configure, configure.ac, - doc/CONTRIBUTORS, doc/cvtsudoers.cat, doc/sudo.cat, - doc/sudo.conf.cat, doc/sudo.man.in, doc/sudo_plugin.cat, - doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers.ldap.man.in, doc/sudoers.man.in, - doc/sudoers_timestamp.cat, doc/sudoreplay.cat, - doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in, - lib/util/Makefile.in, lib/util/event.c, lib/util/getgrouplist.c, - lib/util/getline.c, mkpkg, plugins/group_file/Makefile.in, - plugins/sudoers/Makefile.in, plugins/sudoers/auth/passwd.c, - plugins/sudoers/auth/secureware.c, plugins/sudoers/boottime.c, - plugins/sudoers/check.c, plugins/sudoers/env.c, - plugins/sudoers/iolog.c, plugins/sudoers/iolog_event.h, - plugins/sudoers/logging.c, plugins/sudoers/match.c, - plugins/sudoers/po/sudoers.pot, plugins/sudoers/redblack.c, - plugins/sudoers/regress/testsudoers/test3.d/root, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, - po/sudo.pot, src/Makefile.in, src/exec_pty.c, src/load_plugins.c, - src/parse_args.c, src/sudo.c, src/ttyname.c: - Merge sudo 1.8.28 from tip into the 1.8 branch. - [3b5377478dfa] [SUDO_1_8_28] <1.8> + * plugins/python/python_plugin_common.h, + plugins/python/sudo_python_module.c: + plugins/python: add missing annotations to help cpychecker + [fd66659bd681] - * plugins/sudoers/po/ca.mo, plugins/sudoers/po/da.mo, - plugins/sudoers/po/el.mo, plugins/sudoers/po/eu.mo, - plugins/sudoers/po/fi.mo, plugins/sudoers/po/fur.mo, - plugins/sudoers/po/hr.mo, plugins/sudoers/po/hu.mo, - plugins/sudoers/po/ko.mo, plugins/sudoers/po/lt.mo, - plugins/sudoers/po/nl.mo, plugins/sudoers/po/ru.mo, - plugins/sudoers/po/sk.mo, plugins/sudoers/po/sl.mo, - plugins/sudoers/po/sr.mo, plugins/sudoers/po/tr.mo, - plugins/sudoers/po/zh_CN.mo, po/ast.mo, po/ca.mo, po/es.mo, - po/eu.mo, po/fi.mo, po/fur.mo, po/gl.mo, po/hr.mo, po/hu.mo, - po/ko.mo, po/nl.mo, po/nn.mo, po/ru.mo, po/sk.mo, po/sl.mo, - po/sr.mo, po/sudo.pot, po/vi.mo, po/zh_CN.mo: - regen - [362645d256b7] + * plugins/python/python_plugin_common.c: + plugins/python/python_plugin_common.c: release py_args in close - * NEWS, lib/util/strtoid.c: - Treat an ID of -1 as invalid since that means "no change". Fixes - CVE-2019-14287. Found by Joe Vennix from Apple Information Security. - [83db8dba09e7] + even if the arguments are not used (eg. when there is no "close" + call in the plugin). - * lib/util/regress/atofoo/atofoo_test.c, - plugins/sudoers/regress/testsudoers/test5.out.ok, - plugins/sudoers/regress/testsudoers/test5.sh: - Add sudo_strtoid() tests for -1 and range errors. Also adjust - testsudoers/test5 which relied upon gid -1 parsing. - [db06a8336c09] + It was not really a memleak, because interpreter is deinitialized + anyway, which frees the object. + [5de8c111d40d] -2019-10-06 Todd C. Miller + * plugins/python/python_plugin_approval.c: + plugins/python/python_plugin_approval: fix negative ref count - * INSTALL, configure, configure.ac: - Back out compiler override for now. - [f03f7fd7ff8b] + The python_plugin_api_rc_call function already decrements the + refcount of py_args. Python avoids the double free, but the error + gets shown if using python debug build. + [4370af5b9092] - * configure, configure.ac: - Only prefer clang over gcc on BSD systems. - [2309baa23a00] +2020-02-12 Robert Manner -2019-10-05 Todd C. Miller + * plugins/python/regress/check_python_examples.c: + plugins/python/regress: still some memleak fix + [c60050b79a5e] - * Makefile.in: - Fix "make pvs-studio" run in a build dir - [a49635de3777] + * plugins/python/python_plugin_audit.c, + plugins/python/python_plugin_common.c, + plugins/python/python_plugin_common.h, + plugins/python/python_plugin_io.c, + plugins/python/python_plugin_policy.c: + plugins/python: make storing errstr more explicit -2019-09-27 Todd C. Miller + The error is always stored in plugin_ctx, but it is only set into + errstr if the API version is enough. (Previously it worked the + opposite: we only stored the error if API level was enough.) + [5b4fa733c876] - * plugins/sudoers/po/sudoers.pot, po/sudo.pot: - regen - [430d45f3b461] + * plugins/python/regress/check_python_examples.c: + plugins/python/regress: strengthen errstr verification - * NEWS: - Bug #898 - [3d07895888e8] + Tests did not catch the issue where errstr was not set correctly, + but its pointer contained the expected data, because the memory + allocator reused the same space for storing the string. - * src/exec.c, src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, - src/selinux.c, src/sudo.c, src/sudo.h: - Fix restoring the file context of the user's tty with SELinux. Also - fix broken tty labeling when running a command in a pty. Includes a - fix for a typo introduced in the last change set. - [eb3f547b08f8] + Now it is either verified to be NULL, or reset to NULL. + [973e52ed3f68] - * lib/util/arc4random.c: - _rs_random_buf is currently unused - [e384fc3625e8] + * plugins/python/regress/check_python_examples.c: + plugins/python/regress: simplify plugin option creation + [628142f39c63] - * src/selinux.c: - Add some debugging around context setting and tty labeling Also be - more extact with error return values - [ed66480282c7] +2020-02-11 Todd C. Miller -2019-09-21 Todd C. Miller + * include/sudo_debug.h, lib/util/sudo_debug.c, lib/util/util.exp.in, + plugins/audit_json/audit_json.c, plugins/python/sudo_python_debug.c, + plugins/sample_approval/sample_approval.c, + plugins/sudoers/sudoers_debug.c: + Move duplicated code to parse plugin debug flags to libsudo_util. + There's no need for four copies of sudo_debug_parse_flags(). + [cfd9d624d8b1] + +2020-02-11 Robert Manner + + * plugins/python/python_plugin_common.c, + plugins/python/sudo_python_module.c, + plugins/python/sudo_python_module.h: + plugins/python/sudo_module: let a reject also supply error message + + Same as sudo.PluginError exception, have a sudo.PluginReject + exception as well. Added common base exception as well. + [e2e36f4778d4] + + * plugins/python/regress/check_python_examples.c, + plugins/python/regress/plugin_approval_test.py, plugins/python/regre + ss/testdata/check_multiple_approval_plugin_and_arguments.stderr, plu + gins/python/regress/testdata/check_multiple_approval_plugin_and_argu + ments.stdout, plugins/python/regress/testhelpers.c, + plugins/python/regress/testhelpers.h: + plugins/python/regress: add tests for approval plugin + [31bd830a36fa] + + * MANIFEST, plugins/python/Makefile.in, + plugins/python/python_plugin_approval.c, + plugins/python/python_plugin_approval_multi.inc, + plugins/python/python_plugin_common.c, + plugins/python/python_plugin_common.h, + plugins/python/sudo_python_module.c: + plugins/python: add python approval plugin wrapper + [489ef35ac957] + + * MANIFEST, plugins/python/Makefile.in, + plugins/python/example_approval_plugin.py: + plugins/python: add python approval plugin example + [4ed865e04c0a] + +2020-02-10 Todd C. Miller + + * MANIFEST, plugins/sudoers/regress/sudoers/test23.in, + plugins/sudoers/regress/sudoers/test23.json.ok, + plugins/sudoers/regress/sudoers/test23.ldif.ok, + plugins/sudoers/regress/sudoers/test23.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test23.out.ok, + plugins/sudoers/regress/sudoers/test23.sudo.ok, + plugins/sudoers/regress/sudoers/test23.toke.ok: + Add regress test for parsing Defaults lists. Currently only + env_check, env_delete, env_keep and log_servers are lists. + [dfda2dec37d3] - * lib/util/sudo_debug.c: - Better error message when debug log file cannot be opened. - [09e0cdff0c49] + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: + Clarify that approval close happens after auditing. Also fix a few + typos. + [8f9fb2f0b5a7] -2019-09-20 Todd C. Miller + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + include/sudo_plugin.h, plugins/sample_approval/sample_approval.c, + src/sudo.c: + Add open and close functions to the approval plugin API. We need a + close function to be able to to free memory allocated for errstr. + Unlike the other plugins, the close function is called immediately + after the plugin's check or show_version function. The plugin does + not remain open until the command completes. + [6611bafc8ace] + + * plugins/audit_json/audit_json.c: + Use unique function names to avoid confusion with front-end + functions. Also add a missing sudo_debug_enter() after debug + registration. + [b127b0997ecb] + + * scripts/log2cl.pl: + Use Text::Wrap instead of perl's built-in format function. This + still breaks log filename incorrectly but is a step in the right + direction. + [2184fe794ecb] + + * Makefile.in, scripts/log2cl.pl: + Avoid changing directory when generating the ChangeLog file. + Instead, pass the repo path to either hg or log2cl.pl + [736e90c9fe6d] - * .hgignore: - Ignore in-tree build directory. - [66577c63f097] +2020-02-10 Robert Manner - * configure, configure.ac: - Set CC before AC_USE_SYSTEM_EXTENSIONS to get our preferred - compiler. - [6a318eeffb30] + * src/sudo.c: + src/sudo.c: call audit plugin close when result is a wait status + [0bfe6bc588a3] -2019-09-19 Todd C. Miller + * Makefile.in: + Makefile.in: fix install target for out of source build - * pp: - Update Polypkg to the latest version from git. - [68bbecc25007] + The scriptdir contained a path relative to where the target was + started. The scripts are called like "$scriptdir/script_name" which + is fine with relative path as well, until the current directory is + not changed. But things like cd $srcdir && $scriptdir/script_name + fails (if building in separate build directory). + [7c0958b47925] + + * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in: + doc/sudo_plugin_python: document python audit plugin support + [2a2f6227bae0] + + * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in: + doc/sudo_plugin_python: document returning error string + [cf32faa3805f] + + * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in: + doc/sudo_plugin_python: update python manual for constant -> enum + changes + [e2cd8737978c] - * configure, configure.ac: - If no mandoc or nroff is present, install mdoc format manuals. If - there is no installed nroff/mandoc they will need to install groff - or heirloom doctools to format the manual pages. - [6dd386c1a378] +2020-02-08 Todd C. Miller -2019-09-18 Todd C. Miller + * lib/iolog/regress/iolog_path/check_iolog_path.c, + lib/util/mksiglist.c, lib/util/mksigname.c, + lib/util/regress/fnmatch/fnm_test.c, + lib/util/regress/getdelim/getdelim_test.c, + lib/util/regress/glob/globtest.c, + lib/util/regress/parse_gids/parse_gids_test.c, + lib/util/regress/progname/progname_test.c, + lib/util/regress/sudo_parseln/parseln_test.c, logsrvd/logsrvd.c, + logsrvd/sendlog.c, plugins/group_file/plugin_test.c, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/logging.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/env_match/check_env_pattern.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/tsdump.c, plugins/sudoers/visudo.c, src/exec.c, + src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, + src/parse_args.c, src/regress/noexec/check_noexec.c: + Use EXIT_SUCCESS and EXIT_FAILURE more consistently. + [1b78154a35f3] - * doc/sudoers.man.in, doc/sudoers.mdoc.in, include/sudo_plugin.h: - Refer to number of terminal lines, not rows, for consistency. - [566e3e38058f] + * src/parse_args.c, src/sudo.c, src/sudo.h: + Mark main sudo usage() function __noreturn__. This splits the usage + printing out into display_usage(). + [400d23c2a6f1] + + * include/sudo_json.h, lib/util/json.c, lib/util/util.exp.in, + plugins/sudoers/cvtsudoers_json.c: + Use json functions from libsudo_util in cvtsudoers. + [c4316ce76fe6] + +2020-02-07 Todd C. Miller + + * plugins/sample_approval/sample_approval.c: + Check localtime() return value; coverity CID 208156 + [e2697b46f7e2] + + * plugins/audit_json/audit_json.c: + Check fseeko() return value; coverity CID 207993 + [3abd610ae63b] + + * logsrvd/sendlog.c, logsrvd/sendlog.h: + Make restart and elapsed members of the closure structs not + pointers. Fixes coverity CID 207992 + [2dbace19cb6a] + + * lib/iolog/iolog_fileio.c: + Check return value of sudo_lock_file(); coverity CID 207991 + [e2862d70dea8] + + * logsrvd/logsrvd.c: + Only keepalive if accept() succeeded; coverity CID 207990 + [0c35e46495a2] + +2020-02-06 Todd C. Miller + + * MANIFEST, Makefile.in, doc/Makefile.in, examples/Makefile.in, + generate_test_coverage.sh, include/Makefile.in, + lib/iolog/Makefile.in, lib/logsrv/Makefile.in, lib/util/Makefile.in, + lib/zlib/Makefile.in, log2cl.pl, logsrvd/Makefile.in, mkdep.pl, + mkinstalldirs, mkpkg, plugins/audit_json/Makefile.in, + plugins/group_file/Makefile.in, plugins/python/Makefile.in, + plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, pp, + scripts/generate_test_coverage.sh, scripts/log2cl.pl, + scripts/mkdep.pl, scripts/mkinstalldirs, scripts/mkpkg, scripts/pp, + src/Makefile.in: + Move some scripts from the top level src dir to a scripts dir. + [0be8e958cbc2] -2019-09-17 Todd C. Miller + * MANIFEST, plugins/sample_approval/Makefile.in, + plugins/sample_approval/sample_approval.c, + plugins/sample_approval/sample_approval.exp: + Add sample approval plugin that simply tests for "business hours" + [8005b14fd0c7] + + * Makefile.in, configure, configure.ac: + Add sample approval plugin that simply tests for "business hours" + [9d7370fea2c3] - * INSTALL, configure, configure.ac: - Prefer clang over gcc. We want to use clang on systems where clang - is the system compiler. It is less common to have clang installed on - systems where gcc is the system compiler. - [d29d764a4938] + * src/load_plugins.c: + Refactor code to alloc and insert a new plugin_container. The only + outlier is the policy plugin which is not part of a list since there + can only be a single policy plugin. + [610c6e01eb0b] + + * plugins/audit_json/audit_json.c: + Tech audit_json about approval plugin accept/reject + [b1e568bacd87] - * INSTALL: - No longer need bypass_last_login on HP-UX, warnings work with clang. - Also add deb package names for pam and ldap devel on Linux. - [6aff480b1f4b] + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + include/sudo_plugin.h, src/load_plugins.c, src/sudo.c, + src/sudo_plugin_int.h: + Add an approval plugin type that runs after the policy plugin. The + basic idea is that the approval plugin adds an additional layer of + policy. There can be multiple approval plugins. + [2b57fac1ad0b] - * src/parse_args.c: - Silence a warning from clang about string concatenation. - [cadba1a4d86d] + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: + plugin documentation fixes: o whitespace cleanup o show_version + doesn't have an errstr argument o document runas_user and + runas_group in command_info[] o add missing .El at before start of + audit section + [73cb9ca71ef7] + +2020-02-06 Robert Manner + + * plugins/python/sudo_python_module.c: + plugins/python/sudo_python_module.c: fix options_as_dict if no equal + sign + + The intented behaviour was that those get skipped, but the + PyList_GetItem sets the interpreter into error state, so python has + raised exception. + [4f99dd186eb9] + + * plugins/python/regress/check_python_examples.c, plugins/python/regre + ss/testdata/check_example_audit_plugin_receives_accept.stdout, plugi + ns/python/regress/testdata/check_example_audit_plugin_receives_error + .stdout, plugins/python/regress/testdata/check_example_audit_plugin_ + receives_reject.stdout, plugins/python/regress/testdata/check_exampl + e_audit_plugin_version_display.stdout, plugins/python/regress/testda + ta/check_example_audit_plugin_workflow_multiple.stderr, plugins/pyth + on/regress/testdata/check_example_audit_plugin_workflow_multiple.std + out: + plugins/python/regress/check_python_examples: add audit_plugin tests + [fcc483a569ff] + + * plugins/python/python_plugin_common.c, + plugins/python/python_plugin_common.h, + plugins/python/python_plugin_io.c, + plugins/python/python_plugin_policy.c: + plugins/python/python_plugin_common: close can get custom arguments + + For the audit plugin. Ensure we do not fail if + plugin_ctx->py_instance is NULL (because plugin init has failed). + [dd1c0be3d8e7] + + * plugins/python/example_group_plugin.py, + plugins/python/example_io_plugin.py, + plugins/python/example_policy_plugin.py, plugins/python/regress/test + data/check_example_io_plugin_fails_with_python_backtrace.stdout: + plugins/python/example_*.py: document returning error string + [ee55ef4a3cb6] + + * plugins/python/example_conversation.py, + plugins/python/example_debugging.py, + plugins/python/example_group_plugin.py, + plugins/python/example_io_plugin.py, + plugins/python/example_policy_plugin.py, plugins/python/regress/test + data/check_example_debugging_c_calls@info.log, plugins/python/regres + s/testdata/check_example_debugging_plugin@info.log, plugins/python/r + egress/testdata/check_example_io_plugin_fails_with_python_backtrace. + stdout: + plugins/python/example*.py: pep8 fixes (mainly line too long) + [56b15859cc9a] + +2020-02-05 Todd C. Miller + + * plugins/audit_json/audit_json.exp: + Exported symbol is audit_json + [a39e9cc1047b] + + * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in: + Silence lint warning. + [fbba7f8dc3ef] -2019-09-14 Todd C. Miller + * plugins/sudoers/policy.c: + Add runas_user and runas_group (if set) to command_info for audit + plugin. Otherwise, the audit plugin has to look up the runas name + and group by user or group ID. + [711731384693] - * NEWS, doc/UPGRADE: - sudoedit umask fix - [4bfc0e393e2a] + * src/tgetpass.c: + Only enable pwfeedback when reading password from /dev/tty. This + effectively disables pwfeedback when the -S or -A options are used. + [71da469aab20] + +2020-02-05 Robert Manner + + * plugins/python/regress/check_python_examples.c: + plugins/python/regress: load/unload module for each testcase + + so they can start from clean state. (My problem was optional + argument tests has destroyed the callbacks.) + [ab90adbb9328] + + * plugins/python/python_plugin_common.c, + plugins/python/python_plugin_common.h, + plugins/python/python_plugin_group.c, + plugins/python/python_plugin_io.c, + plugins/python/python_plugin_policy.c, + plugins/python/sudo_python_module.c, + plugins/python/sudo_python_module.h: + plugins/python: add support for callback errstr arguments + + Plugins can raise a sudo.PluginError exception to add context + message for the failure. + + The callback's errstr gets filled up with the specified message. + But, as sudo expects a string constant (will not free the string), + we store it in the plugin context at least until next callback + invocation. + [240bf4c627f0] + + * plugins/python/regress/check_python_examples.c, + plugins/python/regress/plugin_errorstr.py: + plugins/python/regress: add test for callback error msg return + [44a71a20f94c] + + * plugins/python/python_plugin_io.c, + plugins/python/python_plugin_policy.c: + plugins/python_plugin_io,policy: fix version display in verbose mode + + Unfortunately the test did not catch this mistake, because it only + searches that "Python policy plugin API version" string is present + and does not check the version. + [7da28d01063f] + +2020-02-04 Robert Manner + + * plugins/python/example_conversation.py, + plugins/python/example_debugging.py, + plugins/python/example_group_plugin.py, + plugins/python/example_io_plugin.py, + plugins/python/example_policy_plugin.py, plugins/python/pyhelpers.c, + plugins/python/pyhelpers.h, plugins/python/python_plugin_common.c, p + lugins/python/regress/testdata/check_example_debugging_c_calls@diag. + log, plugins/python/regress/testdata/check_example_debugging_c_calls + @info.log, plugins/python/regress/testdata/check_example_group_plugi + n_is_able_to_debug.log, plugins/python/sudo_python_module.c: + plugins/python/sudo_python_module.c: use IntEnums instead of + constants + + It is a bit more code, but it is more "pythonic" and easier to debug + as the enum values also know their names. + + It is also an API break, eg. sudo.RC_OK becomes sudo.RC.OK as + sudo.RC will be the "type" of the enum, but I guess that is + acceptable before the initial release. + [2a0845428e2b] + +2020-02-03 Robert Manner + + * plugins/python/python_plugin_policy.c: + plugins/python/python_plugin_policy: add missing debug return + [2bf4cc35de9c] + +2020-02-03 Laszlo Orban + + * logsrvd/sendlog.c: + fixed compiler error when sudo is configured without --enable- + openssl + [fb19fb96c41d] + +2020-02-03 Robert Manner + + * MANIFEST, plugins/python/Makefile.in, + plugins/python/python_plugin_audit.c, + plugins/python/python_plugin_audit_multi.inc, + plugins/python/sudo_python_module.c: + plugins/python: add python audit plugin wrapper + [92bf3ccbd35d] + + * MANIFEST, plugins/python/Makefile.in, + plugins/python/example_audit_plugin.py: + plugins/python: add example python audit plugin + [15abd19f6fdb] + +2020-02-02 Todd C. Miller + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_plugin.man.in: + Regenerate .man.in files from .mdoc.in + [6d04628b3bbb] + + * doc/sudo_plugin.mdoc.in: + Update documentation for setbase when the given base is NULL. + [03054c46d322] + + * plugins/sudoers/iolog_client.c, src/sudo.c: + For plugin events, set the sudo event base for setbase(NULL). This + makes it possible for a plugin to change the event base to a local + one and then reset it back to its original value. + [f95ab1a5fd5a] + +2020-02-01 Todd C. Miller + + * plugins/sudoers/iolog_client.c: + Don't display "error in event loop" on loop break reading + ServerHello. We should already have displayed a more useful error + message. Otherwise, we can get two "error in event loop" warnings if + the TLS handshake fails (in addition to other error messages). + [c42b8158ab36] + +2020-01-31 Todd C. Miller + + * plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c, + plugins/sudoers/iolog_plugin.h: + Read ServerHello message synchronously before the command is + executed. Otherwise, the command could be run before the TLS + handshake completes. + [4dab1676ae41] + +2020-01-31 Robert Manner + + * plugins/python/pyhelpers.c, plugins/python/pyhelpers.h, + plugins/python/python_convmessage.c: + plugins/python/pyhelpers: add helpers for attribute handling -2019-09-13 Todd C. Miller + to simplify code a bit. + [c3eb52c88a04] - * lib/util/event.c: - Fix sorting of the time-based event queue. - [f12e5a877c8a] +2020-01-30 Todd C. Miller - * lib/util/event.c: - Support default base in got_exit, got_break, loopexit, loopbreak, - loopcontinue - [da02194b5ba9] + * doc/sudo_plugin.mdoc.in: + Document audit plugin in the sudo_plugin manual. + [e2aab376bae1] + + * include/sudo_plugin.h, plugins/audit_json/audit_json.c, src/sudo.c: + Change audit close arguments to a type and value. That way we can + distinguish between different error types. + [37abbe9f39b5] + + * MANIFEST, Makefile.in, configure, configure.ac, m4/sudo.m4, + pathnames.h.in, plugins/audit_json/Makefile.in, + plugins/audit_json/audit_json.c, plugins/audit_json/audit_json.exp: + Example audit plugin that writes JSON output to a log file. + [295d9d1a1209] + + * plugins/python/python_plugin_io.c, + plugins/python/python_plugin_io_multi.inc, + plugins/python/python_plugin_policy.c, + plugins/python/regress/check_python_examples.c: + Adapt python plugin to new plugin API changes + [974e76db3a3a] -2019-09-11 Todd C. Miller + * plugins/sudoers/audit.c, plugins/sudoers/iolog.c, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/policy.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Pass back a failure or error string to the front end. The + audit_failure() function now stores the failure string. This will + allow an audit plugin to log the reason if the user's request is a + rejected. + [5bb4e000a7ec] - * src/sudo_edit.c: - Create new files with the umask specified in sudoers. - [4d0b6152834b] + * doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, src/exec_pty.c, + src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h, + src/sudo_plugin_int.h: + Define a new plugin type that receives accept and reject messages. + This can be used to implement logging-only plugins. The plugin + functions now take an errstr argument that can be used to return an + error string to be logged on failure or error. + [361aab49325f] -2019-09-05 Todd C. Miller + * MANIFEST, config.h.in, configure, configure.ac, include/sudo_rand.h, + lib/util/arc4random.c, lib/util/arc4random_buf.c: + Add tests for arc4random_buf() and an implementation for those + without. + [e89dabfd5a41] - * plugins/sudoers/parse_ldif.c: - More case-insensitive compare for LDAP attributes and string lists. - Only the ALL keyword should be compared case-sensitive. - [87cd688b2648] + * MANIFEST, include/sudo_util.h, lib/util/Makefile.in, + lib/util/util.exp.in, lib/util/uuid.c: + Add code to generate universally unique identifiers. We create type + 4, variant 1 uuids (random). + [22aff362662e] + + * MANIFEST, include/sudo_json.h, lib/util/Makefile.in, + lib/util/json.c, lib/util/util.exp.in: + Add a simple API for writing JSON records. To be used by the + upcoming JSON audit module. + [734b29194a82] -2019-08-30 Todd C. Miller +2020-01-29 Todd C. Miller - * src/sudo.h: - Enable asserts for Coverity too. - [b830f200a8bd] + * NEWS: + Sudo 1.8.31 changes. + [3d12f4cb4d9f] - * src/parse_args.c, src/sudo.h: - Add asserts() to avoid static analyzer false positives. - [860aca50028d] + * src/tgetpass.c: + Fix a buffer overflow when pwfeedback is enabled and input is a not + a tty. In getln() if the user enters ^U (erase line) and the + write(2) fails, the remaining buffer size is reset but the current + pointer is not. While here, fix an incorrect break for erase when + write(2) fails. Also disable pwfeedback when input is not a tty as + it cannot work. CVE-2019-18634 Credit: Joe Vennix from Apple + Information Security. + [4830bdf1a683] - * plugins/sudoers/gram.c, plugins/sudoers/gram.y: - Plug memory leak on malloc failure. - [1b35743703d4] +2020-01-28 Todd C. Miller - * plugins/sudoers/ldap_util.c: - Plug memory leak on malloc failure. - [c2257637d659] + * plugins/sudoers/sudoers.c: + Fix warning about unresolved host name with "sudo -l -h hostname". + The resolve_host() function returns 0 on success, not bool. + [9af5bb6e4036] -2019-08-29 Todd C. Miller + * configure, configure.ac: + Check for presence of fseeko() regardless of utmp type. + [d0c254ba8311] - * plugins/sudoers/auth/pam.c: - Add sudo_pam_strerror(), like pam_strerror() but never returns NULL. - It also uses strerror(errno) for PAM_SYSTEM_ERR. - [b070d1702112] + * plugins/python/regress/check_python_examples.c: + Fix typo in a test: python_policy->close not python_io->close + [34d8631cc501] - * plugins/sudoers/auth/pam.c: - If pam_start() fails, display the PAM error using pam_strerror(). It - is legal to pass pam_strerror() a NULL handle. - [6403fa1479d8] + * lib/util/getentropy.c: + Allow getentropy.c to compile when MAP_ANON is unavailable. + [d707e07f1a9c] -2019-08-27 Todd C. Miller + * MANIFEST, lib/util/Makefile.in, lib/util/arc4random.c, + lib/util/arc4random.h: + Remove multi-thread support from arc4random. Sudo is not multi- + threaded so we don't need the added complexity. + [77c1795e0aaa] - * doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, - plugins/sudoers/sudoreplay.c: - If the sudoreplay ID option is a fully-qualified path, use it - directly. Previously, one had to use the -d option to override the - I/O log directory. - [9fddb3ffc760] +2020-01-28 Robert Manner - * plugins/sudoers/Makefile.in: - regen - [f70579d2972b] + * plugins/python/sudo_python_module.c: + plugins/sudo_python_module: Fix double free in sudo.options_as_dict + function - * MANIFEST, doc/sudo.conf.man.in.sed: - Add conditional for sesh path in sudo.conf manual. - [93b5c6fcf8f4] + PyArg_ParseTuple sets the py_config_tuple pointer, but it does not + increment the reference count, so by decrementing, we end up freeing + the argument passed in. + [511aeb75a905] -2019-08-26 Todd C. Miller + * plugins/python/example_io_plugin.py, plugins/python/regress/testdata + /check_example_io_plugin_fails_with_python_backtrace.stdout: + plugins/python/example_io_plugin: close the file at destroy - * NEWS: - Bug #895 - [d69984bccd0e] + to avoid warning of debug python build. + [6730352ab2d8] - * plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/dce.c, - plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c, - plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sudo_auth.c, - plugins/sudoers/check.c, plugins/sudoers/sudo_printf.c, - src/conversation.c: - Use the SUDO_CONV_PREFER_TTY flag during authentication. This - prevents the password and PAM prompts from being redirected. Bug - #895 - [546082c674b7] +2020-01-28 Todd C. Miller -2019-08-23 Todd C. Miller + * lib/util/arc4random.h, lib/util/getentropy.c: + Backed out changeset 9dce3ebb2c37 MAP_SGI_ANYADDR cannot be used in + place of MAP_ANON + [b261d200435a] - * mkpkg: - Fix typo that prevented a missing linux audit lib from being - detected. - [b9412151615d] +2020-01-28 Robert Manner -2019-08-20 Todd C. Miller + * plugins/python/Makefile.in, + plugins/python/regress/check_python_examples.c, + plugins/python/regress/testhelpers.c, + plugins/python/regress/testhelpers.h: + plugins/python: memleak fixes in test + + The main problem was that string array objects were constructed + differently: + - if constructed by the test, then the elements were constant + - if constructed by the plugin, then the elements were allocated + + Modified it so that now each array contains allocated strings so + they can be handled similarly. For freeing, I have used the + str_array_free function from the plugin, so I have linked its object + into the test runner. + + Happy path is now free of "definitely lost" memleaks, so the test + can be used for valgrind. + [657ffd948be5] + +2020-01-28 Laszlo Orban + + * logsrvd/sendlog.c, logsrvd/sendlog.h: + Refactor sudo_sendlog in order to be able to send one I/O log + multiple times in parallel (for testing purposes) + [c9afea455ab6] - * plugins/sudoers/sudoreplay.c: - Use fputs(), not printf() for plain strings. - [b102ae1cb6da] +2020-01-27 Todd C. Miller - * NEWS: - Recent fixes. - [8249e98a05c8] + * lib/util/arc4random.h, lib/util/getentropy.c: + Fix compilation on IRIX; Bug #915 IRIX lacks MAP_ANON (and + MAP_ANONYMOUS) but we can use the IRIX-specific flag MAP_SGI_ANYADDR + instead. From Kazuo Kuroi + [9dce3ebb2c37] - * plugins/sudoers/ldap.c: - Add user ID to the search filter when matching sudoUser. We already - support group IDs but the user ID was missing. From - sudo-1.8.23-ldapsearchuidfix.patch in RHEL 7. - [3da7b9f990be] +2020-01-24 Todd C. Miller - * plugins/sudoers/regress/sudoers/test2.json.ok, - plugins/sudoers/regress/sudoers/test2.toke.ok, - plugins/sudoers/toke.c, plugins/sudoers/toke.l: - Fix parsing of double-quoted Defaults bindings that start with % or - +. From sudo-1.8.23-fix-double-quote-parsing-for-Defaults- - values.patch in RHEL 7. - [df613e67ef45] + * plugins/sudoers/check.c: + Fix crash in sudo 1.8.30 when suspending sudo at the password + prompt. The closure pointer in sudo_conv_callback was being filled + in with a struct getpass_closure ** instead of a struct + getpass_closure *. The bug was introduced in the fix for Bug #910; + previously the closure variable was a struct getpass_closure, not a + pointer. Fix from Michael Norton; Bug #914. + [011b6a7663ef] - * src/exec.c: - Restore core dump resource limit before the PAM session module is - run. Otherwise, we may override the limits set by PAM. Bug #894 - [f35441098234] +2020-01-24 Robert Manner -2019-08-19 Todd C. Miller + * plugins/python/pyhelpers.c, plugins/python/pyhelpers.h, + plugins/python/python_plugin_common.c, + plugins/python/python_plugin_common.h, + plugins/python/python_plugin_group.c, + plugins/python/python_plugin_io.c, + plugins/python/python_plugin_policy.c: + plugins/python: use separate python interpreter for each plugin + + On each plugin initialization we create a separate python + interpreter which gets stored in the plugin_ctx. The main + interpreter is stored in py_ctx and is used for creating more + interpreters (if more plugins get loaded) and final python + deinitialization. + + The "traceback" module import and the ImportBlocker initialization + was moved, because it has to happen inside the plugin specific + interpreters. + [eb9308e5eacb] + + * plugins/python/regress/check_python_examples.c, + plugins/python/regress/plugin_conflict.py, plugins/python/regress/te + stdata/check_python_plugins_do_not_affect_each_other.stdout: + plugins/python/regress: add a failing textcase about python plugins + affect each other + + Since python plugins are run inside the same interpreter, they + affect each other's state, which would be better to avoid. + [1628425d608c] + +2020-01-23 Todd C. Miller + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in: + Document new tls_verify setting. + [3e4bc6e4d301] - * lib/util/sig2str.c, lib/util/str2sig.c: - sys_signame on macOS contains lower-cases names - [d7af71311b3d] + * config.h.in, configure, configure.ac: + Use AC_CHECK_DECLS when checking for SSL_CTX_set_min_proto_version + Also use AC_CHECK_FUNCS to check for the other OpenSSL functions + [f3e36090a31e] + +2020-01-23 Robert Manner + + * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in: + doc/sudo_plugin_python: update doc about the multiple I/O plugin + loading + [08e7c479954b] + + * plugins/python/Makefile.in: + plugins/python/Makefile.in: update autogenerated header dependencies + [54c0c7f11046] + + * plugins/python/pyhelpers.c, plugins/python/pyhelpers.h, + plugins/python/python_plugin_common.c, + plugins/python/regress/check_python_examples.c, plugins/python/regre + ss/testdata/check_example_io_plugin_command_log_multiple.stderr, + plugins/python/sudo_python_module.c: + plugins/python/pyhelpers: have a default sudo_printf function + + Adapted the default sudo_printf from sudoers plugin to be able to + print errors before plugin open() gets called. (This is used by the + multiple io plugin loading to display error for too much plugin + load.) + + Since this makes us always have a sudo_log, I have removed the logic + about whether it is available or not. + [fdd4842b3ba2] - * MANIFEST, configure, configure.ac, lib/util/Makefile.in, - lib/util/regress/strsig/strsig_test.c: - Add regress tests for str2sig() and sig2str(). - [fb73303699fb] + * src/load_plugins.c: + src/load_plugins.c: plugins can supply a clone function - * lib/util/str2sig.c: - SIGIOT and SIGABRT are aliases on BSD systems. - [d35f75aba04a] + if they want to support getting loaded multiple times. + [33ff0027f686] - * lib/util/sig2str.c, lib/util/str2sig.c: - Fix handling of real-time signals. - [39066a5eabcb] +2020-01-23 Laszlo Orban -2019-08-16 Todd C. Miller + * examples/sudo_logsrvd.conf, include/log_server.pb-c.h, + lib/logsrv/log_server.pb-c.c, lib/logsrv/log_server.proto, + logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, + plugins/sudoers/iolog_client.c: + logserver option to disable certificate verification on server side + and server authentication on client side + [9b171f3af727] - * NEWS: - ipa_hostname fix - [54245ed09830] +2020-01-22 Todd C. Miller -2019-08-15 Todd C. Miller + * src/load_plugins.c: + Refactor code to allocate and fill struct plugin_container. This + will help avoid duplicate code in the audit and approval plugins. + [8ad9ba987131] + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, examples/sudo_logsrvd.conf: + Document TCP keepalive options in the manual pages. + [7afe9293b503] - * plugins/sudoers/file.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/ldap.c, - plugins/sudoers/match.c, plugins/sudoers/parse.h, - plugins/sudoers/sssd.c: - Fix special handling of ipa_hostname that was lost in sudo 1.8.24. - We now include the long and short hostname in sudo parser container. - [b4f31dbe3109] + * doc/CONTRIBUTORS: + Add proper diacritical to Róbert's name. + [9ca9ea59cdd4] -2019-08-14 Todd C. Miller +2020-01-22 Robert Manner - * plugins/sudoers/iolog_event.h: - Remove unused include file. - [0731078e72b1] + * plugins/python/regress/check_python_examples.c, plugins/python/regre + ss/testdata/check_example_io_plugin_command_log_multiple.stderr, plu + gins/python/regress/testdata/check_example_io_plugin_command_log_mul + tiple.stdout, plugins/python/regress/testdata/check_example_io_plugi + n_command_log_multiple1.stored, plugins/python/regress/testdata/chec + k_example_io_plugin_command_log_multiple2.stored, + plugins/python/regress/testhelpers.c, + plugins/python/regress/testhelpers.h: + plugins/python/regress: add a testcase for multiple io plugin + loading + + to verify 2 python plugins can work next to each other. + [916dd4f44bcf] + +2020-01-22 Laszlo Orban + + * include/log_server.pb-c.h, lib/logsrv/log_server.pb-c.c, + lib/logsrv/log_server.proto, logsrvd/logsrvd.c, logsrvd/sendlog.c, + plugins/sudoers/iolog_client.c: + Rename tls_checkpeer to tls_reqcert in ServerHello message + [b69630f1f5b4] + +2020-01-22 Robert Manner + + * plugins/python/python_baseplugin.c, + plugins/python/python_convmessage.c: + plugins/python: fix return value typo for the error case + [a7088391d8fb] + +2020-01-21 Todd C. Miller + + * etc/sudo.pp, examples/Makefile.in, examples/sudo.conf.in: + Install a default sudo.conf file. + [e2b4613cced9] + + * aclocal.m4, autogen.sh, config.h.in, configure, configure.ac, + include/sudo_compat.h, logsrvd/logsrvd.c, logsrvd/sendlog.c, + plugins/sudoers/iolog_client.c: + Add support for building on OpenSSL 1.0.2. This adds compatibility + defines for some OpenSSL 1.1.x functions. + [17e50378c8ee] + +2020-01-21 Robert Manner + + * plugins/python/python_plugin_io.c, + plugins/python/python_plugin_io_multi.inc: + plugins/python/plugin_io: enable loading of multiple io plugins -2019-08-05 Todd C. Miller + Separate sudo io plugin symbols are created which stores wrapper + functions adding the context of which python plugin the callback is + about. - * NEWS, doc/UPGRADE: - Mention I/O log signal change in NEWS and UPGRADE files. - [ac7969640146] + These sudo io plugin "slots" get generated with macros by the + preprocessor. - * MANIFEST, NEWS, plugins/sudoers/po/ast.mo, - plugins/sudoers/po/ast.po: - Asturian translation for sudoers from translationproject.org. - [4f011f10129e] + This makes sudo support loading multiple python IO plugins like + this: (note the differences in the symbol names) - * mkdep.pl: - Check source dir if source file is not listed in MANIFEST. - Previously, we just used the file name without $(srcdir). - [cd17ca929217] + Plugin python_io python_plugin.so ModulePath=... + ClassName=SudoIOPlugin1 Plugin python_io1 python_plugin.so + ModulePath=... ClassName=SudoIOPlugin2 Plugin python_io2 + python_plugin.so ModulePath=... ClassName=SudoIOPlugin3 + [cb45052d227a] - * MANIFEST, config.h.in, configure, configure.ac, doc/sudoers.man.in, - doc/sudoers.mdoc.in, include/sudo_compat.h, lib/util/Makefile.in, - lib/util/str2sig.c, plugins/sudoers/iolog.c, - plugins/sudoers/iolog_util.c: - Store signal name, not number in I/O log timing file. The "SIG" - prefix is not used so, e.g. SIGTERM -> "TERM". This makes the I/O - log files portable from one system to another. Older I/O log files - with signal numbers can still be replayed. - [5652f831b715] +2020-01-21 Laszlo Orban -2019-07-30 Todd C. Miller + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c, + plugins/sudoers/iolog_plugin.h, plugins/sudoers/policy.c: + sudoers: disable SO_KEEPALIVE socket option based on + log_server_disable_keepalive flag in sudoers + [ad48ee6fbcb7] + + * examples/sudo_logsrvd.conf, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c: + logserver: enable/disable SO_KEEPALIVE socket option based on + tcp_keepalive configuration option in sudo_logsrvd.conf + [c0d919468e95] + +2020-01-20 Todd C. Miller + + * include/hostcheck.h: + No need to export the validate_hostname() symbol. We don't export + symbols in convenience libraries, only installed DSOs. + [f26897793700] + + * lib/iolog/hostcheck.c: + Fix a few pointer signedness warnings on Linux. + [6a4f68430e69] + + * include/sudo_compat.h, lib/iolog/hostcheck.c, logsrvd/logsrvd.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c, + plugins/sudoers/iolog_plugin.h, src/net_ifs.c: + Store the server host name and IP in client_closure_fill(). Also + check for getpeername() and inet_ntop() failure. + [22df6ff5fcaf] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/sendlog.c, + logsrvd/sendlog.h, plugins/sudoers/iolog_client.c, + plugins/sudoers/iolog_plugin.h: + Fix handling of SSL_ERROR_WANT_{READ,WRITE} during normal I/O. If we + get SSL_ERROR_WANT_WRITE during SSL_read(), we need to resume the + SSL_read(), not call SSL_write() as we were doing. Likewise for + SSL_ERROR_WANT_READ received from SSL_write(). This introduces a + flag so we call the proper callback even when the I/O direction + doesn't match the read/write calls. + [7162125ad7b7] - * src/utmp.c: - Disable stringop-truncation false positive warnings on gcc 8. - Strings in struct utmp/utmpx are not guaranteed to be NUL- - terminated. - [644b97bba318] + * lib/util/Makefile.in: + Add siglist.c and signame.c as dependencies for depend target. Fixes + running "make depend" in lib/util dir when siglist.c or signame.c + are not already present. + [9d7aa4107136] - * plugins/group_file/plugin_test.c, src/net_ifs.c: - Replace non-essential strncpy() calls. - [2377cad6e155] + * Makefile.in, doc/Makefile.in, examples/Makefile.in, + include/Makefile.in, lib/iolog/Makefile.in, lib/logsrv/Makefile.in, + lib/util/Makefile.in, lib/zlib/Makefile.in, logsrvd/Makefile.in, + plugins/group_file/Makefile.in, plugins/python/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in: + Add abs_top_srcdir and abs_top_builddir and use them. Configure + provides absolution versions of srcdir, builddir, top_srcdir and + top_builddir. We can use these instead of calling pwd. + [597ba26af997] -2019-07-26 Todd C. Miller +2020-01-20 Robert Manner - * configure, configure.ac: - Revert version back to 1.8.28 - [4e2deb0b4925] + * plugins/python/Makefile.in: + plugins/python/Makefile.in: remove path prefix from examples to make + install target work + [ba31bde08e17] - * lib/util/Makefile.in: - Link util functions being tested directly with the test harness. - Otherwise we may get the version from the installed libsudo_util.so. - [46c833080d13] +2020-01-19 Todd C. Miller -2019-07-23 Todd C. Miller + * lib/iolog/Makefile.in: + Rebuild dependencies after hostcheck.c include changes. + [3a4e808e5038] - * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, - plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, - plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, - plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, - plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, - plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, - plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, - plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, - plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po, - plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, - plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, - plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, - plugins/sudoers/po/vi.mo, plugins/sudoers/po/zh_TW.mo, - plugins/sudoers/po/zh_TW.po, po/cs.mo, po/cs.po, po/da.mo, po/da.po, - po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fr.mo, po/fr.po, - po/it.mo, po/it.po, po/ja.mo, po/ja.po, po/nb.mo, po/nb.po, - po/pl.mo, po/pl.po, po/pt.mo, po/pt.po, po/pt_BR.mo, po/pt_BR.po, - po/sv.mo, po/sv.po, po/tr.mo, po/tr.po, po/uk.mo, po/uk.po, - po/zh_TW.mo, po/zh_TW.po: - Updated translations from translationproject.org - [a5aa41ab05cb] +2020-01-18 Todd C. Miller -2019-07-19 Todd C. Miller + * include/hostcheck.h, lib/iolog/hostcheck.c, logsrvd/logsrvd.c, + plugins/sudoers/iolog_client.c: + Add debugging statements to certificate checks. + [81f813c8c1f1] - * configure, configure.ac, plugins/sudoers/fmtsudoers.c, - plugins/sudoers/parse.c: - Use strftime(3) instead of formatting struct tm by hand. Fixes a - warning on newer versions of gcc. - [4a2fdb51bbe5] + * MANIFEST, lib/iolog/Makefile.in, lib/iolog/hostcheck.c, + plugins/sudoers/iolog.c: + Portability fixes and correct path to hostcheck.h in MANIFEST. + Include sys/socket.h for getpeername(). Link with -lnsl on Solaris + to get inet_pton(). + [060371a21669] + + * lib/iolog/Makefile.in, lib/logsrv/Makefile.in, lib/util/Makefile.in, + lib/zlib/Makefile.in, logsrvd/Makefile.in, + plugins/group_file/Makefile.in, plugins/python/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in: + Using "libtool --clean" to remove regular files is slow. We only + need to use libtool's clean mode to remove files created by libtool. + [510af2b052c6] + +2020-01-17 Todd C. Miller + + * .gitignore, .hgignore: + Add examples/sudo.conf to ignore files. + [9eb86d1b8661] + + * doc/sudo.conf.mdoc.in, examples/sudo.conf.in: + Remove whitespace at the end of the line in example sudo.conf + [88b0ae1f8a18] + + * doc/sudo_plugin_python.mdoc.in: + Fix mdoc lint warnings by removing .Pp before and after .Ss. + [e59218682d7f] + +2020-01-17 Robert Manner + + * plugins/python/regress/check_python_examples.c, + plugins/python/regress/iohelpers.c, + plugins/python/regress/iohelpers.h, + plugins/python/regress/testhelpers.c, + plugins/python/regress/testhelpers.h: + plugins/python/regress: add missing license texts + [b0e4b41b2834] - * doc/sudo.man.in, doc/sudo.mdoc.in: - Update error message when the password cannot be read from the - terminal. - [9b329f92e8a0] +2020-01-16 Todd C. Miller - * NEWS: - Fix for Bug #888 - [d64fc43adfdd] + * logsrvd/logsrvd.c: + Fix TLS accept when SSL_accept() returns SSL_ERROR_WANT_WRITE. We + need to switch from SUDO_EV_READ to SUDO_EV_WRITE for this case. + [71ada9bfa056] + + * logsrvd/sendlog.c, plugins/sudoers/iolog_client.c, + plugins/sudoers/iolog_plugin.h: + Fix TLS connect when SSL_connect returns SSL_ERROR_WANT_READ. We + need to switch from SUDO_EV_WRITE to SUDO_EV_READ for this case. + Also make the tls connect events private to tls_timed_connect() with + their own closure. There is no need to store them in the client + closure. + [afda37d1dd26] + + * logsrvd/iolog_writer.c: + Store submit time in struct iolog_info. Fixes missing time stamp in + remote I/O log info file. + [dcd1dfa00646] - * plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c: - If the command in sudoers does not exist on the file system, match - by name. We still want to match the command even if it doesn't exist - so that the NOPASSWD flag on sudoers entries with non-existant paths - works as expected. Bug #888. - [0879054870be] + * src/sudo_edit.c: + Treat EROFS (like EACCES) as a non-fatal error in dir_is_writable(). + Fixes sudoedit on macOS 10.15 and above where the root file system + is mounted read-only. See https://support.apple.com/en-us/HT210650. + From Dan Villiom Podlaski Christiansen. Bug #913 + [cc636a1af1b6] - * NEWS, doc/TROUBLESHOOTING, po/sudo.pot, src/tgetpass.c: - More verbose error message when a password is required and no - terminal is present. Bug #828. - [f15ffeffff32] +2020-01-15 Todd C. Miller - * plugins/sudoers/po/sudoers.pot, po/sudo.pot: - regen - [8e0fdf8e4cd5] + * lib/util/event.c, plugins/sudoers/iolog_client.c: + Really fix flushing of data in client_close(). Now that we call + fmt_exit_message() from client_close() we do not need to try to + determine whether the read or write events were pending in the old + base. + + We can't tell anyway because the active flag in the event was + cleared when the old sudo event base was destroyed. It is correct to + enable both the read and write events after formatting the + ExitMessage. + [c59e77060c37] + + * plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c, + plugins/sudoers/iolog_path_escapes.c: + Use SUDOERS_DEBUG_* not SUDO_DEBUG_* in debug_decl() for the sudoers + plugin. + [2d0c049e689e] - * doc/sudoers.man.in, doc/sudoers.mdoc.in: - Document that PAM session modules are now run with the silent flag. - [b67b769a0532] + * src/sudo.c, src/sudo_plugin_int.h: + Wrap calls to plugin event callbacks to use the plugin's debug + instance. Otherwise, the debug output in a plugin's event callback + will go to the sudo debug file, not sudoers. + [02e227cfc715] + + * lib/util/regress/strsig/strsig_test.c: + FreeBSD is missing SIGLWP (aka SIGTHR) in sys_signame[]. Don't test + SIGLWP on FreeBSD where it is reserved for the thread library and is + not listed in sys_signame[]. + [95cbafc79b4d] -2019-07-14 Todd C. Miller + * configure, configure.ac: + We want to use DT_RUNPATH in preference to DT_RPATH in ELF binaries. + Otherwise, LD_LIBRARY_PATH does not work when running the tests. The + GNU linker's --enable-new-dtags can be used to do this. We don't do + this on NetBSD where RPATH already supports LD_LIBRARY_PATH. + [2c6c9a348d81] + +2020-01-15 Laszlo Orban + + * plugins/sudoers/Makefile.in, plugins/sudoers/iolog_client.c: + do server identity validation in iolog plugin + [b1bec55bbed6] + + * logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/logsrvd.h: + do client identity validation in logserver + [e415409dfe0b] + + * MANIFEST, include/hostcheck.h, lib/iolog/Makefile.in, + lib/iolog/hostcheck.c: + implement host validation for the audit server SSL certificates + [7f48e57bece2] - * plugins/sudoers/sudoers.c: - Simpler change to retry sudo_secure_file() as root as needed. - [feb0c2309366] +2020-01-14 Todd C. Miller - * plugins/sudoers/sudoers.c: - If we are unable to stat() sudoers as non-root, try again as root. - By default, sudo relies soley on group permissions to read sudoers - to make it possible to store sudoers on NFS. However, if - /etc/sudoers is not accessible to non-root uids for some reason, - sudo will fail. Bug #880. - [6a50adb25f2e] + * plugins/sudoers/sudoers_debug.c: + Fix reference counting when both sudoers policy and I/O log are + loaded. If both sudoers policy and I/O log plugins are loaded, + debug_files will be empty when the I/O plugin is initialized. This + changes the logic to always increase the reference count if the + instance is valid. + [18adfeb3727b] -2019-07-12 Todd C. Miller + * src/load_plugins.c: + Fix handling of duplicate policy and I/O plugins. The warning + message said the later I/O plugin was ignored but it actually + overwrote the existing one instead. The first registered plugin of + the same name now is used, as was intended. Specifying more than one + policy plugin is no longer a fatal error; this allows the admin to + fix the situation. + [dde476072346] + +2020-01-14 Robert Manner + + * aclocal.m4, configure, configure.ac, + plugins/python/regress/check_python_examples.c, + plugins/python/regress/testhelpers.c, + plugins/python/regress/testhelpers.h, + plugins/python/sudo_python_debug.h: + plugins/python: various portability improvements + [d6aa5e2585ef] + + * plugins/python/example_conversation.py, + plugins/python/example_io_plugin.py, plugins/python/regress/testdata + /check_example_conversation_plugin_reason_log_with_suspend.stdout, p + lugins/python/regress/testdata/check_example_io_plugin_command_log.s + tored, plugins/python/regress/testdata/check_example_io_plugin_fails + _with_python_backtrace.stdout: + plugins/python/example_{io,conversation}: avoid printing signal + number + + They are platform dependant, so their test would fail on some + platforms. While we could create separate plugin for the tests, I + like the idea that the examples are ensured to be working. + + I believe this is a good compromise for being able to auto update + the test cases. + [7b46d305e7d9] + + * plugins/python/Makefile.in, + plugins/python/regress/check_python_examples.c: + plugins/python/regress: load the python plugin dynamically - * doc/sudoers.man.in, doc/sudoers.mdoc.in: - Clarify that ttyin contains raw terminal input. - [eea9d33f85bd] + instead of linking with it. + [084c61e7d565] -2019-07-11 Todd C. Miller +2020-01-11 Todd C. Miller - * doc/sudoers.man.in, doc/sudoers.mdoc.in: - Expand the description of the I/O log files. - [f15cefc9bbd8] + * src/sudo_edit.c: + For sudoedit_checkdir consider a user-owner directory to be + writable. The non-faccessat() code already did this so this just + brings the faccessat() path into alignment. Bug #912 + [91a1a9c0ba40] - * doc/sudo.conf.mdoc.in: - Remove trailing whitespace. - [421e9f481c1d] +2020-01-10 Todd C. Miller -2019-07-03 Todd C. Miller + * doc/CONTRIBUTORS: + Add newline before list of artwork authors. + [1be0fe5f7d7a] - * configure, configure.ac, doc/sudo.conf.man.in, - doc/sudo.conf.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/group_file/Makefile.in, plugins/sample/Makefile.in, - plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in: - Rename PLUGINDIR -> plugindir - [75cc43534ee1] + * doc/LICENSE: + Update copyright year. + [f4ef4c1990af] - * configure, configure.ac: - Use $libexecdir in default settings used by the documentation. The - web and pdf pages will substitute /usr/local/libexec for - $noexec_file. Also do substitution of variables using exec_prefix - even if we don't use them in the Makefile since the documentation - may reference them. - [b7a37b03b6db] +2020-01-10 Robert Manner - * doc/Makefile.in, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: - Add conditional for sesh path in sudo.conf manual. - [ec1f8f559bad] + * plugins/python/example_policy_plugin.py: + plugins/python/example_policy_plugin.py: extend user env changing + example - * configure, configure.ac: - Update plugindir even when --disable-shared is specified. Otherwise, - the default value is substituted into the Makefiles and - documentation which may not match --prefix. Bug #886 - [0f6c9a4af739] + Make the demonstration extend the environment with a new variable. + Easier to read, and makes the testing able to check for that it is + working. + [77c09cc38298] -2019-06-25 Todd C. Miller + * generate_test_coverage.sh: + generate_test_coverage.sh: example script to ease test coverage + generation - * include/sudo_util.h, lib/util/fatal.c, lib/util/inet_ntop.c, - lib/util/regress/vsyslog/vsyslog_test.c, lib/util/sudo_debug.c, - plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c, - plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, - plugins/sudoers/ldap_conf.c, plugins/sudoers/logging.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, - plugins/sudoers/timestamp.c, src/load_plugins.c, src/net_ifs.c, - src/sudo.c: - Add ssizeof macro that returns ssize_t. We can use this instead of - casting the result of size_t to int. Also change checks for - snprintf() returning <=0 to <0. - [da4a95a5d8ec] + Uses lcov and genhtml to generate test coverage. It is meant to be + run in a clean directory. Extra configure options can be added as + script arguments. -2019-06-21 Todd C. Miller + Example execution: - * doc/TROUBLESHOOTING, doc/sudoers.man.in, doc/sudoers.mdoc.in: - sudoedit should be used for editing files instead of "sudo editor" - That way the user's editor config files are used by the editor. - [24bb1e6326ee] + mkdir build cd build ../generate_test_coverage.sh --enable-python + [a52c480639aa] - * doc/TROUBLESHOOTING: - Move the section on HOME to be after the environment section. Also - strongly discourage the disabling of env_reset. - [7a41bddf5fde] +2020-01-09 Todd C. Miller -2019-06-20 Todd C. Miller + * plugins/sudoers/logging.c: + Remove MAXSYSLOGTRIES, it is no longer used. + [dbd274fd8330] - * doc/TROUBLESHOOTING: - Remove the Solaris last login question, add one about HOME. The PAM - session is opened with PAM_SILENT so last login info is not printed. - It is dangerous to preserve HOME from the user's environment. - [99be2cd98556] +2020-01-09 Robert Manner - * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Use the term pseudo-terminal more consistently. - [129a0d2e5a33] + * plugins/python/python_plugin_common.c, + plugins/python/python_plugin_policy.c: + plugins/python/python_plugin_policy: fix validate() call - * doc/sudoers.man.in, doc/sudoers.mdoc.in: - Document why HOME should not be preserved from the user's - environment. Text was adapted from what is already present in the - UPGRADE file. Also mark set_home and always_set_home as obsolete. - [3cddca2f78de] + When calling validate() python function, TypeError exception was + thrown ("argument list must be a tuple"), because the call does not + have arguments, and python does not accept empty tuple for + execution. NULL must be used instead, which was handled as argument + construction failure previously. + [5ac3c2acee9b] - * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: - Refer to command line options, not flags. - [5caa383e1f9b] + * plugins/python/example_policy_plugin.py: + plugins/python/example_policy_plugin.py: make allowed_commands + ordered - * NEWS: - sync - [fd7e952e3e43] + Storing them as "tuple" instead of "set", so they have a fix order. + This makes the output of the list() example stable. ("set" is + printed out in random order) + [470ccf46a088] - * doc/TROUBLESHOOTING: - sudo will now prompt for a password as long as /dev/tty is - available. - [a4241d432e63] + * plugins/python/example_io_plugin.py, + plugins/python/example_policy_plugin.py, + plugins/python/python_plugin_common.c, + plugins/python/python_plugin_io.c, + plugins/python/python_plugin_policy.c: + plugins/python: fix confusing version display - * MANIFEST, configure, configure.ac, doc/Makefile.in, - doc/cvtsudoers.cat, doc/sudo.cat, doc/sudo.conf.cat, - doc/sudo_plugin.cat, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers_timestamp.cat, doc/sudoreplay.cat, doc/visudo.cat: - Remove .cat pages, there is no need for them in the modern world. - Sudo only shipped .cat pages for Irix, which lacked nroff. Irix is - long dead and there are multiple open source nroff options. - [b7a48dc22bdb] + IO/Group/Policy Python API version is displayed instead of sudo + version, because that is not very meaningful in this context. - * INSTALL, configure.ac, doc/sudoers.cat, doc/visudo.cat: - Make env_editor the default. It is already the default in the - package script. - [a4f0c46ef5d6] + They are only displayed in verbose mode. - * INSTALL, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: - Don't describe env_editor as a security hole. Users that are able to - edit sudoers can grant themselves permissions so the fact that - visudo runs the editor as root is not a security issue. - [627f0a96ccc9] + Example plugins express it more concrete that they are displaying + their version, not the API version. + [af9d969231a9] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: - Fix details of how EDITOR, VISUAL and SUDO_EDITOR are (or are not) - preserved. The description in the editor option was incorrect and - didn't mention env_keep. Reported by Sander Bos - [1b498d610672] +2020-01-08 Robert Manner - * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: - Modern visudo locks the actual sudoers file, not the sudoers.tmp - file. Refer to sudoers.tmp as a temporary file, not a lock file. - Reported by Sander Bos - [3a449f316304] + * plugins/python/example_conversation.py: + plugins/python/example_conversation.py: make log path configurable -2019-06-19 Todd C. Miller + Similarly to IO plugin example. (It is easier to test it this way.) + [6526a842ee21] - * plugins/sudoers/sudoers.c: - In tty_present(), check for /dev/tty if sudo was unable to get the - tty name. For requiretty it is enough to check that /dev/tty is - available. If sudo can't get the tty from the kernel (missing - /proc?) that is OK. - [2102ffa0fa7e] +2020-01-07 Todd C. Miller - * src/tgetpass.c: - Don't refuse to use the tty unless /dev/tty is unavailable. We don't - care whether sudo was able to get the tty name from the kernel. All - that really matters is whether we are able to disable echo as - needed. - [a3376277883f] + * src/sudo.c: + Iterate over io_plugins list in the iolog_* wrappers. Moving the + iteration into the wrapper functions simplifies the calling code. + [1e803fb8fd1f] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Use of "they" was ambiguous. - [a39f42aa21ca] + * src/sudo.c: + policy_plugin is global, no need to pass it to policy_* functions. + [676c85f87b3c] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Better description of secure_path. The secure_path option affects - the resolution of unqualified commands as well as the environment - that commands run with. - [e0534efa8271] + * configure, configure.ac: + If --enable-openssl or --enable-gcrypt is given a path, append to + LDFLAGS. Previously we appended the path to SUDOERS_LDFLAGS but now + that we use OpenSSL in the log server, LDFLAGS is the correct one to + use. + [8b30cffe500f] * doc/CONTRIBUTORS: - Add Sander Bos - [75f6f90c2f24] + Add Robert Manner + [fe8bb27dcff3] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Fix a few typos and awkward wording. Use the singular "they" instead - of he/she. Add back missing text in description of variables - starting with (). Based on changes from Sander Bos. - [d6b5068ae2ca] +2020-01-07 Robert Manner -2019-06-15 Todd C. Miller + * plugins/python/example_io_plugin.py: + plugins/python/example_io_plugin.py: fix backtrace during destructor - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Clarify which environment variables are set based on the target - user. - [1e6ac7e5ef32] + If the plugin fails to open the file for writing, constructor will + raise an exception and exit before creating the "_log" member + variable. So the destructor will also raise a backtrace. (Which + python ignores, but dumps out to stderr.) + [09cfa2edb38c] + + * plugins/python/python_plugin_common.c: + plugins/python/python_plugin_common: raise debug level for module + import + [b261d22e3c2e] + + * plugins/python/regress/testdata/check_example_conversation_plugin_re + ason_log_with_suspend.conversation, plugins/python/regress/testdata/ + check_example_conversation_plugin_reason_log_with_suspend.stderr, pl + ugins/python/regress/testdata/check_example_conversation_plugin_reas + on_log_with_suspend.stdout, plugins/python/regress/testdata/check_ex + ample_conversation_plugin_reason_log_with_suspend.stored, plugins/py + thon/regress/testdata/check_example_conversation_plugin_reason_log_w + ithout_suspend.conversation, plugins/python/regress/testdata/check_e + xample_conversation_plugin_reason_log_without_suspend.stderr, plugin + s/python/regress/testdata/check_example_conversation_plugin_reason_l + og_without_suspend.stdout, plugins/python/regress/testdata/check_exa + mple_conversation_plugin_reason_log_without_suspend.stored, plugins/ + python/regress/testdata/check_example_conversation_plugin_user_inter + rupts.conv, plugins/python/regress/testdata/check_example_conversati + on_plugin_user_interrupts.conversation, plugins/python/regress/testd + ata/check_example_conversation_plugin_user_interrupts.stderr, plugin + s/python/regress/testdata/check_example_conversation_plugin_user_int + errupts.stdout, plugins/python/regress/testdata/check_example_debugg + ing_c_calls@diag.log, plugins/python/regress/testdata/check_example_ + debugging_c_calls@info.log, plugins/python/regress/testdata/check_ex + ample_debugging_load@diag.log, plugins/python/regress/testdata/check + _example_debugging_plugin@err.log, plugins/python/regress/testdata/c + heck_example_debugging_plugin@info.log, plugins/python/regress/testd + ata/check_example_debugging_py_calls@diag.log, plugins/python/regres + s/testdata/check_example_debugging_py_calls@info.log, plugins/python + /regress/testdata/check_example_debugging_sudo_cb@info.log, plugins/ + python/regress/testdata/check_example_group_plugin_is_able_to_debug. + log, plugins/python/regress/testdata/check_example_io_plugin_command + _log.stderr, plugins/python/regress/testdata/check_example_io_plugin + _command_log.stdout, plugins/python/regress/testdata/check_example_i + o_plugin_command_log.stored, plugins/python/regress/testdata/check_e + xample_io_plugin_failed_to_start_command.stderr, plugins/python/regr + ess/testdata/check_example_io_plugin_failed_to_start_command.stdout, + plugins/python/regress/testdata/check_example_io_plugin_failed_to_st + art_command.stored, plugins/python/regress/testdata/check_example_io + _plugin_fails_with_python_backtrace.stderr, plugins/python/regress/t + estdata/check_example_io_plugin_fails_with_python_backtrace.stdout, + p + lugins/python/regress/testdata/check_example_io_plugin_version_displ + ay.stderr, plugins/python/regress/testdata/check_example_io_plugin_v + ersion_display.stdout, plugins/python/regress/testdata/check_example + _io_plugin_version_display.stored, plugins/python/regress/testdata/c + heck_example_policy_plugin_accepted_execution.stderr, plugins/python + /regress/testdata/check_example_policy_plugin_accepted_execution.std + out, plugins/python/regress/testdata/check_example_policy_plugin_den + ied_execution.stderr, plugins/python/regress/testdata/check_example_ + policy_plugin_denied_execution.stdout, plugins/python/regress/testda + ta/check_example_policy_plugin_failed_execution.stderr, plugins/pyth + on/regress/testdata/check_example_policy_plugin_failed_execution.std + out, plugins/python/regress/testdata/check_example_policy_plugin_lis + t.stderr, plugins/python/regress/testdata/check_example_policy_plugi + n_list.stdout, plugins/python/regress/testdata/check_example_policy_ + plugin_validate_invalidate.log, plugins/python/regress/testdata/chec + k_example_policy_plugin_version_display.stderr, plugins/python/regre + ss/testdata/check_example_policy_plugin_version_display.stdout, plug + ins/python/regress/testdata/check_loading_fails_missing_classname.st + derr, plugins/python/regress/testdata/check_loading_fails_missing_cl + assname.stdout, plugins/python/regress/testdata/check_loading_fails_ + missing_path.stderr, plugins/python/regress/testdata/check_loading_f + ails_missing_path.stdout, plugins/python/regress/testdata/check_load + ing_fails_not_owned_by_root.stderr, plugins/python/regress/testdata/ + check_loading_fails_not_owned_by_root.stdout, plugins/python/regress + /testdata/check_loading_fails_wrong_classname.stderr, plugins/python + /regress/testdata/check_loading_fails_wrong_classname.stdout, plugin + s/python/regress/testdata/check_loading_fails_wrong_path.stderr, plu + gins/python/regress/testdata/check_loading_fails_wrong_path.stdout: + plugins/python/regress/testdata: generated data for the pyplugin + tests + [cec6c9036644] + + * plugins/python/example_debugging.py: + plugins/python/example_debugging: fix typo in comment + [38de8ea0b0e9] + +2020-01-06 Laszlo Orban + + * plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c, + plugins/sudoers/iolog_plugin.h: + save a pointer to the currently connected audit server in the + closure object + [f1c14c43ab40] -2019-06-10 Todd C. Miller +2020-01-05 Todd C. Miller - * lib/util/Makefile.in: - libsudo_util depends on LT_DEP_LIBS even when building a static lib - [232370d6af88] + * plugins/sudoers/timestamp.c: + Sanity check size when converting the first record to TS_LOCKEXCL + Coverity CID 206591 + [5b94873c4051] + + * include/sudo_iolog.h, lib/iolog/iolog_fileio.c: + Fix coverity CID 206586. Potential use after free calling + gzstrerror() after gzclose(). + [4bcba58004c8] - * aclocal.m4, config.h.in, configure, configure.ac, - lib/util/arc4random.c: - Solaris getentropy() requires that sys/random.h be included. - [f1ec0a7290a6] + * plugins/sudoers/cvtsudoers.c: + Use canonical pattern when freeing a tail queue. Avoids some + coverity false positives when using TAILQ_FOREACH_SAFE to free the + tail queue. + [9019d7ad9958] + +2020-01-03 Robert Manner + + * MANIFEST, plugins/python/Makefile.in, + plugins/python/regress/check_python_examples.c, + plugins/python/regress/iohelpers.c, + plugins/python/regress/iohelpers.h, + plugins/python/regress/testdata/sudo.conf.developer_mode, + plugins/python/regress/testdata/sudo.conf.normal_mode, + plugins/python/regress/testhelpers.c, + plugins/python/regress/testhelpers.h: + plugins/python/regress: adds tests for python plugin feature and + examples + [7ab4daed9558] + +2020-01-03 Todd C. Miller + + * plugins/sudoers/iolog_client.c: + Avoid potential NULL deref in tls_timed_connect() error path. + Coverity CID 206396 + [730687307b24] + + * logsrvd/sendlog.c: + Check for sudo_ev_add() failure; Coverity CID 206395 206397 + [7008560eac95] + +2020-01-02 Todd C. Miller + + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, examples/sudo.conf.in: + Update sample sudo.conf with all supported settings. The deprecated + "max_groups" setting is not documented. + [e17f7bf95578] -2019-05-29 Todd C. Miller + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, examples/sudo.conf.in, + lib/util/regress/sudo_conf/test1.in, + lib/util/regress/sudo_parseln/test1.in: + Remove POD-style C<> markup (typewriter font) from sudo.conf + [b69d4743c860] + + * MANIFEST, configure, configure.ac, examples/Makefile.in, + examples/sudo.conf, examples/sudo.conf.in: + Substitute plugin dir into examples/sudo.conf + [8c481a21c098] - * plugins/sudoers/parse.c: - Use the runhost for "User foo is not allowed to run sudo on bar." - Otherwise, if the -h option is specified sudo will print the local - host name instead of the host specified via -h. - [8e6836ff952c] +2020-01-02 Robert Manner -2019-05-28 Todd C. Miller + * plugins/sudoers/sudoers_debug.c: + plugins/sudoers/sudoers_debug.c: fix harmless debug deregistration + warning - * doc/TROUBLESHOOTING: - Document that "no tty present and no askpass program specified" may - happen when /proc is not accessible. - [b551c47e55aa] + If the debug sudoers subsystem is not registered, because it does + not get any file names to deal with (TAILQ_EMPTY(debug_files)), + deregistration of the subsystem outputs a warning: -2019-05-27 Todd C. Miller + sudo: sudo_debug_deregister_v1: invalid instance ID -1, max -1 - * doc/CONTRIBUTORS: - Add Sangamesh Mallayya and Michael Spradling - [73b3acddc973] + This patch prevents that by only increasing the refcount if the + debug_instance was registered successfully. + [939042599498] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, src/parse_args.c, - src/sudo.h, src/tgetpass.c: - Add -B option to ring the bell before the password prompt. - [b2181b069809] + * plugins/python/Makefile.in: + plugins/python/Makefile.in: fix the install path of examples - * plugins/sudoers/auth/aix_auth.c: - Allow the user to change their password if expired on AIX. Bug #883 - [b1def2572198] + Examples are installed by default to "docdir", which refers to + PACKAGE_TARNAME variable which was empty for the python plugin + Makefile.in -2019-05-26 Todd C. Miller + So the examples were installed to '.../share/doc/examples' instead + of '.../share/doc/sudo/examples'. This also made them be skipped + from the package. - * plugins/sudoers/auth/aix_auth.c: - When using AIX auth, don't display the AIX password incorrect - message. Avoids a "3004-300 You entered an invalid login name or - password" message in addition to sudo's own "Sorry, try again" - message. - [ee606cfc3c8c] + Also the install target now depends on install-doc so the examples + gets installed also (similarly as other examples). + [e4c07404a3fc] -2019-05-24 Todd C. Miller + * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in: + doc/sudo_plugin_python: indent code examples for easier readability + [c91ee22bfc83] - * mkpkg: - AIX packages were not being build with optimization enabled. - [41563464b897] + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + doc/sudo.conf: document developer_mode option + [127215dca183] -2019-05-22 Todd C. Miller +2019-12-31 Todd C. Miller - * plugins/sudoers/parse.c, plugins/sudoers/parse.h: - Fix a typo. - [6cd3fdc40b13] + * doc/UPGRADE: + fix typo in previous + [3031418fba2b] - * mkpkg: - Support using macOS SDKs from - /Library/Developer/CommandLineTools/SDKs - [98399af73e06] + * Makefile.in: + In update-pot match *.c not *c. + [77a1139fef99] -2019-05-16 Todd C. Miller + * NEWS, doc/UPGRADE: + Changes in sudo 1.8.30 + [dfaac62074f4] - * lib/util/term.c: - It is safe to assume _POSIX_VDISABLE is defined. The old compat - defines were to support pre-termios systems. - [82153896cede] +2019-12-26 Todd C. Miller -2019-05-06 Todd C. Miller + * Makefile.in: + Add check for up to date def_data.[ch] in check-dist target. + [ffaf150e76a5] - * plugins/sudoers/auth/pam.c: - Remove second catopen() which is never called. - [8a3db9d71297] +2019-12-25 Todd C. Miller -2019-05-01 Todd C. Miller + * src/limits.c: + Use 64-bit resource limits on AIX. + [b8b76c47c8a7] - * doc/TROUBLESHOOTING: - Sudo's conversation functions now filters out the last login - information. - [ac21b18ba6bf] + * src/limits.c: + When restoring old resource limits, try to recover if we receive + EINVAL. On NetBSD, setrlimit(2) can return EINVAL if the new soft + limit is lower than the current resource usage. This can be a + problem when restoring the old stack limit if sudo has raised it. + [50bdbdbea1b7] -2019-04-29 Todd C. Miller + * src/limits.c: + Sudo doesn't require such a large stack. + [f93eb9e0c105] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c, - plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, - plugins/sudoers/defaults.c: - Add pam_acct_mgmt setting to enable/disable PAM account validation. - [ec657af6eeb8] + * plugins/sudoers/Makefile.in: + Restore check for readable /etc/sudoers in pre-install target. If + there is no installed sudoers there is nothing to check... + [99e65bc54052] - * doc/cvtsudoers.cat, doc/sudo.cat, doc/sudo.conf.cat, - doc/sudo_plugin.cat, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers_timestamp.cat, doc/sudoreplay.cat, doc/visudo.cat: - regen - [d39b0636806f] + * config.h.in, configure, configure.ac: + Enable OpenBSD extensions on NetBSD to get reallocarray(3) + prototype. + [e303dca0c1cb] - * NEWS, configure, configure.ac: - Sudo 1.8.28 - [dd02af1b71e1] + * include/sudo_event.h: + Add forward declaration of struct timeval for deprecated APIs. + [e41bdbbbc067] - * Makefile.in, configure.ac, doc/Makefile.in, doc/cvtsudoers.man.in, - doc/cvtsudoers.mdoc.in, doc/fixman.sh, doc/sudo.conf.man.in, - doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, - doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, - doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, - doc/sudoers.man.in, doc/sudoers.mdoc.in, - doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in, - doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.man.in, - doc/visudo.mdoc.in, examples/Makefile.in, include/Makefile.in, - include/compat/charclass.h, include/compat/endian.h, - include/compat/fnmatch.h, include/compat/getopt.h, - include/compat/glob.h, include/compat/nss_dbdefs.h, - include/compat/sha2.h, include/sudo_compat.h, include/sudo_conf.h, - include/sudo_debug.h, include/sudo_digest.h, include/sudo_dso.h, - include/sudo_event.h, include/sudo_fatal.h, include/sudo_gettext.h, - include/sudo_lbuf.h, include/sudo_plugin.h, include/sudo_queue.h, - include/sudo_rand.h, include/sudo_util.h, lib/util/Makefile.in, - lib/util/aix.c, lib/util/arc4random.c, lib/util/arc4random.h, - lib/util/arc4random_uniform.c, lib/util/closefrom.c, + * lib/util/sig2str.c, lib/util/str2sig.c: + Fix compilation on systems with SIGRTMIN/SIGRTMAX but not + _SC_RTSIG_MAX. + [8e40c62e00f8] + + * include/sudo_compat.h: + Older systems may not support WCONTINUED. + [730bede52ff0] + + * plugins/sudoers/logging.c: + Support systems that have nl_langinfo(3) but not the CODESET define. + Fixes compilation on old NetBSD versions. + [03e7cff93172] + + * plugins/sudoers/starttime.c: + Fix a typo; HAVE_KINFO_PROC2_NETBSD not HAVE_KINFO_PROC2_NETBSD2 + [0c46a062f888] + +2019-12-23 Todd C. Miller + + * MANIFEST, Makefile.in, configure, configure.ac, + etc/init.d/aix.sh.in, etc/init.d/hpux.sh.in, + etc/init.d/sudo.conf.in, etc/sudo.pp, init.d/aix.sh.in, + init.d/hpux.sh.in, init.d/sudo.conf.in, src/Makefile.in, sudo.pp: + Move init.d and sudo.pp to the etc dir. + [81c9cbbc8ea9] + + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/cfmakeraw.c: + Add cfmakeraw() for systems without it. + [48f48eaf2a68] + + * MANIFEST: + Remove indent.pro from MANIFEST + [2b6a24282b8c] + + * .gitignore, .hgignore: + Add uncrustify.files to ignore file. + [056b0df738a9] + + * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in: + Substitute @prefix@ in for the example paths. We can't use + @exampledir@ here since it contains Makefile variables. + [1744e2bcc813] + +2019-12-22 Todd C. Miller + + * include/sudo_debug.h, lib/iolog/iolog_fileio.c, + lib/iolog/iolog_path.c, lib/iolog/iolog_util.c, lib/util/aix.c, lib/util/digest.c, lib/util/digest_gcrypt.c, lib/util/digest_openssl.c, lib/util/event.c, lib/util/event_poll.c, - lib/util/event_select.c, lib/util/fatal.c, lib/util/fnmatch.c, - lib/util/getcwd.c, lib/util/getdelim.c, lib/util/getentropy.c, - lib/util/getgrouplist.c, lib/util/gethostname.c, - lib/util/getopt_long.c, lib/util/gettime.c, lib/util/gidlist.c, - lib/util/glob.c, lib/util/inet_ntop.c, lib/util/inet_pton.c, - lib/util/isblank.c, lib/util/key_val.c, lib/util/lbuf.c, - lib/util/locking.c, lib/util/memrchr.c, lib/util/memset_s.c, - lib/util/mksiglist.c, lib/util/mksigname.c, lib/util/mktemp.c, - lib/util/nanosleep.c, lib/util/parseln.c, lib/util/pipe2.c, - lib/util/progname.c, lib/util/pw_dup.c, lib/util/reallocarray.c, - lib/util/regress/atofoo/atofoo_test.c, - lib/util/regress/getdelim/getdelim_test.c, - lib/util/regress/getgrouplist/getgrouplist_test.c, - lib/util/regress/parse_gids/parse_gids_test.c, - lib/util/regress/progname/progname_test.c, - lib/util/regress/strsplit/strsplit_test.c, - lib/util/regress/sudo_conf/conf_test.c, - lib/util/regress/sudo_parseln/parseln_test.c, - lib/util/regress/tailq/hltq_test.c, - lib/util/regress/vsyslog/vsyslog_test.c, lib/util/secure_path.c, - lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c, - lib/util/snprintf.c, lib/util/strlcat.c, lib/util/strlcpy.c, - lib/util/strndup.c, lib/util/strnlen.c, lib/util/strsignal.c, + lib/util/event_select.c, lib/util/gettime.c, + lib/util/getusershell.c, lib/util/gidlist.c, lib/util/host_port.c, + lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c, + lib/util/logfac.c, lib/util/logpri.c, lib/util/mkdir_parents.c, + lib/util/parseln.c, lib/util/secure_path.c, lib/util/setgroups.c, lib/util/strsplit.c, lib/util/strtobool.c, lib/util/strtoid.c, - lib/util/strtomode.c, lib/util/strtonum.c, lib/util/sudo_conf.c, - lib/util/sudo_debug.c, lib/util/sudo_dso.c, lib/util/term.c, - lib/util/ttyname_dev.c, lib/util/ttysize.c, lib/util/utimens.c, - lib/util/vsyslog.c, lib/zlib/Makefile.in, log2cl.pl, m4/sudo.m4, - mkdep.pl, mkpkg, pathnames.h.in, plugins/group_file/Makefile.in, - plugins/group_file/getgrent.c, plugins/group_file/group_file.c, - plugins/group_file/plugin_test.c, plugins/sample/Makefile.in, - plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in, - plugins/sudoers/alias.c, plugins/sudoers/audit.c, - plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, - plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, - plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, - plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, - plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, - plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, - plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, + lib/util/strtomode.c, lib/util/sudo_conf.c, lib/util/term.c, + lib/util/ttyname_dev.c, lib/util/ttysize.c, logsrvd/eventlog.c, + logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, logsrvd/logsrvd.c, + logsrvd/logsrvd_conf.c, logsrvd/sendlog.c, + plugins/python/python_plugin_common.c, + plugins/python/sudo_python_debug.c, plugins/sudoers/alias.c, + plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/base64.c, plugins/sudoers/boottime.c, - plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h, - plugins/sudoers/check.c, plugins/sudoers/check.h, - plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, - plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c, plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c, - plugins/sudoers/defaults.h, plugins/sudoers/digestname.c, - plugins/sudoers/editor.c, plugins/sudoers/env.c, - plugins/sudoers/env_pattern.c, plugins/sudoers/file.c, - plugins/sudoers/filedigest.c, plugins/sudoers/find_path.c, - plugins/sudoers/fmtsudoers.c, plugins/sudoers/gc.c, - plugins/sudoers/gentime.c, plugins/sudoers/getspwuid.c, - plugins/sudoers/gmtoff.c, plugins/sudoers/goodpath.c, + plugins/sudoers/digestname.c, plugins/sudoers/editor.c, + plugins/sudoers/env.c, plugins/sudoers/env_pattern.c, + plugins/sudoers/file.c, plugins/sudoers/filedigest.c, + plugins/sudoers/find_path.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/gc.c, plugins/sudoers/gentime.c, + plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, plugins/sudoers/hexchar.c, - plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h, - plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h, - plugins/sudoers/ins_python.h, plugins/sudoers/insults.h, - plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, - plugins/sudoers/iolog.c, plugins/sudoers/iolog.h, - plugins/sudoers/iolog_event.h, plugins/sudoers/iolog_files.h, - plugins/sudoers/iolog_path.c, plugins/sudoers/iolog_util.c, - plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c, - plugins/sudoers/ldap_util.c, plugins/sudoers/linux_audit.c, - plugins/sudoers/linux_audit.h, plugins/sudoers/locale.c, - plugins/sudoers/logging.c, plugins/sudoers/logging.h, - plugins/sudoers/logwrap.c, plugins/sudoers/match.c, - plugins/sudoers/match_addr.c, plugins/sudoers/match_command.c, - plugins/sudoers/match_digest.c, plugins/sudoers/mkdir_parents.c, - plugins/sudoers/parse.c, plugins/sudoers/parse.h, - plugins/sudoers/parse_ldif.c, plugins/sudoers/policy.c, - plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, - plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c, - plugins/sudoers/rcstr.c, plugins/sudoers/redblack.c, - plugins/sudoers/redblack.h, - plugins/sudoers/regress/check_symbols/check_symbols.c, - plugins/sudoers/regress/env_match/check_env_pattern.c, - plugins/sudoers/regress/iolog_path/check_iolog_path.c, - plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, - plugins/sudoers/regress/iolog_util/check_iolog_util.c, - plugins/sudoers/regress/logging/check_wrap.c, - plugins/sudoers/regress/parser/check_addr.c, - plugins/sudoers/regress/parser/check_base64.c, - plugins/sudoers/regress/parser/check_digest.c, - plugins/sudoers/regress/parser/check_fill.c, - plugins/sudoers/regress/parser/check_gentime.c, - plugins/sudoers/regress/parser/check_hexchar.c, - plugins/sudoers/regress/starttime/check_starttime.c, - plugins/sudoers/set_perms.c, plugins/sudoers/solaris_audit.c, - plugins/sudoers/solaris_audit.h, plugins/sudoers/sssd.c, + plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_client.c, + plugins/sudoers/iolog_path_escapes.c, plugins/sudoers/ldap.c, + plugins/sudoers/ldap_conf.c, plugins/sudoers/ldap_util.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, + plugins/sudoers/logging.c, plugins/sudoers/logwrap.c, + plugins/sudoers/match.c, plugins/sudoers/match_addr.c, + plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c, + plugins/sudoers/parse.c, plugins/sudoers/parse_ldif.c, + plugins/sudoers/policy.c, plugins/sudoers/prompt.c, + plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/rcstr.c, plugins/sudoers/redblack.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, plugins/sudoers/starttime.c, plugins/sudoers/strlist.c, - plugins/sudoers/strlist.h, plugins/sudoers/stubs.c, - plugins/sudoers/sudo_ldap.h, plugins/sudoers/sudo_ldap_conf.h, - plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h, - plugins/sudoers/sudo_printf.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_debug.c, - plugins/sudoers/sudoers_debug.h, plugins/sudoers/sudoers_version.h, + plugins/sudoers/stubs.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/timeout.c, plugins/sudoers/timestamp.c, - plugins/sudoers/timestr.c, plugins/sudoers/toke.c, - plugins/sudoers/toke.h, plugins/sudoers/toke.l, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c, - plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h, - plugins/sudoers/visudo.c, plugins/system_group/Makefile.in, - plugins/system_group/system_group.c, src/Makefile.in, - src/conversation.c, src/env_hooks.c, src/exec.c, src/exec_common.c, - src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, src/get_pty.c, - src/hooks.c, src/load_plugins.c, src/net_ifs.c, src/openbsd.c, - src/parse_args.c, src/preload.c, src/preserve_fds.c, - src/regress/noexec/check_noexec.c, - src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c, - src/signal.c, src/solaris.c, src/sudo.c, src/sudo.h, - src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c, - src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tcsetpgrp_nobg.c, - src/tgetpass.c, src/ttyname.c, src/utmp.c: - Add SPDX-License-Identifier to files. - [db66decfad24] + plugins/sudoers/visudo.c, src/exec.c, src/exec_common.c, + src/exec_nopty.c, src/exec_pty.c, src/get_pty.c, src/hooks.c, + src/limits.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c, + src/preserve_fds.c, src/selinux.c, src/sesh.c, src/signal.c, + src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c, + src/ttyname.c, src/utmp.c: + debug_decl and debug_decl_vars now require a semicolon at the end. + [c05890653007] -2019-04-28 Todd C. Miller +2019-12-21 Todd C. Miller - * plugins/sudoers/auth/pam.c: - Filter out last login messages on HP-UX unless running a shell. HP- - UX in trusted mode will display last login messages as part of the - PAM account management module by libpam_comsec. There is no way to - suppress these messages from the PAM configuration in trusted mode - so we need to filter them in the conversation function. In regular - mode, similar (but different) messages may be produced by - libpam_hpsec. - [5bbb02c69b46] + * MANIFEST, doc/Makefile.in, doc/sudo_plugin_python.man.in, + doc/sudo_plugin_python.mdoc.in: + Add sudo_plugin_python manual page. Based on markdown docs from + Robert Manner. + [65f2af21832d] -2019-04-26 Todd C. Miller +2019-12-18 Todd C. Miller - * lib/util/closefrom.c: - FreeBSD's /dev/fd only contains fds 0-2 unless fdescfs is mounted. - In practice this doesn't matter since FreeBSD >= 8 has a native - closefrom - [bbeeb52550f1] + * plugins/sudoers/sudoers.c, src/limits.c: + Output the name of the limit when warning about setrlimit or + getrlimit. From Kimmo Suominen. + [92ed66b5cc1f] -2019-04-20 Todd C. Miller +2019-12-14 Todd C. Miller - * plugins/sudoers/logging.c: - Keep debug fds open in send_mail() to aid in debugging. Adds - closefrom_nodebug() which acts like closefrom(3) but doesn't close - debug fds for use by send_mail(). Also moves the code to exec the - mailer to its own function. - [b1892425667a] + * aclocal.m4, config.h.in, configure: + regen + [81961af46679] -2019-04-19 Todd C. Miller + * MANIFEST: + Add python module files to MANIFEST + [f223a19117bb] - * plugins/sudoers/defaults.c: - Set def_mailerflags even if sendmail was not found at configure - time. Fixes a NULL dereference when mailerpath is set but - mailerflags is not. Bug #878 - [6c57f5ddca54] + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: + Update SUDO_CONV_REPL_MAX in docs. + [120970879b36] -2019-04-08 Todd C. Miller + * Makefile.in: + Remove uncrustify.files in clean target + [ba843b8f2e80] - * MANIFEST, config.h.in, configure, configure.ac, - include/sudo_compat.h, lib/util/Makefile.in, lib/util/getdelim.c, - lib/util/getline.c, lib/util/parseln.c, - lib/util/regress/getdelim/getdelim_test.c, mkdep.pl, - plugins/sudoers/auth/aix_auth.c, plugins/sudoers/boottime.c, - plugins/sudoers/iolog_util.c, plugins/sudoers/ldap_conf.c, - plugins/sudoers/parse_ldif.c, plugins/sudoers/sssd.c: - Add a proper getdelim(3) replacement and use it instead of - getline(3). - [2e06e45ffbd6] +2019-12-13 Todd C. Miller - * plugins/sudoers/auth/pam.c: - Restrict the PAM_TTY kludge to Solaris and Linux-PAM. Setting - PAM_TTY to the empty string causes problems with some modules on HP- - UX so restrict it to systems where it is fixes known issues. - [d61f4e20dc67] + * Makefile.in, etc/uncrustify-small.cfg, etc/uncrustify.cfg, + indent.pro: + Add uncrustify config file for new sudo code style. + [7c3b3f733134] -2019-03-18 Todd C. Miller + * include/sudo_plugin.h: + Bump SUDO_CONV_REPL_MAX from 255 to 1023 + [9127fb27eb55] - * lib/util/getgrouplist.c: - Fix the counting of supplementary groups on AIX. We should not - assume that basegid will be present in the list of gids returned by - getgrset(). - [6b5fa2805840] + * lib/util/digest_gcrypt.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/secureware.c: + Minor style cleanups. Remove extraneous break after return + statement. Convert two old K&R function declarations. + [19f8b7a3d2d1] -2019-03-14 Todd C. Miller +2019-12-11 Todd C. Miller - * plugins/sudoers/pwutil.c: - Plug a memory leak on user/group lookup failure found by ASAN. - [aff673f310d0] + * src/selinux.c: + Save/restore the raw form of the file context in case mctrans is not + available. + [786a04ba33ab] -2019-03-08 Todd C. Miller +2019-12-10 Robert Manner - * MANIFEST, plugins/sudoers/regress/testsudoers/test3.d/root, - plugins/sudoers/regress/testsudoers/test3.sh: - Fix test failure when run by a user other than the file owner. - [c41ea7cfedf8] + * plugins/python/python_plugin_common.c: + plugins/python: make group plugin able to debug - * MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, - plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, - plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/da.mo, - po/da.po, po/eo.mo, po/eo.po, po/es.mo, po/es.po, po/zh_TW.mo, - po/zh_TW.po: - Updated translations from translationproject.org - [484d7b28bdd6] + It does not get the debug settings, so it looks them up through + sudo_conf. + [fe4dbf8345b6] - * MANIFEST, plugins/sudoers/regress/cvtsudoers/test1.sh, - plugins/sudoers/regress/cvtsudoers/test10.sh, - plugins/sudoers/regress/cvtsudoers/test11.sh, - plugins/sudoers/regress/cvtsudoers/test12.sh, - plugins/sudoers/regress/cvtsudoers/test13.sh, - plugins/sudoers/regress/cvtsudoers/test14.sh, - plugins/sudoers/regress/cvtsudoers/test15.sh, - plugins/sudoers/regress/cvtsudoers/test16.sh, - plugins/sudoers/regress/cvtsudoers/test17.sh, - plugins/sudoers/regress/cvtsudoers/test18.sh, - plugins/sudoers/regress/cvtsudoers/test19.sh, - plugins/sudoers/regress/cvtsudoers/test2.sh, - plugins/sudoers/regress/cvtsudoers/test20.sh, - plugins/sudoers/regress/cvtsudoers/test21.sh, - plugins/sudoers/regress/cvtsudoers/test22.sh, - plugins/sudoers/regress/cvtsudoers/test23.sh, - plugins/sudoers/regress/cvtsudoers/test24.sh, - plugins/sudoers/regress/cvtsudoers/test25.sh, - plugins/sudoers/regress/cvtsudoers/test26.err.ok, - plugins/sudoers/regress/cvtsudoers/test26.out.ok, - plugins/sudoers/regress/cvtsudoers/test26.sh, - plugins/sudoers/regress/cvtsudoers/test27.sh, - plugins/sudoers/regress/cvtsudoers/test28.sh, - plugins/sudoers/regress/cvtsudoers/test29.sh, - plugins/sudoers/regress/cvtsudoers/test3.sh, - plugins/sudoers/regress/cvtsudoers/test30.sh, - plugins/sudoers/regress/cvtsudoers/test31.sh, - plugins/sudoers/regress/cvtsudoers/test32.err.ok, - plugins/sudoers/regress/cvtsudoers/test32.out.ok, - plugins/sudoers/regress/cvtsudoers/test32.sh, - plugins/sudoers/regress/cvtsudoers/test33.sh, - plugins/sudoers/regress/cvtsudoers/test4.sh, - plugins/sudoers/regress/cvtsudoers/test5.sh, - plugins/sudoers/regress/cvtsudoers/test6.sh, - plugins/sudoers/regress/cvtsudoers/test7.sh, - plugins/sudoers/regress/cvtsudoers/test8.sh, - plugins/sudoers/regress/cvtsudoers/test9.sh: - Test cvtsudoers stdout and stderr separately. Fixes a test failure - on systems with musl libc. Bug #873 - [e82a381f4f3d] + * include/sudo_conf.h, lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_conf/test1.in, + lib/util/regress/sudo_conf/test1.out.ok, + lib/util/regress/sudo_conf/test2.out.ok, + lib/util/regress/sudo_conf/test3.out.ok, + lib/util/regress/sudo_conf/test4.out.ok, + lib/util/regress/sudo_conf/test5.out.ok, + lib/util/regress/sudo_conf/test6.out.ok, + lib/util/regress/sudo_conf/test7.out.ok, + lib/util/regress/sudo_conf/test8.err.ok, + lib/util/regress/sudo_conf/test8.in, + lib/util/regress/sudo_conf/test8.out.ok, lib/util/sudo_conf.c, + lib/util/util.exp.in, plugins/sudoers/group_plugin.c, + src/load_plugins.c: + src/load_plugins, plugins/sudoers: added developer_mode sudo.conf + option -2019-03-06 Todd C. Miller + It can be used to disable the enforcement that a plugin (shared + object or an imported python module) must be owned by root and not + modifiable by others. This can make plugin development easier. + [a9f86943d30c] - * plugins/sudoers/starttime.c, src/ttyname.c: - Better comment about EOVERFLOW and pstat_getproc(). Also remove some - useless casts. - [09a915110812] +2019-12-09 Todd C. Miller - * lib/util/closefrom.c: - Ignore EOVERFLOW from pstat_getproc(), it is not a fatal error. It - just means that one of the fields in pstat lacks the precision to - store a value. That's not an issue for pst_highestfd. - [bb7ed18e360b] + * MANIFEST, config.h.in, configure, configure.ac, doc/sudoers.man.in, + doc/sudoers.mdoc.in, include/sudo_compat.h, lib/util/Makefile.in, + lib/util/getusershell.c, mkdep.pl, plugins/sudoers/check.c, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add runas_check_shell flag to require a runas user to have a valid + shell. Not enabled by default. + [9e7936e0ccfe] - * sudo.pp: - update copyright year - [cff8184aeb11] + * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c: + Add a new flag "allow_unknown_runas_id" to control matching of + unknown IDs. Previous, sudo would always allow unknown user or group + IDs if the sudoers entry permitted it. This included the "ALL" + alias. With this change, the admin must explicitly enable support + for unknown IDs. + [ebdbb5c7f60b] -2019-03-05 Todd C. Miller +2019-12-07 Todd C. Miller - * src/load_plugins.c: - Fix error message when a fully-qualified plugin path does not exist. - [318f7511c9bc] + * lib/util/term.c: + Use cfmakeraw() in sudo_term_raw() instead of doing it manually. + [b8ff5f81399f] -2019-03-04 Todd C. Miller + * plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c, + plugins/sudoers/iolog_plugin.h: + Fix event loop called via I/O log close function. We need to set + events that were pending in the old base in the new one. Fixes + sending the final I/O log data and the ExitMessage to the server. + [dcba4ce2196c] + + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + include/sudo_plugin.h, src/sudo.c: + Replace timeleft with pending in sudo plugin event API. + [5f49af23af38] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Fix unescaped '\' and remove an extra '[' in the definition of - digest. - [9ea1a400ebc9] + * plugins/sudoers/sudoreplay.c: + Use sudo_ev_pending() instead of the deprecated sudo_ev_timeleft(). + [c6cce5275f1e] -2019-03-03 Todd C. Miller + * include/sudo_event.h, lib/util/event.c, lib/util/util.exp.in: + Add sudo_ev_pending(), used to check whether an event is pending. + [edcea66bda32] - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: - Ignore carriage return before a linefeed. This allows sudo to parse - files with DOS-style line endings. - [65882b63a84d] + * plugins/sudoers/Makefile.in: + Add TLS libs when linking check_iolog_plugin + [d84a5f5c6bc1] -2019-02-26 Todd C. Miller +2019-12-06 Todd C. Miller - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in: - For sssd, the nsswitch.conf setting should be "sss" not "sssd". From - Johnathan Smith. - [5c07130d1bbc] + * plugins/sudoers/iolog_client.c: + Remove extraneous newlines in some sudo_warnx() calls. + [d3dbf0f93372] -2019-02-20 Todd C. Miller + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document log_server_cabundle, log_server_peer_cert and + log_server_peer_key + [edea4d048221] - * plugins/sudoers/env.c, plugins/sudoers/sudoers.h: - Add simple API for to allow reading environment data from different - sources. Currently, this is used to read a file like - /etc/environment. - [ce9161899719] + * Merge pull request #16 from laczau/master -2019-02-19 Todd C. Miller + Proper handling of certificate chain file + [44939e511321] - * plugins/sudoers/sudoers.c: - Fix pasto; the unrestricted env file was read when we want the - restricted one. - [23b0b3c473db] +2019-12-06 Laszlo Orban - * plugins/sudoers/cvtsudoers.c, plugins/sudoers/defaults.h, - plugins/sudoers/parse.h, plugins/sudoers/strlist.c, src/sudo.h: - Be sure to include sudo_queue.h where needed instead of relying on - other headers. - [fe9418a9b378] + * logsrvd/logsrvd.c: + cert files can contain the full chain of trust, so load all certs in + every case for verification + [ca26bb970ef5] -2019-02-18 Todd C. Miller +2019-12-05 Todd C. Miller - * lib/util/util.exp.in: - Only export sudo_arc4random_uniform() if arc4random_uniform() is - missing. - [e32a7243976d] - - * lib/util/regress/vsyslog/vsyslog_test.c: - Quiet a warning on gcc 8 - [fe8cad6564e2] + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: + Sync init_session() prototype with sudo_plugin.h and fix a typo. + [1501cdfa8e76] - * include/sudo_compat.h: - AIX 7.1 defines O_CLOEXEC but it can't be used outside the kernel. - Redefine O_CLOEXEC if it doesn't fit in an int and pipe2() is - missing. - [3ef0220351ca] +2019-12-05 Robert Manner - * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c, - plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c, - plugins/sudoers/parse.h: - Split command match code out into match_command.c. Also remove - unused SUDOERS_NAME_MATCH code. - [2a7adb93a65e] + * plugins/python/example_conversation.py, + plugins/python/example_debugging.py: + plugins/python: example plugin demonstrating conversation and debug + API + [e487d2240607] + + * include/sudo_debug.h, lib/util/sudo_debug.c, lib/util/util.exp.in: + lib/util/sudo_debug.c: add a function for querying if debugging is + needed + + for a level. Rationale: this way we can avoid computing details for + the log which will not happen at all if the computation is slow. + [d636c26d192d] -2019-02-17 Todd C. Miller +2019-12-04 Todd C. Miller - * plugins/sudoers/match_digest.c: - Split out digest matching into its own file. - [93863918f934] + * plugins/sudoers/check.c: + Only update the time stamp entry after the approval function has + succeeded. Bug #910 + [9b2022e6f11d] - * plugins/sudoers/Makefile.in, plugins/sudoers/match.c, - plugins/sudoers/parse.h: - Split out digest matching into its own file. - [aafdc9b976ed] +2019-12-04 Robert Manner -2019-02-12 Todd C. Miller + * plugins/python/sudo_python_debug.c, + plugins/python/sudo_python_debug.h: + plugins/python: add sudo debug helpers + [1d48021e86ad] - * plugins/sudoers/gram.c, plugins/sudoers/gram.h, - plugins/sudoers/gram.y, plugins/sudoers/toke.c, - plugins/sudoers/toke.l: - Rename FOLLOW and NOFOLLOW tokens FOLLOWLNK and NOFOLLOWLNK. Fixes a - namespace collision on Solaris when bison is used. - [707b94b7c1e9] +2019-12-04 Todd C. Miller -2019-02-06 Todd C. Miller + * Merge pull request #14 from sudo-project/tls-config-default-values - * plugins/sudoers/match.c: - Add stub definition of digest_matches() for SUDOERS_NAME_MATCH - [a322e57c85e0] + Audit Server - add default values for cert paths + [f30a48f8b5d5] - * plugins/sudoers/sudo_nss.c: - No longer need to include sudo_lbuf.h - [db110422b24c] +2019-12-04 Laszlo Orban - * mkpkg: - On RedHat/CentOS get the OS major version from /etc/redhat-release. - We cannot determine this from the output of "pp --probe" since it - doesn't contain a period to separate the major and minor numbers. - [78a27d62de0c] + * logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c: + add default values for cert paths + [a76ca8a3ca9f] -2019-02-05 Todd C. Miller +2019-12-03 Todd C. Miller - * plugins/sudoers/policy.c: - Use SET macro instead of bitwise OR. - [b523937e8da8] + * lib/util/sudo_debug.c: + Add reference counting to debug register/deregister. Fixes a + potential problem when an instance is re-registered. + [270e739fd0b3] - * plugins/sudoers/pwutil_impl.c: - In sudo_make_grlist_item() the calculation of total did not include - space for pointers to the group names. - [7c438dd62f45] + * plugins/sudoers/sudoers_debug.c: + Only deregister the sudoers debug instance on last close. Reference + count calls to sudoers_debug_register and only deregister + sudoers_debug_instance when refcnt reaches 0. Fixes a problem where + the debug system was deregistered when the sudoers policy is closed + even though the iolog plugin is active. + [2b73f3e9fc32] + +2019-12-02 Robert Manner + + * plugins/python/python_importblocker.c: + plugins/python: add ImportBlocker which forbids loading unsafe + python modules + + If non root can alter any imported python modules, he is able to run + anything he would like to as root user. This class is a helper to + avoid such situation. + + This feature can be disabled with 'DeveloperMode=1' plugin option. + [26be6228724f] + +2019-11-28 Laszlo Orban + + * plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h: + implement tls layer in iolog plugin + [c25837909952] - * plugins/sudoers/cvtsudoers_pwutil.c: - Use correct debug_decl() names. - [d0f02db8be20] + * plugins/sudoers/iolog.c, plugins/sudoers/policy.c: + process tls config options + [510fdfd39d71] - * plugins/sudoers/sudoers.h: - Add fallback values for sudoers uid, gid and mode if not set in - Makefile. - [21e41ed7a06c] + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in: + add audit server tls related configuration options to sudoers + [f4135025ff1d] -2019-02-04 Todd C. Miller + * plugins/sudoers/Makefile.in: + optionally link sudoers with openssl libs + [750f87200eab] - * lib/util/memset_s.c: - include stddef.h to make sure we get NULL - [d42b4c325c0c] +2019-11-27 Laszlo Orban <43516882+laczau@users.noreply.github.com> -2019-02-02 Todd C. Miller + * logsrvd/logsrvd.c: + Merge pull request #11 from sudo-project/audit-server-tls-async - * src/net_ifs.c: - Fix memory leak when there are no network interfaces or an error - occurs. - [7ba525ee9233] + Sudo audit Server - TLS protocol update + [923f6d914ec5] -2019-01-25 Todd C. Miller +2019-11-26 Laszlo Orban - * configure, configure.ac: - Use $ac_cv_search_FUNCTION instead of $ac_lib and $ac_res. Fixes a - problem where libcrypt is not used with autoconf caching. Adapted - from a diff from Adam Labbe. - [5cfcade6ce3e] + * logsrvd/logsrvd.c: + disable timeout for the reader after ServerHello message + [e579450aafa1] -2019-01-24 Todd C. Miller +2019-11-25 Todd C. Miller - * po/de.mo, po/de.po, po/ko.mo, po/ko.po: - Updated translations from translationproject.org - [4995f6542a2c] + * logsrvd/logsrvd.c: + Exit if the first call to logsrvd_conf_read() fails. It is not fatal + if subsequent calls fail (due to SIGHUP) since we keep a copy of the + old config before installing the new one. + [c20866ea9d03] -2019-01-22 Todd C. Miller + * Makefile.in, plugins/sudoers/Makefile.in: + Add some missing files to "make clean" and "make distclean" + [d1b559e9e1ab] - * plugins/sudoers/parse.c: - Fix listpw=never and verifypw=never. Bug #869 - [ecb89088a884] + * .gitignore, .hgignore: + Update .hgignore and convert to .gitignore + [c8b92b55e74a] -2019-01-20 Todd C. Miller +2019-11-22 Laszlo Orban - * lib/util/regress/vsyslog/vsyslog_test.c, lib/util/sig2str.c, - plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers_pwutil.c, - plugins/sudoers/env.c, plugins/sudoers/find_path.c, - plugins/sudoers/fmtsudoers.c, plugins/sudoers/group_plugin.c, - plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, - plugins/sudoers/ldap_conf.c, plugins/sudoers/ldap_util.c, - plugins/sudoers/logging.c, plugins/sudoers/match.c, - plugins/sudoers/parse.c, plugins/sudoers/set_perms.c, - plugins/sudoers/starttime.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c, - plugins/sudoers/tsdump.c, src/exec_monitor.c, src/exec_nopty.c, - src/exec_pty.c, src/sudo.c, src/ttyname.c: - Minor snprintf() usage tweaks: 1) don't assume snprintf() returns -1 - on error, check for <0 2) when comparing return value of - sizeof(foo), cast the sizeof, not the len 3) cast return value to - void in cases where snprintf cannot fail - [2af6dfb31a49] + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c: + use event timeout instead of socket timeout + [5c72d1d18aec] -2019-01-11 Todd C. Miller + * logsrvd/sendlog.c, logsrvd/sendlog.h: + adapt sudo sendlog (async communication, unencrypted ServerHello + message) + [0269d852f6c6] - * .hgtags: - Added tag SUDO_1_8_27 for changeset b28989f9ada5 - [fcd7a6d8330e] <1.8> + * logsrvd/logsrvd.c, logsrvd/logsrvd.h: + ServerHello message is now unencrypted, TLS communication has been + refactored to full async + [d138cbe2253e] - * NEWS, config.h.in, configure, configure.ac, doc/CONTRIBUTORS, - doc/fixmdoc.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, - doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.man.in, - doc/sudoers.man.in, doc/sudoreplay.man.in, doc/visudo.cat, - doc/visudo.man.in, plugins/sudoers/po/sudoers.pot, - plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/exec_pty.c: - merge sudo 1.8.27 from tip - [b28989f9ada5] [SUDO_1_8_27] <1.8> + * include/log_server.pb-c.h, lib/logsrv/log_server.pb-c.c, + lib/logsrv/log_server.proto, logsrvd/logsrvd.c: + extend ServerHello message with two fields (tls, tls_checkpeer) + [6d7965d29cd4] -2019-01-07 Todd C. Miller +2019-11-21 Robert Manner - * NEWS: - The AIX nofiles hard limit fix and bug #867 will make 1.8.27. - [a8b4710ff907] + * Makefile.in: + Makefile.in: fix calling log2cl when doing out of source build - * plugins/sudoers/auth/pam.c: - Use PAM_SILENT to prevent pam_lastlog from printing last login - information on RedHat except when explicitly running a shell. - Adapted from a patch from Nir Soffer. Bug #867 - [b8b5d3445a3c] + If doing build out of source and not calling configure by absolute + path, $(top_srcdir) variable will contain a path relative to the + directory we stand in. So, after changing the current directory "cd + $(srcdir)", this path will point to somewhere else making the + install step fail. + [58a22fce613f] + + * plugins/python/python_baseplugin.c, + plugins/python/python_convmessage.c, + plugins/python/sudo_python_module.c, + plugins/python/sudo_python_module.h: + plugins/python: add a sudo python module + [c512c48170ae] - * lib/util/aix.c: - Fix the default nofiles and stack hard limits. The table of default - hard limits in /etc/security/limits was out of date with respect to - the current documentation. The default hard limit for nofiles should - be unlimited, not 8196. The default hard limit for stack should be - 4194304 blocks (which fits in an unsigned long on 32-bit platforms). - [68c8c05a0b9b] +2019-11-20 Todd C. Miller -2019-01-03 Todd C. Miller + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + plugins/sudoers/policy.c, src/sudo.c: + For plugin API 1.15 and up, always call the plugin close function. + Previously, it was only called when a command was run (including + sudoedit). Now, plugin operations list, validate, invalidate, and + show_version are also closed. + [6cdcb5624908] - * plugins/sudoers/po/sudoers.pot: - regen - [3000c62ed0ba] +2019-11-19 Todd C. Miller - * NEWS: - Final updates for sudo 1.8.27. - [40d6ecb1f739] + * plugins/sudoers/iolog_client.c: + Avoid NULL deref on an error path if calloc() fails. Coverity CID + 205873 + [bad732813149] - * src/exec_pty.c: - Update copyright year - [adc9f4046585] + * src/conversation.c: + Fix potential fd leak when converting trailing newline to cr + nl. + Coverity CID 205872 + [4597abb8ee1f] + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in, + examples/sudo_logsrvd.conf: + Document the process of creating self-signed certificates for + sudo_logsrvd. Based on a document from Laszlo Orban. + [0be730e58f17] - * doc/LICENSE: - Update for 2019 - [ccbbad25d7c7] + * plugins/group_file/plugin_test.c: + Sync with argument handling in group_plugin.c + [937475aa2c3f] -2019-01-02 Todd C. Miller + * plugins/sudoers/group_plugin.c: + If a group plugin has optional arguments, NULL terminate the vector. + Otherwise, the plugin cannot determine the end of arguments. The + behavior now matches the plugin documentation. + [51e02f75a447] - * src/exec_pty.c: - Fix setting of utmp entry when running command in a pty. Regression - introduced in sudo 1.8.22. - [cf81f3fa1f3a] +2019-11-19 Robert Manner -2018-12-24 Todd C. Miller + * plugins/python/example_group_plugin.py: + plugins/python: add example python group plugin + [9f9d7cc2d5db] + + * plugins/python/example_policy_plugin.py: + plugins/python: add example python policy plugin + [6cc0d47edae0] + + * plugins/python/example_io_plugin.py: + plugins/python: add example io python plugin + [d22532c34748] + +2019-11-18 Todd C. Miller + + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, src/sudo.c: + If there is no session or terminal group ID, pass the plugin a value + of 0. This behavior already matches what is documented in the + sudo_plugin manual for "sid" but the "tcpgid" entry needed to be + updated. + [2d720153c4cf] * plugins/sudoers/sudoers.c: - Use debug_return_int not debug_return_bool in resolve_host - [490241e14e68] + Don't touch the local iolog sequence file if we are logging remotely + [3c5dc60a9d11] - * NEWS, configure, configure.ac: - sudo 1.8.27 - [f59a4a391a44] + * plugins/sudoers/iolog_client.c: + Plug a memory leak found by leak sanitizer + [13aac57d0506] + + * plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c, + plugins/sudoers/iolog_plugin.h: + Make a shallow copy of user_env in I/O plugin in case it is + reallocated. The policy plugin's session init function may + reallocate the user environment pointer. Fixes a use after free when + PAM is used. + [3eb35dac2743] - * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, - plugins/sudoers/visudo.c: - Allow the sudoers file to be specified without the -f option. Bug - #864 - [eb3d4c4461ba] + * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/policy.c: + Rename "log_server" in sudoers to "log_servers" to match I/O plugin. + [1dbe79c18760] -2018-12-20 Todd C. Miller +2019-11-17 Todd C. Miller - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - The iolog_dir section is below the maxseq section, not above. - [35534e4f23d9] + * logsrvd/logsrvd.c: + Check closure->ssl for non-NULL instead of + logsrvd_conf_get_tls_opt(). It's a little more obvious this way and + ssl is only non-NULL when the tls option is enabled anyway. + [3436430c064b] + + * logsrvd/logsrvd.c: + Init iolog_dir_fd and sock in connection_closure before adding to + list. Otherwise we could close the wrong fds in the error path. + [1643211f8b46] -2018-12-12 Todd C. Miller + * doc/CONTRIBUTORS: + Add Laszlo Orban + [2836214cd4b8] - * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, po/ja.mo, - po/ja.po: - Updated translations from translationproject.org - [270660da2de4] +2019-11-16 Todd C. Miller -2018-12-11 Todd C. Miller + * doc/sudo_logsrvd.conf.man.in: + regen + [4a44bfc42b4b] - * plugins/sudoers/sudoreplay.c: - Add -n and -R options to help; reported by Radovan Sroka - [683df32eb950] + * doc/sudo_logsrvd.conf.mdoc.in, examples/sudo_logsrvd.conf: + Change TLS example file locations to be under /etc/ssl/sudo. + [f4c302a3bcb9] - * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in: - Add missing description of padding option and missing argument to - -c. - [c762020f1694] + * doc/sudo_logsrvd.conf.mdoc.in, examples/sudo_logsrvd.conf: + Document sudo_logsrvd TLS configuration. + [97260e6acfaf] - * plugins/sudoers/cvtsudoers.c: - The -c option was missing from the help info; from Radovan Sroka - [aa36d5c05b0b] +2019-11-15 Todd C. Miller - * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in: - Fix some typos; reported by Radovan Sroka - [d6137224dd47] + * include/sudo_event.h: + Include time.h for struct timespec. + [8bd80773d0fa] -2018-12-08 Todd C. Miller + * lib/util/util.exp.in: + Add sudo_ev_set_v1 to the exports file. + [fd6b66378e5d] - * plugins/sudoers/auth/pam.c: - In sudo_pam_approval(), for the exempt case, only overwrite pam - status when the passwd is expired or needs to be updated. - [2c2d1ed1bb7e] + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document the log_server and log_server_timeout options + [7d7429b73d25] -2018-12-07 Todd C. Miller + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h, + plugins/sudoers/policy.c, src/exec_nopty.c, src/exec_pty.c, + src/sudo.c: + Add support for logging to the log server + [158a8e80faab] - * plugins/sudoers/auth/pam.c: - The fix for bug #843 was incomplete and caused pam_end() to be - called early. sudo_pam_approval() must not set the global pam status - to an error value if it returns AUTH_SUCCESS. Otherwise, - sudo_pam_cleanup() will call pam_end() before - sudo_pam_begin_session(). This resulted in a NULL PAM handle being - used in sudo_pam_begin_session(). - [656aa910fbaf] + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + include/sudo_event.h, include/sudo_plugin.h, lib/util/event.c, + plugins/sudoers/iolog.c, plugins/sudoers/policy.c, src/Makefile.in, + src/exec.c, src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, + src/load_plugins.c, src/preload.c, src/sudo.c, src/sudo.h, + src/sudo_plugin_int.h: + Add a plugin interface to sudo main event loop. + [123662f454da] -2018-12-05 Todd C. Miller + * MANIFEST, Makefile.in, configure, configure.ac, + include/log_server.pb-c.h, include/protobuf-c/protobuf-c.h, + lib/logsrv/Makefile.in, lib/logsrv/log_server.pb-c.c, + lib/logsrv/log_server.proto, lib/logsrv/protobuf-c.c, + logsrvd/Makefile.in, logsrvd/log_server.pb-c.c, + logsrvd/log_server.pb-c.h, logsrvd/log_server.proto, + logsrvd/protobuf-c/protobuf-c.c, logsrvd/protobuf-c/protobuf-c.h: + Move protobuf-c.c, log_server.proto, log_server.pb-c.[ch] to + lib/logsrv + [6772a775471f] - * src/exec.c: - Don't run the command in a pty if no I/O plugins are logging - anything. That way an I/O plugin that doesn't actually log anything - won't cause the command to be run in a pty. - [ef83f35c9cb0] + * lib/util/event.c: + When freeing an event base, reset ev->base to NULL for associated + events. + [7199d3967059] + + * logsrvd/logsrvd_conf.c: + Move cb_timeout() out from under the HAVE_OPENSSL ifdef. + [c7fc294ce21a] + + * INSTALL, config.h.in, configure, configure.ac, logsrvd/Makefile.in, + logsrvd/logsrvd.c: + LibreSSL and older OpenSSL don't support SSL_CTX_set_ciphersuites(). + Add a configure test and skip TLS 1.3 setup if it is missing. We + still accept the tls_ciphers13 config setting but it will be + ignored. + [06d478442971] + + * logsrvd/logsrvd.c, logsrvd/sendlog.c: + Minor style nits that I missed during review. + [7209ccc5a3cf] + + * logsrvd/sendlog.c: + Avoid calling SSL_CTX_free() on an uninitialized pointer in an error + path. + [2df423e30773] + + * Merge pull request #9 from sudo-project/audit-server-tls-support + + Audit server tls support + [0aded6c1deec] + +2019-11-13 Laszlo Orban + + * logsrvd/Makefile.in, logsrvd/sendlog.c: + update sudo_sendlog to support openssl tls + [ab4be8367862] -2018-11-29 Todd C. Miller +2019-11-12 Todd C. Miller - * .hgignore: - Update ignore patterns to match doc changes. - [7438cdacc0e1] + * src/limits.c: + Simplify resource limit fallback logic a bit. + [cdab60b50079] - * doc/fixmdoc.sed: - fix mode fixmdoc.sed - [d74c0b7c5932] +2019-11-11 Todd C. Miller -2018-11-27 Todd C. Miller + * doc/CONTRIBUTORS: + Add sudo logo designers + [94c841c8bc28] - * doc/Makefile.in, doc/sudo.conf.man.in, doc/sudo.man.in, - doc/sudoers.ldap.man.in, doc/sudoers.man.in, - doc/sudoers_timestamp.man.in, doc/sudoreplay.man.in, - doc/visudo.man.in: - Fix section in the .TH line of *.man.in file. The substitution for - @mansectsu@ and @mansectform@ was broken. No longer need to strip - out OpenBSD from the header line. - [cb02c8496b21] + * src/limits.c: + Don't set the RLIMIT_STACK soft/hard limits to unlimited. Use 8Mb + for soft and 64Mb for hard. Works around issues on macOS and docker. + See also Bug #908 + [1d7f52c32360] - * doc/sudoers.man.in.sed: - Add sudoers.man.in.sed, missed from previous commit. - [a2113a52e6a7] + * src/tgetpass.c: + Restore resource limits before executing the askpass program. Linux + with docker seems to have issues executing a program when the stack + size is unlimited. Bug #908 + [28cb58a5ac94] - * doc/CONTRIBUTORS: - Add Guillem Jover - [db7a39f9726a] + * src/conversation.c: + Check for replies pointer being NULL just in case. + [7c0c4c6b001e] - * NEWS: - recent changes - [0c07a0cdf2ff] +2019-11-11 Laszlo Orban - * MANIFEST, doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sed, - doc/fixmdoc.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.man.in.sed, - doc/sudo.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, - doc/sudoers.mdoc.in: - Use roff conditionals in the manuals instead of post-processing. We - still need to process the resulting .man.in files to add back the - conditionals but this should be easier to debug as the changes are - visible in the .in file. Some minor postprocessing is still used to - make the manuals HP-UX friendly and to change "0 seconds" -> - unlimited after substitution. - [44316d271ab8] + * examples/sudo_logsrvd.conf, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c: + set timeout value for the socket + [e884292ab6c9] -2018-11-24 Todd C. Miller +2019-11-09 Todd C. Miller - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in: - Sudo plugin manual updates and clarification from Guillem Jover: - - Add missing return information for show_version(). - - Fix prototypes for several function pointers. - - Update SUDO_API_VERSION_MINOR. - - Add missing references to log_suspend() and change_winsize(). - - Add missing "array.". - - Clarify that argc can be zero on sudo -V. - - Clarify size requirements for conversation array arguments. - - Clarify timeout zero value for struct sudo_conv_message. - - Clarify initial and final state of reply in struct sudo_conv_reply. - [1241cff4dd51] + * src/conversation.c: + Convert trailing newline to carriage return + newline for tty. Does + not currently handle embedded newlines. + [ad195e045150] - * doc/fixmdoc.sh, doc/sudo.man.in, doc/sudo.mdoc.in, - doc/sudoers.man.in, doc/sudoers.mdoc.in: - Revert changes to give arguments to the .Bx macro. This is intended - for things like .Bx 4.3 to generate "4.3BSD" so the argument ends up - before the BSD, not after. Just go back to using "BSD - authentication" and "BSD login classes" so fixmdoc.sh can operate - correctly. Bug #861 - [c58965343318] +2019-11-08 Todd C. Miller -2018-11-23 Todd C. Miller + * lib/util/fatal.c: + Only write a carriage return if output is to a tty. + [f605335649ea] - * doc/fixmdoc.sh, doc/sudo.mdoc.in, doc/sudoers.mdoc.in: - Update fixmdoc.sh to match the BSD -> .Bx changes in the manuals. - Bug #861 - [7ddfb74781a1] + * lib/util/fatal.c: + Include a carriage return when printing warning messages. Otherwise, + if the command is running in a pty the output is stair-stepped. + [f23d4f0ed902] + +2019-11-08 Laszlo Orban + + * configure, logsrvd/Makefile.in, logsrvd/logsrvd.c, + logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c: + make audit server openssl dependency optional; tls layer is compiled + only if sudo is built with --enable-openssl feature switch + [c360a34c89c0] -2018-11-18 Todd C. Miller +2019-11-07 Todd C. Miller - * config.h.in, configure, configure.ac, m4/sudo.m4, src/utmp.c: - Add support for utmps as found in HP-UX. - [f55312948139] + * lib/util/util.exp.in: + Add sudo_parse_host_port_v1 and sudo_pow2_roundup_v1 to exports + file. + [e8b529115871] -2018-11-14 Todd C. Miller +2019-11-07 Laszlo Orban - * config.h.in, configure, configure.ac, include/sudo_util.h, - lib/util/utimens.c: - Support st_nmtime in struct stat as found in HP-UX. - [0854b34cd2ea] + * logsrvd/logsrvd.c: + fixed segfault when connection_closure_free() tries to remove a non- + existent connection object from the list + [4d6dd38d59f6] + +2019-11-06 Todd C. Miller * lib/util/closefrom.c: - If fcntl fails, fall back to the /proc implementation. - [59a03e0d3148] + Fix typo in closefrom emulation. + [b23a6c512d4a] -2018-11-12 Todd C. Miller + * plugins/sudoers/env.c: + Do not warn about a missing /etc/environment file on Linux without + PAM. Bug #907 + [f85ff5ee2caf] - * .hgtags: - Added tag SUDO_1_8_26 for changeset 02d6cbd61499 - [653de4bdaf6b] <1.8> +2019-11-05 Todd C. Miller - * INSTALL, Makefile.in, NEWS, configure, configure.ac, - doc/CONTRIBUTORS, doc/sudo.cat, doc/sudo.man.in, - doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, - doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, - doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, - doc/visudo.man.in, lib/util/Makefile.in, lib/util/event.c, - lib/util/getgrouplist.c, plugins/group_file/Makefile.in, - plugins/sudoers/Makefile.in, plugins/sudoers/auth/passwd.c, - plugins/sudoers/auth/secureware.c, plugins/sudoers/boottime.c, - plugins/sudoers/check.c, plugins/sudoers/env.c, - plugins/sudoers/iolog.c, plugins/sudoers/iolog_util.h, - plugins/sudoers/logging.c, plugins/sudoers/match.c, - plugins/sudoers/po/sudoers.pot, plugins/sudoers/redblack.c, - plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, - plugins/sudoers/visudo.c, po/sudo.pot, src/Makefile.in, - src/exec_pty.c, src/load_plugins.c, src/parse_args.c, src/sudo.c, - src/ttyname.c: - merge sudo 1.8.26 from tip - [02d6cbd61499] [SUDO_1_8_26] <1.8> + * doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/parse.h, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/toke_util.c, + plugins/sudoers/visudo.c: + Transparently handle the "sudo sudoedit" problem. Some admin are + confused about how to give users sudoedit permission and many users + try to run sudoedit via sudo instead of directly. If the user runs + "sudo sudoedit" sudo will now treat it as plain "sudoedit" after + issuing a warning. If the admin has specified a fully-qualified path + for sudoedit in sudoers, sudo will treat it as just "sudoedit" and + match accordingly. In visudo (but not sudo), a fully-qualified path + for sudoedit is now treated as an error. + [5cdcfd9a6c33] - * NEWS: - Mention schema.olcSudo - [320adcd29a61] + * logsrvd/iolog_writer.c, logsrvd/sendlog.c: + Rename cwd -> submitcwd to match man page. + [bc9ea396055a] -2018-11-09 Todd C. Miller +2019-11-05 Laszlo Orban - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in: - Mention schema.olcSudo here too. - [a19dff54603b] + * logsrvd/logsrvd.c: + verify server/client certs with CA certificate chain file + [a177af7d7bbf] - * MANIFEST, README.LDAP, doc/CONTRIBUTORS, doc/schema.OpenLDAP, - doc/schema.olcSudo: - OpenLDAP schema file for Sudo in on-line configuration (OLC) format. - From Frederic Pasteleurs. - [1fcfa9f307a2] +2019-11-05 Todd C. Miller - * po/ast.mo, po/ast.po: - Updated translations from translationproject.org - [70f0ec8c721c] + * MANIFEST, lib/util/Makefile.in, lib/util/host_port.c, + lib/util/regress/host_port/host_port_test.c: + Add unit test for parse_host_port and make an empty port an error. + [b6b895cdc010] + +2019-11-04 Todd C. Miller + + * lib/util/host_port.c: + Fill in host and port pointers on success. + [794368ebd367] + +2019-11-04 Laszlo Orban + + * logsrvd/logsrvd.c: + fix copy-paste mistake + [2fe897c77485] -2018-11-08 Todd C. Miller +2019-11-02 Todd C. Miller + + * MANIFEST, include/sudo_util.h, lib/util/Makefile.in, + lib/util/host_port.c, logsrvd/logsrvd_conf.c: + Split out code to parse host:port into a utility function. + [d8331e72394d] + + * MANIFEST, include/sudo_util.h, lib/util/Makefile.in, + lib/util/roundup.c, logsrvd/logsrv_util.c, logsrvd/logsrv_util.h, + logsrvd/logsrvd.c, logsrvd/sendlog.c: + Move bufsize_roundup() -> sudo_pow2_roundup() in libsudo_util. + [791f5c353ef1] + + * lib/iolog/Makefile.in, logsrvd/Makefile.in: + Add missing depend target + [75107bcfff3d] + + * lib/iolog/Makefile.in, lib/util/Makefile.in, logsrvd/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + We haven't needed -I$(top_srcdir) for a long time. + [6974ea4a6c8c] * lib/util/closefrom.c: - Only use closefrom_fallback() if no better method exists. The - previous logic was too fragile. - [2510928e291f] + In closefrom_fallback() use the interval [OPEN_MAX, INT_MAX]. We + want to try closing at least OPEN_MAX fds but no more than INT_MAX. + On 64-bit systems it is possible for sysconf(_SC_OPEN_MAX) to return + a value larger than INT_MAX when the number of open files is + unlimited. + [08d6fea1c894] -2018-11-07 Todd C. Miller + * plugins/sudoers/logging.c, src/exec_monitor.c, src/selinux.c, + src/tgetpass.c: + Use dup3() instead of dup2(). This is less error prone since dup3() + returns an error if old == new. Sudo guarantees that fds 0-2 are + already open. + [a9ffaa8a8a55] - * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, - plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, - plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, - plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, - plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, - plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, - plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, - plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, - plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, - plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, - plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo, - po/cs.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/it.mo, - po/it.po, po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, - po/pt_BR.po, po/sv.mo, po/sv.po, po/tr.mo, po/tr.po, po/uk.mo, - po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, po/zh_CN.po: - Updated translations from translationproject.org - [898154804015] + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/Makefile.in, lib/util/dup3.c, + mkdep.pl: + Add dup3() emulation. + [7bd8864dee7e] - * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/pt.mo, - plugins/sudoers/po/pt.po, po/pt.mo, po/pt.po: - Portuguese translation for sudo and sudoers from - translationproject.org. - [4c49e5cf8936] + * plugins/sudoers/logging.c, src/exec_monitor.c, src/exec_pty.c, + src/tgetpass.c: + Open all pipes using pipe2() with O_CLOEXEC. We no longer depend on + calling closefrom() before exec. + [176ae5cf1d94] -2018-11-05 Todd C. Miller + * src/exec.c, src/tgetpass.c: + Call closefrom() before we change to a non-root UID. This prevents + another process from changing the NOFILE resource limit of the child + process and defeating the closefrom() call. Reported by Joe Vennix + from Apple Information Security. + [f93d52b24976] - * NEWS, configure, configure.ac, include/sudo_fatal.h, - lib/util/Makefile.in, lib/util/fatal.c, lib/util/util.exp.in, - plugins/sudoers/Makefile.in, plugins/sudoers/logging.c, - plugins/sudoers/logging.h, plugins/sudoers/sudoers.c: - Add sudo_gai_fatal, sudo_gai_vfatal, sudo_gai_vwarn, sudo_gai_warn - and gai_log_warning that use gai_strerror() instead of strerror(). - [9c37c5db3293] + * MANIFEST, logsrvd/Makefile.in: + Regenerate Makefile and sort MANIFEST + [24664d6c9d47] -2018-10-31 Todd C. Miller +2019-11-01 Todd C. Miller - * plugins/sudoers/match.c: - Fix memory leak in runaslist_matches(). - [f1366ad50eb3] + * doc/sudo.man.in, doc/sudo.mdoc.in: + Reference timestamp_type and timestamp_timeout in sudoers. This + should help users find details on how time stamp files work. + [d5aa7c0b404c] -2018-10-29 Todd C. Miller +2019-10-31 Laszlo Orban - * NEWS: - typo - [fc8aa243672a] + * logsrvd/logsrvd.c: + process tls config params in the audit server and establish TLS + connection accordingly + [33ce32c140af] - * plugins/sudoers/po/sudoers.pot, po/sudo.pot: - regen - [f333405eb06c] +2019-10-29 Todd C. Miller - * NEWS: - More updates for 1.8.26 - [1941961b232f] + * src/limits.c: + macOS does not allow rlim_cur to be set to RLIM_INFINITY for + RLIMIT_NOFILE. We need to use OPEN_MAX instead as per the macOS + setrlimit manual. Bug #904 + [2a00e62eaeb0] -2018-10-28 Todd C. Miller +2019-10-28 Todd C. Miller - * MANIFEST, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap_util.c, - plugins/sudoers/regress/cvtsudoers/test33.out.ok, - plugins/sudoers/regress/cvtsudoers/test33.sh: - Add support for negated sudoRunAsUser and sudoRunAsGroup entries. - [d0368336d92b] + * Makefile.in: + Fix ChangeLog generation on a branch. + [69409e5b1179] -2018-10-27 Todd C. Miller +2019-10-27 Todd C. Miller - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat, - doc/sudoers.man.in, doc/sudoers.mdoc.in: - Document that the target user's groups may be specified via the -g - option. - [67b7643e3bcb] + * logsrvd/sendlog.c: + Remove unused copy of iolog_seekto(). + [1d730d414cd9] - * plugins/sudoers/tsgetgrpw.c: - Include getpwent() version of sudo_getgrouplist2_v1() from - getgrouplist.c - [60aa493504d1] +2019-10-25 Laszlo Orban - * MANIFEST, plugins/sudoers/regress/testsudoers/group, - plugins/sudoers/regress/testsudoers/test1.sh: - Use a testsudoers group file with known contents instead of the - system one. - [7a4499c92acd] + * examples/sudo_logsrvd.conf, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c: + add configuration options for TLS + [291a9986d6e9] - * plugins/sudoers/match.c, plugins/sudoers/parse.h, - plugins/sudoers/set_perms.c: - Allow the group set by "sudo -g" to be any of the target user's - groups. Previously, this was only allowed if the group matched the - target user's primary group ID (from the passwd database entry). The - sudoers policy will now allow the group if it is one of the target - user's supplemental groups as well. - [c43fedc19a01] +2019-10-24 Todd C. Miller -2018-10-26 Todd C. Miller + * MANIFEST, doc/Makefile.in, doc/sudo_logsrv.proto.man.in, + doc/sudo_logsrv.proto.mdoc.in, doc/sudo_logsrvd.conf.man.in, + doc/sudo_logsrvd.conf.mdoc.in, examples/sudo_logsrvd.conf, + logsrvd/iolog_writer.c: + Document the sudo log server protocol + [46de0934987c] + + * include/sudo_iolog.h, lib/iolog/iolog_fileio.c, + logsrvd/logsrvd_conf.c, plugins/sudoers/iolog.c: + Read logsrvd.conf in two steps: first read, then apply if OK. This + fixes a problem where when logsrvd.conf was reloaded while running + (due to SIGHUP) and there was an error we could end up with a + partial config. + [d3244c318c5b] + + * include/sudo_iolog.h, lib/iolog/iolog_util.c, + lib/iolog/regress/iolog_util/check_iolog_util.c, + logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, logsrvd/sendlog.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/sudoreplay.c: + Add iolog_ prefix to exported functions in iolog_util.c + [62027c8e1abd] - * lib/util/regress/getgrouplist/getgrouplist_test.c: - Skip sudo_getgrouplist2() check on systems with getgrouplist_2(). - sudo_getgrouplist2() is just a wrapper on such systems and this - avoids a test failure on macOS where a user is automatically a - member of certain groups. - [26ba0c363b80] + * include/sudo_iolog.h, lib/iolog/iolog_fileio.c, + logsrvd/logsrvd_conf.c, plugins/sudoers/iolog.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c: + Simplify iolog_set_user and iolog_set_group + [e82c5078b02c] - * lib/util/util.exp.in: - Add missing exported symbol sudo_term_eof - [2d8e0438eba4] + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/Makefile.in, lib/util/fchmodat.c, + lib/util/fstatat.c, mkdep.pl: + Add fchmodat() and fstatat() emulation. Note that fchmodat() + emulation does not support AT_SYMLINK_NOFOLLOW + [8232c22e71c7] + + * doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in, + logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c: + Clear the write bit on the timing file for completed logs. This + allows us to tell whether or not a log can be restarted. + [b2180b6ef53b] + + * logsrvd/logsrvd.c: + Redirect std{in,out,err} to /dev/null even when given the -n option. + [376186a8d9cc] + + * include/sudo_iolog.h, lib/iolog/iolog_fileio.c, + lib/iolog/iolog_path.c, + lib/iolog/regress/iolog_path/check_iolog_path.c, + lib/iolog/regress/iolog_path/data, logsrvd/iolog_writer.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path_escapes.c, + plugins/sudoers/sudoers.c: + Simplify expand_iolog_path() + [4f0f85f659d1] - * plugins/sudoers/ldap_conf.c: - Add missing #ifdef LDAP_OPT_X_TLS_REQUIRE_CERT Fixes problems - building on older LDAP sdks. - [1effb0f19867] + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [e268d56da49c] - * MANIFEST: - add getgrouplist_test.c - [ca5bae341846] + * examples/sudo_logsrvd.conf, include/sudo_iolog.h, + lib/iolog/iolog_fileio.c, logsrvd/Makefile.in, logsrvd/logsrvd.c, + logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c: + Make the logsrvd port and list address configurable. + [69d73358888d] + + * Makefile.in, logsrvd/Makefile.in, logsrvd/iolog_writer.c, + logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c, logsrvd/sendlog.c: + Mark logsrvd and sendlog strings for translation in the sudoers + domain + [24b1fd6250fb] + + * logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/sendlog.c: + Add long option support to logsrvd and sendlog. + [ecb2fae83abb] + + * logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h: + Return an error to the client on error instead of dropping the + connection. + [2e40ca902100] + + * examples/sudo_logsrvd.conf, logsrvd/logsrvd_conf.c: + Convert sudo_logsrvd.conf to ini file format + [91dff03d0795] + + * MANIFEST, examples/sudo_logsrvd.conf, include/sudo_util.h, + lib/util/Makefile.in, lib/util/logfac.c, lib/util/logpri.c, + lib/util/util.exp.in, logsrvd/Makefile.in, logsrvd/eventlog.c, + logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c, plugins/sudoers/defaults.c: + Add basic support for event logging using a sudo-style log format. + [eb6aa3672e6f] + + * logsrvd/logsrvd.c, logsrvd/sendlog.c: + Add OpenBSD malloc options. + [a0d79af0c430] + + * MANIFEST, logsrvd/Makefile.in, logsrvd/buffer.c, logsrvd/buffer.h, + logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/sendlog.c, logsrvd/sendlog.h: + Allow messages up to 2Mb in size. + [af79754aaf53] - * lib/util/regress/getgrouplist/getgrouplist_test.c: - Check the user's primary gid from the passwd file too. - [60ba98074d75] + * MANIFEST, configure, configure.ac, doc/Makefile.in, + doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in, + doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in, + examples/sudo_logsrvd.conf, m4/sudo.m4: + Add manual pages for logsrvd and sendlog. + [f437259d81ae] + + * include/sudo_iolog.h, lib/iolog/iolog_fileio.c, + logsrvd/iolog_writer.c, logsrvd/logsrvd.c: + Add restart support for compresses I/O logs. + [1191fac5ff52] + + * logsrvd/sendlog.c, logsrvd/sendlog.h: + Fix client side of restart. Seek to the target point there too so we + start sending from the right place. + [403bf22a6dad] - * .hgignore: - ignore prologue - [589222ec2717] + * include/sudo_iolog.h, lib/iolog/iolog_util.c, + logsrvd/iolog_writer.c, logsrvd/sendlog.c, + plugins/sudoers/sudoreplay.c: + Move read_timing_record() into libsudo_iolog + [65a984f7fa7a] - * lib/util/aix.c, lib/util/arc4random.c, - lib/util/arc4random_uniform.c, lib/util/closefrom.c, - lib/util/digest.c, lib/util/digest_gcrypt.c, - lib/util/digest_openssl.c, lib/util/event.c, lib/util/event_poll.c, - lib/util/event_select.c, lib/util/fatal.c, lib/util/fnmatch.c, - lib/util/getentropy.c, lib/util/getgrouplist.c, - lib/util/gethostname.c, lib/util/getline.c, lib/util/getopt_long.c, - lib/util/gettime.c, lib/util/gidlist.c, lib/util/isblank.c, - lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c, - lib/util/memrchr.c, lib/util/memset_s.c, lib/util/mksiglist.c, - lib/util/mksigname.c, lib/util/mktemp.c, lib/util/nanosleep.c, - lib/util/parseln.c, lib/util/pipe2.c, lib/util/progname.c, - lib/util/pw_dup.c, lib/util/reallocarray.c, - lib/util/regress/atofoo/atofoo_test.c, - lib/util/regress/getgrouplist/getgrouplist_test.c, - lib/util/regress/parse_gids/parse_gids_test.c, - lib/util/regress/progname/progname_test.c, - lib/util/regress/strsplit/strsplit_test.c, - lib/util/regress/sudo_conf/conf_test.c, - lib/util/regress/sudo_parseln/parseln_test.c, - lib/util/regress/tailq/hltq_test.c, - lib/util/regress/vsyslog/vsyslog_test.c, lib/util/secure_path.c, - lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c, - lib/util/strlcat.c, lib/util/strlcpy.c, lib/util/strndup.c, - lib/util/strnlen.c, lib/util/strsignal.c, lib/util/strsplit.c, - lib/util/strtobool.c, lib/util/strtoid.c, lib/util/strtomode.c, - lib/util/strtonum.c, lib/util/sudo_conf.c, lib/util/sudo_debug.c, - lib/util/sudo_dso.c, lib/util/term.c, lib/util/ttyname_dev.c, - lib/util/ttysize.c, lib/util/utimens.c, lib/util/vsyslog.c, - plugins/group_file/getgrent.c, plugins/group_file/group_file.c, - plugins/group_file/plugin_test.c, plugins/sample/sample_plugin.c, - plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, - plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c, - plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, - plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, - plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, - plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, - plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, - plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, - plugins/sudoers/base64.c, plugins/sudoers/boottime.c, - plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, - plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c, - plugins/sudoers/cvtsudoers_ldif.c, - plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c, - plugins/sudoers/digestname.c, plugins/sudoers/editor.c, - plugins/sudoers/env.c, plugins/sudoers/env_pattern.c, - plugins/sudoers/file.c, plugins/sudoers/filedigest.c, - plugins/sudoers/find_path.c, plugins/sudoers/fmtsudoers.c, - plugins/sudoers/gc.c, plugins/sudoers/gentime.c, - plugins/sudoers/getdate.c, plugins/sudoers/getspwuid.c, - plugins/sudoers/gmtoff.c, plugins/sudoers/goodpath.c, - plugins/sudoers/gram.c, plugins/sudoers/group_plugin.c, - plugins/sudoers/hexchar.c, plugins/sudoers/interfaces.c, - plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, - plugins/sudoers/iolog_util.c, plugins/sudoers/ldap.c, - plugins/sudoers/ldap_conf.c, plugins/sudoers/ldap_util.c, - plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, - plugins/sudoers/logging.c, plugins/sudoers/logwrap.c, - plugins/sudoers/match.c, plugins/sudoers/match_addr.c, - plugins/sudoers/mkdir_parents.c, plugins/sudoers/parse.c, - plugins/sudoers/parse_ldif.c, plugins/sudoers/policy.c, - plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, - plugins/sudoers/pwutil_impl.c, plugins/sudoers/rcstr.c, - plugins/sudoers/redblack.c, - plugins/sudoers/regress/check_symbols/check_symbols.c, - plugins/sudoers/regress/env_match/check_env_pattern.c, + * MANIFEST, lib/iolog/iolog_fileio.c, logsrvd/Makefile.in, + logsrvd/buffer.c, logsrvd/buffer.h, logsrvd/iolog_writer.c, + logsrvd/logsrv_util.c, logsrvd/logsrv_util.h, logsrvd/logsrvd.h, + logsrvd/sendlog.c, logsrvd/sendlog.h: + Rename buffer.c -> logsrv_util.c and add iolog_seekto() + [0ff1a6fdaecd] + + * logsrvd/logsrvd.c, logsrvd/sendlog.c: + Fix some warnings from the clang static analyzer. + [95de486cfb65] + + * logsrvd/sendlog.c: + Fix Coverity CID 204353, fd leak on error path. + [3519d910c777] + + * logsrvd/logsrvd_conf.c: + Fix Coverity CID 204355, resource leak on error path. + [c5c50c6bae16] + + * lib/iolog/iolog_fileio.c: + Avoid TOCTOU in iolog_mkdirs; Coverity CID 204356 + [0c8679a731f5] + + * lib/util/mkdir_parents.c: + Avoid TOCTOU in sudo_mkdir_parents; Coverity CID 204357 + [e9eeae60dff2] + + * logsrvd/log_server.pb-c.c, logsrvd/log_server.pb-c.h, + logsrvd/log_server.proto: + Add NumberList to InfoMessage. Also make comments fit in 80 columns + when formatted as a man page. + [fd7af0bb2477] + + * configure, configure.ac, include/sudo_rand.h, logsrvd/Makefile.in, + logsrvd/logsrvd.c: + Command line option processing for logsrvd + [0f2248532960] + + * MANIFEST, examples/sudo_logsrvd.conf, logsrvd/Makefile.in, + logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c, pathnames.h.in: + Add config file support for logsrvd + [4e643a95c88b] + + * MANIFEST, include/sudo_util.h, lib/util/Makefile.in, + lib/util/mkdir_parents.c, lib/util/util.exp.in, + plugins/sudoers/Makefile.in, plugins/sudoers/mkdir_parents.c, + plugins/sudoers/sudoers.h: + Move mkdir_parents to libsudo_util. + [3f540eb94282] + + * MANIFEST, Makefile.in, configure, configure.ac, + include/sudo_iolog.h, include/sudo_util.h, lib/iolog/Makefile.in, + lib/iolog/iolog_fileio.c, lib/iolog/iolog_path.c, + lib/iolog/iolog_util.c, + lib/iolog/regress/iolog_path/check_iolog_path.c, + lib/iolog/regress/iolog_path/data, + lib/iolog/regress/iolog_util/check_iolog_util.c, + lib/util/sudo_conf.c, logsrvd/Makefile.in, logsrvd/iolog_writer.c, + logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, + logsrvd/sendlog.c, logsrvd/sendlog.h, + plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/iolog.c, + plugins/sudoers/iolog.h, plugins/sudoers/iolog_files.h, + plugins/sudoers/iolog_path.c, plugins/sudoers/iolog_path_escapes.c, + plugins/sudoers/iolog_util.c, plugins/sudoers/iolog_util.h, + plugins/sudoers/policy.c, plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/iolog_path/data, plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, plugins/sudoers/regress/iolog_util/check_iolog_util.c, - plugins/sudoers/regress/logging/check_wrap.c, - plugins/sudoers/regress/parser/check_addr.c, - plugins/sudoers/regress/parser/check_base64.c, - plugins/sudoers/regress/parser/check_digest.c, - plugins/sudoers/regress/parser/check_fill.c, - plugins/sudoers/regress/parser/check_gentime.c, - plugins/sudoers/regress/parser/check_hexchar.c, - plugins/sudoers/regress/starttime/check_starttime.c, - plugins/sudoers/set_perms.c, plugins/sudoers/solaris_audit.c, - plugins/sudoers/sssd.c, plugins/sudoers/starttime.c, - plugins/sudoers/strlist.c, plugins/sudoers/stubs.c, - plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_printf.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c, - plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, - plugins/sudoers/timeout.c, plugins/sudoers/timestamp.c, - plugins/sudoers/timestr.c, plugins/sudoers/toke.c, - plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c, - plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, - plugins/system_group/system_group.c, src/conversation.c, - src/env_hooks.c, src/exec.c, src/exec_common.c, src/exec_monitor.c, - src/exec_nopty.c, src/exec_pty.c, src/get_pty.c, src/hooks.c, - src/load_plugins.c, src/net_ifs.c, src/openbsd.c, src/parse_args.c, - src/preload.c, src/preserve_fds.c, - src/regress/noexec/check_noexec.c, - src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c, - src/signal.c, src/solaris.c, src/sudo.c, src/sudo_edit.c, - src/sudo_noexec.c, src/tcsetpgrp_nobg.c, src/tgetpass.c, - src/ttyname.c, src/utmp.c: - Convert PVS-Studio comment to ANSI C. - [31f2aefe6d9b] + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, src/sudo.h: + Refactor code in sudoers that creates I/O log files to share with + logsrvd. + [3aa1fa95650d] + + * Makefile.in, include/sudo_iolog.h, lib/iolog/iolog_path.c, + lib/iolog/regress/iolog_path/check_iolog_path.c, + logsrvd/iolog_writer.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, + plugins/sudoers/iolog_path_escapes.c, plugins/sudoers/sudoers.c: + Enable sudo_logsrvd.conf settings. + [8e7b37d1d2a9] + + * include/sudo_iolog.h, lib/iolog/iolog_fileio.c, + lib/iolog/iolog_util.c, logsrvd/iolog_writer.c, logsrvd/logsrvd.h, + logsrvd/sendlog.c, plugins/sudoers/iolog.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/sudoreplay.c: + Use openat(2) when opening files in the I/O log directory. + [1ab2e278e1d9] - * Makefile.in, doc/Makefile.in, doc/cvtsudoers.man.in, - doc/cvtsudoers.mdoc.in, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, - doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in, - doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in, - doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.man.in, - doc/visudo.mdoc.in, examples/Makefile.in, include/Makefile.in, - include/sudo_lbuf.h, lib/util/Makefile.in, lib/util/digest.c, - lib/util/digest_gcrypt.c, lib/util/digest_openssl.c, - lib/util/lbuf.c, lib/util/setgroups.c, lib/util/ttysize.c, - lib/zlib/Makefile.in, plugins/group_file/Makefile.in, - plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, - plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c, - plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/securid5.c, - plugins/sudoers/auth/sia.c, plugins/sudoers/base64.c, - plugins/sudoers/file.c, plugins/sudoers/filedigest.c, - plugins/sudoers/gentime.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/match.c, - plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, - plugins/sudoers/testsudoers.c, plugins/sudoers/timeout.c, - plugins/sudoers/toke.c, plugins/sudoers/toke.l, - plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c, - plugins/system_group/Makefile.in, src/Makefile.in, src/sesh.c, - src/sudo_usage.h.in: - Fix some mangled text in the license block. - [86b88fbda4b4] + * logsrvd/Makefile.in, sudo.pp: + Add sudo_ prefix to logsrvd and sendlog. + [acbaed157ae5] + + * logsrvd/iolog_writer.c, logsrvd/log_server.pb-c.c, + logsrvd/log_server.pb-c.h, logsrvd/log_server.proto, + logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/sendlog.c, + logsrvd/sendlog.h: + Rename ExecMessage -> AcceptMessage and add RejectMessage + [a080c4eb7c4b] - * lib/util/Makefile.in, - lib/util/regress/getgrouplist/getgrouplist_test.c, - lib/util/regress/parse_gids/parse_gids_test.c: - Add regress test for sudo_getgrouplist2(). This test assumes all the - groups in root's group list can be resolved by group ID. - [48564f85b7ed] + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/openat.c, lib/util/unlinkat.c, + src/sudo_edit.c: + Move openat() emulation to lib/util and at unlinkat() emulation. + [756ace7fdf38] -2018-10-25 Todd C. Miller + * logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/sendlog.c: + Add debugging for logsrvd and sendlog + [4c86dbceb611] + + * MANIFEST, doc/LICENSE, logsrvd/Makefile.in, + logsrvd/protobuf-c/protobuf-c.c, logsrvd/protobuf-c/protobuf-c.h: + Import protobuf-c source since to avoid an external dependency. The + files generated with protoc-c are not standalone. We need to include + protobuf-c.c and protobuf-c.h from the protobuf-c distribution too. + Building protoc-c requires a relative recent version of gcc which + limits its portability. + [0ea50a59cab7] + + * logsrvd/Makefile.in, logsrvd/iolog_writer.c, logsrvd/logsrvd.c, + logsrvd/logsrvd.h, logsrvd/sendlog.c, logsrvd/sendlog.h: + Add support for restarting I/O log transfers. + [748e8f4f7fec] + + * MANIFEST, Makefile.in, configure, configure.ac, logsrvd/Makefile.in, + logsrvd/iolog.h, logsrvd/iolog_reader.c, logsrvd/iolog_writer.c, + logsrvd/log_server.pb-c.c, logsrvd/log_server.pb-c.h, + logsrvd/log_server.proto, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/sendlog.c, logsrvd/sendlog.h, sudo.pp: + Import proof of concept sudo log server. + [a0687ba66feb] + + * MANIFEST, logsrvd/Makefile.in, logsrvd/iolog.h, + logsrvd/iolog_reader.c, logsrvd/iolog_writer.c, logsrvd/logsrvd.h, + logsrvd/sendlog.c, logsrvd/sendlog.h, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/iolog.h, + plugins/sudoers/iolog_util.c, plugins/sudoers/iolog_util.h, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/regress/iolog_util/check_iolog_util.c, + plugins/sudoers/sudoreplay.c: + Refactor I/O log code so it can be shared between sudoers and + logsrvd + [b6608769ba8a] - * NEWS: - More changes in 1.8.26 - [fe81e3e4b653] + * lib/util/strtonum.c: + Avoid invalid read when minval > maxval + [7f1a6f992e4f] - * MANIFEST, doc/cvtsudoers.cat, doc/cvtsudoers.man.in, - doc/cvtsudoers.mdoc.in, plugins/sudoers/cvtsudoers.c, - plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_ldif.c, - plugins/sudoers/regress/cvtsudoers/test31.conf, - plugins/sudoers/regress/cvtsudoers/test31.out.ok, - plugins/sudoers/regress/cvtsudoers/test31.sh, - plugins/sudoers/regress/cvtsudoers/test32.out.ok, - plugins/sudoers/regress/cvtsudoers/test32.sh: - Add padding option to cvtsudoers. Bug #856 - [6e31b0e37ba1] +2019-10-23 Todd C. Miller - * lib/util/getgrouplist.c: - Remove an errant grset++ in the AIX version of sudo_getgrouplist2(). - Bug #857 - [03b19227cab2] + * NEWS, plugins/sudoers/policy.c, src/sudo.c: + Don't pass an invalid session or process group ID to the plugin. + Fixes a regression in 1.8.28 when there is no terminal session + leader. + [d9c626167b3c] -2018-10-22 Todd C. Miller +2019-10-22 Robert Manner - * lib/util/Makefile.in, plugins/group_file/Makefile.in, - plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, - plugins/system_group/Makefile.in, src/Makefile.in: - Pass --sourcetree-root to pvs-studio and don't check sudo_noexec.c. - Since we don't auto-generate dependencies for sudo_noexec.c we can't - easily check it from outside the source tree. This is not a problem - as it just contains stub functions. - [3cf842d30e45] + * plugins/python/pyhelpers.c, plugins/python/pyhelpers.h, + plugins/python/pyhelpers_cpychecker.h, + plugins/python/python_plugin_common.c, + plugins/python/python_plugin_common.h, + plugins/python/python_plugin_group.c, + plugins/python/python_plugin_io.c, + plugins/python/python_plugin_policy.c: + plugins/python: a plugin which can load policy/io plugin written in + python + [2c7620c8052f] + + * Makefile.in, configure.ac, plugins/python/Makefile.in: + Makefile.in, configure.ac: add python plugin build + [09b305e2cd54] - * MANIFEST, doc/CONTRIBUTORS, po/ast.mo, po/ast.po: - Asturian translation for sudo from translationproject.org - [dc0b31fa013c] +2019-10-21 Todd C. Miller -2018-10-21 Todd C. Miller + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [70f4543f177c] - * lib/util/gettime.c: - Add support for CLOCK_MONOTONIC_RAW and CLOCK_UPTIME_RAW, present on - macOS. - [5f34c8de0707] + * src/limits.c: + Not all systems support RLIMIT_NPROC and RLIMIT_RSS + [26b8e2afe755] - * INSTALL, configure, configure.ac: - Add --enable-pvs-studio configure option to create PVS-Studio.cfg. - [772e86227c11] + * doc/Makefile.in, examples/Makefile.in, include/Makefile.in, + lib/util/Makefile.in, lib/zlib/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + Add depend target to all Makefile.in files. + [0a22d80ef716] - * lib/util/aix.c, lib/util/arc4random.c, - lib/util/arc4random_uniform.c, lib/util/closefrom.c, - lib/util/digest.c, lib/util/digest_gcrypt.c, - lib/util/digest_openssl.c, lib/util/event.c, lib/util/event_poll.c, - lib/util/event_select.c, lib/util/fatal.c, lib/util/fnmatch.c, - lib/util/getentropy.c, lib/util/getgrouplist.c, - lib/util/gethostname.c, lib/util/getline.c, lib/util/getopt_long.c, - lib/util/gettime.c, lib/util/gidlist.c, lib/util/isblank.c, - lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c, - lib/util/memrchr.c, lib/util/memset_s.c, lib/util/mksiglist.c, - lib/util/mksigname.c, lib/util/mktemp.c, lib/util/nanosleep.c, - lib/util/parseln.c, lib/util/pipe2.c, lib/util/progname.c, - lib/util/pw_dup.c, lib/util/reallocarray.c, - lib/util/regress/atofoo/atofoo_test.c, - lib/util/regress/parse_gids/parse_gids_test.c, - lib/util/regress/progname/progname_test.c, - lib/util/regress/strsplit/strsplit_test.c, - lib/util/regress/sudo_conf/conf_test.c, - lib/util/regress/sudo_parseln/parseln_test.c, - lib/util/regress/tailq/hltq_test.c, - lib/util/regress/vsyslog/vsyslog_test.c, lib/util/secure_path.c, - lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c, - lib/util/strlcat.c, lib/util/strlcpy.c, lib/util/strndup.c, - lib/util/strnlen.c, lib/util/strsignal.c, lib/util/strsplit.c, - lib/util/strtobool.c, lib/util/strtoid.c, lib/util/strtomode.c, - lib/util/strtonum.c, lib/util/sudo_conf.c, lib/util/sudo_debug.c, - lib/util/sudo_dso.c, lib/util/term.c, lib/util/ttyname_dev.c, - lib/util/ttysize.c, lib/util/utimens.c, lib/util/vsyslog.c, - plugins/group_file/getgrent.c, plugins/group_file/group_file.c, - plugins/group_file/plugin_test.c, plugins/sample/sample_plugin.c, - plugins/sudoers/alias.c, plugins/sudoers/audit.c, - plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, - plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, - plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, - plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, - plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, - plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, - plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/base64.c, - plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c, - plugins/sudoers/check.c, plugins/sudoers/cvtsudoers.c, - plugins/sudoers/cvtsudoers_json.c, - plugins/sudoers/cvtsudoers_ldif.c, - plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c, - plugins/sudoers/digestname.c, plugins/sudoers/editor.c, - plugins/sudoers/env.c, plugins/sudoers/env_pattern.c, - plugins/sudoers/file.c, plugins/sudoers/filedigest.c, - plugins/sudoers/find_path.c, plugins/sudoers/fmtsudoers.c, - plugins/sudoers/gc.c, plugins/sudoers/gentime.c, - plugins/sudoers/getdate.c, plugins/sudoers/getspwuid.c, - plugins/sudoers/gmtoff.c, plugins/sudoers/goodpath.c, - plugins/sudoers/gram.c, plugins/sudoers/group_plugin.c, - plugins/sudoers/hexchar.c, plugins/sudoers/interfaces.c, - plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, - plugins/sudoers/iolog_util.c, plugins/sudoers/ldap.c, - plugins/sudoers/ldap_conf.c, plugins/sudoers/ldap_util.c, - plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, - plugins/sudoers/logging.c, plugins/sudoers/logwrap.c, - plugins/sudoers/match.c, plugins/sudoers/match_addr.c, - plugins/sudoers/mkdir_parents.c, plugins/sudoers/parse.c, - plugins/sudoers/parse_ldif.c, plugins/sudoers/policy.c, - plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, - plugins/sudoers/pwutil_impl.c, plugins/sudoers/rcstr.c, - plugins/sudoers/redblack.c, - plugins/sudoers/regress/check_symbols/check_symbols.c, - plugins/sudoers/regress/env_match/check_env_pattern.c, - plugins/sudoers/regress/iolog_path/check_iolog_path.c, - plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, - plugins/sudoers/regress/iolog_util/check_iolog_util.c, - plugins/sudoers/regress/logging/check_wrap.c, - plugins/sudoers/regress/parser/check_addr.c, - plugins/sudoers/regress/parser/check_base64.c, - plugins/sudoers/regress/parser/check_digest.c, - plugins/sudoers/regress/parser/check_fill.c, - plugins/sudoers/regress/parser/check_gentime.c, - plugins/sudoers/regress/parser/check_hexchar.c, - plugins/sudoers/regress/starttime/check_starttime.c, - plugins/sudoers/set_perms.c, plugins/sudoers/solaris_audit.c, - plugins/sudoers/sssd.c, plugins/sudoers/starttime.c, - plugins/sudoers/strlist.c, plugins/sudoers/stubs.c, - plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_printf.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c, - plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, - plugins/sudoers/timeout.c, plugins/sudoers/timestamp.c, - plugins/sudoers/timestr.c, plugins/sudoers/toke.c, - plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c, - plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, - plugins/system_group/system_group.c, src/conversation.c, - src/env_hooks.c, src/exec.c, src/exec_common.c, src/exec_monitor.c, - src/exec_nopty.c, src/exec_pty.c, src/get_pty.c, src/hooks.c, - src/load_plugins.c, src/net_ifs.c, src/openbsd.c, src/parse_args.c, - src/preload.c, src/preserve_fds.c, - src/regress/noexec/check_noexec.c, - src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c, - src/signal.c, src/solaris.c, src/sudo.c, src/sudo_edit.c, - src/sudo_noexec.c, src/tcsetpgrp_nobg.c, src/tgetpass.c, - src/ttyname.c, src/utmp.c: - Add comments in .c files so PVS-Studio will check them. - [b42b6dcb48a6] - - * .hgignore, Makefile.in, doc/Makefile.in, examples/Makefile.in, - include/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in, - mkdep.pl, plugins/group_file/Makefile.in, - plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, - plugins/system_group/Makefile.in, src/Makefile.in: - Add pvs-studio target and associated production rules. - [3dbcef5ac205] - -2018-10-20 Todd C. Miller + * NEWS, configure, configure.ac, doc/UPGRADE: + Sudo 1.8.29 + [736c9a5c3720] - * plugins/sudoers/iolog_util.c: - Simplify range checks. No need to check for ERANGE in the cases - where we also check that the value is <= INT_MAX. Found by PVS- - Studio. - [45810a8437b6] + * MANIFEST, lib/util/Makefile.in, src/Makefile.in, src/exec.c, + src/limits.c, src/sudo.c, src/sudo.h: + Set resource limits in the sudo process to unlimited. We don't want + sudo to be limited by the caller's resource limits. The original + resource limits are restore before session setup. + [6c3bf214caf0] -2018-10-19 Todd C. Miller +2019-10-20 Todd C. Miller - * lib/util/key_val.c, plugins/sudoers/iolog_path.c, - plugins/sudoers/linux_audit.c, plugins/sudoers/toke_util.c, - src/preserve_fds.c: - Avoid some PVS-Studio false positives. - [e4d8ce94fda7] + * plugins/sudoers/starttime.c, src/ttyname.c: + Older FreeBSD needs sys/param.h included before sys/user.h. From + Darren Tucker + [88c060df0439] - * src/sudo.c: - Remove some calls to sudo_fatalx(); just propagate the error return. - [bc9eefbf0cdf] + * include/sudo_util.h, lib/util/getgrouplist.c, lib/util/gidlist.c, + lib/util/regress/strtofoo/strtoid_test.c, lib/util/strtoid.c, + lib/util/util.exp.in, plugins/group_file/getgrent.c, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/iolog.c, + plugins/sudoers/match.c, plugins/sudoers/policy.c, + plugins/sudoers/pwutil.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, + plugins/system_group/system_group.c, src/sudo.c: + Rename sudo_strtoid() to sudo_strtoidx() and add simplified + sudo_strtoid() + [94a418cdbae6] - * src/sesh.c: - No need to check if fd_dst is -1 in sudoedit mode. Failure to open - the destination sudoedit file is fatal so there's no need to check - that fd_dst != -1 later on. Found by PVS-Studio. - [5530586ace16] +2019-10-19 Todd C. Miller - * plugins/sudoers/timestamp.c: - In timestamp_open() no need to free cookie on error, it is NULL. - Found by PVS-Studio. - [becfe97c72f8] + * doc/UPGRADE, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, + doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in, + doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in, + doc/visudo.man.in, doc/visudo.mdoc.in, + plugins/sudoers/cvtsudoers_json.c, plugins/sudoers/iolog.c, + plugins/sudoers/ldap.c, plugins/sudoers/policy.c, + plugins/sudoers/pwutil.c, plugins/sudoers/sssd.c, + plugins/sudoers/testsudoers.c, src/exec.c: + Refer to user-ID and group-ID instead of "user ID" and "group ID" + [36d7bd4ab52d] -2018-10-18 Todd C. Miller +2019-10-18 Todd C. Miller - * plugins/sudoers/ldap_util.c: - Fix a memory leak on malloc() error in sudo_ldap_role_to_priv(). - Coverity CID 188804 - [1bea56670410] + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + sudoedit doesn't create a new PAM session so PAM umask does not + apply. + [8ae167d0ae7c] - * plugins/sudoers/parse_ldif.c: - Move the allocation of role to be immediately before in_role is set. - This makes it clear that when in_role == true, role is non-NULL. - Also remove two dead stores. - [790d90c578c8] + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.man.in, + doc/sudoers.mdoc.in, include/sudo_plugin.h, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/exec.c, src/sudo.c, src/sudo.h: + Change how the umask is handled with PAM and login.conf. If the + umask is explicitly set in sudoers, use that value regardless of + what is in PAM or login.conf. If using the default umask from + sudoers, allow PAM or login.conf to override it. Bug #900 + [7c0a835ac512] - * plugins/sudoers/parse_ldif.c: - Fix trimming of non-escaped trailing space in - ldif_parse_attribute(). Found by PVS-Studio. - [37fded3c77a4] +2019-10-17 Todd C. Miller - * plugins/sudoers/match.c: - Simplify the logic surrounding sudoers_args in command_args_match(). - We only need to check that sudoers_args is non-NULL once. Found by - PVS-Studio. - [93c967145e82] + * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/audit.c, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/logging.c: + Add log_allowed and log_denied sudoers flags, defaulting to true. + [fb1e188a3d05] - * plugins/sudoers/ldap.c: - If sudo_ldap_get_values_len() fails goto cleanup instead of oom. - This is not strictly necessary as there's not anything to cleanup in - this case but it is more consistent with the code that follows. - [d0d8b8b8dca8] + * lib/util/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: + Enable security auditing malloc options for "make check". + [333632dd3134] - * plugins/sudoers/policy.c: - Fix handling of timeout values in sudoers. When passing the timeout - back to the front end, ignore the user-specified timeout if it is - not set (initialized to 0). Otherwise, sudo would choose a zero - user-specified timeout over the sudoers-specified timeout (non- - zero). - [6b08b3b918b7] +2019-10-16 Todd C. Miller -2018-10-17 Todd C. Miller + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Be more consistent with how we talk about sudoers Defaults settings. + Use "flag" not "option" when referring to boolean flags. Use + "setting" in place of "Defaults setting" in most places. Use "the + foo option" instead of "sudo's foo option" for command line options. + [8058378c4b35] - * plugins/sudoers/cvtsudoers_pwutil.c: - Fix cut & pastos in cvtsudoers_make_gritem() - [bd901c0394ba] + * plugins/sudoers/Makefile.in: + No need to check existing sudoers file when installing to DESTDIR + This check can cause problems on systems where /etc/sudoers.d is not + readable. + [2ec01e9fe408] - * plugins/sudoers/regress/sudoers/test17.ldif2sudo.ok: - Fix expected test output now that command_timeout is parsed - correctly in LDIF. - [ba6cfd26330e] + * lib/util/str2sig.c: + Inclue sudo_util.h to get sudo_strtonum() prototype. + [8b0b4ee28d5f] - * lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c: - tv_nsec can never be negative after timespecsub. Found by PVS Studio - [ecfb93c9463c] + * lib/util/str2sig.c: + strtonum -> sudo_strtonum + [4d2363678583] -2018-10-16 Todd C. Miller + * MANIFEST: + Add split out strtofoo tests. + [0cc598502faf] - * plugins/sudoers/sudoers.c: - Avoid potentially undefined behavior. Found by PVS Studio. - [ae76c69e0d6f] + * lib/util/strtonum.c: + Make sure we don't go past the end of the string when out of range. + [2b89961c524a] - * plugins/sudoers/ldap_util.c: - sudo_ldap_parse_option() never returns '=' as the operator. When - parsing command_timeout, role, type, privs and limitprivs, check - that val is non-NULL instead. Found by PVS Studio. - [10f8cff7cce7] + * lib/util/regress/strtofoo/strtonum_test.c, lib/util/strtonum.c: + Fix stronum() regress test and the errno value for out of range + numbers. + [3547d022bead] - * plugins/sudoers/Makefile.in, plugins/sudoers/toke.c: - Fix up #line entries that reference lex.sudoers.c. - [c724cef37b66] + * lib/util/Makefile.in, lib/util/regress/atofoo/atofoo_test.c, + lib/util/regress/strtofoo/strtobool_test.c, + lib/util/regress/strtofoo/strtoid_test.c, + lib/util/regress/strtofoo/strtomode_test.c, + lib/util/regress/strtofoo/strtonum_test.c: + Split atofoo.c regress into multiple tests. + [75b7547e33bd] -2018-10-13 Todd C. Miller + * NEWS, configure, configure.ac: + Sudo 1.8.28p1 + [09ceaddc94f9] - * plugins/sudoers/iolog.h, plugins/sudoers/iolog_util.c: - Fix workaround for broken sudo 1.8.7 timing files. - [78ef3625c650] +2019-10-15 Todd C. Miller - * plugins/sudoers/parse_ldif.c: - Fix memory leak when reusing the runas list. We need to free the - member list itself as well as its contents. - [62fb86a5c83f] + * plugins/sudoers/parse.c: + The fix for bug #869 broke "sudo -v" when verifypw=all (the default) + [aac35bcd8584] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: - Some DIAGNOSTICS updates: Update error message for when the user's - uid does not exist in passwd. Remove "This error indicates" and some - other cosmetic cleanups. - [c73841e03014] +2019-10-14 Todd C. Miller - * src/sudo.c: - If the user's passwd entry cannot be resolved via the uid, use the - same error message as visudo. - [ce596b32dfbb] - -2018-10-12 Todd C. Miller + * include/sudo_compat.h, include/sudo_util.h, lib/util/Makefile.in, + lib/util/closefrom.c, lib/util/getaddrinfo.c, lib/util/strtonum.c, + lib/util/sudo_conf.c, lib/util/ttysize.c, + plugins/sudoers/boottime.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/defaults.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_util.c, plugins/sudoers/ldap_conf.c, + plugins/sudoers/match_addr.c, plugins/sudoers/policy.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/starttime/check_starttime.c, + src/parse_args.c, src/sesh.c, src/sudo.c, src/ttyname.c: + Use sudo_strtonum() explicitly instead of via a macro. + [f75f786eddd5] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: - Add a DIAGNOSTICS section with an explanation of the more non- - trivial error messages. - [775419794f7d] + * config.h.in, configure, configure.ac, include/sudo_compat.h, + lib/util/Makefile.in, lib/util/strtoid.c, lib/util/strtonum.c, + lib/util/util.exp.in, mkdep.pl: + Always use our own strtonum and implement sudo_strtoid in terms of + it. + [94b1114ef79d] - * plugins/sudoers/sudoreplay.c, src/exec_monitor.c, src/exec_nopty.c, - src/exec_pty.c: - Replace sudo_fatal(NULL) with an "unable to allocate memory" message - that includes the function name. - [26e19bcc0ce8] + * plugins/sudoers/pwutil.c: + Use errno in warning when sudo_make_*_item() fails. Previously we + always said "out of memory" if not ENOENT. + [68e5a208c242] -2018-10-09 Todd C. Miller + * plugins/sudoers/Makefile.in, plugins/sudoers/parse_ldif.c, + plugins/sudoers/regress/cvtsudoers/test26.err.ok, + plugins/sudoers/regress/cvtsudoers/test26.sh: + Reject non-LDIF input when converting from LDIF to sudoers or JSON. + [2d08d4aa0e01] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, src/tgetpass.c: - Make EOF handling while reading the password prompt more like - getpass(3). We now return the password as long as at least one - character has been read. Previously, EOF at the password prompt was - treated as if nothing was entered. - [fc2ed4a87e6f] +2019-10-10 Todd C. Miller - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in: + * plugins/sudoers/po/ca.mo, plugins/sudoers/po/da.mo, + plugins/sudoers/po/el.mo, plugins/sudoers/po/eu.mo, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fur.mo, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hu.mo, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/lt.mo, + plugins/sudoers/po/nl.mo, plugins/sudoers/po/ru.mo, + plugins/sudoers/po/sk.mo, plugins/sudoers/po/sl.mo, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/tr.mo, + plugins/sudoers/po/zh_CN.mo, po/ast.mo, po/ca.mo, po/es.mo, + po/eu.mo, po/fi.mo, po/fur.mo, po/gl.mo, po/hr.mo, po/hu.mo, + po/ko.mo, po/nl.mo, po/nn.mo, po/ru.mo, po/sk.mo, po/sl.mo, + po/sr.mo, po/sudo.pot, po/vi.mo, po/zh_CN.mo: regen - [2aee8680abc3] + [362645d256b7] - * src/tgetpass.c: - Print a warning for password read issues. Issues include: timeout at - the password prompt, read error while reading the password, and EOF - reading the password. - [df1dcebe9ffa] + * NEWS, lib/util/strtoid.c: + Treat an ID of -1 as invalid since that means "no change". Fixes + CVE-2019-14287. Found by Joe Vennix from Apple Information Security. + [83db8dba09e7] -2018-10-08 Todd C. Miller + * lib/util/regress/atofoo/atofoo_test.c, + plugins/sudoers/regress/testsudoers/test5.out.ok, + plugins/sudoers/regress/testsudoers/test5.sh: + Add sudo_strtoid() tests for -1 and range errors. Also adjust + testsudoers/test5 which relied upon gid -1 parsing. + [db06a8336c09] - * lib/util/term.c, src/tgetpass.c: - Handle EOF on password input when pwfedback is enabled. - [4958978fc967] +2019-10-06 Todd C. Miller -2018-10-07 Todd C. Miller + * INSTALL, configure, configure.ac: + Back out compiler override for now. + [f03f7fd7ff8b] - * doc/sudoers.ldap.mdoc.in: - Fix remaining instances of "e.g." without a trailing ','. - [8cbf11c04b3c] + * configure, configure.ac: + Only prefer clang over gcc on BSD systems. + [2309baa23a00] - * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, - doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, - doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat, - doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in, - doc/sudoers_timestamp.cat, doc/sudoers_timestamp.man.in, - doc/sudoers_timestamp.mdoc.in: - Use mdoc macros for BSD systems. All manuals now pass "make lint" - [7f23209a5e1c] +2019-10-05 Todd C. Miller - * doc/Makefile.in: - Use -Wstyle with -Tlint since sudo is not part of the base system. - This avoids "referenced manual not found" and "operating system - explicitly specified" warnings. - [e417e972a88a] + * Makefile.in: + Fix "make pvs-studio" run in a build dir + [a49635de3777] - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in: - Document log_suspend() and fix the description of the - change_winsize() return value. - [be02b0fb26a9] +2019-09-27 Todd C. Miller -2018-10-06 Todd C. Miller + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [430d45f3b461] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, - doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, - doc/sudoers.mdoc.in, doc/sudoers_timestamp.cat, - doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in, - doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, - doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: - Fix problems found by igor. Bug #854 - [4ddcb625f3b7] + * NEWS: + Bug #898 + [3d07895888e8] - * doc/Makefile.in: - Sort DOCS and DEVDOCS and remove extra sudoers entry (it was listed - twice). - [abb2baac9373] + * src/exec.c, src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, + src/selinux.c, src/sudo.c, src/sudo.h: + Fix restoring the file context of the user's tty with SELinux. Also + fix broken tty labeling when running a command in a pty. Includes a + fix for a typo introduced in the last change set. + [eb3f547b08f8] - * doc/Makefile.in: - Add igor target to run igor(1) on the manuals. - [64be7fb868b3] + * lib/util/arc4random.c: + _rs_random_buf is currently unused + [e384fc3625e8] -2018-10-05 Todd C. Miller + * src/selinux.c: + Add some debugging around context setting and tty labeling Also be + more extact with error return values + [ed66480282c7] - * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, - plugins/sudoers/sudoreplay.c: - Add new -S option to sleep while the command was suspended. The - default behavior is now to not consider the time the command was - suspended as part of the normal inter-event delay. - [bb30f7b28126] +2019-09-21 Todd C. Miller - * MANIFEST, include/sudo_plugin.h, plugins/sudoers/Makefile.in, - plugins/sudoers/iolog.c, plugins/sudoers/iolog.h, - plugins/sudoers/iolog_event.h, plugins/sudoers/iolog_files.h, - plugins/sudoers/iolog_util.c, plugins/sudoers/iolog_util.h, - plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, - plugins/sudoers/regress/iolog_util/check_iolog_util.c, - plugins/sudoers/sudoreplay.c, src/exec_pty.c: - Add a suspend event type to the I/O log to log suspend/resume of the - command so we can skip that delay during replay. - [8091d1835a31] + * lib/util/sudo_debug.c: + Better error message when debug log file cannot be opened. + [09e0cdff0c49] - * src/exec_pty.c, src/sudo.c, src/sudo.h: - Initialize the pty rows/cols based on the values we stored in - user_details. This fixes a minor issue where we would send an extra - window size change event the first time the command was suspended. - [b2ae9be4d1d6] +2019-09-20 Todd C. Miller -2018-09-27 Todd C. Miller + * .hgignore: + Ignore in-tree build directory. + [66577c63f097] - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap_conf.c, - plugins/sudoers/sudo_ldap_conf.h: - Add support for OpenLDAP's TLS_REQCERT setting in ldap.conf. - [f07a14ae05cb] + * configure, configure.ac: + Set CC before AC_USE_SYSTEM_EXTENSIONS to get our preferred + compiler. + [6a318eeffb30] -2018-09-24 Todd C. Miller +2019-09-19 Todd C. Miller - * include/sudo_util.h, plugins/sudoers/defaults.c, - plugins/sudoers/iolog_util.c, - plugins/sudoers/regress/starttime/check_starttime.c: - Move definition of TIME_T_MAX to sudo_util.h - [469c36d44950] + * pp: + Update Polypkg to the latest version from git. + [68bbecc25007] - * NEWS, doc/UPGRADE: - Changes in 1.8.26 (so far). - [5c73b0d8c676] + * configure, configure.ac: + If no mandoc or nroff is present, install mdoc format manuals. If + there is no installed nroff/mandoc they will need to install groff + or heirloom doctools to format the manual pages. + [6dd386c1a378] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/env.c: - Treat LOGIN, LOGNAME and USER specially. If one is preserved or - deleted we want to preserve or delete all of them. - [ea1782686195] +2019-09-18 Todd C. Miller - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat, - doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/env.c, - plugins/sudoers/logging.c, plugins/sudoers/regress/visudo/test6.sh: - Remove special handling of the USERNAME environment variable. It - used to be set on old versions of Fedora but that hasn't been the - case for some time. It's worth noting that ssh doesn't set USERNAME - either. - [5141bebd99c4] + * doc/sudoers.man.in, doc/sudoers.mdoc.in, include/sudo_plugin.h: + Refer to number of terminal lines, not rows, for consistency. + [566e3e38058f] - * configure, configure.ac: - sudo 1.8.26 - [cfe8d540328e] +2019-09-17 Todd C. Miller -2018-09-22 Todd C. Miller + * INSTALL, configure, configure.ac: + Prefer clang over gcc. We want to use clang on systems where clang + is the system compiler. It is less common to have clang installed on + systems where gcc is the system compiler. + [d29d764a4938] - * src/sudo.c: - Remove unused system_maxgroups argument from fill_group_list(). - [debc4ca9d35f] + * INSTALL: + No longer need bypass_last_login on HP-UX, warnings work with clang. + Also add deb package names for pam and ldap devel on Linux. + [6aff480b1f4b] - * lib/util/getgrouplist.c: - Pass getgrouplist() NGROUPS_MAX+1, not NGROUPS_MAX so we have room - for the primary gid. - [fccf07f2e8cf] + * src/parse_args.c: + Silence a warning from clang about string concatenation. + [cadba1a4d86d] -2018-09-20 Todd C. Miller +2019-09-14 Todd C. Miller - * plugins/sudoers/cvtsudoers_json.c: - In print_member_json_int() eliminate the need_newline variable and - just move the non-alias expansion printing bits into the else - clause, including the newline and comma printing. - [b40224fc6090] + * NEWS, doc/UPGRADE: + sudoedit umask fix + [4bfc0e393e2a] - * MANIFEST, plugins/sudoers/regress/cvtsudoers/test30.out.ok, - plugins/sudoers/regress/cvtsudoers/test30.sh: - Add regress test for bug #853 - [31544afc6013] +2019-09-13 Todd C. Miller - * plugins/sudoers/cvtsudoers_json.c: - When expanding an alias in print_member_json_int() avoid printing an - extra comma at the end of the entry. Bug #853. - [e73e09f8569a] + * lib/util/event.c: + Fix sorting of the time-based event queue. + [f12e5a877c8a] -2018-09-12 Todd C. Miller + * lib/util/event.c: + Support default base in got_exit, got_break, loopexit, loopbreak, + loopcontinue + [da02194b5ba9] - * .hgtags: - Added tag SUDO_1_8_25p1 for changeset 8978f707313d - [0713e60b5159] <1.8> +2019-09-11 Todd C. Miller - * NEWS, configure, configure.ac, doc/CONTRIBUTORS: - merge sudo 1.8.25p1 from tip - [8978f707313d] [SUDO_1_8_25p1] <1.8> + * src/sudo_edit.c: + Create new files with the umask specified in sudoers. + [4d0b6152834b] - * doc/CONTRIBUTORS: - Add Kan Sasaki - [ff277fb5b0c9] +2019-09-05 Todd C. Miller - * NEWS, configure, configure.ac: - sudo 1.8.25p1 - [c4f0a69e6356] + * plugins/sudoers/parse_ldif.c: + More case-insensitive compare for LDAP attributes and string lists. + Only the ALL keyword should be compared case-sensitive. + [87cd688b2648] - * lib/util/event_poll.c: - Fix a crash in the event system's poll() backend introduced with - support for nanosecond timers. Only affects systems without ppoll(). - Bug #851 - [54e561b11a0f] +2019-08-30 Todd C. Miller -2018-09-02 Todd C. Miller + * src/sudo.h: + Enable asserts for Coverity too. + [b830f200a8bd] - * .hgtags: - Added tag SUDO_1_8_25 for changeset 614440f3c9a5 - [6ea93b83e610] <1.8> + * src/parse_args.c, src/sudo.h: + Add asserts() to avoid static analyzer false positives. + [860aca50028d] - * NEWS, config.h.in, configure, configure.ac, doc/CONTRIBUTORS, - doc/sudo.cat, doc/sudo_plugin.cat, doc/sudoers.cat, - doc/sudoers.ldap.cat, doc/sudoreplay.cat, doc/visudo.cat, - lib/util/Makefile.in, lib/util/event.c, mkpkg, - plugins/sudoers/Makefile.in, plugins/sudoers/env.c, - plugins/sudoers/iolog.c, plugins/sudoers/po/sudoers.pot, - plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, - plugins/sudoers/visudo.c, po/sudo.pot, src/exec_pty.c: - Merge sudo 1.8.25 from tip - [614440f3c9a5] [SUDO_1_8_25] <1.8> + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Plug memory leak on malloc failure. + [1b35743703d4] - * plugins/sudoers/po/sudoers.pot: - regen - [04afa00445ef] + * plugins/sudoers/ldap_util.c: + Plug memory leak on malloc failure. + [c2257637d659] -2018-08-31 Todd C. Miller +2019-08-29 Todd C. Miller - * plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c: - Allow for some clock drift due to ntpd, etc. - [2d72989fe7b1] + * plugins/sudoers/auth/pam.c: + Add sudo_pam_strerror(), like pam_strerror() but never returns NULL. + It also uses strerror(errno) for PAM_SYSTEM_ERR. + [b070d1702112] - * plugins/sudoers/visudo.c: - If sudo_lock_file() fails for a reason other than the file already - being locked, give the user a chance to edit anyway. - [e5a963ecc083] + * plugins/sudoers/auth/pam.c: + If pam_start() fails, display the PAM error using pam_strerror(). It + is legal to pass pam_strerror() a NULL handle. + [6403fa1479d8] -2018-08-30 Todd C. Miller +2019-08-27 Todd C. Miller - * plugins/sudoers/regress/cvtsudoers/test28.sh: - Quick sort is not a stable sort; use distinct sudoOrder values so - the output is predictable. - [46ebc1169c0c] + * doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, + plugins/sudoers/sudoreplay.c: + If the sudoreplay ID option is a fully-qualified path, use it + directly. Previously, one had to use the -d option to override the + I/O log directory. + [9fddb3ffc760] - * lib/util/regress/atofoo/atofoo_test.c, - lib/util/regress/parse_gids/parse_gids_test.c, - plugins/sudoers/ldap.c, - plugins/sudoers/regress/parser/check_base64.c: - Fix warnings on OpenIndiana (Illumos) - [1b45d303b338] + * plugins/sudoers/Makefile.in: + regen + [f70579d2972b] - * plugins/sudoers/ldap.c: - Correct ldap_to_sudoers() return value. - [16b0d144b196] + * MANIFEST, doc/sudo.conf.man.in.sed: + Add conditional for sesh path in sudo.conf manual. + [93b5c6fcf8f4] + +2019-08-26 Todd C. Miller * NEWS: - Bug #849 - [3e05bad00a44] + Bug #895 + [d69984bccd0e] - * plugins/sudoers/sssd.c: - The sssd backend used to take the first match, assuming that entries - were sorted in descending order by sudoOrder. That allowed it to - avoid iterating over the entire list of rules. Now that we convert - to a sudoers parse tree, we need to convert rules in ascending - order, not descending. The simplest way to accomplish this is to - simply iterate over the rules from last to first, reversing the sort - order. Bug #849 - [63627909bb10] + * plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/check.c, plugins/sudoers/sudo_printf.c, + src/conversation.c: + Use the SUDO_CONV_PREFER_TTY flag during authentication. This + prevents the password and PAM prompts from being redirected. Bug + #895 + [546082c674b7] - * MANIFEST, plugins/sudoers/regress/cvtsudoers/test28.out.ok, - plugins/sudoers/regress/cvtsudoers/test28.sh, - plugins/sudoers/regress/cvtsudoers/test29.out.ok, - plugins/sudoers/regress/cvtsudoers/test29.sh: - Add some more ldif -> sudoers tests to verify sudoOrder. - [f41358fbd066] +2019-08-23 Todd C. Miller - * plugins/sudoers/ldap.c: - For conversion to a sudoers parse tree, ldap_entry_compare() now - needs to sort in ascending order, not descending. Bug #849 - [9f23126cded8] + * mkpkg: + Fix typo that prevented a missing linux audit lib from being + detected. + [b9412151615d] -2018-08-29 Todd C. Miller +2019-08-20 Todd C. Miller - * plugins/sudoers/cvtsudoers.c: - No need to set input_file for stdin in parse_ldif(); noted by clang - analyzer. - [c852e1c92dd2] + * plugins/sudoers/sudoreplay.c: + Use fputs(), not printf() for plain strings. + [b102ae1cb6da] - * plugins/sudoers/iolog_util.c: - Use TIME_T_MAX when parsing the I/O log file timestamp and disallow - negative times. - [bfb17118e584] + * NEWS: + Recent fixes. + [8249e98a05c8] - * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog_util.c, - plugins/sudoers/iolog_util.h, - plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, - plugins/sudoers/regress/iolog_util/check_iolog_util.c, - plugins/sudoers/sudoreplay.c: - When parsing an I/O log timing line, store the result in a timespec, - not a double. The speed factor (for scaling the delay) in sudoreplay - is still a double but we only need to adjust the delay if the factor - is something other than 1.0. - [39077129d1f9] + * plugins/sudoers/ldap.c: + Add user ID to the search filter when matching sudoUser. We already + support group IDs but the user ID was missing. From + sudo-1.8.23-ldapsearchuidfix.patch in RHEL 7. + [3da7b9f990be] - * plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c: - Fix memory leak in test. - [94fb9f39dfee] + * plugins/sudoers/regress/sudoers/test2.json.ok, + plugins/sudoers/regress/sudoers/test2.toke.ok, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix parsing of double-quoted Defaults bindings that start with % or + +. From sudo-1.8.23-fix-double-quote-parsing-for-Defaults- + values.patch in RHEL 7. + [df613e67ef45] - * doc/cvtsudoers.cat, doc/sudo.cat, doc/sudo.conf.cat, - doc/sudo_plugin.cat, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers_timestamp.cat, doc/sudoreplay.cat, doc/visudo.cat: - regen - [f2850c2f733a] + * src/exec.c: + Restore core dump resource limit before the PAM session module is + run. Otherwise, we may override the limits set by PAM. Bug #894 + [f35441098234] -2018-08-28 Todd C. Miller +2019-08-19 Todd C. Miller - * plugins/sudoers/env.c: - Update conversion of DID_* to KEPT_* to match the new values of - DID_* and KEPT_*. - [6ce1bc30a4d1] + * lib/util/sig2str.c, lib/util/str2sig.c: + sys_signame on macOS contains lower-cases names + [d7af71311b3d] - * NEWS, plugins/sudoers/env.c: - Set the LOGIN environment variable on AIX like we do LOGNAME. - [e6afb82d918c] + * MANIFEST, configure, configure.ac, lib/util/Makefile.in, + lib/util/regress/strsig/strsig_test.c: + Add regress tests for str2sig() and sig2str(). + [fb73303699fb] -2018-08-27 Todd C. Miller + * lib/util/str2sig.c: + SIGIOT and SIGABRT are aliases on BSD systems. + [d35f75aba04a] - * config.h.in, configure, configure.ac, m4/sudo.m4, - plugins/sudoers/bsm_audit.c: - Add a test for the 4-argument au_close() function found in Solaris - 11 instead of assuming it is present if __sun is defined. Fixes a - compilation error on OpenIndiana and older Solaris versions. - [4a4f91e28bbc] + * lib/util/sig2str.c, lib/util/str2sig.c: + Fix handling of real-time signals. + [39066a5eabcb] - * doc/CONTRIBUTORS: - Add Miguel Sanders and Scott Cheloha - [14aca7309a0a] +2019-08-16 Todd C. Miller * NEWS: - testsudoers changes - [f008d473c933] + ipa_hostname fix + [54245ed09830] - * plugins/sudoers/Makefile.in, plugins/sudoers/testsudoers.c: - Add ldif support to testsudoers - [321f11b7badd] +2019-08-15 Todd C. Miller -2018-08-26 Todd C. Miller + * plugins/sudoers/file.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/parse.h, + plugins/sudoers/sssd.c: + Fix special handling of ipa_hostname that was lost in sudo 1.8.24. + We now include the long and short hostname in sudo parser container. + [b4f31dbe3109] - * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, - plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_ldif.c, - plugins/sudoers/parse.h, plugins/sudoers/parse_ldif.c: - Move ldif -> sudoers conversion code into parse_ldif.c - [497d55799d5b] +2019-08-14 Todd C. Miller - * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, - plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_ldif.c, - plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/strlist.c, - plugins/sudoers/strlist.h: - Move string list functions to their own file. - [a15902cde4eb] + * plugins/sudoers/iolog_event.h: + Remove unused include file. + [0731078e72b1] - * lib/util/Makefile.in: - sync - [9b1f98d4335f] +2019-08-05 Todd C. Miller -2018-08-25 Todd C. Miller + * NEWS, doc/UPGRADE: + Mention I/O log signal change in NEWS and UPGRADE files. + [ac7969640146] - * include/sudo_event.h, lib/util/event.c, lib/util/util.exp.in: - Backward ABI compatibility for even functions that use a timeval. - [01d9e617a923] + * MANIFEST, NEWS, plugins/sudoers/po/ast.mo, + plugins/sudoers/po/ast.po: + Asturian translation for sudoers from translationproject.org. + [4f011f10129e] - * lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c: - Use a monotonic timer for the event subsystem. - [acf30905a275] + * mkdep.pl: + Check source dir if source file is not listed in MANIFEST. + Previously, we just used the file name without $(srcdir). + [cd17ca929217] - * config.h.in, configure, configure.ac, include/sudo_event.h, - lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c, - plugins/sudoers/iolog_util.h, plugins/sudoers/sudoers.h, - plugins/sudoers/sudoreplay.c: - Use struct timespec, not struct timeval in the event subsystem. Use - ppoll() or pselect() if avaialble which use timespec. - [b1bfccec8b13] + * MANIFEST, config.h.in, configure, configure.ac, doc/sudoers.man.in, + doc/sudoers.mdoc.in, include/sudo_compat.h, lib/util/Makefile.in, + lib/util/str2sig.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_util.c: + Store signal name, not number in I/O log timing file. The "SIG" + prefix is not used so, e.g. SIGTERM -> "TERM". This makes the I/O + log files portable from one system to another. Older I/O log files + with signal numbers can still be replayed. + [5652f831b715] -2018-08-24 Todd C. Miller +2019-07-30 Todd C. Miller - * .hgignore: - sync - [193fd33e9864] + * src/utmp.c: + Disable stringop-truncation false positive warnings on gcc 8. + Strings in struct utmp/utmpx are not guaranteed to be NUL- + terminated. + [644b97bba318] - * plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, - plugins/sudoers/cvtsudoers_json.c, - plugins/sudoers/cvtsudoers_ldif.c: - Eliminate most use of parsed_sudoers in cvtsudoers - [0d0504f61e3e] + * plugins/group_file/plugin_test.c, src/net_ifs.c: + Replace non-essential strncpy() calls. + [2377cad6e155] - * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c, - plugins/sudoers/cvtsudoers_json.c, plugins/sudoers/parse.h, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: - Make alias_apply() take 3 arguments, the first being a pointer to - the struct sudoers_parse_tree. - [7802295c07fa] +2019-07-26 Todd C. Miller -2018-08-23 Todd C. Miller + * configure, configure.ac: + Revert version back to 1.8.28 + [4e2deb0b4925] - * plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c: - Handle systems where root's gid is not 0. - [1fc92bad715a] + * lib/util/Makefile.in: + Link util functions being tested directly with the test harness. + Otherwise we may get the version from the installed libsudo_util.so. + [46c833080d13] - * plugins/sudoers/iolog_util.c, plugins/sudoers/iolog_util.h: - Add missing files from last commit. - [a155e07bb191] +2019-07-23 Todd C. Miller - * .hgignore, MANIFEST, plugins/sudoers/Makefile.in, - plugins/sudoers/po/sudoers.pot, - plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, - plugins/sudoers/sudoreplay.c: - Add regress test for I/O log plugin endpoints - [bf9fbe5ff2a6] + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/zh_TW.mo, + plugins/sudoers/po/zh_TW.po, po/cs.mo, po/cs.po, po/da.mo, po/da.po, + po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fr.mo, po/fr.po, + po/it.mo, po/it.po, po/ja.mo, po/ja.po, po/nb.mo, po/nb.po, + po/pl.mo, po/pl.po, po/pt.mo, po/pt.po, po/pt_BR.mo, po/pt_BR.po, + po/sv.mo, po/sv.po, po/tr.mo, po/tr.po, po/uk.mo, po/uk.po, + po/zh_TW.mo, po/zh_TW.po: + Updated translations from translationproject.org + [a5aa41ab05cb] - * plugins/sudoers/iolog.c: - We cannot reuse last_time for the I/O log info file now that it is a - monotonic timer. Just call time(3) in write_info_log() directly. - [f2e1de732a91] +2019-07-19 Todd C. Miller - * src/exec_pty.c: - Move the loop to free the monitor_messages list into - free_exec_closure_pty() - [d6edc1a94e7e] + * configure, configure.ac, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/parse.c: + Use strftime(3) instead of formatting struct tm by hand. Fixes a + warning on newer versions of gcc. + [4a2fdb51bbe5] - * po/sudo.pot: - regen - [6467f05a2fd0] + * doc/sudo.man.in, doc/sudo.mdoc.in: + Update error message when the password cannot be read from the + terminal. + [9b329f92e8a0] -2018-08-22 Todd C. Miller + * NEWS: + Fix for Bug #888 + [d64fc43adfdd] - * lib/util/getentropy.c: - Fix typo in last commit. - [38f3450b57fb] + * plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c: + If the command in sudoers does not exist on the file system, match + by name. We still want to match the command even if it doesn't exist + so that the NOPASSWD flag on sudoers entries with non-existant paths + works as expected. Bug #888. + [0879054870be] - * config.h.in, configure, configure.ac, lib/util/getentropy.c: - Do not assume all Linux has linux/random.h. Add missing - sys/syscall.h include - [8460f258e1af] + * NEWS, doc/TROUBLESHOOTING, po/sudo.pot, src/tgetpass.c: + More verbose error message when a password is required and no + terminal is present. Bug #828. + [f15ffeffff32] - * plugins/sudoers/policy.c, plugins/sudoers/timestamp.c, - plugins/sudoers/visudo.c, src/sudo_edit.c: - Cast uid/gid to unsigned int before printing. - [37fcab8b4f97] + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [8e0fdf8e4cd5] - * include/sudo_compat.h: - Only include stdarg.h if we need it. - [c266d34454ba] + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document that PAM session modules are now run with the silent flag. + [b67b769a0532] - * plugins/sudoers/bsm_audit.c, plugins/sudoers/timestamp.c: - fix compiler warnings on Solaris 11 - [6c92c438a38e] +2019-07-14 Todd C. Miller - * lib/util/getentropy.c: - Fix setting of errno when gotdata() fails. - [4fab71fa575f] + * plugins/sudoers/sudoers.c: + Simpler change to retry sudo_secure_file() as root as needed. + [feb0c2309366] - * plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/ldap.c, - plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, - plugins/sudoers/rcstr.c, plugins/sudoers/timestamp.c, - src/sudo_noexec.c: - Include stddef.h for offsetof() definition. - [15d13ae1ba46] + * plugins/sudoers/sudoers.c: + If we are unable to stat() sudoers as non-root, try again as root. + By default, sudo relies soley on group permissions to read sudoers + to make it possible to store sudoers on NFS. However, if + /etc/sudoers is not accessible to non-root uids for some reason, + sudo will fail. Bug #880. + [6a50adb25f2e] - * NEWS: - Bugs 846 and 847 - [a0ba7ad24812] +2019-07-12 Todd C. Miller - * include/sudo_compat.h: - We still need to include string.h for AIX (and possibly others) when - we are not using the system memset_r() function and rsize_t is - defined by the system headers. - [e1f8f7537209] + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Clarify that ttyin contains raw terminal input. + [eea9d33f85bd] - * configure, configure.ac, include/sudo_compat.h, mkpkg: - Add --enable-package-build to give configure a hint that we are - building a package. This can be used to avoid relying on libc - functions that may not be present in all libc versions for a - particular system. For instance, AIX 7.1 may or may not have - memset_s() and getline() present. - [7e843bed8435] +2019-07-11 Todd C. Miller - * include/sudo_compat.h: - AIX defines rsize_t in string.h, not stddef.h for use by the - memset_s() prototype. We use our own memset_s() on AIX since it is - not available on all BOS levels which makes package building - problematic. - [3724b47eadd8] + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Expand the description of the I/O log files. + [f15cefc9bbd8] -2018-08-21 Todd C. Miller + * doc/sudo.conf.mdoc.in: + Remove trailing whitespace. + [421e9f481c1d] - * plugins/sudoers/defaults.c: - Fix printing of T_TIMESPEC values. - [8775c17229a4] +2019-07-03 Todd C. Miller - * plugins/sudoers/iolog.c: - Remove unused struct script_buf - [fd27f67123b3] + * configure, configure.ac, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in: + Rename PLUGINDIR -> plugindir + [75cc43534ee1] -2018-08-20 Todd C. Miller + * configure, configure.ac: + Use $libexecdir in default settings used by the documentation. The + web and pdf pages will substitute /usr/local/libexec for + $noexec_file. Also do substitution of variables using exec_prefix + even if we don't use them in the Makefile since the documentation + may reference them. + [b7a37b03b6db] - * NEWS: - Document when the I/O log timing file entry bug was introduced. - [09a75d80487e] + * doc/Makefile.in, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + Add conditional for sesh path in sudo.conf manual. + [ec1f8f559bad] - * NEWS: - sync - [95fd54c61719] + * configure, configure.ac: + Update plugindir even when --disable-shared is specified. Otherwise, + the default value is substituted into the Makefiles and + documentation which may not match --prefix. Bug #886 + [0f6c9a4af739] - * config.h.in, configure, configure.ac, lib/util/gettime.c: - HP-UX doesn't suport CLOCK_MONOTONIC but we can use gethrtime() - instead. - [3ec7d99444c0] +2019-06-25 Todd C. Miller - * src/exec_monitor.c, src/exec_pty.c: - Close the pty slave in the parent so that when the command and - monitor exit, the pty gets recycled without our having to close it - directly. - [fec53753cf52] + * include/sudo_util.h, lib/util/fatal.c, lib/util/inet_ntop.c, + lib/util/regress/vsyslog/vsyslog_test.c, lib/util/sudo_debug.c, + plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/ldap_conf.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/timestamp.c, src/load_plugins.c, src/net_ifs.c, + src/sudo.c: + Add ssizeof macro that returns ssize_t. We can use this instead of + casting the result of size_t to int. Also change checks for + snprintf() returning <=0 to <0. + [da4a95a5d8ec] - * lib/util/term.c, src/exec_monitor.c, src/exec_pty.c, src/sudo.h: - Move updating of the window size to the monitor process. This will - allow us to close the slave in the main sudo process in the future - so only the command and monitor have it open. - [07108a1c2edc] +2019-06-21 Todd C. Miller - * configure, configure.ac: - sudo 1.8.25 - [4938ba570787] + * doc/TROUBLESHOOTING, doc/sudoers.man.in, doc/sudoers.mdoc.in: + sudoedit should be used for editing files instead of "sudo editor" + That way the user's editor config files are used by the editor. + [24bb1e6326ee] - * plugins/sudoers/regress/sudoers/test19.ldif2sudo.ok: - Fix test output for bug #845 - [ee6f2d615bd8] + * doc/TROUBLESHOOTING: + Move the section on HOME to be after the environment section. Also + strongly discourage the disabling of env_reset. + [7a41bddf5fde] - * plugins/sudoers/ldap_util.c: - Fix pasto when converting sudoNotAfter; from Miguel Sanders Bug #845 - [69638cd6da60] +2019-06-20 Todd C. Miller -2018-08-19 Todd C. Miller + * doc/TROUBLESHOOTING: + Remove the Solaris last login question, add one about HOME. The PAM + session is opened with PAM_SILENT so last login info is not printed. + It is dangerous to preserve HOME from the user's environment. + [99be2cd98556] - * aclocal.m4, config.h.in, configure, configure.ac, - include/sudo_util.h, lib/util/gettime.c, lib/util/util.exp.in: - Add sudo_gettime_uptime() to measure time while not sleeping. - [a128e7d51740] + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Use the term pseudo-terminal more consistently. + [129a0d2e5a33] - * plugins/sudoers/iolog.c: - Use a monotonic timer that only runs while not suspended for the - iolog timing values and write nsec-precision entries. - [7f37f0b24ce7] + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document why HOME should not be preserved from the user's + environment. Text was adapted from what is already present in the + UPGRADE file. Also mark set_home and always_set_home as obsolete. + [3cddca2f78de] -2018-08-18 Todd C. Miller + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: + Refer to command line options, not flags. + [5caa383e1f9b] - * mkpkg: - Detect number of CPUs on AIX. - [2b7c62b42da2] + * NEWS: + sync + [fd7e952e3e43] - * plugins/sudoers/iolog.c: - Fix I/O log timing file on systems without a C99-compatible - snprintf(). On those systems we use our own snprintf() that doesn't - support floating point. We don't actually need floating point in - this case since the we can print seconds and microseconds without - using it. - [4ea419ac5bee] + * doc/TROUBLESHOOTING: + sudo will now prompt for a password as long as /dev/tty is + available. + [a4241d432e63] - * .hgtags: - Added tag SUDO_1_8_24 for changeset e708ac0bf63a - [e05f06e9bd46] <1.8> + * MANIFEST, configure, configure.ac, doc/Makefile.in, + doc/cvtsudoers.cat, doc/sudo.cat, doc/sudo.conf.cat, + doc/sudo_plugin.cat, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers_timestamp.cat, doc/sudoreplay.cat, doc/visudo.cat: + Remove .cat pages, there is no need for them in the modern world. + Sudo only shipped .cat pages for Irix, which lacked nroff. Irix is + long dead and there are multiple open source nroff options. + [b7a48dc22bdb] - * Makefile.in, NEWS, config.h.in, configure, configure.ac, - doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, - doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, - doc/visudo.cat, doc/visudo.man.in, lib/util/Makefile.in, - lib/util/getgrouplist.c, mkpkg, plugins/sudoers/Makefile.in, - plugins/sudoers/check.c, plugins/sudoers/filedigest_gcrypt.c, - plugins/sudoers/filedigest_openssl.c, plugins/sudoers/iolog.c, - plugins/sudoers/match.c, plugins/sudoers/po/sudoers.pot, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, - src/exec_pty.c, src/parse_args.c, src/sudo.c: - merge sudo 1.8.24 from tip - [e708ac0bf63a] [SUDO_1_8_24] <1.8> + * INSTALL, configure.ac, doc/sudoers.cat, doc/visudo.cat: + Make env_editor the default. It is already the default in the + package script. + [a4f0c46ef5d6] - * NEWS: - Fix for Bug #844 - [51cfeb79669c] + * INSTALL, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Don't describe env_editor as a security hole. Users that are able to + edit sudoers can grant themselves permissions so the fact that + visudo runs the editor as root is not a security issue. + [627f0a96ccc9] - * src/sudo_edit.c: - Handle the case where O_PATH or O_SEARCH is defined but O_DIRECTORY - is not. In theory, O_DIRECTORY is redundant when O_SEARCH is - specified but it is legal for O_EXEC and O_SEARCH to have the same - value. Bug #844 - [fb75d75c7249] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Fix details of how EDITOR, VISUAL and SUDO_EDITOR are (or are not) + preserved. The description in the editor option was incorrect and + didn't mention env_keep. Reported by Sander Bos + [1b498d610672] -2018-08-17 Todd C. Miller + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Modern visudo locks the actual sudoers file, not the sudoers.tmp + file. Refer to sudoers.tmp as a temporary file, not a lock file. + Reported by Sander Bos + [3a449f316304] - * NEWS: - sync - [2be1b619a06a] +2019-06-19 Todd C. Miller - * plugins/sudoers/starttime.c: - Fix get_starttime() on HP-UX. - [329a4ad9f4ef] + * plugins/sudoers/sudoers.c: + In tty_present(), check for /dev/tty if sudo was unable to get the + tty name. For requiretty it is enough to check that /dev/tty is + available. If sudo can't get the tty from the kernel (missing + /proc?) that is OK. + [2102ffa0fa7e] - * mkpkg: - Detect number of CPUs on HP-UX. Use MAKE environment variable if - set. - [c95ab5d6d392] + * src/tgetpass.c: + Don't refuse to use the tty unless /dev/tty is unavailable. We don't + care whether sudo was able to get the tty name from the kernel. All + that really matters is whether we are able to disable echo as + needed. + [a3376277883f] - * src/net_ifs.c: - Avoid a compilation problem on HP-UX 11.31 with gcc and - machine/sys/getppdp.h - [b861e894271b] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Use of "they" was ambiguous. + [a39f42aa21ca] -2018-08-16 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Better description of secure_path. The secure_path option affects + the resolution of unqualified commands as well as the environment + that commands run with. + [e0534efa8271] - * plugins/sudoers/Makefile.in: - Add CHECK_SYMBOLS_LDFLAGS to check_symbols target. Non-ELF HP-UX - executables don't support SHLIB_PATH or LD_LIBRARY_PATH unless ld is - passed the +s flag. This lets the check_symbols test pass on systems - where the ldap libraries aren't installed in the standard location. - [c2d6d3248fa4] + * doc/CONTRIBUTORS: + Add Sander Bos + [75f6f90c2f24] -2018-08-15 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Fix a few typos and awkward wording. Use the singular "they" instead + of he/she. Add back missing text in description of variables + starting with (). Based on changes from Sander Bos. + [d6b5068ae2ca] - * doc/Makefile.in: - For the lint target, don't stop after the first manual that fails - lint. - [8a80d8e7b540] +2019-06-15 Todd C. Miller - * plugins/sudoers/timestamp.c: - Add debugging info so we can tell why a timestamp record doesn't - match. - [99ede76f9835] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Clarify which environment variables are set based on the target + user. + [1e6ac7e5ef32] -2018-08-13 Todd C. Miller +2019-06-10 Todd C. Miller - * NEWS: - typo - [8a5a11b921ea] + * lib/util/Makefile.in: + libsudo_util depends on LT_DEP_LIBS even when building a static lib + [232370d6af88] - * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, po/da.mo, - po/da.po: - sync with translationproject.org - [19f7eba39013] + * aclocal.m4, config.h.in, configure, configure.ac, + lib/util/arc4random.c: + Solaris getentropy() requires that sys/random.h be included. + [f1ec0a7290a6] -2018-08-11 Todd C. Miller +2019-05-29 Todd C. Miller - * plugins/sudoers/iolog.c: - Fix the return value of sudoers_io_change_winsize() on success. - Otherwise, we only log a single window size change. - [d6cdab99f6f9] + * plugins/sudoers/parse.c: + Use the runhost for "User foo is not allowed to run sudo on bar." + Otherwise, if the -h option is specified sudo will print the local + host name instead of the host specified via -h. + [8e6836ff952c] - * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, - plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, - plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: - sync with translationproject.org - [4109b52f393f] +2019-05-28 Todd C. Miller -2018-08-08 Todd C. Miller + * doc/TROUBLESHOOTING: + Document that "no tty present and no askpass program specified" may + happen when /proc is not accessible. + [b551c47e55aa] - * NEWS: - sync - [1448675b44aa] +2019-05-27 Todd C. Miller -2018-08-07 Todd C. Miller + * doc/CONTRIBUTORS: + Add Sangamesh Mallayya and Michael Spradling + [73b3acddc973] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Fix ambiguity when talking about Aliases. We can't use User_Alias in - the grammar as both the definition of the Alias as well as its name. - This adds {User,Runas,Host,Cmnd}_Alias_Spec to help differentiate - between the name of the alias and its definition. Bug #834 - [06678d12306f] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, src/parse_args.c, + src/sudo.h, src/tgetpass.c: + Add -B option to ring the bell before the password prompt. + [b2181b069809] - * doc/cvtsudoers.cat, doc/sudoreplay.cat: - regen - [d7237381675a] - - * Makefile.in: - Warn if unable to run xgettext or msgfmt. - [d0cbba35cd49] - -2018-08-06 Todd C. Miller + * plugins/sudoers/auth/aix_auth.c: + Allow the user to change their password if expired on AIX. Bug #883 + [b1def2572198] - * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, - plugins/sudoers/po/de.mo, plugins/sudoers/po/hr.mo, - plugins/sudoers/po/it.mo, plugins/sudoers/po/ja.mo, - plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, - plugins/sudoers/po/pl.mo, plugins/sudoers/po/pt_BR.mo, - plugins/sudoers/po/sv.mo, plugins/sudoers/po/uk.mo, - plugins/sudoers/po/vi.mo: - sync with translationproject.org - [d1deb5cb5eb3] +2019-05-26 Todd C. Miller -2018-08-05 Todd C. Miller + * plugins/sudoers/auth/aix_auth.c: + When using AIX auth, don't display the AIX password incorrect + message. Avoids a "3004-300 You entered an invalid login name or + password" message in addition to sudo's own "Sorry, try again" + message. + [ee606cfc3c8c] - * plugins/sudoers/fmtsudoers.c, plugins/sudoers/ldap.c, - plugins/sudoers/ldap_util.c, plugins/sudoers/parse.c, - plugins/sudoers/parse.h, plugins/sudoers/policy.c, - plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h: - Refactor code to convert defaults to tags and do conversion on - output for "sudo -l". +2019-05-24 Todd C. Miller - Remove the short_list (was long_list) global in favor of a verbose - argument. - [eae1e1e814e0] + * mkpkg: + AIX packages were not being build with optimization enabled. + [41563464b897] -2018-08-04 Todd C. Miller +2019-05-22 Todd C. Miller - * plugins/sudoers/policy.c: - Assign short_list true, not 1 now that it is a boolean. - [10354cd29439] + * plugins/sudoers/parse.c, plugins/sudoers/parse.h: + Fix a typo. + [6cd3fdc40b13] - * plugins/sudoers/fmtsudoers.c: - fix typo - [ad7e93f375ba] + * mkpkg: + Support using macOS SDKs from + /Library/Developer/CommandLineTools/SDKs + [98399af73e06] -2018-08-03 Todd C. Miller +2019-05-16 Todd C. Miller - * plugins/sudoers/rcstr.c: - Fix a warning on FreeBSD which has a fancier __containerof - implementation. - [b5106a524232] + * lib/util/term.c: + It is safe to assume _POSIX_VDISABLE is defined. The old compat + defines were to support pre-termios systems. + [82153896cede] - * plugins/sudoers/po/de.po, plugins/sudoers/po/hr.po, - plugins/sudoers/po/it.po, plugins/sudoers/po/ja.po, - plugins/sudoers/po/pl.po, plugins/sudoers/po/pt_BR.po, - plugins/sudoers/po/sv.po, plugins/sudoers/po/uk.po, - plugins/sudoers/po/vi.po: - sync with translationproject.org - [ae5353cbeac4] +2019-05-06 Todd C. Miller -2018-08-02 Todd C. Miller + * plugins/sudoers/auth/pam.c: + Remove second catopen() which is never called. + [8a3db9d71297] - * aclocal.m4, autogen.sh, config.h.in, configure: - Regen with aclocal 1.15.1. - [22c02e451333] +2019-05-01 Todd C. Miller - * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, - plugins/sudoers/policy.c, plugins/sudoers/sssd.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: - For ldap/sssd, include defaults in the generate privilege unless we - are listing in short mode (in which case we convert them to tags if - possible). Fixes a problem where sudoOptions were not being applied - to the command. - [b21267488971] + * doc/TROUBLESHOOTING: + Sudo's conversation functions now filters out the last login + information. + [ac21b18ba6bf] - * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, - plugins/sudoers/parse.c, plugins/sudoers/sudoers.c, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: - update_defaults() needs to be able to take a defaults_list for the - ldap/sssd backends which support per-role defaults. - [ddbb07881a46] +2019-04-29 Todd C. Miller -2018-07-31 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c: + Add pam_acct_mgmt setting to enable/disable PAM account validation. + [ec657af6eeb8] - * plugins/sudoers/po/sudoers.pot: + * doc/cvtsudoers.cat, doc/sudo.cat, doc/sudo.conf.cat, + doc/sudo_plugin.cat, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers_timestamp.cat, doc/sudoreplay.cat, doc/visudo.cat: regen - [29c5a09aaeaf] - -2018-07-30 Todd C. Miller - - * NEWS: - Update - [045b535f84b9] - -2018-07-26 Todd C. Miller - - * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c, - plugins/sudoers/cvtsudoers_json.c, - plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/defaults.c, - plugins/sudoers/defaults.h, plugins/sudoers/file.c, - plugins/sudoers/fmtsudoers.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/ldap.c, - plugins/sudoers/match.c, plugins/sudoers/parse.c, - plugins/sudoers/parse.h, plugins/sudoers/sssd.c, - plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.c, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: - o Move userspecs, defaults and aliases into a new struct - sudoers_parse_tree. o The parse tree is now passed to the alias, - match and defaults functions. o The nss API has been changed so that - the nss parse() function returns a pointer to a struct - sudoers_parse_tree which will be filled in by the getdefs() and - query() functions. - [bddb4676ad0e] + [d39b0636806f] - * lib/util/getgrouplist.c: - Don't need to preallocate 4 x NGROUP_MAX on AIX or BSD/Linux. For - BSD/Linux, getgrouplist(3) will tell us the number of groups if we - don't have enough. For AIX, we can count the entries in the group - set before allocating the group vector. - [c278fd947af4] + * NEWS, configure, configure.ac: + Sudo 1.8.28 + [dd02af1b71e1] - * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/pam.c, + * Makefile.in, configure.ac, doc/Makefile.in, doc/cvtsudoers.man.in, + doc/cvtsudoers.mdoc.in, doc/fixman.sh, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, + doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.man.in, + doc/visudo.mdoc.in, examples/Makefile.in, include/Makefile.in, + include/compat/charclass.h, include/compat/endian.h, + include/compat/fnmatch.h, include/compat/getopt.h, + include/compat/glob.h, include/compat/nss_dbdefs.h, + include/compat/sha2.h, include/sudo_compat.h, include/sudo_conf.h, + include/sudo_debug.h, include/sudo_digest.h, include/sudo_dso.h, + include/sudo_event.h, include/sudo_fatal.h, include/sudo_gettext.h, + include/sudo_lbuf.h, include/sudo_plugin.h, include/sudo_queue.h, + include/sudo_rand.h, include/sudo_util.h, lib/util/Makefile.in, + lib/util/aix.c, lib/util/arc4random.c, lib/util/arc4random.h, + lib/util/arc4random_uniform.c, lib/util/closefrom.c, + lib/util/digest.c, lib/util/digest_gcrypt.c, + lib/util/digest_openssl.c, lib/util/event.c, lib/util/event_poll.c, + lib/util/event_select.c, lib/util/fatal.c, lib/util/fnmatch.c, + lib/util/getcwd.c, lib/util/getdelim.c, lib/util/getentropy.c, + lib/util/getgrouplist.c, lib/util/gethostname.c, + lib/util/getopt_long.c, lib/util/gettime.c, lib/util/gidlist.c, + lib/util/glob.c, lib/util/inet_ntop.c, lib/util/inet_pton.c, + lib/util/isblank.c, lib/util/key_val.c, lib/util/lbuf.c, + lib/util/locking.c, lib/util/memrchr.c, lib/util/memset_s.c, + lib/util/mksiglist.c, lib/util/mksigname.c, lib/util/mktemp.c, + lib/util/nanosleep.c, lib/util/parseln.c, lib/util/pipe2.c, + lib/util/progname.c, lib/util/pw_dup.c, lib/util/reallocarray.c, + lib/util/regress/atofoo/atofoo_test.c, + lib/util/regress/getdelim/getdelim_test.c, + lib/util/regress/getgrouplist/getgrouplist_test.c, + lib/util/regress/parse_gids/parse_gids_test.c, + lib/util/regress/progname/progname_test.c, + lib/util/regress/strsplit/strsplit_test.c, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_parseln/parseln_test.c, + lib/util/regress/tailq/hltq_test.c, + lib/util/regress/vsyslog/vsyslog_test.c, lib/util/secure_path.c, + lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c, + lib/util/snprintf.c, lib/util/strlcat.c, lib/util/strlcpy.c, + lib/util/strndup.c, lib/util/strnlen.c, lib/util/strsignal.c, + lib/util/strsplit.c, lib/util/strtobool.c, lib/util/strtoid.c, + lib/util/strtomode.c, lib/util/strtonum.c, lib/util/sudo_conf.c, + lib/util/sudo_debug.c, lib/util/sudo_dso.c, lib/util/term.c, + lib/util/ttyname_dev.c, lib/util/ttysize.c, lib/util/utimens.c, + lib/util/vsyslog.c, lib/zlib/Makefile.in, log2cl.pl, m4/sudo.m4, + mkdep.pl, mkpkg, pathnames.h.in, plugins/group_file/Makefile.in, + plugins/group_file/getgrent.c, plugins/group_file/group_file.c, + plugins/group_file/plugin_test.c, plugins/sample/Makefile.in, + plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in, + plugins/sudoers/alias.c, plugins/sudoers/audit.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, - plugins/sudoers/check.c, plugins/sudoers/sudoers.h: - Ignore PAM_NEW_AUTHTOK_REQD and PAM_AUTHTOK_EXPIRED errors from - pam_acct_mgmt() if authentication is disabled for the user. Bug #843 - [1dc39794cf0d] - -2018-07-23 Todd C. Miller - - * src/exec_pty.c: - Work around a bug on AIX where closing the pty slave causes the main - sudo process to lose its controlling tty (which was *not* the pty - slave). - [649a25b7f864] - - * src/sudo.c: - Add missing aix_restoreauthdb() call to match the aix_setauthdb() - added in b8a011be9af7. Fixes issues on AIX where local users/groups - may not be resolved when some NIS/AD/LDAP is used for users. - [16e196a7a337] - - * lib/util/getgrouplist.c: - Linux getgrouplist(3) returns the number of groups on success - instead of 0 like BSD. - [599a89afa4f5] - -2018-07-20 Todd C. Miller - - * mkdep.pl, plugins/sudoers/Makefile.in: - When both a .o and .lo file was used in a Makefile, we used to make - the .o depend on the .lo. Unfortunately, this creates a race - condition for parallel make since libtool is not atomic (it creates - a .o and then renames it when building PIC objects for shared libs). - - We always link with libtool so the only reason to prefer the .o over - the .lo file is to avoid mixing .o and .lo in the dependencies. - That's not a good enough reason so change mkdep.pl to warn when both - a .o and .lo are referenced in a Makefile and do nothing else. - - Bug #842 - [a8d94e6aed9f] - -2018-07-15 Todd C. Miller - - * plugins/sudoers/ldap.c: - Avoid duplicate free when netgroup_base is invalid. - [5ce39dff77ba] - -2018-07-03 Todd C. Miller - - * lib/util/arc4random.h: - Use madvise(2) with MADV_WIPEONFORK if available. - [a11461409569] + plugins/sudoers/base64.c, plugins/sudoers/boottime.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h, + plugins/sudoers/check.c, plugins/sudoers/check.h, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/digestname.c, + plugins/sudoers/editor.c, plugins/sudoers/env.c, + plugins/sudoers/env_pattern.c, plugins/sudoers/file.c, + plugins/sudoers/filedigest.c, plugins/sudoers/find_path.c, + plugins/sudoers/fmtsudoers.c, plugins/sudoers/gc.c, + plugins/sudoers/gentime.c, plugins/sudoers/getspwuid.c, + plugins/sudoers/gmtoff.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/group_plugin.c, plugins/sudoers/hexchar.c, + plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h, + plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h, + plugins/sudoers/ins_python.h, plugins/sudoers/insults.h, + plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, + plugins/sudoers/iolog.c, plugins/sudoers/iolog.h, + plugins/sudoers/iolog_event.h, plugins/sudoers/iolog_files.h, + plugins/sudoers/iolog_path.c, plugins/sudoers/iolog_util.c, + plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c, + plugins/sudoers/ldap_util.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/linux_audit.h, plugins/sudoers/locale.c, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/logwrap.c, plugins/sudoers/match.c, + plugins/sudoers/match_addr.c, plugins/sudoers/match_command.c, + plugins/sudoers/match_digest.c, plugins/sudoers/mkdir_parents.c, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/parse_ldif.c, plugins/sudoers/policy.c, + plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/rcstr.c, plugins/sudoers/redblack.c, + plugins/sudoers/redblack.h, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/env_match/check_env_pattern.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/regress/iolog_util/check_iolog_util.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/regress/parser/check_gentime.c, + plugins/sudoers/regress/parser/check_hexchar.c, + plugins/sudoers/regress/starttime/check_starttime.c, + plugins/sudoers/set_perms.c, plugins/sudoers/solaris_audit.c, + plugins/sudoers/solaris_audit.h, plugins/sudoers/sssd.c, + plugins/sudoers/starttime.c, plugins/sudoers/strlist.c, + plugins/sudoers/strlist.h, plugins/sudoers/stubs.c, + plugins/sudoers/sudo_ldap.h, plugins/sudoers/sudo_ldap_conf.h, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h, + plugins/sudoers/sudo_printf.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_debug.c, + plugins/sudoers/sudoers_debug.h, plugins/sudoers/sudoers_version.h, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timeout.c, plugins/sudoers/timestamp.c, + plugins/sudoers/timestr.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.h, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h, + plugins/sudoers/visudo.c, plugins/system_group/Makefile.in, + plugins/system_group/system_group.c, src/Makefile.in, + src/conversation.c, src/env_hooks.c, src/exec.c, src/exec_common.c, + src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, src/get_pty.c, + src/hooks.c, src/load_plugins.c, src/net_ifs.c, src/openbsd.c, + src/parse_args.c, src/preload.c, src/preserve_fds.c, + src/regress/noexec/check_noexec.c, + src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c, + src/signal.c, src/solaris.c, src/sudo.c, src/sudo.h, + src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c, + src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tcsetpgrp_nobg.c, + src/tgetpass.c, src/ttyname.c, src/utmp.c: + Add SPDX-License-Identifier to files. + [db66decfad24] -2018-07-01 Todd C. Miller +2019-04-28 Todd C. Miller - * plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, po/eo.mo, - po/eo.po: - sync with translationproject.org - [01bcfe7b30e5] + * plugins/sudoers/auth/pam.c: + Filter out last login messages on HP-UX unless running a shell. HP- + UX in trusted mode will display last login messages as part of the + PAM account management module by libpam_comsec. There is no way to + suppress these messages from the PAM configuration in trusted mode + so we need to filter them in the conversation function. In regular + mode, similar (but different) messages may be produced by + libpam_hpsec. + [5bbb02c69b46] - * NEWS: - Update. - [f5e0b1f909bb] +2019-04-26 Todd C. Miller -2018-06-25 Todd C. Miller + * lib/util/closefrom.c: + FreeBSD's /dev/fd only contains fds 0-2 unless fdescfs is mounted. + In practice this doesn't matter since FreeBSD >= 8 has a native + closefrom + [bbeeb52550f1] - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in: - sync with schema.OpenLDAP - [d83420d8228d] +2019-04-20 Todd C. Miller - * doc/schema.OpenLDAP: - RFC 2849 specifies whitespace as the space character only so replace - tabs with spaces. Bug #840 - [e9d5de6365ba] + * plugins/sudoers/logging.c: + Keep debug fds open in send_mail() to aid in debugging. Adds + closefrom_nodebug() which acts like closefrom(3) but doesn't close + debug fds for use by send_mail(). Also moves the code to exec the + mailer to its own function. + [b1892425667a] - * doc/schema.OpenLDAP: - Fix typo; bug #839 - [dee2dad738de] +2019-04-19 Todd C. Miller -2018-06-16 Todd C. Miller + * plugins/sudoers/defaults.c: + Set def_mailerflags even if sendmail was not found at configure + time. Fixes a NULL dereference when mailerpath is set but + mailerflags is not. Bug #878 + [6c57f5ddca54] - * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: - Should no longer need to set max_groups. - [459119b11265] +2019-04-08 Todd C. Miller -2018-06-15 Todd C. Miller + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/Makefile.in, lib/util/getdelim.c, + lib/util/getline.c, lib/util/parseln.c, + lib/util/regress/getdelim/getdelim_test.c, mkdep.pl, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/boottime.c, + plugins/sudoers/iolog_util.c, plugins/sudoers/ldap_conf.c, + plugins/sudoers/parse_ldif.c, plugins/sudoers/sssd.c: + Add a proper getdelim(3) replacement and use it instead of + getline(3). + [2e06e45ffbd6] - * plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/pwutil_impl.c, - src/sudo.c: - Use new sudo_getgrouplist2() function instead of getgrouplist(). - [8e88b6d3ea6f] + * plugins/sudoers/auth/pam.c: + Restrict the PAM_TTY kludge to Solaris and Linux-PAM. Setting + PAM_TTY to the empty string causes problems with some modules on HP- + UX so restrict it to systems where it is fixes known issues. + [d61f4e20dc67] - * configure, configure.ac, include/sudo_compat.h, include/sudo_util.h, - lib/util/Makefile.in, lib/util/getgrouplist.c, lib/util/util.exp.in: - Add sudo_getgrouplist2() to dynamically allocate the group vector. - This allows us to avoid repeatedly calling getgrouplist() with a - statically sized vector on macOS, Solaris, HP-UX, and AIX. - [55480e2ec7c2] +2019-03-18 Todd C. Miller - * src/conversation.c: - Fix fd leak introduced by SUDO_CONV_PREFER_TTY commit. Coverity CID - 186605. - [fb6eb518bc4c] + * lib/util/getgrouplist.c: + Fix the counting of supplementary groups on AIX. We should not + assume that basegid will be present in the list of gids returned by + getgrset(). + [6b5fa2805840] -2018-06-13 Todd C. Miller +2019-03-14 Todd C. Miller - * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, - doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, - doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat, - doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in, - doc/sudoers_timestamp.cat, doc/sudoers_timestamp.man.in, - doc/sudoers_timestamp.mdoc.in, doc/visudo.cat, doc/visudo.man.in, - doc/visudo.mdoc.in: - Fix some issues pointed out by mandoc -Tlint - [7ace981c7334] + * plugins/sudoers/pwutil.c: + Plug a memory leak on user/group lookup failure found by ASAN. + [aff673f310d0] - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, src/conversation.c: - Add SUDO_CONV_PREFER_TTY flag for conversation function to tell sudo - to try writing to /dev/tty first. Can be used in conjunction with - SUDO_CONV_INFO_MSG and SUDO_CONV_ERROR_MSG. - [a1e9420a7c5e] +2019-03-08 Todd C. Miller -2018-06-08 Todd C. Miller + * MANIFEST, plugins/sudoers/regress/testsudoers/test3.d/root, + plugins/sudoers/regress/testsudoers/test3.sh: + Fix test failure when run by a user other than the file owner. + [c41ea7cfedf8] - * doc/LICENSE: - Update for arc4random.c, arc4random_uniform.c and getentropy.c - [168db3c8d590] + * MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/da.mo, + po/da.po, po/eo.mo, po/eo.po, po/es.mo, po/es.po, po/zh_TW.mo, + po/zh_TW.po: + Updated translations from translationproject.org + [484d7b28bdd6] -2018-06-05 Todd C. Miller + * MANIFEST, plugins/sudoers/regress/cvtsudoers/test1.sh, + plugins/sudoers/regress/cvtsudoers/test10.sh, + plugins/sudoers/regress/cvtsudoers/test11.sh, + plugins/sudoers/regress/cvtsudoers/test12.sh, + plugins/sudoers/regress/cvtsudoers/test13.sh, + plugins/sudoers/regress/cvtsudoers/test14.sh, + plugins/sudoers/regress/cvtsudoers/test15.sh, + plugins/sudoers/regress/cvtsudoers/test16.sh, + plugins/sudoers/regress/cvtsudoers/test17.sh, + plugins/sudoers/regress/cvtsudoers/test18.sh, + plugins/sudoers/regress/cvtsudoers/test19.sh, + plugins/sudoers/regress/cvtsudoers/test2.sh, + plugins/sudoers/regress/cvtsudoers/test20.sh, + plugins/sudoers/regress/cvtsudoers/test21.sh, + plugins/sudoers/regress/cvtsudoers/test22.sh, + plugins/sudoers/regress/cvtsudoers/test23.sh, + plugins/sudoers/regress/cvtsudoers/test24.sh, + plugins/sudoers/regress/cvtsudoers/test25.sh, + plugins/sudoers/regress/cvtsudoers/test26.err.ok, + plugins/sudoers/regress/cvtsudoers/test26.out.ok, + plugins/sudoers/regress/cvtsudoers/test26.sh, + plugins/sudoers/regress/cvtsudoers/test27.sh, + plugins/sudoers/regress/cvtsudoers/test28.sh, + plugins/sudoers/regress/cvtsudoers/test29.sh, + plugins/sudoers/regress/cvtsudoers/test3.sh, + plugins/sudoers/regress/cvtsudoers/test30.sh, + plugins/sudoers/regress/cvtsudoers/test31.sh, + plugins/sudoers/regress/cvtsudoers/test32.err.ok, + plugins/sudoers/regress/cvtsudoers/test32.out.ok, + plugins/sudoers/regress/cvtsudoers/test32.sh, + plugins/sudoers/regress/cvtsudoers/test33.sh, + plugins/sudoers/regress/cvtsudoers/test4.sh, + plugins/sudoers/regress/cvtsudoers/test5.sh, + plugins/sudoers/regress/cvtsudoers/test6.sh, + plugins/sudoers/regress/cvtsudoers/test7.sh, + plugins/sudoers/regress/cvtsudoers/test8.sh, + plugins/sudoers/regress/cvtsudoers/test9.sh: + Test cvtsudoers stdout and stderr separately. Fixes a test failure + on systems with musl libc. Bug #873 + [e82a381f4f3d] - * src/regress/noexec/check_noexec.c: - FreeBSD wordexp() returns WRDE_SYNTAX if it can't write to the shell - process. Since we've prevented execve() from succeeding this is the - error we get back from wordexp() on FreeBSD. - [2a7a73de30cf] +2019-03-06 Todd C. Miller -2018-06-04 Todd C. Miller - - * plugins/sudoers/starttime.c: - Fix conversion of usec to nsec; from Scott Cheloha - [26fa756ea623] + * plugins/sudoers/starttime.c, src/ttyname.c: + Better comment about EOVERFLOW and pstat_getproc(). Also remove some + useless casts. + [09a915110812] -2018-06-01 Todd C. Miller + * lib/util/closefrom.c: + Ignore EOVERFLOW from pstat_getproc(), it is not a fatal error. It + just means that one of the fields in pstat lacks the precision to + store a value. That's not an issue for pst_highestfd. + [bb7ed18e360b] - * include/sudo_plugin.h: - Fix typo. - [504256dc4ccc] + * sudo.pp: + update copyright year + [cff8184aeb11] -2018-05-29 Todd C. Miller +2019-03-05 Todd C. Miller - * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - The getdefs() function now get called multiple times so use the - cached data if present. - [042be7ccab3c] + * src/load_plugins.c: + Fix error message when a fully-qualified plugin path does not exist. + [318f7511c9bc] - * plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c: - Return an empty defaults list, not NULL if there is no global - sudoers defaults entry in sss. - [8e16de465ee2] +2019-03-04 Todd C. Miller - * plugins/sudoers/file.c: - Fix memory leak of handle pointer on close. - [e4eb30e611d4] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Fix unescaped '\' and remove an extra '[' in the definition of + digest. + [9ea1a400ebc9] - * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - Remove a needless copy when parsing options. - [60fe50b736a9] +2019-03-03 Todd C. Miller - * plugins/sudoers/file.c, plugins/sudoers/ldap.c, - plugins/sudoers/parse.c, plugins/sudoers/sssd.c, - plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h, - plugins/sudoers/sudoers.c: - Move cached userspecs and defaults into the handle object. - [37e4df73907d] + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Ignore carriage return before a linefeed. This allows sudo to parse + files with DOS-style line endings. + [65882b63a84d] -2018-05-28 Todd C. Miller +2019-02-26 Todd C. Miller - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: - Quiet a clang analyzer warning. It should not be possible for - pop_include() to be called when YY_CURRENT_BUFFER is NULL. - [148d79e5a44e] + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + For sssd, the nsswitch.conf setting should be "sss" not "sssd". From + Johnathan Smith. + [5c07130d1bbc] - * plugins/sudoers/file.c, plugins/sudoers/ldap.c, - plugins/sudoers/sssd.c: - Reorder things to avoid the need to declare static functions. - [8f27e69fa9cb] +2019-02-20 Todd C. Miller -2018-05-24 Todd C. Miller + * plugins/sudoers/env.c, plugins/sudoers/sudoers.h: + Add simple API for to allow reading environment data from different + sources. Currently, this is used to read a file like + /etc/environment. + [ce9161899719] - * MANIFEST, config.h.in, configure, configure.ac, include/sudo_rand.h, - lib/util/Makefile.in, lib/util/arc4random.c, lib/util/arc4random.h, - lib/util/arc4random_uniform.c, lib/util/chacha_private.h, - lib/util/getentropy.c, lib/util/util.exp.in, mkdep.pl: - Import arc4random() from libressl. This takes an all-in-one approach - instead of the one-file-per-OS approach that libressl takes. The - fallback code does not have as many OS-specific bits as libressl. - [310d65e466bd] +2019-02-19 Todd C. Miller - * lib/util/Makefile.in, lib/util/mktemp.c, - plugins/sudoers/Makefile.in, plugins/sudoers/auth/sudo_auth.c, - plugins/sudoers/insults.h: - Use arc4random for mkstemp() and insults. - [b8c7447756f2] + * plugins/sudoers/sudoers.c: + Fix pasto; the unrestricted env file was read when we want the + restricted one. + [23b0b3c473db] - * MANIFEST, configure, configure.ac, include/sudo_digest.h, - lib/util/Makefile.in, lib/util/digest.c, lib/util/digest_gcrypt.c, - lib/util/digest_openssl.c, lib/util/util.exp.in, mkdep.pl, - plugins/sudoers/Makefile.in, plugins/sudoers/digestname.c, - plugins/sudoers/filedigest.c, plugins/sudoers/filedigest_gcrypt.c, - plugins/sudoers/filedigest_openssl.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.h, plugins/sudoers/gram.y, - plugins/sudoers/ldap_util.c, plugins/sudoers/match.c, - plugins/sudoers/parse.h, - plugins/sudoers/regress/parser/check_digest.c, - plugins/sudoers/sudo_ldap.h, plugins/sudoers/toke.c, - plugins/sudoers/toke.l: - Move digest code into libutil - [c53cf5c508eb] + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/defaults.h, + plugins/sudoers/parse.h, plugins/sudoers/strlist.c, src/sudo.h: + Be sure to include sudo_queue.h where needed instead of relying on + other headers. + [fe9418a9b378] -2018-05-20 Todd C. Miller +2019-02-18 Todd C. Miller - * MANIFEST, plugins/sudoers/cvtsudoers_ldif.c, - plugins/sudoers/regress/cvtsudoers/test25.sh, - plugins/sudoers/regress/cvtsudoers/test26.out.ok, - plugins/sudoers/regress/cvtsudoers/test26.sh, - plugins/sudoers/regress/cvtsudoers/test27.out.ok, - plugins/sudoers/regress/cvtsudoers/test27.sh: - Check for invalid bas64 attributes. - [4218d11c8205] + * lib/util/util.exp.in: + Only export sudo_arc4random_uniform() if arc4random_uniform() is + missing. + [e32a7243976d] - * plugins/sudoers/cvtsudoers_ldif.c, - plugins/sudoers/regress/parser/check_base64.c: - Fix pointer sign warnings. - [5ee724e3956e] + * lib/util/regress/vsyslog/vsyslog_test.c: + Quiet a warning on gcc 8 + [fe8cad6564e2] - * plugins/sudoers/cvtsudoers_ldif.c: - Add missing variable declaration for SELinux and Solaris. - [c8084f0508e5] + * include/sudo_compat.h: + AIX 7.1 defines O_CLOEXEC but it can't be used outside the kernel. + Redefine O_CLOEXEC if it doesn't fit in an int and pipe2() is + missing. + [3ef0220351ca] - * plugins/sudoers/cvtsudoers_ldif.c: - Handle empty string and treat it as safe. - [8029b97d8f4a] + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c, + plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c, + plugins/sudoers/parse.h: + Split command match code out into match_command.c. Also remove + unused SUDOERS_NAME_MATCH code. + [2a7adb93a65e] - * MANIFEST, plugins/sudoers/cvtsudoers_ldif.c, - plugins/sudoers/regress/cvtsudoers/test26.out.ok, - plugins/sudoers/regress/cvtsudoers/test26.sh: - Add support for base64-encoding non-safe strings in LDIF output. - [b9fd1795f4ee] +2019-02-17 Todd C. Miller -2018-05-19 Todd C. Miller + * plugins/sudoers/match_digest.c: + Split out digest matching into its own file. + [93863918f934] - * plugins/sudoers/base64.c, plugins/sudoers/parse.h, - plugins/sudoers/regress/parser/check_base64.c: - Add base64_encode() by Jon Mayo. - [a893ec3dc667] + * plugins/sudoers/Makefile.in, plugins/sudoers/match.c, + plugins/sudoers/parse.h: + Split out digest matching into its own file. + [aafdc9b976ed] -2018-05-18 Todd C. Miller +2019-02-12 Todd C. Miller - * MANIFEST, plugins/sudoers/cvtsudoers_ldif.c, - plugins/sudoers/regress/cvtsudoers/test25.out.ok, - plugins/sudoers/regress/cvtsudoers/test25.sh: - Add support for parsing base64-encoded attributes - [262dd9a526de] + * plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Rename FOLLOW and NOFOLLOW tokens FOLLOWLNK and NOFOLLOWLNK. Fixes a + namespace collision on Solaris when bison is used. + [707b94b7c1e9] -2018-05-17 Todd C. Miller +2019-02-06 Todd C. Miller - * plugins/sudoers/cvtsudoers_ldif.c, - plugins/sudoers/regress/sudoers/test2.ldif.ok: - rfc2253 says we need to escape " and leading and trailing space. - [1c0105a5eb1b] + * plugins/sudoers/match.c: + Add stub definition of digest_matches() for SUDOERS_NAME_MATCH + [a322e57c85e0] - * configure, configure.ac: - Define ZLIB_CONST so we get the const version of the API. - [71a629d0eb4b] + * plugins/sudoers/sudo_nss.c: + No longer need to include sudo_lbuf.h + [db110422b24c] -2018-05-16 Todd C. Miller + * mkpkg: + On RedHat/CentOS get the OS major version from /etc/redhat-release. + We cannot determine this from the output of "pp --probe" since it + doesn't contain a period to separate the major and minor numbers. + [78a27d62de0c] - * plugins/sudoers/parse.c: - Fix logic inversion when handing the authenticate Defaults option - for "sudo -l" and "sudo -v" in long list mode. - [f8157d4c4f03] +2019-02-05 Todd C. Miller - * plugins/sudoers/sssd.c: - Set handle->pw before sss_to_sudoers() since sss_check_user() uses - it. Coverity CID 185651 - [fa646e569352] + * plugins/sudoers/policy.c: + Use SET macro instead of bitwise OR. + [b523937e8da8] - * plugins/sudoers/ldap_util.c: - Fix memory leak on error, CID 185602 - [31c1ab085985] + * plugins/sudoers/pwutil_impl.c: + In sudo_make_grlist_item() the calculation of total did not include + space for pointers to the group names. + [7c438dd62f45] - * plugins/sudoers/ldap.c: - Some ldap_get_values_len -> sudo_ldap_get_values_len that were - missed before. - [d7f1877531be] + * plugins/sudoers/cvtsudoers_pwutil.c: + Use correct debug_decl() names. + [d0f02db8be20] - * plugins/sudoers/ldap_util.c: - When building up the cmndspec, add the actual command member last. - This simplifies the logic regarding the SETENV tag and alsomakes - "out of memory" cleanup simpler. - [d704f3b09ac1] + * plugins/sudoers/sudoers.h: + Add fallback values for sudoers uid, gid and mode if not set in + Makefile. + [21e41ed7a06c] - * plugins/sudoers/cvtsudoers_ldif.c: - Fix format string mismatch, sudo_order is unsigned. - [ecc398e45b0a] +2019-02-04 Todd C. Miller - * plugins/sudoers/pwutil.c: - Add cppcheck annotation to suppress memory leak false positive. - [d4a0ae57c372] + * lib/util/memset_s.c: + include stddef.h to make sure we get NULL + [d42b4c325c0c] - * plugins/sudoers/ldap_util.c: - Sudo "ALL" implies the SETENV tag. - [7abc653b4d39] +2019-02-02 Todd C. Miller - * src/parse_args.c: - Only set MODE_PRESERVE_ENV when preserving the entire environment. - Fixes a problem introduced in 1.8.23 where "sudo -i" could not be - used in conjunction with --preserve-env=VARIABLE. Bug #835 - [8ea75ca8fbd2] - -2018-05-15 Todd C. Miller + * src/net_ifs.c: + Fix memory leak when there are no network interfaces or an error + occurs. + [7ba525ee9233] - * plugins/sudoers/file.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/ldap.c, - plugins/sudoers/parse.h, plugins/sudoers/sssd.c: - Add free_userspecs() and free_default() and use them instead of - looping over the lists and calling free_userspec() and - free_default(). - [797221539242] +2019-01-25 Todd C. Miller * configure, configure.ac: - Depending on the bos level, AIX 6.1 may or may not include - getline/getdelim and AIX 7.1 may or may not include memset_s. Since - we need to build packages that will work on all AIX 6.1 and 7.1 - machines, use our getline() and memset_s emulation. - [f5c427076b2c] - -2018-05-14 Todd C. Miller - - * plugins/sudoers/ldap_util.c: - Do not leak struct sudo_command when the command is ALL. Coverity - CID 185602. - [d71ca4bc06bc] + Use $ac_cv_search_FUNCTION instead of $ac_lib and $ac_res. Fixes a + problem where libcrypt is not used with autoconf caching. Adapted + from a diff from Adam Labbe. + [5cfcade6ce3e] - * NEWS, configure, configure.ac: - Sudo 1.8.24 - [7df3df9a3907] +2019-01-24 Todd C. Miller - * plugins/sudoers/sssd.c: - Improve comments about why we need to do a user check and how it - related to netgroups. - [605234ed0935] + * po/de.mo, po/de.po, po/ko.mo, po/ko.po: + Updated translations from translationproject.org + [4995f6542a2c] - * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - Add checks for ldap/sss functions failing due to memory allocation - errors. - [0dfeb0d8ecf5] +2019-01-22 Todd C. Miller - * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - Let the main sudoers lookup code check the host name. We still check - the user name so it is possible to use a single userspec but this - may change in the future. - [a74699b90213] + * plugins/sudoers/parse.c: + Fix listpw=never and verifypw=never. Bug #869 + [ecb89088a884] - * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/defaults.c, - plugins/sudoers/defaults.h, plugins/sudoers/file.c, - plugins/sudoers/ldap.c, plugins/sudoers/ldap_util.c, - plugins/sudoers/parse.c, plugins/sudoers/parse.h, - plugins/sudoers/sssd.c, plugins/sudoers/sudo_ldap.h, - plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: - Simplify the nss interface such that each sudoers provider fills in - a per-nss list of userspecs and defaults instead of using separate - lookup and list functions. This makes it possible to have a single - implementation of the code for sudoers lookup and listing. - [50de9302de01] +2019-01-20 Todd C. Miller - * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c, - plugins/sudoers/cvtsudoers_json.c, - plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/defaults.c, - plugins/sudoers/filedigest.c, plugins/sudoers/filedigest_gcrypt.c, - plugins/sudoers/filedigest_openssl.c, plugins/sudoers/fmtsudoers.c, - plugins/sudoers/gram.c, plugins/sudoers/gram.y, - plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c, - plugins/sudoers/ldap_util.c, plugins/sudoers/match.c, - plugins/sudoers/parse.c, plugins/sudoers/policy.c, - plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/sssd.c, - plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, - plugins/sudoers/toke.c, plugins/sudoers/toke.l, - plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c: - Include parse.h in sudoers.h since it will soon be required. - [196abb590d96] + * lib/util/regress/vsyslog/vsyslog_test.c, lib/util/sig2str.c, + plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers_pwutil.c, + plugins/sudoers/env.c, plugins/sudoers/find_path.c, + plugins/sudoers/fmtsudoers.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/ldap_conf.c, plugins/sudoers/ldap_util.c, + plugins/sudoers/logging.c, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/set_perms.c, + plugins/sudoers/starttime.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c, + plugins/sudoers/tsdump.c, src/exec_monitor.c, src/exec_nopty.c, + src/exec_pty.c, src/sudo.c, src/ttyname.c: + Minor snprintf() usage tweaks: 1) don't assume snprintf() returns -1 + on error, check for <0 2) when comparing return value of + sizeof(foo), cast the sizeof, not the len 3) cast return value to + void in cases where snprintf cannot fail + [2af6dfb31a49] - * plugins/sudoers/ldap_util.c: - Parse "ALL" as a command correctly. - [d969e7dfdbbc] +2019-01-07 Todd C. Miller -2018-05-11 Todd C. Miller + * NEWS: + The AIX nofiles hard limit fix and bug #867 will make 1.8.27. + [a8b4710ff907] - * plugins/sudoers/match.c: - Add debug warning if lseek() fails (should not be possible). - [d568dc923c7d] + * plugins/sudoers/auth/pam.c: + Use PAM_SILENT to prevent pam_lastlog from printing last login + information on RedHat except when explicitly running a shell. + Adapted from a patch from Nir Soffer. Bug #867 + [b8b5d3445a3c] - * plugins/sudoers/match.c: - Fix swapped args of lseek() when rewinding. This didn't cause a - problem because the value of SEEK_SET is 0. - [142591a3f333] + * lib/util/aix.c: + Fix the default nofiles and stack hard limits. The table of default + hard limits in /etc/security/limits was out of date with respect to + the current documentation. The default hard limit for nofiles should + be unlimited, not 8196. The default hard limit for stack should be + 4194304 blocks (which fits in an unsigned long on 32-bit platforms). + [68c8c05a0b9b] -2018-05-10 Todd C. Miller +2019-01-03 Todd C. Miller - * plugins/sudoers/regress/parser/check_hexchar.c: - Fix a format-truncation warning in newer gcc by avoiding using %0x - and %0X in the test. We are formatting a single byte so just do it - one nybble at a time. - [7c594a63598f] + * plugins/sudoers/po/sudoers.pot: + regen + [3000c62ed0ba] - * configure: - Regen with autoconf git commit - e17a30e987d7ee695fb4294a82d987ec3dc9b974 AC_HEADER_MAJOR: port to - glibc 2.25 - [9fe77765c768] + * NEWS: + Final updates for sudo 1.8.27. + [40d6ecb1f739] -2018-05-03 Todd C. Miller + * src/exec_pty.c: + Update copyright year + [adc9f4046585] - * plugins/sudoers/cvtsudoers_ldif.c: - No need to explicitly free role on EOF, it will be freed after the - loop is done. - [8d08c06b7622] + * doc/LICENSE: + Update for 2019 + [ccbbad25d7c7] - * plugins/sudoers/policy.c: - Garbage collect the command argv, envp and info vectors since they - are not available at policy close time. - [de22290a8ec5] +2019-01-02 Todd C. Miller - * plugins/sudoers/cvtsudoers_ldif.c: - Plug memory leaks on parse error or when an LDIF entry doesn't match - the dn filter. - [4f48e740eed1] + * src/exec_pty.c: + Fix setting of utmp entry when running command in a pty. Regression + introduced in sudo 1.8.22. + [cf81f3fa1f3a] - * plugins/sudoers/cvtsudoers.c: - Rename variables now that the string list functions are not ldap- - specific. - [640497f70551] +2018-12-24 Todd C. Miller -2018-04-30 Todd C. Miller + * plugins/sudoers/sudoers.c: + Use debug_return_int not debug_return_bool in resolve_host + [490241e14e68] - * NEWS: - Fix typo - [6466295ba962] + * NEWS, configure, configure.ac: + sudo 1.8.27 + [f59a4a391a44] -2018-04-29 Todd C. Miller + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, + plugins/sudoers/visudo.c: + Allow the sudoers file to be specified without the -f option. Bug + #864 + [eb3d4c4461ba] - * .hgtags: - Added tag SUDO_1_8_23 for changeset 39986613b42f - [d98428bb8e4c] <1.8> +2018-12-20 Todd C. Miller - * INSTALL, NEWS, config.h.in, configure, configure.ac, - doc/CONTRIBUTORS, doc/sudo.cat, doc/sudo.man.in, - doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, - doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, - doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, - doc/visudo.man.in, lib/util/event.c, plugins/sudoers/Makefile.in, - plugins/sudoers/boottime.c, plugins/sudoers/check.c, - plugins/sudoers/iolog.c, plugins/sudoers/match.c, - plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, plugins/sudoers/sudoers2ldif, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, - plugins/sudoers/visudo_json.c, po/sudo.pot, src/exec_pty.c, - src/load_plugins.c, src/parse_args.c, src/sudo.c, src/ttyname.c: - merge sudo 1.8.23 from tip - [39986613b42f] [SUDO_1_8_23] <1.8> + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + The iolog_dir section is below the maxseq section, not above. + [35534e4f23d9] - * configure, configure.ac: - fix version - [bfed601130b5] +2018-12-12 Todd C. Miller - * NEWS: - sync - [1c382f2aff27] + * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, po/ja.mo, + po/ja.po: + Updated translations from translationproject.org + [270660da2de4] - * configure, configure.ac, plugins/sudoers/po/zh_CN.mo, - plugins/sudoers/po/zh_CN.po, po/zh_CN.mo, po/zh_CN.po: - sync with translationproject.org - [ec28ff5acbd6] +2018-12-11 Todd C. Miller -2018-04-25 Todd C. Miller + * plugins/sudoers/sudoreplay.c: + Add -n and -R options to help; reported by Radovan Sroka + [683df32eb950] - * plugins/sudoers/match.c: - O_EXEC for fexecve() not O_SEARCH. - [a156d8b38f31] + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in: + Add missing description of padding option and missing argument to + -c. + [c762020f1694] - * doc/TROUBLESHOOTING: - Document how to suppress the last login message on Solaris. - [2926b670aca4] + * plugins/sudoers/cvtsudoers.c: + The -c option was missing from the help info; from Radovan Sroka + [aa36d5c05b0b] -2018-04-24 Todd C. Miller + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in: + Fix some typos; reported by Radovan Sroka + [d6137224dd47] - * plugins/sudoers/cvtsudoers_json.c: - Fix compilation error with older Sun Studio compilers. - [0f735611642d] +2018-12-08 Todd C. Miller - * NEWS: - Update Bug #831 decription. - [d5e6a2a807b8] + * plugins/sudoers/auth/pam.c: + In sudo_pam_approval(), for the exempt case, only overwrite pam + status when the passwd is expired or needs to be updated. + [2c2d1ed1bb7e] - * MANIFEST, doc/CONTRIBUTORS, po/zh_TW.mo, po/zh_TW.po: - Add Chinese(Taiwan) translation for sudo. - [5a4ba6769cca] +2018-12-07 Todd C. Miller - * plugins/sudoers/match.c: - Move the check for /dev/fd/N until *after* the digest has been - checked. We still need to be able to check the digest even if there - is no /dev/fd/N or fexecve(). - [e0e086b4e764] + * plugins/sudoers/auth/pam.c: + The fix for bug #843 was incomplete and caused pam_end() to be + called early. sudo_pam_approval() must not set the global pam status + to an error value if it returns AUTH_SUCCESS. Otherwise, + sudo_pam_cleanup() will call pam_end() before + sudo_pam_begin_session(). This resulted in a NULL PAM handle being + used in sudo_pam_begin_session(). + [656aa910fbaf] -2018-04-23 Todd C. Miller +2018-12-05 Todd C. Miller - * plugins/sudoers/match.c: - Rewind the fd after calling sudo_filedigest(). Otherwise, when - running a script via fexecve(), the interpreter may get EOF when - reading /dev/fd/N. This only appears to affect BSD systems with - fdescfs. Bug #831. - [d79f5125cc73] + * src/exec.c: + Don't run the command in a pty if no I/O plugins are logging + anything. That way an I/O plugin that doesn't actually log anything + won't cause the command to be run in a pty. + [ef83f35c9cb0] - * plugins/sudoers/match.c: - In open_cmnd(), return true, not false, if we the /dev/fd/N pathname - is not present. We don't want to fail a match because of this. - [72c4b499c019] +2018-11-29 Todd C. Miller - * NEWS: - Bug #831. - [700646725f45] + * .hgignore: + Update ignore patterns to match doc changes. + [7438cdacc0e1] - * plugins/sudoers/match.c: - We can only use fexecve() on a script if /dev/fd/N exists. Some - systems, such as FreeBSD, don't have /dev/fd mounted by default. Bug - #831 - [30f7c5d64104] + * doc/fixmdoc.sed: + fix mode fixmdoc.sed + [d74c0b7c5932] -2018-04-22 Todd C. Miller +2018-11-27 Todd C. Miller - * plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po, - plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, - plugins/sudoers/po/el.mo, plugins/sudoers/po/el.po, - plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, - plugins/sudoers/po/eu.mo, plugins/sudoers/po/eu.po, - plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, - plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, - plugins/sudoers/po/fur.mo, plugins/sudoers/po/fur.po, - plugins/sudoers/po/hu.mo, plugins/sudoers/po/hu.po, - plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, - plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po, - plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, - plugins/sudoers/po/ru.mo, plugins/sudoers/po/ru.po, - plugins/sudoers/po/sk.mo, plugins/sudoers/po/sk.po, - plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po, - plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, - plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po, - plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/ca.mo, - po/ca.po, po/da.mo, po/da.po, po/de.mo, po/de.po, po/eo.mo, - po/eo.po, po/es.mo, po/es.po, po/eu.mo, po/eu.po, po/fi.mo, - po/fi.po, po/fur.mo, po/fur.po, po/gl.mo, po/gl.po, po/hu.mo, - po/hu.po, po/ko.mo, po/ko.po, po/nl.mo, po/nl.po, po/nn.mo, - po/nn.po, po/ru.mo, po/ru.po, po/sk.mo, po/sk.po, po/sl.mo, - po/sl.po, po/sr.mo, po/sr.po, po/vi.mo, po/vi.po, po/zh_CN.mo, - po/zh_CN.po: - sync with translationproject.org - [a786a841f30a] + * doc/Makefile.in, doc/sudo.conf.man.in, doc/sudo.man.in, + doc/sudoers.ldap.man.in, doc/sudoers.man.in, + doc/sudoers_timestamp.man.in, doc/sudoreplay.man.in, + doc/visudo.man.in: + Fix section in the .TH line of *.man.in file. The substitution for + @mansectsu@ and @mansectform@ was broken. No longer need to strip + out OpenBSD from the header line. + [cb02c8496b21] -2018-04-21 Todd C. Miller + * doc/sudoers.man.in.sed: + Add sudoers.man.in.sed, missed from previous commit. + [a2113a52e6a7] - * plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po, - plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, - plugins/sudoers/po/el.mo, plugins/sudoers/po/el.po, - plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, - plugins/sudoers/po/eu.mo, plugins/sudoers/po/eu.po, - plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, - plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, - plugins/sudoers/po/fur.mo, plugins/sudoers/po/fur.po, - plugins/sudoers/po/hu.mo, plugins/sudoers/po/hu.po, - plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, - plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po, - plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, - plugins/sudoers/po/ru.mo, plugins/sudoers/po/ru.po, - plugins/sudoers/po/sk.mo, plugins/sudoers/po/sk.po, - plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po, - plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, - plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po, - plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/ca.mo, - po/ca.po, po/da.mo, po/da.po, po/de.mo, po/de.po, po/eo.mo, - po/eo.po, po/es.mo, po/es.po, po/eu.mo, po/eu.po, po/fi.mo, - po/fi.po, po/fur.mo, po/fur.po, po/gl.mo, po/gl.po, po/hu.mo, - po/hu.po, po/ko.mo, po/ko.po, po/nl.mo, po/nl.po, po/nn.mo, - po/nn.po, po/ru.mo, po/ru.po, po/sk.mo, po/sk.po, po/sl.mo, - po/sl.po, po/sr.mo, po/sr.po, po/vi.mo, po/vi.po, po/zh_CN.mo, - po/zh_CN.po: - sync with translationproject.org - [268a65ce44cb] + * doc/CONTRIBUTORS: + Add Guillem Jover + [db7a39f9726a] - * MANIFEST, plugins/sudoers/regress/cvtsudoers/test23.out.ok, - plugins/sudoers/regress/cvtsudoers/test23.sh, - plugins/sudoers/regress/cvtsudoers/test24.out.ok, - plugins/sudoers/regress/cvtsudoers/test24.sh: - Add tests for round-tripping cvtsudoers, sudoers -> LDIF -> sudoers - and LDIF -> sudoers -> LDIF. - [370d4ba4dbb8] + * NEWS: + recent changes + [0c07a0cdf2ff] -2018-04-19 Todd C. Miller + * MANIFEST, doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sed, + doc/fixmdoc.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.man.in.sed, + doc/sudo.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in: + Use roff conditionals in the manuals instead of post-processing. We + still need to process the resulting .man.in files to add back the + conditionals but this should be easier to debug as the changes are + visible in the .in file. Some minor postprocessing is still used to + make the manuals HP-UX friendly and to change "0 seconds" -> + unlimited after substitution. + [44316d271ab8] - * MANIFEST, plugins/sudoers/regress/cvtsudoers/test22.out.ok, - plugins/sudoers/regress/cvtsudoers/test22.sh: - Test the -b option when converting from LDIF. - [4d65c7c2ed01] +2018-11-24 Todd C. Miller - * plugins/sudoers/cvtsudoers_ldif.c: - Fix the -b option when converting from LDIF. - [f3c1e4dbd61e] + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Sudo plugin manual updates and clarification from Guillem Jover: + - Add missing return information for show_version(). + - Fix prototypes for several function pointers. + - Update SUDO_API_VERSION_MINOR. + - Add missing references to log_suspend() and change_winsize(). + - Add missing "array.". + - Clarify that argc can be zero on sudo -V. + - Clarify size requirements for conversation array arguments. + - Clarify timeout zero value for struct sudo_conv_message. + - Clarify initial and final state of reply in struct sudo_conv_reply. + [1241cff4dd51] -2018-04-18 Todd C. Miller + * doc/fixmdoc.sh, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in: + Revert changes to give arguments to the .Bx macro. This is intended + for things like .Bx 4.3 to generate "4.3BSD" so the argument ends up + before the BSD, not after. Just go back to using "BSD + authentication" and "BSD login classes" so fixmdoc.sh can operate + correctly. Bug #861 + [c58965343318] - * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, po/it.mo, - po/it.po: - sync with translationproject.org - [1953956c60fe] +2018-11-23 Todd C. Miller - * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, - doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, - doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.cat, - doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, - doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: - Fix some more typos. - [87fde92a1fa4] + * doc/fixmdoc.sh, doc/sudo.mdoc.in, doc/sudoers.mdoc.in: + Update fixmdoc.sh to match the BSD -> .Bx changes in the manuals. + Bug #861 + [7ddfb74781a1] - * doc/Makefile.in: - mandoc now preserves the copyright notice, no need to do it - ourselves - [2c3f6841941a] +2018-11-18 Todd C. Miller - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Describe the special handling of LOGNAME, USER and USERNAME. Fix - typos reported by aspell. - [e89bd28f4530] + * config.h.in, configure, configure.ac, m4/sudo.m4, src/utmp.c: + Add support for utmps as found in HP-UX. + [f55312948139] - * src/load_plugins.c: - Fix a memory leak on the error path. - [db5a4678e0e4] +2018-11-14 Todd C. Miller - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Document that the editor setting is also used by sudoedit. - [2ae14439efd7] + * config.h.in, configure, configure.ac, include/sudo_util.h, + lib/util/utimens.c: + Support st_nmtime in struct stat as found in HP-UX. + [0854b34cd2ea] -2018-04-17 Todd C. Miller + * lib/util/closefrom.c: + If fcntl fails, fall back to the /proc implementation. + [59a03e0d3148] - * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h: - Plug memory leak when an I/O plugin is specified in sudo.conf but - the I/O plugin is not configured. - [5b5086d7152a] +2018-11-12 Todd C. Miller - * INSTALL, MANIFEST, NEWS, config.h.in, configure, configure.ac, - plugins/sudoers/Makefile.in, plugins/sudoers/ins_python.h, - plugins/sudoers/insults.h: - Monty Python insults from Philip Hudson - [8330cfc5ea19] + * NEWS: + Mention schema.olcSudo + [320adcd29a61] -2018-04-15 Todd C. Miller +2018-11-09 Todd C. Miller - * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in: - add examples - [830ff26a0dbc] + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Mention schema.olcSudo here too. + [a19dff54603b] - * doc/sudo.conf.man.in, doc/sudo.man.in, doc/sudo.mdoc.in, - doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, - doc/sudoers.ldap.man.in, doc/sudoers.man.in, - doc/sudoers_timestamp.man.in, doc/sudoreplay.man.in, - doc/visudo.man.in: - Update copyright year and regen man pages. - [6385891ebaa3] + * MANIFEST, README.LDAP, doc/CONTRIBUTORS, doc/schema.OpenLDAP, + doc/schema.olcSudo: + OpenLDAP schema file for Sudo in on-line configuration (OLC) format. + From Frederic Pasteleurs. + [1fcfa9f307a2] - * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, - plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, - plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, - plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, - plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, - plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, - plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, - plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, - plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, - plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/cs.mo, - po/cs.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/ja.mo, - po/ja.po, po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, - po/pt_BR.po, po/sv.mo, po/sv.po, po/tr.mo, po/tr.po, po/uk.mo, - po/uk.po: - sync with translationproject.org - [3495b17becb0] - - * plugins/sudoers/cvtsudoers.c, plugins/sudoers/match.c: - Prune alias contents when pruning and expanding aliases. This abuses - the userlist_matches_filter() and hostlist_matches_filter() - functions. A better approach would be to call the correct function - from user_matches() and host_matches(). - [0ae5f351b09f] - - * MANIFEST, examples/sudoers, plugins/sudoers/Makefile.in, - plugins/sudoers/regress/cvtsudoers/sudoers, - plugins/sudoers/regress/cvtsudoers/sudoers.defs, - plugins/sudoers/regress/cvtsudoers/test1.out.ok, - plugins/sudoers/regress/cvtsudoers/test1.sh, - plugins/sudoers/regress/cvtsudoers/test10.out.ok, - plugins/sudoers/regress/cvtsudoers/test10.sh, - plugins/sudoers/regress/cvtsudoers/test11.out.ok, - plugins/sudoers/regress/cvtsudoers/test11.sh, - plugins/sudoers/regress/cvtsudoers/test12.out.ok, - plugins/sudoers/regress/cvtsudoers/test12.sh, - plugins/sudoers/regress/cvtsudoers/test13.out.ok, - plugins/sudoers/regress/cvtsudoers/test13.sh, - plugins/sudoers/regress/cvtsudoers/test14.out.ok, - plugins/sudoers/regress/cvtsudoers/test14.sh, - plugins/sudoers/regress/cvtsudoers/test15.out.ok, - plugins/sudoers/regress/cvtsudoers/test15.sh, - plugins/sudoers/regress/cvtsudoers/test16.out.ok, - plugins/sudoers/regress/cvtsudoers/test16.sh, - plugins/sudoers/regress/cvtsudoers/test17.out.ok, - plugins/sudoers/regress/cvtsudoers/test17.sh, - plugins/sudoers/regress/cvtsudoers/test18.out.ok, - plugins/sudoers/regress/cvtsudoers/test18.sh, - plugins/sudoers/regress/cvtsudoers/test19.out.ok, - plugins/sudoers/regress/cvtsudoers/test19.sh, - plugins/sudoers/regress/cvtsudoers/test2.out.ok, - plugins/sudoers/regress/cvtsudoers/test2.sh, - plugins/sudoers/regress/cvtsudoers/test20.conf, - plugins/sudoers/regress/cvtsudoers/test20.out.ok, - plugins/sudoers/regress/cvtsudoers/test20.sh, - plugins/sudoers/regress/cvtsudoers/test21.conf, - plugins/sudoers/regress/cvtsudoers/test21.out.ok, - plugins/sudoers/regress/cvtsudoers/test21.sh, - plugins/sudoers/regress/cvtsudoers/test3.out.ok, - plugins/sudoers/regress/cvtsudoers/test3.sh, - plugins/sudoers/regress/cvtsudoers/test4.out.ok, - plugins/sudoers/regress/cvtsudoers/test4.sh, - plugins/sudoers/regress/cvtsudoers/test5.out.ok, - plugins/sudoers/regress/cvtsudoers/test5.sh, - plugins/sudoers/regress/cvtsudoers/test6.out.ok, - plugins/sudoers/regress/cvtsudoers/test6.sh, - plugins/sudoers/regress/cvtsudoers/test7.out.ok, - plugins/sudoers/regress/cvtsudoers/test7.sh, - plugins/sudoers/regress/cvtsudoers/test8.out.ok, - plugins/sudoers/regress/cvtsudoers/test8.sh, - plugins/sudoers/regress/cvtsudoers/test9.out.ok, - plugins/sudoers/regress/cvtsudoers/test9.sh: - cvtsudoers regress tests - [72fd218b5036] - -2018-04-14 Todd C. Miller - - * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in: - Fix typo - [e572c36919b7] - - * plugins/sudoers/cvtsudoers.c: - Fix cut & pasto that prevented "-d command" from working. - [6e4ff7f23d0a] - -2018-04-13 Todd C. Miller - - * plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y: - Fix a user after free crash as well as a memory leak when filtering - Defaults. - [9bdd404ae6a4] - -2018-04-12 Todd C. Miller - - * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in: - Document that a User_Alias or Host_Alias may be used in the match - filter. - [49b9306a6a6d] - - * plugins/sudoers/fmtsudoers.c: - Don't always expand aliases when formatting a host-based Defaults - line. This was missed when expand_aliases support was added. - [ef12a033306c] + * po/ast.mo, po/ast.po: + Updated translations from translationproject.org + [70f0ec8c721c] - * plugins/sudoers/cvtsudoers.c: - Allow host and user aliases to be specified in match filters. - [6bc8c0da4578] +2018-11-08 Todd C. Miller - * plugins/sudoers/po/sudoers.pot, po/sudo.pot: - Update copyright year. - [e9c2eb23def1] + * lib/util/closefrom.c: + Only use closefrom_fallback() if no better method exists. The + previous logic was too fragile. + [2510928e291f] -2018-04-10 Todd C. Miller +2018-11-07 Todd C. Miller * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, - plugins/sudoers/po/hu.mo, plugins/sudoers/po/hu.po, plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, - plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, - plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/da.mo, - po/da.po, po/hr.mo, po/hr.po, po/hu.mo, po/hu.po, po/pt_BR.mo, - po/pt_BR.po, po/tr.mo, po/tr.po: - sync with translationproject.org - [4a0811073374] + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo, + po/cs.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/it.mo, + po/it.po, po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, + po/pt_BR.po, po/sv.mo, po/sv.po, po/tr.mo, po/tr.po, po/uk.mo, + po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, po/zh_CN.po: + Updated translations from translationproject.org + [898154804015] -2018-04-09 Todd C. Miller + * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/pt.mo, + plugins/sudoers/po/pt.po, po/pt.mo, po/pt.po: + Portuguese translation for sudo and sudoers from + translationproject.org. + [4c49e5cf8936] - * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c, - plugins/sudoers/parse.h: - When the -d option is used, remove aliases used by the non-converted - Defaults settings if the aliases are not also referenced by - userspecs. - [d07c4254b3dd] +2018-11-05 Todd C. Miller -2018-04-05 Todd C. Miller + * NEWS, configure, configure.ac, include/sudo_fatal.h, + lib/util/Makefile.in, lib/util/fatal.c, lib/util/util.exp.in, + plugins/sudoers/Makefile.in, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/sudoers.c: + Add sudo_gai_fatal, sudo_gai_vfatal, sudo_gai_vwarn, sudo_gai_warn + and gai_log_warning that use gai_strerror() instead of strerror(). + [9c37c5db3293] + +2018-10-31 Todd C. Miller + + * plugins/sudoers/match.c: + Fix memory leak in runaslist_matches(). + [f1366ad50eb3] + +2018-10-29 Todd C. Miller + + * NEWS: + typo + [fc8aa243672a] * plugins/sudoers/po/sudoers.pot, po/sudo.pot: regen - [9a4d88b2a965] + [f333405eb06c] * NEWS: - update - [6ef9dde8fc9a] + More updates for 1.8.26 + [1941961b232f] - * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in: - Mention -p and -M options in the description of -m. - [b20abfd14164] +2018-10-28 Todd C. Miller -2018-04-04 Todd C. Miller + * MANIFEST, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap_util.c, + plugins/sudoers/regress/cvtsudoers/test33.out.ok, + plugins/sudoers/regress/cvtsudoers/test33.sh: + Add support for negated sudoRunAsUser and sudoRunAsGroup entries. + [d0368336d92b] - * src/sudo_edit.c: - Check sudoedit temporary directory for writability before using it. - [1e29ade3f4b2] +2018-10-27 Todd C. Miller - * plugins/sudoers/regress/starttime/check_starttime.c: - Use btime in /proc/stat to determine system start time instead of - /proc/uptime. Fixes the process start time test when run from a - container where /proc/uptime is the uptime of the container but the - process start time is relative to the host system boot time. Bug - #829 - [65ba61e55011] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document that the target user's groups may be specified via the -g + option. + [67b7643e3bcb] - * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, - plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, - plugins/sudoers/match.c, plugins/sudoers/parse.h: - Add option to prune non-matching entries from cvtsudoers output with - -m option is used. - [9a69ba35389d] + * plugins/sudoers/tsgetgrpw.c: + Include getpwent() version of sudo_getgrouplist2_v1() from + getgrouplist.c + [60aa493504d1] -2018-04-02 Todd C. Miller + * MANIFEST, plugins/sudoers/regress/testsudoers/group, + plugins/sudoers/regress/testsudoers/test1.sh: + Use a testsudoers group file with known contents instead of the + system one. + [7a4499c92acd] - * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, - plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h: - Allow defaults types and suppression list to be specified in the - config file. - [62dd7a96ac9b] + * plugins/sudoers/match.c, plugins/sudoers/parse.h, + plugins/sudoers/set_perms.c: + Allow the group set by "sudo -g" to be any of the target user's + groups. Previously, this was only allowed if the group matched the + target user's primary group ID (from the passwd database entry). The + sudoers policy will now allow the group if it is one of the target + user's supplemental groups as well. + [c43fedc19a01] - * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c, - plugins/sudoers/parse.h, plugins/sudoers/visudo.c: - Refactor common alias code out of cvtsudoers and visudo and into - alias.c. - [b3ba3e6f24d2] +2018-10-26 Todd C. Miller -2018-03-29 Todd C. Miller + * lib/util/regress/getgrouplist/getgrouplist_test.c: + Skip sudo_getgrouplist2() check on systems with getgrouplist_2(). + sudo_getgrouplist2() is just a wrapper on such systems and this + avoids a test failure on macOS where a user is automatically a + member of certain groups. + [26ba0c363b80] - * plugins/sudoers/cvtsudoers.c: - Avoid NULL deref in an error path. CID 183467 - [38ea56670f18] + * lib/util/util.exp.in: + Add missing exported symbol sudo_term_eof + [2d8e0438eba4] - * plugins/sudoers/cvtsudoers.c: - No need to initialize the last pointer passed to strtok_r(). This - was originally added to appease newer gcc but no longer seems to be - required. CID 183466, CID 183468, CID 183469 - [b0a9b90603e1] + * plugins/sudoers/ldap_conf.c: + Add missing #ifdef LDAP_OPT_X_TLS_REQUIRE_CERT Fixes problems + building on older LDAP sdks. + [1effb0f19867] - * plugins/sudoers/cvtsudoers_json.c: - Avoid false positive NULL dereference by uses value.u.string instead - of name as the former is guaranteed not to be NULL. Fixes CID - 183465. - [c896d10f5626] + * MANIFEST: + add getgrouplist_test.c + [ca5bae341846] -2018-03-29 Todd C. Miller - - * plugins/sudoers/po/sudoers.pot: - regen - [8a88e162fd0b] - - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in: - Add a section on convertion from file-based sudoers. - [033c797b229d] - -2018-03-28 Todd C. Miller - - * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, - plugins/sudoers/cvtsudoers.c: - Add support for "cvtsudoers -d all" - [62e748b70105] - - * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, - plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h: - Add -d option to control what type of Defaults entries are - converted. - [b723f0dae5c7] - -2018-03-27 Todd C. Miller - - * src/exec_pty.c: - In pty_close() we still need to check whether the pty master and - slave fds are open before closing them. When no tty is present but - we are I/O logging pty_close() will be called when there is no - actual pty in use. - [59201fb78427] - - * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/sudo.conf.cat, - doc/sudoers_timestamp.cat, doc/visudo.cat: - regen - [186f3b58daf5] - -2018-03-26 Todd C. Miller + * lib/util/regress/getgrouplist/getgrouplist_test.c: + Check the user's primary gid from the passwd file too. + [60ba98074d75] * .hgignore: - ignore *.ldif2sudo regress output - [8d57e8a0013f] + ignore prologue + [589222ec2717] - * src/exec_pty.c: - In pty_close() there is no need to remove events associated with the - pty slave as there are none. We also don't need to check for the pty - fds being -1 since they are not closed elsewhere and pty_close() is - only called if pty_setup() succeeds. - [585a47fb5a8b] + * lib/util/aix.c, lib/util/arc4random.c, + lib/util/arc4random_uniform.c, lib/util/closefrom.c, + lib/util/digest.c, lib/util/digest_gcrypt.c, + lib/util/digest_openssl.c, lib/util/event.c, lib/util/event_poll.c, + lib/util/event_select.c, lib/util/fatal.c, lib/util/fnmatch.c, + lib/util/getentropy.c, lib/util/getgrouplist.c, + lib/util/gethostname.c, lib/util/getline.c, lib/util/getopt_long.c, + lib/util/gettime.c, lib/util/gidlist.c, lib/util/isblank.c, + lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c, + lib/util/memrchr.c, lib/util/memset_s.c, lib/util/mksiglist.c, + lib/util/mksigname.c, lib/util/mktemp.c, lib/util/nanosleep.c, + lib/util/parseln.c, lib/util/pipe2.c, lib/util/progname.c, + lib/util/pw_dup.c, lib/util/reallocarray.c, + lib/util/regress/atofoo/atofoo_test.c, + lib/util/regress/getgrouplist/getgrouplist_test.c, + lib/util/regress/parse_gids/parse_gids_test.c, + lib/util/regress/progname/progname_test.c, + lib/util/regress/strsplit/strsplit_test.c, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_parseln/parseln_test.c, + lib/util/regress/tailq/hltq_test.c, + lib/util/regress/vsyslog/vsyslog_test.c, lib/util/secure_path.c, + lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c, + lib/util/strlcat.c, lib/util/strlcpy.c, lib/util/strndup.c, + lib/util/strnlen.c, lib/util/strsignal.c, lib/util/strsplit.c, + lib/util/strtobool.c, lib/util/strtoid.c, lib/util/strtomode.c, + lib/util/strtonum.c, lib/util/sudo_conf.c, lib/util/sudo_debug.c, + lib/util/sudo_dso.c, lib/util/term.c, lib/util/ttyname_dev.c, + lib/util/ttysize.c, lib/util/utimens.c, lib/util/vsyslog.c, + plugins/group_file/getgrent.c, plugins/group_file/group_file.c, + plugins/group_file/plugin_test.c, plugins/sample/sample_plugin.c, + plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, + plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/base64.c, plugins/sudoers/boottime.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c, + plugins/sudoers/digestname.c, plugins/sudoers/editor.c, + plugins/sudoers/env.c, plugins/sudoers/env_pattern.c, + plugins/sudoers/file.c, plugins/sudoers/filedigest.c, + plugins/sudoers/find_path.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/gc.c, plugins/sudoers/gentime.c, + plugins/sudoers/getdate.c, plugins/sudoers/getspwuid.c, + plugins/sudoers/gmtoff.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/hexchar.c, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/iolog_util.c, plugins/sudoers/ldap.c, + plugins/sudoers/ldap_conf.c, plugins/sudoers/ldap_util.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, + plugins/sudoers/logging.c, plugins/sudoers/logwrap.c, + plugins/sudoers/match.c, plugins/sudoers/match_addr.c, + plugins/sudoers/mkdir_parents.c, plugins/sudoers/parse.c, + plugins/sudoers/parse_ldif.c, plugins/sudoers/policy.c, + plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/rcstr.c, + plugins/sudoers/redblack.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/env_match/check_env_pattern.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/regress/iolog_util/check_iolog_util.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/regress/parser/check_gentime.c, + plugins/sudoers/regress/parser/check_hexchar.c, + plugins/sudoers/regress/starttime/check_starttime.c, + plugins/sudoers/set_perms.c, plugins/sudoers/solaris_audit.c, + plugins/sudoers/sssd.c, plugins/sudoers/starttime.c, + plugins/sudoers/strlist.c, plugins/sudoers/stubs.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_printf.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timeout.c, plugins/sudoers/timestamp.c, + plugins/sudoers/timestr.c, plugins/sudoers/toke.c, + plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, + plugins/system_group/system_group.c, src/conversation.c, + src/env_hooks.c, src/exec.c, src/exec_common.c, src/exec_monitor.c, + src/exec_nopty.c, src/exec_pty.c, src/get_pty.c, src/hooks.c, + src/load_plugins.c, src/net_ifs.c, src/openbsd.c, src/parse_args.c, + src/preload.c, src/preserve_fds.c, + src/regress/noexec/check_noexec.c, + src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c, + src/signal.c, src/solaris.c, src/sudo.c, src/sudo_edit.c, + src/sudo_noexec.c, src/tcsetpgrp_nobg.c, src/tgetpass.c, + src/ttyname.c, src/utmp.c: + Convert PVS-Studio comment to ANSI C. + [31f2aefe6d9b] -2018-03-25 Todd C. Miller + * Makefile.in, doc/Makefile.in, doc/cvtsudoers.man.in, + doc/cvtsudoers.mdoc.in, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, + doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in, + doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.man.in, + doc/visudo.mdoc.in, examples/Makefile.in, include/Makefile.in, + include/sudo_lbuf.h, lib/util/Makefile.in, lib/util/digest.c, + lib/util/digest_gcrypt.c, lib/util/digest_openssl.c, + lib/util/lbuf.c, lib/util/setgroups.c, lib/util/ttysize.c, + lib/zlib/Makefile.in, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/base64.c, + plugins/sudoers/file.c, plugins/sudoers/filedigest.c, + plugins/sudoers/gentime.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/match.c, + plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/timeout.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c, + plugins/system_group/Makefile.in, src/Makefile.in, src/sesh.c, + src/sudo_usage.h.in: + Fix some mangled text in the license block. + [86b88fbda4b4] - * doc/Makefile.in, doc/cvtsudoers.mdoc.in: - Move cvtsudoers to section 1. - [69adcb2d24ff] + * lib/util/Makefile.in, + lib/util/regress/getgrouplist/getgrouplist_test.c, + lib/util/regress/parse_gids/parse_gids_test.c: + Add regress test for sudo_getgrouplist2(). This test assumes all the + groups in root's group list can be resolved by group ID. + [48564f85b7ed] - * src/exec_pty.c: - In pty_close() close the slave and remove any events associated with - it. Fixes a potential hang when performing the final flush on non- - BSD systems. - [40159d852c2d] +2018-10-25 Todd C. Miller -2018-03-23 Todd C. Miller + * NEWS: + More changes in 1.8.26 + [fe81e3e4b653] - * plugins/sudoers/ldap_util.c: - Fix typo in strcmp(), we are comparing var not val. - [07ccd7bae4f6] + * MANIFEST, doc/cvtsudoers.cat, doc/cvtsudoers.man.in, + doc/cvtsudoers.mdoc.in, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/regress/cvtsudoers/test31.conf, + plugins/sudoers/regress/cvtsudoers/test31.out.ok, + plugins/sudoers/regress/cvtsudoers/test31.sh, + plugins/sudoers/regress/cvtsudoers/test32.out.ok, + plugins/sudoers/regress/cvtsudoers/test32.sh: + Add padding option to cvtsudoers. Bug #856 + [6e31b0e37ba1] - * MANIFEST: - sync - [7960511e39dd] + * lib/util/getgrouplist.c: + Remove an errant grset++ in the AIX version of sudo_getgrouplist2(). + Bug #857 + [03b19227cab2] - * NEWS: - sync - [c655e7111ce9] +2018-10-22 Todd C. Miller -2018-03-22 Todd C. Miller + * lib/util/Makefile.in, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in: + Pass --sourcetree-root to pvs-studio and don't check sudo_noexec.c. + Since we don't auto-generate dependencies for sudo_noexec.c we can't + easily check it from outside the source tree. This is not a problem + as it just contains stub functions. + [3cf842d30e45] - * plugins/sudoers/po/sudoers.pot: - regen - [ff7b545844fb] + * MANIFEST, doc/CONTRIBUTORS, po/ast.mo, po/ast.po: + Asturian translation for sudo from translationproject.org + [dc0b31fa013c] - * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, - plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, - plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/pwutil.c, - plugins/sudoers/sudoers.h: - Add -M option to cvtsudoers to force the use of the local passwd and - group databases when matching. - [ea58e2765a40] +2018-10-21 Todd C. Miller - * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, - plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, - plugins/sudoers/cvtsudoers_json.c, - plugins/sudoers/cvtsudoers_ldif.c: - Add cvtsudoers command line option to suppress certain parts of the - security policy. Can be used to suppress displaying of Defaults - entries, aliases or privileges. - [b243efa695e6] + * lib/util/gettime.c: + Add support for CLOCK_MONOTONIC_RAW and CLOCK_UPTIME_RAW, present on + macOS. + [5f34c8de0707] -2018-03-21 Todd C. Miller + * INSTALL, configure, configure.ac: + Add --enable-pvs-studio configure option to create PVS-Studio.cfg. + [772e86227c11] - * plugins/sudoers/regress/parser/check_gentime.c: - Silence a false positive from the clang static analyzer. - [bfde0594783e] + * lib/util/aix.c, lib/util/arc4random.c, + lib/util/arc4random_uniform.c, lib/util/closefrom.c, + lib/util/digest.c, lib/util/digest_gcrypt.c, + lib/util/digest_openssl.c, lib/util/event.c, lib/util/event_poll.c, + lib/util/event_select.c, lib/util/fatal.c, lib/util/fnmatch.c, + lib/util/getentropy.c, lib/util/getgrouplist.c, + lib/util/gethostname.c, lib/util/getline.c, lib/util/getopt_long.c, + lib/util/gettime.c, lib/util/gidlist.c, lib/util/isblank.c, + lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c, + lib/util/memrchr.c, lib/util/memset_s.c, lib/util/mksiglist.c, + lib/util/mksigname.c, lib/util/mktemp.c, lib/util/nanosleep.c, + lib/util/parseln.c, lib/util/pipe2.c, lib/util/progname.c, + lib/util/pw_dup.c, lib/util/reallocarray.c, + lib/util/regress/atofoo/atofoo_test.c, + lib/util/regress/parse_gids/parse_gids_test.c, + lib/util/regress/progname/progname_test.c, + lib/util/regress/strsplit/strsplit_test.c, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_parseln/parseln_test.c, + lib/util/regress/tailq/hltq_test.c, + lib/util/regress/vsyslog/vsyslog_test.c, lib/util/secure_path.c, + lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c, + lib/util/strlcat.c, lib/util/strlcpy.c, lib/util/strndup.c, + lib/util/strnlen.c, lib/util/strsignal.c, lib/util/strsplit.c, + lib/util/strtobool.c, lib/util/strtoid.c, lib/util/strtomode.c, + lib/util/strtonum.c, lib/util/sudo_conf.c, lib/util/sudo_debug.c, + lib/util/sudo_dso.c, lib/util/term.c, lib/util/ttyname_dev.c, + lib/util/ttysize.c, lib/util/utimens.c, lib/util/vsyslog.c, + plugins/group_file/getgrent.c, plugins/group_file/group_file.c, + plugins/group_file/plugin_test.c, plugins/sample/sample_plugin.c, + plugins/sudoers/alias.c, plugins/sudoers/audit.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/base64.c, + plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/check.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c, + plugins/sudoers/digestname.c, plugins/sudoers/editor.c, + plugins/sudoers/env.c, plugins/sudoers/env_pattern.c, + plugins/sudoers/file.c, plugins/sudoers/filedigest.c, + plugins/sudoers/find_path.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/gc.c, plugins/sudoers/gentime.c, + plugins/sudoers/getdate.c, plugins/sudoers/getspwuid.c, + plugins/sudoers/gmtoff.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/hexchar.c, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/iolog_util.c, plugins/sudoers/ldap.c, + plugins/sudoers/ldap_conf.c, plugins/sudoers/ldap_util.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, + plugins/sudoers/logging.c, plugins/sudoers/logwrap.c, + plugins/sudoers/match.c, plugins/sudoers/match_addr.c, + plugins/sudoers/mkdir_parents.c, plugins/sudoers/parse.c, + plugins/sudoers/parse_ldif.c, plugins/sudoers/policy.c, + plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/rcstr.c, + plugins/sudoers/redblack.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/env_match/check_env_pattern.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/regress/iolog_util/check_iolog_util.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/regress/parser/check_gentime.c, + plugins/sudoers/regress/parser/check_hexchar.c, + plugins/sudoers/regress/starttime/check_starttime.c, + plugins/sudoers/set_perms.c, plugins/sudoers/solaris_audit.c, + plugins/sudoers/sssd.c, plugins/sudoers/starttime.c, + plugins/sudoers/strlist.c, plugins/sudoers/stubs.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_printf.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timeout.c, plugins/sudoers/timestamp.c, + plugins/sudoers/timestr.c, plugins/sudoers/toke.c, + plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, + plugins/system_group/system_group.c, src/conversation.c, + src/env_hooks.c, src/exec.c, src/exec_common.c, src/exec_monitor.c, + src/exec_nopty.c, src/exec_pty.c, src/get_pty.c, src/hooks.c, + src/load_plugins.c, src/net_ifs.c, src/openbsd.c, src/parse_args.c, + src/preload.c, src/preserve_fds.c, + src/regress/noexec/check_noexec.c, + src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c, + src/signal.c, src/solaris.c, src/sudo.c, src/sudo_edit.c, + src/sudo_noexec.c, src/tcsetpgrp_nobg.c, src/tgetpass.c, + src/ttyname.c, src/utmp.c: + Add comments in .c files so PVS-Studio will check them. + [b42b6dcb48a6] - * plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/parse.h: - Silence a false positive from the clang static analyzer. - [5257e321158d] + * .hgignore, Makefile.in, doc/Makefile.in, examples/Makefile.in, + include/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in, + mkdep.pl, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in: + Add pvs-studio target and associated production rules. + [3dbcef5ac205] - * plugins/sudoers/cvtsudoers.c: - Fix memory leak on error path. - [1a13732abfd5] +2018-10-20 Todd C. Miller - * plugins/sudoers/po/sudoers.pot: - regen - [c139b8bed3c1] + * plugins/sudoers/iolog_util.c: + Simplify range checks. No need to check for ERANGE in the cases + where we also check that the value is <= INT_MAX. Found by PVS- + Studio. + [45810a8437b6] - * plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, - plugins/sudoers/cvtsudoers_ldif.c: - Move cvtsudoers string functions into cvtsudoers.c - [4b5b799e7abc] +2018-10-19 Todd C. Miller - * plugins/sudoers/Makefile.in: - regen - [6ecb37e35c9f] + * lib/util/key_val.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/toke_util.c, + src/preserve_fds.c: + Avoid some PVS-Studio false positives. + [e4d8ce94fda7] - * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, - plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, - plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, - plugins/sudoers/cvtsudoers_ldif.c, - plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/parse.h: - Initial support filtering by user, group and host in cvtsudoers. - Currently forces alias expansion when a filter is applied and the - entire matching user or host list is printed, even the non-matching - entries. This effectively allows you to grep sudoers by user, group - and host. - [0adbf8d38eb4] + * src/sudo.c: + Remove some calls to sudo_fatalx(); just propagate the error return. + [bc9eefbf0cdf] - * plugins/sudoers/defaults.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/parse.h: - Add free_default() to free a struct defaults pointer so we have a - single place where we free the defaults. A pointer to the previous - Default's binding may be passed in to avoid freeing an already free - binding. - [9d9ef007ee88] + * src/sesh.c: + No need to check if fd_dst is -1 in sudoedit mode. Failure to open + the destination sudoedit file is fatal so there's no need to check + that fd_dst != -1 later on. Found by PVS-Studio. + [5530586ace16] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, - doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, - doc/sudoers.man.in, doc/sudoers.mdoc.in: - Decrease bullet width to 1n. - [e6f3776fd72e] + * plugins/sudoers/timestamp.c: + In timestamp_open() no need to free cookie on error, it is NULL. + Found by PVS-Studio. + [becfe97c72f8] -2018-03-17 Todd C. Miller +2018-10-18 Todd C. Miller - * src/sudo.c: - Add aix_setauthdb() before the initial getpwuid() call. - [b8a011be9af7] + * plugins/sudoers/ldap_util.c: + Fix a memory leak on malloc() error in sudo_ldap_role_to_priv(). + Coverity CID 188804 + [1bea56670410] -2018-03-10 Todd C. Miller + * plugins/sudoers/parse_ldif.c: + Move the allocation of role to be immediately before in_role is set. + This makes it clear that when in_role == true, role is non-NULL. + Also remove two dead stores. + [790d90c578c8] - * plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c, - plugins/sudoers/gram.c, plugins/sudoers/gram.y, - plugins/sudoers/parse.h: - fix compilation on Solaris - [e31019b5f545] + * plugins/sudoers/parse_ldif.c: + Fix trimming of non-escaped trailing space in + ldif_parse_attribute(). Found by PVS-Studio. + [37fded3c77a4] -2018-03-08 Todd C. Miller + * plugins/sudoers/match.c: + Simplify the logic surrounding sudoers_args in command_args_match(). + We only need to check that sudoers_args is non-NULL once. Found by + PVS-Studio. + [93c967145e82] - * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, - plugins/sudoers/sudoreplay.c: - Make "sudoreplay -m 0" skip the pauses entirely. - [d9a7fc9f5720] + * plugins/sudoers/ldap.c: + If sudo_ldap_get_values_len() fails goto cleanup instead of oom. + This is not strictly necessary as there's not anything to cleanup in + this case but it is more consistent with the code that follows. + [d0d8b8b8dca8] - * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: - Document that a negative value for -m will elmininate the pauses. - [a025e96abb47] + * plugins/sudoers/policy.c: + Fix handling of timeout values in sudoers. When passing the timeout + back to the front end, ignore the user-specified timeout if it is + not set (initialized to 0). Otherwise, sudo would choose a zero + user-specified timeout over the sudoers-specified timeout (non- + zero). + [6b08b3b918b7] -2018-03-06 Todd C. Miller +2018-10-17 Todd C. Miller - * plugins/sudoers/testsudoers.c: - Update copyright date, remove unneeded include and add a few - comments. - [ac1bccd631e5] + * plugins/sudoers/cvtsudoers_pwutil.c: + Fix cut & pastos in cvtsudoers_make_gritem() + [bd901c0394ba] - * plugins/sudoers/Makefile.in, - plugins/sudoers/regress/sudoers/test1.out.ok, - plugins/sudoers/regress/sudoers/test10.out.ok, - plugins/sudoers/regress/sudoers/test11.out.ok, - plugins/sudoers/regress/sudoers/test12.out.ok, - plugins/sudoers/regress/sudoers/test13.out.ok, - plugins/sudoers/regress/sudoers/test14.out.ok, - plugins/sudoers/regress/sudoers/test15.out.ok, - plugins/sudoers/regress/sudoers/test16.out.ok, - plugins/sudoers/regress/sudoers/test17.out.ok, - plugins/sudoers/regress/sudoers/test18.out.ok, - plugins/sudoers/regress/sudoers/test19.out.ok, - plugins/sudoers/regress/sudoers/test2.out.ok, - plugins/sudoers/regress/sudoers/test20.out.ok, - plugins/sudoers/regress/sudoers/test21.out.ok, - plugins/sudoers/regress/sudoers/test22.out.ok, - plugins/sudoers/regress/sudoers/test3.out.ok, - plugins/sudoers/regress/sudoers/test4.out.ok, - plugins/sudoers/regress/sudoers/test5.out.ok, - plugins/sudoers/regress/sudoers/test6.out.ok, - plugins/sudoers/regress/sudoers/test7.out.ok, - plugins/sudoers/regress/sudoers/test8.out.ok, - plugins/sudoers/regress/sudoers/test9.out.ok, - plugins/sudoers/testsudoers.c: - Use fmtsudoers functions in testsudoers. - [be27df4a5291] - - * MANIFEST, plugins/sudoers/regress/sudoers/test22.in, - plugins/sudoers/regress/sudoers/test22.json.ok, - plugins/sudoers/regress/sudoers/test22.ldif.ok, - plugins/sudoers/regress/sudoers/test22.ldif2sudo.ok, - plugins/sudoers/regress/sudoers/test22.out.ok, - plugins/sudoers/regress/sudoers/test22.sudo.ok, - plugins/sudoers/regress/sudoers/test22.toke.ok: - Add test for empty runas user list. - [5598cf4c3329] - - * plugins/sudoers/testsudoers.c: - Don't print an empty user list as ALL. - [806ee09f854d] + * plugins/sudoers/regress/sudoers/test17.ldif2sudo.ok: + Fix expected test output now that command_timeout is parsed + correctly in LDIF. + [ba6cfd26330e] - * plugins/sudoers/fmtsudoers.c, plugins/sudoers/parse.h: - In sudoers_format_userspecs make the separator optional and silence - a printf format warning. - [62c576cbec4b] + * lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c: + tv_nsec can never be negative after timespecsub. Found by PVS Studio + [ecfb93c9463c] - * plugins/sudoers/starttime.c: - Use correct defines when checking for sysctl kinfo_proc support. - [6017e45d14b9] +2018-10-16 Todd C. Miller - * plugins/sudoers/cvtsudoers_json.c: - Fix crash when converting sudoers entry with a runas list that is - present but empty. - [ff6b9ef53c6b] + * plugins/sudoers/sudoers.c: + Avoid potentially undefined behavior. Found by PVS Studio. + [ae76c69e0d6f] -2018-03-05 Todd C. Miller + * plugins/sudoers/ldap_util.c: + sudo_ldap_parse_option() never returns '=' as the operator. When + parsing command_timeout, role, type, privs and limitprivs, check + that val is non-NULL instead. Found by PVS Studio. + [10f8cff7cce7] - * config.h.in, configure, configure.ac, plugins/sudoers/starttime.c, - plugins/sudoers/sudoers.c, src/regress/ttyname/check_ttyname.c, - src/tgetpass.c, src/ttyname.c: - Less confusing sysctl checks for kinfo_proc. - [553f6b3f9c3b] + * plugins/sudoers/Makefile.in, plugins/sudoers/toke.c: + Fix up #line entries that reference lex.sudoers.c. + [c724cef37b66] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, - plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, - plugins/sudoers/ldap.c, plugins/sudoers/match.c, - plugins/sudoers/pwutil.c, plugins/sudoers/sssd.c: - Add case_insensitive_group and case_insensitive_user sudoers - options, which are enabled by default. - [bd74d8b7fe83] +2018-10-13 Todd C. Miller -2018-03-04 Todd C. Miller + * plugins/sudoers/iolog.h, plugins/sudoers/iolog_util.c: + Fix workaround for broken sudo 1.8.7 timing files. + [78ef3625c650] - * plugins/sudoers/fmtsudoers.c: - Kill dead store found by clang-analyzer. - [af2021d3d396] + * plugins/sudoers/parse_ldif.c: + Fix memory leak when reusing the runas list. We need to free the + member list itself as well as its contents. + [62fb86a5c83f] - * plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, - plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c, - plugins/sudoers/gram.c, plugins/sudoers/gram.y, - plugins/sudoers/ldap.c, plugins/sudoers/ldap_util.c, - plugins/sudoers/parse.h, - plugins/sudoers/regress/sudoers/test2.ldif.ok, - plugins/sudoers/regress/sudoers/test3.ldif.ok, - plugins/sudoers/regress/sudoers/test6.ldif.ok, - plugins/sudoers/sssd.c: - Initial support for adding comments that will be emitted when - sudoers is formatted. Currently adds a comment for the source - sudoRole when converting from ldif -> sudoers. - [bf2e7f48f452] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Some DIAGNOSTICS updates: Update error message for when the user's + uid does not exist in passwd. Remove "This error indicates" and some + other cosmetic cleanups. + [c73841e03014] - * lib/util/lbuf.c, plugins/sudoers/cvtsudoers.c, - plugins/sudoers/fmtsudoers.c, plugins/sudoers/parse.h: - Special case comment lines in lbufs. - [10d6d229ffae] + * src/sudo.c: + If the user's passwd entry cannot be resolved via the uid, use the + same error message as visudo. + [ce596b32dfbb] - * plugins/sudoers/cvtsudoers_ldif.c: - Handle escaped commas when skipping over the cn. - [61aed7ff5e1c] +2018-10-12 Todd C. Miller -2018-03-03 Todd C. Miller + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Add a DIAGNOSTICS section with an explanation of the more non- + trivial error messages. + [775419794f7d] - * plugins/sudoers/cvtsudoers.c, plugins/sudoers/fmtsudoers.c, - plugins/sudoers/parse.h: - When formatting as sudoers, flush the lbuf after each userspec. - [060266dd440c] + * plugins/sudoers/sudoreplay.c, src/exec_monitor.c, src/exec_nopty.c, + src/exec_pty.c: + Replace sudo_fatal(NULL) with an "unable to allocate memory" message + that includes the function name. + [26e19bcc0ce8] -2018-03-02 Todd C. Miller +2018-10-09 Todd C. Miller - * MANIFEST, plugins/sudoers/Makefile.in, - plugins/sudoers/regress/sudoers/test1.ldif2sudo.ok, - plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok, - plugins/sudoers/regress/sudoers/test15.ldif2sudo.ok, - plugins/sudoers/regress/sudoers/test16.ldif2sudo.ok, - plugins/sudoers/regress/sudoers/test17.ldif2sudo.ok, - plugins/sudoers/regress/sudoers/test19.ldif2sudo.ok, - plugins/sudoers/regress/sudoers/test2.ldif2sudo.ok, - plugins/sudoers/regress/sudoers/test20.ldif2sudo.ok, - plugins/sudoers/regress/sudoers/test21.ldif2sudo.ok, - plugins/sudoers/regress/sudoers/test3.ldif2sudo.ok, - plugins/sudoers/regress/sudoers/test6.ldif2sudo.ok: - Add tests for round-tripping sudoers -> ldif -> sudoers - [72e3e73fb612] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, src/tgetpass.c: + Make EOF handling while reading the password prompt more like + getpass(3). We now return the password as long as at least one + character has been read. Previously, EOF at the password prompt was + treated as if nothing was entered. + [fc2ed4a87e6f] - * plugins/sudoers/cvtsudoers_ldif.c: - Add missing sudoOrder support to parse_ldif(). - [8c5e9f22f0da] + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in: + regen + [2aee8680abc3] - * plugins/sudoers/ldap_util.c: - Add missing support for converting LOG_INPUT/LOG_OUTPUT tags and - expand support for NOMAIL tags. - [2820c8333381] + * src/tgetpass.c: + Print a warning for password read issues. Issues include: timeout at + the password prompt, read error while reading the password, and EOF + reading the password. + [df1dcebe9ffa] - * plugins/sudoers/cvtsudoers_ldif.c, - plugins/sudoers/regress/sudoers/test2.ldif.ok, - plugins/sudoers/regress/sudoers/test3.ldif.ok, - plugins/sudoers/regress/sudoers/test6.ldif.ok: - Don't emit an empty sudoRole for global defaults if there are none. - [2a69dccb7071] +2018-10-08 Todd C. Miller - * plugins/sudoers/ldap_util.c: - Avoid changing the order of non-negated hosts and commands. We still - put negated hosts/commands at the end of the list. - [e1aea92dd6dc] + * lib/util/term.c, src/tgetpass.c: + Handle EOF on password input when pwfedback is enabled. + [4958978fc967] - * plugins/sudoers/cvtsudoers_ldif.c: - Handle parsing boolean options that have no explicit value. - [b5d597faa23d] +2018-10-07 Todd C. Miller - * plugins/sudoers/cvtsudoers_ldif.c: - Refactor the code that actually converts the role to sudoers format - into role_to_sudoers() now that it is more involved than just - calling sudo_ldap_role_to_priv(). - [b876171ff96e] + * doc/sudoers.ldap.mdoc.in: + Fix remaining instances of "e.g." without a trailing ','. + [8cbf11c04b3c] - * plugins/sudoers/cvtsudoers_ldif.c: - When merging two privileges, use the runas lists of the previous - privilege when possible. Otherwise, the generated sudoers line will - include a runas list for commands that is not necessary. - [337b49451947] + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat, + doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in, + doc/sudoers_timestamp.cat, doc/sudoers_timestamp.man.in, + doc/sudoers_timestamp.mdoc.in: + Use mdoc macros for BSD systems. All manuals now pass "make lint" + [7f23209a5e1c] -2018-03-01 Todd C. Miller + * doc/Makefile.in: + Use -Wstyle with -Tlint since sudo is not part of the base system. + This avoids "referenced manual not found" and "operating system + explicitly specified" warnings. + [e417e972a88a] - * plugins/sudoers/match.c: - Use a case-insensitive comparison when matching user and group names - in sudoers with the passwd or group database. This can be necessary - when users and groups are stored in AD or LDAP. - [bfccb8acc3e9] + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Document log_suspend() and fix the description of the + change_winsize() return value. + [be02b0fb26a9] - * plugins/sudoers/Makefile.in: - Fix clean target for *.sudo regress files - [6f52a4aef93a] +2018-10-06 Todd C. Miller - * .hgignore: - ignore more binaries - [9adf244d0e9e] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, doc/sudoers_timestamp.cat, + doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in, + doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, + doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Fix problems found by igor. Bug #854 + [4ddcb625f3b7] - * plugins/sudoers/cvtsudoers.c: - Fix use of uninitialized variable (conf) if sudoers_debug_register() - happens to fail. - [0ef1765f14f4] + * doc/Makefile.in: + Sort DOCS and DEVDOCS and remove extra sudoers entry (it was listed + twice). + [abb2baac9373] -2018-02-28 Todd C. Miller + * doc/Makefile.in: + Add igor target to run igor(1) on the manuals. + [64be7fb868b3] - * plugins/sudoers/cvtsudoers_ldif.c: - Split conversion code out of parse_ldif() and into - ldif_to_sudoers(). - [27c8b7001735] +2018-10-05 Todd C. Miller - * plugins/sudoers/cvtsudoers_ldif.c: - Quiet a clang analyzer warning. - [21102c27dcce] + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, + plugins/sudoers/sudoreplay.c: + Add new -S option to sleep while the command was suspended. The + default behavior is now to not consider the time the command was + suspended as part of the normal inter-event delay. + [bb30f7b28126] - * MANIFEST, configure, configure.ac, mkdep.pl, - plugins/sudoers/Makefile.in, plugins/sudoers/ldap_common.c, - plugins/sudoers/ldap_util.c: - rename ldap_common.c -> ldap_util.c - [3093bdbb8a9b] - - * plugins/sudoers/cvtsudoers_ldif.c: - When converting from ldif to sudoers, sudoRole objects with the same - user if possible. If both user and host are the same, merge into a - single privilege. This makes it possible to convert a sudoers entry - like: + * MANIFEST, include/sudo_plugin.h, plugins/sudoers/Makefile.in, + plugins/sudoers/iolog.c, plugins/sudoers/iolog.h, + plugins/sudoers/iolog_event.h, plugins/sudoers/iolog_files.h, + plugins/sudoers/iolog_util.c, plugins/sudoers/iolog_util.h, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/regress/iolog_util/check_iolog_util.c, + plugins/sudoers/sudoreplay.c, src/exec_pty.c: + Add a suspend event type to the I/O log to log suspend/resume of the + command so we can skip that delay during replay. + [8091d1835a31] - aaron shanty = NOEXEC: /usr/bin/vi, /usr/bin/more, EXEC: /bin/sh + * src/exec_pty.c, src/sudo.c, src/sudo.h: + Initialize the pty rows/cols based on the values we stored in + user_details. This fixes a minor issue where we would send an extra + window size change event the first time the command was suspended. + [b2ae9be4d1d6] - to ldif and then back to sudoers as a single line. Currently, the - ldif entries to be merged must have the same or adjacent sudoOrder - attributes. - [74e5cef2e849] +2018-09-27 Todd C. Miller - * plugins/sudoers/cvtsudoers_ldif.c: - plug memory leaks - [a5268668c397] + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap_conf.c, + plugins/sudoers/sudo_ldap_conf.h: + Add support for OpenLDAP's TLS_REQCERT setting in ldap.conf. + [f07a14ae05cb] - * src/parse_args.c: - Restore line to set MODE_PRESERVE_ENV in flags when the -E command - line option is used. The caller doesn't check MODE_PRESERVE_ENV - these days but parse_args uses it to detect usage errors when -E is - used along with a mutually excusive option. Problem found by Yuriy - Vostrikov. - [b511e35d9be4] +2018-09-24 Todd C. Miller -2018-02-26 Todd C. Miller + * include/sudo_util.h, plugins/sudoers/defaults.c, + plugins/sudoers/iolog_util.c, + plugins/sudoers/regress/starttime/check_starttime.c: + Move definition of TIME_T_MAX to sudo_util.h + [469c36d44950] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Add missing close parenthesis in "Including other files from within - sudoers" section. Bug #824 - [3335cb2ce29f] + * NEWS, doc/UPGRADE: + Changes in 1.8.26 (so far). + [5c73b0d8c676] -2018-02-25 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/env.c: + Treat LOGIN, LOGNAME and USER specially. If one is preserved or + deleted we want to preserve or delete all of them. + [ea1782686195] - * plugins/sudoers/ldap_common.c: - When converting from LDAP to sudoers, put negated hosts and commands - at the end of the list. Since LDAP doesn't guarantee attribute order - we need to make sure negated entries always override non- negated - ones. - [0ebff259c521] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/env.c, + plugins/sudoers/logging.c, plugins/sudoers/regress/visudo/test6.sh: + Remove special handling of the USERNAME environment variable. It + used to be set on old versions of Fedora but that hasn't been the + case for some time. It's worth noting that ssh doesn't set USERNAME + either. + [5141bebd99c4] -2018-02-24 Todd C. Miller + * configure, configure.ac: + sudo 1.8.26 + [cfe8d540328e] - * plugins/sudoers/cvtsudoers.c: - We may need the hostname to resolve %h escapes in include files. - [3e57710762d3] +2018-09-22 Todd C. Miller - * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, - plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_ldif.c: - Setting a sudoOrder start point of 0 will disable creation of - sudoOrder attributes in the resulting LDIF output. - [4107f61b431b] + * src/sudo.c: + Remove unused system_maxgroups argument from fill_group_list(). + [debc4ca9d35f] - * plugins/sudoers/cvtsudoers.c: - Don't need to fill in struct sudo_user since we don't do matching. - [cdc876d298b5] + * lib/util/getgrouplist.c: + Pass getgrouplist() NGROUPS_MAX+1, not NGROUPS_MAX so we have room + for the primary gid. + [fccf07f2e8cf] - * MANIFEST, doc/cvtsudoers.cat, doc/cvtsudoers.man.in, - doc/cvtsudoers.mdoc.in, pathnames.h.in, plugins/sudoers/Makefile.in, - plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, - plugins/sudoers/cvtsudoers_json.c, - plugins/sudoers/cvtsudoers_ldif.c: - Add support for setting default options in a config file. In - addition to expand_aliases, input_format and output_format, both the - initial sudoOrder and the increment when updating sudoOrder for - subsequent sudoRole objects can be specified. Command line options - have also been added for the start order and increment. - [d3121c039ddf] +2018-09-20 Todd C. Miller -2018-02-22 Todd C. Miller + * plugins/sudoers/cvtsudoers_json.c: + In print_member_json_int() eliminate the need_newline variable and + just move the non-alias expansion printing bits into the else + clause, including the newline and comma printing. + [b40224fc6090] - * NEWS: - cvtsudoers can now read LDIF - [99b7ed30c754] + * MANIFEST, plugins/sudoers/regress/cvtsudoers/test30.out.ok, + plugins/sudoers/regress/cvtsudoers/test30.sh: + Add regress test for bug #853 + [31544afc6013] - * doc/UPGRADE: - Fix a typo. - [87f635970a5d] + * plugins/sudoers/cvtsudoers_json.c: + When expanding an alias in print_member_json_int() avoid printing an + extra comma at the end of the entry. Bug #853. + [e73e09f8569a] - * plugins/sudoers/fmtsudoers.c: - Deal with user_name not being set in cvtsudoers. - [421bb1dbff57] +2018-09-12 Todd C. Miller - * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, - plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, - plugins/sudoers/cvtsudoers_json.c, - plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/ldap.c, - plugins/sudoers/ldap_common.c, plugins/sudoers/sssd.c, - plugins/sudoers/sudo_ldap.h: - Initial support for parsing sudoers LDIF files in cvtsudoers. This - makes it possible to convert from LDAP sudoers to a traditional - sudoers file. Semantic differences between file sudoers and LDAP - sudoers mean that LDIF -> sudoers is not completely equivalent. - [ddf513e2778f] + * doc/CONTRIBUTORS: + Add Kan Sasaki + [ff277fb5b0c9] -2018-02-21 Todd C. Miller + * NEWS, configure, configure.ac: + sudo 1.8.25p1 + [c4f0a69e6356] - * plugins/sudoers/cvtsudoers_ldif.c, - plugins/sudoers/regress/sudoers/test14.ldif.ok: - Fix LDIF conversion of commands with an associated digest. - [590ab0cb58e4] + * lib/util/event_poll.c: + Fix a crash in the event system's poll() backend introduced with + support for nanosecond timers. Only affects systems without ppoll(). + Bug #851 + [54e561b11a0f] - * plugins/sudoers/ldap_common.c: - In array_to_member_list() use the correct type for netgroups and - user groups. - [359947d19131] +2018-09-02 Todd C. Miller - * plugins/sudoers/fmtsudoers.c: - Prepend digest to command if present. Fix printing of group IDs and - non-unix groups. - [5f9834b4bcbc] + * plugins/sudoers/po/sudoers.pot: + regen + [04afa00445ef] - * plugins/sudoers/cvtsudoers_json.c: - Fix gcc false positive for uninitialized variable - [d250b862c1ed] +2018-08-31 Todd C. Miller -2018-02-20 Todd C. Miller + * plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c: + Allow for some clock drift due to ntpd, etc. + [2d72989fe7b1] - * pp: - Update Polypkg to the latest version from git. - [204ebffb502f] + * plugins/sudoers/visudo.c: + If sudo_lock_file() fails for a reason other than the file already + being locked, give the user a chance to edit anyway. + [e5a963ecc083] - * config.h.in, configure, configure.ac, src/sudo.c: - Use setpassent() and setgroupent() on systems that support it to - keep the passwd and group database open. Sudo does a lot of passwd - and group lookups so it can be beneficial to just leave the file - open. - [3d2d5bca9670] +2018-08-30 Todd C. Miller -2018-02-19 Todd C. Miller + * plugins/sudoers/regress/cvtsudoers/test28.sh: + Quick sort is not a stable sort; use distinct sudoOrder values so + the output is predictable. + [46ebc1169c0c] - * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, - plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c, - plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c: - Add option to cvtsudoers to expand aliases in the output. - [1af56459fd7d] + * lib/util/regress/atofoo/atofoo_test.c, + lib/util/regress/parse_gids/parse_gids_test.c, + plugins/sudoers/ldap.c, + plugins/sudoers/regress/parser/check_base64.c: + Fix warnings on OpenIndiana (Illumos) + [1b45d303b338] - * plugins/sudoers/cvtsudoers_json.c, - plugins/sudoers/regress/sudoers/test1.json.ok, - plugins/sudoers/regress/sudoers/test14.json.ok, - plugins/sudoers/regress/sudoers/test15.json.ok, - plugins/sudoers/regress/sudoers/test16.json.ok, - plugins/sudoers/regress/sudoers/test17.json.ok, - plugins/sudoers/regress/sudoers/test19.json.ok, - plugins/sudoers/regress/sudoers/test2.json.ok, - plugins/sudoers/regress/sudoers/test6.json.ok: - Fix conversion of "ALL" in the JSON output format, which was being - printed as an alias. - [3f7869688820] + * plugins/sudoers/ldap.c: + Correct ldap_to_sudoers() return value. + [16b0d144b196] - * INSTALL, configure, configure.ac: - Clarify that --with-rundir and --with-vardir take sudo-specific - directory, e.g. /var/run/sudo and not just /var/run. Bug #823 - [e1913085e544] + * NEWS: + Bug #849 + [3e05bad00a44] - * src/exec_pty.c: - In pty_cleanup() we need to call sudo_term_restore() even if no I/O - plugins are present as long as /dev/tty exists. Fixes the use_pty - case with no I/O plugins. - [82fecef72998] + * plugins/sudoers/sssd.c: + The sssd backend used to take the first match, assuming that entries + were sorted in descending order by sudoOrder. That allowed it to + avoid iterating over the entire list of rules. Now that we convert + to a sudoers parse tree, we need to convert rules in ascending + order, not descending. The simplest way to accomplish this is to + simply iterate over the rules from last to first, reversing the sort + order. Bug #849 + [63627909bb10] - * include/sudo_event.h, lib/util/event.c, lib/util/util.exp.in, - plugins/sudoers/sudoreplay.c, src/exec_monitor.c, src/exec_nopty.c, - src/exec_pty.c: - Add sudo_ev_dispatch(), a wrapper for ev_loop() with no flags. - Similar the dispatch function in libevent. - [61e588fd50d0] + * MANIFEST, plugins/sudoers/regress/cvtsudoers/test28.out.ok, + plugins/sudoers/regress/cvtsudoers/test28.sh, + plugins/sudoers/regress/cvtsudoers/test29.out.ok, + plugins/sudoers/regress/cvtsudoers/test29.sh: + Add some more ldif -> sudoers tests to verify sudoOrder. + [f41358fbd066] - * INSTALL, configure, configure.ac, doc/sudoers.cat, - doc/sudoers.man.in, doc/sudoers.mdoc.in, m4/sudo.m4: - Use /run in preference to /var/run if it exists. Bug #822 - [ec2febe6f8a3] + * plugins/sudoers/ldap.c: + For conversion to a sudoers parse tree, ldap_entry_compare() now + needs to sort in ascending order, not descending. Bug #849 + [9f23126cded8] -2018-02-14 Todd C. Miller +2018-08-29 Todd C. Miller - * NEWS: - mention common sudoers formatting changes - [b32825ca3e2f] + * plugins/sudoers/cvtsudoers.c: + No need to set input_file for stdin in parse_ldif(); noted by clang + analyzer. + [c852e1c92dd2] -2018-02-11 Todd C. Miller + * plugins/sudoers/iolog_util.c: + Use TIME_T_MAX when parsing the I/O log file timestamp and disallow + negative times. + [bfb17118e584] - * MANIFEST, configure, configure.ac, mkdep.pl, - plugins/sudoers/Makefile.in, plugins/sudoers/ldap.c, - plugins/sudoers/ldap_conf.c, plugins/sudoers/sudo_ldap.h, - plugins/sudoers/sudo_ldap_conf.h: - Move LDAP configuration bits into ldap_conf.c - [1673e3c7855a] + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog_util.c, + plugins/sudoers/iolog_util.h, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/regress/iolog_util/check_iolog_util.c, + plugins/sudoers/sudoreplay.c: + When parsing an I/O log timing line, store the result in a timespec, + not a double. The speed factor (for scaling the delay) in sudoreplay + is still a double but we only need to adjust the delay if the factor + is something other than 1.0. + [39077129d1f9] -2018-02-10 Todd C. Miller + * plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c: + Fix memory leak in test. + [94fb9f39dfee] - * plugins/sudoers/ldap.c, plugins/sudoers/ldap_common.c: - No longer need to include stddef.h - [a10a13dc73c7] + * doc/cvtsudoers.cat, doc/sudo.cat, doc/sudo.conf.cat, + doc/sudo_plugin.cat, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers_timestamp.cat, doc/sudoreplay.cat, doc/visudo.cat: + regen + [f2850c2f733a] - * plugins/sudoers/iolog.c: - Remove dead store, found by cppcheck. - [744e99ffc82e] +2018-08-28 Todd C. Miller - * plugins/sudoers/ldap.c, plugins/sudoers/ldap_common.c, - plugins/sudoers/sssd.c, plugins/sudoers/sudo_ldap.h: - simplify iterator - [944fd546ec98] + * plugins/sudoers/env.c: + Update conversion of DID_* to KEPT_* to match the new values of + DID_* and KEPT_*. + [6ce1bc30a4d1] - * plugins/sudoers/mkdir_parents.c: - Silence a false positive from cppcheck. - [f94421968d8e] + * NEWS, plugins/sudoers/env.c: + Set the LOGIN environment variable on AIX like we do LOGNAME. + [e6afb82d918c] - * plugins/sudoers/tsdump.c: - Cast version to int when printing. Avoids a cppcheck warning. - [3312bec4f1e3] +2018-08-27 Todd C. Miller -2018-02-09 Todd C. Miller + * config.h.in, configure, configure.ac, m4/sudo.m4, + plugins/sudoers/bsm_audit.c: + Add a test for the 4-argument au_close() function found in Solaris + 11 instead of assuming it is present if __sun is defined. Fixes a + compilation error on OpenIndiana and older Solaris versions. + [4a4f91e28bbc] - * plugins/sudoers/ldap.c, plugins/sudoers/ldap_common.c, - plugins/sudoers/sssd.c, plugins/sudoers/sudo_ldap.h: - Use an iterator instead of fragile pointer arithmetic to iterate - over value arrays in sudo_ldap_role_to_priv(). - [61752c5f3427] + * doc/CONTRIBUTORS: + Add Miguel Sanders and Scott Cheloha + [14aca7309a0a] - * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, - plugins/sudoers/fmtsudoers.c, plugins/sudoers/ldap.c, - plugins/sudoers/parse.c, plugins/sudoers/parse.h, - plugins/sudoers/sssd.c: - Move sudoers formatting code into fmtsudoers. - [ff25291c99f4] + * NEWS: + testsudoers changes + [f008d473c933] - * plugins/sudoers/cvtsudoers.c, plugins/sudoers/parse.c: - Clean up some XXX in parse.c - [19854e7d8ac7] + * plugins/sudoers/Makefile.in, plugins/sudoers/testsudoers.c: + Add ldif support to testsudoers + [321f11b7badd] - * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, - plugins/sudoers/parse.h, plugins/sudoers/sssd.c: - Rename sudo_file_append_default() -> sudo_lbuf_append_default() and - use it for ldap and sssd too. - [dae22810f2dd] +2018-08-26 Todd C. Miller - * MANIFEST, configure, configure.ac, mkdep.pl, - plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/ldap.c, - plugins/sudoers/ldap_common.c, plugins/sudoers/parse.h, - plugins/sudoers/sssd.c, plugins/sudoers/sudo_ldap.h: - Move common bits of ldap to sudoers conversion into ldap_common.c - and use it in sssd.c. - [5cca03f64b77] + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/parse.h, plugins/sudoers/parse_ldif.c: + Move ldif -> sudoers conversion code into parse_ldif.c + [497d55799d5b] - * plugins/sudoers/gram.c, plugins/sudoers/gram.y, - plugins/sudoers/ldap.c, plugins/sudoers/parse.c, - plugins/sudoers/parse.h: - Convert ldap results into a sudoers userspec so we can use the "sudo - -l" output functions in parse.c. - [1422e10dc274] + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/strlist.c, + plugins/sudoers/strlist.h: + Move string list functions to their own file. + [a15902cde4eb] -2018-02-08 Todd C. Miller + * lib/util/Makefile.in: + sync + [9b1f98d4335f] - * sudo.pp: - Don't mark sudoers.dist volatile, it only gets used on systems that - don't have the concept of volatile files. - [c47fd17e62e3] +2018-08-25 Todd C. Miller -2018-02-05 Todd C. Miller + * include/sudo_event.h, lib/util/event.c, lib/util/util.exp.in: + Backward ABI compatibility for even functions that use a timeval. + [01d9e617a923] - * plugins/sudoers/gram.c, plugins/sudoers/gram.y, - plugins/sudoers/parse.h: - Refactor member freeing code into free_member(). Refactor userspec - freeing code into free_userspec(). - [ccc95e8b9f69] + * lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c: + Use a monotonic timer for the event subsystem. + [acf30905a275] - * plugins/sudoers/cvtsudoers.c: - Fix compilation with glibc where stdout is not constant. - [97a0302c29c8] + * config.h.in, configure, configure.ac, include/sudo_event.h, + lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c, + plugins/sudoers/iolog_util.h, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoreplay.c: + Use struct timespec, not struct timeval in the event subsystem. Use + ppoll() or pselect() if avaialble which use timespec. + [b1bfccec8b13] -2018-02-04 Todd C. Miller +2018-08-24 Todd C. Miller - * plugins/sudoers/ldap.c: - For "sudo -l", if a word includes spaces, print it in double quotes. - Also escape spaces in the command path. This matches the sudoers - quoting rules. - [04ace6decf3a] + * .hgignore: + sync + [193fd33e9864] -2018-02-03 Todd C. Miller + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c: + Eliminate most use of parsed_sudoers in cvtsudoers + [0d0504f61e3e] - * plugins/sudoers/ldap.c: - Display sudoNotBefore and sudoNotAfter in "sudo -l" - [ef7de4c8aa9e] + * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers_json.c, plugins/sudoers/parse.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Make alias_apply() take 3 arguments, the first being a pointer to + the struct sudoers_parse_tree. + [7802295c07fa] - * plugins/sudoers/parse.c: - For "sudo -l", if a word includes spaces, print it in double quotes. - Also escape spaces in the command path. This matches the sudoers - quoting rules. - [fa12a254657c] +2018-08-23 Todd C. Miller - * plugins/sudoers/cvtsudoers.c: - Add back printing of negation operator ('!') when printing a word - with spaces in it. - [c69706a91817] + * plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c: + Handle systems where root's gid is not 0. + [1fc92bad715a] - * plugins/sudoers/Makefile.in: - Use visudo to validate "cvtsudoers -f sudoers" output. - [06bae7204926] + * plugins/sudoers/iolog_util.c, plugins/sudoers/iolog_util.h: + Add missing files from last commit. + [a155e07bb191] - * plugins/sudoers/regress/sudoers/test21.in, - plugins/sudoers/regress/sudoers/test21.json.ok, - plugins/sudoers/regress/sudoers/test21.ldif.ok, - plugins/sudoers/regress/sudoers/test21.out.ok, - plugins/sudoers/regress/sudoers/test21.toke.ok: - Remove syslog_goodpri and syslog_badpri without a value that causes - visudo to report an error. - [c1f696e49f49] + * .hgignore, MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/po/sudoers.pot, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/sudoreplay.c: + Add regress test for I/O log plugin endpoints + [bf9fbe5ff2a6] - * plugins/sudoers/cvtsudoers.c: - When outputting sudoers, if a word includes spaces, print it in - double quotes. Also escape spaces in the command path. - [d040c1a21277] + * plugins/sudoers/iolog.c: + We cannot reuse last_time for the I/O log info file now that it is a + monotonic timer. Just call time(3) in write_info_log() directly. + [f2e1de732a91] -2018-02-02 Todd C. Miller + * src/exec_pty.c: + Move the loop to free the monitor_messages list into + free_exec_closure_pty() + [d6edc1a94e7e] - * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, - plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c, - plugins/sudoers/parse.h, plugins/sudoers/visudo.c: - Add sudoers output format to cvtsudoers. In the future this may be - used with filters to emit a partial sudoers file instead of a full - one. - [533d2c389213] + * po/sudo.pot: + regen + [6467f05a2fd0] - * plugins/sudoers/parse.c: - When printing a member name, quote sudoers special characters unless - it is a UID/GID, in which case we print the '#' unquoted. - [e4e8154c4fe9] +2018-08-22 Todd C. Miller - * plugins/sudoers/parse.c, plugins/sudoers/parse.h: - Move SUDOERS_QUOTED define to parse.h - [a813ec4acb5f] + * lib/util/getentropy.c: + Fix typo in last commit. + [38f3450b57fb] -2018-01-30 Todd C. Miller + * config.h.in, configure, configure.ac, lib/util/getentropy.c: + Do not assume all Linux has linux/random.h. Add missing + sys/syscall.h include + [8460f258e1af] - * plugins/sudoers/timestamp.c: - Remove extraneous break statement and fix some whitespace. - [39df566c33e3] + * plugins/sudoers/policy.c, plugins/sudoers/timestamp.c, + plugins/sudoers/visudo.c, src/sudo_edit.c: + Cast uid/gid to unsigned int before printing. + [37fcab8b4f97] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - The max timeout for kernel time stamps is 60 minutes, not 3600 - minutes. - [95be88c4f106] + * include/sudo_compat.h: + Only include stdarg.h if we need it. + [c266d34454ba] -2018-01-29 Todd C. Miller + * plugins/sudoers/bsm_audit.c, plugins/sudoers/timestamp.c: + fix compiler warnings on Solaris 11 + [6c92c438a38e] - * plugins/sudoers/testsudoers.c: - Check the return value of sudoers_debug_register(). Coverity CID - 182574 - [fb5449acdafd] + * lib/util/getentropy.c: + Fix setting of errno when gotdata() fails. + [4fab71fa575f] - * plugins/sudoers/cvtsudoers_ldif.c: - Fix memory leak, su->count is now 0 when it is unused, not 1. - Covertity CID 182573 - [77019ded8f84] + * plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/ldap.c, + plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/rcstr.c, plugins/sudoers/timestamp.c, + src/sudo_noexec.c: + Include stddef.h for offsetof() definition. + [15d13ae1ba46] - * plugins/sudoers/cvtsudoers_ldif.c: - Quiet a clang analyzer false positive. - [ef04f7069df4] + * NEWS: + Bugs 846 and 847 + [a0ba7ad24812] - * plugins/sudoers/cvtsudoers_ldif.c, - plugins/sudoers/regress/sudoers/test2.ldif.ok, - plugins/sudoers/regress/sudoers/test6.ldif.ok: - Quote special characters when creating the cn as per RFC2253 - [e49ff28c1fd7] + * include/sudo_compat.h: + We still need to include string.h for AIX (and possibly others) when + we are not using the system memset_r() function and rsize_t is + defined by the system headers. + [e1f8f7537209] - * NEWS, configure, configure.ac, doc/UPGRADE: - Sudo 1.8.23 - [e364ed057d1d] + * configure, configure.ac, include/sudo_compat.h, mkpkg: + Add --enable-package-build to give configure a hint that we are + building a package. This can be used to avoid relying on libc + functions that may not be present in all libc versions for a + particular system. For instance, AIX 7.1 may or may not have + memset_s() and getline() present. + [7e843bed8435] - * doc/LICENSE: - Remove the C-style comment charactes from the getopt_long.c and - inet_pton.c license text as it was inconsistent with the rest of the - file and messed up the html formatting. - [a26679d2d0a7] + * include/sudo_compat.h: + AIX defines rsize_t in string.h, not stddef.h for use by the + memset_s() prototype. We use our own memset_s() on AIX since it is + not available on all BOS levels which makes package building + problematic. + [3724b47eadd8] - * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/sudoers2ldif, - sudo.pp: - Remove sudoers2ldif, it has been replaced by cvtsudoers. - [7563cc3768c2] +2018-08-21 Todd C. Miller -2018-01-28 Todd C. Miller + * plugins/sudoers/defaults.c: + Fix printing of T_TIMESPEC values. + [8775c17229a4] - * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, - plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_ldif.c: - Add -b option to specify the base dn. - [7cd4c46c33bf] + * plugins/sudoers/iolog.c: + Remove unused struct script_buf + [fd27f67123b3] - * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in: - Document limitations of LDIF conversion. - [e8c84362f084] +2018-08-20 Todd C. Miller - * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, - plugins/sudoers/cvtsudoers.c: - Switch the default output format to LDIF - [a677c7b72a90] + * NEWS: + Document when the I/O log timing file entry bug was introduced. + [09a75d80487e] - * plugins/sudoers/visudo.c: - Execute cvtsudoers if the user runs "visudo -x" but also emit a - warning. - [53ec45a847d2] + * NEWS: + sync + [95fd54c61719] - * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, - plugins/sudoers/cvtsudoers.c, plugins/sudoers/stubs.c, - plugins/sudoers/visudo.c: - Revert 04ec05108b2b, change the default input source back to stdin. - [df8d94f1bab4] + * config.h.in, configure, configure.ac, lib/util/gettime.c: + HP-UX doesn't suport CLOCK_MONOTONIC but we can use gethrtime() + instead. + [3ec7d99444c0] - * MANIFEST, plugins/sudoers/Makefile.in, - plugins/sudoers/regress/sudoers/test1.ldif.ok, - plugins/sudoers/regress/sudoers/test10.ldif.ok, - plugins/sudoers/regress/sudoers/test11.ldif.ok, - plugins/sudoers/regress/sudoers/test12.ldif.ok, - plugins/sudoers/regress/sudoers/test13.ldif.ok, - plugins/sudoers/regress/sudoers/test14.ldif.ok, - plugins/sudoers/regress/sudoers/test15.ldif.ok, - plugins/sudoers/regress/sudoers/test16.ldif.ok, - plugins/sudoers/regress/sudoers/test17.ldif.ok, - plugins/sudoers/regress/sudoers/test18.ldif.ok, - plugins/sudoers/regress/sudoers/test19.ldif.ok, - plugins/sudoers/regress/sudoers/test2.ldif.ok, - plugins/sudoers/regress/sudoers/test20.ldif.ok, - plugins/sudoers/regress/sudoers/test21.ldif.ok, - plugins/sudoers/regress/sudoers/test3.ldif.ok, - plugins/sudoers/regress/sudoers/test4.ldif.ok, - plugins/sudoers/regress/sudoers/test5.ldif.ok, - plugins/sudoers/regress/sudoers/test6.ldif.ok, - plugins/sudoers/regress/sudoers/test7.ldif.ok, - plugins/sudoers/regress/sudoers/test8.ldif.ok, - plugins/sudoers/regress/sudoers/test9.ldif.ok: - Add LDIF conversion to sudoers tests - [997b79da8874] + * src/exec_monitor.c, src/exec_pty.c: + Close the pty slave in the parent so that when the command and + monitor exit, the pty gets recycled without our having to close it + directly. + [fec53753cf52] - * plugins/sudoers/cvtsudoers_json.c, - plugins/sudoers/cvtsudoers_ldif.c, - plugins/sudoers/regress/sudoers/test19.json.ok: - Add notbefore and notafter support to the backends. - [be50db300eda] + * lib/util/term.c, src/exec_monitor.c, src/exec_pty.c, src/sudo.h: + Move updating of the window size to the monitor process. This will + allow us to close the slave in the main sudo process in the future + so only the command and monitor have it open. + [07108a1c2edc] -2018-01-27 Todd C. Miller + * configure, configure.ac: + sudo 1.8.25 + [4938ba570787] - * README.LDAP: - cvtsudoers instead of sudoers2ldif - [3909ea2c29c1] + * plugins/sudoers/regress/sudoers/test19.ldif2sudo.ok: + Fix test output for bug #845 + [ee6f2d615bd8] - * MANIFEST, doc/cvtsudoers.cat, doc/cvtsudoers.man.in, - doc/cvtsudoers.mdoc.in, plugins/sudoers/Makefile.in, - plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_ldif.c: - Add ldif backend to cvtsudoers, to replace sudoers2ldif - [f0e039c63488] + * plugins/sudoers/ldap_util.c: + Fix pasto when converting sudoNotAfter; from Miguel Sanders Bug #845 + [69638cd6da60] - * plugins/sudoers/Makefile.in: - fix make check - [2cbedce72e3a] +2018-08-19 Todd C. Miller -2018-01-26 Todd C. Miller + * aclocal.m4, config.h.in, configure, configure.ac, + include/sudo_util.h, lib/util/gettime.c, lib/util/util.exp.in: + Add sudo_gettime_uptime() to measure time while not sleeping. + [a128e7d51740] - * plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c: - Parse sudoers in the front end, not the back end. - [30d4e40ed69a] + * plugins/sudoers/iolog.c: + Use a monotonic timer that only runs while not suspended for the + iolog timing values and write nsec-precision entries. + [7f37f0b24ce7] - * doc/Makefile.in: - install the cvtsudoers manual - [243d319fed1c] +2018-08-18 Todd C. Miller - * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, - plugins/sudoers/cvtsudoers.c, plugins/sudoers/stubs.c, - plugins/sudoers/visudo.c: - Use the built-in sudoers file location as the default sudoers file - for cvtsudoers and move parse_sudoers_options() to stubs.c since it - is shared between visudo.c and cvtsudoers.c. - [04ec05108b2b] + * mkpkg: + Detect number of CPUs on AIX. + [2b7c62b42da2] - * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, - plugins/sudoers/stubs.c, plugins/sudoers/visudo.c: - Move common stub functions required by the parser out of visudo.c - and cvtsudoers.c and into stubs.c. - [a324cbde55a3] + * plugins/sudoers/iolog.c: + Fix I/O log timing file on systems without a C99-compatible + snprintf(). On those systems we use our own snprintf() that doesn't + support floating point. We don't actually need floating point in + this case since the we can print seconds and microseconds without + using it. + [4ea419ac5bee] - * plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c: - Rename export_sudoers() to convert_sudoers_json() and move the check - for the same input and output file to the front-end. - [7c83c21ea479] + * NEWS: + Fix for Bug #844 + [51cfeb79669c] - * sudo.pp: - add cvtsudoers - [e8ba851cafb4] + * src/sudo_edit.c: + Handle the case where O_PATH or O_SEARCH is defined but O_DIRECTORY + is not. In theory, O_DIRECTORY is redundant when O_SEARCH is + specified but it is legal for O_EXEC and O_SEARCH to have the same + value. Bug #844 + [fb75d75c7249] - * MANIFEST, doc/Makefile.in, doc/cvtsudoers.cat, - doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, doc/visudo.cat, - doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/Makefile.in, - plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c, - plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c: - Move sudoers JSON conversion to cvtsudoers which will eventually - output to other formats too. - [e64a50657a88] +2018-08-17 Todd C. Miller - * plugins/sudoers/defaults.c: - Convert from time in minutes to timespec directly instead of - converting to double via strtod(). This makes it easier to catch - overflow. - [0d6ab7c21a15] + * NEWS: + sync + [2be1b619a06a] -2018-01-24 Todd C. Miller + * plugins/sudoers/starttime.c: + Fix get_starttime() on HP-UX. + [329a4ad9f4ef] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - document that kernel tty timestamps don't support negative timeouts - [4ff726cf2010] + * mkpkg: + Detect number of CPUs on HP-UX. Use MAKE environment variable if + set. + [c95ab5d6d392] -2018-01-23 Todd C. Miller + * src/net_ifs.c: + Avoid a compilation problem on HP-UX 11.31 with gcc and + machine/sys/getppdp.h + [b861e894271b] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/timestamp.c: - Fall back to ppid time stamps if timestamp_type == kernel and no tty - is present. This is consistent with timestamp_type == tty. - [26c527166a0c] +2018-08-16 Todd C. Miller - * plugins/sudoers/timestamp.c: - Do not call the TIOCSETVERAUTH ioctl with a negative number of - seconds. Also cap the max number of seconds at 3600 to avoid getting - EINVAL from TIOCSETVERAUTH. - [371744874743] + * plugins/sudoers/Makefile.in: + Add CHECK_SYMBOLS_LDFLAGS to check_symbols target. Non-ELF HP-UX + executables don't support SHLIB_PATH or LD_LIBRARY_PATH unless ld is + passed the +s flag. This lets the check_symbols test pass on systems + where the ldap libraries aren't installed in the standard location. + [c2d6d3248fa4] -2018-01-22 Todd C. Miller +2018-08-15 Todd C. Miller - * plugins/sudoers/defaults.c: - Better conversion from double to nanoseconds. - [2f54790801c8] + * doc/Makefile.in: + For the lint target, don't stop after the first manual that fails + lint. + [8a80d8e7b540] - * plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, - plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c, - plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, - plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, - plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, - plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, - plugins/sudoers/defaults.h, plugins/sudoers/mkdefaults, - plugins/sudoers/timestamp.c: - Store passwd_timeout and timestamp_timeout as a struct timespec - instead of as a float. Remove timeout argument to auth_getpass() as - it was never used. - [c4a3c60d0284] + * plugins/sudoers/timestamp.c: + Add debugging info so we can tell why a timestamp record doesn't + match. + [99ede76f9835] -2018-01-21 Todd C. Miller +2018-08-13 Todd C. Miller - * plugins/sudoers/mkdefaults: - Don't rely on perl being installed in /usr/local/bin - [e3274f56df43] + * NEWS: + typo + [8a5a11b921ea] -2018-01-17 Todd C. Miller + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, po/da.mo, + po/da.po: + sync with translationproject.org + [19f7eba39013] - * config.h.in, configure, configure.ac, lib/util/gettime.c, - lib/util/mktemp.c, lib/util/nanosleep.c, lib/util/utimens.c, - plugins/sudoers/boottime.c, plugins/sudoers/check.c, - plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, - plugins/sudoers/group_plugin.c, plugins/sudoers/iolog.c, - plugins/sudoers/ldap.c, plugins/sudoers/sssd.c, - plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c, - plugins/sudoers/visudo.c, src/net_ifs.c, src/sesh.c, src/sudo.c, - src/sudo_edit.c, src/utmp.c: - Remove use of AC_HEADER_TIME, only obsolete platforms actually need - this. Also stop removing sys/time.h unless the source file uses - struct timeval. - [a744b8a07685] +2018-08-11 Todd C. Miller - * plugins/sudoers/gram.c, plugins/sudoers/gram.y: - Remove duplicate options %type - [3ea3c3d477bf] + * plugins/sudoers/iolog.c: + Fix the return value of sudoers_io_change_winsize() on success. + Otherwise, we only log a single window size change. + [d6cdab99f6f9] -2018-01-16 Todd C. Miller + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: + sync with translationproject.org + [4109b52f393f] - * plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c, - plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, - plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c, - plugins/sudoers/sudoers.h: - Add an approval function to the sudo auth API which is run after the - user's password has been verified. The approval function is run even - if no password is required. This is currently only used for PAM (use - pam_acct_mgmt) and BSD auth (auth_approval). - [cab448ac8633] +2018-08-08 Todd C. Miller -2018-01-15 Todd C. Miller + * NEWS: + sync + [1448675b44aa] - * .hgtags: - Added tag SUDO_1_8_22 for changeset 39b58e206a15 - [bada7b6981ef] <1.8> +2018-08-07 Todd C. Miller - * INSTALL, Makefile.in, NEWS, config.h.in, configure, configure.ac, - doc/CONTRIBUTORS, doc/sudo.cat, doc/sudo.man.in, - doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, - doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, - doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, - doc/visudo.man.in, lib/util/Makefile.in, lib/util/event.c, - lib/util/getgrouplist.c, mkpkg, plugins/group_file/Makefile.in, - plugins/sudoers/Makefile.in, plugins/sudoers/auth/passwd.c, - plugins/sudoers/auth/secureware.c, plugins/sudoers/boottime.c, - plugins/sudoers/check.c, plugins/sudoers/env.c, - plugins/sudoers/iolog.c, plugins/sudoers/logging.c, - plugins/sudoers/match.c, plugins/sudoers/po/sudoers.pot, - plugins/sudoers/redblack.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, - plugins/sudoers/visudo.c, po/sudo.pot, src/Makefile.in, - src/exec_pty.c, src/load_plugins.c, src/parse_args.c, src/sudo.c, - src/ttyname.c: - merge sudo 1.8.22 from tip - [39b58e206a15] [SUDO_1_8_22] <1.8> + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Fix ambiguity when talking about Aliases. We can't use User_Alias in + the grammar as both the definition of the Alias as well as its name. + This adds {User,Runas,Host,Cmnd}_Alias_Spec to help differentiate + between the name of the alias and its definition. Bug #834 + [06678d12306f] - * plugins/sudoers/tsdump.c: - treat uid as unsigned in error message - [2672d4ca3479] + * doc/cvtsudoers.cat, doc/sudoreplay.cat: + regen + [d7237381675a] - * MANIFEST, plugins/sudoers/po/fur.mo: - Add missing plugins/sudoers/po/fur.mo file to repo. - [cfa503d7fcd4] + * Makefile.in: + Warn if unable to run xgettext or msgfmt. + [d0cbba35cd49] - * NEWS: - Mention new sudoers_timestamp manual. - [f96ad00c4ba4] +2018-08-06 Todd C. Miller -2018-01-12 Todd C. Miller + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/hr.mo, + plugins/sudoers/po/it.mo, plugins/sudoers/po/ja.mo, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pt_BR.mo, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/uk.mo, + plugins/sudoers/po/vi.mo: + sync with translationproject.org + [d1deb5cb5eb3] - * .hgignore: - ignore tsdump - [39306d37c846] +2018-08-05 Todd C. Miller - * plugins/sudoers/tsdump.c: - Convert from mono time to real time before displaying time stamps. - [12f9e1f5e8e5] + * plugins/sudoers/fmtsudoers.c, plugins/sudoers/ldap.c, + plugins/sudoers/ldap_util.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/policy.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Refactor code to convert defaults to tags and do conversion on + output for "sudo -l". -2018-01-11 Todd C. Miller + Remove the short_list (was long_list) global in favor of a verbose + argument. + [eae1e1e814e0] - * plugins/sudoers/solaris_audit.c: - Use PATH_MAX, not MAXPATHLEN. - [d3c7466aad1d] +2018-08-04 Todd C. Miller - * MANIFEST, config.h.in, configure, configure.ac, include/sudo_util.h, - lib/util/Makefile.in, lib/util/ttyname_dev.c, lib/util/util.exp.in, - plugins/sudoers/Makefile.in, plugins/sudoers/check.h, - plugins/sudoers/tsdump.c, src/ttyname.c: - Add tsdump, a simple utility to dump a timestamp file. To build, run - "make tsdump" in the plugins/sudoers directory (it is not built by - default). In order to map the tty device number to a name, - sudo_ttyname_dev() has been moved into libsudo_util. - [b79ae30fe6a4] + * plugins/sudoers/policy.c: + Assign short_list true, not 1 now that it is a boolean. + [10354cd29439] -2018-01-04 Todd C. Miller + * plugins/sudoers/fmtsudoers.c: + fix typo + [ad7e93f375ba] - * plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, po/uk.mo, - po/uk.po: +2018-08-03 Todd C. Miller + + * plugins/sudoers/rcstr.c: + Fix a warning on FreeBSD which has a fancier __containerof + implementation. + [b5106a524232] + + * plugins/sudoers/po/de.po, plugins/sudoers/po/hr.po, + plugins/sudoers/po/it.po, plugins/sudoers/po/ja.po, + plugins/sudoers/po/pl.po, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/sv.po, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.po: sync with translationproject.org - [71140a551c60] + [ae5353cbeac4] - * doc/LICENSE: - Welcome to 2018 - [3ddea360d414] +2018-08-02 Todd C. Miller -2017-12-28 Todd C. Miller + * aclocal.m4, autogen.sh, config.h.in, configure: + Regen with aclocal 1.15.1. + [22c02e451333] - * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, - plugins/sudoers/po/fur.po, plugins/sudoers/po/nb.mo, - plugins/sudoers/po/nb.po, plugins/sudoers/po/zh_CN.mo, - plugins/sudoers/po/zh_CN.po: - sync with translationproject.org - [fbd54c7f59f1] + * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/policy.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + For ldap/sssd, include defaults in the generate privilege unless we + are listing in short mode (in which case we convert them to tags if + possible). Fixes a problem where sudoOptions were not being applied + to the command. + [b21267488971] -2017-12-22 Todd C. Miller + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/parse.c, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + update_defaults() needs to be able to take a defaults_list for the + ldap/sssd backends which support per-role defaults. + [ddbb07881a46] - * plugins/sudoers/logging.c: - Silence a clang analyzer false positive. - [bfcdfe2c1376] +2018-07-31 Todd C. Miller - * doc/Makefile.in: - Remove extra $(srcdir)/sudoreplay.man.in target added by mistake. - [7e83806cc17e] + * plugins/sudoers/po/sudoers.pot: + regen + [29c5a09aaeaf] - * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, - plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, - plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, - plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, - plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, - plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, - plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, - plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, - plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, - plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, - plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, - plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, - plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/ja.mo, - po/ja.po: - sync with translationproject.org - [27cf5abeeb1a] - - * plugins/sudoers/timestamp.c: - Use a tty lock even for kernel time stamps so we can avoid - simultaneous password prompts. - [90a55098176b] +2018-07-30 Todd C. Miller * NEWS: - visudo changes - [06c99aab6f7a] + Update + [045b535f84b9] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, - plugins/sudoers/editor.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c: - Also honor SUDO_EDITOR in visudo. Previously is was only used by - sudoedit. - [9bccc7171a53] +2018-07-26 Todd C. Miller -2017-12-21 Todd C. Miller + * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/file.c, + plugins/sudoers/fmtsudoers.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + o Move userspecs, defaults and aliases into a new struct + sudoers_parse_tree. o The parse tree is now passed to the alias, + match and defaults functions. o The nss API has been changed so that + the nss parse() function returns a pointer to a struct + sudoers_parse_tree which will be filled in by the getdefs() and + query() functions. + [bddb4676ad0e] - * plugins/sudoers/sudoers.c: - Stop looking for an editor as soon as we find one. A similar fix was - made to visudo some time ago. - [c6c5d968612a] + * lib/util/getgrouplist.c: + Don't need to preallocate 4 x NGROUP_MAX on AIX or BSD/Linux. For + BSD/Linux, getgrouplist(3) will tell us the number of groups if we + don't have enough. For AIX, we can count the entries in the group + set before allocating the group vector. + [c278fd947af4] - * doc/sudoers_timestamp.cat, doc/sudoers_timestamp.man.in, - doc/sudoers_timestamp.mdoc.in: - The session ID was added in 1.8.6p7 to prevent a user in another - session from re-using the time stamp file. Other minor cleanups. - [f733f7ea97a7] + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/check.c, plugins/sudoers/sudoers.h: + Ignore PAM_NEW_AUTHTOK_REQD and PAM_AUTHTOK_EXPIRED errors from + pam_acct_mgmt() if authentication is disabled for the user. Bug #843 + [1dc39794cf0d] - * plugins/sudoers/check.h: - "time stamp" not "timestamp" - [af0f2d8b6d52] +2018-07-23 Todd C. Miller -2017-12-20 Todd C. Miller + * src/exec_pty.c: + Work around a bug on AIX where closing the pty slave causes the main + sudo process to lose its controlling tty (which was *not* the pty + slave). + [649a25b7f864] - * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, - plugins/sudoers/def_data.in, plugins/sudoers/timestamp.c: - Add "kernel" as a possible value of timestamp_type. Currently only - supported on OpenBSD. - [ca1a2a03e37d] + * src/sudo.c: + Add missing aix_restoreauthdb() call to match the aix_setauthdb() + added in b8a011be9af7. Fixes issues on AIX where local users/groups + may not be resolved when some NIS/AD/LDAP is used for users. + [16e196a7a337] - * MANIFEST, doc/Makefile.in, doc/sudoers.cat, doc/sudoers.man.in, - doc/sudoers.mdoc.in, doc/sudoers_timestamp.cat, - doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in, - plugins/sudoers/check.h: - Document the sudoers time stamp file format. - [d3470da8fde9] + * lib/util/getgrouplist.c: + Linux getgrouplist(3) returns the number of groups on success + instead of 0 like BSD. + [599a89afa4f5] -2017-12-19 Todd C. Miller +2018-07-20 Todd C. Miller - * plugins/sudoers/regress/starttime/check_starttime.c: - Verify start time of the current process, allowing for some clock - drift. For Linux, process start time is relative to boot time, not - wallclock time. - [4928645eaa1c] + * mkdep.pl, plugins/sudoers/Makefile.in: + When both a .o and .lo file was used in a Makefile, we used to make + the .o depend on the .lo. Unfortunately, this creates a race + condition for parallel make since libtool is not atomic (it creates + a .o and then renames it when building PIC objects for shared libs). -2017-12-18 Todd C. Miller + We always link with libtool so the only reason to prefer the .o over + the .lo file is to avoid mixing .o and .lo in the dependencies. + That's not a good enough reason so change mkdep.pl to warn when both + a .o and .lo are referenced in a Makefile and do nothing else. - * NEWS: - sync - [aeffb7f82e10] + Bug #842 + [a8d94e6aed9f] - * plugins/sudoers/po/sudoers.pot: - regen - [8be51858eec1] +2018-07-15 Todd C. Miller - * MANIFEST, plugins/sudoers/Makefile.in, - plugins/sudoers/regress/starttime/check_starttime.c: - Trivial test for process start time. We don't try to check the - resulting timespec as it differs by platform. On most it is - wallclock time, on others it is relative to boot time (Linux). - [e74cf3bd4c87] + * plugins/sudoers/ldap.c: + Avoid duplicate free when netgroup_base is invalid. + [5ce39dff77ba] - * lib/util/Makefile.in: - regen - [6de26735d666] +2018-07-03 Todd C. Miller -2017-12-17 Todd C. Miller + * lib/util/arc4random.h: + Use madvise(2) with MADV_WIPEONFORK if available. + [a11461409569] - * plugins/sudoers/starttime.c: - Support start time on macOS and 4.4BSD - [81f2eebc7edb] +2018-07-01 Todd C. Miller -2017-12-16 Todd C. Miller + * plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, po/eo.mo, + po/eo.po: + sync with translationproject.org + [01bcfe7b30e5] - * plugins/sudoers/regress/env_match/check_env_pattern.c: - Include sys/types.h for mode_t used in sudoers.h. - [bdff1606f111] + * NEWS: + Update. + [f5e0b1f909bb] - * plugins/sudoers/starttime.c: - Fix compilation error on FreeBSD - [2c4962a7812c] +2018-06-25 Todd C. Miller - * plugins/sudoers/starttime.c: - Fix debug_decl(), it should be SUDOERS_DEBUG_UTIL Add debugging for - the successful case For Linux, don't NUL out *ep before parsing with - strtoull(). - * * * Add missing debug info for the System V /proc version. - [2394c6d9375d] + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + sync with schema.OpenLDAP + [d83420d8228d] - * MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/Makefile.in, plugins/sudoers/check.h, - plugins/sudoers/starttime.c, plugins/sudoers/timestamp.c: - In the timestamp record, include the start time of the terminal - session leader for tty-based timestamps or the start time of the - parent process for ppid-based timestamps. Idea from Duncan - Overbruck. - [f0964b4cf4ac] + * doc/schema.OpenLDAP: + RFC 2849 specifies whitespace as the space character only so replace + tabs with spaces. Bug #840 + [e9d5de6365ba] -2017-12-15 Todd C. Miller + * doc/schema.OpenLDAP: + Fix typo; bug #839 + [dee2dad738de] - * plugins/sudoers/timestamp.c: - If the lock record doesn't match the expected record size we need to - seek to the end of the record as we otherwise may have gone too far - (or not far enough). Fixes interop problems when the time stamp - record changes size. - [e8e4c3815db5] +2018-06-16 Todd C. Miller -2017-12-12 Todd C. Miller + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + Should no longer need to set max_groups. + [459119b11265] - * src/exec_pty.c: - No need for a loop around the recv() now that we don't have to worry - about EINTR. CID 180697 - [7cb966d69bc6] +2018-06-15 Todd C. Miller - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: - Try to be clearer about sudo's exit value when the -l option is - used. - [efbddaa576a7] + * plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/pwutil_impl.c, + src/sudo.c: + Use new sudo_getgrouplist2() function instead of getgrouplist(). + [8e88b6d3ea6f] - * NEWS: - sync - [99fc4b347250] + * configure, configure.ac, include/sudo_compat.h, include/sudo_util.h, + lib/util/Makefile.in, lib/util/getgrouplist.c, lib/util/util.exp.in: + Add sudo_getgrouplist2() to dynamically allocate the group vector. + This allows us to avoid repeatedly calling getgrouplist() with a + statically sized vector on macOS, Solaris, HP-UX, and AIX. + [55480e2ec7c2] - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c, - plugins/sudoers/sssd.c: - An empty RunAsUser means run as the invoking user, similar to how - the sudoers files works. - [576172386594] + * src/conversation.c: + Fix fd leak introduced by SUDO_CONV_PREFER_TTY commit. Coverity CID + 186605. + [fb6eb518bc4c] - * doc/sudoers.cat, doc/sudoers.man.in: - regen - [9b6d0064f410] +2018-06-13 Todd C. Miller -2017-12-11 Todd C. Miller + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat, + doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in, + doc/sudoers_timestamp.cat, doc/sudoers_timestamp.man.in, + doc/sudoers_timestamp.mdoc.in, doc/visudo.cat, doc/visudo.man.in, + doc/visudo.mdoc.in: + Fix some issues pointed out by mandoc -Tlint + [7ace981c7334] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, - plugins/sudoers/def_data.in, plugins/sudoers/logging.c: - Add authfail_message sudoers option to allow the user to override - the default message of %d incorrect password attempt(s). - [f11e9d64a6da] + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, src/conversation.c: + Add SUDO_CONV_PREFER_TTY flag for conversation function to tell sudo + to try writing to /dev/tty first. Can be used in conjunction with + SUDO_CONV_INFO_MSG and SUDO_CONV_ERROR_MSG. + [a1e9420a7c5e] - * plugins/sudoers/policy.c, src/parse_args.c: - Allow the plugin to determine whether or not an empty timeout is - allowed. For sudoers, an error will be returned for an empty - timeout. - [26511c049fb1] +2018-06-08 Todd C. Miller - * plugins/sudoers/timeout.c: - Return an error for an empty timeout string. Just use strtol() for - syntax checking instead of scanning with strspn(). - [1fa1b712fbcc] + * doc/LICENSE: + Update for arc4random.c, arc4random_uniform.c and getentropy.c + [168db3c8d590] - * src/parse_args.c, src/sudo_edit.c: - Change some _() into U_() since they are used for warn/fatal. We - always want to issue warnings in the user's locale. - [684331aee66e] +2018-06-05 Todd C. Miller - * Makefile.in: - update my email address - [b4ec26be6203] + * src/regress/noexec/check_noexec.c: + FreeBSD wordexp() returns WRDE_SYNTAX if it can't write to the shell + process. Since we've prevented execve() from succeeding this is the + error we get back from wordexp() on FreeBSD. + [2a7a73de30cf] -2017-12-10 Todd C. Miller +2018-06-04 Todd C. Miller - * log2cl.pl: - Don't print mercurial branch info for merges. - [489881774e52] + * plugins/sudoers/starttime.c: + Fix conversion of usec to nsec; from Scott Cheloha + [26fa756ea623] - * log2cl.pl: - Use log size instead of using a separator between the log entry and - the file names. - [620c231f789b] +2018-06-01 Todd C. Miller - * src/parse_args.c: - Print usage and return an error when an empty argument is given for - all command line arguments other than -p and -E. Bug #817 - [143be1bc8316] + * include/sudo_plugin.h: + Fix typo. + [504256dc4ccc] - * plugins/sudoers/policy.c: - Better input validation of settings passed by the sudo front-end. - Instead of ignoring an empty setting, throw an error. - [93cc4f4761f3] +2018-05-29 Todd C. Miller - * log2cl.pl: - Treat a blank line in a commit message as a line break. There - doesn't appear to be a way to make perl's format use a blank field - but at least the line break happens now. - [fbc3ff819341] + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + The getdefs() function now get called multiple times so use the + cached data if present. + [042be7ccab3c] -2017-12-09 Todd C. Miller + * plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c: + Return an empty defaults list, not NULL if there is no global + sudoers defaults entry in sss. + [8e16de465ee2] - * MANIFEST, Makefile.in, log2cl.pl: - Add script to generate ChangeLog from git log output. - [e8bfbd1ae6ef] + * plugins/sudoers/file.c: + Fix memory leak of handle pointer on close. + [e4eb30e611d4] -2017-12-08 Todd C. Miller + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Remove a needless copy when parsing options. + [60fe50b736a9] - * plugins/sudoers/defaults.c, plugins/sudoers/logging.c, - plugins/sudoers/logging.h: - Don't include syslog.h from logging.h, just include it in the two .c - files it is actually needed. - [9ffc5ca9eb49] + * plugins/sudoers/file.c, plugins/sudoers/ldap.c, + plugins/sudoers/parse.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h, + plugins/sudoers/sudoers.c: + Move cached userspecs and defaults into the handle object. + [37e4df73907d] -2017-12-06 Todd C. Miller +2018-05-28 Todd C. Miller - * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: - Document that in check mode, visudo does not check the owner/mode on - files specified with the -f flag. - [f5d86019e4c7] + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Quiet a clang analyzer warning. It should not be possible for + pop_include() to be called when YY_CURRENT_BUFFER is NULL. + [148d79e5a44e] -2017-12-03 Todd C. Miller + * plugins/sudoers/file.c, plugins/sudoers/ldap.c, + plugins/sudoers/sssd.c: + Reorder things to avoid the need to declare static functions. + [8f27e69fa9cb] - * Makefile.in, configure.ac, doc/HISTORY, doc/LICENSE, - doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, - doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudo.man.in, - doc/sudo.mdoc.in, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, - doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, - doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.man.in, - doc/sudoreplay.mdoc.in, doc/visudo.man.in, doc/visudo.mdoc.in, - examples/Makefile.in, include/Makefile.in, - include/compat/charclass.h, include/compat/endian.h, - include/compat/fnmatch.h, include/compat/nss_dbdefs.h, - include/compat/sha2.h, include/sudo_compat.h, include/sudo_conf.h, - include/sudo_debug.h, include/sudo_dso.h, include/sudo_event.h, - include/sudo_fatal.h, include/sudo_gettext.h, include/sudo_lbuf.h, - include/sudo_plugin.h, include/sudo_util.h, lib/util/Makefile.in, - lib/util/aix.c, lib/util/closefrom.c, lib/util/event.c, - lib/util/event_poll.c, lib/util/event_select.c, lib/util/fatal.c, - lib/util/getgrouplist.c, lib/util/gethostname.c, lib/util/getline.c, - lib/util/getopt_long.c, lib/util/gettime.c, lib/util/gidlist.c, - lib/util/glob.c, lib/util/isblank.c, lib/util/key_val.c, - lib/util/lbuf.c, lib/util/locking.c, lib/util/memrchr.c, - lib/util/memset_s.c, lib/util/mksiglist.c, lib/util/mksigname.c, - lib/util/mktemp.c, lib/util/nanosleep.c, lib/util/parseln.c, - lib/util/pipe2.c, lib/util/progname.c, lib/util/pw_dup.c, - lib/util/regress/atofoo/atofoo_test.c, - lib/util/regress/fnmatch/fnm_test.c, - lib/util/regress/glob/globtest.c, - lib/util/regress/parse_gids/parse_gids_test.c, - lib/util/regress/progname/progname_test.c, - lib/util/regress/strsplit/strsplit_test.c, - lib/util/regress/sudo_conf/conf_test.c, - lib/util/regress/sudo_parseln/parseln_test.c, - lib/util/regress/tailq/hltq_test.c, - lib/util/regress/vsyslog/vsyslog_test.c, lib/util/secure_path.c, - lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c, - lib/util/snprintf.c, lib/util/strlcat.c, lib/util/strlcpy.c, - lib/util/strndup.c, lib/util/strnlen.c, lib/util/strsignal.c, - lib/util/strsplit.c, lib/util/strtobool.c, lib/util/strtoid.c, - lib/util/strtomode.c, lib/util/strtonum.c, lib/util/sudo_conf.c, - lib/util/sudo_debug.c, lib/util/sudo_dso.c, lib/util/term.c, - lib/util/ttysize.c, lib/util/utimens.c, lib/util/vsyslog.c, - lib/zlib/Makefile.in, m4/sudo.m4, mkdep.pl, mkpkg, pathnames.h.in, - plugins/group_file/Makefile.in, plugins/group_file/getgrent.c, - plugins/group_file/group_file.c, plugins/group_file/plugin_test.c, - plugins/sample/Makefile.in, plugins/sample/sample_plugin.c, - plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, - plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c, - plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, - plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, - plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, - plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, - plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, - plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, - plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/base64.c, - plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c, - plugins/sudoers/bsm_audit.h, plugins/sudoers/check.c, - plugins/sudoers/check.h, plugins/sudoers/defaults.c, - plugins/sudoers/defaults.h, plugins/sudoers/digestname.c, - plugins/sudoers/editor.c, plugins/sudoers/env.c, - plugins/sudoers/env_pattern.c, plugins/sudoers/filedigest.c, - plugins/sudoers/filedigest_gcrypt.c, - plugins/sudoers/filedigest_openssl.c, plugins/sudoers/find_path.c, - plugins/sudoers/gc.c, plugins/sudoers/gentime.c, - plugins/sudoers/getspwuid.c, plugins/sudoers/gmtoff.c, - plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, - plugins/sudoers/hexchar.c, plugins/sudoers/ins_2001.h, - plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h, - plugins/sudoers/ins_goons.h, plugins/sudoers/insults.h, - plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, - plugins/sudoers/iolog.c, plugins/sudoers/iolog.h, - plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, - plugins/sudoers/linux_audit.c, plugins/sudoers/linux_audit.h, - plugins/sudoers/locale.c, plugins/sudoers/logging.c, - plugins/sudoers/logging.h, plugins/sudoers/logwrap.c, - plugins/sudoers/match.c, plugins/sudoers/match_addr.c, - plugins/sudoers/mkdir_parents.c, plugins/sudoers/parse.c, - plugins/sudoers/parse.h, plugins/sudoers/po/sudoers.pot, - plugins/sudoers/policy.c, plugins/sudoers/prompt.c, - plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h, - plugins/sudoers/pwutil_impl.c, plugins/sudoers/rcstr.c, - plugins/sudoers/redblack.c, plugins/sudoers/redblack.h, - plugins/sudoers/regress/check_symbols/check_symbols.c, - plugins/sudoers/regress/env_match/check_env_pattern.c, - plugins/sudoers/regress/iolog_path/check_iolog_path.c, - plugins/sudoers/regress/logging/check_wrap.c, - plugins/sudoers/regress/parser/check_addr.c, - plugins/sudoers/regress/parser/check_base64.c, - plugins/sudoers/regress/parser/check_digest.c, - plugins/sudoers/regress/parser/check_fill.c, - plugins/sudoers/regress/parser/check_gentime.c, - plugins/sudoers/regress/parser/check_hexchar.c, - plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, - plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h, - plugins/sudoers/sudo_printf.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, plugins/sudoers/sudoers2ldif, - plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoers_debug.h, - plugins/sudoers/sudoers_version.h, plugins/sudoers/sudoreplay.c, - plugins/sudoers/testsudoers.c, plugins/sudoers/timeout.c, - plugins/sudoers/timestamp.c, plugins/sudoers/timestr.c, - plugins/sudoers/toke.c, plugins/sudoers/toke.h, - plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, - plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h, - plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, - plugins/system_group/Makefile.in, - plugins/system_group/system_group.c, po/sudo.pot, src/Makefile.in, - src/conversation.c, src/env_hooks.c, src/exec.c, src/exec_common.c, - src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, src/get_pty.c, - src/hooks.c, src/load_plugins.c, src/net_ifs.c, src/openbsd.c, - src/parse_args.c, src/preload.c, src/preserve_fds.c, - src/regress/noexec/check_noexec.c, - src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c, - src/signal.c, src/solaris.c, src/sudo.c, src/sudo.h, - src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c, - src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tcsetpgrp_nobg.c, - src/tgetpass.c, src/ttyname.c, src/utmp.c, sudo.pp: - update my email to Todd.Miller@sudo.ws - [96110003e904] +2018-05-24 Todd C. Miller -2017-12-02 Todd C. Miller + * MANIFEST, config.h.in, configure, configure.ac, include/sudo_rand.h, + lib/util/Makefile.in, lib/util/arc4random.c, lib/util/arc4random.h, + lib/util/arc4random_uniform.c, lib/util/chacha_private.h, + lib/util/getentropy.c, lib/util/util.exp.in, mkdep.pl: + Import arc4random() from libressl. This takes an all-in-one approach + instead of the one-file-per-OS approach that libressl takes. The + fallback code does not have as many OS-specific bits as libressl. + [310d65e466bd] - * plugins/sudoers/sudoreplay.c: - Add missing carriage return before prompt when replay is done. - [cf4b8bfcb3dd] + * lib/util/Makefile.in, lib/util/mktemp.c, + plugins/sudoers/Makefile.in, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/insults.h: + Use arc4random for mkstemp() and insults. + [b8c7447756f2] - * src/exec_pty.c: - Track window size changes that happen while sudo is suspended - [cae06f75bde9] + * MANIFEST, configure, configure.ac, include/sudo_digest.h, + lib/util/Makefile.in, lib/util/digest.c, lib/util/digest_gcrypt.c, + lib/util/digest_openssl.c, lib/util/util.exp.in, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/digestname.c, + plugins/sudoers/filedigest.c, plugins/sudoers/filedigest_gcrypt.c, + plugins/sudoers/filedigest_openssl.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/ldap_util.c, plugins/sudoers/match.c, + plugins/sudoers/parse.h, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/sudo_ldap.h, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Move digest code into libutil + [c53cf5c508eb] -2017-12-01 Todd C. Miller +2018-05-20 Todd C. Miller - * plugins/sudoers/po/sudoers.pot, po/sudo.pot: - regen - [26ae754b8416] + * MANIFEST, plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/regress/cvtsudoers/test25.sh, + plugins/sudoers/regress/cvtsudoers/test26.out.ok, + plugins/sudoers/regress/cvtsudoers/test26.sh, + plugins/sudoers/regress/cvtsudoers/test27.out.ok, + plugins/sudoers/regress/cvtsudoers/test27.sh: + Check for invalid bas64 attributes. + [4218d11c8205] - * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat, - doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoreplay.cat, - doc/visudo.cat: - regen for sudo 1.8.22 - [596d82da0158] + * plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/regress/parser/check_base64.c: + Fix pointer sign warnings. + [5ee724e3956e] - * NEWS, configure, configure.ac: - Sudo 1.8.22 - [6b32c2f5d020] + * plugins/sudoers/cvtsudoers_ldif.c: + Add missing variable declaration for SELinux and Solaris. + [c8084f0508e5] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: - Background processes started by the command will no longer receive - SIGHUP. - [47bcc3ae4362] + * plugins/sudoers/cvtsudoers_ldif.c: + Handle empty string and treat it as safe. + [8029b97d8f4a] - * src/exec_monitor.c: - When the command completes, make the monitor the foreground process - group before informing the main sudo process of the command's exit - status. This will prevent processes started by the command (which - runs in a different process group) from receiving SIGHUP since the - kernel sends SIGHUP to the foreground process group associated with - the terminal session. The monitor has a SIGHUP handler installed so - the signal is effectively ignored. - [9e163efe4afb] + * MANIFEST, plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/regress/cvtsudoers/test26.out.ok, + plugins/sudoers/regress/cvtsudoers/test26.sh: + Add support for base64-encoding non-safe strings in LDIF output. + [b9fd1795f4ee] - * src/sudo.c: - Add debug printfs around group list retrieval. - [5f307b00153b] +2018-05-19 Todd C. Miller -2017-11-30 Todd C. Miller + * plugins/sudoers/base64.c, plugins/sudoers/parse.h, + plugins/sudoers/regress/parser/check_base64.c: + Add base64_encode() by Jon Mayo. + [a893ec3dc667] - * src/exec_pty.c: - Move call to sudo_ev_loopcontinue() into schedule_signal() itself. - We always want to prioritize signal forwarding. - [4b25dc24038b] +2018-05-18 Todd C. Miller - * src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c: - Don't loop over read/write, recv/send or tcgetpgrp/tcsetpgrp trying - to handle EINTR. We now use SA_RESTART with signals so this is not - needed and is potentially dangerous if it is possible to receive - SIGTTIN or SIGTTOU (which it currently is not). - [ba6885b57891] + * MANIFEST, plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/regress/cvtsudoers/test25.out.ok, + plugins/sudoers/regress/cvtsudoers/test25.sh: + Add support for parsing base64-encoded attributes + [262dd9a526de] -2017-11-29 Todd C. Miller +2018-05-17 Todd C. Miller - * src/exec_monitor.c, src/signal.c: - Sprinkle some extra debugging printfs - [bf33574bc603] + * plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/regress/sudoers/test2.ldif.ok: + rfc2253 says we need to escape " and leading and trailing space. + [1c0105a5eb1b] - * src/exec_pty.c: - We don't need to be the foreground process to be able to write to - the terminal in most cases. If the background process tries to - modify the terminal flags it will receive SIGTTOU which is relayed - to the sudo front-end. This currently mishandles terminals with the - TOSTOP local flag set. - [3fc25570d482] + * configure, configure.ac: + Define ZLIB_CONST so we get the const version of the API. + [71a629d0eb4b] - * src/exec_pty.c: - Handle receipt of SIGTTIN/SIGTTOU when reading/writing from/to the - tty. We can't use a signal event for these since that would restart - the system call after the signal was handled and the callback would - not get a chance to run. Fixes running a command in the background - that write to the tty when the TOSTOP terminal flag is set. - [5ac68f05249a] +2018-05-16 Todd C. Miller -2017-11-28 Todd C. Miller + * plugins/sudoers/parse.c: + Fix logic inversion when handing the authenticate Defaults option + for "sudo -l" and "sudo -v" in long list mode. + [f8157d4c4f03] * plugins/sudoers/sssd.c: - Avoid a double free when ipa_hostname is set in sssd.conf and it is - an unqualified host name. From Daniel Kopecek. - - Also move the "unable to allocate memory" warning into - get_ipa_hostname() itself to make it easier to see where the - allocation failed in the debug log. - [14dacdea3319] - - * plugins/sudoers/ldap.c, plugins/sudoers/policy.c, - plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h, - plugins/sudoers/pwutil_impl.c, plugins/sudoers/set_perms.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: - When running a command as the invoking user we cannot use the gid - list from the front-end since it may not correspond to the user's - aux group vector as defined by the group database. - [b456101fe509] - - * lib/util/regress/fnmatch/fnm_test.c, - lib/util/regress/glob/globtest.c, - plugins/sudoers/regress/env_match/check_env_pattern.c, - plugins/sudoers/regress/parser/check_base64.c, - plugins/sudoers/regress/parser/check_digest.c, - plugins/sudoers/regress/parser/check_gentime.c, - plugins/sudoers/regress/parser/check_hexchar.c: - Add missing initprogname() calls. - [ad4f8d236d89] - -2017-11-21 Todd C. Miller - - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: - Better describe things when a command is run in a pty. - [0f34fc342ab5] + Set handle->pw before sss_to_sudoers() since sss_check_user() uses + it. Coverity CID 185651 + [fa646e569352] -2017-11-16 Todd C. Miller + * plugins/sudoers/ldap_util.c: + Fix memory leak on error, CID 185602 + [31c1ab085985] * plugins/sudoers/ldap.c: - Plug some memory leaks on error, some found by the clang static - analyzer. - [62844cc145b6] - -2017-11-15 Todd C. Miller - - * plugins/sudoers/parse.c: - Avoid calling cmnd_matches() in list/verify mode if we already have - a match. - [5bddfc911065] - - * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, - plugins/sudoers/sssd.c: - In list (-l) or verify (-v) mode, if we have a match but - authentication is required, clear FLAG_NOPASSWD so that when - listpw/verifypw is set to "all" and there are multiple sudoers - sources a password will be required unless none of the entries in - all sources require authentication. From Radovan Sroka of RedHat - [edac7222600a] + Some ldap_get_values_len -> sudo_ldap_get_values_len that were + missed before. + [d7f1877531be] - * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - When checking the results for "sudo -l" and "sudo -v", keep checking - even after we get a match since the value of doauth may depend on - evaluating all the results. From Radovan Sroka of RedHat. - [ae0704445bd4] + * plugins/sudoers/ldap_util.c: + When building up the cmndspec, add the actual command member last. + This simplifies the logic regarding the SETENV tag and alsomakes + "out of memory" cleanup simpler. + [d704f3b09ac1] -2017-11-14 Todd C. Miller + * plugins/sudoers/cvtsudoers_ldif.c: + Fix format string mismatch, sudo_order is unsigned. + [ecc398e45b0a] - * plugins/sudoers/sudoers.c: - If passwd_tries is less than 1, check_user() will always return - false (since the user didn't authenticate). The normal reason for - this is an authentication error but in this case no authentication - was tries so no warning message has been displayed to the user. If - the user wasn't given a chance to authenticate, set inform_user to - true when calling log_denial() from sudoers_policy_main(). + * plugins/sudoers/pwutil.c: + Add cppcheck annotation to suppress memory leak false positive. + [d4a0ae57c372] - An alternate approach would be for check_user() to return true in - this case but seems more confusing. - [c8be95b46e9d] + * plugins/sudoers/ldap_util.c: + Sudo "ALL" implies the SETENV tag. + [7abc653b4d39] -2017-10-22 Todd C. Miller + * src/parse_args.c: + Only set MODE_PRESERVE_ENV when preserving the entire environment. + Fixes a problem introduced in 1.8.23 where "sudo -i" could not be + used in conjunction with --preserve-env=VARIABLE. Bug #835 + [8ea75ca8fbd2] - * doc/TROUBLESHOOTING: - Document bash shell alias issue with "sudo -i". - [8affa5376277] +2018-05-15 Todd C. Miller -2017-10-20 Todd C. Miller + * plugins/sudoers/file.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/ldap.c, + plugins/sudoers/parse.h, plugins/sudoers/sssd.c: + Add free_userspecs() and free_default() and use them instead of + looping over the lists and calling free_userspec() and + free_default(). + [797221539242] - * plugins/sudoers/policy.c: - Return an error if the sudo front end doesn't set the user name, - user ID, group ID or host name. Bug #807 - [03e281d93fff] + * configure, configure.ac: + Depending on the bos level, AIX 6.1 may or may not include + getline/getdelim and AIX 7.1 may or may not include memset_s. Since + we need to build packages that will work on all AIX 6.1 and 7.1 + machines, use our getline() and memset_s emulation. + [f5c427076b2c] - * lib/util/gethostname.c: - Treat an empty hostname as a failure and return NULL. - [fafb3a3083cb] +2018-05-14 Todd C. Miller -2017-10-17 Todd C. Miller + * plugins/sudoers/ldap_util.c: + Do not leak struct sudo_command when the command is ALL. Coverity + CID 185602. + [d71ca4bc06bc] - * plugins/sudoers/sudoers2ldif: - Add support for #include and #includedir from Natale Vinto. - [926deea0d506] + * NEWS, configure, configure.ac: + Sudo 1.8.24 + [7df3df9a3907] -2017-10-14 Todd C. Miller + * plugins/sudoers/sssd.c: + Improve comments about why we need to do a user check and how it + related to netgroups. + [605234ed0935] - * doc/CONTRIBUTORS: - Minor corrections from Tae Wong - [dbc5ee98ffa6] + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Add checks for ldap/sss functions failing due to memory allocation + errors. + [0dfeb0d8ecf5] -2017-10-12 Todd C. Miller + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Let the main sudoers lookup code check the host name. We still check + the user name so it is possible to use a single userspec but this + may change in the future. + [a74699b90213] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: - Add a warning that for "sudo -i command" and "sudo -s command" the - shell is not run in interactive mode which may change its behavior. - [76c19db05a1e] + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/file.c, + plugins/sudoers/ldap.c, plugins/sudoers/ldap_util.c, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/sssd.c, plugins/sudoers/sudo_ldap.h, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Simplify the nss interface such that each sudoers provider fills in + a per-nss list of userspecs and defaults instead of using separate + lookup and list functions. This makes it possible to have a single + implementation of the code for sudoers lookup and listing. + [50de9302de01] -2017-09-26 Todd C. Miller + * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/defaults.c, + plugins/sudoers/filedigest.c, plugins/sudoers/filedigest_gcrypt.c, + plugins/sudoers/filedigest_openssl.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c, + plugins/sudoers/ldap_util.c, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/policy.c, + plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c: + Include parse.h in sudoers.h since it will soon be required. + [196abb590d96] - * include/sudo_compat.h, src/exec_pty.c: - Fix stair-stepped output when the output of a sudo command is piped - to another command and use_pty is set. - [e91e3f12d2d4] + * plugins/sudoers/ldap_util.c: + Parse "ALL" as a command correctly. + [d969e7dfdbbc] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - env_keep and env_check are also taken into account with "sudo -i". - Bug #806 - [5f5568c6fdd9] +2018-05-11 Todd C. Miller -2017-09-18 Todd C. Miller + * plugins/sudoers/match.c: + Add debug warning if lseek() fails (should not be possible). + [d568dc923c7d] - * INSTALL, config.h.in, configure, configure.ac, - plugins/sudoers/ins_classic.h: - Make PC insults the default and add new configure option, enable- - offensive-insults, to enable the offensive insults. - [eb264d342601] + * plugins/sudoers/match.c: + Fix swapped args of lseek() when rewinding. This didn't cause a + problem because the value of SEEK_SET is 0. + [142591a3f333] -2017-09-14 Todd C. Miller +2018-05-10 Todd C. Miller - * doc/CONTRIBUTORS: - Add missing translators from recent updates and one name change. - [20828c25ad92] + * plugins/sudoers/regress/parser/check_hexchar.c: + Fix a format-truncation warning in newer gcc by avoiding using %0x + and %0X in the test. We are formatting a single byte so just do it + one nybble at a time. + [7c594a63598f] -2017-09-07 Todd C. Miller + * configure: + Regen with autoconf git commit + e17a30e987d7ee695fb4294a82d987ec3dc9b974 AC_HEADER_MAJOR: port to + glibc 2.25 + [9fe77765c768] - * MANIFEST, plugins/sudoers/po/fur.po, plugins/sudoers/po/hr.mo, - plugins/sudoers/po/hr.po, plugins/sudoers/po/sv.mo, - plugins/sudoers/po/sv.po, po/hr.mo, po/hr.po, po/sv.mo, po/sv.po: - sync with translationproject.org - * * * sync with translationproject.org - [24bb066fa19f] +2018-05-03 Todd C. Miller - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - More accurately describe the use_pty option now that its behavior - has changed with respect to interposition with a pipe. Also describe - some caveats with log_input. - [a87056499931] + * plugins/sudoers/cvtsudoers_ldif.c: + No need to explicitly free role on EOF, it will be freed after the + loop is done. + [8d08c06b7622] - * doc/UPGRADE: - Document changes in use_pty behavior when no terminal is present. - [a4b978693178] + * plugins/sudoers/policy.c: + Garbage collect the command argv, envp and info vectors since they + are not available at policy close time. + [de22290a8ec5] - * src/exec_pty.c: - Set ec->cmnd_pid to the correct value when receiving the command's - process ID from the monitor. - [a624309ba848] + * plugins/sudoers/cvtsudoers_ldif.c: + Plug memory leaks on parse error or when an LDIF entry doesn't match + the dn filter. + [4f48e740eed1] - * src/exec.c, src/exec_nopty.c, src/exec_pty.c, src/sudo_exec.h: - If /dev/tty is not available and no I/O logging plugins are - configured, fall back on exec_nopty() even if the policy plugin - requested a pty. We never allocate a pty when sudo is not run from a - terminal anyway. - [c9b9c6c4e0ad] + * plugins/sudoers/cvtsudoers.c: + Rename variables now that the string list functions are not ldap- + specific. + [640497f70551] - * src/exec_pty.c: - Do not set utmp_user if we did not actually allocate a pty. - [aa8e0fdea32b] +2018-04-30 Todd C. Miller -2017-09-06 Todd C. Miller + * NEWS: + Fix typo + [6466295ba962] - * .hgtags: - Added tag SUDO_1_8_21p2 for changeset a37c61a2a2c2 - [33ce7afbd0b1] <1.8> +2018-04-29 Todd C. Miller - * NEWS, configure, configure.ac, lib/util/event.c: - merge sudo 1.8.21p2 from tip - [a37c61a2a2c2] [SUDO_1_8_21p2] <1.8> + * configure, configure.ac: + fix version + [bfed601130b5] - * NEWS, configure, configure.ac: - sudo 1.8.21p2 - [94d18888e7c4] + * NEWS: + sync + [1c382f2aff27] - * src/exec.c: - sudo_terminated() should not return true when SIGCHLD is pending. - Bug #801 - [57f636b6489f] + * configure, configure.ac, plugins/sudoers/po/zh_CN.mo, + plugins/sudoers/po/zh_CN.po, po/zh_CN.mo, po/zh_CN.po: + sync with translationproject.org + [ec28ff5acbd6] - * src/tgetpass.c: - Set SIGCHLD handler to SIG_DFL before forking the askpass command - and restore after. Otherwise, SIGCHLD will end up in the list of - pending signals and sudo_execute() will not execute the command. - [c171eeabdc72] +2018-04-25 Todd C. Miller - * lib/util/event.c: - The read and write sides of signal_pipe[] were swapped, resulting in - EBADF reading from and writing to the signal pipe on Linux and - probably others. On systems with bidirectional pipes this was not an - issue. - [7668f93e6544] + * plugins/sudoers/match.c: + O_EXEC for fexecve() not O_SEARCH. + [a156d8b38f31] -2017-09-05 Todd C. Miller + * doc/TROUBLESHOOTING: + Document how to suppress the last login message on Solaris. + [2926b670aca4] - * plugins/sudoers/auth/pam.c: - Fix a logic error in 96651906de42 which prevented sudo from using - the PAM-supplied prompt. Bug #799 - [6ee5cc13af69] +2018-04-24 Todd C. Miller -2017-09-01 Todd C. Miller + * plugins/sudoers/cvtsudoers_json.c: + Fix compilation error with older Sun Studio compilers. + [0f735611642d] - * .hgtags: - Added tag SUDO_1_8_21p1 for changeset 5c53ead6e4af - [60a25b72a535] <1.8> + * NEWS: + Update Bug #831 decription. + [d5e6a2a807b8] - * NEWS, configure, configure.ac, doc/sudo.cat, doc/sudo.man.in, - doc/visudo.cat, mkpkg, plugins/sudoers/check.c: - merge sudo 1.8.21p1 from tip - [5c53ead6e4af] [SUDO_1_8_21p1] <1.8> + * MANIFEST, doc/CONTRIBUTORS, po/zh_TW.mo, po/zh_TW.po: + Add Chinese(Taiwan) translation for sudo. + [5a4ba6769cca] - * NEWS, configure, configure.ac: - Sudo 1.8.21p1 - [7e6bf56cb06c] + * plugins/sudoers/match.c: + Move the check for /dev/fd/N until *after* the digest has been + checked. We still need to be able to check the digest even if there + is no /dev/fd/N or fexecve(). + [e0e086b4e764] - * mkpkg: - The Fedora sudo package uses /etc/ldap.conf not /etc/sudo-ldap.conf. - [7b4e6f50e138] +2018-04-23 Todd C. Miller - * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - The fix for matching when no sudoRunAsUser is present in a sudoRole - was incomplete. If no -g option was specified on the command line - but sudoRunAsGroup is present in a sudoRole, we need to treat the - group match as failed instead of missing. - [3aaeeebd924c] + * plugins/sudoers/match.c: + Rewind the fd after calling sudo_filedigest(). Otherwise, when + running a script via fexecve(), the interpreter may get EOF when + reading /dev/fd/N. This only appears to affect BSD systems with + fdescfs. Bug #831. + [d79f5125cc73] - * plugins/sudoers/check.c, plugins/sudoers/defaults.c: - Sprinkle a few more debugging printfs. - [f7a40f9985cf] + * plugins/sudoers/match.c: + In open_cmnd(), return true, not false, if we the /dev/fd/N pathname + is not present. We don't want to fail a match because of this. + [72c4b499c019] - * plugins/sudoers/sudoreplay.c: - Fix replaying sessions that contain input logs. When the inter- - record timeout expires we need to read the next record if there is - nothing to output. - [443b329ddc60] + * NEWS: + Bug #831. + [700646725f45] - * doc/visudo.cat: - regen - [7ace4ac32116] + * plugins/sudoers/match.c: + We can only use fexecve() on a script if /dev/fd/N exists. Some + systems, such as FreeBSD, don't have /dev/fd mounted by default. Bug + #831 + [30f7c5d64104] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: - Fix typo (Auguest vs. August). From David Pocock. - [98a792ff1c90] +2018-04-22 Todd C. Miller -2017-08-31 Todd C. Miller + * plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po, + plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/el.mo, plugins/sudoers/po/el.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/eu.mo, plugins/sudoers/po/eu.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/fur.mo, plugins/sudoers/po/fur.po, + plugins/sudoers/po/hu.mo, plugins/sudoers/po/hu.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po, + plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, + plugins/sudoers/po/ru.mo, plugins/sudoers/po/ru.po, + plugins/sudoers/po/sk.mo, plugins/sudoers/po/sk.po, + plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, + plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/ca.mo, + po/ca.po, po/da.mo, po/da.po, po/de.mo, po/de.po, po/eo.mo, + po/eo.po, po/es.mo, po/es.po, po/eu.mo, po/eu.po, po/fi.mo, + po/fi.po, po/fur.mo, po/fur.po, po/gl.mo, po/gl.po, po/hu.mo, + po/hu.po, po/ko.mo, po/ko.po, po/nl.mo, po/nl.po, po/nn.mo, + po/nn.po, po/ru.mo, po/ru.po, po/sk.mo, po/sk.po, po/sl.mo, + po/sl.po, po/sr.mo, po/sr.po, po/vi.mo, po/vi.po, po/zh_CN.mo, + po/zh_CN.po: + sync with translationproject.org + [a786a841f30a] - * plugins/sudoers/sudo_nss.c: - Go back to returning true from display_privs() on non-error. This - results in "sudo -U otheruser -l" exiting with a status of 0 even - when otheruser is not allowed to run commands. This is appropriate - since the "sudo -l" command was successful. This does not change the - exit value when otheruser runs "sudo -l" themselves, the exit status - will be 1 since that user is not allowed to run commands. Requested - by Radovan Sroka. - [055b78015fcb] +2018-04-21 Todd C. Miller - * plugins/sudoers/ldap.c: - Fix the pass2 ldap query string when no search filter is defined. - Due to the addition of "(sudoUser=*)" to the query we always need - the AND operator, even if no search filter is present. - [631243487d27] + * plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po, + plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/el.mo, plugins/sudoers/po/el.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/eu.mo, plugins/sudoers/po/eu.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/fur.mo, plugins/sudoers/po/fur.po, + plugins/sudoers/po/hu.mo, plugins/sudoers/po/hu.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po, + plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, + plugins/sudoers/po/ru.mo, plugins/sudoers/po/ru.po, + plugins/sudoers/po/sk.mo, plugins/sudoers/po/sk.po, + plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, + plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/ca.mo, + po/ca.po, po/da.mo, po/da.po, po/de.mo, po/de.po, po/eo.mo, + po/eo.po, po/es.mo, po/es.po, po/eu.mo, po/eu.po, po/fi.mo, + po/fi.po, po/fur.mo, po/fur.po, po/gl.mo, po/gl.po, po/hu.mo, + po/hu.po, po/ko.mo, po/ko.po, po/nl.mo, po/nl.po, po/nn.mo, + po/nn.po, po/ru.mo, po/ru.po, po/sk.mo, po/sk.po, po/sl.mo, + po/sl.po, po/sr.mo, po/sr.po, po/vi.mo, po/vi.po, po/zh_CN.mo, + po/zh_CN.po: + sync with translationproject.org + [268a65ce44cb] -2017-08-29 Todd C. Miller + * MANIFEST, plugins/sudoers/regress/cvtsudoers/test23.out.ok, + plugins/sudoers/regress/cvtsudoers/test23.sh, + plugins/sudoers/regress/cvtsudoers/test24.out.ok, + plugins/sudoers/regress/cvtsudoers/test24.sh: + Add tests for round-tripping cvtsudoers, sudoers -> LDIF -> sudoers + and LDIF -> sudoers -> LDIF. + [370d4ba4dbb8] - * src/exec_nopty.c: - Don't forward SIGINFO to the child when it is send by the kernel - (not another user process). This is consistent with the handling of - other keyboard-generated signals such as SIGINT, SIGQUIT and - SIGTSTP. Bug #796 - [29603b0a4315] +2018-04-19 Todd C. Miller -2017-08-23 Todd C. Miller + * MANIFEST, plugins/sudoers/regress/cvtsudoers/test22.out.ok, + plugins/sudoers/regress/cvtsudoers/test22.sh: + Test the -b option when converting from LDIF. + [4d65c7c2ed01] - * .hgtags: - Added tag SUDO_1_8_21 for changeset 6cf677ec7646 - [24199e596a57] <1.8> + * plugins/sudoers/cvtsudoers_ldif.c: + Fix the -b option when converting from LDIF. + [f3c1e4dbd61e] - * INSTALL, Makefile.in, NEWS, config.h.in, configure, configure.ac, - doc/CONTRIBUTORS, doc/sudo.cat, doc/sudo.man.in, - doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, - doc/sudoers.ldap.cat, doc/sudoers.man.in, doc/sudoreplay.cat, - doc/sudoreplay.man.in, lib/util/Makefile.in, lib/util/event.c, - mkpkg, plugins/group_file/Makefile.in, plugins/sudoers/Makefile.in, - plugins/sudoers/env.c, plugins/sudoers/iolog.c, - plugins/sudoers/logging.c, plugins/sudoers/po/sudoers.pot, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, - plugins/sudoers/visudo.c, po/sudo.pot, src/Makefile.in, - src/exec_pty.c, src/parse_args.c, src/sudo.c, src/ttyname.c: - merge sudo 1.8.21 from tip - [6cf677ec7646] [SUDO_1_8_21] <1.8> +2018-04-18 Todd C. Miller - * sudo.pp: - Fix path to LICENSE and NEWS files that get used in the installer. - Previously, the installed versions were used instead of the ones in - the destdir. - [689a5806f2de] + * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, po/it.mo, + po/it.po: + sync with translationproject.org + [1953956c60fe] -2017-08-20 Todd C. Miller + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: + Fix some more typos. + [87fde92a1fa4] - * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, po/fi.mo, - po/fi.po: - sync with translationproject.org - [32a0f3bbba31] + * doc/Makefile.in: + mandoc now preserves the copyright notice, no need to do it + ourselves + [2c3f6841941a] -2017-08-18 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Describe the special handling of LOGNAME, USER and USERNAME. Fix + typos reported by aspell. + [e89bd28f4530] - * po/es.mo, po/es.po: - sync with translationproject.org - [bfa5659d66f2] + * src/load_plugins.c: + Fix a memory leak on the error path. + [db5a4678e0e4] -2017-08-12 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document that the editor setting is also used by sudoedit. + [2ae14439efd7] - * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, po/it.mo, - po/it.po: - sync with translationproject.org - [05cd6ff68a4b] +2018-04-17 Todd C. Miller -2017-08-11 Todd C. Miller + * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h: + Plug memory leak when an I/O plugin is specified in sudo.conf but + the I/O plugin is not configured. + [5b5086d7152a] - * NEWS: - Preserving environment variables on the command line was bug #279 - [46f2c7931a84] + * INSTALL, MANIFEST, NEWS, config.h.in, configure, configure.ac, + plugins/sudoers/Makefile.in, plugins/sudoers/ins_python.h, + plugins/sudoers/insults.h: + Monty Python insults from Philip Hudson + [8330cfc5ea19] -2017-08-10 Todd C. Miller +2018-04-15 Todd C. Miller - * MANIFEST, NEWS, doc/CONTRIBUTORS, po/fur.mo, po/fur.po: - Add Friulian translation for sudo from Fabio Tomat via - translationproject.org - [77fdb76e83c8] + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in: + add examples + [830ff26a0dbc] -2017-08-08 Todd C. Miller + * doc/sudo.conf.man.in, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + doc/sudoers.ldap.man.in, doc/sudoers.man.in, + doc/sudoers_timestamp.man.in, doc/sudoreplay.man.in, + doc/visudo.man.in: + Update copyright year and regen man pages. + [6385891ebaa3] * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, - plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, - plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, - plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, - plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo, - po/cs.po, po/fr.mo, po/fr.po, po/ko.mo, po/ko.po, po/nb.mo, - po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/sr.mo, - po/sr.po, po/sv.mo, po/sv.po, po/vi.mo, po/vi.po, po/zh_CN.mo, - po/zh_CN.po: + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/cs.mo, + po/cs.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/ja.mo, + po/ja.po, po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, + po/pt_BR.po, po/sv.mo, po/sv.po, po/tr.mo, po/tr.po, po/uk.mo, + po/uk.po: sync with translationproject.org - [0f18e2f30ff5] + [3495b17becb0] -2017-08-04 Todd C. Miller + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/match.c: + Prune alias contents when pruning and expanding aliases. This abuses + the userlist_matches_filter() and hostlist_matches_filter() + functions. A better approach would be to call the correct function + from user_matches() and host_matches(). + [0ae5f351b09f] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - In the Runas example that uses "boulder" make it clear that - "boulder" is a host name. - [6bca59aa5579] + * MANIFEST, examples/sudoers, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/cvtsudoers/sudoers, + plugins/sudoers/regress/cvtsudoers/sudoers.defs, + plugins/sudoers/regress/cvtsudoers/test1.out.ok, + plugins/sudoers/regress/cvtsudoers/test1.sh, + plugins/sudoers/regress/cvtsudoers/test10.out.ok, + plugins/sudoers/regress/cvtsudoers/test10.sh, + plugins/sudoers/regress/cvtsudoers/test11.out.ok, + plugins/sudoers/regress/cvtsudoers/test11.sh, + plugins/sudoers/regress/cvtsudoers/test12.out.ok, + plugins/sudoers/regress/cvtsudoers/test12.sh, + plugins/sudoers/regress/cvtsudoers/test13.out.ok, + plugins/sudoers/regress/cvtsudoers/test13.sh, + plugins/sudoers/regress/cvtsudoers/test14.out.ok, + plugins/sudoers/regress/cvtsudoers/test14.sh, + plugins/sudoers/regress/cvtsudoers/test15.out.ok, + plugins/sudoers/regress/cvtsudoers/test15.sh, + plugins/sudoers/regress/cvtsudoers/test16.out.ok, + plugins/sudoers/regress/cvtsudoers/test16.sh, + plugins/sudoers/regress/cvtsudoers/test17.out.ok, + plugins/sudoers/regress/cvtsudoers/test17.sh, + plugins/sudoers/regress/cvtsudoers/test18.out.ok, + plugins/sudoers/regress/cvtsudoers/test18.sh, + plugins/sudoers/regress/cvtsudoers/test19.out.ok, + plugins/sudoers/regress/cvtsudoers/test19.sh, + plugins/sudoers/regress/cvtsudoers/test2.out.ok, + plugins/sudoers/regress/cvtsudoers/test2.sh, + plugins/sudoers/regress/cvtsudoers/test20.conf, + plugins/sudoers/regress/cvtsudoers/test20.out.ok, + plugins/sudoers/regress/cvtsudoers/test20.sh, + plugins/sudoers/regress/cvtsudoers/test21.conf, + plugins/sudoers/regress/cvtsudoers/test21.out.ok, + plugins/sudoers/regress/cvtsudoers/test21.sh, + plugins/sudoers/regress/cvtsudoers/test3.out.ok, + plugins/sudoers/regress/cvtsudoers/test3.sh, + plugins/sudoers/regress/cvtsudoers/test4.out.ok, + plugins/sudoers/regress/cvtsudoers/test4.sh, + plugins/sudoers/regress/cvtsudoers/test5.out.ok, + plugins/sudoers/regress/cvtsudoers/test5.sh, + plugins/sudoers/regress/cvtsudoers/test6.out.ok, + plugins/sudoers/regress/cvtsudoers/test6.sh, + plugins/sudoers/regress/cvtsudoers/test7.out.ok, + plugins/sudoers/regress/cvtsudoers/test7.sh, + plugins/sudoers/regress/cvtsudoers/test8.out.ok, + plugins/sudoers/regress/cvtsudoers/test8.sh, + plugins/sudoers/regress/cvtsudoers/test9.out.ok, + plugins/sudoers/regress/cvtsudoers/test9.sh: + cvtsudoers regress tests + [72fd218b5036] -2017-08-03 Todd C. Miller +2018-04-14 Todd C. Miller - * plugins/sudoers/po/sudoers.pot, po/sudo.pot: - regen - [9bb78048656f] + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in: + Fix typo + [e572c36919b7] - * NEWS, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, - src/parse_args.c: - Allow the user to specify a list of environment variables to - preserve. This adds an option paramter to the --preserve-env option, - a comma-separated list of variable names. - [a6bc511a2e81] + * plugins/sudoers/cvtsudoers.c: + Fix cut & pasto that prevented "-d command" from working. + [6e4ff7f23d0a] -2017-08-01 Todd C. Miller +2018-04-13 Todd C. Miller - * INSTALL, NEWS, config.h.in, configure, configure.ac, - doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, - plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, - plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c: - Replace tty_tickets option with timestamp_type which can be global, - ppid or tty. Defaults to tty (no change in behavior). Some users - want the ppid behavior. - [426161a2e06f] + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y: + Fix a user after free crash as well as a memory leak when filtering + Defaults. + [9bdd404ae6a4] - * lib/util/Makefile.in, plugins/sudoers/Makefile.in: - regen - [b396e70a4a8b] +2018-04-12 Todd C. Miller - * plugins/sudoers/sudoers.c: - Don't send email about an unresolvable host name if fqdn is enabled - and the user specified the run host via the -h flag. - [59d7a8743943] + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in: + Document that a User_Alias or Host_Alias may be used in the match + filter. + [49b9306a6a6d] -2017-07-31 Todd C. Miller + * plugins/sudoers/fmtsudoers.c: + Don't always expand aliases when formatting a host-based Defaults + line. This was missed when expand_aliases support was added. + [ef12a033306c] - * plugins/sudoers/sudoreplay.c: - fix playback of stdout/stderr without embedded carriage returns - [f1a5b47be2db] + * plugins/sudoers/cvtsudoers.c: + Allow host and user aliases to be specified in match filters. + [6bc8c0da4578] -2017-07-28 Todd C. Miller + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + Update copyright year. + [e9c2eb23def1] - * plugins/sudoers/ldap.c: - Avoid unused variable warning when sasl is not used. - [3010fd3c5a7f] +2018-04-10 Todd C. Miller - * INSTALL, configure, configure.ac: - Add support for --enable-sasl and --disable-sasl to make it possible - to enable/disable support for LDAP with SASL authentication. Sudo - compiles in support for SASL authentiation by default if the - ldap_sasl_interactive_bind_s() function is detected. Bug #788 - [cf94d407d576] + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/hu.mo, plugins/sudoers/po/hu.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/da.mo, + po/da.po, po/hr.mo, po/hr.po, po/hu.mo, po/hu.po, po/pt_BR.mo, + po/pt_BR.po, po/tr.mo, po/tr.po: + sync with translationproject.org + [4a0811073374] - * NEWS: - List the correct pattern ("*=()*") in the env_delete description. - Use pseudo-tty instead of pseudo terminal for consistency. - [f2df0baea2f0] +2018-04-09 Todd C. Miller -2017-07-27 Todd C. Miller + * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/parse.h: + When the -d option is used, remove aliases used by the non-converted + Defaults settings if the aliases are not also referenced by + userspecs. + [d07c4254b3dd] - * lib/util/closefrom.c: - Include pathnames.h for /dev/fd on FreeBSD and Mac OS X. - [b190dc607277] +2018-04-05 Todd C. Miller + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [9a4d88b2a965] * NEWS: - update for 1.8.21 - [a3a38f6cba66] + update + [6ef9dde8fc9a] - * src/exec_pty.c: - No need to call sudo_ev_del() before sudo_ev_free(); sudo_ev_free() - will delete the event from its base before freeing it. - [ebf3dedcba5c] + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in: + Mention -p and -M options in the description of -m. + [b20abfd14164] - * src/exec_pty.c: - Terminate the command if an I/O log function returns 0 or -1. This - was mistakenly removed by 25b7fd056614 in Sudo 1.8.18 with the - removal of the ignore_iolog_errors variable. - [e1dd18d95815] +2018-04-04 Todd C. Miller - * plugins/sudoers/sudoreplay.c: - Quiet a coverity false positive. - [b7a9c9e35fd0] + * src/sudo_edit.c: + Check sudoedit temporary directory for writability before using it. + [1e29ade3f4b2] - * plugins/sudoers/sudoreplay.c: - Change to a single event loop in sudoreplay and use signal events. - [7320de46cf48] + * plugins/sudoers/regress/starttime/check_starttime.c: + Use btime in /proc/stat to determine system start time instead of + /proc/uptime. Fixes the process start time test when run from a + container where /proc/uptime is the uptime of the container but the + process start time is relative to the host system boot time. Bug + #829 + [65ba61e55011] -2017-07-21 Todd C. Miller + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, + plugins/sudoers/match.c, plugins/sudoers/parse.h: + Add option to prune non-matching entries from cvtsudoers output with + -m option is used. + [9a69ba35389d] - * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: - start new sentences on a new line - [ae35ab253de5] +2018-04-02 Todd C. Miller - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat, - doc/sudoers.man.in, doc/sudoers.mdoc.in: - Clarify how the variable prompt options interact with each other and - PAM. - [342b936c4aaa] + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h: + Allow defaults types and suppression list to be specified in the + config file. + [62dd7a96ac9b] - * plugins/sudoers/sudoers.c: - Don't set passprompt_override when SUDO_PROMPT is present. This - effectively reverts ed77d255f383. + * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/parse.h, plugins/sudoers/visudo.c: + Refactor common alias code out of cvtsudoers and visudo and into + alias.c. + [b3ba3e6f24d2] - We treat the SUDO_PROMPT environment variable similar to passprompt - in sudoers: it will only override a PAM prompt if the PAM prompt is - either "Password:" or "username's Password:". - [6dad2bd126d1] +2018-03-29 Todd C. Miller -2017-07-20 Todd C. Miller + * plugins/sudoers/cvtsudoers.c: + Avoid NULL deref in an error path. CID 183467 + [38ea56670f18] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, - plugins/sudoers/def_data.in, plugins/sudoers/logging.c: - Add syslog_pid sudoers option to log sudo's process ID when logging - via syslog. This is disabled by default to match historic behavior. - [f4dc29b0052c] + * plugins/sudoers/cvtsudoers.c: + No need to initialize the last pointer passed to strtok_r(). This + was originally added to appease newer gcc but no longer seems to be + required. CID 183466, CID 183468, CID 183469 + [b0a9b90603e1] - * plugins/sudoers/auth/pam.c: - When deciding which prompt to use (PAM's or sudo's) treat the PAM - prompt "username's Password:" as equivalent to "Password:". Some PAM - modules (on AIX at least) use this prompt. - [96651906de42] + * plugins/sudoers/cvtsudoers_json.c: + Avoid false positive NULL dereference by uses value.u.string instead + of name as the former is guaranteed not to be NULL. Fixes CID + 183465. + [c896d10f5626] - * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: - Add missing argument to a few of the defaults strings in the "sudo - -V" output. - [44546c4b87c3] +2018-03-29 Todd C. Miller - * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, - plugins/sudoers/visudo.c: - When examining environment variables or variables passed in from the - front-end, ignore variables with no value specified. - [8537a7fc6190] + * plugins/sudoers/po/sudoers.pot: + regen + [8a88e162fd0b] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: - Document that "-p prompt" overrides SUDO_PROMPT. - [d2e6b518d00d] + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Add a section on convertion from file-based sudoers. + [033c797b229d] - * plugins/sudoers/sudoers.c: - Enable passprompt_override by default if SUDO_PROMPT is present in - the environment. This is consistent with how "sudo -p prompt" is - handled. - [ed77d255f383] +2018-03-28 Todd C. Miller -2017-07-17 Todd C. Miller + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c: + Add support for "cvtsudoers -d all" + [62e748b70105] - * plugins/sudoers/sudoreplay.c: - When reading a single character via a switch() use "default: instead - of "case 1:" to quiet a coverity warning. - [ddcfc40159e4] + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h: + Add -d option to control what type of Defaults entries are + converted. + [b723f0dae5c7] - * plugins/sudoers/sudoreplay.c: - Initialize ch in getsize_cb() in case we are called with the wrong - initial state. - [a31431c59e14] +2018-03-27 Todd C. Miller - * plugins/sudoers/sudoreplay.c: - remove unused variable - [488054411049] + * src/exec_pty.c: + In pty_close() we still need to check whether the pty master and + slave fds are open before closing them. When no tty is present but + we are I/O logging pty_close() will be called when there is no + actual pty in use. + [59201fb78427] - * plugins/sudoers/visudo.c: - Call install_sudoers() even when doedit is false. If a file in a - #includedir has a syntax error it will still have been edited and we - need to install the edited temp file. - [ab833e2d1791] + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/sudo.conf.cat, + doc/sudoers_timestamp.cat, doc/visudo.cat: + regen + [186f3b58daf5] - * plugins/sudoers/visudo.c: - Reparse sudoers if a new #include file was added. Otherwise the new - file will not get its syntax checked. Bug #791 - [e584dc8bf306] +2018-03-26 Todd C. Miller -2017-07-14 Todd C. Miller + * .hgignore: + ignore *.ldif2sudo regress output + [8d57e8a0013f] - * plugins/sudoers/sudoreplay.c: - don't restore the cursor when setting terminal size, we don't want - the cursor to move - [9cbcb3372bcd] + * src/exec_pty.c: + In pty_close() there is no need to remove events associated with the + pty slave as there are none. We also don't need to check for the pty + fds being -1 since they are not closed elsewhere and pty_close() is + only called if pty_setup() succeeds. + [585a47fb5a8b] - * plugins/sudoers/sudoreplay.c: - Read the xterm terminal size using an event so we can easily time - out if needed. - [634524476741] +2018-03-25 Todd C. Miller - * lib/util/event.c, src/exec_nopty.c, src/exec_pty.c: - If we free the default base in sudo_ev_base_free(), reset the - default base to NULL. - [2a8f7938618b] + * doc/Makefile.in, doc/cvtsudoers.mdoc.in: + Move cvtsudoers to section 1. + [69adcb2d24ff] -2017-07-13 Todd C. Miller - - * include/sudo_event.h, lib/util/event.c, lib/util/util.exp.in, - src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c: - Add the ability to set a default event base, to be used by plugins - which don't have access to the event base. - [dc159ea98b25] - - * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, - plugins/sudoers/sudoreplay.c: - Allow sudoreplay to adjust the window size on xterm-like terminals. - [3358b1a9f01c] + * src/exec_pty.c: + In pty_close() close the slave and remove any events associated with + it. Fixes a potential hang when performing the final flush on non- + BSD systems. + [40159d852c2d] -2017-07-12 Todd C. Miller +2018-03-23 Todd C. Miller - * lib/util/term.c: - Clear input, output, control and local flags before copying them - from the source terminal. Otherwise, flags that are disabled in the - source terminal may still be enabled in the destination. - [ead41242b820] + * plugins/sudoers/ldap_util.c: + Fix typo in strcmp(), we are comparing var not val. + [07ccd7bae4f6] - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, src/exec_pty.c: - Pass window size change events to the plugin. - [529b5c9d16a4] + * MANIFEST: + sync + [7960511e39dd] - * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c: - Log window size change events in the sudoers I/O plugin. Let - sudoreplay parse a timing file with window change events (currently - ignored). - [a67f4627dfa7] + * NEWS: + sync + [c655e7111ce9] - * Makefile.in, doc/Makefile.in, examples/Makefile.in, - include/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in, - plugins/group_file/Makefile.in, plugins/sample/Makefile.in, - plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, - src/Makefile.in: - Remove pointless subshells in targets that simply change the - directory and execute a command. The command is already run in a - shell so there is no need to execute a subshell in this case. - [e57639cb2f97] +2018-03-22 Todd C. Miller -2017-07-10 Todd C. Miller + * plugins/sudoers/po/sudoers.pot: + regen + [ff7b545844fb] - * src/sudo.c: - Store the debug instance ID for I/O plugins too. Now iolog_open() is - consistent with policy_open(). - [519abb3c09d0] + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, + plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/pwutil.c, + plugins/sudoers/sudoers.h: + Add -M option to cvtsudoers to force the use of the local passwd and + group databases when matching. + [ea58e2765a40] -2017-06-29 Todd C. Miller + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c: + Add cvtsudoers command line option to suppress certain parts of the + security policy. Can be used to suppress displaying of Defaults + entries, aliases or privileges. + [b243efa695e6] - * config.h.in, configure, configure.ac, lib/util/mktemp.c: - Use getentropy() in mkstemp/mkdtemp replacement. - [8d8e45266858] +2018-03-21 Todd C. Miller - * configure, configure.ac, lib/util/closefrom.c, lib/util/mktemp.c, - pathnames.h.in, src/exec_pty.c, src/get_pty.c, src/ttyname.c: - Use _PATH_DEV consistently - [ca10a91539e0] + * plugins/sudoers/regress/parser/check_gentime.c: + Silence a false positive from the clang static analyzer. + [bfde0594783e] -2017-06-15 Todd C. Miller + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/parse.h: + Silence a false positive from the clang static analyzer. + [5257e321158d] - * lib/util/term.c: - When copying terminal settings from one tty to another only copy a - subset of the flags. Sudo now copies the same set of flags that - OpenSSH uses, which should be safe. - [2f12bc7a87d1] + * plugins/sudoers/cvtsudoers.c: + Fix memory leak on error path. + [1a13732abfd5] - * src/exec_monitor.c, src/exec_nopty.c: - Add debug warning when we have wait status but don't overwrite the - existing cstat. - [5ae8f8e75104] + * plugins/sudoers/po/sudoers.pot: + regen + [c139b8bed3c1] - * src/exec_monitor.c: - Better handling of SIGCONT from in command in the monitor. It is - useful to know when the command continued but we don't want to - inform the parent or store the wait status in this case. Fixes a - hang after multiple suspends on Linux. - [9cdbbb7ff3dd] + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, + plugins/sudoers/cvtsudoers_ldif.c: + Move cvtsudoers string functions into cvtsudoers.c + [4b5b799e7abc] -2017-06-09 Todd C. Miller + * plugins/sudoers/Makefile.in: + regen + [6ecb37e35c9f] - * plugins/sudoers/parse.h: - avoid padding in struct cmndspec - [2529551a9c2d] + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, + plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/parse.h: + Initial support filtering by user, group and host in cvtsudoers. + Currently forces alias expansion when a filter is applied and the + entire matching user or host list is printed, even the non-matching + entries. This effectively allows you to grep sudoers by user, group + and host. + [0adbf8d38eb4] -2017-06-07 Todd C. Miller + * plugins/sudoers/defaults.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/parse.h: + Add free_default() to free a struct defaults pointer so we have a + single place where we free the defaults. A pointer to the previous + Default's binding may be passed in to avoid freeing an already free + binding. + [9d9ef007ee88] - * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, - doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, - doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.man.in, - doc/sudoers.mdoc.in: - Fix the man section of sudo_plugin in cross-references. - [f964de570403] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in: + Decrease bullet width to 1n. + [e6f3776fd72e] -2017-06-05 Todd C. Miller +2018-03-17 Todd C. Miller - * src/sudo_edit.c: - Don't treat an unchanged file as an error. From Xin Li. - [503e04f7856e] + * src/sudo.c: + Add aix_setauthdb() before the initial getpwuid() call. + [b8a011be9af7] - * src/sudo_edit.c: - sudo_edit() must return a wait status but if there is an error, or - even if no changes were made to the file, it was returning 1 instead - which would be interpreted as the command having received SIGHUP. - Use the W_EXITCODE() to construct a proper wait status in the error - case too. - [62515bd6c64c] +2018-03-10 Todd C. Miller -2017-06-03 Todd C. Miller + * plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.h: + fix compilation on Solaris + [e31019b5f545] - * src/ttyname.c: - Avoid sign extension when assigning the value of tty_nr in - /proc/self/stat on Linux. It is an unsigned int value that is - printed as a signed int but dev_t is unsigned long long. We need to - cast to unsigned int before assigning to a dev_t. - [c198d1317560] +2018-03-08 Todd C. Miller - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/env.c: - Instead of hard-coding a check for bash functions in - env_should_delete(), use a "*=()* " pattern in - initial_badenv_table[] to match them instead. This allows the user - to remove the check via env_delete. - [90c4dfd1d3a3] + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, + plugins/sudoers/sudoreplay.c: + Make "sudoreplay -m 0" skip the pauses entirely. + [d9a7fc9f5720] -2017-06-02 Todd C. Miller + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: + Document that a negative value for -m will elmininate the pauses. + [a025e96abb47] - * INSTALL.configure, configure.ac, doc/sudo_plugin.cat, - doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat, - doc/sudoers.man.in, doc/sudoers.mdoc.in, mkpkg, sudo.pp: - Mac OS X -> macOS - [08f793d1f496] +2018-03-06 Todd C. Miller - * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: - devsearch is ignored on BSD, macOS and Solaris - [b041a1d64eda] + * plugins/sudoers/testsudoers.c: + Update copyright date, remove unneeded include and add a few + comments. + [ac1bccd631e5] -2017-06-01 Todd C. Miller + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/sudoers/test1.out.ok, + plugins/sudoers/regress/sudoers/test10.out.ok, + plugins/sudoers/regress/sudoers/test11.out.ok, + plugins/sudoers/regress/sudoers/test12.out.ok, + plugins/sudoers/regress/sudoers/test13.out.ok, + plugins/sudoers/regress/sudoers/test14.out.ok, + plugins/sudoers/regress/sudoers/test15.out.ok, + plugins/sudoers/regress/sudoers/test16.out.ok, + plugins/sudoers/regress/sudoers/test17.out.ok, + plugins/sudoers/regress/sudoers/test18.out.ok, + plugins/sudoers/regress/sudoers/test19.out.ok, + plugins/sudoers/regress/sudoers/test2.out.ok, + plugins/sudoers/regress/sudoers/test20.out.ok, + plugins/sudoers/regress/sudoers/test21.out.ok, + plugins/sudoers/regress/sudoers/test22.out.ok, + plugins/sudoers/regress/sudoers/test3.out.ok, + plugins/sudoers/regress/sudoers/test4.out.ok, + plugins/sudoers/regress/sudoers/test5.out.ok, + plugins/sudoers/regress/sudoers/test6.out.ok, + plugins/sudoers/regress/sudoers/test7.out.ok, + plugins/sudoers/regress/sudoers/test8.out.ok, + plugins/sudoers/regress/sudoers/test9.out.ok, + plugins/sudoers/testsudoers.c: + Use fmtsudoers functions in testsudoers. + [be27df4a5291] - * lib/util/event.c: - Move the bits to fill in the new event base to sudo_ev_base_init(), - which is not currently exported. - [9be46693bed1] + * MANIFEST, plugins/sudoers/regress/sudoers/test22.in, + plugins/sudoers/regress/sudoers/test22.json.ok, + plugins/sudoers/regress/sudoers/test22.ldif.ok, + plugins/sudoers/regress/sudoers/test22.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test22.out.ok, + plugins/sudoers/regress/sudoers/test22.sudo.ok, + plugins/sudoers/regress/sudoers/test22.toke.ok: + Add test for empty runas user list. + [5598cf4c3329] -2017-05-31 Todd C. Miller + * plugins/sudoers/testsudoers.c: + Don't print an empty user list as ALL. + [806ee09f854d] - * .hgtags: - Added tag SUDO_1_8_20p2 for changeset 47836f4c9834 - [20d3e47ba46c] <1.8> + * plugins/sudoers/fmtsudoers.c, plugins/sudoers/parse.h: + In sudoers_format_userspecs make the separator optional and silence + a printf format warning. + [62c576cbec4b] - * src/ttyname.c: - A command name may also contain newline characters so read - /proc/self/stat until EOF. It is not legal for /proc/self/stat to - contain embedded NUL bytes so treat the file as corrupt if we see - any. With help from Qualys. + * plugins/sudoers/starttime.c: + Use correct defines when checking for sysctl kinfo_proc support. + [6017e45d14b9] - This is not exploitable due to the /dev traversal changes in sudo - 1.8.20p1 (thanks Solar!). - [15a46f4007dd] <1.8> + * plugins/sudoers/cvtsudoers_json.c: + Fix crash when converting sudoers entry with a runas list that is + present but empty. + [ff6b9ef53c6b] - * NEWS, configure, configure.ac: - Sudo 1.8.20p2 - [47836f4c9834] [SUDO_1_8_20p2] <1.8> +2018-03-05 Todd C. Miller - * src/ttyname.c: - A command name may also contain newline characters so read - /proc/self/stat until EOF. It is not legal for /proc/self/stat to - contain embedded NUL bytes so treat the file as corrupt if we see - any. With help from Qualys. + * config.h.in, configure, configure.ac, plugins/sudoers/starttime.c, + plugins/sudoers/sudoers.c, src/regress/ttyname/check_ttyname.c, + src/tgetpass.c, src/ttyname.c: + Less confusing sysctl checks for kinfo_proc. + [553f6b3f9c3b] - This is not exploitable due to the /dev traversal changes in sudo - 1.8.20p1 (thanks Solar!). - [9ad60fe663e5] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/ldap.c, plugins/sudoers/match.c, + plugins/sudoers/pwutil.c, plugins/sudoers/sssd.c: + Add case_insensitive_group and case_insensitive_user sudoers + options, which are enabled by default. + [bd74d8b7fe83] - * NEWS: - Sudo 1.8.20p2 - [39f199a38383] +2018-03-04 Todd C. Miller -2017-05-30 Todd C. Miller + * plugins/sudoers/fmtsudoers.c: + Kill dead store found by clang-analyzer. + [af2021d3d396] - * src/ttyname.c: - Use /proc/self consistently on Linux. As far as I know, only AIX - doesn't support /proc/self. - [6f3d9816541b] <1.8> + * plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/ldap.c, plugins/sudoers/ldap_util.c, + plugins/sudoers/parse.h, + plugins/sudoers/regress/sudoers/test2.ldif.ok, + plugins/sudoers/regress/sudoers/test3.ldif.ok, + plugins/sudoers/regress/sudoers/test6.ldif.ok, + plugins/sudoers/sssd.c: + Initial support for adding comments that will be emitted when + sudoers is formatted. Currently adds a comment for the source + sudoRole when converting from ldif -> sudoers. + [bf2e7f48f452] - * src/selinux.c: - After opening a tty device, fstat() and error out if it is not a - character device. - [e03cfa98f2b6] + * lib/util/lbuf.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/fmtsudoers.c, plugins/sudoers/parse.h: + Special case comment lines in lbufs. + [10d6d229ffae] - * INSTALL, configure, configure.ac, doc/sudo.conf.cat, - doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, include/sudo_conf.h, - lib/util/sudo_conf.c, lib/util/util.exp.in, pathnames.h.in, - src/ttyname.c: - Add a new "devsearch" Path setting to sudo.conf for configuring the - /dev paths to traverse instead of hard-coding a list in ttyname.c - The default value can be set at configure time. - [7ab1be502dc3] + * plugins/sudoers/cvtsudoers_ldif.c: + Handle escaped commas when skipping over the cn. + [61aed7ff5e1c] - * src/ttyname.c: - Use /proc/self consistently on Linux. As far as I know, only AIX - doesn't support /proc/self. - [ef737b5d4ed8] +2018-03-03 Todd C. Miller -2017-05-29 Todd C. Miller + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/parse.h: + When formatting as sudoers, flush the lbuf after each userspec. + [060266dd440c] - * .hgtags: - Added tag SUDO_1_8_20p1 for changeset 94d010e2bb50 - [98ef2ef47aba] <1.8> +2018-03-02 Todd C. Miller - * NEWS, configure, configure.ac: - Sudo 1.8.20p1 - [94d010e2bb50] [SUDO_1_8_20p1] <1.8> + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/sudoers/test1.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test15.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test16.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test17.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test19.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test2.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test20.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test21.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test3.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test6.ldif2sudo.ok: + Add tests for round-tripping sudoers -> ldif -> sudoers + [72e3e73fb612] - * NEWS, configure: - Sudo 1.8.20p1 - [c34da84ae8e4] + * plugins/sudoers/cvtsudoers_ldif.c: + Add missing sudoOrder support to parse_ldif(). + [8c5e9f22f0da] - * src/ttyname.c: - Fix for CVE-2017-1000367, parsing of /proc/pid/stat on Linux when - the process name contains spaces. Since the user has control over - the command name this could be used by a user with sudo access to - overwrite an arbitrary file. Thanks to Qualys for investigating and - reporting this bug. + * plugins/sudoers/ldap_util.c: + Add missing support for converting LOG_INPUT/LOG_OUTPUT tags and + expand support for NOMAIL tags. + [2820c8333381] - Also stop performing a breadth-first traversal of /dev when looking - for the device. Only the directories specified in search_devs[] are - checked. - [d5dd22356194] <1.8> + * plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/regress/sudoers/test2.ldif.ok, + plugins/sudoers/regress/sudoers/test3.ldif.ok, + plugins/sudoers/regress/sudoers/test6.ldif.ok: + Don't emit an empty sudoRole for global defaults if there are none. + [2a69dccb7071] - * src/ttyname.c: - Fix for CVE-2017-1000367, parsing of /proc/pid/stat on Linux when - the process name contains spaces. Since the user has control over - the command name this could be used by a user with sudo access to - overwrite an arbitrary file. Thanks to Qualys for investigating and - reporting this bug. + * plugins/sudoers/ldap_util.c: + Avoid changing the order of non-negated hosts and commands. We still + put negated hosts/commands at the end of the list. + [e1aea92dd6dc] - Also stop performing a breadth-first traversal of /dev when looking - for the device. Only the directories specified in search_devs[] are - checked. - [b5460cbbb11b] + * plugins/sudoers/cvtsudoers_ldif.c: + Handle parsing boolean options that have no explicit value. + [b5d597faa23d] -2017-05-23 Todd C. Miller + * plugins/sudoers/cvtsudoers_ldif.c: + Refactor the code that actually converts the role to sudoers format + into role_to_sudoers() now that it is more involved than just + calling sudo_ldap_role_to_priv(). + [b876171ff96e] - * lib/util/event_select.c: - Fix potential memory leak on reallocarray() error. Coverity CID - 169639 - [c303e6eecc78] + * plugins/sudoers/cvtsudoers_ldif.c: + When merging two privileges, use the runas lists of the previous + privilege when possible. Otherwise, the generated sudoers line will + include a runas list for commands that is not necessary. + [337b49451947] - * plugins/sudoers/bsm_audit.c: - Only fall back to deprecated getaudit() on FreeBSD. Fixes compiler - warnings on macOS. - [18f4699e417c] +2018-03-01 Todd C. Miller - * mkpkg: - Use clang on macOS if present - [a963454d1b9e] + * plugins/sudoers/match.c: + Use a case-insensitive comparison when matching user and group names + in sudoers with the passwd or group database. This can be necessary + when users and groups are stored in AD or LDAP. + [bfccb8acc3e9] - * sudo.pp: - fix paths to LICENSE and NEWS files for macOS packages - [47103614311b] + * plugins/sudoers/Makefile.in: + Fix clean target for *.sudo regress files + [6f52a4aef93a] -2017-05-18 Todd C. Miller + * .hgignore: + ignore more binaries + [9adf244d0e9e] - * src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c: - To avoid overwriting existing command status, check for CMD_INVALID - instead of CMD_ERRNO or CMD_WSTATUS. - [5fec1fa81482] + * plugins/sudoers/cvtsudoers.c: + Fix use of uninitialized variable (conf) if sudoers_debug_register() + happens to fail. + [0ef1765f14f4] - * plugins/sudoers/regress/env_match/data: - Add some patterns that could result in exponential run time for - poorly written '*' matching. - [98f4d085c919] +2018-02-28 Todd C. Miller -2017-05-15 Todd C. Miller + * plugins/sudoers/cvtsudoers_ldif.c: + Split conversion code out of parse_ldif() and into + ldif_to_sudoers(). + [27c8b7001735] - * lib/util/ttysize.c, src/exec_pty.c: - On HP-UX 11.0, sys/ioctl.h is not sufficient to make struct winsize - visisble, we need termios.h too. - [211510123ad6] + * plugins/sudoers/cvtsudoers_ldif.c: + Quiet a clang analyzer warning. + [21102c27dcce] - * lib/util/ttysize.c: - Always used TIOCGWINSZ. - [82e679b8cd00] + * MANIFEST, configure, configure.ac, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/ldap_common.c, + plugins/sudoers/ldap_util.c: + rename ldap_common.c -> ldap_util.c + [3093bdbb8a9b] - * src/exec.c, src/sudo.c, src/sudo.h: - Move exec_setup(), unlimit_nproc() and restore_nproc() from sudo.c - to exec.c. - [9127e50cf4ec] + * plugins/sudoers/cvtsudoers_ldif.c: + When converting from ldif to sudoers, sudoRole objects with the same + user if possible. If both user and host are the same, merge into a + single privilege. This makes it possible to convert a sudoers entry + like: - * src/sudo_edit.c: - No need to include selinux.h here. - [8bb07a8f4203] + aaron shanty = NOEXEC: /usr/bin/vi, /usr/bin/more, EXEC: /bin/sh - * plugins/sudoers/regress/env_match/check_env_pattern.c: - Fix compilation error on macOS - [bc5e5c3d44f2] + to ldif and then back to sudoers as a single line. Currently, the + ldif entries to be merged must have the same or adjacent sudoOrder + attributes. + [74e5cef2e849] -2017-05-12 Todd C. Miller + * plugins/sudoers/cvtsudoers_ldif.c: + plug memory leaks + [a5268668c397] - * config.h.in, configure, configure.ac, include/sudo_compat.h, - lib/util/term.c, plugins/sudoers/auth/bsdauth.c, - plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoreplay.c, - plugins/sudoers/visudo.c, src/exec_monitor.c, src/exec_nopty.c, - src/exec_pty.c, src/signal.c, src/sudo.c, src/tcsetpgrp_nobg.c, - src/tgetpass.c: - Remove use of non-standard sigaction_t - [81a57af4c7a9] + * src/parse_args.c: + Restore line to set MODE_PRESERVE_ENV in flags when the -E command + line option is used. The caller doesn't check MODE_PRESERVE_ENV + these days but parse_args uses it to detect usage errors when -E is + used along with a mutually excusive option. Problem found by Yuriy + Vostrikov. + [b511e35d9be4] - * plugins/sudoers/iolog.c, plugins/sudoers/mkdir_parents.c, - plugins/sudoers/set_perms.c, plugins/sudoers/timestamp.c, - plugins/sudoers/visudo.c: - Use debug logging instead of ignore_result() where possible. - [9c9fde5b52cc] +2018-02-26 Todd C. Miller - * Makefile.in: - Add cov-build and cov-submit targets for checking with coverity. - [bf88b4439c7b] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Add missing close parenthesis in "Including other files from within + sudoers" section. Bug #824 + [3335cb2ce29f] - * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/ldap.c: - Avoid a clang analyzer false positive. - [9f4f915a2e28] +2018-02-25 Todd C. Miller - * plugins/sudoers/sudoreplay.c: - Restore the error message for sudo_ev_add() failure. - [267305606577] + * plugins/sudoers/ldap_common.c: + When converting from LDAP to sudoers, put negated hosts and commands + at the end of the list. Since LDAP doesn't guarantee attribute order + we need to make sure negated entries always override non- negated + ones. + [0ebff259c521] - * include/sudo_event.h, lib/util/event.c: - Add support for signal events in sudo's event subsystem - [0d48fab2dec8] +2018-02-24 Todd C. Miller - * include/sudo_event.h, lib/util/event.c: - Handle the possibility of the siginfo parameter in sa_sigaction - handler being NULL. - [0835ca553426] + * plugins/sudoers/cvtsudoers.c: + We may need the hostname to resolve %h escapes in include files. + [3e57710762d3] - * src/exec.c, src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, - src/signal.c, src/sudo.h, src/sudo_exec.h: - Use SUDO_EV_SIGNAL and SUDO_EV_SIGINFO instead of managing the - signal_pipe explicitly. - [841e2ca6a4a6] + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_ldif.c: + Setting a sudoOrder start point of 0 will disable creation of + sudoOrder attributes in the resulting LDIF output. + [4107f61b431b] - * lib/util/event.c: - Activate the sigevents inside the signal pipe callback itself and - call signal_pipe_cb() directly if the backend returns EINTR and the - signal_caught flag is set. This has the side effect of processing - signal events in the current pass of the event loop instead of the - next one. - [d94e202b8e57] + * plugins/sudoers/cvtsudoers.c: + Don't need to fill in struct sudo_user since we don't do matching. + [cdc876d298b5] - * src/signal.c: - Add SIGCHLD to the list of signals we install sudo_handler() for. - Otherwise, it is possible for the command to exit before the SIGCHLD - handler is installed. POSIX says that signals that are ignored by - default are still ignored even if the signal mask would block them. - We need to have a handler installed for SIGCHLD before the fork(). - [a26f04459c37] + * MANIFEST, doc/cvtsudoers.cat, doc/cvtsudoers.man.in, + doc/cvtsudoers.mdoc.in, pathnames.h.in, plugins/sudoers/Makefile.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c: + Add support for setting default options in a config file. In + addition to expand_aliases, input_format and output_format, both the + initial sudoOrder and the increment when updating sudoOrder for + subsequent sudoRole objects can be specified. Command line options + have also been added for the start order and increment. + [d3121c039ddf] - * MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/Makefile.in, plugins/sudoers/env.c, - plugins/sudoers/env_pattern.c, - plugins/sudoers/regress/env_match/check_env_pattern.c, - plugins/sudoers/regress/env_match/data, plugins/sudoers/sudoers.h: - Add support for multiple '*' in env_keep, env_check and env_delete - entries. - [b55270a8ecc4] +2018-02-22 Todd C. Miller - * configure, configure.ac: - sudo 1.8.21 - [76aa5455903e] + * NEWS: + cvtsudoers can now read LDIF + [99b7ed30c754] - * include/sudo_compat.h, plugins/sudoers/timestamp.c, - src/tcsetpgrp_nobg.c, src/tgetpass.c: - Remove use of the non-standard SA_INTERRUPT - [3ec05ffb0dcb] + * doc/UPGRADE: + Fix a typo. + [87f635970a5d] - * include/sudo_queue.h: - Add workaround for clang static analyzer being confused by - LIST_REMOVE and TAILQ_REMOVE. - [ff8d278e8526] + * plugins/sudoers/fmtsudoers.c: + Deal with user_name not being set in cvtsudoers. + [421bb1dbff57] -2017-05-11 Todd C. Miller + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/ldap.c, + plugins/sudoers/ldap_common.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_ldap.h: + Initial support for parsing sudoers LDIF files in cvtsudoers. This + makes it possible to convert from LDAP sudoers to a traditional + sudoers file. Semantic differences between file sudoers and LDAP + sudoers mean that LDIF -> sudoers is not completely equivalent. + [ddf513e2778f] - * plugins/sudoers/Makefile.in: - Fix "make check" when openssl or gcrypt is used. Bug #787 - [fd76c0bd8b80] <1.8> +2018-02-21 Todd C. Miller - * plugins/sudoers/Makefile.in: - Fix "make check" when openssl or gcrypt is used. Bug #787 - [7968686742e2] + * plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/regress/sudoers/test14.ldif.ok: + Fix LDIF conversion of commands with an associated digest. + [590ab0cb58e4] -2017-05-10 Todd C. Miller + * plugins/sudoers/ldap_common.c: + In array_to_member_list() use the correct type for netgroups and + user groups. + [359947d19131] - * .hgtags: - Added tag SUDO_1_8_20 for changeset 6e9347749620 - [33d429b11974] <1.8> + * plugins/sudoers/fmtsudoers.c: + Prepend digest to command if present. Fix printing of group IDs and + non-unix groups. + [5f9834b4bcbc] - * INSTALL, Makefile.in, NEWS, config.h.in, configure, configure.ac, - doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, - doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, - doc/visudo.cat, doc/visudo.man.in, lib/util/Makefile.in, - plugins/sudoers/Makefile.in, plugins/sudoers/env.c, - plugins/sudoers/iolog.c, plugins/sudoers/match.c, - plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, - plugins/sudoers/visudo.c, po/sudo.pot, src/Makefile.in, - src/exec_pty.c, src/parse_args.c, src/sudo.c, src/ttyname.c: - Merge sudo 1.8.20 from tip - [6e9347749620] [SUDO_1_8_20] <1.8> + * plugins/sudoers/cvtsudoers_json.c: + Fix gcc false positive for uninitialized variable + [d250b862c1ed] - * plugins/sudoers/sudoreplay.c: - Only display string version of errno if sudo_ev_add() fails for now - [24244a02c93f] +2018-02-20 Todd C. Miller -2017-05-08 Todd C. Miller + * pp: + Update Polypkg to the latest version from git. + [204ebffb502f] - * NEWS: - update - [8e3359235e24] + * config.h.in, configure, configure.ac, src/sudo.c: + Use setpassent() and setgroupent() on systems that support it to + keep the passwd and group database open. Sudo does a lot of passwd + and group lookups so it can be beneficial to just leave the file + open. + [3d2d5bca9670] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Be clear that #includedir diverts control to the files in the - specified directory and, when parsing of those files is complete, - returns control to the original file. Bug #775 - [f68769f15356] +2018-02-19 Todd C. Miller -2017-05-07 Todd C. Miller + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c: + Add option to cvtsudoers to expand aliases in the output. + [1af56459fd7d] - * plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/sr.mo, - po/sr.po: - sync with translationproject.org - [4552eaf8fabf] + * plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/regress/sudoers/test1.json.ok, + plugins/sudoers/regress/sudoers/test14.json.ok, + plugins/sudoers/regress/sudoers/test15.json.ok, + plugins/sudoers/regress/sudoers/test16.json.ok, + plugins/sudoers/regress/sudoers/test17.json.ok, + plugins/sudoers/regress/sudoers/test19.json.ok, + plugins/sudoers/regress/sudoers/test2.json.ok, + plugins/sudoers/regress/sudoers/test6.json.ok: + Fix conversion of "ALL" in the JSON output format, which was being + printed as an alias. + [3f7869688820] -2017-05-05 Todd C. Miller + * INSTALL, configure, configure.ac: + Clarify that --with-rundir and --with-vardir take sudo-specific + directory, e.g. /var/run/sudo and not just /var/run. Bug #823 + [e1913085e544] - * NEWS: - update - [53d1c9424816] + * src/exec_pty.c: + In pty_cleanup() we need to call sudo_term_restore() even if no I/O + plugins are present as long as /dev/tty exists. Fixes the use_pty + case with no I/O plugins. + [82fecef72998] - * src/exec_monitor.c: - Fix a hang introduced in the last commit. Don't close the pty slave - until after we have the controlling tty. - [c9c19beb60ed] + * include/sudo_event.h, lib/util/event.c, lib/util/util.exp.in, + plugins/sudoers/sudoreplay.c, src/exec_monitor.c, src/exec_nopty.c, + src/exec_pty.c: + Add sudo_ev_dispatch(), a wrapper for ev_loop() with no flags. + Similar the dispatch function in libevent. + [61e588fd50d0] - * src/exec_monitor.c, src/exec_pty.c: - If any of std{in,out,err} are not hooked up to a tty only interpose - ourselves with a pipe if the plugin will actually log the data. This - avoids a problem with non-interactive commands where no tty is - present where sudo will consume stdin even when log_input is not - enabled in sudoers. - [a79edafdd307] + * INSTALL, configure, configure.ac, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in, m4/sudo.m4: + Use /run in preference to /var/run if it exists. Bug #822 + [ec2febe6f8a3] + +2018-02-14 Todd C. Miller * NEWS: - update - [144ff056cd01] + mention common sudoers formatting changes + [b32825ca3e2f] - * doc/TROUBLESHOOTING: - Update based on information from Michael Felt. - [7ea34380ba1d] +2018-02-11 Todd C. Miller -2017-05-04 Todd C. Miller + * MANIFEST, configure, configure.ac, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/ldap.c, + plugins/sudoers/ldap_conf.c, plugins/sudoers/sudo_ldap.h, + plugins/sudoers/sudo_ldap_conf.h: + Move LDAP configuration bits into ldap_conf.c + [1673e3c7855a] - * plugins/sudoers/sudoreplay.c: - In check_input() when switch()ing on the return value of read(), use - the default label instead of 1 for the success case. It is only - reading a single byte so the two are equivalent but it reads better - using default. - [860682b86af5] +2018-02-10 Todd C. Miller - * plugins/sudoers/sudoreplay.c: - Check sudo_ev_add() return value. Coverity CID 168362 - [b69779d3801f] + * plugins/sudoers/ldap.c, plugins/sudoers/ldap_common.c: + No longer need to include stddef.h + [a10a13dc73c7] * plugins/sudoers/iolog.c: - Add io_open() wrapper for open(2) that retries with PERM_IOLOG if - open(2) fails with EACCES. Use io_open() instead of duplicate copies - of the same fallback code. - [09f7992f681b] + Remove dead store, found by cppcheck. + [744e99ffc82e] - * plugins/sudoers/iolog.c: - Don't retry the open() if set_perms() fails. - [0808a9157037] + * plugins/sudoers/ldap.c, plugins/sudoers/ldap_common.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudo_ldap.h: + simplify iterator + [944fd546ec98] - * plugins/sudoers/iolog.c: - Fix typo (fd2 vs. fd) caught by coverity, CID 168359. - [f68df770e06f] + * plugins/sudoers/mkdir_parents.c: + Silence a false positive from cppcheck. + [f94421968d8e] - * po/hu.mo, po/hu.po: - sync with translationproject.org - [ebef76dc27be] + * plugins/sudoers/tsdump.c: + Cast version to int when printing. Avoids a cppcheck warning. + [3312bec4f1e3] -2017-05-03 Todd C. Miller +2018-02-09 Todd C. Miller - * INSTALL: - Warn people not to use --enable-asan in production. - [ecb5c1143ef4] + * plugins/sudoers/ldap.c, plugins/sudoers/ldap_common.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudo_ldap.h: + Use an iterator instead of fragile pointer arithmetic to iterate + over value arrays in sudo_ldap_role_to_priv(). + [61752c5f3427] - * configure, configure.ac, src/Makefile.in: - Move the invocation of check_noexec into the main "check" target but - only run it if not cross compiling and whe CHECK_NOEXEC is not - empty. - [cba8fd3337c2] + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/fmtsudoers.c, plugins/sudoers/ldap.c, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/sssd.c: + Move sudoers formatting code into fmtsudoers. + [ff25291c99f4] - * src/Makefile.in: - Move @CHECK_NOEXEC@ to TEST_PROGS so it gets cleaned up properly. - [efaa9c44e749] + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/parse.c: + Clean up some XXX in parse.c + [19854e7d8ac7] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Move syslog_maxlen to the "Integers" section. Move syslog_goodpri - and syslog_badpri to the "Strings at can be used in a boolean - context" section. - [342dfe9dd37c] + * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/sssd.c: + Rename sudo_file_append_default() -> sudo_lbuf_append_default() and + use it for ldap and sssd too. + [dae22810f2dd] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Fix a pasto that resulted in an extra (empty) syslog_goodpri list - entry. - [eb0563c5b8dc] + * MANIFEST, configure, configure.ac, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/ldap.c, + plugins/sudoers/ldap_common.c, plugins/sudoers/parse.h, + plugins/sudoers/sssd.c, plugins/sudoers/sudo_ldap.h: + Move common bits of ldap to sudoers conversion into ldap_common.c + and use it in sssd.c. + [5cca03f64b77] - * MANIFEST, plugins/sudoers/regress/sudoers/test20.in, - plugins/sudoers/regress/sudoers/test20.json.ok, - plugins/sudoers/regress/sudoers/test20.out.ok, - plugins/sudoers/regress/sudoers/test20.toke.ok, - plugins/sudoers/regress/sudoers/test21.in, - plugins/sudoers/regress/sudoers/test21.json.ok, - plugins/sudoers/regress/sudoers/test21.out.ok, - plugins/sudoers/regress/sudoers/test21.toke.ok: - Add tests for parsing tuples and syslog options. - [86f3da23b4df] + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h: + Convert ldap results into a sudoers userspec so we can use the "sudo + -l" output functions in parse.c. + [1422e10dc274] - * plugins/sudoers/defaults.c: - Allow the syslog Defaults option to be used in a "true" boolean - context and use the compiled in default log facility in this case. - [4fab25217602] +2018-02-08 Todd C. Miller - * plugins/sudoers/defaults.c: - Allow a tuple to be set to boolean true. Regression introduced by - refactor of set_default_entry() in sudo 1.8.18. - [9b38728deb27] + * sudo.pp: + Don't mark sudoers.dist volatile, it only gets used on systems that + don't have the concept of volatile files. + [c47fd17e62e3] -2017-05-01 Todd C. Miller +2018-02-05 Todd C. Miller - * doc/TROUBLESHOOTING: - Replace the list of "dangerous" environment variables and explain - how sudo handles the environment instead. - [966cf87d1bed] + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.h: + Refactor member freeing code into free_member(). Refactor userspec + freeing code into free_userspec(). + [ccc95e8b9f69] -2017-04-28 Todd C. Miller + * plugins/sudoers/cvtsudoers.c: + Fix compilation with glibc where stdout is not constant. + [97a0302c29c8] - * lib/util/glob.c: - Fix exponential behavior in glob() with respect to multiple '*'. See - https://research.swtch.com/glob Adapted from https://perl5.git.perl. - org/perl.git/commit/33252c318625f3c6c89b816ee88481940e3e6f95 - [3d187b0fb764] +2018-02-04 Todd C. Miller - * src/exec_pty.c: - We no longer need to write to the tty if the command was killed by a - signal. Sudo will terminate itself with the same signal the command - died from. Unfortunately, we lose the "core dumped" bit since sudo - itself will not dump core, but there doesn't appear to be a way - around that. - [1be331e0c4d4] + * plugins/sudoers/ldap.c: + For "sudo -l", if a word includes spaces, print it in double quotes. + Also escape spaces in the command path. This matches the sudoers + quoting rules. + [04ace6decf3a] -2017-04-27 Todd C. Miller +2018-02-03 Todd C. Miller - * src/sudo.c: - On Linux, if the command we ran dumped core, set PR_SET_DUMPABLE to - 0. This will prevent sudo itself from dumping core in this case. - [cf5a5793ebf4] + * plugins/sudoers/ldap.c: + Display sudoNotBefore and sudoNotAfter in "sudo -l" + [ef7de4c8aa9e] - * INSTALL: - Update path to sudo_noexec.so - [14e995667c8b] + * plugins/sudoers/parse.c: + For "sudo -l", if a word includes spaces, print it in double quotes. + Also escape spaces in the command path. This matches the sudoers + quoting rules. + [fa12a254657c] - * src/sudo.c: - If the command terminated due to a signal, sudo will send that same - signal to itself so the parent shell knows the command died from a - signal. However, we don't want sudo itself to dump core. - [8d823e6ec41e] + * plugins/sudoers/cvtsudoers.c: + Add back printing of negation operator ('!') when printing a word + with spaces in it. + [c69706a91817] -2017-04-26 Todd C. Miller + * plugins/sudoers/Makefile.in: + Use visudo to validate "cvtsudoers -f sudoers" output. + [06bae7204926] - * NEWS: - sync - [1704e6005b07] + * plugins/sudoers/regress/sudoers/test21.in, + plugins/sudoers/regress/sudoers/test21.json.ok, + plugins/sudoers/regress/sudoers/test21.ldif.ok, + plugins/sudoers/regress/sudoers/test21.out.ok, + plugins/sudoers/regress/sudoers/test21.toke.ok: + Remove syslog_goodpri and syslog_badpri without a value that causes + visudo to report an error. + [c1f696e49f49] - * src/sudo.c: - The fix for Bug #722 contained a typo/thinko that resulted in the - exit status being 0 when a command was killed by a signal other than - SIGINT. This fixes the signal handler setup so sudo will terminate - with the same signal as the command. Bug #784. - [50b988d0c97f] + * plugins/sudoers/cvtsudoers.c: + When outputting sudoers, if a word includes spaces, print it in + double quotes. Also escape spaces in the command path. + [d040c1a21277] - * sudo.pp: - Better check for /etc/rc.d/rc2.d/S90sudo on AIX - [93de5e34a6a3] +2018-02-02 Todd C. Miller - * src/Makefile.in: - Don't install the rc.d link when installing to a DESTDIR. DESTDIR is - generally only set when installing to a temporary directory for - packaging in which case the link should be made in a post-install - script. - [4200ef757b56] + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/parse.h, plugins/sudoers/visudo.c: + Add sudoers output format to cvtsudoers. In the future this may be + used with filters to emit a partial sudoers file instead of a full + one. + [533d2c389213] - * plugins/sudoers/Makefile.in, sudo.pp: - In "make install", install sample sudoers file as /etc/sudoers.dist - and copy it to /etc/sudoers if there is no existing /etc/sudoers. - Packages either contain /etc/sudoers (RPM and Debian) or - /etc/sudoers.dist (everything else). - [40f8e5806d71] + * plugins/sudoers/parse.c: + When printing a member name, quote sudoers special characters unless + it is a UID/GID, in which case we print the '#' unquoted. + [e4e8154c4fe9] - * Makefile.in, mkdep.pl: - Allow "make dist" and "make depend" to work for out of tree builds. - [7b7ba3f38abb] + * plugins/sudoers/parse.c, plugins/sudoers/parse.h: + Move SUDOERS_QUOTED define to parse.h + [a813ec4acb5f] -2017-04-24 Todd C. Miller +2018-01-30 Todd C. Miller - * lib/zlib/Makefile.in: - Add missing $(srcdir) prefix to shlib_exp definition. - [c63e8e73507e] + * plugins/sudoers/timestamp.c: + Remove extraneous break statement and fix some whitespace. + [39df566c33e3] -2017-04-21 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + The max timeout for kernel time stamps is 60 minutes, not 3600 + minutes. + [95be88c4f106] - * include/sudo_compat.h: - Fix typo in killpg macro. - [f7392d21c915] +2018-01-29 Todd C. Miller - * include/sudo_compat.h: - Fix the killpg macro for systems without killpg() in libc. - [ba0c5162bc4a] + * plugins/sudoers/testsudoers.c: + Check the return value of sudoers_debug_register(). Coverity CID + 182574 + [fb5449acdafd] -2017-04-20 Todd C. Miller + * plugins/sudoers/cvtsudoers_ldif.c: + Fix memory leak, su->count is now 0 when it is unused, not 1. + Covertity CID 182573 + [77019ded8f84] - * src/exec_pty.c: - Use the standard idiom for popping all entries from a tail queue. - The llvm checker gets confused by TAILQ_REMOVE and generate use- - after-free false positives. - [a88cacd23f09] - - * src/exec_monitor.c, src/exec_nopty.c: - rewrite errpipe callbacks - [5c75729cea19] - - * src/exec_monitor.c, src/exec_nopty.c: - use pipe2() with O_CLOEXEC instead of pipe() + fcntl() and - FD_CLOEXEC - [c8c9cc31c43a] + * plugins/sudoers/cvtsudoers_ldif.c: + Quiet a clang analyzer false positive. + [ef04f7069df4] - * src/exec_pty.c: - init io_pipe[][] to -1, not 0 - [71012940a8f1] + * plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/regress/sudoers/test2.ldif.ok, + plugins/sudoers/regress/sudoers/test6.ldif.ok: + Quote special characters when creating the cn as per RFC2253 + [e49ff28c1fd7] -2017-04-19 Todd C. Miller + * NEWS, configure, configure.ac, doc/UPGRADE: + Sudo 1.8.23 + [e364ed057d1d] - * plugins/sudoers/sssd.c: - In sudo_sss_check_user() it is not possible for handle to be NULL. - [de41ba76a4ce] + * doc/LICENSE: + Remove the C-style comment charactes from the getopt_long.c and + inet_pton.c license text as it was inconsistent with the rest of the + file and messed up the html formatting. + [a26679d2d0a7] - * plugins/sudoers/sssd.c: - Fix a use after free when the fqdn sudoOption is set and no hostname - value is present in sssd.conf. - [716a7c502cc0] + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/sudoers2ldif, + sudo.pp: + Remove sudoers2ldif, it has been replaced by cvtsudoers. + [7563cc3768c2] - * src/sudo.c: - Avoid unused variable when getgrouplist_2() is available. It would - be nicer to just provide getgrouplist_2() (or the equivalent) and - avoid the ugly #ifdefs. - [2c7ac21feb5f] +2018-01-28 Todd C. Miller - * plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, po/nb.mo, - po/nb.po: - sync with translationproject.org - [e91a983f9de6] + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_ldif.c: + Add -b option to specify the base dn. + [7cd4c46c33bf] -2017-04-13 Todd C. Miller + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in: + Document limitations of LDIF conversion. + [e8c84362f084] - * plugins/sudoers/Makefile.in: - regen - [790d9a05f585] + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c: + Switch the default output format to LDIF + [a677c7b72a90] -2017-04-12 Todd C. Miller + * plugins/sudoers/visudo.c: + Execute cvtsudoers if the user runs "visudo -x" but also emit a + warning. + [53ec45a847d2] - * src/ttyname.c: - In sudo_ttyname_scan() if dir is the empty string, set errno to - ENOENT before returning. - [f531ea6e489e] + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/stubs.c, + plugins/sudoers/visudo.c: + Revert 04ec05108b2b, change the default input source back to stdin. + [df8d94f1bab4] -2017-04-11 Todd C. Miller + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/sudoers/test1.ldif.ok, + plugins/sudoers/regress/sudoers/test10.ldif.ok, + plugins/sudoers/regress/sudoers/test11.ldif.ok, + plugins/sudoers/regress/sudoers/test12.ldif.ok, + plugins/sudoers/regress/sudoers/test13.ldif.ok, + plugins/sudoers/regress/sudoers/test14.ldif.ok, + plugins/sudoers/regress/sudoers/test15.ldif.ok, + plugins/sudoers/regress/sudoers/test16.ldif.ok, + plugins/sudoers/regress/sudoers/test17.ldif.ok, + plugins/sudoers/regress/sudoers/test18.ldif.ok, + plugins/sudoers/regress/sudoers/test19.ldif.ok, + plugins/sudoers/regress/sudoers/test2.ldif.ok, + plugins/sudoers/regress/sudoers/test20.ldif.ok, + plugins/sudoers/regress/sudoers/test21.ldif.ok, + plugins/sudoers/regress/sudoers/test3.ldif.ok, + plugins/sudoers/regress/sudoers/test4.ldif.ok, + plugins/sudoers/regress/sudoers/test5.ldif.ok, + plugins/sudoers/regress/sudoers/test6.ldif.ok, + plugins/sudoers/regress/sudoers/test7.ldif.ok, + plugins/sudoers/regress/sudoers/test8.ldif.ok, + plugins/sudoers/regress/sudoers/test9.ldif.ok: + Add LDIF conversion to sudoers tests + [997b79da8874] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Try to make it clear that when match_group_by_gid is enabled, groups - in sudoers are looked up by group name instead of group ID. This - doesn't usually cause problems, but if there are conflicting group - entries (for example, from a local /etc/group file and an LDAP or AD - group database), whether the group is resolved by name or ID can be - used to work around conflicts. - [fe3bfca4fcce] + * plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/regress/sudoers/test19.json.ok: + Add notbefore and notafter support to the backends. + [be50db300eda] -2017-04-07 Todd C. Miller +2018-01-27 Todd C. Miller - * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, po/ja.mo, - po/ja.po: - sync with translationproject.org - [94d36c45e345] + * README.LDAP: + cvtsudoers instead of sudoers2ldif + [3909ea2c29c1] - * plugins/sudoers/regress/parser/check_digest.c: - plug memory leak in check_digest - [40aab9e6e365] + * MANIFEST, doc/cvtsudoers.cat, doc/cvtsudoers.man.in, + doc/cvtsudoers.mdoc.in, plugins/sudoers/Makefile.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_ldif.c: + Add ldif backend to cvtsudoers, to replace sudoers2ldif + [f0e039c63488] - * src/exec.c: - Check return value of dispatch_pending_signals() in case we received - SIGINT or SIGQUIT before executing the command. - [218758d1560d] + * plugins/sudoers/Makefile.in: + fix make check + [2cbedce72e3a] -2017-03-30 Todd C. Miller +2018-01-26 Todd C. Miller - * configure, configure.ac: - back out unintentional change to the version number - [799b396c1c69] + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c: + Parse sudoers in the front end, not the back end. + [30d4e40ed69a] -2017-03-28 Todd C. Miller + * doc/Makefile.in: + install the cvtsudoers manual + [243d319fed1c] - * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, - plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, - plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, - plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, - plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, - plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, - plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, - plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, - plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, - plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo, - po/cs.po, po/da.mo, po/da.po, po/de.mo, po/de.po, po/fr.mo, - po/fr.po, po/hr.mo, po/hr.po, po/it.mo, po/it.po, po/pl.mo, - po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/tr.mo, po/tr.po, po/uk.mo, - po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, po/zh_CN.po: - sync with translationproject.org - [04c4a3ec233d] + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/stubs.c, + plugins/sudoers/visudo.c: + Use the built-in sudoers file location as the default sudoers file + for cvtsudoers and move parse_sudoers_options() to stubs.c since it + is shared between visudo.c and cvtsudoers.c. + [04ec05108b2b] -2017-03-27 Todd C. Miller + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/stubs.c, plugins/sudoers/visudo.c: + Move common stub functions required by the parser out of visudo.c + and cvtsudoers.c and into stubs.c. + [a324cbde55a3] - * configure, configure.ac, plugins/sudoers/Makefile.in, - plugins/sudoers/regress/parser/check_digest.c, - plugins/sudoers/regress/parser/check_digest.out.ok: - Make check_digest test sudo_filedigest() itself instead of the - underlying SHA2 functions. That way we can test it regardless of - whether we use sudo's SHA2 functions or a library version. - [9834b37f1fb0] + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c: + Rename export_sudoers() to convert_sudoers_json() and move the check + for the same input and output file to the front-end. + [7c83c21ea479] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Document that commands matched by "sudo ALL" are not affected by - fdexec. - [7cc3b770a2ff] + * sudo.pp: + add cvtsudoers + [e8ba851cafb4] -2017-03-24 Todd C. Miller + * MANIFEST, doc/Makefile.in, doc/cvtsudoers.cat, + doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, doc/visudo.cat, + doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/Makefile.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c: + Move sudoers JSON conversion to cvtsudoers which will eventually + output to other formats too. + [e64a50657a88] - * NEWS: - Update for 1.8.20 - [14a09000c1dc] + * plugins/sudoers/defaults.c: + Convert from time in minutes to timespec directly instead of + converting to double via strtod(). This makes it easier to catch + overflow. + [0d6ab7c21a15] - * plugins/sudoers/po/sudoers.pot: - regen for restricted_env_file - [81290b370c95] +2018-01-24 Todd C. Miller * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Mention that iolog_user is useful for NFS. - [9c8f9dfdebf0] + document that kernel tty timestamps don't support negative timeouts + [4ff726cf2010] -2017-03-23 Todd C. Miller +2018-01-23 Todd C. Miller - * plugins/sudoers/iolog.c: - Only retry mkdir or create with PERM_IOLOG if errno is EACCES. Also - always use PERM_IOLOG for mkdtemp() since we cannot retry if it - fails. Since we are guaranteed to create a new directory there's no - real need to try w/o PERM_IOLOG in this case. - [c3c67d78e46a] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/timestamp.c: + Fall back to ppid time stamps if timestamp_type == kernel and no tty + is present. This is consistent with timestamp_type == tty. + [26c527166a0c] -2017-03-22 Todd C. Miller + * plugins/sudoers/timestamp.c: + Do not call the TIOCSETVERAUTH ioctl with a negative number of + seconds. Also cap the max number of seconds at 3600 to avoid getting + EINVAL from TIOCSETVERAUTH. + [371744874743] - * plugins/sudoers/iolog.c: - Add fallback to PERM_IOLOG when making the final componenet of - iolog_dir. - [72924e4c8f5d] +2018-01-22 Todd C. Miller - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, - plugins/sudoers/def_data.in, plugins/sudoers/env.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: - Add restricted_env_file which is like env_file but subject to the - same restrictions as the user's own environment. - [ec887cc57a8b] + * plugins/sudoers/defaults.c: + Better conversion from double to nanoseconds. + [2f54790801c8] - * plugins/sudoers/iolog.c: - quiet a warning on older zlib - [bcd3cac968a2] + * plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/mkdefaults, + plugins/sudoers/timestamp.c: + Store passwd_timeout and timestamp_timeout as a struct timespec + instead of as a float. Remove timeout argument to auth_getpass() as + it was never used. + [c4a3c60d0284] - * plugins/sudoers/iolog.c, plugins/sudoers/timestamp.c: - cast mode_t to unsigned int when printing with %o - [f9ca9ead134e] +2018-01-21 Todd C. Miller -2017-03-21 Todd C. Miller + * plugins/sudoers/mkdefaults: + Don't rely on perl being installed in /usr/local/bin + [e3274f56df43] - * plugins/sudoers/po/sudoers.pot: - regen - [f62e81f74d10] +2018-01-17 Todd C. Miller - * plugins/sudoers/iolog.c, plugins/sudoers/mkdir_parents.c, - plugins/sudoers/timestamp.c: - Set umask temporarily when creating files instead of changing the - mode after the fact. This is slightly less error prone. - [a9b4cf336b73] + * config.h.in, configure, configure.ac, lib/util/gettime.c, + lib/util/mktemp.c, lib/util/nanosleep.c, lib/util/utimens.c, + plugins/sudoers/boottime.c, plugins/sudoers/check.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/group_plugin.c, plugins/sudoers/iolog.c, + plugins/sudoers/ldap.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c, + plugins/sudoers/visudo.c, src/net_ifs.c, src/sesh.c, src/sudo.c, + src/sudo_edit.c, src/utmp.c: + Remove use of AC_HEADER_TIME, only obsolete platforms actually need + this. Also stop removing sys/time.h unless the source file uses + struct timeval. + [a744b8a07685] - * plugins/sudoers/iolog.c: - remove now-useless variable - [9a36b2449ac4] + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Remove duplicate options %type + [3ea3c3d477bf] - * plugins/sudoers/mkdir_parents.c: - Don't set owner/mode on directories that already exist, only on - newly-created ones. - [2b616be0e165] +2018-01-16 Todd C. Miller - * plugins/sudoers/iolog.c, plugins/sudoers/mkdir_parents.c: - Explicitly set the file mode of I/O log files so the mode is not - affected by the invoking user's umask. - [ec7d5dd47b6b] + * plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c, + plugins/sudoers/sudoers.h: + Add an approval function to the sudo auth API which is run after the + user's password has been verified. The approval function is run even + if no password is required. This is currently only used for PAM (use + pam_acct_mgmt) and BSD auth (auth_approval). + [cab448ac8633] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/iolog.c, plugins/sudoers/mkdir_parents.c, - plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h, - plugins/sudoers/timestamp.c: - Add PERM_IOLOG so we can create I/O log files on an NFS-mounted - filesystem where root is remapped to an unprivileged user. - [01804a971cd5] +2018-01-15 Todd C. Miller - * plugins/sudoers/mkdir_parents.c: - Restore the '/' in the path before returning if we encounter an - error. - [bb12cfce16fd] + * plugins/sudoers/tsdump.c: + treat uid as unsigned in error message + [2672d4ca3479] - * plugins/sudoers/sssd.c: - zero out nss->handle after it has been freed to make sure we cannot - free it twice - [00d5340b7541] + * MANIFEST, plugins/sudoers/po/fur.mo: + Add missing plugins/sudoers/po/fur.mo file to repo. + [cfa503d7fcd4] -2017-03-20 Todd C. Miller + * NEWS: + Mention new sudoers_timestamp manual. + [f96ad00c4ba4] - * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, - plugins/sudoers/timestamp.c: - When creating the timestamp directory, use the group of the - timestamp owner instead of inheriting the group of the parent - directory. - [7a4a10cafe08] +2018-01-12 Todd C. Miller - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, - plugins/sudoers/def_data.in, plugins/sudoers/iolog.c: - Add iolog_flush option. - [96baa17409cf] + * .hgignore: + ignore tsdump + [39306d37c846] -2017-03-17 Todd C. Miller + * plugins/sudoers/tsdump.c: + Convert from mono time to real time before displaying time stamps. + [12f9e1f5e8e5] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/iolog.c: - Don't allow the user to specify an I/O log file mode that sudo can't - read or write to. I/O logs must always be readable and writable by - the owner. - [b32e2ef04905] +2018-01-11 Todd C. Miller -2017-03-14 Todd C. Miller + * plugins/sudoers/solaris_audit.c: + Use PATH_MAX, not MAXPATHLEN. + [d3c7466aad1d] - * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat, - doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoreplay.cat, - doc/visudo.cat: - Regenerate the cat pages with newer mandoc which formats double - quotes as "foo" instead of ``foo''. - [5f14e527ae05] + * MANIFEST, config.h.in, configure, configure.ac, include/sudo_util.h, + lib/util/Makefile.in, lib/util/ttyname_dev.c, lib/util/util.exp.in, + plugins/sudoers/Makefile.in, plugins/sudoers/check.h, + plugins/sudoers/tsdump.c, src/ttyname.c: + Add tsdump, a simple utility to dump a timestamp file. To build, run + "make tsdump" in the plugins/sudoers directory (it is not built by + default). In order to map the tty device number to a name, + sudo_ttyname_dev() has been moved into libsudo_util. + [b79ae30fe6a4] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Make it clear that I/O logs will be complete even if the command run - by sudo is terminated by a signal. The I/O log buffering just - prevents the logs from being displayed in real-time as the command - is running. - [072fd419ac1e] +2018-01-04 Todd C. Miller -2017-03-13 Todd C. Miller + * plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, po/uk.mo, + po/uk.po: + sync with translationproject.org + [71140a551c60] - * src/exec.c, src/exec_monitor.c, src/signal.c, src/sudo.h: - Replace pipe_nonblock() with pipe2() - [c106b62d7835] + * doc/LICENSE: + Welcome to 2018 + [3ddea360d414] - * MANIFEST, config.h.in, configure, configure.ac, - include/sudo_compat.h, lib/util/Makefile.in, lib/util/pipe2.c, - mkdep.pl: - Emulate pipe2() on systems without it. - [5a183dd380f0] +2017-12-28 Todd C. Miller -2017-03-10 Todd C. Miller + * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/fur.po, plugins/sudoers/po/nb.mo, + plugins/sudoers/po/nb.po, plugins/sudoers/po/zh_CN.mo, + plugins/sudoers/po/zh_CN.po: + sync with translationproject.org + [fbd54c7f59f1] - * plugins/sudoers/auth/kerb5.c: - Fix declaration of sudo_krb5_verify() in the case where - krb5_verify_user() is not present. Bug #777 - [eafd4e2d7c7f] +2017-12-22 Todd C. Miller - * plugins/sudoers/rcstr.c: - Use HAVE_STDBOOL_H to detect systems w/o stdbool.h. Bug #778 - [dbac86777429] + * plugins/sudoers/logging.c: + Silence a clang analyzer false positive. + [bfcdfe2c1376] -2017-03-09 Todd C. Miller + * doc/Makefile.in: + Remove extra $(srcdir)/sudoreplay.man.in target added by mistake. + [7e83806cc17e] - * plugins/sudoers/po/sudoers.pot, po/sudo.pot: - regen - [2fc489ddc143] + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, + plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/ja.mo, + po/ja.po: + sync with translationproject.org + [27cf5abeeb1a] - * src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c: - Move SIGCHLD handling into handle_sigchld() functions and move the - remaining bits of dispatch_signal() into signal_pipe_cb() - [b120f5cfa8cc] + * plugins/sudoers/timestamp.c: + Use a tty lock even for kernel time stamps so we can avoid + simultaneous password prompts. + [90a55098176b] -2017-03-08 Todd C. Miller + * NEWS: + visudo changes + [06c99aab6f7a] - * src/utmp.c: - e_termination should be set to the value of WTERMSIG not WEXITSTATUS - [95f37078ae8f] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, + plugins/sudoers/editor.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c: + Also honor SUDO_EDITOR in visudo. Previously is was only used by + sudoedit. + [9bccc7171a53] -2017-03-07 Todd C. Miller +2017-12-21 Todd C. Miller - * MANIFEST, src/Makefile.in, src/exec_nopty.c, src/sudo.h, - src/tcsetpgrp_nobg.c: - Add tcsetpgrp_nobg() which acts like tcsetpgrp() but returns -1 for - a background process. This is safer than blocking SIGTTOU which - would cause tcsetpgrp() to succeed in the background. - [7ab75c47b8bf] + * plugins/sudoers/sudoers.c: + Stop looking for an editor as soon as we find one. A similar fix was + made to visudo some time ago. + [c6c5d968612a] -2017-03-06 Todd C. Miller + * doc/sudoers_timestamp.cat, doc/sudoers_timestamp.man.in, + doc/sudoers_timestamp.mdoc.in: + The session ID was added in 1.8.6p7 to prevent a user in another + session from re-using the time stamp file. Other minor cleanups. + [f733f7ea97a7] - * src/exec_nopty.c: - Prevent sudo from receiving SIGTTOU when it tries to restore the - controlling terminal. There appears to be a race with the shell - (bash) which we may lose. - [aab018fb9940] - -2017-03-03 Todd C. Miller + * plugins/sudoers/check.h: + "time stamp" not "timestamp" + [af0f2d8b6d52] - * plugins/sudoers/timestamp.c, src/exec_monitor.c: - Add some casts to quiet gcc warnings on Solaris and remove a now- - useless debug printf. - [16c862eab0ce] +2017-12-20 Todd C. Miller - * src/exec_pty.c: - change debug info when suspending sudo - [f5c5ee07f8e3] + * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/timestamp.c: + Add "kernel" as a possible value of timestamp_type. Currently only + supported on OpenBSD. + [ca1a2a03e37d] - * MANIFEST, src/Makefile.in, src/exec.c, src/exec_monitor.c, - src/exec_nopty.c, src/exec_pty.c, src/sudo_exec.h: - Reorganize the command execution code to separate out the pty and - non-pty code paths into their own event loops. The non-pty exec code - is now contained in exec_nopty.c and the pty exec code is split - between exec_pty.c (parent process) and exec_monitor.c (session - leader). This results in a small bit of duplicated code but improves - readability. Some of the duplicated code will fall out in future - changes to the event subsystem (the signal pipe). - [fe239d2a3cbd] + * MANIFEST, doc/Makefile.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, doc/sudoers_timestamp.cat, + doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in, + plugins/sudoers/check.h: + Document the sudoers time stamp file format. + [d3470da8fde9] -2017-02-26 Todd C. Miller +2017-12-19 Todd C. Miller - * lib/util/ttysize.c, src/exec_pty.c: - Remove support for the TIOCGSIZE ioctl. Systems that use this rather - than TIOCGWINSZ are too old for sudo to build on anyway. - [0179b16c70f9] + * plugins/sudoers/regress/starttime/check_starttime.c: + Verify start time of the current process, allowing for some clock + drift. For Linux, process start time is relative to boot time, not + wallclock time. + [4928645eaa1c] -2017-02-24 Todd C. Miller +2017-12-18 Todd C. Miller - * src/exec.c, src/exec_pty.c: - Set the child pid to -1 after we've waited for it and take care to - avoid killing pid -1. This makes it a bit more explicit and removes - the need for a separate variable to track the child's status. Sudo - already stops processing signals after it receives SIGCHLD so it is - not vulnerable to CVE-2017-2616. - [1123704858ae] + * NEWS: + sync + [aeffb7f82e10] -2017-02-22 Todd C. Miller + * plugins/sudoers/po/sudoers.pot: + regen + [8be51858eec1] - * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: - Update the description of strict mode to current reality. Aliases - haven't needed to be defined before they are used since sudo 1.7. - [9dc4ce4ec538] + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/starttime/check_starttime.c: + Trivial test for process start time. We don't try to check the + resulting timespec as it differs by platform. On most it is + wallclock time, on others it is relative to boot time (Linux). + [e74cf3bd4c87] - * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, - plugins/sudoers/regress/visudo/test2.err.ok, - plugins/sudoers/regress/visudo/test3.err.ok, - plugins/sudoers/visudo.c: - Go back to using a Warning/Error prefix in the message printed to - stderr for alias problems. Requested by Tomas Sykora. - [ad4dc6e34222] + * lib/util/Makefile.in: + regen + [6de26735d666] -2017-02-21 Todd C. Miller +2017-12-17 Todd C. Miller - * plugins/sudoers/filedigest.c, plugins/sudoers/filedigest_openssl.c: - fix copyright years - [b9f013f95bb2] + * plugins/sudoers/starttime.c: + Support start time on macOS and 4.4BSD + [81f2eebc7edb] -2017-02-20 Todd C. Miller +2017-12-16 Todd C. Miller - * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/digestname.c, - plugins/sudoers/filedigest.c, plugins/sudoers/ldap.c, - plugins/sudoers/match.c, plugins/sudoers/parse.h, - plugins/sudoers/sssd.c, plugins/sudoers/visudo_json.c: - Move the file digest code out of match.c and into filedigest.c. - Inspired by RedHat changes that used libgcrypt. Also add - digest_type_to_name() to map a sudo digest type (int) to a name - (string) and use it. - [9213d8c94b8f] + * plugins/sudoers/regress/env_match/check_env_pattern.c: + Include sys/types.h for mode_t used in sudoers.h. + [bdff1606f111] - * INSTALL, MANIFEST, configure, configure.ac, mkdep.pl, - plugins/sudoers/Makefile.in, plugins/sudoers/filedigest_openssl.c: - Add support for using the message digest functions in OpenSSL - instead of sudo's own SHA2 implementation. - [d77639c97e43] + * plugins/sudoers/starttime.c: + Fix compilation error on FreeBSD + [2c4962a7812c] - * INSTALL, MANIFEST, configure, configure.ac, mkdep.pl, - plugins/sudoers/Makefile.in, plugins/sudoers/filedigest_gcrypt.c: - Add support for using the message digest functions in libgcrypt - instead of sudo's own SHA2 implementation. - [0259467c38dd] + * plugins/sudoers/starttime.c: + Fix debug_decl(), it should be SUDOERS_DEBUG_UTIL Add debugging for + the successful case For Linux, don't NUL out *ep before parsing with + strtoull(). + * * * Add missing debug info for the System V /proc version. + [2394c6d9375d] - * plugins/sudoers/gmtoff.c: - Check for gmtime() or localtime() returning NULL and just use a zero - offset in that case. Should not be possible. - [ed210dd8bf46] + * MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/Makefile.in, plugins/sudoers/check.h, + plugins/sudoers/starttime.c, plugins/sudoers/timestamp.c: + In the timestamp record, include the start time of the terminal + session leader for tty-based timestamps or the start time of the + parent process for ppid-based timestamps. Idea from Duncan + Overbruck. + [f0964b4cf4ac] -2017-02-18 Todd C. Miller +2017-12-15 Todd C. Miller - * plugins/sudoers/sudoers2ldif: - Add support for ROLE, TYPE, PRIVS, LIMITPRIVS, TIMEOUT, NOTBEFORE - and NOTAFTER. - [d0310b017c78] + * plugins/sudoers/timestamp.c: + If the lock record doesn't match the expected record size we need to + seek to the end of the record as we otherwise may have gone too far + (or not far enough). Fixes interop problems when the time stamp + record changes size. + [e8e4c3815db5] - * config.h.in, configure, configure.ac, plugins/sudoers/timestr.c: - strftime() was in C89 so use it unconditionally. - [87bf66aa18fd] +2017-12-12 Todd C. Miller - * MANIFEST, config.h.in, configure, configure.ac, doc/sudoers.cat, - doc/sudoers.man.in, doc/sudoers.mdoc.in, include/sudo_debug.h, - lib/util/sudo_debug.c, lib/util/util.exp.in, - plugins/sudoers/Makefile.in, plugins/sudoers/gentime.c, - plugins/sudoers/gmtoff.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.h, plugins/sudoers/gram.y, - plugins/sudoers/parse.c, plugins/sudoers/parse.h, - plugins/sudoers/regress/parser/check_gentime.c, - plugins/sudoers/regress/sudoers/test19.in, - plugins/sudoers/regress/sudoers/test19.json.ok, - plugins/sudoers/regress/sudoers/test19.out.ok, - plugins/sudoers/regress/sudoers/test19.toke.ok, - plugins/sudoers/regress/visudo/test10.out.ok, - plugins/sudoers/regress/visudo/test10.sh, - plugins/sudoers/sudoers_version.h, plugins/sudoers/testsudoers.c, - plugins/sudoers/toke.c, plugins/sudoers/toke.l: - Add NOTBEFORE and NOTAFTER command options similar to what is - already available in LDAP. - [3ba0f9567f83] + * src/exec_pty.c: + No need for a loop around the recv() now that we don't have to worry + about EINTR. CID 180697 + [7cb966d69bc6] -2017-02-16 Todd C. Miller + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Try to be clearer about sudo's exit value when the -l option is + used. + [efbddaa576a7] - * plugins/sudoers/po/sudoers.pot, po/sudo.pot: - regen - [f2876eadc1f5] + * NEWS: + sync + [99fc4b347250] - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, include/sudo_plugin.h: - Bump version to 1.11 for timeout entry in settings[] - [7b288e4bab93] + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c, + plugins/sudoers/sssd.c: + An empty RunAsUser means run as the invoking user, similar to how + the sudoers files works. + [576172386594] - * doc/sudo.conf.cat, doc/sudo_plugin.cat, doc/sudoers.ldap.cat, - doc/sudoreplay.cat, doc/visudo.cat: + * doc/sudoers.cat, doc/sudoers.man.in: regen - [8c059a57d367] + [9b6d0064f410] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat, - doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, - plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, - plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, src/parse_args.c, src/sudo_usage.h.in: - Add a command line option to specify the command timeout, as long as - sudoers does not specify a shorter time limit. - [a8ef7f923d0a] +2017-12-11 Todd C. Miller -2017-02-15 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/logging.c: + Add authfail_message sudoers option to allow the user to override + the default message of %d incorrect password attempt(s). + [f11e9d64a6da] - * plugins/sudoers/gram.c, plugins/sudoers/gram.y: - Better error message when the timeout value does not parse. - [2360fb093e3e] + * plugins/sudoers/policy.c, src/parse_args.c: + Allow the plugin to determine whether or not an empty timeout is + allowed. For sudoers, an error will be returned for an empty + timeout. + [26511c049fb1] * plugins/sudoers/timeout.c: - set errno to ERANGE not EOVERFLOW on range error - [9654e1acab0d] + Return an error for an empty timeout string. Just use strtol() for + syntax checking instead of scanning with strspn(). + [1fa1b712fbcc] -2017-02-14 Todd C. Miller + * src/parse_args.c, src/sudo_edit.c: + Change some _() into U_() since they are used for warn/fatal. We + always want to issue warnings in the user's locale. + [684331aee66e] - * plugins/sudoers/Makefile.in: - regen - [46a124dd72aa] + * Makefile.in: + update my email address + [b4ec26be6203] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/gram.c, plugins/sudoers/gram.h, - plugins/sudoers/gram.y, plugins/sudoers/parse.h: - Merge command tags, SELinux type/role and Solaris privs settings - into "command options". This relaxes the order of things so tags and - other options can be interspersed. - [0970fd78cbe8] +2017-12-10 Todd C. Miller - * MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c, - plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, - plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, - plugins/sudoers/gram.c, plugins/sudoers/gram.h, - plugins/sudoers/gram.y, plugins/sudoers/ldap.c, - plugins/sudoers/mkdefaults, plugins/sudoers/parse.c, - plugins/sudoers/parse.h, plugins/sudoers/policy.c, - plugins/sudoers/regress/sudoers/test17.in, - plugins/sudoers/regress/sudoers/test17.json.ok, - plugins/sudoers/regress/sudoers/test17.out.ok, - plugins/sudoers/regress/sudoers/test17.toke.ok, - plugins/sudoers/regress/sudoers/test18.in, - plugins/sudoers/regress/sudoers/test18.json.ok, - plugins/sudoers/regress/sudoers/test18.out.ok, - plugins/sudoers/regress/sudoers/test18.toke.ok, - plugins/sudoers/testsudoers.c, plugins/sudoers/timeout.c, - plugins/sudoers/toke.c, plugins/sudoers/toke.l, - plugins/sudoers/visudo_json.c: - Add support for command timeouts in sudoers. After the timeout, the - command will be terminated. - [a36a748e9324] - - * doc/fixman.sh, doc/fixmdoc.sh, doc/sudoers.cat, doc/sudoers.man.in, - doc/sudoers.mdoc.in, plugins/sudoers/gram.c, plugins/sudoers/gram.h, - plugins/sudoers/gram.y, plugins/sudoers/parse.h: - Split out tags again so they must precede the command and not allow - them to be mixed in with options. - [e7e7d60316cc] + * log2cl.pl: + Don't print mercurial branch info for merges. + [489881774e52] - * plugins/sudoers/gram.c, plugins/sudoers/gram.y: - Only inherit SELinux role/type and Solaris privilege sets if the - command does not include any. Previously, a command with only a role - would inherit a type from the previous command which is not what was - intended. - [171a3ad972e7] + * log2cl.pl: + Use log size instead of using a separator between the log entry and + the file names. + [620c231f789b] - * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - List SELinux role/type for "sudo -l" with LDAP and SSSd backends. - Also fix printing of the timeout. - [740723a49ab5] + * src/parse_args.c: + Print usage and return an error when an empty argument is given for + all command line arguments other than -p and -E. Bug #817 + [143be1bc8316] - * plugins/sudoers/gram.c, plugins/sudoers/gram.y: - Plug some memory leaks found by ASAN. - [08189098a5b6] + * plugins/sudoers/policy.c: + Better input validation of settings passed by the sudo front-end. + Instead of ignoring an empty setting, throw an error. + [93cc4f4761f3] - * plugins/sudoers/Makefile.in: - Only inhibit ASAN leak detector for tests that result in a parse - error. The parser cannot currently clean up completely on error. - [b2f82dcd2545] + * log2cl.pl: + Treat a blank line in a commit message as a line break. There + doesn't appear to be a way to make perl's format use a blank field + but at least the line break happens now. + [fbc3ff819341] - * plugins/sudoers/rcstr.c: - supress cppcheck memory leak false positive - [e0caf2275a44] +2017-12-09 Todd C. Miller - * lib/util/strtoid.c: - fix typo that prevented compilation on FreeBSD - [27866f6a2b5e] + * MANIFEST, Makefile.in, log2cl.pl: + Add script to generate ChangeLog from git log output. + [e8bfbd1ae6ef] -2017-02-13 Todd C. Miller +2017-12-08 Todd C. Miller - * lib/util/Makefile.in: - Link vsyslog.lo directly into vsyslog_test to make sure the syslog() - stub gets called. Otherwise, the real syslog will get called via - libutil on AIX. - [693bc8411a98] + * plugins/sudoers/defaults.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h: + Don't include syslog.h from logging.h, just include it in the two .c + files it is actually needed. + [9ffc5ca9eb49] - * lib/util/regress/vsyslog/vsyslog_test.c: - Fix final test with a format > 2048 bytes. Keep track of tests run - in the syslog() stub so we can detect if the stub is not being - called. - [d10d784446c1] +2017-12-06 Todd C. Miller - * lib/zlib/deflate.c: - avoid redefining the MIN macro - [45b7b0ba0f01] + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Document that in check mode, visudo does not check the owner/mode on + files specified with the -f flag. + [f5d86019e4c7] - * plugins/sudoers/parse.h, plugins/sudoers/timestr.c: - Include parse.h in timestr.c which is where function prototype - lives. - [3ec9ec84a84c] +2017-12-03 Todd C. Miller - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: - Fix for including a sudoers file that begins with the letter 'i'. - The hack to determine whether we are parsing an include or - includedir is no longer safe now that relative include paths are - permitted. Bug #776. - [4d9691a43867] + * Makefile.in, configure.ac, doc/HISTORY, doc/LICENSE, + doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, + doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudo.man.in, + doc/sudo.mdoc.in, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.man.in, + doc/sudoreplay.mdoc.in, doc/visudo.man.in, doc/visudo.mdoc.in, + examples/Makefile.in, include/Makefile.in, + include/compat/charclass.h, include/compat/endian.h, + include/compat/fnmatch.h, include/compat/nss_dbdefs.h, + include/compat/sha2.h, include/sudo_compat.h, include/sudo_conf.h, + include/sudo_debug.h, include/sudo_dso.h, include/sudo_event.h, + include/sudo_fatal.h, include/sudo_gettext.h, include/sudo_lbuf.h, + include/sudo_plugin.h, include/sudo_util.h, lib/util/Makefile.in, + lib/util/aix.c, lib/util/closefrom.c, lib/util/event.c, + lib/util/event_poll.c, lib/util/event_select.c, lib/util/fatal.c, + lib/util/getgrouplist.c, lib/util/gethostname.c, lib/util/getline.c, + lib/util/getopt_long.c, lib/util/gettime.c, lib/util/gidlist.c, + lib/util/glob.c, lib/util/isblank.c, lib/util/key_val.c, + lib/util/lbuf.c, lib/util/locking.c, lib/util/memrchr.c, + lib/util/memset_s.c, lib/util/mksiglist.c, lib/util/mksigname.c, + lib/util/mktemp.c, lib/util/nanosleep.c, lib/util/parseln.c, + lib/util/pipe2.c, lib/util/progname.c, lib/util/pw_dup.c, + lib/util/regress/atofoo/atofoo_test.c, + lib/util/regress/fnmatch/fnm_test.c, + lib/util/regress/glob/globtest.c, + lib/util/regress/parse_gids/parse_gids_test.c, + lib/util/regress/progname/progname_test.c, + lib/util/regress/strsplit/strsplit_test.c, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_parseln/parseln_test.c, + lib/util/regress/tailq/hltq_test.c, + lib/util/regress/vsyslog/vsyslog_test.c, lib/util/secure_path.c, + lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c, + lib/util/snprintf.c, lib/util/strlcat.c, lib/util/strlcpy.c, + lib/util/strndup.c, lib/util/strnlen.c, lib/util/strsignal.c, + lib/util/strsplit.c, lib/util/strtobool.c, lib/util/strtoid.c, + lib/util/strtomode.c, lib/util/strtonum.c, lib/util/sudo_conf.c, + lib/util/sudo_debug.c, lib/util/sudo_dso.c, lib/util/term.c, + lib/util/ttysize.c, lib/util/utimens.c, lib/util/vsyslog.c, + lib/zlib/Makefile.in, m4/sudo.m4, mkdep.pl, mkpkg, pathnames.h.in, + plugins/group_file/Makefile.in, plugins/group_file/getgrent.c, + plugins/group_file/group_file.c, plugins/group_file/plugin_test.c, + plugins/sample/Makefile.in, plugins/sample/sample_plugin.c, + plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, + plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/base64.c, + plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/bsm_audit.h, plugins/sudoers/check.c, + plugins/sudoers/check.h, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/digestname.c, + plugins/sudoers/editor.c, plugins/sudoers/env.c, + plugins/sudoers/env_pattern.c, plugins/sudoers/filedigest.c, + plugins/sudoers/filedigest_gcrypt.c, + plugins/sudoers/filedigest_openssl.c, plugins/sudoers/find_path.c, + plugins/sudoers/gc.c, plugins/sudoers/gentime.c, + plugins/sudoers/getspwuid.c, plugins/sudoers/gmtoff.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/hexchar.c, plugins/sudoers/ins_2001.h, + plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h, + plugins/sudoers/ins_goons.h, plugins/sudoers/insults.h, + plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, + plugins/sudoers/iolog.c, plugins/sudoers/iolog.h, + plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/linux_audit.h, + plugins/sudoers/locale.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/logwrap.c, + plugins/sudoers/match.c, plugins/sudoers/match_addr.c, + plugins/sudoers/mkdir_parents.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/po/sudoers.pot, + plugins/sudoers/policy.c, plugins/sudoers/prompt.c, + plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/rcstr.c, + plugins/sudoers/redblack.c, plugins/sudoers/redblack.h, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/env_match/check_env_pattern.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/regress/parser/check_gentime.c, + plugins/sudoers/regress/parser/check_hexchar.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h, + plugins/sudoers/sudo_printf.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoers2ldif, + plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoers_debug.h, + plugins/sudoers/sudoers_version.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/timeout.c, + plugins/sudoers/timestamp.c, plugins/sudoers/timestr.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h, + plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, + plugins/system_group/Makefile.in, + plugins/system_group/system_group.c, po/sudo.pot, src/Makefile.in, + src/conversation.c, src/env_hooks.c, src/exec.c, src/exec_common.c, + src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, src/get_pty.c, + src/hooks.c, src/load_plugins.c, src/net_ifs.c, src/openbsd.c, + src/parse_args.c, src/preload.c, src/preserve_fds.c, + src/regress/noexec/check_noexec.c, + src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c, + src/signal.c, src/solaris.c, src/sudo.c, src/sudo.h, + src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c, + src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tcsetpgrp_nobg.c, + src/tgetpass.c, src/ttyname.c, src/utmp.c, sudo.pp: + update my email to Todd.Miller@sudo.ws + [96110003e904] -2017-02-10 Todd C. Miller +2017-12-02 Todd C. Miller - * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: - Display the value of syslog_maxlen in sudo -V output. - [0841ad36531c] + * plugins/sudoers/sudoreplay.c: + Add missing carriage return before prompt when replay is done. + [cf4b8bfcb3dd] -2017-02-06 Todd C. Miller + * src/exec_pty.c: + Track window size changes that happen while sudo is suspended + [cae06f75bde9] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, - plugins/sudoers/def_data.in, plugins/sudoers/defaults.c: - Add ignore_unknown_defaults flag to ignore unknown Defaults entries - in sudoers instead of producing a warning. - [a7fdb44677dd] +2017-12-01 Todd C. Miller -2017-01-27 Todd C. Miller + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [26ae754b8416] - * plugins/sudoers/match.c: - Always set the close-on-exec bit on the fd used to generate the - digest (i.e. the command to run) on systems that lack fexecve(2). - That way we don't need to explicitly close it using #ifdefs. - [f840a22fac1c] + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoreplay.cat, + doc/visudo.cat: + regen for sudo 1.8.22 + [596d82da0158] - * plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po, - plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, - plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, - plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, - plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, po/ca.mo, - po/ca.po, po/eo.mo, po/eo.po, po/sv.mo, po/sv.po: - sync with translationproject.org - [57e877674892] - - * NEWS: - first updates for 1.8.20 - [118208688b08] + * NEWS, configure, configure.ac: + Sudo 1.8.22 + [6b32c2f5d020] - * configure, configure.ac: - sudo 1.8.20 - [6cba125ea903] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Background processes started by the command will no longer receive + SIGHUP. + [47bcc3ae4362] -2017-01-25 Todd C. Miller + * src/exec_monitor.c: + When the command completes, make the monitor the foreground process + group before informing the main sudo process of the command's exit + status. This will prevent processes started by the command (which + runs in a different process group) from receiving SIGHUP since the + kernel sends SIGHUP to the foreground process group associated with + the terminal session. The monitor has a SIGHUP handler installed so + the signal is effectively ignored. + [9e163efe4afb] - * doc/LICENSE, lib/zlib/adler32.c, lib/zlib/compress.c, - lib/zlib/crc32.c, lib/zlib/deflate.c, lib/zlib/deflate.h, - lib/zlib/gzguts.h, lib/zlib/gzlib.c, lib/zlib/gzread.c, - lib/zlib/gzwrite.c, lib/zlib/infback.c, lib/zlib/inffast.c, - lib/zlib/inflate.c, lib/zlib/inflate.h, lib/zlib/inftrees.c, - lib/zlib/trees.c, lib/zlib/uncompr.c, lib/zlib/zconf.h.in, - lib/zlib/zlib.exp, lib/zlib/zlib.h, lib/zlib/zutil.c, - lib/zlib/zutil.h: - update zlib to version 1.2.11 - [75a563663083] + * src/sudo.c: + Add debug printfs around group list retrieval. + [5f307b00153b] -2017-01-23 Todd C. Miller +2017-11-30 Todd C. Miller - * plugins/sudoers/match.c: - Fix fdexec=never when a digest is present. - [49d3ab5baad0] + * src/exec_pty.c: + Move call to sudo_ev_loopcontinue() into schedule_signal() itself. + We always want to prioritize signal forwarding. + [4b25dc24038b] -2017-01-22 Todd C. Miller + * src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c: + Don't loop over read/write, recv/send or tcgetpgrp/tcsetpgrp trying + to handle EINTR. We now use SA_RESTART with signals so this is not + needed and is potentially dangerous if it is possible to receive + SIGTTIN or SIGTTOU (which it currently is not). + [ba6885b57891] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, - plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, - plugins/sudoers/match.c: - Add new fdexec sudoers setting to allow choose whether execve() or - fexecve() is used. - [6a7623aa9a64] +2017-11-29 Todd C. Miller - * src/exec.c, src/exec_pty.c: - Close execfd in parent processes where it is not needed. - [f44e334d43e2] + * src/exec_monitor.c, src/signal.c: + Sprinkle some extra debugging printfs + [bf33574bc603] -2017-01-21 Todd C. Miller + * src/exec_pty.c: + We don't need to be the foreground process to be able to write to + the terminal in most cases. If the background process tries to + modify the terminal flags it will receive SIGTTOU which is relayed + to the sudo front-end. This currently mishandles terminals with the + TOSTOP local flag set. + [3fc25570d482] - * plugins/sudoers/match.c: - Add support for digest matching when the command is a glob-style - pattern or a directory. For example: + * src/exec_pty.c: + Handle receipt of SIGTTIN/SIGTTOU when reading/writing from/to the + tty. We can't use a signal event for these since that would restart + the system call after the signal was handled and the callback would + not get a chance to run. Fixes running a command in the background + that write to the tty when the TOSTOP terminal flag is set. + [5ac68f05249a] - millert ALL = sha224:TmUvLkp3a2txliSC2X6CiK42626qdKsH72m/PQ== /bin/ - millert ALL = sha224:TmUvLkp3a2txliSC2X6CiK42626qdKsH72m/PQ== /bin/* +2017-11-28 Todd C. Miller - would only match /bin/ls (assuming the digest matches). + * plugins/sudoers/sssd.c: + Avoid a double free when ipa_hostname is set in sssd.conf and it is + an unqualified host name. From Daniel Kopecek. - Previously, only explicit path matches checked the digest. - [d4f6822ba9bb] + Also move the "unable to allocate memory" warning into + get_ipa_hostname() itself to make it easier to see where the + allocation failed in the debug log. + [14dacdea3319] -2017-01-17 Todd C. Miller + * plugins/sudoers/ldap.c, plugins/sudoers/policy.c, + plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + When running a command as the invoking user we cannot use the gid + list from the front-end since it may not correspond to the user's + aux group vector as defined by the group database. + [b456101fe509] - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c: - Add support for SASL_MECH in ldap.conf; Bug #764 - [d057bb7f2ddc] + * lib/util/regress/fnmatch/fnm_test.c, + lib/util/regress/glob/globtest.c, + plugins/sudoers/regress/env_match/check_env_pattern.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_gentime.c, + plugins/sudoers/regress/parser/check_hexchar.c: + Add missing initprogname() calls. + [ad4f8d236d89] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Fix documentation bug, the contents of env_file have never been - subject to env_keep or env_check. However, variables are only added - if they have not already been preserved. - [4483b1b44709] +2017-11-21 Todd C. Miller - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - examples/sudoers: - Safer example for rule that can change non-root passwords. GNU - getopts allows options to follow arguments so we need to be able to - deny things like "passwd root -q". From Paul "Joey" Clark. Bug #772 - [c809f1372811] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Better describe things when a command is run in a pty. + [0f34fc342ab5] -2017-01-16 Todd C. Miller +2017-11-16 Todd C. Miller * plugins/sudoers/ldap.c: - Don't overwrite the return value of ldap_sasl_interactive_bind_s() - by the subsequent call to sudo_set_krb5_ccache_name(). From Paul - Zirnik of SUSE. - [448baff2b586] - - * plugins/sudoers/env.c: - In sudo_unsetenv_nodebug(), decrement envp.env_len after removing - the variable. From Paul Zirnik of SUSE. - [3d87a008671c] + Plug some memory leaks on error, some found by the clang static + analyzer. + [62844cc145b6] -2017-01-15 Todd C. Miller +2017-11-15 Todd C. Miller - * lib/util/Makefile.in: - only run vsyslog_test if it exists - [5323dfcfb009] + * plugins/sudoers/parse.c: + Avoid calling cmnd_matches() in list/verify mode if we already have + a match. + [5bddfc911065] - * MANIFEST, configure, configure.ac, lib/util/Makefile.in, - lib/util/regress/vsyslog/vsyslog_test.c: - Add regress for vsyslog replacement. - [1f767b8f5940] + * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/sssd.c: + In list (-l) or verify (-v) mode, if we have a match but + authentication is required, clear FLAG_NOPASSWD so that when + listpw/verifypw is set to "all" and there are multiple sudoers + sources a password will be required unless none of the entries in + all sources require authentication. From Radovan Sroka of RedHat + [edac7222600a] -2017-01-13 Todd C. Miller + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + When checking the results for "sudo -l" and "sudo -v", keep checking + even after we get a match since the value of doauth may depend on + evaluating all the results. From Radovan Sroka of RedHat. + [ae0704445bd4] - * .hgtags: - Added tag SUDO_1_8_19p2 for changeset fb029d0665cd - [9334c7cef133] <1.8> +2017-11-14 Todd C. Miller - * NEWS, config.h.in, configure, configure.ac, lib/util/Makefile.in, - plugins/sudoers/Makefile.in, plugins/sudoers/logging.c, - plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/exec_pty.c, - src/sudo.c: - merge sudo 1.8.19p2 from tip - [fb029d0665cd] [SUDO_1_8_19p2] <1.8> + * plugins/sudoers/sudoers.c: + If passwd_tries is less than 1, check_user() will always return + false (since the user didn't authenticate). The normal reason for + this is an authentication error but in this case no authentication + was tries so no warning message has been displayed to the user. If + the user wasn't given a chance to authenticate, set inform_user to + true when calling log_denial() from sudoers_policy_main(). - * configure, configure.ac: - Define HAVE_NANOSLEEP if we find nanosleep in librt - [ec8d949bf411] + An alternate approach would be for check_user() to return true in + this case but seems more confusing. + [c8be95b46e9d] - * configure, configure.ac: - sudo_nanosleep not nanosleep in util.exp.in - [18a3bca78962] +2017-10-22 Todd C. Miller - * configure, configure.ac: - add nanosleep to util.exp.in if needed - [6ac2e9266d67] + * doc/TROUBLESHOOTING: + Document bash shell alias issue with "sudo -i". + [8affa5376277] - * NEWS, configure, configure.ac: - sudo 1.8.19p2 - [9c15593a007a] +2017-10-20 Todd C. Miller - * lib/util/vsyslog.c: - Double the size of new_fmt[] and remove an extraneous break in the - %m handling that was leftover from an earlier edit. - [fcb28dc9cd4e] + * plugins/sudoers/policy.c: + Return an error if the sudo front end doesn't set the user name, + user ID, group ID or host name. Bug #807 + [03e281d93fff] - * lib/util/vsyslog.c: - Fix typo, want vsnprintf not snprintf. - [2717f2125ecd] + * lib/util/gethostname.c: + Treat an empty hostname as a failure and return NULL. + [fafb3a3083cb] - * plugins/sudoers/logging.c: - move va_start() in mysyslog() - [b58ec40bbfc3] +2017-10-17 Todd C. Miller - * plugins/sudoers/sudoers.c: - Only treat failure of expand_iolog_path() as fatal if - ignore_iolog_errors is not set. - [1ba009311cf7] + * plugins/sudoers/sudoers2ldif: + Add support for #include and #includedir from Natale Vinto. + [926deea0d506] -2017-01-12 Todd C. Miller +2017-10-14 Todd C. Miller - * MANIFEST, config.h.in, configure, configure.ac, - include/sudo_compat.h, lib/util/Makefile.in, lib/util/nanosleep.c, - mkdep.pl, src/exec_pty.c: - When waiting for the parent to grant us the tty, use nanosleep - instead of spinning to avoid hogging the CPU. - [76335b380d7c] + * doc/CONTRIBUTORS: + Minor corrections from Tae Wong + [dbc5ee98ffa6] - * src/sudo.c: - Use ROOT_UID instead of 0 - [5ed03a4e0b0b] +2017-10-12 Todd C. Miller -2017-01-09 Todd C. Miller - - * plugins/sudoers/Makefile.in: - regen - [99b26e2c523d] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Add a warning that for "sudo -i command" and "sudo -s command" the + shell is not run in interactive mode which may change its behavior. + [76c19db05a1e] -2017-01-07 Todd C. Miller +2017-09-26 Todd C. Miller - * MANIFEST, plugins/sudoers/interfaces.c, - plugins/sudoers/regress/visudo/test9.out.ok, - plugins/sudoers/regress/visudo/test9.sh, plugins/sudoers/visudo.c: - Fix crash in visudo introduced in sudo 1.8.9 when an IP address or - network is used in a host-based Defaults entry. Bug #766 - [ff9001f126b5] + * include/sudo_compat.h, src/exec_pty.c: + Fix stair-stepped output when the output of a sudo command is piped + to another command and use_pty is set. + [e91e3f12d2d4] -2017-01-05 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + env_keep and env_check are also taken into account with "sudo -i". + Bug #806 + [5f5568c6fdd9] - * configure, configure.ac, doc/LICENSE: - Avoid using the system strnlen/strndup on AIX < 6. Even if configure - correctly detects it is working on the build machine, the sudo - package may be run on a system with an old libc were it is broken. - [28d148db0aaa] +2017-09-18 Todd C. Miller -2016-12-20 Todd C. Miller + * INSTALL, config.h.in, configure, configure.ac, + plugins/sudoers/ins_classic.h: + Make PC insults the default and add new configure option, enable- + offensive-insults, to enable the offensive insults. + [eb264d342601] - * .hgtags: - Added tag SUDO_1_8_19p1 for changeset a5ec3e40ef02 - [c2b75b22696b] <1.8> +2017-09-14 Todd C. Miller - * NEWS, configure, configure.ac: - merge sudo 1.8.19p1 from tip - [a5ec3e40ef02] [SUDO_1_8_19p1] <1.8> + * doc/CONTRIBUTORS: + Add missing translators from recent updates and one name change. + [20828c25ad92] - * NEWS, configure, configure.ac: - sudo 1.8.19p1 - [7bfd43fa5caf] +2017-09-07 Todd C. Miller - * plugins/sudoers/defaults.c: - Fix logic bug when matching syslog priority and facility. - [576cc9eb850f] + * MANIFEST, plugins/sudoers/po/fur.po, plugins/sudoers/po/hr.mo, + plugins/sudoers/po/hr.po, plugins/sudoers/po/sv.mo, + plugins/sudoers/po/sv.po, po/hr.mo, po/hr.po, po/sv.mo, po/sv.po: + sync with translationproject.org + * * * sync with translationproject.org + [24bb066fa19f] - * doc/HISTORY: - Dell spun off Quest so simplify the history by just talking about - Quest and not Dell. - [a66120495435] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + More accurately describe the use_pty option now that its behavior + has changed with respect to interposition with a pipe. Also describe + some caveats with log_input. + [a87056499931] -2016-12-19 Todd C. Miller + * doc/UPGRADE: + Document changes in use_pty behavior when no terminal is present. + [a4b978693178] - * doc/LICENSE: - Fix copyright year - [3122e55195a6] + * src/exec_pty.c: + Set ec->cmnd_pid to the correct value when receiving the command's + process ID from the monitor. + [a624309ba848] - * NEWS: - typo - [ffe9e84928b6] + * src/exec.c, src/exec_nopty.c, src/exec_pty.c, src/sudo_exec.h: + If /dev/tty is not available and no I/O logging plugins are + configured, fall back on exec_nopty() even if the policy plugin + requested a pty. We never allocate a pty when sudo is not run from a + terminal anyway. + [c9b9c6c4e0ad] -2016-12-18 Todd C. Miller + * src/exec_pty.c: + Do not set utmp_user if we did not actually allocate a pty. + [aa8e0fdea32b] - * .hgtags: - Added tag SUDO_1_8_19 for changeset d3677b10ea55 - [9c8110b69af0] <1.8> +2017-09-06 Todd C. Miller - * INSTALL, NEWS, config.h.in, configure, configure.ac, doc/sudo.cat, - doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.man.in, - doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, - doc/visudo.man.in, lib/util/Makefile.in, mkpkg, - plugins/group_file/Makefile.in, plugins/sudoers/Makefile.in, - plugins/sudoers/aixcrypt.exp, plugins/sudoers/auth/passwd.c, - plugins/sudoers/env.c, plugins/sudoers/iolog.c, - plugins/sudoers/logging.c, plugins/sudoers/po/sudoers.pot, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, - po/sudo.pot, src/Makefile.in, src/exec_pty.c, src/load_plugins.c, - src/parse_args.c, src/sudo.c: - merge sudo 1.8.19 from tip - [d3677b10ea55] [SUDO_1_8_19] <1.8> + * NEWS, configure, configure.ac: + sudo 1.8.21p2 + [94d18888e7c4] - * include/sudo_compat.h: - HAVE_DECL_GETGROUPLIST_2 is always defined if HAVE_GETGROUPLIST_2 - is, we need to check its value, not whether it is defined. - [849eb3113149] + * src/exec.c: + sudo_terminated() should not return true when SIGCHLD is pending. + Bug #801 + [57f636b6489f] -2016-12-15 Todd C. Miller + * src/tgetpass.c: + Set SIGCHLD handler to SIG_DFL before forking the askpass command + and restore after. Otherwise, SIGCHLD will end up in the list of + pending signals and sudo_execute() will not execute the command. + [c171eeabdc72] - * plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po: - sync with translationproject.org - [abf5d356a33b] + * lib/util/event.c: + The read and write sides of signal_pipe[] were swapped, resulting in + EBADF reading from and writing to the signal pipe on Linux and + probably others. On systems with bidirectional pipes this was not an + issue. + [7668f93e6544] -2016-12-13 Todd C. Miller +2017-09-05 Todd C. Miller - * configure, plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, - plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, - plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, - plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, - plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, - plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, - plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, - plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, - plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, - plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, - plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, - plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/sr.mo, - po/sr.po: - sync with translationproject.org - [fec672d5a4c7] + * plugins/sudoers/auth/pam.c: + Fix a logic error in 96651906de42 which prevented sudo from using + the PAM-supplied prompt. Bug #799 + [6ee5cc13af69] - * config.h.in, configure.ac, include/sudo_compat.h, - plugins/sudoers/pwutil_impl.c, src/sudo.c: - Use getgrouplist_2() on macOS if available. - [3bf58af56d18] +2017-09-01 Todd C. Miller -2016-12-03 Todd C. Miller + * NEWS, configure, configure.ac: + Sudo 1.8.21p1 + [7e6bf56cb06c] - * plugins/sudoers/po/sudoers.pot: - regen - [3f4d52230317] + * mkpkg: + The Fedora sudo package uses /etc/ldap.conf not /etc/sudo-ldap.conf. + [7b4e6f50e138] - * plugins/sudoers/interfaces.c: - In set_interfaces() treat a parse error as fatal. - [7d0048108b1d] + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + The fix for matching when no sudoRunAsUser is present in a sudoRole + was incomplete. If no -g option was specified on the command line + but sudoRunAsGroup is present in a sudoRole, we need to treat the + group match as failed instead of missing. + [3aaeeebd924c] -2016-12-02 Todd C. Miller + * plugins/sudoers/check.c, plugins/sudoers/defaults.c: + Sprinkle a few more debugging printfs. + [f7a40f9985cf] - * lib/util/regress/atofoo/atofoo_test.c: - Fix a clang warning on macOS - [58e9d192e907] + * plugins/sudoers/sudoreplay.c: + Fix replaying sessions that contain input logs. When the inter- + record timeout expires we need to read the next record if there is + nothing to output. + [443b329ddc60] -2016-12-01 Todd C. Miller + * doc/visudo.cat: + regen + [7ace4ac32116] - * plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, - plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/ko.mo, - po/ko.po, po/vi.mo, po/vi.po: - sync with translationproject.org - [99cce0f5fddc] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Fix typo (Auguest vs. August). From David Pocock. + [98a792ff1c90] - * NEWS: - update for 1.8.19b2 - [18cfc9b8b8e7] +2017-08-31 Todd C. Miller - * plugins/sudoers/timestamp.c: - Ignore a boot time that is in the future, which can happen when the - clock is corrected down after boot. Otherwise, the timestamp file - will be unlinked each time sudo is run and a password is always - required. - [dd3b2b7ae709] + * plugins/sudoers/sudo_nss.c: + Go back to returning true from display_privs() on non-error. This + results in "sudo -U otheruser -l" exiting with a status of 0 even + when otheruser is not allowed to run commands. This is appropriate + since the "sudo -l" command was successful. This does not change the + exit value when otheruser runs "sudo -l" themselves, the exit status + will be 1 since that user is not allowed to run commands. Requested + by Radovan Sroka. + [055b78015fcb] -2016-11-30 Todd C. Miller + * plugins/sudoers/ldap.c: + Fix the pass2 ldap query string when no search filter is defined. + Due to the addition of "(sudoUser=*)" to the query we always need + the AND operator, even if no search filter is present. + [631243487d27] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, - plugins/sudoers/defaults.c, plugins/sudoers/logging.c: - Allow syslog priority to be negated or set to "none" to disable - logging successes or failures. - [624eddac4ab1] +2017-08-29 Todd C. Miller - * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, - plugins/sudoers/sudoreplay.c: - Allow stdin and ttyin to be displayed too. The only one that is - really useful in sudoreplay is stdin when input is from a pipe. - [5aa8b3a90c84] + * src/exec_nopty.c: + Don't forward SIGINFO to the child when it is send by the kernel + (not another user process). This is consistent with the handling of + other keyboard-generated signals such as SIGINT, SIGQUIT and + SIGTSTP. Bug #796 + [29603b0a4315] - * src/regress/noexec/check_noexec.c: - Solaris 10 wordexp() returns 127 on execve() failure like popen() - does. - [f927c50dda17] +2017-08-23 Todd C. Miller - * config.h.in, configure, configure.ac, include/sudo_debug.h, - lib/util/regress/atofoo/atofoo_test.c, lib/util/strtoid.c, - lib/util/sudo_debug.c, lib/util/util.exp.in: - id_t is 64-bits on FreeBSD so use strtoll() there. Fixes the strtoid - regress. - [448a9857e89f] + * sudo.pp: + Fix path to LICENSE and NEWS files that get used in the installer. + Previously, the installed versions were used instead of the ones in + the destdir. + [689a5806f2de] -2016-11-29 Todd C. Miller +2017-08-20 Todd C. Miller - * NEWS: - fix typo - [92ea657a87f5] + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, po/fi.mo, + po/fi.po: + sync with translationproject.org + [32a0f3bbba31] - * plugins/sudoers/sudoers.c: - Fix the "all" setting for verifypw and listpw; nopass would never be - true even if all the user's entries had the NOPASSWD tag. Regression - introduce in sudo 1.8.17. Bug #762 - [c672e3ebfbe2] +2017-08-18 Todd C. Miller -2016-11-28 Todd C. Miller + * po/es.mo, po/es.po: + sync with translationproject.org + [bfa5659d66f2] - * plugins/sudoers/po/ca.mo, plugins/sudoers/po/cs.mo, - plugins/sudoers/po/cs.po, plugins/sudoers/po/da.mo, +2017-08-12 Todd C. Miller + + * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, po/it.mo, + po/it.po: + sync with translationproject.org + [05cd6ff68a4b] + +2017-08-11 Todd C. Miller + + * NEWS: + Preserving environment variables on the command line was bug #279 + [46f2c7931a84] + +2017-08-10 Todd C. Miller + + * MANIFEST, NEWS, doc/CONTRIBUTORS, po/fur.mo, po/fur.po: + Add Friulian translation for sudo from Fabio Tomat via + translationproject.org + [77fdb76e83c8] + +2017-08-08 Todd C. Miller + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, - plugins/sudoers/po/el.mo, plugins/sudoers/po/eo.mo, - plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo, - plugins/sudoers/po/fr.mo, plugins/sudoers/po/hr.mo, - plugins/sudoers/po/hr.po, plugins/sudoers/po/hu.mo, - plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, - plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, - plugins/sudoers/po/lt.mo, plugins/sudoers/po/nb.mo, - plugins/sudoers/po/nb.po, plugins/sudoers/po/nl.mo, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, - plugins/sudoers/po/ru.mo, plugins/sudoers/po/sk.mo, - plugins/sudoers/po/sl.mo, plugins/sudoers/po/sr.mo, - plugins/sudoers/po/tr.mo, plugins/sudoers/po/uk.mo, - plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.mo, - plugins/sudoers/po/zh_CN.po, po/cs.mo, po/cs.po, po/de.mo, po/de.po, - po/es.mo, po/es.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, - po/it.mo, po/it.po, po/ja.mo, po/ja.po, po/ko.mo, po/ko.po, - po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, po/pt_BR.po, - po/tr.mo, po/tr.po, po/uk.mo, po/uk.po, po/zh_CN.mo, po/zh_CN.po: + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo, + po/cs.po, po/fr.mo, po/fr.po, po/ko.mo, po/ko.po, po/nb.mo, + po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/sr.mo, + po/sr.po, po/sv.mo, po/sv.po, po/vi.mo, po/vi.po, po/zh_CN.mo, + po/zh_CN.po: sync with translationproject.org - [8a4ab570d132] + [0f18e2f30ff5] -2016-11-25 Todd C. Miller +2017-08-04 Todd C. Miller - * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, - plugins/sudoers/visudo.c, src/openbsd.c: - Just use malloc_options "S" on OpenBSD instead of "AFGJPR". - [2851cd2da1c7] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + In the Runas example that uses "boulder" make it clear that + "boulder" is a host name. + [6bca59aa5579] -2016-11-22 Todd C. Miller +2017-08-03 Todd C. Miller * plugins/sudoers/po/sudoers.pot, po/sudo.pot: - Update year in license - [e370bf3d1035] + regen + [9bb78048656f] -2016-11-21 Todd C. Miller + * NEWS, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, + src/parse_args.c: + Allow the user to specify a list of environment variables to + preserve. This adds an option paramter to the --preserve-env option, + a comma-separated list of variable names. + [a6bc511a2e81] - * plugins/sudoers/po/sudoers.pot, po/sudo.pot: - regen - [d524f0306467] +2017-08-01 Todd C. Miller - * doc/sudo.conf.cat, doc/sudoers.ldap.cat, doc/sudoreplay.cat: + * INSTALL, NEWS, config.h.in, configure, configure.ac, + doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c: + Replace tty_tickets option with timestamp_type which can be global, + ppid or tty. Defaults to tty (no change in behavior). Some users + want the ppid behavior. + [426161a2e06f] + + * lib/util/Makefile.in, plugins/sudoers/Makefile.in: regen - [185328ea20c3] + [b396e70a4a8b] - * include/sudo_debug.h, lib/util/sudo_debug.c, - plugins/sudoers/iolog.c, plugins/sudoers/policy.c, - plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_debug.c, - plugins/sudoers/visudo.c, src/sudo.c: - Add SUDO_DEBUG_INSTANCE_ERROR return value for sudo_debug_register() - and check for it in places where we check the return value of - sudo_debug_register(). - [d1e74c5f21a6] + * plugins/sudoers/sudoers.c: + Don't send email about an unresolvable host name if fqdn is enabled + and the user specified the run host via the -h flag. + [59d7a8743943] -2016-11-20 Todd C. Miller +2017-07-31 Todd C. Miller - * NEWS: - update for 1.8.19 - [b248866c511d] + * plugins/sudoers/sudoreplay.c: + fix playback of stdout/stderr without embedded carriage returns + [f1a5b47be2db] -2016-11-17 Todd C. Miller +2017-07-28 Todd C. Miller - * config.h.in, configure, configure.ac, plugins/sudoers/getspwuid.c: - Add support for getpwnam_shadow() on OpenBSD - [4db7ed374c33] + * plugins/sudoers/ldap.c: + Avoid unused variable warning when sasl is not used. + [3010fd3c5a7f] - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, plugins/sudoers/policy.c, src/sudo.c: - Add umask to user_info passed in from the front end to the plugin. - [4a4eee52a717] + * INSTALL, configure, configure.ac: + Add support for --enable-sasl and --disable-sasl to make it possible + to enable/disable support for LDAP with SASL authentication. Sudo + compiles in support for SASL authentiation by default if the + ldap_sasl_interactive_bind_s() function is detected. Bug #788 + [cf94d407d576] - * plugins/sudoers/auth/rfc1938.c: - Fix sign compare warning. - [8732d632cbff] + * NEWS: + List the correct pattern ("*=()*") in the env_delete description. + Use pseudo-tty instead of pseudo terminal for consistency. + [f2df0baea2f0] - * MANIFEST, aclocal.m4, configure, configure.ac, m4/ax_append_flag.m4, - m4/sudo.m4: - Use AX_APPEND_FLAG instead of SUDO_APPEND_CPPFLAGS and direct - modification of LDFLAGS. - [c1464dcd45e0] +2017-07-27 Todd C. Miller - * MANIFEST, configure, configure.ac, plugins/sudoers/aixcrypt.exp: - Remove aixcrypt.exp, it was a remnant of the 90's crypto wars where - crypt() was not exported. - [785d57666d41] + * lib/util/closefrom.c: + Include pathnames.h for /dev/fd on FreeBSD and Mac OS X. + [b190dc607277] - * doc/TROUBLESHOOTING: - Remove obsolete solaris issue with snprintf - [3ce6cc899026] + * NEWS: + update for 1.8.21 + [a3a38f6cba66] - * INSTALL: - SunOS 4.x is no longer supported - [2239eb30ff2c] + * src/exec_pty.c: + No need to call sudo_ev_del() before sudo_ev_free(); sudo_ev_free() + will delete the event from its base before freeing it. + [ebf3dedcba5c] -2016-11-16 Todd C. Miller + * src/exec_pty.c: + Terminate the command if an I/O log function returns 0 or -1. This + was mistakenly removed by 25b7fd056614 in Sudo 1.8.18 with the + removal of the ignore_iolog_errors variable. + [e1dd18d95815] - * lib/util/regress/sudo_conf/test1.in, lib/util/sudo_conf.c: - Plug memory leak when a particular Path is set more than once. - [debc97dac01d] + * plugins/sudoers/sudoreplay.c: + Quiet a coverity false positive. + [b7a9c9e35fd0] - * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - Add sudo_ldap_is_negated() and sudo_ldap_is_negated() functions and - use them to parse negated entries instead of doing it manually. - [12010b64afe5] + * plugins/sudoers/sudoreplay.c: + Change to a single event loop in sudoreplay and use signal events. + [7320de46cf48] - * plugins/sudoers/ldap.c: - Fix printing of sudoedit_follow in "sudo -l" - [2094a8f880c4] +2017-07-21 Todd C. Miller - * plugins/sudoers/sssd.c: - For "sudo -l" print sudoOption sudoedit_follow as FOLLOW. - [9c860b1fa721] + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + start new sentences on a new line + [ae35ab253de5] - * config.h.in, configure, configure.ac, include/sudo_conf.h, - lib/util/regress/sudo_conf/conf_test.c, - lib/util/regress/sudo_conf/test1.out.ok, lib/util/sudo_conf.c, - lib/util/util.exp.in, plugins/sudoers/policy.c, src/exec_common.c, - src/load_plugins.c, src/parse_args.c: - Always define _PATH_SUDO_NOEXEC, _PATH_SUDO_SESH, - _PATH_SUDO_PLUGIN_DIR, even if only defined to NULL. This means the - accessors can always be present. + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in: + Clarify how the variable prompt options interact with each other and + PAM. + [342b936c4aaa] - Use RTLD_PRELOAD_VAR instead of _PATH_SUDO_NOEXEC to tell when - noexec is available. + * plugins/sudoers/sudoers.c: + Don't set passprompt_override when SUDO_PROMPT is present. This + effectively reverts ed77d255f383. - Add ENABLE_SUDO_PLUGIN_API and use it instead of - _PATH_SUDO_PLUGIN_DIR to tell when the plugin API is available. + We treat the SUDO_PROMPT environment variable similar to passprompt + in sudoers: it will only override a PAM prompt if the PAM prompt is + either "Password:" or "username's Password:". + [6dad2bd126d1] - Add sudo_conf_clear_paths() to clear the path values so the regress - tests are not affected by compile-time settings. - [2b05e4a143d9] +2017-07-20 Todd C. Miller - * plugins/sudoers/ldap.c: - Use readline() in sudo_ldap_read_secret() - [3f0506e5cbe3] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/logging.c: + Add syslog_pid sudoers option to log sudo's process ID when logging + via syslog. This is disabled by default to match historic behavior. + [f4dc29b0052c] -2016-11-15 Todd C. Miller + * plugins/sudoers/auth/pam.c: + When deciding which prompt to use (PAM's or sudo's) treat the PAM + prompt "username's Password:" as equivalent to "Password:". Some PAM + modules (on AIX at least) use this prompt. + [96651906de42] - * lib/util/sudo_conf.c: - Get rid of struct sudo_conf_paths and just use #defined index values - to access the path values. Make all accessors available even when - the feature is not enabled. - [58d1ec6170a8] + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: + Add missing argument to a few of the defaults strings in the "sudo + -V" output. + [44546c4b87c3] - * configure, configure.ac, lib/util/Makefile.in, lib/zlib/Makefile.in, - mkdep.pl, plugins/group_file/Makefile.in, - plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, - plugins/system_group/Makefile.in, src/Makefile.in: - Add ASAN_CFLAGS and ASAN_LDFLAGS and use -Wc prefix in ASAN_LDFLAGS - to prevent libtool from strippign them out. Avoid using ASAN flags - when building sudo_noexec.so. - [9644dd92e586] + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/visudo.c: + When examining environment variables or variables passed in from the + front-end, ignore variables with no value specified. + [8537a7fc6190] -2016-11-14 Todd C. Miller + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Document that "-p prompt" overrides SUDO_PROMPT. + [d2e6b518d00d] - * configure, configure.ac: - Disable noexec for HP-UX 10.x which probably doesn't support - LD_PRELOAD - [d87bc5ea4688] + * plugins/sudoers/sudoers.c: + Enable passprompt_override by default if SUDO_PROMPT is present in + the environment. This is consistent with how "sudo -p prompt" is + handled. + [ed77d255f383] - * config.h.in, configure, configure.ac, plugins/sudoers/getspwuid.c: - Remove SunOS 4 support, it is not modern enough to run sudo. - [b6e15f8360b6] +2017-07-17 Todd C. Miller - * config.h.in, configure, configure.ac, plugins/sudoers/getspwuid.c: - Remove HP-UX 9 support, it is not modern enough for sudo. - [226dda48c1e1] + * plugins/sudoers/sudoreplay.c: + When reading a single character via a switch() use "default: instead + of "case 1:" to quiet a coverity warning. + [ddcfc40159e4] - * config.h.in, configure, configure.ac, plugins/sudoers/auth/passwd.c, - plugins/sudoers/getspwuid.c: - Remove Ultrix support, modern sudo can't run on Ultrix anyway. - [95a11ef29a2b] + * plugins/sudoers/sudoreplay.c: + Initialize ch in getsize_cb() in case we are called with the wrong + initial state. + [a31431c59e14] - * MANIFEST, configure, configure.ac, lib/util/sudo_conf.c, - src/Makefile.in, src/exec_common.c, - src/regress/noexec/check_noexec.c, src/sudo_exec.h: - Add regress for noexec functionality - [2cadd8e04677] + * plugins/sudoers/sudoreplay.c: + remove unused variable + [488054411049] - * src/Makefile.in: - Unbreak sudo_noexec on macOS where shared libraries and dynamic - modules are different. We still want to install sudo_noexec.so - without the "lib" prefix so some hackery is required. - [93d7b69491a1] + * plugins/sudoers/visudo.c: + Call install_sudoers() even when doedit is false. If a file in a + #includedir has a syntax error it will still have been edited and we + need to install the edited temp file. + [ab833e2d1791] - * configure, configure.ac: - Don't enable noexec for AIX 5.0-5.2, we need 5.3 and above. - [92cad0180239] + * plugins/sudoers/visudo.c: + Reparse sudoers if a new #include file was added. Otherwise the new + file will not get its syntax checked. Bug #791 + [e584dc8bf306] -2016-11-13 Todd C. Miller +2017-07-14 Todd C. Miller - * src/Makefile.in: - Need to link sudo_noexec.so with -ldl for dlsym() on some platforms. - Otherwise, the wordexp(3) wrapper will fail due to an undefined - symbol. Bug #761 - [120a317ce25b] + * plugins/sudoers/sudoreplay.c: + don't restore the cursor when setting terminal size, we don't want + the cursor to move + [9cbcb3372bcd] - * plugins/sudoers/visudo.c: - In strict mode, go to the file/line with an undefined aliases or - aliases cycle directly. - [b4f51b79bd9e] + * plugins/sudoers/sudoreplay.c: + Read the xterm terminal size using an event so we can easily time + out if needed. + [634524476741] -2016-11-12 Todd C. Miller + * lib/util/event.c, src/exec_nopty.c, src/exec_pty.c: + If we free the default base in sudo_ev_base_free(), reset the + default base to NULL. + [2a8f7938618b] - * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, - plugins/sudoers/alias.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/parse.h, - plugins/sudoers/regress/visudo/test2.err.ok, - plugins/sudoers/regress/visudo/test3.err.ok, - plugins/sudoers/visudo.c: - Store the file/lineno for alias and userspec entries so we can - provide that info if there is an error. - [7deb4e41ca7b] +2017-07-13 Todd C. Miller -2016-11-11 Todd C. Miller + * include/sudo_event.h, lib/util/event.c, lib/util/util.exp.in, + src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c: + Add the ability to set a default event base, to be used by plugins + which don't have access to the event base. + [dc159ea98b25] - * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/rcstr.c, - plugins/sudoers/sudoers.h, plugins/sudoers/toke.c, - plugins/sudoers/toke.l, plugins/sudoers/visudo.c, - plugins/sudoers/visudo_json.c: - Add simple reference-counted string allocator and use it for passing - around references to the sudoers path. This lets us avoid making - copies of the sudoers path for the errorfile as well as each - Defaults entry. - [afcff7b5b647] + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, + plugins/sudoers/sudoreplay.c: + Allow sudoreplay to adjust the window size on xterm-like terminals. + [3358b1a9f01c] - * lib/util/sha2.c: - Cast len from size_t to uint64_t before bit shifting since we are - adding to count which is also uint64_t. Quiets a PVS-Studio warning. - [167210670b30] +2017-07-12 Todd C. Miller -2016-11-10 Todd C. Miller + * lib/util/term.c: + Clear input, output, control and local flags before copying them + from the source terminal. Otherwise, flags that are disabled in the + source terminal may still be enabled in the destination. + [ead41242b820] - * MANIFEST, plugins/sudoers/regress/visudo/test7.out.ok, - plugins/sudoers/regress/visudo/test7.sh, - plugins/sudoers/regress/visudo/test8.err.ok, - plugins/sudoers/regress/visudo/test8.out.ok, - plugins/sudoers/regress/visudo/test8.sh: - Add checks for sudoers_locale early Defaults - [582c08c9418c] + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, src/exec_pty.c: + Pass window size change events to the plugin. + [529b5c9d16a4] - * src/parse_args.c, src/sudo.c, src/sudo.h: - Add the argument vector allocated for -s and -i mode to the garbage - collector list. Avoids an ASAN warning on exit when the -s or -i - flags are used. - [652691a5216b] + * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c: + Log window size change events in the sudoers I/O plugin. Let + sudoreplay parse a timing file with window change events (currently + ignored). + [a67f4627dfa7] -2016-11-09 Todd C. Miller + * Makefile.in, doc/Makefile.in, examples/Makefile.in, + include/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + Remove pointless subshells in targets that simply change the + directory and execute a command. The command is already run in a + shell so there is no need to execute a subshell in this case. + [e57639cb2f97] - * plugins/sudoers/iolog.c: - add missing sudo_pw_delref/sudo_gr_delref to plug memory leak - [c4ba4c26e0c1] +2017-07-10 Todd C. Miller - * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, - plugins/sudoers/gram.c, plugins/sudoers/gram.y, - plugins/sudoers/ldap.c, plugins/sudoers/parse.c, - plugins/sudoers/parse.h, - plugins/sudoers/regress/parser/check_fill.c, plugins/sudoers/sssd.c, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, - plugins/sudoers/visudo_json.c: - Go back to parsing Defaults entries in update_defaults instead of as - sudoers is read. Otherwise, we cannot properly support early - defaults like sudoers_locale. - [ff1328a86b97] + * src/sudo.c: + Store the debug instance ID for I/O plugins too. Now iolog_open() is + consistent with policy_open(). + [519abb3c09d0] - * mkpkg: - Use expr instead of POSIX sh numerical expression to avoid a syntax - error on older shells. - [638383bb40d5] +2017-06-29 Todd C. Miller -2016-11-08 Todd C. Miller + * config.h.in, configure, configure.ac, lib/util/mktemp.c: + Use getentropy() in mkstemp/mkdtemp replacement. + [8d8e45266858] - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, include/sudo_plugin.h: - Bump plugin minor version to 10 for sudo_mode, sudo_group and - sudo_user. - [0c65dc1f2874] + * configure, configure.ac, lib/util/closefrom.c, lib/util/mktemp.c, + pathnames.h.in, src/exec_pty.c, src/get_pty.c, src/ttyname.c: + Use _PATH_DEV consistently + [ca10a91539e0] - * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - Fix a bug in host matching where a negated sudoHost entry would - prevent other sudoHosts following it from matching. - [40cbd5790106] +2017-06-15 Todd C. Miller - * plugins/sudoers/defaults.c: - Zero out sd_un before calling parse_default() so we don't try to - free stack garbage in the ldap/sssd backends. - [6b64a8e3a19d] + * lib/util/term.c: + When copying terminal settings from one tty to another only copy a + subset of the flags. Sudo now copies the same set of flags that + OpenSSH uses, which should be safe. + [2f12bc7a87d1] -2016-11-07 Todd C. Miller + * src/exec_monitor.c, src/exec_nopty.c: + Add debug warning when we have wait status but don't overwrite the + existing cstat. + [5ae8f8e75104] - * plugins/sudoers/ldap.c: - Use "ret", not "rc" for the function return value. - [fdfe637adee6] + * src/exec_monitor.c: + Better handling of SIGCONT from in command in the monitor. It is + useful to know when the command continued but we don't want to + inform the parent or store the wait status in this case. Fixes a + hang after multiple suspends on Linux. + [9cdbbb7ff3dd] - * include/sudo_compat.h, lib/util/strtomode.c, - plugins/sudoers/defaults.c, plugins/sudoers/goodpath.c, - plugins/sudoers/logging.c, plugins/sudoers/policy.c, - plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c, - plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c, src/sudo_edit.c: - Use sys/stat.h defines instead of bare octal values. - [215c80e09830] +2017-06-09 Todd C. Miller - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, - doc/sudoers.mdoc.in, plugins/sudoers/iolog.c, - plugins/sudoers/policy.c: - Pass iolog mode, group and user from policy plugin to I/O log - plugin. - [1ed4967771c8] + * plugins/sudoers/parse.h: + avoid padding in struct cmndspec + [2529551a9c2d] -2016-11-06 Todd C. Miller +2017-06-07 Todd C. Miller - * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, - plugins/sudoers/gram.c, plugins/sudoers/gram.y, - plugins/sudoers/ldap.c, plugins/sudoers/parse.h, - plugins/sudoers/regress/parser/check_fill.c, plugins/sudoers/sssd.c: - Instead of parsing sudoers Defaults twice, parse once while reading - sudoers and then just set the parsed value in update_defaults(). - [370d51681c6e] + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in: + Fix the man section of sudo_plugin in cross-references. + [f964de570403] - * plugins/sudoers/defaults.c: - Use "struct defaults *d" instead of "struct defaults *def" - throughout for consistency and to avoid confusino with "struct - def_values *def". Use "str" not "var" for the string argument to - convert and store in sd_un for the store_* functions. - [5cc3efc609df] +2017-06-05 Todd C. Miller - * plugins/sudoers/parse.c: - In display_bound_defaults() rename dtype arg -> deftype. - [b3323960e1db] + * src/sudo_edit.c: + Don't treat an unchanged file as an error. From Xin Li. + [503e04f7856e] -2016-11-03 Todd C. Miller + * src/sudo_edit.c: + sudo_edit() must return a wait status but if there is an error, or + even if no changes were made to the file, it was returning 1 instead + which would be interpreted as the command having received SIGHUP. + Use the W_EXITCODE() to construct a proper wait status in the error + case too. + [62515bd6c64c] - * lib/util/regress/sudo_conf/test4.err.ok, - lib/util/regress/sudo_conf/test5.err.ok, - plugins/sudoers/regress/visudo/test2.err.ok, - plugins/sudoers/regress/visudo/test3.err.ok: - Update error output to match quoting changes. - [27bbf5004d1e] +2017-06-03 Todd C. Miller - * plugins/sudoers/defaults.c: - Avoid passing in a struct sudo_defs_types pointer to the store - functions. Pass in a pointer to the union to fill instead. - [ea956d00aae3] + * src/ttyname.c: + Avoid sign extension when assigning the value of tty_nr in + /proc/self/stat on Linux. It is an unsigned int value that is + printed as a signed int but dev_t is unsigned long long. We need to + cast to unsigned int before assigning to a dev_t. + [c198d1317560] - * plugins/sudoers/defaults.h: - no longer need struct defaults forward referebce - [21e34ca85de5] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/env.c: + Instead of hard-coding a check for bash functions in + env_should_delete(), use a "*=()* " pattern in + initial_badenv_table[] to match them instead. This allows the user + to remove the check via env_delete. + [90c4dfd1d3a3] -2016-11-02 Todd C. Miller +2017-06-02 Todd C. Miller - * lib/util/sudo_conf.c, plugins/sudoers/alias.c, - plugins/sudoers/defaults.c, plugins/sudoers/logging.c, - plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, - plugins/sudoers/visudo_json.c, src/load_plugins.c: - Use "double quotes" in messages instead of a combination of the - accent (grave) mark and apostrophe. - [10dee3ecf3e1] + * INSTALL.configure, configure.ac, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in, mkpkg, sudo.pp: + Mac OS X -> macOS + [08f793d1f496] - * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, - plugins/sudoers/gram.c, plugins/sudoers/gram.y, - plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - Add file:linenumber prefix to all Defaults warnings so we can see - them when running sudo too. For LDAP/SSSD we print the sudoRole - instead of the file name and omit the line number. - [5c6b95cd3792] + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + devsearch is ignored on BSD, macOS and Solaris + [b041a1d64eda] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: - Use sudoedit in examples instead of "sudo vi" - [6008c208682c] +2017-06-01 Todd C. Miller -2016-11-01 Todd C. Miller + * lib/util/event.c: + Move the bits to fill in the new event base to sudo_ev_base_init(), + which is not currently exported. + [9be46693bed1] - * plugins/sudoers/gram.c, plugins/sudoers/gram.y, - plugins/sudoers/parse.c, plugins/sudoers/parse.h, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, - plugins/sudoers/visudo_json.c: - Only treat an unknown Defaults entry as a parse error in visudo, not - in sudo itself. - [8d8aa7ac5a32] +2017-05-31 Todd C. Miller - * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, - plugins/sudoers/gram.c, plugins/sudoers/gram.y, - plugins/sudoers/visudo.c: - Instead of checking Defaults values after the fact, check them at - sudoers parse time. This makes it possible to display the file and - line number with the problem and for visudo to go right to the - error. - [ac66bd690d05] + * src/ttyname.c: + A command name may also contain newline characters so read + /proc/self/stat until EOF. It is not legal for /proc/self/stat to + contain embedded NUL bytes so treat the file as corrupt if we see + any. With help from Qualys. - * plugins/sudoers/alias.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/parse.h: - Refactor freeing of a member_list into free_members(). - [d29daa01bb9c] + This is not exploitable due to the /dev traversal changes in sudo + 1.8.20p1 (thanks Solar!). + [9ad60fe663e5] - * plugins/sudoers/gram.c, plugins/sudoers/gram.y: - add_defaults() now calls sudoerserror() itself instead of the caller - assuming any error means out of member. - [a25e51321e0b] + * NEWS: + Sudo 1.8.20p2 + [39f199a38383] - * plugins/sudoers/defaults.c, plugins/sudoers/mkdir_parents.c: - s/rval/ret/g -- old habits die hard - [fa55d08b233a] +2017-05-30 Todd C. Miller -2016-10-31 Todd C. Miller + * src/selinux.c: + After opening a tty device, fstat() and error out if it is not a + character device. + [e03cfa98f2b6] - * plugins/sudoers/sudoers.c: - Remove inaccurate XXX comment, sudo_file_parse() sends mail on parse - error. - [052b0e112839] + * INSTALL, configure, configure.ac, doc/sudo.conf.cat, + doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, include/sudo_conf.h, + lib/util/sudo_conf.c, lib/util/util.exp.in, pathnames.h.in, + src/ttyname.c: + Add a new "devsearch" Path setting to sudo.conf for configuring the + /dev paths to traverse instead of hard-coding a list in ttyname.c + The default value can be set at configure time. + [7ab1be502dc3] - * plugins/sudoers/visudo.c: - The fix for Bug #408 broke editing of files in an include dir that - have a syntax error. Normally, visudo does not edit those files, but - if a syntax error is detected in one, the user gets a chance to fix - it. - [6b00f9bfff31] + * src/ttyname.c: + Use /proc/self consistently on Linux. As far as I know, only AIX + doesn't support /proc/self. + [ef737b5d4ed8] - * plugins/sudoers/gram.c, plugins/sudoers/gram.y, - plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, - plugins/sudoers/visudo_json.c: - Make a copy of the current sudoers path when assigning errorfile. - Fixes a potential use after free in visudo when there is an error in - one of the include files. - [eb6db5d15b61] +2017-05-29 Todd C. Miller - * plugins/sudoers/sudoers_debug.c: - sudoers_debug_register() was not setting the active debug instance - to sudoers_debug_instance when called from the I/O log plugin. This - is because it relied on sudo_debug_register to do that but - sudoers_debug_parse_flags() doesn't set debug_files[] - sudoers_debug_instance is already set (we can only init sudoers - debug once). + * NEWS, configure: + Sudo 1.8.20p1 + [c34da84ae8e4] - To work around this, just make sudoers_debug_instance the active - debug instance in sudoers_debug_register() when it is already set. - [71b0221c8c28] + * src/ttyname.c: + Fix for CVE-2017-1000367, parsing of /proc/pid/stat on Linux when + the process name contains spaces. Since the user has control over + the command name this could be used by a user with sudo access to + overwrite an arbitrary file. Thanks to Qualys for investigating and + reporting this bug. - * src/load_plugins.c: - Fix pasto when setting I/O plugin debug files - [03c3aab22e65] + Also stop performing a breadth-first traversal of /dev when looking + for the device. Only the directories specified in search_devs[] are + checked. + [b5460cbbb11b] - * plugins/sudoers/iolog.c: - use cp instead of *cur when comparing against plugin_path - [f2dfe69549f5] +2017-05-23 Todd C. Miller -2016-10-30 Todd C. Miller + * lib/util/event_select.c: + Fix potential memory leak on reallocarray() error. Coverity CID + 169639 + [c303e6eecc78] - * plugins/sudoers/mkdir_parents.c: - In sudo_mkdir_parents() inherit the gid of / instead of using gid 0 - for the first component. - [5f2bf33bccb5] + * plugins/sudoers/bsm_audit.c: + Only fall back to deprecated getaudit() on FreeBSD. Fixes compiler + warnings on macOS. + [18f4699e417c] - * plugins/sudoers/iolog.c: - We want to inherit the gid from the parent directory when not - setting permissions on intermerdiate directories. - [845f5a20b5fa] + * mkpkg: + Use clang on macOS if present + [a963454d1b9e] -2016-10-29 Todd C. Miller + * sudo.pp: + fix paths to LICENSE and NEWS files for macOS packages + [47103614311b] - * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c, - plugins/sudoers/mkdir_parents.c, plugins/sudoers/sudoers.h, - plugins/sudoers/timestamp.c: - Move io_mkdir_parents() to its own file and use it in ts_mkdirs(). - [c1d55f588a60] +2017-05-18 Todd C. Miller - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, - plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, - plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h: - Make the I/O log file/dir permissions and owner configurable. - [e7a74f3dfa56] + * src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c: + To avoid overwriting existing command status, check for CMD_INVALID + instead of CMD_ERRNO or CMD_WSTATUS. + [5fec1fa81482] - * lib/util/Makefile.in, mkdep.pl: - Add vsyslog.lo - [18362a9ae32e] + * plugins/sudoers/regress/env_match/data: + Add some patterns that could result in exponential run time for + poorly written '*' matching. + [98f4d085c919] - * configure, configure.ac: - sudo 1.8.19 - [97743604e6e3] +2017-05-15 Todd C. Miller -2016-10-28 Todd C. Miller + * lib/util/ttysize.c, src/exec_pty.c: + On HP-UX 11.0, sys/ioctl.h is not sufficient to make struct winsize + visisble, we need termios.h too. + [211510123ad6] - * plugins/sudoers/defaults.c: - Don't try to syntax check an unrecognized Defaults value in visudo. - [e4972655b5d3] + * lib/util/ttysize.c: + Always used TIOCGWINSZ. + [82e679b8cd00] -2016-10-26 Todd C. Miller + * src/exec.c, src/sudo.c, src/sudo.h: + Move exec_setup(), unlimit_nproc() and restore_nproc() from sudo.c + to exec.c. + [9127e50cf4ec] - * plugins/sudoers/iolog.c: - Create I/O log files with the same gid as the parent directory. - [0da5824e006d] + * src/sudo_edit.c: + No need to include selinux.h here. + [8bb07a8f4203] - * plugins/sudoers/ldap.c: - Check for sudo_ldap_result_last_search() returning NULL. This can't - happen in practice because we always call - sudo_ldap_result_add_search() first which guarantees there is a - result to be found. Quiets a PVS-Studio warning. - [4f6074f40fbc] + * plugins/sudoers/regress/env_match/check_env_pattern.c: + Fix compilation error on macOS + [bc5e5c3d44f2] - * src/exec_pty.c: - Quiet a PVS-Studio warning about the spin loop when waiting for the - parent to assign us the terminal pgrp. - [d063a283477b] +2017-05-12 Todd C. Miller - * plugins/sudoers/env.c: - Fix incorrect strncmp() lengths. The check for USERNAME was only - looking at the first 5 characters (copy and paste error). The check - for SUDO_PS1 was not checking the trailing '=' character (off by one - error). Found by PVS-Studio. - [297380eb6940] + * config.h.in, configure, configure.ac, include/sudo_compat.h, + lib/util/term.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/visudo.c, src/exec_monitor.c, src/exec_nopty.c, + src/exec_pty.c, src/signal.c, src/sudo.c, src/tcsetpgrp_nobg.c, + src/tgetpass.c: + Remove use of non-standard sigaction_t + [81a57af4c7a9] - * plugins/sudoers/env.c: - When checking for old-style bash functions in the environment, check - for values starting with "() " (note the trailing space) rather than - "()". Bash will only treat the value as a function if the space - after "()" is present. The trailing space was already present in the - compare string but when it was added, the length passed to strncmp() - was not updated from 3 to 4. Found by PVS-Studio. No security - impact. - [7e35f39d356b] + * plugins/sudoers/iolog.c, plugins/sudoers/mkdir_parents.c, + plugins/sudoers/set_perms.c, plugins/sudoers/timestamp.c, + plugins/sudoers/visudo.c: + Use debug logging instead of ignore_result() where possible. + [9c9fde5b52cc] - * plugins/sudoers/set_perms.c: - Add some missing casts from uid_t/gid_t to int when printing uid/gid - values. We print these as signed so a value of -1 (no change) is - obvious. Quiets PVS-Studio warnings. - [9773e5b166e1] + * Makefile.in: + Add cov-build and cov-submit targets for checking with coverity. + [bf88b4439c7b] - * plugins/sudoers/timestamp.c: - def_timestamp_timeout is a double so compare against 0.0 not 0 to - avoid making it appear to be an integer type. - [8675db470ab7] + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/ldap.c: + Avoid a clang analyzer false positive. + [9f4f915a2e28] - * plugins/sudoers/defaults.c: - When checking syslog facility or priority, move the string compare - into the body of the loop and return if it matches. If we finish the - loop it means we didn't find a match. This makes the code a little - bit more readable. - [d1df1649a01e] + * plugins/sudoers/sudoreplay.c: + Restore the error message for sudo_ev_add() failure. + [267305606577] - * lib/util/strlcpy.c, lib/util/strnlen.c, plugins/sudoers/defaults.c, - plugins/sudoers/env.c, plugins/sudoers/logging.c, - plugins/sudoers/visudo_json.c, src/env_hooks.c, src/exec_pty.c: - Replace bare ";" in the body of for() loops with "continue;" for - improved readability. - [92eff8dbe5f8] + * include/sudo_event.h, lib/util/event.c: + Add support for signal events in sudo's event subsystem + [0d48fab2dec8] -2016-10-21 Todd C. Miller + * include/sudo_event.h, lib/util/event.c: + Handle the possibility of the siginfo parameter in sa_sigaction + handler being NULL. + [0835ca553426] - * config.guess, config.sub: - Update from http://git.savannah.gnu.org/gitweb/?p=config.git - [86e6144dfdd7] + * src/exec.c, src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, + src/signal.c, src/sudo.h, src/sudo_exec.h: + Use SUDO_EV_SIGNAL and SUDO_EV_SIGINFO instead of managing the + signal_pipe explicitly. + [841e2ca6a4a6] - * config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4, - m4/ltoptions.m4, m4/ltsugar.m4, m4/ltversion.m4, m4/lt~obsolete.m4: - Update to libtool 2.4.6 - [8d85d9e8687b] + * lib/util/event.c: + Activate the sigevents inside the signal pipe callback itself and + call signal_pipe_cb() directly if the backend returns EINTR and the + signal_caught flag is set. This has the side effect of processing + signal events in the current pass of the event loop instead of the + next one. + [d94e202b8e57] -2016-10-19 Todd C. Miller + * src/signal.c: + Add SIGCHLD to the list of signals we install sudo_handler() for. + Otherwise, it is possible for the command to exit before the SIGCHLD + handler is installed. POSIX says that signals that are ignored by + default are still ignored even if the signal mask would block them. + We need to have a handler installed for SIGCHLD before the fork(). + [a26f04459c37] - * lib/util/vsyslog.c: - Use a static buffer if possible. - [758ce6478994] + * MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/Makefile.in, plugins/sudoers/env.c, + plugins/sudoers/env_pattern.c, + plugins/sudoers/regress/env_match/check_env_pattern.c, + plugins/sudoers/regress/env_match/data, plugins/sudoers/sudoers.h: + Add support for multiple '*' in env_keep, env_check and env_delete + entries. + [b55270a8ecc4] - * MANIFEST, configure, configure.ac, include/sudo_compat.h, - lib/util/vsyslog.c, plugins/sudoers/logging.c: - add vsyslog() for systems without it. - [c6457f333252] + * configure, configure.ac: + sudo 1.8.21 + [76aa5455903e] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - There are now 14 tag values, not 10. Don't bother mentioning the - number since it keeps increasing. Bug #759 - [17e4c900dc12] + * include/sudo_compat.h, plugins/sudoers/timestamp.c, + src/tcsetpgrp_nobg.c, src/tgetpass.c: + Remove use of the non-standard SA_INTERRUPT + [3ec05ffb0dcb] -2016-10-18 Todd C. Miller + * include/sudo_queue.h: + Add workaround for clang static analyzer being confused by + LIST_REMOVE and TAILQ_REMOVE. + [ff8d278e8526] - * config.h.in, configure, configure.ac, plugins/sudoers/logging.c: - Use vsyslog() if available. - [ea9b7a51eaec] +2017-05-11 Todd C. Miller - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, - plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, - plugins/sudoers/logging.c: - Add syslog_maxlen to control the max size of syslog messages. - [5f9872d2073f] + * plugins/sudoers/Makefile.in: + Fix "make check" when openssl or gcrypt is used. Bug #787 + [7968686742e2] -2016-10-17 Todd C. Miller +2017-05-10 Todd C. Miller - * src/tgetpass.c: - Don't generate SIGTOU when restoring the terminal modes. It doen't - make sense to suspend the process only to restore the terminal - settings since in this case the shell has already taken ownership of - the tty. - [981c26f3fc8f] + * plugins/sudoers/sudoreplay.c: + Only display string version of errno if sudo_ev_add() fails for now + [24244a02c93f] - * plugins/sudoers/sudoreplay.c, src/exec_pty.c, src/tgetpass.c: - The flush parameter of sudo_term_restore() is bool, not int. - [c2597f1881f3] +2017-05-08 Todd C. Miller -2016-10-14 Todd C. Miller + * NEWS: + update + [8e3359235e24] - * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: - Add wordexp() to the list of functions wrapped by sudo_noexec.so. - [2e847ce3f02f] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Be clear that #includedir diverts control to the files in the + specified directory and, when parsing of those files is complete, + returns control to the original file. Bug #775 + [f68769f15356] -2016-10-10 Todd C. Miller +2017-05-07 Todd C. Miller - * .hgtags: - Added tag SUDO_1_8_18p1 for changeset b84bd5ed47ec - [abda86e3b777] <1.8> + * plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/sr.mo, + po/sr.po: + sync with translationproject.org + [4552eaf8fabf] - * NEWS, config.h.in, configure, configure.ac, - plugins/sudoers/Makefile.in, src/Makefile.in: - merge sudo 1.8.18p1 from trunk - [b84bd5ed47ec] [SUDO_1_8_18p1] <1.8> +2017-05-05 Todd C. Miller - * src/sudo_noexec.c: - Need RTLD_NEXT for wordexp() on dlopen() systems. It is missing on - AIX 5.1 at least. - [167a518d8129] + * NEWS: + update + [53d1c9424816] - * src/sudo_noexec.c: - add missing guard around wordexp() - [7b8357b0a358] + * src/exec_monitor.c: + Fix a hang introduced in the last commit. Don't close the pty slave + until after we have the controlling tty. + [c9c19beb60ed] + + * src/exec_monitor.c, src/exec_pty.c: + If any of std{in,out,err} are not hooked up to a tty only interpose + ourselves with a pipe if the plugin will actually log the data. This + avoids a problem with non-interactive commands where no tty is + present where sudo will consume stdin even when log_input is not + enabled in sudoers. + [a79edafdd307] * NEWS: - expand on 1.8.18p1 changes - [f560e06ad584] + update + [144ff056cd01] -2016-10-09 Todd C. Miller + * doc/TROUBLESHOOTING: + Update based on information from Michael Felt. + [7ea34380ba1d] - * NEWS, configure, configure.ac: - sudo 1.8.18p1 - [a36e17d1c5db] +2017-05-04 Todd C. Miller - * config.h.in, configure, configure.ac, src/sudo_noexec.c: - Fix configure check for seccomp filter on Linux - [5d88d7cda853] + * plugins/sudoers/sudoreplay.c: + In check_input() when switch()ing on the return value of read(), use + the default label instead of 1 for the success case. It is only + reading a single byte so the two are equivalent but it reads better + using default. + [860682b86af5] -2016-10-08 Todd C. Miller + * plugins/sudoers/sudoreplay.c: + Check sudo_ev_add() return value. Coverity CID 168362 + [b69779d3801f] - * config.h.in, configure, configure.ac, src/sudo_noexec.c: - Use a seccomp filter on Linux to disable execve(2) and execveat(2). - This still relies on LD_PRELOAD to work so it has the same issues as - the existing mether with respect to running 32-bit binaries on a - 64-bit kernel. - [59d76bdc0f0c] - - * src/Makefile.in: - regen - [9e313cb0900b] - - * plugins/sudoers/Makefile.in: - regen - [5ca77049e5cd] - -2016-10-05 Todd C. Miller + * plugins/sudoers/iolog.c: + Add io_open() wrapper for open(2) that retries with PERM_IOLOG if + open(2) fails with EACCES. Use io_open() instead of duplicate copies + of the same fallback code. + [09f7992f681b] - * aclocal.m4, config.h.in, configure, configure.ac, src/sudo_noexec.c: - Wrap wordexp(3) in sudo_noexec. - [e7d09243e51b] + * plugins/sudoers/iolog.c: + Don't retry the open() if set_perms() fails. + [0808a9157037] -2016-09-26 Todd C. Miller + * plugins/sudoers/iolog.c: + Fix typo (fd2 vs. fd) caught by coverity, CID 168359. + [f68df770e06f] - * plugins/sudoers/Makefile.in: - Clean .json files created by "make check" - [d214117fbda1] + * po/hu.mo, po/hu.po: + sync with translationproject.org + [ebef76dc27be] -2016-09-20 Todd C. Miller +2017-05-03 Todd C. Miller - * .hgtags: - Added tag SUDO_1_8_18 for changeset 00cf83739608 - [a1ff38bb3cd1] <1.8> + * INSTALL: + Warn people not to use --enable-asan in production. + [ecb5c1143ef4] -2016-09-19 Todd C. Miller + * configure, configure.ac, src/Makefile.in: + Move the invocation of check_noexec into the main "check" target but + only run it if not cross compiling and whe CHECK_NOEXEC is not + empty. + [cba8fd3337c2] - * NEWS, configure, configure.ac, doc/CONTRIBUTORS, doc/sudo.cat, - doc/sudo_plugin.cat, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, - doc/visudo.cat, lib/util/Makefile.in, lib/util/getgrouplist.c, - mkpkg, plugins/group_file/Makefile.in, plugins/sudoers/Makefile.in, - plugins/sudoers/check.c, plugins/sudoers/env.c, - plugins/sudoers/iolog.c, plugins/sudoers/logging.c, - plugins/sudoers/match.c, plugins/sudoers/po/sudoers.pot, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, - po/sudo.pot, src/Makefile.in, src/exec_pty.c, src/load_plugins.c, - src/sudo.c, src/ttyname.c: - Merge sudo 1.8.18 from trunk - [00cf83739608] [SUDO_1_8_18] <1.8> + * src/Makefile.in: + Move @CHECK_NOEXEC@ to TEST_PROGS so it gets cleaned up properly. + [efaa9c44e749] - * po/ca.mo, po/da.mo, po/eo.mo, po/es.mo, po/eu.mo, po/fi.mo, - po/gl.mo, po/hr.mo, po/hu.mo, po/ko.mo, po/nl.mo, po/ru.mo, - po/sk.mo, po/sl.mo, po/sr.mo, po/tr.mo: - recompile .po files - [3d91cbf75744] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Move syslog_maxlen to the "Integers" section. Move syslog_goodpri + and syslog_badpri to the "Strings at can be used in a boolean + context" section. + [342dfe9dd37c] - * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - Fix matching when no sudoRunAsUser is present in a sudoRole. If only - a sudoRunAsGroup is present, match on the invoking user if the -g - option was specified and the group matched. If no sudoRunAsGroup is - present and the -g option was specified, allow it if it matches the - passwd gid of the runas user. This matches the behavior of the - sudoers backend. - [e1a52c34da5e] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Fix a pasto that resulted in an extra (empty) syslog_goodpri list + entry. + [eb0563c5b8dc] - * plugins/sudoers/match.c: - runas_pw can no longer be NULL - [020c6ddcae11] + * MANIFEST, plugins/sudoers/regress/sudoers/test20.in, + plugins/sudoers/regress/sudoers/test20.json.ok, + plugins/sudoers/regress/sudoers/test20.out.ok, + plugins/sudoers/regress/sudoers/test20.toke.ok, + plugins/sudoers/regress/sudoers/test21.in, + plugins/sudoers/regress/sudoers/test21.json.ok, + plugins/sudoers/regress/sudoers/test21.out.ok, + plugins/sudoers/regress/sudoers/test21.toke.ok: + Add tests for parsing tuples and syslog options. + [86f3da23b4df] -2016-09-15 Todd C. Miller + * plugins/sudoers/defaults.c: + Allow the syslog Defaults option to be used in a "true" boolean + context and use the compiled in default log facility in this case. + [4fab25217602] - * NEWS: - RunAsGroup without RunAsUser issues - [52d1547c9d3a] + * plugins/sudoers/defaults.c: + Allow a tuple to be set to boolean true. Regression introduced by + refactor of set_default_entry() in sudo 1.8.18. + [9b38728deb27] - * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - user_matched and group_matched must be type int, not bool - [204d8de97a05] +2017-05-01 Todd C. Miller - * plugins/sudoers/ldap.c, plugins/sudoers/match.c, - plugins/sudoers/parse.h, plugins/sudoers/sssd.c: - Use RUNAS_USER_SPECIFIED and RUNAS_GROUP_SPECIFIED when deciding - whether to check runas user/group instead of checking runas_pw or - runas_gr. - [d17f223e8313] + * doc/TROUBLESHOOTING: + Replace the list of "dangerous" environment variables and explain + how sudo handles the environment instead. + [966cf87d1bed] - * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - When matching against runas_default use userpw_matches() instead of - just strcasecmp(). - [ce70077c5861] +2017-04-28 Todd C. Miller - * plugins/sudoers/testsudoers.c: - Set RUNAS_USER_SPECIFIED when -u is specified and/or - RUNAS_GROUP_SPECIFIED when -g is specified. - [fa7a1035a058] + * lib/util/glob.c: + Fix exponential behavior in glob() with respect to multiple '*'. See + https://research.swtch.com/glob Adapted from https://perl5.git.perl. + org/perl.git/commit/33252c318625f3c6c89b816ee88481940e3e6f95 + [3d187b0fb764] - * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - Fix printing of the default runas user when a RunAsGroup is - specified but no RunAsUser is present. - [c05dabd194a1] + * src/exec_pty.c: + We no longer need to write to the tty if the command was killed by a + signal. Sudo will terminate itself with the same signal the command + died from. Unfortunately, we lose the "core dumped" bit since sudo + itself will not dump core, but there doesn't appear to be a way + around that. + [1be331e0c4d4] - * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - Only match against runas_default if both sudoRunAsUser and - sudoRunAsGroup are missing. - [019084f428b2] +2017-04-27 Todd C. Miller - * plugins/sudoers/match.c: - runas_pw can no longer be NULL here - [e73dcebafa15] + * src/sudo.c: + On Linux, if the command we ran dumped core, set PR_SET_DUMPABLE to + 0. This will prevent sudo itself from dumping core in this case. + [cf5a5793ebf4] - * plugins/sudoers/ldap.c, plugins/sudoers/match.c, - plugins/sudoers/parse.h, plugins/sudoers/sssd.c: - Update check for whether or not the runas user was set in the ldap - and sssd backends to match the sudoers file backend. Introduces the - runas_user_set() macro to improve readability. Previously, runas_pw - was set late, now it is set before checking sudoers. - [d8280d8a96c9] + * INSTALL: + Update path to sudo_noexec.so + [14e995667c8b] - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in: - Document that negated sudoHosts are only supported by 1.8.18 and - higher. - [f56824fe61bc] + * src/sudo.c: + If the command terminated due to a signal, sudo will send that same + signal to itself so the parent shell knows the command died from a + signal. However, we don't want sudo itself to dump core. + [8d823e6ec41e] - * plugins/sudoers/Makefile.in, - plugins/sudoers/regress/testsudoers/test4.sh, - plugins/sudoers/regress/testsudoers/test5.sh: - Disable Address Sanitizer leak detection for tests which generate - parse errors. The parser leaks a bit on error. - [4b0ddb11df3a] +2017-04-26 Todd C. Miller - * plugins/sudoers/sssd.c: - Fix underflow in get_ipa_hostname() when trimming trailing - whitespace. - [875f2f5cd363] + * NEWS: + sync + [1704e6005b07] -2016-09-14 Todd C. Miller + * src/sudo.c: + The fix for Bug #722 contained a typo/thinko that resulted in the + exit status being 0 when a command was killed by a signal other than + SIGINT. This fixes the signal handler setup so sudo will terminate + with the same signal as the command. Bug #784. + [50b988d0c97f] - * NEWS: - Document negated sudoHost entries. - [41d9853f89f7] + * sudo.pp: + Better check for /etc/rc.d/rc2.d/S90sudo on AIX + [93de5e34a6a3] - * plugins/sudoers/sssd.c: - Support negated sudoHost entries. - [7c25f9111633] + * src/Makefile.in: + Don't install the rc.d link when installing to a DESTDIR. DESTDIR is + generally only set when installing to a temporary directory for + packaging in which case the link should be made in a post-install + script. + [4200ef757b56] - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in: - Document negated sudoHost entries. - [6c8444c6bc6c] + * plugins/sudoers/Makefile.in, sudo.pp: + In "make install", install sample sudoers file as /etc/sudoers.dist + and copy it to /etc/sudoers if there is no existing /etc/sudoers. + Packages either contain /etc/sudoers (RPM and Debian) or + /etc/sudoers.dist (everything else). + [40f8e5806d71] - * plugins/sudoers/ldap.c: - Support negated sudoHost entries. - [1899906b8ef4] + * Makefile.in, mkdep.pl: + Allow "make dist" and "make depend" to work for out of tree builds. + [7b7ba3f38abb] -2016-09-13 Todd C. Miller +2017-04-24 Todd C. Miller - * plugins/sudoers/match.c: - Don't check the username when matching a host netgroup unless - def_netgroup_tuple is enabled. - [238c8064542f] + * lib/zlib/Makefile.in: + Add missing $(srcdir) prefix to shlib_exp definition. + [c63e8e73507e] - * plugins/sudoers/match.c: - Move valid domain name check into a new valid_domain() function. Fix - memory leak if getdomainname(2) fails and avoid using heap garbage - for the domain name matching in this case. - [946f2441c90a] +2017-04-21 Todd C. Miller -2016-09-12 Todd C. Miller + * include/sudo_compat.h: + Fix typo in killpg macro. + [f7392d21c915] - * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, po/it.mo, - po/it.po: - sync with translationproject.org - [40eab0801eae] + * include/sudo_compat.h: + Fix the killpg macro for systems without killpg() in libc. + [ba0c5162bc4a] -2016-09-11 Todd C. Miller +2017-04-20 Todd C. Miller * src/exec_pty.c: - Add back line mistakenly removed in 0cf2a9351740 - [8622c83c1474] + Use the standard idiom for popping all entries from a tail queue. + The llvm checker gets confused by TAILQ_REMOVE and generate use- + after-free false positives. + [a88cacd23f09] - * plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, po/nb.mo, - po/nb.po: - sync with translationproject.org - [f180826bb77b] + * src/exec_monitor.c, src/exec_nopty.c: + rewrite errpipe callbacks + [5c75729cea19] -2016-09-09 Todd C. Miller + * src/exec_monitor.c, src/exec_nopty.c: + use pipe2() with O_CLOEXEC instead of pipe() + fcntl() and + FD_CLOEXEC + [c8c9cc31c43a] - * NEWS: - Bug #757 - [de67bc9e26f8] + * src/exec_pty.c: + init io_pipe[][] to -1, not 0 + [71012940a8f1] - * plugins/sudoers/sudoers.c: - Fix typo that broke short host name matching when the fqdn flag is - enabled. Bug #757 - [605c03afc80f] +2017-04-19 Todd C. Miller -2016-09-08 Todd C. Miller + * plugins/sudoers/sssd.c: + In sudo_sss_check_user() it is not possible for handle to be NULL. + [de41ba76a4ce] - * include/sudo_debug.h, lib/util/aix.c, lib/util/fnmatch.c, - lib/util/getgrouplist.c, lib/util/secure_path.c, - lib/util/setgroups.c, lib/util/strtoid.c, lib/util/sudo_conf.c, - lib/util/sudo_debug.c, plugins/sample/sample_plugin.c, - plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/securid5.c, - plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, - plugins/sudoers/env.c, plugins/sudoers/goodpath.c, - plugins/sudoers/gram.c, plugins/sudoers/gram.y, - plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, - plugins/sudoers/ldap.c, plugins/sudoers/logging.c, - plugins/sudoers/match.c, plugins/sudoers/parse.c, - plugins/sudoers/policy.c, plugins/sudoers/pwutil.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, - plugins/sudoers/timestamp.c, plugins/sudoers/visudo.c, - plugins/sudoers/visudo_json.c, src/env_hooks.c, src/exec.c, - src/exec_pty.c, src/get_pty.c, src/hooks.c, src/load_plugins.c, - src/regress/ttyname/check_ttyname.c, src/selinux.c, src/signal.c, - src/sudo.c, src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, - src/utmp.c: - Be consistent with the naming of the variable used to store the - function return value. Previously, some code used "rval", some used - "ret". This standardizes on "ret" and uses "rc" for temporary return - codes. - [017866310d24] + * plugins/sudoers/sssd.c: + Fix a use after free when the fqdn sudoOption is set and no hostname + value is present in sssd.conf. + [716a7c502cc0] -2016-09-07 Todd C. Miller + * src/sudo.c: + Avoid unused variable when getgrouplist_2() is available. It would + be nicer to just provide getgrouplist_2() (or the equivalent) and + avoid the ugly #ifdefs. + [2c7ac21feb5f] - * plugins/sudoers/po/ca.po, plugins/sudoers/po/cs.mo, - plugins/sudoers/po/cs.po, plugins/sudoers/po/da.po, - plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, - plugins/sudoers/po/el.po, plugins/sudoers/po/eo.po, - plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po, - plugins/sudoers/po/fr.po, plugins/sudoers/po/hr.po, - plugins/sudoers/po/hu.po, plugins/sudoers/po/it.po, - plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, - plugins/sudoers/po/ko.po, plugins/sudoers/po/lt.po, - plugins/sudoers/po/nb.po, plugins/sudoers/po/nl.po, - plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, - plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, - plugins/sudoers/po/ru.po, plugins/sudoers/po/sk.po, - plugins/sudoers/po/sl.po, plugins/sudoers/po/sr.po, - plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, - plugins/sudoers/po/tr.po, plugins/sudoers/po/uk.mo, - plugins/sudoers/po/uk.po, plugins/sudoers/po/vi.mo, - plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.mo, - plugins/sudoers/po/zh_CN.po, po/ca.po, po/cs.mo, po/cs.po, po/da.po, - po/de.mo, po/de.po, po/eo.po, po/es.po, po/eu.po, po/fi.po, - po/fr.mo, po/fr.po, po/gl.po, po/hr.po, po/hu.po, po/it.po, - po/ja.mo, po/ja.po, po/ko.po, po/nb.po, po/nl.po, po/pl.mo, - po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/ru.po, po/sk.po, po/sl.po, - po/sr.po, po/sv.mo, po/sv.po, po/tr.po, po/uk.mo, po/uk.po, - po/vi.mo, po/vi.po, po/zh_CN.mo, po/zh_CN.po: + * plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, po/nb.mo, + po/nb.po: sync with translationproject.org - [6312962695df] - - * MANIFEST, NEWS, doc/CONTRIBUTORS, po/nn.mo, po/nn.po: - Norwegian Nynorsk translation of sudo from translationproject.org - [05203a266265] - - * NEWS: - Fix for Bug #756 - [89ff21579216] - -2016-09-05 Todd C. Miller - - * plugins/sudoers/sudoers.c: - In sudoers_main() avoid setting rval prematurely. Prevents a crash - when auditing fails after successfully authenticating. Bug #756 - [d17a06bce04c] + [e91a983f9de6] - * plugins/sudoers/defaults.c: - Apply match_group_by_gid early. - [1259c7fd66ca] +2017-04-13 Todd C. Miller -2016-09-02 Todd C. Miller + * plugins/sudoers/Makefile.in: + regen + [790d9a05f585] - * NEWS: - update - [292a9e21474e] +2017-04-12 Todd C. Miller * src/ttyname.c: - Don't disable large file support for Linux, just SVR4-style /proc. - Otherwise, stat(2) may fail on Linux when running a 32-bit sudo on a - 64-bit machine. Bug #755 - [09450ce8b8a8] - -2016-09-01 Todd C. Miller - - * include/sudo_util.h: - Make sudo_parseln() flags hex to make it more obvious that they are - bit flags. - [b912a078047e] + In sudo_ttyname_scan() if dir is the empty string, set errno to + ENOENT before returning. + [f531ea6e489e] - * plugins/sudoers/env.c: - Don't try to support line continuation in /etc/environment. - [d7e30e821c0e] +2017-04-11 Todd C. Miller - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c: - No line continuation support in ldap.conf. - [211caaba2395] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Try to make it clear that when match_group_by_gid is enabled, groups + in sudoers are looked up by group name instead of group ID. This + doesn't usually cause problems, but if there are conflicting group + entries (for example, from a local /etc/group file and an LDAP or AD + group database), whether the group is resolved by name or ID can be + used to work around conflicts. + [fe3bfca4fcce] - * include/sudo_util.h, lib/util/parseln.c: - Add flag to sudo_parseln() to disable line continuation support. - [d2820247fc07] +2017-04-07 Todd C. Miller - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in: - A comment character ('#') is only special at the beginning of the - line. - [b3b67b7e4fc0] + * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, po/ja.mo, + po/ja.po: + sync with translationproject.org + [94d36c45e345] - * include/sudo_util.h, lib/util/parseln.c, - lib/util/regress/sudo_parseln/parseln_test.c, lib/util/sudo_conf.c, - lib/util/util.exp.in, plugins/sudoers/env.c, plugins/sudoers/ldap.c, - plugins/sudoers/sudo_nss.c: - Add a flags option to sudo_parseln() and a flag to only mach - comments at the beginning of the line. Use the flag when parsing - ldap.conf. - [40c560fc9a10] + * plugins/sudoers/regress/parser/check_digest.c: + plug memory leak in check_digest + [40aab9e6e365] - * src/sudo.c: - If get_process_ttyname() fails for errno != ENOENT, just warn - instead of making it a fatal error. Bug #755 - [1a028b861801] + * src/exec.c: + Check return value of dispatch_pending_signals() in case we received + SIGINT or SIGQUIT before executing the command. + [218758d1560d] -2016-08-31 Todd C. Miller +2017-03-30 Todd C. Miller - * plugins/sudoers/mkdefaults: - use strict - [681281bc0f6d] + * configure, configure.ac: + back out unintentional change to the version number + [799b396c1c69] - * plugins/sudoers/def_data.h, plugins/sudoers/mkdefaults: - Define def_foo in terms of the I_FOO index instead of a bare number. - [abb119f84ae6] +2017-03-28 Todd C. Miller * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, - plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, - plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, - plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, - plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo, + po/cs.po, po/da.mo, po/da.po, po/de.mo, po/de.po, po/fr.mo, + po/fr.po, po/hr.mo, po/hr.po, po/it.mo, po/it.po, po/pl.mo, + po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/tr.mo, po/tr.po, po/uk.mo, + po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, po/zh_CN.po: sync with translationproject.org - [d339717f8692] + [04c4a3ec233d] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Mention that match_group_by_gid has no effect when sudoers is stored - in LDAP. - [5eb6ae45c699] +2017-03-27 Todd C. Miller - * include/sudo_compat.h, src/sudo.c: - Use W_EXITCODE to construct the wait status if sudo could not - execute the command. Fixes the sudo exit value for exec(3) failure. - [95eae2d60292] + * configure, configure.ac, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_digest.out.ok: + Make check_digest test sudo_filedigest() itself instead of the + underlying SHA2 functions. That way we can test it regardless of + whether we use sudo's SHA2 functions or a library version. + [9834b37f1fb0] - * src/exec.c: - fix brace style - [54448c10b6b5] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document that commands matched by "sudo ALL" are not affected by + fdexec. + [7cc3b770a2ff] - * plugins/sudoers/po/sudoers.pot, po/sudo.pot: - regen - [794b06ba727b] +2017-03-24 Todd C. Miller - * src/sudo.c: - It is possible for get_user_info() to fail for reasons other than - ENOMEM so print the warning message there rather than in main(). - [8c24df8d6b78] + * NEWS: + Update for 1.8.20 + [14a09000c1dc] -2016-08-30 Todd C. Miller + * plugins/sudoers/po/sudoers.pot: + regen for restricted_env_file + [81290b370c95] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - match_group_by_gid is only available in sudo 1.8.18 and above - [dd237eb540d0] - - * doc/UPGRADE: - Mention match_group_by_gid - [417f27e9059a] + Mention that iolog_user is useful for NFS. + [9c8f9dfdebf0] - * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Document match_group_by_gid - [2234997acb8d] +2017-03-23 Todd C. Miller - * plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, - plugins/sudoers/def_data.in, plugins/sudoers/pwutil.c: - Add match_group_by_gid Defaults option to allow sites with slow - group lookups and a small number of groups in sudoers to match - groups by group ID instead of by group name. - [20714580da96] - -2016-08-29 Todd C. Miller + * plugins/sudoers/iolog.c: + Only retry mkdir or create with PERM_IOLOG if errno is EACCES. Also + always use PERM_IOLOG for mkdtemp() since we cannot retry if it + fails. Since we are guaranteed to create a new directory there's no + real need to try w/o PERM_IOLOG in this case. + [c3c67d78e46a] - * NEWS: - Mention "sudo -l command" bug fix. - [cb8ade186880] +2017-03-22 Todd C. Miller - * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - Fix "sudo -l command" in the LDAP and SSS backends when the command - is not allowed. - [631038350b2a] + * plugins/sudoers/iolog.c: + Add fallback to PERM_IOLOG when making the final componenet of + iolog_dir. + [72924e4c8f5d] -2016-08-26 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/env.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Add restricted_env_file which is like env_file but subject to the + same restrictions as the user's own environment. + [ec887cc57a8b] - * plugins/sudoers/defaults.c: - Use sudo_strsplit() instead of doing the equivalent manually. - [9eb6d1cc78bd] + * plugins/sudoers/iolog.c: + quiet a warning on older zlib + [bcd3cac968a2] -2016-08-25 Todd C. Miller + * plugins/sudoers/iolog.c, plugins/sudoers/timestamp.c: + cast mode_t to unsigned int when printing with %o + [f9ca9ead134e] - * NEWS: - Move SIGPIPE bug fix to 1.8.18 where it belongs - [52509fd0100e] +2017-03-21 Todd C. Miller - * plugins/sudoers/defaults.c: - Fix memset size typo in previous commit. - [e00299f7c50f] + * plugins/sudoers/po/sudoers.pot: + regen + [f62e81f74d10] - * plugins/sudoers/regress/visudo/test6.out.ok, - plugins/sudoers/regress/visudo/test6.sh: - Add regress for check_defaults() use-after-free bug. - [0b362678ca10] + * plugins/sudoers/iolog.c, plugins/sudoers/mkdir_parents.c, + plugins/sudoers/timestamp.c: + Set umask temporarily when creating files instead of changing the + mode after the fact. This is slightly less error prone. + [a9b4cf336b73] - * MANIFEST, plugins/sudoers/defaults.c: - Fix use-after-free in check_defaults(), reported by Radovan Sroka of - RedHat. - [ab3a4227c12f] + * plugins/sudoers/iolog.c: + remove now-useless variable + [9a36b2449ac4] -2016-08-24 Todd C. Miller + * plugins/sudoers/mkdir_parents.c: + Don't set owner/mode on directories that already exist, only on + newly-created ones. + [2b616be0e165] - * NEWS: - SIGPIPE bug fix - [24c9a12f7e59] + * plugins/sudoers/iolog.c, plugins/sudoers/mkdir_parents.c: + Explicitly set the file mode of I/O log files so the mode is not + affected by the invoking user's umask. + [ec7d5dd47b6b] - * src/signal.c: - Now that we ignore SIGPIPE in sudo we need to restore it at exec - time. Problem reported by Radovan Sroka of RedHat. - [3cfa7e3510ff] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/iolog.c, plugins/sudoers/mkdir_parents.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h, + plugins/sudoers/timestamp.c: + Add PERM_IOLOG so we can create I/O log files on an NFS-mounted + filesystem where root is remapped to an unprivileged user. + [01804a971cd5] -2016-08-22 Todd C. Miller + * plugins/sudoers/mkdir_parents.c: + Restore the '/' in the path before returning if we encounter an + error. + [bb12cfce16fd] - * mkpkg: - Fix appending to make_opts - [abe28b6b7663] + * plugins/sudoers/sssd.c: + zero out nss->handle after it has been freed to make sure we cannot + free it twice + [00d5340b7541] - * NEWS: - Add Bug #753 and fix reference to Bug #752. - [e8c959e1cd6c] +2017-03-20 Todd C. Miller -2016-08-21 Todd C. Miller + * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/timestamp.c: + When creating the timestamp directory, use the group of the + timestamp owner instead of inheriting the group of the parent + directory. + [7a4a10cafe08] - * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, - plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, - plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/da.mo, - po/da.po, po/pt_BR.mo, po/pt_BR.po: - sync with translationproject.org - [219c3f0aeee7] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/iolog.c: + Add iolog_flush option. + [96baa17409cf] - * plugins/sudoers/po/sudoers.pot, po/sudo.pot: - regen pot files - [d0c56a4ff553] +2017-03-17 Todd C. Miller -2016-08-17 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/iolog.c: + Don't allow the user to specify an I/O log file mode that sudo can't + read or write to. I/O logs must always be readable and writable by + the owner. + [b32e2ef04905] - * NEWS: - Update with logging changes. - [f41beca23b99] +2017-03-14 Todd C. Miller - * plugins/sudoers/logging.c: - Avoid duplicate warnings when we cannot write to the log file. Also - send the warning in mail if possible. - [9b8509cff137] + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoreplay.cat, + doc/visudo.cat: + Regenerate the cat pages with newer mandoc which formats double + quotes as "foo" instead of ``foo''. + [5f14e527ae05] - * plugins/sudoers/iolog.c, src/exec_pty.c, src/sudo.c, src/sudo.h: - Move the ignoring of I/O log plugin errors into the I/O log plugin - itself. - [25b7fd056614] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Make it clear that I/O logs will be complete even if the command run + by sudo is terminated by a signal. The I/O log buffering just + prevents the logs from being displayed in real-time as the command + is running. + [072fd419ac1e] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, - plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, - plugins/sudoers/iolog.c, plugins/sudoers/policy.c, - plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h: - Make the behavior when we cannot write to a log or audit file - configurable. File log failures are ignored by default for - consistency with syslog. Audit errors are ignored by default to - allow the admin to fix the issue. I/O log file errors are still - fatal by default since if I/O logging is activated it is usually to - have an audit trail. Bug #751 - [dbd085e7c736] +2017-03-13 Todd C. Miller -2016-08-15 Todd C. Miller + * src/exec.c, src/exec_monitor.c, src/signal.c, src/sudo.h: + Replace pipe_nonblock() with pipe2() + [c106b62d7835] - * plugins/sudoers/logging.c: - Make sure we print an error message to stderr (and not just send - mail) if do_logfile() fails. Bug #751 - [7884a23a0cdc] + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/Makefile.in, lib/util/pipe2.c, + mkdep.pl: + Emulate pipe2() on systems without it. + [5a183dd380f0] -2016-08-13 Todd C. Miller +2017-03-10 Todd C. Miller - * plugins/sudoers/pwutil.c: - Separate out the supplemental group ID checks from the supplemental - group name checks in user_in_group(). We now call sudo_get_gidlist() - only when the group name in sudoers begins with a '#' (which is - seldom used). - [80534785d8b7] + * plugins/sudoers/auth/kerb5.c: + Fix declaration of sudo_krb5_verify() in the case where + krb5_verify_user() is not present. Bug #777 + [eafd4e2d7c7f] - * plugins/sudoers/ldap.c, plugins/sudoers/policy.c, - plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h, - plugins/sudoers/pwutil_impl.c, plugins/sudoers/set_perms.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: - Cache the user's group IDs and group names separately and only - resolve group IDs -> names when needed. If the sudoers file doesn't - contain groups we will no longer try to resolve all the user's group - IDs to names, which can be expensive on some systems. - [8ce3564e896e] + * plugins/sudoers/rcstr.c: + Use HAVE_STDBOOL_H to detect systems w/o stdbool.h. Bug #778 + [dbac86777429] -2016-08-12 Todd C. Miller +2017-03-09 Todd C. Miller - * plugins/sudoers/defaults.c: - Remove the "op" parameter from all the store_foo() functions except - store_list() where it is actually needed. For the others, a NULL - value indicates the setting was negated. This unconfuses static - analyzers (and perhaps humans too). - [fca031b57f15] + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [2fc489ddc143] - * plugins/sudoers/defaults.c: - Flags always have a NULL value. Regression introduced by refactor of - set_default_entry(). - [71fe4fad097b] + * src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c: + Move SIGCHLD handling into handle_sigchld() functions and move the + remaining bits of dispatch_signal() into signal_pipe_cb() + [b120f5cfa8cc] - * plugins/sudoers/defaults.c: - Set rc to true when setting a flag Defaults value. - [cf016b6aedd4] +2017-03-08 Todd C. Miller * src/utmp.c: - suppress a cppcheck false positive - [0d44aa7cf05c] + e_termination should be set to the value of WTERMSIG not WEXITSTATUS + [95f37078ae8f] - * plugins/sudoers/defaults.c: - Refactor the error parts of set_default_entry() so the switch() is - mostly just calls to store_foo() functions. Avoids a lot of - duplicated error checking and silences a cppcheck false positive. - [1112b894007c] +2017-03-07 Todd C. Miller - * plugins/sudoers/defaults.c: - In set_default_entry() check for unsupported Defaults type. - [beb1ae20179f] + * MANIFEST, src/Makefile.in, src/exec_nopty.c, src/sudo.h, + src/tcsetpgrp_nobg.c: + Add tcsetpgrp_nobg() which acts like tcsetpgrp() but returns -1 for + a background process. This is safer than blocking SIGTTOU which + would cause tcsetpgrp() to succeed in the background. + [7ab75c47b8bf] - * lib/util/aix.c: - Add missing break in switch that sets the max limit for - RLIMIT_NOFILE. Found by cppcheck. - [39b1979b1b92] +2017-03-06 Todd C. Miller - * plugins/sudoers/defaults.c: - Check sudoers_initlocale return value and treat as oom. Coverity CID - 141832 - [b1cad9d6c49d] + * src/exec_nopty.c: + Prevent sudo from receiving SIGTTOU when it tries to restore the + controlling terminal. There appears to be a race with the shell + (bash) which we may lose. + [aab018fb9940] -2016-08-10 Todd C. Miller +2017-03-03 Todd C. Miller - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/match.c, plugins/sudoers/parse.c, - plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: - Set runas_pw early and adjust runaslist_matches() to deal. Since we - now set runas_default early there is no need to call update_defaults - with SETDEF_RUNAS after sudoers has been parsed. - [35e0b08219a8] + * plugins/sudoers/timestamp.c, src/exec_monitor.c: + Add some casts to quiet gcc warnings on Solaris and remove a now- + useless debug printf. + [16c862eab0ce] -2016-08-09 Todd C. Miller + * src/exec_pty.c: + change debug info when suspending sudo + [f5c5ee07f8e3] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/defaults.c, plugins/sudoers/group_plugin.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, - plugins/sudoers/testsudoers.c: - Load sudoers group plugin via an early callback. - [0fc4382cd6e4] + * MANIFEST, src/Makefile.in, src/exec.c, src/exec_monitor.c, + src/exec_nopty.c, src/exec_pty.c, src/sudo_exec.h: + Reorganize the command execution code to separate out the pty and + non-pty code paths into their own event loops. The non-pty exec code + is now contained in exec_nopty.c and the pty exec code is split + between exec_pty.c (parent process) and exec_monitor.c (session + leader). This results in a small bit of duplicated code but improves + readability. Some of the duplicated code will fall out in future + changes to the event subsystem (the signal pipe). + [fe239d2a3cbd] - * sudo.pp: - System Integrity Protection on Mac OS X won't allow us to write - directly to /etc or /var. We must install in /private/{etc,var} - instead. - [831c78241e78] +2017-02-26 Todd C. Miller - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Document that fqdn, runas_default and sudoers_locale are parsed - early. - [beb4868c449e] + * lib/util/ttysize.c, src/exec_pty.c: + Remove support for the TIOCGSIZE ioctl. Systems that use this rather + than TIOCGWINSZ are too old for sudo to build on anyway. + [0179b16c70f9] - * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat, - doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoreplay.cat, - doc/visudo.cat: - Regen for 1.8.18 - [eb4feabb8fee] +2017-02-24 Todd C. Miller -2016-08-08 Todd C. Miller + * src/exec.c, src/exec_pty.c: + Set the child pid to -1 after we've waited for it and take care to + avoid killing pid -1. This makes it a bit more explicit and removes + the need for a separate variable to track the child's status. Sudo + already stops processing signals after it receives SIGCHLD so it is + not vulnerable to CVE-2017-2616. + [1123704858ae] - * plugins/sudoers/defaults.h, plugins/sudoers/ldap.c, - plugins/sudoers/sssd.c: - Avoid passing around struct defaults when it is not needed. As a - result, we no longer need to include gram.h in the LDAP and SSSD - backends. - [14d0bfdc8bd2] +2017-02-22 Todd C. Miller - * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, - plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - Instead of deferring setting early defaults until we have traversed - the entire defaults list, just defer running the callbacks. - Otherwise, if the last early default setting we see has a bad value - we won't set any defaults of that type even if there was an earlier - one that was valid. - [552863e5a097] + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Update the description of strict mode to current reality. Aliases + haven't needed to be defined before they are used since sudo 1.7. + [9dc4ce4ec538] - * plugins/sudoers/defaults.c: - Run callbacks once in set_default_entry() instead of each of the - store_foo() functions. - [b92b51c67845] + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, + plugins/sudoers/regress/visudo/test2.err.ok, + plugins/sudoers/regress/visudo/test3.err.ok, + plugins/sudoers/visudo.c: + Go back to using a Warning/Error prefix in the message printed to + stderr for alias problems. Requested by Tomas Sykora. + [ad4dc6e34222] -2016-08-03 Todd C. Miller +2017-02-21 Todd C. Miller - * mkpkg: - Use /proc/cpuinfo on Linux instead of running lscpu - [450ea436dbe4] + * plugins/sudoers/filedigest.c, plugins/sudoers/filedigest_openssl.c: + fix copyright years + [b9f013f95bb2] - * mkpkg: - If using GNU make on a multi-cpu system, use the -j flag to run make - jobs in parallel, up to the number of cpus/cores. - [7a6670de96dc] +2017-02-20 Todd C. Miller -2016-07-31 Todd C. Miller + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/digestname.c, + plugins/sudoers/filedigest.c, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/parse.h, + plugins/sudoers/sssd.c, plugins/sudoers/visudo_json.c: + Move the file digest code out of match.c and into filedigest.c. + Inspired by RedHat changes that used libgcrypt. Also add + digest_type_to_name() to map a sudo digest type (int) to a name + (string) and use it. + [9213d8c94b8f] - * plugins/sudoers/visudo.c: - Only check SUDO_USER if euid is 0 - [f42d00c94817] + * INSTALL, MANIFEST, configure, configure.ac, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/filedigest_openssl.c: + Add support for using the message digest functions in OpenSSL + instead of sudo's own SHA2 implementation. + [d77639c97e43] -2016-07-30 Todd C. Miller + * INSTALL, MANIFEST, configure, configure.ac, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/filedigest_gcrypt.c: + Add support for using the message digest functions in libgcrypt + instead of sudo's own SHA2 implementation. + [0259467c38dd] - * plugins/sudoers/visudo.c: - Initialize sudo_user based on the SUDO_USER environment variable if - present. This allows things like :Defaults:username editor=foo" to - work when visudo is run via sudo. - [a526d6f74198] + * plugins/sudoers/gmtoff.c: + Check for gmtime() or localtime() returning NULL and just use a zero + offset in that case. Should not be possible. + [ed210dd8bf46] -2016-07-28 Todd C. Miller +2017-02-18 Todd C. Miller - * src/exec_pty.c: - Add function name in "command resumed" debug message - [e209f199a79f] + * plugins/sudoers/sudoers2ldif: + Add support for ROLE, TYPE, PRIVS, LIMITPRIVS, TIMEOUT, NOTBEFORE + and NOTAFTER. + [d0310b017c78] - * src/exec_pty.c: - If waitpid() returns 0 or -1, display a warning, this should never - happen. Add a check for unhandled wait status (also should never - happen). - [983a0b79b527] + * config.h.in, configure, configure.ac, plugins/sudoers/timestr.c: + strftime() was in C89 so use it unconditionally. + [87bf66aa18fd] - * plugins/sudoers/defaults.c: - Flag settings have a NULL value so we can't use that to test whether - an entry in struct early_default is set or not. Add a "set" member - and use that instead. - [68a7c0de9b0e] + * MANIFEST, config.h.in, configure, configure.ac, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in, include/sudo_debug.h, + lib/util/sudo_debug.c, lib/util/util.exp.in, + plugins/sudoers/Makefile.in, plugins/sudoers/gentime.c, + plugins/sudoers/gmtoff.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/regress/parser/check_gentime.c, + plugins/sudoers/regress/sudoers/test19.in, + plugins/sudoers/regress/sudoers/test19.json.ok, + plugins/sudoers/regress/sudoers/test19.out.ok, + plugins/sudoers/regress/sudoers/test19.toke.ok, + plugins/sudoers/regress/visudo/test10.out.ok, + plugins/sudoers/regress/visudo/test10.sh, + plugins/sudoers/sudoers_version.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add NOTBEFORE and NOTAFTER command options similar to what is + already available in LDAP. + [3ba0f9567f83] -2016-07-27 Todd C. Miller +2017-02-16 Todd C. Miller - * src/exec_pty.c: - Explicitly check for a continued process with waitpid(2). Otherwise, - waitpid() will return 0 when the command is resumed after being - suspended, which we were treating the same as -1. Fixes suspend and - resume on Linux and probably others. - [54a464b116ad] + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [f2876eadc1f5] - * plugins/sudoers/defaults.c: - Fix --with-fqdn, the value should be NULL since it is a flag. - [95bc8b82911e] + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, include/sudo_plugin.h: + Bump version to 1.11 for timeout entry in settings[] + [7b288e4bab93] - * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, - plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - Add support for early defaults to the ldap and sssd backends. - [3a034360c177] + * doc/sudo.conf.cat, doc/sudo_plugin.cat, doc/sudoers.ldap.cat, + doc/sudoreplay.cat, doc/visudo.cat: + regen + [8c059a57d367] -2016-07-25 Todd C. Miller + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/parse_args.c, src/sudo_usage.h.in: + Add a command line option to specify the command timeout, as long as + sudoers does not specify a shorter time limit. + [a8ef7f923d0a] - * src/sudo_edit.c: - Repair symlink check in sudo_edit_openat_nofollow() on systems - without O_NOFOLLOW, it must be done relative to dfd. Previously the - lstat() would always fail, possibly leading to a false positive. - Also add an early symlink check like in sudo_edit() while here. - [f72901c7f7cc] +2017-02-15 Todd C. Miller - * src/sudo_edit.c: - On systems that lack the O_NOFOLLOW open(2) flag, check in - sudo_edit_open() whether the path to be opened is symlink before - opening it. This is racey but we detect losing the last post-open - and it is better to fail early if possible. When editing a link to a - non-existent file, a zero-length file will be left behind but it is - too dangerous to try and remove it after the fact. Bug #753 - [dac04f305262] + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Better error message when the timeout value does not parse. + [2360fb093e3e] - * src/sudo_edit.c: - Update debug_decl for sudo_edit_openat_nofollow() Remove unused - variables when O_NOFOLLOW is not present. - [8dc0afb1de58] + * plugins/sudoers/timeout.c: + set errno to ERANGE not EOVERFLOW on range error + [9654e1acab0d] -2016-07-23 Todd C. Miller +2017-02-14 Todd C. Miller - * plugins/sudoers/defaults.c, plugins/sudoers/visudo.c: - Split set_default_entry() out of set_default() so we can call it - from check_defaults() to validate the defaults value. In visudo, - suppress warnings from update_defaults() and rely on - check_defaults() to provide warnings. - [7d9b50f42d0b] + * plugins/sudoers/Makefile.in: + regen + [46a124dd72aa] - * plugins/sudoers/defaults.c: - Split binding match code out of default_type_matches() into - default_binding_matches(). We can now use default_type_matches() in - check_defaults(). - [c158768b12c5] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/parse.h: + Merge command tags, SELinux type/role and Solaris privs settings + into "command options". This relaxes the order of things so tags and + other options can be interspersed. + [0970fd78cbe8] - * plugins/sudoers/visudo.c: - Pass quiet flag to init_parser() and update_defaults() when doing - first parse of sudoers. - [3af76c1a0d84] + * MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/ldap.c, + plugins/sudoers/mkdefaults, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/policy.c, + plugins/sudoers/regress/sudoers/test17.in, + plugins/sudoers/regress/sudoers/test17.json.ok, + plugins/sudoers/regress/sudoers/test17.out.ok, + plugins/sudoers/regress/sudoers/test17.toke.ok, + plugins/sudoers/regress/sudoers/test18.in, + plugins/sudoers/regress/sudoers/test18.json.ok, + plugins/sudoers/regress/sudoers/test18.out.ok, + plugins/sudoers/regress/sudoers/test18.toke.ok, + plugins/sudoers/testsudoers.c, plugins/sudoers/timeout.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/visudo_json.c: + Add support for command timeouts in sudoers. After the timeout, the + command will be terminated. + [a36a748e9324] -2016-07-22 Todd C. Miller + * doc/fixman.sh, doc/fixmdoc.sh, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/parse.h: + Split out tags again so they must precede the command and not allow + them to be mixed in with options. + [e7e7d60316cc] - * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, - plugins/sudoers/ldap.c, plugins/sudoers/parse.c, - plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: - Update defaults in visudo after sudoers has been edited so we pick - up locale changes. The init_defaults() function will now re-init the - sudoers locale. - [ceb099392289] + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Only inherit SELinux role/type and Solaris privilege sets if the + command does not include any. Previously, a command with only a role + would inherit a type from the previous command which is not what was + intended. + [171a3ad972e7] -2016-07-20 Todd C. Miller + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + List SELinux role/type for "sudo -l" with LDAP and SSSd backends. + Also fix printing of the timeout. + [740723a49ab5] - * plugins/sudoers/testsudoers.c: - Set sudoers locale before calling sudoersparse(). We don't need to - restore the user's locale since warnings are displayed in the user's - locale anyway. - [c44a38a496d1] + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Plug some memory leaks found by ASAN. + [08189098a5b6] - * plugins/sudoers/visudo.c: - Set the locale to the sudoers locale when parsing and restore the - user's locale afterward. Also set the warn/fatal locale helper - function so warning messages during a sudoers parse are displayed in - the user's own locale. - [a0b2cdb69d43] + * plugins/sudoers/Makefile.in: + Only inhibit ASAN leak detector for tests that result in a parse + error. The parser cannot currently clean up completely on error. + [b2f82dcd2545] - * plugins/sudoers/logging.h: - Add forward decl of union sudo_defs_val to silence a gcc warning. - [9e717510f132] + * plugins/sudoers/rcstr.c: + supress cppcheck memory leak false positive + [e0caf2275a44] - * plugins/sudoers/sudoers.c: - Set the warn/fatal locale helper function in sudoers_policy_init() - so warning messages during sudoers loading are displayed in the - user's own locale. - [b6c7bab1ca80] + * lib/util/strtoid.c: + fix typo that prevented compilation on FreeBSD + [27866f6a2b5e] - * plugins/sudoers/locale.c, plugins/sudoers/logging.h, - plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, - plugins/sudoers/visudo.c: - Move sudoers locale callback function to locale.c and user it in - visudo and testsudoers. - [7c4e9a71e252] +2017-02-13 Todd C. Miller - * plugins/sudoers/sudoers.c: - In cb_sudoers_locale() actually set the locale in addition to - storing its name. Otherwise, it won't take effect until sudoers - lookup time. - [ceb446c2168b] + * lib/util/Makefile.in: + Link vsyslog.lo directly into vsyslog_test to make sure the syslog() + stub gets called. Otherwise, the real syslog will get called via + libutil on AIX. + [693bc8411a98] - * plugins/sudoers/defaults.c: - Fix regression that would cause early defaults entries to be set - multiple times. - [5f5cd02d5f0f] + * lib/util/regress/vsyslog/vsyslog_test.c: + Fix final test with a format > 2048 bytes. Keep track of tests run + in the syslog() stub so we can detect if the stub is not being + called. + [d10d784446c1] - * NEWS, configure, configure.ac: - sudo 1.8.18 - [7c778904c39b] + * lib/zlib/deflate.c: + avoid redefining the MIN macro + [45b7b0ba0f01] -2016-07-19 Todd C. Miller + * plugins/sudoers/parse.h, plugins/sudoers/timestr.c: + Include parse.h in timestr.c which is where function prototype + lives. + [3ec9ec84a84c] - * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c: - Only set early defaults once, regardless of how many times the - variable is set in sudoers. This avoids running an early callback - more than once. For example, we don't want to call cb_fqdn() if sudo - is compiled with FQDN set but sudoers has "Defaults !fqdn". - [0c5d80939ea2] + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix for including a sudoers file that begins with the letter 'i'. + The hack to determine whether we are parsing an include or + includedir is no longer safe now that relative include paths are + permitted. Bug #776. + [4d9691a43867] - * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: - Make strings const in functions that set defaults as they are not - modified. - [d01f22ab1902] +2017-02-10 Todd C. Miller - * plugins/sudoers/sudoers.c: - In cb_fqdn() just return if the fqdn flag is set to false. - [0cb3d78aa944] + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: + Display the value of syslog_maxlen in sudo -V output. + [0841ad36531c] -2016-07-18 Todd C. Miller +2017-02-06 Todd C. Miller - * plugins/sudoers/defaults.c: - Implement callbacks for defaults flags (T_FLAG). - [936adcc98800] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c: + Add ignore_unknown_defaults flag to ignore unknown Defaults entries + in sudoers instead of producing a warning. + [a7fdb44677dd] - * plugins/sudoers/sudoers.c: - add debug_decl for cb_runas_default and cb_sudoers_locale - [4667b1e14172] +2017-01-27 Todd C. Miller - * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c: - Convert fqdn to a callback and add it to the list of early defaults. - [df863787cf5e] + * plugins/sudoers/match.c: + Always set the close-on-exec bit on the fd used to generate the + digest (i.e. the command to run) on systems that lack fexecve(2). + That way we don't need to explicitly close it using #ifdefs. + [f840a22fac1c] - * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, - plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c: - Change defaults callbacks to take a union sudo_defs_val * instead of - a char *. - [c7730fa19e46] + * plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po, + plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, po/ca.mo, + po/ca.po, po/eo.mo, po/eo.po, po/sv.mo, po/sv.po: + sync with translationproject.org + [57e877674892] - * plugins/sudoers/defaults.c: - When updating defaults, process certain values fist since they can - influence how other defaults are parsed. Currently, runas_default - and sudoers_locale are processed early. - [32062737a1ae] + * NEWS: + first updates for 1.8.20 + [118208688b08] -2016-07-16 Todd C. Miller + * configure, configure.ac: + sudo 1.8.20 + [6cba125ea903] - * plugins/sudoers/toke_util.c: - Fix typo introduced in last commit to fix fill_args() overflow - check. - [535d13b81c5d] +2017-01-25 Todd C. Miller - * plugins/sudoers/toke_util.c: - Fix underflow checl in fill_args(). - [2c6852e65ad6] + * doc/LICENSE, lib/zlib/adler32.c, lib/zlib/compress.c, + lib/zlib/crc32.c, lib/zlib/deflate.c, lib/zlib/deflate.h, + lib/zlib/gzguts.h, lib/zlib/gzlib.c, lib/zlib/gzread.c, + lib/zlib/gzwrite.c, lib/zlib/infback.c, lib/zlib/inffast.c, + lib/zlib/inflate.c, lib/zlib/inflate.h, lib/zlib/inftrees.c, + lib/zlib/trees.c, lib/zlib/uncompr.c, lib/zlib/zconf.h.in, + lib/zlib/zlib.exp, lib/zlib/zlib.h, lib/zlib/zutil.c, + lib/zlib/zutil.h: + update zlib to version 1.2.11 + [75a563663083] - * plugins/sudoers/toke_util.c: - Make sure we account for the trailing NUL when computing arg_size in - fill_args(). Bug #752 - [c73c1ea4b230] +2017-01-23 Todd C. Miller - * plugins/sudoers/toke_util.c: - Make arg_size and arg_len unsigned since we do bitwise operations on - them. - [0a551c7a5e67] + * plugins/sudoers/match.c: + Fix fdexec=never when a digest is present. + [49d3ab5baad0] -2016-07-08 Todd C. Miller +2017-01-22 Todd C. Miller - * lib/util/Makefile.in, lib/zlib/Makefile.in, - plugins/group_file/Makefile.in, plugins/sample/Makefile.in, - plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, - src/Makefile.in: - Only remove backup files as part of "make uninstall" when - INSTALL_BACKUP is set. - [c2541d2de89c] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/match.c: + Add new fdexec sudoers setting to allow choose whether execve() or + fexecve() is used. + [6a7623aa9a64] - * configure, configure.ac, lib/util/Makefile.in, lib/zlib/Makefile.in, - plugins/group_file/Makefile.in, plugins/sample/Makefile.in, - plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, - src/Makefile.in: - Only keep backups of installed files on HP-UX where you cannot - unlink a shared library that is in use. - [8763a1d0d515] + * src/exec.c, src/exec_pty.c: + Close execfd in parent processes where it is not needed. + [f44e334d43e2] -2016-07-03 Todd C. Miller +2017-01-21 Todd C. Miller - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: - Ignore a missing or insecure #includedir, it is not a fatal error. - [8a82818c9f0d] + * plugins/sudoers/match.c: + Add support for digest matching when the command is a glob-style + pattern or a directory. For example: - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: - Make sure we always call sudoerserror() on error in - read_dir_files(), otherwise sudo will not treat it as a fatal error. - [1a38da425ca0] + millert ALL = sha224:TmUvLkp3a2txliSC2X6CiK42626qdKsH72m/PQ== /bin/ + millert ALL = sha224:TmUvLkp3a2txliSC2X6CiK42626qdKsH72m/PQ== /bin/* -2016-06-30 Todd C. Miller + would only match /bin/ls (assuming the digest matches). - * plugins/sudoers/sudoers.c: - Set the sudoers locale before opening the sudoers file. Previously - the sudoers locale was used when evaluating sudoers but not during - the inital parse. Bug #748 - [c8deb0da75b4] + Previously, only explicit path matches checked the digest. + [d4f6822ba9bb] - * plugins/sudoers/locale.c: - Add debugging - [5fbe2f109b92] +2017-01-17 Todd C. Miller - * plugins/sudoers/Makefile.in: - Don't link test programs with the sudoers-specific locale code if we - don't need to. - [41224154534e] + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c: + Add support for SASL_MECH in ldap.conf; Bug #764 + [d057bb7f2ddc] - * plugins/sudoers/Makefile.in: - sudoreplay does not need to link with the sudoers-specific locale - code. - [348638a68f69] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Fix documentation bug, the contents of env_file have never been + subject to env_keep or env_check. However, variables are only added + if they have not already been preserved. + [4483b1b44709] -2016-06-27 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + examples/sudoers: + Safer example for rule that can change non-root passwords. GNU + getopts allows options to follow arguments so we need to be able to + deny things like "passwd root -q". From Paul "Joey" Clark. Bug #772 + [c809f1372811] - * plugins/sudoers/gram.c, plugins/sudoers/gram.y: - new_digest was prototyped as static but not explicitly declared - static. - [52949a024acb] +2017-01-16 Todd C. Miller - * configure, configure.ac: - Some versions of HP-UX 11.11 do not expose struct sockaddr_ext if - _XOPEN_SOURCE_EXTENDED is defined. Only define - _XOPEN_SOURCE_EXTENDED if we can still compile net/if.h. - [0189ff7daa63] + * plugins/sudoers/ldap.c: + Don't overwrite the return value of ldap_sasl_interactive_bind_s() + by the subsequent call to sudo_set_krb5_ccache_name(). From Paul + Zirnik of SUSE. + [448baff2b586] - * plugins/sudoers/Makefile.in: - Some versions of HP-UX make will ignore suffix rules if they are - empty. - [cffeee232752] + * plugins/sudoers/env.c: + In sudo_unsetenv_nodebug(), decrement envp.env_len after removing + the variable. From Paul Zirnik of SUSE. + [3d87a008671c] -2016-06-23 Todd C. Miller +2017-01-15 Todd C. Miller - * src/exec_pty.c: - Don't skip debug printfs in handle_sigchld() just because execve() - returned an error. - [0cf2a9351740] + * lib/util/Makefile.in: + only run vsyslog_test if it exists + [5323dfcfb009] - * include/compat/charclass.h, include/sudo_compat.h, lib/util/aix.c, - lib/util/getaddrinfo.c, lib/util/sudo_debug.c, - plugins/sudoers/insults.h, - plugins/sudoers/regress/parser/check_base64.c, - plugins/sudoers/regress/parser/check_fill.c, - plugins/sudoers/sudoers_debug.c: - Add definition of nitems for those without it and use it throughout. - [4b30c8834fdd] + * MANIFEST, configure, configure.ac, lib/util/Makefile.in, + lib/util/regress/vsyslog/vsyslog_test.c: + Add regress for vsyslog replacement. + [1f767b8f5940] -2016-06-22 Todd C. Miller +2017-01-13 Todd C. Miller - * sudo.pp: - Update copyright year. - [638c964e44fd] + * configure, configure.ac: + Define HAVE_NANOSLEEP if we find nanosleep in librt + [ec8d949bf411] - * .hgtags: - Added tag SUDO_1_8_17p1 for changeset a4487f2a59d2 - [55a6f49366e7] <1.8> + * configure, configure.ac: + sudo_nanosleep not nanosleep in util.exp.in + [18a3bca78962] - * NEWS, configure, configure.ac, src/sudo.c: - merge sudo 1.8.17p1 from trunk. - [a4487f2a59d2] [SUDO_1_8_17p1] <1.8> + * configure, configure.ac: + add nanosleep to util.exp.in if needed + [6ac2e9266d67] * NEWS, configure, configure.ac: - Sudo 1.8.17p1 - [bc30a172370c] + sudo 1.8.19p2 + [9c15593a007a] - * src/sudo.c, src/sudo.h: - Set user groups in exec_setup() if they were not already set by - policy_init_session(). Bug #749 - [3bf16489800c] + * lib/util/vsyslog.c: + Double the size of new_fmt[] and remove an extraneous break in the + %m handling that was leftover from an earlier edit. + [fcb28dc9cd4e] -2016-06-17 Todd C. Miller + * lib/util/vsyslog.c: + Fix typo, want vsnprintf not snprintf. + [2717f2125ecd] - * .hgtags: - Added tag SUDO_1_8_17 for changeset ce03d9647415 - [700e92e0beec] <1.8> + * plugins/sudoers/logging.c: + move va_start() in mysyslog() + [b58ec40bbfc3] - * INSTALL, NEWS, config.h.in, configure, configure.ac, - doc/CONTRIBUTORS, doc/sudo.cat, doc/sudo_plugin.cat, - doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, - doc/sudoreplay.man.in, doc/visudo.cat, lib/util/Makefile.in, - lib/util/event.c, plugins/group_file/Makefile.in, - plugins/sudoers/Makefile.in, plugins/sudoers/env.c, - plugins/sudoers/iolog.c, plugins/sudoers/logging.c, - plugins/sudoers/match.c, plugins/sudoers/po/sudoers.pot, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, - po/sudo.pot, src/Makefile.in, src/exec_pty.c, src/sudo.c: - merge sudo 1.8.17 from trunk. - [ce03d9647415] [SUDO_1_8_17] <1.8> + * plugins/sudoers/sudoers.c: + Only treat failure of expand_iolog_path() as fatal if + ignore_iolog_errors is not set. + [1ba009311cf7] -2016-06-15 Todd C. Miller +2017-01-12 Todd C. Miller - * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: - Point the reader to the sudoers manual for the list of supported - arguments after the plugin path. - [40cbfa5deeb1] + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/Makefile.in, lib/util/nanosleep.c, + mkdep.pl, src/exec_pty.c: + When waiting for the parent to grant us the tty, use nanosleep + instead of spinning to avoid hogging the CPU. + [76335b380d7c] - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in: - forgot to update date in last commit - [3872a46e229b] + * src/sudo.c: + Use ROOT_UID instead of 0 + [5ed03a4e0b0b] - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in: - Fix typo; cn=default should be cn=defaults - [06e097667465] +2017-01-09 Todd C. Miller -2016-06-13 Todd C. Miller + * plugins/sudoers/Makefile.in: + regen + [99b26e2c523d] - * lib/util/Makefile.in, lib/zlib/Makefile.in, - plugins/group_file/Makefile.in, plugins/sample/Makefile.in, - plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, - src/Makefile.in: - Fold lines at 80 characters for the clean: target - [651623231cd8] +2017-01-07 Todd C. Miller - * lib/util/Makefile.in: - Remove mksiglist, siglist.c, mksigname, signame.c as part of - "distclean" - [ed7f58685633] + * MANIFEST, plugins/sudoers/interfaces.c, + plugins/sudoers/regress/visudo/test9.out.ok, + plugins/sudoers/regress/visudo/test9.sh, plugins/sudoers/visudo.c: + Fix crash in visudo introduced in sudo 1.8.9 when an IP address or + network is used in a host-based Defaults entry. Bug #766 + [ff9001f126b5] -2016-06-12 Todd C. Miller +2017-01-05 Todd C. Miller - * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, - plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po: - sync with translationproject.org - [a3bb8c15ef3d] + * configure, configure.ac, doc/LICENSE: + Avoid using the system strnlen/strndup on AIX < 6. Even if configure + correctly detects it is working on the build machine, the sudo + package may be run on a system with an old libc were it is broken. + [28d148db0aaa] - * plugins/sudoers/sssd.c: - LDAP sudoers doesn't support negated users, groups or netgroups. - [d6585245c24d] +2016-12-20 Todd C. Miller -2016-06-09 Todd C. Miller + * NEWS, configure, configure.ac: + sudo 1.8.19p1 + [7bfd43fa5caf] - * NEWS: - Bug #746 - [e0bba3ae78c2] + * plugins/sudoers/defaults.c: + Fix logic bug when matching syslog priority and facility. + [576cc9eb850f] - * plugins/sudoers/match.c: - When matching paths with glob(3), check returned matches against - user_cmnd first if it is fully-qualified. This avoids a lot of - needless stat(2) calls and avoids a mismatch between safe_cmnd and - argv[0] if there are multiple matches with the same inode/dev due to - links. Bug #746. - [29bdba0cf2eb] + * doc/HISTORY: + Dell spun off Quest so simplify the history by just talking about + Quest and not Dell. + [a66120495435] - * NEWS: - Add execve failure in pty bug fix. - [941672cc6793] +2016-12-19 Todd C. Miller - * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po: - sync with translationproject.org - [a4f789cedecc] + * doc/LICENSE: + Fix copyright year + [3122e55195a6] - * src/exec_pty.c: - In handle_sigchld() fix the return value when we've already received - an exec error. We don't want to overwrite the error status but we do - need to indicate that the command is no longer running. Fixes as - hang on execve(2) error when running in a pty. - [797bed2c39a7] + * NEWS: + typo + [ffe9e84928b6] - * src/exec.c, src/exec_common.c: - Move sudo_debug_execve() call into sudo_execve(). - [ab2ea3459a7c] +2016-12-18 Todd C. Miller - * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, - plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, - plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, - plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + * include/sudo_compat.h: + HAVE_DECL_GETGROUPLIST_2 is always defined if HAVE_GETGROUPLIST_2 + is, we need to check its value, not whether it is defined. + [849eb3113149] + +2016-12-15 Todd C. Miller + + * plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po: + sync with translationproject.org + [abf5d356a33b] + +2016-12-13 Todd C. Miller + + * configure, plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, - plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/sr.mo, - po/sr.po, po/sv.mo, po/sv.po: + po/sr.po: sync with translationproject.org - [046ba9a0fca8] - -2016-06-07 Todd C. Miller - - * NEWS: - update for 1.8.17 final - [a2f02775aba5] + [fec672d5a4c7] - * lib/util/aix.c: - Fix setting of hard stack limit when stack_hard is not specified in - /etc/security/limits. When 64-bit resource limits are supported we - can use the default value of 8388608 512-byte blocks directly. We - should only resort to using RLIM_SAVED_MAX for 32-bit resource - limits. - [cc4933fc41bd] + * config.h.in, configure.ac, include/sudo_compat.h, + plugins/sudoers/pwutil_impl.c, src/sudo.c: + Use getgrouplist_2() on macOS if available. + [3bf58af56d18] -2016-06-06 Todd C. Miller +2016-12-03 Todd C. Miller * plugins/sudoers/po/sudoers.pot: regen - [4ab85a46cf63] - -2016-06-05 Todd C. Miller + [3f4d52230317] - * plugins/sudoers/sssd.c: - Ignore empty ipa_hostname - [9421ade7b47f] + * plugins/sudoers/interfaces.c: + In set_interfaces() treat a parse error as fatal. + [7d0048108b1d] - * plugins/sudoers/sssd.c: - Better martching of ipa_hostname in sssd.conf - [abd53491cb4b] +2016-12-02 Todd C. Miller -2016-06-04 Todd C. Miller + * lib/util/regress/atofoo/atofoo_test.c: + Fix a clang warning on macOS + [58e9d192e907] - * INSTALL, configure, configure.ac, pathnames.h.in, - plugins/sudoers/sssd.c: - Use the value of ipa_hostname from /etc/sssd/sssd.conf if present - instead of the system hostname. - [3f5cffcd8432] +2016-12-01 Todd C. Miller -2016-06-03 Todd C. Miller + * plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/ko.mo, + po/ko.po, po/vi.mo, po/vi.po: + sync with translationproject.org + [99cce0f5fddc] - * plugins/sudoers/sssd.c: - When matching host, short-circuit the loop when we get a match. Only - check username as part of the netgroup when netgroup_tuple is - enabled. - [2eab4070dcf7] + * NEWS: + update for 1.8.19b2 + [18cfc9b8b8e7] - * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - Avoid using !strcmp() - [f976b3d973e0] + * plugins/sudoers/timestamp.c: + Ignore a boot time that is in the future, which can happen when the + clock is corrected down after boot. Otherwise, the timestamp file + will be unlinked each time sudo is run and a password is always + required. + [dd3b2b7ae709] -2016-06-02 Todd C. Miller +2016-11-30 Todd C. Miller - * plugins/sudoers/sssd.c: - SSSD doesn't handle netgroups, we have to ensure they are correctly - filtered in sudo. The rules may contain mixed sudoUser specification - so we have to check not only for netgroup membership but also for - user and group matches. Adapted from a patch from Daniel Kopecek. - [50d8d88bcc28] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/logging.c: + Allow syslog priority to be negated or set to "none" to disable + logging successes or failures. + [624eddac4ab1] -2016-06-01 Todd C. Miller + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, + plugins/sudoers/sudoreplay.c: + Allow stdin and ttyin to be displayed too. The only one that is + really useful in sudoreplay is stdin when input is from a pipe. + [5aa8b3a90c84] - * plugins/sudoers/auth/pam.c: - Return PAM_CONV_ERR from the conversation function if getpass - returns NULL or the user pressed ^C. - [bec7e2ec26ff] + * src/regress/noexec/check_noexec.c: + Solaris 10 wordexp() returns 127 on execve() failure like popen() + does. + [f927c50dda17] - * plugins/sudoers/base64.c: - Make base64 decoding table-driven. - [2d001c111552] + * config.h.in, configure, configure.ac, include/sudo_debug.h, + lib/util/regress/atofoo/atofoo_test.c, lib/util/strtoid.c, + lib/util/sudo_debug.c, lib/util/util.exp.in: + id_t is 64-bits on FreeBSD so use strtoll() there. Fixes the strtoid + regress. + [448a9857e89f] - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: - Back out cfa26b99228f, it was already fixed differently. Caught by - regress checks. - [0584f80e9951] +2016-11-29 Todd C. Miller -2016-05-31 Todd C. Miller + * NEWS: + fix typo + [92ea657a87f5] - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: - Allow double-quoted groups and netgroups to be part of a Defaults - spec. From Daniel Kopecek. - [cfa26b99228f] + * plugins/sudoers/sudoers.c: + Fix the "all" setting for verifypw and listpw; nopass would never be + true even if all the user's entries had the NOPASSWD tag. Regression + introduce in sudo 1.8.17. Bug #762 + [c672e3ebfbe2] - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in: - The sudoers.ldap manual is installed in section 4 or 5, not 1m or 8. - Also fix the section for ldap.conf cross-references. - [eb1c0a2b84a1] +2016-11-28 Todd C. Miller - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in: - Fix copy pasta, "sudoNotAfter" not "sudoNotBefore". Add missing word - "order" in a sentence describing sudoOrder. - [653cb783f89b] + * plugins/sudoers/po/ca.mo, plugins/sudoers/po/cs.mo, + plugins/sudoers/po/cs.po, plugins/sudoers/po/da.mo, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/el.mo, plugins/sudoers/po/eo.mo, + plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/hr.mo, + plugins/sudoers/po/hr.po, plugins/sudoers/po/hu.mo, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/lt.mo, plugins/sudoers/po/nb.mo, + plugins/sudoers/po/nb.po, plugins/sudoers/po/nl.mo, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/ru.mo, plugins/sudoers/po/sk.mo, + plugins/sudoers/po/sl.mo, plugins/sudoers/po/sr.mo, + plugins/sudoers/po/tr.mo, plugins/sudoers/po/uk.mo, + plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.mo, + plugins/sudoers/po/zh_CN.po, po/cs.mo, po/cs.po, po/de.mo, po/de.po, + po/es.mo, po/es.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, + po/it.mo, po/it.po, po/ja.mo, po/ja.po, po/ko.mo, po/ko.po, + po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, po/pt_BR.po, + po/tr.mo, po/tr.po, po/uk.mo, po/uk.po, po/zh_CN.mo, po/zh_CN.po: + sync with translationproject.org + [8a4ab570d132] - * plugins/sudoers/sssd.c: - For sudo -ll (long list) print the SSSD role just like we do for the - LDAP backend. Adapted from sudo-1.8.6p3-sssdrulenames.patch - [46f962b1f3ef] +2016-11-25 Todd C. Miller - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Setting timestamp_timeout less than zero only lasts until the next - reboot. Adapted from a RedHat patch. - [f8ce1dfebfe9] + * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c, src/openbsd.c: + Just use malloc_options "S" on OpenBSD instead of "AFGJPR". + [2851cd2da1c7] - * po/it.mo, po/it.po, po/nb.mo, po/nb.po: - sync with translationproject.org - [31b55426358b] +2016-11-22 Todd C. Miller -2016-05-25 Todd C. Miller + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + Update year in license + [e370bf3d1035] - * src/conversation.c: - fputs() is now specified as returning non-negative on success, not - explicitly zero. Fixes a failure on glibc. - [55f8a25d4af4] +2016-11-21 Todd C. Miller - * src/conversation.c: - Don't try to dereference replies[] if it is a NULL pointer. - [c4fdd838f2f5] + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [d524f0306467] - * plugins/sudoers/policy.c: - sudo_version should be unsigned - [7719d425c65a] + * doc/sudo.conf.cat, doc/sudoers.ldap.cat, doc/sudoreplay.cat: + regen + [185328ea20c3] - * plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po, - plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, - plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, - plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, - plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/ca.mo, - po/ca.po, po/cs.mo, po/cs.po, po/da.mo, po/da.po, po/de.mo, - po/de.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/ja.mo, - po/ja.po, po/pl.mo, po/pl.po, po/sk.mo, po/sk.po, po/sv.mo, - po/sv.po, po/uk.mo, po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, - po/zh_CN.po: - sync with translationproject.org - [e40cdc972d19] + * include/sudo_debug.h, lib/util/sudo_debug.c, + plugins/sudoers/iolog.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_debug.c, + plugins/sudoers/visudo.c, src/sudo.c: + Add SUDO_DEBUG_INSTANCE_ERROR return value for sudo_debug_register() + and check for it in places where we check the return value of + sudo_debug_register(). + [d1e74c5f21a6] - * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/ko.mo, - plugins/sudoers/po/ko.po, po/ko.mo, po/ko.po: - Korean translation for sudo and sudoers from translationproject.org. - [188ffbed5bf2] +2016-11-20 Todd C. Miller - * NEWS, plugins/sudoers/auth/pam.c: - Ignore PAM_SESSION_ERR from pam_open_session() since this can - apparently happen on systems using Solaris-derived PAM. Other errors - from pam_open_session() are treated as fatal. This avoids the - "policy plugin failed session initialization" error message seen on - some systems. - [0f7f3e7ead21] + * NEWS: + update for 1.8.19 + [b248866c511d] -2016-05-24 Todd C. Miller +2016-11-17 Todd C. Miller - * NEWS, src/exec_pty.c: - Don't read from stdin when flushing final buffers in blocking mode. - Reading from the pipe can block too if the other end is not closed. - [a651f913a1ef] + * config.h.in, configure, configure.ac, plugins/sudoers/getspwuid.c: + Add support for getpwnam_shadow() on OpenBSD + [4db7ed374c33] -2016-05-23 Todd C. Miller + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, plugins/sudoers/policy.c, src/sudo.c: + Add umask to user_info passed in from the front end to the plugin. + [4a4eee52a717] - * NEWS: - Mention visudo -x change. - [2fd35df055b2] + * plugins/sudoers/auth/rfc1938.c: + Fix sign compare warning. + [8732d632cbff] - * plugins/sudoers/regress/sudoers/test1.json.ok, - plugins/sudoers/regress/sudoers/test14.json.ok, - plugins/sudoers/regress/sudoers/test15.json.ok, - plugins/sudoers/regress/sudoers/test16.json.ok, - plugins/sudoers/regress/sudoers/test2.json.ok, - plugins/sudoers/visudo_json.c: - There's no need to escape forward slashes in JSON output. While it - is legal to escape a forward slash, it is not required. - [044710f516a9] + * MANIFEST, aclocal.m4, configure, configure.ac, m4/ax_append_flag.m4, + m4/sudo.m4: + Use AX_APPEND_FLAG instead of SUDO_APPEND_CPPFLAGS and direct + modification of LDFLAGS. + [c1464dcd45e0] - * doc/UPGRADE: - Document that in 1.8.12 sudo started being able to check the NIS - domain on Solaris. - [bced94478c0e] + * MANIFEST, configure, configure.ac, plugins/sudoers/aixcrypt.exp: + Remove aixcrypt.exp, it was a remnant of the 90's crypto wars where + crypt() was not exported. + [785d57666d41] -2016-05-20 Todd C. Miller + * doc/TROUBLESHOOTING: + Remove obsolete solaris issue with snprintf + [3ce6cc899026] - * NEWS: - Better description of the I/O logging pipe issue. - [6eee2f8a1fae] + * INSTALL: + SunOS 4.x is no longer supported + [2239eb30ff2c] - * src/exec_pty.c: - In del_io_events(), avoid reading from the pty master in blocking - mode. We now do two passes, one with SUDO_EVLOOP_NONBLOCK and - another that could block if stdin is a pipe. This ensures we consume - the pipe until EOF. - [564ae2b4c305] +2016-11-16 Todd C. Miller - * lib/util/event.c: - Improve debug info in sudo_ev_add() and sudo_ev_del() - [ca839439ff22] + * lib/util/regress/sudo_conf/test1.in, lib/util/sudo_conf.c: + Plug memory leak when a particular Path is set more than once. + [debc97dac01d] - * src/exec_pty.c: - In pty_close(), call del_io_events with the SUDO_EVLOOP_ONCE flag so - the event loop will exit after a single run through. Otherwise, we - may hang at exit on non-BSD systems. - [e6c38d5a341b] + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Add sudo_ldap_is_negated() and sudo_ldap_is_negated() functions and + use them to parse negated entries instead of doing it manually. + [12010b64afe5] -2016-05-18 Todd C. Miller + * plugins/sudoers/ldap.c: + Fix printing of sudoedit_follow in "sudo -l" + [2094a8f880c4] - * po/sudo.pot: - regen - [18a4570be506] + * plugins/sudoers/sssd.c: + For "sudo -l" print sudoOption sudoedit_follow as FOLLOW. + [9c860b1fa721] -2016-05-17 Todd C. Miller + * config.h.in, configure, configure.ac, include/sudo_conf.h, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_conf/test1.out.ok, lib/util/sudo_conf.c, + lib/util/util.exp.in, plugins/sudoers/policy.c, src/exec_common.c, + src/load_plugins.c, src/parse_args.c: + Always define _PATH_SUDO_NOEXEC, _PATH_SUDO_SESH, + _PATH_SUDO_PLUGIN_DIR, even if only defined to NULL. This means the + accessors can always be present. - * src/exec_pty.c: - Bump I/O buffer size to 64K. We don't use PIPE_BUF or _PC_PIPE_BUF - for this because that corresponds to the value for atomic pipe - writes. The actual pipe buffer is much larger on modern systems and - 64K is what BSD and Linux support for large pipe buffers. - [3b5d995966ef] + Use RTLD_PRELOAD_VAR instead of _PATH_SUDO_NOEXEC to tell when + noexec is available. - * NEWS: - I/O logging bug fix - [934d755ac12c] + Add ENABLE_SUDO_PLUGIN_API and use it instead of + _PATH_SUDO_PLUGIN_DIR to tell when the plugin API is available. - * src/exec_pty.c: - Don't use SUDO_EVLOOP_NONBLOCK when flushing buffers at pty close - time, only when the user suspends sudo. Fixes a problem where all - buffers might not get flushed at exit when logging I/O. Reproducible - via "sudo tar cf - foo | (cd /tmp && sudo tar xf -)" on OpenBSD. - [bbe0e18739ec] + Add sudo_conf_clear_paths() to clear the path values so the regress + tests are not affected by compile-time settings. + [2b05e4a143d9] -2016-05-16 Todd C. Miller + * plugins/sudoers/ldap.c: + Use readline() in sudo_ldap_read_secret() + [3f0506e5cbe3] - * plugins/sudoers/visudo_json.c: - Don't try to fflush(export_fp) or ferror(export_fp) if export_fp is - NULL, which can happen on the error path. - [ccfb4dd260fa] +2016-11-15 Todd C. Miller - * plugins/sudoers/sudoers.c, src/exec.c, src/exec_pty.c, src/sudo.c, - src/tgetpass.c: - O_NOCTTY has no effect when opening /dev/tty as the open can only - succeed if there is already a controlling tty. - [9ca106c499b2] + * lib/util/sudo_conf.c: + Get rid of struct sudo_conf_paths and just use #defined index values + to access the path values. Make all accessors available even when + the feature is not enabled. + [58d1ec6170a8] - * src/sudo.c: - Do not need to open /dev/tty with O_NONBLOCK, it doesn't block on - first open like a physical terminal. By definition, if you have a - controlling tty, the first open (which might block) has already - occurred. - [15a5f006836a] + * configure, configure.ac, lib/util/Makefile.in, lib/zlib/Makefile.in, + mkdep.pl, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in: + Add ASAN_CFLAGS and ASAN_LDFLAGS and use -Wc prefix in ASAN_LDFLAGS + to prevent libtool from strippign them out. Avoid using ASAN flags + when building sudo_noexec.so. + [9644dd92e586] - * src/selinux.c: - Use O_NOCTTY when opening a tty. - [5f9fd6458be4] +2016-11-14 Todd C. Miller - * src/Makefile.in: - regen - [105ef4533724] + * configure, configure.ac: + Disable noexec for HP-UX 10.x which probably doesn't support + LD_PRELOAD + [d87bc5ea4688] - * plugins/sudoers/auth/sudo_auth.c: - No need to set pass to NULL after freeing at the end of the loop it - since it is already set to NULL each time through the loop. - [2657b0b4260d] + * config.h.in, configure, configure.ac, plugins/sudoers/getspwuid.c: + Remove SunOS 4 support, it is not modern enough to run sudo. + [b6e15f8360b6] -2016-05-14 Todd C. Miller + * config.h.in, configure, configure.ac, plugins/sudoers/getspwuid.c: + Remove HP-UX 9 support, it is not modern enough for sudo. + [226dda48c1e1] - * NEWS: - SELinux fixes in 1.8.17. - [f743cf0d9c62] + * config.h.in, configure, configure.ac, plugins/sudoers/auth/passwd.c, + plugins/sudoers/getspwuid.c: + Remove Ultrix support, modern sudo can't run on Ultrix anyway. + [95a11ef29a2b] - * plugins/sudoers/logging.h, plugins/sudoers/logwrap.c: - Check fprintf() return value in writeln_wrap() and return the number - of characters actually written, or -1 on error. - [4739e0f58fa3] + * MANIFEST, configure, configure.ac, lib/util/sudo_conf.c, + src/Makefile.in, src/exec_common.c, + src/regress/noexec/check_noexec.c, src/sudo_exec.h: + Add regress for noexec functionality + [2cadd8e04677] - * src/conversation.c: - Check fputs() return value. - [e85778cbe0e3] + * src/Makefile.in: + Unbreak sudo_noexec on macOS where shared libraries and dynamic + modules are different. We still want to install sudo_noexec.so + without the "lib" prefix so some hackery is required. + [93d7b69491a1] - * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - Do not write directly to stdout/stderr, use sudo_printf which calls - the conversation function. - [e86d5ed4dca7] + * configure, configure.ac: + Don't enable noexec for AIX 5.0-5.2, we need 5.3 and above. + [92cad0180239] - * plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, - plugins/sudoers/auth/pam.c, plugins/sudoers/auth/securid5.c: - Do not write directly to stdout/stderr, use sudo_printf which calls - the conversation function. - [002a30fdb4e0] +2016-11-13 Todd C. Miller - * plugins/sudoers/iolog.c, plugins/sudoers/visudo_json.c: - Use ferror() after fflush() to check the error status of the stdio - stream we wrote to. - [fa1db13fe9ac] + * src/Makefile.in: + Need to link sudo_noexec.so with -ldl for dlsym() on some platforms. + Otherwise, the wordexp(3) wrapper will fail due to an undefined + symbol. Bug #761 + [120a317ce25b] -2016-05-13 Todd C. Miller + * plugins/sudoers/visudo.c: + In strict mode, go to the file/line with an undefined aliases or + aliases cycle directly. + [b4f51b79bd9e] - * plugins/sudoers/parse.c: - printf() returns < 0 on error, not explicitly -1 - [2a2385b941de] +2016-11-12 Todd C. Miller - * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat, - doc/sudoers.ldap.cat, doc/sudoreplay.cat, doc/visudo.cat: - Regen for 1.8.17 - [e24b0f944000] + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, + plugins/sudoers/alias.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/parse.h, + plugins/sudoers/regress/visudo/test2.err.ok, + plugins/sudoers/regress/visudo/test3.err.ok, + plugins/sudoers/visudo.c: + Store the file/lineno for alias and userspec entries so we can + provide that info if there is an error. + [7deb4e41ca7b] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Document that you need to preserve EDITOR and/or VISUAL for - env_editor to be useful. - [ef0ce8917307] +2016-11-11 Todd C. Miller - * src/selinux.c: - Fix last commit, now that argc is not reset we need to explicitly - start the copy from argv[1]. From Daniel Kopecek - [f52403ef587a] + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/rcstr.c, + plugins/sudoers/sudoers.h, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/visudo.c, + plugins/sudoers/visudo_json.c: + Add simple reference-counted string allocator and use it for passing + around references to the sudoers path. This lets us avoid making + copies of the sudoers path for the errorfile as well as each + Defaults entry. + [afcff7b5b647] -2016-05-12 Todd C. Miller + * lib/util/sha2.c: + Cast len from size_t to uint64_t before bit shifting since we are + adding to count which is also uint64_t. Quiets a PVS-Studio warning. + [167210670b30] - * src/selinux.c: - cosmetic change to warning string - [a2893e3f9b70] +2016-11-10 Todd C. Miller - * plugins/sudoers/auth/pam.c: - Avoid adding an extraneous warning string to sudoers.pot. - [6b07043b48f7] + * MANIFEST, plugins/sudoers/regress/visudo/test7.out.ok, + plugins/sudoers/regress/visudo/test7.sh, + plugins/sudoers/regress/visudo/test8.err.ok, + plugins/sudoers/regress/visudo/test8.out.ok, + plugins/sudoers/regress/visudo/test8.sh: + Add checks for sudoers_locale early Defaults + [582c08c9418c] - * lib/util/snprintf.c: - Use EOVERFLOW, not ENOMEM for overflow conditions. For snprintf() - and vsnprintf(), POSIX says we should return -1 and set errno to - EOVERFLOW if the size param is > INT_MAX; also zero out the string - in this case (not mandated by POSIX) for safety. - [294720fc981a] + * src/parse_args.c, src/sudo.c, src/sudo.h: + Add the argument vector allocated for -s and -i mode to the garbage + collector list. Avoids an ASAN warning on exit when the -s or -i + flags are used. + [652691a5216b] -2016-05-11 Todd C. Miller +2016-11-09 Todd C. Miller - * plugins/sudoers/auth/pam.c: - Now that pam_open_session() failure is fatal we should print and log - an error from it. Bug #744 - [0e98a92ef910] + * plugins/sudoers/iolog.c: + add missing sudo_pw_delref/sudo_gr_delref to plug memory leak + [c4ba4c26e0c1] - * src/selinux.c: - Repair SELinux support, broken by 397722cdd7ec. From Daniel Kopecek. - [1246583c7c1f] + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, + plugins/sudoers/regress/parser/check_fill.c, plugins/sudoers/sssd.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + plugins/sudoers/visudo_json.c: + Go back to parsing Defaults entries in update_defaults instead of as + sudoers is read. Otherwise, we cannot properly support early + defaults like sudoers_locale. + [ff1328a86b97] - * plugins/sudoers/iolog.c, plugins/sudoers/pwutil.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: - Remove sudo_mkpwcache() and sudo_mkgrcache(). We now create the - caches as needed on demand. Also remove calls to sudo_freepwcache() - and sudo_freegrcache() that are immediately followed by execve(), - they are not needed. - [60448afe813d] + * mkpkg: + Use expr instead of POSIX sh numerical expression to avoid a syntax + error on older shells. + [638383bb40d5] - * plugins/sudoers/iolog.c, plugins/sudoers/logging.c, - plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, - plugins/sudoers/visudo.c: - Eliminate use of setpwent()/endpwent() and setgrent()/endgrent(). - Sudo never iterates over the passwd or group file. Rename - sudo_set{pw,gr}ent() -> sudo_mk{pw,gr}cache() and use - sudo_free{pw,gr}cache() instead of sudo_end{pw,gr}ent(). - [66e6f5e7b51b] +2016-11-08 Todd C. Miller -2016-05-10 Todd C. Miller + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, include/sudo_plugin.h: + Bump plugin minor version to 10 for sudo_mode, sudo_group and + sudo_user. + [0c65dc1f2874] - * plugins/sudoers/parse.h: - Remove unnecessary NULL checks in the RUNAS_CHANGED macro. The only - place where the pointers could be NULL is in visudo_json.c but we - already check for "next" being NULL there. Quiets a cppcheck - warning. - [a0d84832c154] + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Fix a bug in host matching where a negated sudoHost entry would + prevent other sudoHosts following it from matching. + [40cbd5790106] -2016-05-09 Todd C. Miller + * plugins/sudoers/defaults.c: + Zero out sd_un before calling parse_default() so we don't try to + free stack garbage in the ldap/sssd backends. + [6b64a8e3a19d] - * plugins/sudoers/sudoreplay.c: - In replay_session() free iov at the end of the function (if needed) - instead of after processing each line from the timing file. Coverity - CID 104843. - [5112f514af87] +2016-11-07 Todd C. Miller - * plugins/sudoers/sudoreplay.c: - Add io_log_read() and io_log_gets() to hide differences between - gzread/fread and gzgets/fgets. Check for premature EOF and error - from io_log_read(). Also sanity check the index in the timing file. - Coverity CID 104630. - [6a3b9932f567] + * plugins/sudoers/ldap.c: + Use "ret", not "rc" for the function return value. + [fdfe637adee6] - * src/exec_pty.c: - Break up io_callback() into read_callback() and write_callback() to - make it clear that we can't get an event with both read and write - set. - [cd3a1e182dd4] + * include/sudo_compat.h, lib/util/strtomode.c, + plugins/sudoers/defaults.c, plugins/sudoers/goodpath.c, + plugins/sudoers/logging.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c, + plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c, src/sudo_edit.c: + Use sys/stat.h defines instead of bare octal values. + [215c80e09830] -2016-05-07 Todd C. Miller + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, plugins/sudoers/iolog.c, + plugins/sudoers/policy.c: + Pass iolog mode, group and user from policy plugin to I/O log + plugin. + [1ed4967771c8] - * src/exec_pty.c: - In io_callback() make sure we clear SUDO_EV_READ if we close the fd. - It should not be possible for SUDO_EV_READ to be set when revent is - non-NULL but this makes static analyzers happier. Coverity CID - 104124. - [7acc249fa098] +2016-11-06 Todd C. Miller - * plugins/sudoers/ldap.c: - In sudo_krb5_copy_cc_file() move the close(ofd) to the done: label - so we only have to cleanup in one place. Coverity CID 104577. - [0f189e70c59d] + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/ldap.c, plugins/sudoers/parse.h, + plugins/sudoers/regress/parser/check_fill.c, plugins/sudoers/sssd.c: + Instead of parsing sudoers Defaults twice, parse once while reading + sudoers and then just set the parsed value in update_defaults(). + [370d51681c6e] - * plugins/sudoers/ldap.c: - Fix memory leak in sudo_netgroup_lookup() in the non-error case. - Coverity CID 104572, 104573, 104574, 104575. - [7f9fb7a360b7] + * plugins/sudoers/defaults.c: + Use "struct defaults *d" instead of "struct defaults *def" + throughout for consistency and to avoid confusino with "struct + def_values *def". Use "str" not "var" for the string argument to + convert and store in sd_un for the store_* functions. + [5cc3efc609df] - * plugins/sudoers/ldap.c: - Fix fd leak in sudo_krb5_copy_cc_file() if restore_perms() fails. - Coverity CID 104571. - [d9434cdfb73c] + * plugins/sudoers/parse.c: + In display_bound_defaults() rename dtype arg -> deftype. + [b3323960e1db] - * plugins/sudoers/sudoreplay.c: - Free the events and event base before returning from - replay_session(). Coverity CID 104116, 104117. - [321216089e4a] +2016-11-03 Todd C. Miller - * src/sudo_edit.c: - In sudo_edit_create_tfiles(), fix fd leak if sudo_edit_mktemp() - fails. Coverity CID 104114. - [713de09ff956] + * lib/util/regress/sudo_conf/test4.err.ok, + lib/util/regress/sudo_conf/test5.err.ok, + plugins/sudoers/regress/visudo/test2.err.ok, + plugins/sudoers/regress/visudo/test3.err.ok: + Update error output to match quoting changes. + [27bbf5004d1e] - * src/sudo_edit.c: - Fix fd leak in sudo_edit_open_nonwritable() if dir_is_writable() - returns an error. Coverity CID 104113. - [314a57004f00] + * plugins/sudoers/defaults.c: + Avoid passing in a struct sudo_defs_types pointer to the store + functions. Pass in a pointer to the union to fill instead. + [ea956d00aae3] - * src/sudo_edit.c: - Fix memory leak of sesh_args in selinux_edit_copy_tfiles(). Coverity - CID 104112. - [ac7f0cbd07c9] + * plugins/sudoers/defaults.h: + no longer need struct defaults forward referebce + [21e34ca85de5] - * plugins/sudoers/visudo.c: - Fix memory leak in get_editor() if resolve_editor() fails with an - error. Coverity CID 104107. - [e355b1f45bcb] +2016-11-02 Todd C. Miller - * src/sudo.c: - Fix memory leak on error if sudo_new_key_val() fails. Coverity CID - 104103. - [c2ee1557aef2] + * lib/util/sudo_conf.c, plugins/sudoers/alias.c, + plugins/sudoers/defaults.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, + plugins/sudoers/visudo_json.c, src/load_plugins.c: + Use "double quotes" in messages instead of a combination of the + accent (grave) mark and apostrophe. + [10dee3ecf3e1] - * plugins/sudoers/visudo.c: - Ignore the return value of the initial sudoersparse(), before we - have actually edited any files. Coverity CID 104078. - [184d9c6aec65] + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Add file:linenumber prefix to all Defaults warnings so we can see + them when running sudo too. For LDAP/SSSD we print the sudoRole + instead of the file name and omit the line number. + [5c6b95cd3792] - * src/exec.c: - Ignore the result of send() on exec error, if it fails the other end - of the pipe is gone and we are headed for exit. Coverity CID 104066. - [cdcd7dfcbca1] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Use sudoedit in examples instead of "sudo vi" + [6008c208682c] - * plugins/sudoers/toke_util.c: - In fill_args() clean up properly if there is an internal overflow - (which should not be possible). Coverity CID 104569. - [0bc710e91ec4] +2016-11-01 Todd C. Miller - * plugins/sudoers/gc.c: - Fix logic inversion in sudoers_gc_remove(), currently unused. - Coverity CID 104568 - [e29df8da11ea] + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + plugins/sudoers/visudo_json.c: + Only treat an unknown Defaults entry as a parse error in visudo, not + in sudo itself. + [8d8aa7ac5a32] -2016-05-06 Todd C. Miller + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/visudo.c: + Instead of checking Defaults values after the fact, check them at + sudoers parse time. This makes it possible to display the file and + line number with the problem and for visudo to go right to the + error. + [ac66bd690d05] - * plugins/sudoers/iolog.c: - In io_mkdirs(), change the order from stat then mkdir, to mkdir then - stat. This more closely matches what "mkdir -p" does. Coverity CID - 104120. - [e462528ff7ea] + * plugins/sudoers/alias.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/parse.h: + Refactor freeing of a member_list into free_members(). + [d29daa01bb9c] - * plugins/sudoers/timestamp.c: - In ts_mkdirs(), change the order from stat then mkdir, to mkdir then - stat. This more closely matches what "mkdir -p" does. Coverity CID - 104119. - [c0c0e2662883] + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + add_defaults() now calls sudoerserror() itself instead of the caller + assuming any error means out of member. + [a25e51321e0b] - * plugins/sudoers/sudoers.c: - Newer versions of Ubuntu have switched from using the "admin" group - to the "sudo" group to align with Debian. - create_admin_success_flag() now accepts either one. - https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1387347 - [17b4d725dac4] + * plugins/sudoers/defaults.c, plugins/sudoers/mkdir_parents.c: + s/rval/ret/g -- old habits die hard + [fa55d08b233a] - * plugins/sudoers/timestamp.c: - Cast off_t printed via printf(3) instead of assuming it is long - long. - [b1d398f4a8dc] +2016-10-31 Todd C. Miller * plugins/sudoers/sudoers.c: - Instead of using stat(2) to see if the admin flag file exists and - creating it if not, just try to create the file and treat EEXIST as - a non-error. Coverity CID 104121. - [bd58b0a35a3c] - - * MANIFEST, plugins/sample/README: - README file for the sample plugin that tells the user how to build, - install and enable it. - [8d7096ce78cc] + Remove inaccurate XXX comment, sudo_file_parse() sends mail on parse + error. + [052b0e112839] - * plugins/sample/sample_plugin.c: - Fix compilation error and export sample_policy struct. From Michael - Evans - [5280c1576e7f] + * plugins/sudoers/visudo.c: + The fix for Bug #408 broke editing of files in an include dir that + have a syntax error. Normally, visudo does not edit those files, but + if a syntax error is detected in one, the user gets a chance to fix + it. + [6b00f9bfff31] - * NEWS: - Update for 1.8.17 - [979688a5ef13] + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, + plugins/sudoers/visudo_json.c: + Make a copy of the current sudoers path when assigning errorfile. + Fixes a potential use after free in visudo when there is an error in + one of the include files. + [eb6db5d15b61] - * configure, configure.ac: - Sudo 1.8.17 - [09311b2e9697] + * plugins/sudoers/sudoers_debug.c: + sudoers_debug_register() was not setting the active debug instance + to sudoers_debug_instance when called from the I/O log plugin. This + is because it relied on sudo_debug_register to do that but + sudoers_debug_parse_flags() doesn't set debug_files[] + sudoers_debug_instance is already set (we can only init sudoers + debug once). - * plugins/sudoers/logging.c: - Check return value of restore_perms() in vlog_warning(). Coverity - CID 104079. - [86555dd0942d] + To work around this, just make sudoers_debug_instance the active + debug instance in sudoers_debug_register() when it is already set. + [71b0221c8c28] - * plugins/sudoers/editor.c: - Fix memory leaks in resolve_editor() in the error path. Coverity CID - 104109, 104110 - [6ac3f7e3ada9] + * src/load_plugins.c: + Fix pasto when setting I/O plugin debug files + [03c3aab22e65] - * plugins/sudoers/policy.c: - Fix memory leak of gid_list in sudoers_policy_exec_setup() in the - error path. Coverity CID 104111. - [eac1e9489367] + * plugins/sudoers/iolog.c: + use cp instead of *cur when comparing against plugin_path + [f2dfe69549f5] - * plugins/sudoers/logging.c: - Fix fd leak in do_logfile() if we fail to lock the log file. - Coverity CID 104115. - [164a693207a8] +2016-10-30 Todd C. Miller - * plugins/sudoers/sssd.c: - Fix memory leak of sss_result in sudo_sss_lookup() Coverity CID - 104106 - [7dcee1e6d76f] + * plugins/sudoers/mkdir_parents.c: + In sudo_mkdir_parents() inherit the gid of / instead of using gid 0 + for the first component. + [5f2bf33bccb5] * plugins/sudoers/iolog.c: - Fix fd leak in open_io_fd() if gzdopen/fdopen fails. Coverity CID - 104105 - [c4c2848c1167] + We want to inherit the gid from the parent directory when not + setting permissions on intermerdiate directories. + [845f5a20b5fa] - * plugins/sudoers/iolog.c: - Fix fd leak in io_nextid() in error path. Coverity CID 104104 - [8920cdaab5bd] +2016-10-29 Todd C. Miller -2016-05-05 Todd C. Miller + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c, + plugins/sudoers/mkdir_parents.c, plugins/sudoers/sudoers.h, + plugins/sudoers/timestamp.c: + Move io_mkdir_parents() to its own file and use it in ts_mkdirs(). + [c1d55f588a60] - * plugins/sudoers/timestamp.c: - Check lseek() return value. Coverity CID 104061. - [bf3bb4c80cfc] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Make the I/O log file/dir permissions and owner configurable. + [e7a74f3dfa56] - * plugins/sudoers/timestamp.c: - Ignore ts_write() return value when disabling an entry with a bogus - timestamp. We ignore the timestamp entry even it doesn't succeed. - Coverity CID 104062. - [5e5925ebbc75] + * lib/util/Makefile.in, mkdep.pl: + Add vsyslog.lo + [18362a9ae32e] - * plugins/sudoers/iolog.c, plugins/sudoers/match.c, - plugins/sudoers/tsgetgrpw.c, src/exec.c, src/exec_pty.c, src/sudo.c: - Cast the return value of fcntl() to void when setting FD_CLOEXEC. - Coverity CID 104063, 104064, 104069, 104070, 104071, 104072, 104073, - 104074 - [48720d2f6658] + * configure, configure.ac: + sudo 1.8.19 + [97743604e6e3] - * plugins/group_file/getgrent.c: - Cast the return value of fcntl() to void when setting FD_CLOEXEC. - Coverity CID 104075, 104076, 104077. - [7fe1d9f97321] +2016-10-28 Todd C. Miller - * plugins/sudoers/env.c: - Avoid a false positive. Coverity CID 104056. - [0256978219a6] + * plugins/sudoers/defaults.c: + Don't try to syntax check an unrecognized Defaults value in visudo. + [e4972655b5d3] - * plugins/sudoers/visudo_json.c: - Avoid calling fclose(NULL) on error in export_sudoers(). Coverity - CID 104091. - [2f73d86ab929] +2016-10-26 Todd C. Miller - * plugins/sudoers/toke_util.c: - In fill_args(), check for "arg_size == 0" instead of - "sudoerslval.command.args == NULL" since the latter leads Coverity - to imply that sudoerslval.command.args could be NULL later on. - Coverity CID 104093. - [bab505438881] + * plugins/sudoers/iolog.c: + Create I/O log files with the same gid as the parent directory. + [0da5824e006d] - * plugins/sudoers/sudoers.c: - Avoid calling fclose(NULL) if the sudoers file is not secure and - restore_perms() fails. Coverity CID 104090. - [150db126c221] + * plugins/sudoers/ldap.c: + Check for sudo_ldap_result_last_search() returning NULL. This can't + happen in practice because we always call + sudo_ldap_result_add_search() first which guarantees there is a + result to be found. Quiets a PVS-Studio warning. + [4f6074f40fbc] -2016-05-04 Todd C. Miller + * src/exec_pty.c: + Quiet a PVS-Studio warning about the spin loop when waiting for the + parent to assign us the terminal pgrp. + [d063a283477b] - * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c: - In fill_args(), replace loop that increments arg_size() with a - simple add and mask. Should prevent a false positive from Coverity - CID 104094. - [411c7e398286] + * plugins/sudoers/env.c: + Fix incorrect strncmp() lengths. The check for USERNAME was only + looking at the first 5 characters (copy and paste error). The check + for SUDO_PS1 was not checking the trailing '=' character (off by one + error). Found by PVS-Studio. + [297380eb6940] - * plugins/sudoers/sudoreplay.c: - In parse_expr(), move the "bad" label after the "default" case in - the switch(), not before it. This seemed to confuse Covertity, - resulting in a false positive, CID 104095. - [4371f26995fb] + * plugins/sudoers/env.c: + When checking for old-style bash functions in the environment, check + for values starting with "() " (note the trailing space) rather than + "()". Bash will only treat the value as a function if the space + after "()" is present. The trailing space was already present in the + compare string but when it was added, the length passed to strncmp() + was not updated from 3 to 4. Found by PVS-Studio. No security + impact. + [7e35f39d356b] - * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: - For "sudoreplay -l", not all predicates may be shortened to a single - character. Both 'c' and 't' have more than one possibility. - [29a5a9a313e2] + * plugins/sudoers/set_perms.c: + Add some missing casts from uid_t/gid_t to int when printing uid/gid + values. We print these as signed so a value of -1 (no change) is + obvious. Quiets PVS-Studio warnings. + [9773e5b166e1] - * src/exec.c, src/exec_pty.c, src/sudo.c: - pid_t is defined by POSIX as a signed integer type so we don't need - a cast when comparing to -1. - [98f0a86260a0] + * plugins/sudoers/timestamp.c: + def_timestamp_timeout is a double so compare against 0.0 not 0 to + avoid making it appear to be an integer type. + [8675db470ab7] - * src/exec.c: - In dispatch_signal() for stopped processes check for tcgetpgrp() - returning -1. Also change checks from "saved_pgrp != -1" to "fd != - -1". Coverity CID 104098. - [42ac4ad85900] + * plugins/sudoers/defaults.c: + When checking syslog facility or priority, move the string compare + into the body of the loop and return if it matches. If we finish the + loop it means we didn't find a match. This makes the code a little + bit more readable. + [d1df1649a01e] - * src/selinux.c: - In relabel_tty() always jump to bad: on error, regardless of the - value of se_state.enforcing. On error, return -1 if enforcing, else - 0. Coverity CID 104099. - [db1a54d718f1] + * lib/util/strlcpy.c, lib/util/strnlen.c, plugins/sudoers/defaults.c, + plugins/sudoers/env.c, plugins/sudoers/logging.c, + plugins/sudoers/visudo_json.c, src/env_hooks.c, src/exec_pty.c: + Replace bare ";" in the body of for() loops with "continue;" for + improved readability. + [92eff8dbe5f8] - * config.h.in, configure.ac: - Define NO_LEAKS when sudo is built with Coverity. - [f4209b9ade8c] - - * src/exec_pty.c: - In io_callback() if we write the complete buffer and find that there - is no associated reader just return as there is nothing else to be - done. In practice is it not possible for SUDO_EV_READ to be set if - revent is NULL but an early return is harmless and possibly easier - to understand. Coverity CID 104124. - [3b3eb45b701e] - - * src/sudo_edit.c: - Handle read() returning -1 when creating temporary files. Coverity - CID 104100 - [e82af51e4f48] - - * plugins/sudoers/policy.c: - Fix cut and paste error when checking cols for 0. Coverity CID - 104081 - [22a3b7d9bce1] +2016-10-21 Todd C. Miller - * plugins/sudoers/pwutil.c: - Use a single debug message for cache hit or store to avoid another - situation where they get out of sync. Bug #743 - [4cf484e9b016] + * config.guess, config.sub: + Update from http://git.savannah.gnu.org/gitweb/?p=config.git + [86e6144dfdd7] - * plugins/sudoers/pwutil.c: - Sync the "cache hit" debug messages with the "cached" debug - messages. This fixes a bug where we could dereference a NULL pointer - when we look up a negative cached entry which is stored as a NULL - passwd or group struct pointer. Bug #743. - [1d13341d53ec] + * config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4, + m4/ltoptions.m4, m4/ltsugar.m4, m4/ltversion.m4, m4/lt~obsolete.m4: + Update to libtool 2.4.6 + [8d85d9e8687b] -2016-04-28 Todd C. Miller +2016-10-19 Todd C. Miller - * configure, configure.ac: - Remove the check for __sprintf_chk when checking for - _FORTIFY_SOURCE, Some implementations are purely header-file based. - As long as we can link a test program using sprintf() when - _FORTIFY_SOURCE=2 it should be safe to use. - [910af8ba4666] + * lib/util/vsyslog.c: + Use a static buffer if possible. + [758ce6478994] - * config.h.in, configure, configure.ac: - Remove configure checks for dev_t, id_t, ino_t, ptrdiff_t, size_t - and ssize_t. These have been specified by either ANSI C or POSIX for - long enough that if the system doesn't support them, it is unlikely - to be able to compile sudo anyway. - [c9fd433cfe27] + * MANIFEST, configure, configure.ac, include/sudo_compat.h, + lib/util/vsyslog.c, plugins/sudoers/logging.c: + add vsyslog() for systems without it. + [c6457f333252] - * src/sudo.c: - Do group setup in policy_init_session() before calling out to the - plugin. This makes it possible for the pam_group module to change - the group in pam_setcred(). It's a bit bogus since pam_setcred() is - documented as not changing the group or user ID, but pam_group is - shipped with stock Linux-PAM so we need to support it. - [814cda602541] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + There are now 14 tag values, not 10. Don't bother mentioning the + number since it keeps increasing. Bug #759 + [17e4c900dc12] -2016-04-26 Todd C. Miller +2016-10-18 Todd C. Miller - * plugins/sudoers/logging.c: - Add missing newline when logging to a file (not syslog) and - loglinelen is set to a non-positive number. Bug #742 - [ef0a5428a574] + * config.h.in, configure, configure.ac, plugins/sudoers/logging.c: + Use vsyslog() if available. + [ea9b7a51eaec] -2016-04-25 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/logging.c: + Add syslog_maxlen to control the max size of syslog messages. + [5f9872d2073f] - * src/exec.c: - style fix; fork_cmnd should start on a new line - [e8211fe0f8d7] +2016-10-17 Todd C. Miller -2016-04-22 Todd C. Miller + * src/tgetpass.c: + Don't generate SIGTOU when restoring the terminal modes. It doen't + make sense to suspend the process only to restore the terminal + settings since in this case the shell has already taken ownership of + the tty. + [981c26f3fc8f] - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, plugins/sudoers/ldap.c, - plugins/sudoers/logging.c, src/signal.c, src/sudo.c, src/tgetpass.c: - Ignore SIGPIPE for the duration of sudo and not just in a few select - places. We have no control over what nss, PAM modules or sudo - plugins might do so ignoring SIGPIPE is safest. - [7c919101b8ec] + * plugins/sudoers/sudoreplay.c, src/exec_pty.c, src/tgetpass.c: + The flush parameter of sudo_term_restore() is bool, not int. + [c2597f1881f3] - * src/selinux.c: - Use string_to_security_class() instead of pulling SECCLASS_CHR_FILE - from flask.h. Avoids a warning with new SELinux includes. - [24f357b419c4] +2016-10-14 Todd C. Miller -2016-04-19 Todd C. Miller + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + Add wordexp() to the list of functions wrapped by sudo_noexec.so. + [2e847ce3f02f] - * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, - plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h: - When determining whether or not "sudo -l" or "sudo -b" should prompt - for a password, take all sudoers sources into account. In other - words, if both file and ldap sudoers sources are in use, "sudo -v" - will now require that all entries in both sources be have NOPASSWD - (file) or !authenticate (ldap) in the entries. - [51e2a5ecacc6] +2016-10-10 Todd C. Miller -2016-03-22 Todd C. Miller + * src/sudo_noexec.c: + Need RTLD_NEXT for wordexp() on dlopen() systems. It is missing on + AIX 5.1 at least. + [167a518d8129] - * plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/pam.c, - plugins/sudoers/auth/sudo_auth.h: - If the auth_type setting in /etc/security/login.cfg is set to - PAM_AUTH but pam_start() fails, fall back to use AIX authentication. - Skip the auth_type check if sudo is not compiled with PAM support. - [cdbe432c465c] + * src/sudo_noexec.c: + add missing guard around wordexp() + [7b8357b0a358] -2016-03-17 Todd C. Miller + * NEWS: + expand on 1.8.18p1 changes + [f560e06ad584] - * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: - The header for sudo.conf(5) should be SUDO.CONF(5) not SUDO(5). - [d3afd5bd550f] +2016-10-09 Todd C. Miller - * .hgtags: - Added tag SUDO_1_8_16 for changeset 6b4fbb23d67b - [8407163d6832] <1.8> + * NEWS, configure, configure.ac: + sudo 1.8.18p1 + [a36e17d1c5db] - * INSTALL, Makefile.in, NEWS, README, config.h.in, configure, - configure.ac, doc/CONTRIBUTORS, doc/sudo.cat, doc/sudo.man.in, - doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, - doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, - doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, - doc/visudo.man.in, lib/util/getgrouplist.c, mkpkg, - plugins/sudoers/Makefile.in, plugins/sudoers/env.c, - plugins/sudoers/iolog.c, plugins/sudoers/match.c, - plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, - plugins/sudoers/visudo.c, po/sudo.pot, src/Makefile.in, - src/exec_pty.c, src/load_plugins.c, src/sudo.c, src/ttyname.c: - Merge sudo 1.8.16 from trunk. - [6b4fbb23d67b] [SUDO_1_8_16] <1.8> + * config.h.in, configure, configure.ac, src/sudo_noexec.c: + Fix configure check for seccomp filter on Linux + [5d88d7cda853] -2016-03-16 Todd C. Miller +2016-10-08 Todd C. Miller - * plugins/sudoers/policy.c: - hook_version and hook_type are unsigned so use 0, not -1 in the - final (empty) entry. Quiets a warning on Solaris Studio 12.2. - [4947de8e35b7] + * config.h.in, configure, configure.ac, src/sudo_noexec.c: + Use a seccomp filter on Linux to disable execve(2) and execveat(2). + This still relies on LD_PRELOAD to work so it has the same issues as + the existing mether with respect to running 32-bit binaries on a + 64-bit kernel. + [59d76bdc0f0c] -2016-03-09 Todd C. Miller + * src/Makefile.in: + regen + [9e313cb0900b] - * NEWS, config.h.in, configure, configure.ac, - plugins/sudoers/auth/pam.c: - Work around an ambiguity in the PAM spec with respect to the - conversation function. It is not clear whether the "struct - pam_message **msg" is an array of pointers or a pointer to an array. - Linux-PAM and OpenPAM use an array of pointers while Solaris/HP- - UX/AIX uses a pointer to an array. Bug #726. - [d2b926e2f7d6] + * plugins/sudoers/Makefile.in: + regen + [5ca77049e5cd] -2016-03-08 Todd C. Miller +2016-10-05 Todd C. Miller - * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, - plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, - plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, - plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, - plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/eo.mo, - po/eo.po, po/it.mo, po/it.po, po/ja.mo, po/ja.po, po/ru.mo, - po/ru.po, po/sr.mo, po/sr.po: - sync with translationproject.org - [271c6738213d] + * aclocal.m4, config.h.in, configure, configure.ac, src/sudo_noexec.c: + Wrap wordexp(3) in sudo_noexec. + [e7d09243e51b] -2016-02-27 Todd C. Miller +2016-09-26 Todd C. Miller - * NEWS: - Bug #738 - [9e7974480cdc] + * plugins/sudoers/Makefile.in: + Clean .json files created by "make check" + [d214117fbda1] -2016-02-26 Todd C. Miller +2016-09-19 Todd C. Miller - * plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, po/nb.mo, - po/nb.po: - sync with translationproject.org - [6aa32f6e5240] + * po/ca.mo, po/da.mo, po/eo.mo, po/es.mo, po/eu.mo, po/fi.mo, + po/gl.mo, po/hr.mo, po/hu.mo, po/ko.mo, po/nl.mo, po/ru.mo, + po/sk.mo, po/sl.mo, po/sr.mo, po/tr.mo: + recompile .po files + [3d91cbf75744] - * lib/util/regress/fnmatch/fnm_test.in: - Better test for negated character classes. - [635e3c17bca1] + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Fix matching when no sudoRunAsUser is present in a sudoRole. If only + a sudoRunAsGroup is present, match on the invoking user if the -g + option was specified and the group matched. If no sudoRunAsGroup is + present and the -g option was specified, allow it if it matches the + passwd gid of the runas user. This matches the behavior of the + sudoers backend. + [e1a52c34da5e] - * lib/util/regress/fnmatch/fnm_test.in: - Add test for negated character class - [0d813e098864] + * plugins/sudoers/match.c: + runas_pw can no longer be NULL + [020c6ddcae11] - * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, - plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, - plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, - plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, - plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/cs.mo, - po/cs.po, po/de.mo, po/de.po, po/fr.mo, po/fr.po, po/pl.mo, - po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/uk.mo, po/uk.po, po/vi.mo, - po/vi.po, po/zh_CN.mo, po/zh_CN.po: - sync with translationproject.org - [9398ffdc7719] +2016-09-15 Todd C. Miller * NEWS: - sync - [a27a7d40491e] - - * lib/util/fnmatch.c: - Fix negation of character classes. - [aed07c013a41] + RunAsGroup without RunAsUser issues + [52d1547c9d3a] * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - Fix the check for whether a user is allowed to lists another user's - privileges. The "matched" variable is not boolean, it can also have - the value UNSPEC so we need to check explicitly for true. Bug #738 - [e8ed706fda03] - - * plugins/sudoers/auth/pam.c: - Log the number of PAM messages in the conversation function at debug - level. - [3f16eea5875f] - -2016-02-24 Todd C. Miller + user_matched and group_matched must be type int, not bool + [204d8de97a05] - * configure, configure.ac: - Don't check for posix_spawn() or posix_spawnp() if we were unable to - find spawn.h. This should only be a problem on systems with broken - headers. Bug #730 - [5e5b0646dca4] + * plugins/sudoers/ldap.c, plugins/sudoers/match.c, + plugins/sudoers/parse.h, plugins/sudoers/sssd.c: + Use RUNAS_USER_SPECIFIED and RUNAS_GROUP_SPECIFIED when deciding + whether to check runas user/group instead of checking runas_pw or + runas_gr. + [d17f223e8313] -2016-02-22 Todd C. Miller + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + When matching against runas_default use userpw_matches() instead of + just strcasecmp(). + [ce70077c5861] - * NEWS: - update for 1.8.16 - [bad5e6534f39] + * plugins/sudoers/testsudoers.c: + Set RUNAS_USER_SPECIFIED when -u is specified and/or + RUNAS_GROUP_SPECIFIED when -g is specified. + [fa7a1035a058] - * doc/CONTRIBUTORS, plugins/sudoers/sudoers2ldif: - Fix documented bug with duplicate role names and turn on perl - warnings. Based on a diff from Aaron Peschel - [344a1c1f5c93] + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Fix printing of the default runas user when a RunAsGroup is + specified but no RunAsUser is present. + [c05dabd194a1] -2016-02-20 Todd C. Miller + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Only match against runas_default if both sudoRunAsUser and + sudoRunAsGroup are missing. + [019084f428b2] - * lib/util/aix.c: - Add declaration of getauthdb() for AIX 5.1 - [f758960bcfd6] + * plugins/sudoers/match.c: + runas_pw can no longer be NULL here + [e73dcebafa15] -2016-02-19 Todd C. Miller + * plugins/sudoers/ldap.c, plugins/sudoers/match.c, + plugins/sudoers/parse.h, plugins/sudoers/sssd.c: + Update check for whether or not the runas user was set in the ldap + and sssd backends to match the sudoers file backend. Introduces the + runas_user_set() macro to improve readability. Previously, runas_pw + was set late, now it is set before checking sudoers. + [d8280d8a96c9] - * plugins/sudoers/po/sudoers.pot, po/sudo.pot: - regen - [e61e1241f15f] + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Document that negated sudoHosts are only supported by 1.8.18 and + higher. + [f56824fe61bc] - * plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, - plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po: - sync with translationproject.org - [2f3dea24199b] + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/testsudoers/test4.sh, + plugins/sudoers/regress/testsudoers/test5.sh: + Disable Address Sanitizer leak detection for tests which generate + parse errors. The parser leaks a bit on error. + [4b0ddb11df3a] - * INSTALL: - Add a note that --with-solaris-audit is only for Solaris 11 and - above. Bug #737 - [6722331c2830] + * plugins/sudoers/sssd.c: + Fix underflow in get_ipa_hostname() when trimming trailing + whitespace. + [875f2f5cd363] -2016-02-18 Todd C. Miller +2016-09-14 Todd C. Miller - * configure, configure.ac: - Remove last remnants of the deprecated --with-stow option. - [8616d6de7ecd] + * NEWS: + Document negated sudoHost entries. + [41d9853f89f7] - * src/Makefile.in: - src/load_plugins.c needs _PATH_SUDO_CONF so allow it to be - overridden via the Makefile like other consumers of _PATH_SUDO_CONF. - Bug #735 - [10148ef883ec] + * plugins/sudoers/sssd.c: + Support negated sudoHost entries. + [7c25f9111633] -2016-02-01 Todd C. Miller + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Document negated sudoHost entries. + [6c8444c6bc6c] - * configure, configure.ac, include/sudo_util.h, lib/util/aix.c, - lib/util/getgrouplist.c, plugins/sudoers/pwutil.c, - plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c, - plugins/sudoers/set_perms.c, src/sudo.c: - Add an administrative domain to the passwd/group cache key for AIX - which can have different name <-> ID mappings depending on whether - the database is local, LDAP, etc. - [5319c11aefe9] + * plugins/sudoers/ldap.c: + Support negated sudoHost entries. + [1899906b8ef4] - * mkpkg, sudo.pp: - Fedora dropped "core" from the name some time ago so just match on - f[0-9] for the rpm distro name provided by pp. Since the version - numbers of Fedora and RHEL are so different switch to defining - variables to indicate which features should be enabled. Works for - Fedora 23. - [4ec50b352293] +2016-09-13 Todd C. Miller -2016-01-31 Todd C. Miller + * plugins/sudoers/match.c: + Don't check the username when matching a host netgroup unless + def_netgroup_tuple is enabled. + [238c8064542f] - * mkpkg, sudo.pp: - Treat fedora core like centos/rhel for package building. - [0dfc607d07a1] + * plugins/sudoers/match.c: + Move valid domain name check into a new valid_domain() function. Fix + memory leak if getdomainname(2) fails and avoid using heap garbage + for the domain name matching in this case. + [946f2441c90a] -2016-01-29 Todd C. Miller +2016-09-12 Todd C. Miller - * plugins/sudoers/regress/iolog_path/check_iolog_path.c, - plugins/sudoers/regress/parser/check_fill.c: - Plug some memory leaks in the tests. - [ce76ba538867] + * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, po/it.mo, + po/it.po: + sync with translationproject.org + [40eab0801eae] - * plugins/sudoers/toke_util.c: - If realloc of sudoerslval.command.args fails, reset - sudoerslval.command.args as well as arg_len and arg_size after - freeing sudoerslval.command.args. - [6481bad56e6a] +2016-09-11 Todd C. Miller * src/exec_pty.c: - When freeing the iobs after pty tear-down, also free the associated - event structures. Quiets a memory leak warnings from address - sanitizer and valgrind. - [f19c689a2ded] - -2016-01-28 Todd C. Miller + Add back line mistakenly removed in 0cf2a9351740 + [8622c83c1474] - * plugins/sudoers/iolog.c: - iolog_compress should be bool, not int - [b437123a242b] + * plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, po/nb.mo, + po/nb.po: + sync with translationproject.org + [f180826bb77b] - * plugins/sudoers/visudo.c: - Quiet address sanitizer leak detector. - [b7ce672331f6] +2016-09-09 Todd C. Miller - * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c, - plugins/sudoers/gc.c, plugins/sudoers/sudoers.h: - Simple garbage collection (really a to-be-freed list) for the - sudoers plugin. Almost identical to what sudo.c uses. Currenly only - the environment strings are collected at exit time which is enough - to quiet address sanitizer's leak detector. - [47f32e047b1a] + * NEWS: + Bug #757 + [de67bc9e26f8] - * src/sudo.c: - Rename gc_cleanup to gc_run and remove I/O plugins from the plugin - list when freeing them. - [ea640f0b46f9] + * plugins/sudoers/sudoers.c: + Fix typo that broke short host name matching when the fqdn flag is + enabled. Bug #757 + [605c03afc80f] - * src/sudo.c: - Free up the garbage via an atexit() handler instead of requiring a - call to gc_exit. - [cc9c96d88595] +2016-09-08 Todd C. Miller - * src/sudo_edit.c: - Plug a memory leak in sudo_edit. - [cab9a13a669b] + * include/sudo_debug.h, lib/util/aix.c, lib/util/fnmatch.c, + lib/util/getgrouplist.c, lib/util/secure_path.c, + lib/util/setgroups.c, lib/util/strtoid.c, lib/util/sudo_conf.c, + lib/util/sudo_debug.c, plugins/sample/sample_plugin.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, + plugins/sudoers/env.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, + plugins/sudoers/ldap.c, plugins/sudoers/logging.c, + plugins/sudoers/match.c, plugins/sudoers/parse.c, + plugins/sudoers/policy.c, plugins/sudoers/pwutil.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/timestamp.c, plugins/sudoers/visudo.c, + plugins/sudoers/visudo_json.c, src/env_hooks.c, src/exec.c, + src/exec_pty.c, src/get_pty.c, src/hooks.c, src/load_plugins.c, + src/regress/ttyname/check_ttyname.c, src/selinux.c, src/signal.c, + src/sudo.c, src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, + src/utmp.c: + Be consistent with the naming of the variable used to store the + function return value. Previously, some code used "rval", some used + "ret". This standardizes on "ret" and uses "rc" for temporary return + codes. + [017866310d24] -2016-01-27 Todd C. Miller +2016-09-07 Todd C. Miller - * INSTALL: - mention --enable-asan - [ee2bc0f60c8b] + * plugins/sudoers/po/ca.po, plugins/sudoers/po/cs.mo, + plugins/sudoers/po/cs.po, plugins/sudoers/po/da.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/el.po, plugins/sudoers/po/eo.po, + plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po, + plugins/sudoers/po/fr.po, plugins/sudoers/po/hr.po, + plugins/sudoers/po/hu.po, plugins/sudoers/po/it.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/ko.po, plugins/sudoers/po/lt.po, + plugins/sudoers/po/nb.po, plugins/sudoers/po/nl.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/ru.po, plugins/sudoers/po/sk.po, + plugins/sudoers/po/sl.po, plugins/sudoers/po/sr.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + plugins/sudoers/po/tr.po, plugins/sudoers/po/uk.mo, + plugins/sudoers/po/uk.po, plugins/sudoers/po/vi.mo, + plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.mo, + plugins/sudoers/po/zh_CN.po, po/ca.po, po/cs.mo, po/cs.po, po/da.po, + po/de.mo, po/de.po, po/eo.po, po/es.po, po/eu.po, po/fi.po, + po/fr.mo, po/fr.po, po/gl.po, po/hr.po, po/hu.po, po/it.po, + po/ja.mo, po/ja.po, po/ko.po, po/nb.po, po/nl.po, po/pl.mo, + po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/ru.po, po/sk.po, po/sl.po, + po/sr.po, po/sv.mo, po/sv.po, po/tr.po, po/uk.mo, po/uk.po, + po/vi.mo, po/vi.po, po/zh_CN.mo, po/zh_CN.po: + sync with translationproject.org + [6312962695df] - * plugins/sudoers/auth/sudo_auth.c: - Try to deconfuse static analyzers a bit. - [7e728c76f5df] - - * plugins/sudoers/sssd.c: - Avoid possible NULL deref found by clang analyzer. - [8bb3cbfe0446] + * MANIFEST, NEWS, doc/CONTRIBUTORS, po/nn.mo, po/nn.po: + Norwegian Nynorsk translation of sudo from translationproject.org + [05203a266265] - * config.h.in, configure, configure.ac: - Add --enable-asan configure flag to enable address sanitizer - [8aae250fb68e] + * NEWS: + Fix for Bug #756 + [89ff21579216] - * src/sudo.c, src/sudo_plugin_int.h, src/ttyname.c: - Add support for garbage collecting info passed to the plugin before - exit to appease address sanitizer's leak detector (and valgrind's - leak checker). We can't free these sooner since the plugin may be - using the memory. For plugin API 2.0 it should be make clear that - the plugin must make a copy of the data in the arrays passed in to - the plugin's open() function. Only enabled if NO_LEAKS is defined. - [8458bcb165d8] +2016-09-05 Todd C. Miller - * plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, - plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c, - plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, - plugins/sudoers/auth/sudo_auth.c: - auth_getpass() returns a dynamically allocated copy of the plaintext - password which needs to be freed after checking (and clearing) it. - [28d2c83c3ac4] + * plugins/sudoers/sudoers.c: + In sudoers_main() avoid setting rval prematurely. Prevents a crash + when auditing fails after successfully authenticating. Bug #756 + [d17a06bce04c] - * src/sudo.c: - Remove sudo_fatalx() calls from format_plugin_settings(). - [96a18a3ccc49] + * plugins/sudoers/defaults.c: + Apply match_group_by_gid early. + [1259c7fd66ca] - * plugins/sudoers/sssd.c: - fn_free_result() (aka sss_sudo_free_result() in sss_sudo.c) handles - a NULL poiner so there's no need to check before calling it. Add - missing initialization of sss_sudo_result to NULL in - sudo_sss_setdefs(). - [fa1c8eaed6ac] +2016-09-02 Todd C. Miller - * plugins/sudoers/sssd.c: - Add missing return when user is not found in sudo_sss_result_get(). - Previously we fell through to the default case which just logged a - debug message and returned so this just avoids the extra (generic) - debug message. - [68c2201f3a85] + * NEWS: + update + [292a9e21474e] -2016-01-26 Todd C. Miller + * src/ttyname.c: + Don't disable large file support for Linux, just SVR4-style /proc. + Otherwise, stat(2) may fail on Linux when running a 32-bit sudo on a + 64-bit machine. Bug #755 + [09450ce8b8a8] - * lib/util/gettime.c: - Fix a warning on AIX. - [4ebc19a143ff] +2016-09-01 Todd C. Miller - * src/sudo.c: - Pass updated user_env_out, not envp, to the I/O open function. - [f02e6f32f189] + * include/sudo_util.h: + Make sudo_parseln() flags hex to make it more obvious that they are + bit flags. + [b912a078047e] - * src/sudo.c: - Pass updated argv/envp to the I/O open function like the plugin API - documents. - [ff9f4fae5cf3] + * plugins/sudoers/env.c: + Don't try to support line continuation in /etc/environment. + [d7e30e821c0e] -2016-01-25 Todd C. Miller + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c: + No line continuation support in ldap.conf. + [211caaba2395] - * plugins/sudoers/iolog.c: - Add check for I/O log file handle being NULL. This could only happen - if the front-end calls iolog_open with argc == 0 but actually runs a - command. - [5113a3c04494] + * include/sudo_util.h, lib/util/parseln.c: + Add flag to sudo_parseln() to disable line continuation support. + [d2820247fc07] -2016-01-22 Todd C. Miller + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + A comment character ('#') is only special at the beginning of the + line. + [b3b67b7e4fc0] - * plugins/sudoers/pwutil.c: - Additional debugging for pwutil functions. - [908b83c3acbb] + * include/sudo_util.h, lib/util/parseln.c, + lib/util/regress/sudo_parseln/parseln_test.c, lib/util/sudo_conf.c, + lib/util/util.exp.in, plugins/sudoers/env.c, plugins/sudoers/ldap.c, + plugins/sudoers/sudo_nss.c: + Add a flags option to sudo_parseln() and a flag to only mach + comments at the beginning of the line. Use the flag when parsing + ldap.conf. + [40c560fc9a10] - * config.h.in, configure, configure.ac, lib/util/aix.c: - When calling setauthdb(), save the old registry value so we can - restore it properly. Previously we were setting the registry to - unrestricted instead of actually restoring it. - [5a2921412663] + * src/sudo.c: + If get_process_ttyname() fails for errno != ENOENT, just warn + instead of making it a fatal error. Bug #755 + [1a028b861801] - * plugins/sudoers/sudoers.c: - Use SUDOERS_DEBUG_UTIL not SUDO_DEBUG_UTIL in the plugin. - [79b012777e71] +2016-08-31 Todd C. Miller -2016-01-21 Todd C. Miller + * plugins/sudoers/mkdefaults: + use strict + [681281bc0f6d] - * lib/util/sudo_debug.c: - When parsing debug entries, don't make a lower value override a - higher one. For example, for "pcomm@debug,all@warn" the "all@warn" - should not set pcomm to "warn" when it is already at "debug". - [031037a56e51] + * plugins/sudoers/def_data.h, plugins/sudoers/mkdefaults: + Define def_foo in terms of the I_FOO index instead of a bare number. + [abb119f84ae6] -2016-01-20 Todd C. Miller + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: + sync with translationproject.org + [d339717f8692] - * plugins/sudoers/policy.c: - Set sudoedit_checkdir=false in command_details when it is disabled - in sudoers. - [811dd43b29f5] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Mention that match_group_by_gid has no effect when sudoers is stored + in LDAP. + [5eb6ae45c699] - * include/sudo_compat.h, lib/util/strtobool.c, plugins/sudoers/ldap.c, - plugins/sudoers/sssd.c, src/sudo_edit.c: - Update copyright year - [5ec484920763] + * include/sudo_compat.h, src/sudo.c: + Use W_EXITCODE to construct the wait status if sudo could not + execute the command. Fixes the sudo exit value for exec(3) failure. + [95eae2d60292] - * src/sudo_edit.c: - If the user runs "sudoedit /" we will receive ENOENT from openat(2) - and sudoedit will try to create a file with the null string. If path - is empty, open the cwd instead so sudoedit can give a sensible error - message. - [fc39d5804f1f] + * src/exec.c: + fix brace style + [54448c10b6b5] - * lib/util/strtobool.c: - Log an error for invalid boolean strings. - [004afa5e05c5] + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [794b06ba727b] * src/sudo.c: - Fix off by one error in new SET_FLAG macro. - [5bdce4edf8b9] + It is possible for get_user_info() to fail for reasons other than + ENOMEM so print the warning message there rather than in main(). + [8c24df8d6b78] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Document the race with sudoedit_checkdir in 1.8.15. - [cb7aed3367e9] +2016-08-30 Todd C. Miller - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in: - Document sudoedit_checkdir - [89f2452272ad] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + match_group_by_gid is only available in sudo 1.8.18 and above + [dd237eb540d0] -2016-01-19 Todd C. Miller + * doc/UPGRADE: + Mention match_group_by_gid + [417f27e9059a] - * src/sudo_edit.c: - There are no systems that support O_SEARCH/O_PATH that do not also - support O_DIRECTORY so simplify the definition of DIR_OPEN_FLAGS a - bit. - [a48f11ea53b3] + * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document match_group_by_gid + [2234997acb8d] - * plugins/sudoers/po/sudoers.pot, po/sudo.pot: - regen - [8ae4d883ac59] + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/pwutil.c: + Add match_group_by_gid Defaults option to allow sites with slow + group lookups and a small number of groups in sudoers to match + groups by group ID instead of by group name. + [20714580da96] - * NEWS, doc/UPGRADE: - Add 1.8.16 changes - [8d3a3f5cdf59] +2016-08-29 Todd C. Miller - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat, - doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/defaults.c, - src/sudo.c: - Make sudoedit_checkdir the default and update the documentation - accordingly. - [84bbc1b73411] + * NEWS: + Mention "sudo -l command" bug fix. + [cb8ade186880] - * src/sudo.c: - Add a SET_FLAG macro to simplify parsing command details boolean - flags. Previously, flags were only set and never cleared even if the - boolean value was false. This was not a problem as there were no - default flags for the plugin to enable. That will change in the - future. - [75f24ca13f41] + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Fix "sudo -l command" in the LDAP and SSS backends when the command + is not allowed. + [631038350b2a] -2016-01-18 Todd C. Miller +2016-08-26 Todd C. Miller - * src/sudo_edit.c: - Need to be root when switching to a different user. - [06d5f010b607] + * plugins/sudoers/defaults.c: + Use sudo_strsplit() instead of doing the equivalent manually. + [9eb6d1cc78bd] - * src/sudo_edit.c: - Use O_SEARCH on systems without O_PATH if present. It can be used - for a similar purpose. - [3f559a389bf9] +2016-08-25 Todd C. Miller - * config.h.in, configure, configure.ac, src/sudo_edit.c: - Use faccessat(2) for directory writability instead of doing the - checks manually where possible. This also allows us to remove the - #ifdef __linux__ bits since we no longer use fstat(2) on Linux with - an O_PATH fd. - [fe50d0c1f1b9] - -2016-01-16 Todd C. Miller + * NEWS: + Move SIGPIPE bug fix to 1.8.18 where it belongs + [52509fd0100e] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Add "I/O LOG FILES" section to the manual and move many of the - details from the log_input and log_output descriptions to it. - [a604903f5ae3] + * plugins/sudoers/defaults.c: + Fix memset size typo in previous commit. + [e00299f7c50f] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Use "Nm sudoers" when talking about the plugin and "Em sudoers" when - talking about the sudoers file. - [727a68b02de7] + * plugins/sudoers/regress/visudo/test6.out.ok, + plugins/sudoers/regress/visudo/test6.sh: + Add regress for check_defaults() use-after-free bug. + [0b362678ca10] -2016-01-13 Todd C. Miller + * MANIFEST, plugins/sudoers/defaults.c: + Fix use-after-free in check_defaults(), reported by Radovan Sroka of + RedHat. + [ab3a4227c12f] - * lib/zlib/zlib.exp: - Remove gzopen_w which is only defined on Windows. - [a73236903e7b] +2016-08-24 Todd C. Miller - * config.h.in, configure, configure.ac, include/sudo_compat.h: - Work around the buggy pread(2) on 32-bit HP-UX 11.00 by using - pread64() on that platform. - [31c4be934115] + * NEWS: + SIGPIPE bug fix + [24c9a12f7e59] -2016-01-12 Todd C. Miller + * src/signal.c: + Now that we ignore SIGPIPE in sudo we need to restore it at exec + time. Problem reported by Radovan Sroka of RedHat. + [3cfa7e3510ff] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, - plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, - plugins/sudoers/ldap.c, plugins/sudoers/match.c, - plugins/sudoers/parse.c, plugins/sudoers/parse.h, - plugins/sudoers/sssd.c, plugins/sudoers/testsudoers.c: - Add support for matching the entire netgroup tuple (user, host, - domain). - [9f694ba7c86d] +2016-08-22 Todd C. Miller - * plugins/sudoers/ldap.c: - Use asprintf() to generate the netgroup filter instead of using lots - of concatenation. - [f8290c040aea] + * mkpkg: + Fix appending to make_opts + [abe28b6b7663] - * lib/util/util.exp.in: - Add missing sudo_debug_exit_ssize_t_v1 symbol. - [9407fb25dfa4] + * NEWS: + Add Bug #753 and fix reference to Bug #752. + [e8c959e1cd6c] -2016-01-11 Todd C. Miller +2016-08-21 Todd C. Miller - * plugins/sudoers/match.c: - Silence warning in digest_matches() on systems with no fexecve(2). - [0cd3cc8fa195] + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/da.mo, + po/da.po, po/pt_BR.mo, po/pt_BR.po: + sync with translationproject.org + [219c3f0aeee7] - * plugins/sudoers/sssd.c: - Fix free() of invalid pointer introduced in the commit that stripped - whitespace between a '!' and the name in a sudoOption. - [4d2c1761c752] + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen pot files + [d0c56a4ff553] - * plugins/sudoers/ldap.c: - Fix free() of invalid pointer introduced in the commit that stripped - whitespace between a '!' and the name in a sudoOption. - [14391603a9e5] +2016-08-17 Todd C. Miller - * src/sudo_edit.c: - Add missing dfd argument to the version of - sudo_edit_openat_nofollow() for systems without O_NOFOLLOW. - [574e4a840879] + * NEWS: + Update with logging changes. + [f41beca23b99] - * plugins/sudoers/ldap.c: - In sudo_netgroup_lookup() only build up the search filter once - instead of once per netgroup_base. - [a03440237078] + * plugins/sudoers/logging.c: + Avoid duplicate warnings when we cannot write to the log file. Also + send the warning in mail if possible. + [9b8509cff137] - * plugins/sudoers/ldap.c: - It is safe to pass ldap_msgfree() a NULL pointer. - [abc2eaddbf83] + * plugins/sudoers/iolog.c, src/exec_pty.c, src/sudo.c, src/sudo.h: + Move the ignoring of I/O log plugin errors into the I/O log plugin + itself. + [25b7fd056614] - * plugins/sudoers/ldap.c: - On overflow, warn before freeing anything. - [2e3bcfa4a8f9] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/iolog.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h: + Make the behavior when we cannot write to a log or audit file + configurable. File log failures are ignored by default for + consistency with syslog. Audit errors are ignored by default to + allow the admin to fix the issue. I/O log file errors are still + fatal by default since if I/O logging is activated it is usually to + have an audit trail. Bug #751 + [dbd085e7c736] - * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - Use user_runhost and user_srunhost instead of user_host and - user_shost. Fixes "sudo -l -h other_host" for LDAP and sssd. - [e1abfdc82242] +2016-08-15 Todd C. Miller - * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: - Update description of sudoedit_checkdir. Reported by Sander Bos. - [ee44e7255096] + * plugins/sudoers/logging.c: + Make sure we print an error message to stderr (and not just send + mail) if do_logfile() fails. Bug #751 + [7884a23a0cdc] - * src/sudo_edit.c: - No need to check whether the fd we opened is really a directory in - sudo_edit_open_nonwritable() since if not, the openat() will fail - with ENOTDIR anyway. - [b41c5b289f35] +2016-08-13 Todd C. Miller -2016-01-10 Todd C. Miller + * plugins/sudoers/pwutil.c: + Separate out the supplemental group ID checks from the supplemental + group name checks in user_in_group(). We now call sudo_get_gidlist() + only when the group name in sudoers begins with a '#' (which is + seldom used). + [80534785d8b7] - * doc/CONTRIBUTORS, doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, - doc/sudoers.mdoc.in, include/sudo_compat.h, src/sudo_edit.c: - Rewritten sudoedit_checkdir support that checks all the dirs in the - path and refuses to follow symlinks in writable directories. This is - a better fix for CVE-2015-5602. Adapted from a diff by Ben - Hutchings. Bug #707 - [c2e36a80a279] + * plugins/sudoers/ldap.c, plugins/sudoers/policy.c, + plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Cache the user's group IDs and group names separately and only + resolve group IDs -> names when needed. If the sudoers file doesn't + contain groups we will no longer try to resolve all the user's group + IDs to names, which can be expensive on some systems. + [8ce3564e896e] -2016-01-04 Todd C. Miller +2016-08-12 Todd C. Miller - * MANIFEST, plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po, - plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, - plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, - plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/ca.mo, - po/ca.po, po/fi.mo, po/fi.po, po/hu.mo, po/hu.po, po/sr.mo, - po/sr.po: - sync with translationproject.org - [94ffd6b18431] + * plugins/sudoers/defaults.c: + Remove the "op" parameter from all the store_foo() functions except + store_list() where it is actually needed. For the others, a NULL + value indicates the setting was negated. This unconfuses static + analyzers (and perhaps humans too). + [fca031b57f15] - * configure, configure.ac, doc/sudo_plugin.cat, - doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat, - doc/sudoers.man.in, doc/sudoers.mdoc.in, include/sudo_plugin.h, - plugins/sudoers/match.c, plugins/sudoers/policy.c, - plugins/sudoers/sudoers.h, src/exec.c, src/exec_common.c, - src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h, src/sudo_exec.h: - Add support for using fexecve() if supported on commands that are - checksummed. - [397722cdd7ec] + * plugins/sudoers/defaults.c: + Flags always have a NULL value. Regression introduced by refactor of + set_default_entry(). + [71fe4fad097b] -2015-12-29 Todd C. Miller + * plugins/sudoers/defaults.c: + Set rc to true when setting a flag Defaults value. + [cf016b6aedd4] - * src/sudo_edit.c: - Call openat() with the basename not the full path. From Ben - Hutchings. - [33272418bb10] + * src/utmp.c: + suppress a cppcheck false positive + [0d44aa7cf05c] -2015-12-24 Todd C. Miller + * plugins/sudoers/defaults.c: + Refactor the error parts of set_default_entry() so the switch() is + mostly just calls to store_foo() functions. Avoids a lot of + duplicated error checking and silences a cppcheck false positive. + [1112b894007c] - * plugins/sudoers/group_plugin.c, plugins/sudoers/policy.c: - Fix compilation with --disable-shared - [84c084618676] + * plugins/sudoers/defaults.c: + In set_default_entry() check for unsupported Defaults type. + [beb1ae20179f] -2015-12-20 Todd C. Miller + * lib/util/aix.c: + Add missing break in switch that sets the max limit for + RLIMIT_NOFILE. Found by cppcheck. + [39b1979b1b92] - * src/exec_common.c: - Check for existing dso in LD_PRELOAD and only add it if it is not - already present. - [15042e8999f7] + * plugins/sudoers/defaults.c: + Check sudoers_initlocale return value and treat as oom. Coverity CID + 141832 + [b1cad9d6c49d] -2015-12-18 Todd C. Miller +2016-08-10 Todd C. Miller - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: - Clarify when SIGINT and SIGQUIT are relayed by sudo to the command. - [8efed5784393] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/match.c, plugins/sudoers/parse.c, + plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: + Set runas_pw early and adjust runaslist_matches() to deal. Since we + now set runas_default early there is no need to call update_defaults + with SETDEF_RUNAS after sudoers has been parsed. + [35e0b08219a8] - * plugins/sudoers/group_plugin.c, plugins/sudoers/policy.c, - plugins/sudoers/sudoers.h, src/load_plugins.c: - Actually use the plugin_dir Path setting in sudo.conf. - [bccc548127a2] +2016-08-09 Todd C. Miller - * lib/util/sudo_conf.c: - The Path setting for the plugin directory is "plugin_dir" not - "plugin". - [07c2677bbce5] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/defaults.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c: + Load sudoers group plugin via an early callback. + [0fc4382cd6e4] - * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, - lib/util/sudo_conf.c, src/exec_common.c: - Allow sudo.conf Path settings to disable path names (by setting the - value of NULL). - [81a44e011a40] + * sudo.pp: + System Integrity Protection on Mac OS X won't allow us to write + directly to /etc or /var. We must install in /private/{etc,var} + instead. + [831c78241e78] -2015-12-16 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document that fqdn, runas_default and sudoers_locale are parsed + early. + [beb4868c449e] - * src/selinux.c, src/sudo.h: - Change noexec flag in selinux_execve() from int to bool. - [7cb872aac155] + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoreplay.cat, + doc/visudo.cat: + Regen for 1.8.18 + [eb4feabb8fee] - * src/exec_common.c, src/sudo_exec.h: - Refactor code to set LD_PRELOAD (or the equivalent) in the - environment into a preload_dso() function. Also avoid allocating a - new copy of the environment array if the size of the array does not - change. - [72194b0b51f7] +2016-08-08 Todd C. Miller - * configure, configure.ac: - Add missing square brackets in configure option descriptions. - [6e25685c6349] + * plugins/sudoers/defaults.h, plugins/sudoers/ldap.c, + plugins/sudoers/sssd.c: + Avoid passing around struct defaults when it is not needed. As a + result, we no longer need to include gram.h in the LDAP and SSSD + backends. + [14d0bfdc8bd2] -2015-12-11 Todd C. Miller + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Instead of deferring setting early defaults until we have traversed + the entire defaults list, just defer running the callbacks. + Otherwise, if the last early default setting we see has a bad value + we won't set any defaults of that type even if there was an earlier + one that was valid. + [552863e5a097] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Document the names of the I/O log files and mention buffering. - Document that I/O logs are in gzip format by default. - [474838e7b365] + * plugins/sudoers/defaults.c: + Run callbacks once in set_default_entry() instead of each of the + store_foo() functions. + [b92b51c67845] -2015-12-10 Todd C. Miller +2016-08-03 Todd C. Miller - * plugins/sudoers/env.c: - Add BASHOPTS to initial_badenv_table[]; from Stephane Chazelas - [f206a9089a69] + * mkpkg: + Use /proc/cpuinfo on Linux instead of running lscpu + [450ea436dbe4] -2015-12-09 Todd C. Miller + * mkpkg: + If using GNU make on a multi-cpu system, use the -j flag to run make + jobs in parallel, up to the number of cpus/cores. + [7a6670de96dc] - * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - When parsing sudoOptions that include an operator (!, +, +=, -=) - strip out any whitespace on either side of the operator. - [62041b5888e5] +2016-07-31 Todd C. Miller -2015-12-08 Todd C. Miller + * plugins/sudoers/visudo.c: + Only check SUDO_USER if euid is 0 + [f42d00c94817] - * plugins/sudoers/sudoers2ldif: - Strip whitespace around '!', '=', '+=' and '-=' in Defaults entries. - [dcc9d15b0f3c] +2016-07-30 Todd C. Miller -2015-12-06 Todd C. Miller + * plugins/sudoers/visudo.c: + Initialize sudo_user based on the SUDO_USER environment variable if + present. This allows things like :Defaults:username editor=foo" to + work when visudo is run via sudo. + [a526d6f74198] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Document the race condition between the digest check and command - execution. - [24a3d9215c64] +2016-07-28 Todd C. Miller -2015-12-02 Todd C. Miller + * src/exec_pty.c: + Add function name in "command resumed" debug message + [e209f199a79f] - * plugins/sudoers/ldap.c: - When checking the query results, don't set user_matches in the - netgroup pass unless sudo_ldap_check_non_unix_group() returns true. - This was preventing the mail_no_user sudoOption from being - effective. - [31004144421b] + * src/exec_pty.c: + If waitpid() returns 0 or -1, display a warning, this should never + happen. Add a check for unhandled wait status (also should never + happen). + [983a0b79b527] - * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - In list mode, we always want to clear FLAG_NO_USER and FLAG_NO_HOST - regardless of whether or not there was an actual match. Otherwise, - warning mail may be sent which is not what we want in list mode. - This is consistent with what the sudoers file backend does. - [2809338a7b21] + * plugins/sudoers/defaults.c: + Flag settings have a NULL value so we can't use that to test whether + an entry in struct early_default is set or not. Add a "set" member + and use that instead. + [68a7c0de9b0e] -2015-11-22 Todd C. Miller +2016-07-27 Todd C. Miller - * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c: - Use size_t for length parameters in the fill functions used by the - lexer. - [0428c9067182] + * src/exec_pty.c: + Explicitly check for a continued process with waitpid(2). Otherwise, + waitpid() will return 0 when the command is resumed after being + suspended, which we were treating the same as -1. Fixes suspend and + resume on Linux and probably others. + [54a464b116ad] - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: - Use yy_size_t for digest_len since newer flex uses yy_size_t for - yyleng. Old flex uses int for yyleng so we need to use a cast to - avoid a sign compare warning. - [4a3dc6fb8f99] + * plugins/sudoers/defaults.c: + Fix --with-fqdn, the value should be NULL since it is a flag. + [95bc8b82911e] -2015-11-20 Todd C. Miller + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Add support for early defaults to the ldap and sssd backends. + [3a034360c177] - * Makefile.in, README, configure, configure.ac, - plugins/sudoers/regress/sudoers/test1.in, sudo.pp: - Use https in sudo.ws urls - [04e5177022d3] +2016-07-25 Todd C. Miller - * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, - doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, - doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, - doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat, - doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, - doc/visudo.man.in, doc/visudo.mdoc.in: - Use https in urls. - [855b05943b2d] + * src/sudo_edit.c: + Repair symlink check in sudo_edit_openat_nofollow() on systems + without O_NOFOLLOW, it must be done relative to dfd. Previously the + lstat() would always fail, possibly leading to a false positive. + Also add an early symlink check like in sudo_edit() while here. + [f72901c7f7cc] - * configure, configure.ac: - sudo 1.8.16 - [b745f7031aeb] + * src/sudo_edit.c: + On systems that lack the O_NOFOLLOW open(2) flag, check in + sudo_edit_open() whether the path to be opened is symlink before + opening it. This is racey but we detect losing the last post-open + and it is better to fail early if possible. When editing a link to a + non-existent file, a zero-length file will be left behind but it is + too dangerous to try and remove it after the fact. Bug #753 + [dac04f305262] - * plugins/sudoers/env.c: - When preserving variables from the invoking user's environment, if - there are duplicates only keep the first instance. - [d4dfb05db5d7] + * src/sudo_edit.c: + Update debug_decl for sudo_edit_openat_nofollow() Remove unused + variables when O_NOFOLLOW is not present. + [8dc0afb1de58] -2015-11-01 Todd C. Miller +2016-07-23 Todd C. Miller - * include/sudo_debug.h, lib/util/parseln.c, lib/util/sudo_debug.c, - plugins/sudoers/timestamp.c: - Add debug_return_ssize_t - [d491ed281726] + * plugins/sudoers/defaults.c, plugins/sudoers/visudo.c: + Split set_default_entry() out of set_default() so we can call it + from check_defaults() to validate the defaults value. In visudo, + suppress warnings from update_defaults() and rely on + check_defaults() to provide warnings. + [7d9b50f42d0b] - * plugins/sudoers/timestamp.c: - Avoid compilation error on Solaris 10 with Stun Studio 12. Bug #727 - [facd8ff1ee6c] + * plugins/sudoers/defaults.c: + Split binding match code out of default_type_matches() into + default_binding_matches(). We can now use default_type_matches() in + check_defaults(). + [c158768b12c5] -2015-10-31 Todd C. Miller + * plugins/sudoers/visudo.c: + Pass quiet flag to init_parser() and update_defaults() when doing + first parse of sudoers. + [3af76c1a0d84] - * .hgtags: - Added tag SUDO_1_8_15 for changeset d9c51e8ccba3 - [96337794a571] <1.8> +2016-07-22 Todd C. Miller - * NEWS, config.h.in, configure, configure.ac, doc/CONTRIBUTORS, - doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, - doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, - doc/visudo.cat, include/compat/timespec.h, lib/util/Makefile.in, - mkpkg, plugins/sudoers/Makefile.in, plugins/sudoers/auth/passwd.c, - plugins/sudoers/auth/secureware.c, plugins/sudoers/check.c, - plugins/sudoers/env.c, plugins/sudoers/iolog.c, - plugins/sudoers/logging.c, plugins/sudoers/match.c, - plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, - plugins/sudoers/visudo.c, po/sudo.pot, src/Makefile.in, - src/exec_pty.c, src/sudo.c: - Merge sudo 1.8.15 from trunk - [d9c51e8ccba3] [SUDO_1_8_15] <1.8> + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Update defaults in visudo after sudoers has been edited so we pick + up locale changes. The init_defaults() function will now re-init the + sudoers locale. + [ceb099392289] - * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, po/da.mo, - po/da.po: - sync with translationproject.org - [6711d740d3d0] +2016-07-20 Todd C. Miller - * NEWS: - Mention ssp configure fix. - [92d64fd724cc] + * plugins/sudoers/testsudoers.c: + Set sudoers locale before calling sudoersparse(). We don't need to + restore the user's locale since warnings are displayed in the user's + locale anyway. + [c44a38a496d1] -2015-10-30 Todd C. Miller + * plugins/sudoers/visudo.c: + Set the locale to the sudoers locale when parsing and restore the + user's locale afterward. Also set the warn/fatal locale helper + function so warning messages during a sudoers parse are displayed in + the user's own locale. + [a0b2cdb69d43] - * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, - plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, - plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, - plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, - plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, - plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, - plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, - plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, - plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, - plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, - plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo, - po/cs.po, po/de.mo, po/de.po, po/fr.mo, po/fr.po, po/it.mo, - po/it.po, po/ja.mo, po/ja.po, po/nb.mo, po/nb.po, po/pl.mo, - po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/uk.mo, po/uk.po, po/vi.mo, - po/vi.po, po/zh_CN.mo, po/zh_CN.po: - sync with translationproject.org - [9c8eb0062d8c] + * plugins/sudoers/logging.h: + Add forward decl of union sudo_defs_val to silence a gcc warning. + [9e717510f132] - * configure, configure.ac: - Don't use CPPFLAGS for the -fstack-protector check. Otherwise on - systems with _FORTIFY_SOURCE support we'll get an error due to the - lack of optimization flags. Bug #725 - [1a9f8571a82d] + * plugins/sudoers/sudoers.c: + Set the warn/fatal locale helper function in sudoers_policy_init() + so warning messages during sudoers loading are displayed in the + user's own locale. + [b6c7bab1ca80] - * configure, configure.ac: - When checking for stack protector support we need to actually link - the test program. - [ab4f94aac7de] + * plugins/sudoers/locale.c, plugins/sudoers/logging.h, + plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + Move sudoers locale callback function to locale.c and user it in + visudo and testsudoers. + [7c4e9a71e252] -2015-10-29 Todd C. Miller + * plugins/sudoers/sudoers.c: + In cb_sudoers_locale() actually set the locale in addition to + storing its name. Otherwise, it won't take effect until sudoers + lookup time. + [ceb446c2168b] - * configure, configure.ac: - Preserve LDFLAGS when checking for stack protector as they may - include rpath settings to allow the stack protector lib to be found. - Avoid using existing CFLAGS since we don't want the compiler to - optimize away the stack variable. - [e6bc59225c06] + * plugins/sudoers/defaults.c: + Fix regression that would cause early defaults entries to be set + multiple times. + [5f5cd02d5f0f] - * configure, configure.ac: - Better configure test for -fstack-protector. Some gcc installations - may be missing the ssp library even though the compiler supports it. - [4ade5d1249f4] + * NEWS, configure, configure.ac: + sudo 1.8.18 + [7c778904c39b] -2015-10-25 Todd C. Miller +2016-07-19 Todd C. Miller - * src/sudo_edit.c: - Set errno to EISDIR instead of ENOTDIR if directory is writable - since ENOTDIR can be a legitimate errno. This avoids a bogus - "directory is writable" error in that case. - [97ee37d905ce] + * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c: + Only set early defaults once, regardless of how many times the + variable is set in sudoers. This avoids running an early callback + more than once. For example, we don't want to call cb_fqdn() if sudo + is compiled with FQDN set but sudoers has "Defaults !fqdn". + [0c5d80939ea2] - * mkpkg: - Fix the check for whether to include 32-bit arch in Mac OS X - packages. - [a76654512f6b] + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: + Make strings const in functions that set defaults as they are not + modified. + [d01f22ab1902] -2015-10-24 Todd C. Miller + * plugins/sudoers/sudoers.c: + In cb_fqdn() just return if the fqdn flag is set to false. + [0cb3d78aa944] - * plugins/sudoers/po/sudoers.pot, po/sudo.pot: - regen - [58277a8f418b] +2016-07-18 Todd C. Miller - * NEWS, src/sudo_edit.c: - When creating a new file, sudoedit will now check that the file's - parent directory exists before running the editor. - [65bc45510fb2] + * plugins/sudoers/defaults.c: + Implement callbacks for defaults flags (T_FLAG). + [936adcc98800] - * NEWS, doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, - doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, - plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, - plugins/sudoers/match.c: - Add always_query_group_plugin - [7e9060d4c13a] + * plugins/sudoers/sudoers.c: + add debug_decl for cb_runas_default and cb_sudoers_locale + [4667b1e14172] -2015-10-23 Todd C. Miller + * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c: + Convert fqdn to a callback and add it to the list of early defaults. + [df863787cf5e] - * ABOUT-NLS, MANIFEST: - Add ABOUT-NLS from GNU gettext. - [971c168c065a] + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c: + Change defaults callbacks to take a union sudo_defs_val * instead of + a char *. + [c7730fa19e46] - * NEWS, config.h.in, configure, configure.ac, doc/sudoers.cat, - doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, - plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, - plugins/sudoers/policy.c, plugins/sudoers/sudoers_version.h, - src/sudo.c, src/sudo.h, src/sudo_edit.c: - Add directory writability checks for sudoedit. - [f5349d059a98] + * plugins/sudoers/defaults.c: + When updating defaults, process certain values fist since they can + influence how other defaults are parsed. Currently, runas_default + and sudoers_locale are processed early. + [32062737a1ae] -2015-10-06 Todd C. Miller +2016-07-16 Todd C. Miller - * NEWS: - Latest. - [9aae49302c60] + * plugins/sudoers/toke_util.c: + Fix typo introduced in last commit to fix fill_args() overflow + check. + [535d13b81c5d] - * src/conversation.c: - Ignore the SUDO_CONV_PROMPT_ECHO_OK flag when echo is enabled. This - was preventing a match of SUDO_CONV_PROMPT_ECHO_ON which resulted in - a masked password instead of an echoed one. - [53f6a78d79e3] + * plugins/sudoers/toke_util.c: + Fix underflow checl in fill_args(). + [2c6852e65ad6] - * plugins/sudoers/auth/bsdauth.c: - Repair challenge/response prompting for BSD authentication which got - broken while it was converted to use the conversation function. - [2d0b0cec5e4f] + * plugins/sudoers/toke_util.c: + Make sure we account for the trailing NUL when computing arg_size in + fill_args(). Bug #752 + [c73c1ea4b230] - * plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, - plugins/sudoers/auth/sudo_auth.h: - Use the auth_getpass (and the plugin conversation fuction) for Tru64 - SIA. This prevents sudo from sleeping while holding the tty ticket - lock. - [9221eec812cf] + * plugins/sudoers/toke_util.c: + Make arg_size and arg_len unsigned since we do bitwise operations on + them. + [0a551c7a5e67] - * NEWS, doc/UPGRADE, plugins/sudoers/env.c: - For env_reset, SHELL should be set based on the target user, not the - invoking user unless preserved via env_keep. - [b77adbc08c91] +2016-07-08 Todd C. Miller - * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: - sync with translationproject.org - [adb927ad5e86] + * lib/util/Makefile.in, lib/zlib/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + Only remove backup files as part of "make uninstall" when + INSTALL_BACKUP is set. + [c2541d2de89c] -2015-10-05 Todd C. Miller + * configure, configure.ac, lib/util/Makefile.in, lib/zlib/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + Only keep backups of installed files on HP-UX where you cannot + unlink a shared library that is in use. + [8763a1d0d515] - * NEWS: - Hungarian and Slovak translations - [d3b6acece125] +2016-07-03 Todd C. Miller - * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/hu.mo, - plugins/sudoers/po/hu.po, plugins/sudoers/po/sk.mo, - plugins/sudoers/po/sk.po, po/sk.mo, po/sk.po: - Add new Slovak and Hungarian translations from - translationproject.org - [132ec9b7a927] + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Ignore a missing or insecure #includedir, it is not a fatal error. + [8a82818c9f0d] -2015-10-02 Todd C. Miller + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Make sure we always call sudoerserror() on error in + read_dir_files(), otherwise sudo will not treat it as a fatal error. + [1a38da425ca0] - * src/sudo_edit.c: - Remove S_ISREG check from sudo_edit_open(), it is already done in - the caller. - [9fff8c0bb1f7] +2016-06-30 Todd C. Miller - * src/sudo_edit.c: - Open sudoedit files with O_NONBLOCK and fail if they are not regular - files. - [56b01164869c] + * plugins/sudoers/sudoers.c: + Set the sudoers locale before opening the sudoers file. Previously + the sudoers locale was used when evaluating sudoers but not during + the inital parse. Bug #748 + [c8deb0da75b4] - * plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/tgetpass.c: - It is possible for WIFSTOPPED to be true even if waitpid() is not - given WUNTRACED if the child is ptraced. Don't exit the waitpid() - loop if WIFSTOPPED is true, just in case. - [a2cab04a03da] + * plugins/sudoers/locale.c: + Add debugging + [5fbe2f109b92] -2015-09-30 Todd C. Miller + * plugins/sudoers/Makefile.in: + Don't link test programs with the sudoers-specific locale code if we + don't need to. + [41224154534e] - * plugins/sudoers/po/cs.mo, plugins/sudoers/po/de.mo, - plugins/sudoers/po/fi.mo, plugins/sudoers/po/it.mo, - plugins/sudoers/po/ja.mo, plugins/sudoers/po/nb.mo, - plugins/sudoers/po/pl.mo, plugins/sudoers/po/pt_BR.mo, - plugins/sudoers/po/uk.mo, plugins/sudoers/po/vi.mo, - plugins/sudoers/po/zh_CN.mo, po/cs.mo, po/de.mo, po/fi.mo, po/fr.mo, - po/gl.mo, po/it.mo, po/ja.mo, po/nb.mo, po/pl.mo, po/pt_BR.mo, - po/uk.mo, po/vi.mo, po/zh_CN.mo: - rebuild .mo files - [676362ed6061] + * plugins/sudoers/Makefile.in: + sudoreplay does not need to link with the sudoers-specific locale + code. + [348638a68f69] - * plugins/sudoers/po/pt_BR.po, po/pt_BR.po: - sync with translationproject.org - [be932694e600] +2016-06-27 Todd C. Miller -2015-09-28 Todd C. Miller + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + new_digest was prototyped as static but not explicitly declared + static. + [52949a024acb] - * config.h.in, configure, configure.ac, src/sudo_noexec.c: - There's no point in trying to interpose protected versions of the - exec family of functions. Many modern C libraries use hidden symbols - for the functions and syscalls defined in libc such that they cannot - be overridden inside libc itself. We have to just wrap all the exec - variants plus system and popen. - [30aa4bd6c15b] - - * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: - List all the functions wrapped by sudo_noexec.so. - [57a9db56f4e0] + * configure, configure.ac: + Some versions of HP-UX 11.11 do not expose struct sockaddr_ext if + _XOPEN_SOURCE_EXTENDED is defined. Only define + _XOPEN_SOURCE_EXTENDED if we can still compile net/if.h. + [0189ff7daa63] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - The section is now called "EXEC and NOEXEC" and it is above, not - below. - [9b0a2537f65d] + * plugins/sudoers/Makefile.in: + Some versions of HP-UX make will ignore suffix rules if they are + empty. + [cffeee232752] - * src/sudo_noexec.c: - Also wrap popen(3). - [a826cd7787e9] +2016-06-23 Todd C. Miller - * src/sudo_noexec.c: - Also interpose system(3). On glibc systems you cannot interpose the - syscalls used internally by libc. - [58a5c06b5257] + * src/exec_pty.c: + Don't skip debug printfs in handle_sigchld() just because execve() + returned an error. + [0cf2a9351740] - * src/conversation.c: - Set active debug instance to sudo_debug_instance() during the - conversation function. - [22fb750d92a9] + * include/compat/charclass.h, include/sudo_compat.h, lib/util/aix.c, + lib/util/getaddrinfo.c, lib/util/sudo_debug.c, + plugins/sudoers/insults.h, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/sudoers_debug.c: + Add definition of nitems for those without it and use it throughout. + [4b30c8834fdd] -2015-09-27 Todd C. Miller +2016-06-22 Todd C. Miller - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: - LOGNAME and USERNAME are set the same way as USER - [54f170cf2536] + * sudo.pp: + Update copyright year. + [638c964e44fd] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: - Document behavior when the command dies from a signal in EXIT - STATUS. - [3c93d682e5e6] + * NEWS, configure, configure.ac: + Sudo 1.8.17p1 + [bc30a172370c] -2015-09-26 Todd C. Miller + * src/sudo.c, src/sudo.h: + Set user groups in exec_setup() if they were not already set by + policy_init_session(). Bug #749 + [3bf16489800c] - * NEWS: - Bug #722 - [5cca49bb0e02] +2016-06-15 Todd C. Miller - * src/sudo.c: - When the command sudo is running is killed by a signal, sudo will - now send itself the same signal with the default signal handler - instead of exiting. The bash shell appears to ignore some signals, - e.g. SIGINT, unless the command is killed by that signal. This makes - the behavior of commands run under sudo the same as without sudo - when bash is the shell. Bug #722 - [153f016db8f1] + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + Point the reader to the sudoers manual for the list of supported + arguments after the plugin path. + [40cbfa5deeb1] -2015-09-25 Todd C. Miller + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + forgot to update date in last commit + [3872a46e229b] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Adjust set_logname description to new behavior when any of LOGNAME, - USER or USERNAME are preserved. - [89009c2dcf38] + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Fix typo; cn=default should be cn=defaults + [06e097667465] - * NEWS, plugins/sudoers/env.c: - If some, but not all, of the LOGNAME, USER or USERNAME environment - variables have been preserved from the invoking user's environment, - sudo will now use the preserved value to set the remaining variables - instead of using the runas user. This ensures that if, for example, - only LOGNAME is present in the env_keep list, that sudo will not set - USER and USERNAME to the runas user. - [54a60fe72b9a] +2016-06-13 Todd C. Miller -2015-09-24 Todd C. Miller + * lib/util/Makefile.in, lib/zlib/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + Fold lines at 80 characters for the clean: target + [651623231cd8] - * plugins/sudoers/auth/pam.c: - Fix passing of the callback pointer to the conversation function. - This was preventing the on_suspend and on_resume functions from - being called on PAM systems. - [611246ded4ff] + * lib/util/Makefile.in: + Remove mksiglist, siglist.c, mksigname, signame.c as part of + "distclean" + [ed7f58685633] - * include/sudo_plugin.h: - Explicitly mark large hex constants unsigned. - [5b67b0090814] +2016-06-12 Todd C. Miller - * plugins/sudoers/timestamp.c: - Cast sizeof(entry) to off_t before making it a negative offset for - lseek(). Fixes "sudo -k" on Solaris and probably others. - [ed5d312f6baa] + * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po: + sync with translationproject.org + [a3bb8c15ef3d] -2015-09-21 Todd C. Miller + * plugins/sudoers/sssd.c: + LDAP sudoers doesn't support negated users, groups or netgroups. + [d6585245c24d] - * doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Add explicit mention of sudo's netgroup semantics since they differ - from most other netgroup consumers. - [0e9030f8cf56] +2016-06-09 Todd C. Miller - * plugins/sudoers/po/fi.po, po/fi.po: - sync with translationproject.org - [f9236f25a616] + * NEWS: + Bug #746 + [e0bba3ae78c2] - * plugins/sudoers/check.c: - Fix potential double free of the cookie when sudo is suspended at - the password prompt. - [cbecb3136155] + * plugins/sudoers/match.c: + When matching paths with glob(3), check returned matches against + user_cmnd first if it is fully-qualified. This avoids a lot of + needless stat(2) calls and avoids a mismatch between safe_cmnd and + argv[0] if there are multiple matches with the same inode/dev due to + links. Bug #746. + [29bdba0cf2eb] -2015-09-16 Todd C. Miller + * NEWS: + Add execve failure in pty bug fix. + [941672cc6793] - * plugins/sudoers/po/cs.po, plugins/sudoers/po/zh_CN.po, po/cs.po, - po/zh_CN.po: + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po: sync with translationproject.org - [21138f16a3a6] + [a4f789cedecc] -2015-09-15 Todd C. Miller + * src/exec_pty.c: + In handle_sigchld() fix the return value when we've already received + an exec error. We don't want to overwrite the error status but we do + need to indicate that the command is no longer running. Fixes as + hang on execve(2) error when running in a pty. + [797bed2c39a7] - * plugins/sudoers/po/de.po, plugins/sudoers/po/it.po, - plugins/sudoers/po/ja.po, plugins/sudoers/po/nb.po, - plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.po, - plugins/sudoers/po/vi.po, po/de.po, po/fr.po, po/gl.po, po/it.po, - po/ja.po, po/nb.po, po/pl.po, po/uk.po, po/vi.po: + * src/exec.c, src/exec_common.c: + Move sudo_debug_execve() call into sudo_execve(). + [ab2ea3459a7c] + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/sr.mo, + po/sr.po, po/sv.mo, po/sv.po: sync with translationproject.org - [2d9f3e4c3ccf] + [046ba9a0fca8] + +2016-06-07 Todd C. Miller * NEWS: - Bug #719 - [cfa393164a0f] + update for 1.8.17 final + [a2f02775aba5] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: - SIGHUP is now relayed to the command. Bug #719 - [8db7c492c52a] + * lib/util/aix.c: + Fix setting of hard stack limit when stack_hard is not specified in + /etc/security/limits. When 64-bit resource limits are supported we + can use the default value of 8388608 512-byte blocks directly. We + should only resort to using RLIM_SAVED_MAX for 32-bit resource + limits. + [cc4933fc41bd] - * src/exec.c: - When a terminal device is closed, SIGHUP is sent to the controlling - process associated with that terminal. It is not sent to the entire - process group so sudo needs to relay SIGHUP to the command when it - is not being run in a new pty. Bug #719 - [b408a792f31a] +2016-06-06 Todd C. Miller - * NEWS: - Mention visudo bug in 1.8.14 - [0fec829807fd] + * plugins/sudoers/po/sudoers.pot: + regen + [4ab85a46cf63] - * plugins/sudoers/visudo.c: - We reserved two slots at the end of the editor argv for the line - number and the file name. However, resolve_editor() adds "--" before - the file names so the +line_number is interpreted as a file name, - not a line number so we need to overwrite the "--" as well. - [ff107430ee4b] +2016-06-05 Todd C. Miller -2015-09-10 Todd C. Miller + * plugins/sudoers/sssd.c: + Ignore empty ipa_hostname + [9421ade7b47f] - * config.h.in, configure, configure.ac, lib/util/sig2str.c, - lib/util/strsignal.c: - Remove checks for __sys_siglist and __sys_signame. They are internal - to libc and there are no known systems that export those symbols - that do not already export the single underbar or no- underbar - versions. - [2b3efe0a91f2] + * plugins/sudoers/sssd.c: + Better martching of ipa_hostname in sssd.conf + [abd53491cb4b] - * plugins/sudoers/po/ru.mo, plugins/sudoers/po/ru.po, po/es.mo, - po/es.po: - Sync with translationproject.org - [feb5eb934a9e] +2016-06-04 Todd C. Miller - * plugins/sudoers/po/sudoers.pot, po/sudo.pot: - regen - [947e8320c557] + * INSTALL, configure, configure.ac, pathnames.h.in, + plugins/sudoers/sssd.c: + Use the value of ipa_hostname from /etc/sssd/sssd.conf if present + instead of the system hostname. + [3f5cffcd8432] -2015-09-09 Todd C. Miller +2016-06-03 Todd C. Miller - * src/tgetpass.c: - Restore old signal handlers before tty settings. That way SIGTTOU is - at its original value if sudo_term_restore() should fail. - [69d2cc6c0702] + * plugins/sudoers/sssd.c: + When matching host, short-circuit the loop when we get a match. Only + check username as part of the netgroup when netgroup_tuple is + enabled. + [2eab4070dcf7] - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in: - Document what happens when the on_suspend/on_resume callbacks return - an error. - [d8c9dcf7a926] + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Avoid using !strcmp() + [f976b3d973e0] - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, - plugins/group_file/group_file.c, plugins/group_file/plugin_test.c, - plugins/sudoers/group_plugin.c, plugins/sudoers/policy.c, - plugins/system_group/system_group.c, src/hooks.c: - No need to have version macros for hooks, callbacks and the sudoers - group plugin. We can just use the main sudo API macros. The sudoers - group plugin macros are preserved for source compatibility but are - not documented. - [8c52bb83f991] +2016-06-02 Todd C. Miller - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Properly escape the backslash before a comma in an example so the - example rule is parsable by visudo. - [6745d38e9876] + * plugins/sudoers/sssd.c: + SSSD doesn't handle netgroups, we have to ensure they are correctly + filtered in sudo. The rules may contain mixed sudoUser specification + so we have to check not only for netgroup membership but also for + user and group matches. Adapted from a patch from Daniel Kopecek. + [50d8d88bcc28] - * src/tgetpass.c: - Ignore callbacks if major version doesn't match. - [f852e6ebff01] +2016-06-01 Todd C. Miller - * MANIFEST, config.h.in, configure, configure.ac, - include/compat/timespec.h, lib/util/Makefile.in, lib/util/gettime.c, - lib/util/utimens.c, plugins/sudoers/Makefile.in, - plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c, - plugins/sudoers/visudo.c, src/Makefile.in, src/sudo_edit.c: - Remove include/compat/timespec.h. Systems old enough to lack struct - timespec are too old to build a modern sudo. - [37812e10a449] + * plugins/sudoers/auth/pam.c: + Return PAM_CONV_ERR from the conversation function if getpass + returns NULL or the user pressed ^C. + [bec7e2ec26ff] - * NEWS: - Bug #713 - [8a7245d76799] + * plugins/sudoers/base64.c: + Make base64 decoding table-driven. + [2d001c111552] - * src/exec.c: - Fill in cstat if exec_setup() fails. Previously it was only filled - in for an execve() failure. Fixes an unkillable sudo process when - exec_setup() fails and I/O logging is enabled. - [ff1d39d9e505] + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Back out cfa26b99228f, it was already fixed differently. Caught by + regress checks. + [0584f80e9951] - * src/sudo.c: - Fix running commands as non-root when neither setresuid() not - setreuid() are available. At this point we are already root so - setuid() must succeed. Bug #713 - [34754ad586c7] +2016-05-31 Todd C. Miller - * src/sudo.c: - Cast uid_t to unsigned int when printing as %u - [669e2d5244a6] + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Allow double-quoted groups and netgroups to be part of a Defaults + spec. From Daniel Kopecek. + [cfa26b99228f] - * doc/UPGRADE: - Mention time stamp file locking changes, fix some spelling. - [c4563ea85e3a] + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + The sudoers.ldap manual is installed in section 4 or 5, not 1m or 8. + Also fix the section for ldap.conf cross-references. + [eb1c0a2b84a1] - * NEWS: - Update with latest changes. - [2cbd50e7c158] + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Fix copy pasta, "sudoNotAfter" not "sudoNotBefore". Add missing word + "order" in a sentence describing sudoOrder. + [653cb783f89b] -2015-09-07 Todd C. Miller + * plugins/sudoers/sssd.c: + For sudo -ll (long list) print the SSSD role just like we do for the + LDAP backend. Adapted from sudo-1.8.6p3-sssdrulenames.patch + [46f962b1f3ef] - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, include/sudo_fatal.h, - include/sudo_plugin.h, lib/util/fatal.c, plugins/sudoers/auth/afs.c, - plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, - plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, - plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, - plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, - plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, - plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, - plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c, - plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.h, - src/conversation.c, src/sudo.c, src/sudo.h, src/sudo_plugin_int.h, - src/tgetpass.c: - Add a struct sudo_conv_callback that contains on_suspend and - on_resume function pointer args plus a closure pointer and at it to - the conversation function. - [5608cb4c18f2] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Setting timestamp_timeout less than zero only lasts until the next + reboot. Adapted from a RedHat patch. + [f8ce1dfebfe9] - * config.h.in, configure, configure.ac, include/sudo_util.h, - lib/util/locking.c, lib/util/util.exp.in, plugins/sudoers/check.c, - plugins/sudoers/check.h, plugins/sudoers/policy.c, - plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c: - Lock individual records in the timestamp file instead of the entire - file. This will make it possible for multiple sudo processes using - the same tty to serialize their timestamp lookups. - [f4ad82e36d90] + * po/it.mo, po/it.po, po/nb.mo, po/nb.po: + sync with translationproject.org + [31b55426358b] - * lib/util/term.c, plugins/sudoers/check.c, - plugins/sudoers/sudoreplay.c, src/tgetpass.c: - Implement suspend/resume callbacks for the conversation function. If - suspended, close the timestamp file (dropping all locks). On resume, - lock the record before reading the password. +2016-05-25 Todd C. Miller - For this to work properly we need to be able to run th callback when - tsetattr() suspends us, not just when the user does. To accomplish - this the term_* functions now return EINTR if SIGTTOU would be - generated. The caller now has to restart the term_* function (and - send itself SIGTTOU) instead of it being done automatically. - [572374035897] + * src/conversation.c: + fputs() is now specified as returning non-negative on success, not + explicitly zero. Fixes a failure on glibc. + [55f8a25d4af4] - * plugins/sudoers/timestamp.c: - Allow the time stamp lock to be interrupted by signals. - [aa5017f86210] + * src/conversation.c: + Don't try to dereference replies[] if it is a NULL pointer. + [c4fdd838f2f5] - * plugins/sudoers/timestamp.c: - Adjust new locking to work when tty_tickets is disabled. We need to - use per-tty/ppid locking to gain exclusive access to the tty for the - password prompt but use a separate (short term) lock that is shared - among all sudo processes for the user. - [d6d7a0bb6bd0] + * plugins/sudoers/policy.c: + sudo_version should be unsigned + [7719d425c65a] - * lib/util/locking.c: - Set errno to EINVAL if sudo_lock_* is called with a bad type. - [cfba014f1c1a] + * plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po, + plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/ca.mo, + po/ca.po, po/cs.mo, po/cs.po, po/da.mo, po/da.po, po/de.mo, + po/de.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/ja.mo, + po/ja.po, po/pl.mo, po/pl.po, po/sk.mo, po/sk.po, po/sv.mo, + po/sv.po, po/uk.mo, po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, + po/zh_CN.po: + sync with translationproject.org + [e40cdc972d19] - * src/exec_pty.c: - sudo_term_* already restart themselve for all but SIGTTOU so we - don't need to use our own restart loops. - [113924cd05c0] + * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/ko.mo, + plugins/sudoers/po/ko.po, po/ko.mo, po/ko.po: + Korean translation for sudo and sudoers from translationproject.org. + [188ffbed5bf2] - * config.h.in, configure, configure.ac, plugins/sudoers/iolog.c, - plugins/sudoers/timestamp.c: - Use pread(2) and pwrite(2) where possible. - [86cd3f6bab9e] + * NEWS, plugins/sudoers/auth/pam.c: + Ignore PAM_SESSION_ERR from pam_open_session() since this can + apparently happen on systems using Solaris-derived PAM. Other errors + from pam_open_session() are treated as fatal. This avoids the + "policy plugin failed session initialization" error message seen on + some systems. + [0f7f3e7ead21] - * plugins/sudoers/timestamp.c: - Bring back the check for time stamp files that predate the boot - time. Instead of truncating we now unlink the file since another - process may be sleeping on the lock. - [9cdf7468d0f2] +2016-05-24 Todd C. Miller - * plugins/sudoers/check.c: - Avoid touching the time stamp directory for "sudo -k command" - [391d20c17775] + * NEWS, src/exec_pty.c: + Don't read from stdin when flushing final buffers in blocking mode. + Reading from the pipe can block too if the other end is not closed. + [a651f913a1ef] -2015-09-02 Todd C. Miller +2016-05-23 Todd C. Miller - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, include/sudo_plugin.h: - Make hook_version and hook_type unsigned. - [77cb84793f07] + * NEWS: + Mention visudo -x change. + [2fd35df055b2] -2015-09-01 Todd C. Miller + * plugins/sudoers/regress/sudoers/test1.json.ok, + plugins/sudoers/regress/sudoers/test14.json.ok, + plugins/sudoers/regress/sudoers/test15.json.ok, + plugins/sudoers/regress/sudoers/test16.json.ok, + plugins/sudoers/regress/sudoers/test2.json.ok, + plugins/sudoers/visudo_json.c: + There's no need to escape forward slashes in JSON output. While it + is legal to escape a forward slash, it is not required. + [044710f516a9] - * plugins/sudoers/base64.c, plugins/sudoers/match.c, - plugins/sudoers/regress/parser/check_base64.c: - When decoding base64, avoid using '=' in the decoded temporary array - as a sentinel as it can legitimately be present. Instead, just use - the count of bytes stored in the temp array to determine which bytes - to fold into the destination. - [6abef15d3954] + * doc/UPGRADE: + Document that in 1.8.12 sudo started being able to check the NIS + domain on Solaris. + [bced94478c0e] -2015-08-21 Todd C. Miller +2016-05-20 Todd C. Miller - * NEWS, plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c: - When parsing def_editor, break out of the loop when we find the - first valid editor. Bug #714 - [c7508ed075c2] - -2015-08-18 Todd C. Miller + * NEWS: + Better description of the I/O logging pipe issue. + [6eee2f8a1fae] - * plugins/sudoers/visudo.c: - The condition for adding a missing newline at the end of sudoers was - never reached. Keep track of the last character and write a newline - character if when copying to the temp file. Found by Radovan Sroka. - [86c20e7fc6bd] + * src/exec_pty.c: + In del_io_events(), avoid reading from the pty master in blocking + mode. We now do two passes, one with SUDO_EVLOOP_NONBLOCK and + another that could block if stdin is a pipe. This ensures we consume + the pipe until EOF. + [564ae2b4c305] - * plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c: - Remove extraneous while() from botched do {} while() loop conversion - to use sudo_strsplit. Noticed by Radovan Sroka. - [cd2d25510129] + * lib/util/event.c: + Improve debug info in sudo_ev_add() and sudo_ev_del() + [ca839439ff22] -2015-08-10 Todd C. Miller + * src/exec_pty.c: + In pty_close(), call del_io_events with the SUDO_EVLOOP_ONCE flag so + the event loop will exit after a single run through. Otherwise, we + may hang at exit on non-BSD systems. + [e6c38d5a341b] - * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c: - In sudo_pam_begin_session() and sudo_pam_end_session() return - AUTH_FATAL on error, not AUTH_FAILURE. In sudo_auth_begin_session() - treat anything other than AUTH_SUCCESS as a fatal error. - [3ad7296390f2] +2016-05-18 Todd C. Miller - * doc/CONTRIBUTORS, src/exec.c, src/exec_pty.c: - Linux sets si_pid in struct siginfo to 0 when the process that sent - the signal is in a different container since the PID namespaces in - different conatiners are separate. Avoid looking up the process - group by id when si_pid is 0 since getpgid(0) returns the process - group of the current process. Since sudo ignores signals sent by - processes in its own process group, this had the effect of ignoring - signals sent from other containers. From Maarten de Vries - [6d3f43b95a1f] + * po/sudo.pot: + regen + [18a4570be506] - * plugins/sudoers/auth/pam.c: - Sprinkle some debugging. - [f5a94a3a1192] +2016-05-17 Todd C. Miller -2015-08-09 Todd C. Miller + * src/exec_pty.c: + Bump I/O buffer size to 64K. We don't use PIPE_BUF or _PC_PIPE_BUF + for this because that corresponds to the value for atomic pipe + writes. The actual pipe buffer is much larger on modern systems and + 64K is what BSD and Linux support for large pipe buffers. + [3b5d995966ef] - * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, - doc/sudo.man.in, doc/sudo.mdoc.in: - Document that sudo uses the real uid to map from uid to passwd file - user name. - [04f6709675cc] + * NEWS: + I/O logging bug fix + [934d755ac12c] - * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, - doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in: - disable_coredump can be set to no on modern OSes without security - consequences. - [ebe6d5bb2274] + * src/exec_pty.c: + Don't use SUDO_EVLOOP_NONBLOCK when flushing buffers at pty close + time, only when the user suspends sudo. Fixes a problem where all + buffers might not get flushed at exit when logging I/O. Reproducible + via "sudo tar cf - foo | (cd /tmp && sudo tar xf -)" on OpenBSD. + [bbe0e18739ec] -2015-08-07 Todd C. Miller +2016-05-16 Todd C. Miller - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat, - doc/sudoers.man.in, doc/sudoers.mdoc.in: - Emphasis on the never. - [39ca000281c7] + * plugins/sudoers/visudo_json.c: + Don't try to fflush(export_fp) or ferror(export_fp) if export_fp is + NULL, which can happen on the error path. + [ccfb4dd260fa] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Explicitly tell people not to grant sudoedit to directories the user - can write to. While sudoedit will no longer open symbolic links, - hard links are still an issue. - [26e0afae9bae] + * plugins/sudoers/sudoers.c, src/exec.c, src/exec_pty.c, src/sudo.c, + src/tgetpass.c: + O_NOCTTY has no effect when opening /dev/tty as the open can only + succeed if there is already a controlling tty. + [9ca106c499b2] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: - Add warning about writable directories and sudo/sudoedit. - [701ff725af42] + * src/sudo.c: + Do not need to open /dev/tty with O_NONBLOCK, it doesn't block on + first open like a physical terminal. By definition, if you have a + controlling tty, the first open (which might block) has already + occurred. + [15a5f006836a] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Emphasize that wildcards are not regexps. Bug #692 - [1e071810c4cb] + * src/selinux.c: + Use O_NOCTTY when opening a tty. + [5f9fd6458be4] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Emphasize that wildcards in command line arguments are dangerous. - Document the failings of the passwd example on GNU systems. Bug #691 - [54d793aea6b2] + * src/Makefile.in: + regen + [105ef4533724] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Escape the colons in [[:alpha:]] as required by sudoers. - [ad875dd5ca64] + * plugins/sudoers/auth/sudo_auth.c: + No need to set pass to NULL after freeing at the end of the loop it + since it is already set to NULL each time through the loop. + [2657b0b4260d] - * po/sudo.pot, src/sudo_edit.c: - Change warning when user tries to sudoedit a symbolic link. - [b8f44e834c2f] +2016-05-14 Todd C. Miller -2015-08-06 Todd C. Miller + * NEWS: + SELinux fixes in 1.8.17. + [f743cf0d9c62] - * MANIFEST: - add .json regress files to MANIFEST - [03ddb3a9671b] + * plugins/sudoers/logging.h, plugins/sudoers/logwrap.c: + Check fprintf() return value in writeln_wrap() and return the number + of characters actually written, or -1 on error. + [4739e0f58fa3] - * plugins/sudoers/po/sudoers.pot, po/sudo.pot: - regen - [5abaa0eeab86] + * src/conversation.c: + Check fputs() return value. + [e85778cbe0e3] - * doc/sudo.conf.cat, doc/sudoers.ldap.cat, doc/sudoreplay.cat, - doc/visudo.cat: - regen - [43e6b445734c] + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Do not write directly to stdout/stderr, use sudo_printf which calls + the conversation function. + [e86d5ed4dca7] - * doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, - doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, - doc/sudoers.mdoc.in, include/sudo_compat.h, include/sudo_plugin.h, - plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, - plugins/sudoers/def_data.in, plugins/sudoers/gram.c, - plugins/sudoers/gram.h, plugins/sudoers/gram.y, - plugins/sudoers/ldap.c, plugins/sudoers/parse.c, - plugins/sudoers/parse.h, plugins/sudoers/policy.c, - plugins/sudoers/regress/sudoers/test1.in, - plugins/sudoers/regress/sudoers/test1.json.ok, - plugins/sudoers/regress/sudoers/test1.out.ok, - plugins/sudoers/regress/sudoers/test1.toke.ok, - plugins/sudoers/sudoers_version.h, plugins/sudoers/testsudoers.c, - plugins/sudoers/toke.c, plugins/sudoers/toke.l, - plugins/sudoers/visudo_json.c, src/sesh.c, src/sudo.c, src/sudo.h, - src/sudo_edit.c: - Do not follow symbolic links in sudoedit by default. This behavior - can be controlled by the sudoedit_follow Defaults flag as well as - the FOLLOW/NOFOLLOW tags. - [9636fd256325] + * plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/securid5.c: + Do not write directly to stdout/stderr, use sudo_printf which calls + the conversation function. + [002a30fdb4e0] - * NEWS, aclocal.m4, configure, configure.ac: - Sudo 1.8.15 - [bf18da363b06] + * plugins/sudoers/iolog.c, plugins/sudoers/visudo_json.c: + Use ferror() after fflush() to check the error status of the stdio + stream we wrote to. + [fa1db13fe9ac] - * plugins/sudoers/Makefile.in, - plugins/sudoers/regress/sudoers/test1.json.ok, - plugins/sudoers/regress/sudoers/test10.json.ok, - plugins/sudoers/regress/sudoers/test11.json.ok, - plugins/sudoers/regress/sudoers/test12.json.ok, - plugins/sudoers/regress/sudoers/test13.json.ok, - plugins/sudoers/regress/sudoers/test14.json.ok, - plugins/sudoers/regress/sudoers/test15.json.ok, - plugins/sudoers/regress/sudoers/test16.json.ok, - plugins/sudoers/regress/sudoers/test2.json.ok, - plugins/sudoers/regress/sudoers/test3.json.ok, - plugins/sudoers/regress/sudoers/test4.json.ok, - plugins/sudoers/regress/sudoers/test5.json.ok, - plugins/sudoers/regress/sudoers/test6.json.ok, - plugins/sudoers/regress/sudoers/test7.json.ok, - plugins/sudoers/regress/sudoers/test8.json.ok, - plugins/sudoers/regress/sudoers/test9.json.ok: - Check JSON output of sudoers test files too. - [3d8517812b80] +2016-05-13 Todd C. Miller -2015-08-04 Todd C. Miller + * plugins/sudoers/parse.c: + printf() returns < 0 on error, not explicitly -1 + [2a2385b941de] - * plugins/sudoers/sudoers.c: - Move comment to match moved code. - [7a30f06462a8] + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat, + doc/sudoers.ldap.cat, doc/sudoreplay.cat, doc/visudo.cat: + Regen for 1.8.17 + [e24b0f944000] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - maxseq is an int not a string - [bffd97d22064] + Document that you need to preserve EDITOR and/or VISUAL for + env_editor to be useful. + [ef0ce8917307] -2015-08-02 Todd C. Miller + * src/selinux.c: + Fix last commit, now that argc is not reset we need to explicitly + start the copy from argv[1]. From Daniel Kopecek + [f52403ef587a] - * src/preserve_fds.c: - Include sys/types.h for id_t. Bug #711 - [fda95d9ca1e9] +2016-05-12 Todd C. Miller -2015-07-31 Todd C. Miller + * src/selinux.c: + cosmetic change to warning string + [a2893e3f9b70] - * lib/util/fnmatch.c: - Avoid a potential out of bounds read found by enh while fuzzing with - address sanitizer enabled. - [52d6b9916593] + * plugins/sudoers/auth/pam.c: + Avoid adding an extraneous warning string to sudoers.pot. + [6b07043b48f7] -2015-07-27 Todd C. Miller + * lib/util/snprintf.c: + Use EOVERFLOW, not ENOMEM for overflow conditions. For snprintf() + and vsnprintf(), POSIX says we should return -1 and set errno to + EOVERFLOW if the size param is > INT_MAX; also zero out the string + in this case (not mandated by POSIX) for safety. + [294720fc981a] - * mkpkg: - Set sssd lib location to /usr/lib64 on 64-bit RHEL/Centos. Bug #710 - [428421925a20] +2016-05-11 Todd C. Miller -2015-07-24 Todd C. Miller - - * doc/CONTRIBUTORS, src/Makefile.in: - The init.d files are generated from a .in file so we need to install - from top_builddir not top_srcdir. From Ross Burton. Bug #708 - [df1e7a0d3182] - -2015-07-22 Todd C. Miller + * plugins/sudoers/auth/pam.c: + Now that pam_open_session() failure is fatal we should print and log + an error from it. Bug #744 + [0e98a92ef910] - * lib/util/term.c: - Replace two "return 0" with debug_return_bool(false). - [49f8fb3dcd36] + * src/selinux.c: + Repair SELinux support, broken by 397722cdd7ec. From Daniel Kopecek. + [1246583c7c1f] - * .hgtags: - Added tag SUDO_1_8_14p3 for changeset 7af6d4b9a71c - [cb3d85741f49] <1.8> + * plugins/sudoers/iolog.c, plugins/sudoers/pwutil.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Remove sudo_mkpwcache() and sudo_mkgrcache(). We now create the + caches as needed on demand. Also remove calls to sudo_freepwcache() + and sudo_freegrcache() that are immediately followed by execve(), + they are not needed. + [60448afe813d] - * NEWS, configure, configure.ac, src/sudo.c, src/ttyname.c: - Merge sudo 1.8.14p3 from trunk. - [7af6d4b9a71c] [SUDO_1_8_14p3] <1.8> + * plugins/sudoers/iolog.c, plugins/sudoers/logging.c, + plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + Eliminate use of setpwent()/endpwent() and setgrent()/endgrent(). + Sudo never iterates over the passwd or group file. Rename + sudo_set{pw,gr}ent() -> sudo_mk{pw,gr}cache() and use + sudo_free{pw,gr}cache() instead of sudo_end{pw,gr}ent(). + [66e6f5e7b51b] - * src/ttyname.c: - fix typo in previous commit - [094488696f2c] +2016-05-10 Todd C. Miller - * NEWS, configure, configure.ac: - Sudo 1.8.14p3 - [0079c43d8247] + * plugins/sudoers/parse.h: + Remove unnecessary NULL checks in the RUNAS_CHANGED macro. The only + place where the pointers could be NULL is in visudo_json.c but we + already check for "next" being NULL there. Quiets a cppcheck + warning. + [a0d84832c154] -2015-07-21 Todd C. Miller +2016-05-09 Todd C. Miller - * src/ttyname.c: - Fix errno value from get_process_ttyname() when no tty is present. - [ff7b12bb0638] + * plugins/sudoers/sudoreplay.c: + In replay_session() free iov at the end of the function (if needed) + instead of after processing each line from the timing file. Coverity + CID 104843. + [5112f514af87] - * src/ttyname.c: - On AIX, only convert the tty device number from dev64_t to dev32_t - if dev_t is 32-bits. - [0e728a1eb07a] + * plugins/sudoers/sudoreplay.c: + Add io_log_read() and io_log_gets() to hide differences between + gzread/fread and gzgets/fgets. Check for premature EOF and error + from io_log_read(). Also sanity check the index in the timing file. + Coverity CID 104630. + [6a3b9932f567] -2015-07-20 Todd C. Miller + * src/exec_pty.c: + Break up io_callback() into read_callback() and write_callback() to + make it clear that we can't get an event with both read and write + set. + [cd3a1e182dd4] - * NEWS, configure, configure.ac: - Sudo 1.8.14p2 - [55fe56b28c7b] +2016-05-07 Todd C. Miller - * plugins/sudoers/timestamp.c: - Fix creation of the timestamp file; bug #704 - [1ff77fd5cc8f] + * src/exec_pty.c: + In io_callback() make sure we clear SUDO_EV_READ if we close the fd. + It should not be possible for SUDO_EV_READ to be set when revent is + non-NULL but this makes static analyzers happier. Coverity CID + 104124. + [7acc249fa098] -2015-07-19 Todd C. Miller + * plugins/sudoers/ldap.c: + In sudo_krb5_copy_cc_file() move the close(ofd) to the done: label + so we only have to cleanup in one place. Coverity CID 104577. + [0f189e70c59d] - * src/regress/ttyname/check_ttyname.c, src/sudo.c, src/sudo.h, - src/ttyname.c: - Avoid needless memory allocation when resolving the tty name. - [c58cce92d5e0] + * plugins/sudoers/ldap.c: + Fix memory leak in sudo_netgroup_lookup() in the non-error case. + Coverity CID 104572, 104573, 104574, 104575. + [7f9fb7a360b7] -2015-07-17 Todd C. Miller + * plugins/sudoers/ldap.c: + Fix fd leak in sudo_krb5_copy_cc_file() if restore_perms() fails. + Coverity CID 104571. + [d9434cdfb73c] - * .hgtags: - Added tag SUDO_1_8_14p1 for changeset 3eb9763706b2 - [fd224b6f682a] <1.8> + * plugins/sudoers/sudoreplay.c: + Free the events and event base before returning from + replay_session(). Coverity CID 104116, 104117. + [321216089e4a] - * NEWS, configure, configure.ac: - Merge sudo 1.8.14p1 from trunk. - [3eb9763706b2] [SUDO_1_8_14p1] <1.8> + * src/sudo_edit.c: + In sudo_edit_create_tfiles(), fix fd leak if sudo_edit_mktemp() + fails. Coverity CID 104114. + [713de09ff956] - * NEWS, configure, configure.ac: - Sudo 1.8.14p1 - [973705806759] + * src/sudo_edit.c: + Fix fd leak in sudo_edit_open_nonwritable() if dir_is_writable() + returns an error. Coverity CID 104113. + [314a57004f00] - * plugins/sudoers/sssd.c: - Fix typo in sudo_sss_attrcpy() that caused a memory allocation - error. - [0fa324a7bb56] + * src/sudo_edit.c: + Fix memory leak of sesh_args in selinux_edit_copy_tfiles(). Coverity + CID 104112. + [ac7f0cbd07c9] -2015-07-15 Todd C. Miller + * plugins/sudoers/visudo.c: + Fix memory leak in get_editor() if resolve_editor() fails with an + error. Coverity CID 104107. + [e355b1f45bcb] - * .hgtags: - Added tag SUDO_1_8_14 for changeset f93a3f006a69 - [1a267258d4b2] <1.8> + * src/sudo.c: + Fix memory leak on error if sudo_new_key_val() fails. Coverity CID + 104103. + [c2ee1557aef2] - * INSTALL, Makefile.in, NEWS, config.h.in, configure, configure.ac, - doc/CONTRIBUTORS, doc/sudo.cat, doc/sudo.man.in, - doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, - doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, - doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, - doc/visudo.man.in, include/sudo_alloc.h, lib/util/Makefile.in, - lib/util/alloc.c, lib/util/event.c, lib/util/getgrouplist.c, - lib/util/locale_weak.c, m4/ax_sys_weak_alias.m4, mkpkg, - plugins/group_file/Makefile.in, plugins/sudoers/Makefile.in, - plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, - plugins/sudoers/boottime.c, plugins/sudoers/check.c, - plugins/sudoers/env.c, plugins/sudoers/iolog.c, - plugins/sudoers/logging.c, plugins/sudoers/match.c, - plugins/sudoers/po/sudoers.pot, plugins/sudoers/redblack.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, - po/sudo.pot, src/Makefile.in, src/exec_pty.c, src/load_plugins.c, - src/locale_stub.c, src/parse_args.c, src/sudo.c, src/ttyname.c: - Merge sudo 1.8.14 from trunk. - [f93a3f006a69] [SUDO_1_8_14] <1.8> + * plugins/sudoers/visudo.c: + Ignore the return value of the initial sudoersparse(), before we + have actually edited any files. Coverity CID 104078. + [184d9c6aec65] - * plugins/sudoers/po/ja.mo, plugins/sudoers/po/uk.mo, - plugins/sudoers/po/vi.mo, plugins/sudoers/po/zh_CN.mo: - rebuild - [e4c7cda46475] + * src/exec.c: + Ignore the result of send() on exec error, if it fails the other end + of the pipe is gone and we are headed for exit. Coverity CID 104066. + [cdcd7dfcbca1] -2015-07-14 Todd C. Miller + * plugins/sudoers/toke_util.c: + In fill_args() clean up properly if there is an internal overflow + (which should not be possible). Coverity CID 104569. + [0bc710e91ec4] - * lib/util/lbuf.c, plugins/sudoers/env.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/interfaces.c, - plugins/sudoers/match.c, plugins/sudoers/pwutil_impl.c, - plugins/sudoers/redblack.c, src/hooks.c, src/net_ifs.c, src/sudo.c: - Add some debugging printfs when malloc fails and we don't have an - explicit call to sudo_warnx(). - [07aebb5839c3] + * plugins/sudoers/gc.c: + Fix logic inversion in sudoers_gc_remove(), currently unused. + Coverity CID 104568 + [e29df8da11ea] - * plugins/sudoers/toke.c, plugins/sudoers/toke.l, - plugins/sudoers/toke_util.c: - Add missing warnings for memory allocation failure. Add function - name to memory allocation warnings. - [4f6027786a28] +2016-05-06 Todd C. Miller - * lib/util/parseln.c: - Return -1 if realloc() fails. - [707632291eac] + * plugins/sudoers/iolog.c: + In io_mkdirs(), change the order from stat then mkdir, to mkdir then + stat. This more closely matches what "mkdir -p" does. Coverity CID + 104120. + [e462528ff7ea] - * lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c: - Add line number to debug log for memory allocation errors. - [f4f3debdfcc5] + * plugins/sudoers/timestamp.c: + In ts_mkdirs(), change the order from stat then mkdir, to mkdir then + stat. This more closely matches what "mkdir -p" does. Coverity CID + 104119. + [c0c0e2662883] - * plugins/sudoers/auth/pam.c: - Add warning if calloc() fails. Add debugging for other unexpected - errors. - [a1e0945237d8] + * plugins/sudoers/sudoers.c: + Newer versions of Ubuntu have switched from using the "admin" group + to the "sudo" group to align with Debian. + create_admin_success_flag() now accepts either one. + https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1387347 + [17b4d725dac4] - * plugins/sudoers/ldap.c: - Add missing check for calloc(3) return value. - [37fe3ca78e8e] + * plugins/sudoers/timestamp.c: + Cast off_t printed via printf(3) instead of assuming it is long + long. + [b1d398f4a8dc] -2015-07-13 Todd C. Miller + * plugins/sudoers/sudoers.c: + Instead of using stat(2) to see if the admin flag file exists and + creating it if not, just try to create the file and treat EEXIST as + a non-error. Coverity CID 104121. + [bd58b0a35a3c] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Document that the values printed by "sudo -V" are affected by - Defaults settings in sudoers. - [80ec2572861b] + * MANIFEST, plugins/sample/README: + README file for the sample plugin that tells the user how to build, + install and enable it. + [8d7096ce78cc] -2015-07-10 Todd C. Miller + * plugins/sample/sample_plugin.c: + Fix compilation error and export sample_policy struct. From Michael + Evans + [5280c1576e7f] - * plugins/sudoers/group_plugin.c, - plugins/sudoers/regress/check_symbols/check_symbols.c, - plugins/sudoers/sssd.c, src/load_plugins.c: - Avoid calling dlerror() multiple times since it clear the error - status after printing the error. Problem caused by - sudo_warn/sudo_fatal being macros... - [c0fd3b0fb9c3] + * NEWS: + Update for 1.8.17 + [979688a5ef13] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat, - doc/sudoers.man.in, doc/sudoers.mdoc.in: - Attempt to clarify the conditions under which MAIL and HOME are set - to the target user. - [ebd269bebe64] + * configure, configure.ac: + Sudo 1.8.17 + [09311b2e9697] -2015-07-09 Todd C. Miller + * plugins/sudoers/logging.c: + Check return value of restore_perms() in vlog_warning(). Coverity + CID 104079. + [86555dd0942d] - * mkpkg: - Better checks for the libaudit package for Debian and error out if - we can't figure it out. - [225c1bfcb629] + * plugins/sudoers/editor.c: + Fix memory leaks in resolve_editor() in the error path. Coverity CID + 104109, 104110 + [6ac3f7e3ada9] - * mkpkg: - Fix linux_audit setting on non-multiarch Debian. - [0a38e9d158f4] + * plugins/sudoers/policy.c: + Fix memory leak of gid_list in sudoers_policy_exec_setup() in the + error path. Coverity CID 104111. + [eac1e9489367] - * sudo.pp: - Fix typo that broke the linux_audit dependency on Debian. - [0917bd45acf1] + * plugins/sudoers/logging.c: + Fix fd leak in do_logfile() if we fail to lock the log file. + Coverity CID 104115. + [164a693207a8] - * NEWS: - Mention /proc/stat btime fix. - [754050a340e2] + * plugins/sudoers/sssd.c: + Fix memory leak of sss_result in sudo_sss_lookup() Coverity CID + 104106 + [7dcee1e6d76f] - * config.h.in, configure, configure.ac, lib/util/getaddrinfo.c, - plugins/sudoers/interfaces.c, plugins/sudoers/match_addr.c, - src/net_ifs.c: - Solaris 2.6 has the prototypes for inet_pton() and inet_ntop() in - resolv.h. - [dc0f62743845] + * plugins/sudoers/iolog.c: + Fix fd leak in open_io_fd() if gzdopen/fdopen fails. Coverity CID + 104105 + [c4c2848c1167] - * plugins/sudoers/boottime.c: - Sprinkle debugging for boottime. - [dfb45c763179] + * plugins/sudoers/iolog.c: + Fix fd leak in io_nextid() in error path. Coverity CID 104104 + [8920cdaab5bd] - * mkpkg: - The old Solaris /bin/sh doesn't support POSIX $( .. ) syntax, use - backquotes instead. - [c9e33ffef2b1] +2016-05-05 Todd C. Miller -2015-07-08 Todd C. Miller + * plugins/sudoers/timestamp.c: + Check lseek() return value. Coverity CID 104061. + [bf3bb4c80cfc] - * mkpkg, sudo.pp: - Only use --with-sssd-lib on Debian/Ubuntu w/ multipackage. Use dpkg- - query to determine the name of the audit package for proper - dependencies. - [e9669389aa2f] + * plugins/sudoers/timestamp.c: + Ignore ts_write() return value when disabling an entry with a bogus + timestamp. We ignore the timestamp entry even it doesn't succeed. + Coverity CID 104062. + [5e5925ebbc75] - * mkpkg, plugins/sudoers/sudoers.in, sudo.pp: - Update Debian/Ubuntu packages to be more like the vendor ones. One - notable exception is that sudo.ws packages use /var/run, not - /var/lib for timestamp files. - [0f4c49a3768e] + * plugins/sudoers/iolog.c, plugins/sudoers/match.c, + plugins/sudoers/tsgetgrpw.c, src/exec.c, src/exec_pty.c, src/sudo.c: + Cast the return value of fcntl() to void when setting FD_CLOEXEC. + Coverity CID 104063, 104064, 104069, 104070, 104071, 104072, 104073, + 104074 + [48720d2f6658] - * doc/CONTRIBUTORS: - Add Jakub Wilk - [78bfdf2e441b] + * plugins/group_file/getgrent.c: + Cast the return value of fcntl() to void when setting FD_CLOEXEC. + Coverity CID 104075, 104076, 104077. + [7fe1d9f97321] - * plugins/sudoers/boottime.c: - Strip newline from /proc/stat btime line to avoid a strtonum() - failure. From Jakub Wilk. - [8a04f85a070f] + * plugins/sudoers/env.c: + Avoid a false positive. Coverity CID 104056. + [0256978219a6] - * src/exec_pty.c: - In io_callback() service writes before reads. That way, if both - SUDO_EV_READ and SUDO_EV_WRITE are set and read() returns 0 (EOF) we - don't close the fd before the write() is performed. + * plugins/sudoers/visudo_json.c: + Avoid calling fclose(NULL) on error in export_sudoers(). Coverity + CID 104091. + [2f73d86ab929] - If the write() returns EPIPE, ENXIO, EIO or EBADF, clear - SUDO_EV_READ before we close the fd to avoid calling read() on a - closed fd. - [167548fd8af2] + * plugins/sudoers/toke_util.c: + In fill_args(), check for "arg_size == 0" instead of + "sudoerslval.command.args == NULL" since the latter leads Coverity + to imply that sudoerslval.command.args could be NULL later on. + Coverity CID 104093. + [bab505438881] -2015-07-07 Todd C. Miller + * plugins/sudoers/sudoers.c: + Avoid calling fclose(NULL) if the sudoers file is not secure and + restore_perms() fails. Coverity CID 104090. + [150db126c221] - * lib/util/regress/sudo_conf/conf_test.c, - plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, - plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c: - Check sudo_conf_read() return value and exit on fatal error (a - warning was already printed by sudo_conf_read()). - [d05797f4f197] +2016-05-04 Todd C. Miller - * NEWS: - Mention double-quoted sudoOption value support. - [55684a73f097] + * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c: + In fill_args(), replace loop that increments arg_size() with a + simple add and mask. Should prevent a false positive from Coverity + CID 104094. + [411c7e398286] - * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - Add support for parsing quoted strings in a sudoOption just like - sudoers Defaults settings. - [fe8291414179] + * plugins/sudoers/sudoreplay.c: + In parse_expr(), move the "bad" label after the "default" case in + the switch(), not before it. This seemed to confuse Covertity, + resulting in a false positive, CID 104095. + [4371f26995fb] - * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, - plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, po/da.mo, - po/da.po: - Sync with translationproject.org - [1c15d1a3dbdd] + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: + For "sudoreplay -l", not all predicates may be shortened to a single + character. Both 'c' and 't' have more than one possibility. + [29a5a9a313e2] -2015-07-06 Todd C. Miller + * src/exec.c, src/exec_pty.c, src/sudo.c: + pid_t is defined by POSIX as a signed integer type so we don't need + a cast when comparing to -1. + [98f0a86260a0] - * plugins/sudoers/po/sudoers.pot, po/sudo.pot: - Update year. - [6ca660e4a957] + * src/exec.c: + In dispatch_signal() for stopped processes check for tcgetpgrp() + returning -1. Also change checks from "saved_pgrp != -1" to "fd != + -1". Coverity CID 104098. + [42ac4ad85900] - * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, - plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, po/de.mo, - po/de.po, po/nb.mo, po/nb.po: - Sync with translationproject.org - [d7ede74dcb19] + * src/selinux.c: + In relabel_tty() always jump to bad: on error, regardless of the + value of se_state.enforcing. On error, return -1 if enforcing, else + 0. Coverity CID 104099. + [db1a54d718f1] - * src/sudo.c: - Fix utmp setup broken by commit be0ca60facf8 - [cd8a06f57f2b] + * config.h.in, configure.ac: + Define NO_LEAKS when sudo is built with Coverity. + [f4209b9ade8c] -2015-07-03 Todd C. Miller + * src/exec_pty.c: + In io_callback() if we write the complete buffer and find that there + is no associated reader just return as there is nothing else to be + done. In practice is it not possible for SUDO_EV_READ to be set if + revent is NULL but an early return is harmless and possibly easier + to understand. Coverity CID 104124. + [3b3eb45b701e] - * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, - plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, - plugins/sudoers/po/ja.po, plugins/sudoers/po/pl.mo, - plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.po, - plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.po, po/cs.mo, - po/cs.po, po/fr.mo, po/fr.po, po/it.mo, po/it.po, po/pl.mo, - po/pl.po: - Sync with translationproject.org - [aa473519e66d] + * src/sudo_edit.c: + Handle read() returning -1 when creating temporary files. Coverity + CID 104100 + [e82af51e4f48] - * plugins/sudoers/po/sudoers.pot: - regen - [8f8aa321f043] + * plugins/sudoers/policy.c: + Fix cut and paste error when checking cols for 0. Coverity CID + 104081 + [22a3b7d9bce1] - * plugins/sudoers/logging.c: - Fix typo in error message. - [220832711826] + * plugins/sudoers/pwutil.c: + Use a single debug message for cache hit or store to avoid another + situation where they get out of sync. Bug #743 + [4cf484e9b016] -2015-07-02 Todd C. Miller + * plugins/sudoers/pwutil.c: + Sync the "cache hit" debug messages with the "cached" debug + messages. This fixes a bug where we could dereference a NULL pointer + when we look up a negative cached entry which is stored as a NULL + passwd or group struct pointer. Bug #743. + [1d13341d53ec] - * NEWS: - Bug #702 is the AIX timespec issue. - [c597a312e816] +2016-04-28 Todd C. Miller - * config.h.in, configure, configure.ac, lib/util/closefrom.c, - lib/util/getcwd.c, lib/util/glob.c, plugins/sudoers/match.c, - plugins/sudoers/sudoreplay.c, plugins/sudoers/toke.c, - plugins/sudoers/toke.l, src/ttyname.c: - We require POSIX so no need to conditionally include dirent.h. Add a - check for d_namlen and use the result in the NAMLEN macro. - [2728194cb6cf] + * configure, configure.ac: + Remove the check for __sprintf_chk when checking for + _FORTIFY_SOURCE, Some implementations are purely header-file based. + As long as we can link a test program using sprintf() when + _FORTIFY_SOURCE=2 it should be safe to use. + [910af8ba4666] - * lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c, - lib/util/getcwd.c, lib/util/gettime.c, lib/util/glob.c, - lib/util/lbuf.c, lib/util/locking.c, lib/util/mktemp.c, - lib/util/parseln.c, lib/util/secure_path.c, lib/util/setgroups.c, - lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/ttysize.c, - plugins/group_file/group_file.c, plugins/sample/sample_plugin.c, - plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, - plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, - plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, - plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, - plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, - plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, - plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, - plugins/sudoers/check.c, plugins/sudoers/defaults.c, - plugins/sudoers/editor.c, plugins/sudoers/env.c, - plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, - plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, - plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, - plugins/sudoers/ldap.c, plugins/sudoers/logging.c, - plugins/sudoers/match.c, plugins/sudoers/match_addr.c, - plugins/sudoers/parse.c, plugins/sudoers/policy.c, - plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, - plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, - plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoreplay.c, - plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c, - plugins/sudoers/toke.c, plugins/sudoers/toke.l, - plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, - plugins/sudoers/visudo_json.c, plugins/system_group/system_group.c, - src/conversation.c, src/exec.c, src/exec_common.c, src/exec_pty.c, - src/get_pty.c, src/hooks.c, src/load_plugins.c, src/net_ifs.c, - src/openbsd.c, src/parse_args.c, src/preserve_fds.c, src/signal.c, - src/solaris.c, src/sudo.c, src/sudo_edit.c, src/sudo_noexec.c, - src/tgetpass.c, src/ttyname.c, src/utmp.c: - There's no need to conditionalize the #include , we - require a POSIX system. - [79389c527c08] + * config.h.in, configure, configure.ac: + Remove configure checks for dev_t, id_t, ino_t, ptrdiff_t, size_t + and ssize_t. These have been specified by either ANSI C or POSIX for + long enough that if the system doesn't support them, it is unlikely + to be able to compile sudo anyway. + [c9fd433cfe27] - * include/sudo_compat.h: - Remove some compatibilty defines that should no longer be needed. - [e9136646d1c6] + * src/sudo.c: + Do group setup in policy_init_session() before calling out to the + plugin. This makes it possible for the pam_group module to change + the group in pam_setcred(). It's a bit bogus since pam_setcred() is + documented as not changing the group or user ID, but pam_group is + shipped with stock Linux-PAM so we need to support it. + [814cda602541] -2015-06-30 Todd C. Miller +2016-04-26 Todd C. Miller - * NEWS: - Final changes in 1.8.14 - [3a5cd4f2875a] + * plugins/sudoers/logging.c: + Add missing newline when logging to a file (not syslog) and + loglinelen is set to a non-positive number. Bug #742 + [ef0a5428a574] - * include/sudo_compat.h: - Need to include stddef.h to get rsize_t on Mac OS X for - sudo_memset_s() prototype. - [9615efed4a9a] +2016-04-25 Todd C. Miller - * lib/util/regress/parse_gids/parse_gids_test.c, - lib/util/regress/strsplit/strsplit_test.c: - Add missing exit value. - [484202b53893] + * src/exec.c: + style fix; fork_cmnd should start on a new line + [e8211fe0f8d7] - * lib/util/regress/mktemp/mktemp_test.c: - Add missing fcntl.h include. - [020fe6252d96] +2016-04-22 Todd C. Miller - * configure, configure.ac: - Do check for inet_pton before inet_ntop since we may need to record - dependent libraries for inet_pton when linking our getaddrinfo - replacement. - [fde03eefd88d] + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, src/signal.c, src/sudo.c, src/tgetpass.c: + Ignore SIGPIPE for the duration of sudo and not just in a few select + places. We have no control over what nss, PAM modules or sudo + plugins might do so ignoring SIGPIPE is safest. + [7c919101b8ec] - * include/sudo_debug.h, lib/util/sudo_debug.c: - Fix build on compilers w/o __func__ or __FUNCTION__ - [196d75416cd5] + * src/selinux.c: + Use string_to_security_class() instead of pulling SECCLASS_CHR_FILE + from flask.h. Avoids a warning with new SELinux includes. + [24f357b419c4] - * lib/util/util.exp.in: - Remove sudo_evasprintf_v1, missed during alloc.c removal. - [7d0ac7e5909d] +2016-04-19 Todd C. Miller - * lib/util/snprintf.c: - Add missing fcntl.h include. - [23b886deb879] + * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + When determining whether or not "sudo -l" or "sudo -b" should prompt + for a password, take all sudoers sources into account. In other + words, if both file and ldap sudoers sources are in use, "sudo -v" + will now require that all entries in both sources be have NOPASSWD + (file) or !authenticate (ldap) in the entries. + [51e2a5ecacc6] - * config.h.in, configure, configure.ac: - Add check for inline support. - [061dab0e411c] +2016-03-22 Todd C. Miller -2015-06-29 Todd C. Miller + * plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/sudo_auth.h: + If the auth_type setting in /etc/security/login.cfg is set to + PAM_AUTH but pam_start() fails, fall back to use AIX authentication. + Skip the auth_type check if sudo is not compiled with PAM support. + [cdbe432c465c] - * doc/LICENSE: - Add reallocarray.c license. - [b4b4d46309f3] +2016-03-17 Todd C. Miller -2015-06-27 Todd C. Miller + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + The header for sudo.conf(5) should be SUDO.CONF(5) not SUDO(5). + [d3afd5bd550f] - * doc/CONTRIBUTORS: - Fix entry for Joel Pelaez Jorge. - [386434049903] +2016-03-16 Todd C. Miller -2015-06-26 Todd C. Miller + * plugins/sudoers/policy.c: + hook_version and hook_type are unsigned so use 0, not -1 in the + final (empty) entry. Quiets a warning on Solaris Studio 12.2. + [4947de8e35b7] - * include/sudo_lbuf.h, lib/util/lbuf.c, lib/util/util.exp.in, - plugins/sudoers/ldap.c, plugins/sudoers/parse.c, - plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c: - Add an error flag to the lbuf struct to simplify error checking. - Callers of the lbuf functions now check the error flag to tell if a - memory allocation error ocurred. - [bc44b0fbc03b] +2016-03-09 Todd C. Miller - * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c, - plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.h: - display_privs() and display_cmnd() may need to return -1 on error. - [b6d8826900bb] + * NEWS, config.h.in, configure, configure.ac, + plugins/sudoers/auth/pam.c: + Work around an ambiguity in the PAM spec with respect to the + conversation function. It is not clear whether the "struct + pam_message **msg" is an array of pointers or a pointer to an array. + Linux-PAM and OpenPAM use an array of pointers while Solaris/HP- + UX/AIX uses a pointer to an array. Bug #726. + [d2b926e2f7d6] -2015-06-25 Todd C. Miller +2016-03-08 Todd C. Miller - * plugins/sudoers/check.c, plugins/sudoers/check.h, - plugins/sudoers/ldap.c, plugins/sudoers/logging.c, - plugins/sudoers/parse.c, plugins/sudoers/policy.c, - plugins/sudoers/prompt.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c: - Check restore_perms() return value in all cases, pushing the return - value back up the call stack. - [c9beeed2b614] + * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/eo.mo, + po/eo.po, po/it.mo, po/it.po, po/ja.mo, po/ja.po, po/ru.mo, + po/ru.po, po/sr.mo, po/sr.po: + sync with translationproject.org + [271c6738213d] - * plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h: - Return -1, not 0 from sudoers when there is an error (as opposed to - a policy denial). - [5d197fe29e0e] +2016-02-27 Todd C. Miller - * doc/CONTRIBUTORS: - Add Joel Pelaez Jorge - [55387b44d6e9] + * NEWS: + Bug #738 + [9e7974480cdc] - * plugins/sudoers/auth/pam.c: - When checking whether the PAM prompt matches "Password:", also check - for the untranslated version. The PAM module might not be using the - localized string even though it exists. From Joel Pelaez Jorge. - Fixes Bug #701 - [d87f6f2ccb42] +2016-02-26 Todd C. Miller -2015-06-24 Todd C. Miller + * plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, po/nb.mo, + po/nb.po: + sync with translationproject.org + [6aa32f6e5240] - * plugins/sudoers/ldap.c: - Silence clang analyzer warning on glibc systems where the first - argument to qsort() is marked as non-NULL. Also change some counters - from into to unsigned int and two flags from int to bool. - [09e400445ca2] + * lib/util/regress/fnmatch/fnm_test.in: + Better test for negated character classes. + [635e3c17bca1] -2015-06-23 Todd C. Miller + * lib/util/regress/fnmatch/fnm_test.in: + Add test for negated character class + [0d813e098864] - * plugins/sudoers/sudoreplay.c: - Silence clang analyzer warning on glibc systems where the first - argument to qsort() is marked as non-NULL. - [34fa7256f1e2] + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/cs.mo, + po/cs.po, po/de.mo, po/de.po, po/fr.mo, po/fr.po, po/pl.mo, + po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/uk.mo, po/uk.po, po/vi.mo, + po/vi.po, po/zh_CN.mo, po/zh_CN.po: + sync with translationproject.org + [9398ffdc7719] - * include/sudo_compat.h, include/sudo_debug.h, include/sudo_util.h, - src/preserve_fds.c: - Use our own bitmap macros instead of borrowing the ones from select. - [51ef403511d9] + * NEWS: + sync + [a27a7d40491e] - * lib/util/sudo_debug.c: - Must call round_nfds() with fd+1 since it takes a count not the fd - number. In other words, the lowest value is 1, not 0. - [cc175cba5371] + * lib/util/fnmatch.c: + Fix negation of character classes. + [aed07c013a41] - * src/ttyname.c: - Quiet clang analyzer false positive. - [9ebecd6b6b29] + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Fix the check for whether a user is allowed to lists another user's + privileges. The "matched" variable is not boolean, it can also have + the value UNSPEC so we need to check explicitly for true. Bug #738 + [e8ed706fda03] - * src/sesh.c: - Fix uninitialized variables warnings in error case when src file - cannot be opened. At least one of these is a false positive. - [98b417c1307a] + * plugins/sudoers/auth/pam.c: + Log the number of PAM messages in the conversation function at debug + level. + [3f16eea5875f] -2015-06-20 Todd C. Miller +2016-02-24 Todd C. Miller - * lib/util/getline.c, plugins/sudoers/toke_util.c: - It's safe to rely on C89 semantics for realloc(NULL, size). - [b633582413ac] + * configure, configure.ac: + Don't check for posix_spawn() or posix_spawnp() if we were unable to + find spawn.h. This should only be a problem on systems with broken + headers. Bug #730 + [5e5b0646dca4] - * plugins/sudoers/env.c: - malloc() sets errno to ENOMEM on failure so we don't need to set it - explicitly. - [09cb5ceaaec3] +2016-02-22 Todd C. Miller - * include/sudo_compat.h: - No longer need __malloc_like - [a41b69f256f6] + * NEWS: + update for 1.8.16 + [bad5e6534f39] - * lib/util/util.exp.in: - Remove symbols from the now-removed alloc.c. - [da0753d85d20] + * doc/CONTRIBUTORS, plugins/sudoers/sudoers2ldif: + Fix documented bug with duplicate role names and turn on perl + warnings. Based on a diff from Aaron Peschel + [344a1c1f5c93] - * include/sudo_compat.h, lib/util/aix.c, lib/util/closefrom.c, - lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c, - lib/util/getaddrinfo.c, lib/util/getcwd.c, lib/util/getgrouplist.c, - lib/util/gethostname.c, lib/util/getline.c, lib/util/getopt_long.c, - lib/util/gettime.c, lib/util/gidlist.c, lib/util/glob.c, - lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c, - lib/util/mksiglist.c, lib/util/mksigname.c, lib/util/parseln.c, - lib/util/progname.c, lib/util/pw_dup.c, lib/util/reallocarray.c, - lib/util/regress/atofoo/atofoo_test.c, - lib/util/regress/parse_gids/parse_gids_test.c, - lib/util/regress/progname/progname_test.c, - lib/util/regress/strsplit/strsplit_test.c, - lib/util/regress/sudo_conf/conf_test.c, - lib/util/regress/sudo_parseln/parseln_test.c, lib/util/setgroups.c, - lib/util/sha2.c, lib/util/sig2str.c, lib/util/snprintf.c, - lib/util/strndup.c, lib/util/strsplit.c, lib/util/strtobool.c, - lib/util/strtoid.c, lib/util/strtomode.c, lib/util/strtonum.c, - lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/sudo_dso.c, - lib/util/term.c, lib/util/ttysize.c, plugins/group_file/getgrent.c, - plugins/group_file/group_file.c, plugins/group_file/plugin_test.c, - plugins/sample/sample_plugin.c, plugins/sudoers/alias.c, - plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c, - plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, - plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, - plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, - plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, - plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, - plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, - plugins/sudoers/base64.c, plugins/sudoers/boottime.c, - plugins/sudoers/check.c, plugins/sudoers/defaults.c, - plugins/sudoers/editor.c, plugins/sudoers/env.c, - plugins/sudoers/find_path.c, plugins/sudoers/getdate.c, - plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c, - plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, - plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, - plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, - plugins/sudoers/logging.c, plugins/sudoers/logwrap.c, - plugins/sudoers/match.c, plugins/sudoers/match_addr.c, - plugins/sudoers/parse.c, plugins/sudoers/policy.c, - plugins/sudoers/prompt.c, plugins/sudoers/pwutil_impl.c, - plugins/sudoers/redblack.c, - plugins/sudoers/regress/check_symbols/check_symbols.c, - plugins/sudoers/regress/iolog_path/check_iolog_path.c, - plugins/sudoers/regress/logging/check_wrap.c, - plugins/sudoers/regress/parser/check_addr.c, - plugins/sudoers/regress/parser/check_base64.c, - plugins/sudoers/regress/parser/check_digest.c, - plugins/sudoers/regress/parser/check_fill.c, - plugins/sudoers/regress/parser/check_hexchar.c, - plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, - plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_printf.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c, - plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, - plugins/sudoers/timestamp.c, plugins/sudoers/timestr.c, - plugins/sudoers/toke.c, plugins/sudoers/toke.l, - plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c, - plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, - plugins/system_group/system_group.c, src/conversation.c, - src/env_hooks.c, src/exec.c, src/exec_common.c, src/exec_pty.c, - src/get_pty.c, src/hooks.c, src/load_plugins.c, src/net_ifs.c, - src/openbsd.c, src/parse_args.c, src/preserve_fds.c, - src/regress/ttyname/check_ttyname.c, src/selinux.c, src/signal.c, - src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c, - src/ttyname.c, src/utmp.c: - Only include stddef.h where it is needed. - [ce597fb7ffb9] +2016-02-20 Todd C. Miller -2015-06-19 Todd C. Miller + * lib/util/aix.c: + Add declaration of getauthdb() for AIX 5.1 + [f758960bcfd6] + +2016-02-19 Todd C. Miller * plugins/sudoers/po/sudoers.pot, po/sudo.pot: regen - [cad83b927f4e] - - * lib/util/sudo_conf.c, plugins/sudoers/locale.c: - Better handling of setlocale() returning NULL. - [7cd4fcdb528c] - - * lib/util/aix.c, lib/util/gidlist.c, lib/util/sudo_conf.c, - plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c, - plugins/sudoers/defaults.c, plugins/sudoers/editor.c, - plugins/sudoers/env.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, - plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, - plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, - plugins/sudoers/logging.c, plugins/sudoers/match.c, - plugins/sudoers/parse.c, plugins/sudoers/policy.c, - plugins/sudoers/prompt.c, plugins/sudoers/sssd.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c, - plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, - plugins/sudoers/visudo.c, src/conversation.c, src/exec.c, - src/exec_common.c, src/exec_pty.c, src/load_plugins.c, - src/parse_args.c, src/preserve_fds.c, src/selinux.c, src/sesh.c, - src/sudo.c, src/sudo_edit.c: - Add function name to "unable to allocate memory" warnings. - [98c07e26a13e] + [e61e1241f15f] - * configure, configure.ac, include/sudo_compat.h, lib/util/aix.c, - lib/util/closefrom.c, lib/util/event.c, lib/util/event_poll.c, - lib/util/event_select.c, lib/util/getaddrinfo.c, lib/util/getcwd.c, - lib/util/getgrouplist.c, lib/util/gethostname.c, lib/util/getline.c, - lib/util/getopt_long.c, lib/util/gettime.c, lib/util/gidlist.c, - lib/util/glob.c, lib/util/key_val.c, lib/util/lbuf.c, - lib/util/locking.c, lib/util/mksiglist.c, lib/util/mksigname.c, - lib/util/parseln.c, lib/util/progname.c, lib/util/pw_dup.c, - lib/util/reallocarray.c, lib/util/regress/atofoo/atofoo_test.c, - lib/util/regress/parse_gids/parse_gids_test.c, - lib/util/regress/progname/progname_test.c, - lib/util/regress/strsplit/strsplit_test.c, - lib/util/regress/sudo_conf/conf_test.c, - lib/util/regress/sudo_parseln/parseln_test.c, - lib/util/regress/tailq/hltq_test.c, lib/util/setgroups.c, - lib/util/sha2.c, lib/util/sig2str.c, lib/util/snprintf.c, - lib/util/strndup.c, lib/util/strsplit.c, lib/util/strtobool.c, - lib/util/strtoid.c, lib/util/strtomode.c, lib/util/strtonum.c, - lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/sudo_dso.c, - lib/util/term.c, lib/util/ttysize.c, plugins/group_file/getgrent.c, - plugins/group_file/group_file.c, plugins/sample/sample_plugin.c, - plugins/sudoers/alias.c, plugins/sudoers/audit.c, - plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, - plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, - plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, - plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, - plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, - plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, - plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/base64.c, - plugins/sudoers/boottime.c, plugins/sudoers/check.c, - plugins/sudoers/defaults.c, plugins/sudoers/editor.c, - plugins/sudoers/env.c, plugins/sudoers/find_path.c, - plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, - plugins/sudoers/getspwuid.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, - plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, - plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, - plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, - plugins/sudoers/logging.c, plugins/sudoers/logwrap.c, - plugins/sudoers/match.c, plugins/sudoers/match_addr.c, - plugins/sudoers/parse.c, plugins/sudoers/policy.c, - plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, - plugins/sudoers/pwutil_impl.c, plugins/sudoers/redblack.c, - plugins/sudoers/regress/check_symbols/check_symbols.c, - plugins/sudoers/regress/iolog_path/check_iolog_path.c, - plugins/sudoers/regress/logging/check_wrap.c, - plugins/sudoers/regress/parser/check_addr.c, - plugins/sudoers/regress/parser/check_base64.c, - plugins/sudoers/regress/parser/check_digest.c, - plugins/sudoers/regress/parser/check_fill.c, - plugins/sudoers/regress/parser/check_hexchar.c, - plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, - plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_printf.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c, - plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, - plugins/sudoers/timestamp.c, plugins/sudoers/timestr.c, - plugins/sudoers/toke.c, plugins/sudoers/toke.l, - plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c, - plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, - plugins/system_group/system_group.c, src/conversation.c, - src/env_hooks.c, src/exec.c, src/exec_common.c, src/exec_pty.c, - src/get_pty.c, src/hooks.c, src/load_plugins.c, src/net_ifs.c, - src/openbsd.c, src/parse_args.c, src/preserve_fds.c, - src/regress/ttyname/check_ttyname.c, src/signal.c, src/solaris.c, - src/sudo.c, src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, - src/utmp.c: - We require ANSI C so stop using the obsolete STDC_HEADERS. - [35a5a680e5fe] + * plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po: + sync with translationproject.org + [2f3dea24199b] - * lib/util/getgrouplist.c, lib/util/regress/glob/globtest.c, - lib/util/sudo_debug.c, plugins/group_file/getgrent.c, - plugins/group_file/plugin_test.c, plugins/sample/sample_plugin.c, - plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, - plugins/sudoers/ldap.c, plugins/sudoers/logging.c, - plugins/sudoers/regress/logging/check_wrap.c, - plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoreplay.c, - plugins/sudoers/tsgetgrpw.c: - Use strtok_r() instead of strtok() - [6b8e3c253dcf] + * INSTALL: + Add a note that --with-solaris-audit is only for Solaris 11 and + above. Bug #737 + [6722331c2830] - * config.h.in, configure, configure.ac: - Add back _REENTRANT define on HP-UX to expose strtok_r on some - versions. We may need to define it on other systems too. - [12c36f12eed2] +2016-02-18 Todd C. Miller * configure, configure.ac: - Fix check for strnlen() when cross-compiling. - [e501c508891a] + Remove last remnants of the deprecated --with-stow option. + [8616d6de7ecd] - * plugins/sudoers/interfaces.c: - Use sudo_strsplit() in dump_interfaces. - [b76ee2f47f37] + * src/Makefile.in: + src/load_plugins.c needs _PATH_SUDO_CONF so allow it to be + overridden via the Makefile like other consumers of _PATH_SUDO_CONF. + Bug #735 + [10148ef883ec] -2015-06-18 Todd C. Miller +2016-02-01 Todd C. Miller - * lib/util/inet_pton.c, lib/util/key_val.c, lib/util/lbuf.c, - lib/util/locking.c, lib/util/parseln.c, - lib/util/regress/parse_gids/parse_gids_test.c, - lib/util/regress/progname/progname_test.c, - lib/util/regress/strsplit/strsplit_test.c, - lib/util/regress/sudo_conf/conf_test.c, - lib/util/regress/sudo_parseln/parseln_test.c, - lib/util/regress/tailq/hltq_test.c, lib/util/sha2.c, - lib/util/snprintf.c, lib/util/strtobool.c, lib/util/term.c, - plugins/group_file/getgrent.c, plugins/group_file/group_file.c, - plugins/sample/sample_plugin.c, plugins/sudoers/boottime.c, - plugins/sudoers/editor.c, plugins/sudoers/getdate.c, - plugins/sudoers/getdate.y, plugins/sudoers/interfaces.c, - plugins/sudoers/iolog_path.c, plugins/sudoers/policy.c, - plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, - plugins/sudoers/regress/check_symbols/check_symbols.c, - plugins/sudoers/regress/iolog_path/check_iolog_path.c, - plugins/sudoers/regress/logging/check_wrap.c, - plugins/sudoers/regress/parser/check_base64.c, - plugins/sudoers/regress/parser/check_digest.c, - plugins/sudoers/regress/parser/check_hexchar.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, - plugins/sudoers/tsgetgrpw.c, plugins/system_group/system_group.c, - src/conversation.c, src/exec_pty.c, src/net_ifs.c, src/openbsd.c, - src/preserve_fds.c, src/regress/ttyname/check_ttyname.c, - src/solaris.c, src/sudo.c, src/tgetpass.c, src/ttyname.c, - src/utmp.c: - Remove obsolete memory.h include. - [0c1351d614a9] + * configure, configure.ac, include/sudo_util.h, lib/util/aix.c, + lib/util/getgrouplist.c, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/set_perms.c, src/sudo.c: + Add an administrative domain to the passwd/group cache key for AIX + which can have different name <-> ID mappings depending on whether + the database is local, LDAP, etc. + [5319c11aefe9] - * config.h.in, configure, configure.ac, lib/util/getcwd.c, - lib/util/gethostname.c, lib/util/glob.c, lib/util/locking.c, - lib/util/parseln.c, lib/util/pw_dup.c, lib/util/reallocarray.c, - lib/util/snprintf.c, lib/util/strndup.c, plugins/sudoers/toke.c, - plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, - src/env_hooks.c: - Remove support for the obsolete malloc.h header. - [2a118de27d4e] + * mkpkg, sudo.pp: + Fedora dropped "core" from the name some time ago so just match on + f[0-9] for the rpm distro name provided by pp. Since the version + numbers of Fedora and RHEL are so different switch to defining + variables to indicate which features should be enabled. Works for + Fedora 23. + [4ec50b352293] - * config.h.in, configure, configure.ac, plugins/sudoers/defaults.c, - plugins/sudoers/logging.c: - Remove BROKEN_SYSLOG define which was for obsolete versions of HP- - UX. Remove last remnants of 4.2BSD syslog support. - [e234515f515d] +2016-01-31 Todd C. Miller - * lib/util/sudo_conf.c: - Use sudo_strsplit() instead of doing the equivalent manually. - [220f2e4a0e68] + * mkpkg, sudo.pp: + Treat fedora core like centos/rhel for package building. + [0dfc607d07a1] - * lib/util/regress/strsplit/strsplit_test.c: - Test strsplit behavior with an empty string. - [62ae80dcee4a] +2016-01-29 Todd C. Miller - * lib/util/Makefile.in, lib/zlib/Makefile.in, - plugins/group_file/Makefile.in, plugins/sample/Makefile.in, - plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, - src/Makefile.in: - Allow "make LIBTOOL=/path/to/libtool" to work properly. - [f9e5f7109107] + * plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/parser/check_fill.c: + Plug some memory leaks in the tests. + [ce76ba538867] - * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/editor.c, - plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, - plugins/sudoers/visudo.c: - Use a common function for resolviong the user's editor in sudoedit - and visudo. The find_path() function now returns a dynamically - allocated path instead of using a static string. - [97fe58966144] + * plugins/sudoers/toke_util.c: + If realloc of sudoerslval.command.args fails, reset + sudoerslval.command.args as well as arg_len and arg_size after + freeing sudoerslval.command.args. + [6481bad56e6a] - * config.h.in, configure, configure.ac, lib/util/Makefile.in, - lib/zlib/Makefile.in, plugins/group_file/Makefile.in, - plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, - plugins/system_group/Makefile.in, src/Makefile.in: - Replace use of OSDEFS with config.h defines. Rename DEFS in - Makefile.in to CPPDEFS and include in CPPFLAGS. Bring back - _BSD_SOURCE as a config.h define. Remove obsolescent _REENTRANT - define. - [0d76a12adca8] + * src/exec_pty.c: + When freeing the iobs after pty tear-down, also free the associated + event structures. Quiets a memory leak warnings from address + sanitizer and valgrind. + [f19c689a2ded] -2015-06-17 Todd C. Miller +2016-01-28 Todd C. Miller - * MANIFEST, include/sudo_alloc.h, lib/util/Makefile.in, - lib/util/alloc.c: - Remove now-unused sudo_alloc.h and alloc.c - [0fe70085c75c] + * plugins/sudoers/iolog.c: + iolog_compress should be bool, not int + [b437123a242b] - * plugins/sudoers/Makefile.in, src/Makefile.in, src/conversation.c, - src/env_hooks.c, src/exec.c, src/exec_common.c, src/exec_pty.c, - src/hooks.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c, - src/preserve_fds.c, src/regress/ttyname/check_ttyname.c, - src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, - src/ttyname.c: - Avoid using exiting allocators in the front end. - [be0ca60facf8] + * plugins/sudoers/visudo.c: + Quiet address sanitizer leak detector. + [b7ce672331f6] - * include/sudo_conf.h, include/sudo_lbuf.h, lib/util/Makefile.in, - lib/util/aix.c, lib/util/gidlist.c, lib/util/lbuf.c, - lib/util/sudo_conf.c, lib/util/sudo_debug.c: - Use non-exiting allocators in libsudo_util. - [d9b7cf17b9b4] + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c, + plugins/sudoers/gc.c, plugins/sudoers/sudoers.h: + Simple garbage collection (really a to-be-freed list) for the + sudoers plugin. Almost identical to what sudo.c uses. Currenly only + the environment strings are collected at exit time which is enough + to quiet address sanitizer's leak detector. + [47f32e047b1a] - * plugins/sudoers/ldap.c, plugins/sudoers/logging.c: - Remove asprintf() return value warnings. - [fe25ce11f96a] + * src/sudo.c: + Rename gc_cleanup to gc_run and remove I/O plugins from the plugin + list when freeing them. + [ea640f0b46f9] - * config.h.in, configure, configure.ac: - Use AC_FUNC_STRNLEN to check for broken strnlen() on AIX. This - requires that we use AC_USE_SYSTEM_EXTENSIONS so remove things from - OSDEFS that are enabled by AC_USE_SYSTEM_EXTENSIONS. - [1f64269cab6e] + * src/sudo.c: + Free up the garbage via an atexit() handler instead of requiring a + call to gc_exit. + [cc9c96d88595] - * plugins/sudoers/ldap.c: - Remove extraneous semicolons in CHECK_* macros. - [ef99aa3c9d70] + * src/sudo_edit.c: + Plug a memory leak in sudo_edit. + [cab9a13a669b] - * plugins/sudoers/regress/iolog_path/check_iolog_path.c, - plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, - plugins/sudoers/visudo.c: - Remove remaining SUDO_MAIN remnants. - [1c077699f444] +2016-01-27 Todd C. Miller - * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, - plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, - plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, - plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, - plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/sia.c, - plugins/sudoers/check.c, plugins/sudoers/defaults.c, - plugins/sudoers/defaults.h, plugins/sudoers/env.c, - plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, - plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, - plugins/sudoers/interfaces.h, plugins/sudoers/iolog.c, - plugins/sudoers/iolog_path.c, plugins/sudoers/linux_audit.c, - plugins/sudoers/locale.c, plugins/sudoers/logging.h, - plugins/sudoers/match.c, plugins/sudoers/parse.c, - plugins/sudoers/policy.c, plugins/sudoers/prompt.c, - plugins/sudoers/regress/iolog_path/check_iolog_path.c, - plugins/sudoers/regress/parser/check_addr.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, - plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoreplay.c, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: - Use non-exiting allocatings in the sudoers plugin. - [a5668cb9c516] + * INSTALL: + mention --enable-asan + [ee2bc0f60c8b] -2015-06-16 Todd C. Miller + * plugins/sudoers/auth/sudo_auth.c: + Try to deconfuse static analyzers a bit. + [7e728c76f5df] * plugins/sudoers/sssd.c: - Use non-exiting allocators in the sudoers SSSD backend. - [dba29b55ac0b] - - * plugins/sudoers/ldap.c: - Use non-exiting allocators in the sudoers LDAP backend. - [37bfa441345a] - - * lib/util/Makefile.in: - regen dependencies - [5be6eb005946] + Avoid possible NULL deref found by clang analyzer. + [8bb3cbfe0446] -2015-06-15 Todd C. Miller + * config.h.in, configure, configure.ac: + Add --enable-asan configure flag to enable address sanitizer + [8aae250fb68e] - * configure, lib/util/Makefile.in, mkdep.pl: - Add missing dependency info for reallocarray.lo in - lib/util/Makefile.in and regen configure to match last configure.ac - change. - [da1fc49b53dc] + * src/sudo.c, src/sudo_plugin_int.h, src/ttyname.c: + Add support for garbage collecting info passed to the plugin before + exit to appease address sanitizer's leak detector (and valgrind's + leak checker). We can't free these sooner since the plugin may be + using the memory. For plugin API 2.0 it should be make clear that + the plugin must make a copy of the data in the arrays passed in to + the plugin's open() function. Only enabled if NO_LEAKS is defined. + [8458bcb165d8] - * plugins/sudoers/ldap.c: - Use \28 and \29 instead of \( and \) in the ldap query as per RFC - 2254. Fixes netgroup queries on AIX. From Steven Soulen. - [33267d6243aa] + * plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c: + auth_getpass() returns a dynamically allocated copy of the plaintext + password which needs to be freed after checking (and clearing) it. + [28d2c83c3ac4] -2015-06-13 Todd C. Miller + * src/sudo.c: + Remove sudo_fatalx() calls from format_plugin_settings(). + [96a18a3ccc49] - * lib/util/glob.c: - Move pattern length check until after we have initialized the glob_t - so we can call globfree() even on error. From Frank Denis. - [a246f9054395] + * plugins/sudoers/sssd.c: + fn_free_result() (aka sss_sudo_free_result() in sss_sudo.c) handles + a NULL poiner so there's no need to check before calling it. Add + missing initialization of sss_sudo_result to NULL in + sudo_sss_setdefs(). + [fa1c8eaed6ac] -2015-06-12 Todd C. Miller + * plugins/sudoers/sssd.c: + Add missing return when user is not found in sudo_sss_result_get(). + Previously we fell through to the default case which just logged a + debug message and returned so this just avoids the extra (generic) + debug message. + [68c2201f3a85] - * plugins/sudoers/sudoers.c, src/sudo.c: - We need to unlimit RLIMIT_NPROC in sudoers as well as the sudo front - end since set_perms() and restore_perms change the read uid and may - fail with EAGAIN on Linux kernels prior to 3.1. - [e6a03c31f4e5] +2016-01-26 Todd C. Miller -2015-06-08 Todd C. Miller + * lib/util/gettime.c: + Fix a warning on AIX. + [4ebc19a143ff] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: - Fix underlining of "root" in -u option descriptions. Bug #699 - [b3afe47d9798] + * src/sudo.c: + Pass updated user_env_out, not envp, to the I/O open function. + [f02e6f32f189] - * doc/UPGRADE, src/load_plugins.c: - Remove support for converting plugin.so -> plugin.sl on HP-UX when - plugin.so can not be found. This was a temporary hack for using an - older (pre 1.8.7) sudoers plugin with a newer sudo front-end. - [561e2ce444ed] + * src/sudo.c: + Pass updated argv/envp to the I/O open function like the plugin API + documents. + [ff9f4fae5cf3] -2015-06-05 Todd C. Miller +2016-01-25 Todd C. Miller - * lib/util/event.c, lib/util/event_select.c: - Add debugging output on memory alloc failure. Add missing checks in - event_select.c for reallocarray() failure. - [0853c7bcbeaa] + * plugins/sudoers/iolog.c: + Add check for I/O log file handle being NULL. This could only happen + if the front-end calls iolog_open with argc == 0 but actually runs a + command. + [5113a3c04494] - * lib/util/event_poll.c: - Use non-exiting allocators. - [5ed0e276b551] +2016-01-22 Todd C. Miller -2015-06-04 Todd C. Miller + * plugins/sudoers/pwutil.c: + Additional debugging for pwutil functions. + [908b83c3acbb] - * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h: - Bring back VALIDATE_ERROR which will be used in the case of memory - allocation errors. - [784c885db95c] - -2015-06-03 Todd C. Miller - - * lib/util/snprintf.c: - If asprintf() or vasprintf() fail, set the dest pointer to NULL like - BSD and Solaris do. This appears to be the direction glibc is going - as well. - [92fb2283dc9a] + * config.h.in, configure, configure.ac, lib/util/aix.c: + When calling setauthdb(), save the old registry value so we can + restore it properly. Previously we were setting the registry to + unrestricted instead of actually restoring it. + [5a2921412663] -2015-05-28 Todd C. Miller + * plugins/sudoers/sudoers.c: + Use SUDOERS_DEBUG_UTIL not SUDO_DEBUG_UTIL in the plugin. + [79b012777e71] - * plugins/sudoers/env.c: - Use a stack buffer for the validate_env_vars() error message. - [69df3a0cbc2b] +2016-01-21 Todd C. Miller -2015-05-27 Todd C. Miller + * lib/util/sudo_debug.c: + When parsing debug entries, don't make a lower value override a + higher one. For example, for "pcomm@debug,all@warn" the "all@warn" + should not set pcomm to "warn" when it is already at "debug". + [031037a56e51] - * lib/util/fatal.c: - Fix typo/thinko in static buffer conversion; use vsnprintf() not - snprintf() - [9d42fb3a94f6] +2016-01-20 Todd C. Miller - * plugins/sudoers/ldap.c: - Fix old gcc2 variadic macro support. - [fd951ed8865e] + * plugins/sudoers/policy.c: + Set sudoedit_checkdir=false in command_details when it is disabled + in sudoers. + [811dd43b29f5] - * plugins/sudoers/visudo.c: - Restore old behavior where visudo prevents you from making the main - sudoers file zero length. - [b03ef908120f] + * include/sudo_compat.h, lib/util/strtobool.c, plugins/sudoers/ldap.c, + plugins/sudoers/sssd.c, src/sudo_edit.c: + Update copyright year + [5ec484920763] - * plugins/sudoers/logging.c, plugins/sudoers/logging.h, - plugins/sudoers/sudoers.c: - Non-exiting allocators for log functions. If log_allowed() fails the - user may not run the command. We don't try to return early for - log_failure(), log_auth_failure() or log_denial() as we would not - run the command in that case. - [40c3d0dd75bc] + * src/sudo_edit.c: + If the user runs "sudoedit /" we will receive ENOENT from openat(2) + and sudoedit will try to create a file with the null string. If path + is empty, open the cwd instead so sudoedit can give a sensible error + message. + [fc39d5804f1f] - * plugins/sudoers/alias.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/toke.c, - plugins/sudoers/toke.l, plugins/sudoers/toke_util.c: - Use non-exiting allocators in the parser (much of it already did). - [f14222e5ad1b] + * lib/util/strtobool.c: + Log an error for invalid boolean strings. + [004afa5e05c5] - * lib/util/aix.c, plugins/sudoers/pwutil.c, - plugins/sudoers/pwutil_impl.c: - Use non-existing allocators in the passwd/group cache functions. - [86bbe840f348] + * src/sudo.c: + Fix off by one error in new SET_FLAG macro. + [5bdce4edf8b9] - * MANIFEST, configure.ac, lib/util/alloc.c, lib/util/reallocarray.c: - Add standalone reallocarray.c from OpenBSD instead of rolling our - own. - [36ec5840729e] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document the race with sudoedit_checkdir in 1.8.15. + [cb7aed3367e9] - * plugins/sudoers/alias.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/iolog.c, - plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, - plugins/sudoers/redblack.c, plugins/sudoers/redblack.h, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: - Use non-exiting allocators in the redblack tree and fix the fallout. - Also switch to non-exiting allocators in affected code blocks. - [bca56cf769cb] + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Document sudoedit_checkdir + [89f2452272ad] - * plugins/sudoers/alias.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/parse.h: - The error string returned by alias_add should be const. - [b378188a0a8f] +2016-01-19 Todd C. Miller - * plugins/sudoers/policy.c: - Fix typo, efree vs. free. - [9146ba7473ca] + * src/sudo_edit.c: + There are no systems that support O_SEARCH/O_PATH that do not also + support O_DIRECTORY so simplify the definition of DIR_OPEN_FLAGS a + bit. + [a48f11ea53b3] - * plugins/sudoers/policy.c, src/exec_common.c, src/sudo.c: - Add a few missing sudo_new_key_val() return value checks. Also use - non-exiting allocators for consistency. - [2ae76a679052] + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [8ae4d883ac59] -2015-05-26 Todd C. Miller + * NEWS, doc/UPGRADE: + Add 1.8.16 changes + [8d3a3f5cdf59] - * MANIFEST, lib/util/Makefile.in, - lib/util/regress/parse_gids/parse_gids_test.c, - lib/util/regress/strsplit/strsplit_test.c: - Add unit tests for strsplit and parse_gid_list. - [e08c5ff7b5f0] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/defaults.c, + src/sudo.c: + Make sudoedit_checkdir the default and update the documentation + accordingly. + [84bbc1b73411] - * MANIFEST, include/sudo_util.h, lib/util/Makefile.in, - lib/util/strsplit.c, lib/util/util.exp.in, - plugins/sudoers/sudoers.c: - Add sudo_strsplit(), similar to strtok_r() but non-destructive and - operates on non-C strings (requires a length parameter). - [45fb50775249] + * src/sudo.c: + Add a SET_FLAG macro to simplify parsing command details boolean + flags. Previously, flags were only set and never cleared even if the + boolean value was false. This was not a problem as there were no + default flags for the plugin to enable. That will change in the + future. + [75f24ca13f41] - * lib/util/fatal.c: - Use a static buffer for sudo_warn/sudo_fatal messages where - possible. - [6e1d6ecc022d] +2016-01-18 Todd C. Miller - * include/sudo_compat.h: - Fix sudo_strnlen() prototype. - [1367bd9227b3] + * src/sudo_edit.c: + Need to be root when switching to a different user. + [06d5f010b607] - * MANIFEST, config.h.in, configure, configure.ac, - include/sudo_compat.h, lib/util/Makefile.in, lib/util/strndup.c, - mkdep.pl: - Add strndup() for those without it. As strndup.c uses strnlen(), use - our own if it is missing. - [cf904a9c68f7] + * src/sudo_edit.c: + Use O_SEARCH on systems without O_PATH if present. It can be used + for a similar purpose. + [3f559a389bf9] - * lib/util/strnlen.c: - Add missing sudo_ prefix and include sudo_compat.h. - [d5e5dfc3fd20] + * config.h.in, configure, configure.ac, src/sudo_edit.c: + Use faccessat(2) for directory writability instead of doing the + checks manually where possible. This also allows us to remove the + #ifdef __linux__ bits since we no longer use fstat(2) on Linux with + an O_PATH fd. + [fe50d0c1f1b9] - * MANIFEST, config.h.in, configure, configure.ac, - include/sudo_compat.h, lib/util/strnlen.c: - Add strnlen() replacement needed for glob.c. Only used if no glob() - and no strnlen(). - [bb6b7c4549b1] +2016-01-16 Todd C. Miller -2015-05-21 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Add "I/O LOG FILES" section to the manual and move many of the + details from the log_input and log_output descriptions to it. + [a604903f5ae3] - * plugins/sudoers/logging.h, plugins/sudoers/sudoers.h: - Get rid of SUDO_MAIN. Modern compilers don't warn about mixing - extern and auto declarations unless they conflict. - [a273b73bca6d] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Use "Nm sudoers" when talking about the plugin and "Em sudoers" when + talking about the sudoers file. + [727a68b02de7] - * config.h.in, configure.ac, include/compat/endian.h, - include/compat/fnmatch.h, include/compat/getaddrinfo.h, - include/compat/getopt.h, include/compat/glob.h, - include/compat/nss_dbdefs.h, include/compat/sha2.h, - include/compat/stdbool.h, include/compat/timespec.h, - include/sudo_alloc.h, include/sudo_compat.h, include/sudo_conf.h, - include/sudo_debug.h, include/sudo_dso.h, include/sudo_event.h, - include/sudo_fatal.h, include/sudo_gettext.h, include/sudo_lbuf.h, - include/sudo_plugin.h, include/sudo_queue.h, include/sudo_util.h, - lib/util/fatal.c, plugins/sudoers/bsm_audit.h, - plugins/sudoers/check.h, plugins/sudoers/defaults.h, - plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h, - plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h, - plugins/sudoers/insults.h, plugins/sudoers/interfaces.h, - plugins/sudoers/iolog.h, plugins/sudoers/linux_audit.h, - plugins/sudoers/logging.h, plugins/sudoers/parse.c, - plugins/sudoers/parse.h, plugins/sudoers/pwutil.h, - plugins/sudoers/redblack.c, plugins/sudoers/redblack.h, - plugins/sudoers/regress/iolog_path/check_iolog_path.c, - plugins/sudoers/solaris_audit.h, plugins/sudoers/sssd.c, - plugins/sudoers/sudo_nss.h, plugins/sudoers/sudo_printf.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, - plugins/sudoers/sudoers_debug.h, plugins/sudoers/sudoers_version.h, - plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, - plugins/sudoers/toke.h, plugins/sudoers/toke.l, - plugins/sudoers/visudo.c, src/net_ifs.c, src/sudo.h, - src/sudo_exec.h, src/sudo_plugin_int.h, src/sudo_usage.h.in: - Avoid using a leading underbar in defines as they are reserved in - ISO C. - [a442d88c6490] +2016-01-13 Todd C. Miller - * Makefile.in, doc/Makefile.in, examples/Makefile.in, - include/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in, - plugins/group_file/Makefile.in, plugins/sample/Makefile.in, - plugins/sudoers/Makefile.in, plugins/sudoers/auth/afs.c, - plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, - plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, - plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, - plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, - plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, - plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c, - plugins/sudoers/solaris_audit.c, plugins/sudoers/sssd.c, - plugins/system_group/Makefile.in, src/Makefile.in, src/selinux.c: - Add target for "make splint". A few files need extra guards to avoid - errors on systems where they would not otherwise be compiled. No - warnings from splint. - [64fc04debc58] + * lib/zlib/zlib.exp: + Remove gzopen_w which is only defined on Windows. + [a73236903e7b] -2015-05-20 Todd C. Miller + * config.h.in, configure, configure.ac, include/sudo_compat.h: + Work around the buggy pread(2) on 32-bit HP-UX 11.00 by using + pread64() on that platform. + [31c4be934115] - * plugins/sudoers/auth/sia.c: - Use reallocarray() instead of sudo_emallocarray() and return an - error on allocation failure. - [fee12ac1e0c8] +2016-01-12 Todd C. Miller - * plugins/sudoers/auth/kerb5.c: - In our krb5_get_init_creds_opt_alloc() replacement use malloc() - instead of sudo_emalloc() and return KRB5_CC_NOMEM on allocation - failure. Only old versions of Kerberos V will need this. - [95ac6c5b7b60] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/ldap.c, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/sssd.c, plugins/sudoers/testsudoers.c: + Add support for matching the entire netgroup tuple (user, host, + domain). + [9f694ba7c86d] - * lib/util/event.c, lib/util/event_select.c: - Use non-exiting allocators. - [91bbc657901d] + * plugins/sudoers/ldap.c: + Use asprintf() to generate the netgroup filter instead of using lots + of concatenation. + [f8290c040aea] -2015-05-18 Todd C. Miller + * lib/util/util.exp.in: + Add missing sudo_debug_exit_ssize_t_v1 symbol. + [9407fb25dfa4] - * config.h.in, configure, configure.ac, src/sudo.c: - There should be no need to check for tzset() as it is POSIX. - [50825eb75c97] +2016-01-11 Todd C. Miller - * configure, configure.ac: - Add sudo_reallocarrary to util.exp.in if reallocarray is not found. - [32588e00bb33] + * plugins/sudoers/match.c: + Silence warning in digest_matches() on systems with no fexecve(2). + [0cd3cc8fa195] -2015-05-15 Todd C. Miller + * plugins/sudoers/sssd.c: + Fix free() of invalid pointer introduced in the commit that stripped + whitespace between a '!' and the name in a sudoOption. + [4d2c1761c752] - * NEWS: - NLS now works on Mac OS X properly. - [1485c9e51b04] + * plugins/sudoers/ldap.c: + Fix free() of invalid pointer introduced in the commit that stripped + whitespace between a '!' and the name in a sudoOption. + [14391603a9e5] - * configure, configure.ac, src/Makefile.in: - Force flat namespace on darwin to make the getenv() hooking work as - it does on ELF. - [0837cc3559ce] + * src/sudo_edit.c: + Add missing dfd argument to the version of + sudo_edit_openat_nofollow() for systems without O_NOFOLLOW. + [574e4a840879] -2015-05-14 Todd C. Miller + * plugins/sudoers/ldap.c: + In sudo_netgroup_lookup() only build up the search filter once + instead of once per netgroup_base. + [a03440237078] - * lib/util/alloc.c, lib/util/snprintf.c, - plugins/sample/sample_plugin.c, plugins/sudoers/auth/rfc1938.c, - plugins/sudoers/redblack.c, plugins/sudoers/testsudoers.c, - plugins/sudoers/toke_util.c: - No need to cast malloc() return value. - [09c7236d3e1a] + * plugins/sudoers/ldap.c: + It is safe to pass ldap_msgfree() a NULL pointer. + [abc2eaddbf83] - * lib/util/getcwd.c, lib/util/getline.c, lib/util/glob.c, - plugins/sudoers/env.c, plugins/sudoers/toke.c, - plugins/sudoers/toke.l: - Use reallocarray where possible. - [2b5957a38baa] + * plugins/sudoers/ldap.c: + On overflow, warn before freeing anything. + [2e3bcfa4a8f9] - * config.h.in, configure, configure.ac, include/sudo_compat.h, - lib/util/alloc.c: - Add reallocarray() for those without it. - [3ac5a4abe077] + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Use user_runhost and user_srunhost instead of user_host and + user_shost. Fixes "sudo -l -h other_host" for LDAP and sssd. + [e1abfdc82242] -2015-05-13 Todd C. Miller + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: + Update description of sudoedit_checkdir. Reported by Sander Bos. + [ee44e7255096] - * NEWS: - The getenv() hook still doesn't work on Mac OS X. - [d9297b9ff54c] + * src/sudo_edit.c: + No need to check whether the fd we opened is really a directory in + sudo_edit_open_nonwritable() since if not, the openat() will fail + with ENOTDIR anyway. + [b41c5b289f35] -2015-05-12 Todd C. Miller +2016-01-10 Todd C. Miller - * include/sudo_fatal.h, lib/util/fatal.c: - In sudo_warn_gettext_v1() call dgettext() not gettext() to make sure - the domain is set correctly. The sudoers plugin uses its own text - domain. - [f7ce0100ff5c] + * doc/CONTRIBUTORS, doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, include/sudo_compat.h, src/sudo_edit.c: + Rewritten sudoedit_checkdir support that checks all the dirs in the + path and refuses to follow symlinks in writable directories. This is + a better fix for CVE-2015-5602. Adapted from a diff by Ben + Hutchings. Bug #707 + [c2e36a80a279] -2015-05-11 Todd C. Miller +2016-01-04 Todd C. Miller - * doc/Makefile.in: - man pages should explicitly depend on config.status since it is used - to substitute in variables/settings. - [bebe8e19d767] + * MANIFEST, plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/ca.mo, + po/ca.po, po/fi.mo, po/fi.po, po/hu.mo, po/hu.po, po/sr.mo, + po/sr.po: + sync with translationproject.org + [94ffd6b18431] - * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat, - doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.man.in, - doc/sudoreplay.cat, doc/visudo.cat: - regen - [2e613d7bb477] + * configure, configure.ac, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in, include/sudo_plugin.h, + plugins/sudoers/match.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.h, src/exec.c, src/exec_common.c, + src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h, src/sudo_exec.h: + Add support for using fexecve() if supported on commands that are + checksummed. + [397722cdd7ec] - * NEWS, configure, configure.ac: - Sudo 1.8.14 - [66e33bc0d18e] +2015-12-29 Todd C. Miller - * INSTALL, MANIFEST, aclocal.m4, config.h.in, configure, configure.ac, - include/sudo_fatal.h, lib/util/Makefile.in, lib/util/fatal.c, - lib/util/locale_weak.c, lib/util/util.exp.in, - m4/ax_sys_weak_alias.m4, mkdep.pl, plugins/sudoers/Makefile.in, - plugins/sudoers/locale.c, plugins/sudoers/logging.h, - plugins/sudoers/sudoers.c, src/Makefile.in, src/locale_stub.c: - Instead of trying to make weak functions work on all platforms, just - use a registration function for a plugin-specific setlocale - function. The sudoers version just wraps sudoers_setlocale(). - [0eef64f41cdf] + * src/sudo_edit.c: + Call openat() with the basename not the full path. From Ben + Hutchings. + [33272418bb10] - * src/parse_args.c: - Fix indentation of -a flag help line. - [a2ed556b6454] +2015-12-24 Todd C. Miller - * include/sudo_compat.h: - Fix compilation when HAVE_DECL_SIG2STR_MAX is not defined. - [31aa465affaa] + * plugins/sudoers/group_plugin.c, plugins/sudoers/policy.c: + Fix compilation with --disable-shared + [84c084618676] - * doc/Makefile.in: - Add lint target to run "mandoc -Tlint" over the manuals. - [63ed14d91adc] +2015-12-20 Todd C. Miller -2015-05-08 Todd C. Miller + * src/exec_common.c: + Check for existing dso in LD_PRELOAD and only add it if it is not + already present. + [15042e8999f7] - * include/sudo_compat.h: - HAVE_DECL_SIG2STR_MAX is always defined so use a - !HAVE_DECL_SIG2STR_MAX check instead of #ifndef. - [65cc03302d39] +2015-12-18 Todd C. Miller -2015-05-07 Todd C. Miller + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Clarify when SIGINT and SIGQUIT are relayed by sudo to the command. + [8efed5784393] - * src/tgetpass.c: - Sync tty_present() with sudoers version. - [040c05e68627] + * plugins/sudoers/group_plugin.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.h, src/load_plugins.c: + Actually use the plugin_dir Path setting in sudo.conf. + [bccc548127a2] - * src/load_plugins.c: - sudo_check_plugin() returns bool. - [15b2851bfb90] + * lib/util/sudo_conf.c: + The Path setting for the plugin directory is "plugin_dir" not + "plugin". + [07c2677bbce5] - * plugins/sudoers/match.c: - In usergr_matches() matched should be bool but we have to take care - to handle group_plugin_query() returning a value other than 0/1. - [c120901f71c7] + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, + lib/util/sudo_conf.c, src/exec_common.c: + Allow sudo.conf Path settings to disable path names (by setting the + value of NULL). + [81a44e011a40] - * plugins/sudoers/ldap.c: - sudo_ldap_check_non_unix_group() returns bool, not int. - [d12e9242454f] +2015-12-16 Todd C. Miller - * plugins/sudoers/logging.c: - Convert two debug_return_int to debug_return_bool. - [594d0fc8efda] + * src/selinux.c, src/sudo.h: + Change noexec flag in selinux_execve() from int to bool. + [7cb872aac155] - * include/sudo_debug.h, lib/util/sudo_debug.c, - plugins/sudoers/auth/dce.c, plugins/sudoers/check.c, - plugins/sudoers/env.c, plugins/sudoers/group_plugin.c, - plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, - plugins/sudoers/match.c, plugins/sudoers/policy.c, - plugins/sudoers/sudoers.c, src/sudo.c: - Previously, debug_return_bool was the same as debug_return_int - except that it logged true/false for 1/0. However, this appears to - trigger a bug in some compilers. To avoid this, debug_return_bool - now uses bool, not int. Callers that were passing it an int have - been converted to use debug_return_int instead. - [ca142b5a9433] + * src/exec_common.c, src/sudo_exec.h: + Refactor code to set LD_PRELOAD (or the equivalent) in the + environment into a preload_dso() function. Also avoid allocating a + new copy of the environment array if the size of the array does not + change. + [72194b0b51f7] - * src/get_pty.c, src/sudo.h: - get_pty() should return bool - [2c72c8d3603b] + * configure, configure.ac: + Add missing square brackets in configure option descriptions. + [6e25685c6349] - * src/sudo.h, src/tgetpass.c: - Make tty_present static to tgetpass.c - [bb73a2cc8754] +2015-12-11 Todd C. Miller - * config.h.in, configure, configure.ac, include/sudo_compat.h: - Add configure check for SIG2STR_MAX, which may be missing on - UnixWare. - [e9dcac23c639] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document the names of the I/O log files and mention buffering. + Document that I/O logs are in gzip format by default. + [474838e7b365] - * m4/ax_sys_weak_alias.m4: - Need to quote $GCC as it may include arguments. From Tim Rice. - [9ed8a3be94bf] - - * MANIFEST: - Add missing m4/ax_sys_weak_alias.m4 - [269a8d5bfb49] - -2015-04-28 Todd C. Miller +2015-12-10 Todd C. Miller - * mkpkg: - There's no point in building i386 binaries for Mac OS X 10.7 and - higher. - [e8876ea36d14] + * plugins/sudoers/env.c: + Add BASHOPTS to initial_badenv_table[]; from Stephane Chazelas + [f206a9089a69] -2015-04-27 Todd C. Miller +2015-12-09 Todd C. Miller - * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, - plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, po/ja.mo, - po/ja.po: - Sync with translationproject.org - [414c51286530] + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + When parsing sudoOptions that include an operator (!, +, +=, -=) + strip out any whitespace on either side of the operator. + [62041b5888e5] -2015-04-26 Todd C. Miller +2015-12-08 Todd C. Miller - * plugins/sudoers/bsm_audit.c: - Only fall back on AUE_DARWIN_sudo if au_preselect() fails. - [aea2f3a60b46] + * plugins/sudoers/sudoers2ldif: + Strip whitespace around '!', '=', '+=' and '-=' in Defaults entries. + [dcc9d15b0f3c] -2015-04-25 Todd C. Miller +2015-12-06 Todd C. Miller - * plugins/sudoers/bsm_audit.c: - Work around a problem on Mac OS X 10.10 which defines AUE_sudo but - where au_preselect() only accepts AUE_DARWIN_sudo (the old value). - [b5d32d6453d1] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document the race condition between the digest check and command + execution. + [24a3d9215c64] -2015-04-22 Todd C. Miller +2015-12-02 Todd C. Miller - * src/env_hooks.c: - Don't use dlsym() to find the libc getenv() since this may allocate - memory on some systems (glibc) which leads to a hang if malloc() - calls getenv() (jemalloc). - [441846664820] + * plugins/sudoers/ldap.c: + When checking the query results, don't set user_matches in the + netgroup pass unless sudo_ldap_check_non_unix_group() returns true. + This was preventing the mail_no_user sudoOption from being + effective. + [31004144421b] - * include/sudo_debug.h, src/sudo.c: - Split variable declaration out of debug_decl into debug_decl_vars() - so we can use it in main() when we know sudo_debug_enter() cannot - succeed. - [6931948a57f8] + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + In list mode, we always want to clear FLAG_NO_USER and FLAG_NO_HOST + regardless of whether or not there was an actual match. Otherwise, + warning mail may be sent which is not what we want in list mode. + This is consistent with what the sudoers file backend does. + [2809338a7b21] - * src/sudo.c: - Defer conversation initialization until right before plugins are - initialized. - [83db53d4945c] +2015-11-22 Todd C. Miller -2015-04-16 Todd C. Miller + * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c: + Use size_t for length parameters in the fill functions used by the + lexer. + [0428c9067182] - * plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: - When creating a passwd struct from a uid that is not in the passwd - database, set pw_gid to the user's gid instead of whatever the user - specified via the -g flag (or 0 if no -g). - [4154970432df] + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Use yy_size_t for digest_len since newer flex uses yy_size_t for + yyleng. Old flex uses int for yyleng so we need to use a cast to + avoid a sign compare warning. + [4a3dc6fb8f99] -2015-04-14 Todd C. Miller +2015-11-20 Todd C. Miller - * plugins/sudoers/ldap.c: - Add some ldap_err2string() debugging when the LDAP search fails. - Adapted from a diff from Steven Soulen. - [e08d38481041] + * Makefile.in, README, configure, configure.ac, + plugins/sudoers/regress/sudoers/test1.in, sudo.pp: + Use https in sudo.ws urls + [04e5177022d3] -2015-04-13 Todd C. Miller + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, + doc/visudo.man.in, doc/visudo.mdoc.in: + Use https in urls. + [855b05943b2d] - * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, - plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/sr.mo, - po/sr.po: - Sync with translationproject.org - [cbf24072ad07] + * configure, configure.ac: + sudo 1.8.16 + [b745f7031aeb] -2015-04-10 Todd C. Miller + * plugins/sudoers/env.c: + When preserving variables from the invoking user's environment, if + there are duplicates only keep the first instance. + [d4dfb05db5d7] - * doc/CONTRIBUTORS: - Add David Michael and Andrey Klyachkin. - [e153a9b46e1f] +2015-11-01 Todd C. Miller - * sudo.pp: - Sync tmpfiles.d/sudo.conf with init.d/sudo.conf.in - [9e3945c1fe6e] + * include/sudo_debug.h, lib/util/parseln.c, lib/util/sudo_debug.c, + plugins/sudoers/timestamp.c: + Add debug_return_ssize_t + [d491ed281726] - * include/sudo_util.h: - Avoid struct assignment when stashing mtime since AIX at least uses - a struct st_timespec that differs from struct timespec. From Andrey - Klyachkin. - [e267ea5b019e] + * plugins/sudoers/timestamp.c: + Avoid compilation error on Solaris 10 with Stun Studio 12. Bug #727 + [facd8ff1ee6c] -2015-04-09 Todd C. Miller +2015-10-31 Todd C. Miller - * sudo.pp: - Work around a bug in pp that caused a warning when exampledir is a - subdir of docdir. - [d81db98f215f] + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, po/da.mo, + po/da.po: + sync with translationproject.org + [6711d740d3d0] - * plugins/sudoers/solaris_audit.c: - Add sys/types.h - [e0794f05e95c] + * NEWS: + Mention ssp configure fix. + [92d64fd724cc] - * lib/util/getopt_long.c, lib/util/mksiglist.c, lib/util/mksigname.c, - lib/util/regress/fnmatch/fnm_test.c, - lib/util/regress/glob/globtest.c, lib/util/sha2.c, - plugins/sudoers/regress/parser/check_base64.c, - plugins/sudoers/regress/parser/check_digest.c, - plugins/sudoers/regress/parser/check_hexchar.c: - Include sys/types.h instead of unistd.h to get uid_t and gid_t. Add - missing include of sys/types.h to a few places. - [86eb67f3c41a] +2015-10-30 Todd C. Miller -2015-04-08 Todd C. Miller + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, + plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo, + po/cs.po, po/de.mo, po/de.po, po/fr.mo, po/fr.po, po/it.mo, + po/it.po, po/ja.mo, po/ja.po, po/nb.mo, po/nb.po, po/pl.mo, + po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/uk.mo, po/uk.po, po/vi.mo, + po/vi.po, po/zh_CN.mo, po/zh_CN.po: + sync with translationproject.org + [9c8eb0062d8c] - * mkpkg: - Remove unintended commit - [2eeeb74b9174] + * configure, configure.ac: + Don't use CPPFLAGS for the -fstack-protector check. Otherwise on + systems with _FORTIFY_SOURCE support we'll get an error due to the + lack of optimization flags. Bug #725 + [1a9f8571a82d] - * init.d/sudo.conf.in: - Add tmpfiles.d/sudo.conf template. - [ead9bb7b5328] + * configure, configure.ac: + When checking for stack protector support we need to actually link + the test program. + [ab4f94aac7de] -2015-04-07 Todd C. Miller +2015-10-29 Todd C. Miller - * .hgignore, INSTALL, MANIFEST, Makefile.in, configure, configure.ac, - mkpkg, src/Makefile.in, sudo.pp: - Create template tmpfiles.d/sudo.conf for installation instead of - creating one via echo commands in the Makefile. + * configure, configure.ac: + Preserve LDFLAGS when checking for stack protector as they may + include rpath settings to allow the stack protector lib to be found. + Avoid using existing CFLAGS since we don't want the compiler to + optimize away the stack variable. + [e6bc59225c06] - Add --enable-tmpfiles.d configure option to enable/disable use of - tmpfiles.d and override the default directory. + * configure, configure.ac: + Better configure test for -fstack-protector. Some gcc installations + may be missing the ssp library even though the compiler supports it. + [4ade5d1249f4] - Use --disable-tmpfiles.d in mkpkg so we no longer need to ignore - tmpfiles.d/sudo.conf in sudo.pp. - [930983f88927] +2015-10-25 Todd C. Miller - * sudo.pp: - Fix setting of pp_rpm_version when there is no patchlevel present. - Also tighten up the regexp for pp_rpm_release. - [d6a89aafd99d] + * src/sudo_edit.c: + Set errno to EISDIR instead of ENOTDIR if directory is writable + since ENOTDIR can be a legitimate errno. This avoids a bogus + "directory is writable" error in that case. + [97ee37d905ce] -2015-04-06 Todd C. Miller + * mkpkg: + Fix the check for whether to include 32-bit arch in Mac OS X + packages. + [a76654512f6b] - * INSTALL, Makefile.in, configure, configure.ac, doc/sudoers.mdoc.in, - examples/Makefile.in, mkpkg, sudo.pp: - Make exampledir configurable and default to - DATAROOTDIR/examples/sudo on BSD systems. - [4c1271298712] +2015-10-24 Todd C. Miller - * src/Makefile.in, sudo.pp: - Install /usr/lib/tmpfiles.d/sudo.conf on systems with systemd but do - not package it. For packages we create /usr/lib/tmpfiles.d/sudo.conf - as needed in the postinstall script. - [522666bc079f] + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [58277a8f418b] -2015-03-22 Todd C. Miller + * NEWS, src/sudo_edit.c: + When creating a new file, sudoedit will now check that the file's + parent directory exists before running the editor. + [65bc45510fb2] - * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, - doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, - doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, - doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat, - doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, - doc/visudo.man.in, doc/visudo.mdoc.in: - Fix "mandoc -Tlint" warnings. Sync AUTHORS section in man pages. - Regenerate all man pages. - [34e4149bb225] + * NEWS, doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/match.c: + Add always_query_group_plugin + [7e9060d4c13a] - * lib/util/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: - Make libsudo_util depend on libintl instead of requiring users of - libsudo_util to link with libintl directly. Bug #690 - [f2508d1a21ee] +2015-10-23 Todd C. Miller -2015-03-21 Todd C. Miller + * ABOUT-NLS, MANIFEST: + Add ABOUT-NLS from GNU gettext. + [971c168c065a] - * plugins/sudoers/logging.c: - Use saved errno in vlog_warning() before calling - sudo_vwarn_nodebug(). Fixes the error message printed if set_perms() - fails. - [68bd7297137e] + * NEWS, config.h.in, configure, configure.ac, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/policy.c, plugins/sudoers/sudoers_version.h, + src/sudo.c, src/sudo.h, src/sudo_edit.c: + Add directory writability checks for sudoedit. + [f5349d059a98] -2015-03-18 Todd C. Miller +2015-10-06 Todd C. Miller - * .hgtags: - Added tag SUDO_1_8_13 for changeset 47c586301b01 - [777dc5a17bf3] <1.8> + * NEWS: + Latest. + [9aae49302c60] - * INSTALL, Makefile.in, NEWS, config.h.in, configure, configure.ac, - doc/sudoers.cat, doc/sudoers.man.in, include/compat/utime.h, - lib/util/Makefile.in, lib/util/clock_gettime.c, lib/util/utimes.c, - plugins/sudoers/Makefile.in, plugins/sudoers/auth/passwd.c, - plugins/sudoers/auth/secureware.c, plugins/sudoers/boottime.c, - plugins/sudoers/env.c, plugins/sudoers/iolog.c, - plugins/sudoers/logging.c, plugins/sudoers/match.c, - plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, - plugins/sudoers/visudo.c, po/sudo.pot, src/Makefile.in, src/sudo.c: - Merge sudo 1.8.13 from trunk. - [47c586301b01] [SUDO_1_8_13] <1.8> + * src/conversation.c: + Ignore the SUDO_CONV_PROMPT_ECHO_OK flag when echo is enabled. This + was preventing a match of SUDO_CONV_PROMPT_ECHO_ON which resulted in + a masked password instead of an echoed one. + [53f6a78d79e3] - * NEWS: - Update for 1.8.13 final. - [4c03db3a740f] + * plugins/sudoers/auth/bsdauth.c: + Repair challenge/response prompting for BSD authentication which got + broken while it was converted to use the conversation function. + [2d0b0cec5e4f] -2015-03-16 Todd C. Miller + * plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h: + Use the auth_getpass (and the plugin conversation fuction) for Tru64 + SIA. This prevents sudo from sleeping while holding the tty ticket + lock. + [9221eec812cf] - * plugins/sudoers/env.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h: - For sudoedit, run the editor with the user's original environment as - per the documentation (and as in sudo 1.7.x). Bug #688 - [a5081c8f6950] + * NEWS, doc/UPGRADE, plugins/sudoers/env.c: + For env_reset, SHELL should be set based on the target user, not the + invoking user unless preserved via env_keep. + [b77adbc08c91] - * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, po/fr.mo, - po/fr.po: - Sync with translationproject.org - [0b820c5ecb0c] + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: + sync with translationproject.org + [adb927ad5e86] -2015-03-10 Todd C. Miller +2015-10-05 Todd C. Miller - * lib/util/term.c: - Update function names in debug_decl. - [b83f153b2f43] + * NEWS: + Hungarian and Slovak translations + [d3b6acece125] - * lib/util/term.c: - Use TCSAFLUSH instead of TCSANOW in sudo_term_copy(). Be consistent - with where we put TCSASOFT in the action flags. - [6ffeec3aa184] + * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/hu.mo, + plugins/sudoers/po/hu.po, plugins/sudoers/po/sk.mo, + plugins/sudoers/po/sk.po, po/sk.mo, po/sk.po: + Add new Slovak and Hungarian translations from + translationproject.org + [132ec9b7a927] -2015-03-09 Todd C. Miller +2015-10-02 Todd C. Miller - * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/da.mo, - po/da.po, po/fi.mo, po/fi.po, po/zh_CN.mo, po/zh_CN.po: - Sync with translationproject.org - [0d20f88c0a83] + * src/sudo_edit.c: + Remove S_ISREG check from sudo_edit_open(), it is already done in + the caller. + [9fff8c0bb1f7] -2015-03-08 Todd C. Miller + * src/sudo_edit.c: + Open sudoedit files with O_NONBLOCK and fail if they are not regular + files. + [56b01164869c] - * lib/util/sha2.c: - Include unistd.h since sudo_compat.h uses gid_t. - [da491d83e5dc] + * plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/tgetpass.c: + It is possible for WIFSTOPPED to be true even if waitpid() is not + given WUNTRACED if the child is ptraced. Don't exit the waitpid() + loop if WIFSTOPPED is true, just in case. + [a2cab04a03da] -2015-03-05 Todd C. Miller +2015-09-30 Todd C. Miller - * INSTALL, configure, configure.ac: - Add --disable-weak-symbols option to disable use of weak symbols in - libsudo_util. - [3edf2bccb4d8] + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/de.mo, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/it.mo, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/nb.mo, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pt_BR.mo, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/vi.mo, + plugins/sudoers/po/zh_CN.mo, po/cs.mo, po/de.mo, po/fi.mo, po/fr.mo, + po/gl.mo, po/it.mo, po/ja.mo, po/nb.mo, po/pl.mo, po/pt_BR.mo, + po/uk.mo, po/vi.mo, po/zh_CN.mo: + rebuild .mo files + [676362ed6061] - * configure: - regen - [ff1abfcd2b61] + * plugins/sudoers/po/pt_BR.po, po/pt_BR.po: + sync with translationproject.org + [be932694e600] - * m4/ax_sys_weak_alias.m4: - When checking for weak aliases, check the gcc attribute format last - since some C compilers just ignore unsupported attributes. - [e172cbbfa615] +2015-09-28 Todd C. Miller - * sudo.pp: - Update copyright year. - [67bcd24c6477] + * config.h.in, configure, configure.ac, src/sudo_noexec.c: + There's no point in trying to interpose protected versions of the + exec family of functions. Many modern C libraries use hidden symbols + for the functions and syscalls defined in libc such that they cannot + be overridden inside libc itself. We have to just wrap all the exec + variants plus system and popen. + [30aa4bd6c15b] - * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, - plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, - plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, - plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, - plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, - plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, - plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, - plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, - plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/cs.mo, - po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/it.mo, - po/it.po, po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, - po/pt_BR.po, po/uk.mo, po/uk.po, po/vi.mo, po/vi.po: - Sync with translationproject.org - [ceb62f98364c] + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + List all the functions wrapped by sudo_noexec.so. + [57a9db56f4e0] - * configure, configure.ac, include/compat/sha2.h: - Fix symbol name collision with systems that have their own sha2 - implementation. This can result in PAM using the wrong sha2 - implementation on Solaris systems configured to use SHA512 for - passwords. - [3a25c4896804] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + The section is now called "EXEC and NOEXEC" and it is above, not + below. + [9b0a2537f65d] - * src/Makefile.in: - Use SSP_LDFLAGS when linking sudo_noexec.la - [6187b17fad90] + * src/sudo_noexec.c: + Also wrap popen(3). + [a826cd7787e9] -2015-03-03 Todd C. Miller + * src/sudo_noexec.c: + Also interpose system(3). On glibc systems you cannot interpose the + syscalls used internally by libc. + [58a5c06b5257] - * MANIFEST, config.h.in, configure, configure.ac, - include/compat/utime.h, lib/util/Makefile.in, lib/util/utimens.c: - Remove compat/utime.h, it was only useful for ancient systems that - are no longer capable of compiling sudo. - [94e4f02868db] + * src/conversation.c: + Set active debug instance to sudo_debug_instance() during the + conversation function. + [22fb750d92a9] -2015-03-02 Todd C. Miller +2015-09-27 Todd C. Miller - * configure, configure.ac, lib/util/Makefile.in: - Link libsudo_util with -lrt on systems where clock_gettime is in - -lrt. - [44a9a0d0af69] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + LOGNAME and USERNAME are set the same way as USER + [54f170cf2536] - * NEWS: - Update. - [811c8d7090c0] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Document behavior when the command dies from a signal in EXIT + STATUS. + [3c93d682e5e6] - * lib/util/strlcat.c, lib/util/strlcpy.c: - Update OpenBSD CVS Ids - [933788497ee4] +2015-09-26 Todd C. Miller - * lib/util/strlcat.c: - Make comment match code. - [b1b68810929d] + * NEWS: + Bug #722 + [5cca49bb0e02] - * lib/util/utimens.c: - Fix compilation error on systems without futimes(). - [4d55a58ea12e] + * src/sudo.c: + When the command sudo is running is killed by a signal, sudo will + now send itself the same signal with the default signal handler + instead of exiting. The bash shell appears to ignore some signals, + e.g. SIGINT, unless the command is killed by that signal. This makes + the behavior of commands run under sudo the same as without sudo + when bash is the shell. Bug #722 + [153f016db8f1] - * MANIFEST, config.h.in, configure, configure.ac, - include/sudo_compat.h, include/sudo_util.h, lib/util/Makefile.in, - lib/util/gettime.c, lib/util/util.exp.in, lib/util/utimens.c, - lib/util/utimes.c, mkdep.pl, plugins/sudoers/Makefile.in, - plugins/sudoers/boottime.c, plugins/sudoers/gettime.c, - plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c, - plugins/sudoers/visudo.c, src/Makefile.in, src/sesh.c, - src/sudo_edit.c: - Use futimens() and utimensat() instead of futimes() and utimes(). - [8400f91466d8] +2015-09-25 Todd C. Miller - * plugins/sudoers/visudo.c: - Fix compiler warning on systems where mode_t is not unsigned int, - such as 32-bit Solaris. - [1eeeea1c203d] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Adjust set_logname description to new behavior when any of LOGNAME, + USER or USERNAME are preserved. + [89009c2dcf38] - * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - Fix logic for verifypw/listpw all in sudoers LDAP and sssd. - [5bc60a34a477] + * NEWS, plugins/sudoers/env.c: + If some, but not all, of the LOGNAME, USER or USERNAME environment + variables have been preserved from the invoking user's environment, + sudo will now use the preserved value to set the remaining variables + instead of using the runas user. This ensures that if, for example, + only LOGNAME is present in the env_keep list, that sudo will not set + USER and USERNAME to the runas user. + [54a60fe72b9a] - * src/tgetpass.c: - Fix cut & pasto that prevented the SIGPIPE handler from being - restored before returning from tgetpass(). From mancha - [230b0a86876e] +2015-09-24 Todd C. Miller -2015-02-28 Todd C. Miller + * plugins/sudoers/auth/pam.c: + Fix passing of the callback pointer to the conversation function. + This was preventing the on_suspend and on_resume functions from + being called on PAM systems. + [611246ded4ff] - * src/sesh.c, src/sudo_edit.c: - Our utimes() emulation support futime() too. - [439851535285] + * include/sudo_plugin.h: + Explicitly mark large hex constants unsigned. + [5b67b0090814] -2015-02-27 Todd C. Miller + * plugins/sudoers/timestamp.c: + Cast sizeof(entry) to off_t before making it a negative offset for + lseek(). Fixes "sudo -k" on Solaris and probably others. + [ed5d312f6baa] - * plugins/sudoers/po/sudoers.pot, po/sudo.pot: - regen - [40aa9164563f] +2015-09-21 Todd C. Miller - * plugins/sudoers/testsudoers.c: - Define YYDEBUG to 0 if not already defined so we can protect use of - sudoersdebug with "#if YYDEBUG" like the generated parser does. From - David Michael. - [394e1c237aac] + * doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Add explicit mention of sudo's netgroup semantics since they differ + from most other netgroup consumers. + [0e9030f8cf56] -2015-02-26 Todd C. Miller + * plugins/sudoers/po/fi.po, po/fi.po: + sync with translationproject.org + [f9236f25a616] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Document that Aliases may not be redefined and that "sudo -f - /etc/sudo.d/foo" will not catch the redefinition. - [3bff3b5f7eb1] + * plugins/sudoers/check.c: + Fix potential double free of the cookie when sudo is suspended at + the password prompt. + [cbecb3136155] - * sudo.pp: - Only create /usr/lib/tmpfiles.d/sudo.conf if - /usr/lib/tmpfiles.d/systemd.conf also exists. Some other package may - have created /usr/lib/tmpfiles.d even though it is not used. - [cf013d95b7d7] +2015-09-16 Todd C. Miller - * plugins/sudoers/Makefile.in: - regen - [4dde632c35cd] + * plugins/sudoers/po/cs.po, plugins/sudoers/po/zh_CN.po, po/cs.po, + po/zh_CN.po: + sync with translationproject.org + [21138f16a3a6] - * sudo.pp: - Clear the ts dir instead of just making sure it exists. - [c49b6e3e2360] +2015-09-15 Todd C. Miller - * configure, configure.ac: - Only substiture init.d scripts that we are going to use. - [301f16bd04c5] + * plugins/sudoers/po/de.po, plugins/sudoers/po/it.po, + plugins/sudoers/po/ja.po, plugins/sudoers/po/nb.po, + plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.po, po/de.po, po/fr.po, po/gl.po, po/it.po, + po/ja.po, po/nb.po, po/pl.po, po/uk.po, po/vi.po: + sync with translationproject.org + [2d9f3e4c3ccf] -2015-02-25 Todd C. Miller + * NEWS: + Bug #719 + [cfa393164a0f] - * plugins/sudoers/Makefile.in, sudo.pp: - Create /usr/lib/tmpfiles.d/sudo.conf when systemd is used. - [532dc61e7bb7] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + SIGHUP is now relayed to the command. Bug #719 + [8db7c492c52a] - * plugins/sudoers/iolog.c, plugins/sudoers/visudo.c, src/sudo_edit.c, - src/utmp.c: - Check the return value of gettimeofday(), even though it should - never fail. - [747715d8a11c] + * src/exec.c: + When a terminal device is closed, SIGHUP is sent to the controlling + process associated with that terminal. It is not sent to the entire + process group so sudo needs to relay SIGHUP to the command when it + is not being run in a new pty. Bug #719 + [b408a792f31a] -2015-02-24 Todd C. Miller + * NEWS: + Mention visudo bug in 1.8.14 + [0fec829807fd] - * MANIFEST, configure, configure.ac, include/sudo_compat.h, - lib/util/Makefile.in, lib/util/clock_gettime.c, mkdep.pl, - plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c, - plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoers.h, - plugins/sudoers/timestamp.c: - We cannot (easily) use clock_gettime(CLOCK_MONOTONIC) directly as it - may be present but not implemented. Add sudo_gettime_real() and - sudo_gettime_mono() functions to get the real and monotonic times - respectively. Now sudo_gettime_mono() checks the value of - sysconf(_SC_MONOTONIC_CLOCK) before calling - clock_gettime(CLOCK_MONOTONIC) and falls back on sudo_gettime_real() - as needed. The Mach version of sudo_gettime_mono() uses - mach_absolute_time(). + * plugins/sudoers/visudo.c: + We reserved two slots at the end of the editor argv for the line + number and the file name. However, resolve_editor() adds "--" before + the file names so the +line_number is interpreted as a file name, + not a line number so we need to overwrite the "--" as well. + [ff107430ee4b] - This should fix problems with timestamp files on systems where the - CLOCK_MONOTONIC is defined but not actually implemented. - [cd04a21af4c5] +2015-09-10 Todd C. Miller - * include/sudo_compat.h, plugins/sudoers/timestamp.c: - Check clock_gettime() return value and warn if it fails. Currently, - the timestamp will be ignored if clock_gettime() fails. - [3658154638da] + * config.h.in, configure, configure.ac, lib/util/sig2str.c, + lib/util/strsignal.c: + Remove checks for __sys_siglist and __sys_signame. They are internal + to libc and there are no known systems that export those symbols + that do not already export the single underbar or no- underbar + versions. + [2b3efe0a91f2] -2015-02-23 Todd C. Miller + * plugins/sudoers/po/ru.mo, plugins/sudoers/po/ru.po, po/es.mo, + po/es.po: + Sync with translationproject.org + [feb5eb934a9e] - * lib/util/sudo_debug.c: - Plug memory leak when debug file cannot be opened. Use %zu printf - format now that our snprintf support it. - [a168a002cd19] + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [947e8320c557] - * plugins/sudoers/auth/pam.c: - Pam conversation function changes: o use PAM_BUF_ERR as the return - value when calloc() fails. o sanity check the value of num_msg o - remove the workaround for old Apple PAM o PAM_AUTH_ERR is not a - valid PAM conversation function return value +2015-09-09 Todd C. Miller - If getpass_error is set after a call to pam_verify (usually because - the user pressed ^C), return AUTH_INTR immediately instead of - checking the pam_verify return value. - [8d378f40fe1f] + * src/tgetpass.c: + Restore old signal handlers before tty settings. That way SIGTTOU is + at its original value if sudo_term_restore() should fail. + [69d2cc6c0702] - * INSTALL, NEWS, configure, configure.ac, - plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/sudo_auth.c, - plugins/sudoers/auth/sudo_auth.h: - On AIX use the value of auth_type in /etc/security/login.cfg to - determine whether to use LAM or PAM unless the user specified the - --with-pam or --with-aixauth configure flags. - [cb314c1ed5f8] + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Document what happens when the on_suspend/on_resume callbacks return + an error. + [d8c9dcf7a926] - * lib/util/parseln.c: - Fix cast. - [4f56047e2bc4] + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, + plugins/group_file/group_file.c, plugins/group_file/plugin_test.c, + plugins/sudoers/group_plugin.c, plugins/sudoers/policy.c, + plugins/system_group/system_group.c, src/hooks.c: + No need to have version macros for hooks, callbacks and the sudoers + group plugin. We can just use the main sudo API macros. The sudoers + group plugin macros are preserved for source compatibility but are + not documented. + [8c52bb83f991] -2015-02-21 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Properly escape the backslash before a comma in an example so the + example rule is parsable by visudo. + [6745d38e9876] - * config.h.in, configure, configure.ac, lib/util/snprintf.c: - Update snprintf.c from OpenBSD. The floating point and wide - character code has been retained but is not compiled by default. - [6801a77398fc] + * src/tgetpass.c: + Ignore callbacks if major version doesn't match. + [f852e6ebff01] -2015-02-20 Todd C. Miller + * MANIFEST, config.h.in, configure, configure.ac, + include/compat/timespec.h, lib/util/Makefile.in, lib/util/gettime.c, + lib/util/utimens.c, plugins/sudoers/Makefile.in, + plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c, + plugins/sudoers/visudo.c, src/Makefile.in, src/sudo_edit.c: + Remove include/compat/timespec.h. Systems old enough to lack struct + timespec are too old to build a modern sudo. + [37812e10a449] - * plugins/sudoers/regress/sudoers/test1.in, - plugins/sudoers/regress/sudoers/test1.out.ok, - plugins/sudoers/regress/sudoers/test1.toke.ok: - Update the regression test that check that all tags are parsed. - [d0f9af2f9d45] + * NEWS: + Bug #713 + [8a7245d76799] - * MANIFEST, configure, configure.ac, lib/util/Makefile.in, - lib/util/mktemp.c, lib/util/regress/mktemp/mktemp_test.c, mkdep.pl: - Add regress for mkdtemp and mkstemps from OpenBSD - [18714ae9bffd] + * src/exec.c: + Fill in cstat if exec_setup() fails. Previously it was only filled + in for an execve() failure. Fixes an unkillable sudo process when + exec_setup() fails and I/O logging is enabled. + [ff1d39d9e505] - * plugins/sudoers/po/sudoers.pot: - regen - [b77490dd9b33] + * src/sudo.c: + Fix running commands as non-root when neither setresuid() not + setreuid() are available. At this point we are already root so + setuid() must succeed. Bug #713 + [34754ad586c7] - * plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, po/tr.mo, - po/tr.po: - Sync with translationproject.org - [b2946065653d] + * src/sudo.c: + Cast uid_t to unsigned int when printing as %u + [669e2d5244a6] - * config.h.in, configure.ac: - Correct SECURE_PATH comment. - [3fd6132d5dba] - - * NEWS, configure, configure.ac: - Sudo 1.8.13 - [32c1183b0666] + * doc/UPGRADE: + Mention time stamp file locking changes, fix some spelling. + [c4563ea85e3a] -2015-02-19 Todd C. Miller + * NEWS: + Update with latest changes. + [2cbd50e7c158] - * MANIFEST, config.h.in, configure, configure.ac, - include/sudo_compat.h, include/sudo_util.h, lib/util/Makefile.in, - lib/util/gethostname.c, lib/util/util.exp.in, - plugins/sudoers/match.c, plugins/sudoers/testsudoers.c, - plugins/sudoers/visudo.c, src/sudo.c: - Avoid using HOST_NAME_MAX directly and use - sysconf(_SC_HOST_NAME_MAX) instead. - [97036b819d58] +2015-09-07 Todd C. Miller - * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c: - Historically, crypt() returned the empty string on error, which - ensured that crypt("", "") would return "", which supported matcing - empty encrypted passwords with no additional code. Some modern - versions of crypt() (such as glibc) return NULL on error so we need - an explicit test to match an empty plaintext password and an empty - encrypted password. - [b88eb9da5e57] + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, include/sudo_fatal.h, + include/sudo_plugin.h, lib/util/fatal.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.h, + src/conversation.c, src/sudo.c, src/sudo.h, src/sudo_plugin_int.h, + src/tgetpass.c: + Add a struct sudo_conv_callback that contains on_suspend and + on_resume function pointer args plus a closure pointer and at it to + the conversation function. + [5608cb4c18f2] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Sort tags lexically in the sudoers manual - [66716c0b7a13] + * config.h.in, configure, configure.ac, include/sudo_util.h, + lib/util/locking.c, lib/util/util.exp.in, plugins/sudoers/check.c, + plugins/sudoers/check.h, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c: + Lock individual records in the timestamp file instead of the entire + file. This will make it possible for multiple sudo processes using + the same tty to serialize their timestamp lookups. + [f4ad82e36d90] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/gram.c, plugins/sudoers/gram.h, - plugins/sudoers/gram.y, plugins/sudoers/ldap.c, - plugins/sudoers/parse.c, plugins/sudoers/parse.h, - plugins/sudoers/regress/sudoers/test1.out.ok, - plugins/sudoers/sssd.c, plugins/sudoers/sudoers_version.h, - plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, - plugins/sudoers/toke.l, plugins/sudoers/visudo_json.c: - Add support for MAIL and NOMAIL command tags to toggle mail sending - behavior on a per-command (or Cmnd_Alias) basis. - [04f30a064c25] + * lib/util/term.c, plugins/sudoers/check.c, + plugins/sudoers/sudoreplay.c, src/tgetpass.c: + Implement suspend/resume callbacks for the conversation function. If + suspended, close the timestamp file (dropping all locks). On resume, + lock the record before reading the password. - * config.h.in, configure, configure.ac, include/sudo_compat.h, - lib/util/closefrom.c, lib/util/setgroups.c, - plugins/sudoers/pwutil_impl.c, src/sudo.c: - Almost no systems actually define OPEN_MAX since it is dynamic on - modern OSes. If sysconf(_SC_OPEN_MAX) ever fails, fall back on - _POSIX_OPEN_MAX instead. We can assume modern systems have - sysconf(). Also remove checks for strrchr() and strtoll() for which - the HAVE_* defines are no longer used. - [c3058a6cca86] + For this to work properly we need to be able to run th callback when + tsetattr() suspends us, not just when the user does. To accomplish + this the term_* functions now return EINTR if SIGTTOU would be + generated. The caller now has to restart the term_* function (and + send itself SIGTTOU) instead of it being done automatically. + [572374035897] - * lib/util/getline.c, plugins/group_file/getgrent.c, - plugins/sudoers/regress/check_symbols/check_symbols.c, - plugins/sudoers/sudoreplay.c, plugins/sudoers/tsgetgrpw.c: - All modern systems should have LINE_MAX. - [117322b6d86c] + * plugins/sudoers/timestamp.c: + Allow the time stamp lock to be interrupted by signals. + [aa5017f86210] - * Makefile.in, sudo.pp: - Don't need to pass exampledir to polypkg now that it is just under - docdir. - [9f24f0184a78] + * plugins/sudoers/timestamp.c: + Adjust new locking to work when tty_tickets is disabled. We need to + use per-tty/ppid locking to gain exclusive access to the tty for the + password prompt but use a separate (short term) lock that is shared + among all sudo processes for the user. + [d6d7a0bb6bd0] -2015-02-18 Todd C. Miller + * lib/util/locking.c: + Set errno to EINVAL if sudo_lock_* is called with a bad type. + [cfba014f1c1a] - * sudo.pp: - Fix packaging of the example dir. - [4c7cbc3fc190] + * src/exec_pty.c: + sudo_term_* already restart themselve for all but SIGTTOU so we + don't need to use our own restart loops. + [113924cd05c0] - * lib/util/mktemp.c: - Fix mkstemps() extension handling. Sudoedit will now preserve the - extension properly when the system libc lacks mkstemps(). - [b86f54331972] + * config.h.in, configure, configure.ac, plugins/sudoers/iolog.c, + plugins/sudoers/timestamp.c: + Use pread(2) and pwrite(2) where possible. + [86cd3f6bab9e] -2015-02-17 Todd C. Miller + * plugins/sudoers/timestamp.c: + Bring back the check for time stamp files that predate the boot + time. Instead of truncating we now unlink the file since another + process may be sleeping on the lock. + [9cdf7468d0f2] - * MANIFEST, aclocal.m4, config.h.in, configure, configure.ac, - lib/util/Makefile.in, lib/util/locale_weak.c, - m4/ax_sys_weak_alias.m4, mkdep.pl, src/Makefile.in, - src/locale_stub.c: - Use weak symbols for sudo_warn_gettext() and sudo_warn_strerror() so - distros using "-Wl,--no-undefined" in LDFLAGS don't run into - problems. - [708418615aae] + * plugins/sudoers/check.c: + Avoid touching the time stamp directory for "sudo -k command" + [391d20c17775] - * lib/util/mksiglist.c, lib/util/mksigname.c: - Include unistd.h in siglist.c and signame.c to get gid_t which is - used by sudo_compat.h. Bug #686 - [0ab6450a96ec] +2015-09-02 Todd C. Miller -2015-02-15 Todd C. Miller + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, include/sudo_plugin.h: + Make hook_version and hook_type unsigned. + [77cb84793f07] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, - plugins/sudoers/def_data.in, plugins/sudoers/logging.c: - Add mail_all_cmnds to always mail when a user runs a command (or - tries to) including sudoedit. The mail_always flag goes back to its - old semantic of always mailing when sudo is run. - [edc904502061] +2015-09-01 Todd C. Miller -2015-02-10 Todd C. Miller + * plugins/sudoers/base64.c, plugins/sudoers/match.c, + plugins/sudoers/regress/parser/check_base64.c: + When decoding base64, avoid using '=' in the decoded temporary array + as a sentinel as it can legitimately be present. Instead, just use + the count of bytes stored in the temp array to determine which bytes + to fold into the destination. + [6abef15d3954] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Minor change in description of TZ path handling. - [579b02f0dbe0] +2015-08-21 Todd C. Miller - * Makefile.in, examples/Makefile.in: - Move example dir under the doc dir to conform to Debian guidelines. - Bug #682. - [494d9a0484b6] + * NEWS, plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c: + When parsing def_editor, break out of the loop when we find the + first valid editor. Bug #714 + [c7508ed075c2] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Document that a leading ':' is skipped when checking TZ for a fully- - qualified path name. - [91859f613b88] +2015-08-18 Todd C. Miller -2015-02-09 Todd C. Miller + * plugins/sudoers/visudo.c: + The condition for adding a missing newline at the end of sudoers was + never reached. Keep track of the last character and write a newline + character if when copying to the temp file. Found by Radovan Sroka. + [86c20e7fc6bd] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Typo. - [b9257ea66116] + * plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c: + Remove extraneous while() from botched do {} while() loop conversion + to use sudo_strsplit. Noticed by Radovan Sroka. + [cd2d25510129] - * .hgtags: - Added tag SUDO_1_8_12 for changeset 48fe8a3d7537 - [effc92deaace] <1.8> +2015-08-10 Todd C. Miller - * INSTALL, Makefile.in, NEWS, config.h.in, configure, configure.ac, - doc/CONTRIBUTORS, doc/sample.pam, doc/sample.sudo.conf, - doc/sample.sudoers, doc/sample.syslog.conf, doc/sudo.cat, - doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, - doc/visudo.cat, doc/visudo.man.in, lib/util/Makefile.in, - lib/util/event.c, lib/util/sudo_printf.c, - plugins/group_file/Makefile.in, plugins/sudoers/Makefile.in, - plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, - plugins/sudoers/boottime.c, plugins/sudoers/check.c, - plugins/sudoers/env.c, plugins/sudoers/iolog.c, - plugins/sudoers/logging.c, plugins/sudoers/match.c, - plugins/sudoers/po/sudoers.pot, plugins/sudoers/redblack.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, - po/sudo.pot, src/Makefile.in, src/exec_pty.c, src/load_plugins.c, - src/parse_args.c, src/sudo.c, src/ttyname.c: - Merge sudo 1.8.12 from trunk. - [48fe8a3d7537] [SUDO_1_8_12] <1.8> + * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c: + In sudo_pam_begin_session() and sudo_pam_end_session() return + AUTH_FATAL on error, not AUTH_FAILURE. In sudo_auth_begin_session() + treat anything other than AUTH_SUCCESS as a fatal error. + [3ad7296390f2] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Fix typos. - [ac1467f71ac0] + * doc/CONTRIBUTORS, src/exec.c, src/exec_pty.c: + Linux sets si_pid in struct siginfo to 0 when the process that sent + the signal is in a different container since the PID namespaces in + different conatiners are separate. Avoid looking up the process + group by id when si_pid is 0 since getpgid(0) returns the process + group of the current process. Since sudo ignores signals sent by + processes in its own process group, this had the effect of ignoring + signals sent from other containers. From Maarten de Vries + [6d3f43b95a1f] - * plugins/sample/sample_plugin.c: - Fix compilation on systems w/o __dso_public - [b773ef9127fa] + * plugins/sudoers/auth/pam.c: + Sprinkle some debugging. + [f5a94a3a1192] -2015-02-07 Todd C. Miller +2015-08-09 Todd C. Miller - * NEWS, plugins/sudoers/po/ru.mo, plugins/sudoers/po/ru.po: - Russian translation for sudoers from translationproject.org. - [8a7fc2e00072] + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.man.in, doc/sudo.mdoc.in: + Document that sudo uses the real uid to map from uid to passwd file + user name. + [04f6709675cc] -2015-02-06 Todd C. Miller + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in: + disable_coredump can be set to no on modern OSes without security + consequences. + [ebe6d5bb2274] - * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/ru.mo, - plugins/sudoers/po/ru.po: - Russian translation for sudoers from translationproject.org. - [1d5869e4d4af] +2015-08-07 Todd C. Miller - * config.h.in, configure, configure.ac, include/sudo_compat.h: - Add check for getresuid() declaration, which may be missing on HP- - UX. When checking for getdomainname() prototype, look in netdb.h - too. - [0ba583590b17] - - * INSTALL, NEWS, configure, configure.ac, doc/sudoers.cat, - doc/sudoers.man.in, doc/sudoers.mdoc.in, m4/sudo.m4, pathnames.h.in, - plugins/sudoers/env.c: - Sanity check the TZ environment variable by special casing it in - env_check. The --with-tzdir configure option can be used to specify - the zoneinfo directory if configure doesn't find it. - [650ac6938b59] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in: + Emphasis on the never. + [39ca000281c7] - * NEWS: - Mention crash fixes. - [f759c993e172] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Explicitly tell people not to grant sudoedit to directories the user + can write to. While sudoedit will no longer open symbolic links, + hard links are still an issue. + [26e0afae9bae] - * src/parse_args.c: - Bail with usage() early if argc <= 0. - [aaba56c9a797] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Add warning about writable directories and sudo/sudoedit. + [701ff725af42] -2015-02-05 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Emphasize that wildcards are not regexps. Bug #692 + [1e071810c4cb] - * plugins/sudoers/pwutil.c: - Remove extraneous casts of node->data (which is void *). - [950749570a00] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Emphasize that wildcards in command line arguments are dangerous. + Document the failings of the passwd example on GNU systems. Bug #691 + [54d793aea6b2] - * doc/CONTRIBUTORS: - Add Stephane Chazelas - [a6c7becabee7] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Escape the colons in [[:alpha:]] as required by sudoers. + [ad875dd5ca64] - * plugins/sudoers/pwutil.c: - Fix a potential crash when getpwnam() of the running user fails and - we don't replace the negative cached entry with a faked up one. From - Stephane Chazelas - [9088f041bbad] + * po/sudo.pot, src/sudo_edit.c: + Change warning when user tries to sudoedit a symbolic link. + [b8f44e834c2f] - * src/parse_args.c, src/sudo.c: - Don't assume argv[0] is set without first checking argc. - [aabdc9d0ba26] +2015-08-06 Todd C. Miller - * lib/util/progname.c: - Call setprogname("sudo") if getprogname() returns NULL or the empty - string. - [45438f7227b1] + * MANIFEST: + add .json regress files to MANIFEST + [03ddb3a9671b] - * plugins/sudoers/set_perms.c: - Handle sudo_get_grlist() returning NULL which can happen if - getgrouplist() fails even after allocating the appropriate amount of - memory. From Stephane Chazelas - [25747a0ead7c] + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [5abaa0eeab86] - * config.h.in, configure, configure.ac: - Remove configure checks for strrchr() and strtoll() for which the - HAVE_* defines are no longer used. - [f04216435aba] + * doc/sudo.conf.cat, doc/sudoers.ldap.cat, doc/sudoreplay.cat, + doc/visudo.cat: + regen + [43e6b445734c] - * config.h.in, configure, configure.ac, doc/sudoreplay.cat, - doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, - plugins/sudoers/sudoreplay.c: - Require POSIX regular expression support for sudoreplay. - [1486747cd470] + * doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, include/sudo_compat.h, include/sudo_plugin.h, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/policy.c, + plugins/sudoers/regress/sudoers/test1.in, + plugins/sudoers/regress/sudoers/test1.json.ok, + plugins/sudoers/regress/sudoers/test1.out.ok, + plugins/sudoers/regress/sudoers/test1.toke.ok, + plugins/sudoers/sudoers_version.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/visudo_json.c, src/sesh.c, src/sudo.c, src/sudo.h, + src/sudo_edit.c: + Do not follow symbolic links in sudoedit by default. This behavior + can be controlled by the sudoedit_follow Defaults flag as well as + the FOLLOW/NOFOLLOW tags. + [9636fd256325] - * config.h.in, configure, configure.ac, include/sudo_compat.h: - Check whether getdomainname(), innetgr(), setresuid() and - setresgid() are declared and add prototypes in sudo_compat.h as - needed. - [03aa144afce4] + * NEWS, aclocal.m4, configure, configure.ac: + Sudo 1.8.15 + [bf18da363b06] - * plugins/sudoers/policy.c: - The plugin no longer needs to call initprogname() now that it links - with the same libsudo_util as sudo. - [78b65a352ac5] + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/sudoers/test1.json.ok, + plugins/sudoers/regress/sudoers/test10.json.ok, + plugins/sudoers/regress/sudoers/test11.json.ok, + plugins/sudoers/regress/sudoers/test12.json.ok, + plugins/sudoers/regress/sudoers/test13.json.ok, + plugins/sudoers/regress/sudoers/test14.json.ok, + plugins/sudoers/regress/sudoers/test15.json.ok, + plugins/sudoers/regress/sudoers/test16.json.ok, + plugins/sudoers/regress/sudoers/test2.json.ok, + plugins/sudoers/regress/sudoers/test3.json.ok, + plugins/sudoers/regress/sudoers/test4.json.ok, + plugins/sudoers/regress/sudoers/test5.json.ok, + plugins/sudoers/regress/sudoers/test6.json.ok, + plugins/sudoers/regress/sudoers/test7.json.ok, + plugins/sudoers/regress/sudoers/test8.json.ok, + plugins/sudoers/regress/sudoers/test9.json.ok: + Check JSON output of sudoers test files too. + [3d8517812b80] -2015-02-04 Todd C. Miller +2015-08-04 Todd C. Miller - * sudo.pp: - Add /usr/local/share/examples/ directory to parentdirs so it is - explicitly added to the package. - [ef1aa52b0aad] + * plugins/sudoers/sudoers.c: + Move comment to match moved code. + [7a30f06462a8] - * plugins/sudoers/po/da.mo, po/da.mo: - Sync with translationproject.org - [943986acd31c] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + maxseq is an int not a string + [bffd97d22064] - * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, - plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, - plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, - plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, - plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, - plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, - plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, - plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, - plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, - plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, - plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, - plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/nl.mo, - po/nl.po: - Sync with translationproject.org - [4977ac967bdd] +2015-08-02 Todd C. Miller -2015-02-03 Todd C. Miller + * src/preserve_fds.c: + Include sys/types.h for id_t. Bug #711 + [fda95d9ca1e9] - * plugins/sudoers/getdate.c, plugins/sudoers/gram.c: - Regen with yacc skeleton that the clang analyzer doesn't complain - about. - [e15991fd4ab1] +2015-07-31 Todd C. Miller - * configure, configure.ac, lib/util/alloc.c, lib/util/glob.c, - plugins/sudoers/env.c, plugins/sudoers/getdate.c, - plugins/sudoers/getdate.y, plugins/sudoers/gram.c, - plugins/sudoers/gram.y: - Use stdint.h to get SIZE_MAX as inttypes.h on some pre-C99 HP-UX - systems doesn't include stdint.h itself. - [9fbd35811743] + * lib/util/fnmatch.c: + Avoid a potential out of bounds read found by enh while fuzzing with + address sanitizer enabled. + [52d6b9916593] - * configure, configure.ac: - SIZE_MAX may be in limits.h on pre-C99 compilers. - [d3b554f7e0e5] +2015-07-27 Todd C. Miller - * config.h.in, configure, configure.ac, lib/util/aix.c: - Add missing prototypes for usrinfo() and setauthdb() for AIX. - [aa4b205296cf] + * mkpkg: + Set sssd lib location to /usr/lib64 on 64-bit RHEL/Centos. Bug #710 + [428421925a20] - * config.h.in, configure, configure.ac, plugins/sudoers/match.c: - Solaris uses sysinfo(SI_SRPC_DOMAIN) instead of getdomainname() to - get the host's NIS domain. - [9234c62a1469] +2015-07-24 Todd C. Miller -2015-02-02 Todd C. Miller + * doc/CONTRIBUTORS, src/Makefile.in: + The init.d files are generated from a .in file so we need to install + from top_builddir not top_srcdir. From Ross Burton. Bug #708 + [df1e7a0d3182] - * configure, configure.ac: - Remove AC_PROG_GCC_TRADITIONAL and add AC_PROG_CC_STDC since we need - C99. - [005775f5662b] +2015-07-22 Todd C. Miller - * plugins/sudoers/match.c: - Actually use the check for prior initialization in - sudo_getdomainname(). - [06368385ad0d] + * lib/util/term.c: + Replace two "return 0" with debug_return_bool(false). + [49f8fb3dcd36] - * configure, configure.ac: - We need to add OSDEFS to CFLAGS to expose LLONG_MAX et al on glibc - when not explicitly asking for c99. - [ae9435631600] + * src/ttyname.c: + fix typo in previous commit + [094488696f2c] - * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/logging.c: - Don't send mail about pseudo-command failure unless it is an - authentication failure. - [deddcfc1f2ab] + * NEWS, configure, configure.ac: + Sudo 1.8.14p3 + [0079c43d8247] - * configure, configure.ac: - Fix check for SIZE_MAX, which should be in stdint.h not limits.h. - [47bf0ab7dfca] +2015-07-21 Todd C. Miller - * lib/util/glob.c: - Need to include inttypes.h for SIZE_MAX - [a11f42f40294] + * src/ttyname.c: + Fix errno value from get_process_ttyname() when no tty is present. + [ff7b12bb0638] - * plugins/sudoers/po/sudoers.pot: - regen - [d35b24f95ef8] + * src/ttyname.c: + On AIX, only convert the tty device number from dev64_t to dev32_t + if dev_t is 32-bits. + [0e728a1eb07a] -2015-02-01 Todd C. Miller +2015-07-20 Todd C. Miller - * include/sudo_debug.h, lib/util/aix.c, lib/util/event.c, - lib/util/event_poll.c, lib/util/event_select.c, lib/util/gidlist.c, - lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c, - lib/util/parseln.c, lib/util/secure_path.c, lib/util/setgroups.c, - lib/util/strtobool.c, lib/util/strtoid.c, lib/util/strtomode.c, - lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/term.c, - lib/util/ttysize.c, lib/util/util.exp.in, plugins/sudoers/alias.c, - plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c, - plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, - plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, - plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, - plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, - plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, - plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, - plugins/sudoers/base64.c, plugins/sudoers/boottime.c, - plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, - plugins/sudoers/defaults.c, plugins/sudoers/env.c, - plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, - plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, - plugins/sudoers/hexchar.c, plugins/sudoers/interfaces.c, - plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, - plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, - plugins/sudoers/logging.c, plugins/sudoers/logwrap.c, - plugins/sudoers/match.c, plugins/sudoers/match_addr.c, - plugins/sudoers/parse.c, plugins/sudoers/policy.c, - plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, - plugins/sudoers/pwutil_impl.c, plugins/sudoers/redblack.c, - plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, - plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_debug.c, - plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, - plugins/sudoers/timestamp.c, plugins/sudoers/toke.c, - plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, - plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, src/exec.c, - src/exec_common.c, src/exec_pty.c, src/get_pty.c, src/hooks.c, - src/load_plugins.c, src/net_ifs.c, src/parse_args.c, - src/preserve_fds.c, src/selinux.c, src/sesh.c, src/signal.c, - src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c, - src/ttyname.c, src/utmp.c: - Go back to a 2 args debug_decl and just use the "default" instance, - now renamed "active". - [7130b7478355] + * NEWS, configure, configure.ac: + Sudo 1.8.14p2 + [55fe56b28c7b] -2015-01-31 Todd C. Miller + * plugins/sudoers/timestamp.c: + Fix creation of the timestamp file; bug #704 + [1ff77fd5cc8f] - * doc/LICENSE: - Update copyright year. - [e1dad7b195e4] +2015-07-19 Todd C. Miller -2015-01-30 Todd C. Miller + * src/regress/ttyname/check_ttyname.c, src/sudo.c, src/sudo.h, + src/ttyname.c: + Avoid needless memory allocation when resolving the tty name. + [c58cce92d5e0] - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c, - plugins/sudoers/match.c, plugins/sudoers/parse.h: - When querying LDAP netgroups, use the NIS domain if it is sent but - also match nisNetgroupTriple entries that have no domain. - [5a0fa3ac26f7] +2015-07-17 Todd C. Miller - * plugins/sudoers/sudoreplay.c: - Avoid setting the tty to non-blocking mode so "sudoreplay | cat" - (for example) works as expected. We only read a single byte from the - keyboard and only when interactive anyway so this should be fine. - [9615a932545b] + * NEWS, configure, configure.ac: + Sudo 1.8.14p1 + [973705806759] - * lib/zlib/Makefile.in, plugins/sudoers/Makefile.in: - regen - [f19c6e000850] + * plugins/sudoers/sssd.c: + Fix typo in sudo_sss_attrcpy() that caused a memory allocation + error. + [0fa324a7bb56] - * plugins/sudoers/sudoreplay.c: - Avoid a cppcheck warning about undefined behavior (using the address - of a stack buffer - 1) and fix a memory leak of the iov when doing - nl->crnl conversion. - [e26f9008c2e4] +2015-07-15 Todd C. Miller - * doc/CONTRIBUTORS: - Add Steven Soulen - [17a47303d5fe] + * plugins/sudoers/po/ja.mo, plugins/sudoers/po/uk.mo, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/zh_CN.mo: + rebuild + [e4c7cda46475] - * plugins/sudoers/sudoreplay.c: - Fix handling of partial writes from writev() which can occur with - large output buffers. - [1065dbeaa13d] +2015-07-14 Todd C. Miller -2015-01-29 Todd C. Miller + * lib/util/lbuf.c, plugins/sudoers/env.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/interfaces.c, + plugins/sudoers/match.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/redblack.c, src/hooks.c, src/net_ifs.c, src/sudo.c: + Add some debugging printfs when malloc fails and we don't have an + explicit call to sudo_warnx(). + [07aebb5839c3] - * NEWS, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c: - Add support for querying netgroups directly via LDAP since there is - no other way to look up all the netgroups for a user (unlike regular - groups). This introduces netgroup_base and netgroup_search_filter - options to ldap.conf. Based on a diff from Steven Soulen. - [7e3d55983e71] + * plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c: + Add missing warnings for memory allocation failure. Add function + name to memory allocation warnings. + [4f6027786a28] -2015-01-27 Todd C. Miller + * lib/util/parseln.c: + Return -1 if realloc() fails. + [707632291eac] - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in: - Sort ldap.conf options. - [264608124698] + * lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c: + Add line number to debug log for memory allocation errors. + [f4f3debdfcc5] -2015-01-22 Todd C. Miller + * plugins/sudoers/auth/pam.c: + Add warning if calloc() fails. Add debugging for other unexpected + errors. + [a1e0945237d8] * plugins/sudoers/ldap.c: - Add macros to ease the checking of strlcpy, strlcat and - sudo_ldap_value_cat return values. - [e9122413d4fa] - -2015-01-21 Todd C. Miller + Add missing check for calloc(3) return value. + [37fe3ca78e8e] - * plugins/sudoers/check.c, plugins/sudoers/ldap.c, - plugins/sudoers/logging.c, plugins/sudoers/parse.c, - plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h: - Rename VALIDATE_OK -> VALIDATE_SUCCESS Rename VALIDATE_NOT_OK -> - VALIDATE_FAILURE - [4379cac9f75d] +2015-07-13 Todd C. Miller - * plugins/sudoers/logging.c, plugins/sudoers/sudoers.h: - Remove now-unused VALIDATE_ERROR define. - [569d4936b761] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document that the values printed by "sudo -V" are affected by + Defaults settings in sudoers. + [80ec2572861b] - * plugins/sudoers/logging.c: - should_mail() now returns bool. - [0316d1fb08c3] +2015-07-10 Todd C. Miller - * lib/util/sudo_debug.c: - If sudo_debug_register() fails return - SUDO_DEBUG_INSTANCE_INITIALIZER, not -1. Otherwise we could end up - setting the instance to -1 which is invalid. - [032bb1db6db5] + * plugins/sudoers/group_plugin.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/sssd.c, src/load_plugins.c: + Avoid calling dlerror() multiple times since it clear the error + status after printing the error. Problem caused by + sudo_warn/sudo_fatal being macros... + [c0fd3b0fb9c3] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Fix typo. - [014be972780c] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in: + Attempt to clarify the conditions under which MAIL and HOME are set + to the target user. + [ebd269bebe64] - * doc/Makefile.in: - Use "mandoc -Tascii" to generate .cat pages to avoid locale-specific - characters. - [0ec42d8924fc] +2015-07-09 Todd C. Miller -2015-01-19 Todd C. Miller + * mkpkg: + Better checks for the libaudit package for Debian and error out if + we can't figure it out. + [225c1bfcb629] - * configure, m4/sudo.m4: - Use AC_PATH_PROG to find programs instead of checking the path - manually. - [2b5d9893a7a7] + * mkpkg: + Fix linux_audit setting on non-multiarch Debian. + [0a38e9d158f4] -2015-01-16 Todd C. Miller + * sudo.pp: + Fix typo that broke the linux_audit dependency on Debian. + [0917bd45acf1] - * lib/util/strlcat.c, lib/util/strlcpy.c: - Sync with OpenBSD version - [22c073c42a9e] + * NEWS: + Mention /proc/stat btime fix. + [754050a340e2] -2015-01-15 Todd C. Miller + * config.h.in, configure, configure.ac, lib/util/getaddrinfo.c, + plugins/sudoers/interfaces.c, plugins/sudoers/match_addr.c, + src/net_ifs.c: + Solaris 2.6 has the prototypes for inet_pton() and inet_ntop() in + resolv.h. + [dc0f62743845] - * configure, configure.ac: - Use AC_CHECK_HEADERS_ONCE and AC_CHECK_FUNCS_ONCE where possible and - quote the first args in AC_CHECK_FUNCS calls. - [84aa40ab410a] + * plugins/sudoers/boottime.c: + Sprinkle debugging for boottime. + [dfb45c763179] - * config.h.in, configure, configure.ac, include/sudo_compat.h: - Avoid inadvertantly defining things like PATH_MAX simply because the - source file doesn't include limits.h. - [d2e7c4093f55] + * mkpkg: + The old Solaris /bin/sh doesn't support POSIX $( .. ) syntax, use + backquotes instead. + [c9e33ffef2b1] -2015-01-14 Todd C. Miller +2015-07-08 Todd C. Miller - * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, - m4/ltversion.m4: - Update to libtool 2.4.4 + HP-UX patches - [859b7378bc37] + * mkpkg, sudo.pp: + Only use --with-sssd-lib on Debian/Ubuntu w/ multipackage. Use dpkg- + query to determine the name of the audit package for proper + dependencies. + [e9669389aa2f] - * src/ttyname.c: - Document why we need sys/param.h. - [f21a4d7122f0] + * mkpkg, plugins/sudoers/sudoers.in, sudo.pp: + Update Debian/Ubuntu packages to be more like the vendor ones. One + notable exception is that sudo.ws packages use /var/run, not + /var/lib for timestamp files. + [0f4c49a3768e] - * configure, m4/sudo.m4: - Don't need sys/param.h. - [6aa24ecfc9d4] + * doc/CONTRIBUTORS: + Add Jakub Wilk + [78bfdf2e441b] - * lib/util/closefrom.c: - Don't appear to need sys/param.h for pstat_getproc() on HP-UX even - though the man page lists it. - [47d75f3db288] + * plugins/sudoers/boottime.c: + Strip newline from /proc/stat btime line to avoid a strtonum() + failure. From Jakub Wilk. + [8a04f85a070f] - * lib/util/inet_ntop.c, lib/util/inet_pton.c: - Should not need sys/param.h here. - [5c83cebcd75f] + * src/exec_pty.c: + In io_callback() service writes before reads. That way, if both + SUDO_EV_READ and SUDO_EV_WRITE are set and read() returns 0 (EOF) we + don't close the fd before the write() is performed. -2014-12-31 Todd C. Miller + If the write() returns EPIPE, ENXIO, EIO or EBADF, clear + SUDO_EV_READ before we close the fd to avoid calling read() on a + closed fd. + [167548fd8af2] - * plugins/sudoers/match_addr.c: - Use standard CIDR -> netmask conversion and disallow 0-bit CIDRs. - [d30313d726eb] +2015-07-07 Todd C. Miller -2014-12-24 Todd C. Miller + * lib/util/regress/sudo_conf/conf_test.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c: + Check sudo_conf_read() return value and exit on fatal error (a + warning was already printed by sudo_conf_read()). + [d05797f4f197] - * README.LDAP: - Update link to gq LDAP editor, now on sourceforge. - [706dadea1abb] + * NEWS: + Mention double-quoted sudoOption value support. + [55684a73f097] -2014-12-16 Todd C. Miller + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Add support for parsing quoted strings in a sudoOption just like + sudoers Defaults settings. + [fe8291414179] - * include/compat/glob.h, lib/util/glob.c: - Add support for GLOB_LIMIT from OpenBSD (not currently used) and - also a limit on the max recursion depth for glob(). - [6f9e26b88612] + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, po/da.mo, + po/da.po: + Sync with translationproject.org + [1c15d1a3dbdd] - * lib/util/glob.c: - Quiet compiler sign compare warning. - [c4f35c02122c] +2015-07-06 Todd C. Miller -2014-12-10 Todd C. Miller + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + Update year. + [6ca660e4a957] - * NEWS: - fnmatch fix - [07542b07ac67] + * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, po/de.mo, + po/de.po, po/nb.mo, po/nb.po: + Sync with translationproject.org + [d7ede74dcb19] - * lib/util/fnmatch.c: - Remove artificial limit on length of pattern and string. It is - possible to use fnmatch() on things other than paths (such as - arguments) so a limit of PATH_MAX does not make sense. Fixes a bug - where rules would fail to match if the length of the arguments were - larger than PATH_MAX (usually 1024). - [942770c20422] + * src/sudo.c: + Fix utmp setup broken by commit be0ca60facf8 + [cd8a06f57f2b] -2014-12-04 Todd C. Miller +2015-07-03 Todd C. Miller - * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, - doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, - doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, - doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat, - doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, - doc/visudo.man.in, doc/visudo.mdoc.in: - Remove the extra /sudo in sudo.ws urls - [0b804e3a1008] + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/ja.po, plugins/sudoers/po/pl.mo, + plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.po, po/cs.mo, + po/cs.po, po/fr.mo, po/fr.po, po/it.mo, po/it.po, po/pl.mo, + po/pl.po: + Sync with translationproject.org + [aa473519e66d] -2014-11-27 Todd C. Miller + * plugins/sudoers/po/sudoers.pot: + regen + [8f8aa321f043] - * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, - doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, - doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, - doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat, - doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, - doc/visudo.man.in, doc/visudo.mdoc.in: - Reference bugzilla.sudo.ws - [7dc11bbe6f13] + * plugins/sudoers/logging.c: + Fix typo in error message. + [220832711826] -2014-11-20 Todd C. Miller +2015-07-02 Todd C. Miller - * plugins/sudoers/po/sudoers.pot, po/sudo.pot: - sync - [da17d5a611ce] + * NEWS: + Bug #702 is the AIX timespec issue. + [c597a312e816] -2014-11-19 Todd C. Miller + * config.h.in, configure, configure.ac, lib/util/closefrom.c, + lib/util/getcwd.c, lib/util/glob.c, plugins/sudoers/match.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, src/ttyname.c: + We require POSIX so no need to conditionally include dirent.h. Add a + check for d_namlen and use the result in the NAMLEN macro. + [2728194cb6cf] - * plugins/sudoers/gram.c, plugins/sudoers/gram.y: - Require that a digest be specified with a real command, not an alias - or pseudo-command. Found via a crash by afl. - [55f6166cab63] + * lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c, + lib/util/getcwd.c, lib/util/gettime.c, lib/util/glob.c, + lib/util/lbuf.c, lib/util/locking.c, lib/util/mktemp.c, + lib/util/parseln.c, lib/util/secure_path.c, lib/util/setgroups.c, + lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/ttysize.c, + plugins/group_file/group_file.c, plugins/sample/sample_plugin.c, + plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/editor.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, + plugins/sudoers/ldap.c, plugins/sudoers/logging.c, + plugins/sudoers/match.c, plugins/sudoers/match_addr.c, + plugins/sudoers/parse.c, plugins/sudoers/policy.c, + plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, + plugins/sudoers/visudo_json.c, plugins/system_group/system_group.c, + src/conversation.c, src/exec.c, src/exec_common.c, src/exec_pty.c, + src/get_pty.c, src/hooks.c, src/load_plugins.c, src/net_ifs.c, + src/openbsd.c, src/parse_args.c, src/preserve_fds.c, src/signal.c, + src/solaris.c, src/sudo.c, src/sudo_edit.c, src/sudo_noexec.c, + src/tgetpass.c, src/ttyname.c, src/utmp.c: + There's no need to conditionalize the #include , we + require a POSIX system. + [79389c527c08] - * NEWS: - sync - [4b31247735c4] + * include/sudo_compat.h: + Remove some compatibilty defines that should no longer be needed. + [e9136646d1c6] - * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/fr.mo, - plugins/sudoers/po/fr.po: - French translation for sudoers from translationproject.org. - [5c592350c4b0] +2015-06-30 Todd C. Miller -2014-11-18 Todd C. Miller + * NEWS: + Final changes in 1.8.14 + [3a5cd4f2875a] - * src/exec.c, src/exec_pty.c, src/tgetpass.c: - Defer registration of the SIGCHLD handler until just before we exec - the command. Fixes a problem where pam_gnome_keyring installs its - own SIGCHLD handler and may not restore the original one. As a - result, we now have to explicitly wait for the askpass helper to - finish. Bug #657 - [f499500fef71] + * include/sudo_compat.h: + Need to include stddef.h to get rsize_t on Mac OS X for + sudo_memset_s() prototype. + [9615efed4a9a] -2014-11-17 Todd C. Miller + * lib/util/regress/parse_gids/parse_gids_test.c, + lib/util/regress/strsplit/strsplit_test.c: + Add missing exit value. + [484202b53893] - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in: - Mention sssd support in the sudoers.ldap manual and cross-reference - sssd-sudo(5). - [32f84fbf210c] + * lib/util/regress/mktemp/mktemp_test.c: + Add missing fcntl.h include. + [020fe6252d96] -2014-11-16 Todd C. Miller + * configure, configure.ac: + Do check for inet_pton before inet_ntop since we may need to record + dependent libraries for inet_pton when linking our getaddrinfo + replacement. + [fde03eefd88d] - * doc/CONTRIBUTORS: - Reorder an entry. - [5d15735294f1] + * include/sudo_debug.h, lib/util/sudo_debug.c: + Fix build on compilers w/o __func__ or __FUNCTION__ + [196d75416cd5] -2014-11-15 Todd C. Miller + * lib/util/util.exp.in: + Remove sudo_evasprintf_v1, missed during alloc.c removal. + [7d0ac7e5909d] - * Makefile.in, lib/util/Makefile.in, plugins/group_file/Makefile.in, - plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, - plugins/system_group/Makefile.in, src/Makefile.in: - Prevent cppcheck from getting confused by our compat definition of - the va_copy macro for pre-C99. - [61d94525be2e] + * lib/util/snprintf.c: + Add missing fcntl.h include. + [23b886deb879] -2014-11-14 Todd C. Miller + * config.h.in, configure, configure.ac: + Add check for inline support. + [061dab0e411c] - * plugins/sudoers/iolog_path.c: - Fix potential NULL pointer deref found by cppcheck. - [668967e031e0] +2015-06-29 Todd C. Miller - * plugins/sudoers/alias.c: - Quiet a cppcheck false positive. - [35a16ae4660c] + * doc/LICENSE: + Add reallocarray.c license. + [b4b4d46309f3] - * lib/util/sudo_debug.c: - If there are multiple outputs, ap will be re-used so make a copy and - operate on it instead. - [f4f19df43c93] +2015-06-27 Todd C. Miller - * src/hooks.c: - Fix typo in hook return value check. - [b12839dc6e78] - - * NEWS: - Mention visudo use of sudoers plugin args to set default sudoers - file name and owner/mode. - [7f2733b53431] - - * NEWS: - Mention fix for bug #678 - [7f7a6d8b985b] + * doc/CONTRIBUTORS: + Fix entry for Joel Pelaez Jorge. + [386434049903] -2014-11-12 Todd C. Miller +2015-06-26 Todd C. Miller - * plugins/sudoers/sudoers.c: - In set_fqdn() we neeed to set user_runhost/user_srunhost at the same - time we set user_host/user_shost since that is what - hostlist_matches() uses. Bug #678 - [4f75b01d4884] + * include/sudo_lbuf.h, lib/util/lbuf.c, lib/util/util.exp.in, + plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c: + Add an error flag to the lbuf struct to simplify error checking. + Callers of the lbuf functions now check the error flag to tell if a + memory allocation error ocurred. + [bc44b0fbc03b] -2014-11-11 Todd C. Miller + * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.h: + display_privs() and display_cmnd() may need to return -1 on error. + [b6d8826900bb] - * src/hooks.c: - Do not call sudo_warnx() on invalid value from the env hook - functions as the printf() family may call getenv() for locale - reasons. - [547fc25acb7c] +2015-06-25 Todd C. Miller - * doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, - doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.man.in, - doc/sudoers.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, - doc/visudo.man.in, doc/visudo.mdoc.in: - No need to keep specifying ".Nm foo" since the Nm macro remembers - the argument it was first called with and uses it if none is - specified. Also fix a few minor formatting errors and regen bulleted - lists in the .man.in files. - [d2669e94add4] + * plugins/sudoers/check.c, plugins/sudoers/check.h, + plugins/sudoers/ldap.c, plugins/sudoers/logging.c, + plugins/sudoers/parse.c, plugins/sudoers/policy.c, + plugins/sudoers/prompt.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c: + Check restore_perms() return value in all cases, pushing the return + value back up the call stack. + [c9beeed2b614] - * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: - Add sudo.conf to SEE ALSO and rename section on sudo.conf - [d4cc8ad2c2b4] + * plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Return -1, not 0 from sudoers when there is an error (as opposed to + a policy denial). + [5d197fe29e0e] - * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: - Mention sudo.conf use for debugging - [9393fb061bcd] + * doc/CONTRIBUTORS: + Add Joel Pelaez Jorge + [55387b44d6e9] - * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat, - doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.man.in, - doc/sudoreplay.cat: - regen - [1d34d21b2136] + * plugins/sudoers/auth/pam.c: + When checking whether the PAM prompt matches "Password:", also check + for the untranslated version. The PAM module might not be using the + localized string even though it exists. From Joel Pelaez Jorge. + Fixes Bug #701 + [d87f6f2ccb42] - * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: - Document sudo.conf usage now that visudo will parse the sudoers - arguments. - [78a413c019a9] +2015-06-24 Todd C. Miller -2014-11-10 Todd C. Miller + * plugins/sudoers/ldap.c: + Silence clang analyzer warning on glibc systems where the first + argument to qsort() is marked as non-NULL. Also change some counters + from into to unsigned int and two flags from int to bool. + [09e400445ca2] - * plugins/sudoers/visudo.c: - Use sudoers.so args from sudo.conf to set sudoers_file, sudoers_uid, - sudoers_gid, and sudoers_mode in visudo. - [1c7408b5ff7e] +2015-06-23 Todd C. Miller - * plugins/sudoers/visudo.c: - Use sudoers_file, sudoers_uid, sudoers_gid, and sudoers_mode symbols - from toke.l instead of the upper case defines. - [21ba15518c7d] + * plugins/sudoers/sudoreplay.c: + Silence clang analyzer warning on glibc systems where the first + argument to qsort() is marked as non-NULL. + [34fa7256f1e2] - * lib/util/Makefile.in, lib/zlib/Makefile.in, - plugins/group_file/Makefile.in, plugins/sample/Makefile.in, - plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in: - Use SSP_LDFLAGS when creating shared objects. - [2428de97d2c2] + * include/sudo_compat.h, include/sudo_debug.h, include/sudo_util.h, + src/preserve_fds.c: + Use our own bitmap macros instead of borrowing the ones from select. + [51ef403511d9] - * lib/util/Makefile.in: - We only build .lo (not .o) files for libsudo_util - [2c1e0475cddc] + * lib/util/sudo_debug.c: + Must call round_nfds() with fd+1 since it takes a count not the fd + number. In other words, the lowest value is 1, not 0. + [cc175cba5371] - * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, - plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, - plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, - plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, - plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, - plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, - plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, - plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, - plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, - plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, - plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, - plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo, - po/cs.po, po/da.mo, po/da.po, po/de.mo, po/de.po, po/eo.mo, - po/eo.po, po/fi.mo, po/fi.po, po/it.mo, po/it.po, po/nb.mo, - po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/ru.mo, - po/ru.po, po/uk.mo, po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, - po/zh_CN.po: - Sync with translationproject.org - [e51055fdffe1] + * src/ttyname.c: + Quiet clang analyzer false positive. + [9ebecd6b6b29] -2014-11-06 Todd C. Miller + * src/sesh.c: + Fix uninitialized variables warnings in error case when src file + cannot be opened. At least one of these is a false positive. + [98b417c1307a] - * NEWS: - sync - [aab14a9942e0] +2015-06-20 Todd C. Miller -2014-11-04 Todd C. Miller + * lib/util/getline.c, plugins/sudoers/toke_util.c: + It's safe to rely on C89 semantics for realloc(NULL, size). + [b633582413ac] - * src/exec.c, src/exec_pty.c: - Make sure that SIGCHLD is not treated as a user-generated signal in - which case it could be ignored. Bug #676 - [a4caaaaa47a8] + * plugins/sudoers/env.c: + malloc() sets errno to ENOMEM on failure so we don't need to set it + explicitly. + [09cb5ceaaec3] -2014-10-31 Todd C. Miller + * include/sudo_compat.h: + No longer need __malloc_like + [a41b69f256f6] - * config.h.in, configure, configure.ac, lib/util/mktemp.c: - Use arc4random() for mkstemp/mkdtemp if available. If not, try to - seed from /dev/urandom before falling back to the gettimeofday seed. - [7a7096ab82c9] + * lib/util/util.exp.in: + Remove symbols from the now-removed alloc.c. + [da0753d85d20] - * lib/util/sudo_debug.c: - Use a static buffer for sudo_debug_execve2() if possible. - [abf1fd5891ab] + * include/sudo_compat.h, lib/util/aix.c, lib/util/closefrom.c, + lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c, + lib/util/getaddrinfo.c, lib/util/getcwd.c, lib/util/getgrouplist.c, + lib/util/gethostname.c, lib/util/getline.c, lib/util/getopt_long.c, + lib/util/gettime.c, lib/util/gidlist.c, lib/util/glob.c, + lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c, + lib/util/mksiglist.c, lib/util/mksigname.c, lib/util/parseln.c, + lib/util/progname.c, lib/util/pw_dup.c, lib/util/reallocarray.c, + lib/util/regress/atofoo/atofoo_test.c, + lib/util/regress/parse_gids/parse_gids_test.c, + lib/util/regress/progname/progname_test.c, + lib/util/regress/strsplit/strsplit_test.c, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_parseln/parseln_test.c, lib/util/setgroups.c, + lib/util/sha2.c, lib/util/sig2str.c, lib/util/snprintf.c, + lib/util/strndup.c, lib/util/strsplit.c, lib/util/strtobool.c, + lib/util/strtoid.c, lib/util/strtomode.c, lib/util/strtonum.c, + lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/sudo_dso.c, + lib/util/term.c, lib/util/ttysize.c, plugins/group_file/getgrent.c, + plugins/group_file/group_file.c, plugins/group_file/plugin_test.c, + plugins/sample/sample_plugin.c, plugins/sudoers/alias.c, + plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/base64.c, plugins/sudoers/boottime.c, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/editor.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/getdate.c, + plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c, + plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, + plugins/sudoers/logging.c, plugins/sudoers/logwrap.c, + plugins/sudoers/match.c, plugins/sudoers/match_addr.c, + plugins/sudoers/parse.c, plugins/sudoers/policy.c, + plugins/sudoers/prompt.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/redblack.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/regress/parser/check_hexchar.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_printf.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestamp.c, plugins/sudoers/timestr.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c, + plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, + plugins/system_group/system_group.c, src/conversation.c, + src/env_hooks.c, src/exec.c, src/exec_common.c, src/exec_pty.c, + src/get_pty.c, src/hooks.c, src/load_plugins.c, src/net_ifs.c, + src/openbsd.c, src/parse_args.c, src/preserve_fds.c, + src/regress/ttyname/check_ttyname.c, src/selinux.c, src/signal.c, + src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c, + src/ttyname.c, src/utmp.c: + Only include stddef.h where it is needed. + [ce597fb7ffb9] -2014-10-30 Todd C. Miller +2015-06-19 Todd C. Miller - * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4, - m4/ltversion.m4, m4/lt~obsolete.m4: - Update to libtool 2.4.3 + HP-UX patches - [9ddfd96f3bea] + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [cad83b927f4e] -2014-10-29 Todd C. Miller + * lib/util/sudo_conf.c, plugins/sudoers/locale.c: + Better handling of setlocale() returning NULL. + [7cd4fcdb528c] - * .hgtags, NEWS: - Added tag SUDO_1_8_11p2 for changeset caff4aedc61a - [88af2b52eb2b] <1.8> - - * NEWS, configure, configure.ac: - Sudo 1.8.11p2 - [caff4aedc61a] [SUDO_1_8_11p2] <1.8> + * lib/util/aix.c, lib/util/gidlist.c, lib/util/sudo_conf.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/defaults.c, plugins/sudoers/editor.c, + plugins/sudoers/env.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/logging.c, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/policy.c, + plugins/sudoers/prompt.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c, src/conversation.c, src/exec.c, + src/exec_common.c, src/exec_pty.c, src/load_plugins.c, + src/parse_args.c, src/preserve_fds.c, src/selinux.c, src/sesh.c, + src/sudo.c, src/sudo_edit.c: + Add function name to "unable to allocate memory" warnings. + [98c07e26a13e] - * configure, configure.ac, include/sudo_compat.h, lib/util/mktemp.c: - If a system lacks mkdtemp() or mkstemps(), use our own mkdtemp() and - mkstemps(). Previously we only exposed the missing one but since the - guts are the same we might as well use them. - [12d4ac64462f] + * configure, configure.ac, include/sudo_compat.h, lib/util/aix.c, + lib/util/closefrom.c, lib/util/event.c, lib/util/event_poll.c, + lib/util/event_select.c, lib/util/getaddrinfo.c, lib/util/getcwd.c, + lib/util/getgrouplist.c, lib/util/gethostname.c, lib/util/getline.c, + lib/util/getopt_long.c, lib/util/gettime.c, lib/util/gidlist.c, + lib/util/glob.c, lib/util/key_val.c, lib/util/lbuf.c, + lib/util/locking.c, lib/util/mksiglist.c, lib/util/mksigname.c, + lib/util/parseln.c, lib/util/progname.c, lib/util/pw_dup.c, + lib/util/reallocarray.c, lib/util/regress/atofoo/atofoo_test.c, + lib/util/regress/parse_gids/parse_gids_test.c, + lib/util/regress/progname/progname_test.c, + lib/util/regress/strsplit/strsplit_test.c, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_parseln/parseln_test.c, + lib/util/regress/tailq/hltq_test.c, lib/util/setgroups.c, + lib/util/sha2.c, lib/util/sig2str.c, lib/util/snprintf.c, + lib/util/strndup.c, lib/util/strsplit.c, lib/util/strtobool.c, + lib/util/strtoid.c, lib/util/strtomode.c, lib/util/strtonum.c, + lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/sudo_dso.c, + lib/util/term.c, lib/util/ttysize.c, plugins/group_file/getgrent.c, + plugins/group_file/group_file.c, plugins/sample/sample_plugin.c, + plugins/sudoers/alias.c, plugins/sudoers/audit.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/base64.c, + plugins/sudoers/boottime.c, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/editor.c, + plugins/sudoers/env.c, plugins/sudoers/find_path.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/getspwuid.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, + plugins/sudoers/logging.c, plugins/sudoers/logwrap.c, + plugins/sudoers/match.c, plugins/sudoers/match_addr.c, + plugins/sudoers/parse.c, plugins/sudoers/policy.c, + plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/redblack.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/regress/parser/check_hexchar.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_printf.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestamp.c, plugins/sudoers/timestr.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c, + plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, + plugins/system_group/system_group.c, src/conversation.c, + src/env_hooks.c, src/exec.c, src/exec_common.c, src/exec_pty.c, + src/get_pty.c, src/hooks.c, src/load_plugins.c, src/net_ifs.c, + src/openbsd.c, src/parse_args.c, src/preserve_fds.c, + src/regress/ttyname/check_ttyname.c, src/signal.c, src/solaris.c, + src/sudo.c, src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, + src/utmp.c: + We require ANSI C so stop using the obsolete STDC_HEADERS. + [35a5a680e5fe] - * src/env_hooks.c: - Mark the putenv(), setenv() and unsetenv() symbols as global, not - hidden. Fixes a mismatch where a plugin (or its loaded dso) would - call setenv() to set a variables but be unable to find it later with - getenv(). - [a9dfcbac5793] <1.8> + * lib/util/getgrouplist.c, lib/util/regress/glob/globtest.c, + lib/util/sudo_debug.c, plugins/group_file/getgrent.c, + plugins/group_file/plugin_test.c, plugins/sample/sample_plugin.c, + plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, + plugins/sudoers/ldap.c, plugins/sudoers/logging.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/tsgetgrpw.c: + Use strtok_r() instead of strtok() + [6b8e3c253dcf] - * src/env_hooks.c: - Mark the putenv(), setenv() and unsetenv() symbols as global, not - hidden. Fixes a mismatch where a plugin (or its loaded dso) would - call setenv() to set a variables but be unable to find it later with - getenv(). - [96127ac4bbb3] + * config.h.in, configure, configure.ac: + Add back _REENTRANT define on HP-UX to expose strtok_r on some + versions. We may need to define it on other systems too. + [12c36f12eed2] -2014-10-28 Todd C. Miller + * configure, configure.ac: + Fix check for strnlen() when cross-compiling. + [e501c508891a] - * Makefile.in: - Fix install-nls target from builddir. - [da63bc37f6c5] + * plugins/sudoers/interfaces.c: + Use sudo_strsplit() in dump_interfaces. + [b76ee2f47f37] - * Makefile.in: - Fix dependency on sudo.pp, it needs to relative to srcdir. - [c76088da98e8] +2015-06-18 Todd C. Miller - * src/sesh.c: - Adapt to new debug subsystem registration. - [8e13b349b44b] + * lib/util/inet_pton.c, lib/util/key_val.c, lib/util/lbuf.c, + lib/util/locking.c, lib/util/parseln.c, + lib/util/regress/parse_gids/parse_gids_test.c, + lib/util/regress/progname/progname_test.c, + lib/util/regress/strsplit/strsplit_test.c, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_parseln/parseln_test.c, + lib/util/regress/tailq/hltq_test.c, lib/util/sha2.c, + lib/util/snprintf.c, lib/util/strtobool.c, lib/util/term.c, + plugins/group_file/getgrent.c, plugins/group_file/group_file.c, + plugins/sample/sample_plugin.c, plugins/sudoers/boottime.c, + plugins/sudoers/editor.c, plugins/sudoers/getdate.c, + plugins/sudoers/getdate.y, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog_path.c, plugins/sudoers/policy.c, + plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_hexchar.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/tsgetgrpw.c, plugins/system_group/system_group.c, + src/conversation.c, src/exec_pty.c, src/net_ifs.c, src/openbsd.c, + src/preserve_fds.c, src/regress/ttyname/check_ttyname.c, + src/solaris.c, src/sudo.c, src/tgetpass.c, src/ttyname.c, + src/utmp.c: + Remove obsolete memory.h include. + [0c1351d614a9] -2014-10-27 Todd C. Miller + * config.h.in, configure, configure.ac, lib/util/getcwd.c, + lib/util/gethostname.c, lib/util/glob.c, lib/util/locking.c, + lib/util/parseln.c, lib/util/pw_dup.c, lib/util/reallocarray.c, + lib/util/snprintf.c, lib/util/strndup.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + src/env_hooks.c: + Remove support for the obsolete malloc.h header. + [2a118de27d4e] - * lib/zlib/Makefile.in, lib/zlib/zlib.exp: - Add missing zlib.exp file and common LT_LDFLAGS Makefile.in. - [0bc0092d3e03] + * config.h.in, configure, configure.ac, plugins/sudoers/defaults.c, + plugins/sudoers/logging.c: + Remove BROKEN_SYSLOG define which was for obsolete versions of HP- + UX. Remove last remnants of 4.2BSD syslog support. + [e234515f515d] * lib/util/sudo_conf.c: - Fix path settings broken in rev 9731. - [2b33916eb287] - - * MANIFEST, lib/util/regress/sudo_conf/test4.err.ok: - Adjust regress test now that boolean settings display an error for - invalid input. - [73a7365f492e] + Use sudo_strsplit() instead of doing the equivalent manually. + [220f2e4a0e68] - * plugins/sudoers/iolog.c, plugins/sudoers/policy.c, - plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_debug.c, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: - Add sudoers_debug_deregister() and use it instead of calling - sudo_debug_deregister() directly. - [819b0e08196e] + * lib/util/regress/strsplit/strsplit_test.c: + Test strsplit behavior with an empty string. + [62ae80dcee4a] - * configure, configure.ac, lib/util/Makefile.in, lib/zlib/Makefile.in, + * lib/util/Makefile.in, lib/zlib/Makefile.in, plugins/group_file/Makefile.in, plugins/sample/Makefile.in, - plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in: - Use AC_PROG_AWK - [945cf6deb18d] + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + Allow "make LIBTOOL=/path/to/libtool" to work properly. + [f9e5f7109107] - * NEWS: - Mention shared zlib. - [094bdada1106] + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/editor.c, + plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/visudo.c: + Use a common function for resolviong the user's editor in sudoedit + and visudo. The find_path() function now returns a dynamically + allocated path instead of using a static string. + [97fe58966144] - * MANIFEST: - Add lib/zlib/zlib.exp - [7b5011e3eea9] + * config.h.in, configure, configure.ac, lib/util/Makefile.in, + lib/zlib/Makefile.in, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in: + Replace use of OSDEFS with config.h defines. Rename DEFS in + Makefile.in to CPPDEFS and include in CPPFLAGS. Bring back + _BSD_SOURCE as a config.h define. Remove obsolescent _REENTRANT + define. + [0d76a12adca8] - * INSTALL, configure, configure.ac, lib/zlib/Makefile.in, - lib/zlib/zconf.h.in: - Add support for installing a shared zlib - [6875ab6ca44f] +2015-06-17 Todd C. Miller - * lib/util/Makefile.in: - fix comment typo - [35c3dda27eec] + * MANIFEST, include/sudo_alloc.h, lib/util/Makefile.in, + lib/util/alloc.c: + Remove now-unused sudo_alloc.h and alloc.c + [0fe70085c75c] - * configure, configure.ac, lib/zlib/Makefile.in: - Newer zlib uses HAVE_HIDDEN to turn on symbol hiding so we don't - need to disable it with NO_VIS. - [b3eee86f015f] + * plugins/sudoers/Makefile.in, src/Makefile.in, src/conversation.c, + src/env_hooks.c, src/exec.c, src/exec_common.c, src/exec_pty.c, + src/hooks.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c, + src/preserve_fds.c, src/regress/ttyname/check_ttyname.c, + src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, + src/ttyname.c: + Avoid using exiting allocators in the front end. + [be0ca60facf8] - * po/sudo.pot: - regen - [687bc1ea88ac] + * include/sudo_conf.h, include/sudo_lbuf.h, lib/util/Makefile.in, + lib/util/aix.c, lib/util/gidlist.c, lib/util/lbuf.c, + lib/util/sudo_conf.c, lib/util/sudo_debug.c: + Use non-exiting allocators in libsudo_util. + [d9b7cf17b9b4] - * configure.ac, include/sudo_debug.h, lib/util/sudo_debug.c, - lib/util/util.exp.in: - Version the symbols for sudo_debug.c now that the API is stable. - [873850a062a8] + * plugins/sudoers/ldap.c, plugins/sudoers/logging.c: + Remove asprintf() return value warnings. + [fe25ce11f96a] -2014-10-26 Todd C. Miller + * config.h.in, configure, configure.ac: + Use AC_FUNC_STRNLEN to check for broken strnlen() on AIX. This + requires that we use AC_USE_SYSTEM_EXTENSIONS so remove things from + OSDEFS that are enabled by AC_USE_SYSTEM_EXTENSIONS. + [1f64269cab6e] - * lib/util/sudo_conf.c: - Go back to parsing sudo.conf in place for settings and paths and - improve debugging info for unsupported entries and parse errors. - [264e1f7d6551] + * plugins/sudoers/ldap.c: + Remove extraneous semicolons in CHECK_* macros. + [ef99aa3c9d70] - * include/sudo_conf.h, lib/util/regress/sudo_conf/conf_test.c, - lib/util/sudo_conf.c, lib/util/util.exp.in, + * plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + Remove remaining SUDO_MAIN remnants. + [1c077699f444] + + * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, + plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, + plugins/sudoers/interfaces.h, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_path.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/locale.c, plugins/sudoers/logging.h, + plugins/sudoers/match.c, plugins/sudoers/parse.c, + plugins/sudoers/policy.c, plugins/sudoers/prompt.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoreplay.c, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, - src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h: - Add a flag argument to sudo_conf_read() so we can decide which bits - get parsed. This lets us parse Debug statements first and init the - debug subsystem early. - [56dbf1e671de] + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Use non-exiting allocatings in the sudoers plugin. + [a5668cb9c516] -2014-10-24 Todd C. Miller +2015-06-16 Todd C. Miller - * lib/zlib/gzguts.h: - Include stdio.h after zlib.h, not before. We need the large file - defines to come first. - [b42b53d10252] + * plugins/sudoers/sssd.c: + Use non-exiting allocators in the sudoers SSSD backend. + [dba29b55ac0b] - * doc/LICENSE, lib/zlib/compress.c, lib/zlib/crc32.c, - lib/zlib/crc32.h, lib/zlib/deflate.c, lib/zlib/deflate.h, - lib/zlib/gzguts.h, lib/zlib/gzlib.c, lib/zlib/gzread.c, - lib/zlib/gzwrite.c, lib/zlib/infback.c, lib/zlib/inffast.c, - lib/zlib/inflate.c, lib/zlib/inftrees.c, lib/zlib/trees.c, - lib/zlib/uncompr.c, lib/zlib/zconf.h.in, lib/zlib/zlib.h, - lib/zlib/zutil.c, lib/zlib/zutil.h: - Update zlib to version 1.2.8 - [f95280e0448d] + * plugins/sudoers/ldap.c: + Use non-exiting allocators in the sudoers LDAP backend. + [37bfa441345a] - * configure, configure.ac: - Don't add -Wold-style-definition to CFLAGS as it causes problems - with 3rd party libraries such as zlib. - [1d7613d1c177] + * lib/util/Makefile.in: + regen dependencies + [5be6eb005946] - * src/load_plugins.c: - Free up plugin info structs after converting to plugin containers. - [1168e873d778] +2015-06-15 Todd C. Miller - * INSTALL, MANIFEST, Makefile.in, configure, configure.ac, - doc/Makefile.in, doc/TROUBLESHOOTING, doc/UPGRADE, doc/sample.pam, - doc/sample.sudo.conf, doc/sample.sudoers, doc/sample.syslog.conf, - examples/Makefile.in, examples/pam.conf, examples/sudo.conf, - examples/sudoers, examples/syslog.conf, sudo.pp: - Move sample.* files to a sudo examples dir - [b53e3df56c66] + * configure, lib/util/Makefile.in, mkdep.pl: + Add missing dependency info for reallocarray.lo in + lib/util/Makefile.in and regen configure to match last configure.ac + change. + [da1fc49b53dc] - * sudo.pp: - Fix a packaging problem with the sudoedit man page link on Debian. - [8ad77a37048e] + * plugins/sudoers/ldap.c: + Use \28 and \29 instead of \( and \) in the ldap query as per RFC + 2254. Fixes netgroup queries on AIX. From Steven Soulen. + [33267d6243aa] - * plugins/sudoers/iolog.c, plugins/sudoers/policy.c: - Initialize the debug subsystem in sudoers early. Currently this - means iterating over the settings list twice. - [93b12ea08405] +2015-06-13 Todd C. Miller - * lib/util/sudo_debug.c: - No need to convert sudoedit -> sudo in sudo_debug_get_instance() as - we store the actual program name and only do the sudoedit -> sudo - conversion when reading the sudo.conf file. Fixes debugging when - invoked as sudoedit. - [535c01d83b14] + * lib/util/glob.c: + Move pattern length check until after we have initialized the glob_t + so we can call globfree() even on error. From Frank Denis. + [a246f9054395] - * lib/util/sudo_conf.c, lib/util/sudo_debug.c, - plugins/sudoers/iolog.c, plugins/sudoers/policy.c, src/exec_pty.c, - src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h: - In the plugin registers with the debug framework at open time, the - sudo front-end will now set the default debug instance appropriately - before calling into the plugin. This means the plugin no longer - needs to do the sudo_debug_set_default_instance() dance. - [10dd45a7884f] +2015-06-12 Todd C. Miller - * Makefile.in: - Remove duplicate -U__NBBY in CPPCHECK_OPTS - [ad518cb36279] + * plugins/sudoers/sudoers.c, src/sudo.c: + We need to unlimit RLIMIT_NPROC in sudoers as well as the sudo front + end since set_perms() and restore_perms change the read uid and may + fail with EAGAIN on Linux kernels prior to 3.1. + [e6a03c31f4e5] -2014-10-23 Todd C. Miller +2015-06-08 Todd C. Miller - * plugins/sudoers/Makefile.in: - Older shells don't support unset. - [8762e40871ab] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Fix underlining of "root" in -u option descriptions. Bug #699 + [b3afe47d9798] - * configure, configure.ac, include/sudo_compat.h, - lib/util/inet_ntop.c, src/net_ifs.c: - Fix inet_ntop() replacement on older systems without it. We only - expose the prototype for net_ifs.c due to the use of socklen_t. - [18b95ca378ab] + * doc/UPGRADE, src/load_plugins.c: + Remove support for converting plugin.so -> plugin.sl on HP-UX when + plugin.so can not be found. This was a temporary hack for using an + older (pre 1.8.7) sudoers plugin with a newer sudo front-end. + [561e2ce444ed] - * lib/util/sudo_debug.c: - Dynamically allocate debug_fds bitmap and realloc as needed. - [e858199414f6] +2015-06-05 Todd C. Miller - * Makefile.in, include/sudo_debug.h, lib/util/Makefile.in, - lib/util/sudo_debug.c, plugins/group_file/Makefile.in, - plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, - plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoers_debug.h, - plugins/system_group/Makefile.in, src/Makefile.in, src/exec.c: - Use generic bitmap macros instead of select-style fd_set. - [c382edc413be] + * lib/util/event.c, lib/util/event_select.c: + Add debugging output on memory alloc failure. Add missing checks in + event_select.c for reallocarray() failure. + [0853c7bcbeaa] - * lib/util/sudo_debug.c: - Replace sudo_debug_num_instances with sudo_debug_max_instance - [12625fd174a4] + * lib/util/event_poll.c: + Use non-exiting allocators. + [5ed0e276b551] - * plugins/sudoers/iolog.c, plugins/sudoers/policy.c: - Don't call into the debug subsystem after we've deregistered the - plugin's instance. - [fca7279d2f40] +2015-06-04 Todd C. Miller - * lib/util/sudo_debug.c: - Only fill in subsystem_ids[] for the instance if the caller passed - in an array for it. If the caller only wants the default subsystems - we don't actually need ids[]. - [07939da6d3a5] + * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Bring back VALIDATE_ERROR which will be used in the case of memory + allocation errors. + [784c885db95c] - * lib/util/Makefile.in: - Link with -ldl if needed when built with --disable-shared-libutil/ - [542eeffaf57d] +2015-06-03 Todd C. Miller - * src/regress/ttyname/check_ttyname.c: - Fix includes order. - [ddd58edba5af] + * lib/util/snprintf.c: + If asprintf() or vasprintf() fail, set the dest pointer to NULL like + BSD and Solaris do. This appears to be the direction glibc is going + as well. + [92fb2283dc9a] - * lib/util/util.exp.in: - Remove extra newline mistakenly introduced in rev 9682. - [36a40e308bbc] +2015-05-28 Todd C. Miller - * plugins/sudoers/Makefile.in: - Fix typo in unset. - [2c5fbe4c9a54] + * plugins/sudoers/env.c: + Use a stack buffer for the validate_env_vars() error message. + [69df3a0cbc2b] - * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, - plugins/sudoers/visudo.c, src/sesh.c: - Set debug instance for standalone programs. - [306225438408] +2015-05-27 Todd C. Miller - * plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c, - src/net_ifs.c: - Fix compilation issues, fallout from the debug changes. - [aff5bb3d0322] + * lib/util/fatal.c: + Fix typo/thinko in static buffer conversion; use vsnprintf() not + snprintf() + [9d42fb3a94f6] - * plugins/sudoers/po/sudoers.pot, po/sudo.pot: - regen - [bbb69f299d1f] + * plugins/sudoers/ldap.c: + Fix old gcc2 variadic macro support. + [fd951ed8865e] - * configure, configure.ac: - Sudo 1.8.12 - [8d9b15c1de44] + * plugins/sudoers/visudo.c: + Restore old behavior where visudo prevents you from making the main + sudoers file zero length. + [b03ef908120f] - * NEWS: - Update with debug system changes and revent bug fixes. - [44133de1dee2] + * plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/sudoers.c: + Non-exiting allocators for log functions. If log_allowed() fails the + user may not run the command. We don't try to return early for + log_failure(), log_auth_failure() or log_denial() as we would not + run the command in that case. + [40c3d0dd75bc] - * include/sudo_debug.h, lib/util/sudo_conf.c, lib/util/sudo_debug.c, - plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoers_debug.h: - When registering with the debug subsystem, the caller now passes in - an arrary of ints that gets filled in with the subsytem IDs to be - used in debug_decl. - [80e80ba194f7] + * plugins/sudoers/alias.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c: + Use non-exiting allocators in the parser (much of it already did). + [f14222e5ad1b] - * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: - sudoers_debug_instance is now included in libparsesudoers so we - don't need to declare it here. - [a56f79e6fcf8] + * lib/util/aix.c, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil_impl.c: + Use non-existing allocators in the passwd/group cache functions. + [86bbe840f348] -2014-10-22 Todd C. Miller + * MANIFEST, configure.ac, lib/util/alloc.c, lib/util/reallocarray.c: + Add standalone reallocarray.c from OpenBSD instead of rolling our + own. + [36ec5840729e] - * MANIFEST, include/sudo_debug.h, lib/util/sudo_debug.c, - lib/util/ttysize.c, plugins/sudoers/Makefile.in, - plugins/sudoers/alias.c, plugins/sudoers/audit.c, - plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, - plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, - plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, - plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, - plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, - plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, - plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/base64.c, - plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c, - plugins/sudoers/check.c, plugins/sudoers/defaults.c, - plugins/sudoers/env.c, plugins/sudoers/find_path.c, - plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, - plugins/sudoers/gram.c, plugins/sudoers/gram.y, - plugins/sudoers/group_plugin.c, plugins/sudoers/hexchar.c, - plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, - plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, - plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, - plugins/sudoers/logwrap.c, plugins/sudoers/match.c, - plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, - plugins/sudoers/policy.c, plugins/sudoers/prompt.c, - plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, - plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c, - plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c, + * plugins/sudoers/alias.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/iolog.c, + plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, + plugins/sudoers/redblack.c, plugins/sudoers/redblack.h, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, - plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoers_debug.h, - plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c, - plugins/sudoers/toke.c, plugins/sudoers/toke.l, - plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, - plugins/sudoers/visudo_json.c: - The sudoers plugin now defines its own list of debugging subsystem - names and defines. - [e85d0375e059] - - * MANIFEST, include/sudo_debug.h, lib/util/aix.c, lib/util/event.c, - lib/util/event_poll.c, lib/util/event_select.c, lib/util/gidlist.c, - lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c, - lib/util/parseln.c, lib/util/secure_path.c, lib/util/setgroups.c, - lib/util/strtobool.c, lib/util/strtoid.c, lib/util/strtomode.c, - lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/term.c, - lib/util/ttysize.c, lib/util/util.exp.in, - plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, - plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c, - plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, - plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, - plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, - plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, - plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, - plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, - plugins/sudoers/base64.c, plugins/sudoers/boottime.c, - plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, - plugins/sudoers/defaults.c, plugins/sudoers/env.c, - plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, - plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, - plugins/sudoers/hexchar.c, plugins/sudoers/interfaces.c, - plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, - plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, - plugins/sudoers/logging.c, plugins/sudoers/logwrap.c, - plugins/sudoers/match.c, plugins/sudoers/match_addr.c, - plugins/sudoers/parse.c, plugins/sudoers/policy.c, - plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, - plugins/sudoers/pwutil_impl.c, plugins/sudoers/redblack.c, - plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, - plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_debug.c, - plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, - plugins/sudoers/timestamp.c, plugins/sudoers/toke.c, - plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, - plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, - src/Makefile.in, src/exec.c, src/exec_common.c, src/exec_pty.c, - src/get_pty.c, src/hooks.c, src/load_plugins.c, src/net_ifs.c, - src/parse_args.c, src/preserve_fds.c, - src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c, - src/signal.c, src/solaris.c, src/sudo.c, src/sudo.h, - src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, src/utmp.c: - Add support for multiple Debug lines per program. Callers may - register arbitrary debug facilities or use built-in defaults. We now - use separate Debug statements for plugins and programs. - [5e553cbbfbb1] - - * MANIFEST, doc/sudo.conf.cat, doc/sudo.conf.man.in, - doc/sudo.conf.mdoc.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, include/sudo_conf.h, include/sudo_debug.h, - lib/util/Makefile.in, lib/util/regress/sudo_conf/conf_test.c, - lib/util/regress/sudo_conf/test7.in, - lib/util/regress/sudo_conf/test7.out.ok, lib/util/sudo_conf.c, - lib/util/sudo_debug.c, lib/util/util.exp.in, - plugins/sudoers/Makefile.in, plugins/sudoers/solaris_audit.c, - plugins/sudoers/sssd.c, plugins/sudoers/sudoers.h, src/hooks.c, - src/load_plugins.c, src/parse_args.c, src/sudo.c, - src/sudo_plugin_int.h: - Change how sudo.conf is parsed. We now do a quick parse and then set - the values after the entire file has been parsed. This lets us init - the debug system earlier. Plugin-specific debug flags are now stored - in struct plugin_info and struct plugin_container and passed to the - plugin via one or more debug_flags settings. - [62fb1102e1e2] - - * src/parse_args.c, src/sudo.c, src/sudo.h: - Return settings from parse_args as struct sudo_settings and format - for the plugin at plugin open time. This will allow for additional, - plugin-specific settings to be added to the array. - [167929871b94] - - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, src/load_plugins.c, - src/sudo.c, src/sudo_plugin_int.h: - Pass plugin path in the settings array. - [45bc2d087115] + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Use non-exiting allocators in the redblack tree and fix the fallout. + Also switch to non-exiting allocators in affected code blocks. + [bca56cf769cb] - * plugins/sudoers/parse.c: - Remove an unneeded NULL check to quiet a cppcheck warning. - [64cb92122658] + * plugins/sudoers/alias.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/parse.h: + The error string returned by alias_add should be const. + [b378188a0a8f] -2014-10-14 Todd C. Miller + * plugins/sudoers/policy.c: + Fix typo, efree vs. free. + [9146ba7473ca] - * plugins/sudoers/Makefile.in: - Set locale to C for visudo and testsudoers regression tests. Bug - #672 - [adf7997a0a65] + * plugins/sudoers/policy.c, src/exec_common.c, src/sudo.c: + Add a few missing sudo_new_key_val() return value checks. Also use + non-exiting allocators for consistency. + [2ae76a679052] -2014-10-13 Todd C. Miller +2015-05-26 Todd C. Miller - * plugins/sudoers/linux_audit.c: - Fix logic bug. We only want to return -1 from linux_audit_open() - when audit_open() fails and errno is not one of EINVAL, - EPROTONOSUPPORT, or EAFNOSUPPORT. For those errno values, we return - AUDIT_NOT_CONFIGURED which is not a fatal error. Bug #671 - [6f0d8f1c7648] + * MANIFEST, lib/util/Makefile.in, + lib/util/regress/parse_gids/parse_gids_test.c, + lib/util/regress/strsplit/strsplit_test.c: + Add unit tests for strsplit and parse_gid_list. + [e08c5ff7b5f0] -2014-10-11 Todd C. Miller + * MANIFEST, include/sudo_util.h, lib/util/Makefile.in, + lib/util/strsplit.c, lib/util/util.exp.in, + plugins/sudoers/sudoers.c: + Add sudo_strsplit(), similar to strtok_r() but non-destructive and + operates on non-C strings (requires a length parameter). + [45fb50775249] - * NEWS: - Add back fix for Bug #663 - [a3dfc76ee776] + * lib/util/fatal.c: + Use a static buffer for sudo_warn/sudo_fatal messages where + possible. + [6e1d6ecc022d] -2014-10-10 Todd C. Miller + * include/sudo_compat.h: + Fix sudo_strnlen() prototype. + [1367bd9227b3] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - The older style bash function exporting is not used by post- - shellshock versions of bash. - [223efe328e86] + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/Makefile.in, lib/util/strndup.c, + mkdep.pl: + Add strndup() for those without it. As strndup.c uses strnlen(), use + our own if it is missing. + [cf904a9c68f7] - * plugins/sudoers/env.c: - Apple uses a different variant of the BASH_FUNC prefix for bash - functions. - [ea13c8c2a716] + * lib/util/strnlen.c: + Add missing sudo_ prefix and include sudo_compat.h. + [d5e5dfc3fd20] -2014-10-07 Todd C. Miller + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/strnlen.c: + Add strnlen() replacement needed for glob.c. Only used if no glob() + and no strnlen(). + [bb6b7c4549b1] - * .hgtags: - Added tag SUDO_1_8_11p1 for changeset 2e7de4fe0d9f - [011eb11b6865] <1.8> +2015-05-21 Todd C. Miller - * NEWS: - Remove change that is part of 1.8.12 not 1.8.11p1 - [2e7de4fe0d9f] [SUDO_1_8_11p1] <1.8> + * plugins/sudoers/logging.h, plugins/sudoers/sudoers.h: + Get rid of SUDO_MAIN. Modern compilers don't warn about mixing + extern and auto declarations unless they conflict. + [a273b73bca6d] - * NEWS: - Remove change that is part of 1.8.12 not 1.8.11p1 - [8fdad4c4f314] + * config.h.in, configure.ac, include/compat/endian.h, + include/compat/fnmatch.h, include/compat/getaddrinfo.h, + include/compat/getopt.h, include/compat/glob.h, + include/compat/nss_dbdefs.h, include/compat/sha2.h, + include/compat/stdbool.h, include/compat/timespec.h, + include/sudo_alloc.h, include/sudo_compat.h, include/sudo_conf.h, + include/sudo_debug.h, include/sudo_dso.h, include/sudo_event.h, + include/sudo_fatal.h, include/sudo_gettext.h, include/sudo_lbuf.h, + include/sudo_plugin.h, include/sudo_queue.h, include/sudo_util.h, + lib/util/fatal.c, plugins/sudoers/bsm_audit.h, + plugins/sudoers/check.h, plugins/sudoers/defaults.h, + plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h, + plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h, + plugins/sudoers/insults.h, plugins/sudoers/interfaces.h, + plugins/sudoers/iolog.h, plugins/sudoers/linux_audit.h, + plugins/sudoers/logging.h, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/pwutil.h, + plugins/sudoers/redblack.c, plugins/sudoers/redblack.h, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/solaris_audit.h, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.h, plugins/sudoers/sudo_printf.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoers_debug.h, plugins/sudoers/sudoers_version.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.h, plugins/sudoers/toke.l, + plugins/sudoers/visudo.c, src/net_ifs.c, src/sudo.h, + src/sudo_exec.h, src/sudo_plugin_int.h, src/sudo_usage.h.in: + Avoid using a leading underbar in defines as they are reserved in + ISO C. + [a442d88c6490] - * configure: - regen - [8a869a3200e4] <1.8> - - * NEWS, configure, configure.ac: - Update for sudo 1.8.11p1 - [78f40a47db17] <1.8> - - * NEWS, configure, configure.ac: - Update for sudo 1.8.11p1 - [80e9898f7c04] - - * src/regress/ttyname/check_ttyname.c: - Only check stdin for the tty and avoid the check entirely if we - don't have a way to get the tty from the kernel. Bug #643 - [b0ce2079c69d] <1.8> + * Makefile.in, doc/Makefile.in, examples/Makefile.in, + include/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/solaris_audit.c, plugins/sudoers/sssd.c, + plugins/system_group/Makefile.in, src/Makefile.in, src/selinux.c: + Add target for "make splint". A few files need extra guards to avoid + errors on systems where they would not otherwise be compiled. No + warnings from splint. + [64fc04debc58] - * src/regress/ttyname/check_ttyname.c: - Only check stdin for the tty and avoid the check entirely if we - don't have a way to get the tty from the kernel. Bug #643 - [deb799e16416] +2015-05-20 Todd C. Miller - * lib/util/sudo_debug.c: - Make a copy of ap in sudo_debug_vprintf2() in case the static buffer - is not big enough and we need to call vasprintf(). - [49f3b8cb67f4] <1.8> + * plugins/sudoers/auth/sia.c: + Use reallocarray() instead of sudo_emallocarray() and return an + error on allocation failure. + [fee12ac1e0c8] - * lib/util/sudo_debug.c: - Make a copy of ap in sudo_debug_vprintf2() in case the static buffer - is not big enough and we need to call vasprintf(). - [a5d32b9d63be] + * plugins/sudoers/auth/kerb5.c: + In our krb5_get_init_creds_opt_alloc() replacement use malloc() + instead of sudo_emalloc() and return KRB5_CC_NOMEM on allocation + failure. Only old versions of Kerberos V will need this. + [95ac6c5b7b60] - * src/sudo.c: - Avoid comparing new cwd with old one if getcwd() failed. Bug #670 - [7c4f39105264] <1.8> + * lib/util/event.c, lib/util/event_select.c: + Use non-exiting allocators. + [91bbc657901d] - * src/sudo.c: - Avoid comparing new cwd with old one if getcwd() failed. Bug #670 - [e99093578ca7] +2015-05-18 Todd C. Miller - * plugins/sudoers/env.c: - Fix debugging printout output for env_should_keep() - [c5a5fb78815f] <1.8> + * config.h.in, configure, configure.ac, src/sudo.c: + There should be no need to check for tzset() as it is POSIX. + [50825eb75c97] - * plugins/sudoers/env.c: - Fix debugging printout output for env_should_keep() - [a9e7ea4b6751] + * configure, configure.ac: + Add sudo_reallocarrary to util.exp.in if reallocarray is not found. + [32588e00bb33] -2014-10-06 Todd C. Miller +2015-05-15 Todd C. Miller - * Makefile.in, include/Makefile.in: - Use INSTALL_OWNER instead of -O/-G flags so we can work with the - autotools install-sh too. Bug #669 - [d6a4d443e344] <1.8> + * NEWS: + NLS now works on Mac OS X properly. + [1485c9e51b04] - * Makefile.in, include/Makefile.in: - Use INSTALL_OWNER instead of -O/-G flags so we can work with the - autotools install-sh too. Bug #669 - [a5f87f6a52b7] + * configure, configure.ac, src/Makefile.in: + Force flat namespace on darwin to make the getenv() hooking work as + it does on ELF. + [0837cc3559ce] - * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c: - Move sudo_printf to policy.c to match sudo_conv. - [f2d6065c3daf] +2015-05-14 Todd C. Miller -2014-10-05 Todd C. Miller + * lib/util/alloc.c, lib/util/snprintf.c, + plugins/sample/sample_plugin.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/redblack.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke_util.c: + No need to cast malloc() return value. + [09c7236d3e1a] - * MANIFEST, include/sudo_fatal.h, lib/util/Makefile.in, - lib/util/fatal.c, lib/util/sudo_printf.c, lib/util/util.exp.in, - plugins/sudoers/Makefile.in, plugins/sudoers/sudo_printf.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, - src/conversation.c, src/sudo.c, src/sudo_plugin_int.h: - Add sudo_warn_set_conversation() to specify a conversation function - to use for warn/fatal. If no conversation function is specified, the - standard error will be used. We now only need sudo_printf() for - things that use the parser. - [d6049e53e3e3] + * lib/util/getcwd.c, lib/util/getline.c, lib/util/glob.c, + plugins/sudoers/env.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Use reallocarray where possible. + [2b5957a38baa] -2014-10-03 Todd C. Miller + * config.h.in, configure, configure.ac, include/sudo_compat.h, + lib/util/alloc.c: + Add reallocarray() for those without it. + [3ac5a4abe077] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: - Use correct names when referring to subsections in the sudoers - manual. - [4cad107af562] <1.8> +2015-05-13 Todd C. Miller - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: - Use correct names when referring to subsections in the sudoers - manual. - [7a016916f0ab] + * NEWS: + The getenv() hook still doesn't work on Mac OS X. + [d9297b9ff54c] -2014-10-02 Todd C. Miller +2015-05-12 Todd C. Miller - * MANIFEST, config.h.in, configure, configure.ac, - lib/util/inet_ntop.c, src/net_ifs.c: - Use inet_ntop() instead of inet_ntoa() and include a version for - systems that are missing it. - [1a1a70dba9c0] + * include/sudo_fatal.h, lib/util/fatal.c: + In sudo_warn_gettext_v1() call dgettext() not gettext() to make sure + the domain is set correctly. The sudoers plugin uses its own text + domain. + [f7ce0100ff5c] -2014-10-01 Todd C. Miller +2015-05-11 Todd C. Miller - * configure, configure.ac: - Fix detection of functions in network libs like -lsocket, -lnsl and - -linet when we have already added those libs to NET_LIBS. Fixes a - problem where inet_pton() was not detected on Solaris. - [86c6f94a50ca] <1.8> + * doc/Makefile.in: + man pages should explicitly depend on config.status since it is used + to substitute in variables/settings. + [bebe8e19d767] - * configure, configure.ac: - Fix detection of functions in network libs like -lsocket, -lnsl and - -linet when we have already added those libs to NET_LIBS. Fixes a - problem where inet_pton() was not detected on Solaris. - [27e10183649e] + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.man.in, + doc/sudoreplay.cat, doc/visudo.cat: + regen + [2e613d7bb477] - * NEWS: - Mention --disable-shared-libutil fix. - [4fa15658cd8f] <1.8> + * NEWS, configure, configure.ac: + Sudo 1.8.14 + [66e33bc0d18e] - * NEWS: - Mention --disable-shared-libutil fix. - [7efe70688237] + * INSTALL, MANIFEST, aclocal.m4, config.h.in, configure, configure.ac, + include/sudo_fatal.h, lib/util/Makefile.in, lib/util/fatal.c, + lib/util/locale_weak.c, lib/util/util.exp.in, + m4/ax_sys_weak_alias.m4, mkdep.pl, plugins/sudoers/Makefile.in, + plugins/sudoers/locale.c, plugins/sudoers/logging.h, + plugins/sudoers/sudoers.c, src/Makefile.in, src/locale_stub.c: + Instead of trying to make weak functions work on all platforms, just + use a registration function for a plugin-specific setlocale + function. The sudoers version just wraps sudoers_setlocale(). + [0eef64f41cdf] - * src/Makefile.in: - Always use --tag=disable-static to avoid installing a static - sudo_noexec. - [cd7f959c2d62] <1.8> + * src/parse_args.c: + Fix indentation of -a flag help line. + [a2ed556b6454] - * src/Makefile.in: - Always use --tag=disable-static to avoid installing a static - sudo_noexec. - [5d7d58879f99] + * include/sudo_compat.h: + Fix compilation when HAVE_DECL_SIG2STR_MAX is not defined. + [31aa465affaa] - * configure, configure.ac, lib/util/Makefile.in, - plugins/sudoers/Makefile.in: - Instead of building libutil statically for --disable-shared-libutil, - just treat it as a convenience library. Do the same with sudoers for - --enable-static-sudoers. Fixes link errors on Solaris among others - when --disable-shared-libutil is used. - [e7915f1709b1] <1.8> + * doc/Makefile.in: + Add lint target to run "mandoc -Tlint" over the manuals. + [63ed14d91adc] - * configure, configure.ac, lib/util/Makefile.in, - plugins/sudoers/Makefile.in: - Instead of building libutil statically for --disable-shared-libutil, - just treat it as a convenience library. Do the same with sudoers for - --enable-static-sudoers. Fixes link errors on Solaris among others - when --disable-shared-libutil is used. - [c5357fe78ab7] +2015-05-08 Todd C. Miller - * configure, configure.ac, lib/util/Makefile.in, - plugins/group_file/Makefile.in, plugins/sample/Makefile.in, - plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in: - Remove LT_LDMAP and LT_LDOPT and just use LT_LDEXPORTS for the - compiler-specific option to restrict symbol exporting. - [20962abfcd11] <1.8> + * include/sudo_compat.h: + HAVE_DECL_SIG2STR_MAX is always defined so use a + !HAVE_DECL_SIG2STR_MAX check instead of #ifndef. + [65cc03302d39] - * configure, configure.ac, lib/util/Makefile.in, - plugins/group_file/Makefile.in, plugins/sample/Makefile.in, - plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in: - Remove LT_LDMAP and LT_LDOPT and just use LT_LDEXPORTS for the - compiler-specific option to restrict symbol exporting. - [09e8dab6f528] +2015-05-07 Todd C. Miller - * src/preload.c: - Include sys/types.h to get gid_t, etc used in sudo_compat.h. Fixes a - build issue on Solaris. - [8ce735daccaa] <1.8> + * src/tgetpass.c: + Sync tty_present() with sudoers version. + [040c05e68627] - * src/preload.c: - Include sys/types.h to get gid_t, etc used in sudo_compat.h. Fixes a - build issue on Solaris. - [b8917967df41] + * src/load_plugins.c: + sudo_check_plugin() returns bool. + [15b2851bfb90] -2014-09-29 Todd C. Miller + * plugins/sudoers/match.c: + In usergr_matches() matched should be bool but we have to take care + to handle group_plugin_query() returning a value other than 0/1. + [c120901f71c7] - * src/regress/ttyname/check_ttyname.c: - Fix cust & pasto in error message when there is a mismatch between - the sudo and libc ttys. From Diego Elio Petteno'. Bug #643 - [ddef0124f123] <1.8> + * plugins/sudoers/ldap.c: + sudo_ldap_check_non_unix_group() returns bool, not int. + [d12e9242454f] - * src/regress/ttyname/check_ttyname.c: - Fix cust & pasto in error message when there is a mismatch between - the sudo and libc ttys. From Diego Elio Petteno'. Bug #643 - [87d5f1a49535] + * plugins/sudoers/logging.c: + Convert two debug_return_int to debug_return_bool. + [594d0fc8efda] -2014-09-27 Todd C. Miller + * include/sudo_debug.h, lib/util/sudo_debug.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/check.c, + plugins/sudoers/env.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, src/sudo.c: + Previously, debug_return_bool was the same as debug_return_int + except that it logged true/false for 1/0. However, this appears to + trigger a bug in some compilers. To avoid this, debug_return_bool + now uses bool, not int. Callers that were passing it an int have + been converted to use debug_return_int instead. + [ca142b5a9433] - * plugins/sudoers/env.c: - Add BASH_FUNC_* to environment blacklist for newer-style bash - functions. - [574014aafe1e] <1.8> + * src/get_pty.c, src/sudo.h: + get_pty() should return bool + [2c72c8d3603b] - * plugins/sudoers/env.c: - Add BASH_FUNC_* to environment blacklist for newer-style bash - functions. - [b6e66c4a782e] + * src/sudo.h, src/tgetpass.c: + Make tty_present static to tgetpass.c + [bb73a2cc8754] - * Makefile.in: - Pull additional password prompts out of mkpkg instead of hard-coding - them. - [d2a6da883b34] + * config.h.in, configure, configure.ac, include/sudo_compat.h: + Add configure check for SIG2STR_MAX, which may be missing on + UnixWare. + [e9dcac23c639] - * NEWS: - Add post-1.8.11 changes - [be93aa0aa75b] <1.8> + * m4/ax_sys_weak_alias.m4: + Need to quote $GCC as it may include arguments. From Tim Rice. + [9ed8a3be94bf] - * NEWS: - Add post-1.8.11 changes - [11169ace8fa4] + * MANIFEST: + Add missing m4/ax_sys_weak_alias.m4 + [269a8d5bfb49] - * Makefile.in, configure.ac, plugins/sudoers/auth/pam.c, - plugins/sudoers/auth/sia.c, plugins/sudoers/po/sudoers.pot: - Add a space after "Password:" in default password prompt so it is - easier to read when pwfeedback is enabled. - [a7750d845b5b] +2015-04-28 Todd C. Miller - * plugins/sudoers/auth/sudo_auth.c: - Simplify how we count the password tries - [517d8c550b7f] <1.8> + * mkpkg: + There's no point in building i386 binaries for Mac OS X 10.7 and + higher. + [e8876ea36d14] - * plugins/sudoers/auth/sudo_auth.c: - Simplify how we count the password tries - [71b9f2021561] +2015-04-27 Todd C. Miller - * plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c: - Block SIGINT and SIGQUIT while verifying passwords so that - authentication modules that use sleep() are not interrupted. If the - user interrupted authentication, exit the loop. - [524d95ac222e] <1.8> + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, po/ja.mo, + po/ja.po: + Sync with translationproject.org + [414c51286530] - * plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c: - Block SIGINT and SIGQUIT while verifying passwords so that - authentication modules that use sleep() are not interrupted. If the - user interrupted authentication, exit the loop. - [1cfafd7fcb13] +2015-04-26 Todd C. Miller - * configure, configure.ac: - Remove Convex support; it is not modern enough to run sudo 1.8. - [f27e7ee66e82] <1.8> + * plugins/sudoers/bsm_audit.c: + Only fall back on AUE_DARWIN_sudo if au_preselect() fails. + [aea2f3a60b46] - * configure, configure.ac: - Remove Convex support; it is not modern enough to run sudo 1.8. - [c3bdfbb2ee11] +2015-04-25 Todd C. Miller - * configure, configure.ac: - Only check for -lshadow if we haven't already found getspnam() in - libc. Rather than treat this specially, just add -lshadow as another - place to search in addition to -lgen. - [34cc6e6e4e26] <1.8> + * plugins/sudoers/bsm_audit.c: + Work around a problem on Mac OS X 10.10 which defines AUE_sudo but + where au_preselect() only accepts AUE_DARWIN_sudo (the old value). + [b5d32d6453d1] - * configure, configure.ac: - Only check for -lshadow if we haven't already found getspnam() in - libc. Rather than treat this specially, just add -lshadow as another - place to search in addition to -lgen. - [fdf06757f25d] +2015-04-22 Todd C. Miller -2014-09-26 Todd C. Miller + * src/env_hooks.c: + Don't use dlsym() to find the libc getenv() since this may allocate + memory on some systems (glibc) which leads to a hang if malloc() + calls getenv() (jemalloc). + [441846664820] - * plugins/sudoers/auth/sudo_auth.c: - If all authentication methods fail init/setup, fail with an error. - [3de36911e328] <1.8> + * include/sudo_debug.h, src/sudo.c: + Split variable declaration out of debug_decl into debug_decl_vars() + so we can use it in main() when we know sudo_debug_enter() cannot + succeed. + [6931948a57f8] - * plugins/sudoers/auth/sudo_auth.c: - If all authentication methods fail init/setup, fail with an error. - [4cd0481bf05e] + * src/sudo.c: + Defer conversation initialization until right before plugins are + initialized. + [83db53d4945c] - * plugins/sudoers/auth/sudo_auth.c: - Move pass_warn() so that it is defined before it is called(). - [b149f3f68300] <1.8> +2015-04-16 Todd C. Miller - * plugins/sudoers/auth/sudo_auth.c: - Move pass_warn() so that it is defined before it is called(). - [6ea697e89fef] + * plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: + When creating a passwd struct from a uid that is not in the passwd + database, set pw_gid to the user's gid instead of whatever the user + specified via the -g flag (or 0 if no -g). + [4154970432df] -2014-09-24 Todd C. Miller +2015-04-14 Todd C. Miller - * pp: - Remove duplicate Requires: line in generated rpm spec file. - [8d1b260fa3b8] <1.8> + * plugins/sudoers/ldap.c: + Add some ldap_err2string() debugging when the LDAP search fails. + Adapted from a diff from Steven Soulen. + [e08d38481041] - * pp: - Remove duplicate Requires: line in generated rpm spec file. - [335703b110c7] +2015-04-13 Todd C. Miller - * pp: - In pp_files_expand() set _target to be empty. Fixes a problem with - Solaris sh where simply using typeset doesn't causes the variable to - be treated as local so we can inadvertantly inherit a value from a - previous call. - [9018323475fe] <1.8> + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/sr.mo, + po/sr.po: + Sync with translationproject.org + [cbf24072ad07] - * pp: - In pp_files_expand() set _target to be empty. Fixes a problem with - Solaris sh where simply using typeset doesn't causes the variable to - be treated as local so we can inadvertantly inherit a value from a - previous call. - [f3cecca3c7b0] +2015-04-10 Todd C. Miller - * .hgtags: - Added tag SUDO_1_8_11 for changeset b0778dffd245 - [db1efb7d426d] <1.8> + * doc/CONTRIBUTORS: + Add David Michael and Andrey Klyachkin. + [e153a9b46e1f] -2014-09-23 Todd C. Miller + * sudo.pp: + Sync tmpfiles.d/sudo.conf with init.d/sudo.conf.in + [9e3945c1fe6e] - * INSTALL, Makefile.in, NEWS, common/Makefile.in, common/aix.c, - common/alloc.c, common/atobool.c, common/atoid.c, common/atomode.c, - common/event.c, common/event_poll.c, common/event_select.c, - common/fatal.c, common/fileops.c, common/fmt_string.c, - common/gidlist.c, common/lbuf.c, common/progname.c, - common/regress/atofoo/atofoo_test.c, - common/regress/sudo_conf/conf_test.c, - common/regress/sudo_conf/test1.in, - common/regress/sudo_conf/test1.out.ok, - common/regress/sudo_conf/test2.in, - common/regress/sudo_conf/test2.out.ok, - common/regress/sudo_conf/test3.in, - common/regress/sudo_conf/test3.out.ok, - common/regress/sudo_conf/test4.in, - common/regress/sudo_conf/test4.out.ok, - common/regress/sudo_conf/test5.err.ok, - common/regress/sudo_conf/test5.in, - common/regress/sudo_conf/test5.out.ok, - common/regress/sudo_conf/test6.in, - common/regress/sudo_conf/test6.out.ok, - common/regress/sudo_parseln/parseln_test.c, - common/regress/sudo_parseln/test1.in, - common/regress/sudo_parseln/test1.out.ok, - common/regress/sudo_parseln/test2.in, - common/regress/sudo_parseln/test2.out.ok, - common/regress/sudo_parseln/test3.in, - common/regress/sudo_parseln/test3.out.ok, - common/regress/sudo_parseln/test4.in, - common/regress/sudo_parseln/test4.out.ok, - common/regress/sudo_parseln/test5.in, - common/regress/sudo_parseln/test5.out.ok, - common/regress/sudo_parseln/test6.in, - common/regress/sudo_parseln/test6.out.ok, - common/regress/tailq/hltq_test.c, common/secure_path.c, - common/setgroups.c, common/sudo_conf.c, common/sudo_debug.c, - common/sudo_dso.c, common/sudo_printf.c, common/term.c, - common/ttysize.c, compat/Makefile.in, compat/charclass.h, - compat/clock_gettime.c, compat/closefrom.c, compat/endian.h, - compat/fnmatch.c, compat/fnmatch.h, compat/getaddrinfo.c, - compat/getaddrinfo.h, compat/getcwd.c, compat/getgrouplist.c, - compat/getline.c, compat/getopt.h, compat/getopt_long.c, - compat/glob.c, compat/glob.h, compat/inet_pton.c, compat/isblank.c, - compat/memrchr.c, compat/memset_s.c, compat/mksiglist.c, - compat/mksiglist.h, compat/mksigname.c, compat/mksigname.h, - compat/mktemp.c, compat/nss_dbdefs.h, compat/pw_dup.c, - compat/regress/fnmatch/fnm_test.c, - compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files, - compat/regress/glob/globtest.c, compat/regress/glob/globtest.in, - compat/sig2str.c, compat/siglist.in, compat/snprintf.c, - compat/stdbool.h, compat/strlcat.c, compat/strlcpy.c, - compat/strsignal.c, compat/strtonum.c, compat/timespec.h, - compat/utime.h, compat/utimes.c, config.h.in, configure, - configure.ac, doc/CONTRIBUTORS, doc/sudo.cat, doc/sudo_plugin.cat, - doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, - doc/visudo.cat, doc/visudo.man.in, include/alloc.h, include/fatal.h, - include/fileops.h, include/gettext.h, include/lbuf.h, - include/missing.h, include/queue.h, include/secure_path.h, - lib/util/Makefile.in, lib/util/event.c, lib/util/getgrouplist.c, - mkpkg, plugins/group_file/Makefile.in, plugins/sudoers/Makefile.in, - plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, - plugins/sudoers/boottime.c, plugins/sudoers/check.c, - plugins/sudoers/env.c, plugins/sudoers/iolog.c, - plugins/sudoers/logging.c, plugins/sudoers/match.c, - plugins/sudoers/po/sudoers.pot, plugins/sudoers/redblack.c, - plugins/sudoers/sha2.c, plugins/sudoers/sha2.h, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, - po/sudo.pot, src/Makefile.in, src/exec_pty.c, src/load_plugins.c, - src/parse_args.c, src/po/README, src/po/ca.mo, src/po/ca.po, - src/po/cs.mo, src/po/cs.po, src/po/da.mo, src/po/da.po, - src/po/de.mo, src/po/de.po, src/po/eo.mo, src/po/eo.po, - src/po/es.mo, src/po/es.po, src/po/eu.mo, src/po/eu.po, - src/po/fi.mo, src/po/fi.po, src/po/fr.mo, src/po/fr.po, - src/po/gl.mo, src/po/gl.po, src/po/hr.mo, src/po/hr.po, - src/po/it.mo, src/po/it.po, src/po/ja.mo, src/po/ja.po, - src/po/nl.mo, src/po/nl.po, src/po/pl.mo, src/po/pl.po, - src/po/pt_BR.mo, src/po/pt_BR.po, src/po/ru.mo, src/po/ru.po, - src/po/sl.mo, src/po/sl.po, src/po/sr.mo, src/po/sr.po, - src/po/sudo.pot, src/po/sv.mo, src/po/sv.po, src/po/tr.mo, - src/po/tr.po, src/po/uk.mo, src/po/uk.po, src/po/vi.mo, - src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po, src/sudo.c, - src/ttyname.c, zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, - zlib/crc32.c, zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, - zlib/gzclose.c, zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, - zlib/gzwrite.c, zlib/infback.c, zlib/inffast.c, zlib/inffast.h, - zlib/inffixed.h, zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, - zlib/inftrees.h, zlib/trees.c, zlib/trees.h, zlib/uncompr.c, - zlib/zconf.h.in, zlib/zlib.h, zlib/zutil.c, zlib/zutil.h: - Merge sudo 1.8.11 from trunk - [b0778dffd245] [SUDO_1_8_11] <1.8> + * include/sudo_util.h: + Avoid struct assignment when stashing mtime since AIX at least uses + a struct st_timespec that differs from struct timespec. From Andrey + Klyachkin. + [e267ea5b019e] - * configure, configure.ac: - Fix version for release. - [39f6a2e9a098] +2015-04-09 Todd C. Miller -2014-09-20 Todd C. Miller + * sudo.pp: + Work around a bug in pp that caused a warning when exampledir is a + subdir of docdir. + [d81db98f215f] - * configure, configure.ac, pathnames.h.in: - Only redefine _PATH_BSHELL on AIX if we included paths.h. - [2dd4e808f69f] + * plugins/sudoers/solaris_audit.c: + Add sys/types.h + [e0794f05e95c] - * NEWS: - Bug 661 - [7f2b278086b2] + * lib/util/getopt_long.c, lib/util/mksiglist.c, lib/util/mksigname.c, + lib/util/regress/fnmatch/fnm_test.c, + lib/util/regress/glob/globtest.c, lib/util/sha2.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_hexchar.c: + Include sys/types.h instead of unistd.h to get uid_t and gid_t. Add + missing include of sys/types.h to a few places. + [86eb67f3c41a] - * pathnames.h.in, src/exec_common.c, src/sudo.c: - On AIX, _PATH_BSHELL is /usr/bin/bsh but we want to use /usr/bin/sh - (which is usually ksh). This makes sudo's behavior when executing a - shell without the #! magic number match execvp() on AIX. - [2b438ff99991] +2015-04-08 Todd C. Miller - * pathnames.h.in: - Whitespace changes. - [107f66ecfa54] + * mkpkg: + Remove unintended commit + [2eeeb74b9174] - * configure, m4/sudo.m4: - Prefer /usr/bin/sh to /bin/sh to match modern systems. - [9e2ccb5b239f] + * init.d/sudo.conf.in: + Add tmpfiles.d/sudo.conf template. + [ead9bb7b5328] - * NEWS, lib/util/Makefile.in: - Don't use SSP_CFLAGS or PIE_CFLAGS when building mksiglist/mksigname - as they are built with the host compiler which may be different when - cross-compiling. From Gustavo Zacarias. Bug 662. - [f1a6d58c0baa] +2015-04-07 Todd C. Miller -2014-09-17 Todd C. Miller + * .hgignore, INSTALL, MANIFEST, Makefile.in, configure, configure.ac, + mkpkg, src/Makefile.in, sudo.pp: + Create template tmpfiles.d/sudo.conf for installation instead of + creating one via echo commands in the Makefile. - * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, - plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/cs.mo, - po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fi.mo, - po/fi.po, po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, - po/pt_BR.po, po/ru.mo, po/ru.po, po/sr.mo, po/sr.po, po/uk.mo, - po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, po/zh_CN.po: - Sync with translationproject.org - [588c41d2eab5] + Add --enable-tmpfiles.d configure option to enable/disable use of + tmpfiles.d and override the default directory. -2014-09-16 Todd C. Miller + Use --disable-tmpfiles.d in mkpkg so we no longer need to ignore + tmpfiles.d/sudo.conf in sudo.pp. + [930983f88927] - * plugins/sudoers/sudo_nss.c: - Make sure we can't insert an nss entry in the list that has already - been used before. - [b5fab945991b] + * sudo.pp: + Fix setting of pp_rpm_version when there is no patchlevel present. + Also tighten up the regexp for pp_rpm_release. + [d6a89aafd99d] - * plugins/sudoers/visudo_json.c: - Use correct gettext macro with sudo_warnx() - [0a532986b016] +2015-04-06 Todd C. Miller - * NEWS: - Make nsswitch.conf bug fix description more accurrate. It affects - the "files" nsswitch source too. - [a29cce3a3ee9] + * INSTALL, Makefile.in, configure, configure.ac, doc/sudoers.mdoc.in, + examples/Makefile.in, mkpkg, sudo.pp: + Make exampledir configurable and default to + DATAROOTDIR/examples/sudo on BSD systems. + [4c1271298712] - * NEWS: - Mention nsswitch.conf duplicate entry fix. - [f8a45b59a577] + * src/Makefile.in, sudo.pp: + Install /usr/lib/tmpfiles.d/sudo.conf on systems with systemd but do + not package it. For packages we create /usr/lib/tmpfiles.d/sudo.conf + as needed in the postinstall script. + [522666bc079f] -2014-09-15 Todd C. Miller +2015-03-22 Todd C. Miller - * plugins/sudoers/parse.c, plugins/sudoers/sudoers.h: - Make sudoers file nsswitch functions static to parse.c since they - are self-contained. - [cf22385d0659] + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, + doc/visudo.man.in, doc/visudo.mdoc.in: + Fix "mandoc -Tlint" warnings. Sync AUTHORS section in man pages. + Regenerate all man pages. + [34e4149bb225] - * plugins/sudoers/sudo_nss.c: - Fix infinite loop when mulitple sudoers entries are present in - nsswitch.conf. From Daniel Kopecek. - [e773e0eee736] + * lib/util/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: + Make libsudo_util depend on libintl instead of requiring users of + libsudo_util to link with libintl directly. Bug #690 + [f2508d1a21ee] -2014-09-10 Todd C. Miller +2015-03-21 Todd C. Miller - * NEWS: - Fix for bug #660 - [e25192ad79cc] + * plugins/sudoers/logging.c: + Use saved errno in vlog_warning() before calling + sudo_vwarn_nodebug(). Fixes the error message printed if set_perms() + fails. + [68bd7297137e] - * src/get_pty.c: - Fix compilation on systems without openpty(), _getpty() or - grantpt(). From Vasilyy Balyasnyy - [897280412e3e] +2015-03-18 Todd C. Miller -2014-09-08 Todd C. Miller + * NEWS: + Update for 1.8.13 final. + [4c03db3a740f] - * src/conversation.c: - Remove remaining use of SUDO_CONV_DEBUG_MSG. - [4ee756b687ea] +2015-03-16 Todd C. Miller - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, include/sudo_plugin.h: - SUDO_CONV_DEBUG_MSG is no longer supported. - [7bf46cf06578] + * plugins/sudoers/env.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + For sudoedit, run the editor with the user's original environment as + per the documentation (and as in sudo 1.7.x). Bug #688 + [a5081c8f6950] - * doc/sudo.conf.cat, doc/sudoers.cat: - regen - [5bff0d4d3956] + * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, po/fr.mo, + po/fr.po: + Sync with translationproject.org + [0b820c5ecb0c] - * include/sudo_debug.h, lib/util/sudo_debug.c, lib/util/sudo_printf.c, - plugins/sudoers/iolog.c, plugins/sudoers/policy.c: - There is no longer a reason for the plugin to init the debug - subsystem itself. It will always be initialized by the front-end if - needed. - [970dd80a9e3c] +2015-03-10 Todd C. Miller - * include/sudo_alloc.h, include/sudo_compat.h, include/sudo_fatal.h: - Add function arg names to prototypes where missing. - [e78dc4c48521] + * lib/util/term.c: + Update function names in debug_decl. + [b83f153b2f43] - * lib/util/alloc.c: - Remove obsolete definition of SIZE_T which is now handled by - sudo_compat.h and rename the format arg to fmt in - sudo_evasprintf_v1() for consistency with sudo_easprintf_v1(). - [72c0fc5e5114] + * lib/util/term.c: + Use TCSAFLUSH instead of TCSANOW in sudo_term_copy(). Be consistent + with where we put TCSASOFT in the action flags. + [6ffeec3aa184] - * src/parse_args.c: - If we were invoked with any name ending in "edit", treat as - sudoedit. - [d307572f08bc] +2015-03-09 Todd C. Miller -2014-09-04 Todd C. Miller + * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/da.mo, + po/da.po, po/fi.mo, po/fi.po, po/zh_CN.mo, po/zh_CN.po: + Sync with translationproject.org + [0d20f88c0a83] - * po/sudo.pot: - regen - [31c115ffbba8] +2015-03-08 Todd C. Miller - * src/exec.c, src/exec_pty.c, src/signal.c: - Check return value of sigaction(), even though it should never fail. - [75c578e6a07c] + * lib/util/sha2.c: + Include unistd.h since sudo_compat.h uses gid_t. + [da491d83e5dc] -2014-09-03 Todd C. Miller +2015-03-05 Todd C. Miller - * lib/util/Makefile.in, src/Makefile.in: + * INSTALL, configure, configure.ac: + Add --disable-weak-symbols option to disable use of weak symbols in + libsudo_util. + [3edf2bccb4d8] + + * configure: regen - [2fcb390e8e89] + [ff1abfcd2b61] - * MANIFEST, plugins/sudoers/Makefile.in, - plugins/sudoers/regress/parser/check_hexchar.c: - Add hexchar unit test - [de65e0ded4a2] + * m4/ax_sys_weak_alias.m4: + When checking for weak aliases, check the gcc attribute format last + since some C compilers just ignore unsupported attributes. + [e172cbbfa615] - * plugins/sudoers/regress/parser/check_addr.c: - Avoid division by zero if there was no test data. - [de3324077ba0] + * sudo.pp: + Update copyright year. + [67bcd24c6477] -2014-09-02 Todd C. Miller + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/cs.mo, + po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/it.mo, + po/it.po, po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, + po/pt_BR.po, po/uk.mo, po/uk.po, po/vi.mo, po/vi.po: + Sync with translationproject.org + [ceb62f98364c] - * lib/util/event.c: - Remove confusing comment. - [ee1765a06b94] + * configure, configure.ac, include/compat/sha2.h: + Fix symbol name collision with systems that have their own sha2 + implementation. This can result in PAM using the wrong sha2 + implementation on Solaris systems configured to use SHA512 for + passwords. + [3a25c4896804] - * lib/util/sudo_debug.c: - Use a stack buffer for the debug message when possible, most are - small. - [945fb94a7aaf] + * src/Makefile.in: + Use SSP_LDFLAGS when linking sudo_noexec.la + [6187b17fad90] -2014-09-01 Todd C. Miller +2015-03-03 Todd C. Miller - * plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po, po/ca.mo, - po/ca.po: - Sync with translationproject.org - [661d536a7599] + * MANIFEST, config.h.in, configure, configure.ac, + include/compat/utime.h, lib/util/Makefile.in, lib/util/utimens.c: + Remove compat/utime.h, it was only useful for ancient systems that + are no longer capable of compiling sudo. + [94e4f02868db] -2014-08-31 Todd C. Miller +2015-03-02 Todd C. Miller - * src/exec.c: - Convert a debug printf to a user-visible warning. - [c3866eaea3ec] + * configure, configure.ac, lib/util/Makefile.in: + Link libsudo_util with -lrt on systems where clock_gettime is in + -lrt. + [44a9a0d0af69] - * include/sudo_fatal.h, include/sudo_util.h, lib/util/fatal.c: - Move sudo_printf extern to sudo_util.h - [50275ef999e9] + * NEWS: + Update. + [811c8d7090c0] - * include/sudo_fatal.h, include/sudo_lbuf.h, lib/util/fatal.c, - lib/util/lbuf.c: - Some versions of the HP C Compiler don't export functions that take - function pointers as arguments unless a typedef is used. - [97cc0525dbd7] + * lib/util/strlcat.c, lib/util/strlcpy.c: + Update OpenBSD CVS Ids + [933788497ee4] - * include/sudo_lbuf.h: - Work around a bug in the HP C compiler. - [5c902aefeba6] + * lib/util/strlcat.c: + Make comment match code. + [b1b68810929d] - * lib/util/lbuf.c: - Don't need sudo_fatal.h - [bccfe4df4794] + * lib/util/utimens.c: + Fix compilation error on systems without futimes(). + [4d55a58ea12e] -2014-08-30 Todd C. Miller + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, include/sudo_util.h, lib/util/Makefile.in, + lib/util/gettime.c, lib/util/util.exp.in, lib/util/utimens.c, + lib/util/utimes.c, mkdep.pl, plugins/sudoers/Makefile.in, + plugins/sudoers/boottime.c, plugins/sudoers/gettime.c, + plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c, + plugins/sudoers/visudo.c, src/Makefile.in, src/sesh.c, + src/sudo_edit.c: + Use futimens() and utimensat() instead of futimes() and utimes(). + [8400f91466d8] - * po/da.mo, po/da.po: - Sync with translationproject.org - [7910e3fc0f3e] + * plugins/sudoers/visudo.c: + Fix compiler warning on systems where mode_t is not unsigned int, + such as 32-bit Solaris. + [1eeeea1c203d] - * src/exec.c: - Remove signal_event from evbase before calling sudo_ev_loopexit() - when the command has exited or been killed. It is possible that we - could receive another signal on the pipe if they are delivered out - of order. - [b8ed1c9482b4] + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Fix logic for verifypw/listpw all in sudoers LDAP and sssd. + [5bc60a34a477] -2014-08-29 Todd C. Miller + * src/tgetpass.c: + Fix cut & pasto that prevented the SIGPIPE handler from being + restored before returning from tgetpass(). From mancha + [230b0a86876e] - * src/exec_pty.c: - Treat EOF on signal pipe (which should never happen) as ECONNRESET. - [eb57e9047a2c] +2015-02-28 Todd C. Miller - * include/sudo_event.h, lib/util/event.c, src/exec_pty.c: - Don't allow sudo_ev_loopcont() to override sudo_ev_loopexit() - [b6b53eacbc61] + * src/sesh.c, src/sudo_edit.c: + Our utimes() emulation support futime() too. + [439851535285] - * include/sudo_event.h, lib/util/event.c, lib/util/event_poll.c, - lib/util/event_select.c: - Add some internal convenience functions. - [b01063d82347] +2015-02-27 Todd C. Miller -2014-08-26 Todd C. Miller + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [40aa9164563f] - * sudo.pp: - Fix osrelease sed expression. It wasn't matching distros with a - single digit version such as sles9. - [44f3e9b7e6c0] + * plugins/sudoers/testsudoers.c: + Define YYDEBUG to 0 if not already defined so we can protect use of + sudoersdebug with "#if YYDEBUG" like the generated parser does. From + David Michael. + [394e1c237aac] - * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, - plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, - plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, - plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, - plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, - plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, - plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, - plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, - plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, - plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, - plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo, - po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fi.mo, - po/fi.po, po/it.mo, po/it.po, po/nb.mo, po/nb.po, po/pl.mo, - po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/ru.mo, po/ru.po, po/uk.mo, - po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, po/zh_CN.po: - Sync with translationproject.org - [5b2c6063db75] +2015-02-26 Todd C. Miller - * plugins/sudoers/iolog.c: - Return -1 from logging functions if we get a write error. - [a3ae43d54101] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document that Aliases may not be redefined and that "sudo -f + /etc/sudo.d/foo" will not catch the redefinition. + [3bff3b5f7eb1] - * NEWS: - Mention I/O plugin changes. - [0bd2e99fe87a] + * sudo.pp: + Only create /usr/lib/tmpfiles.d/sudo.conf if + /usr/lib/tmpfiles.d/systemd.conf also exists. Some other package may + have created /usr/lib/tmpfiles.d even though it is not used. + [cf013d95b7d7] - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, src/exec_pty.c: - Change behavior when plugin I/O logging function returns 0 or -1. - For -1 (error) return, we now kill the command and disable the I/O - logging function that returned the error. For a 0 (reject) return, - we no longer display the rejected output to the user's terminal. The - plugin API revision is now 1.6. - [27bb504860f3] + * plugins/sudoers/Makefile.in: + regen + [4dde632c35cd] - * doc/sudoers.cat: - regen to fix version. - [641ea29b7dd3] + * sudo.pp: + Clear the ts dir instead of just making sure it exists. + [c49b6e3e2360] - * plugins/sample/sample_plugin.c: - Add trivial dirty word check to the sample output logging function. - [a14494b87b4d] + * configure, configure.ac: + Only substiture init.d scripts that we are going to use. + [301f16bd04c5] -2014-08-25 Todd C. Miller +2015-02-25 Todd C. Miller - * NEWS: - Update for 1.8.11b2 - [72ac1f26ba78] + * plugins/sudoers/Makefile.in, sudo.pp: + Create /usr/lib/tmpfiles.d/sudo.conf when systemd is used. + [532dc61e7bb7] - * src/sudo_edit.c: - Fix restoration of effective uid/gid in command_details. This masked - the effects an unset (really zero) egid. Bug 656 - [b75eed459386] + * plugins/sudoers/iolog.c, plugins/sudoers/visudo.c, src/sudo_edit.c, + src/utmp.c: + Check the return value of gettimeofday(), even though it should + never fail. + [747715d8a11c] - * src/sudo.c: - Set runas egid to the same value as runas gid if egid not specified - by the plugin. Only affects new files created by sudoedit. Bug #656 - [f2daabba4912] +2015-02-24 Todd C. Miller - * src/sudo_edit.c: - Don't leak temp fd in sudo_edit_copy_tfiles(). Fix fd leak in error - path in sudo_edit_copy_tfiles(). - [465d6a79b5cf] + * MANIFEST, configure, configure.ac, include/sudo_compat.h, + lib/util/Makefile.in, lib/util/clock_gettime.c, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c, + plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoers.h, + plugins/sudoers/timestamp.c: + We cannot (easily) use clock_gettime(CLOCK_MONOTONIC) directly as it + may be present but not implemented. Add sudo_gettime_real() and + sudo_gettime_mono() functions to get the real and monotonic times + respectively. Now sudo_gettime_mono() checks the value of + sysconf(_SC_MONOTONIC_CLOCK) before calling + clock_gettime(CLOCK_MONOTONIC) and falls back on sudo_gettime_real() + as needed. The Mach version of sudo_gettime_mono() uses + mach_absolute_time(). -2014-08-22 Todd C. Miller + This should fix problems with timestamp files on systems where the + CLOCK_MONOTONIC is defined but not actually implemented. + [cd04a21af4c5] - * NEWS: - fix typo - [a4659abcbc1d] + * include/sudo_compat.h, plugins/sudoers/timestamp.c: + Check clock_gettime() return value and warn if it fails. Currently, + the timestamp will be ignored if clock_gettime() fails. + [3658154638da] - * src/signal.c: - We write an unsigned char, not an int, to the signal pipe. - [fae4217be608] +2015-02-23 Todd C. Miller -2014-08-21 Todd C. Miller + * lib/util/sudo_debug.c: + Plug memory leak when debug file cannot be opened. Use %zu printf + format now that our snprintf support it. + [a168a002cd19] - * src/sudo_edit.c: - Sprinkle some debugging around uid/gid setting in sudoedit. - [15e4a337f0b0] + * plugins/sudoers/auth/pam.c: + Pam conversation function changes: o use PAM_BUF_ERR as the return + value when calloc() fails. o sanity check the value of num_msg o + remove the workaround for old Apple PAM o PAM_AUTH_ERR is not a + valid PAM conversation function return value - * src/sesh.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, - src/sudo_exec.h: - Make sudoedit work with SELinux RBAC. Adapted from RedHat patches - (Daniel Kopecek) but made to behave a bit more like the non-SELinux - bits. - [8f3f7969220f] + If getpass_error is set after a call to pam_verify (usually because + the user pressed ^C), return AUTH_INTR immediately instead of + checking the pam_verify return value. + [8d378f40fe1f] - * src/sudo_edit.c: - Refactor code that copies temp files into separate functions. - [b1057f4bee87] + * INSTALL, NEWS, configure, configure.ac, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h: + On AIX use the value of auth_type in /etc/security/login.cfg to + determine whether to use LAM or PAM unless the user specified the + --with-pam or --with-aixauth configure flags. + [cb314c1ed5f8] - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in: - Fix typo, .em should be .Em - [ec28aa3bdd6a] + * lib/util/parseln.c: + Fix cast. + [4f56047e2bc4] -2014-08-18 Todd C. Miller +2015-02-21 Todd C. Miller - * src/sesh.c: - Add missing call to initprogname(). - [71040679765f] + * config.h.in, configure, configure.ac, lib/util/snprintf.c: + Update snprintf.c from OpenBSD. The floating point and wide + character code has been retained but is not compiled by default. + [6801a77398fc] - * lib/util/sudo_debug.c, lib/util/sudo_printf.c: - Don't recurse infinitely until we blow the stack when the debug file - can't be opened in the front-end. The conversation-type debug mode - will be removed in the future. - [38cd1a6343c2] +2015-02-20 Todd C. Miller -2014-08-15 Todd C. Miller + * plugins/sudoers/regress/sudoers/test1.in, + plugins/sudoers/regress/sudoers/test1.out.ok, + plugins/sudoers/regress/sudoers/test1.toke.ok: + Update the regression test that check that all tags are parsed. + [d0f9af2f9d45] - * sudo.pp: - Only use the first two digits of the version number. Fixes a problem - on RHEL 7 which has version numbers like 7.0.1406 - [272727fd57fb] - - * plugins/sudoers/linux_audit.c: - Fix return value when kernel has no audit support. - [7ca1c9857058] + * MANIFEST, configure, configure.ac, lib/util/Makefile.in, + lib/util/mktemp.c, lib/util/regress/mktemp/mktemp_test.c, mkdep.pl: + Add regress for mkdtemp and mkstemps from OpenBSD + [18714ae9bffd] - * lib/util/progname.c: - remove unused label - [4179ea1ffa3a] + * plugins/sudoers/po/sudoers.pot: + regen + [b77490dd9b33] -2014-08-14 Todd C. Miller + * plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, po/tr.mo, + po/tr.po: + Sync with translationproject.org + [b2946065653d] - * aclocal.m4, autogen.sh: - Update to automake 1.14 (no code changes). - [5e04db4f7c5d] + * config.h.in, configure.ac: + Correct SECURE_PATH comment. + [3fd6132d5dba] -2014-08-11 Todd C. Miller + * NEWS, configure, configure.ac: + Sudo 1.8.13 + [32c1183b0666] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Document the interaction between sudoers environment handling and - the pam_env module. - [bd56868f078c] +2015-02-19 Todd C. Miller - * plugins/sudoers/env.c: - Don't allow pam_env to overwrite existing variables when env_reset - is disabled unless the variables match the black list and would - normally be removed. It may just be better to never overwrite when - env_reset is disabled. - [e0ae88fce535] + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, include/sudo_util.h, lib/util/Makefile.in, + lib/util/gethostname.c, lib/util/util.exp.in, + plugins/sudoers/match.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c, src/sudo.c: + Avoid using HOST_NAME_MAX directly and use + sysconf(_SC_HOST_NAME_MAX) instead. + [97036b819d58] -2014-08-09 Todd C. Miller + * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c: + Historically, crypt() returned the empty string on error, which + ensured that crypt("", "") would return "", which supported matcing + empty encrypted passwords with no additional code. Some modern + versions of crypt() (such as glibc) return NULL on error so we need + an explicit test to match an empty plaintext password and an empty + encrypted password. + [b88eb9da5e57] - * plugins/sudoers/po/sudoers.pot, po/sudo.pot: - Update year range to include 2014 - [6b3b5f3fa791] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Sort tags lexically in the sudoers manual + [66716c0b7a13] -2014-08-08 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/ldap.c, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/regress/sudoers/test1.out.ok, + plugins/sudoers/sssd.c, plugins/sudoers/sudoers_version.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/visudo_json.c: + Add support for MAIL and NOMAIL command tags to toggle mail sending + behavior on a per-command (or Cmnd_Alias) basis. + [04f30a064c25] - * lib/util/Makefile.in: - Remove regress .err files in distclean target. - [d66a4f1db130] + * config.h.in, configure, configure.ac, include/sudo_compat.h, + lib/util/closefrom.c, lib/util/setgroups.c, + plugins/sudoers/pwutil_impl.c, src/sudo.c: + Almost no systems actually define OPEN_MAX since it is dynamic on + modern OSes. If sysconf(_SC_OPEN_MAX) ever fails, fall back on + _POSIX_OPEN_MAX instead. We can assume modern systems have + sysconf(). Also remove checks for strrchr() and strtoll() for which + the HAVE_* defines are no longer used. + [c3058a6cca86] - * lib/util/Makefile.in, plugins/group_file/Makefile.in, - plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, - plugins/system_group/Makefile.in: - Remove generated files for linker as part of distclean. - [5d1bf6c32c6b] + * lib/util/getline.c, plugins/group_file/getgrent.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/tsgetgrpw.c: + All modern systems should have LINE_MAX. + [117322b6d86c] - * .hgignore: - Ignore .out and .err files in lib/util regress - [9f4d91e77c0f] + * Makefile.in, sudo.pp: + Don't need to pass exampledir to polypkg now that it is just under + docdir. + [9f24f0184a78] - * NEWS: - Add additional 1.8.11 changes and fix typos. - [7980e2abb6ea] +2015-02-18 Todd C. Miller - * configure, configure.ac, plugins/sudoers/Makefile.in: - Avoid building/running the check_symbols test program unless we are - building a shared sudoers plugin. - [a6bde1a12111] + * sudo.pp: + Fix packaging of the example dir. + [4c7cbc3fc190] - * plugins/sudoers/Makefile.in, src/Makefile.in: - Remove two instances of -no-fast-install that were missed before. - [8a2c89cdf252] + * lib/util/mktemp.c: + Fix mkstemps() extension handling. Sudoedit will now preserve the + extension properly when the system libc lacks mkstemps(). + [b86f54331972] - * INSTALL, NEWS, configure, configure.ac, lib/util/Makefile.in: - Add --disable-shared-libutil configure option. It may only be used - in conjunction with the --enable-static-sudoers option. - [e19c71464399] +2015-02-17 Todd C. Miller -2014-08-07 Todd C. Miller + * MANIFEST, aclocal.m4, config.h.in, configure, configure.ac, + lib/util/Makefile.in, lib/util/locale_weak.c, + m4/ax_sys_weak_alias.m4, mkdep.pl, src/Makefile.in, + src/locale_stub.c: + Use weak symbols for sudo_warn_gettext() and sudo_warn_strerror() so + distros using "-Wl,--no-undefined" in LDFLAGS don't run into + problems. + [708418615aae] - * doc/Makefile.in: - Remove noop man.sed files Use full path instead of $@.in when - calling config.status with --file=- - [53c69928427e] + * lib/util/mksiglist.c, lib/util/mksigname.c: + Include unistd.h in siglist.c and signame.c to get gid_t which is + used by sudo_compat.h. Bug #686 + [0ab6450a96ec] - * src/preserve_fds.c: - Fix "sudo -C" when we have internal fds to preserve from - closefrom(). - [942db66345ea] +2015-02-15 Todd C. Miller -2014-08-06 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/logging.c: + Add mail_all_cmnds to always mail when a user runs a command (or + tries to) including sudoedit. The mail_always flag goes back to its + old semantic of always mailing when sudo is run. + [edc904502061] - * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/env.c: - Add explicit support for matching the full environment string - (name=value). Bash functions may now be preserved for full matches, - but not for name-only matches. - [f4d816e11f66] +2015-02-10 Todd C. Miller -2014-08-05 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Minor change in description of TZ path handling. + [579b02f0dbe0] - * .hgignore: - Ignore lib/util/util.exp - [e08306ca6a6d] + * Makefile.in, examples/Makefile.in: + Move example dir under the doc dir to conform to Debian guidelines. + Bug #682. + [494d9a0484b6] -2014-07-30 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document that a leading ':' is skipped when checking TZ for a fully- + qualified path name. + [91859f613b88] - * configure, configure.ac: - Fix exporting of asprintf/vasprintf symbols. - [5ff59bdeb501] +2015-02-09 Todd C. Miller - * configure, configure.ac: - Don't export getaddrinfo symbols if we found the function in a - library. - [3bf4a5d3cfdb] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Typo. + [b9257ea66116] - * src/sudo_edit.c: - It is now sudo_efree() not efree(). Don't try to free a pointer to - garbage on error. - [51a1ddaa220d] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Fix typos. + [ac1467f71ac0] - * plugins/sudoers/po/sudoers.pot, po/sudo.pot: - Regen .pot files - [8c46fe51d32e] + * plugins/sample/sample_plugin.c: + Fix compilation on systems w/o __dso_public + [b773ef9127fa] -2014-07-29 Todd C. Miller +2015-02-07 Todd C. Miller - * src/sudo_edit.c: - Plug memory leak, even though we are headed for exit. - [e2b28ddffabe] + * NEWS, plugins/sudoers/po/ru.mo, plugins/sudoers/po/ru.po: + Russian translation for sudoers from translationproject.org. + [8a7fc2e00072] - * configure, configure.ac, lib/util/Makefile.in, - plugins/sudoers/Makefile.in: - If getaddrinfo() is missing libsudoutil may need to pull in - networking libraries. - [4d6724d54927] +2015-02-06 Todd C. Miller - * MANIFEST, configure, configure.ac, include/sudo_compat.h, - lib/util/Makefile.in, lib/util/util.exp, lib/util/util.exp.in, - m4/sudo.m4: - Only include functions in util.exp that are actually in the library. - Fixes a problem on Solaris where undefined functions that are listed - as exported in the map file result in a link error. Also make sure - we use our glob.c if the system is missing glob(). - [3121ad215f1e] + * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/ru.mo, + plugins/sudoers/po/ru.po: + Russian translation for sudoers from translationproject.org. + [1d5869e4d4af] - * configure, configure.ac: - Make sure shadow libs don't end up in LIBS, only SUDOERS_LIBS (and - SUDO_LIBS if set_auth_parameters() or initprivs() are present. - [fb084b157c76] + * config.h.in, configure, configure.ac, include/sudo_compat.h: + Add check for getresuid() declaration, which may be missing on HP- + UX. When checking for getdomainname() prototype, look in netdb.h + too. + [0ba583590b17] - * configure.ac: - No need to AC_SUBST HAVE_BSM_AUDIT and HAVE_SOLARIS_AUDIT - [5d73ccf3a7b9] + * INSTALL, NEWS, configure, configure.ac, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in, m4/sudo.m4, pathnames.h.in, + plugins/sudoers/env.c: + Sanity check the TZ environment variable by special casing it in + env_check. The --with-tzdir configure option can be used to specify + the zoneinfo directory if configure doesn't find it. + [650ac6938b59] -2014-07-28 Todd C. Miller + * NEWS: + Mention crash fixes. + [f759c993e172] - * src/exec.c, src/exec_pty.c, src/sudo_exec.h: - Attempt to handle systems with SA_SIGINFO but that lack SI_USER. - [0c8b09861ad5] + * src/parse_args.c: + Bail with usage() early if argc <= 0. + [aaba56c9a797] - * config.h.in, configure, configure.ac, include/sudo_compat.h: - Replace use of HAVE_GETCWD with PREFER_PORTABLE_GETCWD. It is safe - to assume getcwd() exists, we just need to handle broken ones. - [e897223a8f38] +2015-02-05 Todd C. Miller - * config.h.in, configure, configure.ac, plugins/sudoers/Makefile.in: - Add check for inet_ntoa() since it may live in libnsl. Make getcwd() - replacement private to the SunOS 4 section. - [8e2cd0fdd6cd] + * plugins/sudoers/pwutil.c: + Remove extraneous casts of node->data (which is void *). + [950749570a00] - * plugins/sudoers/match.c: - Avoid mixing declarations and code for non-C99 compilers. - [1fa5cf2356fd] + * doc/CONTRIBUTORS: + Add Stephane Chazelas + [a6c7becabee7] - * include/sudo_debug.h: - For C89, use "const char __func__[]" instead of "const char - *__func__". - [c4e9f9d6691b] + * plugins/sudoers/pwutil.c: + Fix a potential crash when getpwnam() of the running user fails and + we don't replace the negative cached entry with a faked up one. From + Stephane Chazelas + [9088f041bbad] - * plugins/sudoers/match.c: - Fix compilation on systems w/o netgroups. - [57deb66ef8ff] + * src/parse_args.c, src/sudo.c: + Don't assume argv[0] is set without first checking argc. + [aabdc9d0ba26] -2014-07-26 Todd C. Miller + * lib/util/progname.c: + Call setprogname("sudo") if getprogname() returns NULL or the empty + string. + [45438f7227b1] - * src/preserve_fds.c: - Back out old workaround for sudoedit hang when debugging was - enabled. - [f547bf80c436] + * plugins/sudoers/set_perms.c: + Handle sudo_get_grlist() returning NULL which can happen if + getgrouplist() fails even after allocating the appropriate amount of + memory. From Stephane Chazelas + [25747a0ead7c] - * src/sudo_edit.c: - Don't memcpy() the preserved_fds TAILQ as the pointers into the head - will be wrong. All we need to do is save the old command details and - restore them after calling run_command(). Fixes a hang with sudoedit - when debugging is enabled. - [84ff8e1f490a] + * config.h.in, configure, configure.ac: + Remove configure checks for strrchr() and strtoll() for which the + HAVE_* defines are no longer used. + [f04216435aba] -2014-07-25 Todd C. Miller + * config.h.in, configure, configure.ac, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, + plugins/sudoers/sudoreplay.c: + Require POSIX regular expression support for sudoreplay. + [1486747cd470] - * src/sudo.c: - The default policy close function should only print an error message - if the error_code is non-zero. - [2032c9e33e3f] + * config.h.in, configure, configure.ac, include/sudo_compat.h: + Check whether getdomainname(), innetgr(), setresuid() and + setresgid() are declared and add prototypes in sudo_compat.h as + needed. + [03aa144afce4] - * src/preserve_fds.c: - If there the preserved fds list is empty, add a new element with - TAILQ_INSERT_HEAD instead of TAILQ_INSERT_TAIL to avoid an infinite - loop on AIX, Solaris and possibly others when debug mode is active. - [63cefe22c515] + * plugins/sudoers/policy.c: + The plugin no longer needs to call initprogname() now that it links + with the same libsudo_util as sudo. + [78b65a352ac5] - * lib/util/progname.c: - Remove support for getting program name via /proc as pr_fname is - usually filled in after symbolic links have been processed, even on - Solaris. - [0460c613753c] +2015-02-04 Todd C. Miller - * lib/util/Makefile.in: - Use shlib_enable instead of soext when determining whether to - install the library. - [d46640a7733c] + * sudo.pp: + Add /usr/local/share/examples/ directory to parentdirs so it is + explicitly added to the package. + [ef1aa52b0aad] - * lib/util/regress/atofoo/atofoo_test.c: - Avoid potential division by zero - [6411d276a138] + * plugins/sudoers/po/da.mo, po/da.mo: + Sync with translationproject.org + [943986acd31c] - * lib/util/Makefile.in: - Don't link progname test with libsudo_util, just link in progname.lo - directly since that is all we need. Avoid a linker issue on darwin. - [ee6210ee5cc0] + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, + plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/nl.mo, + po/nl.po: + Sync with translationproject.org + [4977ac967bdd] - * lib/util/progname.c: - Remove pstat_getproc() path as pst_ucomm on HP-UX will return the - target of a symbolic link and not the name of the link itself. Avoid - using pr_fname on AIX for the same reason. Bug 654 - [36aced8e3714] +2015-02-03 Todd C. Miller - * MANIFEST, lib/util/Makefile.in, - lib/util/regress/progname/progname_test.c: - Add test for getprogname() and symbolic links; bug 654 - [fbbe9faeda46] + * plugins/sudoers/getdate.c, plugins/sudoers/gram.c: + Regen with yacc skeleton that the clang analyzer doesn't complain + about. + [e15991fd4ab1] -2014-07-24 Todd C. Miller + * configure, configure.ac, lib/util/alloc.c, lib/util/glob.c, + plugins/sudoers/env.c, plugins/sudoers/getdate.c, + plugins/sudoers/getdate.y, plugins/sudoers/gram.c, + plugins/sudoers/gram.y: + Use stdint.h to get SIZE_MAX as inttypes.h on some pre-C99 HP-UX + systems doesn't include stdint.h itself. + [9fbd35811743] - * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: - Document tracing - [cfd7f14d596d] + * configure, configure.ac: + SIZE_MAX may be in limits.h on pre-C99 compilers. + [d3b554f7e0e5] -2014-07-23 Todd C. Miller + * config.h.in, configure, configure.ac, lib/util/aix.c: + Add missing prototypes for usrinfo() and setauthdb() for AIX. + [aa4b205296cf] - * lib/util/util.exp: - sudo_term_{erase,kill} are regular symbols not functions. - [3454a9c1328b] + * config.h.in, configure, configure.ac, plugins/sudoers/match.c: + Solaris uses sysinfo(SI_SRPC_DOMAIN) instead of getdomainname() to + get the host's NIS domain. + [9234c62a1469] -2014-07-22 Todd C. Miller +2015-02-02 Todd C. Miller - * plugins/sudoers/ldap.c: - Fix NULL deref if base64_decode returns -1. - [d03e207b1bb8] + * configure, configure.ac: + Remove AC_PROG_GCC_TRADITIONAL and add AC_PROG_CC_STDC since we need + C99. + [005775f5662b] - * MANIFEST, include/missing.h, include/sudo_compat.h, - lib/util/Makefile.in, lib/util/aix.c, lib/util/alloc.c, - lib/util/clock_gettime.c, lib/util/closefrom.c, lib/util/event.c, - lib/util/event_poll.c, lib/util/event_select.c, lib/util/fatal.c, - lib/util/fnmatch.c, lib/util/getaddrinfo.c, lib/util/getcwd.c, - lib/util/getgrouplist.c, lib/util/getline.c, lib/util/getopt_long.c, - lib/util/gidlist.c, lib/util/glob.c, lib/util/inet_pton.c, - lib/util/isblank.c, lib/util/key_val.c, lib/util/lbuf.c, - lib/util/locking.c, lib/util/memrchr.c, lib/util/memset_s.c, - lib/util/mksiglist.c, lib/util/mksigname.c, lib/util/mktemp.c, - lib/util/parseln.c, lib/util/progname.c, lib/util/pw_dup.c, - lib/util/regress/atofoo/atofoo_test.c, - lib/util/regress/fnmatch/fnm_test.c, - lib/util/regress/glob/globtest.c, - lib/util/regress/sudo_conf/conf_test.c, - lib/util/regress/sudo_parseln/parseln_test.c, - lib/util/regress/tailq/hltq_test.c, lib/util/secure_path.c, - lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c, - lib/util/snprintf.c, lib/util/strlcat.c, lib/util/strlcpy.c, - lib/util/strsignal.c, lib/util/strtobool.c, lib/util/strtoid.c, - lib/util/strtomode.c, lib/util/strtonum.c, lib/util/sudo_conf.c, - lib/util/sudo_debug.c, lib/util/sudo_dso.c, lib/util/sudo_printf.c, - lib/util/term.c, lib/util/ttysize.c, lib/util/utimes.c, - plugins/group_file/Makefile.in, plugins/group_file/getgrent.c, - plugins/group_file/group_file.c, plugins/sample/Makefile.in, - plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in, - plugins/sudoers/audit.c, plugins/sudoers/base64.c, - plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c, - plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, - plugins/sudoers/hexchar.c, plugins/sudoers/linux_audit.c, - plugins/sudoers/locale.c, plugins/sudoers/redblack.c, - plugins/sudoers/regress/check_symbols/check_symbols.c, - plugins/sudoers/regress/logging/check_wrap.c, - plugins/sudoers/regress/parser/check_base64.c, - plugins/sudoers/regress/parser/check_digest.c, - plugins/sudoers/regress/parser/check_fill.c, - plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, - plugins/sudoers/timestr.c, plugins/system_group/Makefile.in, - plugins/system_group/system_group.c, src/Makefile.in, - src/locale_stub.c, src/net_ifs.c, src/preload.c, - src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.h, - src/sudo_noexec.c: - Rename missing.h -> sudo_compat.h - [ddcc945a0f87] + * plugins/sudoers/match.c: + Actually use the check for prior initialization in + sudo_getdomainname(). + [06368385ad0d] - * MANIFEST, include/secure_path.h, include/sudo_util.h, - lib/util/Makefile.in, lib/util/secure_path.c, lib/util/sudo_conf.c, - plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c, - plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c, - plugins/sudoers/toke.c, plugins/sudoers/toke.l: - Merge secure_path.h -> sudo_util.h - [0385dfbf2e2d] + * configure, configure.ac: + We need to add OSDEFS to CFLAGS to expose LLONG_MAX et al on glibc + when not explicitly asking for c99. + [ae9435631600] - * include/secure_path.h, include/sudo_alloc.h, include/sudo_conf.h, - include/sudo_dso.h, include/sudo_event.h, include/sudo_fatal.h, - include/sudo_lbuf.h, include/sudo_util.h, lib/util/aix.c, - lib/util/alloc.c, lib/util/event.c, lib/util/fatal.c, - lib/util/gidlist.c, lib/util/key_val.c, lib/util/lbuf.c, - lib/util/locking.c, lib/util/parseln.c, lib/util/secure_path.c, - lib/util/setgroups.c, lib/util/strtobool.c, lib/util/strtoid.c, - lib/util/strtomode.c, lib/util/sudo_conf.c, lib/util/sudo_dso.c, - lib/util/term.c, lib/util/ttysize.c, lib/util/util.exp, - plugins/sudoers/locale.c, src/locale_stub.c: - Version the functions in libsudo_util - [c6d6eba95bb4] + * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/logging.c: + Don't send mail about pseudo-command failure unless it is an + authentication failure. + [deddcfc1f2ab] -2014-07-21 Todd C. Miller + * configure, configure.ac: + Fix check for SIZE_MAX, which should be in stdint.h not limits.h. + [47bf0ab7dfca] - * include/gettext.h, include/sudo_gettext.h, lib/util/Makefile.in, - lib/util/aix.c, lib/util/alloc.c, lib/util/fatal.c, - lib/util/gidlist.c, lib/util/strsignal.c, lib/util/strtoid.c, - lib/util/strtomode.c, lib/util/strtonum.c, lib/util/sudo_conf.c, - lib/util/sudo_debug.c, plugins/sudoers/Makefile.in, - plugins/sudoers/audit.c, plugins/sudoers/bsm_audit.c, - plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, - plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, - src/Makefile.in, src/locale_stub.c, src/net_ifs.c, src/sesh.c, - src/sudo.h: - Rename gettext.h -> sudo_gettext.h - [7f6b44473b8f] + * lib/util/glob.c: + Need to include inttypes.h for SIZE_MAX + [a11f42f40294] - * include/fatal.h, include/sudo_fatal.h, lib/util/Makefile.in, - lib/util/aix.c, lib/util/alloc.c, lib/util/event.c, - lib/util/event_poll.c, lib/util/event_select.c, lib/util/fatal.c, - lib/util/getopt_long.c, lib/util/gidlist.c, lib/util/lbuf.c, - lib/util/regress/atofoo/atofoo_test.c, - lib/util/regress/tailq/hltq_test.c, lib/util/sudo_conf.c, - lib/util/sudo_debug.c, plugins/sudoers/Makefile.in, - plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c, - plugins/sudoers/locale.c, - plugins/sudoers/regress/check_symbols/check_symbols.c, - plugins/sudoers/regress/logging/check_wrap.c, - plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, - src/Makefile.in, src/locale_stub.c, src/net_ifs.c, - src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.h: - Rename fatal.h -> sudo_fatal.h - [bef3401dbb24] + * plugins/sudoers/po/sudoers.pot: + regen + [d35b24f95ef8] - * include/queue.h, include/sudo_conf.h, include/sudo_event.h, - include/sudo_queue.h, lib/util/Makefile.in, lib/util/fatal.c, - lib/util/regress/tailq/hltq_test.c, plugins/sudoers/Makefile.in, - plugins/sudoers/regress/parser/check_fill.c, - plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, - src/Makefile.in, src/hooks.c: - Rename queue.h -> sudo_queue.h to avoid collisions with the system - version. - [473614fdde5a] +2015-02-01 Todd C. Miller - * include/sudo_debug.h, lib/util/sudo_debug.c: - Conver sudo_debug_write() to a macro - [0f110f27a23c] + * include/sudo_debug.h, lib/util/aix.c, lib/util/event.c, + lib/util/event_poll.c, lib/util/event_select.c, lib/util/gidlist.c, + lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c, + lib/util/parseln.c, lib/util/secure_path.c, lib/util/setgroups.c, + lib/util/strtobool.c, lib/util/strtoid.c, lib/util/strtomode.c, + lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/term.c, + lib/util/ttysize.c, lib/util/util.exp.in, plugins/sudoers/alias.c, + plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/base64.c, plugins/sudoers/boottime.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/hexchar.c, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/logging.c, plugins/sudoers/logwrap.c, + plugins/sudoers/match.c, plugins/sudoers/match_addr.c, + plugins/sudoers/parse.c, plugins/sudoers/policy.c, + plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/redblack.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_debug.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestamp.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, src/exec.c, + src/exec_common.c, src/exec_pty.c, src/get_pty.c, src/hooks.c, + src/load_plugins.c, src/net_ifs.c, src/parse_args.c, + src/preserve_fds.c, src/selinux.c, src/sesh.c, src/signal.c, + src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c, + src/ttyname.c, src/utmp.c: + Go back to a 2 args debug_decl and just use the "default" instance, + now renamed "active". + [7130b7478355] -2014-07-17 Todd C. Miller +2015-01-31 Todd C. Miller - * doc/fixman.sh, doc/fixmdoc.sh: - Fix man page post-processing; it was deleting more than intended. - [716af03dcfb7] + * doc/LICENSE: + Update copyright year. + [e1dad7b195e4] -2014-07-16 Todd C. Miller +2015-01-30 Todd C. Miller - * doc/Makefile.in: - Remove double $(srcdir) when running sed scripts. - [16add67ae550] + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/parse.h: + When querying LDAP netgroups, use the NIS domain if it is sent but + also match nisNetgroupTriple entries that have no domain. + [5a0fa3ac26f7] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - "an EXEC tag" not "a EXEC tag" - [9ac1b8e322f9] + * plugins/sudoers/sudoreplay.c: + Avoid setting the tty to non-blocking mode so "sudoreplay | cat" + (for example) works as expected. We only read a single byte from the + keyboard and only when interactive anyway so this should be fine. + [9615a932545b] - * doc/sudoers.cat: - Document that I/O logging is not enabled by default. - [08fca95dd5a4] + * lib/zlib/Makefile.in, plugins/sudoers/Makefile.in: + regen + [f19c6e000850] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Document that exec_background is off by default. - [87fe5defff58] + * plugins/sudoers/sudoreplay.c: + Avoid a cppcheck warning about undefined behavior (using the address + of a stack buffer - 1) and fix a memory leak of the iov when doing + nl->crnl conversion. + [e26f9008c2e4] -2014-07-14 Todd C. Miller + * doc/CONTRIBUTORS: + Add Steven Soulen + [17a47303d5fe] - * src/sesh.c: - Error out if sesh is run as a login shell but the shell it needs to - run has no slash. This shouldn't happen in practice. - [10ff502888ee] + * plugins/sudoers/sudoreplay.c: + Fix handling of partial writes from writev() which can occur with + large output buffers. + [1065dbeaa13d] - * MANIFEST, include/compat/mksiglist.h, include/compat/mksigname.h, - lib/util/Makefile.in, lib/util/mksiglist.c, lib/util/mksiglist.h, - lib/util/mksigname.c, lib/util/mksigname.h: - Move mksiglist.h and mksigname.h to lib/util where they belong. - [d01046c69060] +2015-01-29 Todd C. Miller - * config.h.in, configure, configure.ac, include/missing.h, - lib/util/progname.c, lib/util/util.exp, plugins/sudoers/Makefile.in: - Avoid passing -no-fast-install to libtool as this results in the - build dir being left in the library path of the installed - executable. Instead, we remove the "lt-" prefix from the program - name in initprogname() so that the regress test output is unaffected - by libtool's binary wrapper. - [75d1563e95b4] + * NEWS, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c: + Add support for querying netgroups directly via LDAP since there is + no other way to look up all the netgroups for a user (unlike regular + groups). This introduces netgroup_base and netgroup_search_filter + options to ldap.conf. Based on a diff from Steven Soulen. + [7e3d55983e71] - * sudo.pp: - Fix syntax error with some shells. - [91e8da7702c5] +2015-01-27 Todd C. Miller -2014-07-13 Todd C. Miller + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Sort ldap.conf options. + [264608124698] - * configure, configure.ac: - Force libtool to use runtime linking on AIX so that it installs the - plugins as .so files and not .a files. - [ae66488bd9ca] +2015-01-22 Todd C. Miller * plugins/sudoers/ldap.c: - Be sure to NUL-terminate the decoded secret when converting from - base64. - [b3dc463c8882] + Add macros to ease the checking of strlcpy, strlcat and + sudo_ldap_value_cat return values. + [e9122413d4fa] - * plugins/sudoers/ldap.c: - Fix a pointer signednes warning calling base64_decode(). - [74f7354867a3] +2015-01-21 Todd C. Miller - * lib/util/getgrouplist.c: - Use sudo_strtoid() now that it is located in the same library. - [4868532e2d65] + * plugins/sudoers/check.c, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/parse.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Rename VALIDATE_OK -> VALIDATE_SUCCESS Rename VALIDATE_NOT_OK -> + VALIDATE_FAILURE + [4379cac9f75d] - * lib/util/strtoid.c: - Skip leading space (ala strtol) so that we can pick up the sign even - if it is not the first character of the string. - [148ee633c6a4] + * plugins/sudoers/logging.c, plugins/sudoers/sudoers.h: + Remove now-unused VALIDATE_ERROR define. + [569d4936b761] -2014-07-12 Todd C. Miller + * plugins/sudoers/logging.c: + should_mail() now returns bool. + [0316d1fb08c3] - * plugins/sudoers/sudoers.c: - For sudoedit, audit the actual editor being run, not just the - sudoedit command. - [59a5b0ad36af] + * lib/util/sudo_debug.c: + If sudo_debug_register() fails return + SUDO_DEBUG_INSTANCE_INITIALIZER, not -1. Otherwise we could end up + setting the instance to -1 which is invalid. + [032bb1db6db5] - * src/selinux.c: - Audit failed user role changes. RedHat bz #665131 - [cf9777687124] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Fix typo. + [014be972780c] - * plugins/sudoers/Makefile.in: - Avoid running check_symbols for static sudoers - [71b13bada1ce] + * doc/Makefile.in: + Use "mandoc -Tascii" to generate .cat pages to avoid locale-specific + characters. + [0ec42d8924fc] - * plugins/sudoers/regress/visudo/test3.err.ok, - plugins/sudoers/regress/visudo/test3.sh: - Adapt to unused alias changes. - [4b58e36c3d8f] +2015-01-19 Todd C. Miller - * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, - plugins/sudoers/visudo.c: - An unused alias is not really an error, even in strict mode. RedHat - bz #604297 - [f10b3b7ec5a6] + * configure, m4/sudo.m4: + Use AC_PATH_PROG to find programs instead of checking the path + manually. + [2b5d9893a7a7] - * src/sesh.c: - When running a login shell via sesh, make new argv[0] -shell, not - /path/to-shell. RedHat bz #1065418 - [414cb512f102] +2015-01-16 Todd C. Miller -2014-07-11 Todd C. Miller + * lib/util/strlcat.c, lib/util/strlcpy.c: + Sync with OpenBSD version + [22c073c42a9e] - * sudo.pp: - The RHEL sudo package allows users in group wheel to run sudo. - [9f22020a57cf] +2015-01-15 Todd C. Miller - * Makefile.in, sudo.pp: - Avoid packaging parent directories when they are system directories. - Currently we just skip this when prefix is /usr - [93ccede545cd] - - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Fix typo: sudo.d -> sudoers.d. From RedHat bz #726634 - [1c99a4fd9c7d] + * configure, configure.ac: + Use AC_CHECK_HEADERS_ONCE and AC_CHECK_FUNCS_ONCE where possible and + quote the first args in AC_CHECK_FUNCS calls. + [84aa40ab410a] - * mkpkg: - RHEL 6 and above use /etc/sudo-ldap.conf not /etc/ldap.conf - [ce3216e4390a] + * config.h.in, configure, configure.ac, include/sudo_compat.h: + Avoid inadvertantly defining things like PATH_MAX simply because the + source file doesn't include limits.h. + [d2e7c4093f55] - * pp: - For rpm, do not specify a mode in %attr for symbolic links. Avoids - the warning "Explicit %attr() mode not applicaple to symlink" - [3f5a80ed5081] +2015-01-14 Todd C. Miller -2014-07-10 Todd C. Miller + * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, + m4/ltversion.m4: + Update to libtool 2.4.4 + HP-UX patches + [859b7378bc37] - * include/sudo_alloc.h, lib/util/aix.c, lib/util/event.c, - lib/util/event_poll.c, lib/util/event_select.c, lib/util/fatal.c, - lib/util/lbuf.c, lib/util/sudo_conf.c, plugins/sudoers/alias.c, - plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/kerb5.c, - plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, - plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/sia.c, - plugins/sudoers/check.c, plugins/sudoers/defaults.c, - plugins/sudoers/env.c, plugins/sudoers/find_path.c, - plugins/sudoers/gram.c, plugins/sudoers/gram.y, - plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, - plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, - plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, - plugins/sudoers/locale.c, plugins/sudoers/logging.c, - plugins/sudoers/match.c, plugins/sudoers/policy.c, - plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, - plugins/sudoers/redblack.c, plugins/sudoers/sssd.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, - plugins/sudoers/toke.c, plugins/sudoers/toke.l, - plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, src/exec.c, - src/exec_common.c, src/exec_pty.c, src/hooks.c, src/load_plugins.c, - src/net_ifs.c, src/preserve_fds.c, - src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sudo.c, - src/ttyname.c: - efree -> sudo_efree for consistency - [7dfd16fbb6cf] + * src/ttyname.c: + Document why we need sys/param.h. + [f21a4d7122f0] - * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat, - doc/sudoers.cat, doc/sudoreplay.cat, doc/visudo.cat: - regen - [a1d38600d34c] + * configure, m4/sudo.m4: + Don't need sys/param.h. + [6aa24ecfc9d4] - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c: - Add support for base64 secrets in ldap.conf and ldap.secret. Based - on an idea from anthony AT rlost DOT com - [4999b78f8b6d] + * lib/util/closefrom.c: + Don't appear to need sys/param.h for pstat_getproc() on HP-UX even + though the man page lists it. + [47d75f3db288] -2014-07-09 Todd C. Miller + * lib/util/inet_ntop.c, lib/util/inet_pton.c: + Should not need sys/param.h here. + [5c83cebcd75f] - * mkpkg: - Don't use the HP compiler in preference to gcc. Some versions have - trouble compiling lbuf.c. - [322daf03ab6f] +2014-12-31 Todd C. Miller -2014-07-08 Todd C. Miller + * plugins/sudoers/match_addr.c: + Use standard CIDR -> netmask conversion and disallow 0-bit CIDRs. + [d30313d726eb] - * configure, configure.ac, plugins/group_file/Makefile.in, - plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, - plugins/system_group/Makefile.in, src/Makefile.in: - Remove @SOEXT@ and @SHLIB_EXT@ now that we use libtool to install - shared objects. Instead, use the new @SHLIB_ENABLE@ that is set to - the value of $enable_dlopen. For sudo_noexec.so there is nothing - special to do since the install-noexec target is only called when - noexec is enabled by configure. - [4447190f212b] +2014-12-24 Todd C. Miller - * configure, configure.ac: - Make dynamic shared objects non-writable on HP-UX. Using writable - DSOs can substantially increase the load time. - [8715aff11063] + * README.LDAP: + Update link to gq LDAP editor, now on sourceforge. + [706dadea1abb] - * include/fatal.h, lib/util/fatal.c, lib/util/util.exp, - plugins/sudoers/locale.c, src/locale_stub.c: - Add sudo_warn_strerror() that wraps strerror() with calls to - setlocale() in sudoers so we always get the error string in the - user's locale. Also change _warning() to take the error number as a - parameter instead of examining errno. - [cc38a8389a7b] +2014-12-16 Todd C. Miller -2014-07-03 Todd C. Miller + * include/compat/glob.h, lib/util/glob.c: + Add support for GLOB_LIMIT from OpenBSD (not currently used) and + also a limit on the max recursion depth for glob(). + [6f9e26b88612] - * Makefile.in, lib/util/Makefile.in, plugins/group_file/Makefile.in, - plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, - plugins/system_group/Makefile.in, src/Makefile.in: - Avoid a cppcheck warning when NSIG is not defined. - [f8e5e92bab60] + * lib/util/glob.c: + Quiet compiler sign compare warning. + [c4f35c02122c] - * include/missing.h: - Fix typos in utimes/futimes macros. - [10f022d933c2] +2014-12-10 Todd C. Miller -2014-07-01 Todd C. Miller + * NEWS: + fnmatch fix + [07542b07ac67] - * configure: - regen - [e351d905c0c9] + * lib/util/fnmatch.c: + Remove artificial limit on length of pattern and string. It is + possible to use fnmatch() on things other than paths (such as + arguments) so a limit of PATH_MAX does not make sense. Fixes a bug + where rules would fail to match if the length of the arguments were + larger than PATH_MAX (usually 1024). + [942770c20422] - * configure.ac: - Fix sudo when --disable-shared configure option was specified. - [07899f6b43f0] +2014-12-04 Todd C. Miller - * configure, m4/libtool.m4: - Do not set an internal name for HP-UX modules, only archives. This - works around a problem with some versions of HP-UX ld where setting - an internal name that doesn't end in .sl causes link errors. - [9a049adb22aa] + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, + doc/visudo.man.in, doc/visudo.mdoc.in: + Remove the extra /sudo in sudo.ws urls + [0b804e3a1008] - * plugins/group_file/Makefile.in, plugins/sample/Makefile.in, - plugins/system_group/Makefile.in: - Never build build static versions of other plugins. - [52123c4c17bc] +2014-11-27 Todd C. Miller - * lib/util/Makefile.in: - Don't build a static libsudo_util.a unless we are linking sudoers - statically. - [9c3327977dff] + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, + doc/visudo.man.in, doc/visudo.mdoc.in: + Reference bugzilla.sudo.ws + [7dc11bbe6f13] -2014-06-29 Todd C. Miller +2014-11-20 Todd C. Miller - * configure, configure.ac, lib/util/Makefile.in, - plugins/group_file/Makefile.in, plugins/sample/Makefile.in, - plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, - src/Makefile.in: - Use libtool to install/uninstall the plugins and sudo_noexec. - [18ae09c53f2e] + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + sync + [da17d5a611ce] - * configure, ltmain.sh, m4/libtool.m4: - Fix my typos in the HP-UX libtool patch - [6e70066d86bb] +2014-11-19 Todd C. Miller -2014-06-27 Todd C. Miller + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Require that a digest be specified with a real command, not an alias + or pseudo-command. Found via a crash by afl. + [55f6166cab63] * NEWS: - Mention Solaris audit. - [d90efa19ca16] + sync + [4b31247735c4] - * INSTALL, MANIFEST, config.h.in, configure, configure.ac, mkdep.pl, - plugins/sudoers/Makefile.in, plugins/sudoers/audit.c, - plugins/sudoers/solaris_audit.c, plugins/sudoers/solaris_audit.h: - Add Solaris audit support; from Gary Winiger at Oracle. - [6f68a27e53f5] + * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/fr.mo, + plugins/sudoers/po/fr.po: + French translation for sudoers from translationproject.org. + [5c592350c4b0] - * MANIFEST: - Sync MANIFEST with file name changes. - [d9958df5f9da] +2014-11-18 Todd C. Miller - * plugins/sudoers/toke.c: - regen - [ad82b20093c3] + * src/exec.c, src/exec_pty.c, src/tgetpass.c: + Defer registration of the SIGCHLD handler until just before we exec + the command. Fixes a problem where pam_gnome_keyring installs its + own SIGCHLD handler and may not restore the original one. As a + result, we now have to explicitly wait for the askpass helper to + finish. Bug #657 + [f499500fef71] - * include/sudo_util.h, lib/util/Makefile.in, lib/util/atobool.c, - lib/util/atoid.c, lib/util/atomode.c, lib/util/getgrouplist.c, - lib/util/gidlist.c, lib/util/regress/atofoo/atofoo_test.c, - lib/util/strtobool.c, lib/util/strtoid.c, lib/util/strtomode.c, - lib/util/sudo_conf.c, lib/util/util.exp, - plugins/group_file/getgrent.c, plugins/sudoers/defaults.c, - plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, - plugins/sudoers/match.c, plugins/sudoers/policy.c, - plugins/sudoers/pwutil.c, - plugins/sudoers/regress/iolog_path/check_iolog_path.c, - plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, - plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo_json.c, - plugins/system_group/system_group.c, src/sudo.c: - atobool -> sudo_strtobool atoid-> sudo_strtoid atomode -> - sudo_strtomode - [aefe6f09f4a4] +2014-11-17 Todd C. Miller - * lib/util/alloc.c, lib/util/event_select.c: - Fix regexp damage when renaming erecalloc() -> sudo_erecalloc() - [d772a34032cc] + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Mention sssd support in the sudoers.ldap manual and cross-reference + sssd-sudo(5). + [32f84fbf210c] - * src/sudo_edit.c: - Handle systems like AIX that lack a way to set the modification time - on open fds. - [b93c0a55c21b] +2014-11-16 Todd C. Miller - * MANIFEST: - update MANIFEST for alloc.h -> sudo_alloc.h change - [ce240c682554] + * doc/CONTRIBUTORS: + Reorder an entry. + [5d15735294f1] - * include/alloc.h, include/sudo_alloc.h, lib/util/Makefile.in, - lib/util/aix.c, lib/util/alloc.c, lib/util/event.c, - lib/util/event_poll.c, lib/util/event_select.c, lib/util/fatal.c, - lib/util/gidlist.c, lib/util/lbuf.c, lib/util/sudo_conf.c, - lib/util/sudo_debug.c, lib/util/util.exp, - plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, - plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, - plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c, - plugins/sudoers/auth/sia.c, plugins/sudoers/defaults.c, - plugins/sudoers/env.c, plugins/sudoers/find_path.c, - plugins/sudoers/getspwuid.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, - plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, - plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, - plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, - plugins/sudoers/logging.c, plugins/sudoers/match.c, - plugins/sudoers/parse.c, plugins/sudoers/policy.c, - plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, - plugins/sudoers/pwutil_impl.c, plugins/sudoers/redblack.c, - plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, - src/Makefile.in, src/conversation.c, src/env_hooks.c, src/exec.c, - src/exec_common.c, src/exec_pty.c, src/hooks.c, src/load_plugins.c, - src/net_ifs.c, src/parse_args.c, src/preserve_fds.c, - src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c, - src/sudo.c, src/sudo.h, src/sudo_edit.c, src/ttyname.c: - Add sudo_ prefix to alloc.c functions and rename alloc.h -> - sudo_alloc.h - [3a19f5391442] +2014-11-15 Todd C. Miller - * lib/util/fatal.c: - Remove extra sudo_ prefix from vfatalxnodebug and vfatalx_nodebug. - [819ad8075005] + * Makefile.in, lib/util/Makefile.in, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in: + Prevent cppcheck from getting confused by our compat definition of + the va_copy macro for pre-C99. + [61d94525be2e] - * MANIFEST, include/fileops.h, include/sudo_util.h, - lib/util/Makefile.in, lib/util/fileops.c, lib/util/locking.c, - lib/util/parseln.c, lib/util/regress/sudo_parseln/parseln_test.c, - lib/util/sudo_conf.c, plugins/sudoers/Makefile.in, - plugins/sudoers/sudoers.h, src/Makefile.in, src/sudo.h: - Split fileops.c into parseln.c and locking.c - [361ea81e88d9] +2014-11-14 Todd C. Miller - * include/fatal.h, include/gettext.h, lib/util/aix.c, - lib/util/alloc.c, lib/util/fatal.c, lib/util/getopt_long.c, - lib/util/gidlist.c, lib/util/regress/atofoo/atofoo_test.c, - lib/util/regress/tailq/hltq_test.c, lib/util/sudo_conf.c, - lib/util/util.exp, plugins/sudoers/auth/fwtk.c, - plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, - plugins/sudoers/bsm_audit.c, plugins/sudoers/defaults.c, - plugins/sudoers/env.c, plugins/sudoers/group_plugin.c, - plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, - plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, - plugins/sudoers/logging.c, plugins/sudoers/match.c, - plugins/sudoers/policy.c, plugins/sudoers/prompt.c, - plugins/sudoers/pwutil.c, - plugins/sudoers/regress/check_symbols/check_symbols.c, - plugins/sudoers/regress/iolog_path/check_iolog_path.c, - plugins/sudoers/regress/logging/check_wrap.c, - plugins/sudoers/regress/parser/check_addr.c, - plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, - plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c, - plugins/sudoers/toke.c, plugins/sudoers/toke.l, - plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, - plugins/sudoers/visudo_json.c, src/exec.c, src/exec_common.c, - src/exec_pty.c, src/hooks.c, src/load_plugins.c, src/locale_stub.c, - src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c, - src/signal.c, src/solaris.c, src/sudo.c, src/sudo_edit.c, - src/tgetpass.c, src/ttyname.c, src/utmp.c: - Rename warning/fatal -> sudo_warn/sudo_fatal to avoid namespace - pollution in libsudo_util.so. - [4eb69f501113] + * plugins/sudoers/iolog_path.c: + Fix potential NULL pointer deref found by cppcheck. + [668967e031e0] -2014-06-26 Todd C. Miller + * plugins/sudoers/alias.c: + Quiet a cppcheck false positive. + [35a16ae4660c] - * include/sudo_util.h, lib/util/term.c, lib/util/ttysize.c, - lib/util/util.exp, plugins/sudoers/sudoreplay.c, src/exec_pty.c, - src/sudo.c, src/tgetpass.c: - Reduce name space pollution in libsudo_util.so - [215e4413529a] + * lib/util/sudo_debug.c: + If there are multiple outputs, ap will be re-used so make a copy and + operate on it instead. + [f4f19df43c93] - * src/solaris.c: - Use sudo_dso_load() from libsudo_util.so instead of dlopen() since - we no longer link sudo directly with libdl.so. - [fe6942873c2d] + * src/hooks.c: + Fix typo in hook return value check. + [b12839dc6e78] - * MANIFEST, Makefile.in, doc/Makefile.in, include/alloc.h, - include/compat/fnmatch.h, include/compat/getaddrinfo.h, - include/compat/getopt.h, include/compat/glob.h, - include/compat/sha2.h, include/fatal.h, include/fileops.h, - include/lbuf.h, include/missing.h, include/secure_path.h, - include/sudo_conf.h, include/sudo_debug.h, include/sudo_dso.h, - include/sudo_event.h, include/sudo_util.h, install-sh, - lib/util/Makefile.in, lib/util/fatal.c, lib/util/getaddrinfo.c, - lib/util/pw_dup.c, lib/util/regress/fnmatch/fnm_test.c, - lib/util/sudo_dso.c, lib/util/sudo_printf.c, lib/util/term.c, - lib/util/util.exp, plugins/group_file/Makefile.in, - plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, - plugins/sudoers/match.c, - plugins/sudoers/regress/parser/check_digest.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, - plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, - plugins/sudoers/toke.l, plugins/sudoers/visudo.c, - plugins/system_group/Makefile.in, src/Makefile.in, src/parse_args.c, - src/preload.c: - Add exported libsudo_util functions to util.exp and mark in headers - using __dso_public. - [18faff6ab915] + * NEWS: + Mention visudo use of sudoers plugin args to set default sudoers + file name and owner/mode. + [7f2733b53431] - * include/fatal.h, lib/util/fatal.c, lib/util/util.exp, - plugins/sudoers/iolog.c, plugins/sudoers/policy.c, - plugins/sudoers/sudoers.c: - Remove use of setjmp/longjmp in the sudoers plugin. We no longer - call fatal() except in the malloc wrappers and due to libsudo_util - there is now a single copy of fatal/fatalx. - [109407210f9c] + * NEWS: + Mention fix for bug #678 + [7f7a6d8b985b] - * NEWS, configure, configure.ac: - Sudo 1.8.11 - [5fb775825aab] +2014-11-12 Todd C. Miller - * include/fileops.h, lib/util/fileops.c, lib/util/util.exp, - plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, - plugins/sudoers/logging.c, plugins/sudoers/timestamp.c, - plugins/sudoers/visudo.c, src/sudo_edit.c: - Remove touch() from fileops.c and just call utimes/futimes directly. - Rename lock_file -> sudo_lock_file to avoid namespace pollution - [ec08128b6900] + * plugins/sudoers/sudoers.c: + In set_fqdn() we neeed to set user_runhost/user_srunhost at the same + time we set user_host/user_shost since that is what + hostlist_matches() uses. Bug #678 + [4f75b01d4884] - * MANIFEST, include/sudo_util.h, lib/util/Makefile.in, - lib/util/fmt_string.c, lib/util/key_val.c, lib/util/util.exp, - plugins/sample/sample_plugin.c, plugins/sudoers/policy.c, - src/Makefile.in, src/exec_common.c, src/parse_args.c, src/sudo.c: - Rename fmt_string -> sudo_new_key_val to better describe its - function. - [f9061e319cc3] +2014-11-11 Todd C. Miller - * include/sudo_util.h, lib/util/gidlist.c, lib/util/util.exp, - plugins/sudoers/policy.c, src/sudo.c: - Rename parse_gid_list -> sudo_parse_gids to avoid namespace - pollution. - [d88f3cab97e1] + * src/hooks.c: + Do not call sudo_warnx() on invalid value from the env hook + functions as the printf() family may call getenv() for locale + reasons. + [547fc25acb7c] - * MANIFEST, Makefile.in, include/lbuf.h, include/sudo_lbuf.h, - lib/util/Makefile.in, lib/util/lbuf.c, lib/util/util.exp, - plugins/sudoers/Makefile.in, plugins/sudoers/ldap.c, - plugins/sudoers/parse.c, plugins/sudoers/sssd.c, - plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h, - plugins/sudoers/sudoers.h, plugins/sudoers/toke.c, - plugins/sudoers/toke.l, src/Makefile.in, src/parse_args.c: - Don't pollute the namespace with lbuf struct and functions - [7859e3c22fb9] + * doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, + doc/visudo.man.in, doc/visudo.mdoc.in: + No need to keep specifying ".Nm foo" since the Nm macro remembers + the argument it was first called with and uses it if none is + specified. Also fix a few minor formatting errors and regen bulleted + lists in the .man.in files. + [d2669e94add4] - * config.h.in, configure, configure.ac, include/compat/fnmatch.h, - include/compat/getaddrinfo.h, include/compat/getopt.h, - include/compat/glob.h, include/missing.h, lib/util/clock_gettime.c, - lib/util/closefrom.c, lib/util/fnmatch.c, lib/util/getaddrinfo.c, - lib/util/getcwd.c, lib/util/getgrouplist.c, lib/util/getline.c, - lib/util/getopt_long.c, lib/util/glob.c, lib/util/inet_pton.c, - lib/util/memrchr.c, lib/util/memset_s.c, lib/util/mktemp.c, - lib/util/pw_dup.c, lib/util/sig2str.c, lib/util/snprintf.c, - lib/util/strlcat.c, lib/util/strlcpy.c, lib/util/strsignal.c, - lib/util/strtonum.c, lib/util/utimes.c: - Prefix all libc replacements with sudo_ and #define the real name to - the sudo_ version. That way we don't pollute the libc namespace. - [5cf7101479b8] + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Add sudo.conf to SEE ALSO and rename section on sudo.conf + [d4cc8ad2c2b4] - * .hgignore, MANIFEST, Makefile.in, common/Makefile.in, common/aix.c, - common/alloc.c, common/atobool.c, common/atoid.c, common/atomode.c, - common/event.c, common/event_poll.c, common/event_select.c, - common/fatal.c, common/fileops.c, common/fmt_string.c, - common/gidlist.c, common/lbuf.c, common/progname.c, - common/regress/atofoo/atofoo_test.c, - common/regress/sudo_conf/conf_test.c, - common/regress/sudo_conf/test1.in, - common/regress/sudo_conf/test1.out.ok, - common/regress/sudo_conf/test2.in, - common/regress/sudo_conf/test2.out.ok, - common/regress/sudo_conf/test3.in, - common/regress/sudo_conf/test3.out.ok, - common/regress/sudo_conf/test4.in, - common/regress/sudo_conf/test4.out.ok, - common/regress/sudo_conf/test5.err.ok, - common/regress/sudo_conf/test5.in, - common/regress/sudo_conf/test5.out.ok, - common/regress/sudo_conf/test6.in, - common/regress/sudo_conf/test6.out.ok, - common/regress/sudo_parseln/parseln_test.c, - common/regress/sudo_parseln/test1.in, - common/regress/sudo_parseln/test1.out.ok, - common/regress/sudo_parseln/test2.in, - common/regress/sudo_parseln/test2.out.ok, - common/regress/sudo_parseln/test3.in, - common/regress/sudo_parseln/test3.out.ok, - common/regress/sudo_parseln/test4.in, - common/regress/sudo_parseln/test4.out.ok, - common/regress/sudo_parseln/test5.in, - common/regress/sudo_parseln/test5.out.ok, - common/regress/sudo_parseln/test6.in, - common/regress/sudo_parseln/test6.out.ok, - common/regress/tailq/hltq_test.c, common/secure_path.c, - common/setgroups.c, common/sudo_conf.c, common/sudo_debug.c, - common/sudo_dso.c, common/sudo_printf.c, common/term.c, - common/ttysize.c, compat/Makefile.in, compat/charclass.h, - compat/clock_gettime.c, compat/closefrom.c, compat/endian.h, - compat/fnmatch.c, compat/fnmatch.h, compat/getaddrinfo.c, - compat/getaddrinfo.h, compat/getcwd.c, compat/getgrouplist.c, - compat/getline.c, compat/getopt.h, compat/getopt_long.c, - compat/glob.c, compat/glob.h, compat/inet_pton.c, compat/isblank.c, - compat/memrchr.c, compat/memset_s.c, compat/mksiglist.c, - compat/mksiglist.h, compat/mksigname.c, compat/mksigname.h, - compat/mktemp.c, compat/nss_dbdefs.h, compat/pw_dup.c, - compat/regress/fnmatch/fnm_test.c, - compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files, - compat/regress/glob/globtest.c, compat/regress/glob/globtest.in, - compat/sha2.c, compat/sha2.h, compat/sig2str.c, compat/siglist.in, - compat/snprintf.c, compat/stdbool.h, compat/strlcat.c, - compat/strlcpy.c, compat/strsignal.c, compat/strtonum.c, - compat/timespec.h, compat/utime.h, compat/utimes.c, configure, - configure.ac, include/compat/charclass.h, include/compat/endian.h, - include/compat/fnmatch.h, include/compat/getaddrinfo.h, - include/compat/getopt.h, include/compat/glob.h, - include/compat/mksiglist.h, include/compat/mksigname.h, - include/compat/nss_dbdefs.h, include/compat/sha2.h, - include/compat/stdbool.h, include/compat/timespec.h, - include/compat/utime.h, lib/util/Makefile.in, lib/util/aix.c, - lib/util/alloc.c, lib/util/atobool.c, lib/util/atoid.c, - lib/util/atomode.c, lib/util/clock_gettime.c, lib/util/closefrom.c, - lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c, - lib/util/fatal.c, lib/util/fileops.c, lib/util/fmt_string.c, - lib/util/fnmatch.c, lib/util/getaddrinfo.c, lib/util/getcwd.c, - lib/util/getgrouplist.c, lib/util/getline.c, lib/util/getopt_long.c, - lib/util/gidlist.c, lib/util/glob.c, lib/util/inet_pton.c, - lib/util/isblank.c, lib/util/lbuf.c, lib/util/memrchr.c, - lib/util/memset_s.c, lib/util/mksiglist.c, lib/util/mksigname.c, - lib/util/mktemp.c, lib/util/progname.c, lib/util/pw_dup.c, - lib/util/regress/atofoo/atofoo_test.c, - lib/util/regress/fnmatch/fnm_test.c, - lib/util/regress/fnmatch/fnm_test.in, lib/util/regress/glob/files, - lib/util/regress/glob/globtest.c, lib/util/regress/glob/globtest.in, - lib/util/regress/sudo_conf/conf_test.c, - lib/util/regress/sudo_conf/test1.in, - lib/util/regress/sudo_conf/test1.out.ok, - lib/util/regress/sudo_conf/test2.in, - lib/util/regress/sudo_conf/test2.out.ok, - lib/util/regress/sudo_conf/test3.in, - lib/util/regress/sudo_conf/test3.out.ok, - lib/util/regress/sudo_conf/test4.in, - lib/util/regress/sudo_conf/test4.out.ok, - lib/util/regress/sudo_conf/test5.err.ok, - lib/util/regress/sudo_conf/test5.in, - lib/util/regress/sudo_conf/test5.out.ok, - lib/util/regress/sudo_conf/test6.in, - lib/util/regress/sudo_conf/test6.out.ok, - lib/util/regress/sudo_parseln/parseln_test.c, - lib/util/regress/sudo_parseln/test1.in, - lib/util/regress/sudo_parseln/test1.out.ok, - lib/util/regress/sudo_parseln/test2.in, - lib/util/regress/sudo_parseln/test2.out.ok, - lib/util/regress/sudo_parseln/test3.in, - lib/util/regress/sudo_parseln/test3.out.ok, - lib/util/regress/sudo_parseln/test4.in, - lib/util/regress/sudo_parseln/test4.out.ok, - lib/util/regress/sudo_parseln/test5.in, - lib/util/regress/sudo_parseln/test5.out.ok, - lib/util/regress/sudo_parseln/test6.in, - lib/util/regress/sudo_parseln/test6.out.ok, - lib/util/regress/tailq/hltq_test.c, lib/util/secure_path.c, - lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c, - lib/util/siglist.in, lib/util/snprintf.c, lib/util/strlcat.c, - lib/util/strlcpy.c, lib/util/strsignal.c, lib/util/strtonum.c, - lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/sudo_dso.c, - lib/util/sudo_printf.c, lib/util/term.c, lib/util/ttysize.c, - lib/util/utimes.c, lib/zlib/Makefile.in, lib/zlib/adler32.c, - lib/zlib/compress.c, lib/zlib/crc32.c, lib/zlib/crc32.h, - lib/zlib/deflate.c, lib/zlib/deflate.h, lib/zlib/gzclose.c, - lib/zlib/gzguts.h, lib/zlib/gzlib.c, lib/zlib/gzread.c, - lib/zlib/gzwrite.c, lib/zlib/infback.c, lib/zlib/inffast.c, - lib/zlib/inffast.h, lib/zlib/inffixed.h, lib/zlib/inflate.c, - lib/zlib/inflate.h, lib/zlib/inftrees.c, lib/zlib/inftrees.h, - lib/zlib/trees.c, lib/zlib/trees.h, lib/zlib/uncompr.c, - lib/zlib/zconf.h.in, lib/zlib/zlib.h, lib/zlib/zutil.c, - lib/zlib/zutil.h, plugins/group_file/Makefile.in, - plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, - plugins/system_group/Makefile.in, po/README, po/ca.mo, po/ca.po, - po/cs.mo, po/cs.po, po/da.mo, po/da.po, po/de.mo, po/de.po, - po/eo.mo, po/eo.po, po/es.mo, po/es.po, po/eu.mo, po/eu.po, - po/fi.mo, po/fi.po, po/fr.mo, po/fr.po, po/gl.mo, po/gl.po, - po/hr.mo, po/hr.po, po/it.mo, po/it.po, po/ja.mo, po/ja.po, - po/nb.mo, po/nb.po, po/nl.mo, po/nl.po, po/pl.mo, po/pl.po, - po/pt_BR.mo, po/pt_BR.po, po/ru.mo, po/ru.po, po/sl.mo, po/sl.po, - po/sr.mo, po/sr.po, po/sudo.pot, po/sv.mo, po/sv.po, po/tr.mo, - po/tr.po, po/uk.mo, po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, - po/zh_CN.po, src/Makefile.in, src/po/README, src/po/ca.mo, - src/po/ca.po, src/po/cs.mo, src/po/cs.po, src/po/da.mo, - src/po/da.po, src/po/de.mo, src/po/de.po, src/po/eo.mo, - src/po/eo.po, src/po/es.mo, src/po/es.po, src/po/eu.mo, - src/po/eu.po, src/po/fi.mo, src/po/fi.po, src/po/fr.mo, - src/po/fr.po, src/po/gl.mo, src/po/gl.po, src/po/hr.mo, - src/po/hr.po, src/po/it.mo, src/po/it.po, src/po/ja.mo, - src/po/ja.po, src/po/nb.mo, src/po/nb.po, src/po/nl.mo, - src/po/nl.po, src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, - src/po/pt_BR.po, src/po/ru.mo, src/po/ru.po, src/po/sl.mo, - src/po/sl.po, src/po/sr.mo, src/po/sr.po, src/po/sudo.pot, - src/po/sv.mo, src/po/sv.po, src/po/tr.mo, src/po/tr.po, - src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, - src/po/zh_CN.mo, src/po/zh_CN.po, zlib/Makefile.in, zlib/adler32.c, - zlib/compress.c, zlib/crc32.c, zlib/crc32.h, zlib/deflate.c, - zlib/deflate.h, zlib/gzclose.c, zlib/gzguts.h, zlib/gzlib.c, - zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffast.c, - zlib/inffast.h, zlib/inffixed.h, zlib/inflate.c, zlib/inflate.h, - zlib/inftrees.c, zlib/inftrees.h, zlib/trees.c, zlib/trees.h, - zlib/uncompr.c, zlib/zconf.h.in, zlib/zlib.h, zlib/zutil.c, - zlib/zutil.h: - Top level directory reorg Move src/po -> po Combine common and - compat -> lib/util Move zlib -> lib/zlib - [d699ccb60e7e] + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: + Mention sudo.conf use for debugging + [9393fb061bcd] - * configure, ltmain.sh, m4/libtool.m4: - libtool patches for HP-UX to support DESTDIR - [9df98a9582bd] + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.man.in, + doc/sudoreplay.cat: + regen + [1d34d21b2136] - * pp: - Update polypkg from trunk. - [4dc362248196] + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Document sudo.conf usage now that visudo will parse the sudoers + arguments. + [78a413c019a9] - * plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c: - Fix sssd compiler warnings and fix the sha2 digest support. - [2975b030b298] +2014-11-10 Todd C. Miller -2014-06-17 Todd C. Miller + * plugins/sudoers/visudo.c: + Use sudoers.so args from sudo.conf to set sudoers_file, sudoers_uid, + sudoers_gid, and sudoers_mode in visudo. + [1c7408b5ff7e] - * plugins/sudoers/ldap.c: - Don't call gss_krb5_ccache_name() with a NULL pointer when restoring - the old credential cache file name. This can happen if there was no - old name returned by gss_krb5_ccache_name(). Fixes a crash on - kerberized LDAP on some platforms. - [4090029e463e] + * plugins/sudoers/visudo.c: + Use sudoers_file, sudoers_uid, sudoers_gid, and sudoers_mode symbols + from toke.l instead of the upper case defines. + [21ba15518c7d] -2014-06-04 Todd C. Miller + * lib/util/Makefile.in, lib/zlib/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in: + Use SSP_LDFLAGS when creating shared objects. + [2428de97d2c2] - * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/el.mo, - plugins/sudoers/po/el.po: - Add Greek PO file for sudoers from translationproject.org - [6c0cc2def911] + * lib/util/Makefile.in: + We only build .lo (not .o) files for libsudo_util + [2c1e0475cddc] -2014-05-28 Todd C. Miller + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo, + po/cs.po, po/da.mo, po/da.po, po/de.mo, po/de.po, po/eo.mo, + po/eo.po, po/fi.mo, po/fi.po, po/it.mo, po/it.po, po/nb.mo, + po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/ru.mo, + po/ru.po, po/uk.mo, po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, + po/zh_CN.po: + Sync with translationproject.org + [e51055fdffe1] + +2014-11-06 Todd C. Miller + + * NEWS: + sync + [aab14a9942e0] + +2014-11-04 Todd C. Miller * src/exec.c, src/exec_pty.c: - Ignore signals sent by the command's process group, not just the - command itself. If we cannot determine the process group ID of the - sender (as it may no longer exist), just check the process ID. - [7ffa2eefd3c0] + Make sure that SIGCHLD is not treated as a user-generated signal in + which case it could be ignored. Bug #676 + [a4caaaaa47a8] -2014-05-27 Todd C. Miller +2014-10-31 Todd C. Miller - * src/exec.c: - In handler_user_only() only forward the signal if it was not - generated by the command. This should fix a problem with programs - that catch SIGTSTP, perform cleanup, and then re-send the signal to - their process group (of which sudo is the leader). - [d590c899e194] + * config.h.in, configure, configure.ac, lib/util/mktemp.c: + Use arc4random() for mkstemp/mkdtemp if available. If not, try to + seed from /dev/urandom before falling back to the gettimeofday seed. + [7a7096ab82c9] - * src/exec.c, src/exec_pty.c, src/signal.c: - Handle EINTR from write(2) when writing to pipes and socket pairs. - [d26a40d21d7a] + * lib/util/sudo_debug.c: + Use a static buffer for sudo_debug_execve2() if possible. + [abf1fd5891ab] -2014-05-24 Todd C. Miller +2014-10-30 Todd C. Miller - * MANIFEST, plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po: - Norwegian Bokmaal translation for sudoers from - translationproject.com - [92e4aea46c1e] + * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4, + m4/ltversion.m4, m4/lt~obsolete.m4: + Update to libtool 2.4.3 + HP-UX patches + [9ddfd96f3bea] -2014-05-23 Todd C. Miller +2014-10-29 Todd C. Miller - * MANIFEST, doc/CONTRIBUTORS, src/po/nb.mo, src/po/nb.po: - Norwegian Bokmaal translation for sudo from translationproject.com - [3497f74028fe] + * configure, configure.ac, include/sudo_compat.h, lib/util/mktemp.c: + If a system lacks mkdtemp() or mkstemps(), use our own mkdtemp() and + mkstemps(). Previously we only exposed the missing one but since the + guts are the same we might as well use them. + [12d4ac64462f] -2014-05-13 Todd C. Miller + * src/env_hooks.c: + Mark the putenv(), setenv() and unsetenv() symbols as global, not + hidden. Fixes a mismatch where a plugin (or its loaded dso) would + call setenv() to set a variables but be unable to find it later with + getenv(). + [96127ac4bbb3] - * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, - plugins/sudoers/visudo.c: - Try to be clearer about which are the input and output files in - export mode. - [66167511a410] +2014-10-28 Todd C. Miller - * plugins/sudoers/visudo_json.c: - In -x mode, require that the input and output files be different. - This won't currently catch collisions between the output file and an - include file. - [0c19b82a75e7] + * Makefile.in: + Fix install-nls target from builddir. + [da63bc37f6c5] - * plugins/sudoers/bsm_audit.h, plugins/sudoers/linux_audit.h: - BSM and Linux audit do not yet use the argc function argument. - [3291695d1dfb] + * Makefile.in: + Fix dependency on sudo.pp, it needs to relative to srcdir. + [c76088da98e8] - * plugins/sudoers/audit.c, plugins/sudoers/auth/sia.c, - plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c, - plugins/sudoers/bsm_audit.h, plugins/sudoers/linux_audit.h, - plugins/sudoers/logging.c, plugins/sudoers/logging.h, - plugins/sudoers/sudoers.c: - Pass argc to audit functions too. Will be needed for Solaris audit - support. - [d2114897a44e] + * src/sesh.c: + Adapt to new debug subsystem registration. + [8e13b349b44b] -2014-05-12 Todd C. Miller +2014-10-27 Todd C. Miller - * common/fatal.c, include/fatal.h, plugins/sudoers/policy.c: - Do not allow the same callback function to be registered more that - once in fatal_callback_register(). Add fatal_callback_deregister() - to deregister a callback. - [eff74fb9d274] + * lib/zlib/Makefile.in, lib/zlib/zlib.exp: + Add missing zlib.exp file and common LT_LDFLAGS Makefile.in. + [0bc0092d3e03] - * MANIFEST, plugins/sudoers/regress/sudoers/test15.in, - plugins/sudoers/regress/sudoers/test15.out.ok, - plugins/sudoers/regress/sudoers/test15.toke.ok, - plugins/sudoers/regress/sudoers/test16.in, - plugins/sudoers/regress/sudoers/test16.out.ok, - plugins/sudoers/regress/sudoers/test16.toke.ok: - Add trivial sudoedit parsing tests. - [291ba6f4d6fd] + * lib/util/sudo_conf.c: + Fix path settings broken in rev 9731. + [2b33916eb287] - * MANIFEST, plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po: - Catalan translation for sudoers from translationproject.org. - [b102f8cfeed1] + * MANIFEST, lib/util/regress/sudo_conf/test4.err.ok: + Adjust regress test now that boolean settings display an error for + invalid input. + [73a7365f492e] -2014-05-10 Todd C. Miller + * plugins/sudoers/iolog.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_debug.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Add sudoers_debug_deregister() and use it instead of calling + sudo_debug_deregister() directly. + [819b0e08196e] - * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, - src/po/ca.mo, src/po/ca.po, src/po/gl.mo, src/po/gl.po: - Sync with translationproject.org - [62e5b4842834] + * configure, configure.ac, lib/util/Makefile.in, lib/zlib/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in: + Use AC_PROG_AWK + [945cf6deb18d] -2014-05-09 Todd C. Miller + * NEWS: + Mention shared zlib. + [094bdada1106] - * configure, configure.ac: - lockf() is broken on the Hurd -- use flock instead Bug #647 - [7b8935a0c8b9] + * MANIFEST: + Add lib/zlib/zlib.exp + [7b5011e3eea9] - * plugins/sudoers/visudo.c: - Don't try to install the temporary sudoers file if we didn't edit - it. By default, visudo does not edit files in a #includedir. Fixes a - NULL pointer defef on GNU hurd; Bug #647 - [3a677c4773e5] + * INSTALL, configure, configure.ac, lib/zlib/Makefile.in, + lib/zlib/zconf.h.in: + Add support for installing a shared zlib + [6875ab6ca44f] -2014-05-07 Todd C. Miller + * lib/util/Makefile.in: + fix comment typo + [35c3dda27eec] - * src/regress/ttyname/check_ttyname.c: - When comparing tty names, resolve the tty for fds 0-3 and compare - each one instead of just using the first that resolves. - [c37946b280a5] + * configure, configure.ac, lib/zlib/Makefile.in: + Newer zlib uses HAVE_HIDDEN to turn on symbol hiding so we don't + need to disable it with NO_VIS. + [b3eee86f015f] - * compat/getgrouplist.c, configure, configure.ac: - Solaris 8 doesn't export _nss_initf_group() so we need to provide - out own for getgrouplist(). - [d494b39e9376] + * po/sudo.pot: + regen + [687bc1ea88ac] -2014-05-06 Todd C. Miller + * configure.ac, include/sudo_debug.h, lib/util/sudo_debug.c, + lib/util/util.exp.in: + Version the symbols for sudo_debug.c now that the API is stable. + [873850a062a8] - * .hgtags: - Added tag SUDO_1_8_10p3 for changeset 1b6396910792 - [4504146bc230] <1.8> +2014-10-26 Todd C. Miller - * compat/getgrouplist.c, plugins/group_file/group_file.c, - plugins/system_group/system_group.c: - deal with NULL gr_mem here too - [1b6396910792] [SUDO_1_8_10p3] <1.8> + * lib/util/sudo_conf.c: + Go back to parsing sudo.conf in place for settings and paths and + improve debugging info for unsupported entries and parse errors. + [264e1f7d6551] - * compat/getgrouplist.c, plugins/group_file/group_file.c, - plugins/system_group/system_group.c: - deal with NULL gr_mem here too - [0db43ed71001] + * include/sudo_conf.h, lib/util/regress/sudo_conf/conf_test.c, + lib/util/sudo_conf.c, lib/util/util.exp.in, + plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h: + Add a flag argument to sudo_conf_read() so we can decide which bits + get parsed. This lets us parse Debug statements first and init the + debug subsystem early. + [56dbf1e671de] - * NEWS, configure, configure.ac: - Sudo 1.8.10p3 - [367a743e8c47] <1.8> +2014-10-24 Todd C. Miller - * NEWS, configure, configure.ac: - Sudo 1.8.10p3 - [3f415a180023] + * lib/zlib/gzguts.h: + Include stdio.h after zlib.h, not before. We need the large file + defines to come first. + [b42b53d10252] -2014-05-02 Todd C. Miller + * doc/LICENSE, lib/zlib/compress.c, lib/zlib/crc32.c, + lib/zlib/crc32.h, lib/zlib/deflate.c, lib/zlib/deflate.h, + lib/zlib/gzguts.h, lib/zlib/gzlib.c, lib/zlib/gzread.c, + lib/zlib/gzwrite.c, lib/zlib/infback.c, lib/zlib/inffast.c, + lib/zlib/inflate.c, lib/zlib/inftrees.c, lib/zlib/trees.c, + lib/zlib/uncompr.c, lib/zlib/zconf.h.in, lib/zlib/zlib.h, + lib/zlib/zutil.c, lib/zlib/zutil.h: + Update zlib to version 1.2.8 + [f95280e0448d] - * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, - plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, - plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, - plugins/sudoers/env.c, plugins/sudoers/iolog.c, - plugins/sudoers/logging.c, plugins/sudoers/logging.h, - plugins/sudoers/parse.c, plugins/sudoers/sudoers.c, - plugins/sudoers/timestamp.c: - Rename log_warning flags and only send mail if SLOG_SEND_MAIL is set - instead of mailing by default like we used to. - [5b3882833aa1] + * configure, configure.ac: + Don't add -Wold-style-definition to CFLAGS as it causes problems + with 3rd party libraries such as zlib. + [1d7613d1c177] - * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, - plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, - plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, - plugins/sudoers/env.c, plugins/sudoers/iolog.c, - plugins/sudoers/logging.c, plugins/sudoers/logging.h, - plugins/sudoers/parse.c, plugins/sudoers/sudoers.c, - plugins/sudoers/timestamp.c: - Add log_warningx - [feef646cb8b1] + * src/load_plugins.c: + Free up plugin info structs after converting to plugin containers. + [1168e873d778] - * src/exec_pty.c: - Add debugging info for when we delete I/O events that still have - buffered data in them. - [7f17992cdf22] + * INSTALL, MANIFEST, Makefile.in, configure, configure.ac, + doc/Makefile.in, doc/TROUBLESHOOTING, doc/UPGRADE, doc/sample.pam, + doc/sample.sudo.conf, doc/sample.sudoers, doc/sample.syslog.conf, + examples/Makefile.in, examples/pam.conf, examples/sudo.conf, + examples/sudoers, examples/syslog.conf, sudo.pp: + Move sample.* files to a sudo examples dir + [b53e3df56c66] - * common/event.c: - Fix non-blocking mode. We only want to exit the event loop when - poll() or select() returns 0 and there are no active events. This - fixes a problem on some systems where the last buffer was not being - written when the command exited. - [4340e0967e91] <1.8> + * sudo.pp: + Fix a packaging problem with the sudoedit man page link on Debian. + [8ad77a37048e] - * common/event.c: - Fix non-blocking mode. We only want to exit the event loop when - poll() or select() returns 0 and there are no active events. This - fixes a problem on some systems where the last buffer was not being - written when the command exited. - [deb6b1a7b241] + * plugins/sudoers/iolog.c, plugins/sudoers/policy.c: + Initialize the debug subsystem in sudoers early. Currently this + means iterating over the settings list twice. + [93b12ea08405] - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: - Change return value of switch_dir() to an int so we can distinguish - between an error and an empty dir in push_includedir(). - [d0462b84782e] + * lib/util/sudo_debug.c: + No need to convert sudoedit -> sudo in sudo_debug_get_instance() as + we store the actual program name and only do the sudoedit -> sudo + conversion when reading the sudo.conf file. Fixes debugging when + invoked as sudoedit. + [535c01d83b14] - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: - Move code to fill in the list of dirs out of switch_dir and into its - own function. Quiets a false positive from cppcheck which got - confused due to variable reuse. - [6d6296f46255] + * lib/util/sudo_conf.c, lib/util/sudo_debug.c, + plugins/sudoers/iolog.c, plugins/sudoers/policy.c, src/exec_pty.c, + src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h: + In the plugin registers with the debug framework at open time, the + sudo front-end will now set the default debug instance appropriately + before calling into the plugin. This means the plugin no longer + needs to do the sudo_debug_set_default_instance() dance. + [10dd45a7884f] - * plugins/sudoers/audit.c: - Avoid unused variable warning if auditing is not supported. - [5e6fd2ffe039] + * Makefile.in: + Remove duplicate -U__NBBY in CPPCHECK_OPTS + [ad518cb36279] -2014-05-01 Todd C. Miller +2014-10-23 Todd C. Miller * plugins/sudoers/Makefile.in: - Fix library order when linking binaries. - [3fec51f98ae1] + Older shells don't support unset. + [8762e40871ab] - * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: - Include limits.h and inttypes.h for SIZE_MAX define. - [41f8be660384] + * configure, configure.ac, include/sudo_compat.h, + lib/util/inet_ntop.c, src/net_ifs.c: + Fix inet_ntop() replacement on older systems without it. We only + expose the prototype for net_ifs.c due to the use of socklen_t. + [18b95ca378ab] - * include/missing.h, plugins/sudoers/env.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y: - Move SIZE_MAX compat define into missing.h where it belongs. - [1bb108cf9df3] + * lib/util/sudo_debug.c: + Dynamically allocate debug_fds bitmap and realloc as needed. + [e858199414f6] -2014-04-30 Todd C. Miller + * Makefile.in, include/sudo_debug.h, lib/util/Makefile.in, + lib/util/sudo_debug.c, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoers_debug.h, + plugins/system_group/Makefile.in, src/Makefile.in, src/exec.c: + Use generic bitmap macros instead of select-style fd_set. + [c382edc413be] - * plugins/sudoers/iolog.c, plugins/sudoers/logging.c, - plugins/sudoers/logging.h, plugins/sudoers/policy.c, - plugins/sudoers/sudoers.c: - Remove now-unused log_fatal() - [53478df3bb1e] + * lib/util/sudo_debug.c: + Replace sudo_debug_num_instances with sudo_debug_max_instance + [12625fd174a4] - * plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/pam.c, - plugins/sudoers/env.c, plugins/sudoers/ldap.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: - Eliminate calls to fatal()/fatalx()/log_fatal() in env.c and just - pass back a return value. - [d7f2be8f2740] + * plugins/sudoers/iolog.c, plugins/sudoers/policy.c: + Don't call into the debug subsystem after we've deregistered the + plugin's instance. + [fca7279d2f40] -2014-04-28 Todd C. Miller + * lib/util/sudo_debug.c: + Only fill in subsystem_ids[] for the instance if the caller passed + in an array for it. If the caller only wants the default subsystems + we don't actually need ids[]. + [07939da6d3a5] - * plugins/sudoers/boottime.c, plugins/sudoers/sudoers.h: - Make get_boottime() return bool. - [c405be621507] <1.8> + * lib/util/Makefile.in: + Link with -ldl if needed when built with --disable-shared-libutil/ + [542eeffaf57d] - * plugins/sudoers/boottime.c, plugins/sudoers/sudoers.h: - Make get_boottime() return bool. - [9ff15a995d01] + * src/regress/ttyname/check_ttyname.c: + Fix includes order. + [ddd58edba5af] - * doc/CONTRIBUTORS, plugins/sudoers/boottime.c: - Fix fd leak on Linux when determing boot time. This is usually - masked by the closefrom() call in sudo. From Jamie Anderson. Bug - #645 - [5c0ee562df88] <1.8> + * lib/util/util.exp.in: + Remove extra newline mistakenly introduced in rev 9682. + [36a40e308bbc] - * doc/CONTRIBUTORS, plugins/sudoers/boottime.c: - Fix fd leak on Linux when determing boot time. This is usually - masked by the closefrom() call in sudo. From Jamie Anderson. Bug - #645 - [0b4c430e8b88] + * plugins/sudoers/Makefile.in: + Fix typo in unset. + [2c5fbe4c9a54] -2014-04-24 Todd C. Miller + * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c, src/sesh.c: + Set debug instance for standalone programs. + [306225438408] - * plugins/sudoers/audit.c: - Handle the (currently impossible) case where both BSM and Linux - auditing are supported. Pacifies cppcheck. - [899cd6b5e487] + * plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c, + src/net_ifs.c: + Fix compilation issues, fallout from the debug changes. + [aff5bb3d0322] - * plugins/sudoers/iolog.c: - Don't call ferror() on a closed stream, just check the return value - of fclose() instead. Found by cppcheck. - [e843f3c8f5d8] + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [bbb69f299d1f] -2014-04-22 Todd C. Miller + * configure, configure.ac: + Sudo 1.8.12 + [8d9b15c1de44] - * doc/CONTRIBUTORS, plugins/sudoers/auth/pam.c: - Use calloc() instead of malloc(n * s) followed by memset(). From - Jean-Philippe Ouellet. - [f416cebd3d8e] + * NEWS: + Update with debug system changes and revent bug fixes. + [44133de1dee2] - * plugins/sudoers/sudoers.c: - Format string safety in error path. - [956fd6dbba80] + * include/sudo_debug.h, lib/util/sudo_conf.c, lib/util/sudo_debug.c, + plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoers_debug.h: + When registering with the debug subsystem, the caller now passes in + an arrary of ints that gets filled in with the subsytem IDs to be + used in debug_decl. + [80e80ba194f7] - * common/alloc.c, common/event_poll.c, common/gidlist.c, - common/sudo_conf.c, include/alloc.h, plugins/sudoers/auth/sia.c, - plugins/sudoers/env.c, plugins/sudoers/group_plugin.c, - plugins/sudoers/ldap.c, plugins/sudoers/pwutil_impl.c, - plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, - src/env_hooks.c, src/exec_common.c, src/parse_args.c, src/selinux.c, - src/sudo.c, src/sudo_edit.c, src/ttyname.c: - Rename emalloc2() -> emallocarray() and erealloc3() -> - ereallocarray(). - [db3941093c68] + * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + sudoers_debug_instance is now included in libparsesudoers so we + don't need to declare it here. + [a56f79e6fcf8] - * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in: - Add missing rule for building sha2.lo when not supported by libc or - libmd. - [70a16e10ddcd] +2014-10-22 Todd C. Miller -2014-04-15 Todd C. Miller + * MANIFEST, include/sudo_debug.h, lib/util/sudo_debug.c, + lib/util/ttysize.c, plugins/sudoers/Makefile.in, + plugins/sudoers/alias.c, plugins/sudoers/audit.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/base64.c, + plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/env.c, plugins/sudoers/find_path.c, + plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/group_plugin.c, plugins/sudoers/hexchar.c, + plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, + plugins/sudoers/logwrap.c, plugins/sudoers/match.c, + plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, + plugins/sudoers/policy.c, plugins/sudoers/prompt.c, + plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoers_debug.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, + plugins/sudoers/visudo_json.c: + The sudoers plugin now defines its own list of debugging subsystem + names and defines. + [e85d0375e059] - * plugins/sudoers/sudoers.in: - Disable I/O logging for halt and poweroff in addition to reboot in - commented out example. - [40a7f11686ce] + * MANIFEST, include/sudo_debug.h, lib/util/aix.c, lib/util/event.c, + lib/util/event_poll.c, lib/util/event_select.c, lib/util/gidlist.c, + lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c, + lib/util/parseln.c, lib/util/secure_path.c, lib/util/setgroups.c, + lib/util/strtobool.c, lib/util/strtoid.c, lib/util/strtomode.c, + lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/term.c, + lib/util/ttysize.c, lib/util/util.exp.in, + plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, + plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/base64.c, plugins/sudoers/boottime.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/hexchar.c, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/logging.c, plugins/sudoers/logwrap.c, + plugins/sudoers/match.c, plugins/sudoers/match_addr.c, + plugins/sudoers/parse.c, plugins/sudoers/policy.c, + plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/redblack.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_debug.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestamp.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, + src/Makefile.in, src/exec.c, src/exec_common.c, src/exec_pty.c, + src/get_pty.c, src/hooks.c, src/load_plugins.c, src/net_ifs.c, + src/parse_args.c, src/preserve_fds.c, + src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c, + src/signal.c, src/solaris.c, src/sudo.c, src/sudo.h, + src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, src/utmp.c: + Add support for multiple Debug lines per program. Callers may + register arbitrary debug facilities or use built-in defaults. We now + use separate Debug statements for plugins and programs. + [5e553cbbfbb1] - * doc/CONTRIBUTORS, plugins/sudoers/auth/pam.c: - Use PAM_REINITIALIZE_CRED instead of PAM_ESTABLISH_CRED when - changing the user. This is the correct flag to use with a program - that changes the uid like su or sudo and fixes a role problem on - Solaris. From Gary Winiger; Bug #642 - [4c0eab1a5617] <1.8> + * MANIFEST, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, include/sudo_conf.h, include/sudo_debug.h, + lib/util/Makefile.in, lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_conf/test7.in, + lib/util/regress/sudo_conf/test7.out.ok, lib/util/sudo_conf.c, + lib/util/sudo_debug.c, lib/util/util.exp.in, + plugins/sudoers/Makefile.in, plugins/sudoers/solaris_audit.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudoers.h, src/hooks.c, + src/load_plugins.c, src/parse_args.c, src/sudo.c, + src/sudo_plugin_int.h: + Change how sudo.conf is parsed. We now do a quick parse and then set + the values after the entire file has been parsed. This lets us init + the debug system earlier. Plugin-specific debug flags are now stored + in struct plugin_info and struct plugin_container and passed to the + plugin via one or more debug_flags settings. + [62fb1102e1e2] - * doc/CONTRIBUTORS, plugins/sudoers/auth/pam.c: - Use PAM_REINITIALIZE_CRED instead of PAM_ESTABLISH_CRED when - changing the user. This is the correct flag to use with a program - that changes the uid like su or sudo and fixes a role problem on - Solaris. From Gary Winiger; Bug #642 - [ec23c3bf41bb] + * src/parse_args.c, src/sudo.c, src/sudo.h: + Return settings from parse_args as struct sudo_settings and format + for the plugin at plugin open time. This will allow for additional, + plugin-specific settings to be added to the array. + [167929871b94] - * plugins/sudoers/defaults.c: - pam_setcred should default to true; from Gary Winiger Bug #642 - [89a73675963a] <1.8> + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, src/load_plugins.c, + src/sudo.c, src/sudo_plugin_int.h: + Pass plugin path in the settings array. + [45bc2d087115] - * plugins/sudoers/defaults.c: - pam_setcred should default to true; from Gary Winiger Bug #642 - [23e6628ec546] + * plugins/sudoers/parse.c: + Remove an unneeded NULL check to quiet a cppcheck warning. + [64cb92122658] -2014-04-10 Todd C. Miller +2014-10-14 Todd C. Miller - * plugins/sudoers/ldap.c, plugins/sudoers/logging.c, - plugins/sudoers/parse.c, plugins/sudoers/policy.c, - plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, - plugins/sudoers/timestamp.c: - Make set_perms() and restore_perms() return an error instead of - calling exit() on failure. - [b1a1a36abdb4] + * plugins/sudoers/Makefile.in: + Set locale to C for visudo and testsudoers regression tests. Bug + #672 + [adf7997a0a65] - * plugins/sudoers/sudoers.c: - Eliminate calls to fatal() in sudoers.c and just pass back a return - value. - [e4d87a036f6d] - - * plugins/sudoers/logging.c: - Elimate calls to fatal() in the logging code. - [9847acdf7066] +2014-10-13 Todd C. Miller -2014-04-09 Todd C. Miller + * plugins/sudoers/linux_audit.c: + Fix logic bug. We only want to return -1 from linux_audit_open() + when audit_open() fails and errno is not one of EINVAL, + EPROTONOSUPPORT, or EAFNOSUPPORT. For those errno values, we return + AUDIT_NOT_CONFIGURED which is not a fatal error. Bug #671 + [6f0d8f1c7648] - * common/regress/atofoo/atofoo_test.c: - Quiet a compiler warning on Solaris. - [3b9827834800] +2014-10-11 Todd C. Miller - * MANIFEST, common/Makefile.in, compat/Makefile.in, compat/sha2.c, - compat/sha2.h, config.h.in, configure, configure.ac, m4/sudo.m4, - plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, - plugins/sudoers/gram.h, plugins/sudoers/gram.y, - plugins/sudoers/match.c, - plugins/sudoers/regress/parser/check_digest.c, - plugins/sudoers/regress/sudoers/test14.toke.ok, - plugins/sudoers/sha2.c, plugins/sudoers/sha2.h, - plugins/sudoers/toke.c, plugins/sudoers/toke.l: - Move the sha2 code into libreplace and add configure checks for - SHA224Update in libc and libmd. Solaris uses "void *" where we use - "unsigned char *" so we need a check for that too. Solaris sha2.h - defines SHA224, SHA256, SHA384, and SHA512 so rename those tokens. - Adapted from changes from Vladimir Marek in bug #641. - [cd02732f0704] + * NEWS: + Add back fix for Bug #663 + [a3dfc76ee776] - * MANIFEST, plugins/sudoers/match.c, - plugins/sudoers/regress/testsudoers/test6.out.ok, - plugins/sudoers/regress/testsudoers/test6.sh, - plugins/sudoers/regress/testsudoers/test7.out.ok, - plugins/sudoers/regress/testsudoers/test7.sh: - Fix matching of uids and gids broken in sudo 1.8.9. - [d4048708102e] <1.8> +2014-10-10 Todd C. Miller - * MANIFEST, plugins/sudoers/match.c, - plugins/sudoers/regress/testsudoers/test6.out.ok, - plugins/sudoers/regress/testsudoers/test6.sh, - plugins/sudoers/regress/testsudoers/test7.out.ok, - plugins/sudoers/regress/testsudoers/test7.sh: - Fix matching of uids and gids broken in sudo 1.8.9. - [315eff4add59] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + The older style bash function exporting is not used by post- + shellshock versions of bash. + [223efe328e86] - * plugins/sudoers/testsudoers.c: - Fix -P option in usage() - [4465be0a9010] <1.8> + * plugins/sudoers/env.c: + Apple uses a different variant of the BASH_FUNC prefix for bash + functions. + [ea13c8c2a716] - * plugins/sudoers/testsudoers.c: - Fix -P option in usage() - [50753b6222b7] +2014-10-07 Todd C. Miller -2014-04-07 Todd C. Miller + * NEWS: + Remove change that is part of 1.8.12 not 1.8.11p1 + [8fdad4c4f314] - * plugins/sudoers/check.c, plugins/sudoers/prompt.c, - plugins/sudoers/set_perms.c: - Remove a few more unnecessary uses of fatal(). - [8cfb205831dc] + * NEWS, configure, configure.ac: + Update for sudo 1.8.11p1 + [80e9898f7c04] - * plugins/sudoers/auth/sudo_auth.c: - Use log_warning() not log_fatal() for the "Invalid authentication - methods compiled into sudo" message. We return -1 on error anyway. - [c8da5cf74348] + * src/regress/ttyname/check_ttyname.c: + Only check stdin for the tty and avoid the check entirely if we + don't have a way to get the tty from the kernel. Bug #643 + [deb799e16416] - * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h: - Return MODE_ERROR from sudoers_policy_deserialize_info() instead of - calling fatalx(). - [6faefdd188f2] + * lib/util/sudo_debug.c: + Make a copy of ap in sudo_debug_vprintf2() in case the static buffer + is not big enough and we need to call vasprintf(). + [a5d32b9d63be] - * common/gidlist.c, src/sudo.c: - parse_gid_list() now returns -1 on error instead of calling - fatalx(). - [ccf19c4a0d5b] + * src/sudo.c: + Avoid comparing new cwd with old one if getcwd() failed. Bug #670 + [e99093578ca7] -2014-04-04 Todd C. Miller + * plugins/sudoers/env.c: + Fix debugging printout output for env_should_keep() + [a9e7ea4b6751] - * src/exec.c: - Forward SIGINFO to running command if supported. If the command is - being run in the background (or exec_background is set in sudoers), - it is the sudo process, not the actual command, that receives the - ^T. - [d2b020bdf0d5] +2014-10-06 Todd C. Miller - * plugins/sudoers/defaults.h, plugins/sudoers/iolog.c, - plugins/sudoers/iolog_path.c, - plugins/sudoers/regress/iolog_path/check_iolog_path.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, - plugins/sudoers/testsudoers.c: - Remove calls to log_fatal() in I/O log functions and just pass an - error back to the caller. - [e89593d9dc35] + * Makefile.in, include/Makefile.in: + Use INSTALL_OWNER instead of -O/-G flags so we can work with the + autotools install-sh too. Bug #669 + [a5f87f6a52b7] -2014-04-01 Todd C. Miller + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c: + Move sudo_printf to policy.c to match sudo_conv. + [f2d6065c3daf] - * common/alloc.c, plugins/sudoers/env.c, - plugins/sudoers/linux_audit.c, plugins/sudoers/policy.c, - plugins/sudoers/prompt.c, plugins/sudoers/sudoers.c, - plugins/sudoers/testsudoers.c: - Make "internal error, %s overflow" arguments consistent, using - __func__ where possible (when debugging is allowed). - [84e2c40d101b] +2014-10-05 Todd C. Miller -2014-03-31 Todd C. Miller + * MANIFEST, include/sudo_fatal.h, lib/util/Makefile.in, + lib/util/fatal.c, lib/util/sudo_printf.c, lib/util/util.exp.in, + plugins/sudoers/Makefile.in, plugins/sudoers/sudo_printf.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + src/conversation.c, src/sudo.c, src/sudo_plugin_int.h: + Add sudo_warn_set_conversation() to specify a conversation function + to use for warn/fatal. If no conversation function is specified, the + standard error will be used. We now only need sudo_printf() for + things that use the parser. + [d6049e53e3e3] - * plugins/sudoers/toke_util.c, src/net_ifs.c: - Use common printf format when warning of buffer overflow prevention. - [8b0d732b0eae] +2014-10-03 Todd C. Miller - * Makefile.in: - Remove init.d/*.sh in distclean - [99cd1eaf4684] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Use correct names when referring to subsections in the sudoers + manual. + [7a016916f0ab] - * .hgignore: - Correctly ignore init.d/*.sh - [04aabe1893e5] +2014-10-02 Todd C. Miller - * plugins/sudoers/ldap.c: - Remove remaining calls to fatalx(); just pass the error to the - caller. - [a8bcf903d84b] + * MANIFEST, config.h.in, configure, configure.ac, + lib/util/inet_ntop.c, src/net_ifs.c: + Use inet_ntop() instead of inet_ntoa() and include a version for + systems that are missing it. + [1a1a70dba9c0] -2014-03-26 Todd C. Miller +2014-10-01 Todd C. Miller - * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.h: - Make a password/group cache collision a warning rather than fatal. - This should not be possible in practice and we can safely return the - new (potentially duplicate) item as it will be freed by the caller. - Make sudo_set_grlist() return an error on failure instead of calling - fatalx(). - [5e8d3006862d] + * configure, configure.ac: + Fix detection of functions in network libs like -lsocket, -lnsl and + -linet when we have already added those libs to NET_LIBS. Fixes a + problem where inet_pton() was not detected on Solaris. + [27e10183649e] - * plugins/sudoers/timestamp.c: - Use log_warning() instead of log_fatal() if the ticket or lecture - path is too long and just return an error. This can only happen from - a misconfiguration so just ignoring the ticket/lecture file is safe. - [864c5de8345b] + * NEWS: + Mention --disable-shared-libutil fix. + [7efe70688237] - * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h: - In find_path(), return NOT_FOUND_ERROR instead of calling fatal() if - the path is too long. Remove an extraneous check against PATH_MAX in - set_cmnd() since find_path() already contains such a check. - [183106753690] + * src/Makefile.in: + Always use --tag=disable-static to avoid installing a static + sudo_noexec. + [5d7d58879f99] - * plugins/sudoers/sudoers.h: - Remove unused MODE_LISTDEFS define and correct a comment. - [fb47e59ce5fe] + * configure, configure.ac, lib/util/Makefile.in, + plugins/sudoers/Makefile.in: + Instead of building libutil statically for --disable-shared-libutil, + just treat it as a convenience library. Do the same with sudoers for + --enable-static-sudoers. Fixes link errors on Solaris among others + when --disable-shared-libutil is used. + [c5357fe78ab7] - * plugins/sudoers/hexchar.c, plugins/sudoers/match.c, - plugins/sudoers/toke_util.c: - Make hexchar() return -1 on invalid input instead of calling - fatalx(). Callers used to check that the string was hex before - calling hexchar(). Now callers must check for a -1 return value - instead. - [1be217c71ce7] + * configure, configure.ac, lib/util/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in: + Remove LT_LDMAP and LT_LDOPT and just use LT_LDEXPORTS for the + compiler-specific option to restrict symbol exporting. + [09e8dab6f528] - * plugins/sudoers/audit.c, plugins/sudoers/bsm_audit.c, - plugins/sudoers/bsm_audit.h, plugins/sudoers/linux_audit.c, - plugins/sudoers/logging.h, plugins/sudoers/sudoers.c: - Propagate errors in audit code to caller instead of using fatal(). - If we fail to audit an otherwise successful command, return an error - from the policy. For Linux audit, sudo may be compiled with audit - support but auditing may not be setup, so we don't consider that an - error. - [9a5753bfcb95] + * src/preload.c: + Include sys/types.h to get gid_t, etc used in sudo_compat.h. Fixes a + build issue on Solaris. + [b8917967df41] - * plugins/sudoers/boottime.c: - Remove unused variable on Linux. - [f63d7b86797d] +2014-09-29 Todd C. Miller - * plugins/sudoers/timestamp.c: - Fix warning on systems where mode_t is not unsigned int (Solaris). - [acd1457c23ec] + * src/regress/ttyname/check_ttyname.c: + Fix cust & pasto in error message when there is a mismatch between + the sudo and libc ttys. From Diego Elio Petteno'. Bug #643 + [87d5f1a49535] -2014-03-25 Todd C. Miller +2014-09-27 Todd C. Miller - * plugins/sudoers/env.c, plugins/sudoers/sudoers.c: - Audit path too long errror. Add comments about non-audit events and - placeholders for future audit hooks. - [434ee47c83dc] + * plugins/sudoers/env.c: + Add BASH_FUNC_* to environment blacklist for newer-style bash + functions. + [b6e66c4a782e] - * src/net_ifs.c: - Fix aliasing warning in old-style interface probe code. - [1d6ce6f46da1] - - * plugins/sudoers/set_perms.c: - Fix some sign comparision warnings. - [20c6068db104] + * Makefile.in: + Pull additional password prompts out of mkpkg instead of hard-coding + them. + [d2a6da883b34] - * common/aix.c, common/gidlist.c, compat/getgrouplist.c, - include/sudo_util.h, src/sudo.c: - Don't call fatal/fatalx in common/*.c - [ebf5e55a1ec1] + * NEWS: + Add post-1.8.11 changes + [11169ace8fa4] -2014-03-19 Todd C. Miller + * Makefile.in, configure.ac, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/po/sudoers.pot: + Add a space after "Password:" in default password prompt so it is + easier to read when pwfeedback is enabled. + [a7750d845b5b] - * plugins/sudoers/check.c, plugins/sudoers/prompt.c, - plugins/sudoers/sudoers.h: - Fix expansion of %p in the prompt for "sudo -l" when rootpw, runaspw - or targetpw is set. Bug #639 - [7d253b9abfc1] <1.8> + * plugins/sudoers/auth/sudo_auth.c: + Simplify how we count the password tries + [71b9f2021561] - * plugins/sudoers/check.c, plugins/sudoers/prompt.c, - plugins/sudoers/sudoers.h: - Fix expansion of %p in the prompt for "sudo -l" when rootpw, runaspw - or targetpw is set. Bug #639 - [dff0208d1194] + * plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c: + Block SIGINT and SIGQUIT while verifying passwords so that + authentication modules that use sleep() are not interrupted. If the + user interrupted authentication, exit the loop. + [1cfafd7fcb13] -2014-03-17 Todd C. Miller + * configure, configure.ac: + Remove Convex support; it is not modern enough to run sudo 1.8. + [c3bdfbb2ee11] - * .hgtags: - Added tag SUDO_1_8_10p2 for changeset 78452d8fb950 - [f4c8a00a83eb] <1.8> + * configure, configure.ac: + Only check for -lshadow if we haven't already found getspnam() in + libc. Rather than treat this specially, just add -lshadow as another + place to search in addition to -lgen. + [fdf06757f25d] - * NEWS, configure, configure.ac, doc/visudo.cat, doc/visudo.man.in: - Merge sudo 1.8.10p2 from trunk - [78452d8fb950] [SUDO_1_8_10p2] <1.8> +2014-09-26 Todd C. Miller - * NEWS, configure, configure.ac: - Sudo 1.8.10p2 - [774ebec63b41] + * plugins/sudoers/auth/sudo_auth.c: + If all authentication methods fail init/setup, fail with an error. + [4cd0481bf05e] - * plugins/sudoers/timestamp.c: - Don't write an empty timestamp record when timestamp_timeout is - zero. If we find an empty record in the timestamp file, overwrite it - with a good one, truncating the file as needed. - [9c226d81b660] + * plugins/sudoers/auth/sudo_auth.c: + Move pass_warn() so that it is defined before it is called(). + [6ea697e89fef] -2014-03-15 Todd C. Miller +2014-09-24 Todd C. Miller - * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: - Fix typos in description of the -x option. Bug #637 - [6ff2bfaaf99d] + * pp: + Remove duplicate Requires: line in generated rpm spec file. + [335703b110c7] -2014-03-13 Todd C. Miller + * pp: + In pp_files_expand() set _target to be empty. Fixes a problem with + Solaris sh where simply using typeset doesn't causes the variable to + be treated as local so we can inadvertantly inherit a value from a + previous call. + [f3cecca3c7b0] - * .hgtags: - Added tag SUDO_1_8_10p1 for changeset 8c6c509e8f93 - [532e16482b03] <1.8> +2014-09-23 Todd C. Miller - * NEWS, common/Makefile.in, configure, configure.ac, - plugins/sudoers/Makefile.in, src/Makefile.in: - Merge sudo 1.8.10p1 from trunk. - [8c6c509e8f93] [SUDO_1_8_10p1] <1.8> + * configure, configure.ac: + Fix version for release. + [39f6a2e9a098] - * NEWS, configure, configure.ac: - Sudo 1.8.10p1 - [33828a3385ad] +2014-09-20 Todd C. Miller - * plugins/sudoers/timestamp.c: - Fix typo/thinko that prevented "Defaults !tty_tickets" from working. - [f65cc29dbcc7] + * configure, configure.ac, pathnames.h.in: + Only redefine _PATH_BSHELL on AIX if we included paths.h. + [2dd4e808f69f] - * plugins/sudoers/parse.c: - Fix "sudo -l command" output when the matching command is negated. - Bug #636 - [b4a92803f733] + * NEWS: + Bug 661 + [7f2b278086b2] -2014-03-11 Todd C. Miller + * pathnames.h.in, src/exec_common.c, src/sudo.c: + On AIX, _PATH_BSHELL is /usr/bin/bsh but we want to use /usr/bin/sh + (which is usually ksh). This makes sudo's behavior when executing a + shell without the #! magic number match execvp() on AIX. + [2b438ff99991] - * MANIFEST, common/Makefile.in, common/regress/atofoo/atofoo_test.c, - common/regress/sudo_conf/test5.err.ok, - common/regress/tailq/hltq_test.c: - The atofoo_test and hltq_test tests now display their own test error - rate. Display pass/fail count separately for sudo_conf and - sudo_parseln tests. Check stderr output for the sudo_conf test. - [5c814709ac70] + * pathnames.h.in: + Whitespace changes. + [107f66ecfa54] - * src/Makefile.in: - Don't run the check_ttyname test if cross compiling. - [874ecc1c3db0] + * configure, m4/sudo.m4: + Prefer /usr/bin/sh to /bin/sh to match modern systems. + [9e2ccb5b239f] - * plugins/sudoers/Makefile.in: - CWD no longer used. - [13b2f3c4269b] + * NEWS, lib/util/Makefile.in: + Don't use SSP_CFLAGS or PIE_CFLAGS when building mksiglist/mksigname + as they are built with the host compiler which may be different when + cross-compiling. From Gustavo Zacarias. Bug 662. + [f1a6d58c0baa] - * plugins/sudoers/Makefile.in: - Fix diff of toke and err output files in "make check" - [485cdf3c75e7] +2014-09-17 Todd C. Miller -2014-03-10 Todd C. Miller + * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/cs.mo, + po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fi.mo, + po/fi.po, po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, + po/pt_BR.po, po/ru.mo, po/ru.po, po/sr.mo, po/sr.po, po/uk.mo, + po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, po/zh_CN.po: + Sync with translationproject.org + [588c41d2eab5] - * .hgtags: - Added tag SUDO_1_8_10 for changeset 0bee95ccb32d - [08b09b3d5531] <1.8> +2014-09-16 Todd C. Miller -2014-03-07 Todd C. Miller + * plugins/sudoers/sudo_nss.c: + Make sure we can't insert an nss entry in the list that has already + been used before. + [b5fab945991b] - * INSTALL, Makefile.in, NEWS, common/Makefile.in, config.h.in, - configure, configure.ac, doc/sudo.cat, doc/sudo.man.in, - doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, - doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, - doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, - doc/visudo.man.in, mkpkg, plugins/group_file/Makefile.in, - plugins/sudoers/Makefile.in, plugins/sudoers/auth/secureware.c, - plugins/sudoers/boottime.c, plugins/sudoers/check.c, - plugins/sudoers/iolog.c, plugins/sudoers/logging.c, - plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, - src/Makefile.in, src/exec_pty.c, src/ttyname.c: - Merge sudo 1.8.10 from trunk - [0bee95ccb32d] [SUDO_1_8_10] <1.8> + * plugins/sudoers/visudo_json.c: + Use correct gettext macro with sudo_warnx() + [0a532986b016] - * src/po/de.mo, src/po/de.po: - sync with translationproject.org - [d246c72a2350] + * NEWS: + Make nsswitch.conf bug fix description more accurrate. It affects + the "files" nsswitch source too. + [a29cce3a3ee9] -2014-03-06 Todd C. Miller + * NEWS: + Mention nsswitch.conf duplicate entry fix. + [f8a45b59a577] - * configure, configure.ac: - Check whether ber.h is needed before ldap.h even if we are not using - any ber functions. Needed for older versions of nss ldap. - [c2310324dc34] +2014-09-15 Todd C. Miller - * plugins/sudoers/sssd.c: - Fix compiler warning in debug code. - [8ee4cb6cafad] + * plugins/sudoers/parse.c, plugins/sudoers/sudoers.h: + Make sudoers file nsswitch functions static to parse.c since they + are self-contained. + [cf22385d0659] - * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/ca.mo, src/po/ca.po: - Catalan translation for sudo from translationproject.org. - [d6af7d06ee36] + * plugins/sudoers/sudo_nss.c: + Fix infinite loop when mulitple sudoers entries are present in + nsswitch.conf. From Daniel Kopecek. + [e773e0eee736] -2014-03-05 Todd C. Miller +2014-09-10 Todd C. Miller * NEWS: - Document negation fix in JSON output. - [37a85423ae49] + Fix for bug #660 + [e25192ad79cc] -2014-03-04 Todd C. Miller + * src/get_pty.c: + Fix compilation on systems without openpty(), _getpty() or + grantpt(). From Vasilyy Balyasnyy + [897280412e3e] - * plugins/sudoers/visudo_json.c: - Fix handling of '!' operator when converting sudoers. We now add a - "negated" boolean flag to objects that have the '!' operator. - [071926c10280] +2014-09-08 Todd C. Miller -2014-03-01 Todd C. Miller + * src/conversation.c: + Remove remaining use of SUDO_CONV_DEBUG_MSG. + [4ee756b687ea] - * MANIFEST, NEWS, plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po: - Czech translation for sudoers from translationproject.org - [c0aae297f7c1] + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, include/sudo_plugin.h: + SUDO_CONV_DEBUG_MSG is no longer supported. + [7bf46cf06578] -2014-02-28 Todd C. Miller + * doc/sudo.conf.cat, doc/sudoers.cat: + regen + [5bff0d4d3956] - * configure, configure.ac: - Try -libmldap before -lldap in case there is no link from - libibmldap.so to libldap.so. Since IBM ldap is installed under /opt - we should only be able to reach it if --with-ldap was given an - explicit path. + * include/sudo_debug.h, lib/util/sudo_debug.c, lib/util/sudo_printf.c, + plugins/sudoers/iolog.c, plugins/sudoers/policy.c: + There is no longer a reason for the plugin to init the debug + subsystem itself. It will always be initialized by the front-end if + needed. + [970dd80a9e3c] - Only check for ber_set_option() if LBER_OPT_DEBUG_LEVEL is defined. - [89d50c29d737] + * include/sudo_alloc.h, include/sudo_compat.h, include/sudo_fatal.h: + Add function arg names to prototypes where missing. + [e78dc4c48521] -2014-02-27 Todd C. Miller + * lib/util/alloc.c: + Remove obsolete definition of SIZE_T which is now handled by + sudo_compat.h and rename the format arg to fmt in + sudo_evasprintf_v1() for consistency with sudo_easprintf_v1(). + [72c0fc5e5114] - * plugins/sudoers/set_perms.c: - Fix typo in setreuid() PERM_ROOT error message. - [533415f53165] + * src/parse_args.c: + If we were invoked with any name ending in "edit", treat as + sudoedit. + [d307572f08bc] - * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c, - plugins/sudoers/auth/sudo_auth.h: - Remove unused FLAG_USER auth flag. We have no auth methods that - require that authentication be run as the invoking user. - [4a9a9f557cb1] +2014-09-04 Todd C. Miller - * mkpkg: - No longer need to disable setresuid() on debian. - [96ba687c35f0] - -2014-02-26 Todd C. Miller - - * plugins/sudoers/timestamp.c: - Fix conversion of timestamp_timeout from double to struct timeval. - Also quiet a printf format warning on 32-bit systems. - [59d1f3094dda] - -2014-02-25 Todd C. Miller - - * MANIFEST, NEWS, plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po: - Serbian translation for sudoers from translationproject.org. - [7134b386d658] - -2014-02-24 Todd C. Miller + * po/sudo.pot: + regen + [31c115ffbba8] - * doc/CONTRIBUTORS: - Add Ingo Schwarze - [114cdf286987] + * src/exec.c, src/exec_pty.c, src/signal.c: + Check return value of sigaction(), even though it should never fail. + [75c578e6a07c] - * NEWS, plugins/sudoers/visudo_json.c: - When exporting sudoers in JSON format, use the same type of Options - object for both Defaults and Cmnd_Specs. - [caa57043e197] +2014-09-03 Todd C. Miller -2014-02-17 Todd C. Miller + * lib/util/Makefile.in, src/Makefile.in: + regen + [2fcb390e8e89] - * compat/inet_pton.c: - Silence cppcheck false positive. - [b2781c42a80f] + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/parser/check_hexchar.c: + Add hexchar unit test + [de65e0ded4a2] - * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, - plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po: - sync with translationproject.org - [baba43a6d682] + * plugins/sudoers/regress/parser/check_addr.c: + Avoid division by zero if there was no test data. + [de3324077ba0] - * NEWS, doc/UPGRADE: - Mention init.d scripts on AIX and HP-UX Mention sudoers group - mismatch fix - [0259cb1f7cae] +2014-09-02 Todd C. Miller - * INSTALL: - Talk about clearing files at boot time, not reboot time since it - happens when the system comes up, not down. - [e8e480bc34fd] + * lib/util/event.c: + Remove confusing comment. + [ee1765a06b94] - * plugins/sudoers/sudoers.c: - We also need to open the sudoers file as root if there is a GID - mismatch. - [2fb2ba6fc4e6] + * lib/util/sudo_debug.c: + Use a stack buffer for the debug message when possible, most are + small. + [945fb94a7aaf] - * sudo.pp: - Install /etc/rc.d/init.d/sudo and /etc/rc.d/rc2.d/S90sudo for AIX - rpm packages. - [4aca1d318599] +2014-09-01 Todd C. Miller -2014-02-16 Todd C. Miller + * plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po, po/ca.mo, + po/ca.po: + Sync with translationproject.org + [661d536a7599] - * src/Makefile.in: - Remove init.d file and link in uninstall target. - [249a9f105cdd] +2014-08-31 Todd C. Miller - * configure, configure.ac, sudo.pp: - Fix INIT_DIR for real this time. - [5444eb1afbc5] + * src/exec.c: + Convert a debug printf to a user-visible warning. + [c3866eaea3ec] - * configure, configure.ac, sudo.pp: - Use correct init.d dir on HP-UX. Fix pp warnings from rc.d and - init.d dirs. - [809b54ef95f8] + * include/sudo_fatal.h, include/sudo_util.h, lib/util/fatal.c: + Move sudo_printf extern to sudo_util.h + [50275ef999e9] - * .hgignore, MANIFEST, configure, configure.ac, init.d/aix.sh.in, - init.d/hpux.sh.in, src/Makefile.in, sudo.pp: - First cut add installing an init.d file for HP-UX and AIX to remove - old sudo timestamp files at boot time. - [ec6d35c62d88] + * include/sudo_fatal.h, include/sudo_lbuf.h, lib/util/fatal.c, + lib/util/lbuf.c: + Some versions of the HP C Compiler don't export functions that take + function pointers as arguments unless a typedef is used. + [97cc0525dbd7] -2014-02-15 Todd C. Miller + * include/sudo_lbuf.h: + Work around a bug in the HP C compiler. + [5c902aefeba6] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: - Use .Ar macro instead of "file ..." Use ".Cm -" instead of ".Li -" - for the default login class. From Ingo Schwarze. - [f13ea603760e] + * lib/util/lbuf.c: + Don't need sudo_fatal.h + [bccfe4df4794] - * doc/sudo.conf.mdoc.in, doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in, - doc/sudoers.ldap.mdoc.in, doc/sudoers.mdoc.in, - doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in: - Remove some extraneous markup; from Ingo Schwarze - * No need to explicitly end a macro with No before | because | counts - as middle punctuation and falls out of the macro, anyway. - * No need to explicitly re-open in-line macros after | because | - counts as middle punctuation and the macros resume afterwards, - anyway. - * Simplify the mnemonic remarks regarding the option letters, no need - for manual font and spacing control with No and Ns. - * Trim Ns No to just Ns, it already implies No. - [cc63d66c6655] +2014-08-30 Todd C. Miller - * doc/sudoers.man.in, doc/sudoers.mdoc.in: - Move zerowidth space in :alpha: after the colon for consistency. - [799f6656c6e8] + * po/da.mo, po/da.po: + Sync with translationproject.org + [7910e3fc0f3e] - * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, - doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudoers.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, - doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, - doc/visudo.man.in: - regen - [14d682732b6f] + * src/exec.c: + Remove signal_event from evbase before calling sudo_ev_loopexit() + when the command has exited or been killed. It is possible that we + could receive another signal on the pipe if they are delivered out + of order. + [b8ed1c9482b4] - * doc/sudo.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in: - Remove extraneous keeps in SYNOPSIS now that mandoc does implied - keeps when converting from mdoc to man. - [0f48fc289f29] +2014-08-29 Todd C. Miller - * doc/sudoers.mdoc.in: - Properly escape the : in :alpha: - [e41d4533a55f] + * src/exec_pty.c: + Treat EOF on signal pipe (which should never happen) as ECONNRESET. + [eb57e9047a2c] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: - Replace some uses of .Sy with .Ar, .Ev and .Pa as appropriate. From - Jan Stary. - [90ec488905de] + * include/sudo_event.h, lib/util/event.c, src/exec_pty.c: + Don't allow sudo_ev_loopcont() to override sudo_ev_loopexit() + [b6b53eacbc61] -2014-02-12 Todd C. Miller + * include/sudo_event.h, lib/util/event.c, lib/util/event_poll.c, + lib/util/event_select.c: + Add some internal convenience functions. + [b01063d82347] - * plugins/sudoers/visudo_json.c: - Fix indentation of Defaults entries. The initial indent should be - outside the loop iterating over the entries. - [dc493c888fb2] +2014-08-26 Todd C. Miller -2014-02-11 Todd C. Miller + * sudo.pp: + Fix osrelease sed expression. It wasn't matching distros with a + single digit version such as sles9. + [44f3e9b7e6c0] - * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, - plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po: - sync with translationproject.org - [fc517bc0908e] + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo, + po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fi.mo, + po/fi.po, po/it.mo, po/it.po, po/nb.mo, po/nb.po, po/pl.mo, + po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/ru.mo, po/ru.po, po/uk.mo, + po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, po/zh_CN.po: + Sync with translationproject.org + [5b2c6063db75] - * common/aix.c, common/alloc.c, common/atoid.c, common/atomode.c, - common/fatal.c, common/gidlist.c, common/sudo_conf.c, - common/sudo_debug.c, compat/strsignal.c, compat/strtonum.c, - plugins/sudoers/audit.c, plugins/sudoers/bsm_audit.c, - plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, - plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, - plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, - src/locale_stub.c, src/net_ifs.c, src/sesh.c, src/sudo.h: - We must include gettext.h before missing.h as it includes system - headers. Also add missing DEFAULT_TEXT_DOMAIN defines in sudoers - audit code that does not include sudoers.h. - [3ac4aa43ce40] + * plugins/sudoers/iolog.c: + Return -1 from logging functions if we get a write error. + [a3ae43d54101] - * common/sudo_dso.c: - When emulating DSO_NEXT with shl_get() we need to skip the program's - handle. This used to be documented as being index -2 but now it - seems to be index 0. As this is not guaranteed we need to look up - the real handle value for PROG_HANDLE and skip it when interating - through all the DSOs. Fixes infinite recursion on HP-UX in the - getenv() replacement. - [ade1b3045232] + * NEWS: + Mention I/O plugin changes. + [0bd2e99fe87a] - * src/env_hooks.c: - Export getenv() so it is visible to shared objects we link with. - [1ac08446a3a7] + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, src/exec_pty.c: + Change behavior when plugin I/O logging function returns 0 or -1. + For -1 (error) return, we now kill the command and disable the I/O + logging function that returned the error. For a 0 (reject) return, + we no longer display the rejected output to the user's terminal. The + plugin API revision is now 1.6. + [27bb504860f3] -2014-02-08 Todd C. Miller + * doc/sudoers.cat: + regen to fix version. + [641ea29b7dd3] - * common/regress/atofoo/atofoo_test.c, - common/regress/sudo_conf/conf_test.c, - common/regress/sudo_parseln/parseln_test.c, - common/regress/tailq/hltq_test.c, - plugins/sudoers/regress/parser/check_fill.c: - Add some initprogname() calls to the test programs. - [e4320585a88b] + * plugins/sample/sample_plugin.c: + Add trivial dirty word check to the sample output logging function. + [a14494b87b4d] -2014-02-07 Todd C. Miller +2014-08-25 Todd C. Miller - * plugins/sudoers/po/sudoers.pot: - regen - [038d066a866d] - - * doc/UPGRADE: - Mention that there is now a default LDAP search filter. - [6351da3f8377] + * NEWS: + Update for 1.8.11b2 + [72ac1f26ba78] - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in: - Minor word choice change. - [7e59ab3eb453] + * src/sudo_edit.c: + Fix restoration of effective uid/gid in command_details. This masked + the effects an unset (really zero) egid. Bug 656 + [b75eed459386] - * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, - plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, - plugins/sudoers/ldap.c, plugins/sudoers/match.c: - Add use_netgroups sudoers option. For LDAP-based sudoers, netgroup - support requires an expensive substring match on the server. If - netgroups are not needed, this option can be disabled to reduce the - load on the LDAP server. - [e6bd6c103390] + * src/sudo.c: + Set runas egid to the same value as runas gid if egid not specified + by the plugin. Only affects new files created by sudoedit. Bug #656 + [f2daabba4912] -2014-02-06 Todd C. Miller + * src/sudo_edit.c: + Don't leak temp fd in sudo_edit_copy_tfiles(). Fix fd leak in error + path in sudo_edit_copy_tfiles(). + [465d6a79b5cf] - * plugins/sudoers/ldap.c: - Update copyright year. - [1299eed430a5] +2014-08-22 Todd C. Miller * NEWS: - Mention LDAP changes. - [512b1e363587] - - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c: - Use a default LDAP search filter of (objectClass=sudoRole). When - constructing the netgroup query, add (sudoUser=*) to the query so we - don't fall below the 3 character OpenLDAP substring threshold. - Otherwise the index for sudoUser will never be used for that query. - Pointed out by Michael Stroeder. - [54856973af41] + fix typo + [a4659abcbc1d] - * plugins/sudoers/timestamp.c: - Don't warn about an insecure lecture dir twice. Display warnings in - the user's locale. - [2c56b8b6d6f9] + * src/signal.c: + We write an unsigned char, not an int, to the signal pipe. + [fae4217be608] -2014-02-05 Todd C. Miller +2014-08-21 Todd C. Miller - * NEWS: - Mention the fix for ^Z at the password prompt when sudo was started - in the background. - [352d52ad1f7d] + * src/sudo_edit.c: + Sprinkle some debugging around uid/gid setting in sudoedit. + [15e4a337f0b0] - * common/term.c, src/exec_pty.c: - In term_restore(), only restores the terminal if we are in the - foregroup process group. Instead of calling tcgetpgrp(), which is - racy, we set a temporary handler for SIGTTOU and check whether it - was received after a failed call to tcsetattr(). - [94979d51daa2] + * src/sesh.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, + src/sudo_exec.h: + Make sudoedit work with SELinux RBAC. Adapted from RedHat patches + (Daniel Kopecek) but made to behave a bit more like the non-SELinux + bits. + [8f3f7969220f] - * MANIFEST, compat/getaddrinfo.c, compat/inet_pton.c, config.h.in, - configure, configure.ac, doc/LICENSE, include/missing.h, mkdep.pl, - plugins/sudoers/interfaces.c, plugins/sudoers/match_addr.c: - Use inet_pton() instead of inet_aton() and include a version from - BIND for those without it. - [fe61a27c76d3] + * src/sudo_edit.c: + Refactor code that copies temp files into separate functions. + [b1057f4bee87] - * common/regress/atofoo/atofoo_test.c: - Quiet a gcc warning. - [f197821892ea] + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Fix typo, .em should be .Em + [ec28aa3bdd6a] - * compat/getaddrinfo.c: - Need to include limits.h for USHRT_MAX. - [d1d8bd9a0e01] +2014-08-18 Todd C. Miller -2014-02-04 Todd C. Miller + * src/sesh.c: + Add missing call to initprogname(). + [71040679765f] - * common/term.c, include/sudo_util.h: - Use bool for function return values instead of 1 or 0. - [99e357c0800b] + * lib/util/sudo_debug.c, lib/util/sudo_printf.c: + Don't recurse infinitely until we blow the stack when the debug file + can't be opened in the front-end. The conversation-type debug mode + will be removed in the future. + [38cd1a6343c2] - * configure, configure.ac: - Warn the user if the rundir needs to be cleared in the rc files. - Neither AIX not HP-UX clear /var/run (if it even exists). - [6cdbf57a2f9e] +2014-08-15 Todd C. Miller - * NEWS: - Update for sudo 1.8.9p5 - [efb737c32615] + * sudo.pp: + Only use the first two digits of the version number. Fixes a problem + on RHEL 7 which has version numbers like 7.0.1406 + [272727fd57fb] - * .hgtags: - Added tag SUDO_1_8_9p5 for changeset 3ee678307ef4 - [f26286408d41] <1.8> + * plugins/sudoers/linux_audit.c: + Fix return value when kernel has no audit support. + [7ca1c9857058] - * NEWS, configure, configure.ac: - Update for sudo 1.8.9p5 - [3ee678307ef4] [SUDO_1_8_9p5] <1.8> + * lib/util/progname.c: + remove unused label + [4179ea1ffa3a] - * src/preserve_fds.c: - When the closefrom limit is greater than any of the preserved fds, - the pfds list will be non-empty but lastfd will be -1 triggering an - ecalloc(0) assertion. Instead, test for lastfd being -1 and make - sure we always update it, even if dup() fails. Also restore initial - value of lowfd after we are done relocating. Fixes bug #633 - [74edc1fb146e] <1.8> +2014-08-14 Todd C. Miller - * src/preserve_fds.c: - When the closefrom limit is greater than any of the preserved fds, - the pfds list will be non-empty but lastfd will be -1 triggering an - ecalloc(0) assertion. Instead, test for lastfd being -1 and make - sure we always update it, even if dup() fails. Also restore initial - value of lowfd after we are done relocating. Fixes bug #633 - [a11206a31f28] + * aclocal.m4, autogen.sh: + Update to automake 1.14 (no code changes). + [5e04db4f7c5d] - * common/term.c: - Document function return values. - [267bc85f6fbb] +2014-08-11 Todd C. Miller -2014-02-03 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document the interaction between sudoers environment handling and + the pam_env module. + [bd56868f078c] - * src/exec_pty.c: - term_restore() now restarts itself so we don't need to do it - ourselves. - [a17e885d0b0a] + * plugins/sudoers/env.c: + Don't allow pam_env to overwrite existing variables when env_reset + is disabled unless the variables match the black list and would + normally be removed. It may just be better to never overwrite when + env_reset is disabled. + [e0ae88fce535] - * common/term.c: - syscall restarting is broken on Mac OS X when interrupted by a tty - signal so restart tcsetattr() by hand. For details, see. - http://openradar.appspot.com/radar?id=6402578615107584 - [3997b2a0577e] +2014-08-09 Todd C. Miller - * MANIFEST, common/Makefile.in, common/regress/atofoo/atofoo_test.c: - Add regress for atobool(), atoid() and atomode() - [e1cbdf86d6e2] + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + Update year range to include 2014 + [6b3b5f3fa791] - * plugins/sudoers/Makefile.in: - Add back boottime.lo - [0b7ddc31e13e] +2014-08-08 Todd C. Miller - * INSTALL: - Mention that rundir and vardir may be the same and what to do if - they are. - [301df9a31d43] + * lib/util/Makefile.in: + Remove regress .err files in distclean target. + [d66a4f1db130] - * MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/boottime.c, plugins/sudoers/sudoers.h, - plugins/sudoers/timestamp.c: - Bring back boot time checking code and zero out time stamp files - that predate the boot time. This should help systems w/o /var/run - where the admin has setup rc.d to clear the timestamp directory. - [e09389a8b1ca] + * lib/util/Makefile.in, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in: + Remove generated files for linker as part of distclean. + [5d1bf6c32c6b] - * configure, configure.ac: - Check libraries for inet_pton() if not in libc. - [9f9bd83895e8] + * .hgignore: + Ignore .out and .err files in lib/util regress + [9f4d91e77c0f] -2014-02-02 Todd C. Miller + * NEWS: + Add additional 1.8.11 changes and fix typos. + [7980e2abb6ea] - * configure, configure.ac: - Fix clock_gettime() detection when it lives in librt. Some systems - have inet_aton() in libresolv (older Solaris). - [e5f7c8bc9a81] + * configure, configure.ac, plugins/sudoers/Makefile.in: + Avoid building/running the check_symbols test program unless we are + building a shared sudoers plugin. + [a6bde1a12111] - * sudo.pp: - Avoid duplicate directories if vardir and rundir are the same. - [c5df5ebc191b] + * plugins/sudoers/Makefile.in, src/Makefile.in: + Remove two instances of -no-fast-install that were missed before. + [8a2c89cdf252] - * plugins/sudoers/po/sudoers.pot: - regen - [740b2cc42fea] + * INSTALL, NEWS, configure, configure.ac, lib/util/Makefile.in: + Add --disable-shared-libutil configure option. It may only be used + in conjunction with the --enable-static-sudoers option. + [e19c71464399] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Elaborate on time stamp error message causes. - [2838fea2e21a] +2014-08-07 Todd C. Miller -2014-02-01 Todd C. Miller + * doc/Makefile.in: + Remove noop man.sed files Use full path instead of $@.in when + calling config.status with --file=- + [53c69928427e] - * sudo.pp: - Remove the time stamp dir and its contents when uninstalling. We - currently leave the lecture status files installed until there is a - better way to detect upgrades. - [61532b7113ff] + * src/preserve_fds.c: + Fix "sudo -C" when we have internal fds to preserve from + closefrom(). + [942db66345ea] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Update time stamp error messages and regen. - [edf570c98cd5] +2014-08-06 Todd C. Miller - * plugins/sudoers/timestamp.c: - Restore warning when sudoers is unable to update the time stamp - file. - [86648a771250] - - * INSTALL, Makefile.in, configure, configure.ac, doc/sudoers.mdoc.in, - m4/sudo.m4, plugins/sudoers/Makefile.in, sudo.pp: - Replace --with-timedir and --with-lecture_dir with --with-rundir and - --with-vardir which are the parent directories of the time stamp and - lecture dirs. These directories need to be searchable by non-root so - that the timestampowner setting can function. - [5c38d77a2d0c] + * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/env.c: + Add explicit support for matching the full environment string + (name=value). Bash functions may now be preserved for full matches, + but not for name-only matches. + [f4d816e11f66] - * plugins/sudoers/timestamp.c: - Fix use of timestampowner in the new time stamp world order. Parent - directories for timestampdir and lecture_dir are now created with - the execute bit set so that we can traverse them as non-root. - [9ff6f07c0a5d] +2014-08-05 Todd C. Miller -2014-01-31 Todd C. Miller + * .hgignore: + Ignore lib/util/util.exp + [e08306ca6a6d] - * common/Makefile.in, plugins/sample/Makefile.in, - plugins/sudoers/Makefile.in: - Regen Makefiles. - [59542bcdb222] +2014-07-30 Todd C. Miller - * common/sudo_debug.c, config.h.in, include/sudo_util.h, - plugins/sample/sample_plugin.c: - Move ctim_get and mtim_get to sudo_util.h - [d565391f5491] + * configure, configure.ac: + Fix exporting of asprintf/vasprintf symbols. + [5ff59bdeb501] - * plugins/sudoers/timestamp.c: - sprinkle some debug printfs and add function header comments - [1842d9b8170d] + * configure, configure.ac: + Don't export getaddrinfo symbols if we found the function in a + library. + [3bf4a5d3cfdb] - * plugins/sudoers/timestamp.c: - Properly handle the case where /var/run/sudo/ts doesn't exist. - [895f3ad6ad60] + * src/sudo_edit.c: + It is now sudo_efree() not efree(). Don't try to free a pointer to + garbage on error. + [51a1ddaa220d] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - fix typo - [50041ebb6ce6] + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + Regen .pot files + [8c46fe51d32e] - * NEWS: - Mention "sudo -K" change. - [e99bd7657aae] +2014-07-29 Todd C. Miller - * doc/UPGRADE: - Upgrade info for 1.8.10 - [0867718b9af5] + * src/sudo_edit.c: + Plug memory leak, even though we are headed for exit. + [e2b28ddffabe] -2014-01-30 Todd C. Miller + * configure, configure.ac, lib/util/Makefile.in, + plugins/sudoers/Makefile.in: + If getaddrinfo() is missing libsudoutil may need to pull in + networking libraries. + [4d6724d54927] - * plugins/sudoers/timestamp.c: - Warn on ftruncate failure(). - [d2081876da25] + * MANIFEST, configure, configure.ac, include/sudo_compat.h, + lib/util/Makefile.in, lib/util/util.exp, lib/util/util.exp.in, + m4/sudo.m4: + Only include functions in util.exp that are actually in the library. + Fixes a problem on Solaris where undefined functions that are listed + as exported in the map file result in a link error. Also make sure + we use our glob.c if the system is missing glob(). + [3121ad215f1e] - * plugins/sudoers/timestamp.c: - Fix checking of lecture status. - [e12d78234d17] + * configure, configure.ac: + Make sure shadow libs don't end up in LIBS, only SUDOERS_LIBS (and + SUDO_LIBS if set_auth_parameters() or initprivs() are present. + [fb084b157c76] - * mkpkg: - Do not override timedir on Debian. - [283fa2e69a0a] + * configure.ac: + No need to AC_SUBST HAVE_BSM_AUDIT and HAVE_SOLARIS_AUDIT + [5d73ccf3a7b9] - * common/event.c, common/event_select.c, include/missing.h, - plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c, - plugins/sudoers/visudo.c, src/sudo_edit.c: - Use sudo_timeval macros and remove compat macros from missing.h - [1de76d8b811e] +2014-07-28 Todd C. Miller - * INSTALL, MANIFEST, NEWS, compat/Makefile.in, compat/clock_gettime.c, - config.h.in, configure, configure.ac, doc/sudoers.cat, - doc/sudoers.man.in, doc/sudoers.mdoc.in, include/missing.h, - include/sudo_util.h, m4/sudo.m4, mkdep.pl, pathnames.h.in, - plugins/sudoers/Makefile.in, plugins/sudoers/boottime.c, - plugins/sudoers/check.h, plugins/sudoers/def_data.c, - plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, - plugins/sudoers/defaults.c, plugins/sudoers/sudoers.h, - plugins/sudoers/timestamp.c, src/Makefile.in: - Switch to new time stamp file format. Each user now has a single - file which may contain multiple records when per-tty time stamps are - in use (the default). The time stamps use a monotonic timer where - available and are once again stored in /var/run/sudo. The lecture - status is now stored separately from the time stamps in a different - directory. - [7e16eb37bacc] + * src/exec.c, src/exec_pty.c, src/sudo_exec.h: + Attempt to handle systems with SA_SIGINFO but that lack SI_USER. + [0c8b09861ad5] - * common/atomode.c: - Zero out errstr when there is no error; fixes bug #632 - [b92cf96181a2] <1.8> + * config.h.in, configure, configure.ac, include/sudo_compat.h: + Replace use of HAVE_GETCWD with PREFER_PORTABLE_GETCWD. It is safe + to assume getcwd() exists, we just need to handle broken ones. + [e897223a8f38] - * common/atomode.c: - Zero out errstr when there is no error; fixes bug #632 - [74950ef1a0dc] + * config.h.in, configure, configure.ac, plugins/sudoers/Makefile.in: + Add check for inet_ntoa() since it may live in libnsl. Make getcwd() + replacement private to the SunOS 4 section. + [8e2cd0fdd6cd] -2014-01-29 Todd C. Miller + * plugins/sudoers/match.c: + Avoid mixing declarations and code for non-C99 compilers. + [1fa5cf2356fd] - * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/check.c: - When listing a user's privileges, always prompt the user for their - own password, regardless of the value of target_pw, root_pw or - runas_pw. - [73a13ccc7933] + * include/sudo_debug.h: + For C89, use "const char __func__[]" instead of "const char + *__func__". + [c4e9f9d6691b] -2014-01-26 Todd C. Miller + * plugins/sudoers/match.c: + Fix compilation on systems w/o netgroups. + [57deb66ef8ff] - * configure, configure.ac, plugins/sudoers/interfaces.c, - plugins/sudoers/match_addr.c: - Use inet_aton() instead of inet_addr() as it allows us to - distinguish between the address (or mask 255.255.255.255) and an - error. In the future we may consider switching to inet_pton() for - IPv4 too. - [b6b4e4c77e9a] +2014-07-26 Todd C. Miller -2014-01-24 Todd C. Miller + * src/preserve_fds.c: + Back out old workaround for sudoedit hang when debugging was + enabled. + [f547bf80c436] - * include/missing.h: - Fix typo, ULONG_MAX vs. ULLONG_MAX - [e8c08b4c845a] <1.8> + * src/sudo_edit.c: + Don't memcpy() the preserved_fds TAILQ as the pointers into the head + will be wrong. All we need to do is save the old command details and + restore them after calling run_command(). Fixes a hang with sudoedit + when debugging is enabled. + [84ff8e1f490a] - * include/missing.h: - Fix typo, ULONG_MAX vs. ULLONG_MAX - [5d274daa9fb1] +2014-07-25 Todd C. Miller - * plugins/sudoers/sudo_nss.c: - Fix typo in the AIX case. - [5d4ee88e90a7] <1.8> + * src/sudo.c: + The default policy close function should only print an error message + if the error_code is non-zero. + [2032c9e33e3f] - * plugins/sudoers/sudo_nss.c: - Fix typo in the AIX case. - [ee531c950fce] + * src/preserve_fds.c: + If there the preserved fds list is empty, add a new element with + TAILQ_INSERT_HEAD instead of TAILQ_INSERT_TAIL to avoid an infinite + loop on AIX, Solaris and possibly others when debug mode is active. + [63cefe22c515] - * plugins/sudoers/sudo_nss.c: - Size pointer for sudo_parseln() should be size_t not ssize_t. This - was already correct for the nsswitch.conf case. - [982e95bf4a39] <1.8> + * lib/util/progname.c: + Remove support for getting program name via /proc as pr_fname is + usually filled in after symbolic links have been processed, even on + Solaris. + [0460c613753c] - * plugins/sudoers/sudo_nss.c: - Size pointer for sudo_parseln() should be size_t not ssize_t. This - was already correct for the nsswitch.conf case. - [cfaf895c1db4] + * lib/util/Makefile.in: + Use shlib_enable instead of soext when determining whether to + install the library. + [d46640a7733c] -2014-01-23 Todd C. Miller + * lib/util/regress/atofoo/atofoo_test.c: + Avoid potential division by zero + [6411d276a138] - * NEWS, common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in, - doc/sudo.conf.mdoc.in, include/sudo_conf.h, src/net_ifs.c: - It is now possible to disable network interface probing in sudo.conf - by changing the value of the probe_interfaces setting. - [e9dc28c7db60] + * lib/util/Makefile.in: + Don't link progname test with libsudo_util, just link in progname.lo + directly since that is all we need. Avoid a linker issue on darwin. + [ee6210ee5cc0] -2014-01-22 Todd C. Miller + * lib/util/progname.c: + Remove pstat_getproc() path as pst_ucomm on HP-UX will return the + target of a symbolic link and not the name of the link itself. Avoid + using pr_fname on AIX for the same reason. Bug 654 + [36aced8e3714] - * plugins/sudoers/match_addr.c: - If inet_addr() returns INADDR_NONE, return false instead of - iterating through the interfaces looking for a match that will never - happen. - [1559c301caec] + * MANIFEST, lib/util/Makefile.in, + lib/util/regress/progname/progname_test.c: + Add test for getprogname() and symbolic links; bug 654 + [fbbe9faeda46] - * configure, configure.ac, src/Makefile.in: - Add explicit dependency on sudoers.la to sudo target when sudoers is - compiled statically into the sudo binary. - [d08cc66e18bd] +2014-07-24 Todd C. Miller -2014-01-21 Todd C. Miller + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + Document tracing + [cfd7f14d596d] - * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, - plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, - plugins/sudoers/regress/iolog_path/check_iolog_path.c, - plugins/sudoers/sudoreplay.c, plugins/sudoers/timestr.c: - Do not assume localtime(), gmtime() and ctime() always return non- - NULL. - [a1b5b67436de] +2014-07-23 Todd C. Miller -2014-01-15 Todd C. Miller + * lib/util/util.exp: + sudo_term_{erase,kill} are regular symbols not functions. + [3454a9c1328b] - * Makefile.in, common/Makefile.in, compat/Makefile.in, - doc/Makefile.in, include/Makefile.in, - plugins/group_file/Makefile.in, plugins/sample/Makefile.in, - plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, - src/Makefile.in, zlib/Makefile.in: - Update copyright years - [37d2aaa92544] +2014-07-22 Todd C. Miller - * plugins/sudoers/visudo_json.c: - Eliminate dead store found by clang checker. - [86874d5340f1] + * plugins/sudoers/ldap.c: + Fix NULL deref if base64_decode returns -1. + [d03e207b1bb8] - * .hgtags: - Added tag SUDO_1_8_9p4 for changeset dd9558752283 - [af887ad59425] <1.8> + * MANIFEST, include/missing.h, include/sudo_compat.h, + lib/util/Makefile.in, lib/util/aix.c, lib/util/alloc.c, + lib/util/clock_gettime.c, lib/util/closefrom.c, lib/util/event.c, + lib/util/event_poll.c, lib/util/event_select.c, lib/util/fatal.c, + lib/util/fnmatch.c, lib/util/getaddrinfo.c, lib/util/getcwd.c, + lib/util/getgrouplist.c, lib/util/getline.c, lib/util/getopt_long.c, + lib/util/gidlist.c, lib/util/glob.c, lib/util/inet_pton.c, + lib/util/isblank.c, lib/util/key_val.c, lib/util/lbuf.c, + lib/util/locking.c, lib/util/memrchr.c, lib/util/memset_s.c, + lib/util/mksiglist.c, lib/util/mksigname.c, lib/util/mktemp.c, + lib/util/parseln.c, lib/util/progname.c, lib/util/pw_dup.c, + lib/util/regress/atofoo/atofoo_test.c, + lib/util/regress/fnmatch/fnm_test.c, + lib/util/regress/glob/globtest.c, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_parseln/parseln_test.c, + lib/util/regress/tailq/hltq_test.c, lib/util/secure_path.c, + lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c, + lib/util/snprintf.c, lib/util/strlcat.c, lib/util/strlcpy.c, + lib/util/strsignal.c, lib/util/strtobool.c, lib/util/strtoid.c, + lib/util/strtomode.c, lib/util/strtonum.c, lib/util/sudo_conf.c, + lib/util/sudo_debug.c, lib/util/sudo_dso.c, lib/util/sudo_printf.c, + lib/util/term.c, lib/util/ttysize.c, lib/util/utimes.c, + plugins/group_file/Makefile.in, plugins/group_file/getgrent.c, + plugins/group_file/group_file.c, plugins/sample/Makefile.in, + plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in, + plugins/sudoers/audit.c, plugins/sudoers/base64.c, + plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/hexchar.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/locale.c, plugins/sudoers/redblack.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/timestr.c, plugins/system_group/Makefile.in, + plugins/system_group/system_group.c, src/Makefile.in, + src/locale_stub.c, src/net_ifs.c, src/preload.c, + src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.h, + src/sudo_noexec.c: + Rename missing.h -> sudo_compat.h + [ddcc945a0f87] - * NEWS, configure, configure.ac: - Update for sudo 1.8.9p4 - [dd9558752283] [SUDO_1_8_9p4] <1.8> + * MANIFEST, include/secure_path.h, include/sudo_util.h, + lib/util/Makefile.in, lib/util/secure_path.c, lib/util/sudo_conf.c, + plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Merge secure_path.h -> sudo_util.h + [0385dfbf2e2d] - * NEWS, configure, configure.ac: - Update for sudo 1.8.9p4 - [f79ab7c6c1c5] + * include/secure_path.h, include/sudo_alloc.h, include/sudo_conf.h, + include/sudo_dso.h, include/sudo_event.h, include/sudo_fatal.h, + include/sudo_lbuf.h, include/sudo_util.h, lib/util/aix.c, + lib/util/alloc.c, lib/util/event.c, lib/util/fatal.c, + lib/util/gidlist.c, lib/util/key_val.c, lib/util/lbuf.c, + lib/util/locking.c, lib/util/parseln.c, lib/util/secure_path.c, + lib/util/setgroups.c, lib/util/strtobool.c, lib/util/strtoid.c, + lib/util/strtomode.c, lib/util/sudo_conf.c, lib/util/sudo_dso.c, + lib/util/term.c, lib/util/ttysize.c, lib/util/util.exp, + plugins/sudoers/locale.c, src/locale_stub.c: + Version the functions in libsudo_util + [c6d6eba95bb4] - * common/sudo_debug.c, include/sudo_debug.h, src/preserve_fds.c: - When relocating fds, update the debug fd if it is set so we are - guaranteed to get debugging output. - [09a89709b9c4] <1.8> +2014-07-21 Todd C. Miller - * common/sudo_debug.c, include/sudo_debug.h, src/preserve_fds.c: - When relocating fds, update the debug fd if it is set so we are - guaranteed to get debugging output. - [b1deaa472aa6] + * include/gettext.h, include/sudo_gettext.h, lib/util/Makefile.in, + lib/util/aix.c, lib/util/alloc.c, lib/util/fatal.c, + lib/util/gidlist.c, lib/util/strsignal.c, lib/util/strtoid.c, + lib/util/strtomode.c, lib/util/strtonum.c, lib/util/sudo_conf.c, + lib/util/sudo_debug.c, plugins/sudoers/Makefile.in, + plugins/sudoers/audit.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + src/Makefile.in, src/locale_stub.c, src/net_ifs.c, src/sesh.c, + src/sudo.h: + Rename gettext.h -> sudo_gettext.h + [7f6b44473b8f] -2014-01-14 Todd C. Miller + * include/fatal.h, include/sudo_fatal.h, lib/util/Makefile.in, + lib/util/aix.c, lib/util/alloc.c, lib/util/event.c, + lib/util/event_poll.c, lib/util/event_select.c, lib/util/fatal.c, + lib/util/getopt_long.c, lib/util/gidlist.c, lib/util/lbuf.c, + lib/util/regress/atofoo/atofoo_test.c, + lib/util/regress/tailq/hltq_test.c, lib/util/sudo_conf.c, + lib/util/sudo_debug.c, plugins/sudoers/Makefile.in, + plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/locale.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + src/Makefile.in, src/locale_stub.c, src/net_ifs.c, + src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.h: + Rename fatal.h -> sudo_fatal.h + [bef3401dbb24] - * src/exec.c: - If the event loop exits due to an error and we are not logging I/O, - kill the command if still running. Fixes a bug where sudo could exit - while the command was still running. - [9c108f87b6a2] <1.8> + * include/queue.h, include/sudo_conf.h, include/sudo_event.h, + include/sudo_queue.h, lib/util/Makefile.in, lib/util/fatal.c, + lib/util/regress/tailq/hltq_test.c, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + src/Makefile.in, src/hooks.c: + Rename queue.h -> sudo_queue.h to avoid collisions with the system + version. + [473614fdde5a] - * src/exec.c: - If the event loop exits due to an error and we are not logging I/O, - kill the command if still running. Fixes a bug where sudo could exit - while the command was still running. - [844018ff8a8c] + * include/sudo_debug.h, lib/util/sudo_debug.c: + Conver sudo_debug_write() to a macro + [0f110f27a23c] - * src/preserve_fds.c: - When relocating preserved fds, start with the highest ones first to - avoid moving fds around more than we have to. Now uses a bitmap to - keep track of which fds are being preserved. Fixes a bug where the - debugging fd could be relocated to the same fd as the error - backchannel temporarily, resulting in debugging output being printed - to the backchannel if util@debug was enabled. - [0c9606ee7ba5] <1.8> +2014-07-17 Todd C. Miller - * src/preserve_fds.c: - When relocating preserved fds, start with the highest ones first to - avoid moving fds around more than we have to. Now uses a bitmap to - keep track of which fds are being preserved. Fixes a bug where the - debugging fd could be relocated to the same fd as the error - backchannel temporarily, resulting in debugging output being printed - to the backchannel if util@debug was enabled. - [55e006dbeaf3] + * doc/fixman.sh, doc/fixmdoc.sh: + Fix man page post-processing; it was deleting more than intended. + [716af03dcfb7] - * src/preserve_fds.c: - When restoring fds traverse list from high -> low, not low -> high - to avoid implicitly closing an fd we want to relocate. - [36380b9c4c0b] <1.8> +2014-07-16 Todd C. Miller - * src/preserve_fds.c: - When restoring fds traverse list from high -> low, not low -> high - to avoid implicitly closing an fd we want to relocate. - [6351225f47d7] + * doc/Makefile.in: + Remove double $(srcdir) when running sed scripts. + [16add67ae550] - * src/exec.c: - If not logging I/O we may get EOF when the command is executed and - the other end of the backchannel is closed. Just remove the - backchannel event in this case or we will continue to receive the - event. Bug #631 - [8b45840a91c0] <1.8> + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + "an EXEC tag" not "a EXEC tag" + [9ac1b8e322f9] - * src/exec.c: - If not logging I/O we may get EOF when the command is executed and - the other end of the backchannel is closed. Just remove the - backchannel event in this case or we will continue to receive the - event. Bug #631 - [a204b69d91f7] + * doc/sudoers.cat: + Document that I/O logging is not enabled by default. + [08fca95dd5a4] - * src/po/sr.mo, src/po/sr.po: - sync with translationproject.org - [987087ce4658] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document that exec_background is off by default. + [87fe5defff58] -2014-01-13 Todd C. Miller +2014-07-14 Todd C. Miller - * .hgtags: - Added tag SUDO_1_8_9p3 for changeset 37fc8a4e815c - [89d8e653c664] <1.8> + * src/sesh.c: + Error out if sesh is run as a login shell but the shell it needs to + run has no slash. This shouldn't happen in practice. + [10ff502888ee] - * src/ttyname.c: - Fix strtonum() usage when parsing /proc/self/stat on Linux. Bug #630 - [37fc8a4e815c] [SUDO_1_8_9p3] <1.8> + * MANIFEST, include/compat/mksiglist.h, include/compat/mksigname.h, + lib/util/Makefile.in, lib/util/mksiglist.c, lib/util/mksiglist.h, + lib/util/mksigname.c, lib/util/mksigname.h: + Move mksiglist.h and mksigname.h to lib/util where they belong. + [d01046c69060] - * src/ttyname.c: - Fix strtonum() usage when parsing /proc/self/stat on Linux. Bug #630 - [3448dffe9701] + * config.h.in, configure, configure.ac, include/missing.h, + lib/util/progname.c, lib/util/util.exp, plugins/sudoers/Makefile.in: + Avoid passing -no-fast-install to libtool as this results in the + build dir being left in the library path of the installed + executable. Instead, we remove the "lt-" prefix from the program + name in initprogname() so that the regress test output is unaffected + by libtool's binary wrapper. + [75d1563e95b4] - * NEWS, configure, configure.ac: - Update for sudo 1.8.9p3 - [9ae534bdf6c5] <1.8> + * sudo.pp: + Fix syntax error with some shells. + [91e8da7702c5] - * NEWS, configure, configure.ac: - Update for sudo 1.8.9p3 - [22e5a6f69999] +2014-07-13 Todd C. Miller - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: - Do not leak old istack if realloc fails; found by cppcheck. Also - modify yyless() to avoid a harmless cppcheck warning every time it - is used. - [021077017a23] + * configure, configure.ac: + Force libtool to use runtime linking on AIX so that it installs the + plugins as .so files and not .a files. + [ae66488bd9ca] - * common/term.c: - Add suppression line to quiet a bogus (inconclusive) cppcheck - warning. - [065207271e5d] + * plugins/sudoers/ldap.c: + Be sure to NUL-terminate the decoded secret when converting from + base64. + [b3dc463c8882] - * plugins/group_file/plugin_test.c: - Make this compile again - [f0ff8df475e8] + * plugins/sudoers/ldap.c: + Fix a pointer signednes warning calling base64_decode(). + [74f7354867a3] - * plugins/sudoers/logwrap.c: - Remove dead store; found by cppcheck - [a59833af3401] - - * Makefile.in, common/Makefile.in, compat/Makefile.in, - doc/Makefile.in, include/Makefile.in, - plugins/group_file/Makefile.in, plugins/sample/Makefile.in, - plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, - src/Makefile.in, zlib/Makefile.in: - Add cppcheck target to run cppcheck on all source files. - [d207c2ef49a2] - -2014-01-11 Todd C. Miller + * lib/util/getgrouplist.c: + Use sudo_strtoid() now that it is located in the same library. + [4868532e2d65] - * .hgtags: - Added tag SUDO_1_8_9p2 for changeset 25da8040f402 - [ed8a0ba4ec58] <1.8> + * lib/util/strtoid.c: + Skip leading space (ala strtol) so that we can pick up the sign even + if it is not the first character of the string. + [148ee633c6a4] - * NEWS, config.h.in, configure, configure.ac: - Merge sudo 1.8.9p2 from trunk - [25da8040f402] [SUDO_1_8_9p2] <1.8> +2014-07-12 Todd C. Miller -2014-01-09 Todd C. Miller + * plugins/sudoers/sudoers.c: + For sudoedit, audit the actual editor being run, not just the + sudoedit command. + [59a5b0ad36af] - * NEWS, configure, configure.ac: - Update for sudo 1.8.9p2 - [2e7fe6e371a4] + * src/selinux.c: + Audit failed user role changes. RedHat bz #665131 + [cf9777687124] - * config.h.in, configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, - m4/ltsugar.m4, m4/ltversion.m4, m4/lt~obsolete.m4: - Update to libtool-2.4.2.418 - [d1dbed89d733] + * plugins/sudoers/Makefile.in: + Avoid running check_symbols for static sudoers + [71b13bada1ce] - * config.guess, config.sub: - Update from http://git.savannah.gnu.org/gitweb/?p=config.git - [2b5e32d23be5] + * plugins/sudoers/regress/visudo/test3.err.ok, + plugins/sudoers/regress/visudo/test3.sh: + Adapt to unused alias changes. + [4b58e36c3d8f] -2014-01-08 Todd C. Miller + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, + plugins/sudoers/visudo.c: + An unused alias is not really an error, even in strict mode. RedHat + bz #604297 + [f10b3b7ec5a6] * src/sesh.c: - Quiet a cppcheck warning about a negative subscript. - [ab98b72f5bdf] + When running a login shell via sesh, make new argv[0] -shell, not + /path/to-shell. RedHat bz #1065418 + [414cb512f102] - * src/exec_common.c, src/selinux.c, src/sesh.c, src/sudo_exec.h: - Make noexec parameter to sudo_execve() bool. - [daa75e4c248a] +2014-07-11 Todd C. Miller - * plugins/sudoers/sudoreplay.c: - Quiet a few innocuous cppcheck warnings. - [90ffa16d27b1] + * sudo.pp: + The RHEL sudo package allows users in group wheel to run sudo. + [9f22020a57cf] - * plugins/sudoers/sssd.c: - Handle in_res being NULL for sudo_debug_printf() in - sudo_sss_filter_result(). - [8595cc05d2a8] + * Makefile.in, sudo.pp: + Avoid packaging parent directories when they are system directories. + Currently we just skip this when prefix is /usr + [93ccede545cd] - * plugins/sudoers/iolog.c: - When writing length to timing file, use %u not %d as it is unsigned. - [a7f2fcb6919e] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Fix typo: sudo.d -> sudoers.d. From RedHat bz #726634 + [1c99a4fd9c7d] - * plugins/sudoers/visudo_json.c: - Close export_fp in the error path too, but do not close stdout. - [5c918718ab45] + * mkpkg: + RHEL 6 and above use /etc/sudo-ldap.conf not /etc/ldap.conf + [ce3216e4390a] - * plugins/sudoers/auth/secureware.c: - Move right brace outside #ifdef HAVE_DISPCRYPT; found by cppcheck. - [f2619d2eb7a8] + * pp: + For rpm, do not specify a mode in %attr for symbolic links. Avoids + the warning "Explicit %attr() mode not applicaple to symlink" + [3f5a80ed5081] - * NEWS: - Sudo 1.8.9 also fixes bug #617 - [cc5c18228719] +2014-07-10 Todd C. Miller -2014-01-07 Todd C. Miller + * include/sudo_alloc.h, lib/util/aix.c, lib/util/event.c, + lib/util/event_poll.c, lib/util/event_select.c, lib/util/fatal.c, + lib/util/lbuf.c, lib/util/sudo_conf.c, plugins/sudoers/alias.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/env.c, plugins/sudoers/find_path.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/locale.c, plugins/sudoers/logging.c, + plugins/sudoers/match.c, plugins/sudoers/policy.c, + plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/redblack.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, src/exec.c, + src/exec_common.c, src/exec_pty.c, src/hooks.c, src/load_plugins.c, + src/net_ifs.c, src/preserve_fds.c, + src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sudo.c, + src/ttyname.c: + efree -> sudo_efree for consistency + [7dfd16fbb6cf] - * .hgtags: - Added tag SUDO_1_8_9p1 for changeset 533cffd52bf7 - [2396eb3187be] <1.8> + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat, + doc/sudoers.cat, doc/sudoreplay.cat, doc/visudo.cat: + regen + [a1d38600d34c] - * NEWS, configure, configure.ac, plugins/sudoers/iolog.c: - Merge sudo 1.8.9p1 from trunk. - [533cffd52bf7] [SUDO_1_8_9p1] <1.8> + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c: + Add support for base64 secrets in ldap.conf and ldap.secret. Based + on an idea from anthony AT rlost DOT com + [4999b78f8b6d] - * NEWS: - The fix for the hang was already in the 1.8.9 tarballs. - [f038ebcc1071] +2014-07-09 Todd C. Miller - * NEWS, configure, configure.ac: - Update for sudo 1.8.9p1 - [732fca0003cf] + * mkpkg: + Don't use the HP compiler in preference to gcc. Some versions have + trouble compiling lbuf.c. + [322daf03ab6f] - * common/atobool.c, common/event.c, plugins/sudoers/iolog.c, - plugins/sudoers/parse.h, src/exec.c, src/preserve_fds.c: - Update copyright year. - [fdeb5956810e] +2014-07-08 Todd C. Miller - * plugins/sudoers/parse.h: - Go back to making the bit fields in struct cmndtag explicitly - signed. This fixes a problem on gcc 4.8 (at least) which appears to - be treating the value as unsigned by default. - [46b9a7bb10ac] + * configure, configure.ac, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in: + Remove @SOEXT@ and @SHLIB_EXT@ now that we use libtool to install + shared objects. Instead, use the new @SHLIB_ENABLE@ that is set to + the value of $enable_dlopen. For sudo_noexec.so there is nothing + special to do since the install-noexec target is only called when + noexec is enabled by configure. + [4447190f212b] - * common/atobool.c: - Use debug_return_int() instead of bare return for debugging support. - [c273f822de5f] + * configure, configure.ac: + Make dynamic shared objects non-writable on HP-UX. Using writable + DSOs can substantially increase the load time. + [8715aff11063] -2014-01-06 Todd C. Miller + * include/fatal.h, lib/util/fatal.c, lib/util/util.exp, + plugins/sudoers/locale.c, src/locale_stub.c: + Add sudo_warn_strerror() that wraps strerror() with calls to + setlocale() in sudoers so we always get the error string in the + user's locale. Also change _warning() to take the error number as a + parameter instead of examining errno. + [cc38a8389a7b] - * common/event.c: - Fix infinite loop that could be triggered by sudo_ev_loopbreak() and - sudo_ev_loopcontinue(). - [1723561c46b0] +2014-07-03 Todd C. Miller - * .hgtags: - Added tag SUDO_1_8_9 for changeset 022007ba7bb4 - [0025b0b10716] <1.8> + * Makefile.in, lib/util/Makefile.in, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in: + Avoid a cppcheck warning when NSIG is not defined. + [f8e5e92bab60] - * INSTALL, Makefile.in, NEWS, common/Makefile.in, common/list.c, - compat/dlfcn.h, compat/dlopen.c, compat/getprogname.c, - compat/nanosleep.c, config.h.in, configure, configure.ac, - configure.in, doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, - doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, - doc/visudo.cat, doc/visudo.man.in, include/list.h, mkpkg, - plugins/group_file/Makefile.in, plugins/sudoers/Makefile.in, - plugins/sudoers/check.c, plugins/sudoers/env.c, - plugins/sudoers/iolog.c, plugins/sudoers/logging.c, - plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, - src/Makefile.in, src/exec_pty.c, src/load_plugins.c, - src/parse_args.c, src/po/sudo.pot, src/sudo.c, src/ttyname.c: - Merge sudo 1.8.9 from trunk. - [022007ba7bb4] [SUDO_1_8_9] <1.8> + * include/missing.h: + Fix typos in utimes/futimes macros. + [10f022d933c2] - * NEWS: - Update for 1.8.9 final. - [d49c14d21410] +2014-07-01 Todd C. Miller -2014-01-04 Todd C. Miller + * configure: + regen + [e351d905c0c9] - * plugins/sudoers/iolog.c: - Handle a sequence file with no trailing newline. - [aa29306e4f6d] + * configure.ac: + Fix sudo when --disable-shared configure option was specified. + [07899f6b43f0] -2014-01-03 Todd C. Miller + * configure, m4/libtool.m4: + Do not set an internal name for HP-UX modules, only archives. This + works around a problem with some versions of HP-UX ld where setting + an internal name that doesn't end in .sl causes link errors. + [9a049adb22aa] - * plugins/sudoers/iolog.c: - Truncate io log and timing files on open when recycling them. Only - an issue when the sequence number wraps around. - [01b2dfe15ff0] + * plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/system_group/Makefile.in: + Never build build static versions of other plugins. + [52123c4c17bc] - * plugins/sudoers/iolog.c: - Repair reading of the iolog sequence number that got broken when - adding stricter strtoul() checks. - [e0f4a11c3437] + * lib/util/Makefile.in: + Don't build a static libsudo_util.a unless we are linking sudoers + statically. + [9c3327977dff] - * src/exec.c: - If invoked as sudoedit we can't just exec the command directly since - the temporary files need to be updated before sudo exits. - [508503be1c4f] +2014-06-29 Todd C. Miller - * src/preserve_fds.c: - Fix restoration of the close-on-exec flag when moving a relocated fd - back into its original position. - [5572f1f8b48a] + * configure, configure.ac, lib/util/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + Use libtool to install/uninstall the plugins and sudo_noexec. + [18ae09c53f2e] -2014-01-02 Todd C. Miller + * configure, ltmain.sh, m4/libtool.m4: + Fix my typos in the HP-UX libtool patch + [6e70066d86bb] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Add "see below" to reference "Secure editing" section in "Preventing - shell escapes". - [b2db990a36b3] - -2014-01-01 Todd C. Miller - - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Add initial "Secure editing" section. - [0d7a192e0e25] - - * doc/LICENSE: - Update copyright year. - [4a639d9207a9] - -2013-12-31 Todd C. Miller - - * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, - plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, src/po/eo.mo, - src/po/eo.po, src/po/fi.mo, src/po/fi.po: - sync with translationproject.org - [5c15a411b10d] - - * plugins/sudoers/policy.c: - Make user_cwd and user_tty dynamically allocated even for the - "unknown" case. - [015454bf97f8] - -2013-12-30 Todd C. Miller - - * configure, configure.ac: - Use -fstack-protector-strong in preference to -fstack-protector-all - or -fstack-protector. - [bdd1066eefc4] - - * doc/HISTORY: - Dell acquired Quest - [3d5b7d27a313] - -2013-12-29 Todd C. Miller - - * plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/ru.mo, - src/po/ru.po, src/po/vi.mo, src/po/vi.po: - sync with translationproject.org - [f964671d08ce] - -2013-12-28 Todd C. Miller - - * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, - plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, - plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, - plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, - plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, - plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, - plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, - src/po/cs.mo, src/po/cs.po, src/po/da.mo, src/po/da.po, - src/po/it.mo, src/po/it.po, src/po/pl.mo, src/po/pl.po, - src/po/pt_BR.mo, src/po/pt_BR.po, src/po/uk.mo, src/po/uk.po, - src/po/zh_CN.mo, src/po/zh_CN.po: - sync with translationproject.org - [5f5becf5fb7a] - - * doc/sudoers.ldap.cat: - regen - [77745e6bc0d5] +2014-06-27 Todd C. Miller * NEWS: - Update for recent changes. - [365b9084268a] - - * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, - plugins/sudoers/visudo.c: - Fix typo; we want setlocale(LC_ALL, "") since we are setting the - locale for the first time. - [e2b9660e9d48] - -2013-12-27 Todd C. Miller - - * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, - plugins/sudoers/visudo.c: - Use sudoers_initlocale() in main() startup, not sudoers_setlocal() - as the latter assumes we are already in the user's locale which may - not be the case. For sudoreplay, we can just use setlocale() - directly as there is no sudoers locale. - [12235e50dea0] - -2013-12-24 Todd C. Miller - - * src/preserve_fds.c, src/sudo.c, src/sudo.h: - Redo preserve_fds support to remap high fds so we can get the most - out of closefrom(). The fds are then restored after closefrom(). - [7d712ec49db7] - - * plugins/sudoers/Makefile.in: - Fix install-plugin when sudoers is compiled statically. - [36a8bf3b588d] - -2013-12-20 Todd C. Miller + Mention Solaris audit. + [d90efa19ca16] - * MANIFEST, common/sudo_debug.c, doc/sudo_plugin.cat, - doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, - include/sudo_debug.h, include/sudo_plugin.h, src/Makefile.in, - src/exec.c, src/exec_pty.c, src/preserve_fds.c, src/sudo.c, - src/sudo.h, src/sudo_exec.h: - Add support for preventing fds from getting clobbered by - closefrom(). - [269f45964ff0] + * INSTALL, MANIFEST, config.h.in, configure, configure.ac, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/audit.c, + plugins/sudoers/solaris_audit.c, plugins/sudoers/solaris_audit.h: + Add Solaris audit support; from Gary Winiger at Oracle. + [6f68a27e53f5] -2013-12-19 Todd C. Miller + * MANIFEST: + Sync MANIFEST with file name changes. + [d9958df5f9da] - * plugins/sudoers/Makefile.in: + * plugins/sudoers/toke.c: regen - [b8f458379b5b] - -2013-12-18 Todd C. Miller - - * common/alloc.c: - Need to include limits.h here too. - [b53c6edef597] - -2013-12-17 Todd C. Miller + [ad82b20093c3] - * config.h.in, configure, configure.ac, plugins/sudoers/parse.h: - No need to use __signed. - [05f9648d1953] + * include/sudo_util.h, lib/util/Makefile.in, lib/util/atobool.c, + lib/util/atoid.c, lib/util/atomode.c, lib/util/getgrouplist.c, + lib/util/gidlist.c, lib/util/regress/atofoo/atofoo_test.c, + lib/util/strtobool.c, lib/util/strtoid.c, lib/util/strtomode.c, + lib/util/sudo_conf.c, lib/util/util.exp, + plugins/group_file/getgrent.c, plugins/sudoers/defaults.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/policy.c, + plugins/sudoers/pwutil.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo_json.c, + plugins/system_group/system_group.c, src/sudo.c: + atobool -> sudo_strtobool atoid-> sudo_strtoid atomode -> + sudo_strtomode + [aefe6f09f4a4] - * plugins/sudoers/regress/logging/check_wrap.c: - Need limits.h here too. - [54aac3bbf66a] + * lib/util/alloc.c, lib/util/event_select.c: + Fix regexp damage when renaming erecalloc() -> sudo_erecalloc() + [d772a34032cc] - * compat/closefrom.c: - Still need limits.h here. - [0abc6b2be208] + * src/sudo_edit.c: + Handle systems like AIX that lack a way to set the modification time + on open fds. + [b93c0a55c21b] - * plugins/sudoers/po/sudoers.pot: - regen - [386b47ced07f] + * MANIFEST: + update MANIFEST for alloc.h -> sudo_alloc.h change + [ce240c682554] - * compat/closefrom.c: - Go back to using /proc/self/fd instead of /proc/$$/fd as only AIX - lacks /proc/self and it has F_CLOSEM. - [b5735fbcfdce] + * include/alloc.h, include/sudo_alloc.h, lib/util/Makefile.in, + lib/util/aix.c, lib/util/alloc.c, lib/util/event.c, + lib/util/event_poll.c, lib/util/event_select.c, lib/util/fatal.c, + lib/util/gidlist.c, lib/util/lbuf.c, lib/util/sudo_conf.c, + lib/util/sudo_debug.c, lib/util/util.exp, + plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/defaults.c, + plugins/sudoers/env.c, plugins/sudoers/find_path.c, + plugins/sudoers/getspwuid.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, + plugins/sudoers/logging.c, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/policy.c, + plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/redblack.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/Makefile.in, src/conversation.c, src/env_hooks.c, src/exec.c, + src/exec_common.c, src/exec_pty.c, src/hooks.c, src/load_plugins.c, + src/net_ifs.c, src/parse_args.c, src/preserve_fds.c, + src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c, + src/sudo.c, src/sudo.h, src/sudo_edit.c, src/ttyname.c: + Add sudo_ prefix to alloc.c functions and rename alloc.h -> + sudo_alloc.h + [3a19f5391442] -2013-12-16 Todd C. Miller + * lib/util/fatal.c: + Remove extra sudo_ prefix from vfatalxnodebug and vfatalx_nodebug. + [819ad8075005] - * plugins/sudoers/visudo_json.c: - Use a switch to map digest type to name instead of an array of - strings. - [ab17ceb4dd60] + * MANIFEST, include/fileops.h, include/sudo_util.h, + lib/util/Makefile.in, lib/util/fileops.c, lib/util/locking.c, + lib/util/parseln.c, lib/util/regress/sudo_parseln/parseln_test.c, + lib/util/sudo_conf.c, plugins/sudoers/Makefile.in, + plugins/sudoers/sudoers.h, src/Makefile.in, src/sudo.h: + Split fileops.c into parseln.c and locking.c + [361ea81e88d9] - * compat/closefrom.c: - Use /dev/fd in closefrom() on FreeBSD < 8.0 and Mac OS X. - [e70df3b3144b] + * include/fatal.h, include/gettext.h, lib/util/aix.c, + lib/util/alloc.c, lib/util/fatal.c, lib/util/getopt_long.c, + lib/util/gidlist.c, lib/util/regress/atofoo/atofoo_test.c, + lib/util/regress/tailq/hltq_test.c, lib/util/sudo_conf.c, + lib/util/util.exp, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/defaults.c, + plugins/sudoers/env.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, + plugins/sudoers/logging.c, plugins/sudoers/match.c, + plugins/sudoers/policy.c, plugins/sudoers/prompt.c, + plugins/sudoers/pwutil.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, + plugins/sudoers/visudo_json.c, src/exec.c, src/exec_common.c, + src/exec_pty.c, src/hooks.c, src/load_plugins.c, src/locale_stub.c, + src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c, + src/signal.c, src/solaris.c, src/sudo.c, src/sudo_edit.c, + src/tgetpass.c, src/ttyname.c, src/utmp.c: + Rename warning/fatal -> sudo_warn/sudo_fatal to avoid namespace + pollution in libsudo_util.so. + [4eb69f501113] - * compat/snprintf.c: - Remove _MAX and _MIN compat; we rely on missing.h for that. We - already require the compiler handle long long so there's no need to - use HAVE_LONG_LONG_INT everywhere. - [2bda15071439] +2014-06-26 Todd C. Miller - * common/ttysize.c, include/missing.h: - Remove _MAX and _MIN defines that any system from the last 20 years - should have. Add ULLONG_MAX in case it is missing. - [2db0cee4aaa8] + * include/sudo_util.h, lib/util/term.c, lib/util/ttysize.c, + lib/util/util.exp, plugins/sudoers/sudoreplay.c, src/exec_pty.c, + src/sudo.c, src/tgetpass.c: + Reduce name space pollution in libsudo_util.so + [215e4413529a] - * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, - plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c: - Change visudo -x to take a file name argument, which may be '-' to - write the exported sudoers file to stdout. - [84cb72c3c391] + * src/solaris.c: + Use sudo_dso_load() from libsudo_util.so instead of dlopen() since + we no longer link sudo directly with libdl.so. + [fe6942873c2d] - * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/parse.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + * MANIFEST, Makefile.in, doc/Makefile.in, include/alloc.h, + include/compat/fnmatch.h, include/compat/getaddrinfo.h, + include/compat/getopt.h, include/compat/glob.h, + include/compat/sha2.h, include/fatal.h, include/fileops.h, + include/lbuf.h, include/missing.h, include/secure_path.h, + include/sudo_conf.h, include/sudo_debug.h, include/sudo_dso.h, + include/sudo_event.h, include/sudo_util.h, install-sh, + lib/util/Makefile.in, lib/util/fatal.c, lib/util/getaddrinfo.c, + lib/util/pw_dup.c, lib/util/regress/fnmatch/fnm_test.c, + lib/util/sudo_dso.c, lib/util/sudo_printf.c, lib/util/term.c, + lib/util/util.exp, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/sudoers/match.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/visudo.c, - plugins/sudoers/visudo_json.c, src/regress/ttyname/check_ttyname.c: - Move symbol extern defs into sudoers.h - [b631a0b57fae] + plugins/system_group/Makefile.in, src/Makefile.in, src/parse_args.c, + src/preload.c: + Add exported libsudo_util functions to util.exp and mark in headers + using __dso_public. + [18faff6ab915] - * plugins/sudoers/regress/check_symbols/check_symbols.c, - plugins/sudoers/regress/logging/check_wrap.c: - Add missing sudo_util.h - [ed0edc2e2d0c] + * include/fatal.h, lib/util/fatal.c, lib/util/util.exp, + plugins/sudoers/iolog.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c: + Remove use of setjmp/longjmp in the sudoers plugin. We no longer + call fatal() except in the malloc wrappers and due to libsudo_util + there is now a single copy of fatal/fatalx. + [109407210f9c] -2013-12-14 Todd C. Miller + * NEWS, configure, configure.ac: + Sudo 1.8.11 + [5fb775825aab] - * plugins/sudoers/sudoreplay.c: - Warn if the time stamp in the I/O log file does not fit in time_t. - Warn if the info line is not well-formed instead of silently - ignoring it. - [37a050de5be5] + * include/fileops.h, lib/util/fileops.c, lib/util/util.exp, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/timestamp.c, + plugins/sudoers/visudo.c, src/sudo_edit.c: + Remove touch() from fileops.c and just call utimes/futimes directly. + Rename lock_file -> sudo_lock_file to avoid namespace pollution + [ec08128b6900] -2013-12-13 Todd C. Miller + * MANIFEST, include/sudo_util.h, lib/util/Makefile.in, + lib/util/fmt_string.c, lib/util/key_val.c, lib/util/util.exp, + plugins/sample/sample_plugin.c, plugins/sudoers/policy.c, + src/Makefile.in, src/exec_common.c, src/parse_args.c, src/sudo.c: + Rename fmt_string -> sudo_new_key_val to better describe its + function. + [f9061e319cc3] - * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: - Rename libcommon libsudo_util - [df3ffd4229e5] + * include/sudo_util.h, lib/util/gidlist.c, lib/util/util.exp, + plugins/sudoers/policy.c, src/sudo.c: + Rename parse_gid_list -> sudo_parse_gids to avoid namespace + pollution. + [d88f3cab97e1] -2013-12-12 Todd C. Miller + * MANIFEST, Makefile.in, include/lbuf.h, include/sudo_lbuf.h, + lib/util/Makefile.in, lib/util/lbuf.c, lib/util/util.exp, + plugins/sudoers/Makefile.in, plugins/sudoers/ldap.c, + plugins/sudoers/parse.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h, + plugins/sudoers/sudoers.h, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, src/Makefile.in, src/parse_args.c: + Don't pollute the namespace with lbuf struct and functions + [7859e3c22fb9] - * MANIFEST, common/Makefile.in, common/aix.c, common/atobool.c, - common/atoid.c, common/atomode.c, common/fmt_string.c, - common/gidlist.c, common/progname.c, common/setgroups.c, - common/sudo_conf.c, common/term.c, common/ttysize.c, - include/missing.h, include/sudo_util.h, - plugins/group_file/Makefile.in, plugins/group_file/getgrent.c, - plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.h, - plugins/sudoers/sudoreplay.c, plugins/system_group/Makefile.in, - plugins/system_group/system_group.c, src/Makefile.in, src/sudo.h: - Move prototypes for functions provided by libcommon that don't have - their own header files into sudo_util.h. - [43f423a24416] + * config.h.in, configure, configure.ac, include/compat/fnmatch.h, + include/compat/getaddrinfo.h, include/compat/getopt.h, + include/compat/glob.h, include/missing.h, lib/util/clock_gettime.c, + lib/util/closefrom.c, lib/util/fnmatch.c, lib/util/getaddrinfo.c, + lib/util/getcwd.c, lib/util/getgrouplist.c, lib/util/getline.c, + lib/util/getopt_long.c, lib/util/glob.c, lib/util/inet_pton.c, + lib/util/memrchr.c, lib/util/memset_s.c, lib/util/mktemp.c, + lib/util/pw_dup.c, lib/util/sig2str.c, lib/util/snprintf.c, + lib/util/strlcat.c, lib/util/strlcpy.c, lib/util/strsignal.c, + lib/util/strtonum.c, lib/util/utimes.c: + Prefix all libc replacements with sudo_ and #define the real name to + the sudo_ version. That way we don't pollute the libc namespace. + [5cf7101479b8] + + * .hgignore, MANIFEST, Makefile.in, common/Makefile.in, common/aix.c, + common/alloc.c, common/atobool.c, common/atoid.c, common/atomode.c, + common/event.c, common/event_poll.c, common/event_select.c, + common/fatal.c, common/fileops.c, common/fmt_string.c, + common/gidlist.c, common/lbuf.c, common/progname.c, + common/regress/atofoo/atofoo_test.c, + common/regress/sudo_conf/conf_test.c, + common/regress/sudo_conf/test1.in, + common/regress/sudo_conf/test1.out.ok, + common/regress/sudo_conf/test2.in, + common/regress/sudo_conf/test2.out.ok, + common/regress/sudo_conf/test3.in, + common/regress/sudo_conf/test3.out.ok, + common/regress/sudo_conf/test4.in, + common/regress/sudo_conf/test4.out.ok, + common/regress/sudo_conf/test5.err.ok, + common/regress/sudo_conf/test5.in, + common/regress/sudo_conf/test5.out.ok, + common/regress/sudo_conf/test6.in, + common/regress/sudo_conf/test6.out.ok, + common/regress/sudo_parseln/parseln_test.c, + common/regress/sudo_parseln/test1.in, + common/regress/sudo_parseln/test1.out.ok, + common/regress/sudo_parseln/test2.in, + common/regress/sudo_parseln/test2.out.ok, + common/regress/sudo_parseln/test3.in, + common/regress/sudo_parseln/test3.out.ok, + common/regress/sudo_parseln/test4.in, + common/regress/sudo_parseln/test4.out.ok, + common/regress/sudo_parseln/test5.in, + common/regress/sudo_parseln/test5.out.ok, + common/regress/sudo_parseln/test6.in, + common/regress/sudo_parseln/test6.out.ok, + common/regress/tailq/hltq_test.c, common/secure_path.c, + common/setgroups.c, common/sudo_conf.c, common/sudo_debug.c, + common/sudo_dso.c, common/sudo_printf.c, common/term.c, + common/ttysize.c, compat/Makefile.in, compat/charclass.h, + compat/clock_gettime.c, compat/closefrom.c, compat/endian.h, + compat/fnmatch.c, compat/fnmatch.h, compat/getaddrinfo.c, + compat/getaddrinfo.h, compat/getcwd.c, compat/getgrouplist.c, + compat/getline.c, compat/getopt.h, compat/getopt_long.c, + compat/glob.c, compat/glob.h, compat/inet_pton.c, compat/isblank.c, + compat/memrchr.c, compat/memset_s.c, compat/mksiglist.c, + compat/mksiglist.h, compat/mksigname.c, compat/mksigname.h, + compat/mktemp.c, compat/nss_dbdefs.h, compat/pw_dup.c, + compat/regress/fnmatch/fnm_test.c, + compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files, + compat/regress/glob/globtest.c, compat/regress/glob/globtest.in, + compat/sha2.c, compat/sha2.h, compat/sig2str.c, compat/siglist.in, + compat/snprintf.c, compat/stdbool.h, compat/strlcat.c, + compat/strlcpy.c, compat/strsignal.c, compat/strtonum.c, + compat/timespec.h, compat/utime.h, compat/utimes.c, configure, + configure.ac, include/compat/charclass.h, include/compat/endian.h, + include/compat/fnmatch.h, include/compat/getaddrinfo.h, + include/compat/getopt.h, include/compat/glob.h, + include/compat/mksiglist.h, include/compat/mksigname.h, + include/compat/nss_dbdefs.h, include/compat/sha2.h, + include/compat/stdbool.h, include/compat/timespec.h, + include/compat/utime.h, lib/util/Makefile.in, lib/util/aix.c, + lib/util/alloc.c, lib/util/atobool.c, lib/util/atoid.c, + lib/util/atomode.c, lib/util/clock_gettime.c, lib/util/closefrom.c, + lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c, + lib/util/fatal.c, lib/util/fileops.c, lib/util/fmt_string.c, + lib/util/fnmatch.c, lib/util/getaddrinfo.c, lib/util/getcwd.c, + lib/util/getgrouplist.c, lib/util/getline.c, lib/util/getopt_long.c, + lib/util/gidlist.c, lib/util/glob.c, lib/util/inet_pton.c, + lib/util/isblank.c, lib/util/lbuf.c, lib/util/memrchr.c, + lib/util/memset_s.c, lib/util/mksiglist.c, lib/util/mksigname.c, + lib/util/mktemp.c, lib/util/progname.c, lib/util/pw_dup.c, + lib/util/regress/atofoo/atofoo_test.c, + lib/util/regress/fnmatch/fnm_test.c, + lib/util/regress/fnmatch/fnm_test.in, lib/util/regress/glob/files, + lib/util/regress/glob/globtest.c, lib/util/regress/glob/globtest.in, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_conf/test1.in, + lib/util/regress/sudo_conf/test1.out.ok, + lib/util/regress/sudo_conf/test2.in, + lib/util/regress/sudo_conf/test2.out.ok, + lib/util/regress/sudo_conf/test3.in, + lib/util/regress/sudo_conf/test3.out.ok, + lib/util/regress/sudo_conf/test4.in, + lib/util/regress/sudo_conf/test4.out.ok, + lib/util/regress/sudo_conf/test5.err.ok, + lib/util/regress/sudo_conf/test5.in, + lib/util/regress/sudo_conf/test5.out.ok, + lib/util/regress/sudo_conf/test6.in, + lib/util/regress/sudo_conf/test6.out.ok, + lib/util/regress/sudo_parseln/parseln_test.c, + lib/util/regress/sudo_parseln/test1.in, + lib/util/regress/sudo_parseln/test1.out.ok, + lib/util/regress/sudo_parseln/test2.in, + lib/util/regress/sudo_parseln/test2.out.ok, + lib/util/regress/sudo_parseln/test3.in, + lib/util/regress/sudo_parseln/test3.out.ok, + lib/util/regress/sudo_parseln/test4.in, + lib/util/regress/sudo_parseln/test4.out.ok, + lib/util/regress/sudo_parseln/test5.in, + lib/util/regress/sudo_parseln/test5.out.ok, + lib/util/regress/sudo_parseln/test6.in, + lib/util/regress/sudo_parseln/test6.out.ok, + lib/util/regress/tailq/hltq_test.c, lib/util/secure_path.c, + lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c, + lib/util/siglist.in, lib/util/snprintf.c, lib/util/strlcat.c, + lib/util/strlcpy.c, lib/util/strsignal.c, lib/util/strtonum.c, + lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/sudo_dso.c, + lib/util/sudo_printf.c, lib/util/term.c, lib/util/ttysize.c, + lib/util/utimes.c, lib/zlib/Makefile.in, lib/zlib/adler32.c, + lib/zlib/compress.c, lib/zlib/crc32.c, lib/zlib/crc32.h, + lib/zlib/deflate.c, lib/zlib/deflate.h, lib/zlib/gzclose.c, + lib/zlib/gzguts.h, lib/zlib/gzlib.c, lib/zlib/gzread.c, + lib/zlib/gzwrite.c, lib/zlib/infback.c, lib/zlib/inffast.c, + lib/zlib/inffast.h, lib/zlib/inffixed.h, lib/zlib/inflate.c, + lib/zlib/inflate.h, lib/zlib/inftrees.c, lib/zlib/inftrees.h, + lib/zlib/trees.c, lib/zlib/trees.h, lib/zlib/uncompr.c, + lib/zlib/zconf.h.in, lib/zlib/zlib.h, lib/zlib/zutil.c, + lib/zlib/zutil.h, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, po/README, po/ca.mo, po/ca.po, + po/cs.mo, po/cs.po, po/da.mo, po/da.po, po/de.mo, po/de.po, + po/eo.mo, po/eo.po, po/es.mo, po/es.po, po/eu.mo, po/eu.po, + po/fi.mo, po/fi.po, po/fr.mo, po/fr.po, po/gl.mo, po/gl.po, + po/hr.mo, po/hr.po, po/it.mo, po/it.po, po/ja.mo, po/ja.po, + po/nb.mo, po/nb.po, po/nl.mo, po/nl.po, po/pl.mo, po/pl.po, + po/pt_BR.mo, po/pt_BR.po, po/ru.mo, po/ru.po, po/sl.mo, po/sl.po, + po/sr.mo, po/sr.po, po/sudo.pot, po/sv.mo, po/sv.po, po/tr.mo, + po/tr.po, po/uk.mo, po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, + po/zh_CN.po, src/Makefile.in, src/po/README, src/po/ca.mo, + src/po/ca.po, src/po/cs.mo, src/po/cs.po, src/po/da.mo, + src/po/da.po, src/po/de.mo, src/po/de.po, src/po/eo.mo, + src/po/eo.po, src/po/es.mo, src/po/es.po, src/po/eu.mo, + src/po/eu.po, src/po/fi.mo, src/po/fi.po, src/po/fr.mo, + src/po/fr.po, src/po/gl.mo, src/po/gl.po, src/po/hr.mo, + src/po/hr.po, src/po/it.mo, src/po/it.po, src/po/ja.mo, + src/po/ja.po, src/po/nb.mo, src/po/nb.po, src/po/nl.mo, + src/po/nl.po, src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, + src/po/pt_BR.po, src/po/ru.mo, src/po/ru.po, src/po/sl.mo, + src/po/sl.po, src/po/sr.mo, src/po/sr.po, src/po/sudo.pot, + src/po/sv.mo, src/po/sv.po, src/po/tr.mo, src/po/tr.po, + src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, + src/po/zh_CN.mo, src/po/zh_CN.po, zlib/Makefile.in, zlib/adler32.c, + zlib/compress.c, zlib/crc32.c, zlib/crc32.h, zlib/deflate.c, + zlib/deflate.h, zlib/gzclose.c, zlib/gzguts.h, zlib/gzlib.c, + zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffast.c, + zlib/inffast.h, zlib/inffixed.h, zlib/inflate.c, zlib/inflate.h, + zlib/inftrees.c, zlib/inftrees.h, zlib/trees.c, zlib/trees.h, + zlib/uncompr.c, zlib/zconf.h.in, zlib/zlib.h, zlib/zutil.c, + zlib/zutil.h: + Top level directory reorg Move src/po -> po Combine common and + compat -> lib/util Move zlib -> lib/zlib + [d699ccb60e7e] -2013-12-11 Todd C. Miller + * configure, ltmain.sh, m4/libtool.m4: + libtool patches for HP-UX to support DESTDIR + [9df98a9582bd] - * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/def_data.c, - plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, - plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, - plugins/sudoers/logging.c, plugins/sudoers/logging.h, - plugins/sudoers/mkdefaults: - Now that we have proper number parsing functions we should store - T_UINT defaults values as unsigned int, not int. - [67d8c2244f1d] + * pp: + Update polypkg from trunk. + [4dc362248196] - * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: - Don't use int where we really mean enum def_tuple. When this code - was written it was assumed that we may have multiple tuple types. - However, that hasn't happened and probably never will. - [8491f970f343] + * plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c: + Fix sssd compiler warnings and fix the sha2 digest support. + [2975b030b298] - * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - Regen after string parsing changes. - [fd6bf79c3286] +2014-06-17 Todd C. Miller - * common/atoid.c, common/atomode.c, compat/strtonum.c, configure, - configure.ac, include/missing.h, plugins/sudoers/defaults.c, - plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, - plugins/sudoers/sudoreplay.c, src/parse_args.c, src/ttyname.c: - The OpenBSD strtonum() uses very short error strings that can't be - translated usefully. Convert them to longer strings on error. Also - use the longer strings for atomode() and atoid(). - [dace028594da] + * plugins/sudoers/ldap.c: + Don't call gss_krb5_ccache_name() with a NULL pointer when restoring + the old credential cache file name. This can happen if there was no + old name returned by gss_krb5_ccache_name(). Fixes a crash on + kerberized LDAP on some platforms. + [4090029e463e] -2013-12-10 Todd C. Miller +2014-06-04 Todd C. Miller - * MANIFEST, common/Makefile.in, common/atoid.c, common/atomode.c, - plugins/sudoers/defaults.c, plugins/sudoers/policy.c, - plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h: - Add atomode() function for parsing a file mode. - [44e29629aa5e] + * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/el.mo, + plugins/sudoers/po/el.po: + Add Greek PO file for sudoers from translationproject.org + [6c0cc2def911] - * common/sudo_conf.c, common/ttysize.c, compat/Makefile.in, - compat/closefrom.c, compat/getaddrinfo.c, compat/strtonum.c, - configure, configure.ac, include/missing.h, - plugins/sudoers/boottime.c, plugins/sudoers/defaults.c, - plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, - plugins/sudoers/match_addr.c, plugins/sudoers/policy.c, - plugins/sudoers/regress/logging/check_wrap.c, - plugins/sudoers/regress/parser/check_addr.c, - plugins/sudoers/sudoreplay.c, plugins/system_group/system_group.c, - src/parse_args.c, src/sudo.c, src/ttyname.c: - Use strtonum() instead of atoi(), strtol() or strtoul() where - possible. - [e4a1fc84b893] +2014-05-28 Todd C. Miller - * MANIFEST, compat/Makefile.in, compat/strtonum.c, config.h.in, - configure, configure.ac, include/missing.h, mkdep.pl: - Add strtonum.c to compat for simpler number parsing. - [a4c69b003da0] + * src/exec.c, src/exec_pty.c: + Ignore signals sent by the command's process group, not just the + command itself. If we cannot determine the process group ID of the + sender (as it may no longer exist), just check the process ID. + [7ffa2eefd3c0] -2013-12-09 Todd C. Miller +2014-05-27 Todd C. Miller - * src/exec_common.c: - Fix a warning on Solaris, we need to use debug_return_const_ptr. - [932aa94c0cac] + * src/exec.c: + In handler_user_only() only forward the signal if it was not + generated by the command. This should fix a problem with programs + that catch SIGTSTP, perform cleanup, and then re-send the signal to + their process group (of which sudo is the leader). + [d590c899e194] - * plugins/sudoers/Makefile.in: - check_symbols needs to link with SUDO_LIBS in order to get -lpthread - on HP-UX for libldap (which uses threads). It would be better to - have a separate variable for the pthread library but this is no - worse than it used to be. - [94591b765371] + * src/exec.c, src/exec_pty.c, src/signal.c: + Handle EINTR from write(2) when writing to pipes and socket pairs. + [d26a40d21d7a] -2013-12-08 Todd C. Miller +2014-05-24 Todd C. Miller - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: - add missing comma - [7dcbd1c6dd25] + * MANIFEST, plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po: + Norwegian Bokmaal translation for sudoers from + translationproject.com + [92e4aea46c1e] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: - Make -c option description more accurate. - [3f305ae6037e] +2014-05-23 Todd C. Miller -2013-12-07 Todd C. Miller + * MANIFEST, doc/CONTRIBUTORS, src/po/nb.mo, src/po/nb.po: + Norwegian Bokmaal translation for sudo from translationproject.com + [3497f74028fe] - * doc/CONTRIBUTORS, plugins/sudoers/sudoers.c: - When checking whether a user may change the login class, just check - pw_uid of the runas user, which was passed in to set_loginclass(). - [aaf736440441] +2014-05-13 Todd C. Miller -2013-12-06 Todd C. Miller + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, + plugins/sudoers/visudo.c: + Try to be clearer about which are the input and output files in + export mode. + [66167511a410] * plugins/sudoers/visudo_json.c: - Use atoid() when parsing user/group IDs and print them as unsigned - int. - [40c77459a36a] - -2013-12-05 Todd C. Miller - - * plugins/sudoers/sudoreplay.c: - Correctly parse 64-bit times in I/O log files. - [d053ee75adc3] - - * compat/getgrouplist.c, plugins/group_file/getgrent.c, - plugins/sudoers/pwutil.c, - plugins/sudoers/regress/iolog_path/check_iolog_path.c, - plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: - Use atoid() not atoi() when parsing uids/gids. - [491146596626] - - * plugins/sudoers/match.c, plugins/sudoers/match_addr.c, - plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, - plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c, - plugins/sudoers/sudoers.h: - Better match debugging. Sprinkle const in match functions. - [4cd8d793f165] - -2013-12-04 Todd C. Miller - - * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, - doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, - doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in: - Document that plugins can be compiled statically into the sudo - binary. - [434061cf909f] + In -x mode, require that the input and output files be different. + This won't currently catch collisions between the output file and an + include file. + [0c19b82a75e7] -2013-12-03 Todd C. Miller + * plugins/sudoers/bsm_audit.h, plugins/sudoers/linux_audit.h: + BSM and Linux audit do not yet use the argc function argument. + [3291695d1dfb] - * plugins/sudoers/sssd.c: - sudo_sss_filter_user_netgroup(): fix comment typos, break out of - loop early if we match ALL or netgroup. - [0691731f4b12] + * plugins/sudoers/audit.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/bsm_audit.h, plugins/sudoers/linux_audit.h, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/sudoers.c: + Pass argc to audit functions too. Will be needed for Solaris audit + support. + [d2114897a44e] - * plugins/sudoers/sssd.c: - When filtering netgroups, use the passwd struct stashed in the - handle, not user_name since we may be listing another users - privileges. - [f2669cf7b70c] +2014-05-12 Todd C. Miller - * mkpkg: - RHEL 6 and above builds sudo with SSSD support - [afc3d894851e] + * common/fatal.c, include/fatal.h, plugins/sudoers/policy.c: + Do not allow the same callback function to be registered more that + once in fatal_callback_register(). Add fatal_callback_deregister() + to deregister a callback. + [eff74fb9d274] - * plugins/sudoers/sssd.c: - Avoid passing NULL domainname to sudo_debug_printf(). - [b08abe5e6d23] + * MANIFEST, plugins/sudoers/regress/sudoers/test15.in, + plugins/sudoers/regress/sudoers/test15.out.ok, + plugins/sudoers/regress/sudoers/test15.toke.ok, + plugins/sudoers/regress/sudoers/test16.in, + plugins/sudoers/regress/sudoers/test16.out.ok, + plugins/sudoers/regress/sudoers/test16.toke.ok: + Add trivial sudoedit parsing tests. + [291ba6f4d6fd] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Document sssd debug subsystem. - [250c3ab1bcf0] + * MANIFEST, plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po: + Catalan translation for sudoers from translationproject.org. + [b102f8cfeed1] - * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: - Document "event" debug subsystem. - [85d220b48edc] +2014-05-10 Todd C. Miller - * plugins/sudoers/match.c: - Use atoid() instead of atoi() when parsing uids/gids so we get - proper range checking. - [5c3e2f3f6cb9] + * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/ca.mo, src/po/ca.po, src/po/gl.mo, src/po/gl.po: + Sync with translationproject.org + [62e5b4842834] - * plugins/sudoers/sssd.c: - Add user netgroup filtering for SSSD. Previously, rules for a - netgroup were applied to all even when they did not belong to the - specified netgroup. RedHat Bugzilla 880150. - [784848b5462c] +2014-05-09 Todd C. Miller - * plugins/sudoers/sssd.c: - Fix several issues found by the clang static analyzer; Daniel - Kopecek - [520261dd7461] + * configure, configure.ac: + lockf() is broken on the Hurd -- use flock instead Bug #647 + [7b8935a0c8b9] -2013-12-02 Todd C. Miller + * plugins/sudoers/visudo.c: + Don't try to install the temporary sudoers file if we didn't edit + it. By default, visudo does not edit files in a #includedir. Fixes a + NULL pointer defef on GNU hurd; Bug #647 + [3a677c4773e5] - * README.LDAP: - Mention how to dump sudoers info from LDAP. - [a53c93790a30] +2014-05-07 Todd C. Miller - * src/exec_common.c: - On Solaris, disabling the proc_exec privilege appears to interfere - with DAC file permissions. Adding DAC override permissions to the - inheritable set works around this for commands run as root without - giving extra permissions to other users. Bug #626 - [391ad44026c3] + * src/regress/ttyname/check_ttyname.c: + When comparing tty names, resolve the tty for fds 0-3 and compare + each one instead of just using the first that resolves. + [c37946b280a5] -2013-12-01 Todd C. Miller + * compat/getgrouplist.c, configure, configure.ac: + Solaris 8 doesn't export _nss_initf_group() so we need to provide + out own for getgrouplist(). + [d494b39e9376] - * MANIFEST, common/Makefile.in, common/progname.c, compat/Makefile.in, - compat/getprogname.c, configure, configure.ac, include/missing.h, - mkdep.pl, plugins/sample/sample_plugin.c, plugins/sudoers/policy.c, - plugins/sudoers/regress/check_symbols/check_symbols.c, - plugins/sudoers/regress/iolog_path/check_iolog_path.c, - plugins/sudoers/regress/logging/check_wrap.c, - plugins/sudoers/regress/parser/check_addr.c, - plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, - plugins/sudoers/visudo.c, src/parse_args.c, - src/regress/ttyname/check_ttyname.c, src/sudo.c: - Instead of setprogname(), add initprogname() which gets the program - name for getprogname() using /proc or pstat() if possible. - [e2d48d81456f] +2014-05-06 Todd C. Miller -2013-11-30 Todd C. Miller + * compat/getgrouplist.c, plugins/group_file/group_file.c, + plugins/system_group/system_group.c: + deal with NULL gr_mem here too + [0db43ed71001] - * src/ttyname.c: - Ignore EOVERFLOW from pstat_getproc(). The HP-UX kernel appears to - return this in certain situations but it appears to be harmless at - least insofar as retrieving the tty goes. - [105bea4e1c20] + * NEWS, configure, configure.ac: + Sudo 1.8.10p3 + [3f415a180023] - * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, - plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, - plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, - plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, - plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, - plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, - plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, - plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, - plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, - src/po/cs.mo, src/po/cs.po, src/po/eo.mo, src/po/eo.po, - src/po/fi.mo, src/po/fi.po, src/po/it.mo, src/po/it.po, - src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po, - src/po/ru.mo, src/po/ru.po, src/po/uk.mo, src/po/uk.po, - src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: - Sync with translationproject.org - [3694d7ad4c9d] +2014-05-02 Todd C. Miller -2013-11-28 Todd C. Miller + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, + plugins/sudoers/env.c, plugins/sudoers/iolog.c, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/parse.c, plugins/sudoers/sudoers.c, + plugins/sudoers/timestamp.c: + Rename log_warning flags and only send mail if SLOG_SEND_MAIL is set + instead of mailing by default like we used to. + [5b3882833aa1] - * plugins/sudoers/visudo.c: - Add missing newline in help message after export option. - [1c0bff0c181e] + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, + plugins/sudoers/env.c, plugins/sudoers/iolog.c, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/parse.c, plugins/sudoers/sudoers.c, + plugins/sudoers/timestamp.c: + Add log_warningx + [feef646cb8b1] -2013-11-26 Todd C. Miller + * src/exec_pty.c: + Add debugging info for when we delete I/O events that still have + buffered data in them. + [7f17992cdf22] - * configure, configure.ac, plugins/sudoers/Makefile.in, - src/Makefile.in: - Do not add LIBDL to SUDO_LIBS or SUDOERS_LIBS in configure, do it in - Makefile.in so we can make it last. Fixes a linking problem on - Ubuntu precise. - [f8d3bddbe742] + * common/event.c: + Fix non-blocking mode. We only want to exit the event loop when + poll() or select() returns 0 and there are no active events. This + fixes a problem on some systems where the last buffer was not being + written when the command exited. + [deb6b1a7b241] -2013-11-25 Todd C. Miller + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Change return value of switch_dir() to an int so we can distinguish + between an error and an empty dir in push_includedir(). + [d0462b84782e] - * configure, m4/ax_func_getaddrinfo.m4: - Do not rely on NULL being defined for getaddrinfo() test. Fixes the - check on HP-UX 11.23. - [a5dcf0283693] + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Move code to fill in the list of dirs out of switch_dir and into its + own function. Quiets a false positive from cppcheck which got + confused due to variable reuse. + [6d6296f46255] -2013-11-24 Todd C. Miller + * plugins/sudoers/audit.c: + Avoid unused variable warning if auditing is not supported. + [5e6fd2ffe039] - * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - Regen for sudo 1.8.9b1 - [945f27a7aa1c] +2014-05-01 Todd C. Miller - * src/po/de.mo, src/po/de.po, src/po/sr.mo, src/po/sr.po: - Sync with translationproject.org - [52abae16ccfa] + * plugins/sudoers/Makefile.in: + Fix library order when linking binaries. + [3fec51f98ae1] -2013-11-22 Todd C. Miller + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Include limits.h and inttypes.h for SIZE_MAX define. + [41f8be660384] - * INSTALL, MANIFEST, NEWS, common/Makefile.in, common/sudo_dso.c, - compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c, config.h.in, - configure, configure.ac, include/sudo_dso.h, mkdep.pl, - plugins/sudoers/Makefile.in, plugins/sudoers/group_plugin.c, - plugins/sudoers/ldap.c, - plugins/sudoers/regress/check_symbols/check_symbols.c, - plugins/sudoers/sssd.c, plugins/system_group/Makefile.in, - plugins/system_group/system_group.c, src/Makefile.in, - src/env_hooks.c, src/load_plugins.c, src/preload.c, src/sudo.c, - src/sudo.h: - Add wrapper functions for dlopen() et al so that we can support - statically compiling in the sudoers plugin but still allow other - plugins to be loaded. The new --enable-static-sudoers configure - option will cause the sudoers plugin to be compiled statically into - the sudo binary. This does not prevent other plugins from being - loaded as per sudo.conf. - [9425770e9d2b] + * include/missing.h, plugins/sudoers/env.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y: + Move SIZE_MAX compat define into missing.h where it belongs. + [1bb108cf9df3] -2013-11-21 Todd C. Miller +2014-04-30 Todd C. Miller - * plugins/sudoers/visudo_json.c: - Handle non-unix groups correctly. Get rid of runasuser and - runasgroup types and use username and usergroup instead. The fact - that the user or group is inside a Runas_List doesn't affect its - underlying type. - [ea1789258c11] + * plugins/sudoers/iolog.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c: + Remove now-unused log_fatal() + [53478df3bb1e] -2013-11-20 Todd C. Miller + * plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/env.c, plugins/sudoers/ldap.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Eliminate calls to fatal()/fatalx()/log_fatal() in env.c and just + pass back a return value. + [d7f2be8f2740] - * plugins/sudoers/visudo_json.c: - Simplify Defaults list option object. The name and value strings are - superfluous. - [5852b0184669] +2014-04-28 Todd C. Miller - * compat/dlopen.c: - Back out unintended change. - [85156e49e96e] + * plugins/sudoers/boottime.c, plugins/sudoers/sudoers.h: + Make get_boottime() return bool. + [9ff15a995d01] - * MANIFEST, aclocal.m4, configure, configure.ac, - m4/ax_func_getaddrinfo.m4: - Add dedicated test for getaddrinfo(). Tru64 UNIX contains two - versions of getaddrinfo and we must include netdb.h to get the - proper definition. - [9882e3e1e8e3] + * doc/CONTRIBUTORS, plugins/sudoers/boottime.c: + Fix fd leak on Linux when determing boot time. This is usually + masked by the closefrom() call in sudo. From Jamie Anderson. Bug + #645 + [0b4c430e8b88] - * compat/dlopen.c, - plugins/sudoers/regress/check_symbols/check_symbols.c: - Define RTLD_GLOBAL for older systems without it. Bug #621 - [ed38ac84f1da] +2014-04-24 Todd C. Miller -2013-11-19 Todd C. Miller + * plugins/sudoers/audit.c: + Handle the (currently impossible) case where both BSM and Linux + auditing are supported. Pacifies cppcheck. + [899cd6b5e487] - * compat/snprintf.c, include/missing.h: - Rename snprintf replacement rpl_snprintf since we may now replace - the libc version and #define rpl_snprintf snprintf in missing.h so - we get our version when needed. This is consistent with how we - replace glob and fnmatch. - [309aa17d0dfe] + * plugins/sudoers/iolog.c: + Don't call ferror() on a closed stream, just check the return value + of fclose() instead. Found by cppcheck. + [e843f3c8f5d8] - * common/Makefile.in, common/regress/sudo_conf/conf_test.c, - common/regress/sudo_parseln/parseln_test.c, - common/regress/tailq/hltq_test.c, src/Makefile.in: - libcommon tests need locale_stub.lo to link. - [baae40f36de5] +2014-04-22 Todd C. Miller - * MANIFEST, aclocal.m4, compat/snprintf.c, config.h.in, configure, - configure.ac, m4/ax_func_snprintf.m4: - Add check for C99 compliant (v)snprintf function. - [79e02551543c] + * doc/CONTRIBUTORS, plugins/sudoers/auth/pam.c: + Use calloc() instead of malloc(n * s) followed by memset(). From + Jean-Philippe Ouellet. + [f416cebd3d8e] - * compat/sig2str.c, configure, configure.ac: - Include unistd.h in sig2str.c for Tru64 as it defines SIGRTMIN and - SIGRTMAX in terms of sysconf(), which is prototyped in unistd.h. Bug - #621; from Daniel Richard G. - [2a59ccb8c966] + * plugins/sudoers/sudoers.c: + Format string safety in error path. + [956fd6dbba80] + + * common/alloc.c, common/event_poll.c, common/gidlist.c, + common/sudo_conf.c, include/alloc.h, plugins/sudoers/auth/sia.c, + plugins/sudoers/env.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/ldap.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, + src/env_hooks.c, src/exec_common.c, src/parse_args.c, src/selinux.c, + src/sudo.c, src/sudo_edit.c, src/ttyname.c: + Rename emalloc2() -> emallocarray() and erealloc3() -> + ereallocarray(). + [db3941093c68] - * include/gettext.h, plugins/sudoers/locale.c, src/locale_stub.c: - Add definition of U_ for --disable-nsl Don't define warning_gettext - if --disable-nsl Bug #621; from Daniel Richard G. - [c0054eb89c2b] + * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in: + Add missing rule for building sha2.lo when not supported by libc or + libmd. + [70a16e10ddcd] -2013-11-18 Todd C. Miller +2014-04-15 Todd C. Miller - * plugins/sudoers/visudo_json.c: - When merging Defaults entries we need to check the type of the next - entry and not just assume it is the same as the previous one. - [e97d9b9cf0d5] + * plugins/sudoers/sudoers.in: + Disable I/O logging for halt and poweroff in addition to reboot in + commented out example. + [40a7f11686ce] - * plugins/sudoers/visudo_json.c: - runasgroups not runasgroup in the Cmnd_Spec. - [92ea5dc20e4d] + * doc/CONTRIBUTORS, plugins/sudoers/auth/pam.c: + Use PAM_REINITIALIZE_CRED instead of PAM_ESTABLISH_CRED when + changing the user. This is the correct flag to use with a program + that changes the uid like su or sudo and fixes a role problem on + Solaris. From Gary Winiger; Bug #642 + [ec23c3bf41bb] - * plugins/sudoers/visudo_json.c: - Fix some syntax errors and change how lists are handled. - [027b8dea44b2] + * plugins/sudoers/defaults.c: + pam_setcred should default to true; from Gary Winiger Bug #642 + [23e6628ec546] - * common/sudo_debug.c, config.h.in, configure, configure.ac, - include/fatal.h, include/sudo_debug.h: - Allow sudo to compile without variadic macro support in cpp. - Debugging support will be limited (no file info from warnings.) From - Daniel Richard G.; Bug #621 - [51b8b868cd4b] +2014-04-10 Todd C. Miller - * Makefile.in, common/aix.c, common/fatal.c, common/gidlist.c, - common/sudo_conf.c, include/fatal.h, include/gettext.h, - include/missing.h, plugins/sudoers/auth/fwtk.c, - plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, - plugins/sudoers/bsm_audit.c, plugins/sudoers/defaults.c, - plugins/sudoers/env.c, plugins/sudoers/group_plugin.c, - plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, - plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, - plugins/sudoers/logging.c, plugins/sudoers/match.c, - plugins/sudoers/policy.c, plugins/sudoers/prompt.c, - plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c, - plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, - plugins/sudoers/timestamp.c, plugins/sudoers/toke.c, - plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, - plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, src/exec.c, - src/exec_common.c, src/exec_pty.c, src/load_plugins.c, - src/locale_stub.c, src/net_ifs.c, src/parse_args.c, src/selinux.c, - src/sesh.c, src/signal.c, src/solaris.c, src/sudo.c, - src/sudo_edit.c, src/tgetpass.c, src/utmp.c: - Add warning_gettext() wrapper function that changes to the user - locale, then calls gettext(). Add U_ macro that calls - warning_gettext() instead of gettext(). Rename warning2()/error2() - back to warning_nodebug()/error_nodebug(). - [f3bb207db201] + * plugins/sudoers/ldap.c, plugins/sudoers/logging.c, + plugins/sudoers/parse.c, plugins/sudoers/policy.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestamp.c: + Make set_perms() and restore_perms() return an error instead of + calling exit() on failure. + [b1a1a36abdb4] -2013-11-17 Todd C. Miller + * plugins/sudoers/sudoers.c: + Eliminate calls to fatal() in sudoers.c and just pass back a return + value. + [e4d87a036f6d] - * common/fileops.c, compat/getaddrinfo.c, compat/mktemp.c, - compat/utimes.c, configure.ac, plugins/sudoers/boottime.c, - plugins/sudoers/check.c, plugins/sudoers/getdate.c, - plugins/sudoers/getdate.y, plugins/sudoers/group_plugin.c, - plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, - plugins/sudoers/logging.h, plugins/sudoers/sssd.c, - plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c, - plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/preload.c, - src/sudo.c, src/sudo_edit.c, src/ttyname.c, src/utmp.c: - Fix some #if vs. #ifdef and remove an extraneous semicolon. Bug - #624; from Daniel Richard G. - [b212e4694018] + * plugins/sudoers/logging.c: + Elimate calls to fatal() in the logging code. + [9847acdf7066] - * include/sudo_debug.h, plugins/sudoers/defaults.c, - plugins/sudoers/ldap.c, src/exec_common.c: - Add debug_return_const_str and debug_return_const_ptr for returning - a const string or pointer. Using const for the normal versions - produces warnings with the Tru64 compiler. - [45018a149cb4] +2014-04-09 Todd C. Miller - * common/event_poll.c, compat/getaddrinfo.c, config.h.in, configure, - configure.ac, m4/sudo.m4: - Fixes for building under Tru64; from Daniel Richard G. Bug #624 - [fc4a6cbae1ba] + * common/regress/atofoo/atofoo_test.c: + Quiet a compiler warning on Solaris. + [3b9827834800] -2013-11-16 Todd C. Miller + * MANIFEST, common/Makefile.in, compat/Makefile.in, compat/sha2.c, + compat/sha2.h, config.h.in, configure, configure.ac, m4/sudo.m4, + plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/match.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/sudoers/test14.toke.ok, + plugins/sudoers/sha2.c, plugins/sudoers/sha2.h, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Move the sha2 code into libreplace and add configure checks for + SHA224Update in libc and libmd. Solaris uses "void *" where we use + "unsigned char *" so we need a check for that too. Solaris sha2.h + defines SHA224, SHA256, SHA384, and SHA512 so rename those tokens. + Adapted from changes from Vladimir Marek in bug #641. + [cd02732f0704] - * plugins/sudoers/logging.c: - log_{fatal,warning} now logs to the debug file itself. - log_{fatal,warning} now calls warningx2() after setting the locale - itself instead of using the wrapper macros. This removes the only - use of warningx(ngettext(...)). - [930129361e0a] + * MANIFEST, plugins/sudoers/match.c, + plugins/sudoers/regress/testsudoers/test6.out.ok, + plugins/sudoers/regress/testsudoers/test6.sh, + plugins/sudoers/regress/testsudoers/test7.out.ok, + plugins/sudoers/regress/testsudoers/test7.sh: + Fix matching of uids and gids broken in sudo 1.8.9. + [315eff4add59] -2013-11-15 Todd C. Miller + * plugins/sudoers/testsudoers.c: + Fix -P option in usage() + [50753b6222b7] - * configure, configure.ac: - Add -Wpointer-arith to --enable-warnings - [2043ae306d1b] +2014-04-07 Todd C. Miller - * configure, configure.ac: - Fix more instances of #include directives where the '#' was not in - column 1. From Daniel Richard G. (bug #622) - [75f36f39dcab] + * plugins/sudoers/check.c, plugins/sudoers/prompt.c, + plugins/sudoers/set_perms.c: + Remove a few more unnecessary uses of fatal(). + [8cfb205831dc] - * MANIFEST, doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, - plugins/sudoers/Makefile.in, plugins/sudoers/visudo.c, - plugins/sudoers/visudo_json.c: - Add support to visudo to export sudoers in JSON format. - [1697b2b4bfd2] + * plugins/sudoers/auth/sudo_auth.c: + Use log_warning() not log_fatal() for the "Invalid authentication + methods compiled into sudo" message. We return -1 on error anyway. + [c8da5cf74348] -2013-11-13 Todd C. Miller + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Return MODE_ERROR from sudoers_policy_deserialize_info() instead of + calling fatalx(). + [6faefdd188f2] - * plugins/sudoers/parse.h: - Remove unused digest field from struct cmndspec, the digest really - lives in struct sudo_command. - [e9a1e2e112d6] + * common/gidlist.c, src/sudo.c: + parse_gid_list() now returns -1 on error instead of calling + fatalx(). + [ccf19c4a0d5b] - * config.h.in, configure: - Regen with autoconf 2.69 - [275f69f98f9e] +2014-04-04 Todd C. Miller - * MANIFEST, Makefile.in, config.h.in, configure.ac, configure.in, - doc/Makefile.in: - Rename configure.in -> configure.ac - [0aeafe425373] + * src/exec.c: + Forward SIGINFO to running command if supported. If the command is + being run in the background (or exec_background is set in sudoers), + it is the sudo process, not the actual command, that receives the + ^T. + [d2b020bdf0d5] - * MANIFEST, aclocal.m4, autogen.sh, config.h.in, configure, - configure.in, ltmain.sh, m4/sudo.m4: - From Daniel Richard G. (bug #622) Add an autogen.sh script that - rebuilds the autoconf world. Move old aclocal.m4 contents to - m4/sudo.m4. New (generayed) aclocal.m4 contains the m4_include - directives. Some tests had #include directives where the '#' was not - in column 1. Updated obsolete macro usage via autoupdate. - [5fe8de5a56df] + * plugins/sudoers/defaults.h, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_path.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c: + Remove calls to log_fatal() in I/O log functions and just pass an + error back to the caller. + [e89593d9dc35] -2013-11-12 Todd C. Miller +2014-04-01 Todd C. Miller - * src/sudo_exec.h: - Very old systems (pre XPG 4.2) may not support MSG_WAITALL. The - likelihood of receiving a partial message is quite low so this is - not a big deal. - [900a304f9548] + * common/alloc.c, plugins/sudoers/env.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/policy.c, + plugins/sudoers/prompt.c, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c: + Make "internal error, %s overflow" arguments consistent, using + __func__ where possible (when debugging is allowed). + [84e2c40d101b] - * configure, configure.in: - HP-UX may require _XOPEN_SOURCE_EXTENDED to be defined for - MSG_WAITALL to be visible. - [f08b1a00a30a] +2014-03-31 Todd C. Miller - * MANIFEST, plugins/sudoers/regress/visudo/test5.out.ok, - plugins/sudoers/regress/visudo/test5.sh: - Add regress test for bug #623 - [8e83cfccaf14] + * plugins/sudoers/toke_util.c, src/net_ifs.c: + Use common printf format when warning of buffer overflow prevention. + [8b0d732b0eae] - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: - Cope with a comment on the last line of the file with no newline. - Bug #623 - [f826243bc4e6] + * Makefile.in: + Remove init.d/*.sh in distclean + [99cd1eaf4684] - * compat/getaddrinfo.c: - Include arpa/inet.h for HP-UX; from Daniel Richard G. - [d4d7a4303bae] + * .hgignore: + Correctly ignore init.d/*.sh + [04aabe1893e5] - * doc/Makefile.in: - Add missing $(mansrcdir) to visudo.mdoc and visudo.man. From Daniel - Richard G. - [f664c8d2f961] + * plugins/sudoers/ldap.c: + Remove remaining calls to fatalx(); just pass the error to the + caller. + [a8bcf903d84b] -2013-11-11 Todd C. Miller +2014-03-26 Todd C. Miller - * include/fatal.h: - In v{warning,fatal}x?() make a new copy of ap for the debug - functions. It is not legal to use ap twice without reinitializing - it. Noticed by Daniel Richard G. - [6ca8bc48ecb3] + * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.h: + Make a password/group cache collision a warning rather than fatal. + This should not be possible in practice and we can safely return the + new (potentially duplicate) item as it will be freed by the caller. + Make sudo_set_grlist() return an error on failure instead of calling + fatalx(). + [5e8d3006862d] - * include/fatal.h: - Remove errant warning_restore_locale() call. - [4ef7aecefcbb] + * plugins/sudoers/timestamp.c: + Use log_warning() instead of log_fatal() if the ticket or lecture + path is too long and just return an error. This can only happen from + a misconfiguration so just ignoring the ticket/lecture file is safe. + [864c5de8345b] - * include/missing.h, plugins/sudoers/logging.c: - Move va_copy compat macro to missing.h - [c873e4cc4c8a] + * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + In find_path(), return NOT_FOUND_ERROR instead of calling fatal() if + the path is too long. Remove an extraneous check against PATH_MAX in + set_cmnd() since find_path() already contains such a check. + [183106753690] - * common/Makefile.in, compat/Makefile.in, mkdep.pl, - plugins/group_file/Makefile.in, plugins/sample/Makefile.in, - plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, - src/Makefile.in, zlib/Makefile.in: - Uniquify header dependencies so we don't end up with duplicates when - a header file includes other headers. The header dependencies are - sorted so the generated order is stable. - [95747db2f07a] + * plugins/sudoers/sudoers.h: + Remove unused MODE_LISTDEFS define and correct a comment. + [fb47e59ce5fe] - * compat/Makefile.in, configure, configure.in, doc/CONTRIBUTORS, - mkdep.pl: - Add getaddrinfo.lo to LTLIBOBJS for systems that need it. From - Daniel Richard G. - [e94ee99a52a9] + * plugins/sudoers/hexchar.c, plugins/sudoers/match.c, + plugins/sudoers/toke_util.c: + Make hexchar() return -1 on invalid input instead of calling + fatalx(). Callers used to check that the string was hex before + calling hexchar(). Now callers must check for a -1 return value + instead. + [1be217c71ce7] - * plugins/sudoers/testsudoers.c: - Fix pasto - [5262735e78e0] + * plugins/sudoers/audit.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/bsm_audit.h, plugins/sudoers/linux_audit.c, + plugins/sudoers/logging.h, plugins/sudoers/sudoers.c: + Propagate errors in audit code to caller instead of using fatal(). + If we fail to audit an otherwise successful command, return an error + from the policy. For Linux audit, sudo may be compiled with audit + support but auditing may not be setup, so we don't consider that an + error. + [9a5753bfcb95] -2013-11-07 Todd C. Miller + * plugins/sudoers/boottime.c: + Remove unused variable on Linux. + [f63d7b86797d] - * doc/sudoers.mdoc.in: - Fix typo. - [6b11a4eec6b6] + * plugins/sudoers/timestamp.c: + Fix warning on systems where mode_t is not unsigned int (Solaris). + [acd1457c23ec] -2013-11-04 Todd C. Miller +2014-03-25 Todd C. Miller - * plugins/sudoers/getdate.c, plugins/sudoers/gram.c: - regen - [995ca9f21862] + * plugins/sudoers/env.c, plugins/sudoers/sudoers.c: + Audit path too long errror. Add comments about non-audit events and + placeholders for future audit hooks. + [434ee47c83dc] - * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, - plugins/sudoers/sudoreplay.c, plugins/sudoers/toke.c: - Fix warnings from -Wold-style-definition - [a748c5c7b423] + * src/net_ifs.c: + Fix aliasing warning in old-style interface probe code. + [1d6ce6f46da1] - * configure, configure.in: - Add -Wold-style-definition to --enable-warnings - [0484de0deb59] + * plugins/sudoers/set_perms.c: + Fix some sign comparision warnings. + [20c6068db104] - * common/event_poll.c: - Extra debugging for ready fds. - [91fb85cdecbb] + * common/aix.c, common/gidlist.c, compat/getgrouplist.c, + include/sudo_util.h, src/sudo.c: + Don't call fatal/fatalx in common/*.c + [ebf5e55a1ec1] - * common/event_select.c: - When deleting an event, check ev->events to determine whether to - remove from readfds or writefds instead of blinding removing from - both. Also fix highfd adjustment. - [7384db65ca9c] +2014-03-19 Todd C. Miller -2013-11-02 Todd C. Miller + * plugins/sudoers/check.c, plugins/sudoers/prompt.c, + plugins/sudoers/sudoers.h: + Fix expansion of %p in the prompt for "sudo -l" when rootpw, runaspw + or targetpw is set. Bug #639 + [dff0208d1194] - * common/event_select.c: - Only check an fd that is >= 0. Timeout-only events may have a - negative fd. - [fa0e5cbc3cc2] +2014-03-17 Todd C. Miller -2013-11-01 Todd C. Miller + * NEWS, configure, configure.ac: + Sudo 1.8.10p2 + [774ebec63b41] - * common/event.c: - Don't call sudo_ev_{add,del}_impl() for timeout-only events. This - makes it possible to pass sudo_ev_alloc() an fd of -1 for events - only use SUDO_EV_TIMEOUT. - [6838657a1a2f] + * plugins/sudoers/timestamp.c: + Don't write an empty timestamp record when timestamp_timeout is + zero. If we find an empty record in the timestamp file, overwrite it + with a good one, truncating the file as needed. + [9c226d81b660] -2013-10-31 Todd C. Miller +2014-03-15 Todd C. Miller - * common/alloc.c, common/event_select.c, include/sudo_event.h: - Make a copy of readfds/writefds before calling select() instead of - calculating it each time. Keep track of high fd in the base. - [6048b78f2e94] + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Fix typos in description of the -x option. Bug #637 + [6ff2bfaaf99d] -2013-10-30 Todd C. Miller +2014-03-13 Todd C. Miller - * doc/CONTRIBUTORS: - Add Stephen Gelman - [0028c7a91a4f] + * NEWS, configure, configure.ac: + Sudo 1.8.10p1 + [33828a3385ad] - * plugins/sudoers/getdate.c, plugins/sudoers/gram.c: - Fix sign comparison warning. - [914cb36b9ed2] + * plugins/sudoers/timestamp.c: + Fix typo/thinko that prevented "Defaults !tty_tickets" from working. + [f65cc29dbcc7] - * plugins/sudoers/sudoreplay.c: - Fix potential NULL dereference in non-interactive mode. - [9233428d3f32] + * plugins/sudoers/parse.c: + Fix "sudo -l command" output when the matching command is negated. + Bug #636 + [b4a92803f733] -2013-10-29 Todd C. Miller +2014-03-11 Todd C. Miller - * src/exec.c, src/exec_pty.c: - Use MSG_WAITALL when receiving struct command_status over the Unix - domain socket since we no longer use datagrams. This should avoid - the need to handle incomplete reads, though in theory it is still - possible. - [28a92888a908] + * MANIFEST, common/Makefile.in, common/regress/atofoo/atofoo_test.c, + common/regress/sudo_conf/test5.err.ok, + common/regress/tailq/hltq_test.c: + The atofoo_test and hltq_test tests now display their own test error + rate. Display pass/fail count separately for sudo_conf and + sudo_parseln tests. Check stderr output for the sudo_conf test. + [5c814709ac70] - * plugins/sudoers/sudoreplay.c: - SIGKILL is not catchable - [79f82e4cb11d] + * src/Makefile.in: + Don't run the check_ttyname test if cross compiling. + [874ecc1c3db0] - * common/event.c, include/sudo_event.h, plugins/sudoers/sudoreplay.c: - Add sudo_ev_get_timeleft() to get the amount of time left before an - event times out and use it in sudoreplay. - [d5b17ee30fa4] + * plugins/sudoers/Makefile.in: + CWD no longer used. + [13b2f3c4269b] -2013-10-28 Todd C. Miller + * plugins/sudoers/Makefile.in: + Fix diff of toke and err output files in "make check" + [485cdf3c75e7] - * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, - plugins/sudoers/sudoreplay.c: - If the user presses or in sudoreplay, skip to the - next event. Useful for skipping past long pauses in the data. - [43343f45c94d] +2014-03-07 Todd C. Miller - * common/event.c, common/event_poll.c, common/event_select.c: - Fix sudo_ev_scan_impl() return value in event_poll.c. Make sure we - clear active flag from unprocessed events if sudo_ev_loopbreak() or - sudo_ev_loopcontinue() are used. Remove bogus optimization when the - timeout is zero or negative; it could prevent an I/O event from - being triggered. - [a13603fb3134] + * src/po/de.mo, src/po/de.po: + sync with translationproject.org + [d246c72a2350] - * plugins/sudoers/sudoreplay.c: - Move session replay into its own function. - [e323f7729595] +2014-03-06 Todd C. Miller - * common/event.c, common/event_poll.c, common/event_select.c, - include/sudo_event.h: - Get rid of cur and pending pointers in struct sudo_event_base. We - now pop the first event off the active queue instead of using a - foreach loop with deferred removal of the event. Add - SUDO_EVQ_INSERTED and SUDO_EVQ_TIMEOUTS flags to indicate that the - event on the event queue and timeouts queue respectively. No longer - need to compare the timeout to {0,0} or compare the event's base - pointer to NULL to determine queue membership. - [f2b2251fd523] + * configure, configure.ac: + Check whether ber.h is needed before ldap.h even if we are not using + any ber functions. Needed for older versions of nss ldap. + [c2310324dc34] - * common/event_poll.c: - rename sudo_ev_loop_impl() -> sudo_ev_scan_impl() - [614faaff04e3] + * plugins/sudoers/sssd.c: + Fix compiler warning in debug code. + [8ee4cb6cafad] - * MANIFEST, common/event.c, common/event_poll.c, - common/event_select.c, compat/Makefile.in, compat/nanosleep.c, - config.h.in, configure, configure.in, include/missing.h, - include/sudo_event.h, mkdep.pl, plugins/sudoers/Makefile.in, - plugins/sudoers/sudoreplay.c, src/exec.c, src/exec_pty.c: - Add support for libevent-style timed events. Adding a timed event is - currently O(n). The only consumer of timed events is sudoreplay - which only used a singled one so O(n) == O(1) for now. This also - allows us to remove the nanosleep compat function as we now use a - timeout event instead. - [db41c08e92dc] + * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/ca.mo, src/po/ca.po: + Catalan translation for sudo from translationproject.org. + [d6af7d06ee36] -2013-10-26 Todd C. Miller +2014-03-05 Todd C. Miller + + * NEWS: + Document negation fix in JSON output. + [37a85423ae49] - * src/exec.c, src/exec_pty.c: - Now that sudo_ev_base_free() removes all events before freeing we - don't need to do this by hand. - [b59d43658c5f] +2014-03-04 Todd C. Miller - * common/event.c, common/event_poll.c, common/event_select.c, - include/sudo_event.h: - Add a list of active events in the base that the back end sets when - it calls poll or select. This allows the front end to iterate over - the events instead of having that code in both back ends. It will - also simplify support for timeout events. Also make sure we can't - touch freed memory if a callback frees its own event. - [933b99b3f2bc] + * plugins/sudoers/visudo_json.c: + Fix handling of '!' operator when converting sudoers. We now add a + "negated" boolean flag to objects that have the '!' operator. + [071926c10280] - * common/event.c: - Remove any existing events before freeing the event base. - [2543c6620cf1] +2014-03-01 Todd C. Miller -2013-10-25 Todd C. Miller + * MANIFEST, NEWS, plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po: + Czech translation for sudoers from translationproject.org + [c0aae297f7c1] - * src/exec_pty.c: - mon_handler() should be static - [b1a62ef65c96] +2014-02-28 Todd C. Miller -2013-10-24 Todd C. Miller + * configure, configure.ac: + Try -libmldap before -lldap in case there is no link from + libibmldap.so to libldap.so. Since IBM ldap is installed under /opt + we should only be able to reach it if --with-ldap was given an + explicit path. - * plugins/sudoers/ldap.c: - If user specified start_tls and ldaps, display a warning and ignore - start_tls. There's no reason to make this a fatal error. - [bf446dd1e740] + Only check for ber_set_option() if LBER_OPT_DEBUG_LEVEL is defined. + [89d50c29d737] - * src/exec_pty.c: - Add missing else when the connection from the monitor to the parent - sudo process is broken (due to the parent dying). Prevents a - spurious "unexpected reply type on backchannel" warning. - [5c44053cef08] +2014-02-27 Todd C. Miller - * src/exec_pty.c: - When flushing output we don't care whether we are the foreground - process or not, we still need to flush to /dev/tty. If we are in the - background, it is OK to get SIGTTOU. - [9716892d1fb5] + * plugins/sudoers/set_perms.c: + Fix typo in setreuid() PERM_ROOT error message. + [533415f53165] - * plugins/sudoers/ldap.c: - Should not attempt start_tls on an ldaps connection. - [9d01d461c52c] + * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h: + Remove unused FLAG_USER auth flag. We have no auth methods that + require that authentication be run as the invoking user. + [4a9a9f557cb1] -2013-10-23 Todd C. Miller + * mkpkg: + No longer need to disable setresuid() on debian. + [96ba687c35f0] - * plugins/sudoers/regress/parser/check_fill.c: - Fix sign compare warning. - [6130fa8df758] +2014-02-26 Todd C. Miller - * doc/Makefile.in: - Eliminate warning about circular dependency from GNU make. - [7ed5df762089] + * plugins/sudoers/timestamp.c: + Fix conversion of timestamp_timeout from double to struct timeval. + Also quiet a printf format warning on 32-bit systems. + [59d1f3094dda] - * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, - src/ttyname.c: - More sign compare fixes. On Solaris id_t is signed so use uid_t in - the set_perms.c ID macro instead. - [8166dcc50d0b] +2014-02-25 Todd C. Miller - * common/fileops.c, common/lbuf.c, common/secure_path.c, - common/sudo_debug.c, include/secure_path.h, - plugins/sudoers/find_path.c, plugins/sudoers/getdate.c, - plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.h, - plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, - plugins/sudoers/ldap.c, plugins/sudoers/logging.c, - plugins/sudoers/match_addr.c, plugins/sudoers/parse.h, - plugins/sudoers/policy.c, plugins/sudoers/prompt.c, - plugins/sudoers/pwutil_impl.c, plugins/sudoers/set_perms.c, - plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c, - plugins/sudoers/toke.c, plugins/sudoers/toke.l, - plugins/sudoers/toke_util.c, src/load_plugins.c, src/sudo.c, - src/ttyname.c: - Quiet sign comparision warnings. - [e34f45dad10c] + * MANIFEST, NEWS, plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po: + Serbian translation for sudoers from translationproject.org. + [7134b386d658] - * configure, configure.in: - Add -Wsign-compare to --enable-warnings - [d560e274a6ae] +2014-02-24 Todd C. Miller - * plugins/sudoers/ldap.c: - Ignore SIGPIPE when connecting to the LDAP server so we can get a - proper error message with the IBM LDAP libs. Also return - LDAP_SUCCESS instead of 0 from most sudo_ldap_* functions that - return an int. - [611a4ed9b8ee] + * doc/CONTRIBUTORS: + Add Ingo Schwarze + [114cdf286987] - * plugins/sudoers/regress/parser/check_base64.c, - plugins/sudoers/regress/parser/check_digest.c: - Quiet compiler warnings. - [7d82dcca7126] + * NEWS, plugins/sudoers/visudo_json.c: + When exporting sudoers in JSON format, use the same type of Options + object for both Defaults and Cmnd_Specs. + [caa57043e197] -2013-10-22 Todd C. Miller +2014-02-17 Todd C. Miller - * plugins/sudoers/ldap.c: - sudo_ldap_parse_uri() should join multiple URIs in the string list - together but it was clearing the host entry each time through the - loop. Fixes a bug with multiple URI entries in ldap.conf where only - the last one was being honored. - [83cee19b136d] + * compat/inet_pton.c: + Silence cppcheck false positive. + [b2781c42a80f] - * src/exec_pty.c: - Avoid a double free introduced when plugging a memory leak in - safe_close(). A new ev_free_by_fd() function is used to remove and - free any events sharing the specified fd. This can be used after - safe_close() to make sure we don't try to select() on a closed fd. - [54f48a281147] + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po: + sync with translationproject.org + [baba43a6d682] - * plugins/sudoers/gram.c, plugins/sudoers/gram.y, src/exec.c: - Quiet some llvm check false positives. The common idiom of using - TAILQ_FIRST, TAILQ_REMOVE and free in a loop to free each entry in a - TAILQ confuses llvm. Use TAILQ_FOREACH_SAFE instead (which is - probably faster anyway). - [bd1b8c11f416] + * NEWS, doc/UPGRADE: + Mention init.d scripts on AIX and HP-UX Mention sudoers group + mismatch fix + [0259cb1f7cae] - * plugins/sudoers/auth/pam.c: - If pam_open_session() fails don't call pam_getenvlist() with a NULL - pam handle. - [352e0329acba] + * INSTALL: + Talk about clearing files at boot time, not reboot time since it + happens when the system comes up, not down. + [e8e480bc34fd] - * plugins/sudoers/defaults.c: - Fix newly introduced use after frees found by llvm checker. - [a81080230f1f] + * plugins/sudoers/sudoers.c: + We also need to open the sudoers file as root if there is a GID + mismatch. + [2fb2ba6fc4e6] - * common/event_select.c: - Remove an errant list_next() call that should have been removed in - the TAILQ conversion. - [3bbf8d117ce4] + * sudo.pp: + Install /etc/rc.d/init.d/sudo and /etc/rc.d/rc2.d/S90sudo for AIX + rpm packages. + [4aca1d318599] - * MANIFEST, common/Makefile.in, common/list.c, - common/regress/tailq/hltq_test.c, include/list.h, include/queue.h, - plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, - plugins/sudoers/defaults.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/match.c, - plugins/sudoers/parse.c, plugins/sudoers/parse.h, - plugins/sudoers/regress/parser/check_fill.c, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: - Add "headless" tail queues and use them in place of the semi- - circular lists in sudoers. Once the headless tail queue is built up - it is converted to a normal TAILQ. This removes the last consumer of - list.c and list.h so those can now be removed. - [5986ba762a24] +2014-02-16 Todd C. Miller - * common/Makefile.in, common/fatal.c, plugins/sudoers/Makefile.in, - plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, - plugins/sudoers/env.c, plugins/sudoers/interfaces.c, - plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c, - plugins/sudoers/match_addr.c, plugins/sudoers/sudoreplay.c, - plugins/sudoers/toke.c, plugins/sudoers/toke.l, - plugins/sudoers/visudo.c, src/Makefile.in, src/exec_pty.c, - src/hooks.c: - Use SLIST and STAILQ macros instead of doing headless singly linked - lists manually. As a bonus we now use a tail queue for ldap.c and - sudoreplay.c. - [c31bc2d99082] + * src/Makefile.in: + Remove init.d file and link in uninstall target. + [249a9f105cdd] - * MANIFEST, common/Makefile.in, common/event.c, common/event_poll.c, - common/event_select.c, common/list.c, - common/regress/sudo_conf/conf_test.c, common/sudo_conf.c, - doc/LICENSE, include/list.h, include/missing.h, include/queue.h, - include/sudo_conf.h, include/sudo_event.h, - plugins/sudoers/Makefile.in, plugins/sudoers/ldap.c, - plugins/sudoers/parse.c, plugins/sudoers/parse.h, - plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c, - plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, - src/Makefile.in, src/exec.c, src/exec_pty.c, src/load_plugins.c, - src/sudo.c, src/sudo.h, src/sudo_plugin_int.h: - Convert sudo to use BSD TAILQ macros instead of home ground tail - queue functions. This includes a private queue.h header derived from - FreeBSD. It is simpler to just use our own header rather than try to - deal with macros that may or may not be present in various queue.h - incarnations. - [450bce095d7c] + * configure, configure.ac, sudo.pp: + Fix INIT_DIR for real this time. + [5444eb1afbc5] -2013-10-21 Todd C. Miller + * configure, configure.ac, sudo.pp: + Use correct init.d dir on HP-UX. Fix pp warnings from rc.d and + init.d dirs. + [809b54ef95f8] - * plugins/sudoers/sudoreplay.c: - Fix AND operator broken by changes to fix OR. - [a4d3485ee943] + * .hgignore, MANIFEST, configure, configure.ac, init.d/aix.sh.in, + init.d/hpux.sh.in, src/Makefile.in, sudo.pp: + First cut add installing an init.d file for HP-UX and AIX to remove + old sudo timestamp files at boot time. + [ec6d35c62d88] -2013-10-19 Todd C. Miller +2014-02-15 Todd C. Miller - * plugins/sudoers/sudoreplay.c: - Fix OR operator. - [f5c1c90ee284] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Use .Ar macro instead of "file ..." Use ".Cm -" instead of ".Li -" + for the default login class. From Ingo Schwarze. + [f13ea603760e] -2013-10-18 Todd C. Miller + * doc/sudo.conf.mdoc.in, doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in, + doc/sudoers.ldap.mdoc.in, doc/sudoers.mdoc.in, + doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in: + Remove some extraneous markup; from Ingo Schwarze + * No need to explicitly end a macro with No before | because | counts + as middle punctuation and falls out of the macro, anyway. + * No need to explicitly re-open in-line macros after | because | + counts as middle punctuation and the macros resume afterwards, + anyway. + * Simplify the mnemonic remarks regarding the option letters, no need + for manual font and spacing control with No and Ns. + * Trim Ns No to just Ns, it already implies No. + [cc63d66c6655] - * src/exec_pty.c: - Fix memory leak of I/O buffer events in safe_close(). - [08cd790cfbba] + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Move zerowidth space in :alpha: after the colon for consistency. + [799f6656c6e8] -2013-10-16 Todd C. Miller + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudoers.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, + doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, + doc/visudo.man.in: + regen + [14d682732b6f] - * common/sudo_debug.c: - Don't allow the debug subsystem to be initialized twice. Otherwise - we can exhuast our stack when built in static mode. - [fadacb6a4617] + * doc/sudo.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in: + Remove extraneous keeps in SYNOPSIS now that mandoc does implied + keeps when converting from mdoc to man. + [0f48fc289f29] - * common/event_poll.c: - Make sure we do not try to usie index -1 in base->pfds[]. - [beeb922aba3f] + * doc/sudoers.mdoc.in: + Properly escape the : in :alpha: + [e41d4533a55f] -2013-10-14 Todd C. Miller + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Replace some uses of .Sy with .Ar, .Ev and .Pa as appropriate. From + Jan Stary. + [90ec488905de] - * NEWS, configure, configure.in: - Bump version to 1.8.9 - [758dbb464796] +2014-02-12 Todd C. Miller -2013-10-12 Todd C. Miller + * plugins/sudoers/visudo_json.c: + Fix indentation of Defaults entries. The initial indent should be + outside the loop iterating over the entries. + [dc493c888fb2] - * src/exec_pty.c: - Convert the monitor process to the event subsystem. - [c4fe8e2ba53c] +2014-02-11 Todd C. Miller - * src/exec.c, src/exec_pty.c, src/sudo_exec.h: - Convert the main sudo event loop to use the event subsystem. Read - events for I/O buffers are added before the loop starts. Write - events are added on demand as the buffers are filled. - [72a603e997e0] + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po: + sync with translationproject.org + [fc517bc0908e] - * INSTALL, MANIFEST, common/Makefile.in, common/event.c, - common/event_poll.c, common/event_select.c, common/list.c, - common/sudo_debug.c, config.h.in, configure, configure.in, - include/list.h, include/sudo_debug.h, include/sudo_event.h, - mkdep.pl, plugins/sudoers/Makefile.in, src/Makefile.in, - src/exec_pty.c: - Simple event subsystem that uses poll() or select(). Basically a - simplied subset of libevent2. Currently only fd events are supported - (since that's all we need). The poll() backend is used by default, - except on Mac OS X where poll() is broken for devices (including - /dev/tty and ptys). - [8773142b4117] + * common/aix.c, common/alloc.c, common/atoid.c, common/atomode.c, + common/fatal.c, common/gidlist.c, common/sudo_conf.c, + common/sudo_debug.c, compat/strsignal.c, compat/strtonum.c, + plugins/sudoers/audit.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, + src/locale_stub.c, src/net_ifs.c, src/sesh.c, src/sudo.h: + We must include gettext.h before missing.h as it includes system + headers. Also add missing DEFAULT_TEXT_DOMAIN defines in sudoers + audit code that does not include sudoers.h. + [3ac4aa43ce40] - * src/exec.c, src/exec_pty.c: - Use SOCK_STREAM for socketpair, not SOCK_DGRAM so we get consistent - semantics when the other end closes. This should make the conversion - to poll() less problematic. - [b6a321722a91] + * common/sudo_dso.c: + When emulating DSO_NEXT with shl_get() we need to skip the program's + handle. This used to be documented as being index -2 but now it + seems to be index 0. As this is not guaranteed we need to look up + the real handle value for PROG_HANDLE and skip it when interating + through all the DSOs. Fixes infinite recursion on HP-UX in the + getenv() replacement. + [ade1b3045232] -2013-10-06 Todd C. Miller + * src/env_hooks.c: + Export getenv() so it is visible to shared objects we link with. + [1ac08446a3a7] - * common/sudo_debug.c: - Fix removal of trailing newlines in a debug message. - [6f5ce5ac64e0] +2014-02-08 Todd C. Miller -2013-10-04 Todd C. Miller + * common/regress/atofoo/atofoo_test.c, + common/regress/sudo_conf/conf_test.c, + common/regress/sudo_parseln/parseln_test.c, + common/regress/tailq/hltq_test.c, + plugins/sudoers/regress/parser/check_fill.c: + Add some initprogname() calls to the test programs. + [e4320585a88b] - * plugins/sudoers/visudo.c: - When checking for unused Runas_Aliases, count those used as part of - a Runas Group too. Fixes a false positive warning. - [f13271a4a377] +2014-02-07 Todd C. Miller -2013-09-29 Todd C. Miller + * plugins/sudoers/po/sudoers.pot: + regen + [038d066a866d] - * .hgtags: - Added tag SUDO_1_8_8 for changeset 556477b26944 - [029d30018f5e] <1.8> + * doc/UPGRADE: + Mention that there is now a default LDAP search filter. + [6351da3f8377] - * NEWS, common/Makefile.in, common/error.c, common/zero_bytes.c, - config.h.in, configure, configure.in, doc/sudo.cat, doc/sudo.man.in, - doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, - doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, - doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, - doc/visudo.man.in, include/error.h, mkpkg, - plugins/group_file/Makefile.in, plugins/sudoers/Makefile.in, - plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, - plugins/sudoers/check.c, plugins/sudoers/env.c, - plugins/sudoers/iolog.c, plugins/sudoers/logging.c, - plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, - src/Makefile.in, src/parse_args.c, src/po/sudo.pot, src/sudo.c: - Merge sudo 1.8.8 from trunk. - [556477b26944] [SUDO_1_8_8] <1.8> + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Minor word choice change. + [7e59ab3eb453] - * include/missing.h: - Include stddef.h for rsize_t and errno_t on systems that support it - natively. - [bc547d47e9c6] + * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/ldap.c, plugins/sudoers/match.c: + Add use_netgroups sudoers option. For LDAP-based sudoers, netgroup + support requires an expensive substring match on the server. If + netgroups are not needed, this option can be disabled to reduce the + load on the LDAP server. + [e6bd6c103390] - * MANIFEST: - Fix braino. - [67b79747312f] +2014-02-06 Todd C. Miller - * plugins/sudoers/po/da.mo, plugins/sudoers/po/de.mo, - plugins/sudoers/po/eo.mo, plugins/sudoers/po/fi.mo, - plugins/sudoers/po/it.mo, plugins/sudoers/po/pl.mo, - plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/uk.mo, - plugins/sudoers/po/vi.mo, plugins/sudoers/po/zh_CN.mo: - Rebuild message catalog files. - [0a9befb0674e] + * plugins/sudoers/ldap.c: + Update copyright year. + [1299eed430a5] - * src/po/da.mo, src/po/eo.mo, src/po/fi.mo, src/po/it.mo, - src/po/pl.mo, src/po/pt_BR.mo, src/po/ru.mo, src/po/uk.mo, - src/po/vi.mo, src/po/zh_CN.mo: - Rebuild message catalog files. - [25191089ddf2] + * NEWS: + Mention LDAP changes. + [512b1e363587] - * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/cs.mo, src/po/cs.po: - Czech translation for sudo from translationproject.org. - [8bc0ed069ddb] + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c: + Use a default LDAP search filter of (objectClass=sudoRole). When + constructing the netgroup query, add (sudoUser=*) to the query so we + don't fall below the 3 character OpenLDAP substring threshold. + Otherwise the index for sudoUser will never be used for that query. + Pointed out by Michael Stroeder. + [54856973af41] -2013-09-18 Todd C. Miller + * plugins/sudoers/timestamp.c: + Don't warn about an insecure lecture dir twice. Display warnings in + the user's locale. + [2c56b8b6d6f9] - * plugins/sudoers/po/da.po, plugins/sudoers/po/de.po, - plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.po, - plugins/sudoers/po/it.po, plugins/sudoers/po/pl.po, - plugins/sudoers/po/pt_BR.po, plugins/sudoers/po/uk.po, - plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.po, src/po/da.po, - src/po/eo.po, src/po/fi.po, src/po/it.po, src/po/pl.po, - src/po/pt_BR.po, src/po/ru.po, src/po/uk.po, src/po/vi.po, - src/po/zh_CN.po: - Sync with translationproject.org - [c16f9bb4579e] +2014-02-05 Todd C. Miller - * NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: - Change "next" back to 2. In the context of "next Friday" we really - do want the friday of the upcoming (not current) week. - Unfortunately, this means that things like "next week" and "next - year" will match one more than we really want. Fixing this will - require some fairly major changes to the grammar. - [7f863c930121] + * NEWS: + Mention the fix for ^Z at the password prompt when sudo was started + in the background. + [352d52ad1f7d] - * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: - Mention that relative times don't always do what you might expect. - [710a9b0dd36f] + * common/term.c, src/exec_pty.c: + In term_restore(), only restores the terminal if we are in the + foregroup process group. Instead of calling tcgetpgrp(), which is + racy, we set a temporary handler for SIGTTOU and check whether it + was received after a failed call to tcsetattr(). + [94979d51daa2] -2013-09-17 Todd C. Miller + * MANIFEST, compat/getaddrinfo.c, compat/inet_pton.c, config.h.in, + configure, configure.ac, doc/LICENSE, include/missing.h, mkdep.pl, + plugins/sudoers/interfaces.c, plugins/sudoers/match_addr.c: + Use inet_pton() instead of inet_aton() and include a version from + BIND for those without it. + [fe61a27c76d3] - * doc/CONTRIBUTORS: - Add diacritical for Zdenek Behan. - [78d333f88e6c] + * common/regress/atofoo/atofoo_test.c: + Quiet a gcc warning. + [f197821892ea] -2013-09-11 Todd C. Miller + * compat/getaddrinfo.c: + Need to include limits.h for USHRT_MAX. + [d1d8bd9a0e01] - * src/regress/ttyname/check_ttyname.c: - Do not fail if ttyname() cannot determine the tty but sudo can. - Should fix problems with running "make check" under pbuilder. - [e6fc06a6c5cf] +2014-02-04 Todd C. Miller - * plugins/sudoers/Makefile.in: - Remove extraneous $$CWD; from Bdale Garbee - [4d040ddd7446] + * common/term.c, include/sudo_util.h: + Use bool for function return values instead of 1 or 0. + [99e357c0800b] -2013-09-09 Todd C. Miller + * configure, configure.ac: + Warn the user if the rundir needs to be cleared in the rc files. + Neither AIX not HP-UX clear /var/run (if it even exists). + [6cdbf57a2f9e] - * NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: - Make "this" and "next" qualifiers work a bit better. There is still - room for improvement as "this week" will use the current time - instead of the beginning of the week. That's a separate issue - though. - [e844c02f754a] + * NEWS: + Update for sudo 1.8.9p5 + [efb737c32615] -2013-09-06 Todd C. Miller + * src/preserve_fds.c: + When the closefrom limit is greater than any of the preserved fds, + the pfds list will be non-empty but lastfd will be -1 triggering an + ecalloc(0) assertion. Instead, test for lastfd being -1 and make + sure we always update it, even if dup() fails. Also restore initial + value of lowfd after we are done relocating. Fixes bug #633 + [a11206a31f28] - * common/regress/sudo_conf/conf_test.c, - common/regress/sudo_parseln/parseln_test.c: - Mark main() public to silence a warning on HP-UX. - [ac0b869b9842] + * common/term.c: + Document function return values. + [267bc85f6fbb] -2013-09-03 Todd C. Miller +2014-02-03 Todd C. Miller - * plugins/sudoers/po/sudoers.pot, plugins/sudoers/timestamp.c: - Be specific that we are talking about the Unix epoch; bug #615 - [25887775371b] + * src/exec_pty.c: + term_restore() now restarts itself so we don't need to do it + ourselves. + [a17e885d0b0a] - * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/po/sudoers.pot, - src/po/sudo.pot, src/selinux.c: - Do not use "setup" as a verb; bug #614 - [17c4750aac5f] + * common/term.c: + syscall restarting is broken on Mac OS X when interrupted by a tty + signal so restart tcsetattr() by hand. For details, see. + http://openradar.appspot.com/radar?id=6402578615107584 + [3997b2a0577e] - * plugins/sudoers/iolog.c: - Fix logic goof when checking open() status. - [76ece1445d71] + * MANIFEST, common/Makefile.in, common/regress/atofoo/atofoo_test.c: + Add regress for atobool(), atoid() and atomode() + [e1cbdf86d6e2] - * plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, src/po/nl.mo, - src/po/nl.po, src/po/ru.mo, src/po/ru.po: - Sync with translationproject.org - [21351498000f] + * plugins/sudoers/Makefile.in: + Add back boottime.lo + [0b7ddc31e13e] - * NEWS, plugins/sudoers/sudoreplay.c: - Work around a bug in sudo 1.8.7 timing files where the indexes are - off by two. - [4aa0cd58af58] + * INSTALL: + Mention that rundir and vardir may be the same and what to do if + they are. + [301df9a31d43] - * MANIFEST, plugins/sudoers/iolog.c, plugins/sudoers/iolog.h, - plugins/sudoers/sudoreplay.c: - Repair writing of the I/O log file indices broken in sudo 1.8.7. - [6a5f867884f5] + * MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/boottime.c, plugins/sudoers/sudoers.h, + plugins/sudoers/timestamp.c: + Bring back boot time checking code and zero out time stamp files + that predate the boot time. This should help systems w/o /var/run + where the admin has setup rc.d to clear the timestamp directory. + [e09389a8b1ca] -2013-08-31 Todd C. Miller + * configure, configure.ac: + Check libraries for inet_pton() if not in libc. + [9f9bd83895e8] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Try to improve the PAGERS noexec example a bit. - [226f11118daa] +2014-02-02 Todd C. Miller -2013-08-30 Todd C. Miller + * configure, configure.ac: + Fix clock_gettime() detection when it lives in librt. Some systems + have inet_aton() in libresolv (older Solaris). + [e5f7c8bc9a81] - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in: - Document comment character in ldap.conf Clarify what is and is not - supported in TLS_KEYPW Mention that gsk8capicmd can be used to - create a stash file - [fb8f06ab4458] + * sudo.pp: + Avoid duplicate directories if vardir and rundir are the same. + [c5df5ebc191b] -2013-08-26 Todd C. Miller + * plugins/sudoers/po/sudoers.pot: + regen + [740b2cc42fea] - * NEWS: - New bugs fixed for 1.8.8. - [c158df7cd9d2] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Elaborate on time stamp error message causes. + [2838fea2e21a] - * plugins/sudoers/visudo.c: - Fix setting of quiet flag when -q / --quiet is specified. Do not - print "sudoers: parsed OK" in quiet mode. - [df55acd57ce6] +2014-02-01 Todd C. Miller - * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, - plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/fi.mo, - src/po/fi.po, src/po/it.mo, src/po/it.po: - Updated translations from translationproject.org - [e9e8abd23a28] + * sudo.pp: + Remove the time stamp dir and its contents when uninstalling. We + currently leave the lecture status files installed until there is a + better way to detect upgrades. + [61532b7113ff] - * plugins/sudoers/check.c: - Don't allow root to change its SELinux role without a password. Bug - #611 - [f8b599acb29d] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Update time stamp error messages and regen. + [edf570c98cd5] -2013-08-21 Todd C. Miller + * plugins/sudoers/timestamp.c: + Restore warning when sudoers is unable to update the time stamp + file. + [86648a771250] - * NEWS: - Mention new Mac OS X symbol interposition. - [98293b7c4e0f] + * INSTALL, Makefile.in, configure, configure.ac, doc/sudoers.mdoc.in, + m4/sudo.m4, plugins/sudoers/Makefile.in, sudo.pp: + Replace --with-timedir and --with-lecture_dir with --with-rundir and + --with-vardir which are the parent directories of the time stamp and + lecture dirs. These directories need to be searchable by non-root so + that the timestampowner setting can function. + [5c38d77a2d0c] - * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo, - src/po/eo.po, src/po/fr.mo, src/po/fr.po: - Updated translations from translationproject.org - [865be7454354] + * plugins/sudoers/timestamp.c: + Fix use of timestampowner in the new time stamp world order. Parent + directories for timestampdir and lecture_dir are now created with + the execute bit set so that we can traverse them as non-root. + [9ff6f07c0a5d] - * config.h.in, configure, configure.in, src/sudo_noexec.c: - Add configure checks for the exec functions we will dummy out. This - is only really needed on Mac OS X when symbol interposition is being - performed but won't hurt elsewhere. - [49c20cf6bab0] +2014-01-31 Todd C. Miller -2013-08-20 Todd C. Miller + * common/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in: + Regen Makefiles. + [59542bcdb222] - * config.h.in, configure, configure.in, src/Makefile.in, - src/sudo_noexec.c: - Fix installation of sudo_noexec on Mac OS X. Use library symbol - interposition on Mac OS X 10.4 and higher so we don't need to set - DYLD_FORCE_FLAT_NAMESPACE=1. - [a82999dff8e6] + * common/sudo_debug.c, config.h.in, include/sudo_util.h, + plugins/sample/sample_plugin.c: + Move ctim_get and mtim_get to sudo_util.h + [d565391f5491] -2013-08-19 Todd C. Miller + * plugins/sudoers/timestamp.c: + sprinkle some debug printfs and add function header comments + [1842d9b8170d] - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in: - Fix typo in tls_key example for Tivoli - [36599f424ac4] + * plugins/sudoers/timestamp.c: + Properly handle the case where /var/run/sudo/ts doesn't exist. + [895f3ad6ad60] - * src/parse_args.c: - Don't escape '$' when running "sudo -i command". Bug #564 - [17542d52f714] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + fix typo + [50041ebb6ce6] - * plugins/sudoers/iolog_path.c: - Fix typo in comment. - [d0510ed5eaba] + * NEWS: + Mention "sudo -K" change. + [e99bd7657aae] - * plugins/sudoers/auth/pam.c: - Fix comment. - [4e89e0bfd6af] + * doc/UPGRADE: + Upgrade info for 1.8.10 + [0867718b9af5] - * plugins/sudoers/timestr.c, plugins/sudoers/visudo.c: - Quiet some gcc -Wformat=2 false positives - [28a2014b9822] +2014-01-30 Todd C. Miller -2013-08-18 Todd C. Miller + * plugins/sudoers/timestamp.c: + Warn on ftruncate failure(). + [d2081876da25] - * plugins/sudoers/auth/pam.c: - Remove now-obsolete arg to env_merge() - [ba015cf5d935] + * plugins/sudoers/timestamp.c: + Fix checking of lecture status. + [e12d78234d17] - * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, - plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, - plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, - plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, - plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, - src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po, - src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, - src/po/zh_CN.mo, src/po/zh_CN.po: - Updated translations from translationproject.org - [72b6aeaba505] + * mkpkg: + Do not override timedir on Debian. + [283fa2e69a0a] - * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/fr.mo, src/po/fr.po: - French translation for sudo from translationproject.org. - [a72321771860] + * common/event.c, common/event_select.c, include/missing.h, + plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/visudo.c, src/sudo_edit.c: + Use sudo_timeval macros and remove compat macros from missing.h + [1de76d8b811e] - * plugins/sudoers/logging.h: - Add __printflike to audit_failure. - [1686b3699d41] + * INSTALL, MANIFEST, NEWS, compat/Makefile.in, compat/clock_gettime.c, + config.h.in, configure, configure.ac, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in, include/missing.h, + include/sudo_util.h, m4/sudo.m4, mkdep.pl, pathnames.h.in, + plugins/sudoers/Makefile.in, plugins/sudoers/boottime.c, + plugins/sudoers/check.h, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/sudoers.h, + plugins/sudoers/timestamp.c, src/Makefile.in: + Switch to new time stamp file format. Each user now has a single + file which may contain multiple records when per-tty time stamps are + in use (the default). The time stamps use a monotonic timer where + available and are once again stored in /var/run/sudo. The lecture + status is now stored separately from the time stamps in a different + directory. + [7e16eb37bacc] - * include/missing.h: - Use __nonnull__ attribute in __printflike. - [d123613a1fb6] + * common/atomode.c: + Zero out errstr when there is no error; fixes bug #632 + [74950ef1a0dc] -2013-08-17 Todd C. Miller +2014-01-29 Todd C. Miller - * plugins/sudoers/env.c, plugins/sudoers/sudoers.h: - When merging the PAM environment, allow environment variables set in - PAM to override ones set by sudo as long as they do not match the - env_keep or env_check lists. - [f3c64967fed7] + * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/check.c: + When listing a user's privileges, always prompt the user for their + own password, regardless of the value of target_pw, root_pw or + runas_pw. + [73a13ccc7933] - * plugins/sudoers/auth/pam.c: - Call pam_getenvlist() after we've opened the session to get the - session-specific environment variables. - [b413fb9e1c77] +2014-01-26 Todd C. Miller - * plugins/sudoers/ldap.c: - Fix error display from ldap_ssl_client_init(). There are two error - codes. The return value can be decoded via ldap_err2string() but the - ssl reason code cannot (you have to look it up in a table online). - [0267125ce9f0] + * configure, configure.ac, plugins/sudoers/interfaces.c, + plugins/sudoers/match_addr.c: + Use inet_aton() instead of inet_addr() as it allows us to + distinguish between the address (or mask 255.255.255.255) and an + error. In the future we may consider switching to inet_pton() for + IPv4 too. + [b6b4e4c77e9a] -2013-08-16 Todd C. Miller +2014-01-24 Todd C. Miller - * NEWS: - option not flag - [08c31af7b818] + * include/missing.h: + Fix typo, ULONG_MAX vs. ULLONG_MAX + [5d274daa9fb1] - * compat/getopt_long.c, config.h.in, configure, configure.in: - Don't redefine opterr, optind, optopt, optarg in getopt_long.c. Add - a check for optreset which is a BSD extension and provide a - definition in getopt_long.c if it is not present. - [3393e8d83400] + * plugins/sudoers/sudo_nss.c: + Fix typo in the AIX case. + [ee531c950fce] - * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - regen - [f38f65830118] + * plugins/sudoers/sudo_nss.c: + Size pointer for sudo_parseln() should be size_t not ssize_t. This + was already correct for the nsswitch.conf case. + [cfaf895c1db4] - * plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c: - Use lower case for the long option arguments to match the manual. - This is inconsistent with GNU but it is better to match the sudo - documentation. - [8fac2d64f5d2] +2014-01-23 Todd C. Miller - * NEWS: - Sudo 1.8.8 - [105c73752474] + * NEWS, common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, include/sudo_conf.h, src/net_ifs.c: + It is now possible to disable network interface probing in sudo.conf + by changing the value of the probe_interfaces setting. + [e9dc28c7db60] - * src/parse_args.c: - Use lower card for the long option arguments to match the manual. - This is inconsistent with GNU but it is better to match the sudo - documentation. - [af243dd39850] +2014-01-22 Todd C. Miller - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in: - Describe how remote command execution can be implemented. - [3eba7f93b7f6] + * plugins/sudoers/match_addr.c: + If inet_addr() returns INADDR_NONE, return false instead of + iterating through the interfaces looking for a match that will never + happen. + [1559c301caec] - * doc/sudoers.ldap.cat: - Bump version. - [0ee7f02f3627] + * configure, configure.ac, src/Makefile.in: + Add explicit dependency on sudoers.la to sudo target when sudoers is + compiled statically into the sudo binary. + [d08cc66e18bd] -2013-08-15 Todd C. Miller +2014-01-21 Todd C. Miller - * src/sudo.c: - Make it a fatal error if the plugin returns invalid or out of range - command info. - [8a7e56c7584a] + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/timestr.c: + Do not assume localtime(), gmtime() and ctime() always return non- + NULL. + [a1b5b67436de] - * plugins/sudoers/policy.c: - Use strtol() instead of atoi() and perform error checking of - parameters passed from the sudo front-end. - [05e05be3c6c4] +2014-01-15 Todd C. Miller - * plugins/sudoers/auth/pam.c: - It is not possible for auth to be NULL here. - [771500e776e9] + * Makefile.in, common/Makefile.in, compat/Makefile.in, + doc/Makefile.in, include/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in, zlib/Makefile.in: + Update copyright years + [37d2aaa92544] - * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: - Initialize user_runhost and user_srunhost to user_host and - user_shost in visudo and testsudoers. - [c47cca74e1fc] + * plugins/sudoers/visudo_json.c: + Eliminate dead store found by clang checker. + [86874d5340f1] - * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c, - common/error.c, common/fatal.c, common/gidlist.c, common/lbuf.c, - common/list.c, common/sudo_conf.c, common/sudo_debug.c, - compat/Makefile.in, compat/getopt_long.c, include/error.h, - include/fatal.h, plugins/sudoers/Makefile.in, - plugins/sudoers/bsm_audit.c, plugins/sudoers/hexchar.c, - plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, - plugins/sudoers/regress/check_symbols/check_symbols.c, - plugins/sudoers/regress/logging/check_wrap.c, - plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, - src/Makefile.in, src/locale_stub.c, src/net_ifs.c, - src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.h: - Rename error.h -> fatal.h now that there is no error() function. - [3a3827f10f04] + * NEWS, configure, configure.ac: + Update for sudo 1.8.9p4 + [f79ab7c6c1c5] - * common/sudo_debug.c, include/sudo_debug.h: - Add support to the debug subsystem for zero-length strings. This can - happen for things like warning(NULL) or fatal(NULL) where we just - want to log the errno string. - [3ed739c5cc91] + * common/sudo_debug.c, include/sudo_debug.h, src/preserve_fds.c: + When relocating fds, update the debug fd if it is set so we are + guaranteed to get debugging output. + [b1deaa472aa6] - * include/error.h: - Add __printflike for vfatal, vfatalx, vwarning and vwarningx. - [57e65ed595d2] +2014-01-14 Todd C. Miller - * plugins/sudoers/audit.c: - Need to include gettext.h for BSM audit. - [a87fda2d0123] + * src/exec.c: + If the event loop exits due to an error and we are not logging I/O, + kill the command if still running. Fixes a bug where sudo could exit + while the command was still running. + [844018ff8a8c] - * common/alloc.c, plugins/sudoers/env.c, src/exec_common.c, - src/parse_args.c, src/sudo.c: - Change some fatalx(NULL) that should be fatal(NULL). - [8b1efda9f578] + * src/preserve_fds.c: + When relocating preserved fds, start with the highest ones first to + avoid moving fds around more than we have to. Now uses a bitmap to + keep track of which fds are being preserved. Fixes a bug where the + debugging fd could be relocated to the same fd as the error + backchannel temporarily, resulting in debugging output being printed + to the backchannel if util@debug was enabled. + [55e006dbeaf3] - * include/error.h, include/missing.h: - Use __printf0like for warning() and fatal() since the fmt string may - be NULL. - [858a890f00ad] + * src/preserve_fds.c: + When restoring fds traverse list from high -> low, not low -> high + to avoid implicitly closing an fd we want to relocate. + [6351225f47d7] - * compat/pw_dup.c: - Quiet a gcc "used uninitialized in this function" false positive. - [98f47f89ce60] + * src/exec.c: + If not logging I/O we may get EOF when the command is executed and + the other end of the backchannel is closed. Just remove the + backchannel event in this case or we will continue to receive the + event. Bug #631 + [a204b69d91f7] - * mkpkg: - Enable bsm audit on Mac OS X and Solaris >= 11. - [8607488f986c] + * src/po/sr.mo, src/po/sr.po: + sync with translationproject.org + [987087ce4658] - * plugins/sudoers/bsm_audit.c: - Fix compilation on Solaris 11. - [01aa46298ed7] +2014-01-13 Todd C. Miller - * plugins/sudoers/bsm_audit.c: - Add missing missing.h - [080de69a55a1] + * src/ttyname.c: + Fix strtonum() usage when parsing /proc/self/stat on Linux. Bug #630 + [3448dffe9701] - * plugins/sudoers/sudoers.c: - Move the -C (user_closefrom) check until after set_cmnd() so that - closefrom_override can be used in a command-specific Defaults line. - Fixes bug #610 from Mengtao Sun. - [413565c6ff6b] + * NEWS, configure, configure.ac: + Update for sudo 1.8.9p3 + [22e5a6f69999] -2013-08-14 Todd C. Miller + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Do not leak old istack if realloc fails; found by cppcheck. Also + modify yyless() to avoid a harmless cppcheck warning every time it + is used. + [021077017a23] - * src/exec.c: - If not using a pty and the child process gets SIGTTOU or SIGTTIN and - sudo is the foreground process, make the child the foreground - process and continue it. - [5ff433443bc4] + * common/term.c: + Add suppression line to quiet a bogus (inconclusive) cppcheck + warning. + [065207271e5d] - * src/sudo.c: - If sudo is not setuid and was not invoked with a full path, look in - the user's PATH for the sudo binary to give a better error message. - [a740129a38f0] + * plugins/group_file/plugin_test.c: + Make this compile again + [f0ff8df475e8] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, - plugins/sudoers/logging.c, plugins/sudoers/match.c, - plugins/sudoers/policy.c, plugins/sudoers/sudo_nss.c, - plugins/sudoers/sudoers.h: - Add limited support for "sudo -l -h other_host". Since group lookups - are done on the local host, rules that use group membership may be - incorrect if the group database is not synchronized between hosts. - [2c8b222a5f7f] + * plugins/sudoers/logwrap.c: + Remove dead store; found by cppcheck + [a59833af3401] - * src/parse_args.c: - Fix parsing of "-h host" when used in conjunction with the -l flag. - [62f3d726d52b] + * Makefile.in, common/Makefile.in, compat/Makefile.in, + doc/Makefile.in, include/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in, zlib/Makefile.in: + Add cppcheck target to run cppcheck on all source files. + [d207c2ef49a2] - * configure, configure.in, doc/fixman.sh, doc/fixmdoc.sh, - doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat, - doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, - doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c, - plugins/sudoers/visudo.c, src/parse_args.c, src/sudo.c, - src/sudo_usage.h.in: - Simplify usage messages a bit and make --help output more closely - resemble GNU usage wrt long options. Sync usage and man page - SYNOPSYS sections and improve long options in the manual pages. Now - that we have long options we don't need to give the mnemonic for the - single-character options in the description. - [17b7e386955a] +2014-01-09 Todd C. Miller -2013-08-13 Todd C. Miller + * NEWS, configure, configure.ac: + Update for sudo 1.8.9p2 + [2e7fe6e371a4] - * plugins/sudoers/logging.c: - Fix setting of mailer argv[0] to basename of mailerpath. No need to - strdup() mailerpath as it is not modified. - [8843cdd958ee] + * config.h.in, configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, + m4/ltsugar.m4, m4/ltversion.m4, m4/lt~obsolete.m4: + Update to libtool-2.4.2.418 + [d1dbed89d733] - * plugins/sudoers/logging.c: - Make sure the mailer exists and is a regular file before trying to - exec it. - [b73d6214014f] + * config.guess, config.sub: + Update from http://git.savannah.gnu.org/gitweb/?p=config.git + [2b5e32d23be5] - * plugins/sudoers/timestamp.c: - If tty_tickets are enabled but there is no tty, use a ticket file - based on the parent pid. - [75408bd61ced] +2014-01-08 Todd C. Miller - * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in, - doc/sudo.conf.mdoc.in, include/sudo_conf.h, src/parse_args.c: - Allow default plugin dir to be configured in sudo.conf. - [478883594cc5] + * src/sesh.c: + Quiet a cppcheck warning about a negative subscript. + [ab98b72f5bdf] - * doc/CONTRIBUTORS: - UTF8 for Ruusamae, Elan; from Tae Wong - [02e0c95b4fa6] + * src/exec_common.c, src/selinux.c, src/sesh.c, src/sudo_exec.h: + Make noexec parameter to sudo_execve() bool. + [daa75e4c248a] -2013-08-12 Todd C. Miller + * plugins/sudoers/sudoreplay.c: + Quiet a few innocuous cppcheck warnings. + [90ffa16d27b1] - * MANIFEST, common/regress/sudo_conf/test5.in, - common/regress/sudo_conf/test5.out.ok, - common/regress/sudo_conf/test6.in, - common/regress/sudo_conf/test6.out.ok, common/sudo_conf.c, - doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, - plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c, src/sudo.c: - Don't allow max_groups to be set to zero, it just complicates things - needlessly. Fixes an assertion in visudo when there is a group- - based Defaults entry. - [d62a8ea32db9] + * plugins/sudoers/sssd.c: + Handle in_res being NULL for sudo_debug_printf() in + sudo_sss_filter_result(). + [8595cc05d2a8] -2013-08-08 Todd C. Miller + * plugins/sudoers/iolog.c: + When writing length to timing file, use %u not %d as it is unsigned. + [a7f2fcb6919e] - * MANIFEST, common/Makefile.in, common/gidlist.c, - plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, src/sudo.c, - src/sudo.h: - Refactor code to parse list of gids into its own function that is - shared by the sudo front-end and the sudoers module. Make uid/gid - parse error be fatal, not just a warning. - [da3b2b06605c] + * plugins/sudoers/visudo_json.c: + Close export_fp in the error path too, but do not close stdout. + [5c918718ab45] - * common/atoid.c: - Add function comment block. - [09a324de716f] + * plugins/sudoers/auth/secureware.c: + Move right brace outside #ifdef HAVE_DISPCRYPT; found by cppcheck. + [f2619d2eb7a8] - * common/atoid.c: - Default text domain is now sudo, not sudoers. - [1acb1da6f304] + * NEWS: + Sudo 1.8.9 also fixes bug #617 + [cc5c18228719] - * common/Makefile.in: - Update dependency for atoid.lo - [5e367cd44288] +2014-01-07 Todd C. Miller - * common/atoid.c, plugins/sudoers/iolog.c, plugins/sudoers/policy.c, - plugins/sudoers/sudoers.h, plugins/sudoers/tsgetgrpw.c, src/sudo.c, - src/sudo.h: - Add endpointer and separator args to atoid() - [2077e4ed8578] + * NEWS: + The fix for the hang was already in the 1.8.9 tarballs. + [f038ebcc1071] -2013-08-07 Todd C. Miller + * NEWS, configure, configure.ac: + Update for sudo 1.8.9p1 + [732fca0003cf] - * compat/getgrouplist.c: - Use private version of atoid() to avoid a dependency on libcommon.a - (since that already depends on libreplace.a). - [7c12d63b0560] + * common/atobool.c, common/event.c, plugins/sudoers/iolog.c, + plugins/sudoers/parse.h, src/exec.c, src/preserve_fds.c: + Update copyright year. + [fdeb5956810e] - * doc/CONTRIBUTORS: - More UTF8 in names; from Tae Wong - [512b263f51c8] + * plugins/sudoers/parse.h: + Go back to making the bit fields in struct cmndtag explicitly + signed. This fixes a problem on gcc 4.8 (at least) which appears to + be treating the value as unsigned by default. + [46b9a7bb10ac] - * compat/getgrouplist.c, plugins/sudoers/iolog.c, - plugins/sudoers/tsgetgrpw.c, src/sudo.c, src/sudo.h: - Use atoid() in more places. - [06f4ae57c707] + * common/atobool.c: + Use debug_return_int() instead of bare return for debugging support. + [c273f822de5f] - * MANIFEST, common/Makefile.in, common/atoid.c, - plugins/sudoers/Makefile.in, plugins/sudoers/atoid.c: - Move atoid() to common so it can be used in src and compat too. - [095d730701e4] +2014-01-06 Todd C. Miller - * compat/closefrom.c: - Avoid a crash on Mac OS X 10.8 (at least) when we close - libdispatch's fds out from under it before executing the command. - Switch to just setting the close on exec flag instead. - [349ebf4987df] + * common/event.c: + Fix infinite loop that could be triggered by sudo_ev_loopbreak() and + sudo_ev_loopcontinue(). + [1723561c46b0] - * doc/CONTRIBUTORS: - Convert to last, first for easier sorting and use UTF8 (including a - BOM). - [8c30d221bd75] + * NEWS: + Update for 1.8.9 final. + [d49c14d21410] - * plugins/sudoers/atoid.c: - Add atoid() function to convert a string to an id_t (uid, gid or - pid). We have to be careful to choose() either strtol() or strtoul() - depending on whether the string appears to be signed or unsigned. - Always using strtoul() is unsafe on 64-bit platforms since the uid - might be represented as a negative number and (unsigned long)-1 on a - 64-bit system is 0xffffffffffffffff not 0xffffffff. Fixes a problem - with uids larger than 0x7fffffff on 32-bit platforms. - [5d818e399157] +2014-01-04 Todd C. Miller - * MANIFEST, config.h.in, configure, configure.in, - plugins/sudoers/Makefile.in, plugins/sudoers/policy.c, - plugins/sudoers/sudoers.h: - Add atoid() function to convert a string to an id_t (uid, gid or - pid). We have to be careful to choose() either strtol() or strtoul() - depending on whether the string appears to be signed or unsigned. - Always using strtoul() is unsafe on 64-bit platforms since the uid - might be represented as a negative number and (unsigned long)-1 on a - 64-bit system is 0xffffffffffffffff not 0xffffffff. Fixes a problem - with uids larger than 0x7fffffff on 32-bit platforms. - [cd92246a710f] + * plugins/sudoers/iolog.c: + Handle a sequence file with no trailing newline. + [aa29306e4f6d] - * plugins/sudoers/sudoers.c: - Avoid "perm stack underflow" error when logging the unknown uid - error. - [871514c713b7] +2014-01-03 Todd C. Miller - * plugins/sudoers/set_perms.c: - In rewind_perms() there is nothing to do if perm_stack_depth == 0. - [98de335f47f0] + * plugins/sudoers/iolog.c: + Truncate io log and timing files on open when recycling them. Only + an issue when the sequence number wraps around. + [01b2dfe15ff0] -2013-08-06 Todd C. Miller + * plugins/sudoers/iolog.c: + Repair reading of the iolog sequence number that got broken when + adding stricter strtoul() checks. + [e0f4a11c3437] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c, - plugins/sudoers/def_data.h, plugins/sudoers/def_data.in: - Add pam_setcred sudoers option to allow the user to control whether - pam_setcred() is called on the user's behalf. - [4260a8e43073] + * src/exec.c: + If invoked as sudoedit we can't just exec the command directly since + the temporary files need to be updated before sudo exits. + [508503be1c4f] - * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in, - doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c, - plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, - plugins/sudoers/def_data.in, plugins/sudoers/defaults.c: - Add pam_service and pam_login_service sudoers settings to control - the service name passed to pam_start. - [5ea0e3588f3a] + * src/preserve_fds.c: + Fix restoration of the close-on-exec flag when moving a relocated fd + back into its original position. + [5572f1f8b48a] - * mkpkg: - Newer Xcode places the SDKs under Xcode.app - [4b54379d5c45] +2014-01-02 Todd C. Miller -2013-08-03 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Add "see below" to reference "Secure editing" section in "Preventing + shell escapes". + [b2db990a36b3] - * MANIFEST, common/Makefile.in, common/zero_bytes.c, - compat/Makefile.in, compat/memset_s.c, config.h.in, configure, - configure.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, include/missing.h, include/sudo_plugin.h, - mkdep.pl, plugins/sudoers/Makefile.in, - plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, - plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c, - plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, - plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c, - plugins/sudoers/logging.c, plugins/sudoers/sha2.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, - plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, - src/Makefile.in, src/conversation.c, src/sudo.h, src/sudo_edit.c, - src/tgetpass.c: - Implement memset_s() and use it instead of zero_bytes(). A new - constant, SUDO_CONV_REPL_MAX, is defined by the plugin API as the - max conversation reply length. This constant can be used as a max - value for memset_s() when clearing passwords filled in by the - conversation function. - [264ec146028e] +2014-01-01 Todd C. Miller -2013-08-01 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Add initial "Secure editing" section. + [0d7a192e0e25] - * plugins/group_file/Makefile.in, plugins/sample/Makefile.in, - plugins/system_group/Makefile.in: - Do not try to install plugins when shared modules are disabled - (sudoers already had the check). - [3d582c042042] + * doc/LICENSE: + Update copyright year. + [4a639d9207a9] - * plugins/sudoers/Makefile.in: - Update dependencies to take into account compat/getopt.h and - compat/dlfcn.h. - [301fb31cd121] +2013-12-31 Todd C. Miller - * src/Makefile.in: - Update dependencies now that sudo_usage.h is always included from - the build dir. - [c1ff70ec9515] + * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, src/po/eo.mo, + src/po/eo.po, src/po/fi.mo, src/po/fi.po: + sync with translationproject.org + [5c15a411b10d] -2013-07-31 Todd C. Miller + * plugins/sudoers/policy.c: + Make user_cwd and user_tty dynamically allocated even for the + "unknown" case. + [015454bf97f8] - * plugins/sudoers/ldap.c: - Add some warnings and debugging to sasl ccname handling. - [467f415861f0] +2013-12-30 Todd C. Miller - * plugins/sudoers/ldap.c: - Fix write loop invariant in sudo_krb5_copy_cc_file() - [6948cf6e9b9f] + * configure, configure.ac: + Use -fstack-protector-strong in preference to -fstack-protector-all + or -fstack-protector. + [bdd1066eefc4] -2013-07-30 Todd C. Miller + * doc/HISTORY: + Dell acquired Quest + [3d5b7d27a313] - * plugins/sudoers/ldap.c: - Strip off leading FILE: or WRFILE: prefix before trying to copy the - user's credential cache. - [56c16feab62f] +2013-12-29 Todd C. Miller -2013-07-29 Todd C. Miller + * plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/ru.mo, + src/po/ru.po, src/po/vi.mo, src/po/vi.po: + sync with translationproject.org + [f964671d08ce] - * src/sudo.c: - Instead of setting RLIMIT_NPROC to unlimited when sudo initializes, - just save RLIMIT_NPROC in exec_setup() before the final setuid() and - restore it immediately after. We don't need to modify RLIMIT_NPROC - for simple euid changes, just for changing the real (and saved) uids - before we exec. This also means we no longer need to worry about - _SC_CHILD_MAX returning -1. Bug #565 - [1372f1909039] +2013-12-28 Todd C. Miller -2013-07-28 Todd C. Miller + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/cs.mo, src/po/cs.po, src/po/da.mo, src/po/da.po, + src/po/it.mo, src/po/it.po, src/po/pl.mo, src/po/pl.po, + src/po/pt_BR.mo, src/po/pt_BR.po, src/po/uk.mo, src/po/uk.po, + src/po/zh_CN.mo, src/po/zh_CN.po: + sync with translationproject.org + [5f5becf5fb7a] - * plugins/sudoers/ldap.c, src/preload.c: - Now that the ldap code runs with the real and effective uid set to - 0, it is not possible for the gssapi libs to find the user's krb5 - credential cache file. To work around this, we make a temporary copy - of the user's credential cache specified by KRB5CCNAME (opened with - the user's effective uid) and point gssapi to it. To set the - credential cache file name, we dynamically look up - gss_krb5_ccache_name() and use it if available, otherwise fall back - to setting KRB5CCNAME. - [8b86c134541a] + * doc/sudoers.ldap.cat: + regen + [77745e6bc0d5] -2013-07-19 Todd C. Miller + * NEWS: + Update for recent changes. + [365b9084268a] - * doc/sudo.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, - doc/sudoreplay.mdoc.in, doc/visudo.cat, doc/visudo.man.in, - doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c, + * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: - Long option support for visudo and sudoreplay. - [91427968be71] + Fix typo; we want setlocale(LC_ALL, "") since we are setting the + locale for the first time. + [e2b9660e9d48] -2013-07-18 Todd C. Miller +2013-12-27 Todd C. Miller - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, src/Makefile.in, - src/parse_args.c, src/sudo.c, src/sudo_usage.h.in: - Add support for long options and fix inclusion of sudo_usage.h with - modern gcc broken in 8597:1fcb7ba13018. - [d13134819944] + * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + Use sudoers_initlocale() in main() startup, not sudoers_setlocal() + as the latter assumes we are already in the user's locale which may + not be the case. For sudoreplay, we can just use setlocale() + directly as there is no sudoers locale. + [12235e50dea0] - * src/Makefile.in: - Add rule to rebuild sudo_usage.h when the .in file changes. - [59a32899e251] +2013-12-24 Todd C. Miller - * compat/Makefile.in, mkdep.pl, src/Makefile.in: - Add make rules for building getopt_long.c - [5f57593b3a8b] + * src/preserve_fds.c, src/sudo.c, src/sudo.h: + Redo preserve_fds support to remap high fds so we can get the most + out of closefrom(). The fds are then restored after closefrom(). + [7d712ec49db7] - * src/parse_args.c: - Make "-h hostname" work. Optional args in GNU getopt() only work - when there is no space between the option flag and the argument. - [b8258659cabb] + * plugins/sudoers/Makefile.in: + Fix install-plugin when sudoers is compiled statically. + [36a8bf3b588d] -2013-07-17 Todd C. Miller +2013-12-20 Todd C. Miller - * MANIFEST, compat/getopt.h, compat/getopt_long.c, config.h.in, - configure, configure.in, doc/LICENSE, src/parse_args.c: - Use getopt_long() so we can make the -h flag take an optional - argument. Includes a version for those without it. - [d1dd66c8a86b] + * MANIFEST, common/sudo_debug.c, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + include/sudo_debug.h, include/sudo_plugin.h, src/Makefile.in, + src/exec.c, src/exec_pty.c, src/preserve_fds.c, src/sudo.c, + src/sudo.h, src/sudo_exec.h: + Add support for preventing fds from getting clobbered by + closefrom(). + [269f45964ff0] -2013-07-16 Todd C. Miller +2013-12-19 Todd C. Miller - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: - Document that the -h option can be used specify a host name for - future plugins. - [8470c74cf326] + * plugins/sudoers/Makefile.in: + regen + [b8f458379b5b] - * include/sudo_plugin.h, src/parse_args.c, src/sudo_usage.h.in: - Overload -h option to specify an optional hostname for remote - access. This is future-proofing; no policy plugins currently support - this. - [0e01d8c3c623] +2013-12-18 Todd C. Miller - * configure, configure.in: - Bump version to 1.8.8 - [a1155bfaa28f] + * common/alloc.c: + Need to include limits.h here too. + [b53c6edef597] - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in: - Document the remote_host setting (-h host) - [c737db906f5d] +2013-12-17 Todd C. Miller - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - fix "the the" - [0025464a3942] + * config.h.in, configure, configure.ac, plugins/sudoers/parse.h: + No need to use __signed. + [05f9648d1953] - * src/parse_args.c, src/sudo.c, src/sudo.h: - Do not error out if arg to -U option cannot be resolved, that is for - the plugin to decide. There is no need for runas_user and - runas_group to be global, make them local to parse_args() instead. - [fb02a62a72ba] + * plugins/sudoers/regress/logging/check_wrap.c: + Need limits.h here too. + [54aac3bbf66a] - * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/pt_BR.mo, - plugins/sudoers/po/pt_BR.po, src/po/es.mo, src/po/es.po, - src/po/pt_BR.mo, src/po/pt_BR.po: - Sync with translationproject.org - [e8f4772d918a] + * compat/closefrom.c: + Still need limits.h here. + [0abc6b2be208] -2013-07-11 Todd C. Miller + * plugins/sudoers/po/sudoers.pot: + regen + [386b47ced07f] - * doc/TROUBLESHOOTING: - Remove old bits about sudo setuid problems that should have been - cleaned up in changeset 7917:fa4894896d8a. Also update the mode of - sudo to 04755 to match current packaging. - [1e3904cdc2de] + * compat/closefrom.c: + Go back to using /proc/self/fd instead of /proc/$$/fd as only AIX + lacks /proc/self and it has F_CLOSEM. + [b5735fbcfdce] - * plugins/sudoers/auth/pam.c: - Go back to ignoring the return value of pam_setcred() since with - stacked PAM auth modules a failure from one module may override - PAM_SUCCESS from another. If the first module in the stack fails, - the others may be run (and succeed) but an error will be returned. - This can cause a spurious warning on systems with non-local users - (e.g. pam_ldap or pam_sss) where pam_unix is consulted first. - [b6022e26135a] +2013-12-16 Todd C. Miller - * src/net_ifs.c: - Remove unused variable. - [93dde7d82fde] + * plugins/sudoers/visudo_json.c: + Use a switch to map digest type to name instead of an array of + strings. + [ab17ceb4dd60] - * NEWS: - Fix typo - [5ef79671c2c7] + * compat/closefrom.c: + Use /dev/fd in closefrom() on FreeBSD < 8.0 and Mac OS X. + [e70df3b3144b] -2013-07-09 Todd C. Miller + * compat/snprintf.c: + Remove _MAX and _MIN compat; we rely on missing.h for that. We + already require the compiler handle long long so there's no need to + use HAVE_LONG_LONG_INT everywhere. + [2bda15071439] - * plugins/sudoers/sssd.c: - Fix pasto; sudo_sss_extract_digest() not sudo_ldap_extract_digest(). - From Dan Harnett. - [4a0af6f12765] + * common/ttysize.c, include/missing.h: + Remove _MAX and _MIN defines that any system from the last 20 years + should have. Add ULLONG_MAX in case it is missing. + [2db0cee4aaa8] + + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, + plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c: + Change visudo -x to take a file name argument, which may be '-' to + write the exported sudoers file to stdout. + [84cb72c3c391] -2013-06-18 Todd C. Miller + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/parse.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/visudo.c, + plugins/sudoers/visudo_json.c, src/regress/ttyname/check_ttyname.c: + Move symbol extern defs into sudoers.h + [b631a0b57fae] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Fix formatting typo; from Eric S. Raymond - [058b533ba460] + * plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/logging/check_wrap.c: + Add missing sudo_util.h + [ed0edc2e2d0c] -2013-06-17 Todd C. Miller +2013-12-14 Todd C. Miller - * mkpkg: - Use -gxcoff on aix so dbx can be used to debug sudo. - [4950e019ed2d] + * plugins/sudoers/sudoreplay.c: + Warn if the time stamp in the I/O log file does not fit in time_t. + Warn if the info line is not well-formed instead of silently + ignoring it. + [37a050de5be5] -2013-06-12 Todd C. Miller +2013-12-13 Todd C. Miller - * .hgtags: - Added tag SUDO_1_8_7 for changeset 27c89c95d1c2 - [6c7cec552ea3] <1.8> + * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: + Rename libcommon libsudo_util + [df3ffd4229e5] - * doc/visudo.cat, doc/visudo.man.in: - Merge typo fix from trunk - [27c89c95d1c2] [SUDO_1_8_7] <1.8> +2013-12-12 Todd C. Miller - * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: - Fix typo; bug 605 - [41f7b46a6e51] + * MANIFEST, common/Makefile.in, common/aix.c, common/atobool.c, + common/atoid.c, common/atomode.c, common/fmt_string.c, + common/gidlist.c, common/progname.c, common/setgroups.c, + common/sudo_conf.c, common/term.c, common/ttysize.c, + include/missing.h, include/sudo_util.h, + plugins/group_file/Makefile.in, plugins/group_file/getgrent.c, + plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoreplay.c, plugins/system_group/Makefile.in, + plugins/system_group/system_group.c, src/Makefile.in, src/sudo.h: + Move prototypes for functions provided by libcommon that don't have + their own header files into sudo_util.h. + [43f423a24416] -2013-06-04 Todd C. Miller +2013-12-11 Todd C. Miller - * INSTALL, Makefile.in, NEWS, README, common/Makefile.in, config.h.in, - configure, configure.in, doc/sudo.cat, doc/sudo.man.in, - doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, - doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, - doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, - doc/visudo.man.in, mkpkg, plugins/group_file/Makefile.in, - plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c, - plugins/sample_group/plugin_test.c, - plugins/sample_group/sample_group.c, - plugins/sample_group/sample_group.exp, plugins/sudoers/Makefile.in, - plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, - plugins/sudoers/check.c, plugins/sudoers/env.c, - plugins/sudoers/iolog.c, plugins/sudoers/logging.c, - plugins/sudoers/mon_systrace.h, plugins/sudoers/plugin_error.c, - plugins/sudoers/po/sudoers.pot, plugins/sudoers/redblack.c, - plugins/sudoers/regress/sudoers/test10.toke.out.ok, - plugins/sudoers/regress/sudoers/test11.toke.out.ok, - plugins/sudoers/regress/sudoers/test9.toke.out.ok, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, - plugins/sudoers/visudo.c, src/Makefile.in, src/error.c, - src/exec_pty.c, src/load_plugins.c, src/parse_args.c, - src/po/sudo.pot, src/sudo.c, src/ttyname.c: - Merge sudo 1.8.7 from trunk for release. - [417e640b4411] <1.8> + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/mkdefaults: + Now that we have proper number parsing functions we should store + T_UINT defaults values as unsigned int, not int. + [67d8c2244f1d] - * src/po/da.mo, src/po/eo.mo, src/po/es.mo, src/po/it.mo, - src/po/tr.mo: - Regen .mo files that were out of date. - [9e25a254f9db] + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: + Don't use int where we really mean enum def_tuple. When this code + was written it was assumed that we may have multiple tuple types. + However, that hasn't happened and probably never will. + [8491f970f343] -2013-05-30 Todd C. Miller + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + Regen after string parsing changes. + [fd6bf79c3286] - * NEWS, configure, configure.in: - On Solaris 11 and higher, tag binaries for ASLR if supported by the - linker. - [a2a6cafa3e60] + * common/atoid.c, common/atomode.c, compat/strtonum.c, configure, + configure.ac, include/missing.h, plugins/sudoers/defaults.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/sudoreplay.c, src/parse_args.c, src/ttyname.c: + The OpenBSD strtonum() uses very short error strings that can't be + translated usefully. Convert them to longer strings on error. Also + use the longer strings for atomode() and atoid(). + [dace028594da] - * mkpkg: - No longer need to disable PIE on Solaris. - [cf90019ae67e] +2013-12-10 Todd C. Miller -2013-05-28 Todd C. Miller + * MANIFEST, common/Makefile.in, common/atoid.c, common/atomode.c, + plugins/sudoers/defaults.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h: + Add atomode() function for parsing a file mode. + [44e29629aa5e] - * INSTALL, NEWS, configure, configure.in, doc/TROUBLESHOOTING: - Restrict default creation of PIE binaries (-fPIE and -pie) to Linux. - OpenBSD also supports PIE but enables it by default so we don't need - to do anything. This fixes problems on systems with a version of GNU - ld that accepts -pie but where the run-time linker doesn't actually - support PIE. Also verify that a trivial PIE binary works unless PIE - is explicitly enabled. - [3c5f125efeb1] + * common/sudo_conf.c, common/ttysize.c, compat/Makefile.in, + compat/closefrom.c, compat/getaddrinfo.c, compat/strtonum.c, + configure, configure.ac, include/missing.h, + plugins/sudoers/boottime.c, plugins/sudoers/defaults.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/match_addr.c, plugins/sudoers/policy.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/sudoreplay.c, plugins/system_group/system_group.c, + src/parse_args.c, src/sudo.c, src/ttyname.c: + Use strtonum() instead of atoi(), strtol() or strtoul() where + possible. + [e4a1fc84b893] -2013-05-24 Todd C. Miller + * MANIFEST, compat/Makefile.in, compat/strtonum.c, config.h.in, + configure, configure.ac, include/missing.h, mkdep.pl: + Add strtonum.c to compat for simpler number parsing. + [a4c69b003da0] - * aclocal.m4, configure, configure.in: - Attempt to detect PIE failure on Solaris 10 with GNU as and GNU ld - where we can end up crashing due to malloc() failures. Sems OK when - Using Sun as and ld. - [b8ba412102ab] +2013-12-09 Todd C. Miller - * NEWS: - Update with final changes. - [78ff6d2ed47a] + * src/exec_common.c: + Fix a warning on Solaris, we need to use debug_return_const_ptr. + [932aa94c0cac] -2013-05-23 Todd C. Miller + * plugins/sudoers/Makefile.in: + check_symbols needs to link with SUDO_LIBS in order to get -lpthread + on HP-UX for libldap (which uses threads). It would be better to + have a separate variable for the pthread library but this is no + worse than it used to be. + [94591b765371] - * configure, configure.in: - Add -fPIE to PIE_LDFLAGS as per gcc manual. - [fe900cbb0780] +2013-12-08 Todd C. Miller -2013-05-22 Todd C. Miller + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + add missing comma + [7dcbd1c6dd25] - * common/Makefile.in, compat/Makefile.in: - Add missing $(PIE_LDFLAGS) $(SSP_LDFLAGS) for test programs - [f84bc7482b78] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Make -c option description more accurate. + [3f305ae6037e] - * MANIFEST, plugins/sudoers/alias.c, plugins/sudoers/match.c, - plugins/sudoers/parse.c, plugins/sudoers/parse.h, - plugins/sudoers/regress/visudo/test4.out.ok, - plugins/sudoers/regress/visudo/test4.sh, plugins/sudoers/visudo.c: - Replace sequence number-based cycle detection in visudo with a - "used" flag in struct alias. The caller is required to call - alias_put() when it is done with the alias. Inspired by a patch from - Daniel Kopecek. - [0bdbac1b3b39] +2013-12-07 Todd C. Miller -2013-05-20 Todd C. Miller + * doc/CONTRIBUTORS, plugins/sudoers/sudoers.c: + When checking whether a user may change the login class, just check + pw_uid of the runas user, which was passed in to set_loginclass(). + [aaf736440441] - * plugins/sudoers/iolog.c: - Eliminate a few relocations related to sudoers_io. - [18e9e2cc3367] +2013-12-06 Todd C. Miller - * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po: - Sync with translationproject.org - [f38cc128a2ad] + * plugins/sudoers/visudo_json.c: + Use atoid() when parsing user/group IDs and print them as unsigned + int. + [40c77459a36a] -2013-05-18 Todd C. Miller +2013-12-05 Todd C. Miller - * src/ttyname.c: - Clarify a comment. - [7a045ee06e95] + * plugins/sudoers/sudoreplay.c: + Correctly parse 64-bit times in I/O log files. + [d053ee75adc3] -2013-05-16 Todd C. Miller + * compat/getgrouplist.c, plugins/group_file/getgrent.c, + plugins/sudoers/pwutil.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: + Use atoid() not atoi() when parsing uids/gids. + [491146596626] - * src/ttyname.c: - Handle d_type == DT_UNKNOWN when resolving the device to a name and - sprinkle some more debugging. - [8774133747d9] + * plugins/sudoers/match.c, plugins/sudoers/match_addr.c, + plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/sudoers.h: + Better match debugging. Sprinkle const in match functions. + [4cd8d793f165] -2013-05-03 Todd C. Miller +2013-12-04 Todd C. Miller - * doc/TROUBLESHOOTING: - Add message about disabling PIE if sudo gets SIGSEGV. - [c786af2a6751] + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Document that plugins can be compiled statically into the sudo + binary. + [434061cf909f] - * plugins/sudoers/check.h, plugins/sudoers/timestamp.c: - No longer store the ctime of a devpts tty. The handling of ctime on - devpts in Linux has been changed to conform to POSIX. As a result we - can no longer assume that the ctime will stay unchanged throughout - the life of the session. We store the session ID in the time stamp - file so there is a much smaller chance of the time stamp file being - reused by a new login. While here, store the uid/gid in the - timestamp file too for good measure. - [7028b21f7a9b] +2013-12-03 Todd C. Miller - * configure, configure.in: - PIE is broken on FreeBSD/arm - [f232c60d6229] + * plugins/sudoers/sssd.c: + sudo_sss_filter_user_netgroup(): fix comment typos, break out of + loop early if we match ALL or netgroup. + [0691731f4b12] + + * plugins/sudoers/sssd.c: + When filtering netgroups, use the passwd struct stashed in the + handle, not user_name since we may be listing another users + privileges. + [f2669cf7b70c] * mkpkg: - Add explicit sendmail path for Linux since we may not have sendmail - installed in the build chroot. - [1ba2f84f4ff0] + RHEL 6 and above builds sudo with SSSD support + [afc3d894851e] + + * plugins/sudoers/sssd.c: + Avoid passing NULL domainname to sudo_debug_printf(). + [b08abe5e6d23] -2013-05-01 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document sssd debug subsystem. + [250c3ab1bcf0] - * common/sudo_debug.c, plugins/sudoers/iolog.c, - plugins/sudoers/set_perms.c, src/sudo.c, src/tgetpass.c: - Quiet a few -Wunused-result compiler warnings. - [ef12afb61423] + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + Document "event" debug subsystem. + [85d220b48edc] -2013-04-30 Todd C. Miller + * plugins/sudoers/match.c: + Use atoid() instead of atoi() when parsing uids/gids so we get + proper range checking. + [5c3e2f3f6cb9] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Mention what SHA-2 formats are supported. - [bf298d0fdf8a] + * plugins/sudoers/sssd.c: + Add user netgroup filtering for SSSD. Previously, rules for a + netgroup were applied to all even when they did not belong to the + specified netgroup. RedHat Bugzilla 880150. + [784848b5462c] - * doc/CONTRIBUTORS: - List code and translations separately. - [826547bc1295] + * plugins/sudoers/sssd.c: + Fix several issues found by the clang static analyzer; Daniel + Kopecek + [520261dd7461] -2013-04-29 Todd C. Miller +2013-12-02 Todd C. Miller - * MANIFEST, plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, - plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po, - plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po: - Sync with translationproject.org - [9499a6f438b8] + * README.LDAP: + Mention how to dump sudoers info from LDAP. + [a53c93790a30] - * plugins/sudoers/po/sudoers.pot: - regen - [cce449e284a6] + * src/exec_common.c: + On Solaris, disabling the proc_exec privilege appears to interfere + with DAC file permissions. Adding DAC override permissions to the + inheritable set works around this for commands run as root without + giving extra permissions to other users. Bug #626 + [391ad44026c3] - * Makefile.in: - Fix c-format for fatal/fatalx - [4ad81d3faaeb] +2013-12-01 Todd C. Miller -2013-04-26 Todd C. Miller + * MANIFEST, common/Makefile.in, common/progname.c, compat/Makefile.in, + compat/getprogname.c, configure, configure.ac, include/missing.h, + mkdep.pl, plugins/sample/sample_plugin.c, plugins/sudoers/policy.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c, src/parse_args.c, + src/regress/ttyname/check_ttyname.c, src/sudo.c: + Instead of setprogname(), add initprogname() which gets the program + name for getprogname() using /proc or pstat() if possible. + [e2d48d81456f] - * Makefile.in, plugins/sudoers/iolog.c, plugins/sudoers/policy.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, - plugins/sudoers/visudo.c, src/exec_pty.c, src/sudo.h: - Change some error/errorx -> fatal/fatalx in comments and xgettext - flags. - [9d9b64fa2ec9] +2013-11-30 Todd C. Miller - * NEWS: - There is now a Turkish translation of sudoers. - [701c5af6aa76] + * src/ttyname.c: + Ignore EOVERFLOW from pstat_getproc(). The HP-UX kernel appears to + return this in certain situations but it appears to be harmless at + least insofar as retrieving the tty goes. + [105bea4e1c20] - * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, - plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, - plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: - Updated translations from translationproject.org including new - Turkish translation. - [9cedbb50d90f] - -2013-04-25 Todd C. Miller - - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Document that sudoers will re-use existing I/O log paths unless they - are mktemp-style with trailing X's. - [4f43bd13d9e7] - - * NEWS, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, - doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/ldap.c, - plugins/sudoers/policy.c, plugins/sudoers/sudoers.h: - Allow ldap_conf and ldap_secret to be specified as plugin arguments - in sudo.conf - [37c6c425b565] - - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in: - sudoers_debug is now deprecated in favor of the sudo debugging - framework. - [1195be1ec254] + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/cs.mo, src/po/cs.po, src/po/eo.mo, src/po/eo.po, + src/po/fi.mo, src/po/fi.po, src/po/it.mo, src/po/it.po, + src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po, + src/po/ru.mo, src/po/ru.po, src/po/uk.mo, src/po/uk.po, + src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: + Sync with translationproject.org + [3694d7ad4c9d] - * plugins/sudoers/ldap.c: - Replace DPRINTF with DPRINTF1 and DPRINTF2 macros that use - SUDO_DEBUG_DIAG and SUDO_DEBUG_INFO respectively for logging to the - debug file with the ldap subsystem. The sudoers_debug setting in - ldap.conf is still honored for now but will be removed in a future - release. - [cfa42b4b913e] +2013-11-28 Todd C. Miller -2013-04-24 Todd C. Miller + * plugins/sudoers/visudo.c: + Add missing newline in help message after export option. + [1c0bff0c181e] - * plugins/sudoers/sudoers2ldif: - Add support for converting sudoers files with SHA-2 command digests. - [dc0d03485946] +2013-11-26 Todd C. Miller - * doc/fixman.sh, doc/fixmdoc.sh, mkdep.pl, mkpkg, - plugins/sudoers/sudoers2ldif: - Add copyright notice to scripts - [5e8bd4e6083f] + * configure, configure.ac, plugins/sudoers/Makefile.in, + src/Makefile.in: + Do not add LIBDL to SUDO_LIBS or SUDOERS_LIBS in configure, do it in + Makefile.in so we can make it last. Fixes a linking problem on + Ubuntu precise. + [f8d3bddbe742] - * MANIFEST, plugins/sudoers/regress/sudoers/test14.in, - plugins/sudoers/regress/sudoers/test14.out.ok, - plugins/sudoers/regress/sudoers/test14.toke.ok: - Add regress for SHA-2 digests. - [0b258c2a2a95] +2013-11-25 Todd C. Miller - * compat/getgrouplist.c: - Solaris maps negative gids to GID_NOBODY. - [57050e5c750f] + * configure, m4/ax_func_getaddrinfo.m4: + Do not rely on NULL being defined for getaddrinfo() test. Fixes the + check on HP-UX 11.23. + [a5dcf0283693] - * plugins/sudoers/visudo.c: - Clear up an llvm checker warning which appears to be a false - positive and fix an old XXX while I'm at it. - [9ee13133e596] +2013-11-24 Todd C. Miller - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat, - doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: - Correct last change date - [3bc1fa5b0f76] + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + Regen for sudo 1.8.9b1 + [945f27a7aa1c] - * plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoreplay.c: - No need to translate this error message. - [4d9941970a26] + * src/po/de.mo, src/po/de.po, src/po/sr.mo, src/po/sr.po: + Sync with translationproject.org + [52abae16ccfa] - * doc/UPGRADE: - Mention .sl vs. .so extension handling on HP-UX Mention group - membership changes Fix typos - [40ac0efbdb2b] +2013-11-22 Todd C. Miller - * aclocal.m4, common/aix.c, common/alloc.c, common/atobool.c, - common/error.c, common/fmt_string.c, common/lbuf.c, common/list.c, - common/setgroups.c, common/term.c, common/ttysize.c, - compat/Makefile.in, compat/dlopen.c, compat/endian.h, - compat/getline.c, compat/getprogname.c, compat/isblank.c, - compat/memrchr.c, compat/mksiglist.c, compat/mktemp.c, - compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c, - compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, - compat/strsignal.c, compat/utimes.c, doc/Makefile.in, - include/Makefile.in, include/alloc.h, include/fileops.h, - include/gettext.h, include/lbuf.h, include/missing.h, - include/sudo_plugin.h, pathnames.h.in, - plugins/group_file/Makefile.in, plugins/sample/Makefile.in, - plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in, - plugins/sudoers/alias.c, plugins/sudoers/audit.c, - plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, - plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, - plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, - plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, - plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, - plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, - plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/bsm_audit.c, - plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c, - plugins/sudoers/defaults.h, plugins/sudoers/env.c, - plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, - plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, - plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, - plugins/sudoers/iolog_path.c, plugins/sudoers/linux_audit.c, - plugins/sudoers/linux_audit.h, plugins/sudoers/locale.c, - plugins/sudoers/logging.h, plugins/sudoers/match.c, - plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, - plugins/sudoers/parse.h, plugins/sudoers/prompt.c, - plugins/sudoers/pwutil.h, plugins/sudoers/redblack.c, - plugins/sudoers/redblack.h, + * INSTALL, MANIFEST, NEWS, common/Makefile.in, common/sudo_dso.c, + compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c, config.h.in, + configure, configure.ac, include/sudo_dso.h, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/group_plugin.c, + plugins/sudoers/ldap.c, plugins/sudoers/regress/check_symbols/check_symbols.c, - plugins/sudoers/regress/iolog_path/check_iolog_path.c, - plugins/sudoers/regress/logging/check_wrap.c, - plugins/sudoers/regress/parser/check_addr.c, - plugins/sudoers/regress/parser/check_fill.c, - plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, - plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers_version.h, - plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, - plugins/sudoers/toke.h, plugins/sudoers/toke.l, - plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c, - plugins/sudoers/visudo.c, plugins/system_group/Makefile.in, + plugins/sudoers/sssd.c, plugins/system_group/Makefile.in, plugins/system_group/system_group.c, src/Makefile.in, - src/conversation.c, src/exec.c, src/exec_common.c, src/get_pty.c, - src/net_ifs.c, src/parse_args.c, src/preload.c, src/selinux.c, - src/sesh.c, src/signal.c, src/sudo_edit.c, src/sudo_exec.h, - src/sudo_noexec.c, src/sudo_plugin_int.h, src/tgetpass.c, - src/utmp.c: - Update copyright years. - [5c6d72661bad] + src/env_hooks.c, src/load_plugins.c, src/preload.c, src/sudo.c, + src/sudo.h: + Add wrapper functions for dlopen() et al so that we can support + statically compiling in the sudoers plugin but still allow other + plugins to be loaded. The new --enable-static-sudoers configure + option will cause the sudoers plugin to be compiled statically into + the sudo binary. This does not prevent other plugins from being + loaded as per sudo.conf. + [9425770e9d2b] - * plugins/sudoers/mon_systrace.h: - Systrace support was removed long ago. - [10a038a2da77] +2013-11-21 Todd C. Miller + + * plugins/sudoers/visudo_json.c: + Handle non-unix groups correctly. Get rid of runasuser and + runasgroup types and use username and usergroup instead. The fact + that the user or group is inside a Runas_List doesn't affect its + underlying type. + [ea1789258c11] -2013-04-23 Todd C. Miller +2013-11-20 Todd C. Miller - * MANIFEST, plugins/sudoers/regress/sudoers/test10.toke.out.ok, - plugins/sudoers/regress/sudoers/test9.toke.out.ok: - Remove some files that were mistakenly added. - [833502da26de] + * plugins/sudoers/visudo_json.c: + Simplify Defaults list option object. The name and value strings are + superfluous. + [5852b0184669] - * common/sudo_debug.c, config.h.in, configure, configure.in, - plugins/sudoers/boottime.c, plugins/sudoers/iolog.c, - plugins/sudoers/ldap.c, plugins/sudoers/logging.c, - plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c: - Use time(&now) instead of now = time(NULL) when storing the current - time in a time_t (better compiler error checking). Better parsing - and printing of 64-bit time_t on 32-bit platforms. - [c227dc72c04e] + * compat/dlopen.c: + Back out unintended change. + [85156e49e96e] -2013-04-21 Todd C. Miller + * MANIFEST, aclocal.m4, configure, configure.ac, + m4/ax_func_getaddrinfo.m4: + Add dedicated test for getaddrinfo(). Tru64 UNIX contains two + versions of getaddrinfo and we must include netdb.h to get the + proper definition. + [9882e3e1e8e3] - * src/ttyname.c: - Don't check the tty of the parent process. Now that we get the - controlling tty device number from the kernel there is no need. If - the process has really disassociated from the tty then reporting - "unknown" is appropriate. - [62fb66e565db] + * compat/dlopen.c, + plugins/sudoers/regress/check_symbols/check_symbols.c: + Define RTLD_GLOBAL for older systems without it. Bug #621 + [ed38ac84f1da] -2013-04-20 Todd C. Miller +2013-11-19 Todd C. Miller - * common/error.c: - Use EXIT_FAILURE instead of 1 as the fatal() exit value. - [ed94c2c5e88a] + * compat/snprintf.c, include/missing.h: + Rename snprintf replacement rpl_snprintf since we may now replace + the libc version and #define rpl_snprintf snprintf in missing.h so + we get our version when needed. This is consistent with how we + replace glob and fnmatch. + [309aa17d0dfe] - * src/sesh.c: - Change remaining errorx -> fatalx - [3f6d70e19303] + * common/Makefile.in, common/regress/sudo_conf/conf_test.c, + common/regress/sudo_parseln/parseln_test.c, + common/regress/tailq/hltq_test.c, src/Makefile.in: + libcommon tests need locale_stub.lo to link. + [baae40f36de5] -2013-04-19 Todd C. Miller + * MANIFEST, aclocal.m4, compat/snprintf.c, config.h.in, configure, + configure.ac, m4/ax_func_snprintf.m4: + Add check for C99 compliant (v)snprintf function. + [79e02551543c] - * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h: - Replace sudo_fakepwnamid() with sudo_mkpwent() and don't return an - error if the entry already exists in the cache. - [94d45970400a] + * compat/sig2str.c, configure, configure.ac: + Include unistd.h in sig2str.c for Tru64 as it defines SIGRTMIN and + SIGRTMAX in terms of sysconf(), which is prototyped in unistd.h. Bug + #621; from Daniel Richard G. + [2a59ccb8c966] - * plugins/sudoers/bsm_audit.c, plugins/sudoers/po/sudoers.pot: - Change "foo: failed" to just "foo" since we print the string form of - errno. Gets rids of some useless translations. - [476f37349dbc] + * include/gettext.h, plugins/sudoers/locale.c, src/locale_stub.c: + Add definition of U_ for --disable-nsl Don't define warning_gettext + if --disable-nsl Bug #621; from Daniel Richard G. + [c0054eb89c2b] -2013-04-18 Todd C. Miller +2013-11-18 Todd C. Miller - * plugins/sudoers/match.c: - Fix pasto in debug_decl - [08650186a239] + * plugins/sudoers/visudo_json.c: + When merging Defaults entries we need to check the type of the next + entry and not just assume it is the same as the previous one. + [e97d9b9cf0d5] - * plugins/sudoers/Makefile.in: - regen - [acf4c34fba2c] + * plugins/sudoers/visudo_json.c: + runasgroups not runasgroup in the Cmnd_Spec. + [92ea5dc20e4d] - * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, - plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, - plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/logging.c, - plugins/sudoers/logging.h, plugins/sudoers/parse.c, - plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c: - Rename log_error() -> log_warning() for consistency with - warning()/fatal() - [474ed5a0e335] + * plugins/sudoers/visudo_json.c: + Fix some syntax errors and change how lists are handled. + [027b8dea44b2] - * plugins/sudoers/auth/API: - The NO_EXIT flag was removed a while ago. - [e0a4be270226] + * common/sudo_debug.c, config.h.in, configure, configure.ac, + include/fatal.h, include/sudo_debug.h: + Allow sudo to compile without variadic macro support in cpp. + Debugging support will be limited (no file info from warnings.) From + Daniel Richard G.; Bug #621 + [51b8b868cd4b] - * common/aix.c, common/alloc.c, common/error.c, include/error.h, - plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c, - plugins/sudoers/find_path.c, plugins/sudoers/hexchar.c, + * Makefile.in, common/aix.c, common/fatal.c, common/gidlist.c, + common/sudo_conf.c, include/fatal.h, include/gettext.h, + include/missing.h, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/defaults.c, + plugins/sudoers/env.c, plugins/sudoers/group_plugin.c, plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, - plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, + plugins/sudoers/logging.c, plugins/sudoers/match.c, plugins/sudoers/policy.c, plugins/sudoers/prompt.c, - plugins/sudoers/pwutil.c, - plugins/sudoers/regress/check_symbols/check_symbols.c, - plugins/sudoers/regress/iolog_path/check_iolog_path.c, - plugins/sudoers/regress/logging/check_wrap.c, - plugins/sudoers/regress/parser/check_addr.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, - plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c, - plugins/sudoers/visudo.c, src/exec.c, src/exec_common.c, - src/exec_pty.c, src/net_ifs.c, src/parse_args.c, src/selinux.c, - src/signal.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c, - src/utmp.c: - Rename error/errorx -> fatal/fatalx and remove the exit value as it - was always 1. - [ea66f58c4da5] + plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestamp.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, src/exec.c, + src/exec_common.c, src/exec_pty.c, src/load_plugins.c, + src/locale_stub.c, src/net_ifs.c, src/parse_args.c, src/selinux.c, + src/sesh.c, src/signal.c, src/solaris.c, src/sudo.c, + src/sudo_edit.c, src/tgetpass.c, src/utmp.c: + Add warning_gettext() wrapper function that changes to the user + locale, then calls gettext(). Add U_ macro that calls + warning_gettext() instead of gettext(). Rename warning2()/error2() + back to warning_nodebug()/error_nodebug(). + [f3bb207db201] - * NEWS: - digests are supported in sudoers ldap too - [77d6c25f7653] +2013-11-17 Todd C. Miller - * plugins/sudoers/regress/check_symbols/check_symbols.c: - Print test failures to stdout like the final count so the outputis - not displayed out of order. - [f541b78ecb93] + * common/fileops.c, compat/getaddrinfo.c, compat/mktemp.c, + compat/utimes.c, configure.ac, plugins/sudoers/boottime.c, + plugins/sudoers/check.c, plugins/sudoers/getdate.c, + plugins/sudoers/getdate.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/logging.h, plugins/sudoers/sssd.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c, + plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/preload.c, + src/sudo.c, src/sudo_edit.c, src/ttyname.c, src/utmp.c: + Fix some #if vs. #ifdef and remove an extraneous semicolon. Bug + #624; from Daniel Richard G. + [b212e4694018] - * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, - plugins/sudoers/po/eo.po, plugins/sudoers/po/hr.mo, - plugins/sudoers/po/hr.po, plugins/sudoers/po/it.po, src/po/da.mo, - src/po/da.po, src/po/eo.po, src/po/hr.mo, src/po/hr.po, - src/po/it.po, src/po/tr.po: - Sync with translationproject.org - [cbd70678b99f] + * include/sudo_debug.h, plugins/sudoers/defaults.c, + plugins/sudoers/ldap.c, src/exec_common.c: + Add debug_return_const_str and debug_return_const_ptr for returning + a const string or pointer. Using const for the normal versions + produces warnings with the Tru64 compiler. + [45018a149cb4] + + * common/event_poll.c, compat/getaddrinfo.c, config.h.in, configure, + configure.ac, m4/sudo.m4: + Fixes for building under Tru64; from Daniel Richard G. Bug #624 + [fc4a6cbae1ba] + +2013-11-16 Todd C. Miller + + * plugins/sudoers/logging.c: + log_{fatal,warning} now logs to the debug file itself. + log_{fatal,warning} now calls warningx2() after setting the locale + itself instead of using the wrapper macros. This removes the only + use of warningx(ngettext(...)). + [930129361e0a] + +2013-11-15 Todd C. Miller + + * configure, configure.ac: + Add -Wpointer-arith to --enable-warnings + [2043ae306d1b] + + * configure, configure.ac: + Fix more instances of #include directives where the '#' was not in + column 1. From Daniel Richard G. (bug #622) + [75f36f39dcab] + + * MANIFEST, doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, + plugins/sudoers/Makefile.in, plugins/sudoers/visudo.c, + plugins/sudoers/visudo_json.c: + Add support to visudo to export sudoers in JSON format. + [1697b2b4bfd2] + +2013-11-13 Todd C. Miller + + * plugins/sudoers/parse.h: + Remove unused digest field from struct cmndspec, the digest really + lives in struct sudo_command. + [e9a1e2e112d6] + + * config.h.in, configure: + Regen with autoconf 2.69 + [275f69f98f9e] + + * MANIFEST, Makefile.in, config.h.in, configure.ac, configure.in, + doc/Makefile.in: + Rename configure.in -> configure.ac + [0aeafe425373] + + * MANIFEST, aclocal.m4, autogen.sh, config.h.in, configure, + configure.in, ltmain.sh, m4/sudo.m4: + From Daniel Richard G. (bug #622) Add an autogen.sh script that + rebuilds the autoconf world. Move old aclocal.m4 contents to + m4/sudo.m4. New (generayed) aclocal.m4 contains the m4_include + directives. Some tests had #include directives where the '#' was not + in column 1. Updated obsolete macro usage via autoupdate. + [5fe8de5a56df] + +2013-11-12 Todd C. Miller + + * src/sudo_exec.h: + Very old systems (pre XPG 4.2) may not support MSG_WAITALL. The + likelihood of receiving a partial message is quite low so this is + not a big deal. + [900a304f9548] - * Makefile.in: - Check for any uncommitted changes in dist target and add force-dist - target that omit check-dist. - [78dc3f41e37e] + * configure, configure.in: + HP-UX may require _XOPEN_SOURCE_EXTENDED to be defined for + MSG_WAITALL to be visible. + [f08b1a00a30a] -2013-04-17 Todd C. Miller + * MANIFEST, plugins/sudoers/regress/visudo/test5.out.ok, + plugins/sudoers/regress/visudo/test5.sh: + Add regress test for bug #623 + [8e83cfccaf14] - * src/regress/ttyname/check_ttyname.c: - Fix logic bug when checking tty via ttyname(). - [279aee076194] + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Cope with a comment on the last line of the file with no newline. + Bug #623 + [f826243bc4e6] - * compat/endian.h: - Fix check for _BIG_ENDIAN and _LITTLE_ENDIAN (Solaris) and - __BIG_ENDIAN__ and __LITTLE_ENDIAN__ (HP-UX) - [fe35e0b04502] + * compat/getaddrinfo.c: + Include arpa/inet.h for HP-UX; from Daniel Richard G. + [d4d7a4303bae] - * plugins/sudoers/po/sudoers.pot: - regen - [0ddebccd3045] + * doc/Makefile.in: + Add missing $(mansrcdir) to visudo.mdoc and visudo.man. From Daniel + Richard G. + [f664c8d2f961] - * NEWS, doc/sample.sudoers, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, - doc/sudoers.man.in, doc/sudoers.mdoc.in: - Document digest support. - [d794c7b9a7bc] +2013-11-11 Todd C. Miller - * MANIFEST, plugins/sudoers/Makefile.in, - plugins/sudoers/regress/parser/check_base64.c: - Simple bas64 decode unit test. - [344b0df0fe50] + * include/fatal.h: + In v{warning,fatal}x?() make a new copy of ap for the debug + functions. It is not legal to use ap twice without reinitializing + it. Noticed by Daniel Richard G. + [6ca8bc48ecb3] - * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/base64.c, - plugins/sudoers/match.c, plugins/sudoers/parse.h: - Move base64_decode into its own source file. - [30497e7f88bc] + * include/fatal.h: + Remove errant warning_restore_locale() call. + [4ef7aecefcbb] - * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: - Only check year against 2038 if time_t is 32-bit. - [9c1f2e3fc3ba] + * include/missing.h, plugins/sudoers/logging.c: + Move va_copy compat macro to missing.h + [c873e4cc4c8a] -2013-04-16 Todd C. Miller + * common/Makefile.in, compat/Makefile.in, mkdep.pl, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in, zlib/Makefile.in: + Uniquify header dependencies so we don't end up with duplicates when + a header file includes other headers. The header dependencies are + sorted so the generated order is stable. + [95747db2f07a] - * plugins/sudoers/ldap.c, plugins/sudoers/parse.h, - plugins/sudoers/sssd.c: - Add digest support for sudoers in ldap and sss. - [314937b5e59e] + * compat/Makefile.in, configure, configure.in, doc/CONTRIBUTORS, + mkdep.pl: + Add getaddrinfo.lo to LTLIBOBJS for systems that need it. From + Daniel Richard G. + [e94ee99a52a9] - * INSTALL, configure, configure.in: - Error out in configure if the compiler doesn't support "long long". - [d3645c1d50d1] + * plugins/sudoers/testsudoers.c: + Fix pasto + [5262735e78e0] - * plugins/sudoers/match.c, plugins/sudoers/toke.c, - plugins/sudoers/toke.l: - Include stdint.h or inttypes.h before sha2.h - [20ad1c20313d] +2013-11-07 Todd C. Miller - * common/lbuf.c: - Simplify lbuf append functions by moving the realloc code into - lbuf_expand(). We now expand as needed each time bytes need to be - written to the lbuf. Also handle a NULL pointer being passed in for - paranoia's sake. - [6283ee562ef4] + * doc/sudoers.mdoc.in: + Fix typo. + [6b11a4eec6b6] - * plugins/sudoers/iolog.c: - Zero out struct iolog_details early to avoid a potential (though - unlikely) dereference of stack garbage if we hit a fatal error - before iolog_deserialize_info() is called. - [2eeca8be05fb] +2013-11-04 Todd C. Miller -2013-04-15 Todd C. Miller + * plugins/sudoers/getdate.c, plugins/sudoers/gram.c: + regen + [995ca9f21862] - * sudo.pp: - Update copyright year. - [b843c6a43238] + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/sudoreplay.c, plugins/sudoers/toke.c: + Fix warnings from -Wold-style-definition + [a748c5c7b423] - * plugins/sudoers/sudoers_version.h: - Bump SUDOERS_GRAMMAR_VERSION for new digest support. - [188556fb8156] + * configure, configure.in: + Add -Wold-style-definition to --enable-warnings + [0484de0deb59] - * plugins/sudoers/gram.c, plugins/sudoers/gram.h, - plugins/sudoers/gram.y, plugins/sudoers/match.c, - plugins/sudoers/toke.c, plugins/sudoers/toke.l: - Sanity check digest in parser so visudo can catch errors. Add base64 - support - [b8586d5cc7ed] + * common/event_poll.c: + Extra debugging for ready fds. + [91fb85cdecbb] - * MANIFEST, compat/endian.h, config.h.in, configure, configure.in, - plugins/sudoers/Makefile.in, plugins/sudoers/sha2.c: - For big endian architectures just use memcpy() instead of BE macros - in a loop. - [c71a0f4a8a8e] + * common/event_select.c: + When deleting an event, check ev->events to determine whether to + remove from readfds or writefds instead of blinding removing from + both. Also fix highfd adjustment. + [7384db65ca9c] -2013-04-14 Todd C. Miller +2013-11-02 Todd C. Miller - * MANIFEST, config.h.in, configure, configure.in, - plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, - plugins/sudoers/gram.h, plugins/sudoers/gram.y, - plugins/sudoers/hexchar.c, plugins/sudoers/ldap.c, - plugins/sudoers/match.c, plugins/sudoers/parse.h, - plugins/sudoers/regress/parser/check_digest.c, - plugins/sudoers/regress/parser/check_digest.out.ok, - plugins/sudoers/sha2.h, plugins/sudoers/sssd.c, - plugins/sudoers/toke.c, plugins/sudoers/toke.l, - plugins/sudoers/toke_util.c: - Initial implementation of checksum support in sudoers. Currently - supports SHA-224, SHA-256, SHA-384, SHA-512. TODO: checksum format - validation in parser and base64 support. checksum support for ldap - sudoers - [b8f196346eca] + * common/event_select.c: + Only check an fd that is >= 0. Timeout-only events may have a + negative fd. + [fa0e5cbc3cc2] -2013-04-13 Todd C. Miller +2013-11-01 Todd C. Miller - * doc/CONTRIBUTORS, plugins/sudoers/sha2.c, plugins/sudoers/sha2.h: - SHA-224, SHA-256, SHA-384 and SHA-512. Derived from the public - domain SHA-1 and SHA-2 implementations by Steve Reid and Wei Dai - respectively. - [7511d07c0a83] + * common/event.c: + Don't call sudo_ev_{add,del}_impl() for timeout-only events. This + makes it possible to pass sudo_ev_alloc() an fd of -1 for events + only use SUDO_EV_TIMEOUT. + [6838657a1a2f] -2013-04-11 Todd C. Miller +2013-10-31 Todd C. Miller - * NEWS: - Add sudo 1.8.6p8 - [0666fd0321ae] + * common/alloc.c, common/event_select.c, include/sudo_event.h: + Make a copy of readfds/writefds before calling select() instead of + calculating it each time. Keep track of high fd in the base. + [6048b78f2e94] - * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/po/sudoers.pot: - Add missing "not" in error message when mixing standalone and non- - standalone authentication methods. - [7eba4439db73] +2013-10-30 Todd C. Miller - * NEWS: - Fix typo - [f9c859bb2aae] <1.8> + * doc/CONTRIBUTORS: + Add Stephen Gelman + [0028c7a91a4f] - * .hgtags: - Added tag SUDO_1_8_6p8 for changeset 1d2d78415eed - [66a7fa13334e] <1.8> + * plugins/sudoers/getdate.c, plugins/sudoers/gram.c: + Fix sign comparison warning. + [914cb36b9ed2] - * NEWS, configure, configure.in: - Update for sudo 1.8.6p8 - [1d2d78415eed] [SUDO_1_8_6p8] <1.8> + * plugins/sudoers/sudoreplay.c: + Fix potential NULL dereference in non-interactive mode. + [9233428d3f32] - * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c: - Check for crypt() returning NULL. Traditionally, crypt() never - returned NULL but newer versions of eglibc have a crypt() that does. - Bug #598 - [e0928108c18b] <1.8> +2013-10-29 Todd C. Miller - * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c: - Check for crypt() returning NULL. Traditionally, crypt() never - returned NULL but newer versions of eglibc have a crypt() that does. - Bug #598 - [887b9df243df] + * src/exec.c, src/exec_pty.c: + Use MSG_WAITALL when receiving struct command_status over the Unix + domain socket since we no longer use datagrams. This should avoid + the need to handle incomplete reads, though in theory it is still + possible. + [28a92888a908] - * plugins/sudoers/auth/pam.c: - Better PAM error messages - [fd7eda53cdd7] + * plugins/sudoers/sudoreplay.c: + SIGKILL is not catchable + [79f82e4cb11d] - * plugins/sudoers/auth/kerb5.c: - Better error messages - [98142874a2f4] + * common/event.c, include/sudo_event.h, plugins/sudoers/sudoreplay.c: + Add sudo_ev_get_timeleft() to get the amount of time left before an + event times out and use it in sudoreplay. + [d5b17ee30fa4] - * plugins/sudoers/bsm_audit.c: - Use same error message for getauid() failure. - [07f0d88cb1df] +2013-10-28 Todd C. Miller - * plugins/sudoers/sssd.c: - Start warning with a lower case letter for consistency and to match - existing translated strings. - [b719ac52c9e3] + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, + plugins/sudoers/sudoreplay.c: + If the user presses or in sudoreplay, skip to the + next event. Useful for skipping past long pauses in the data. + [43343f45c94d] -2013-04-10 Todd C. Miller + * common/event.c, common/event_poll.c, common/event_select.c: + Fix sudo_ev_scan_impl() return value in event_poll.c. Make sure we + clear active flag from unprocessed events if sudo_ev_loopbreak() or + sudo_ev_loopcontinue() are used. Remove bogus optimization when the + timeout is zero or negative; it could prevent an I/O event from + being triggered. + [a13603fb3134] + + * plugins/sudoers/sudoreplay.c: + Move session replay into its own function. + [e323f7729595] - * mkpkg: - Disable PIE on Solaris where it is not really supported. - [2ecea6093862] <1.8> + * common/event.c, common/event_poll.c, common/event_select.c, + include/sudo_event.h: + Get rid of cur and pending pointers in struct sudo_event_base. We + now pop the first event off the active queue instead of using a + foreach loop with deferred removal of the event. Add + SUDO_EVQ_INSERTED and SUDO_EVQ_TIMEOUTS flags to indicate that the + event on the event queue and timeouts queue respectively. No longer + need to compare the timeout to {0,0} or compare the event's base + pointer to NULL to determine queue membership. + [f2b2251fd523] - * mkpkg: - Disable PIE on Solaris where it is not really supported. - [c36c84cdcc7a] + * common/event_poll.c: + rename sudo_ev_loop_impl() -> sudo_ev_scan_impl() + [614faaff04e3] - * src/ttyname.c: - AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit - before we try to match it against st_rdev. - [6f16a64ebf22] <1.8> + * MANIFEST, common/event.c, common/event_poll.c, + common/event_select.c, compat/Makefile.in, compat/nanosleep.c, + config.h.in, configure, configure.in, include/missing.h, + include/sudo_event.h, mkdep.pl, plugins/sudoers/Makefile.in, + plugins/sudoers/sudoreplay.c, src/exec.c, src/exec_pty.c: + Add support for libevent-style timed events. Adding a timed event is + currently O(n). The only consumer of timed events is sudoreplay + which only used a singled one so O(n) == O(1) for now. This also + allows us to remove the nanosleep compat function as we now use a + timeout event instead. + [db41c08e92dc] - * src/ttyname.c: - AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit - before we try to match it against st_rdev. - [5dab449fb962] +2013-10-26 Todd C. Miller - * src/ttyname.c: - Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes - a problem finding the tty name when it is not in /dev/pts. - [5ab14529a774] <1.8> + * src/exec.c, src/exec_pty.c: + Now that sudo_ev_base_free() removes all events before freeing we + don't need to do this by hand. + [b59d43658c5f] - * src/ttyname.c: - Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes - a problem finding the tty name when it is not in /dev/pts. - [6c205d087fa0] + * common/event.c, common/event_poll.c, common/event_select.c, + include/sudo_event.h: + Add a list of active events in the base that the back end sets when + it calls poll or select. This allows the front end to iterate over + the events instead of having that code in both back ends. It will + also simplify support for timeout events. Also make sure we can't + touch freed memory if a callback frees its own event. + [933b99b3f2bc] - * compat/snprintf.c: - Support %lld and %llu - [feabfa06c954] + * common/event.c: + Remove any existing events before freeing the event base. + [2543c6620cf1] - * .hgignore, MANIFEST, src/Makefile.in, - src/regress/ttyname/check_ttyname.c: - Add ttyname test. - [e987038f8c07] +2013-10-25 Todd C. Miller -2013-04-09 Todd C. Miller + * src/exec_pty.c: + mon_handler() should be static + [b1a62ef65c96] - * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, - plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, - plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po, - plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, - plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, - plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, - src/po/de.mo, src/po/de.po, src/po/fi.mo, src/po/fi.po, - src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po, - src/po/sl.mo, src/po/sl.po, src/po/uk.mo, src/po/uk.po, - src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: - Sync with translationproject.org - [4d7b73b22079] +2013-10-24 Todd C. Miller - * plugins/sudoers/timestamp.c: - Log timestampfile to debug file. - [e997281146c0] + * plugins/sudoers/ldap.c: + If user specified start_tls and ldaps, display a warning and ignore + start_tls. There's no reason to make this a fatal error. + [bf446dd1e740] - * plugins/sudoers/auth/pam.c, plugins/sudoers/po/sudoers.pot: - Don't add the "Password: " string we look up in the PAM text domain - to the sudoers.pot file. - [771b52244abf] + * src/exec_pty.c: + Add missing else when the connection from the monitor to the parent + sudo process is broken (due to the parent dying). Prevents a + spurious "unexpected reply type on backchannel" warning. + [5c44053cef08] -2013-04-08 Todd C. Miller + * src/exec_pty.c: + When flushing output we don't care whether we are the foreground + process or not, we still need to flush to /dev/tty. If we are in the + background, it is OK to get SIGTTOU. + [9716892d1fb5] - * plugins/sudoers/po/sudoers.pot: - Synce with regcomp() error message change. - [fc6d3dfb8eb8] + * plugins/sudoers/ldap.c: + Should not attempt start_tls on an ldaps connection. + [9d01d461c52c] - * plugins/sudoers/sudoreplay.c: - Be consistent with error message when regcomp() fails. - [de6c69ba04e4] +2013-10-23 Todd C. Miller -2013-04-05 Todd C. Miller + * plugins/sudoers/regress/parser/check_fill.c: + Fix sign compare warning. + [6130fa8df758] - * plugins/sudoers/regress/testsudoers/test5.out.ok, - plugins/sudoers/regress/testsudoers/test5.sh: - Use group -1 instead of 1 as the invalid group since the running - user might have group 1 as their default group. - [71404a9fa75d] + * doc/Makefile.in: + Eliminate warning about circular dependency from GNU make. + [7ed5df762089] - * plugins/sudoers/Makefile.in: - PWD may be a shell builtin, use CWD instead. - [c443105c5091] + * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + src/ttyname.c: + More sign compare fixes. On Solaris id_t is signed so use uid_t in + the set_perms.c ID macro instead. + [8166dcc50d0b] -2013-04-04 Todd C. Miller + * common/fileops.c, common/lbuf.c, common/secure_path.c, + common/sudo_debug.c, include/secure_path.h, + plugins/sudoers/find_path.c, plugins/sudoers/getdate.c, + plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.h, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/ldap.c, plugins/sudoers/logging.c, + plugins/sudoers/match_addr.c, plugins/sudoers/parse.h, + plugins/sudoers/policy.c, plugins/sudoers/prompt.c, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, src/load_plugins.c, src/sudo.c, + src/ttyname.c: + Quiet sign comparision warnings. + [e34f45dad10c] - * plugins/sudoers/check.c: - Split up check_user(). - [ce7cc0767589] + * configure, configure.in: + Add -Wsign-compare to --enable-warnings + [d560e274a6ae] -2013-04-03 Todd C. Miller + * plugins/sudoers/ldap.c: + Ignore SIGPIPE when connecting to the LDAP server so we can get a + proper error message with the IBM LDAP libs. Also return + LDAP_SUCCESS instead of 0 from most sudo_ldap_* functions that + return an int. + [611a4ed9b8ee] - * config.h.in, configure.in: - Cosmetic fixes in the comments. - [640abee43c14] + * plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c: + Quiet compiler warnings. + [7d82dcca7126] -2013-04-02 Todd C. Miller +2013-10-22 Todd C. Miller - * configure, configure.in: - Use AC_LINK_IFELSE instead of AC_TRY_LINK Fix printing of status - message for visibility checks when the test fails. - [99665477ee55] + * plugins/sudoers/ldap.c: + sudo_ldap_parse_uri() should join multiple URIs in the string list + together but it was clearing the host entry each time through the + loop. Fixes a bug with multiple URI entries in ldap.conf where only + the last one was being honored. + [83cee19b136d] - * config.h.in: - regen - [00c22606719a] + * src/exec_pty.c: + Avoid a double free introduced when plugging a memory leak in + safe_close(). A new ev_free_by_fd() function is used to remove and + free any events sharing the specified fd. This can be used after + safe_close() to make sure we don't try to select() on a closed fd. + [54f48a281147] - * configure, configure.in: - We no longer use mbr_check_membership() and setrlimit64() is AIX- - specific. - [43caf685a1f1] + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, src/exec.c: + Quiet some llvm check false positives. The common idiom of using + TAILQ_FIRST, TAILQ_REMOVE and free in a loop to free each entry in a + TAILQ confuses llvm. Use TAILQ_FOREACH_SAFE instead (which is + probably faster anyway). + [bd1b8c11f416] - * Makefile.in: - The first (all) target must be by itself or some makes will choose - the run the entire target list. - [16cf3def49f5] + * plugins/sudoers/auth/pam.c: + If pam_open_session() fails don't call pam_getenvlist() with a NULL + pam handle. + [352e0329acba] - * configure, configure.in: - Do exec_prefix expansion when enable_shared even if noexec is not - enabled. - [7ed28cb32d8d] + * plugins/sudoers/defaults.c: + Fix newly introduced use after frees found by llvm checker. + [a81080230f1f] - * compat/getgrouplist.c: - Use free() not efree() since we don't include alloc.h here - [1a008737be24] + * common/event_select.c: + Remove an errant list_next() call that should have been removed in + the TAILQ conversion. + [3bbf8d117ce4] - * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - regen - [b939f941346f] + * MANIFEST, common/Makefile.in, common/list.c, + common/regress/tailq/hltq_test.c, include/list.h, include/queue.h, + plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, + plugins/sudoers/defaults.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Add "headless" tail queues and use them in place of the semi- + circular lists in sudoers. Once the headless tail queue is built up + it is converted to a normal TAILQ. This removes the last consumer of + list.c and list.h so those can now be removed. + [5986ba762a24] - * plugins/sudoers/regress/testsudoers/test2.sh, - plugins/sudoers/regress/testsudoers/test3.sh, - plugins/sudoers/regress/testsudoers/test5.sh: - Pass in expected gid to testsudoers in addition to the uid that - matches the test sudoers files. - [6a1710e8cac1] + * common/Makefile.in, common/fatal.c, plugins/sudoers/Makefile.in, + plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/env.c, plugins/sudoers/interfaces.c, + plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c, + plugins/sudoers/match_addr.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/visudo.c, src/Makefile.in, src/exec_pty.c, + src/hooks.c: + Use SLIST and STAILQ macros instead of doing headless singly linked + lists manually. As a bonus we now use a tail queue for ldap.c and + sudoreplay.c. + [c31bc2d99082] -2013-04-01 Todd C. Miller + * MANIFEST, common/Makefile.in, common/event.c, common/event_poll.c, + common/event_select.c, common/list.c, + common/regress/sudo_conf/conf_test.c, common/sudo_conf.c, + doc/LICENSE, include/list.h, include/missing.h, include/queue.h, + include/sudo_conf.h, include/sudo_event.h, + plugins/sudoers/Makefile.in, plugins/sudoers/ldap.c, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, + src/Makefile.in, src/exec.c, src/exec_pty.c, src/load_plugins.c, + src/sudo.c, src/sudo.h, src/sudo_plugin_int.h: + Convert sudo to use BSD TAILQ macros instead of home ground tail + queue functions. This includes a private queue.h header derived from + FreeBSD. It is simpler to just use our own header rather than try to + deal with macros that may or may not be present in various queue.h + incarnations. + [450bce095d7c] - * include/missing.h: - Tru64 5.x does declare innetgr() and getdomainname(). - [c75598e69c7e] +2013-10-21 Todd C. Miller - * plugins/sudoers/match.c: - Fix compilation when getdomainame() is not present. - [e831b017a962] + * plugins/sudoers/sudoreplay.c: + Fix AND operator broken by changes to fix OR. + [a4d3485ee943] - * config.h.in, configure.in, include/missing.h: - Move SET/CLR/ISSET from config.h.in to missing.h - [3a3dd29fd7f0] +2013-10-19 Todd C. Miller - * configure, configure.in: - Fix getgrouplist() check. - [12a2adf60e98] + * plugins/sudoers/sudoreplay.c: + Fix OR operator. + [f5c1c90ee284] - * MANIFEST: - No more timestamp.h - [5677e26afc0f] +2013-10-18 Todd C. Miller - * plugins/sudoers/check.c: - Neded sys/time.h for struct timeval in struct sudo_tty_info. - [aceaadd8c400] + * src/exec_pty.c: + Fix memory leak of I/O buffer events in safe_close(). + [08cd790cfbba] - * plugins/sudoers/Makefile.in: - regen depends - [21675a8b67e5] +2013-10-16 Todd C. Miller - * NEWS: - Mention libibmldap on HP-UX - [75b4e4b22950] + * common/sudo_debug.c: + Don't allow the debug subsystem to be initialized twice. Otherwise + we can exhuast our stack when built in static mode. + [fadacb6a4617] - * NEWS, plugins/sudoers/match.c: - Instead of checking the domain name explicitly for "(none)", just - check for illegal characters. - [ce35dda811db] + * common/event_poll.c: + Make sure we do not try to usie index -1 in base->pfds[]. + [beeb922aba3f] - * plugins/sudoers/visudo.c: - Only warn once when we are unable to open the sudoers file. - [9e27e3aa5b10] +2013-10-14 Todd C. Miller - * plugins/sudoers/sudoers.c: - Fall back to opening /dev/tty to determine whether there is a tty if - the system doesn't have kernel support for determing the tty. - [2775bcf9a9b5] + * NEWS, configure, configure.in: + Bump version to 1.8.9 + [758dbb464796] - * compat/getprogname.c: - Update guard to take __progname into account - [60eae3f20232] +2013-10-12 Todd C. Miller - * compat/snprintf.c: - Some older systems have inttypes.h but not stdint.h - [ed1ef160015f] + * src/exec_pty.c: + Convert the monitor process to the event subsystem. + [c4fe8e2ba53c] - * compat/closefrom.c, compat/dlopen.c, compat/fnmatch.c, - compat/getaddrinfo.c, compat/getcwd.c, compat/getgrouplist.c, - compat/getline.c, compat/getprogname.c, compat/glob.c, - compat/isblank.c, compat/memrchr.c, compat/mktemp.c, - compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c, - compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, - compat/strsignal.c, compat/utimes.c: - Add guards in compat source files. Not really needed since we only - include them in the Makefile if they are needed but should not hurt - either. - [8cbd3b4595b9] + * src/exec.c, src/exec_pty.c, src/sudo_exec.h: + Convert the main sudo event loop to use the event subsystem. Read + events for I/O buffers are added before the loop starts. Write + events are added on demand as the buffers are filled. + [72a603e997e0] -2013-03-31 Todd C. Miller + * INSTALL, MANIFEST, common/Makefile.in, common/event.c, + common/event_poll.c, common/event_select.c, common/list.c, + common/sudo_debug.c, config.h.in, configure, configure.in, + include/list.h, include/sudo_debug.h, include/sudo_event.h, + mkdep.pl, plugins/sudoers/Makefile.in, src/Makefile.in, + src/exec_pty.c: + Simple event subsystem that uses poll() or select(). Basically a + simplied subset of libevent2. Currently only fd events are supported + (since that's all we need). The poll() backend is used by default, + except on Mac OS X where poll() is broken for devices (including + /dev/tty and ptys). + [8773142b4117] - * plugins/sudoers/gram.c, plugins/sudoers/gram.y: - Don't include gram.h in gram.y, its contents are already included. - Move sudoerserror to the end of gram.y so COMMENT is declared when - we need to use it. - [7d72ebdd7222] + * src/exec.c, src/exec_pty.c: + Use SOCK_STREAM for socketpair, not SOCK_DGRAM so we get consistent + semantics when the other end closes. This should make the conversion + to poll() less problematic. + [b6a321722a91] -2013-03-29 Todd C. Miller +2013-10-06 Todd C. Miller - * config.h.in, configure.in: - Remove some pre-ANSI cruft. - [6a95704b2116] + * common/sudo_debug.c: + Fix removal of trailing newlines in a debug message. + [6f5ce5ac64e0] - * plugins/sudoers/match.c: - Rename NAME_MATCH -> SUDOERS_NAME_MATCH and avoid pulling in glob.h - when it is set. - [da40c550ffed] +2013-10-04 Todd C. Miller - * NEWS, plugins/sudoers/iolog_path.c: - We still want to recognize %{seq} for the SUDOERS_NO_SEQ case but - just leave it as-is. - [9a22de140d28] + * plugins/sudoers/visudo.c: + When checking for unused Runas_Aliases, count those used as part of + a Runas Group too. Fixes a false positive warning. + [f13271a4a377] -2013-03-28 Todd C. Miller +2013-09-29 Todd C. Miller - * plugins/sudoers/gram.c, plugins/sudoers/gram.y: - Add missing semicolon in rule. - [817d3f1b2a21] + * include/missing.h: + Include stddef.h for rsize_t and errno_t on systems that support it + natively. + [bc547d47e9c6] - * plugins/sudoers/sudoers.c: - Now that we can determine the terminal even when file descriptors - are redirected we can check user_ttypath rather than opening - /dev/tty when enforcing requiretty. - [56a28bc09041] + * MANIFEST: + Fix braino. + [67b79747312f] - * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h: - Stash umask in struct sudo_user so we don't need to look it up - later. - [9f85749199dc] + * plugins/sudoers/po/da.mo, plugins/sudoers/po/de.mo, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/fi.mo, + plugins/sudoers/po/it.mo, plugins/sudoers/po/pl.mo, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/uk.mo, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/zh_CN.mo: + Rebuild message catalog files. + [0a9befb0674e] - * plugins/sudoers/sudoers.c: - Minor cosmetic change - [c373e106ed49] + * src/po/da.mo, src/po/eo.mo, src/po/fi.mo, src/po/it.mo, + src/po/pl.mo, src/po/pt_BR.mo, src/po/ru.mo, src/po/uk.mo, + src/po/vi.mo, src/po/zh_CN.mo: + Rebuild message catalog files. + [25191089ddf2] - * plugins/sudoers/regress/parser/check_addr.c: - No longer need to declare interfaces - [d7ff7e579557] + * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/cs.mo, src/po/cs.po: + Czech translation for sudo from translationproject.org. + [8bc0ed069ddb] - * plugins/sudoers/logging.c: - Fix compilation in SUDOERS_NO_SEQ case - [9a6db9247534] +2013-09-18 Todd C. Miller - * plugins/sudoers/regress/parser/check_addr.c: - No longer need to define sudo_printf - [578ad13c3546] + * plugins/sudoers/po/da.po, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.po, + plugins/sudoers/po/it.po, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.po, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.po, src/po/da.po, + src/po/eo.po, src/po/fi.po, src/po/it.po, src/po/pl.po, + src/po/pt_BR.po, src/po/ru.po, src/po/uk.po, src/po/vi.po, + src/po/zh_CN.po: + Sync with translationproject.org + [c16f9bb4579e] - * plugins/sudoers/check.c, plugins/sudoers/check.h, - plugins/sudoers/timestamp.c: - Pass auth_pw to the timestamp functions. - [f603649177d6] + * NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Change "next" back to 2. In the context of "next Friday" we really + do want the friday of the upcoming (not current) week. + Unfortunately, this means that things like "next week" and "next + year" will match one more than we really want. Fixing this will + require some fairly major changes to the grammar. + [7f863c930121] - * plugins/sudoers/iolog_path.c: - Fix SUDOERS_NO_SEQ - [17881f9bcd68] + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: + Mention that relative times don't always do what you might expect. + [710a9b0dd36f] - * plugins/sudoers/locale.c: - Don't need all of sudoers.h in here - [c518150c6483] +2013-09-17 Todd C. Miller - * plugins/sudoers/sudoers.c: - Don't need to include sudoers_version.h here. - [8abb31102119] + * doc/CONTRIBUTORS: + Add diacritical for Zdenek Behan. + [78d333f88e6c] -2013-03-27 Todd C. Miller +2013-09-11 Todd C. Miller - * plugins/sudoers/check.c: - DEFAULT_LECTURE is no longer used. - [f565c00a68c1] + * src/regress/ttyname/check_ttyname.c: + Do not fail if ttyname() cannot determine the tty but sudo can. + Should fix problems with running "make check" under pbuilder. + [e6fc06a6c5cf] - * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c: - Move sudo_conv into policy.c - [f699aee7136b] + * plugins/sudoers/Makefile.in: + Remove extraneous $$CWD; from Bdale Garbee + [4d040ddd7446] + +2013-09-09 Todd C. Miller - * plugins/sudoers/pwutil.c: - cosmetic fixes - [930e60389ca8] + * NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Make "this" and "next" qualifiers work a bit better. There is still + room for improvement as "this week" will use the current time + instead of the beginning of the week. That's a separate issue + though. + [e844c02f754a] - * plugins/sudoers/match.c: - RHEL (and perhaps other Linux distros) use the string "(none)" - instead of an empty string when there is no actual NIS-style domain - name. Bug #596 - [11aec11489ac] +2013-09-06 Todd C. Miller - * plugins/sudoers/match.c: - Fix return values when NAME_MATCH is defined. - [ce030be9ccef] + * common/regress/sudo_conf/conf_test.c, + common/regress/sudo_parseln/parseln_test.c: + Mark main() public to silence a warning on HP-UX. + [ac0b869b9842] -2013-03-26 Todd C. Miller +2013-09-03 Todd C. Miller - * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h: - Update copyright year. - [7e4b8d49addd] + * plugins/sudoers/po/sudoers.pot, plugins/sudoers/timestamp.c: + Be specific that we are talking about the Unix epoch; bug #615 + [25887775371b] - * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h, - plugins/sudoers/pwutil_impl.c, plugins/sudoers/sudoers.h: - Add sudo_set_grlist(), currently unused by the back end. - [b37ac1d0e8fc] + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/po/sudoers.pot, + src/po/sudo.pot, src/selinux.c: + Do not use "setup" as a verb; bug #614 + [17c4750aac5f] - * plugins/sudoers/pwutil.c: - Remove unused macros, fix a debug_decl - [6136fb4a0d3b] + * plugins/sudoers/iolog.c: + Fix logic goof when checking open() status. + [76ece1445d71] - * include/missing.h: - Tru64 Unix doesn't prototype innetgr() or getdomainname(). - [585ac1874dfe] + * plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, src/po/nl.mo, + src/po/nl.po, src/po/ru.mo, src/po/ru.po: + Sync with translationproject.org + [21351498000f] - * include/missing.h: - Whitespace fixes - [0bb28cd91d97] + * NEWS, plugins/sudoers/sudoreplay.c: + Work around a bug in sudo 1.8.7 timing files where the indexes are + off by two. + [4aa0cd58af58] - * common/error.c: - Don't need to include setjmp.h here, error.h already includes it. - [fd05ab00e186] + * MANIFEST, plugins/sudoers/iolog.c, plugins/sudoers/iolog.h, + plugins/sudoers/sudoreplay.c: + Repair writing of the I/O log file indices broken in sudo 1.8.7. + [6a5f867884f5] -2013-03-25 Todd C. Miller +2013-08-31 Todd C. Miller - * compat/Makefile.in, plugins/sudoers/Makefile.in: - regen depends - [57991f5e16b4] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Try to improve the PAGERS noexec example a bit. + [226f11118daa] - * plugins/sudoers/check.h: - Rename guard define. - [ccf4dba241d6] +2013-08-30 Todd C. Miller - * plugins/sudoers/check.c, plugins/sudoers/check.h, - plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: - Move contents of timestamp.h into check.h. - [c139757a9283] + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Document comment character in ldap.conf Clarify what is and is not + supported in TLS_KEYPW Mention that gsk8capicmd can be used to + create a stash file + [fb8f06ab4458] - * plugins/sudoers/sudoers.h: - expand_prompt() is now in prompt.c sudo_printf extern is now in - error.h - [219bd74ca62b] +2013-08-26 Todd C. Miller - * plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.h, - plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h, - plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h, - plugins/sudoers/insults.h, plugins/sudoers/interfaces.h, - plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h, - plugins/sudoers/parse.h, plugins/sudoers/pwutil.h, - plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h, - plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.h, - plugins/sudoers/toke.h: - Change multiple inclusion guards to be _SUDOERS_FOO_H - [faace6d55e78] + * NEWS: + New bugs fixed for 1.8.8. + [c158df7cd9d2] -2013-03-23 Todd C. Miller + * plugins/sudoers/visudo.c: + Fix setting of quiet flag when -q / --quiet is specified. Do not + print "sudoers: parsed OK" in quiet mode. + [df55acd57ce6] - * MANIFEST, plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, - src/po/nl.mo, src/po/nl.po, src/po/tr.mo, src/po/tr.po: - New Dutch translation for sudo and sudoers New Turkish translation - for sudo From translationproject.org - [bc918b7b23a4] + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/fi.mo, + src/po/fi.po, src/po/it.mo, src/po/it.po: + Updated translations from translationproject.org + [e9e8abd23a28] -2013-03-21 Todd C. Miller + * plugins/sudoers/check.c: + Don't allow root to change its SELinux role without a password. Bug + #611 + [f8b599acb29d] - * config.h.in, configure, configure.in: - Fix a typo in a comment and make sure we don't mistakenly include - _PATH_SUDO_ASKPASS and _PATH_SUDO_SESH in config.h.in - [694d12ac70ec] +2013-08-21 Todd C. Miller -2013-03-19 Todd C. Miller + * NEWS: + Mention new Mac OS X symbol interposition. + [98293b7c4e0f] - * plugins/sudoers/Makefile.in: - Don't build check_symbols if we are linking sudoers in statically. - [f6602723bab7] + * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo, + src/po/eo.po, src/po/fr.mo, src/po/fr.po: + Updated translations from translationproject.org + [865be7454354] - * configure, configure.in: - Use $host_os not $host when we only care about the os name and - version. - [05e4f4fcba06] + * config.h.in, configure, configure.in, src/sudo_noexec.c: + Add configure checks for the exec functions we will dummy out. This + is only really needed on Mac OS X when symbol interposition is being + performed but won't hurt elsewhere. + [49c20cf6bab0] - * aclocal.m4, configure, configure.in: - Suppress duplicate -L and -I flags. - [228f2f581aed] +2013-08-20 Todd C. Miller - * common/Makefile.in, compat/regress/fnmatch/fnm_test.c: - Fix regress tests on non-OpenBSD platforms. - [9d91bc859c50] + * config.h.in, configure, configure.in, src/Makefile.in, + src/sudo_noexec.c: + Fix installation of sudo_noexec on Mac OS X. Use library symbol + interposition on Mac OS X 10.4 and higher so we don't need to set + DYLD_FORCE_FLAT_NAMESPACE=1. + [a82999dff8e6] - * configure, configure.in: - If we find sasl/sasl.h there's no need to check for sasl.h too - [889efaa86012] +2013-08-19 Todd C. Miller - * aclocal.m4, configure, configure.in: - Add -R flags at the very end after configure link tests are done - since we can only count on libtool to accept -R, the compiler front - end may not. Also unify the libldap and libibmldap tests using - AC_SEARCH_LIBS and check for -lCsup on HP-UX which is needed by - libibmldap (but is not an explicit dependency). - [ab1451894351] + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Fix typo in tls_key example for Tivoli + [36599f424ac4] -2013-03-18 Todd C. Miller + * src/parse_args.c: + Don't escape '$' when running "sudo -i command". Bug #564 + [17542d52f714] - * configure, configure.in: - Back out changes that broke detection of skey, opie and ldap - libraries. - [ffa82b8f8641] + * plugins/sudoers/iolog_path.c: + Fix typo in comment. + [d0510ed5eaba] - * plugins/sudoers/regress/testsudoers/test1.sh, - plugins/sudoers/regress/testsudoers/test2.sh, - plugins/sudoers/regress/testsudoers/test3.sh, - plugins/sudoers/regress/testsudoers/test4.sh, - plugins/sudoers/regress/testsudoers/test5.sh, - plugins/sudoers/regress/visudo/test1.sh, - plugins/sudoers/regress/visudo/test2.sh, - plugins/sudoers/regress/visudo/test3.sh: - Add explicit "exit 0" to prevent the check target from ending - prematurely. - [cca411b492bd] + * plugins/sudoers/auth/pam.c: + Fix comment. + [4e89e0bfd6af] - * plugins/sudoers/Makefile.in: - Fix exit values in check target so we don't have to ignore errors. - [cbc429c409e9] + * plugins/sudoers/timestr.c, plugins/sudoers/visudo.c: + Quiet some gcc -Wformat=2 false positives + [28a2014b9822] - * plugins/sudoers/Makefile.in: - Fail a test if there is unexpected stderr output. - [4fc24d536bec] +2013-08-18 Todd C. Miller - * MANIFEST: - Fix path to sudo.conf manuals; remove non-existant test2.err.ok - [6b8bcd60dd85] + * plugins/sudoers/auth/pam.c: + Remove now-obsolete arg to env_merge() + [ba015cf5d935] - * src/load_plugins.c: - Fix compilation in dynamic mode. - [679856fa0774] + * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po, + src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, + src/po/zh_CN.mo, src/po/zh_CN.po: + Updated translations from translationproject.org + [72b6aeaba505] - * configure, configure.in: - On HP-UX, libibmldap has a hidden dependency on libCsup - [22994709d77c] + * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/fr.mo, src/po/fr.po: + French translation for sudo from translationproject.org. + [a72321771860] - * compat/dlopen.c: - Pass BIND_VERBOSE to shl_load() - [0060b9cfa9ab] + * plugins/sudoers/logging.h: + Add __printflike to audit_failure. + [1686b3699d41] - * configure, configure.in: - Only create static helper libs when --disable-shared is specified. - [1fcdb1a437e0] + * include/missing.h: + Use __nonnull__ attribute in __printflike. + [d123613a1fb6] - * src/load_plugins.c: - Ubreak static build. - [4ac9f96be285] +2013-08-17 Todd C. Miller + + * plugins/sudoers/env.c, plugins/sudoers/sudoers.h: + When merging the PAM environment, allow environment variables set in + PAM to override ones set by sudo as long as they do not match the + env_keep or env_check lists. + [f3c64967fed7] - * INSTALL, aclocal.m4, configure, configure.in: - Replace --with-rpath and --with-blibpath with --disable-rpath. Now - that we use libtool for linking we can just use the -R flag and have - libtool translate it to the proper linker flag. - [09798fad6888] + * plugins/sudoers/auth/pam.c: + Call pam_getenvlist() after we've opened the session to get the + session-specific environment variables. + [b413fb9e1c77] -2013-03-15 Todd C. Miller + * plugins/sudoers/ldap.c: + Fix error display from ldap_ssl_client_init(). There are two error + codes. The return value can be decoded via ldap_err2string() but the + ssl reason code cannot (you have to look it up in a table online). + [0267125ce9f0] - * src/exec_pty.c: - Bump I/O buffer size 32K - [4ef793225309] +2013-08-16 Todd C. Miller -2013-03-14 Todd C. Miller + * NEWS: + option not flag + [08c31af7b818] - * configure, configure.in, doc/sudo.conf.cat, doc/sudo.conf.man.in, - doc/sudo.conf.mdoc.in: - Document sesh Path setting. - [34b0b903b4f8] + * compat/getopt_long.c, config.h.in, configure, configure.in: + Don't redefine opterr, optind, optopt, optarg in getopt_long.c. Add + a check for optreset which is a BSD extension and provide a + definition in getopt_long.c if it is not present. + [3393e8d83400] - * src/exec.c, src/exec_common.c: - Move exec_cmnd to exec.c to fix a compilation issue with sesh.c - [06aa1956f38d] + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [f38f65830118] - * common/sudo_conf.c, configure, configure.in, include/sudo_conf.h, - src/selinux.c: - Make sesh path configurable in sudo.conf - [91d331f273b7] + * plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c: + Use lower case for the long option arguments to match the manual. + This is inconsistent with GNU but it is better to match the sudo + documentation. + [8fac2d64f5d2] - * configure, configure.in: - Use -fno-pie and -nopie if supported when --disable-pie is - specified. - [777138c04dcc] + * NEWS: + Sudo 1.8.8 + [105c73752474] -2013-03-13 Todd C. Miller + * src/parse_args.c: + Use lower card for the long option arguments to match the manual. + This is inconsistent with GNU but it is better to match the sudo + documentation. + [af243dd39850] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: - Document direct execution of the command if the policy plugin has no - close function. - [6a14145c6e80] + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Describe how remote command execution can be implemented. + [3eba7f93b7f6] -2013-03-07 Todd C. Miller + * doc/sudoers.ldap.cat: + Bump version. + [0ee7f02f3627] - * plugins/sudoers/auth/pam.c: - Only delete creds if we actually established them. Print an error if - pam_setcred() fails and we actually authenticated. - [1e015314903b] +2013-08-15 Todd C. Miller - * common/Makefile.in, plugins/group_file/Makefile.in: - regen - [dd8cee2a5e1b] + * src/sudo.c: + Make it a fatal error if the plugin returns invalid or out of range + command info. + [8a7e56c7584a] - * common/alloc.c, include/alloc.h: - Convert efree() to a macro that just casts to void * and does - free(). If the system free() can't handle free(NULL) this may crash - but C89 was a long time ago. - [efd0ff9270fb] + * plugins/sudoers/policy.c: + Use strtol() instead of atoi() and perform error checking of + parameters passed from the sudo front-end. + [05e05be3c6c4] - * configure, configure.in: - Define _REENTRANT for HP-UX when we add -lpthread to SUDO_LIBS. - Fixes a problem with errno sometimes not being set on error on HP- - UX. - [54b419d58320] + * plugins/sudoers/auth/pam.c: + It is not possible for auth to be NULL here. + [771500e776e9] - * common/sudo_debug.c: - Fix debug logging from the plugin when there is no error number. - This was broken in the big debugging reorg for 1.8.7. - [2ea7e145e928] + * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Initialize user_runhost and user_srunhost to user_host and + user_shost in visudo and testsudoers. + [c47cca74e1fc] -2013-03-06 Todd C. Miller + * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c, + common/error.c, common/fatal.c, common/gidlist.c, common/lbuf.c, + common/list.c, common/sudo_conf.c, common/sudo_debug.c, + compat/Makefile.in, compat/getopt_long.c, include/error.h, + include/fatal.h, plugins/sudoers/Makefile.in, + plugins/sudoers/bsm_audit.c, plugins/sudoers/hexchar.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + src/Makefile.in, src/locale_stub.c, src/net_ifs.c, + src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.h: + Rename error.h -> fatal.h now that there is no error() function. + [3a3827f10f04] - * configure, configure.in, plugins/group_file/Makefile.in, - plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, - plugins/system_group/Makefile.in, src/load_plugins.c: - Always install plugins with a .so extension regardless of what - extension the system uses for shared libraries. That way the - group_plugin sudoers setting can be shared between heterogenous - systems. - [a7e6ecff6fdf] + * common/sudo_debug.c, include/sudo_debug.h: + Add support to the debug subsystem for zero-length strings. This can + happen for things like warning(NULL) or fatal(NULL) where we just + want to log the errno string. + [3ed739c5cc91] - * plugins/sudoers/match.c: - Mac OS X has netgroup functions in netdb.h. - [243881a974aa] + * include/error.h: + Add __printflike for vfatal, vfatalx, vwarning and vwarningx. + [57e65ed595d2] - * plugins/sudoers/parse.h: - Tags in struct cmndtag can be set to IMPLIED as well. - [cb6926988cc8] + * plugins/sudoers/audit.c: + Need to include gettext.h for BSM audit. + [a87fda2d0123] - * plugins/sudoers/parse.c: - Quiet a compiler warning. - [14e608c2001d] + * common/alloc.c, plugins/sudoers/env.c, src/exec_common.c, + src/parse_args.c, src/sudo.c: + Change some fatalx(NULL) that should be fatal(NULL). + [8b1efda9f578] - * plugins/sudoers/testsudoers.c: - Quiet an llvm checker warning. - [2eeb9f3d08f3] + * include/error.h, include/missing.h: + Use __printf0like for warning() and fatal() since the fmt string may + be NULL. + [858a890f00ad] - * plugins/sudoers/parse.c: - Quiet gcc -Wuninitialized false positive - [643ad987503d] + * compat/pw_dup.c: + Quiet a gcc "used uninitialized in this function" false positive. + [98f47f89ce60] -2013-03-05 Todd C. Miller + * mkpkg: + Enable bsm audit on Mac OS X and Solaris >= 11. + [8607488f986c] - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, - doc/sudoers.mdoc.in: - Document group_file and system_group plugins. - [b56511e79230] + * plugins/sudoers/bsm_audit.c: + Fix compilation on Solaris 11. + [01aa46298ed7] - * NEWS: - Sudo 1.8.7 - [e95183b8fa27] + * plugins/sudoers/bsm_audit.c: + Add missing missing.h + [080de69a55a1] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Try to clarify that sudoedit in sudoers should not include a leading - pathname. - [7b2beac92a9c] + * plugins/sudoers/sudoers.c: + Move the -C (user_closefrom) check until after set_cmnd() so that + closefrom_override can be used in a command-specific Defaults line. + Fixes bug #610 from Mengtao Sun. + [413565c6ff6b] - * plugins/sudoers/pwutil_impl.c: - Make sure groupname_len is at least 32 just to be on the safe side. - It is better to allocate a little extra and not need it than to have - to reallocate and start over. - [6d3e1ba47de9] +2013-08-14 Todd C. Miller - * include/alloc.h, include/missing.h: - Add __malloc_like macro to apply __malloc__ attribute to emalloc, - ecalloc and estrdup. It cannot be applied to realloc since that may - return the same pointer. - [8d70cb81d1f1] + * src/exec.c: + If not using a pty and the child process gets SIGTTOU or SIGTTIN and + sudo is the foreground process, make the child the foreground + process and continue it. + [5ff433443bc4] - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: - Fix potential double free in an error path. - [657573feb6a4] + * src/sudo.c: + If sudo is not setuid and was not invoked with a full path, look in + the user's PATH for the sudo binary to give a better error message. + [a740129a38f0] - * src/exec_pty.c: - When running the command in a pty, defer the call to exec_setup() - until just before we exec the command. This is consistent with the - non-pty path. As a side effect, the monitor process runs as root and - not the runas user. - [e2a7f8c7ee4c] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, + plugins/sudoers/logging.c, plugins/sudoers/match.c, + plugins/sudoers/policy.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.h: + Add limited support for "sudo -l -h other_host". Since group lookups + are done on the local host, rules that use group membership may be + incorrect if the group database is not synchronized between hosts. + [2c8b222a5f7f] -2013-03-02 Todd C. Miller + * src/parse_args.c: + Fix parsing of "-h host" when used in conjunction with the -l flag. + [62f3d726d52b] - * compat/closefrom.c: - Update copyright year. - [9b652af4dfc0] + * configure, configure.in, doc/fixman.sh, doc/fixmdoc.sh, + doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, + doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c, + plugins/sudoers/visudo.c, src/parse_args.c, src/sudo.c, + src/sudo_usage.h.in: + Simplify usage messages a bit and make --help output more closely + resemble GNU usage wrt long options. Sync usage and man page + SYNOPSYS sections and improve long options in the manual pages. Now + that we have long options we don't need to give the mnemonic for the + single-character options in the description. + [17b7e386955a] -2013-03-01 Todd C. Miller +2013-08-13 Todd C. Miller - * compat/closefrom.c: - Use pst_highestfd from pstat_getproc() on HP-UX. - [09f3fea46a3d] + * plugins/sudoers/logging.c: + Fix setting of mailer argv[0] to basename of mailerpath. No need to + strdup() mailerpath as it is not modified. + [8843cdd958ee] -2013-02-28 Todd C. Miller + * plugins/sudoers/logging.c: + Make sure the mailer exists and is a regular file before trying to + exec it. + [b73d6214014f] - * Makefile.in, common/Makefile.in, doc/Makefile.in, - plugins/sudoers/Makefile.in: - Clean up generated test files and other minor housekeeping. - [f5f4fdd908e1] + * plugins/sudoers/timestamp.c: + If tty_tickets are enabled but there is no tty, use a ticket file + based on the parent pid. + [75408bd61ced] - * plugins/sudoers/iolog.c: - Add back gettimeofday() call inadvertantly removed in e1abb9810a83 - [675cce8401ae] + * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, include/sudo_conf.h, src/parse_args.c: + Allow default plugin dir to be configured in sudo.conf. + [478883594cc5] - * config.h.in, configure, configure.in, src/ttyname.c: - Use pstat() on HP-UX to determine the tty device. - [2884af22a9df] + * doc/CONTRIBUTORS: + UTF8 for Ruusamae, Elan; from Tae Wong + [02e0c95b4fa6] - * plugins/sudoers/auth/pam.c: - Fix PAM compilation: def_pam_session, not just pam_session. - [5417d7acc6ea] +2013-08-12 Todd C. Miller - * doc/fixmdoc.sh: - Don't remove the -S option description when trimming out selinux. - Bug #592 - [8a94f2cfa0a0] + * MANIFEST, common/regress/sudo_conf/test5.in, + common/regress/sudo_conf/test5.out.ok, + common/regress/sudo_conf/test6.in, + common/regress/sudo_conf/test6.out.ok, common/sudo_conf.c, + doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, + plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c, src/sudo.c: + Don't allow max_groups to be set to zero, it just complicates things + needlessly. Fixes an assertion in visudo when there is a group- + based Defaults entry. + [d62a8ea32db9] -2013-02-25 Todd C. Miller +2013-08-08 Todd C. Miller - * .hgtags: - Added tag SUDO_1_8_6p7 for changeset ebd6cc75020f - [87c1a5cea66b] <1.8> + * MANIFEST, common/Makefile.in, common/gidlist.c, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, src/sudo.c, + src/sudo.h: + Refactor code to parse list of gids into its own function that is + shared by the sudo front-end and the sudoers module. Make uid/gid + parse error be fatal, not just a warning. + [da3b2b06605c] - * plugins/sudoers/check.c: - Completely ignore time stamp file if it is set to the epoch, - regardless of what gettimeofday() returns. - [ebd6cc75020f] [SUDO_1_8_6p7] <1.8> + * common/atoid.c: + Add function comment block. + [09a324de716f] - * plugins/sudoers/check.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h: - Store the session ID in the tty ticket file too. A tty may only be - in one session at a time so if the session ID doesn't match we - ignore the ticket. - [049a12a5cc14] <1.8> + * common/atoid.c: + Default text domain is now sudo, not sudoers. + [1acb1da6f304] - * configure, configure.in: - Sudo 1.8.6p7 - [3334bc872111] <1.8> + * common/Makefile.in: + Update dependency for atoid.lo + [5e367cd44288] - * NEWS: - Update for Sudo 1.8.6p7 - [3b853ddc529c] <1.8> + * common/atoid.c, plugins/sudoers/iolog.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.h, plugins/sudoers/tsgetgrpw.c, src/sudo.c, + src/sudo.h: + Add endpointer and separator args to atoid() + [2077e4ed8578] - * NEWS: - Update for Sudo 1.8.6p7 - [0858a73e9c40] +2013-08-07 Todd C. Miller -2013-02-24 Todd C. Miller + * compat/getgrouplist.c: + Use private version of atoid() to avoid a dependency on libcommon.a + (since that already depends on libreplace.a). + [7c12d63b0560] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: - Document when sudo may exec the command directly instead of forking. - [da41951edc28] + * doc/CONTRIBUTORS: + More UTF8 in names; from Tae Wong + [512b263f51c8] - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in: - Document that close and version be NULL for plugin API >= 1.3 and - that sudo may execute the command directly if there is no close, or - pty or timeout needed. - [e5f929ddeaf8] + * compat/getgrouplist.c, plugins/sudoers/iolog.c, + plugins/sudoers/tsgetgrpw.c, src/sudo.c, src/sudo.h: + Use atoid() in more places. + [06f4ae57c707] - * plugins/sudoers/auth/sudo_auth.c: - Fix debug_decl for sudo_auth_begin_session and - sudo_auth_end_session. - [58243392c0df] + * MANIFEST, common/Makefile.in, common/atoid.c, + plugins/sudoers/Makefile.in, plugins/sudoers/atoid.c: + Move atoid() to common so it can be used in src and compat too. + [095d730701e4] - * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in, - doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c, - plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, - plugins/sudoers/def_data.in, plugins/sudoers/defaults.c: - Add pam_session sudoers option. - [d994465db9f1] + * compat/closefrom.c: + Avoid a crash on Mac OS X 10.8 (at least) when we close + libdispatch's fds out from under it before executing the command. + Switch to just setting the close on exec flag instead. + [349ebf4987df] - * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/policy.c, - plugins/sudoers/sudoers.h: - Dummy out close function if there is no end_session for the auth - method and the front-end can handle a NULL close function. Avoids - the extra sudo process when we don't actually need it. - [74886d5b0fb6] + * doc/CONTRIBUTORS: + Convert to last, first for easier sorting and use UTF8 (including a + BOM). + [8c30d221bd75] -2013-02-23 Todd C. Miller + * plugins/sudoers/atoid.c: + Add atoid() function to convert a string to an id_t (uid, gid or + pid). We have to be careful to choose() either strtol() or strtoul() + depending on whether the string appears to be signed or unsigned. + Always using strtoul() is unsafe on 64-bit platforms since the uid + might be represented as a negative number and (unsigned long)-1 on a + 64-bit system is 0xffffffffffffffff not 0xffffffff. Fixes a problem + with uids larger than 0x7fffffff on 32-bit platforms. + [5d818e399157] - * Makefile.in, aclocal.m4: - Add m4/ to paths m4_include parameters so we don't need to use - autoconf's -I flag. - [4fd86e7a84f3] + * MANIFEST, config.h.in, configure, configure.in, + plugins/sudoers/Makefile.in, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.h: + Add atoid() function to convert a string to an id_t (uid, gid or + pid). We have to be careful to choose() either strtol() or strtoul() + depending on whether the string appears to be signed or unsigned. + Always using strtoul() is unsafe on 64-bit platforms since the uid + might be represented as a negative number and (unsigned long)-1 on a + 64-bit system is 0xffffffffffffffff not 0xffffffff. Fixes a problem + with uids larger than 0x7fffffff on 32-bit platforms. + [cd92246a710f] - * src/exec.c, src/exec_common.c, src/exec_pty.c, src/sudo_exec.h, - src/sudo_plugin_int.h: - If the policy plugin does not provide a close function, there is no - command timeout and no pty is required, skip the event loop and just - exec the command directly. - [ad532f107170] + * plugins/sudoers/sudoers.c: + Avoid "perm stack underflow" error when logging the unknown uid + error. + [871514c713b7] - * src/sudo.c: - Do not crash if the plugin close and version functions are not - defined. If there is no policy close function, simply print a - warning that the command was not found. - [c789a9dd54e8] + * plugins/sudoers/set_perms.c: + In rewind_perms() there is nothing to do if perm_stack_depth == 0. + [98de335f47f0] -2013-02-21 Todd C. Miller +2013-08-06 Todd C. Miller - * plugins/sudoers/parse.c: - Fix typos in selinux/solaris privs specific code. - [9af3999361b4] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in: + Add pam_setcred sudoers option to allow the user to control whether + pam_setcred() is called on the user's behalf. + [4260a8e43073] - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, src/parse_args.c: - Pass the default plugin directory to the plugin via the settings - list. Could be used by a stacking plugin. - [688e771fc145] + * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c: + Add pam_service and pam_login_service sudoers settings to control + the service name passed to pam_start. + [5ea0e3588f3a] - * plugins/sudoers/timestamp.c: - Completely ignore time stamp file if it is set to the epoch, - regardless of what gettimeofday() returns. - [df58842af660] + * mkpkg: + Newer Xcode places the SDKs under Xcode.app + [4b54379d5c45] - * doc/CONTRIBUTORS: - Add Nikolai Kondrashov - [df59791438f9] +2013-08-03 Todd C. Miller - * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: - Use userpw_matches() for username matching so #uid works for - sudoRunAsUser. - [a124062334df] + * MANIFEST, common/Makefile.in, common/zero_bytes.c, + compat/Makefile.in, compat/memset_s.c, config.h.in, configure, + configure.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, include/missing.h, include/sudo_plugin.h, + mkdep.pl, plugins/sudoers/Makefile.in, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c, + plugins/sudoers/logging.c, plugins/sudoers/sha2.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, + src/Makefile.in, src/conversation.c, src/sudo.h, src/sudo_edit.c, + src/tgetpass.c: + Implement memset_s() and use it instead of zero_bytes(). A new + constant, SUDO_CONV_REPL_MAX, is defined by the plugin API as the + max conversation reply length. This constant can be used as a max + value for memset_s() when clearing passwords filled in by the + conversation function. + [264ec146028e] - * plugins/sudoers/sssd.c: - Avoid calling realloc3() with a zero size parameter when all - retrieved sssd rules fail. Otherwise we'll get a run-time error due - to malloc(0) checking. - [84dfcb73ebd7] +2013-08-01 Todd C. Miller - * plugins/sudoers/sssd.c: - Do not send error mail if a user is not found in SSSD. Local users - can run sudo too. From Nikolai Kondrashov - [3d2ae99ee468] + * plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/system_group/Makefile.in: + Do not try to install plugins when shared modules are disabled + (sudoers already had the check). + [3d582c042042] -2013-02-20 Todd C. Miller + * plugins/sudoers/Makefile.in: + Update dependencies to take into account compat/getopt.h and + compat/dlfcn.h. + [301fb31cd121] - * MANIFEST, common/regress/sudo_conf/test4.in, - common/regress/sudo_conf/test4.out.ok: - Test setting disable_coredump to illegal value. - [3c71c6c49027] + * src/Makefile.in: + Update dependencies now that sudo_usage.h is always included from + the build dir. + [c1ff70ec9515] - * common/sudo_conf.c: - Fix atobool() usage. - [d40c9f4d06b0] +2013-07-31 Todd C. Miller - * common/regress/sudo_conf/conf_test.c: - Remove unused variable. - [328b524b365b] + * plugins/sudoers/ldap.c: + Add some warnings and debugging to sasl ccname handling. + [467f415861f0] - * plugins/sudoers/sudoers.c: - Make "sudo -l non_existent_command" warn that non_existent_command - doesn't exist, not the "list" pseudo-command. - [9dc0388fc4f3] + * plugins/sudoers/ldap.c: + Fix write loop invariant in sudo_krb5_copy_cc_file() + [6948cf6e9b9f] - * plugins/sudoers/parse.c: - Make sudoers file long list output better match the format used by - ldap sudoers. Tags are now converted to options and there is a - single command per line. - [6e6dc3f20d84] +2013-07-30 Todd C. Miller - * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, - doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Use the correct the sudoers policy symbol names and undo an editor - goof committed when adding max_groups to sudo.conf. - [2a6f7ddf5cc3] + * plugins/sudoers/ldap.c: + Strip off leading FILE: or WRFILE: prefix before trying to copy the + user's credential cache. + [56c16feab62f] - * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c: - For "sudo -l" start a new line if the runas list changes to make the - output easier to read. - [7dc3d724c924] +2013-07-29 Todd C. Miller -2013-02-19 Todd C. Miller + * src/sudo.c: + Instead of setting RLIMIT_NPROC to unlimited when sudo initializes, + just save RLIMIT_NPROC in exec_setup() before the final setuid() and + restore it immediately after. We don't need to modify RLIMIT_NPROC + for simple euid changes, just for changing the real (and saved) uids + before we exec. This also means we no longer need to worry about + _SC_CHILD_MAX returning -1. Bug #565 + [1372f1909039] - * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c: - For "sudo -l" and "sudo -ll" only print the runas info for - subsequent commands in a list if the runas info has changed. If we - have new runas info, print out the tags again so as to be less - confusing to the user. For "sudo -ll" set the line continuation - indent to 8. - [b5ec02fe7fc1] +2013-07-28 Todd C. Miller -2013-02-18 Todd C. Miller + * plugins/sudoers/ldap.c, src/preload.c: + Now that the ldap code runs with the real and effective uid set to + 0, it is not possible for the gssapi libs to find the user's krb5 + credential cache file. To work around this, we make a temporary copy + of the user's credential cache specified by KRB5CCNAME (opened with + the user's effective uid) and point gssapi to it. To set the + credential cache file name, we dynamically look up + gss_krb5_ccache_name() and use it if available, otherwise fall back + to setting KRB5CCNAME. + [8b86c134541a] - * MANIFEST, Makefile.in, configure, configure.in, doc/sudoers.cat, - doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/group_file/Makefile.in, plugins/group_file/getgrent.c, - plugins/group_file/group_file.c, plugins/group_file/group_file.exp, - plugins/group_file/plugin_test.c, plugins/sample_group/Makefile.in, - plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, - plugins/sample_group/sample_group.c, - plugins/sample_group/sample_group.exp: - Rename sample_group plugin to group_file. Install group_file and - system_group plugins by default. - [951b3e446fae] +2013-07-19 Todd C. Miller - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, - plugins/sudoers/def_data.in, plugins/sudoers/iolog.c, - plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h: - Add maxseq sudoers option to limit the max number of I/O log files. - [e1abb9810a83] + * doc/sudo.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, + doc/sudoreplay.mdoc.in, doc/visudo.cat, doc/visudo.man.in, + doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c, + plugins/sudoers/visudo.c: + Long option support for visudo and sudoreplay. + [91427968be71] -2013-02-16 Todd C. Miller +2013-07-18 Todd C. Miller - * plugins/sudoers/iolog.c: - Log lines and columns in the iolog file. - [03adb6230e05] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, src/Makefile.in, + src/parse_args.c, src/sudo.c, src/sudo_usage.h.in: + Add support for long options and fix inclusion of sudo_usage.h with + modern gcc broken in 8597:1fcb7ba13018. + [d13134819944] -2013-02-15 Todd C. Miller + * src/Makefile.in: + Add rule to rebuild sudo_usage.h when the .in file changes. + [59a32899e251] - * MANIFEST, common/Makefile.in, common/regress/sudo_conf/conf_test.c, - common/regress/sudo_conf/test1.in, - common/regress/sudo_conf/test1.out.ok, - common/regress/sudo_conf/test2.in, - common/regress/sudo_conf/test2.out.ok, - common/regress/sudo_conf/test3.in, - common/regress/sudo_conf/test3.out.ok, common/sudo_conf.c, - include/sudo_conf.h, plugins/sudoers/sudoreplay.c, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sesh.c, - src/sudo.c: - Add simple regress tests for sudo.conf parsing. - [3c36b61bf61c] + * compat/Makefile.in, mkdep.pl, src/Makefile.in: + Add make rules for building getopt_long.c + [5f57593b3a8b] - * src/sudo.c: - Always display the I/O plugin version as long as its open functions - doesn't return an error. Previously it was only displayed if the - plugin open returned 1. - [4b0277db3f8c] + * src/parse_args.c: + Make "-h hostname" work. Optional args in GNU getopt() only work + when there is no space between the option flag and the argument. + [b8258659cabb] - * plugins/sudoers/pwutil_impl.c: - Use sysconf(_SC_LOGIN_NAME_MAX) to find max username length instead - of poking around in struct utmpx. - [2c0cc5c42958] +2013-07-17 Todd C. Miller - * plugins/sudoers/pwutil_impl.c, src/parse_args.c, src/sudo.c: - #include "sudo_usage.h" not so we get the one in the - build directory and not the src dir when using a separate build - directory. - [1fcb7ba13018] + * MANIFEST, compat/getopt.h, compat/getopt_long.c, config.h.in, + configure, configure.in, doc/LICENSE, src/parse_args.c: + Use getopt_long() so we can make the -h flag take an optional + argument. Includes a version for those without it. + [d1dd66c8a86b] -2013-02-14 Todd C. Miller +2013-07-16 Todd C. Miller - * common/fileops.c: - If a line was longer that 0x80000000 the bit hack to round to the - next power of two would roll over to zero. - [f4f729cf6f0f] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Document that the -h option can be used specify a host name for + future plugins. + [8470c74cf326] - * plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c, - plugins/sudoers/sudoers.h, src/sudo.c: - Use max_groups in front-end and plugin. - [bf1e74166831] + * include/sudo_plugin.h, src/parse_args.c, src/sudo_usage.h.in: + Overload -h option to specify an optional hostname for remote + access. This is future-proofing; no policy plugins currently support + this. + [0e01d8c3c623] + + * configure, configure.in: + Bump version to 1.8.8 + [a1155bfaa28f] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, src/parse_args.c: - Pass max_groups to plugin in settings list. - [d7d76e8651f4] + doc/sudo_plugin.mdoc.in: + Document the remote_host setting (-h host) + [c737db906f5d] - * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in, - doc/sudo.conf.mdoc.in, include/sudo_conf.h: - Add max_groups setting to sudo.conf (currently unused) and remove - unused return value from setters. - [f6494f71e1f0] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + fix "the the" + [0025464a3942] -2013-02-12 Todd C. Miller + * src/parse_args.c, src/sudo.c, src/sudo.h: + Do not error out if arg to -U option cannot be resolved, that is for + the plugin to decide. There is no need for runas_user and + runas_group to be global, make them local to parse_args() instead. + [fb02a62a72ba] - * INSTALL: - Reorganize configure options - [23475de8039f] + * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/pt_BR.mo, + plugins/sudoers/po/pt_BR.po, src/po/es.mo, src/po/es.po, + src/po/pt_BR.mo, src/po/pt_BR.po: + Sync with translationproject.org + [e8f4772d918a] -2013-02-11 Todd C. Miller +2013-07-11 Todd C. Miller - * NEWS: - Add Sudo 1.8.6p7 - [77480be0f378] <1.8> + * doc/TROUBLESHOOTING: + Remove old bits about sudo setuid problems that should have been + cleaned up in changeset 7917:fa4894896d8a. Also update the mode of + sudo to 04755 to match current packaging. + [1e3904cdc2de] - * NEWS: - Add Sudo 1.8.6p7 - [5192fc511cbe] + * plugins/sudoers/auth/pam.c: + Go back to ignoring the return value of pam_setcred() since with + stacked PAM auth modules a failure from one module may override + PAM_SUCCESS from another. If the first module in the stack fails, + the others may be run (and succeed) but an error will be returned. + This can cause a spurious warning on systems with non-local users + (e.g. pam_ldap or pam_sss) where pam_unix is consulted first. + [b6022e26135a] -2013-02-10 Todd C. Miller + * src/net_ifs.c: + Remove unused variable. + [93dde7d82fde] - * INSTALL.configure: - Sync with autoconf 2.68 - [985e5c8efa4e] + * NEWS: + Fix typo + [5ef79671c2c7] - * INSTALL, README: - Remove obsolete OS notes and move build requirements to INSTALL. - [bf0dd53ca164] +2013-07-09 Todd C. Miller -2013-02-08 Todd C. Miller + * plugins/sudoers/sssd.c: + Fix pasto; sudo_sss_extract_digest() not sudo_ldap_extract_digest(). + From Dan Harnett. + [4a0af6f12765] - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in: - Sort elements of the settings, user_info and command_info lists. - [663062ada5b7] +2013-06-18 Todd C. Miller + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Fix formatting typo; from Eric S. Raymond + [058b533ba460] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: - Remove trailing white space - [027916a6c8e7] +2013-06-17 Todd C. Miller - * plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, - plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: - Store the session ID in the tty ticket file too. A tty may only be - in one session at a time so if the session ID doesn't match we - ignore the ticket. - [4eb2cb8df48b] + * mkpkg: + Use -gxcoff on aix so dbx can be used to debug sudo. + [4950e019ed2d] -2013-02-07 Todd C. Miller +2013-06-12 Todd C. Miller - * plugins/sudoers/sudoers.c, src/sudo.c: - Move tzset() call from sudoers plugin to sudo front end. - [3c058dad8772] + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Fix typo; bug 605 + [41f7b46a6e51] - * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, - doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in: - Mention line continuation - [399873f8c805] +2013-06-04 Todd C. Miller - * MANIFEST, common/Makefile.in, common/fileops.c, - common/regress/sudo_parseln/parseln_test.c, - common/regress/sudo_parseln/test1.in, - common/regress/sudo_parseln/test1.out.ok, - common/regress/sudo_parseln/test2.in, - common/regress/sudo_parseln/test2.out.ok, - common/regress/sudo_parseln/test3.in, - common/regress/sudo_parseln/test3.out.ok, - common/regress/sudo_parseln/test4.in, - common/regress/sudo_parseln/test4.out.ok, - common/regress/sudo_parseln/test5.in, - common/regress/sudo_parseln/test5.out.ok, - common/regress/sudo_parseln/test6.in, - common/regress/sudo_parseln/test6.out.ok, common/sudo_conf.c, - include/fileops.h, plugins/sudoers/env.c, plugins/sudoers/ldap.c, - plugins/sudoers/sudo_nss.c: - Add line continuation support to sudo_parseln() and make it use - getline() instead of fgets() internally. - [d02bf3973fc5] + * src/po/da.mo, src/po/eo.mo, src/po/es.mo, src/po/it.mo, + src/po/tr.mo: + Regen .mo files that were out of date. + [9e25a254f9db] -2013-02-06 Todd C. Miller +2013-05-30 Todd C. Miller - * plugins/sample/sample_plugin.c: - Fix memory leak in error path; found by llvm checker - [d090c26a5b00] + * NEWS, configure, configure.in: + On Solaris 11 and higher, tag binaries for ASLR if supported by the + linker. + [a2a6cafa3e60] - * plugins/sudoers/sudoreplay.c: - Remove useless store detected by llvm checker. - [12a4db91651a] + * mkpkg: + No longer need to disable PIE on Solaris. + [cf90019ae67e] - * configure, configure.in, doc/UPGRADE, mkpkg, src/Makefile.in, - src/load_plugins.c, sudo.pp: - Sudo now stores its libexec files in a "sudo" subdirectory instead - of in libexec itself. For backwards compatibility, if the plugin is - not found in the default plugin directory, sudo will check the - parent directory default directory ends in "/sudo". - [5de67de76489] +2013-05-28 Todd C. Miller - * plugins/sample/sample_plugin.c, plugins/sample_group/sample_group.c, - plugins/system_group/system_group.c: - Add missing __dso_public to plugin structs so they are exported. - [dde703577621] + * INSTALL, NEWS, configure, configure.in, doc/TROUBLESHOOTING: + Restrict default creation of PIE binaries (-fPIE and -pie) to Linux. + OpenBSD also supports PIE but enables it by default so we don't need + to do anything. This fixes problems on systems with a version of GNU + ld that accepts -pie but where the run-time linker doesn't actually + support PIE. Also verify that a trivial PIE binary works unless PIE + is explicitly enabled. + [3c5f125efeb1] - * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: - Mention that sudoers has its own plugins too. - [0a6c6203b512] +2013-05-24 Todd C. Miller -2013-02-05 Todd C. Miller + * aclocal.m4, configure, configure.in: + Attempt to detect PIE failure on Solaris 10 with GNU as and GNU ld + where we can end up crashing due to malloc() failures. Sems OK when + Using Sun as and ld. + [b8ba412102ab] - * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: - Correct last change date. - [45894291d792] + * NEWS: + Update with final changes. + [78ff6d2ed47a] - * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, - doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, - doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, - doc/sudoers.mdoc.in: - Remove duplicated sudo.conf info in the sudo, sudoers and - sudo_plugin manuals and cross-reference the new sudo.conf manual. - [b808ba29cf3a] +2013-05-23 Todd C. Miller - * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: - Fix typos - [0e70964150c6] + * configure, configure.in: + Add -fPIE to PIE_LDFLAGS as per gcc manual. + [fe900cbb0780] - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in: - Fix some typos. - [94ae045cfbc6] +2013-05-22 Todd C. Miller - * MANIFEST, doc/Makefile.in, doc/sudo.conf.cat, doc/sudo.conf.man.in, - doc/sudo.conf.mdoc.in: - Add standalone sudo.conf manual page. - [d64d949b700c] + * common/Makefile.in, compat/Makefile.in: + Add missing $(PIE_LDFLAGS) $(SSP_LDFLAGS) for test programs + [f84bc7482b78] - * doc/sample.sudo.conf: - add group_source example - [118c1ba1c014] + * MANIFEST, plugins/sudoers/alias.c, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/regress/visudo/test4.out.ok, + plugins/sudoers/regress/visudo/test4.sh, plugins/sudoers/visudo.c: + Replace sequence number-based cycle detection in visudo with a + "used" flag in struct alias. The caller is required to call + alias_put() when it is done with the alias. Inspired by a patch from + Daniel Kopecek. + [0bdbac1b3b39] - * configure, configure.in, doc/sample.sudo.conf, doc/sudo.man.in, - doc/sudo.mdoc.in, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, - doc/sudoers.man.in, doc/sudoers.mdoc.in: - Use PLUGINDIR in the manuals and fix a typo in the sample sudo.conf. - [f5bd6006dc1c] +2013-05-20 Todd C. Miller - * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/it.mo, - src/po/it.po: + * plugins/sudoers/iolog.c: + Eliminate a few relocations related to sudoers_io. + [18e9e2cc3367] + + * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po: Sync with translationproject.org - [a6f2b9aac371] + [f38cc128a2ad] -2013-02-03 Todd C. Miller +2013-05-18 Todd C. Miller - * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, - plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/fi.mo, - src/po/fi.po, src/po/gl.mo, src/po/gl.po, src/po/vi.mo, - src/po/vi.po: - Sync with translationproject.org - [ba546666969d] + * src/ttyname.c: + Clarify a comment. + [7a045ee06e95] -2013-02-01 Todd C. Miller +2013-05-16 Todd C. Miller - * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.mo, - plugins/sudoers/po/eo.po, src/po/da.po, src/po/eo.mo, src/po/eo.po, - src/po/es.po, src/po/gl.po: - Sync with translationproject.org - [cdc454e34c03] + * src/ttyname.c: + Handle d_type == DT_UNKNOWN when resolving the device to a name and + sprinkle some more debugging. + [8774133747d9] -2013-01-31 Todd C. Miller +2013-05-03 Todd C. Miller - * .hgtags: - Added tag SUDO_1_8_6p6 for changeset 9963ed81732d - [eda4cb921ce8] <1.8> + * doc/TROUBLESHOOTING: + Add message about disabling PIE if sudo gets SIGSEGV. + [c786af2a6751] - * NEWS: - Clarify ttyname changes. - [9963ed81732d] [SUDO_1_8_6p6] <1.8> + * plugins/sudoers/check.h, plugins/sudoers/timestamp.c: + No longer store the ctime of a devpts tty. The handling of ctime on + devpts in Linux has been changed to conform to POSIX. As a result we + can no longer assume that the ctime will stay unchanged throughout + the life of the session. We store the session ID in the time stamp + file so there is a much smaller chance of the time stamp file being + reused by a new login. While here, store the uid/gid in the + timestamp file too for good measure. + [7028b21f7a9b] - * NEWS: - Clarify ttyname changes. - [cbf2f80fe582] + * configure, configure.in: + PIE is broken on FreeBSD/arm + [f232c60d6229] - * NEWS: - Add 1.8.6p6 - [162ea7fae117] <1.8> + * mkpkg: + Add explicit sendmail path for Linux since we may not have sendmail + installed in the build chroot. + [1ba2f84f4ff0] - * NEWS: - Add 1.8.6p6 - [3aa591e98b3b] +2013-05-01 Todd C. Miller - * src/ttyname.c: - Remove ttyname() fall back code on systems where we can query the - kernel for the tty device via /proc or sysctl(). If there is no - controlling tty, it is better to just treat the tty as unknown - rather than to blindly use what is hooked up to std{in,out,err}. - [2f3225a2a4a4] <1.8> + * common/sudo_debug.c, plugins/sudoers/iolog.c, + plugins/sudoers/set_perms.c, src/sudo.c, src/tgetpass.c: + Quiet a few -Wunused-result compiler warnings. + [ef12afb61423] - * src/ttyname.c: - Remove ttyname() fall back code on systems where we can query the - kernel for the tty device via /proc or sysctl(). If there is no - controlling tty, it is better to just treat the tty as unknown - rather than to blindly use what is hooked up to std{in,out,err}. - [b2bd3005d2e4] +2013-04-30 Todd C. Miller -2013-01-27 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Mention what SHA-2 formats are supported. + [bf298d0fdf8a] - * common/sudo_conf.c, include/sudo_conf.h, src/sudo.c: - Add group_source setting in sudo.conf to allow the admin to specify - how a user's groups are looked up. Legal values are static (just the - kernel list from getgroups), dynamic (whatever the group database - includes) and adaptive (only use group db if kernel group list is - full). - [87a5b02e22ad] + * doc/CONTRIBUTORS: + List code and translations separately. + [826547bc1295] - * plugins/sudoers/policy.c: - Pass back exec_background to front end if it is enabled in sudoers. - [8230e1cd0bbd] +2013-04-29 Todd C. Miller - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Mention that exec_background is for 1.8.7 and higher only. - [fdf0d5a3e182] + * MANIFEST, plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po: + Sync with translationproject.org + [9499a6f438b8] + + * plugins/sudoers/po/sudoers.pot: + regen + [cce449e284a6] -2013-01-24 Todd C. Miller + * Makefile.in: + Fix c-format for fatal/fatalx + [4ad81d3faaeb] - * MANIFEST: - Add missing test files. - [1165389aa5e6] +2013-04-26 Todd C. Miller - * plugins/sudoers/regress/visudo/test3.err.ok, - plugins/sudoers/regress/visudo/test3.out.ok, - plugins/sudoers/regress/visudo/test3.sh: - Add regress test for bug 361 - [54c7fb61b82d] + * Makefile.in, plugins/sudoers/iolog.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/visudo.c, src/exec_pty.c, src/sudo.h: + Change some error/errorx -> fatal/fatalx in comments and xgettext + flags. + [9d9b64fa2ec9] - * .hgtags: - Added tag SUDO_1_8_6p5 for changeset e16ecb5c6677 - [dbbaa562b897] <1.8> + * NEWS: + There is now a Turkish translation of sudoers. + [701c5af6aa76] - * plugins/sudoers/iolog.c: - Add __dso_public to extern declaration of declaration to match - actual definition. - [e16ecb5c6677] [SUDO_1_8_6p5] <1.8> + * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: + Updated translations from translationproject.org including new + Turkish translation. + [9cedbb50d90f] - * plugins/sudoers/iolog.c: - Add __dso_public to extern declaration of declaration to match - actual definition. - [4695ded501e6] +2013-04-25 Todd C. Miller - * configure, configure.in: - Sudo 1.8.6p5 - [8d7c8bd159c5] <1.8> + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document that sudoers will re-use existing I/O log paths unless they + are mktemp-style with trailing X's. + [4f43bd13d9e7] - * NEWS: - Add 1.8.6p5 - [1cb9b7c4f626] <1.8> + * NEWS, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/ldap.c, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.h: + Allow ldap_conf and ldap_secret to be specified as plugin arguments + in sudo.conf + [37c6c425b565] - * NEWS: - Add 1.8.6p5 - [b07b28c5c4d7] + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + sudoers_debug is now deprecated in favor of the sudo debugging + framework. + [1195be1ec254] -2013-01-23 Todd C. Miller + * plugins/sudoers/ldap.c: + Replace DPRINTF with DPRINTF1 and DPRINTF2 macros that use + SUDO_DEBUG_DIAG and SUDO_DEBUG_INFO respectively for logging to the + debug file with the ldap subsystem. The sudoers_debug setting in + ldap.conf is still honored for now but will be removed in a future + release. + [cfa42b4b913e] - * MANIFEST, plugins/sudoers/regress/visudo/test2.err.ok, - plugins/sudoers/regress/visudo/test2.out.ok, - plugins/sudoers/regress/visudo/test2.sh: - Add test for visudo cycle check core dump; test case from Daniel - Kopecek - [41074541147a] +2013-04-24 Todd C. Miller - * plugins/sudoers/visudo.c: - Fix potential stack overflow due to infinite recursion in alias - cycle detection. From Daniel Kopecek. - [77f2228877bc] <1.8> + * plugins/sudoers/sudoers2ldif: + Add support for converting sudoers files with SHA-2 command digests. + [dc0d03485946] - * plugins/sudoers/visudo.c: - Fix potential stack overflow due to infinite recursion in alias - cycle detection. From Daniel Kopecek. - [d7e018a87434] + * doc/fixman.sh, doc/fixmdoc.sh, mkdep.pl, mkpkg, + plugins/sudoers/sudoers2ldif: + Add copyright notice to scripts + [5e8bd4e6083f] - * common/sudo_conf.c, include/sudo_conf.h, src/load_plugins.c: - Ignore duplicate entries in sudo.conf and report the line number - when there is an error. Warn, don't abort if there is more than one - policy plugin. - [dfcb5a698f0a] + * MANIFEST, plugins/sudoers/regress/sudoers/test14.in, + plugins/sudoers/regress/sudoers/test14.out.ok, + plugins/sudoers/regress/sudoers/test14.toke.ok: + Add regress for SHA-2 digests. + [0b258c2a2a95] - * plugins/sudoers/tsgetgrpw.c: - Use strtoul() not atoi(). - [58a52cf9b6b8] + * compat/getgrouplist.c: + Solaris maps negative gids to GID_NOBODY. + [57050e5c750f] -2013-01-22 Todd C. Miller + * plugins/sudoers/visudo.c: + Clear up an llvm checker warning which appears to be a false + positive and fix an old XXX while I'm at it. + [9ee13133e596] - * compat/Makefile.in: - regen depends for to add compat/nss_dbdefs.h for getgrouplist.lo - [9b44e9d26d16] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: + Correct last change date + [3bc1fa5b0f76] - * compat/nss_dbdefs.h: - Fix typo that breaks the build on HP-UX. - [b9ab6ba23485] + * plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoreplay.c: + No need to translate this error message. + [4d9941970a26] - * MANIFEST, compat/getgrouplist.c, compat/nss_dbdefs.h, config.h.in, - configure, configure.in: - Use nss_search() to implement getgrouplist() where available. Tested - on Solaris and HP-UX. We need to include a compatibility header for - HP-UX which uses the Solaris nsswitch implementation but doesn't - ship nss_dbdefs.h. - [d29dbc4dc06d] + * doc/UPGRADE: + Mention .sl vs. .so extension handling on HP-UX Mention group + membership changes Fix typos + [40ac0efbdb2b] -2013-01-19 Todd C. Miller + * aclocal.m4, common/aix.c, common/alloc.c, common/atobool.c, + common/error.c, common/fmt_string.c, common/lbuf.c, common/list.c, + common/setgroups.c, common/term.c, common/ttysize.c, + compat/Makefile.in, compat/dlopen.c, compat/endian.h, + compat/getline.c, compat/getprogname.c, compat/isblank.c, + compat/memrchr.c, compat/mksiglist.c, compat/mktemp.c, + compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c, + compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, + compat/strsignal.c, compat/utimes.c, doc/Makefile.in, + include/Makefile.in, include/alloc.h, include/fileops.h, + include/gettext.h, include/lbuf.h, include/missing.h, + include/sudo_plugin.h, pathnames.h.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in, + plugins/sudoers/alias.c, plugins/sudoers/audit.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/bsm_audit.c, + plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, + plugins/sudoers/iolog_path.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/linux_audit.h, plugins/sudoers/locale.c, + plugins/sudoers/logging.h, plugins/sudoers/match.c, + plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/prompt.c, + plugins/sudoers/pwutil.h, plugins/sudoers/redblack.c, + plugins/sudoers/redblack.h, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers_version.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.h, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c, + plugins/sudoers/visudo.c, plugins/system_group/Makefile.in, + plugins/system_group/system_group.c, src/Makefile.in, + src/conversation.c, src/exec.c, src/exec_common.c, src/get_pty.c, + src/net_ifs.c, src/parse_args.c, src/preload.c, src/selinux.c, + src/sesh.c, src/signal.c, src/sudo_edit.c, src/sudo_exec.h, + src/sudo_noexec.c, src/sudo_plugin_int.h, src/tgetpass.c, + src/utmp.c: + Update copyright years. + [5c6d72661bad] - * src/exec.c, src/exec_pty.c, src/signal.c, src/sudo.h: - Remove extra flag to sudo_sigaction(). We want to trap the signal - regardless of whether or not it is ignored by the underlying command - since there's no way to know what signal handlers the command will - install. Now we just use sudo_sigaction() to set a flag in - saved_signals[] to indicate whether a signal needs to be restored - before exec. - [c042d52c7192] + * plugins/sudoers/mon_systrace.h: + Systrace support was removed long ago. + [10a038a2da77] -2013-01-18 Todd C. Miller +2013-04-23 Todd C. Miller - * compat/getgrouplist.c, config.h.in, configure, configure.in: - Use _getgroupsbymember() on Solaris to get the groups list. Fixes - performance problems with the getgroupslist() compat on Solaris - systems with network-based group databases. - [6ab76bea5ea4] <1.8> + * MANIFEST, plugins/sudoers/regress/sudoers/test10.toke.out.ok, + plugins/sudoers/regress/sudoers/test9.toke.out.ok: + Remove some files that were mistakenly added. + [833502da26de] - * compat/getgrouplist.c, config.h.in, configure, configure.in: - Use _getgroupsbymember() on Solaris to get the groups list. Fixes - performance problems with the getgroupslist() compat on Solaris - systems with network-based group databases. - [287d3ae2ce8d] + * common/sudo_debug.c, config.h.in, configure, configure.in, + plugins/sudoers/boottime.c, plugins/sudoers/iolog.c, + plugins/sudoers/ldap.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c: + Use time(&now) instead of now = time(NULL) when storing the current + time in a time_t (better compiler error checking). Better parsing + and printing of 64-bit time_t on 32-bit platforms. + [c227dc72c04e] -2013-01-17 Todd C. Miller +2013-04-21 Todd C. Miller - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in: - Document signal handler behavior in plugin API 1.3 - [20dc9d1c105f] + * src/ttyname.c: + Don't check the tty of the parent process. Now that we get the + controlling tty device number from the kernel there is no need. If + the process has really disassociated from the tty then reporting + "unknown" is appropriate. + [62fb66e565db] - * MANIFEST, include/sudo_plugin.h, src/Makefile.in, src/exec.c, - src/exec_pty.c, src/signal.c, src/sudo.c, src/sudo.h: - Move signal code into its own source file and add sudo_sigaction() - wrapper that has an extra flag to check the saved_signals list to - only install the handler if the signal is not already ignored. Bump - plugin API version for the new front-end signal behavior. - [5d2f27a1b404] +2013-04-20 Todd C. Miller - * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c, src/sudo.h, - src/sudo_exec.h: - Catch SIGINT, SIGQUIT and SIGTSTP in the front end before we execute - the command. If we get SIGINT or SIGQUIT, call the plugin close() - functions as if the command was interrupted. If we get SIGTSTP, - uninstall the handler and deliver SIGTSTP to ourselves. - [332baf3a81b7] + * common/error.c: + Use EXIT_FAILURE instead of 1 as the fatal() exit value. + [ed94c2c5e88a] - * src/exec.c, src/exec_pty.c: - Rename handle_signals() to dispatch_signals(). Block other signals - in handler() so we don't have to worry about the write() being - interrupted. - [666e95c9a0f1] + * src/sesh.c: + Change remaining errorx -> fatalx + [3f6d70e19303] -2013-01-16 Todd C. Miller +2013-04-19 Todd C. Miller - * src/tgetpass.c: - Rename signal handler to avoid name clash with one in exec.c - [8913101a29b6] + * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Replace sudo_fakepwnamid() with sudo_mkpwent() and don't return an + error if the entry already exists in the cache. + [94d45970400a] -2013-01-15 Todd C. Miller + * plugins/sudoers/bsm_audit.c, plugins/sudoers/po/sudoers.pot: + Change "foo: failed" to just "foo" since we print the string form of + errno. Gets rids of some useless translations. + [476f37349dbc] - * .hgtags: - Added tag SUDO_1_8_6p4 for changeset 708b8db3b30e - [c947aaef4880] <1.8> +2013-04-18 Todd C. Miller -2013-01-13 Todd C. Miller + * plugins/sudoers/match.c: + Fix pasto in debug_decl + [08650186a239] - * src/sudo.c: - Add missing call to save_signals(). - [708b8db3b30e] [SUDO_1_8_6p4] <1.8> + * plugins/sudoers/Makefile.in: + regen + [acf4c34fba2c] - * src/sudo.c: - Add missing call to save_signals(). - [47d075d7326b] + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/parse.c, + plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c: + Rename log_error() -> log_warning() for consistency with + warning()/fatal() + [474ed5a0e335] -2013-01-11 Todd C. Miller + * plugins/sudoers/auth/API: + The NO_EXIT flag was removed a while ago. + [e0a4be270226] - * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - Fill in the comment block at the top of the .pot files and preserve - it when regenerating them. - [6449497b76db] + * common/aix.c, common/alloc.c, common/error.c, include/error.h, + plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/hexchar.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, + plugins/sudoers/policy.c, plugins/sudoers/prompt.c, + plugins/sudoers/pwutil.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c, + plugins/sudoers/visudo.c, src/exec.c, src/exec_common.c, + src/exec_pty.c, src/net_ifs.c, src/parse_args.c, src/selinux.c, + src/signal.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c, + src/utmp.c: + Rename error/errorx -> fatal/fatalx and remove the exit value as it + was always 1. + [ea66f58c4da5] - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, - doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, - plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, - plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h: - Add exec_background option in plugin command info and a sudoers - option to match. When set, commands are started in the background - and automatically foregrounded as needed. There are issues with some - ill-mannered programs (like Linux su) so this is not the default. - [c0b32b0938f2] + * NEWS: + digests are supported in sudoers ldap too + [77d6c25f7653] - * common/Makefile.in: - regen - [2b2b220e7aea] + * plugins/sudoers/regress/check_symbols/check_symbols.c: + Print test failures to stdout like the final count so the outputis + not displayed out of order. + [f541b78ecb93] - * src/Makefile.in: - Add SESH_OBJS variable for sesh object files. - [d3e04ae8fd1f] + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/eo.po, plugins/sudoers/po/hr.mo, + plugins/sudoers/po/hr.po, plugins/sudoers/po/it.po, src/po/da.mo, + src/po/da.po, src/po/eo.po, src/po/hr.mo, src/po/hr.po, + src/po/it.po, src/po/tr.po: + Sync with translationproject.org + [cbd70678b99f] - * configure.in, doc/LICENSE, plugins/sudoers/redblack.c: - Update copyright year. - [61a0f0cedb13] + * Makefile.in: + Check for any uncommitted changes in dist target and add force-dist + target that omit check-dist. + [78dc3f41e37e] - * src/exec_pty.c: - Always resume the command in the foreground if sudo itself is the - foreground process. This helps work around poorly behaved programs - that catch SIGTTOU/SIGTTIN but suspend themselves with SIGSTOP. At - worst, sudo will go into the background but upon resume the command - will be runnable. Otherwise, we can get into a situation where the - command will immediately suspend itself. - [c368ac3eb2e4] +2013-04-17 Todd C. Miller - * configure, configure.in: - Use -fstack-protector-all in preference to -fstack-protector where - supported. - [52ac4eadf5c9] <1.8> + * src/regress/ttyname/check_ttyname.c: + Fix logic bug when checking tty via ttyname(). + [279aee076194] - * configure, configure.in: - Use -fstack-protector-all in preference to -fstack-protector where - supported. - [f930c95ceb51] + * compat/endian.h: + Fix check for _BIG_ENDIAN and _LITTLE_ENDIAN (Solaris) and + __BIG_ENDIAN__ and __LITTLE_ENDIAN__ (HP-UX) + [fe35e0b04502] -2013-01-10 Todd C. Miller + * plugins/sudoers/po/sudoers.pot: + regen + [0ddebccd3045] - * configure, configure.in: - Only test for -fstack-protector and -fvisibility=hidden on GNU - compatible compilers. - [5f31c5b4edc9] <1.8> + * NEWS, doc/sample.sudoers, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document digest support. + [d794c7b9a7bc] - * configure, configure.in: - Only test for -fstack-protector and -fvisibility=hidden on GNU - compatible compilers. - [796f4696d863] + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/parser/check_base64.c: + Simple bas64 decode unit test. + [344b0df0fe50] -2013-01-03 Todd C. Miller + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/base64.c, + plugins/sudoers/match.c, plugins/sudoers/parse.h: + Move base64_decode into its own source file. + [30497e7f88bc] - * configure, configure.in: - Sudo 1.8.6p4 - [e8032237c4b1] <1.8> + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Only check year against 2038 if time_t is 32-bit. + [9c1f2e3fc3ba] - * NEWS: - Add Sudo 1.8.6p4 - [88358d481baa] <1.8> +2013-04-16 Todd C. Miller - * NEWS: - Add Sudo 1.8.6p4 - [8a928de8e717] + * plugins/sudoers/ldap.c, plugins/sudoers/parse.h, + plugins/sudoers/sssd.c: + Add digest support for sudoers in ldap and sss. + [314937b5e59e] - * common/Makefile.in, compat/Makefile.in, configure, configure.in, - plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, - plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, - src/Makefile.in: - Break out stack smashing protector options into SSP_CFLAGS and - SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS). - [9c3662776afa] <1.8> + * INSTALL, configure, configure.in: + Error out in configure if the compiler doesn't support "long long". + [d3645c1d50d1] - * common/Makefile.in, compat/Makefile.in, configure, configure.in, - plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, - plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, - src/Makefile.in: - Break out stack smashing protector options into SSP_CFLAGS and - SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS). - [01be114fc9fb] + * plugins/sudoers/match.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Include stdint.h or inttypes.h before sha2.h + [20ad1c20313d] -2013-01-01 Todd C. Miller + * common/lbuf.c: + Simplify lbuf append functions by moving the realloc code into + lbuf_expand(). We now expand as needed each time bytes need to be + written to the lbuf. Also handle a NULL pointer being passed in for + paranoia's sake. + [6283ee562ef4] - * doc/CONTRIBUTORS, plugins/sudoers/redblack.c: - In rbrepair(), make sure we never try to change the color of the - sentinel node, which is the first entry, not the root. From Michael - King - [24ebb817e1ee] <1.8> + * plugins/sudoers/iolog.c: + Zero out struct iolog_details early to avoid a potential (though + unlikely) dereference of stack garbage if we hit a fatal error + before iolog_deserialize_info() is called. + [2eeca8be05fb] - * doc/CONTRIBUTORS, plugins/sudoers/redblack.c: - In rbrepair(), make sure we never try to change the color of the - sentinel node, which is the first entry, not the root. From Michael - King - [3fc4dc4004ec] +2013-04-15 Todd C. Miller -2012-12-28 Todd C. Miller + * sudo.pp: + Update copyright year. + [b843c6a43238] - * src/exec_pty.c: - No need to restore default signal handler for SIGSTOP as it is not - catchable. Attempting to do so is harmless but sigaction() will fail - and set errno to EINVAL which makes it looks like there is an error. - [be7c0b759e9a] + * plugins/sudoers/sudoers_version.h: + Bump SUDOERS_GRAMMAR_VERSION for new digest support. + [188556fb8156] - * src/exec.c: - Print SIGCONT_FG and SIGCONT_BG properly in debug output. - [93e59e301c8f] + * plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/match.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Sanity check digest in parser so visudo can catch errors. Add base64 + support + [b8586d5cc7ed] -2012-12-27 Todd C. Miller + * MANIFEST, compat/endian.h, config.h.in, configure, configure.in, + plugins/sudoers/Makefile.in, plugins/sudoers/sha2.c: + For big endian architectures just use memcpy() instead of BE macros + in a loop. + [c71a0f4a8a8e] - * configure, configure.in: - Disable PIE on FreeBSD/ia64, otherwise sudo will segfault. - [ce07ef64d410] <1.8> +2013-04-14 Todd C. Miller + + * MANIFEST, config.h.in, configure, configure.in, + plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/hexchar.c, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/parse.h, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_digest.out.ok, + plugins/sudoers/sha2.h, plugins/sudoers/sssd.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c: + Initial implementation of checksum support in sudoers. Currently + supports SHA-224, SHA-256, SHA-384, SHA-512. TODO: checksum format + validation in parser and base64 support. checksum support for ldap + sudoers + [b8f196346eca] - * configure, configure.in: - Disable PIE on FreeBSD/ia64, otherwise sudo will segfault. - [9ed48f696595] +2013-04-13 Todd C. Miller -2012-12-20 Todd C. Miller + * doc/CONTRIBUTORS, plugins/sudoers/sha2.c, plugins/sudoers/sha2.h: + SHA-224, SHA-256, SHA-384 and SHA-512. Derived from the public + domain SHA-1 and SHA-2 implementations by Steve Reid and Wei Dai + respectively. + [7511d07c0a83] - * include/missing.h: - Add howmany() macro since some systems have this in sys/param.h - which we no longer include. - [2c5efaa16c45] +2013-04-11 Todd C. Miller -2012-12-07 Todd C. Miller + * NEWS: + Add sudo 1.8.6p8 + [0666fd0321ae] - * plugins/sudoers/regress/sudoers/test11.toke.out.ok: - Remove errant file. - [a91699beffc6] + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/po/sudoers.pot: + Add missing "not" in error message when mixing standalone and non- + standalone authentication methods. + [7eba4439db73] -2012-12-04 Todd C. Miller + * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c: + Check for crypt() returning NULL. Traditionally, crypt() never + returned NULL but newer versions of eglibc have a crypt() that does. + Bug #598 + [887b9df243df] - * plugins/sudoers/regress/check_symbols/check_symbols.c, - plugins/sudoers/regress/iolog_path/check_iolog_path.c, - plugins/sudoers/regress/logging/check_wrap.c, - plugins/sudoers/regress/parser/check_addr.c, - plugins/sudoers/regress/parser/check_fill.c: - Remove obsolete sudoers_cleanup() stubs. - [89153025a2ae] + * plugins/sudoers/auth/pam.c: + Better PAM error messages + [fd7eda53cdd7] - * common/alloc.c, common/atobool.c, common/fileops.c, - common/fmt_string.c, common/lbuf.c, common/secure_path.c, - common/sudo_conf.c, common/sudo_debug.c, common/term.c, - compat/closefrom.c, compat/getcwd.c, compat/glob.c, - compat/snprintf.c, include/missing.h, - plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c, - plugins/sample_group/plugin_test.c, - plugins/sample_group/sample_group.c, plugins/sudoers/alias.c, - plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, - plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, - plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, - plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, - plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, - plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, - plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c, - plugins/sudoers/check.c, plugins/sudoers/defaults.c, - plugins/sudoers/env.c, plugins/sudoers/find_path.c, - plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, - plugins/sudoers/gram.c, plugins/sudoers/gram.y, - plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, - plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, - plugins/sudoers/logging.c, plugins/sudoers/match.c, - plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, - plugins/sudoers/policy.c, plugins/sudoers/prompt.c, - plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, - plugins/sudoers/redblack.c, - plugins/sudoers/regress/parser/check_addr.c, - plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, - plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, - plugins/sudoers/timestamp.c, plugins/sudoers/toke.c, - plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, - plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, - plugins/system_group/system_group.c, src/conversation.c, src/exec.c, - src/exec_common.c, src/exec_pty.c, src/get_pty.c, - src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/sudo.c, - src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, src/utmp.c: - Don't include . We only needed it for MAXPATHLEN, - MAXHOSTNAMELEN and the MIN/MAX macros. We now use PATH_MAX and - HOST_NAME_MAX throughout without falling back on MAXPATHLEN or - MAXHOSTNAMELEN and define our own MIN/MAX macros as needed. - [f4807d46f504] + * plugins/sudoers/auth/kerb5.c: + Better error messages + [98142874a2f4] - * include/missing.h, plugins/sudoers/match.c, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sudo.c: - Use MAX_HOST_NAME+1 (limits.h) instead of MAXHOSTNAMELEN - (sys/param.h or netdb.h). - [2544f5e306dd] + * plugins/sudoers/bsm_audit.c: + Use same error message for getauid() failure. + [07f0d88cb1df] -2012-11-30 Todd C. Miller + * plugins/sudoers/sssd.c: + Start warning with a lower case letter for consistency and to match + existing translated strings. + [b719ac52c9e3] - * plugins/sudoers/logging.c: - Move debug_decl() in log_failure() to be after the variable - declarations for C89. - [f48d2035ab44] +2013-04-10 Todd C. Miller -2012-11-29 Todd C. Miller + * mkpkg: + Disable PIE on Solaris where it is not really supported. + [c36c84cdcc7a] - * common/error.c, include/error.h, plugins/sudoers/iolog.c, - plugins/sudoers/logging.c, plugins/sudoers/policy.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: - Cannot wrap sigsetjmp() or we end up returning to the wrong place. - Use a macro instead. - [749ee6acdad8] + * src/ttyname.c: + AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit + before we try to match it against st_rdev. + [5dab449fb962] -2012-11-28 Todd C. Miller + * src/ttyname.c: + Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes + a problem finding the tty name when it is not in /dev/pts. + [6c205d087fa0] - * plugins/sudoers/policy.c: - Fix return in sudoers_policy_open that should be debug_return. - [a78b795b6846] + * compat/snprintf.c: + Support %lld and %llu + [feabfa06c954] -2012-11-27 Todd C. Miller + * .hgignore, MANIFEST, src/Makefile.in, + src/regress/ttyname/check_ttyname.c: + Add ttyname test. + [e987038f8c07] - * src/ttyname.c: - Define sudo_ttyname_dev() for the HAVE_STRUCT_PSINFO_PR_TTYDEV case - too. - [acfa891c229e] +2013-04-09 Todd C. Miller - * src/solaris.c: - Quiet a gcc warning and add comment about needing to keep the handle - open. - [f954f228960f] + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/de.mo, src/po/de.po, src/po/fi.mo, src/po/fi.po, + src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po, + src/po/sl.mo, src/po/sl.po, src/po/uk.mo, src/po/uk.po, + src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: + Sync with translationproject.org + [4d7b73b22079] -2012-11-26 Todd C. Miller + * plugins/sudoers/timestamp.c: + Log timestampfile to debug file. + [e997281146c0] - * INSTALL: - mention --disable-shared - [6954d39e2d0f] + * plugins/sudoers/auth/pam.c, plugins/sudoers/po/sudoers.pot: + Don't add the "Password: " string we look up in the PAM text domain + to the sudoers.pot file. + [771b52244abf] - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in: - Add missing command_info argument in I/O plugin open() prototype. - Bug #579 - [72beb07aba0e] +2013-04-08 Todd C. Miller -2012-11-25 Todd C. Miller + * plugins/sudoers/po/sudoers.pot: + Synce with regcomp() error message change. + [fc6d3dfb8eb8] - * plugins/sudoers/gram.c: - Regen for proper line numbers. - [6cf6e132e764] + * plugins/sudoers/sudoreplay.c: + Be consistent with error message when regcomp() fails. + [de6c69ba04e4] - * configure, configure.in: - Add locale_stub.o to SUDO_OBJS, not locale_stub.lo. - [d604dc8ca38a] +2013-04-05 Todd C. Miller - * common/sudo_printf.c: - Include missing.h for __printflike. - [a33640600faf] + * plugins/sudoers/regress/testsudoers/test5.out.ok, + plugins/sudoers/regress/testsudoers/test5.sh: + Use group -1 instead of 1 as the invalid group since the running + user might have group 1 as their default group. + [71404a9fa75d] - * plugins/sudoers/iolog.c: - Saner loop invariant in io_mkdirs (cosmetic only). - [dc30274afe38] + * plugins/sudoers/Makefile.in: + PWD may be a shell builtin, use CWD instead. + [c443105c5091] - * MANIFEST, common/Makefile.in, common/error.c, common/sudo_printf.c, - configure, configure.in, include/error.h, mkdep.pl, - plugins/sudoers/Makefile.in, plugins/sudoers/locale.c, - plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, - plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, - src/Makefile.in, src/error.c, src/exec_pty.c, src/locale_stub.c, - src/sesh.c: - Move warn/error into common and make static builds work. - [4d3f374f4e4c] +2013-04-04 Todd C. Miller - * MANIFEST, common/Makefile.in, common/sudo_debug.c, - common/sudo_printf.c, include/error.h, plugins/sudoers/Makefile.in, - plugins/sudoers/gram.c, plugins/sudoers/gram.y, - plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c, - plugins/sudoers/policy.c, - plugins/sudoers/regress/check_symbols/check_symbols.c, - plugins/sudoers/regress/iolog_path/check_iolog_path.c, - plugins/sudoers/regress/logging/check_wrap.c, - plugins/sudoers/regress/parser/check_addr.c, - plugins/sudoers/regress/parser/check_fill.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, - src/Makefile.in, src/conversation.c, src/sesh.c: - Move _sudo_printf from src/conversation.c to common/sudo_printf.c. - Add sudo_printf function pointer that is initialized to - _sudo_printf() instead of requiring a sudo_conv function pointer - everywhere. The plugin will reset sudo_printf to point to the - version passed in via the plugin open function. Now plugin_error.c - can just call sudo_printf in all cases. The sudoers binaries no - longer need their own version of sudo_printf. - [9b09d3f63790] + * plugins/sudoers/check.c: + Split up check_user(). + [ce7cc0767589] - * plugins/sudoers/iolog.c, plugins/sudoers/logging.c, - plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: - Add plugin_setjmp() wrapper for siglongjmp(error_jmp, 1) so we don't - need error_jmp to be extern. Also add plugin_clearjmp() that clears - a flag so error()/errorx() knows when to call exit() vs. longjmp(). - [5a4617148e70] +2013-04-03 Todd C. Miller - * plugins/sudoers/set_perms.c: - Let warning() call gettext() for us. - [ab8d502ba4ac] + * config.h.in, configure.in: + Cosmetic fixes in the comments. + [640abee43c14] - * include/error.h, plugins/sudoers/plugin_error.c, src/error.c: - Do locale swapping in the warning()/error() macros themselves - instead of in the underlying functions. - [4cd205540e17] +2013-04-02 Todd C. Miller - * common/alloc.c, common/list.c, include/error.h, - plugins/sudoers/env.c, plugins/sudoers/plugin_error.c, - plugins/sudoers/regress/check_symbols/check_symbols.c, - plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c, - src/hooks.c: - Rename warning2()/error2() -> warning_nodebug()/error_nodebug(). - [48346393634d] + * configure, configure.in: + Use AC_LINK_IFELSE instead of AC_TRY_LINK Fix printing of status + message for visibility checks when the test fails. + [99665477ee55] - * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c, - plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, - plugins/sudoers/defaults.c, plugins/sudoers/group_plugin.c, - plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, - plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, - plugins/sudoers/policy.c, plugins/sudoers/sssd.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, - plugins/sudoers/toke.c, plugins/sudoers/toke.l, - plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, src/error.c, - src/exec.c, src/exec_common.c, src/exec_pty.c, src/load_plugins.c, - src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c, - src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c: - Call gettext() on parameters for warning()/warningx() instead of - having warning() do it for us. - [c71088bc9d3e] + * config.h.in: + regen + [00c22606719a] - * Makefile.in, plugins/sudoers/alias.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/toke.c, - plugins/sudoers/toke.l, plugins/sudoers/toke_util.c: - Call gettext() in sudoerserror() in the user's locale and pass the - untranslated string to it. - [cdbfc231b848] + * configure, configure.in: + We no longer use mbr_check_membership() and setrlimit64() is AIX- + specific. + [43caf685a1f1] - * plugins/sudoers/Makefile.in, plugins/sudoers/locale.c, - plugins/sudoers/logging.h, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: - Allow sudoers programs (visudo, sudoreplay, visudo) to use - plugin_error.c instead of the error.c from the front-end. This means - sudoers_setlocale() needs to be independent of the sudo_user struct - and the defaults table. The sudoers locale is now updated via a - callback. - [e356f5f8cd6a] + * Makefile.in: + The first (all) target must be by itself or some makes will choose + the run the entire target list. + [16cf3def49f5] - * plugins/sudoers/iolog.c, plugins/sudoers/logging.c, - plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: - Include setjmp.h in sudoers.h Move error_jmp into plugin_error.c - Rename sudoers_plugin_cleanup sudoers_cleanup Make sudoers - warning/error functions work when sudo_conv is NULL - [7365ee24a779] + * configure, configure.in: + Do exec_prefix expansion when enable_shared even if noexec is not + enabled. + [7ed28cb32d8d] - * src/error.c: - No need to change locale in front-end warning()/error(). - [23dc1df7f93b] + * compat/getgrouplist.c: + Use free() not efree() since we don't include alloc.h here + [1a008737be24] - * plugins/sudoers/tsgetgrpw.c: - Ignore bad lines in passwd/group file instead if stopping processing - when we hit one. - [79b790559075] + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [b939f941346f] * plugins/sudoers/regress/testsudoers/test2.sh, plugins/sudoers/regress/testsudoers/test3.sh, plugins/sudoers/regress/testsudoers/test5.sh: - Bash doesn't let you set UID to use MYUID instead. - [5be56335f059] + Pass in expected gid to testsudoers in addition to the uid that + matches the test sudoers files. + [6a1710e8cac1] - * plugins/sudoers/visudo.c: - Avoid NULL deref for unknown Defaults in strict mode. - [4c2d9717d91e] <1.8> +2013-04-01 Todd C. Miller - * plugins/sudoers/visudo.c: - Avoid NULL deref for unknown Defaults in strict mode. - [545c21c1e7d6] + * include/missing.h: + Tru64 5.x does declare innetgr() and getdomainname(). + [c75598e69c7e] - * common/sudo_conf.c, common/sudo_debug.c: - See DEFAULT_TEXT_DOMAIN - [3d723e1d27db] + * plugins/sudoers/match.c: + Fix compilation when getdomainame() is not present. + [e831b017a962] -2012-11-13 Todd C. Miller + * config.h.in, configure.in, include/missing.h: + Move SET/CLR/ISSET from config.h.in to missing.h + [3a3dd29fd7f0] - * .hgignore: - Add signame.c and mksigname. - [d59bbf423f00] + * configure, configure.in: + Fix getgrouplist() check. + [12a2adf60e98] - * plugins/sudoers/Makefile.in: - Fold preinstall into install-plugin and pass the path to the plugin - binary to the preinstall command. - [994f8f58495e] <1.8> + * MANIFEST: + No more timestamp.h + [5677e26afc0f] + + * plugins/sudoers/check.c: + Neded sys/time.h for struct timeval in struct sudo_tty_info. + [aceaadd8c400] * plugins/sudoers/Makefile.in: - Fold preinstall into install-plugin and pass the path to the plugin - binary to the preinstall command. - [2c2205af8bb7] + regen depends + [21675a8b67e5] - * pp: - sync with upstream - [a4b7336b3256] + * NEWS: + Mention libibmldap on HP-UX + [75b4e4b22950] - * src/sudo.h: - repair spacing - [f5c1255ce514] + * NEWS, plugins/sudoers/match.c: + Instead of checking the domain name explicitly for "(none)", just + check for illegal characters. + [ce35dda811db] -2012-11-12 Todd C. Miller + * plugins/sudoers/visudo.c: + Only warn once when we are unable to open the sudoers file. + [9e27e3aa5b10] - * common/sudo_debug.c: - Set group on sudo_debug when creating it to gid 0 so systems without - BSD group semantics don't get the invoking user's group. - [7dda01196554] + * plugins/sudoers/sudoers.c: + Fall back to opening /dev/tty to determine whether there is a tty if + the system doesn't have kernel support for determing the tty. + [2775bcf9a9b5] - * plugins/sudoers/iolog.c: - Rename mkdir_parents() io_mkdirs() and add a flag to specify whether - path is a temporary, in which case the final component is created - via mkdtemp() instead of mkdir(). - [79c0c4e7ed58] + * compat/getprogname.c: + Update guard to take __progname into account + [60eae3f20232] - * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h: - For PERM_ROOT set egid to 0 so log files are not created with the - gid of the user. - [5b964ea43474] + * compat/snprintf.c: + Some older systems have inttypes.h but not stdint.h + [ed1ef160015f] - * plugins/sudoers/logging.c: - Add calls to set_perms(PERM_ROOT) becore logging to a file. We - should already be root but since we cache the current permission - status it is basically free. That way, if more of sudoers runs as - non-root in the future logging will still work correctly. - [c591d4973f41] + * compat/closefrom.c, compat/dlopen.c, compat/fnmatch.c, + compat/getaddrinfo.c, compat/getcwd.c, compat/getgrouplist.c, + compat/getline.c, compat/getprogname.c, compat/glob.c, + compat/isblank.c, compat/memrchr.c, compat/mktemp.c, + compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c, + compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, + compat/strsignal.c, compat/utimes.c: + Add guards in compat source files. Not really needed since we only + include them in the Makefile if they are needed but should not hurt + either. + [8cbd3b4595b9] - * common/sudo_conf.c, config.h.in, configure, configure.in, - include/gettext.h, plugins/sudoers/locale.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, - src/error.c, src/exec.c, src/sesh.c, src/sudo.c: - #unifdef HAVE_SETLOCALE, it is C89 so no need to check for it. - [41f6bb4926f4] +2013-03-31 Todd C. Miller - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, - doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in: - Mention that sudo.conf is parsed in the C locale. - [f711c416e30c] + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Don't include gram.h in gram.y, its contents are already included. + Move sudoerserror to the end of gram.y so COMMENT is declared when + we need to use it. + [7d72ebdd7222] - * common/sudo_conf.c: - Parse sudo.conf in the "C" locale. - [776658f651ea] +2013-03-29 Todd C. Miller + + * config.h.in, configure.in: + Remove some pre-ANSI cruft. + [6a95704b2116] + + * plugins/sudoers/match.c: + Rename NAME_MATCH -> SUDOERS_NAME_MATCH and avoid pulling in glob.h + when it is set. + [da40c550ffed] + + * NEWS, plugins/sudoers/iolog_path.c: + We still want to recognize %{seq} for the SUDOERS_NO_SEQ case but + just leave it as-is. + [9a22de140d28] + +2013-03-28 Todd C. Miller + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Add missing semicolon in rule. + [817d3f1b2a21] + + * plugins/sudoers/sudoers.c: + Now that we can determine the terminal even when file descriptors + are redirected we can check user_ttypath rather than opening + /dev/tty when enforcing requiretty. + [56a28bc09041] + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Stash umask in struct sudo_user so we don't need to look it up + later. + [9f85749199dc] + + * plugins/sudoers/sudoers.c: + Minor cosmetic change + [c373e106ed49] + + * plugins/sudoers/regress/parser/check_addr.c: + No longer need to declare interfaces + [d7ff7e579557] + + * plugins/sudoers/logging.c: + Fix compilation in SUDOERS_NO_SEQ case + [9a6db9247534] + + * plugins/sudoers/regress/parser/check_addr.c: + No longer need to define sudo_printf + [578ad13c3546] + + * plugins/sudoers/check.c, plugins/sudoers/check.h, + plugins/sudoers/timestamp.c: + Pass auth_pw to the timestamp functions. + [f603649177d6] - * plugins/sudoers/locale.c, plugins/sudoers/logging.h, - plugins/sudoers/sudoers.h: - Fix compilation on systems w/o setlocale() - [6940d1c1c1ce] + * plugins/sudoers/iolog_path.c: + Fix SUDOERS_NO_SEQ + [17881f9bcd68] - * doc/TROUBLESHOOTING: - Sudo now includes a workaround for the Solaris 11 locale issue. - [ab93787a552c] + * plugins/sudoers/locale.c: + Don't need all of sudoers.h in here + [c518150c6483] -2012-11-11 Todd C. Miller + * plugins/sudoers/sudoers.c: + Don't need to include sudoers_version.h here. + [8abb31102119] - * include/gettext.h, plugins/sudoers/iolog_path.c, - plugins/sudoers/locale.c, - plugins/sudoers/regress/iolog_path/check_iolog_path.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, - src/error.c, src/exec.c, src/sesh.c, src/sudo.c, src/sudo.h: - Always include locale.h from gettext.h so we no longer need to - include locale.h from the .c files. - [93d39182ccfa] +2013-03-27 Todd C. Miller - * MANIFEST, config.h.in, configure, configure.in, mkdep.pl, - plugins/sudoers/Makefile.in, src/Makefile.in, src/openbsd.c, - src/solaris.c, src/sudo.c, src/sudo.h: - Add os-specific initialization functions for solaris (workaround - setuid locale problem in Solaris 11) and openbsd (set malloc_options - if SUDO_DEVEL). Also move set_project() to solaris.c. - [1d6581afbaf4] + * plugins/sudoers/check.c: + DEFAULT_LECTURE is no longer used. + [f565c00a68c1] -2012-11-09 Todd C. Miller + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c: + Move sudo_conv into policy.c + [f699aee7136b] - * plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c, - plugins/sudoers/iolog.c, plugins/sudoers/policy.c, - plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c: - Avoid strerror() when possible and just rely on warning/error to - handle errno in the proper locale. - [bf612caae97c] + * plugins/sudoers/pwutil.c: + cosmetic fixes + [930e60389ca8] - * plugins/sudoers/logging.c: - Set sudoers locale in log_allowed() - [2dd0ac704cae] + * plugins/sudoers/match.c: + RHEL (and perhaps other Linux distros) use the string "(none)" + instead of an empty string when there is no actual NIS-style domain + name. Bug #596 + [11aec11489ac] - * plugins/sudoers/check.c: - Make the sudo lecture translatable. - [3cdfc183d72d] + * plugins/sudoers/match.c: + Fix return values when NAME_MATCH is defined. + [ce030be9ccef] - * Makefile.in: - Add the values of badpass_message, passprompt and mailsub to - sudoers.pot so they can be translated. - [51cbe8adcb94] +2013-03-26 Todd C. Miller - * plugins/sudoers/logging.c: - Expand the FMT_FIRST anf FMT_CONTD macros inline so they get picked - up by xgettext. - [c5b74115caf0] + * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h: + Update copyright year. + [7e4b8d49addd] -2012-11-08 Todd C. Miller + * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/sudoers.h: + Add sudo_set_grlist(), currently unused by the back end. + [b37ac1d0e8fc] - * plugins/sudoers/check.c, plugins/sudoers/prompt.c, - plugins/sudoers/sudoers.h: - Make expand_prompt() args const and free the prompt when we are done - with it. - [995ef8519fe6] + * plugins/sudoers/pwutil.c: + Remove unused macros, fix a debug_decl + [6136fb4a0d3b] - * plugins/sudoers/policy.c: - Fix cut and pasto - [e002921c1d15] + * include/missing.h: + Tru64 Unix doesn't prototype innetgr() or getdomainname(). + [585ac1874dfe] - * plugins/sudoers/defaults.c, plugins/sudoers/logging.c: - Expand def_mailsub in the sudoers locale, not the user's. - [a4775f2fb385] + * include/missing.h: + Whitespace fixes + [0bb28cd91d97] - * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c, - plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, - plugins/sudoers/defaults.c, plugins/sudoers/gram.c, - plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, - plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, - plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, - plugins/sudoers/policy.c, plugins/sudoers/sssd.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, - plugins/sudoers/toke.c, plugins/sudoers/toke.l, - plugins/sudoers/visudo.c, src/error.c, src/exec.c, - src/exec_common.c, src/exec_pty.c, src/load_plugins.c, - src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c, - src/sudo.c, src/sudo_edit.c, src/tgetpass.c: - Display warning/error messages in the user's locale. - [00a04165c0cf] + * common/error.c: + Don't need to include setjmp.h here, error.h already includes it. + [fd05ab00e186] - * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, - plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, - plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, - plugins/sudoers/env.c, plugins/sudoers/iolog.c, - plugins/sudoers/locale.c, plugins/sudoers/logging.c, - plugins/sudoers/logging.h, plugins/sudoers/parse.c, - plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, - plugins/sudoers/timestamp.c: - Call gettext inside log_error et al instead of having the caller do - it. This way we can display any messages to the user in their own - locale but log in the sudoers local. - [286e0444f785] +2013-03-25 Todd C. Miller - * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c, - plugins/sudoers/locale.c, plugins/sudoers/logging.h, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: - Add simple locale switching to make it easy to switch from the - user's locale to the sudoers locale without making excessive - setlocale() calls when we don't need to. - [5c61582fdeee] + * compat/Makefile.in, plugins/sudoers/Makefile.in: + regen depends + [57991f5e16b4] - * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, - plugins/sudoers/sudoers.c: - Convert setlocale() to sudoers_setlocale() in the sudoers module. - This only converts existing uses, there are more places where we - need to sprinkle sudoers_setlocale() calls. - [8ee0cbf0d0a9] + * plugins/sudoers/check.h: + Rename guard define. + [ccf4dba241d6] - * plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c, - plugins/sudoers/logging.c, plugins/sudoers/sudoers.c: - audit_failure() now calls gettext itself using the sudoers locale. - [d77f1d78799a] + * plugins/sudoers/check.c, plugins/sudoers/check.h, + plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: + Move contents of timestamp.h into check.h. + [c139757a9283] - * common/sudo_debug.c, include/error.h, include/sudo_debug.h, - plugins/sudoers/plugin_error.c, src/error.c: - Add variants of warn/error and sudo_debug_printf that take a va_list - instead of a variable number of args. - [00392bdc063c] + * plugins/sudoers/sudoers.h: + expand_prompt() is now in prompt.c sudo_printf extern is now in + error.h + [219bd74ca62b] - * INSTALL, doc/TROUBLESHOOTING: - Document Solaris 11 locale issues and workarounds. - [05f7d34af3ae] + * plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.h, + plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h, + plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h, + plugins/sudoers/insults.h, plugins/sudoers/interfaces.h, + plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h, + plugins/sudoers/parse.h, plugins/sudoers/pwutil.h, + plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h, + plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.h, + plugins/sudoers/toke.h: + Change multiple inclusion guards to be _SUDOERS_FOO_H + [faace6d55e78] - * Makefile.in, configure, configure.in: - Solaris gettext() looks in lang.UTF-8, not just lang for UTF-8 - locales. Make links from localdir/lang -> localdir/lang.UTF-8 - [5ca9326480e2] +2013-03-23 Todd C. Miller -2012-11-06 Todd C. Miller + * MANIFEST, plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, + src/po/nl.mo, src/po/nl.po, src/po/tr.mo, src/po/tr.po: + New Dutch translation for sudo and sudoers New Turkish translation + for sudo From translationproject.org + [bc918b7b23a4] - * plugins/sudoers/audit.c, plugins/sudoers/logging.c, - plugins/sudoers/logging.h, plugins/sudoers/sudoers.c: - Do not inform the user that the command was not permitted by the - policy if they do not successfully authenticate. This is a - regression introduced in sudo 1.8.6. - [e5c1e760954e] <1.8> +2013-03-21 Todd C. Miller - * plugins/sudoers/audit.c, plugins/sudoers/logging.c, - plugins/sudoers/logging.h, plugins/sudoers/sudoers.c: - Do not inform the user that the command was not permitted by the - policy if they do not successfully authenticate. This is a - regression introduced in sudo 1.8.6. - [c1279df08bfb] + * config.h.in, configure, configure.in: + Fix a typo in a comment and make sure we don't mistakenly include + _PATH_SUDO_ASKPASS and _PATH_SUDO_SESH in config.h.in + [694d12ac70ec] - * plugins/sudoers/Makefile.in: - Add preinstall target that runs SUDO_PREINSTALL_CMD. Used to fixup - the rpath in HP-UX SOM shared libraries for the LDAP libs. - [685796ea58fe] <1.8> +2013-03-19 Todd C. Miller * plugins/sudoers/Makefile.in: - Add preinstall target that runs SUDO_PREINSTALL_CMD. Used to fixup - the rpath in HP-UX SOM shared libraries for the LDAP libs. - [b07185657b42] + Don't build check_symbols if we are linking sudoers in statically. + [f6602723bab7] - * src/parse_args.c: - The -a option should be #ifdef HAVE_BSD_AUTH_H, not -A. - [4e112e7da105] <1.8> + * configure, configure.in: + Use $host_os not $host when we only care about the os name and + version. + [05e4f4fcba06] - * src/parse_args.c: - The -a option should be #ifdef HAVE_BSD_AUTH_H, not -A. - [22c73cbe3ff9] + * aclocal.m4, configure, configure.in: + Suppress duplicate -L and -I flags. + [228f2f581aed] -2012-10-28 Todd C. Miller + * common/Makefile.in, compat/regress/fnmatch/fnm_test.c: + Fix regress tests on non-OpenBSD platforms. + [9d91bc859c50] - * INSTALL, configure, configure.in: - Allow the user to specify and alternate libtool - [c9d6fc9521fd] + * configure, configure.in: + If we find sasl/sasl.h there's no need to check for sasl.h too + [889efaa86012] -2012-10-26 Todd C. Miller + * aclocal.m4, configure, configure.in: + Add -R flags at the very end after configure link tests are done + since we can only count on libtool to accept -R, the compiler front + end may not. Also unify the libldap and libibmldap tests using + AC_SEARCH_LIBS and check for -lCsup on HP-UX which is needed by + libibmldap (but is not an explicit dependency). + [ab1451894351] - * doc/CONTRIBUTORS, plugins/sudoers/sudo_nss.c: - Allow sudo to be build with sss support without also including ldap - support. From Stephane Graber. - [7e0bd9191589] <1.8> +2013-03-18 Todd C. Miller - * doc/CONTRIBUTORS, plugins/sudoers/sudo_nss.c: - Allow sudo to be build with sss support without also including ldap - support. From Stephane Graber. - [b992a80ebea1] + * configure, configure.in: + Back out changes that broke detection of skey, opie and ldap + libraries. + [ffa82b8f8641] -2012-10-25 Todd C. Miller + * plugins/sudoers/regress/testsudoers/test1.sh, + plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/testsudoers/test3.sh, + plugins/sudoers/regress/testsudoers/test4.sh, + plugins/sudoers/regress/testsudoers/test5.sh, + plugins/sudoers/regress/visudo/test1.sh, + plugins/sudoers/regress/visudo/test2.sh, + plugins/sudoers/regress/visudo/test3.sh: + Add explicit "exit 0" to prevent the check target from ending + prematurely. + [cca411b492bd] - * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog_path.c, - plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, - plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, - plugins/sudoers/visudo.c: - Refactor policy plugin interface code from sudoers.c into policy.c - [393e62910b8a] + * plugins/sudoers/Makefile.in: + Fix exit values in check target so we don't have to ignore errors. + [cbc429c409e9] - * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: - Refactor command_info setting into its own function. - [a952b948324c] + * plugins/sudoers/Makefile.in: + Fail a test if there is unexpected stderr output. + [4fc24d536bec] - * plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, - plugins/sudoers/match_addr.c, plugins/sudoers/sudoers.c, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: - Make interfaces pointer private to interfaces.c and add - get_interfaces() accessor. - [b69b9334ed3c] + * MANIFEST: + Fix path to sudo.conf manuals; remove non-existant test2.err.ok + [6b8bcd60dd85] -2012-10-24 Todd C. Miller + * src/load_plugins.c: + Fix compilation in dynamic mode. + [679856fa0774] - * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, - plugins/sudoers/sudoers.h: - Make user_cwd const since it is either a string literal or passed in - from the front-end. - [90751b81e8bc] + * configure, configure.in: + On HP-UX, libibmldap has a hidden dependency on libCsup + [22994709d77c] + + * compat/dlopen.c: + Pass BIND_VERBOSE to shl_load() + [0060b9cfa9ab] * configure, configure.in: - sudo 1.8.7 - [bf727adb8af0] + Only create static helper libs when --disable-shared is specified. + [1fcdb1a437e0] - * plugins/sudoers/sudoers.c: - Avoid nested strtok() calls. - [9d9f22ab52a9] + * src/load_plugins.c: + Ubreak static build. + [4ac9f96be285] -2012-10-23 Todd C. Miller + * INSTALL, aclocal.m4, configure, configure.in: + Replace --with-rpath and --with-blibpath with --disable-rpath. Now + that we use libtool for linking we can just use the -R flag and have + libtool translate it to the proper linker flag. + [09798fad6888] - * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, - plugins/sudoers/prompt.c, plugins/sudoers/sudoers.h: - Move expand_prompt() into its own source file for easier unit - testing. - [b419b48a436f] +2013-03-15 Todd C. Miller - * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, - plugins/sudoers/check.h, plugins/sudoers/sudoers.h, - plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: - Make check.c independent of the underlying timestamp implementation. - [895071bd6065] + * src/exec_pty.c: + Bump I/O buffer size 32K + [4ef793225309] - * plugins/sudoers/iolog_path.c: - Add SUDOERS_NO_SEQ define to allow ${seq} to be disabled. - [8ac38f02dd6d] +2013-03-14 Todd C. Miller - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Use a list for the possible values of Tag_Spec with a minimal indent - to improve readability. In the pod version, these were =head3. Also - use .St -p1003.1 instead of just POSIX when talking about glob() and - fnmatch(). - [361a6f7a5c44] + * configure, configure.in, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in: + Document sesh Path setting. + [34b0b903b4f8] -2012-10-02 Todd C. Miller + * src/exec.c, src/exec_common.c: + Move exec_cmnd to exec.c to fix a compilation issue with sesh.c + [06aa1956f38d] - * src/ttyname.c: - sudo_ttyname_dev() is unused if there is no /proc or sysctl(). - [6598dbf81e16] + * common/sudo_conf.c, configure, configure.in, include/sudo_conf.h, + src/selinux.c: + Make sesh path configurable in sudo.conf + [91d331f273b7] - * compat/mksiglist.c, compat/mksigname.c, - compat/regress/fnmatch/fnm_test.c, compat/regress/glob/globtest.c, - plugins/sample_group/plugin_test.c, - plugins/sudoers/regress/check_symbols/check_symbols.c, - plugins/sudoers/regress/iolog_path/check_iolog_path.c, - plugins/sudoers/regress/logging/check_wrap.c, - plugins/sudoers/regress/parser/check_addr.c, - plugins/sudoers/regress/parser/check_fill.c, - plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, - plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c: - Explicitly mark main() as public in executables to avoid an HP-UX ld - warning. - [72a40ce218be] + * configure, configure.in: + Use -fno-pie and -nopie if supported when --disable-pie is + specified. + [777138c04dcc] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: - Remove grep from SEE ALSO section. - [c7cafee1621f] +2013-03-13 Todd C. Miller - * common/alloc.c: - If vasprintf() fails, just use the errno it sets instead of assuming - ENOMEM. - [1be5bfdc0cab] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Document direct execution of the command if the policy plugin has no + close function. + [6a14145c6e80] -2012-09-28 Todd C. Miller +2013-03-07 Todd C. Miller - * doc/TROUBLESHOOTING: - Mention HP-UX pam.conf settings. - [8b8e745b49fd] + * plugins/sudoers/auth/pam.c: + Only delete creds if we actually established them. Print an error if + pam_setcred() fails and we actually authenticated. + [1e015314903b] -2012-09-27 Todd C. Miller + * common/Makefile.in, plugins/group_file/Makefile.in: + regen + [dd8cee2a5e1b] - * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, - plugins/sudoers/defaults.c, plugins/sudoers/timestamp.c, - plugins/sudoers/timestamp.h: - Split off timestamp functions into their own source file. - [d5833332511d] + * common/alloc.c, include/alloc.h: + Convert efree() to a macro that just casts to void * and does + free(). If the system free() can't handle free(NULL) this may crash + but C89 was a long time ago. + [efd0ff9270fb] -2012-09-26 Todd C. Miller + * configure, configure.in: + Define _REENTRANT for HP-UX when we add -lpthread to SUDO_LIBS. + Fixes a problem with errno sometimes not being set on error on HP- + UX. + [54b419d58320] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Mention how !foo is not the same as ALL,!foo - [51f8e470757d] + * common/sudo_debug.c: + Fix debug logging from the plugin when there is no error number. + This was broken in the big debugging reorg for 1.8.7. + [2ea7e145e928] -2012-09-25 Todd C. Miller +2013-03-06 Todd C. Miller - * src/exec_pty.c: - Start commands in the background when I/O logging is enabled. We - can't do this on Mac OS X due to a kernel bug in tc[gs]etattr(2) - which returns EINTR on signal instead of restarting automatically. - [83b1d59146f7] + * configure, configure.in, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/load_plugins.c: + Always install plugins with a .so extension regardless of what + extension the system uses for shared libraries. That way the + group_plugin sudoers setting can be shared between heterogenous + systems. + [a7e6ecff6fdf] - * src/exec_pty.c: - Handle SIGCONT_FG and SIGCONT_BG when converting signal number to - string in deliver_signal(). - [2cefea7a976e] + * plugins/sudoers/match.c: + Mac OS X has netgroup functions in netdb.h. + [243881a974aa] -2012-09-24 Todd C. Miller + * plugins/sudoers/parse.h: + Tags in struct cmndtag can be set to IMPLIED as well. + [cb6926988cc8] - * src/exec_pty.c: - Fix running commands that need the terminal in the background when - I/O logging is enabled. E.g. "sudo vi &". When the command is - foregrounded, it will now resume properly. - [c30ec73a5da8] <1.8> + * plugins/sudoers/parse.c: + Quiet a compiler warning. + [14e608c2001d] - * src/exec_pty.c: - Fix running commands that need the terminal in the background when - I/O logging is enabled. E.g. "sudo vi &". When the command is - foregrounded, it will now resume properly. - [0bc13a253429] + * plugins/sudoers/testsudoers.c: + Quiet an llvm checker warning. + [2eeb9f3d08f3] - * plugins/sudoers/match.c: - Add rudimentary support for name-based matching as a compile-time - option. This unsafe when used in conjunction with the '!' operator. - [f93bc8e6db15] + * plugins/sudoers/parse.c: + Quiet gcc -Wuninitialized false positive + [643ad987503d] -2012-09-21 Todd C. Miller +2013-03-05 Todd C. Miller - * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/pwutil.c, - plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c: - Split out implementation-specific back end code out of pwutil.c into - pwutil_impl.c. This will allow the main pwutil code to be used for - lookup methods other than getpw* and getgr*. - [999c2dde60e4] + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in: + Document group_file and system_group plugins. + [b56511e79230] -2012-09-18 Todd C. Miller + * NEWS: + Sudo 1.8.7 + [e95183b8fa27] - * .hgtags: - Added tag SUDO_1_8_6p3 for changeset f25e20b889d7 - [355e4b19c559] <1.8> + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Try to clarify that sudoedit in sudoers should not include a leading + pathname. + [7b2beac92a9c] - * NEWS, configure, configure.in: - sudo 1.8.6p3 - [f25e20b889d7] [SUDO_1_8_6p3] <1.8> + * plugins/sudoers/pwutil_impl.c: + Make sure groupname_len is at least 32 just to be on the safe side. + It is better to allocate a little extra and not need it than to have + to reallocate and start over. + [6d3e1ba47de9] - * NEWS, configure, configure.in: - sudo 1.8.6p3 - [97fef3d9ed65] + * include/alloc.h, include/missing.h: + Add __malloc_like macro to apply __malloc__ attribute to emalloc, + ecalloc and estrdup. It cannot be applied to realloc since that may + return the same pointer. + [8d70cb81d1f1] -2012-09-17 Todd C. Miller + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix potential double free in an error path. + [657573feb6a4] - * doc/fixman.sh: - Don't use embedded newline when matching, use \n. This got expanded - at some point. Bug #573 - [8acba0ac9d61] <1.8> + * src/exec_pty.c: + When running the command in a pty, defer the call to exec_setup() + until just before we exec the command. This is consistent with the + non-pty path. As a side effect, the monitor process runs as root and + not the runas user. + [e2a7f8c7ee4c] - * doc/fixman.sh: - Don't use embedded newline when matching, use \n. This got expanded - at some point. Bug #573 - [6652f834b8f5] +2013-03-02 Todd C. Miller - * plugins/sudoers/gram.c, plugins/sudoers/gram.y: - Rename yyerror() to sudoerserror() to match yacc prefix changes. Not - really needed due to the #defines that yacc makes but it is less - confusing this way as the lexer calls sudoerserror(). - [a0577be6527d] + * compat/closefrom.c: + Update copyright year. + [9b652af4dfc0] - * common/alloc.c, plugins/sample_group/plugin_test.c, - plugins/sudoers/env.c, plugins/sudoers/toke.c, - plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, - src/exec_common.c, src/parse_args.c, src/sudo.c: - No need to translate "unable to allocate memory" when we can just - use the system translation via strerror(). - [377499e5827c] +2013-03-01 Todd C. Miller - * plugins/sudoers/sudoreplay.c: - Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not - all file systems support d_type. Bug #572 - [2bd868ea6b1a] <1.8> + * compat/closefrom.c: + Use pst_highestfd from pstat_getproc() on HP-UX. + [09f3fea46a3d] - * plugins/sudoers/sudoreplay.c: - Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not - all file systems support d_type. Bug #572 - [8b861c62945f] +2013-02-28 Todd C. Miller - * plugins/sudoers/sudoreplay.c: - Avoid calling fclose(NULL) in the error path when we cannot open an - I/O log file. - [609a690a0bed] <1.8> + * Makefile.in, common/Makefile.in, doc/Makefile.in, + plugins/sudoers/Makefile.in: + Clean up generated test files and other minor housekeeping. + [f5f4fdd908e1] - * plugins/sudoers/sudoreplay.c: - Avoid calling fclose(NULL) in the error path when we cannot open an - I/O log file. - [9401d5c4bb05] + * plugins/sudoers/iolog.c: + Add back gettimeofday() call inadvertantly removed in e1abb9810a83 + [675cce8401ae] -2012-09-16 Todd C. Miller + * config.h.in, configure, configure.in, src/ttyname.c: + Use pstat() on HP-UX to determine the tty device. + [2884af22a9df] - * .hgtags: - Added tag SUDO_1_8_6p2 for changeset 56852147a260 - [bef325e8796b] <1.8> + * plugins/sudoers/auth/pam.c: + Fix PAM compilation: def_pam_session, not just pam_session. + [5417d7acc6ea] - * NEWS, configure, configure.in: - Sudo 1.8.6p2 - [56852147a260] [SUDO_1_8_6p2] <1.8> + * doc/fixmdoc.sh: + Don't remove the -S option description when trimming out selinux. + Bug #592 + [8a94f2cfa0a0] - * NEWS, configure, configure.in: - Sudo 1.8.6p2 - [6e32496280f2] +2013-02-25 Todd C. Miller - * src/exec.c: - When setting the signal handler for SIGTSTP to the default value in - non-I/O log mode, store the old handler value for when we restore it - after resume. - [4ee18bf30a47] <1.8> + * NEWS: + Update for Sudo 1.8.6p7 + [0858a73e9c40] - * src/exec.c: - When setting the signal handler for SIGTSTP to the default value in - non-I/O log mode, store the old handler value for when we restore it - after resume. - [242628694e42] +2013-02-24 Todd C. Miller - * plugins/sudoers/env.c: - Replace the guts of sudo_setenv_nodebug() with our old setenv.c - which supports non-standard BSD and glibc semantics. sudo_setenv() - now simply calls sudo_setenv2(). - [57ffb6c9efaa] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Document when sudo may exec the command directly instead of forking. + [da41951edc28] -2012-09-15 Todd C. Miller + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Document that close and version be NULL for plugin API >= 1.3 and + that sudo may execute the command directly if there is no close, or + pty or timeout needed. + [e5f929ddeaf8] - * doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Document non-Unix group support in LDAP sudoers. - [33c89f3aeee6] + * plugins/sudoers/auth/sudo_auth.c: + Fix debug_decl for sudo_auth_begin_session and + sudo_auth_end_session. + [58243392c0df] - * plugins/sudoers/ldap.c: - Enable non-Unix group support for LDAP sudoers. We now check for - non-Unix groups and netgroups with the same query in the second - pass. Bug #571 - [eb98fdff54d9] + * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c: + Add pam_session sudoers option. + [d994465db9f1] -2012-09-14 Todd C. Miller + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.h: + Dummy out close function if there is no end_session for the auth + method and the front-end can handle a NULL close function. Avoids + the extra sudo process when we don't actually need it. + [74886d5b0fb6] - * plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, - plugins/sudoers/gram.h, plugins/sudoers/parse.c, - plugins/sudoers/regress/parser/check_fill.c, - plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, - plugins/sudoers/toke.c, plugins/sudoers/toke.h, - plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, - plugins/sudoers/visudo.c: - Set yacc prefix to "sudoers" to avoid conflicts other yacc parsers. - [cb6c0d93215e] +2013-02-23 Todd C. Miller -2012-09-12 Todd C. Miller + * Makefile.in, aclocal.m4: + Add m4/ to paths m4_include parameters so we don't need to use + autoconf's -I flag. + [4fd86e7a84f3] - * .hgtags: - Added tag SUDO_1_8_6p1 for changeset 98436a0a8cf1 - [8a026a49b7bc] <1.8> + * src/exec.c, src/exec_common.c, src/exec_pty.c, src/sudo_exec.h, + src/sudo_plugin_int.h: + If the policy plugin does not provide a close function, there is no + command timeout and no pty is required, skip the event loop and just + exec the command directly. + [ad532f107170] - * NEWS: - Merge NEWS update for sudo 1.8.6p1 - [98436a0a8cf1] [SUDO_1_8_6p1] <1.8> + * src/sudo.c: + Do not crash if the plugin close and version functions are not + defined. If there is no policy close function, simply print a + warning that the command was not found. + [c789a9dd54e8] - * NEWS: - Mention support for SUCCESS=return in /etc/nsswitch.conf - [ef1f35aa0863] +2013-02-21 Todd C. Miller - * NEWS, configure, configure.in, plugins/sudoers/env.c: - Merge sudo 1.8.6p1 from trunk. - [2d59f6359ef1] <1.8> + * plugins/sudoers/parse.c: + Fix typos in selinux/solaris privs specific code. + [9af3999361b4] - * NEWS, configure, configure.in: - sudo 1.8.6p1 - [73a5e1f004b3] + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, src/parse_args.c: + Pass the default plugin directory to the plugin via the settings + list. Could be used by a stacking plugin. + [688e771fc145] -2012-09-11 Todd C. Miller + * plugins/sudoers/timestamp.c: + Completely ignore time stamp file if it is set to the epoch, + regardless of what gettimeofday() returns. + [df58842af660] - * plugins/sudoers/env.c: - Avoid setting LOGNAME, USER and USERNAME variables twice when - set_logname is enabled. - [0de4f5fbd1d4] + * doc/CONTRIBUTORS: + Add Nikolai Kondrashov + [df59791438f9] - * plugins/sudoers/env.c: - Fix duplicate detection in sudo_putenv(), do not prune out the - variable we just set when overwriting an existing instance. Fixes - bug #570 - [854ee714c831] + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Use userpw_matches() for username matching so #uid works for + sudoRunAsUser. + [a124062334df] - * plugins/sudoers/env.c: - Add some debuggging - [a25cd3305823] + * plugins/sudoers/sssd.c: + Avoid calling realloc3() with a zero size parameter when all + retrieved sssd rules fail. Otherwise we'll get a run-time error due + to malloc(0) checking. + [84dfcb73ebd7] -2012-09-04 Todd C. Miller + * plugins/sudoers/sssd.c: + Do not send error mail if a user is not found in SSSD. Local users + can run sudo too. From Nikolai Kondrashov + [3d2ae99ee468] - * plugins/sudoers/sudo_nss.c: - Disable word wrap in list mode when stdout is a pipe to make "sudo - -l | grep ..." more useful. Adapted from a diff by Daniel Kopecek. - [65ade04511fd] +2013-02-20 Todd C. Miller - * common/lbuf.c: - Print a trailing newline in lbuf_print() when there is not enough - space to do word wrapping and the lbuf does not end with a newline. - [c0200e19cd09] + * MANIFEST, common/regress/sudo_conf/test4.in, + common/regress/sudo_conf/test4.out.ok: + Test setting disable_coredump to illegal value. + [3c71c6c49027] - * plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c: - Add support for [SUCCESS=return] in nsswitch.conf; from Daniel - Kopecek - [5c480316e3ce] + * common/sudo_conf.c: + Fix atobool() usage. + [d40c9f4d06b0] - * .hgtags: - Added tag SUDO_1_8_6 for changeset 15ed71afbd50 - [4cb658a2ea83] <1.8> + * common/regress/sudo_conf/conf_test.c: + Remove unused variable. + [328b524b365b] - * INSTALL, Makefile.in, NEWS, common/Makefile.in, config.h.in, - configure, configure.in, doc/contributors.pod, doc/history.pod, - doc/license.pod, doc/sudo.cat, doc/sudo.man.in, doc/sudo.man.pl, - doc/sudo.pod, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.pod, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in, - doc/sudoers.man.pl, doc/sudoers.pod, doc/sudoreplay.cat, - doc/sudoreplay.man.in, doc/sudoreplay.pod, doc/visudo.cat, - doc/visudo.man.in, doc/visudo.pod, plugins/sample/sample_plugin.sym, - plugins/sample_group/sample_group.sym, plugins/sudoers/env.c, - plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoers.sym, - plugins/system_group/system_group.sym, src/Makefile.in, - src/exec_pty.c, src/load_plugins.c, src/po/sudo.pot: - Merge sudo 1.8.6 from trunk. - [15ed71afbd50] [SUDO_1_8_6] <1.8> + * plugins/sudoers/sudoers.c: + Make "sudo -l non_existent_command" warn that non_existent_command + doesn't exist, not the "list" pseudo-command. + [9dc0388fc4f3] - * MANIFEST: - Add sssd.c - [9cadd014ef97] + * plugins/sudoers/parse.c: + Make sudoers file long list output better match the format used by + ldap sudoers. Tags are now converted to options and there is a + single command per line. + [6e6dc3f20d84] -2012-09-01 Todd C. Miller + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, + doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Use the correct the sudoers policy symbol names and undo an editor + goof committed when adding max_groups to sudo.conf. + [2a6f7ddf5cc3] - * plugins/sudoers/po/da.mo, plugins/sudoers/po/fi.mo, - plugins/sudoers/po/hr.mo, plugins/sudoers/po/sl.mo, - plugins/sudoers/po/uk.mo, src/po/fi.mo, src/po/hr.mo, src/po/it.mo, - src/po/ru.mo, src/po/sl.mo, src/po/uk.mo, src/po/vi.mo: - regen .po files - [62423d4d143d] + * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c: + For "sudo -l" start a new line if the runas list changes to make the + output easier to read. + [7dc3d724c924] - * MANIFEST, plugins/sudoers/po/vi.mo: - Add Vietnamese sudoers translation from translationproject.org - [33666a605525] +2013-02-19 Todd C. Miller - * NEWS: - mention PIE - [05032e5304c6] + * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c: + For "sudo -l" and "sudo -ll" only print the runas info for + subsequent commands in a list if the runas info has changed. If we + have new runas info, print out the tags again so as to be less + confusing to the user. For "sudo -ll" set the line continuation + indent to 8. + [b5ec02fe7fc1] - * MANIFEST, plugins/sudoers/po/vi.po: - Add Vietnamese sudoers translation from translationproject.org - [015c2204bae2] +2013-02-18 Todd C. Miller -2012-08-29 Todd C. Miller + * MANIFEST, Makefile.in, configure, configure.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/group_file/Makefile.in, plugins/group_file/getgrent.c, + plugins/group_file/group_file.c, plugins/group_file/group_file.exp, + plugins/group_file/plugin_test.c, plugins/sample_group/Makefile.in, + plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, + plugins/sample_group/sample_group.c, + plugins/sample_group/sample_group.exp: + Rename sample_group plugin to group_file. Install group_file and + system_group plugins by default. + [951b3e446fae] - * Makefile.in, compat/Makefile.in, mkdep.pl: - Add missing signame dependency - [e493bfb01929] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/iolog.c, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add maxseq sudoers option to limit the max number of I/O log files. + [e1abb9810a83] - * src/exec.c, src/ttyname.c: - Silence compiler warnings. - [1c5374b66d9b] +2013-02-16 Todd C. Miller - * MANIFEST, compat/Makefile.in, compat/sig2str.c, compat/strsigname.c, - config.h.in, configure, configure.in, include/missing.h, mkdep.pl, - src/exec.c, src/exec_pty.c: - Replace strsigname() with sig2str(), emulating it as needed. - [1e348cca1fa6] + * plugins/sudoers/iolog.c: + Log lines and columns in the iolog file. + [03adb6230e05] - * config.h.in, configure, configure.in, src/utmp.c: - Use fseeko() for legacy utmp handling if available. - [b4bbd8d2c0e9] +2013-02-15 Todd C. Miller -2012-08-28 Todd C. Miller + * MANIFEST, common/Makefile.in, common/regress/sudo_conf/conf_test.c, + common/regress/sudo_conf/test1.in, + common/regress/sudo_conf/test1.out.ok, + common/regress/sudo_conf/test2.in, + common/regress/sudo_conf/test2.out.ok, + common/regress/sudo_conf/test3.in, + common/regress/sudo_conf/test3.out.ok, common/sudo_conf.c, + include/sudo_conf.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sesh.c, + src/sudo.c: + Add simple regress tests for sudo.conf parsing. + [3c36b61bf61c] - * compat/strsigname.c, config.h.in, configure, configure.in: - Detect sys_sigabbrev[] and use it in place of sys_signame[] if - present. For some reason glibc does not declare sys_sigabbrev so we - must add an extern definition of our own. - [b38f3fbd7078] + * src/sudo.c: + Always display the I/O plugin version as long as its open functions + doesn't return an error. Previously it was only displayed if the + plugin open returned 1. + [4b0277db3f8c] - * compat/strsignal.c, compat/strsigname.c: - Handle NULL entries in sys_siglist and sys_signame. - [a388959d9654] + * plugins/sudoers/pwutil_impl.c: + Use sysconf(_SC_LOGIN_NAME_MAX) to find max username length instead + of poking around in struct utmpx. + [2c0cc5c42958] - * compat/mksiglist.c, compat/mksiglist.h, compat/mksigname.c, - compat/mksigname.h, compat/strsignal.c, compat/strsigname.c: - Convert my_sys_sig{list,name} -> sudo_sys_sig{list,name} - [711e41aba59a] + * plugins/sudoers/pwutil_impl.c, src/parse_args.c, src/sudo.c: + #include "sudo_usage.h" not so we get the one in the + build directory and not the src dir when using a separate build + directory. + [1fcb7ba13018] -2012-08-27 Todd C. Miller +2013-02-14 Todd C. Miller - * NEWS: - sync - [5a2522488754] + * common/fileops.c: + If a line was longer that 0x80000000 the bit hack to round to the + next power of two would roll over to zero. + [f4f729cf6f0f] - * src/exec.c: - Pass on SIGTSTP to the command if it was sent by a user process (not - the kernel or the terminal) when we are not I/O logging and set the - default SIGTSTP handler when we re-send the signal to ourself, - restoring our handler after we resume. - [4259c47e31c0] + * plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/sudoers.h, src/sudo.c: + Use max_groups in front-end and plugin. + [bf1e74166831] - * src/exec.c: - Shells typically change their process group when they start up so - that they can implement job control. Most well-behaved shells change - the pgrp back to its original value before suspending so we must not - try to restore in that case, lest we race with the child upon - resume, potentially stopping sudo with SIGTTOU while the command - continues to run. Some shells, such as pdksh, just suspend the shell - by sending SIGSTOP to themselves without restoring the pgrp. In this - case we need to change the pgrp back for them. Should fix bug #568 - [6ac6751ffd17] + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, src/parse_args.c: + Pass max_groups to plugin in settings list. + [d7d76e8651f4] -2012-08-26 Todd C. Miller + * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, include/sudo_conf.h: + Add max_groups setting to sudo.conf (currently unused) and remove + unused return value from setters. + [f6494f71e1f0] - * MANIFEST, compat/Makefile.in, compat/mksigname.c, - compat/mksigname.h, compat/strsignal.c, compat/strsigname.c, - config.h.in, configure, configure.in, include/missing.h, mkdep.pl, - src/exec.c, src/exec_pty.c: - Use strsigname() to print signal names in the debug output. If the - system has no strsigname(), use our own. - [0735f18906b9] +2013-02-12 Todd C. Miller -2012-08-23 Todd C. Miller + * INSTALL: + Reorganize configure options + [23475de8039f] - * plugins/sudoers/regress/testsudoers/test5.inc, - plugins/sudoers/regress/testsudoers/test5.sh: - Remove generated file and change path for temporary include file. - [4e9fa830c6b5] +2013-02-11 Todd C. Miller - * plugins/sudoers/Makefile.in: - When running regress tests, list pass/fail rate for each dir - (testsudoers and visudo) instead of the total. Also prevent the - result files from clobbering each other by keeping them in the - relevant directories. - [6aac53baff7d] + * NEWS: + Add Sudo 1.8.6p7 + [5192fc511cbe] - * plugins/sudoers/gram.c, plugins/sudoers/gram.y, - plugins/sudoers/toke.c, plugins/sudoers/toke.l: - Don't print an error message in yyerror() if open_sudoers() fails, - we've already printed an error message. Also restore the check for - sudoers_warnings in yyerror(). - [aa6036df5fb2] +2013-02-10 Todd C. Miller - * plugins/sudoers/gram.c, plugins/sudoers/gram.y, - plugins/sudoers/toke.c, plugins/sudoers/toke.h, - plugins/sudoers/toke.l: - Avoid printing the >>> parse error <<< message for testsudoers when - the -t flag is specified. - [76f3433c8992] + * INSTALL.configure: + Sync with autoconf 2.68 + [985e5c8efa4e] -2012-08-22 Todd C. Miller + * INSTALL, README: + Remove obsolete OS notes and move build requirements to INSTALL. + [bf0dd53ca164] - * plugins/sudoers/parse.c: - Fix NULL deref when an entry has no Runas_Entry - [4b14983ff6e7] +2013-02-08 Todd C. Miller - * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, - plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, - plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, - src/po/ja.mo, src/po/ja.po, src/po/pl.mo, src/po/pl.po, - src/po/zh_CN.mo, src/po/zh_CN.po: - sync with translationproject.org - [440e9c9b37de] + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Sort elements of the settings, user_info and command_info lists. + [663062ada5b7] - * NEWS: - sync - [3142ba2dce60] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Remove trailing white space + [027916a6c8e7] - * plugins/sudoers/check.c: - Correct the check_user() comment header. - [73da30308fff] + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, + plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: + Store the session ID in the tty ticket file too. A tty may only be + in one session at a time so if the session ID doesn't match we + ignore the ticket. + [4eb2cb8df48b] - * plugins/sudoers/auth/sudo_auth.c: - Change a log_fatal() into log_error() when no auth methods are - configured. The caller already checks the return value. - [05f5c39793a7] +2013-02-07 Todd C. Miller - * plugins/sudoers/logging.c: - Add missing debug_return - [3a76bb7c2fe7] + * plugins/sudoers/sudoers.c, src/sudo.c: + Move tzset() call from sudoers plugin to sudo front end. + [3c058dad8772] -2012-08-21 Todd C. Miller + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Mention line continuation + [399873f8c805] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, - doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, - doc/sudoers.man.in, doc/sudoers.mdoc.in: - Make the capitalization consistent for .Ss and .Sx - [5c5735ee4b2f] + * MANIFEST, common/Makefile.in, common/fileops.c, + common/regress/sudo_parseln/parseln_test.c, + common/regress/sudo_parseln/test1.in, + common/regress/sudo_parseln/test1.out.ok, + common/regress/sudo_parseln/test2.in, + common/regress/sudo_parseln/test2.out.ok, + common/regress/sudo_parseln/test3.in, + common/regress/sudo_parseln/test3.out.ok, + common/regress/sudo_parseln/test4.in, + common/regress/sudo_parseln/test4.out.ok, + common/regress/sudo_parseln/test5.in, + common/regress/sudo_parseln/test5.out.ok, + common/regress/sudo_parseln/test6.in, + common/regress/sudo_parseln/test6.out.ok, common/sudo_conf.c, + include/fileops.h, plugins/sudoers/env.c, plugins/sudoers/ldap.c, + plugins/sudoers/sudo_nss.c: + Add line continuation support to sudo_parseln() and make it use + getline() instead of fgets() internally. + [d02bf3973fc5] - * doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, doc/sudo.cat, - doc/sudo.man.in, doc/sudo.mdoc.in: - Add COMMAND EXECUTION section that describes how sudo runs the - command, the extra sudo processes and signal handling. - [dff2d88e984e] +2013-02-06 Todd C. Miller -2012-08-18 Todd C. Miller + * plugins/sample/sample_plugin.c: + Fix memory leak in error path; found by llvm checker + [d090c26a5b00] - * Makefile.in: - Happy Easter - [4b9d697c6b83] + * plugins/sudoers/sudoreplay.c: + Remove useless store detected by llvm checker. + [12a4db91651a] -2012-08-17 Todd C. Miller + * configure, configure.in, doc/UPGRADE, mkpkg, src/Makefile.in, + src/load_plugins.c, sudo.pp: + Sudo now stores its libexec files in a "sudo" subdirectory instead + of in libexec itself. For backwards compatibility, if the plugin is + not found in the default plugin directory, sudo will check the + parent directory default directory ends in "/sudo". + [5de67de76489] - * compat/Makefile.in: - Don't echo the awk command when building siglist.in - [21daa72921e6] + * plugins/sample/sample_plugin.c, plugins/sample_group/sample_group.c, + plugins/system_group/system_group.c: + Add missing __dso_public to plugin structs so they are exported. + [dde703577621] - * doc/fixman.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, - doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Cosmetic changes. - [19259528e9ad] + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + Mention that sudoers has its own plugins too. + [0a6c6203b512] - * doc/Makefile.in: - The HISTORY, LICENSE and CONTRIBUTORS files are not longer - generated. - [ea6ac9e981e6] +2013-02-05 Todd C. Miller - * MANIFEST, plugins/sudoers/po/da.po, plugins/sudoers/po/fi.po, - plugins/sudoers/po/hr.po, plugins/sudoers/po/it.mo, - plugins/sudoers/po/it.po, plugins/sudoers/po/sl.po, - plugins/sudoers/po/uk.po, src/po/de.mo, src/po/de.po, src/po/fi.po, - src/po/hr.po, src/po/it.po, src/po/ru.po, src/po/sl.po, - src/po/uk.po, src/po/vi.po: - Sync with translationproject.org and add Italian sudoers - translation. - [9276740aea59] + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Correct last change date. + [45894291d792] -2012-08-16 Todd C. Miller + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in: + Remove duplicated sudo.conf info in the sudo, sudoers and + sudo_plugin manuals and cross-reference the new sudo.conf manual. + [b808ba29cf3a] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Expand description of fqdn to talk about systems where the hosts - file is searched before DNS. - [4ee812ca6116] + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: + Fix typos + [0e70964150c6] -2012-08-15 Todd C. Miller + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Fix some typos. + [94ae045cfbc6] - * doc/Makefile.in: - For cat pages there is nothing to make unless DEVEL is set. - [fab4a5b68708] + * MANIFEST, doc/Makefile.in, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in: + Add standalone sudo.conf manual page. + [d64d949b700c] - * configure, configure.in, doc/Makefile.in: - Always use mandoc to format cat pages and remove now-extraneous - nroff configure tests. - [5747f4ed5762] + * doc/sample.sudo.conf: + add group_source example + [118c1ba1c014] - * pp: - sync polypkg from git - [89ddf6ea3e3f] + * configure, configure.in, doc/sample.sudo.conf, doc/sudo.man.in, + doc/sudo.mdoc.in, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in: + Use PLUGINDIR in the manuals and fix a typo in the sample sudo.conf. + [f5bd6006dc1c] - * plugins/sudoers/sudoers.c: - Use AI_FQDN instead of AI_CANONNAME if available since "canonical" - is not always the same as "fully qualified". - [7c1d9c098386] + * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/it.mo, + src/po/it.po: + Sync with translationproject.org + [a6f2b9aac371] -2012-08-14 Todd C. Miller +2013-02-03 Todd C. Miller - * doc/sudoers.mdoc.in: - Fix some typos. Describe error messages not related to policy - permissions. - [f5ebf9030d85] + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/fi.mo, + src/po/fi.po, src/po/gl.mo, src/po/gl.po, src/po/vi.mo, + src/po/vi.po: + Sync with translationproject.org + [ba546666969d] - * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, - plugins/sudoers/visudo.c: - Add new check_defaults() function to check (but not update) the - Defaults entries. Visudo can now use this instead of update_defaults - to check all the defaults regardless instead of just the global - Defaults entries. - [3fa879ce1b65] +2013-02-01 Todd C. Miller -2012-08-13 Todd C. Miller + * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.mo, + plugins/sudoers/po/eo.po, src/po/da.po, src/po/eo.mo, src/po/eo.po, + src/po/es.po, src/po/gl.po: + Sync with translationproject.org + [cdc454e34c03] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Document sudoers log format. - [08998a7061ab] +2013-01-31 Todd C. Miller * NEWS: - Update for sudo 1.8.5p3 - [6e102a5d4e8d] - - * .hgtags: - Added tag SUDO_1_8_5p3 for changeset 008a7807c354 - [a3c594dbb588] <1.8> - - * NEWS, configure, configure.in: - sudo 1.8.5p3 - [008a7807c354] [SUDO_1_8_5p3] <1.8> + Clarify ttyname changes. + [cbf2f80fe582] - * src/load_plugins.c: - Add missing check for I/O plugin API version when checking for the - presence of I/O plugin hooks. - [0e76dfb47d7c] <1.8> + * NEWS: + Add 1.8.6p6 + [3aa591e98b3b] - * src/hooks.c: - Can't call debug code in the process_hooks_xxx functions() since - ctime() may look up the timezone via the TZ environment variable. - [2bc7c226fc6a] <1.8> + * src/ttyname.c: + Remove ttyname() fall back code on systems where we can query the + kernel for the tty device via /proc or sysctl(). If there is no + controlling tty, it is better to just treat the tty as unknown + rather than to blindly use what is hooked up to std{in,out,err}. + [b2bd3005d2e4] - * src/load_plugins.c: - Add missing check for I/O plugin API version when checking for the - presence of I/O plugin hooks. - [ef05c7eeaf81] +2013-01-27 Todd C. Miller - * src/hooks.c: - Can't call debug code in the process_hooks_xxx functions() since - ctime() may look up the timezone via the TZ environment variable. - [2179fb26bd8e] + * common/sudo_conf.c, include/sudo_conf.h, src/sudo.c: + Add group_source setting in sudo.conf to allow the admin to specify + how a user's groups are looked up. Legal values are static (just the + kernel list from getgroups), dynamic (whatever the group database + includes) and adaptive (only use group db if kernel group list is + full). + [87a5b02e22ad] -2012-08-10 Todd C. Miller + * plugins/sudoers/policy.c: + Pass back exec_background to front end if it is enabled in sudoers. + [8230e1cd0bbd] - * src/exec_common.c, src/sesh.c, src/utmp.c: - Include signal.h before sudo_exec.h since it uses sigset_t * in the - fork_pty prototype. - [94fc0d859600] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Mention that exec_background is for 1.8.7 and higher only. + [fdf0d5a3e182] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat, - doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, - doc/visudo.man.in, doc/visudo.mdoc.in: - Remove OPTIONS section; options now go inside DESCRIPTION - [a619fc58a746] +2013-01-24 Todd C. Miller - * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - regen - [44719d80bc06] + * MANIFEST: + Add missing test files. + [1165389aa5e6] - * MANIFEST, NEWS, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, - plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, - plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, - plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, - plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, - plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, - plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po, - plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, - plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, - src/po/da.mo, src/po/da.po, src/po/hr.mo, src/po/hr.po, - src/po/sl.mo, src/po/sl.po, src/po/vi.mo, src/po/vi.po: - Sync with translationproject.org and add new Slovenian translation. - [34b4b966bbac] + * plugins/sudoers/regress/visudo/test3.err.ok, + plugins/sudoers/regress/visudo/test3.out.ok, + plugins/sudoers/regress/visudo/test3.sh: + Add regress test for bug 361 + [54c7fb61b82d] - * common/alloc.c, plugins/sudoers/check.c, plugins/sudoers/env.c, - plugins/sudoers/linux_audit.c, plugins/sudoers/sudoers.c, - plugins/sudoers/testsudoers.c: - Reduce the number of "internal error, foo overflow" messages that - need to be translated. - [93ffa2b3d53f] + * plugins/sudoers/iolog.c: + Add __dso_public to extern declaration of declaration to match + actual definition. + [4695ded501e6] * NEWS: - Mention HP-UX reboot fix. - [1e39b5aa32ac] - - * INSTALL, NEWS, common/sudo_debug.c, configure, configure.in, - doc/CONTRIBUTORS, include/sudo_debug.h, mkdep.pl, pathnames.h.in, - plugins/sudoers/Makefile.in, plugins/sudoers/sssd.c, - plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c: - Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers - data source. From Daniel Kopecek and Pavel Brezina. - [3f85e95d6928] - -2012-08-09 Todd C. Miller + Add 1.8.6p5 + [b07b28c5c4d7] - * common/sudo_conf.c, src/load_plugins.c: - If sudo.conf contains an I/O plugin but no policy plugin, use - sudoers for the policy plugin. If a policy plugin is specified - without an I/O plugin, only the policy plugin will be loaded. - [ea192df2439d] +2013-01-23 Todd C. Miller - * doc/Makefile.in, doc/sudoers.man.in: - Do not modify the .Os section when building the .man.in file from - .mdoc.in. - [a9f9628e147f] + * MANIFEST, plugins/sudoers/regress/visudo/test2.err.ok, + plugins/sudoers/regress/visudo/test2.out.ok, + plugins/sudoers/regress/visudo/test2.sh: + Add test for visudo cycle check core dump; test case from Daniel + Kopecek + [41074541147a] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Add a note about wildcards matching multiple words and include an - example. Also mention that for sudoedit, a wildcard in command line - args does not match a slash. - [fcb9fbac14e0] + * plugins/sudoers/visudo.c: + Fix potential stack overflow due to infinite recursion in alias + cycle detection. From Daniel Kopecek. + [d7e018a87434] -2012-08-07 Todd C. Miller + * common/sudo_conf.c, include/sudo_conf.h, src/load_plugins.c: + Ignore duplicate entries in sudo.conf and report the line number + when there is an error. Warn, don't abort if there is more than one + policy plugin. + [dfcb5a698f0a] - * src/exec_pty.c, src/sudo_exec.h: - Fix a comment, update a variable name in a prototype; all cosmetic. - [e89f10cbd6e1] + * plugins/sudoers/tsgetgrpw.c: + Use strtoul() not atoi(). + [58a52cf9b6b8] - * plugins/sudoers/iolog.c: - Cast 2nd argument of lseek() to off_t if it is a constant for - systems with 64-bit off_t but without a proper lseek() prototype. - [d8779da135d0] +2013-01-22 Todd C. Miller - * compat/getline.c, plugins/sudoers/check.c, plugins/sudoers/env.c, - plugins/sudoers/gram.c, plugins/sudoers/gram.y, - plugins/sudoers/visudo.c: - Fix some warnings from clang checker-267 - [1e44ef7860b5] + * compat/Makefile.in: + regen depends for to add compat/nss_dbdefs.h for getgrouplist.lo + [9b44e9d26d16] - * plugins/sample/sample_plugin.c: - Fix memory leak found by clang checker-267 - [f8a43617fdfb] + * compat/nss_dbdefs.h: + Fix typo that breaks the build on HP-UX. + [b9ab6ba23485] -2012-08-06 Todd C. Miller + * MANIFEST, compat/getgrouplist.c, compat/nss_dbdefs.h, config.h.in, + configure, configure.in: + Use nss_search() to implement getgrouplist() where available. Tested + on Solaris and HP-UX. We need to include a compatibility header for + HP-UX which uses the Solaris nsswitch implementation but doesn't + ship nss_dbdefs.h. + [d29dbc4dc06d] - * src/exec.c, src/exec_pty.c, src/sudo.h, src/sudo_exec.h: - If we receive a signal from the command we executed, do not forward - it back to the command. This fixes a problem with BSD-derived - versions of the reboot command which send SIGTERM to all other - processes, including the sudo process. Sudo would then deliver - SIGTERM to reboot which would die before calling the reboot() system - call, effectively leaving the system in single user mode. - [4ffab9ab9e98] +2013-01-19 Todd C. Miller -2012-08-03 Todd C. Miller + * src/exec.c, src/exec_pty.c, src/signal.c, src/sudo.h: + Remove extra flag to sudo_sigaction(). We want to trap the signal + regardless of whether or not it is ignored by the underlying command + since there's no way to know what signal handlers the command will + install. Now we just use sudo_sigaction() to set a flag in + saved_signals[] to indicate whether a signal needs to be restored + before exec. + [c042d52c7192] - * doc/fixman.sh, doc/fixmdoc.sh: - Remove section about Solaris 10 on other systems. Add missing - sudoers.man.in bit to fixman.sh. - [176559199ba7] +2013-01-18 Todd C. Miller -2012-08-02 Todd C. Miller + * compat/getgrouplist.c, config.h.in, configure, configure.in: + Use _getgroupsbymember() on Solaris to get the groups list. Fixes + performance problems with the getgroupslist() compat on Solaris + systems with network-based group databases. + [287d3ae2ce8d] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: - Expand section on Solaris privileges. - [3a1bfa2f1743] +2013-01-17 Todd C. Miller - * NEWS: - Expand a bit on the Solaris priv set changes. - [bffb78b4a520] + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Document signal handler behavior in plugin API 1.3 + [20dc9d1c105f] - * plugins/sudoers/gram.c, plugins/sudoers/gram.y, - plugins/sudoers/parse.c, plugins/sudoers/parse.h, - plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: - The second argument to init_parser() is now bool. - [fb727a4fb651] + * MANIFEST, include/sudo_plugin.h, src/Makefile.in, src/exec.c, + src/exec_pty.c, src/signal.c, src/sudo.c, src/sudo.h: + Move signal code into its own source file and add sudo_sigaction() + wrapper that has an extra flag to check the saved_signals list to + only install the handler if the signal is not already ignored. Bump + plugin API version for the new front-end signal behavior. + [5d2f27a1b404] - * plugins/sudoers/gram.c, plugins/sudoers/gram.y: - Fix printing of parse error message to stderr. - [dea6b420b84f] + * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c, src/sudo.h, + src/sudo_exec.h: + Catch SIGINT, SIGQUIT and SIGTSTP in the front end before we execute + the command. If we get SIGINT or SIGQUIT, call the plugin close() + functions as if the command was interrupted. If we get SIGTSTP, + uninstall the handler and deliver SIGTSTP to ourselves. + [332baf3a81b7] - * plugins/sudoers/check.c, plugins/sudoers/defaults.c, - plugins/sudoers/match.c, plugins/sudoers/parse.c, - plugins/sudoers/parse.h, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c: - If a command matches using an empty Runas_List (i.e. Runas_List is - present but empty) and the -u option was not specified, set runas_pw - to user_pw instead of using runas_default. This is intended to be - used in conjunction with the Solaris Privilege Set support for rules - that grant privileges without changing the user. - [e84a081f3c11] + * src/exec.c, src/exec_pty.c: + Rename handle_signals() to dispatch_signals(). Block other signals + in handler() so we don't have to worry about the write() being + interrupted. + [666e95c9a0f1] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, - plugins/sudoers/gram.c, plugins/sudoers/gram.h, - plugins/sudoers/gram.y, plugins/sudoers/match.c, - plugins/sudoers/parse.c, plugins/sudoers/sudoers_version.h: - Add support for parsing an empty Runas_List, which only allows the - command to be run as the invoking user. This can be used in - conjunction with the Solaris Privilege Set support to grant - privileges without changing the user. - [dc34373792fc] +2013-01-16 Todd C. Miller -2012-08-01 Todd C. Miller + * src/tgetpass.c: + Rename signal handler to avoid name clash with one in exec.c + [8913101a29b6] - * doc/fixman.sh: - Fix HP-UX, just use ".TH name section" like the vendor manuals. - [559738237c92] +2013-01-13 Todd C. Miller - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: - Fix compilation on Solaris - [2d310302207c] + * src/sudo.c: + Add missing call to save_signals(). + [47d075d7326b] - * .hgignore, MANIFEST, doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, - doc/sudo.man.sh, doc/sudo.mdoc.sh, doc/sudoers.man.sh, - doc/sudoers.mdoc.sh: - Generate a sed script file when munging *.mdoc or *.man instead of - passing sed expressions on the command line. Older seds do not - support \n in a replacement so generate and run a sed script - instead. - [0bcce3f1ca18] +2013-01-11 Todd C. Miller - * doc/Makefile.in, doc/sudo.man.in, doc/sudo_plugin.man.in, - doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.man.in, - doc/visudo.man.in: - Use "Sudo VERSION" as the 4th arg to .TH instead of just "VERSION" - [fe0f10b63776] + * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + Fill in the comment block at the top of the .pot files and preserve + it when regenerating them. + [6449497b76db] -2012-07-31 Todd C. Miller + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h: + Add exec_background option in plugin command info and a sudoers + option to match. When set, commands are started in the background + and automatically foregrounded as needed. There are issues with some + ill-mannered programs (like Linux su) so this is not the default. + [c0b32b0938f2] - * src/exec.c: - When checking whether a signal is user-generated, compare si_code - against SI_USER instead of <= 0 since on HP-UX, terminal-related - signals get a code of 0. - [4e9021243343] + * common/Makefile.in: + regen + [2b2b220e7aea] - * src/sudo.c: - SuSE Enterprise Linux uses RLIMIT_NPROC and _SC_CHILD_MAX - interchangably. This causes problems when setting RLIMIT_NPROC to - RLIM_INFINITY due to a bug in bash where bash tries to honor the - value of _SC_CHILD_MAX but treats a value of -1 as an error, and - uses a default value of 32 instead. + * src/Makefile.in: + Add SESH_OBJS variable for sesh object files. + [d3e04ae8fd1f] - Previously, we just checked RLIMIT_NPROC and, if it was unlimited, - restored the previous value of RLIMIT_NPROC. However, that makes it - impossible to set nproc to unlimited. We now only restore the nproc - resource limit if sysconf(_SC_CHILD_MAX) is negative. In most cases, - pam_limits will set RLIMIT_NPROC for us. - [cb71cc8d0b08] + * configure.in, doc/LICENSE, plugins/sudoers/redblack.c: + Update copyright year. + [61a0f0cedb13] -2012-07-30 Todd C. Miller + * src/exec_pty.c: + Always resume the command in the foreground if sudo itself is the + foreground process. This helps work around poorly behaved programs + that catch SIGTTOU/SIGTTIN but suspend themselves with SIGSTOP. At + worst, sudo will go into the background but upon resume the command + will be runnable. Otherwise, we can get into a situation where the + command will immediately suspend itself. + [c368ac3eb2e4] - * plugins/sudoers/ldap.c: - Active Directory apparently requires that tenths of a second be - present in a date so append .0 to the "now" value in the time - filter. Also remove space for the global AND from TIMEFILTER_LENGTH - since it was not being used consistently. Buffers of - TIMEFILTER_LENGTH now need to account for the terminating NUL byte. - [d28619ff6e45] + * configure, configure.in: + Use -fstack-protector-all in preference to -fstack-protector where + supported. + [f930c95ceb51] - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: - Fix SELinux build - [cc0d1f4e851b] +2013-01-10 Todd C. Miller -2012-07-29 Todd C. Miller + * configure, configure.in: + Only test for -fstack-protector and -fvisibility=hidden on GNU + compatible compilers. + [796f4696d863] - * MANIFEST: - Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they - were not being kept in sync. - [fc3ad1847cb1] +2013-01-03 Todd C. Miller - * doc/HISTORY, doc/Makefile.in, doc/contributors.pod, doc/history.pod, - doc/license.pod: - Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they - were not being kept in sync. - [950363dffe3a] + * NEWS: + Add Sudo 1.8.6p4 + [8a928de8e717] -2012-07-27 Todd C. Miller + * common/Makefile.in, compat/Makefile.in, configure, configure.in, + plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + Break out stack smashing protector options into SSP_CFLAGS and + SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS). + [01be114fc9fb] - * plugins/sudoers/logging.c: - Fix printing of the permission denied message to standard error when - a user is not allowed to run a command. This got broken by the - recent logging changes. - [b7af63da3ca1] +2013-01-01 Todd C. Miller - * plugins/sudoers/sudoers_version.h: - Bump grammar version for Solaris privs. - [2a2baf024477] + * doc/CONTRIBUTORS, plugins/sudoers/redblack.c: + In rbrepair(), make sure we never try to change the color of the + sentinel node, which is the first entry, not the root. From Michael + King + [3fc4dc4004ec] - * doc/schema.ActiveDirectory: - Fix errors introduced when sudoNotBefore, sudoNotAfter and sudoOrder - were added. From David Hicks. - [3fc432a8edb4] +2012-12-28 Todd C. Miller -2012-07-26 Todd C. Miller + * src/exec_pty.c: + No need to restore default signal handler for SIGSTOP as it is not + catchable. Attempting to do so is harmless but sigaction() will fail + and set errno to EINVAL which makes it looks like there is an error. + [be7c0b759e9a] - * plugins/sudoers/Makefile.in: - Remove lex.yy.c when building toke.c - [72bb9e62b289] + * src/exec.c: + Print SIGCONT_FG and SIGCONT_BG properly in debug output. + [93e59e301c8f] - * doc/Makefile.in: - Fix building docs in a build dir. - [7a6f435af022] +2012-12-27 Todd C. Miller - * doc/sudo.man.pl, doc/sudo.pod, doc/sudo_plugin.pod, - doc/sudoers.ldap.pod, doc/sudoers.man.pl, doc/sudoers.pod, - doc/sudoreplay.pod, doc/visudo.pod: - Remove pod versions of the manual; we now use mdoc. - [5c967d2dd5db] + * configure, configure.in: + Disable PIE on FreeBSD/ia64, otherwise sudo will segfault. + [9ed48f696595] - * MANIFEST, doc/Makefile.in, doc/sudo.man.sh, doc/sudo.mdoc.sh, - doc/sudoers.man.sh, doc/sudoers.mdoc.sh: - Add post-processing scripts to strip out login class, BSD auth, - SELinux and privilege set bits when they are not supported. - [d0d51f72f597] +2012-12-20 Todd C. Miller - * NEWS, configure.in, doc/CONTRIBUTORS, doc/Makefile.in, - doc/contributors.pod, doc/sudoers.cat, doc/sudoers.man.in, - doc/sudoers.man.pl, doc/sudoers.mdoc.in, doc/sudoers.pod, - plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, - plugins/sudoers/def_data.in, plugins/sudoers/gram.c, - plugins/sudoers/gram.h, plugins/sudoers/gram.y, - plugins/sudoers/parse.c, plugins/sudoers/parse.h, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, - plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, - plugins/sudoers/toke.l, src/sudo.c, src/sudo.h: - Merge in Solaris privilege support by Darren Moffat and John - Zolnowsky - [3aa0a64f2f5c] + * include/missing.h: + Add howmany() macro since some systems have this in sys/param.h + which we no longer include. + [2c5efaa16c45] -2012-07-25 Todd C. Miller +2012-12-07 Todd C. Miller - * doc/contributors.pod: - Sync with CONTRIBUTORS file - [9a0852306ad9] + * plugins/sudoers/regress/sudoers/test11.toke.out.ok: + Remove errant file. + [a91699beffc6] - * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in, - doc/sudoers.man.in, doc/sudoreplay.man.in: - Regen .man.in files with my private mandoc. - [dc3c9fc449eb] +2012-12-04 Todd C. Miller - * doc/Makefile.in: - add MANDOC variable - [35527e66afc5] + * plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_fill.c: + Remove obsolete sudoers_cleanup() stubs. + [89153025a2ae] -2012-07-20 Todd C. Miller + * common/alloc.c, common/atobool.c, common/fileops.c, + common/fmt_string.c, common/lbuf.c, common/secure_path.c, + common/sudo_conf.c, common/sudo_debug.c, common/term.c, + compat/closefrom.c, compat/getcwd.c, compat/glob.c, + compat/snprintf.c, include/missing.h, + plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c, + plugins/sample_group/plugin_test.c, + plugins/sample_group/sample_group.c, plugins/sudoers/alias.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/env.c, plugins/sudoers/find_path.c, + plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/match.c, + plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, + plugins/sudoers/policy.c, plugins/sudoers/prompt.c, + plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/redblack.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestamp.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, + plugins/system_group/system_group.c, src/conversation.c, src/exec.c, + src/exec_common.c, src/exec_pty.c, src/get_pty.c, + src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/sudo.c, + src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, src/utmp.c: + Don't include . We only needed it for MAXPATHLEN, + MAXHOSTNAMELEN and the MIN/MAX macros. We now use PATH_MAX and + HOST_NAME_MAX throughout without falling back on MAXPATHLEN or + MAXHOSTNAMELEN and define our own MIN/MAX macros as needed. + [f4807d46f504] - * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in, - doc/sudoers.man.in, doc/sudoreplay.man.in, doc/visudo.man.in: - Regen .man.in files with hacked mandoc to avoid issues with historic - nroff. - [d45cfa7d665f] + * include/missing.h, plugins/sudoers/match.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sudo.c: + Use MAX_HOST_NAME+1 (limits.h) instead of MAXHOSTNAMELEN + (sys/param.h or netdb.h). + [2544f5e306dd] -2012-07-19 Todd C. Miller +2012-11-30 Todd C. Miller - * doc/sudo.mdoc.in, doc/sudoers.mdoc.in: - Fix groff warnings. - [111d522ca807] + * plugins/sudoers/logging.c: + Move debug_decl() in log_failure() to be after the variable + declarations for C89. + [f48d2035ab44] - * doc/Makefile.in: - Fix dependencies for .man.in files. - [aefeffe1af2b] +2012-11-29 Todd C. Miller - * .hgignore: - Add doc/*.mdoc to ignore file - [1e4de6ef2ad8] + * common/error.c, include/error.h, plugins/sudoers/iolog.c, + plugins/sudoers/logging.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Cannot wrap sigsetjmp() or we end up returning to the wrong place. + Use a macro instead. + [749ee6acdad8] - * INSTALL, MANIFEST, NEWS, configure, configure.in, doc/Makefile.in, - doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, - doc/sudo_plugin.cat, doc/sudo_plugin.man.in, - doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, - doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat, - doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, - doc/visudo.man.in, doc/visudo.mdoc.in: - Build .man.in and .cat files from .mdoc.in files. Add new --with-man - and --with-mdoc configure options. - [c963fd7e8f80] +2012-11-28 Todd C. Miller -2012-07-18 Todd C. Miller + * plugins/sudoers/policy.c: + Fix return in sudoers_policy_open that should be debug_return. + [a78b795b6846] - * doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.mdoc.in, - doc/sudoers.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in: - Sudo manuals formatted in mdoc, to replace the pod versions. - [e6dca4030451] +2012-11-27 Todd C. Miller - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, - doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, - doc/sudoers.ldap.pod, doc/sudoers.man.in, doc/sudoers.pod, - doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod, - doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod: - More minor costmetic fixes. - [a7287a68385a] + * src/ttyname.c: + Define sudo_ttyname_dev() for the HAVE_STRUCT_PSINFO_PR_TTYDEV case + too. + [acfa891c229e] -2012-07-12 Todd C. Miller + * src/solaris.c: + Quiet a gcc warning and add comment about needing to keep the handle + open. + [f954f228960f] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod: - Minor cosmetic fixes. - [9c48bdaf3946] +2012-11-26 Todd C. Miller -2012-07-11 Todd C. Miller + * INSTALL: + mention --disable-shared + [6954d39e2d0f] - * plugins/sudoers/logging.c, plugins/sudoers/po/sudoers.pot: - Use "a password is required" instead of "password required" when the - -n flag is used and we need to read a password. - [a3c30fc41648] + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Add missing command_info argument in I/O plugin open() prototype. + Bug #579 + [72beb07aba0e] -2012-07-10 Todd C. Miller +2012-11-25 Todd C. Miller - * NEWS: - Mention logging changes. - [8238fd6e02e8] + * plugins/sudoers/gram.c: + Regen for proper line numbers. + [6cf6e132e764] - * plugins/sudoers/po/sudoers.pot: - regen - [e2cf634ba63b] + * configure, configure.in: + Add locale_stub.o to SUDO_OBJS, not locale_stub.lo. + [d604dc8ca38a] - * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: - Document that other mail_* flags have precedence over mail_badpass. - [9f4cc9188f40] + * common/sudo_printf.c: + Include missing.h for __printflike. + [a33640600faf] - * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, - plugins/sudoers/logging.c, plugins/sudoers/logging.h, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: - Move log_denial() calls and logic to log_failure(). Move - authentication failure logging to log_auth_failure(). Both of these - call audit_failure() for us. + * plugins/sudoers/iolog.c: + Saner loop invariant in io_mkdirs (cosmetic only). + [dc30274afe38] - This subtly changes logging for commands that are denied by sudoers - but where the user failed to enter the correct password. Previously, - these would be logged as "N incorrect password attempts" but now are - logged as "command not allowed". Fixes bug #563 - [cad35f0b3ad7] + * MANIFEST, common/Makefile.in, common/error.c, common/sudo_printf.c, + configure, configure.in, include/error.h, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/locale.c, + plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/Makefile.in, src/error.c, src/exec_pty.c, src/locale_stub.c, + src/sesh.c: + Move warn/error into common and make static builds work. + [4d3f374f4e4c] -2012-07-06 Todd C. Miller + * MANIFEST, common/Makefile.in, common/sudo_debug.c, + common/sudo_printf.c, include/error.h, plugins/sudoers/Makefile.in, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/policy.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/Makefile.in, src/conversation.c, src/sesh.c: + Move _sudo_printf from src/conversation.c to common/sudo_printf.c. + Add sudo_printf function pointer that is initialized to + _sudo_printf() instead of requiring a sudo_conv function pointer + everywhere. The plugin will reset sudo_printf to point to the + version passed in via the plugin open function. Now plugin_error.c + can just call sudo_printf in all cases. The sudoers binaries no + longer need their own version of sudo_printf. + [9b09d3f63790] - * common/aix.c: - Do not set a resource limit to zero when we are unable to fetch a - value from /etc/security/limits. - [62bfb0a7895e] + * plugins/sudoers/iolog.c, plugins/sudoers/logging.c, + plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Add plugin_setjmp() wrapper for siglongjmp(error_jmp, 1) so we don't + need error_jmp to be extern. Also add plugin_clearjmp() that clears + a flag so error()/errorx() knows when to call exit() vs. longjmp(). + [5a4617148e70] -2012-07-05 Todd C. Miller + * plugins/sudoers/set_perms.c: + Let warning() call gettext() for us. + [ab8d502ba4ac] - * sudo.pp: - Add "Provides: sudo" to debian sudo-ldap package - [beb8afa0beb2] + * include/error.h, plugins/sudoers/plugin_error.c, src/error.c: + Do locale swapping in the warning()/error() macros themselves + instead of in the underlying functions. + [4cd205540e17] -2012-07-02 Todd C. Miller + * common/alloc.c, common/list.c, include/error.h, + plugins/sudoers/env.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c, + src/hooks.c: + Rename warning2()/error2() -> warning_nodebug()/error_nodebug(). + [48346393634d] - * configure, configure.in, zlib/Makefile.in: - Define NO_VIZ for zlib when gcc doesn't support symbol visibility - attributes. - [9fdcbf526386] + * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/defaults.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/policy.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, src/error.c, + src/exec.c, src/exec_common.c, src/exec_pty.c, src/load_plugins.c, + src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c, + src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c: + Call gettext() on parameters for warning()/warningx() instead of + having warning() do it for us. + [c71088bc9d3e] - * configure, configure.in: - Use the autoconf cache when checking for symbol export control - support. - [03c2cce8711f] + * Makefile.in, plugins/sudoers/alias.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c: + Call gettext() in sudoerserror() in the user's locale and pass the + untranslated string to it. + [cdbfc231b848] - * INSTALL, common/Makefile.in, compat/Makefile.in, configure, - configure.in, mkpkg, plugins/sample/Makefile.in, - plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, - plugins/system_group/Makefile.in, src/Makefile.in: - Add configure check for building PIE executables instead of doing it - in mkpkg. - [02b5b78ef258] + * plugins/sudoers/Makefile.in, plugins/sudoers/locale.c, + plugins/sudoers/logging.h, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Allow sudoers programs (visudo, sudoreplay, visudo) to use + plugin_error.c instead of the error.c from the front-end. This means + sudoers_setlocale() needs to be independent of the sudo_user struct + and the defaults table. The sudoers locale is now updated via a + callback. + [e356f5f8cd6a] - * sudo.pp: - MacOS pp backend doesn't like modes longer than 4 characters. - [01b49022bf01] + * plugins/sudoers/iolog.c, plugins/sudoers/logging.c, + plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Include setjmp.h in sudoers.h Move error_jmp into plugin_error.c + Rename sudoers_plugin_cleanup sudoers_cleanup Make sudoers + warning/error functions work when sudo_conv is NULL + [7365ee24a779] -2012-07-01 Todd C. Miller + * src/error.c: + No need to change locale in front-end warning()/error(). + [23dc1df7f93b] - * configure, configure.in: - Add -Wc,-fstack-protector to LT_LDFLAGS instead of adding - -fstack-protector to LDFLAGS so it doesn't get stripped out. Libtool - will strip -fstack-protector from the linker flags and we always - link with libtool. - [0a0a0250ac2b] + * plugins/sudoers/tsgetgrpw.c: + Ignore bad lines in passwd/group file instead if stopping processing + when we hit one. + [79b790559075] -2012-06-29 Todd C. Miller + * plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/testsudoers/test3.sh, + plugins/sudoers/regress/testsudoers/test5.sh: + Bash doesn't let you set UID to use MYUID instead. + [5be56335f059] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, - doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, - doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: - Regen for sudo 1.8.6 - [1657ee28b496] + * plugins/sudoers/visudo.c: + Avoid NULL deref for unknown Defaults in strict mode. + [545c21c1e7d6] - * NEWS, doc/sudoers.ldap.pod: - Document improved Tivoli Directory Server support. - [fb411edf4687] + * common/sudo_conf.c, common/sudo_debug.c: + See DEFAULT_TEXT_DOMAIN + [3d723e1d27db] - * config.h.in, configure, configure.in, plugins/sudoers/ldap.c: - Add support for ldaps using Tivoli LDAP libraries. Add ldap.conf - option to specify Tivoli key db password. Allow TLS ciphers to be - configured for Tivoli. - [737e17c91e60] +2012-11-13 Todd C. Miller -2012-06-28 Todd C. Miller + * .hgignore: + Add signame.c and mksigname. + [d59bbf423f00] - * plugins/sudoers/ldap.c: - Tivoli Directory Server 6.3 libs always return a (bogus) error when - setting LDAP_OPT_CONNECT_TIMEOUT. - [504406637c38] + * plugins/sudoers/Makefile.in: + Fold preinstall into install-plugin and pass the path to the plugin + binary to the preinstall command. + [2c2205af8bb7] - * NEWS: - Update - [687a755604e8] + * pp: + sync with upstream + [a4b7336b3256] - * plugins/sudoers/ldap.c: - Treat LDAP_OPT_CONNECT_TIMEOUT (Tivoli Directory Server 6.3) the - same as LDAP_OPT_CONNECT_TIMEOUT (OpenSSH). Don't make failure to a - set an ldap option fatal. - [17cf93ae3304] + * src/sudo.h: + repair spacing + [f5c1255ce514] -2012-06-27 Todd C. Miller +2012-11-12 Todd C. Miller - * plugins/sudoers/sudoers.c: - Zero pointers in sudo_user struct after freeing, just in case. - [8eff1f80b943] + * common/sudo_debug.c: + Set group on sudo_debug when creating it to gid 0 so systems without + BSD group semantics don't get the invoking user's group. + [7dda01196554] - * plugins/sudoers/sudoers.c: - Free user_gids in close function if it has not already been freed. - [cbce28877f37] + * plugins/sudoers/iolog.c: + Rename mkdir_parents() io_mkdirs() and add a flag to specify whether + path is a temporary, in which case the final component is created + via mkdtemp() instead of mkdir(). + [79c0c4e7ed58] - * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h: - Defer group ID to name resolution until we actually need it. - [463e75b81e89] + * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h: + For PERM_ROOT set egid to 0 so log files are not created with the + gid of the user. + [5b964ea43474] - * src/sudo.c: - It is safe to read in sudo.conf before calling user_info(). - [3290b6434e3c] + * plugins/sudoers/logging.c: + Add calls to set_perms(PERM_ROOT) becore logging to a file. We + should already be root but since we cache the current permission + status it is basically free. That way, if more of sudoers runs as + non-root in the future logging will still work correctly. + [c591d4973f41] - * plugins/sudoers/env.c, plugins/sudoers/ldap.c: - Use MAX_UID_T_LEN + 1 for uid/gid buffers, not MAX_UID_T_LEN to - prevent potential truncation. Bug #562. - [29d9fc4e0c4e] + * common/sudo_conf.c, config.h.in, configure, configure.in, + include/gettext.h, plugins/sudoers/locale.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/error.c, src/exec.c, src/sesh.c, src/sudo.c: + #unifdef HAVE_SETLOCALE, it is C89 so no need to check for it. + [41f6bb4926f4] -2012-06-25 Todd C. Miller + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Mention that sudo.conf is parsed in the C locale. + [f711c416e30c] - * sudo.pp: - If installing with installp, error out if there is already an - instance of the rpm package installed. - [ec24c6faba22] + * common/sudo_conf.c: + Parse sudo.conf in the "C" locale. + [776658f651ea] - * mkpkg: - Add --disable-nls for AIX - [192ac2f7d65e] + * plugins/sudoers/locale.c, plugins/sudoers/logging.h, + plugins/sudoers/sudoers.h: + Fix compilation on systems w/o setlocale() + [6940d1c1c1ce] -2012-06-22 Todd C. Miller + * doc/TROUBLESHOOTING: + Sudo now includes a workaround for the Solaris 11 locale issue. + [ab93787a552c] - * sudo.pp: - Debian sudo-ldap packages should now depend on libldap-2.4-2, not - libldap2. - [cbcec71e6b58] +2012-11-11 Todd C. Miller -2012-06-21 Todd C. Miller + * include/gettext.h, plugins/sudoers/iolog_path.c, + plugins/sudoers/locale.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/error.c, src/exec.c, src/sesh.c, src/sudo.c, src/sudo.h: + Always include locale.h from gettext.h so we no longer need to + include locale.h from the .c files. + [93d39182ccfa] - * sudo.pp: - Add Homepage and Bugs to debian control file. - [0f19d7d14e66] + * MANIFEST, config.h.in, configure, configure.in, mkdep.pl, + plugins/sudoers/Makefile.in, src/Makefile.in, src/openbsd.c, + src/solaris.c, src/sudo.c, src/sudo.h: + Add os-specific initialization functions for solaris (workaround + setuid locale problem in Solaris 11) and openbsd (set malloc_options + if SUDO_DEVEL). Also move set_project() to solaris.c. + [1d6581afbaf4] -2012-06-20 Todd C. Miller +2012-11-09 Todd C. Miller - * mkpkg: - fix typo when setting aix_freeware - [2fd6feb50195] + * plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c: + Avoid strerror() when possible and just rely on warning/error to + handle errno in the proper locale. + [bf612caae97c] - * common/Makefile.in, compat/Makefile.in, configure, configure.in, - doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, - plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, - plugins/system_group/Makefile.in, src/Makefile.in, zlib/Makefile.in: - Don't run regress tests or sudoers sanity check (using the newly- - built visudo) when cross compiling. Bug #560 - [0c4e3f68b2f5] + * plugins/sudoers/logging.c: + Set sudoers locale in log_allowed() + [2dd0ac704cae] - * MANIFEST, configure, configure.in, plugins/sample/Makefile.in, - plugins/sample/sample_plugin.exp, plugins/sample/sample_plugin.map, - plugins/sample/sample_plugin.sym, plugins/sample_group/Makefile.in, - plugins/sample_group/sample_group.exp, - plugins/sample_group/sample_group.map, - plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in, - plugins/sudoers/sudoers.exp, plugins/sudoers/sudoers.map, - plugins/sudoers/sudoers.sym, plugins/system_group/Makefile.in, - plugins/system_group/system_group.exp, - plugins/system_group/system_group.map, - plugins/system_group/system_group.sym: - Rename foo.sym -> foo.exp Remove foo.map from the repo and generate - it on demand Use a loader option file for HP-UX ld to explicitly - export symbols - [2402ff5302ab] + * plugins/sudoers/check.c: + Make the sudo lecture translatable. + [3cdfc183d72d] - * src/Makefile.in: - Remove extraneous backslash - [8ca054de138c] + * Makefile.in: + Add the values of badpass_message, passprompt and mailsub to + sudoers.pot so they can be translated. + [51cbe8adcb94] - * plugins/sudoers/regress/check_symbols/check_symbols.c: - Don't check for errorx as an exported symbols as it is now a macro. - Check for user_in_group() instead. - [7b02c8ecd3ea] + * plugins/sudoers/logging.c: + Expand the FMT_FIRST anf FMT_CONTD macros inline so they get picked + up by xgettext. + [c5b74115caf0] -2012-06-19 Todd C. Miller +2012-11-08 Todd C. Miller - * configure, configure.in: - Adjust ld map file support to use an anonymous scope to match the - updated .map files. - [49be44282d9e] + * plugins/sudoers/check.c, plugins/sudoers/prompt.c, + plugins/sudoers/sudoers.h: + Make expand_prompt() args const and free the prompt when we are done + with it. + [995ef8519fe6] -2012-06-18 Todd C. Miller + * plugins/sudoers/policy.c: + Fix cut and pasto + [e002921c1d15] - * config.h.in, configure, configure.in, include/gettext.h: - Older versions of Solaris lack ngettext() - [028af10dfa5f] + * plugins/sudoers/defaults.c, plugins/sudoers/logging.c: + Expand def_mailsub in the sudoers locale, not the user's. + [a4775f2fb385] - * configure, configure.in: - Move the check for -static-libgcc until after AC_LANG_WERROR has - been called and use AX_CHECK_COMPILE_FLAG(). - [a7b09120e7ff] + * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/defaults.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/policy.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/visudo.c, src/error.c, src/exec.c, + src/exec_common.c, src/exec_pty.c, src/load_plugins.c, + src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c, + src/sudo.c, src/sudo_edit.c, src/tgetpass.c: + Display warning/error messages in the user's locale. + [00a04165c0cf] - * include/gettext.h: - Sudo defines HAVE_SETLOCALE not HAVE_LOCALE_H - [3aa2780d4a4e] + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, + plugins/sudoers/env.c, plugins/sudoers/iolog.c, + plugins/sudoers/locale.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/parse.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + plugins/sudoers/timestamp.c: + Call gettext inside log_error et al instead of having the caller do + it. This way we can display any messages to the user in their own + locale but log in the sudoers local. + [286e0444f785] - * include/error.h, include/sudo_debug.h: - Fix gcc 2.x variant macro support. - [8e71c2370997] + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c, + plugins/sudoers/locale.c, plugins/sudoers/logging.h, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Add simple locale switching to make it easy to switch from the + user's locale to the sudoers locale without making excessive + setlocale() calls when we don't need to. + [5c61582fdeee] - * plugins/sudoers/logging.c, plugins/sudoers/sudoreplay.c: - Fix compilation on gcc 2.95 and other compilers that only allow - variable declarations at the beginning of a block. - [9d80c802bb46] + * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoers.c: + Convert setlocale() to sudoers_setlocale() in the sudoers module. + This only converts existing uses, there are more places where we + need to sprinkle sudoers_setlocale() calls. + [8ee0cbf0d0a9] - * configure, configure.in, plugins/sudoers/Makefile.in: - Link check_symbols with SUDO_LIBS to make sure we link with the - requisite libraries to successfully dlopen sudoers.so. This is - needed on HP-UX where a program dlopen()ing a shared object that - uses pthreads must also be linked with pthreads (and HP-UX LDAP uses - pthreads). - [b8961cd82337] + * plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/logging.c, plugins/sudoers/sudoers.c: + audit_failure() now calls gettext itself using the sudoers locale. + [d77f1d78799a] - * plugins/sudoers/regress/check_symbols/check_symbols.c: - Add check for exported local symbols. This will cause a "make check" - failure on systems where we don't support symbol hiding. - [8aa549389bb1] + * common/sudo_debug.c, include/error.h, include/sudo_debug.h, + plugins/sudoers/plugin_error.c, src/error.c: + Add variants of warn/error and sudo_debug_printf that take a va_list + instead of a variable number of args. + [00392bdc063c] - * configure, configure.in: - Additional ${foo} -> $(foo) Makefile tweaks. - [046bbde18f52] + * INSTALL, doc/TROUBLESHOOTING: + Document Solaris 11 locale issues and workarounds. + [05f7d34af3ae] - * plugins/sample/sample_plugin.map, - plugins/sample_group/sample_group.map, plugins/sudoers/sudoers.map, - plugins/system_group/system_group.map: - No need to provide a name for the scope in the map file since we - don't use the it for versioning. - [5ed4b997560d] + * Makefile.in, configure, configure.in: + Solaris gettext() looks in lang.UTF-8, not just lang for UTF-8 + locales. Make links from localdir/lang -> localdir/lang.UTF-8 + [5ca9326480e2] -2012-06-17 Todd C. Miller +2012-11-06 Todd C. Miller - * MANIFEST, plugins/sudoers/Makefile.in, - plugins/sudoers/regress/check_symbols/check_symbols.c: - Add regress test for symbol visibility. - [9adddd4e0518] + * plugins/sudoers/audit.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/sudoers.c: + Do not inform the user that the command was not permitted by the + policy if they do not successfully authenticate. This is a + regression introduced in sudo 1.8.6. + [c1279df08bfb] -2012-06-15 Todd C. Miller + * plugins/sudoers/Makefile.in: + Add preinstall target that runs SUDO_PREINSTALL_CMD. Used to fixup + the rpath in HP-UX SOM shared libraries for the LDAP libs. + [b07185657b42] - * NEWS, configure, configure.in: - sudo 1.8.6 - [57008a7afb77] + * src/parse_args.c: + The -a option should be #ifdef HAVE_BSD_AUTH_H, not -A. + [22c73cbe3ff9] - * configure, configure.in, include/missing.h: - Add support for controlling symbol visibility using the HP and - Solaris C compilers. - [46d5b468979e] +2012-10-28 Todd C. Miller - * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, - plugins/sudoers/regress/iolog_path/check_iolog_path.c, - plugins/sudoers/sudoers.h: - Use the expanded io log dir when updating the sequence number. - Includes a workaround for older versions of sudo where the sequence - number was stored in the unexpanded io log dir. - [210797dab9a8] + * INSTALL, configure, configure.in: + Allow the user to specify and alternate libtool + [c9d6fc9521fd] -2012-06-14 Todd C. Miller +2012-10-26 Todd C. Miller - * src/parse_args.c: - Simplify "sudo -s" argv rewriting. - [7be143dae7c5] + * doc/CONTRIBUTORS, plugins/sudoers/sudo_nss.c: + Allow sudo to be build with sss support without also including ldap + support. From Stephane Graber. + [b992a80ebea1] - * MANIFEST, configure, configure.in, plugins/sample/Makefile.in, - plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, - plugins/system_group/Makefile.in, src/Makefile.in, - src/sudo_noexec.map: - Don't use a map file for sudo_noexec.so since Solaris ld doesn't - allow '*' in the global section. The libtool export flag is now - added to LT_LDFLAGS instead of commenting/uncommenting lines. - [38fc37a66b04] +2012-10-25 Todd C. Miller -2012-06-13 Todd C. Miller + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog_path.c, + plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + Refactor policy plugin interface code from sudoers.c into policy.c + [393e62910b8a] - * config.h.in, configure, configure.in, include/missing.h: - The visibility attribute was actually added in gcc 3.3.x, not 4.0. - Just assume that if -fvisibility=hidden works that the attribute is - usable. - [d3904d6faf14] + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: + Refactor command_info setting into its own function. + [a952b948324c] - * plugins/sudoers/check.c, plugins/sudoers/iolog.c, - plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, - plugins/sudoers/match.c, plugins/sudoers/pwutil.c, - plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, plugins/sudoers/sudoers.map, - plugins/sudoers/sudoers.sym, plugins/sudoers/testsudoers.c, - plugins/system_group/system_group.c: - Export group cache from sudoers.so for system_group.so to use. - [16695d207fc5] + * plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, + plugins/sudoers/match_addr.c, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Make interfaces pointer private to interfaces.c and add + get_interfaces() accessor. + [b69b9334ed3c] - * MANIFEST, configure, configure.in, include/missing.h, - plugins/sample/Makefile.in, plugins/sample/sample_plugin.map, - plugins/sample_group/Makefile.in, - plugins/sample_group/sample_group.map, plugins/sudoers/Makefile.in, - plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.map, plugins/system_group/Makefile.in, - plugins/system_group/system_group.map, src/sudo_noexec.c, - src/sudo_noexec.map: - Use gcc's visibility attribute to specify when symbols are visible - or hidden, if available. If not available, use an ELF version script - if it is supported. If all else fails, fall back to using libtool's - -export-symbols. - [64e889921727] +2012-10-24 Todd C. Miller -2012-06-12 Todd C. Miller + * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoers.h: + Make user_cwd const since it is either a string literal or passed in + from the front-end. + [90751b81e8bc] - * sudo.pp: - Add mode for installed locale files but leave the directories with - default mode and owner. - [142237dbb31f] + * configure, configure.in: + sudo 1.8.7 + [bf727adb8af0] -2012-06-11 Todd C. Miller + * plugins/sudoers/sudoers.c: + Avoid nested strtok() calls. + [9d9f22ab52a9] - * mkpkg, sudo.pp: - Install AIX packages under /opt/freeware with links in /usr/bin and - /usr/sbin. This matches the layout of the sudo package from AIX - freeware. - [0b79d47bbe01] +2012-10-23 Todd C. Miller - * Makefile.in, configure, configure.in, plugins/sample/Makefile.in, - plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, - plugins/system_group/Makefile.in, src/Makefile.in, sudo.pp: - Install shared objects with mode 0644 except on HP-UX which needs - the executable bit set. - [ae416af0ba6c] + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, + plugins/sudoers/prompt.c, plugins/sudoers/sudoers.h: + Move expand_prompt() into its own source file for easier unit + testing. + [b419b48a436f] - * Makefile.in, doc/Makefile.in, include/Makefile.in, - plugins/sudoers/Makefile.in, src/Makefile.in: - Make installed file modes consistent with the file modes in the sudo - package. - [307386373289] + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, + plugins/sudoers/check.h, plugins/sudoers/sudoers.h, + plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: + Make check.c independent of the underlying timestamp implementation. + [895071bd6065] -2012-06-08 Todd C. Miller + * plugins/sudoers/iolog_path.c: + Add SUDOERS_NO_SEQ define to allow ${seq} to be disabled. + [8ac38f02dd6d] - * doc/sudoers.pod: - Add "%:" prefix when talking about QAS non-Unix group support. - [7cb25f6861f8] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Use a list for the possible values of Tag_Spec with a minimal indent + to improve readability. In the pod version, these were =head3. Also + use .St -p1003.1 instead of just POSIX when talking about glob() and + fnmatch(). + [361a6f7a5c44] - * pp, sudo.pp: - Fix packaging of symbolic links on HP-UX when the link source - already exists in the filesystem. - [c9bb48031596] +2012-10-02 Todd C. Miller - * mkpkg: - Only specify prefix if we are overriding the default value. Fixes - the man dir (/usr/local/man vs. /usr/local/share/man). - [65351b6c1697] + * src/ttyname.c: + sudo_ttyname_dev() is unused if there is no /proc or sysctl(). + [6598dbf81e16] - * sudo.pp: - Fix setting of sudoedit_man variable. - [9beed9ae5bba] + * compat/mksiglist.c, compat/mksigname.c, + compat/regress/fnmatch/fnm_test.c, compat/regress/glob/globtest.c, + plugins/sample_group/plugin_test.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c: + Explicitly mark main() as public in executables to avoid an HP-UX ld + warning. + [72a40ce218be] - * doc/Makefile.in: - Echo the command when linking the sudoedit manual. - [6c83b5657b55] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Remove grep from SEE ALSO section. + [c7cafee1621f] -2012-06-07 Todd C. Miller + * common/alloc.c: + If vasprintf() fails, just use the errno it sets instead of assuming + ENOMEM. + [1be5bfdc0cab] - * mkpkg, sudo.pp: - Build .deb packages with selinux support. - [3fd9cb1b4526] +2012-09-28 Todd C. Miller -2012-06-04 Todd C. Miller + * doc/TROUBLESHOOTING: + Mention HP-UX pam.conf settings. + [8b8e745b49fd] - * sudo.pp: - Don't list paths for unstripped binaries in the lintial overrides. - [4c8e16f1773b] +2012-09-27 Todd C. Miller - * pp: - Add support for Installed-Size header in control file, required by - newer debian versions. - [e97d76234bee] + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/timestamp.c, + plugins/sudoers/timestamp.h: + Split off timestamp functions into their own source file. + [d5833332511d] - * pp: - Fix extended description in .deb files. - [d35e27ace146] +2012-09-26 Todd C. Miller - * sudo.pp: - Add Depends, Replaces and Conflicts headers for .deb packages. - [76eb6c4b3278] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Mention how !foo is not the same as ALL,!foo + [51f8e470757d] -2012-06-01 Todd C. Miller +2012-09-25 Todd C. Miller - * plugins/sudoers/sudo_nss.c: - If there are no privs to print, write the message to the lbuf - instead of printing it directly. - [ecd56226abb7] + * src/exec_pty.c: + Start commands in the background when I/O logging is enabled. We + can't do this on Mac OS X due to a kernel bug in tc[gs]etattr(2) + which returns EINTR on signal instead of restarting automatically. + [83b1d59146f7] -2012-05-31 Todd C. Miller + * src/exec_pty.c: + Handle SIGCONT_FG and SIGCONT_BG when converting signal number to + string in deliver_signal(). + [2cefea7a976e] - * sudo.pp: - Set -e in %pos and %preun for debian to quiet a lintian warning. - [8bb908514df9] +2012-09-24 Todd C. Miller - * doc/Makefile.in, src/Makefile.in, sudo.pp: - Install sudoedit and the sudoedit manual as symbolic links, not hard - links and package them as such. - [f317ff3cf3e7] + * src/exec_pty.c: + Fix running commands that need the terminal in the background when + I/O logging is enabled. E.g. "sudo vi &". When the command is + foregrounded, it will now resume properly. + [0bc13a253429] - * sudo.pp: - Make sudo binary permissions 755 instead of 111 Add lintian - overrides file for .deb files. - [991cd7d7f0e1] + * plugins/sudoers/match.c: + Add rudimentary support for name-based matching as a compile-time + option. This unsafe when used in conjunction with the '!' operator. + [f93bc8e6db15] - * configure, configure.in, doc/Makefile.in, mkpkg: - Replace out of date MAN_POSTINSTALL with MANCOMPRESS and - MANCOMPRESSEXT which can be used to compress the installed manual - pages. Compress the man pages for .deb files to appease lintian. - [4e34083b41d2] +2012-09-21 Todd C. Miller - * sudo.pp: - Debian fixes: - * fix modes to be more in line with what Debian expects - * add section - * install LICENSE as copyright and ChangeLog as changelog - * create stub changelog.debian - [7f6c5647f588] + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c: + Split out implementation-specific back end code out of pwutil.c into + pwutil_impl.c. This will allow the main pwutil code to be used for + lookup methods other than getpw* and getgr*. + [999c2dde60e4] - * pp: - Fix find command to properly skip files in the DEBIAN dir when - building md5sums. - [8918bde941fa] +2012-09-18 Todd C. Miller - * pp, sudo.pp: - Use a debian-compliant package maintainer field. - [fc51a94170eb] + * NEWS, configure, configure.in: + sudo 1.8.6p3 + [97fef3d9ed65] -2012-05-30 Todd C. Miller +2012-09-17 Todd C. Miller - * plugins/sudoers/sudoreplay.c: - No need to loop over atomic_writev(), it guarantees to write all - data or return an error. + * doc/fixman.sh: + Don't use embedded newline when matching, use \n. This got expanded + at some point. Bug #573 + [6652f834b8f5] - Fix handling of stdout/stderr that contains "\r\n" and handle a - "\r\n" pair that spans a buffer. - [8aaf02d90c45] + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Rename yyerror() to sudoerserror() to match yacc prefix changes. Not + really needed due to the #defines that yacc makes but it is less + confusing this way as the lexer calls sudoerserror(). + [a0577be6527d] -2012-05-29 Todd C. Miller + * common/alloc.c, plugins/sample_group/plugin_test.c, + plugins/sudoers/env.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + src/exec_common.c, src/parse_args.c, src/sudo.c: + No need to translate "unable to allocate memory" when we can just + use the system translation via strerror(). + [377499e5827c] - * .hgtags: - Added tag SUDO_1_8_5p2 for changeset 5ea444be3db2 - [ce85f4da7443] <1.8> + * plugins/sudoers/sudoreplay.c: + Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not + all file systems support d_type. Bug #572 + [8b861c62945f] - * NEWS: - Update for sudo 1.8.5p2 - [5ea444be3db2] [SUDO_1_8_5p2] <1.8> + * plugins/sudoers/sudoreplay.c: + Avoid calling fclose(NULL) in the error path when we cannot open an + I/O log file. + [9401d5c4bb05] - * NEWS: - Update for sudo 1.8.5p2 - [d369d4d40a19] +2012-09-16 Todd C. Miller - * plugins/sudoers/sudoreplay.c: - Instead of doing extra write()s when replaying stdout, build up a - vector for writev() instead. This results in far fewer system calls. - [303d866c025c] + * NEWS, configure, configure.in: + Sudo 1.8.6p2 + [6e32496280f2] -2012-05-27 Todd C. Miller + * src/exec.c: + When setting the signal handler for SIGTSTP to the default value in + non-I/O log mode, store the old handler value for when we restore it + after resume. + [242628694e42] - * src/env_hooks.c, src/sudo.h, src/tgetpass.c: - Provide unhooked version of getenv() and use it when looking up - DISPLAY and SUDO_ASKPASS in the environment. - [e803618ccf54] <1.8> + * plugins/sudoers/env.c: + Replace the guts of sudo_setenv_nodebug() with our old setenv.c + which supports non-standard BSD and glibc semantics. sudo_setenv() + now simply calls sudo_setenv2(). + [57ffb6c9efaa] - * src/env_hooks.c, src/sudo.h, src/tgetpass.c: - Provide unhooked version of getenv() and use it when looking up - DISPLAY and SUDO_ASKPASS in the environment. - [04dbdccf4a14] +2012-09-15 Todd C. Miller -2012-05-25 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document non-Unix group support in LDAP sudoers. + [33c89f3aeee6] - * plugins/sudoers/sudoreplay.c: - When replaying a log of stdout or stderr, do newline to carriage - return + linefeed conversion. We cannot have termios do this for us - since we've disabled output postprocessing (POST) when setting raw - mode. - [61352a7d996f] + * plugins/sudoers/ldap.c: + Enable non-Unix group support for LDAP sudoers. We now check for + non-Unix groups and netgroups with the same query in the second + pass. Bug #571 + [eb98fdff54d9] -2012-05-24 Todd C. Miller +2012-09-14 Todd C. Miller - * configure, configure.in: - When checking for -fstack-protector, treat warnings as fatal errors. - [4124cd12d511] + * plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/parse.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/visudo.c: + Set yacc prefix to "sudoers" to avoid conflicts other yacc parsers. + [cb6c0d93215e] -2012-05-22 Todd C. Miller +2012-09-12 Todd C. Miller - * configure, configure.in: - Fix test for -z relro - [548bdb6f5c4a] + * NEWS: + Mention support for SUCCESS=return in /etc/nsswitch.conf + [ef1f35aa0863] - * MANIFEST: - Add m4/ax_check_compile_flag.m4 and m4/ax_check_link_flag.m4 - [ed063264a2a1] + * NEWS, configure, configure.in: + sudo 1.8.6p1 + [73a5e1f004b3] - * INSTALL, aclocal.m4, configure, configure.in, - m4/ax_check_compile_flag.m4, m4/ax_check_link_flag.m4: - Build with -fstack-protector and link with -zrelo where supported. - Added --disable-hardening option to disable hardening options. - [0b6c1a1ceb03] +2012-09-11 Todd C. Miller -2012-05-21 Todd C. Miller + * plugins/sudoers/env.c: + Avoid setting LOGNAME, USER and USERNAME variables twice when + set_logname is enabled. + [0de4f5fbd1d4] - * plugins/sudoers/Makefile.in, - plugins/sudoers/regress/testsudoers/test1.sh, - plugins/sudoers/regress/testsudoers/test2.sh, - plugins/sudoers/regress/testsudoers/test3.sh, - plugins/sudoers/regress/testsudoers/test4.out.ok, - plugins/sudoers/regress/testsudoers/test4.sh, - plugins/sudoers/regress/testsudoers/test5.inc, - plugins/sudoers/regress/testsudoers/test5.out.ok, - plugins/sudoers/regress/testsudoers/test5.sh, - plugins/sudoers/testsudoers.c: - Add tests for sudoers mode, owner and group checks. - [a7607443aba0] + * plugins/sudoers/env.c: + Fix duplicate detection in sudo_putenv(), do not prune out the + variable we just set when overwriting an existing instance. Fixes + bug #570 + [854ee714c831] - * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: - If sudoers_mode is group-readable but the actual sudoers file is - not, open the file as uid 0, not uid 1. This fixes a problem when - sudoers has a more restrictive mode than what sudo expects to find. - In older versions, sudo would silently chmod the file to add the - group-readable bit. - [d367d7479328] <1.8> + * plugins/sudoers/env.c: + Add some debuggging + [a25cd3305823] - * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: - If sudoers_mode is group-readable but the actual sudoers file is - not, open the file as uid 0, not uid 1. This fixes a problem when - sudoers has a more restrictive mode than what sudo expects to find. - In older versions, sudo would silently chmod the file to add the - group-readable bit. - [c056b6003e6f] +2012-09-04 Todd C. Miller - * INSTALL, common/secure_path.c, config.h.in, configure, configure.in: - No longer throw an error if sudoers is a symbolic link. Deprecated - the --with-stow option as that is now (effectively) the default. - [8ce783e54886] + * plugins/sudoers/sudo_nss.c: + Disable word wrap in list mode when stdout is a pipe to make "sudo + -l | grep ..." more useful. Adapted from a diff by Daniel Kopecek. + [65ade04511fd] -2012-05-18 Todd C. Miller + * common/lbuf.c: + Print a trailing newline in lbuf_print() when there is not enough + space to do word wrapping and the lbuf does not end with a newline. + [c0200e19cd09] - * plugins/sudoers/Makefile.in, - plugins/sudoers/regress/testsudoers/test2.inc, - plugins/sudoers/regress/testsudoers/test2.out.ok, - plugins/sudoers/regress/testsudoers/test2.sh, - plugins/sudoers/regress/testsudoers/test3.d/root, - plugins/sudoers/regress/testsudoers/test3.out.ok, - plugins/sudoers/regress/testsudoers/test3.sh: - Add basic tests for #include and #includedir - [b303e4218951] + * plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c: + Add support for [SUCCESS=return] in nsswitch.conf; from Daniel + Kopecek + [5c480316e3ce] - * plugins/sudoers/testsudoers.c: - Add -U sudoers_uid option to testsudoers. - [3f8ed13501ba] + * MANIFEST: + Add sssd.c + [9cadd014ef97] -2012-05-17 Todd C. Miller +2012-09-01 Todd C. Miller - * .hgtags: - Added tag SUDO_1_8_5p1 for changeset f164691ff871 - [1a55e9d482a5] <1.8> + * plugins/sudoers/po/da.mo, plugins/sudoers/po/fi.mo, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/sl.mo, + plugins/sudoers/po/uk.mo, src/po/fi.mo, src/po/hr.mo, src/po/it.mo, + src/po/ru.mo, src/po/sl.mo, src/po/uk.mo, src/po/vi.mo: + regen .po files + [62423d4d143d] - * NEWS, configure, configure.in: - Update for 1.8.5p1 - [f164691ff871] [SUDO_1_8_5p1] <1.8> + * MANIFEST, plugins/sudoers/po/vi.mo: + Add Vietnamese sudoers translation from translationproject.org + [33666a605525] - * NEWS, configure, configure.in: - Update for 1.8.5p1 - [c33c49bf5b4b] + * NEWS: + mention PIE + [05032e5304c6] - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: - Fix #includedir; from Mike Frysinger - [8a376d578bb5] <1.8> + * MANIFEST, plugins/sudoers/po/vi.po: + Add Vietnamese sudoers translation from translationproject.org + [015c2204bae2] - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: - Fix #includedir; from Mike Frysinger - [d4833d4e39a0] +2012-08-29 Todd C. Miller - * plugins/sudoers/check.c: - Don't prompt for a password if the user is in the exempt group, is - root, or is running the command as themselves even if the -k option - was specified. This makes "sudo -k command" consistent with the - behavior one would get if the user ran "sudo -k" immediately before - running the command. - [632b3961df00] + * Makefile.in, compat/Makefile.in, mkdep.pl: + Add missing signame dependency + [e493bfb01929] -2012-05-15 Todd C. Miller + * src/exec.c, src/ttyname.c: + Silence compiler warnings. + [1c5374b66d9b] - * .hgtags: - Added tag SUDO_1_8_5 for changeset 1bccb3781dfa - [abd23c25b793] <1.8> + * MANIFEST, compat/Makefile.in, compat/sig2str.c, compat/strsigname.c, + config.h.in, configure, configure.in, include/missing.h, mkdep.pl, + src/exec.c, src/exec_pty.c: + Replace strsigname() with sig2str(), emulating it as needed. + [1e348cca1fa6] - * Makefile.in: - Create ChangeLog from default branch now that the 1.8 branch is only - used for building releases. - [1bccb3781dfa] [SUDO_1_8_5] <1.8> - - * INSTALL, Makefile.in, NEWS, common/Makefile.in, compat/setenv.c, - compat/unsetenv.c, config.h.in, configure, configure.in, - doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, - doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, - doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in, - plugins/sudoers/env.c, plugins/sudoers/mon_systrace.c, - plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/exec_pty.c, - src/po/sudo.pot, src/ttysize.c: - Merge sudo 1.8.5 from trunk - [b935e0f0a49e] <1.8> + * config.h.in, configure, configure.in, src/utmp.c: + Use fseeko() for legacy utmp handling if available. + [b4bbd8d2c0e9] - * INSTALL: - Fix capitalization - [7258aa977caf] +2012-08-28 Todd C. Miller - * mkpkg: - Build PIE executable on Mac OS X 10.5 and above. - [2a5c7ef92182] + * compat/strsigname.c, config.h.in, configure, configure.in: + Detect sys_sigabbrev[] and use it in place of sys_signame[] if + present. For some reason glibc does not declare sys_sigabbrev so we + must add an extern definition of our own. + [b38f3fbd7078] - * .hgtags: - Added tag SUDO_1_8_4p5 for changeset 70b2e996c2ce - [6c8ac406bd8c] <1.8> + * compat/strsignal.c, compat/strsigname.c: + Handle NULL entries in sys_siglist and sys_signame. + [a388959d9654] -2012-05-14 Todd C. Miller + * compat/mksiglist.c, compat/mksiglist.h, compat/mksigname.c, + compat/mksigname.h, compat/strsignal.c, compat/strsigname.c: + Convert my_sys_sig{list,name} -> sudo_sys_sig{list,name} + [711e41aba59a] - * NEWS, configure, configure.in: - Update for sudo 1.8.4p5 - [70b2e996c2ce] [SUDO_1_8_4p5] <1.8> +2012-08-27 Todd C. Miller * NEWS: - Update for sudo 1.8.4p5 - [21164f508b68] + sync + [5a2522488754] - * plugins/sudoers/match_addr.c: - Add missing break between AF_INET and AF_INET6 in - addr_matches_if_netmask() - [1d765ba5e7fa] <1.8> + * src/exec.c: + Pass on SIGTSTP to the command if it was sent by a user process (not + the kernel or the terminal) when we are not I/O logging and set the + default SIGTSTP handler when we re-send the signal to ourself, + restoring our handler after we resume. + [4259c47e31c0] - * plugins/sudoers/match_addr.c: - Add missing break between AF_INET and AF_INET6 in - addr_matches_if_netmask() - [672a4793931a] + * src/exec.c: + Shells typically change their process group when they start up so + that they can implement job control. Most well-behaved shells change + the pgrp back to its original value before suspending so we must not + try to restore in that case, lest we race with the child upon + resume, potentially stopping sudo with SIGTTOU while the command + continues to run. Some shells, such as pdksh, just suspend the shell + by sending SIGSTOP to themselves without restoring the pgrp. In this + case we need to change the pgrp back for them. Should fix bug #568 + [6ac6751ffd17] - * plugins/sudoers/mon_systrace.c: - Move systrace monitor code to the attic - [d6faf4754e9c] +2012-08-26 Todd C. Miller -2012-05-11 Todd C. Miller + * MANIFEST, compat/Makefile.in, compat/mksigname.c, + compat/mksigname.h, compat/strsignal.c, compat/strsigname.c, + config.h.in, configure, configure.in, include/missing.h, mkdep.pl, + src/exec.c, src/exec_pty.c: + Use strsigname() to print signal names in the debug output. If the + system has no strsigname(), use our own. + [0735f18906b9] - * src/exec.c: - The pointer to the siginfo_t struct in a signal handler may be NULL. - [41a4ee934b53] +2012-08-23 Todd C. Miller -2012-05-10 Todd C. Miller + * plugins/sudoers/regress/testsudoers/test5.inc, + plugins/sudoers/regress/testsudoers/test5.sh: + Remove generated file and change path for temporary include file. + [4e9fa830c6b5] - * plugins/sudoers/pwutil.c: - Fix an alignment problem on NetBSD systems with a 64-bit time_t and - strict alignment. Based on a patch from Martin Husemann. - [1e5ba3c18f17] + * plugins/sudoers/Makefile.in: + When running regress tests, list pass/fail rate for each dir + (testsudoers and visudo) instead of the total. Also prevent the + result files from clobbering each other by keeping them in the + relevant directories. + [6aac53baff7d] - * include/missing.h: - Add offsetof macro for those without it. - [e44cb51d2587] + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Don't print an error message in yyerror() if open_sudoers() fails, + we've already printed an error message. Also restore the check for + sudoers_warnings in yyerror(). + [aa6036df5fb2] - * MANIFEST: - add system_group plugin - [6169793b510c] + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l: + Avoid printing the >>> parse error <<< message for testsudoers when + the -t flag is specified. + [76f3433c8992] -2012-05-09 Todd C. Miller +2012-08-22 Todd C. Miller - * compat/dlopen.c: - Implement RTLD_NEXT and fix RTLD_DEFAULT for HP-UX. - [85bd03bc5d94] + * plugins/sudoers/parse.c: + Fix NULL deref when an entry has no Runas_Entry + [4b14983ff6e7] -2012-05-08 Todd C. Miller + * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/ja.mo, src/po/ja.po, src/po/pl.mo, src/po/pl.po, + src/po/zh_CN.mo, src/po/zh_CN.po: + sync with translationproject.org + [440e9c9b37de] * NEWS: - Mention system_group plugin - [05393dd4bdb8] + sync + [3142ba2dce60] - * Makefile.in, plugins/sudoers/Makefile.in, - plugins/system_group/Makefile.in: - update depends - [6feb0b824fc4] + * plugins/sudoers/check.c: + Correct the check_user() comment header. + [73da30308fff] - * plugins/system_group/system_group.c: - Only call gr_delref() when use sudo's password caching functions. - [1103442e21fa] + * plugins/sudoers/auth/sudo_auth.c: + Change a log_fatal() into log_error() when no auth methods are + configured. The caller already checks the return value. + [05f5c39793a7] - * plugins/sample_group/Makefile.in, plugins/system_group/Makefile.in: - Add missing dependency on libreplace.la - [05bfd9d4657f] + * plugins/sudoers/logging.c: + Add missing debug_return + [3a76bb7c2fe7] - * compat/dlopen.c: - Emulate RTLD_DEFAULT and RTLD_SELF w/ shl_findsym() using NULL and - PROG_HANDLE. - [2382d0693acc] +2012-08-21 Todd C. Miller - * Makefile.in, configure, configure.in, - plugins/system_group/Makefile.in, - plugins/system_group/system_group.c, - plugins/system_group/system_group.sym: - Add group plugin that does lookups by name using the system group - database. - [2ddbb604112f] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in: + Make the capitalization consistent for .Ss and .Sx + [5c5735ee4b2f] - * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, src/po/pl.mo, - src/po/pl.po: - sync with translationproject.org - [4ef05df4226d] + * doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, doc/sudo.cat, + doc/sudo.man.in, doc/sudo.mdoc.in: + Add COMMAND EXECUTION section that describes how sudo runs the + command, the extra sudo processes and signal handling. + [dff2d88e984e] -2012-05-03 Todd C. Miller +2012-08-18 Todd C. Miller - * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, - plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, - plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, - plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, - plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, - src/po/de.mo, src/po/de.po, src/po/eo.mo, src/po/eo.po, - src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po, - src/po/ru.mo, src/po/ru.po, src/po/sr.mo, src/po/sr.po, - src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, - src/po/zh_CN.mo, src/po/zh_CN.po: - sync with translationproject.org - [115c3f828fc5] + * Makefile.in: + Happy Easter + [4b9d697c6b83] -2012-05-01 Todd C. Miller +2012-08-17 Todd C. Miller - * sudo.pp: - Add mode for docdir and use '-' (default) for localedir mode. Fixes - a problem on Linux when building in a directory with the setgid bit - set. - [582279c8bcb1] + * compat/Makefile.in: + Don't echo the awk command when building siglist.in + [21daa72921e6] -2012-04-30 Todd C. Miller + * doc/fixman.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Cosmetic changes. + [19259528e9ad] - * pp: - Match CentOS 6.0 - [1e99ef210f98] + * doc/Makefile.in: + The HISTORY, LICENSE and CONTRIBUTORS files are not longer + generated. + [ea6ac9e981e6] -2012-04-24 Todd C. Miller + * MANIFEST, plugins/sudoers/po/da.po, plugins/sudoers/po/fi.po, + plugins/sudoers/po/hr.po, plugins/sudoers/po/it.mo, + plugins/sudoers/po/it.po, plugins/sudoers/po/sl.po, + plugins/sudoers/po/uk.po, src/po/de.mo, src/po/de.po, src/po/fi.po, + src/po/hr.po, src/po/it.po, src/po/ru.po, src/po/sl.po, + src/po/uk.po, src/po/vi.po: + Sync with translationproject.org and add Italian sudoers + translation. + [9276740aea59] - * NEWS: - Update with recent changes - [c5fc220ba696] +2012-08-16 Todd C. Miller - * pp: - Fix version check on AIX - [d272e39112f4] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Expand description of fqdn to talk about systems where the hosts + file is searched before DNS. + [4ee812ca6116] - * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - regen - [72b23509465a] +2012-08-15 Todd C. Miller - * plugins/sudoers/ldap.c: - Need to call ldapssl_clientauth_init() for start_tls on Mozilla LDAP - SDK. - [87b685e70b9a] + * doc/Makefile.in: + For cat pages there is nothing to make unless DEVEL is set. + [fab4a5b68708] - * plugins/sudoers/ldap.c: - Fix printing of invalid uri - [645aa53acdde] + * configure, configure.in, doc/Makefile.in: + Always use mandoc to format cat pages and remove now-extraneous + nroff configure tests. + [5747f4ed5762] - * plugins/sudoers/auth/pam.c: - Pass PAM_SILENT when deleting creds to remove an annoying warning - message on Solaris. - [1dd0301ef293] + * pp: + sync polypkg from git + [89ddf6ea3e3f] -2012-04-23 Todd C. Miller + * plugins/sudoers/sudoers.c: + Use AI_FQDN instead of AI_CANONNAME if available since "canonical" + is not always the same as "fully qualified". + [7c1d9c098386] - * src/utmp.c: - Fix the setutxent and endutxent compatibility defines (this time - correctly) when only setutent and endutent are available. - [d136d2867db9] +2012-08-14 Todd C. Miller - * plugins/sudoers/ldap.c: - sudo_ldap_set_options_global() should not take an LDAP handle as an - argument since the options affect the global settings. - [1dc39b9d20f2] + * doc/sudoers.mdoc.in: + Fix some typos. Describe error messages not related to policy + permissions. + [f5ebf9030d85] - * mkpkg: - Debian sudo has not been built with --with-exempt=sudo since 1.6.8. - [c7716291a856] + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/visudo.c: + Add new check_defaults() function to check (but not update) the + Defaults entries. Visudo can now use this instead of update_defaults + to check all the defaults regardless instead of just the global + Defaults entries. + [3fa879ce1b65] - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, - plugins/sudoers/auth/pam.c, src/exec.c, src/exec_pty.c, src/sudo.c, - src/sudo.h: - Call the policy's init_session() function before we fork the child. - That way, the session is created and destroyed in the same process, - which is needed by some modules, such as pam_mount. - [ece552ba002e] +2012-08-13 Todd C. Miller + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document sudoers log format. + [08998a7061ab] - * doc/TROUBLESHOOTING: - Add entry for SSL LDAP errors on Mozilla SDKs when the cert dir is - not specified. - [bd293e100b28] + * NEWS: + Update for sudo 1.8.5p3 + [6e102a5d4e8d] - * plugins/sudoers/auth/pam.c: - Delete creds after closing the PAM session. - [5158d726d6a5] + * src/load_plugins.c: + Add missing check for I/O plugin API version when checking for the + presence of I/O plugin hooks. + [ef05c7eeaf81] - * plugins/sudoers/ldap.c: - Provide a more useful error message if using a Mozilla-style LDAP - SDK and you forgot to specify TLS_CERT in ldap.conf. - [7cb78feb899c] + * src/hooks.c: + Can't call debug code in the process_hooks_xxx functions() since + ctime() may look up the timezone via the TZ environment variable. + [2179fb26bd8e] - * src/exec_pty.c: - Add missing initialization of a sigaction structure when I/O - logging. Fixes a potential problem when suspending the command. - [f4480f2ba816] +2012-08-10 Todd C. Miller - * plugins/sudoers/ldap.c: - Split global and per-connection LDAP options into separate arrays. - Set global LDAP options before calling ldap_initialize() or - ldap_init(). After we have an LDAP handle, set the per-connection - options. Fixes a problem with OpenLDAP using the nss crypto backend; - bug #342 - [265c9d2dc12b] + * src/exec_common.c, src/sesh.c, src/utmp.c: + Include signal.h before sudo_exec.h since it uses sigset_t * in the + fork_pty prototype. + [94fc0d859600] - * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, + doc/visudo.man.in, doc/visudo.mdoc.in: + Remove OPTIONS section; options now go inside DESCRIPTION + [a619fc58a746] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [44719d80bc06] + + * MANIFEST, NEWS, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, - src/po/de.mo, src/po/de.po, src/po/hr.mo, src/po/hr.po, - src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: - sync with translationproject.org - [6d7fe44be21e] + src/po/da.mo, src/po/da.po, src/po/hr.mo, src/po/hr.po, + src/po/sl.mo, src/po/sl.po, src/po/vi.mo, src/po/vi.po: + Sync with translationproject.org and add new Slovenian translation. + [34b4b966bbac] -2012-04-21 Todd C. Miller + * common/alloc.c, plugins/sudoers/check.c, plugins/sudoers/env.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c: + Reduce the number of "internal error, foo overflow" messages that + need to be translated. + [93ffa2b3d53f] - * src/sudo.c, src/sudo.h: - Move struct passwd pointer into struct command details. - [d6fb1eff2065] + * NEWS: + Mention HP-UX reboot fix. + [1e39b5aa32ac] -2012-04-20 Todd C. Miller + * INSTALL, NEWS, common/sudo_debug.c, configure, configure.in, + doc/CONTRIBUTORS, include/sudo_debug.h, mkdep.pl, pathnames.h.in, + plugins/sudoers/Makefile.in, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c: + Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers + data source. From Daniel Kopecek and Pavel Brezina. + [3f85e95d6928] - * pp: - Sync with upstream for Mac OS X (and other) fixes. - [c2f4998d01b0] +2012-08-09 Todd C. Miller - * mkpkg: - Only built Mac intel universal binary on an intel machine. - [0009e0b7e5a8] + * common/sudo_conf.c, src/load_plugins.c: + If sudo.conf contains an I/O plugin but no policy plugin, use + sudoers for the policy plugin. If a policy plugin is specified + without an I/O plugin, only the policy plugin will be loaded. + [ea192df2439d] - * src/Makefile.in: - Do not pass libtool the -static-libtool-libs option when building - sudo and sesh. Otherwise, libtool may prefer a static version of an - installed library over a dynamic one when linking. - [6fbac9adc885] + * doc/Makefile.in, doc/sudoers.man.in: + Do not modify the .Os section when building the .man.in file from + .mdoc.in. + [a9f9628e147f] -2012-04-19 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Add a note about wildcards matching multiple words and include an + example. Also mention that for sudoedit, a wildcard in command line + args does not match a slash. + [fcb9fbac14e0] - * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/hr.mo, - plugins/sudoers/po/hr.po, src/po/de.mo, src/po/de.po: - Add German translation for sudo Add Croatian translation for sudoers - [fa4da1a6530c] +2012-08-07 Todd C. Miller + + * src/exec_pty.c, src/sudo_exec.h: + Fix a comment, update a variable name in a prototype; all cosmetic. + [e89f10cbd6e1] * plugins/sudoers/iolog.c: - typo fix in comment - [abd721d1288e] + Cast 2nd argument of lseek() to off_t if it is a constant for + systems with 64-bit off_t but without a proper lseek() prototype. + [d8779da135d0] -2012-04-16 Todd C. Miller + * compat/getline.c, plugins/sudoers/check.c, plugins/sudoers/env.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/visudo.c: + Fix some warnings from clang checker-267 + [1e44ef7860b5] - * NEWS: - Update with recent changes - [6fa11e8448b9] + * plugins/sample/sample_plugin.c: + Fix memory leak found by clang checker-267 + [f8a43617fdfb] - * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - Sort xgettext output by file name. - [f650841810f0] +2012-08-06 Todd C. Miller - * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod: - Clarify what "sudoreplay -l" displays and mention that it is sorted. - [84031c117bd6] + * src/exec.c, src/exec_pty.c, src/sudo.h, src/sudo_exec.h: + If we receive a signal from the command we executed, do not forward + it back to the command. This fixes a problem with BSD-derived + versions of the reboot command which send SIGTERM to all other + processes, including the sudo process. Sudo would then deliver + SIGTERM to reboot which would die before calling the reboot() system + call, effectively leaving the system in single user mode. + [4ffab9ab9e98] - * config.h.in, configure, configure.in, src/ttyname.c: - Use AC_HEADER_MAJOR to determine where major/minor are defined. - [3c949650a223] +2012-08-03 Todd C. Miller - * config.h.in, configure, configure.in, src/ttyname.c: - Include sys/mkdev.h if present instead of sys/sysmacros.h for - minor(). This is needed on Solaris (at least) where the makedev - macros in sysmacros.h are obsolete and library functions should be - used instead. - [343928acf81e] + * doc/fixman.sh, doc/fixmdoc.sh: + Remove section about Solaris 10 on other systems. Add missing + sudoers.man.in bit to fixman.sh. + [176559199ba7] - * mkpkg: - When building on Mac OS X, only set SDK_FLAGS if specified osversion - doesn't match host. - [d84c6efac872] +2012-08-02 Todd C. Miller -2012-04-15 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Expand section on Solaris privileges. + [3a1bfa2f1743] - * src/ttyname.c: - Add back buf and tty variables for _ttyname() case that were - inadvertantly removed. - [a4a820b22a44] + * NEWS: + Expand a bit on the Solaris priv set changes. + [bffb78b4a520] -2012-04-13 Todd C. Miller + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + The second argument to init_parser() is now bool. + [fb727a4fb651] - * plugins/sudoers/po/sudoers.pot: - regen - [5446b12c1250] + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Fix printing of parse error message to stderr. + [dea6b420b84f] - * configure, configure.in: - Remove b8 from version number. - [5adc4dcec061] + * plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/match.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c: + If a command matches using an empty Runas_List (i.e. Runas_List is + present but empty) and the -u option was not specified, set runas_pw + to user_pw instead of using runas_default. This is intended to be + used in conjunction with the Solaris Privilege Set support for rules + that grant privileges without changing the user. + [e84a081f3c11] - * src/ttyname.c: - remove some XXX - [187579a5f593] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/sudoers_version.h: + Add support for parsing an empty Runas_List, which only allows the + command to be run as the invoking user. This can be used in + conjunction with the Solaris Privilege Set support to grant + privileges without changing the user. + [dc34373792fc] - * src/ttyname.c: - When looking for a device match, do a breadth-first search instead - of depth-first. We already special case /dev/pts/ so chances are - good that if it is not a pseudo-tty it is in the base of /dev/. Also - avoid a stat(2) when possible if struct dirent has d_type. - [0183f8a1b278] +2012-08-01 Todd C. Miller - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, - src/sudo.c, src/sudo.h: - Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list. - [f0574d878491] + * doc/fixman.sh: + Fix HP-UX, just use ".TH name section" like the vendor manuals. + [559738237c92] - * src/po/eo.mo, src/po/es.mo, src/po/es.po, src/po/fi.mo, - src/po/ja.mo, src/po/pl.mo, src/po/ru.mo, src/po/uk.mo, - src/po/vi.mo: - sync with translationproject.org - [4527ea78fbd5] + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix compilation on Solaris + [2d310302207c] - * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/gl.mo, src/po/gl.po, - src/po/hr.mo, src/po/hr.po: - New Croatian and Galician translations from translationproject.org - [ad4bd924b4de] + * .hgignore, MANIFEST, doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, + doc/sudo.man.sh, doc/sudo.mdoc.sh, doc/sudoers.man.sh, + doc/sudoers.mdoc.sh: + Generate a sed script file when munging *.mdoc or *.man instead of + passing sed expressions on the command line. Older seds do not + support \n in a replacement so generate and run a sed script + instead. + [0bcce3f1ca18] - * src/ttyname.c: - Add depth-first traversal of /dev/ for the /proc case when not - /dev/pts/N - [499bd3456774] + * doc/Makefile.in, doc/sudo.man.in, doc/sudo_plugin.man.in, + doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.man.in, + doc/visudo.man.in: + Use "Sudo VERSION" as the 4th arg to .TH instead of just "VERSION" + [fe0f10b63776] - * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c: - If struct dirent has d_type, use it to avoid an extra stat(). - [741dabbe4bcd] +2012-07-31 Todd C. Miller - * plugins/sudoers/sudoreplay.c: - Sort output of "sudoreplay -l" - [c0615795bd4b] + * src/exec.c: + When checking whether a signal is user-generated, compare si_code + against SI_USER instead of <= 0 since on HP-UX, terminal-related + signals get a code of 0. + [4e9021243343] -2012-04-12 Todd C. Miller + * src/sudo.c: + SuSE Enterprise Linux uses RLIMIT_NPROC and _SC_CHILD_MAX + interchangably. This causes problems when setting RLIMIT_NPROC to + RLIM_INFINITY due to a bug in bash where bash tries to honor the + value of _SC_CHILD_MAX but treats a value of -1 as an error, and + uses a default value of 32 instead. - * plugins/sudoers/sudoreplay.c: - Fix duplicate free introduced in last rev - [efdaabe69d75] + Previously, we just checked RLIMIT_NPROC and, if it was unlimited, + restored the previous value of RLIMIT_NPROC. However, that makes it + impossible to set nproc to unlimited. We now only restore the nproc + resource limit if sysconf(_SC_CHILD_MAX) is negative. In most cases, + pam_limits will set RLIMIT_NPROC for us. + [cb71cc8d0b08] -2012-04-11 Todd C. Miller +2012-07-30 Todd C. Miller - * plugins/sudoers/auth/pam.c: - Instead of treating ^C from tgetpass() specially, always return - AUTH_INTR if tgetpass() returned NULL. Treat PAM_AUTHINFO_UNAVAIL - like PAM_AUTH_ERR which Mac OS X returns this when there is no tty. - [a3b17298d4d0] + * plugins/sudoers/ldap.c: + Active Directory apparently requires that tenths of a second be + present in a date so append .0 to the "now" value in the time + filter. Also remove space for the global AND from TIMEFILTER_LENGTH + since it was not being used consistently. Buffers of + TIMEFILTER_LENGTH now need to account for the terminating NUL byte. + [d28619ff6e45] - * config.h.in, configure, configure.in, src/ttyname.c: - Rototill code to determine the tty. For Linux, we now look up the - tty device in /proc/pid/stat instead of trying to open - /proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given - device number to a string. On BSD, we can use devname(). On Solaris, - _ttyname_dev() does what we want. TODO: write /dev/ traversal code - for the generic sudo_ttyname_dev(). - [6b22be4d09f0] + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix SELinux build + [cc0d1f4e851b] -2012-04-10 Todd C. Miller +2012-07-29 Todd C. Miller - * src/ttyname.c: - Define PRNODEV for those w/o it. - [f17290e64559] + * MANIFEST: + Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they + were not being kept in sync. + [fc3ad1847cb1] - * config.h.in, configure, configure.in, src/ttyname.c: - Check for SVR4-style struct psinfo.pr_ttydev and use that to - determine the tty if std{in,out,err} are not ttys. - [76ad33a91f4b] + * doc/HISTORY, doc/Makefile.in, doc/contributors.pod, doc/history.pod, + doc/license.pod: + Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they + were not being kept in sync. + [950363dffe3a] - * src/ttyname.c: - Better support for SVR4-style /proc entries where we can't use - ttyname() on the /proc/pid/fd/[0-2] entries. We can, however, - attempt to map the device number back to the correct pseudo-tty - slave device. - [4f9f48cc79eb] +2012-07-27 Todd C. Miller - * src/ttyname.c: - When trying to determine the tty name, check parent's stderr in - addition to its stdin and stdout. - [604644056c7d] + * plugins/sudoers/logging.c: + Fix printing of the permission denied message to standard error when + a user is not allowed to run a command. This got broken by the + recent logging changes. + [b7af63da3ca1] - * src/exec_pty.c: - Treat a tty read failure like EOF as it usually means the pty has - gone away. Handle write() on the tty returning EIO. - [16957f4a706f] + * plugins/sudoers/sudoers_version.h: + Bump grammar version for Solaris privs. + [2a2baf024477] - * src/exec.c, src/exec_pty.c: - Linux select() may return ENOMEM if there is a kernel resource - shortage. Older Solaris select() may return EIO instead of EBADF - when the tty goes away. If we get an unhandled select() failure, - kill the child and exit cleanly. - [d93940a311ab] + * doc/schema.ActiveDirectory: + Fix errors introduced when sudoNotBefore, sudoNotAfter and sudoOrder + were added. From David Hicks. + [3fc432a8edb4] - * src/ttyname.c: - Open /proc/pid/fd/[0-2] in non-blocking mode just in case we might - block in open. - [a9f809d09d52] +2012-07-26 Todd C. Miller -2012-04-09 Todd C. Miller + * plugins/sudoers/Makefile.in: + Remove lex.yy.c when building toke.c + [72bb9e62b289] - * plugins/sudoers/set_perms.c: - Fix restoration of AIX permissions. - [30c717115988] + * doc/Makefile.in: + Fix building docs in a build dir. + [7a6f435af022] - * src/parse_args.c: - Allow the -k flag to be used along with the -i and -s flags. - [0653b17c97f1] + * doc/sudo.man.pl, doc/sudo.pod, doc/sudo_plugin.pod, + doc/sudoers.ldap.pod, doc/sudoers.man.pl, doc/sudoers.pod, + doc/sudoreplay.pod, doc/visudo.pod: + Remove pod versions of the manual; we now use mdoc. + [5c967d2dd5db] - * plugins/sudoers/sudoreplay.c: - Plug memory leak in parse_logfile() in the error path. - [9cce86fa833b] + * MANIFEST, doc/Makefile.in, doc/sudo.man.sh, doc/sudo.mdoc.sh, + doc/sudoers.man.sh, doc/sudoers.mdoc.sh: + Add post-processing scripts to strip out login class, BSD auth, + SELinux and privilege set bits when they are not supported. + [d0d51f72f597] - * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, - src/po/da.mo, src/po/da.po, src/po/eo.po, src/po/es.po, - src/po/fi.po, src/po/it.mo, src/po/it.po, src/po/ja.po, - src/po/pl.po, src/po/ru.po, src/po/uk.po, src/po/vi.po, - src/po/zh_CN.mo, src/po/zh_CN.po: - sync with translationproject.org - [14af43d0b170] + * NEWS, configure.in, doc/CONTRIBUTORS, doc/Makefile.in, + doc/contributors.pod, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.man.pl, doc/sudoers.mdoc.in, doc/sudoers.pod, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, src/sudo.c, src/sudo.h: + Merge in Solaris privilege support by Darren Moffat and John + Zolnowsky + [3aa0a64f2f5c] -2012-04-08 Todd C. Miller +2012-07-25 Todd C. Miller - * compat/regress/glob/globtest.c, config.h.in, configure, - configure.in, plugins/sudoers/match.c: - Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the - glob() and fnmatch() results to be consistent. - [4226750d73c2] + * doc/contributors.pod: + Sync with CONTRIBUTORS file + [9a0852306ad9] -2012-04-06 Todd C. Miller + * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in, + doc/sudoers.man.in, doc/sudoreplay.man.in: + Regen .man.in files with my private mandoc. + [dc3c9fc449eb] - * MANIFEST, common/Makefile.in, common/ttysize.c, src/Makefile.in, - src/ttysize.c: - Move ttysize.c to common so sudoreplay can use it. - [b4a0aa514cd4] + * doc/Makefile.in: + add MANDOC variable + [35527e66afc5] - * plugins/sudoers/sudoreplay.c: - If I/O log file includes rows + cols, warn if the user's tty is not - big enough. - [b980ef89efff] +2012-07-20 Todd C. Miller - * plugins/sudoers/sudoreplay.c: - Fix printing of TSID in "sudoreplay -l" - [4221e3e108b4] + * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in, + doc/sudoers.man.in, doc/sudoreplay.man.in, doc/visudo.man.in: + Regen .man.in files with hacked mandoc to avoid issues with historic + nroff. + [d45cfa7d665f] - * common/sudo_debug.c, include/sudo_debug.h, - plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/exec.c, - src/exec_pty.c: - Log the process id in the debug file output. Since we don't want to - keep calling getpid(), stash the value at init time and when we - fork(). - [2782d30c024d] +2012-07-19 Todd C. Miller - * src/exec_pty.c: - Ignore SIGTTIN and SIGTTOU in main sudo process when I/O logging. It - is better to receive EIO from read()/write() than to be suspended - when we don't expect it. Fixes a problem when our terminal is - revoked which can happen when, e.g. our sshd is killed - unceremoniously. Also, only change the value of "alive" from true to - false, never from false to true. It is possible for us to receive - notification of the child having stopped after it is already dead. - This does not mean it has risen from the grave. - [26c9fe8ce0f9] + * doc/sudo.mdoc.in, doc/sudoers.mdoc.in: + Fix groff warnings. + [111d522ca807] - * src/exec_pty.c: - Distinguish between signals we received from the parent vs. those - delivered explicitly to the monitor process in debugging info. - [40716cb180e5] + * doc/Makefile.in: + Fix dependencies for .man.in files. + [aefeffe1af2b] -2012-04-05 Todd C. Miller + * .hgignore: + Add doc/*.mdoc to ignore file + [1e4de6ef2ad8] - * plugins/sudoers/check.c: - In Solaris 11, /dev/pts under the "dev" filesystem, not "devices". - Update tty_is_devpts() to match so we can determine when the tty has - been reused. - [2689665df027] + * INSTALL, MANIFEST, NEWS, configure, configure.in, doc/Makefile.in, + doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, + doc/visudo.man.in, doc/visudo.mdoc.in: + Build .man.in and .cat files from .mdoc.in files. Add new --with-man + and --with-mdoc configure options. + [c963fd7e8f80] - * common/sudo_debug.c, include/error.h, include/sudo_debug.h: - Always pass __func__, __FILE__ and __LINE__ in sudo_debug_printf() - and use a new flag, SUDO_DEBUG_FILENO to specify when to use it. - This allows consumers of sudo_debug_printf() to log that data - without having to specify it manually. - [7c94c4879208] +2012-07-18 Todd C. Miller - * src/exec_pty.c: - Make this compile after last change. - [ee09034f3266] + * doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in: + Sudo manuals formatted in mdoc, to replace the pod versions. + [e6dca4030451] - * src/exec_pty.c: - Don't try to restore the terminal if we are not the foreground - process. Otherwise, we may be stopped by SIGTTOU when we try to - update the terminal settings when cleaning up. - [c48b24335456] + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.pod, doc/sudoers.man.in, doc/sudoers.pod, + doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod, + doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod: + More minor costmetic fixes. + [a7287a68385a] - * src/exec.c: - If select() return EBADF in the main event loop, one of the ttys - must have gone away so perform any I/O we can and close the bad fds. - [3bc8678c03ce] +2012-07-12 Todd C. Miller - * common/sudo_debug.c, include/error.h, include/sudo_debug.h, - plugins/sudoers/toke.c, plugins/sudoers/toke.h, - plugins/sudoers/toke.l: - Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. Log the - function, file and line number in the debug log for warning() and - error(). - [894cd131f11d] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod: + Minor cosmetic fixes. + [9c48bdaf3946] -2012-04-04 Todd C. Miller +2012-07-11 Todd C. Miller - * common/sudo_debug.c, include/error.h, include/sudo_debug.h, - src/conversation.c: - Add SUDO_DEBUG_ERRNO flag to debug functions so we can log errno. - Use this flag when wrapping error() and warning() so the debug - output includes the error string. - [1e2c67adaf1f] + * plugins/sudoers/logging.c, plugins/sudoers/po/sudoers.pot: + Use "a password is required" instead of "password required" when the + -n flag is used and we need to read a password. + [a3c30fc41648] -2012-03-30 Todd C. Miller +2012-07-10 Todd C. Miller * NEWS: - Update for sudo 1.8.5 - [7d2b62b823fe] + Mention logging changes. + [8238fd6e02e8] * plugins/sudoers/po/sudoers.pot: regen - [718ad9de92cd] + [e2cf634ba63b] - * doc/CONTRIBUTORS: - sync - [f48013aea641] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Document that other mail_* flags have precedence over mail_badpass. + [9f4cc9188f40] - * plugins/sudoers/pwutil.c: - Use ecalloc() - [fabd23c1f271] + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Move log_denial() calls and logic to log_failure(). Move + authentication failure logging to log_auth_failure(). Both of these + call audit_failure() for us. - * src/exec_pty.c: - Don't need zero_bytes() after ecalloc() - [1a9d95cd10ef] + This subtly changes logging for commands that are denied by sudoers + but where the user failed to enter the correct password. Previously, + these would be logged as "N incorrect password attempts" but now are + logged as "command not allowed". Fixes bug #563 + [cad35f0b3ad7] - * config.h.in, configure, configure.in, src/sudo_noexec.c: - Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers to - sudo_noexec.c. - [cbaa1d4b0f8a] +2012-07-06 Todd C. Miller - * src/utmp.c: - Fix compat setutxent and endutxent macros for systems with - setutent() but not setutxent(). From Gustavo Zacarias - [d7ce622fc5f2] + * common/aix.c: + Do not set a resource limit to zero when we are unable to fetch a + value from /etc/security/limits. + [62bfb0a7895e] -2012-03-29 Todd C. Miller +2012-07-05 Todd C. Miller - * configure.in: - Add ignore_result definition to AH_BOTTOM - [8d4096838a98] + * sudo.pp: + Add "Provides: sudo" to debian sudo-ldap package + [beb8afa0beb2] - * common/sudo_debug.c, config.h.in, plugins/sample/sample_plugin.c, - plugins/sudoers/iolog.c, plugins/sudoers/toke.c, - plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/env_hooks.c, - src/exec.c, src/exec_pty.c, src/tgetpass.c: - Fix compiler warnings on some platforms and provide a better method - of defeating gcc's warn_unused_result attribute. - [9a8f804fcc75] +2012-07-02 Todd C. Miller + + * configure, configure.in, zlib/Makefile.in: + Define NO_VIZ for zlib when gcc doesn't support symbol visibility + attributes. + [9fdcbf526386] * configure, configure.in: - Fix building the builtin zlib from a build dir. When a zlib dir was - specified, prepend its include path instead of appending so we get - the right zlib headers. - [5f61d591b186] + Use the autoconf cache when checking for symbol export control + support. + [03c2cce8711f] - * doc/LICENSE, zlib/adler32.c, zlib/crc32.c, zlib/crc32.h, - zlib/deflate.c, zlib/deflate.h, zlib/gzguts.h, zlib/gzlib.c, - zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffixed.h, - zlib/inflate.c, zlib/inftrees.c, zlib/trees.c, zlib/zconf.h.in, - zlib/zlib.h, zlib/zutil.c, zlib/zutil.h: - Update zlib to version 1.2.6 - [173c4bc4d4fc] + * INSTALL, common/Makefile.in, compat/Makefile.in, configure, + configure.in, mkpkg, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in: + Add configure check for building PIE executables instead of doing it + in mkpkg. + [02b5b78ef258] -2012-03-28 Todd C. Miller + * sudo.pp: + MacOS pp backend doesn't like modes longer than 4 characters. + [01b49022bf01] - * include/missing.h: - g/c __unused which is no longer used - [7ef3f23edcd6] +2012-07-01 Todd C. Miller - * src/env_hooks.c: - Fix compilation if RTLD_NEXT is not defined. - [d5605f468b71] + * configure, configure.in: + Add -Wc,-fstack-protector to LT_LDFLAGS instead of adding + -fstack-protector to LDFLAGS so it doesn't get stripped out. Libtool + will strip -fstack-protector from the linker flags and we always + link with libtool. + [0a0a0250ac2b] - * src/po/sr.mo, src/po/sr.po: - sync with translationproject.org - [27d559f7985d] +2012-06-29 Todd C. Miller - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, - doc/sudoers.man.in: - regen - [f9f63ce478b6] + * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: + Regen for sudo 1.8.6 + [1657ee28b496] - * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - regen - [59035d82d15a] + * NEWS, doc/sudoers.ldap.pod: + Document improved Tivoli Directory Server support. + [fb411edf4687] - * Makefile.in: - Ignore Project-Id-Version when comparing pot files. - [22feb9ede46b] + * config.h.in, configure, configure.in, plugins/sudoers/ldap.c: + Add support for ldaps using Tivoli LDAP libraries. Add ldap.conf + option to specify Tivoli key db password. Allow TLS ciphers to be + configured for Tivoli. + [737e17c91e60] - * plugins/sudoers/bsm_audit.c: - Use error() instead of log_fatal() - [54130bda4b50] +2012-06-28 Todd C. Miller - * plugins/sudoers/env.c: - Fix signedness of didvar in env_update_didvar() - [77048a80b3e4] + * plugins/sudoers/ldap.c: + Tivoli Directory Server 6.3 libs always return a (bogus) error when + setting LDAP_OPT_CONNECT_TIMEOUT. + [504406637c38] - * plugins/sudoers/iolog.c: - Quiet a compiler warning on some platforms. - [8fdcaece0400] + * NEWS: + Update + [687a755604e8] - * compat/fnmatch.c: - cast ctype(3) function/macro arguments from char to unsigned char to - avoid potential negative subscripting. - [bdcf7eef21ef] + * plugins/sudoers/ldap.c: + Treat LDAP_OPT_CONNECT_TIMEOUT (Tivoli Directory Server 6.3) the + same as LDAP_OPT_CONNECT_TIMEOUT (OpenSSH). Don't make failure to a + set an ldap option fatal. + [17cf93ae3304] - * common/setgroups.c: - Quiet a warning on systems where the gids array in setgroups() is - not prototyped as being const, even though it really is. - [fdd758c6302d] +2012-06-27 Todd C. Miller - * src/env_hooks.c: - Quiet a compiler warning on systems where the argument to putenv(3) - is const. - [51bae2193b53] + * plugins/sudoers/sudoers.c: + Zero pointers in sudo_user struct after freeing, just in case. + [8eff1f80b943] - * plugins/sudoers/sudoreplay.c: - Undo an incorrect int -> bool conversion. - [b9a4ce320f14] + * plugins/sudoers/sudoers.c: + Free user_gids in close function if it has not already been freed. + [cbce28877f37] - * MANIFEST, NEWS, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, - src/po/sv.mo, src/po/sv.po: - Add Swedish sudo and sudoers translations from - translationproject.org - [f7ce1de9073f] + * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Defer group ID to name resolution until we actually need it. + [463e75b81e89] - * plugins/sudoers/env.c: - No need to preserve ODMDIR on AIX now that we always read - /etc/environment. - [4aa04b2f0125] + * src/sudo.c: + It is safe to read in sudo.conf before calling user_info(). + [3290b6434e3c] -2012-03-27 Todd C. Miller + * plugins/sudoers/env.c, plugins/sudoers/ldap.c: + Use MAX_UID_T_LEN + 1 for uid/gid buffers, not MAX_UID_T_LEN to + prevent potential truncation. Bug #562. + [29d9fc4e0c4e] + +2012-06-25 Todd C. Miller + + * sudo.pp: + If installing with installp, error out if there is already an + instance of the rpm package installed. + [ec24c6faba22] + + * mkpkg: + Add --disable-nls for AIX + [192ac2f7d65e] + +2012-06-22 Todd C. Miller + + * sudo.pp: + Debian sudo-ldap packages should now depend on libldap-2.4-2, not + libldap2. + [cbcec71e6b58] + +2012-06-21 Todd C. Miller - * doc/sudoers.pod, plugins/sudoers/env.c: - When initializing the environment for env_reset, start out with the - contents of /etc/environment on AIX and login.conf on BSD. - [5717bdc321e2] + * sudo.pp: + Add Homepage and Bugs to debian control file. + [0f19d7d14e66] - * doc/TROUBLESHOOTING, src/sudo.c: - If we are not running with an effective uid of 0, try to give the - user enough information to debug the problem. - [fa4894896d8a] +2012-06-20 Todd C. Miller - * plugins/sudoers/getdate.c, plugins/sudoers/gram.c: - Quiet a clang-analyzer false positive. - [c4c0c1b9c8b0] + * mkpkg: + fix typo when setting aix_freeware + [2fd6feb50195] - * src/tgetpass.c: - If there is nothing to read from the askpass program, set errno to - EINTR. This makes the cancel button behave like the user entered ^C - at the password prompt when PAM is used. - [594302cb9caf] + * common/Makefile.in, compat/Makefile.in, configure, configure.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in, zlib/Makefile.in: + Don't run regress tests or sudoers sanity check (using the newly- + built visudo) when cross compiling. Bug #560 + [0c4e3f68b2f5] - * src/sudo.h, src/tgetpass.c: - Fetch the value of "askpass" from the sudo conf struct. - [4593ee8f1bd3] + * MANIFEST, configure, configure.in, plugins/sample/Makefile.in, + plugins/sample/sample_plugin.exp, plugins/sample/sample_plugin.map, + plugins/sample/sample_plugin.sym, plugins/sample_group/Makefile.in, + plugins/sample_group/sample_group.exp, + plugins/sample_group/sample_group.map, + plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in, + plugins/sudoers/sudoers.exp, plugins/sudoers/sudoers.map, + plugins/sudoers/sudoers.sym, plugins/system_group/Makefile.in, + plugins/system_group/system_group.exp, + plugins/system_group/system_group.map, + plugins/system_group/system_group.sym: + Rename foo.sym -> foo.exp Remove foo.map from the repo and generate + it on demand Use a loader option file for HP-UX ld to explicitly + export symbols + [2402ff5302ab] - * common/sudo_conf.c: - Fix matching of "Path askpass" and "Path noexec" - [4df28d62afb9] + * src/Makefile.in: + Remove extraneous backslash + [8ca054de138c] -2012-03-26 Todd C. Miller + * plugins/sudoers/regress/check_symbols/check_symbols.c: + Don't check for errorx as an exported symbols as it is now a macro. + Check for user_in_group() instead. + [7b02c8ecd3ea] - * plugins/sudoers/visudo.c: - Quiet a clang-analyzer dead store warning. - [dd90bf385a3f] +2012-06-19 Todd C. Miller - * plugins/sudoers/sudoers.c: - If the "timestampowner" user cannot be resolved, use ROOT_UID - instead of exiting with a fatal error. - [8d62aae99715] + * configure, configure.in: + Adjust ld map file support to use an anonymous scope to match the + updated .map files. + [49be44282d9e] - * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, - plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, - plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c, - plugins/sudoers/check.c, plugins/sudoers/env.c, - plugins/sudoers/iolog.c, plugins/sudoers/logging.c, - plugins/sudoers/logging.h, plugins/sudoers/parse.c, - plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: - Remove the NO_EXIT flag to log_error() and add a log_fatal() - function that exits and is marked no_return. Fixes false positives - from static analyzers and is easier for humans to read too. - [a0fe785c2a3d] +2012-06-18 Todd C. Miller -2012-03-24 Todd C. Miller + * config.h.in, configure, configure.in, include/gettext.h: + Older versions of Solaris lack ngettext() + [028af10dfa5f] - * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo, - src/po/eo.po: - sync with translationproject.org - [df5e8777de13] + * configure, configure.in: + Move the check for -static-libgcc until after AC_LANG_WERROR has + been called and use AX_CHECK_COMPILE_FLAG(). + [a7b09120e7ff] -2012-03-20 Todd C. Miller + * include/gettext.h: + Sudo defines HAVE_SETLOCALE not HAVE_LOCALE_H + [3aa2780d4a4e] - * src/po/da.mo, src/po/da.po: - sync with translationproject.org - [629d99548b78] + * include/error.h, include/sudo_debug.h: + Fix gcc 2.x variant macro support. + [8e71c2370997] - * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: - sync with translationproject.org - [9d122a2860d6] + * plugins/sudoers/logging.c, plugins/sudoers/sudoreplay.c: + Fix compilation on gcc 2.95 and other compilers that only allow + variable declarations at the beginning of a block. + [9d80c802bb46] -2012-03-19 Todd C. Miller + * configure, configure.in, plugins/sudoers/Makefile.in: + Link check_symbols with SUDO_LIBS to make sure we link with the + requisite libraries to successfully dlopen sudoers.so. This is + needed on HP-UX where a program dlopen()ing a shared object that + uses pthreads must also be linked with pthreads (and HP-UX LDAP uses + pthreads). + [b8961cd82337] - * src/po/it.mo, src/po/it.po: - sync with translationproject.org - [6397593b15cf] + * plugins/sudoers/regress/check_symbols/check_symbols.c: + Add check for exported local symbols. This will cause a "make check" + failure on systems where we don't support symbol hiding. + [8aa549389bb1] - * common/sudo_conf.c, plugins/sudoers/alias.c, - plugins/sudoers/defaults.c, plugins/sudoers/env.c, - plugins/sudoers/gram.c, plugins/sudoers/gram.y, - plugins/sudoers/interfaces.c, plugins/sudoers/ldap.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, - plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/hooks.c, - src/load_plugins.c: - Use ecalloc() when allocating structs. - [8b5888868db2] + * configure, configure.in: + Additional ${foo} -> $(foo) Makefile tweaks. + [046bbde18f52] - * common/alloc.c, include/alloc.h: - Add ecalloc() and commented out recalloc(). Use inline strnlen() - instead of strlen() in estrndup(). - [7fb9aa46c1e0] + * plugins/sample/sample_plugin.map, + plugins/sample_group/sample_group.map, plugins/sudoers/sudoers.map, + plugins/system_group/system_group.map: + No need to provide a name for the scope in the map file since we + don't use the it for versioning. + [5ed4b997560d] -2012-03-18 Todd C. Miller +2012-06-17 Todd C. Miller - * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, - plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, - plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, - plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, - plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, - src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po, - src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po, - src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, - src/po/zh_CN.mo, src/po/zh_CN.po: - sync with translationproject.org - [45a032c37334] + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/check_symbols/check_symbols.c: + Add regress test for symbol visibility. + [9adddd4e0518] -2012-03-16 Todd C. Miller +2012-06-15 Todd C. Miller - * plugins/sudoers/set_perms.c: - Remove unused label - [2660bb0c1313] + * NEWS, configure, configure.in: + sudo 1.8.6 + [57008a7afb77] - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: - Document what changed in each plugin API revision - [59b30a6fc4d1] + * configure, configure.in, include/missing.h: + Add support for controlling symbol visibility using the HP and + Solaris C compilers. + [46d5b468979e] - * plugins/sudoers/set_perms.c: - Remove bogus optimization that could lead to a double free of the - group list. - [b0bfbd2a83a8] + * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/sudoers.h: + Use the expanded io log dir when updating the sequence number. + Includes a workaround for older versions of sudo where the sequence + number was stored in the unexpanded io log dir. + [210797dab9a8] -2012-03-15 Todd C. Miller +2012-06-14 Todd C. Miller - * doc/TROUBLESHOOTING: - Expand AIX /etc/security/privcmds entry. - [9f3f072e034e] + * src/parse_args.c: + Simplify "sudo -s" argv rewriting. + [7be143dae7c5] - * NEWS: - Update for sudo 1.8.5 - [086049011f25] + * MANIFEST, configure, configure.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in, + src/sudo_noexec.map: + Don't use a map file for sudo_noexec.so since Solaris ld doesn't + allow '*' in the global section. The libtool export flag is now + added to LT_LDFLAGS instead of commenting/uncommenting lines. + [38fc37a66b04] - * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.cat, - doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat, - doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.cat, - doc/sudoers.man.in, doc/sudoers.pod, include/sudo_conf.h, - include/sudo_plugin.h, src/load_plugins.c, src/sudo.c, - src/sudo_plugin_int.h: - Rename plugin "args" to "options" - [f25624951bd2] +2012-06-13 Todd C. Miller - * doc/CONTRIBUTORS: - Add Lithuanian and Vietnamese translators - [2b4c075b69e3] + * config.h.in, configure, configure.in, include/missing.h: + The visibility attribute was actually added in gcc 3.3.x, not 4.0. + Just assume that if -fvisibility=hidden works that the attribute is + usable. + [d3904d6faf14] - * Makefile.in: - Ignore comments when comparing new and old pot files. - [f872999347b3] + * plugins/sudoers/check.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/pwutil.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoers.map, + plugins/sudoers/sudoers.sym, plugins/sudoers/testsudoers.c, + plugins/system_group/system_group.c: + Export group cache from sudoers.so for system_group.so to use. + [16695d207fc5] - * src/Makefile.in: - regen - [c8193b1b11c7] + * MANIFEST, configure, configure.in, include/missing.h, + plugins/sample/Makefile.in, plugins/sample/sample_plugin.map, + plugins/sample_group/Makefile.in, + plugins/sample_group/sample_group.map, plugins/sudoers/Makefile.in, + plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.map, plugins/system_group/Makefile.in, + plugins/system_group/system_group.map, src/sudo_noexec.c, + src/sudo_noexec.map: + Use gcc's visibility attribute to specify when symbols are visible + or hidden, if available. If not available, use an ELF version script + if it is supported. If all else fails, fall back to using libtool's + -export-symbols. + [64e889921727] - * doc/sudo_plugin.cat, doc/sudo_plugin.man.in: - regen - [15e3c17e8a3a] +2012-06-12 Todd C. Miller - * doc/sudo_plugin.pod, include/sudo_plugin.h, - plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, - plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/hooks.c, - src/sudo.c, src/sudo.h: - Pass a pointer to user_env in to the init_session policy plugin - function so session setup can modify the user environment as needed. - For PAM authentication, merge the PAM environment with the user - environment at init_session time. We no longer need to swap in the - user_env for environ during session init, nor do we need to disable - the env hooks at init_session time. - [3f5277b359d8] + * sudo.pp: + Add mode for installed locale files but leave the directories with + default mode and owner. + [142237dbb31f] - * plugins/sample/sample_plugin.c: - Add explicit NULL entries for init_session, register_hooks and - deregister_hooks with appropriate comments. - [727a57978b40] +2012-06-11 Todd C. Miller - * compat/pw_dup.c: - Quiet a gcc "used uninitialized in this function" false positive. - [f14b68379ce9] + * mkpkg, sudo.pp: + Install AIX packages under /opt/freeware with links in /usr/bin and + /usr/sbin. This matches the layout of the sudo package from AIX + freeware. + [0b79d47bbe01] - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: - We should always call warning() with a format string or a string - literal. In this case, the argument (path) is not user-controlled. - [e9ef51224024] + * Makefile.in, configure, configure.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in, sudo.pp: + Install shared objects with mode 0644 except on HP-UX which needs + the executable bit set. + [ae416af0ba6c] -2012-03-14 Todd C. Miller + * Makefile.in, doc/Makefile.in, include/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Make installed file modes consistent with the file modes in the sudo + package. + [307386373289] - * src/selinux.c: - Include sudo_exec.h for the sudo_execve() prototype. - [769e58065edc] +2012-06-08 Todd C. Miller - * config.h.in, configure, configure.in: - Add check for pam_getenvlist() - [36bde3f26c60] + * doc/sudoers.pod: + Add "%:" prefix when talking about QAS non-Unix group support. + [7cb25f6861f8] - * common/sudo_conf.c: - Set args to NULL in default plugin info struct when there is no - Plugin line in sudo.conf. - [93ec67708f01] + * pp, sudo.pp: + Fix packaging of symbolic links on HP-UX when the link source + already exists in the filesystem. + [c9bb48031596] - * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - regen - [a9287677795c] + * mkpkg: + Only specify prefix if we are overriding the default value. Fixes + the man dir (/usr/local/man vs. /usr/local/share/man). + [65351b6c1697] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, - doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, - doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: - regen - [a242769d7962] + * sudo.pp: + Fix setting of sudoedit_man variable. + [9beed9ae5bba] - * configure, configure.in: - Bump version to 1.8.5 - [e8618f0c2505] + * doc/Makefile.in: + Echo the command when linking the sudoedit manual. + [6c83b5657b55] - * doc/sudo_plugin.pod: - Document hooks API - [e6ad07d27958] +2012-06-07 Todd C. Miller -2012-03-13 Todd C. Miller + * mkpkg, sudo.pp: + Build .deb packages with selinux support. + [3fd9cb1b4526] - * sudo.pp: - Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris. - [908819c39844] <1.8> +2012-06-04 Todd C. Miller * sudo.pp: - Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris. - [fd72340042d3] + Don't list paths for unstripped binaries in the lintial overrides. + [4c8e16f1773b] - * include/sudo_plugin.h: - Use sudo_hook_fn_t in struct sudo_hook. - [938f93112d6e] + * pp: + Add support for Installed-Size header in control file, required by + newer debian versions. + [e97d76234bee] - * doc/TROUBLESHOOTING: - If cross compiling, --host must include the OS in the tuple. E.g. - --host powerpc-unknown-linux - [b8c010070c1e] + * pp: + Fix extended description in .deb files. + [d35e27ace146] -2012-03-12 Todd C. Miller + * sudo.pp: + Add Depends, Replaces and Conflicts headers for .deb packages. + [76eb6c4b3278] - * .hgtags: - Added tag SUDO_1_8_4p4 for changeset 11a942f61d47 - [4a20e5e9af5d] <1.8> +2012-06-01 Todd C. Miller - * NEWS, configure, configure.in: - Update for sudo 1.8.4p4 - [11a942f61d47] [SUDO_1_8_4p4] <1.8> + * plugins/sudoers/sudo_nss.c: + If there are no privs to print, write the message to the lbuf + instead of printing it directly. + [ecd56226abb7] - * plugins/sudoers/parse.c: - Fix bogus int -> bool conversion; tags can have a value of -1. - [85ec4ae84fcf] <1.8> +2012-05-31 Todd C. Miller - * plugins/sudoers/parse.c: - Fix bogus int -> bool conversion; tags can have a value of -1. - [e63d6434a303] + * sudo.pp: + Set -e in %pos and %preun for debian to quiet a lintian warning. + [8bb908514df9] - * plugins/sudoers/env.c: - Add env_should_keep() and env_should_delete() wrapper functions to - simplify things a bit and hide the fact that matches_env_check() is - not bool. - [7a03d7a12b50] + * doc/Makefile.in, src/Makefile.in, sudo.pp: + Install sudoedit and the sudoedit manual as symbolic links, not hard + links and package them as such. + [f317ff3cf3e7] * sudo.pp: - Fix application of debian-specific sudoers mods when building - packages as non-root. - [e3e7f75d718c] <1.8> + Make sudo binary permissions 755 instead of 111 Add lintian + overrides file for .deb files. + [991cd7d7f0e1] + + * configure, configure.in, doc/Makefile.in, mkpkg: + Replace out of date MAN_POSTINSTALL with MANCOMPRESS and + MANCOMPRESSEXT which can be used to compress the installed manual + pages. Compress the man pages for .deb files to appease lintian. + [4e34083b41d2] * sudo.pp: - Fix application of debian-specific sudoers mods when building - packages as non-root. - [34bf4c52c425] + Debian fixes: + * fix modes to be more in line with what Debian expects + * add section + * install LICENSE as copyright and ChangeLog as changelog + * create stub changelog.debian + [7f6c5647f588] - * .hgtags: - Added tag SUDO_1_8_4p3 for changeset 3093c8558862 - [b82d3b208a4d] <1.8> + * pp: + Fix find command to properly skip files in the DEBIAN dir when + building md5sums. + [8918bde941fa] - * NEWS, configure, configure.in: - Update for sudo 1.8.4p3 - [3093c8558862] [SUDO_1_8_4p3] <1.8> + * pp, sudo.pp: + Use a debian-compliant package maintainer field. + [fc51a94170eb] - * plugins/sudoers/env.c: - matches_env_check() returns int, not boolean - [110f954181e1] <1.8> +2012-05-30 Todd C. Miller - * plugins/sudoers/env.c: - matches_env_check() returns int, not boolean - [0ad915b8d5cb] + * plugins/sudoers/sudoreplay.c: + No need to loop over atomic_writev(), it guarantees to write all + data or return an error. - * src/sudo_edit.c: - Fix compilation when seteuid() is not available. - [8a722f998000] + Fix handling of stdout/stderr that contains "\r\n" and handle a + "\r\n" pair that spans a buffer. + [8aaf02d90c45] - * src/ttyname.c: - Simply move the free of ki_proc outside the realloc() loop. - [18209f1ff9f7] <1.8> +2012-05-29 Todd C. Miller - * src/ttyname.c: - Simply move the free of ki_proc outside the realloc() loop. - [217b786da760] + * NEWS: + Update for sudo 1.8.5p2 + [d369d4d40a19] - * src/ttyname.c: - Bring back the erealloc() for the ENOMEM loop and just zero the - pointer after we free it. - [83a1c1ec6b03] <1.8> + * plugins/sudoers/sudoreplay.c: + Instead of doing extra write()s when replaying stdout, build up a + vector for writev() instead. This results in far fewer system calls. + [303d866c025c] - * src/ttyname.c: - Bring back the erealloc() for the ENOMEM loop and just zero the - pointer after we free it. - [29a016e45127] +2012-05-27 Todd C. Miller - * doc/visudo.cat, doc/visudo.man.in: - regen - [04ea41a8657c] <1.8> + * src/env_hooks.c, src/sudo.h, src/tgetpass.c: + Provide unhooked version of getenv() and use it when looking up + DISPLAY and SUDO_ASKPASS in the environment. + [04dbdccf4a14] - * src/ttyname.c: - Don't try to erealloc() a potentially freed pointer; Mateusz Guzik - [cca8a33ed286] <1.8> +2012-05-25 Todd C. Miller - * src/ttyname.c: - Don't try to erealloc() a potentially freed pointer; Mateusz Guzik - [266e08844065] + * plugins/sudoers/sudoreplay.c: + When replaying a log of stdout or stderr, do newline to carriage + return + linefeed conversion. We cannot have termios do this for us + since we've disabled output postprocessing (POST) when setting raw + mode. + [61352a7d996f] -2012-03-10 Todd C. Miller +2012-05-24 Todd C. Miller - * plugins/sudoers/set_perms.c: - Use normal error path if unable to set sudoers gid. - [01c816918c99] + * configure, configure.in: + When checking for -fstack-protector, treat warnings as fatal errors. + [4124cd12d511] - * plugins/sudoers/set_perms.c: - Make this work again on systems w/o seteuid(). - [2e67f7421e97] +2012-05-22 Todd C. Miller -2012-03-09 Todd C. Miller + * configure, configure.in: + Fix test for -z relro + [548bdb6f5c4a] + + * MANIFEST: + Add m4/ax_check_compile_flag.m4 and m4/ax_check_link_flag.m4 + [ed063264a2a1] + + * INSTALL, aclocal.m4, configure, configure.in, + m4/ax_check_compile_flag.m4, m4/ax_check_link_flag.m4: + Build with -fstack-protector and link with -zrelo where supported. + Added --disable-hardening option to disable hardening options. + [0b6c1a1ceb03] + +2012-05-21 Todd C. Miller - * plugins/sudoers/set_perms.c: - Fix compilation if no seteuid/setreuid/setresuid available. - [d0b3c1f88eb4] + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/testsudoers/test1.sh, + plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/testsudoers/test3.sh, + plugins/sudoers/regress/testsudoers/test4.out.ok, + plugins/sudoers/regress/testsudoers/test4.sh, + plugins/sudoers/regress/testsudoers/test5.inc, + plugins/sudoers/regress/testsudoers/test5.out.ok, + plugins/sudoers/regress/testsudoers/test5.sh, + plugins/sudoers/testsudoers.c: + Add tests for sudoers mode, owner and group checks. + [a7607443aba0] - * plugins/sudoers/set_perms.c: - Better error messages, and added debugging throughout. Fixed - seteuid() version of set_perms()/restore_perms(). Fixed logic bug in - AIX version of restore_perms(). Added checks to avoid changing - uid/gid when we don't have to. Never set gid/uid state to -1, use - the old value instead. - [29188d469b5c] + * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: + If sudoers_mode is group-readable but the actual sudoers file is + not, open the file as uid 0, not uid 1. This fixes a problem when + sudoers has a more restrictive mode than what sudo expects to find. + In older versions, sudo would silently chmod the file to add the + group-readable bit. + [c056b6003e6f] - * src/exec_pty.c, src/ttyname.c: - Fix format string warning on Solaris with gcc 3.4.3. - [45322f41e677] <1.8> + * INSTALL, common/secure_path.c, config.h.in, configure, configure.in: + No longer throw an error if sudoers is a symbolic link. Deprecated + the --with-stow option as that is now (effectively) the default. + [8ce783e54886] - * src/exec_pty.c, src/ttyname.c: - Fix format string warning on Solaris with gcc 3.4.3. - [d1eeb6e1dd0f] +2012-05-18 Todd C. Miller - * src/sudo.c: - Always declare environ now that we swap it around unilaterally. - [aaa3e92e7d0d] + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/testsudoers/test2.inc, + plugins/sudoers/regress/testsudoers/test2.out.ok, + plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/testsudoers/test3.d/root, + plugins/sudoers/regress/testsudoers/test3.out.ok, + plugins/sudoers/regress/testsudoers/test3.sh: + Add basic tests for #include and #includedir + [b303e4218951] - * src/Makefile.in: - Honor LDFLAGS when linking sesh; from Vita Cizek - [349b3c929637] <1.8> + * plugins/sudoers/testsudoers.c: + Add -U sudoers_uid option to testsudoers. + [3f8ed13501ba] - * src/Makefile.in: - Honor LDFLAGS when linking sesh; from Vita Cizek - [498b41438f6e] +2012-05-17 Todd C. Miller - * src/sesh.c: - Include alloc.h for estrdup() prototype; from Vita Cizek - [f5ed422a6553] <1.8> + * NEWS, configure, configure.in: + Update for 1.8.5p1 + [c33c49bf5b4b] - * src/sesh.c: - Include alloc.h for estrdup() prototype; from Vita Cizek - [93203655a320] + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix #includedir; from Mike Frysinger + [d4833d4e39a0] -2012-03-08 Todd C. Miller + * plugins/sudoers/check.c: + Don't prompt for a password if the user is in the exempt group, is + root, or is running the command as themselves even if the -k option + was specified. This makes "sudo -k command" consistent with the + behavior one would get if the user ran "sudo -k" immediately before + running the command. + [632b3961df00] - * plugins/sudoers/sudoers.c: - Don't read /etc/environment on Linux when using PAM, PAM should set - the environment variables as needed via pam_env. - [b1ef62cb2d40] +2012-05-15 Todd C. Miller * INSTALL: - Fix editor goof. - [574f0b17a91f] <1.8> + Fix capitalization + [7258aa977caf] - * INSTALL: - Fix editor goof. - [0c3dd3bb8b57] + * mkpkg: + Build PIE executable on Mac OS X 10.5 and above. + [2a5c7ef92182] - * src/hooks.c, src/sudo.c, src/sudo.h: - Disable environment hooks after we get user_env back to make sure a - plugin can't to modify user_env after we "own" it. This is kind of a - hack but we don't want the init_session plugin function to modify - user_env. - [8e6d119452a5] +2012-05-14 Todd C. Miller - * src/hooks.c, src/sudo.c: - Add support for deregistering hooks. If an I/O log plugin fails to - initialize, deregister its hooks (if any). - [ac00c93900c5] + * NEWS: + Update for sudo 1.8.4p5 + [21164f508b68] -2012-03-07 Todd C. Miller + * plugins/sudoers/match_addr.c: + Add missing break between AF_INET and AF_INET6 in + addr_matches_if_netmask() + [672a4793931a] - * plugins/sudoers/sudoers.c, src/sudo.c: - Move LOGIN_PATH and LOGIN_SETENV handling to plugin now that we hook - setenv. - [e75469dd9908] + * plugins/sudoers/mon_systrace.c: + Move systrace monitor code to the attic + [d6faf4754e9c] - * MANIFEST, aclocal.m4, common/sudo_debug.c, compat/Makefile.in, - compat/setenv.c, compat/unsetenv.c, config.h.in, configure, - configure.in, include/sudo_debug.h, include/sudo_plugin.h, mkdep.pl, - plugins/sudoers/auth/aix_auth.c, plugins/sudoers/env.c, - plugins/sudoers/ldap.c, plugins/sudoers/sudoers.c, - plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c, - src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h, - src/sudo_plugin_int.h: - Initial cut at a hooks implementation. The plugin can register hooks - for getenv, putenv, setenv and unsetenv. This makes it possible for - the plugin to trap changes to the environment made by authentication - methods such as PAM or BSD auth so that such changes are reflected - in the environment passed back to sudo for execve(). - [61cffa06f863] +2012-05-11 Todd C. Miller -2012-03-05 Todd C. Miller + * src/exec.c: + The pointer to the siginfo_t struct in a signal handler may be NULL. + [41a4ee934b53] - * MANIFEST, src/po/vi.mo, src/po/vi.po: - Add Vietnamese sudo translation from translationproject.org - [96df426790d5] +2012-05-10 Todd C. Miller -2012-03-02 Todd C. Miller + * plugins/sudoers/pwutil.c: + Fix an alignment problem on NetBSD systems with a 64-bit time_t and + strict alignment. Based on a patch from Martin Husemann. + [1e5ba3c18f17] - * doc/sample.sudo.conf, doc/sudo.pod, doc/sudo_plugin.pod, - doc/sudoers.pod: - List sudo_noexec.so not noexec.so in the sample sudo.conf - [53844e190ec5] + * include/missing.h: + Add offsetof macro for those without it. + [e44cb51d2587] - * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod, - doc/sudo_plugin.pod, doc/sudoers.pod, include/sudo_conf.h, - include/sudo_plugin.h, plugins/sample/sample_plugin.c, - plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, - plugins/sudoers/toke.l, src/load_plugins.c, src/sudo.c, - src/sudo_plugin_int.h: - Add support for plugin args at the end of a Plugin line in - sudo.conf. Bump the minor number accordingly and update the - documentation. A plugin must check the sudo front end's version - before using the plugin_args parameter since it is only supported - for API version 1.2 and higher. - [587f1f819536] + * MANIFEST: + add system_group plugin + [6169793b510c] -2012-03-01 Todd C. Miller +2012-05-09 Todd C. Miller - * plugins/sudoers/Makefile.in: - update depends - [6d2da44e11e5] + * compat/dlopen.c: + Implement RTLD_NEXT and fix RTLD_DEFAULT for HP-UX. + [85bd03bc5d94] - * MANIFEST: - secure_path.c is in common, not compat - [619c4a663dde] +2012-05-08 Todd C. Miller - * configure, configure.in: - Add check for variadic macro support in cpp. - [1ce59ac2e4f9] <1.8> + * NEWS: + Mention system_group plugin + [05393dd4bdb8] - * configure, configure.in: - Add check for variadic macro support in cpp. - [756854caf675] + * Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in: + update depends + [6feb0b824fc4] -2012-02-29 Todd C. Miller + * plugins/system_group/system_group.c: + Only call gr_delref() when use sudo's password caching functions. + [1103442e21fa] - * common/secure_path.c, common/sudo_conf.c, include/secure_path.h, - plugins/sudoers/gram.c, plugins/sudoers/gram.y, - plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, - plugins/sudoers/toke.c, plugins/sudoers/toke.l: - Add type param to sudo_secure_path() and add sudo_secure_file() and - sudo_secure_dir() wrappers which get by #includedir in sudoers. - [2ec2d3d8df04] + * plugins/sample_group/Makefile.in, plugins/system_group/Makefile.in: + Add missing dependency on libreplace.la + [05bfd9d4657f] -2012-02-28 Todd C. Miller + * compat/dlopen.c: + Emulate RTLD_DEFAULT and RTLD_SELF w/ shl_findsym() using NULL and + PROG_HANDLE. + [2382d0693acc] - * doc/visudo.pod, plugins/sudoers/visudo.c: - Check the owner and mode in -c (check) mode unless the -f option is - specified. Previously, the owner and mode were checked on the main - sudoers file when the -s (strict) option was given, but this was not - documented. - [dff2805fc49e] <1.8> + * Makefile.in, configure, configure.in, + plugins/system_group/Makefile.in, + plugins/system_group/system_group.c, + plugins/system_group/system_group.sym: + Add group plugin that does lookups by name using the system group + database. + [2ddbb604112f] - * doc/visudo.pod, plugins/sudoers/visudo.c: - Check the owner and mode in -c (check) mode unless the -f option is - specified. Previously, the owner and mode were checked on the main - sudoers file when the -s (strict) option was given, but this was not - documented. - [b2d6ee1e547a] + * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, src/po/pl.mo, + src/po/pl.po: + sync with translationproject.org + [4ef05df4226d] - * config.h.in, configure, configure.in, src/ttyname.c: - Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some versions - of OpenBSD versions that have KERN_PROC2 but not KERN_PROC. - [dceb6078cda5] <1.8> +2012-05-03 Todd C. Miller - * config.h.in, configure, configure.in, src/ttyname.c: - Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some versions - of OpenBSD versions that have KERN_PROC2 but not KERN_PROC. - [159f6a50456a] + * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/de.mo, src/po/de.po, src/po/eo.mo, src/po/eo.po, + src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po, + src/po/ru.mo, src/po/ru.po, src/po/sr.mo, src/po/sr.po, + src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, + src/po/zh_CN.mo, src/po/zh_CN.po: + sync with translationproject.org + [115c3f828fc5] -2012-02-27 Todd C. Miller +2012-05-01 Todd C. Miller - * doc/CONTRIBUTORS: - Add Eric Lakin for patch in bug #538 - [490c29c234c6] + * sudo.pp: + Add mode for docdir and use '-' (default) for localedir mode. Fixes + a problem on Linux when building in a directory with the setgid bit + set. + [582279c8bcb1] - * .hgtags: - Added tag SUDO_1_8_4p2 for changeset db564e1c02cf - [52638c160a4b] <1.8> +2012-04-30 Todd C. Miller - * NEWS, configure, configure.in: - bump version to 1.8.4p2 - [db564e1c02cf] [SUDO_1_8_4p2] <1.8> + * pp: + Match CentOS 6.0 + [1e99ef210f98] - * src/exec_pty.c: - Fix typo in safe_close() made while converting to debug framework - that prevented it from actually closing anything. - [833a8ce346d2] <1.8> +2012-04-24 Todd C. Miller - * src/exec_pty.c: - Fix typo in safe_close() made while converting to debug framework - that prevented it from actually closing anything. - [a66422a62afd] + * NEWS: + Update with recent changes + [c5fc220ba696] - * src/exec_pty.c: - Add some more debugging. - [b5667947dda9] + * pp: + Fix version check on AIX + [d272e39112f4] - * common/Makefile.in, compat/Makefile.in, doc/Makefile.in, - include/Makefile.in: - We need sysconfdir in compat/Makfile to get the proper sudo.conf - path. Add standard prefix and foodir expansion in all Makefiles to - avoid this problem in the future. - [ce1caa89c24d] <1.8> + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [72b23509465a] - * common/Makefile.in, compat/Makefile.in, doc/Makefile.in, - include/Makefile.in: - We need sysconfdir in compat/Makfile to get the proper sudo.conf - path. Add standard prefix and foodir expansion in all Makefiles to - avoid this problem in the future. - [62b6ce4ecae9] + * plugins/sudoers/ldap.c: + Need to call ldapssl_clientauth_init() for start_tls on Mozilla LDAP + SDK. + [87b685e70b9a] -2012-02-25 Todd C. Miller + * plugins/sudoers/ldap.c: + Fix printing of invalid uri + [645aa53acdde] - * MANIFEST, plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po: - New Lithuanian sudoers translation from translationproject.org - [10436b649035] + * plugins/sudoers/auth/pam.c: + Pass PAM_SILENT when deleting creds to remove an annoying warning + message on Solaris. + [1dd0301ef293] - * plugins/sudoers/po/ja.po: - Update from translationproject.org - [acb8db5f8ef1] +2012-04-23 Todd C. Miller -2012-02-24 Todd C. Miller + * src/utmp.c: + Fix the setutxent and endutxent compatibility defines (this time + correctly) when only setutent and endutent are available. + [d136d2867db9] * plugins/sudoers/ldap.c: - When adding gids to the LDAP filter, only add the primary gid once. - This is consistent with the space computation/allocation. From Eric - Lakin - [229db740f035] <1.8> + sudo_ldap_set_options_global() should not take an LDAP handle as an + argument since the options affect the global settings. + [1dc39b9d20f2] - * plugins/sudoers/ldap.c: - When adding gids to the LDAP filter, only add the primary gid once. - This is consistent with the space computation/allocation. From Eric - Lakin - [35d9d99c92c6] + * mkpkg: + Debian sudo has not been built with --with-exempt=sudo since 1.6.8. + [c7716291a856] - * doc/TROUBLESHOOTING: - Add entry for AIX enhanced RBAC config. - [24f1e176e398] <1.8> + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + plugins/sudoers/auth/pam.c, src/exec.c, src/exec_pty.c, src/sudo.c, + src/sudo.h: + Call the policy's init_session() function before we fork the child. + That way, the session is created and destroyed in the same process, + which is needed by some modules, such as pam_mount. + [ece552ba002e] * doc/TROUBLESHOOTING: - Add entry for AIX enhanced RBAC config. - [5e10b6f8def7] - - * mkpkg: - Target Mac OS X 10.5 when building packages. - [7b296251013d] <1.8> + Add entry for SSL LDAP errors on Mozilla SDKs when the cert dir is + not specified. + [bd293e100b28] - * mkpkg: - Target Mac OS X 10.5 when building packages. - [06fce9bbebee] + * plugins/sudoers/auth/pam.c: + Delete creds after closing the PAM session. + [5158d726d6a5] -2012-02-22 Todd C. Miller + * plugins/sudoers/ldap.c: + Provide a more useful error message if using a Mozilla-style LDAP + SDK and you forgot to specify TLS_CERT in ldap.conf. + [7cb78feb899c] - * MANIFEST, common/Makefile.in, common/secure_path.c, - common/sudo_conf.c, include/secure_path.h, - plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c: - Relax the user/group/mode checks on sudoers files. As long as the - file is owned by the right user, not world-writable and not writable - by a group other than the one specified at configure time (gid 0 by - default), the file is considered OK. Note that visudo will still set - the mode to the value specified at configure time. - [241174babfcc] + * src/exec_pty.c: + Add missing initialization of a sigaction structure when I/O + logging. Fixes a potential problem when suspending the command. + [f4480f2ba816] -2012-02-21 Todd C. Miller + * plugins/sudoers/ldap.c: + Split global and per-connection LDAP options into separate arrays. + Set global LDAP options before calling ldap_initialize() or + ldap_init(). After we have an LDAP handle, set the per-connection + options. Fixes a problem with OpenLDAP using the nss crypto backend; + bug #342 + [265c9d2dc12b] - * plugins/sudoers/set_perms.c: - Add AIX-specific version of permission setting code to make sure - that the saved uid gets restored properly. - [9a6f5d22c301] + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/de.mo, src/po/de.po, src/po/hr.mo, src/po/hr.po, + src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: + sync with translationproject.org + [6d7fe44be21e] - * config.h.in, configure, configure.in, src/exec_common.c: - Check for LD_PRELOAD variants in configure instead of checkign cpp - symbols. In disable_execute(), compute the length of the new envp - and allocate it once instead of reallocating on demand. Also append - old value of LD_PRELOAD (if any) to the new value. - [680266346917] +2012-04-21 Todd C. Miller - * .hgtags: - Added tag SUDO_1_8_4p1 for changeset aeb6b9701150 - [26bc7af7c304] <1.8> + * src/sudo.c, src/sudo.h: + Move struct passwd pointer into struct command details. + [d6fb1eff2065] - * NEWS: - List 1.8.4p1 - [aeb6b9701150] [SUDO_1_8_4p1] <1.8> +2012-04-20 Todd C. Miller - * configure, configure.in: - bump version to 1.8.4p1 - [2c7edc0bf0b7] <1.8> + * pp: + Sync with upstream for Mac OS X (and other) fixes. + [c2f4998d01b0] - * Fix the description of noexec. - [b5baebe2f820] <1.8> + * mkpkg: + Only built Mac intel universal binary on an intel machine. + [0009e0b7e5a8] - * The "op" parameter to set_default() must be int, not bool since it - is set to '+' or '-' for list add and subtract. - [b6bf0980fb08] <1.8> + * src/Makefile.in: + Do not pass libtool the -static-libtool-libs option when building + sudo and sesh. Otherwise, libtool may prefer a static version of an + installed library over a dynamic one when linking. + [6fbac9adc885] - * Make sure sudoers is writable before calling ed script. - [97e0078b19ae] <1.8> +2012-04-19 Todd C. Miller - * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: - Fix the description of noexec. - [6a6d142f3c80] + * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/hr.mo, + plugins/sudoers/po/hr.po, src/po/de.mo, src/po/de.po: + Add German translation for sudo Add Croatian translation for sudoers + [fa4da1a6530c] - * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: - The "op" parameter to set_default() must be int, not bool since it - is set to '+' or '-' for list add and subtract. - [8da5b137bea2] + * plugins/sudoers/iolog.c: + typo fix in comment + [abd721d1288e] - * sudo.pp: - Make sure sudoers is writable before calling ed script. - [95352ab6336b] +2012-04-16 Todd C. Miller -2012-02-17 Todd C. Miller + * NEWS: + Update with recent changes + [6fa11e8448b9] - * .hgtags: - Added tag SUDO_1_8_4 for changeset 7b0b7dfc84c7 - [18d646360da5] <1.8> + * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + Sort xgettext output by file name. + [f650841810f0] - * Update contributors. Now includes translators and authors of compat - code. - [7b0b7dfc84c7] [SUDO_1_8_4] <1.8> + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod: + Clarify what "sudoreplay -l" displays and mention that it is sorted. + [84031c117bd6] - * doc/CONTRIBUTORS, doc/contributors.pod: - Update contributors. Now includes translators and authors of compat - code. - [4fb5b616b50a] + * config.h.in, configure, configure.in, src/ttyname.c: + Use AC_HEADER_MAJOR to determine where major/minor are defined. + [3c949650a223] -2012-02-16 Todd C. Miller + * config.h.in, configure, configure.in, src/ttyname.c: + Include sys/mkdev.h if present instead of sys/sysmacros.h for + minor(). This is needed on Solaris (at least) where the makedev + macros in sysmacros.h are obsolete and library functions should be + used instead. + [343928acf81e] - * src/po/sudo.pot: - regen - [fda54a3b1cd1] <1.8> + * mkpkg: + When building on Mac OS X, only set SDK_FLAGS if specified osversion + doesn't match host. + [d84c6efac872] - * src/po/sudo.pot: - regen - [2c86e2c328fe] +2012-04-15 Todd C. Miller - * Build flat packages, not package bundles, on Mac OS X. - [2f6f0704a09e] <1.8> + * src/ttyname.c: + Add back buf and tty variables for _ttyname() case that were + inadvertantly removed. + [a4a820b22a44] - * pp, sudo.pp: - Build flat packages, not package bundles, on Mac OS X. - [57bda3cd5520] +2012-04-13 Todd C. Miller -2012-02-10 Todd C. Miller + * plugins/sudoers/po/sudoers.pot: + regen + [5446b12c1250] - * sudo.pp: - Move macos section to be with the other OS-specific sections. - [51423bb2973a] + * configure, configure.in: + Remove b8 from version number. + [5adc4dcec061] - * Sync with translationproject.org - [77a0b5480ae5] <1.8> + * src/ttyname.c: + remove some XXX + [187579a5f593] - * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, - plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: - Sync with translationproject.org - [8ce41cbb8da0] + * src/ttyname.c: + When looking for a device match, do a breadth-first search instead + of depth-first. We already special case /dev/pts/ so chances are + good that if it is not a pseudo-tty it is in the base of /dev/. Also + avoid a stat(2) when possible if struct dirent has d_type. + [0183f8a1b278] - * configure, configure.in: - Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS - [6588fc4a55a1] <1.8> + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + src/sudo.c, src/sudo.h: + Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list. + [f0574d878491] - * configure, configure.in: - Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS - [fa979aa6fe7d] + * src/po/eo.mo, src/po/es.mo, src/po/es.po, src/po/fi.mo, + src/po/ja.mo, src/po/pl.mo, src/po/ru.mo, src/po/uk.mo, + src/po/vi.mo: + sync with translationproject.org + [4527ea78fbd5] - * sudo.pp: - Move macos section to be with the other OS-specific sections. - [c3cc794fd586] <1.8> + * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/gl.mo, src/po/gl.po, + src/po/hr.mo, src/po/hr.po: + New Croatian and Galician translations from translationproject.org + [ad4bd924b4de] - * Add Mac OS X support, printing the latest chunk of the NEWS file and - the license text in the installer. - [905d8fab423f] <1.8> + * src/ttyname.c: + Add depth-first traversal of /dev/ for the /proc case when not + /dev/pts/N + [499bd3456774] - * sudo.pp: - Add Mac OS X support, printing the latest chunk of the NEWS file and - the license text in the installer. - [ffeab72387c0] + * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c: + If struct dirent has d_type, use it to avoid an extra stat(). + [741dabbe4bcd] - * Add explicit file modes that match those used by "make install" - [7e1eb99baf92] <1.8> + * plugins/sudoers/sudoreplay.c: + Sort output of "sudoreplay -l" + [c0615795bd4b] - * Sync with upstream for Mac OS X fixes. - [90cec33d1108] <1.8> +2012-04-12 Todd C. Miller - * Got back to using "install-sh -M" for files installed as non- - readable by owner. This fixes "make install" as non-root for package - building. - [9e1e87961712] <1.8> + * plugins/sudoers/sudoreplay.c: + Fix duplicate free introduced in last rev + [efdaabe69d75] - * sudo.pp: - Add explicit file modes that match those used by "make install" - [7eb37242c920] +2012-04-11 Todd C. Miller - * pp: - Sync with upstream for Mac OS X fixes. - [97cba179041e] + * plugins/sudoers/auth/pam.c: + Instead of treating ^C from tgetpass() specially, always return + AUTH_INTR if tgetpass() returned NULL. Treat PAM_AUTHINFO_UNAVAIL + like PAM_AUTH_ERR which Mac OS X returns this when there is no tty. + [a3b17298d4d0] - * plugins/sudoers/Makefile.in, src/Makefile.in: - Got back to using "install-sh -M" for files installed as non- - readable by owner. This fixes "make install" as non-root for package - building. - [967804ee77d6] + * config.h.in, configure, configure.in, src/ttyname.c: + Rototill code to determine the tty. For Linux, we now look up the + tty device in /proc/pid/stat instead of trying to open + /proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given + device number to a string. On BSD, we can use devname(). On Solaris, + _ttyname_dev() does what we want. TODO: write /dev/ traversal code + for the generic sudo_ttyname_dev(). + [6b22be4d09f0] -2012-02-09 Todd C. Miller +2012-04-10 Todd C. Miller - * Sync with translationproject.org - [0c835326e22c] <1.8> + * src/ttyname.c: + Define PRNODEV for those w/o it. + [f17290e64559] - * Makefile.in: - Use -m not -M for install-sh for everything except setuid. Install - locale .mo files mode 0444, not 0644. If timedir parent doesn't - exist, use default dir mode, not 0700. - [451576bb0772] <1.8> + * config.h.in, configure, configure.in, src/ttyname.c: + Check for SVR4-style struct psinfo.pr_ttydev and use that to + determine the tty if std{in,out,err} are not ttys. + [76ad33a91f4b] - * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, - plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, - plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, - plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, - plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po: - Sync with translationproject.org - [0e53db12039a] + * src/ttyname.c: + Better support for SVR4-style /proc entries where we can't use + ttyname() on the /proc/pid/fd/[0-2] entries. We can, however, + attempt to map the device number back to the correct pseudo-tty + slave device. + [4f9f48cc79eb] - * Makefile.in, doc/Makefile.in, include/Makefile.in, - plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, - plugins/sudoers/Makefile.in, src/Makefile.in: - Use -m not -M for install-sh for everything except setuid. Install - locale .mo files mode 0444, not 0644. If timedir parent doesn't - exist, use default dir mode, not 0700. - [8b6f64c92090] + * src/ttyname.c: + When trying to determine the tty name, check parent's stderr in + addition to its stdin and stdout. + [604644056c7d] -2012-02-07 Todd C. Miller + * src/exec_pty.c: + Treat a tty read failure like EOF as it usually means the pty has + gone away. Handle write() on the tty returning EIO. + [16957f4a706f] - * Re-sync with upstream; no longer need a local patch. - [342d3dceba65] <1.8> + * src/exec.c, src/exec_pty.c: + Linux select() may return ENOMEM if there is a kernel resource + shortage. Older Solaris select() may return EIO instead of EBADF + when the tty goes away. If we get an unhandled select() failure, + kill the child and exit cleanly. + [d93940a311ab] - * pp: - Re-sync with upstream; no longer need a local patch. - [97a2c7be5e59] + * src/ttyname.c: + Open /proc/pid/fd/[0-2] in non-blocking mode just in case we might + block in open. + [a9f809d09d52] - * Add support for building Mac OS X packages. - [e047b6fbba17] <1.8> +2012-04-09 Todd C. Miller - * mkpkg: - Add support for building Mac OS X packages. - [94d49ac223a4] + * plugins/sudoers/set_perms.c: + Fix restoration of AIX permissions. + [30c717115988] - * Sync with upstream - [20cc2ff83ee3] <1.8> + * src/parse_args.c: + Allow the -k flag to be used along with the -i and -s flags. + [0653b17c97f1] - * No longer need to define _PATH_SUDO_CONF here. - [7da6e017c6d0] <1.8> + * plugins/sudoers/sudoreplay.c: + Plug memory leak in parse_logfile() in the error path. + [9cce86fa833b] - * pp: - Sync with upstream - [1c97654fc841] + * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/da.mo, src/po/da.po, src/po/eo.po, src/po/es.po, + src/po/fi.po, src/po/it.mo, src/po/it.po, src/po/ja.po, + src/po/pl.po, src/po/ru.po, src/po/uk.po, src/po/vi.po, + src/po/zh_CN.mo, src/po/zh_CN.po: + sync with translationproject.org + [14af43d0b170] - * src/Makefile.in: - No longer need to define _PATH_SUDO_CONF here. - [2560905b7482] +2012-04-08 Todd C. Miller - * Fix noexec for Mac OS X. - [71b8ee9eea74] <1.8> + * compat/regress/glob/globtest.c, config.h.in, configure, + configure.in, plugins/sudoers/match.c: + Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the + glob() and fnmatch() results to be consistent. + [4226750d73c2] - * src/exec_common.c: - Fix noexec for Mac OS X. - [b7a744bca2c0] +2012-04-06 Todd C. Miller -2012-02-06 Todd C. Miller + * MANIFEST, common/Makefile.in, common/ttysize.c, src/Makefile.in, + src/ttysize.c: + Move ttysize.c to common so sudoreplay can use it. + [b4a0aa514cd4] - * Move _PATH_SUDO_CONF override to common to match sudo_conf.c - [639fe46fc8c0] <1.8> + * plugins/sudoers/sudoreplay.c: + If I/O log file includes rows + cols, warn if the user's tty is not + big enough. + [b980ef89efff] - * common/Makefile.in: - Move _PATH_SUDO_CONF override to common to match sudo_debug.c - [f0788972a63a] + * plugins/sudoers/sudoreplay.c: + Fix printing of TSID in "sudoreplay -l" + [4221e3e108b4] - * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - fix version in .pot files - [37dbb6f99fc9] <1.8> + * common/sudo_debug.c, include/sudo_debug.h, + plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/exec.c, + src/exec_pty.c: + Log the process id in the debug file output. Since we don't want to + keep calling getpid(), stash the value at init time and when we + fork(). + [2782d30c024d] - * More complete fix for LDR_PRELOAD on AIX. The addition of - set_perm(PERM_ROOT) before calling the nss open functions (needed to - avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective - and then real uid to 0 for PERM_ROOT works around the issue. - [5d52d2565dca] <1.8> + * src/exec_pty.c: + Ignore SIGTTIN and SIGTTOU in main sudo process when I/O logging. It + is better to receive EIO from read()/write() than to be suspended + when we don't expect it. Fixes a problem when our terminal is + revoked which can happen when, e.g. our sshd is killed + unceremoniously. Also, only change the value of "alive" from true to + false, never from false to true. It is possible for us to receive + notification of the child having stopped after it is already dead. + This does not mean it has risen from the grave. + [26c9fe8ce0f9] - * plugins/sudoers/set_perms.c: - More complete fix for LDR_PRELOAD on AIX. The addition of - set_perm(PERM_ROOT) before calling the nss open functions (needed to - avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective - and then real uid to 0 for PERM_ROOT works around the issue. - [5888eda051af] + * src/exec_pty.c: + Distinguish between signals we received from the parent vs. those + delivered explicitly to the monitor process in debugging info. + [40716cb180e5] - * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - regen - [98e788019e50] <1.8> +2012-04-05 Todd C. Miller - * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - regen - [997fe403e219] + * plugins/sudoers/check.c: + In Solaris 11, /dev/pts under the "dev" filesystem, not "devices". + Update tty_is_devpts() to match so we can determine when the tty has + been reused. + [2689665df027] - * Set real uid to root before calling sudo_edit() or run_command() so - that the monitor process is owned by root and not by the user. - Otherwise, on AIX at least, the monitor process shows up in ps as - belonging to the user (and can be killed by the user). - [de4d852fef96] <1.8> + * common/sudo_debug.c, include/error.h, include/sudo_debug.h: + Always pass __func__, __FILE__ and __LINE__ in sudo_debug_printf() + and use a new flag, SUDO_DEBUG_FILENO to specify when to use it. + This allows consumers of sudo_debug_printf() to log that data + without having to specify it manually. + [7c94c4879208] - * For PERM_ROOT when using setreuid(), only set the euid to 0 prior to - the call to setuid(0) if the current euid is non-zero. This - effectively restores the state of things prior to rev 7bfeb629fccb. - Fixes a problem on AIX where LDR_PRELOAD was not being honored for - the command being executed. - [be1222842fc1] <1.8> + * src/exec_pty.c: + Make this compile after last change. + [ee09034f3266] - * configure, configure.in: - Make a copy of the struct passwd in exec_setup() to make sure - nothing in the policy init modifies it. - [5cbbbfffd1dc] <1.8> + * src/exec_pty.c: + Don't try to restore the terminal if we are not the foreground + process. Otherwise, we may be stopped by SIGTTOU when we try to + update the terminal settings when cleaning up. + [c48b24335456] - * src/sudo.c: - Set real uid to root before calling sudo_edit() or run_command() so - that the monitor process is owned by root and not by the user. - Otherwise, on AIX at least, the monitor process shows up in ps as - belonging to the user (and can be killed by the user). - [d4772d7d2fc5] + * src/exec.c: + If select() return EBADF in the main event loop, one of the ttys + must have gone away so perform any I/O we can and close the bad fds. + [3bc8678c03ce] + + * common/sudo_debug.c, include/error.h, include/sudo_debug.h, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l: + Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. Log the + function, file and line number in the debug log for warning() and + error(). + [894cd131f11d] - * plugins/sudoers/set_perms.c: - For PERM_ROOT when using setreuid(), only set the euid to 0 prior to - the call to setuid(0) if the current euid is non-zero. This - effectively restores the state of things prior to rev 7bfeb629fccb. - Fixes a problem on AIX where LDR_PRELOAD was not being honored for - the command being executed. - [b9b40325b4dc] +2012-04-04 Todd C. Miller - * MANIFEST, compat/pw_dup.c, config.h.in, configure, configure.in, - include/missing.h, src/sudo.c: - Make a copy of the struct passwd in exec_setup() to make sure - nothing in the policy init modifies it. - [b721261c921f] + * common/sudo_debug.c, include/error.h, include/sudo_debug.h, + src/conversation.c: + Add SUDO_DEBUG_ERRNO flag to debug functions so we can log errno. + Use this flag when wrapping error() and warning() so the debug + output includes the error string. + [1e2c67adaf1f] -2012-02-05 Todd C. Miller +2012-03-30 Todd C. Miller + + * NEWS: + Update for sudo 1.8.5 + [7d2b62b823fe] - * doc/sudo.cat, doc/sudo.man.in, doc/sudoers.cat, doc/sudoers.man.in: + * plugins/sudoers/po/sudoers.pot: regen - [b67fc8934d2e] <1.8> + [718ad9de92cd] - * update copyright - [df51e0f417de] <1.8> + * doc/CONTRIBUTORS: + sync + [f48013aea641] - * doc/sudoers.pod: - update copyright - [f9d229d1f65e] + * plugins/sudoers/pwutil.c: + Use ecalloc() + [fabd23c1f271] - * g/c now-unused debug subsystems - [888961d378f3] <1.8> + * src/exec_pty.c: + Don't need zero_bytes() after ecalloc() + [1a9d95cd10ef] - * Enumerate the debug subsystems used by sudo and sudoers. - [5418d7dd8ef4] <1.8> + * config.h.in, configure, configure.in, src/sudo_noexec.c: + Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers to + sudo_noexec.c. + [cbaa1d4b0f8a] - * common/sudo_debug.c, include/sudo_debug.h: - g/c now-unused debug subsystems - [8f21726e698f] + * src/utmp.c: + Fix compat setutxent and endutxent macros for systems with + setutent() but not setutxent(). From Gustavo Zacarias + [d7ce622fc5f2] - * doc/sudo.pod, doc/sudoers.pod: - Enumerate the debug subsystems used by sudo and sudoers. - [ac4f84293d14] +2012-03-29 Todd C. Miller -2012-02-03 Todd C. Miller + * configure.in: + Add ignore_result definition to AH_BOTTOM + [8d4096838a98] - * NEWS, doc/sudo.cat, doc/sudo.man.in: - Normally, sudo disables core dumps while it is running. This - behavior can now be modified at run time with a line in sudo.conf - like "Set disable_coredumps false" - [ad21e940c5c2] <1.8> + * common/sudo_debug.c, config.h.in, plugins/sample/sample_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/env_hooks.c, + src/exec.c, src/exec_pty.c, src/tgetpass.c: + Fix compiler warnings on some platforms and provide a better method + of defeating gcc's warn_unused_result attribute. + [9a8f804fcc75] - * NEWS, common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod, - include/sudo_conf.h, src/sudo.c: - Normally, sudo disables core dumps while it is running. This - behavior can now be modified at run time with a line in sudo.conf - like "Set disable_coredumps false" - [ad14e0508b0d] + * configure, configure.in: + Fix building the builtin zlib from a build dir. When a zlib dir was + specified, prepend its include path instead of appending so we get + the right zlib headers. + [5f61d591b186] - * NEWS: - Mention Spanish translation - [bef71da9a4c2] <1.8> + * doc/LICENSE, zlib/adler32.c, zlib/crc32.c, zlib/crc32.h, + zlib/deflate.c, zlib/deflate.h, zlib/gzguts.h, zlib/gzlib.c, + zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffixed.h, + zlib/inflate.c, zlib/inftrees.c, zlib/trees.c, zlib/zconf.h.in, + zlib/zlib.h, zlib/zutil.c, zlib/zutil.h: + Update zlib to version 1.2.6 + [173c4bc4d4fc] - * NEWS: - Mention Spanish translation - [600f3205bd6e] +2012-03-28 Todd C. Miller - * Make sure we don't try to fall back to using the conversation - function for debugging in the main sudo process if we are unable to - open the debug file. - [1f0e6451c85c] <1.8> + * include/missing.h: + g/c __unused which is no longer used + [7ef3f23edcd6] - * common/sudo_debug.c: - Make sure we don't try to fall back to using the conversation - function for debugging in the main sudo process if we are unable to - open the debug file. - [ffa329aa908c] + * src/env_hooks.c: + Fix compilation if RTLD_NEXT is not defined. + [d5605f468b71] + + * src/po/sr.mo, src/po/sr.po: + sync with translationproject.org + [27d559f7985d] - * Add sudo Spanish translation from translationproject.org - [2f71e4ecc6f9] <1.8> + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, + doc/sudoers.man.in: + regen + [f9f63ce478b6] - * Better debug subsystem usage - [b313903c1fe4] <1.8> + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [59035d82d15a] - * Remove duplicate function prototypes - [60860ae4d303] <1.8> + * Makefile.in: + Ignore Project-Id-Version when comparing pot files. + [22feb9ede46b] - * MANIFEST, src/po/es.mo, src/po/es.po: - Add sudo Spanish translation from translationproject.org - [c1906654e740] + * plugins/sudoers/bsm_audit.c: + Use error() instead of log_fatal() + [54130bda4b50] -2012-02-02 Todd C. Miller + * plugins/sudoers/env.c: + Fix signedness of didvar in env_update_didvar() + [77048a80b3e4] * plugins/sudoers/iolog.c: - Better debug subsystem usage - [1a31f115743c] + Quiet a compiler warning on some platforms. + [8fdcaece0400] - * src/sudo.c: - Remove duplicate function prototypes - [ae04b00532eb] + * compat/fnmatch.c: + cast ctype(3) function/macro arguments from char to unsigned char to + avoid potential negative subscripting. + [bdcf7eef21ef] -2012-02-01 Todd C. Miller + * common/setgroups.c: + Quiet a warning on systems where the gids array in setgroups() is + not prototyped as being const, even though it really is. + [fdd758c6302d] - * configure, configure.in: - Error out if user specified --with-pam but we can't find the headers - or library. Also throw an error if the headers are present but the - library is not and vice versa. - [445de14974ff] <1.8> + * src/env_hooks.c: + Quiet a compiler warning on systems where the argument to putenv(3) + is const. + [51bae2193b53] - * configure, configure.in: - Error out if user specified --with-pam but we can't find the headers - or library. Also throw an error if the headers are present but the - library is not and vice versa. - [d6bf3e3d0aae] + * plugins/sudoers/sudoreplay.c: + Undo an incorrect int -> bool conversion. + [b9a4ce320f14] -2012-01-31 Todd C. Miller + * MANIFEST, NEWS, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + src/po/sv.mo, src/po/sv.po: + Add Swedish sudo and sudoers translations from + translationproject.org + [f7ce1de9073f] - * Fix the sudoers permission check when the expected sudoers mode is - owner-writable. - [ee1104bb2142] <1.8> + * plugins/sudoers/env.c: + No need to preserve ODMDIR on AIX now that we always read + /etc/environment. + [4aa04b2f0125] - * plugins/sudoers/sudoers.c: - Fix the sudoers permission check when the expected sudoers mode is - owner-writable. - [8b0b7e770a22] +2012-03-27 Todd C. Miller -2012-01-30 Todd C. Miller + * doc/sudoers.pod, plugins/sudoers/env.c: + When initializing the environment for env_reset, start out with the + contents of /etc/environment on AIX and login.conf on BSD. + [5717bdc321e2] - * configure, configure.in: - Verify that we can link executables built with -D_FORTIFY_SOURCE - before using it. - [4dee7e2b5795] <1.8> + * doc/TROUBLESHOOTING, src/sudo.c: + If we are not running with an effective uid of 0, try to give the + user enough information to debug the problem. + [fa4894896d8a] - * configure, configure.in: - Verify that we can link executables built with -D_FORTIFY_SOURCE - before using it. - [7578215d1a95] + * plugins/sudoers/getdate.c, plugins/sudoers/gram.c: + Quiet a clang-analyzer false positive. + [c4c0c1b9c8b0] - * Fix potential off-by-one when making a copy of the environment for - LD_PRELOAD insertion. Fixes bug #534 - [3ddcf9a4de63] <1.8> + * src/tgetpass.c: + If there is nothing to read from the askpass program, set errno to + EINTR. This makes the cancel button behave like the user entered ^C + at the password prompt when PAM is used. + [594302cb9caf] - * src/exec_common.c: - Fix potential off-by-one when making a copy of the environment for - LD_PRELOAD insertion. Fixes bug #534 - [cc699cd551b6] + * src/sudo.h, src/tgetpass.c: + Fetch the value of "askpass" from the sudo conf struct. + [4593ee8f1bd3] - * configure, configure.in: - Add rudimentary check for _FORTIFY_SOURCE support by checking for - __sprintf_chk, one of the functions used by gcc to support it. - [029db376a497] <1.8> + * common/sudo_conf.c: + Fix matching of "Path askpass" and "Path noexec" + [4df28d62afb9] - * configure, configure.in: - Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves. - [201d1f3b4aa2] <1.8> +2012-03-26 Todd C. Miller - * configure, configure.in: - Add rudimentary check for _FORTIFY_SOURCE support by checking for - __sprintf_chk, one of the functions used by gcc to support it. - [a992673d2ef8] + * plugins/sudoers/visudo.c: + Quiet a clang-analyzer dead store warning. + [dd90bf385a3f] - * compat/stdbool.h, config.h.in, configure, configure.in: - Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves. - [8ba1370884b3] + * plugins/sudoers/sudoers.c: + If the "timestampowner" user cannot be resolved, use ROOT_UID + instead of exiting with a fatal error. + [8d62aae99715] -2012-01-29 Todd C. Miller + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/check.c, plugins/sudoers/env.c, + plugins/sudoers/iolog.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/parse.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: + Remove the NO_EXIT flag to log_error() and add a log_fatal() + function that exits and is marked no_return. Fixes false positives + from static analyzers and is easier for humans to read too. + [a0fe785c2a3d] - * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - regen - [3c0ebf67b333] <1.8> +2012-03-24 Todd C. Miller + + * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo, + src/po/eo.po: + sync with translationproject.org + [df5e8777de13] + +2012-03-20 Todd C. Miller - * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - regen - [1e0b38397705] + * src/po/da.mo, src/po/da.po: + sync with translationproject.org + [629d99548b78] -2012-01-25 Todd C. Miller + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: + sync with translationproject.org + [9d122a2860d6] - * The change in 4fe0f357d34b that caused to exit when the monitor dies - created a race condition between the monitor exiting and the status - being read. All we really want to do is make sure that select() - notifies us that there is a status change when the monitor dies - unexpectedly so shutdown the socketpair connected to the monitor for - writing when it dies. That way we can still read the status that is - pending on the socket and select() on Linux will tell us that the fd - is ready. - [16c1a3da35c6] <1.8> +2012-03-19 Todd C. Miller - * src/exec.c, src/sudo.c: - The change in 818e82ecbbfc that caused to exit when the monitor dies - created a race condition between the monitor exiting and the status - being read. All we really want to do is make sure that select() - notifies us that there is a status change when the monitor dies - unexpectedly so shutdown the socketpair connected to the monitor for - writing when it dies. That way we can still read the status that is - pending on the socket and select() on Linux will tell us that the fd - is ready. - [7fb5b30ea48d] + * src/po/it.mo, src/po/it.po: + sync with translationproject.org + [6397593b15cf] - * Refactor disable_execute() and my_execve() into exec_common.c for - use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of - disabling exec in exec_setup(), disable it immediately before - executing the command. Adapted from a diff by Arno Schuring. - [d266fdb5d00e] <1.8> + * common/sudo_conf.c, plugins/sudoers/alias.c, + plugins/sudoers/defaults.c, plugins/sudoers/env.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/interfaces.c, plugins/sudoers/ldap.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/hooks.c, + src/load_plugins.c: + Use ecalloc() when allocating structs. + [8b5888868db2] - * MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c, - src/exec_pty.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h, - src/sudo_exec.h: - Refactor disable_execute() and my_execve() into exec_common.c for - use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of - disabling exec in exec_setup(), disable it immediately before - executing the command. Adapted from a diff by Arno Schuring. - [ec4d8b53db6b] + * common/alloc.c, include/alloc.h: + Add ecalloc() and commented out recalloc(). Use inline strnlen() + instead of strlen() in estrndup(). + [7fb9aa46c1e0] -2012-01-20 Todd C. Miller +2012-03-18 Todd C. Miller - * configure, configure.in: - Add custom version of AC_CHECK_LIB that uses the extra libs in the - cache value name. With this we no longer need to rely on a modified - version of autoconf. - [f5293f1a5968] <1.8> + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po, + src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po, + src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, + src/po/zh_CN.mo, src/po/zh_CN.po: + sync with translationproject.org + [45a032c37334] - * aclocal.m4, configure, configure.in: - Add custom version of AC_CHECK_LIB that uses the extra libs in the - cache value name. With this we no longer need to rely on a modified - version of autoconf. - [1c3b1d482d6c] +2012-03-16 Todd C. Miller -2012-01-19 Todd C. Miller + * plugins/sudoers/set_perms.c: + Remove unused label + [2660bb0c1313] - * configure, configure.in: - Better handling of network functions that need -lsocket -lnsl - [91dcddb6ec61] <1.8> + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document what changed in each plugin API revision + [59b30a6fc4d1] - * configure, configure.in: - Better handling of network functions that need -lsocket -lnsl - [cc386342ec2b] + * plugins/sudoers/set_perms.c: + Remove bogus optimization that could lead to a double free of the + group list. + [b0bfbd2a83a8] - * When setting up the execution environment, set groups before - gid/egid like sudo 1.7 did. - [97a921461313] <1.8> +2012-03-15 Todd C. Miller - * configure, configure.in: - Remove "WARNING: unable to find foo() trying -lsocket -lnsl" - [c1c174183607] <1.8> + * doc/TROUBLESHOOTING: + Expand AIX /etc/security/privcmds entry. + [9f3f072e034e] - * src/sudo.c: - When setting up the execution environment, set groups before - gid/egid like sudo 1.7 did. - [928e1c5fa6c1] + * NEWS: + Update for sudo 1.8.5 + [086049011f25] - * configure, configure.in: - Remove "WARNING: unable to find foo() trying -lsocket -lnsl" - [84b23cdf138f] + * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.cat, + doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.pod, include/sudo_conf.h, + include/sudo_plugin.h, src/load_plugins.c, src/sudo.c, + src/sudo_plugin_int.h: + Rename plugin "args" to "options" + [f25624951bd2] - * For "sudo -g" prepend the specified group ID to the beginning of the - groups list. This matches BSD convention where the effective gid is - the first entry in the group list. This is required on newer FreeBSD - where the effective gid is not tracked separately and thus - setgroups() changes the egid if this convention is not followed. - Fixes bug #532 - [5050708c2579] <1.8> + * doc/CONTRIBUTORS: + Add Lithuanian and Vietnamese translators + [2b4c075b69e3] - * plugins/sudoers/sudoers.c: - For "sudo -g" prepend the specified group ID to the beginning of the - groups list. This matches BSD convention where the effective gid is - the first entry in the group list. This is required on newer FreeBSD - where the effective gid is not tracked separately and thus - setgroups() changes the egid if this convention is not followed. - Fixes bug #532 - [782d6909108b] + * Makefile.in: + Ignore comments when comparing new and old pot files. + [f872999347b3] -2012-01-17 Todd C. Miller + * src/Makefile.in: + regen + [c8193b1b11c7] - * configure, configure.in: - Fix sh warning; use "test" instead of "[" - [417fbc1dc5e8] <1.8> + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in: + regen + [15e3c17e8a3a] - * configure, configure.in: - Fix sh warning; use "test" instead of "[" - [c6ee3407f65e] + * doc/sudo_plugin.pod, include/sudo_plugin.h, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/hooks.c, + src/sudo.c, src/sudo.h: + Pass a pointer to user_env in to the init_session policy plugin + function so session setup can modify the user environment as needed. + For PAM authentication, merge the PAM environment with the user + environment at init_session time. We no longer need to swap in the + user_env for environ during session init, nor do we need to disable + the env hooks at init_session time. + [3f5277b359d8] - * When not logging I/O, use a signal handler that only forwards - SIGINT, SIGQUIT and SIGHUP when they are user-generated signals. - Fixes a race in the non-I/O logging path where the command may - receive two keyboard-generated signals; one from the kernel and one - from the sudo process. - [24137cae39af] <1.8> + * plugins/sample/sample_plugin.c: + Add explicit NULL entries for init_session, register_hooks and + deregister_hooks with appropriate comments. + [727a57978b40] - * Back out change that put the command in its own pgrp when not - logging I/O. It causes problems with pipelines. - [9c906f88e28c] <1.8> + * compat/pw_dup.c: + Quiet a gcc "used uninitialized in this function" false positive. + [f14b68379ce9] - * configure, configure.in: - Only run compat regress tests on compat objects we actually build. - Fixes "make check" in the compat dir for systems that don't - implement character classes in fnmatch() or glob(). Bug #531 - [c052875fa32e] <1.8> + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + We should always call warning() with a format string or a string + literal. In this case, the argument (path) is not user-controlled. + [e9ef51224024] - * src/exec.c: - When not logging I/O, use a signal handler that only forwards - SIGINT, SIGQUIT and SIGHUP when they are user-generated signals. - Fixes a race in the non-I/O logging path where the command may - receive two keyboard-generated signals; one from the kernel and one - from the sudo process. - [9638684e786a] +2012-03-14 Todd C. Miller - * src/exec.c: - Back out change that put the command in its own pgrp when not - logging I/O. It causes problems with pipelines. - [4fc9c6e1e770] + * src/selinux.c: + Include sudo_exec.h for the sudo_execve() prototype. + [769e58065edc] -2012-01-16 Todd C. Miller + * config.h.in, configure, configure.in: + Add check for pam_getenvlist() + [36bde3f26c60] - * compat/Makefile.in, configure, configure.in: - Only run compat regress tests on compat objects we actually build. - Fixes "make check" in the compat dir for systems that don't - implement character classes in fnmatch() or glob(). Bug #531 - [a7addc305e83] + * common/sudo_conf.c: + Set args to NULL in default plugin info struct when there is no + Plugin line in sudo.conf. + [93ec67708f01] -2012-01-14 Todd C. Miller + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [a9287677795c] - * Update po files from translationproject.org - [8e54824c7b71] <1.8> + * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: + regen + [a242769d7962] - * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: - Update po files from translationproject.org - [5ea066af1356] + * configure, configure.in: + Bump version to 1.8.5 + [e8618f0c2505] -2012-01-13 Todd C. Miller + * doc/sudo_plugin.pod: + Document hooks API + [e6ad07d27958] - * Include parent directories in case they don't already exist. This - fixes a directory permissions problem with the AIX package when the - /usr/local directories don't already exist. - [83df6fcba859] <1.8> +2012-03-13 Todd C. Miller * sudo.pp: - Include parent directories in case they don't already exist. This - fixes a directory permissions problem with the AIX package when the - /usr/local directories don't already exist. - [a14f783dc827] - - * sync with git version - [0964a02ba83e] <1.8> + Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris. + [fd72340042d3] - * regen dependencies - [342e3719dc9e] <1.8> + * include/sudo_plugin.h: + Use sudo_hook_fn_t in struct sudo_hook. + [938f93112d6e] - * Move tty name lookup code to its own file. - [9679de390de0] <1.8> + * doc/TROUBLESHOOTING: + If cross compiling, --host must include the OS in the tuple. E.g. + --host powerpc-unknown-linux + [b8c010070c1e] - * pp: - sync with git version - [2f79d0543661] +2012-03-12 Todd C. Miller - * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: - regen dependencies - [24c92ca6c64d] + * plugins/sudoers/parse.c: + Fix bogus int -> bool conversion; tags can have a value of -1. + [e63d6434a303] - * MANIFEST, src/Makefile.in, src/sudo.c, src/sudo.h, src/ttyname.c: - Move tty name lookup code to its own file. - [58faf072cbf4] + * plugins/sudoers/env.c: + Add env_should_keep() and env_should_delete() wrapper functions to + simplify things a bit and hide the fact that matches_env_check() is + not bool. + [7a03d7a12b50] -2012-01-12 Todd C. Miller + * sudo.pp: + Fix application of debian-specific sudoers mods when building + packages as non-root. + [34bf4c52c425] - * NEWS: - Update with latest sudo 1.8.4 changes. - [ef4e0a762766] <1.8> + * plugins/sudoers/env.c: + matches_env_check() returns int, not boolean + [0ad915b8d5cb] - * configure, configure.in: - Remove obsolete template for HAVE_TIMESPEC - [54a81b130d7e] <1.8> + * src/sudo_edit.c: + Fix compilation when seteuid() is not available. + [8a722f998000] - * Add a check for devname() returning a fully-qualified pathname. None - of the devname() implementations do this today but you never know - when this might change. - [634654d38143] <1.8> + * src/ttyname.c: + Simply move the free of ki_proc outside the realloc() loop. + [217b786da760] - * NEWS: - Update with latest sudo 1.8.4 changes. - [a4ffe4f42528] + * src/ttyname.c: + Bring back the erealloc() for the ENOMEM loop and just zero the + pointer after we free it. + [29a016e45127] - * config.h.in, configure, configure.in: - Remove obsolete template for HAVE_TIMESPEC - [75709007c906] + * src/ttyname.c: + Don't try to erealloc() a potentially freed pointer; Mateusz Guzik + [266e08844065] - * src/sudo.c: - Add a check for devname() returning a fully-qualified pathname. None - of the devname() implementations do this today but you never know - when this might change. - [16813ace38f9] +2012-03-10 Todd C. Miller -2012-01-11 Todd C. Miller + * plugins/sudoers/set_perms.c: + Use normal error path if unable to set sudoers gid. + [01c816918c99] - * For "visudo -c" also list include files that were checked when - everything is OK. - [aa3be04c5d12] <1.8> + * plugins/sudoers/set_perms.c: + Make this work again on systems w/o seteuid(). + [2e67f7421e97] - * plugins/sudoers/visudo.c: - For "visudo -c" also list include files that were checked when - everything is OK. - [ad6f85b35c9c] +2012-03-09 Todd C. Miller - * The device name returned by devname() does not include the /dev/ - prefix so we need to add it ourselves. Also add debug warning if - KERN_PROC sysctl fails or devname() can't resolve the tty device to - a name. - [5e90760f6c24] <1.8> + * plugins/sudoers/set_perms.c: + Fix compilation if no seteuid/setreuid/setresuid available. + [d0b3c1f88eb4] - * The result of writev() is never checked so just cast to NULL. - [4a6820c77d7c] <1.8> + * plugins/sudoers/set_perms.c: + Better error messages, and added debugging throughout. Fixed + seteuid() version of set_perms()/restore_perms(). Fixed logic bug in + AIX version of restore_perms(). Added checks to avoid changing + uid/gid when we don't have to. Never set gid/uid state to -1, use + the old value instead. + [29188d469b5c] - * src/sudo.c: - The device name returned by devname() does not include the /dev/ - prefix so we need to add it ourselves. - [b55285abb7ed] + * src/exec_pty.c, src/ttyname.c: + Fix format string warning on Solaris with gcc 3.4.3. + [d1eeb6e1dd0f] * src/sudo.c: - Add debug warning if KERN_PROC sysctl fails or devname() can't - resolve the tty device to a name. - [b5a23916ba3a] + Always declare environ now that we swap it around unilaterally. + [aaa3e92e7d0d] - * common/sudo_debug.c: - The result of writev() is never checked so just cast to NULL. - [4be4e9b58d5b] + * src/Makefile.in: + Honor LDFLAGS when linking sesh; from Vita Cizek + [498b41438f6e] - * Update Esperanto, Finnish, Polish and Ukrainian translations from - translationproject.org. - [3796fba03ff1] <1.8> + * src/sesh.c: + Include alloc.h for estrdup() prototype; from Vita Cizek + [93203655a320] - * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, - plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, - plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, - plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po: - Update Esperanto, Finnish, Polish and Ukrainian translations from - translationproject.org. - [bb91bc6ad7e9] +2012-03-08 Todd C. Miller -2012-01-10 Todd C. Miller + * plugins/sudoers/sudoers.c: + Don't read /etc/environment on Linux when using PAM, PAM should set + the environment variables as needed via pam_env. + [b1ef62cb2d40] - * configure, configure.in: - Add support for determining tty via sysctl on other BSD variants. - [6e4b1ce7f45a] <1.8> + * INSTALL: + Fix editor goof. + [0c3dd3bb8b57] - * config.h.in, configure, configure.in, src/sudo.c: - Add support for determining tty via sysctl on other BSD variants. - [fd15f63f719a] + * src/hooks.c, src/sudo.c, src/sudo.h: + Disable environment hooks after we get user_env back to make sure a + plugin can't to modify user_env after we "own" it. This is kind of a + hack but we don't want the init_session plugin function to modify + user_env. + [8e6d119452a5] - * configure, configure.in: - Only check for struct kinfo_proc.ki_tdev on systems that support - sysctl. - [33c700b439ff] <1.8> + * src/hooks.c, src/sudo.c: + Add support for deregistering hooks. If an I/O log plugin fails to + initialize, deregister its hooks (if any). + [ac00c93900c5] - * For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on - ttyname() of std{in,out,err}. - [30789189030b] <1.8> +2012-03-07 Todd C. Miller - * configure, configure.in: - Only check for struct kinfo_proc.ki_tdev on systems that support - sysctl. - [109b3f07a39d] + * plugins/sudoers/sudoers.c, src/sudo.c: + Move LOGIN_PATH and LOGIN_SETENV handling to plugin now that we hook + setenv. + [e75469dd9908] - * src/sudo.c: - For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on - ttyname() of std{in,out,err}. - [95969b70bd68] + * MANIFEST, aclocal.m4, common/sudo_debug.c, compat/Makefile.in, + compat/setenv.c, compat/unsetenv.c, config.h.in, configure, + configure.in, include/sudo_debug.h, include/sudo_plugin.h, mkdep.pl, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/env.c, + plugins/sudoers/ldap.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c, + src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h, + src/sudo_plugin_int.h: + Initial cut at a hooks implementation. The plugin can register hooks + for getenv, putenv, setenv and unsetenv. This makes it possible for + the plugin to trap changes to the environment made by authentication + methods such as PAM or BSD auth so that such changes are reflected + in the environment passed back to sudo for execve(). + [61cffa06f863] -2012-01-09 Todd C. Miller +2012-03-05 Todd C. Miller - * configure, configure.in: - On newer FreeBSD we can get the parent's tty name via sysctl(). - [d9449833859b] <1.8> + * MANIFEST, src/po/vi.mo, src/po/vi.po: + Add Vietnamese sudo translation from translationproject.org + [96df426790d5] - * Include locale.h - [98114209d1b5] <1.8> +2012-03-02 Todd C. Miller - * Silence a gcc warning. - [113934aaafa8] <1.8> + * doc/sample.sudo.conf, doc/sudo.pod, doc/sudo_plugin.pod, + doc/sudoers.pod: + List sudo_noexec.so not noexec.so in the sample sudo.conf + [53844e190ec5] - * config.h.in, configure, configure.in, src/sudo.c: - On newer FreeBSD we can get the parent's tty name via sysctl(). - [3207290501ee] + * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod, + doc/sudo_plugin.pod, doc/sudoers.pod, include/sudo_conf.h, + include/sudo_plugin.h, plugins/sample/sample_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, + plugins/sudoers/toke.l, src/load_plugins.c, src/sudo.c, + src/sudo_plugin_int.h: + Add support for plugin args at the end of a Plugin line in + sudo.conf. Bump the minor number accordingly and update the + documentation. A plugin must check the sudo front end's version + before using the plugin_args parameter since it is only supported + for API version 1.2 and higher. + [587f1f819536] - * plugins/sudoers/testsudoers.c: - Include locale.h - [a602cd0b8c2d] +2012-03-01 Todd C. Miller - * src/sudo.c: - Silence a gcc warning. - [8c6d0e3cd534] + * plugins/sudoers/Makefile.in: + update depends + [6d2da44e11e5] - * Need to include gettext.h and sudo_debug.h; from John Hein - [3ec4bf7fcacf] <1.8> + * MANIFEST: + secure_path.c is in common, not compat + [619c4a663dde] - * plugins/sudoers/bsm_audit.c: - Need to include gettext.h and sudo_debug.h; from John Hein - [447912aa7300] + * configure, configure.in: + Add check for variadic macro support in cpp. + [756854caf675] - * Initialize the debug framework from the I/O plugin too. - [ff525b1d9c4b] <1.8> +2012-02-29 Todd C. Miller - * Enable debugging via sudo.conf. - [2970ab524d25] <1.8> + * common/secure_path.c, common/sudo_conf.c, include/secure_path.h, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add type param to sudo_secure_path() and add sudo_secure_file() and + sudo_secure_dir() wrappers which get by #includedir in sudoers. + [2ec2d3d8df04] - * Use SUDO_DEBUG_ALIAS for alias checking functions. - [854fd74fe685] <1.8> +2012-02-28 Todd C. Miller - * configure, configure.in: - More complete test for getaddrinfo() that doesn't rely on the - network libraries already being added to LIBS. - [543af760a5d3] <1.8> + * doc/visudo.pod, plugins/sudoers/visudo.c: + Check the owner and mode in -c (check) mode unless the -f option is + specified. Previously, the owner and mode were checked on the main + sudoers file when the -s (strict) option was given, but this was not + documented. + [b2d6ee1e547a] - * plugins/sudoers/iolog.c: - Initialize the debug framework from the I/O plugin too. - [ce1bf44d96d2] + * config.h.in, configure, configure.in, src/ttyname.c: + Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some versions + of OpenBSD versions that have KERN_PROC2 but not KERN_PROC. + [159f6a50456a] -2012-01-08 Todd C. Miller +2012-02-27 Todd C. Miller - * plugins/sudoers/testsudoers.c: - Enable debugging via sudo.conf. - [d85669c749d0] + * doc/CONTRIBUTORS: + Add Eric Lakin for patch in bug #538 + [490c29c234c6] -2012-01-07 Todd C. Miller + * src/exec_pty.c: + Fix typo in safe_close() made while converting to debug framework + that prevented it from actually closing anything. + [a66422a62afd] - * plugins/sudoers/visudo.c: - Use SUDO_DEBUG_ALIAS for alias checking functions. - [fb84af30dc76] + * src/exec_pty.c: + Add some more debugging. + [b5667947dda9] - * configure, configure.in: - More complete test for getaddrinfo() that doesn't rely on the - network libraries already being added to LIBS. - [cbaf2369f4f0] + * common/Makefile.in, compat/Makefile.in, doc/Makefile.in, + include/Makefile.in: + We need sysconfdir in compat/Makfile to get the proper sudo.conf + path. Add standard prefix and foodir expansion in all Makefiles to + avoid this problem in the future. + [62b6ce4ecae9] -2012-01-06 Todd C. Miller +2012-02-25 Todd C. Miller - * Add debug support. - [3b6aff4ee2bd] <1.8> + * MANIFEST, plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po: + New Lithuanian sudoers translation from translationproject.org + [10436b649035] - * common/aix.c: - Add debug support. - [def1bdf24485] + * plugins/sudoers/po/ja.po: + Update from translationproject.org + [acb8db5f8ef1] - * configure, configure.in: - Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least. - [f5b3fba6c83a] <1.8> +2012-02-24 Todd C. Miller - * Include errno.h and missing.h - [8a05166bb4d0] <1.8> + * plugins/sudoers/ldap.c: + When adding gids to the LDAP filter, only add the primary gid once. + This is consistent with the space computation/allocation. From Eric + Lakin + [35d9d99c92c6] - * configure, configure.in: - Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least. - [a2ea1c2eac61] + * doc/TROUBLESHOOTING: + Add entry for AIX enhanced RBAC config. + [5e10b6f8def7] - * compat/getaddrinfo.c: - Include errno.h and missing.h - [7d15e17cc2f2] + * mkpkg: + Target Mac OS X 10.5 when building packages. + [06fce9bbebee] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, - doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, - doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: - regen - [f45ed34d9a97] <1.8> +2012-02-22 Todd C. Miller - * ignore doc/varsub - [51d0dfb2e274] <1.8> + * MANIFEST, common/Makefile.in, common/secure_path.c, + common/sudo_conf.c, include/secure_path.h, + plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c: + Relax the user/group/mode checks on sudoers files. As long as the + file is owned by the right user, not world-writable and not writable + by a group other than the one specified at configure time (gid 0 by + default), the file is considered OK. Note that visudo will still set + the mode to the value specified at configure time. + [241174babfcc] - * .hgignore: - ignore doc/varsub - [417f9fc3231b] +2012-02-21 Todd C. Miller - * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - regen pot files - [9ba13496954e] <1.8> + * plugins/sudoers/set_perms.c: + Add AIX-specific version of permission setting code to make sure + that the saved uid gets restored properly. + [9a6f5d22c301] - * configure.in: - Update copyright year. - [5219ae27b734] <1.8> + * config.h.in, configure, configure.in, src/exec_common.c: + Check for LD_PRELOAD variants in configure instead of checkign cpp + symbols. In disable_execute(), compute the length of the new envp + and allocate it once instead of reallocating on demand. Also append + old value of LD_PRELOAD (if any) to the new value. + [680266346917] - * NEWS: - Update for sudo 1.8.4 - [75a6711efa76] <1.8> + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: + Fix the description of noexec. + [6a6d142f3c80] - * configure.in, doc/visudo.pod, plugins/sudoers/Makefile.in, - plugins/sudoers/gram.y, plugins/sudoers/match.c, - plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, src/exec.c, - src/parse_args.c, src/sudo.c, src/sudo.h: - Update copyright year. - [5d0ffc7dd567] + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: + The "op" parameter to set_default() must be int, not bool since it + is set to '+' or '-' for list add and subtract. + [8da5b137bea2] - * NEWS: - Update for sudo 1.8.4 - [841e3eff9844] + * sudo.pp: + Make sure sudoers is writable before calling ed script. + [95352ab6336b] - * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - regen pot files - [c8183dc16517] <1.8> +2012-02-17 Todd C. Miller - * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - regen pot files - [c509cb45b66a] + * doc/CONTRIBUTORS, doc/contributors.pod: + Update contributors. Now includes translators and authors of compat + code. + [4fb5b616b50a] - * Enable debugging via sudo.conf. - [63bee1548d5b] <1.8> +2012-02-16 Todd C. Miller - * Allow "visudo -c" to work when we only have read-only access to the - sudoers include files. - [c8a5e1f16e60] <1.8> + * src/po/sudo.pot: + regen + [2c86e2c328fe] - * Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add - HISTORY section in sudo that points to HISTORY file. - [8d845530d44f] <1.8> + * pp, sudo.pp: + Build flat packages, not package bundles, on Mac OS X. + [57bda3cd5520] - * Document Debug setting in sudo.conf and debug_flags in plugin. - [da43e61209c0] <1.8> +2012-02-10 Todd C. Miller - * Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a - bug where a pattern like "/usr/*" include /usr/bin/ in the results, - which would be incorrectly be interpreted as if the sudoers file had - specified a directory. From Vitezslav Cizek. - [5c71c962d1ad] <1.8> + * sudo.pp: + Move macos section to be with the other OS-specific sections. + [51423bb2973a] - * INSTALL, configure, configure.in: - Add --enable-kerb5-instance configure option to allow people using - Kerberos V authentication to use a custom instance. Adapted from a - diff by Michael E Burr. - [f432314f0a33] <1.8> + * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: + Sync with translationproject.org + [8ce41cbb8da0] - * Remove -D debug_level option. - [2754a61efbbe] <1.8> + * configure, configure.in: + Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS + [fa979aa6fe7d] - * Update copyright year. - [3bd531625eeb] <1.8> + * sudo.pp: + Add Mac OS X support, printing the latest chunk of the NEWS file and + the license text in the installer. + [ffeab72387c0] - * plugins/sudoers/sudoreplay.c: - Enable debugging via sudo.conf. - [5087aaee8484] + * sudo.pp: + Add explicit file modes that match those used by "make install" + [7eb37242c920] - * plugins/sudoers/visudo.c: - Enable debugging via sudo.conf. - [04b067c16ed3] + * pp: + Sync with upstream for Mac OS X fixes. + [97cba179041e] - * plugins/sudoers/visudo.c: - Allow "visudo -c" to work when we only have read-only access to the - sudoers include files. - [d8c6713fe5c1] + * plugins/sudoers/Makefile.in, src/Makefile.in: + Got back to using "install-sh -M" for files installed as non- + readable by owner. This fixes "make install" as non-root for package + building. + [967804ee77d6] - * doc/sudo.pod, doc/visudo.pod: - Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add - HISTORY section in sudo that points to HISTORY file. - [d1f1bcb051c5] +2012-02-09 Todd C. Miller - * doc/sudo.pod, doc/sudo_plugin.pod: - Document Debug setting in sudo.conf and debug_flags in plugin. - [acfc505aa4a9] + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po: + Sync with translationproject.org + [0e53db12039a] -2012-01-05 Todd C. Miller + * Makefile.in, doc/Makefile.in, include/Makefile.in, + plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Use -m not -M for install-sh for everything except setuid. Install + locale .mo files mode 0444, not 0644. If timedir parent doesn't + exist, use default dir mode, not 0700. + [8b6f64c92090] - * plugins/sudoers/match.c: - Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a - bug where a pattern like "/usr/*" include /usr/bin/ in the results, - which would be incorrectly be interpreted as if the sudoers file had - specified a directory. From Vitezslav Cizek. - [0cdb6252188c] +2012-02-07 Todd C. Miller - * INSTALL, config.h.in, configure, configure.in, - plugins/sudoers/auth/kerb5.c: - Add --enable-kerb5-instance configure option to allow people using - Kerberos V authentication to use a custom instance. Adapted from a - diff by Michael E Burr. - [e83af8bb7aa7] + * pp: + Re-sync with upstream; no longer need a local patch. + [97a2c7be5e59] - * doc/sudo.pod, src/parse_args.c, src/sudo.c, src/sudo.h: - Remove -D debug_level option. - [cbcd05094347] + * mkpkg: + Add support for building Mac OS X packages. + [94d49ac223a4] - * doc/LICENSE: - Update copyright year. - [9f43dd7aa852] + * pp: + Sync with upstream + [1c97654fc841] -2012-01-04 Todd C. Miller + * src/Makefile.in: + No longer need to define _PATH_SUDO_CONF here. + [2560905b7482] - * parse_error is now bool, not int - [0cbd5c12b3eb] <1.8> + * src/exec_common.c: + Fix noexec for Mac OS X. + [b7a744bca2c0] - * Print a more sensible error if yyparse() returns non-zero but - yyerror() was not called. - [325a9871ff32] <1.8> +2012-02-06 Todd C. Miller - * Replace y.tab.c with the correct filename in #line directives. - [3073f5823a41] <1.8> + * common/Makefile.in: + Move _PATH_SUDO_CONF override to common to match sudo_debug.c + [f0788972a63a] - * plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, - plugins/sudoers/visudo.c: - parse_error is now bool, not int - [5ea7fb6fda38] + * plugins/sudoers/set_perms.c: + More complete fix for LDR_PRELOAD on AIX. The addition of + set_perm(PERM_ROOT) before calling the nss open functions (needed to + avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective + and then real uid to 0 for PERM_ROOT works around the issue. + [5888eda051af] - * plugins/sudoers/gram.c, plugins/sudoers/gram.y, - plugins/sudoers/parse.c: - Print a more sensible error if yyparse() returns non-zero but - yyerror() was not called. - [d44ec88f1183] + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [997fe403e219] - * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c, - plugins/sudoers/gram.c: - Replace y.tab.c with the correct filename in #line directives. - [3c84fcb7e959] + * src/sudo.c: + Set real uid to root before calling sudo_edit() or run_command() so + that the monitor process is owned by root and not by the user. + Otherwise, on AIX at least, the monitor process shows up in ps as + belonging to the user (and can be killed by the user). + [d4772d7d2fc5] - * configure, configure.in: - Bump version to 1.8.4 - [4fe77346a1d1] <1.8> + * plugins/sudoers/set_perms.c: + For PERM_ROOT when using setreuid(), only set the euid to 0 prior to + the call to setuid(0) if the current euid is non-zero. This + effectively restores the state of things prior to rev 7bfeb629fccb. + Fixes a problem on AIX where LDR_PRELOAD was not being honored for + the command being executed. + [b9b40325b4dc] - * When trying to determine the tty, fall back on /proc/ppid/fd/{0,1,2} - if the main process's fds 0-2 are not hooked up to a tty. Adapted - from a diff by Zdenek Behan. - [40863388db30] <1.8> + * MANIFEST, compat/pw_dup.c, config.h.in, configure, configure.in, + include/missing.h, src/sudo.c: + Make a copy of the struct passwd in exec_setup() to make sure + nothing in the policy init modifies it. + [b721261c921f] - * When not logging I/O, put command in its own pgrp and make that the - controlling pgrp if the command is in the foreground. Fixes a race - in the non-I/O logging path where the command may receive two - keyboard-generated signals; one from the kernel and one from the - sudo process. - [9f6ed53a62d6] <1.8> +2012-02-05 Todd C. Miller - * Quiet a bogus gcc warning. - [423322e16e27] <1.8> + * doc/sudoers.pod: + update copyright + [f9d229d1f65e] - * Fix warnings related to sudo.conf accessors. - [67b769099eec] <1.8> + * common/sudo_debug.c, include/sudo_debug.h: + g/c now-unused debug subsystems + [8f21726e698f] - * Separate sudo.conf parsing from plugin loading and move the parse - functions into the common lib so that visudo, etc. can use them. - [916162ff2443] <1.8> + * doc/sudo.pod, doc/sudoers.pod: + Enumerate the debug subsystems used by sudo and sudoers. + [ac4f84293d14] - * Remove support for noexec_file in sudoers and the plugin API - [e8a6743911be] <1.8> +2012-02-03 Todd C. Miller - * Don't dump interfaces if there are none. - [5a0326c36a1b] <1.8> + * NEWS, common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod, + include/sudo_conf.h, src/sudo.c: + Normally, sudo disables core dumps while it is running. This + behavior can now be modified at run time with a line in sudo.conf + like "Set disable_coredumps false" + [ad14e0508b0d] - * Add missing %s printf escape to the group_plugin, iolog_dir and - iolog_file descriptions. - [05e3018e336c] <1.8> + * NEWS: + Mention Spanish translation + [600f3205bd6e] - * Fix typo in visiblepw description; from Joel Pickett - [f3a99aaf938f] <1.8> + * common/sudo_debug.c: + Make sure we don't try to fall back to using the conversation + function for debugging in the main sudo process if we are unable to + open the debug file. + [ffa329aa908c] - * configure, configure.in, plugins/sudoers/login_class.c: - When running a login shell with a login_class specified, use - LOGIN_SETENV instead of rolling our own login.conf setenv support - since FreeBSD's login.conf has more than just setenv capabilities. - This requires us to swap the plugin-provided envp for the global - environ before calling setusercontext() and then stash the resulting - environ pointer back into the command details, which is kind of a - hack. - [99c71b6f629a] <1.8> + * MANIFEST, src/po/es.mo, src/po/es.po: + Add sudo Spanish translation from translationproject.org + [c1906654e740] - * If srcdir is "." just use the basename of the yacc/lex file when - generating the C version. This matches the generated files currently - in the repo. - [abcc3703d2e4] <1.8> +2012-02-02 Todd C. Miller - * Clean up the DEVEL noise - [b22a09c484cf] <1.8> + * plugins/sudoers/iolog.c: + Better debug subsystem usage + [1a31f115743c] - * Handle different Unix domain socket (actually socketpair) semantics - in BSD vs. Linux. In BSD if one end of the socketpair goes away - select() returns the fd as readable and the read will fail with - ECONNRESET. This doesn't appear to happen on Linux so if we notice - that the monitor process has died when I/O logging is enabled, - behave like the command has exited. This means we log the wait - status of the monitor, not the command, but there is nothing else we - can do at that point. This should only be an issue if SIGKILL is - sent to the monitor process. - [4fe0f357d34b] <1.8> + * src/sudo.c: + Remove duplicate function prototypes + [ae04b00532eb] - * Catch common signals in the monitor process so they get passed to - the command. Fixes a problem when the entire login session is killed - when ssh is disconnected or the terminal window is closed. - Previously, the monitor would exit and plugin's close method would - not be called. - [e41b2d9fc2c2] <1.8> +2012-02-01 Todd C. Miller - * INSTALL, configure, configure.in: - Mention how to configure pam_hpsec on HP-UX to play nicely with - sudo. - [ee4c73cce11d] <1.8> + * configure, configure.in: + Error out if user specified --with-pam but we can't find the headers + or library. Also throw an error if the headers are present but the + library is not and vice versa. + [d6bf3e3d0aae] - * Escape values in the search expression as per RFC 4515. - [a249b85caccc] <1.8> +2012-01-31 Todd C. Miller - * No need for install target to depend explicitly on install-dirs, the - install-foo targets all depend on it. - [5f40ec883621] <1.8> + * plugins/sudoers/sudoers.c: + Fix the sudoers permission check when the expected sudoers mode is + owner-writable. + [8b0b7e770a22] - * ignore src/sesh - [0227b029ee08] <1.8> +2012-01-30 Todd C. Miller * configure, configure.in: - Add support for setenv entries in login.conf. We can't use - LOGIN_SETENV since the plugin sets up the envp the command is - executed with. Also regen the Makefile.in files while here. Fixes - bug #527 - [67d30f44bf45] <1.8> + Verify that we can link executables built with -D_FORTIFY_SOURCE + before using it. + [7578215d1a95] + + * src/exec_common.c: + Fix potential off-by-one when making a copy of the environment for + LD_PRELOAD insertion. Fixes bug #534 + [cc699cd551b6] * configure, configure.in: - Add getaddrinfo() for those without it, written by Russ Allbery - [57dd9b565bb6] <1.8> + Add rudimentary check for _FORTIFY_SOURCE support by checking for + __sprintf_chk, one of the functions used by gcc to support it. + [a992673d2ef8] - * Restore PACKAGE_TARNAME, it is used in docdir - [cf27a773d65e] <1.8> + * compat/stdbool.h, config.h.in, configure, configure.in: + Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves. + [8ba1370884b3] - * SunPro C Compiler also has a _Bool builtin. Also add stdbool.h to - the MANIFEST - [4fa4f6cef15e] <1.8> +2012-01-29 Todd C. Miller - * Remove duplicate return statements. - [f0f9000461c1] <1.8> + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [1e0b38397705] - * emove inaccurate comment - [e3bf2cef6256] <1.8> +2012-01-25 Todd C. Miller - * Fetch the login class for the user we authenticate specifically when - using BSD authentication. That user may have a different login class - than what we will use to run the command. When setting the login - class for the command, use the target user's struct passwd, not the - invoking user's. Fixes bug 526 - [e3094ce63bd7] <1.8> + * src/exec.c, src/sudo.c: + The change in 818e82ecbbfc that caused to exit when the monitor dies + created a race condition between the monitor exiting and the status + being read. All we really want to do is make sure that select() + notifies us that there is a status change when the monitor dies + unexpectedly so shutdown the socketpair connected to the monitor for + writing when it dies. That way we can still read the status that is + pending on the socket and select() on Linux will tell us that the fd + is ready. + [7fb5b30ea48d] - * configure, configure.in: - Replace @DEV@ prefix with DEVEL variable so we can do "make DEVEL=1" - [453f562645a2] <1.8> + * MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c, + src/exec_pty.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h, + src/sudo_exec.h: + Refactor disable_execute() and my_execve() into exec_common.c for + use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of + disabling exec in exec_setup(), disable it immediately before + executing the command. Adapted from a diff by Arno Schuring. + [ec4d8b53db6b] - * Fix "make check" fallout from the sudo_conv changes in sudo_debug. - [1e2f0d298b06] <1.8> +2012-01-20 Todd C. Miller - * configure, configure.in: - Use stdbool.h instead of rolling our own TRUE/FALSE macros. - [2a5841db0c50] <1.8> + * aclocal.m4, configure, configure.in: + Add custom version of AC_CHECK_LIB that uses the extra libs in the + cache value name. With this we no longer need to rely on a modified + version of autoconf. + [1c3b1d482d6c] - * configure, configure.in: - Add stdbool.h for systems without it. - [8ac0317f2ba0] <1.8> +2012-01-19 Todd C. Miller * configure, configure.in: - No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default - includes have unistd.h in them. Add check for socklen_t for upcoming - getaddrinfo compat. - [7c0ed30c075d] <1.8> + Better handling of network functions that need -lsocket -lnsl + [cc386342ec2b] + + * src/sudo.c: + When setting up the execution environment, set groups before + gid/egid like sudo 1.7 did. + [928e1c5fa6c1] * configure, configure.in: - Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of - HAVE_TIMESPEC and HAVE_IN6_ADDR respectively. - [57a6a5bf69a2] <1.8> + Remove "WARNING: unable to find foo() trying -lsocket -lnsl" + [84b23cdf138f] - * No longer need to include time.h here as missing.h does not use - time_t. - [029653d78ba2] <1.8> + * plugins/sudoers/sudoers.c: + For "sudo -g" prepend the specified group ID to the beginning of the + groups list. This matches BSD convention where the effective gid is + the first entry in the group list. This is required on newer FreeBSD + where the effective gid is not tracked separately and thus + setgroups() changes the egid if this convention is not followed. + Fixes bug #532 + [782d6909108b] - * Fix mode on sudoers as needed when the -f option is not specified. - [c4aba4a1b23b] <1.8> +2012-01-17 Todd C. Miller - * Add Serbian translation for sudo from translationproject.org - [47a04d718e36] <1.8> + * configure, configure.in: + Fix sh warning; use "test" instead of "[" + [c6ee3407f65e] - * No longer pass debug_file to plugin, plugins must now use - CONV_DEBUG_MSG - [c7ceddf724bf] <1.8> + * src/exec.c: + When not logging I/O, use a signal handler that only forwards + SIGINT, SIGQUIT and SIGHUP when they are user-generated signals. + Fixes a race in the non-I/O logging path where the command may + receive two keyboard-generated signals; one from the kernel and one + from the sudo process. + [9638684e786a] - * Build PIE executables for newer Debian and Ubuntu - [2e9162e59c2c] <1.8> + * src/exec.c: + Back out change that put the command in its own pgrp when not + logging I/O. It causes problems with pipelines. + [4fc9c6e1e770] - * Include time.h for ctime() prototype. - [5f27df493b93] <1.8> +2012-01-16 Todd C. Miller - * Do not close error pipe or debug fd via closefrom() as we need them - to report an exec error should one occur. - [9638f4e7fd14] <1.8> + * compat/Makefile.in, configure, configure.in: + Only run compat regress tests on compat objects we actually build. + Fixes "make check" in the compat dir for systems that don't + implement character classes in fnmatch() or glob(). Bug #531 + [a7addc305e83] - * Document that a sudoUser may now be a group ID. - [42d725aa8b6d] <1.8> +2012-01-14 Todd C. Miller - * Add support for permitting access by group ID in addition to group - name. - [3506e5c7e41c] <1.8> + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: + Update po files from translationproject.org + [5ea066af1356] - * Older Netscape LDAP SDKs don't prototype ldapssl_set_strength() - [4c973a863d0d] <1.8> +2012-01-13 Todd C. Miller - * Replace UCB fnmatch.c with a non-recursive version written by - William A. Rowe Jr. - [76666139f49d] <1.8> + * sudo.pp: + Include parent directories in case they don't already exist. This + fixes a directory permissions problem with the AIX package when the + /usr/local directories don't already exist. + [a14f783dc827] - * Fix typo, return_debug vs. debug_return - [810d9b2d2f9a] <1.8> + * pp: + sync with git version + [2f79d0543661] - * Update Japanese sudoers translation from translationproject.org - [b051e2bc692e] <1.8> + * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: + regen dependencies + [24c92ca6c64d] - * Make the env_reset descriptions consistent. - [3cf883ec8b33] <1.8> + * MANIFEST, src/Makefile.in, src/sudo.c, src/sudo.h, src/ttyname.c: + Move tty name lookup code to its own file. + [58faf072cbf4] - * configure, configure.in: - Do multiple expansion when expanding paths to the noexec file, sesh - and the plugin directory. Adapted from a diff by Mike Frysinger - [68cdecdd8457] <1.8> +2012-01-12 Todd C. Miller - * regen - [ca37d8cb647b] <1.8> + * NEWS: + Update with latest sudo 1.8.4 changes. + [a4ffe4f42528] - * Add ignore file; from Mike Frysinger - [0bd0f92a2d40] <1.8> + * config.h.in, configure, configure.in: + Remove obsolete template for HAVE_TIMESPEC + [75709007c906] - * no longer save old Makefile.in to .old - [7dcf2a857c6b] <1.8> + * src/sudo.c: + Add a check for devname() returning a fully-qualified pathname. None + of the devname() implementations do this today but you never know + when this might change. + [16813ace38f9] - * regen - [a029a2ad7256] <1.8> +2012-01-11 Todd C. Miller - * configure: - Update to libtool 2.4.2 - [6590ddb6a23f] <1.8> + * plugins/sudoers/visudo.c: + For "visudo -c" also list include files that were checked when + everything is OK. + [ad6f85b35c9c] - * Bump grammar version for #include and #includedir relative path - support. - [138a446a638e] <1.8> + * src/sudo.c: + The device name returned by devname() does not include the /dev/ + prefix so we need to add it ourselves. + [b55285abb7ed] - * Add support for relative paths in #include and #includedir - [8bf56e39e1ad] <1.8> + * src/sudo.c: + Add debug warning if KERN_PROC sysctl fails or devname() can't + resolve the tty device to a name. + [b5a23916ba3a] - * Fix install-plugin when shared objects are unsupported or disabled. - [952cf7867482] <1.8> + * common/sudo_debug.c: + The result of writev() is never checked so just cast to NULL. + [4be4e9b58d5b] - * Don't write to sbp if it is NULL - [0cc959722ab8] <1.8> + * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po: + Update Esperanto, Finnish, Polish and Ukrainian translations from + translationproject.org. + [bb91bc6ad7e9] - * Makefile.in: - If LINGUAS is set, only install matching .mo files - [5d83050eec1f] <1.8> +2012-01-10 Todd C. Miller - * Fix non-dynamic (no dlopen) sudo build. - [fd688ac640a0] <1.8> + * config.h.in, configure, configure.in, src/sudo.c: + Add support for determining tty via sysctl on other BSD variants. + [fd15f63f719a] * configure, configure.in: - Don't error out if the user specified --disable-shared - [4f811a8ee9e8] <1.8> + Only check for struct kinfo_proc.ki_tdev on systems that support + sysctl. + [109b3f07a39d] - * Use SUDO_CONV_DEBUG_MSG in the plugin instead of writing directly to - the debug file. - [bc6124038170] <1.8> + * src/sudo.c: + For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on + ttyname() of std{in,out,err}. + [95969b70bd68] - * Make sudo_goodpath() return value bolean - [25bf43cdf7f0] <1.8> +2012-01-09 Todd C. Miller - * INSTALL, configure, configure.in, plugins/sudoers/auth/securid.c: - Remove obsolete securid auth method. - [a8a092f8bd83] <1.8> + * config.h.in, configure, configure.in, src/sudo.c: + On newer FreeBSD we can get the parent's tty name via sysctl(). + [3207290501ee] - * Prefix authentication functions with a "sudo_" prefix to avoid - namespace problems. - [049ea2995793] <1.8> + * plugins/sudoers/testsudoers.c: + Include locale.h + [a602cd0b8c2d] - * INSTALL, configure, configure.in, plugins/sudoers/auth/kerb4.c: - Remove the old Kerberos IV support - [c59b0b39af66] <1.8> + * src/sudo.c: + Silence a gcc warning. + [8c6d0e3cd534] - * Don't print garbage at the end of the custom lecture. - [4f1fd9a1241a] <1.8> + * plugins/sudoers/bsm_audit.c: + Need to include gettext.h and sudo_debug.h; from John Hein + [447912aa7300] - * Add lexer tracing as debug@parser - [ebf43f87296a] <1.8> + * plugins/sudoers/iolog.c: + Initialize the debug framework from the I/O plugin too. + [ce1bf44d96d2] - * Add devdir before srcdir in include path and fix up dependecies - accordingly and add better devdir support to mkdep.pl. We also need - to #include not "gram.h" and and not - "def_data.h" when generating the parser in a build dir. - [daeafaec094b] <1.8> +2012-01-08 Todd C. Miller - * Mark libexec files as optional. If we build without shared object - support, libexec is not used. - [194434733454] <1.8> + * plugins/sudoers/testsudoers.c: + Enable debugging via sudo.conf. + [d85669c749d0] - * Change Debug sudo.conf setting to take a program name as the first - argument. In the future, this will allow visudo and sudoreplay to - use their own Debug entries. - [92abedbd38c6] <1.8> +2012-01-07 Todd C. Miller - * fix sudo_debug_printf priority - [0815bedee086] <1.8> + * plugins/sudoers/visudo.c: + Use SUDO_DEBUG_ALIAS for alias checking functions. + [fb84af30dc76] - * add missing debug_return_int - [37840a0d8fe4] <1.8> + * configure, configure.in: + More complete test for getaddrinfo() that doesn't rely on the + network libraries already being added to LIBS. + [cbaf2369f4f0] - * Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR - [82f7deaff7ba] <1.8> +2012-01-06 Todd C. Miller - * Add missing word in HOME security note. - [87bd6a891eac] <1.8> + * common/aix.c: + Add debug support. + [def1bdf24485] - * Prevent "testsudoers -d username" from trying to malloc(0). - [d7acceacf6e8] <1.8> + * configure, configure.in: + Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least. + [a2ea1c2eac61] - * Tests for empty sudoers (should parse OK) and syntax errors within a - line (should report correct line number) both with and without the - trailing newline. - [cf44b45af86d] <1.8> + * compat/getaddrinfo.c: + Include errno.h and missing.h + [7d15e17cc2f2] - * Print line number when there is a parser error. - [34380cefcfdf] <1.8> + * .hgignore: + ignore doc/varsub + [417f9fc3231b] - * Keep track of the last token returned. On error, if the last token - was COMMENT, decrement sudolineno since the error most likely - occurred on the preceding line. Previously we always uses - sudolineno-1 which will give the wrong line number for errors within - a line. - [02ce7cc40f4d] <1.8> + * configure.in, doc/visudo.pod, plugins/sudoers/Makefile.in, + plugins/sudoers/gram.y, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, src/exec.c, + src/parse_args.c, src/sudo.c, src/sudo.h: + Update copyright year. + [5d0ffc7dd567] * NEWS: - update with sudo 1.8.3p1 info - [5f4cd440bf00] <1.8> + Update for sudo 1.8.4 + [841e3eff9844] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen pot files + [c509cb45b66a] - * Fix crash when "sudo -g group -i" is run. Fixes bug 521 - [83ee9a90b107] <1.8> + * plugins/sudoers/sudoreplay.c: + Enable debugging via sudo.conf. + [5087aaee8484] - * Make alias_remove_recursive() return TRUE/FALSE as its callers - expect and remove two unused arguments. Fixes bug 519. - [ec2cfa235c65] <1.8> + * plugins/sudoers/visudo.c: + Enable debugging via sudo.conf. + [04b067c16ed3] - * Add regress test for bugzilla 519 - [237b3698c8ae] <1.8> + * plugins/sudoers/visudo.c: + Allow "visudo -c" to work when we only have read-only access to the + sudoers include files. + [d8c6713fe5c1] - * Disable warning/error wrapping in regress tests. - [630ac985bcfc] <1.8> + * doc/sudo.pod, doc/visudo.pod: + Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add + HISTORY section in sudo that points to HISTORY file. + [d1f1bcb051c5] - * Makefile.in: - Do compile-po as part of sync-po so that the .mo files get rebuild - automatically when we sync with translationproject.org - [f09f15a5c40e] <1.8> + * doc/sudo.pod, doc/sudo_plugin.pod: + Document Debug setting in sudo.conf and debug_flags in plugin. + [acfc505aa4a9] - * check_addr needs to link with the network libraries on Solaris - [04465307990f] <1.8> +2012-01-05 Todd C. Miller - * When matching a RunasAlias for a runas group, pass the alias in as - the group_list, not the user_list. From Daniel Kopecek. - [9c8f4b57b7cb] <1.8> + * plugins/sudoers/match.c: + Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a + bug where a pattern like "/usr/*" include /usr/bin/ in the results, + which would be incorrectly be interpreted as if the sudoers file had + specified a directory. From Vitezslav Cizek. + [0cdb6252188c] - * We need to init the auth system regardless of whether we need a - password since we will be closing the PAM session in the monitor - process. Fixes a crash in the monitor on Solaris; bugzilla #518 - [7e312caf74eb] <1.8> + * INSTALL, config.h.in, configure, configure.in, + plugins/sudoers/auth/kerb5.c: + Add --enable-kerb5-instance configure option to allow people using + Kerberos V authentication to use a custom instance. Adapted from a + diff by Michael E Burr. + [e83af8bb7aa7] - * Get rid of done: label. If the child exits we still need to close - the pty, update utmp and restore the SELinux tty context. - [cda935f856e8] <1.8> + * doc/sudo.pod, src/parse_args.c, src/sudo.c, src/sudo.h: + Remove -D debug_level option. + [cbcd05094347] - * Add debug_decl/debug_return (almost) everywhere. Remove old - sudo_debug() and convert users to sudo_debug_printf(). - [a97d9dc61e3f] <1.8> + * doc/LICENSE: + Update copyright year. + [9f43dd7aa852] - * Wrap error/errorx and warning/warningx functions with debug - statements. Disable wrapping for standalone sudoers programs as well - as memory allocation functions (to avoid infinite recursion). - [e942083dab8e] <1.8> +2012-01-04 Todd C. Miller - * README, configure, configure.in: - Add checks for __func__ and __FUNCTION__ and mention that we now - require a cpp that supports variadic macros. - [961dfb044b4e] <1.8> + * plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + parse_error is now bool, not int + [5ea7fb6fda38] - * New debug framework for sudo and plugins using /etc/sudo.conf that - also supports function call tracing. - [94d9aa72df19] <1.8> + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.c: + Print a more sensible error if yyparse() returns non-zero but + yyerror() was not called. + [d44ec88f1183] + + * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c, + plugins/sudoers/gram.c: + Replace y.tab.c with the correct filename in #line directives. + [3c84fcb7e959] 2012-01-03 Todd C. Miller @@ -27275,13 +28593,6 @@ 2011-10-21 Todd C. Miller - * .hgtags: - Added tag SUDO_1_8_3 for changeset 82bec4d3a203 - [6c953ef6f577] <1.8> - - * Update Japanese sudoers translation from translationproject.org - [82bec4d3a203] [SUDO_1_8_3] <1.8> - * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po: Update Japanese sudoers translation from translationproject.org [c24725775e32] @@ -27292,39 +28603,18 @@ Override and ignore the --disable-static option. Sudo already runs libtool with -tag=disable-static where applicable and we need non- PIC objects to build the executables. - [dff177464029] <1.8> - - * configure, configure.in: - Override and ignore the --disable-static option. Sudo already runs - libtool with -tag=disable-static where applicable and we need non- - PIC objects to build the executables. [aff1227b853a] 2011-10-10 Todd C. Miller * NEWS: Add sudoedit fix - [3238dc7e4fb2] <1.8> - - * plugins/sudoers/po/sudoers.pot: - regen pot files - [7981d6cbf1ab] <1.8> - - * NEWS: - Add sudoedit fix [74655c7ccad1] * plugins/sudoers/po/sudoers.pot: regen pot files [28d89a831ed3] - * Ignore set_logname (which is now the default) for sudoedit since we - want the LOGNAME, USER and USERNAME environment variables to refer - to the calling user since that is who the editor runs as. This - allows the editor to find the user's startup files. Fixes bugzilla - #515 - [3b9486e5fddb] <1.8> - * plugins/sudoers/env.c: Ignore set_logname (which is now the default) for sudoedit since we want the LOGNAME, USER and USERNAME environment variables to refer @@ -27333,17 +28623,6 @@ #515 [6c5dddf5ff05] - * Instead of trying to grow the buffer in make_grlist_item(), simply - increase the total length, free the old buffer and allocate a new - one. This is less error prone and saves us from having to adjust all - the pointers in the buffer. This code path is only taken when there - are groups longer than the length of the user field in struct utmp - or utmpx, which should be quite rare. - [cb7c5ac834b5] <1.8> - - * Add Italian translation for sudo from translationproject.org - [c7876fccbc38] <1.8> - * plugins/sudoers/pwutil.c: Instead of trying to grow the buffer in make_grlist_item(), simply increase the total length, free the old buffer and allocate a new @@ -27357,11 +28636,6 @@ Add Italian translation for sudo from translationproject.org [1b3dd886e7e3] - * NEWS: - Japanese translation for sudo and sudoers from - translationproject.org - [9945a3ef7ff7] <1.8> - * MANIFEST, NEWS, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, src/po/ja.mo, src/po/ja.po: Japanese translation for sudo and sudoers from @@ -27370,9 +28644,6 @@ 2011-10-07 Todd C. Miller - * sudoreplay depends on timestr.lo too; from Mike Frysinger - [ad9ae493205f] <1.8> - * plugins/sudoers/Makefile.in: sudoreplay depends on timestr.lo too; from Mike Frysinger [b9e73214b2f1] @@ -27381,30 +28652,12 @@ * plugins/sudoers/po/sudoers.pot: Regen sudoers pot file. - [2c4d99361994] <1.8> - - * plugins/sudoers/po/sudoers.pot: - Regen sudoers pot file. [019588bafdb3] * NEWS: Update with latest sudo 1.8.3 news - [4e7f59d339d4] <1.8> - - * NEWS: - Update with latest sudo 1.8.3 news [6868042a88e9] - * ldap_start_tls_s() on Debian (at least) sets the effective and saved - uids to the same value as the real uid. This prevents sudo from - setting the uid or gid later on. As a workaround, we now set perms - to root during sudoers_policy_open(). - [eb4c4f15833a] <1.8> - - * Better warning message on setuid() failure for the setreuid() - version of set_perms(). - [308c72f601e4] <1.8> - * plugins/sudoers/sudoers.c: It appears that LDAP or NSS may modify the euid so we need to be root for the open(). We restore the old perms at the end of @@ -27416,29 +28669,8 @@ version of set_perms(). [07abcfe7bd9a] -2011-10-02 Todd C. Miller - - * NEWS: - Combine new translations in NEWS item - [0aa07471a5e6] <1.8> - 2011-09-27 Todd C. Miller - * Delref auth_pw at the end of check_user() instead of getting a ref - twice. - [1c882f2fb46c] <1.8> - - * Make sudo_auth_{init,cleanup} return TRUE on success and check for - sudo_auth_init() return value in check_user(). - [573bf35ecac9] <1.8> - - * Do not return without restoring permissions. - [2444a0b96469] <1.8> - - * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - regen pot files - [d286bce8dbb1] <1.8> - * plugins/sudoers/check.c: Delref auth_pw at the end of check_user() instead of getting a ref twice. @@ -27453,39 +28685,10 @@ Do not return without restoring permissions. [59ef40b6696a] - * NEWS: - Update for latest release candidate - [63d184ba6263] <1.8> - - * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - regen pot files - [ac3ec1315df7] <1.8> - * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: regen pot files [9f320a340b7c] - * Modify the authentication API such that the init and cleanup - functions are always called, regardless of whether or not we are - going to verify a password. This is needed for proper PAM session - support. - [ea281ca46d94] <1.8> - - * Add missing dependency for getspwgen other depends. - [9c124272910d] <1.8> - - * Fix a PAM_USER mismatch in session open/close. We update PAM_USER to - the target user immediately before setting resource limits, which is - after the monitor process has forked (so it has the old value). - Also, if the user did not authenticate, there is no pamh in the - monitor so we need to init pam here too. This means we end up - calling pam_start() twice, which should be fixed, but at least the - session is always properly closed now. - [d0866ee5f190] <1.8> - - * Add check for old being NULL in utmp_setid(); from Steven McDonald - [30cc283ac2b4] <1.8> - * plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, @@ -27521,10 +28724,6 @@ 2011-09-25 Todd C. Miller - * If the invoking user cannot be resolved by uid fake the struct - passwd and store it in the cache so we can delref it on exit. - [19d44f44d45d] <1.8> - * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: If the invoking user cannot be resolved by uid fake the struct @@ -27533,20 +28732,12 @@ 2011-09-24 Todd C. Miller - * Don't error out if the group plugin cannot be loaded, just warn. - [e91d9912c9a0] <1.8> - * plugins/sudoers/sudoers.c: Don't error out if the group plugin cannot be loaded, just warn. [0fbfcd381e33] 2011-09-23 Todd C. Miller - * Quiet a false positive found by several static analysis tools. These - tools don't know that log_error() does not return (it longjmps to - error_jmp which returns to the sudo front-end). - [3cc319e31ed6] <1.8> - * plugins/sudoers/sudoers.c: Quiet a false positive found by several static analysis tools. These tools don't know that log_error() does not return (it longjmps to @@ -27555,10 +28746,6 @@ 2011-09-22 Todd C. Miller - * Add Italian translation for sudo from translationproject.org Regen - .mo files - [c0b27f9d7e57] <1.8> - * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/eo.mo, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo, plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/it.po: @@ -27566,30 +28753,8 @@ .mo files [c3c888a82be6] - * .hgtags: - Added tag SUDO_1_8_2 for changeset 3682e51af1d0 - [f0be566e9ea2] <1.8> - 2011-09-21 Todd C. Miller - * Update to current reality and add bit about ssh auth - [48dcb86ce9be] <1.8> - - * Make "verbose" static; fixes a namespace clash with - pam_ssh_agent_auth (and it doesn't need to be extern these days). - [b60fdd82de94] <1.8> - - * configure, configure.in: - FreeBSD has libutil.h not util.h - [c03b121e0193] <1.8> - - * configure, configure.in: - Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD - [002e3e0bb173] <1.8> - - * Update po files from translationproject.org - [2b36af902213] <1.8> - * doc/TROUBLESHOOTING: Update to current reality and add bit about ssh auth [184a1e7c2eeb] @@ -27617,42 +28782,18 @@ 2011-09-16 Todd C. Miller - * NEWS: - Mention DEREF support - [dfeb152f1686] <1.8> - - * plugins/sudoers/po/sudoers.pot: - sync pot files - [1fba22e927a3] <1.8> - - * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in: - Add support for DEREF in ldap.conf. - [fe1cf6ad0add] <1.8> - * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: Add support for DEREF in ldap.conf. [3c1937a98547] * Makefile.in: install target should depend on ChangeLog too, not just install-doc - [f54e2ab633b8] <1.8> - - * Makefile.in: - install target should depend on ChangeLog too, not just install-doc [1a7c83941175] - * NEWS, configure.in, doc/sudoers.cat, doc/sudoers.man.in: - Only iolog_file (not iolog_dir) supports mktemp-style suffixes. - [44a25099594e] <1.8> - * doc/sudoers.pod: Only iolog_file (not iolog_dir) supports mktemp-style suffixes. [0eca47d60a2c] - * configure.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - regen pot files - [e14ee85cf49b] <1.8> - * NEWS: Sync with 1.8 branch for sudo 1.8.2 and 1.8.3 changes. [0501415cc5ff] @@ -27663,42 +28804,8 @@ * configure, configure.in: Fix some square brackets in case statements that needed to be - doubled up. While here, use $OSMAJOR when it makes sense. - [853c6e5f994c] <1.8> - - * Fix a crash in make_grlist_item() on 64-bit machines with strict - alignment. - [e877c89ae32f] <1.8> - - * Remove list_options() function that is no longer used now that "sudo - -L" is gone. - [f31543c80b98] <1.8> - - * configure, configure.in: - Error message if user tries --with-CC - [0ed7558b8924] <1.8> - - * configure, configure.in: - Check for -libmldap too when looking for ldap libs, which is the - Tivoli Directory Server client library. - [831e32d1453c] <1.8> - - * configure, configure.in: - Fix some square brackets in case statements that needed to be - doubled up. While here, use $OSMAJOR when it makes sense. - [8973343f4696] - - * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - regen pot files for 1.8.3 - [df2fb085cff2] <1.8> - - * NEWS, configure, configure.in, doc/sudo.cat, doc/sudo.man.in, - doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, - doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, - doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, - doc/visudo.man.in: - Update for version 1.8.3 - [38cf153add0a] <1.8> + doubled up. While here, use $OSMAJOR when it makes sense. + [8973343f4696] * plugins/sudoers/pwutil.c: Fix a crash in make_grlist_item() on 64-bit machines with strict @@ -27721,19 +28828,10 @@ 2011-09-09 Todd C. Miller - * Honor NOPASSWD tag for denied commands too. - [f473c443ad54] <1.8> - * plugins/sudoers/parse.c: Honor NOPASSWD tag for denied commands too. [8dd92656db92] - * INSTALL, configure, configure.in: - Remove --with-CC option; it doesn't work correctly now that we use - libtool. Users can get the same effect by setting the CC environment - variable when running configure. - [4f04869d74fd] <1.8> - 2011-09-08 Todd C. Miller * INSTALL, configure, configure.in: @@ -27744,10 +28842,6 @@ 2011-08-31 Todd C. Miller - * configure, configure.in: - Assume all modern systems support fstat(2). - [0422b19dced3] <1.8> - * config.h.in, configure, configure.in, plugins/sudoers/visudo.c, src/sudo_edit.c: Assume all modern systems support fstat(2). @@ -27755,11 +28849,6 @@ 2011-08-30 Todd C. Miller - * configure, configure.in: - Add configure test for missing errno declaration and only declare it - ourselves if it is missing. - [6d26974f7e16] <1.8> - * compat/regress/glob/globtest.c, config.h.in, configure, configure.in, include/missing.h, plugins/sudoers/sudoers.h, src/sudo.h, src/sudo_noexec.c: @@ -27767,10 +28856,6 @@ ourselves if it is missing. [456e76c809a2] - * Include errno.h before sudo.h to avoid conflicting with the system - definition of errno. - [8000bdc0968f] <1.8> - * plugins/sudoers/alias.c: Include errno.h before sudo.h to avoid conflicting with the system definition of errno. @@ -27778,19 +28863,6 @@ 2011-08-29 Todd C. Miller - * Only print individual check status when there is a failure. - [bbdd669e7615] <1.8> - - * Add calls to setprogname() for test programs. - [c721f3466a3a] <1.8> - - * configure, configure.in: - Add -Wall and -Werror after all tests so they don't cause failures. - [20d75ce40086] <1.8> - - * Actually run check_addr in the check target - [dcd96ef0dc57] <1.8> - * plugins/sudoers/regress/parser/check_addr.c: Only print individual check status when there is a failure. [2ac704c91441] @@ -27809,10 +28881,6 @@ Actually run check_addr in the check target [0b2778bc86bf] - * Split out address matching into its own file and add regression - tests for it. - [863f28589c24] <1.8> - * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c, plugins/sudoers/match_addr.c, plugins/sudoers/regress/parser/check_addr.c, @@ -27823,10 +28891,6 @@ 2011-08-27 Todd C. Miller - * Fix matching a network number with netmask when the network number - is not the first address in the CIDR block. - [719942c986e9] <1.8> - * plugins/sudoers/match.c: When matching an address with a netmask in sudoers, AND the mask and addr before checking against the local addresses. @@ -27838,10 +28902,6 @@ Fix netmask matching. [a3c8f8cc1464] - * Don't assume all editors support the +linenumber command line - argument, use a whitelist of known good editors. - [d8d884af3b05] <1.8> - * plugins/sudoers/visudo.c: Don't assume all editors support the +linenumber command line argument, use a whitelist of known good editors. @@ -27849,34 +28909,17 @@ 2011-08-23 Todd C. Miller - * Silence compiler warnings on Solaris with gcc 3.4.3 - [8047cdb5d6a1] <1.8> - * plugins/sudoers/set_perms.c, plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/sudo.c: Silence compiler warnings on Solaris with gcc 3.4.3 [da620bae6fdb] - * Fix building on RHEL 3 - [6bb0464a7450] <1.8> - * mkpkg: Fix building on RHEL 3 [f3227fb2a252] * INSTALL, configure, configure.in: Add --enable-werror configure option. - [aa40fd459836] <1.8> - - * setgroups() proto lives in grp.h on RHEL4, perhaps others. - [92f98cbaebf0] <1.8> - - * configure, configure.in: - Use PAM by default on AIX 6 and higher. - [7ef53d5ac819] <1.8> - - * INSTALL, configure, configure.in: - Add --enable-werror configure option. [fec2cdb95543] * common/setgroups.c: @@ -27889,9 +28932,6 @@ 2011-08-22 Todd C. Miller - * Add new Esperanto translation from translationproject.org - [109ed683b885] <1.8> - * MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo, src/po/eo.po: Add new Esperanto translation from translationproject.org @@ -27899,23 +28939,12 @@ 2011-08-19 Todd C. Miller - * Quiet an innocuous valgrind warning. - [fc453e49f9dd] <1.8> - * plugins/sudoers/iolog_path.c: Quiet an innocuous valgrind warning. [0582b6027161] 2011-08-18 Todd C. Miller - * Fix expansion of strftime() escapes in log_dir and add a regress - test that exhibited the problem. - [784e60d21f11] <1.8> - - * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - Fix "make check" return value. - [d3608efd8da6] <1.8> - * plugins/sudoers/iolog_path.c, plugins/sudoers/regress/iolog_path/data: Fix expansion of strftime() escapes in log_dir and add a regress @@ -27928,61 +28957,26 @@ 2011-08-17 Todd C. Miller - * plugins/sudoers/po/sudoers.pot: - Regen pot files - [3682e51af1d0] [SUDO_1_8_2] <1.8> - * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: Regen pot files [063841aac19b] * Makefile.in: Fix logic inversion in pot file up to date check. - [343dbbca9422] <1.8> - - * Makefile.in: - Fix logic inversion in pot file up to date check. [f6a8ca8654df] - * doc/sudo.cat, doc/sudo.man.in, doc/sudoers.cat, - doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, - doc/visudo.cat, doc/visudo.man.in: - regen docs - [96234478bde2] <1.8> - 2011-08-15 Todd C. Miller * configure, configure.in: Add caching for gettext() checks. - [4039d21424c3] <1.8> - - * configure, configure.in: - Add caching for gettext() checks. [01b7200f6105] * configure, configure.in: Better handling of libintl header and library mismatch. - [cc9faee8e486] <1.8> - - * configure, configure.in: - Better handling of libintl header and library mismatch. [9a49b1d4db69] -2011-08-14 Todd C. Miller - - * NEWS: - sync - [73649a44d934] <1.8> - 2011-08-13 Todd C. Miller - * Also check sudoers gid if sudoers is group writable. - [3d345347f6ac] <1.8> - - * NEWS: - Update for 1.8.2 final - [441c22fea363] <1.8> - * plugins/sudoers/sudoers.c: Also check sudoers gid if sudoers is group writable. [23ef96ca0d33] @@ -27992,21 +28986,8 @@ * configure, configure.in: If dlopen is present but libtool doesn't find it, error out since it probably means that libtool doesn't support the system. - [6fc7c0de4f6d] <1.8> - - * configure, configure.in: - If dlopen is present but libtool doesn't find it, error out since it - probably means that libtool doesn't support the system. [a9da0a5f7941] - * configure args on the command line should override builtin defaults. - Disable NLS for non-Linux/Solaris unless explicitly enabled. - [0ef165f892c2] <1.8> - - * Fix loop that calls authenticate(). If there was an error message - from authenticate(), display it. - [f0686011ff2e] <1.8> - * mkpkg: configure args on the command line should override builtin defaults. Disable NLS for non-Linux/Solaris unless explicitly enabled. @@ -28019,10 +29000,6 @@ 2011-08-11 Todd C. Miller - * configure, configure.in: - Update to autoconf 2.68 and libtool 2.4 - [00df5f3647e1] <1.8> - * m4/libtool.m4, m4/ltversion.m4: Update to autoconf 2.68 and libtool 2.4 [5a912a6eb67b] @@ -28031,17 +29008,10 @@ Update to autoconf 2.68 and libtool 2.4 [931ab56aecf6] - * Fix typo; OPT should be OTP - [31da1f989740] <1.8> - * doc/sudoers.pod: Fix typo; OPT should be OTP [e97bd2e46544] - * Rename libsudoers convenience library to libparsesudoers to avoid - libtool confusion. - [e9ae9d611dd5] <1.8> - * plugins/sudoers/Makefile.in: Rename libsudoers convenience library to libparsesudoers to avoid libtool confusion. @@ -28049,18 +29019,10 @@ 2011-08-10 Todd C. Miller - * Add Danish sudoers translation from translationproject.org - [fa9cd9758249] <1.8> - * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: Add Danish sudoers translation from translationproject.org [27b96e85eb13] - * Add dedicated callback function for runas_default sudoers setting - that only sets runas_pw if no runas user or group was specified by - the user. - [3fb4b18525de] <1.8> - * plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: Add dedicated callback function for runas_default sudoers setting that only sets runas_pw if no runas user or group was specified by @@ -28069,10 +29031,6 @@ 2011-08-09 Todd C. Miller - * Update Finish, Polish, Russian and Ukrainian translations from - translationproject.org. - [0fcd8f6aff0a] <1.8> - * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/ru.mo, @@ -28081,15 +29039,6 @@ translationproject.org. [f9339aff664e] - * Makefile.in: - Go back to using a callback for runas_default to keep runas_pw in - sync. This is needed to make per-entry runas_default settings work - with LDAP-based sudoers. Instead of declaring it a callback in - def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a - bit naughty, but avoids requiring stub functions in visudo and the - tests. - [4e8e70832f06] <1.8> - * plugins/sudoers/defaults.h, plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: Go back to using a callback for runas_default to keep runas_pw in @@ -28102,24 +29051,12 @@ 2011-08-05 Todd C. Miller - * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - Regen pot files - [ca5c58c599a6] <1.8> - - * Makefile.in: - Add check for out of date message catalogs when doing "make dist". - [36414e5c762b] <1.8> - * Makefile.in: Add check for out of date message catalogs when doing "make dist". [e45a29b612f4] 2011-08-02 Todd C. Miller - * configure, configure.in: - Make sure compiler supports static-libgcc before using it. - [6c98e8809291] <1.8> - * configure: regen [d6f9ad26774a] @@ -28130,19 +29067,12 @@ 2011-08-01 Todd C. Miller - * Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc - [a0a3a3fa6470] <1.8> - * src/Makefile.in: Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc [c99c7ab3edef] 2011-07-30 Todd C. Miller - * Add new Russian sudo translation from translationproject.org and - rebuild the other translation files. - [e953d7d1ca6d] <1.8> - * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/ru.mo, src/po/ru.po, @@ -28153,19 +29083,10 @@ 2011-07-29 Todd C. Miller - * Update Finish and Polish translations from translationproject.org - [17e408d73c85] <1.8> - * plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po: Update Finish and Polish translations from translationproject.org [4e3dbba4a1de] - * Go back to escaping the command args for "sudo -i" and "sudo -s" - before calling the plugin. Otherwise, spaces in the command args are - not treated properly. The sudoers plugin will unescape non- spaces - to make matching easier. - [f666191a4e80] <1.8> - * plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c: Go back to escaping the command args for "sudo -i" and "sudo -s" before calling the plugin. Otherwise, spaces in the command args are @@ -28175,10 +29096,6 @@ 2011-07-28 Todd C. Miller - * Fix some potential problems found by the clang static analyzer, none - serious. - [c1ab4b940980] <1.8> - * plugins/sudoers/check.c, plugins/sudoers/group_plugin.c, plugins/sudoers/ldap.c, plugins/sudoers/parse.c, plugins/sudoers/set_perms.c, plugins/sudoers/toke.c, @@ -28187,10 +29104,6 @@ serious. [ff64aa74aae6] - * Updated Ukranian and Chinese (simplified) po files from - translationproject.org - [792a66672715] <1.8> - * plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po, src/po/zh_CN.po: Updated Ukranian and Chinese (simplified) po files from @@ -28199,30 +29112,14 @@ 2011-07-27 Todd C. Miller - * Updated Polish translation from translationproject.org - [5f434cc04482] <1.8> - * plugins/sudoers/po/pl.po: Updated Polish translation from translationproject.org [a3af53cb649c] * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: Rebuild pot files - [639230dbd741] <1.8> - - * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - Rebuild pot files [c650524c0f0a] - * Don't try to audit failure if the runas user does not exist. We - don't have the user's command at this point so there is nothing to - audit. Add a NULL check in audit_success() and audit_failure() just - to be on the safe side. - [2bfb96a32b00] <1.8> - - * Add -g to CFLAG for PIE builds. - [e4c94977ca4e] <1.8> - * plugins/sudoers/audit.c, plugins/sudoers/sudoers.c: Don't try to audit failure if the runas user does not exist. We don't have the user's command at this point so there is nothing to @@ -28236,15 +29133,6 @@ 2011-07-25 Todd C. Miller - * Remove fallback to per-group lookup when matching groups in sudoers. - The sudo front-end will now use getgrouplist() to get the user's - list of groups if getgroups() fails or returns zero groups so we - always have a list of the user's groups. For systems with - mbr_check_membership() which support more that NGROUPS_MAX groups - (Mac OS X), skip the call to getgroups() and use getgrouplist() so - we get all the groups. - [168d6d4a386b] <1.8> - * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c: Remove fallback to per-group lookup when matching groups in sudoers. @@ -28258,62 +29146,22 @@ 2011-07-22 Todd C. Miller - * Fix setgroups() fallback code on EINVAL. - [dd1310945ab3] <1.8> - * common/setgroups.c: Fix setgroups() fallback code on EINVAL. [2b6faecd56a4] - * Fix two PERM_INITIAL cases that were still using user_gids. - [d497d0d47a23] <1.8> - * plugins/sudoers/set_perms.c: Fix two PERM_INITIAL cases that were still using user_gids. [9680bab0acc6] - * Add Polish sudo message catalog - [1a0aa3f9f179] <1.8> - * MANIFEST: Add Polish sudo message catalog [8bb40c3ba576] - * user_group is no longer used, remove it - [379185a76094] <1.8> - * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: user_group is no longer used, remove it [9acede0fe6c5] -2011-07-21 Todd C. Miller - - * Add Polish translation from translationproject.org - [2e7cdfe4ef41] <1.8> - - * Add a wrapper for setgroups() that trims off extra groups and - retries if setgroups() fails. Also add some missing addrefs for - PERM_USER and PERM_FULL_USER. - [bacb4170a510] <1.8> - - * configure, configure.in: - Instead of keeping separate groups and gids arrays, create struct - group_info and use it to store both, along with a count for each. - Cache group info on a per-user basis using getgrouplist() to get the - groups. We no longer need special to special case the user or list - user for user_in_group() and thus no longer need to reset the groups - list when listing another user. - [f1d8962821a0] <1.8> - - * Don't rely on NULL since we don't include a header for it. - [ed46286f848b] <1.8> - - * Fix typo - [a38b8fbb0e70] <1.8> - - * Do not shadow global sudo_mode with a local variable in set_cmnd() - [8e462ebafea4] <1.8> - 2011-07-20 Todd C. Miller * MANIFEST, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po: @@ -28359,15 +29207,6 @@ 2011-07-17 Todd C. Miller - * bash 2.x doesd not support the -l flag and exits with an error if it - is specified so use --login instead. This causes an error with bash - 1.x (which uses -login instead) but this version is hopefully less - used than 2.x. - [73020a67b9d5] <1.8> - - * Add Polish translation from translationproject.org - [8cac0da9ffb1] <1.8> - * plugins/sudoers/sudoers.c: bash 2.x doesd not support the -l flag and exits with an error if it is specified so use --login instead. This causes an error with bash @@ -28381,41 +29220,24 @@ 2011-07-13 Todd C. Miller - * Make error strings translatable. - [d1ff594f27b5] <1.8> - * plugins/sudoers/set_perms.c: Make error strings translatable. [414c5c484768] - * Only run configure with --with-pam-login for RHEL 5 and above. - [2f1a0ff5230e] <1.8> - * mkpkg: Only run configure with --with-pam-login for RHEL 5 and above. [6c16e4de4026] - * Fix typo in summary - [1e1d7dcae9ab] <1.8> - * sudo.pp: Fix typo in summary [9ac618c9a749] 2011-07-11 Todd C. Miller - * Add missing logwrap.c - [abcd28c194d2] <1.8> - * plugins/sudoers/logwrap.c: Add missing logwrap.c [c12a413ecc1d] - * Split out log file word wrap code into its own file and add unit - tests. Fixes an off-by one in the word wrap when the log line length - matches loglinelen. - [0ae1c7aa9ef1] <1.8> - * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/logging.c, plugins/sudoers/logging.h, plugins/sudoers/regress/logging/check_wrap.c, @@ -28428,18 +29250,11 @@ 2011-07-05 Todd C. Miller - * For SuSE, only use /usr/lib64 as libexec if generating 64-bit - binaries. - [4448fa1c639f] <1.8> - * mkpkg: For SuSE, only use /usr/lib64 as libexec if generating 64-bit binaries. [645ab903cf77] - * Fix build error when --without-noexec configure option is used. - [f6bfd748ae45] <1.8> - * src/load_plugins.c, src/sudo.c: Fix build error when --without-noexec configure option is used. [b994f7b0d8b4] @@ -28447,31 +29262,10 @@ * configure, configure.in: Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX 5.3 and above. - [9d957ae1840d] <1.8> - - * configure, configure.in: - Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX 5.3 - and above. [c2a6f9b472f3] -2011-07-03 Todd C. Miller - - * NEWS, doc/UPGRADE: - Document group lookup change and possible side effects. - [fe4b2d2701b2] <1.8> - 2011-07-01 Todd C. Miller - * Resolve the list of gids passed in from the sudo frontend (the - result of getgroups()) to names and store both the group names and - ids in the sudo_user struct. When matching groups in the sudoers - file, match based on the names in the groups list first and only do - a gid-based match when we absolutely have to. By matching on the - group name (as it is listed in sudoers) instead of id (which we - would have to resolve) we save a lot of group lookups for sudoers - files with a lot of groups in them. - [c10d208bd7e5] <1.8> - * plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: @@ -28485,18 +29279,8 @@ files with a lot of groups in them. [8dc19353f148] -2011-06-29 Todd C. Miller - - * NEWS: - Update for 1.8.2rc5 - [f6a3aa2edf7a] <1.8> - 2011-06-26 Todd C. Miller - * Workaround for "sudo -i command" and newer versions of bash which - don't go into login mode when -c is specified unless -l is too. - [381e74d35006] <1.8> - * plugins/sudoers/sudoers.c: Workaround for "sudo -i command" and newer versions of bash which don't go into login mode when -c is specified unless -l is too. @@ -28504,10 +29288,6 @@ 2011-06-23 Todd C. Miller - * Rewrite logfile word wrapping code to be more straight-forward and - actually wrap at the correct place. - [8a7862d6a82f] <1.8> - * plugins/sudoers/logging.c: Rewrite logfile word wrapping code to be more straight-forward and actually wrap at the correct place. @@ -28515,18 +29295,6 @@ 2011-06-22 Todd C. Miller - * NEWS: - Fix typo - [2456ad2ad3e3] <1.8> - - * NEWS: - Mention use_pty bug fix - [f4eab5193452] <1.8> - - * Set use_pty=true in command details when use_pty is set in sudoers. - From Ludwig Nussel - [abaafc5793d9] <1.8> - * doc/CONTRIBUTORS, doc/contributors.pod, plugins/sudoers/sudoers.c: Set use_pty=true in command details when use_pty is set in sudoers. From Ludwig Nussel @@ -28534,9 +29302,6 @@ 2011-06-20 Todd C. Miller - * Sync Chinese (simplified) PO files from translationproject.org - [a4cf84dd9ddf] <1.8> - * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po: Sync Chinese (simplified) PO files from translationproject.org @@ -28544,10 +29309,6 @@ 2011-06-18 Todd C. Miller - * Add Danish translation from translationproject.org and add missing - Basque mo files. - [672b88adcc34] <1.8> - * MANIFEST, plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo, src/po/da.mo, src/po/da.po, src/po/eu.mo: Add Danish translation from translationproject.org and add missing @@ -28557,36 +29318,18 @@ * Makefile.in, configure, configure.in: No longer need to specify LINGUAS in configure, "make install-nls" now just installs all the .mo files it finds. - [c226a39ece48] <1.8> - - * Makefile.in, configure, configure.in: - No longer need to specify LINGUAS in configure, "make install-nls" - now just installs all the .mo files it finds. [fcd45cf04885] 2011-06-17 Todd C. Miller - * Build CONTRIBUTORS from newly-added contributors.pod - [b8871dd293ff] <1.8> - * MANIFEST, doc/CONTRIBUTORS, doc/Makefile.in, doc/contributors.pod: Build CONTRIBUTORS from newly-added contributors.pod [8b192f2720f4] - * Rework the wording in the leading paragraph - [d8b081dedeb3] <1.8> - * doc/CONTRIBUTORS: Rework the wording in the leading paragraph [312044145cdd] -2011-06-16 Todd C. Miller - - * Add a CONTRIBUTORS file with the names of folks who have contributed - code or patches to sudo since I started maintaining it (plus the - original authors). - [8b064e8996af] <1.8> - 2011-06-14 Todd C. Miller * MANIFEST, doc/CONTRIBUTORS: @@ -28597,11 +29340,6 @@ 2011-06-13 Todd C. Miller - * Preserve SHELL variable for "sudo -s". Otherwise we can end up with - a situation where the SHELL variable and the actual shell being run - do not match. - [8f5bb61a8b76] <1.8> - * plugins/sudoers/env.c: Preserve SHELL variable for "sudo -s". Otherwise we can end up with a situation where the SHELL variable and the actual shell being run @@ -28613,39 +29351,6 @@ * configure, configure.in: Only enable Solaris project support when setproject() is present in libproject. - [bf370ff3c194] <1.8> - - * Explicitly set mode and owner of /etc/sudoers instead of relying on - "cp -p" to work in the postinstall script. On AIX 6.1 at least the - postinstall script runs before the final file permissions are set. - [7a4a87405349] <1.8> - - * Refer the user to the "Command Environment" section in description - of sudo's -i option. - [1a063eaf9670] <1.8> - - * Fix typo - [442c50370c44] <1.8> - - * If there is no old dependency for an object file, use the MANIFEST - to find its source. - [d95c77ad283f] <1.8> - - * Remove dependency for getgrouplist.lo as we don't ship that source - file. - [bbede77e6256] <1.8> - - * Do not declare yyparse() static as the actual function generated by - yacc is extern. - [8e615bd15a4c] <1.8> - - * Makefile.in: - Remove locale files in "make uninstall" - [9791be90d5ac] <1.8> - - * configure, configure.in: - Only enable Solaris project support when setproject() is present in - libproject. [49ad7857ab89] * sudo.pp: @@ -28690,33 +29395,11 @@ Remove locale files in "make uninstall" [201ff261ecbe] - * configure.in: - Add Basque translation and sync Finish and Ukranian translations. - [64af34789164] <1.8> - * configure.in, plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po, plugins/sudoers/po/uk.po, src/po/eu.po: Add Basque translation and sync Finish and Ukranian translations. [66d2c78c8a13] - * NEWS: - Update PAM change to reflect latest checkin. - [657cddf2077a] <1.8> - - * configure, configure.in: - FreeBSD no longer needs the main sudo binary to link with -lpam now - that plug-ins are loaded with RTLD_GLOBAL. - [573a6f4b29af] <1.8> - - * Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes - problems with pam modules not having access to symbols provided by - libpam on some platforms. Affects FreeBSD and SLES 10 at least. - [4ec864fdba46] <1.8> - - * Makefile.in: - Move xgettext invocation out of update-po target into update-pot - [421ac1a073ea] <1.8> - * configure, configure.in: FreeBSD no longer needs the main sudo binary to link with -lpam now that plug-ins are loaded with RTLD_GLOBAL. @@ -28736,15 +29419,6 @@ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: Regenerate .pot files for 1.8.2rc2 - [d2a891e3d3dd] <1.8> - - * Makefile.in: - Move nls targets to the top level Makefile so the paths in the pot - file are saner - [6c256cb77f78] <1.8> - - * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - Regenerate .pot files for 1.8.2rc2 [c3037f591dd8] * Makefile.in, common/Makefile.in, compat/Makefile.in, @@ -28755,45 +29429,15 @@ file are saner [65b9285cd8d9] - * NEWS: - Update 1.8.2 news - [17bd04278b04] <1.8> - - * Add compiled version of sudo Finish translation - [ff9d20a02aa0] <1.8> - * src/po/fi.mo: Add compiled version of sudo Finish translation [8f2405384ea3] - * Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo - files - [60c4f3b3829c] <1.8> - * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo: Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo files [a165e70fa9ec] - * configure, configure.in: - Add Finish translation from translationproject.org - [ade788a35521] <1.8> - - * The group named by exempt_group should not have a % prefix. - [1f74c691c1e1] <1.8> - - * Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin" - [58d36c0e76f9] <1.8> - - * Fix compressed io log corruption in background mode by using _exit() - instead of exit() to avoid flushing buffers twice. - - Improved background mode support. When not allocating a pty, the - command is run in its own process group. This prevents write access - to the tty. When running in a pty, stdin is not hooked up and we - never read from /dev/tty, which results in similar behavior. - [fe50d6a5c5b9] <1.8> - * configure, configure.in, plugins/sudoers/po/fi.po: Add Finish translation from translationproject.org [4466f8a96ceb] @@ -28822,13 +29466,6 @@ never read from /dev/tty, which results in similar behavior. [87c15149894c] - * Clean up regress files Generate proper dependencies for regress objs - in compat - [264196584549] <1.8> - - * Add missing dependency for check_fill.o. - [c41f4e6ff078] <1.8> - * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in: Clean up regress files Generate proper dependencies for regress objs in compat @@ -28838,12 +29475,6 @@ Add missing dependency for check_fill.o. [0bd6362e3e17] -2011-05-30 Todd C. Miller - - * INSTALL, configure, configure.in: - Add support for --enable-nls[=location] - [0ea8e7bd1739] <1.8> - 2011-05-29 Todd C. Miller * INSTALL, configure, configure.in: @@ -28852,53 +29483,20 @@ 2011-05-28 Todd C. Miller - * Include gettext.h - [fe8bab6403c6] <1.8> - * plugins/sudoers/linux_audit.c: Include gettext.h [7f909a6e48cb] - * Quiet gcc warnings. - [aa16d09710a7] <1.8> - * plugins/sudoers/ldap.c, plugins/sudoers/parse.c: Quiet gcc warnings. [b41a6cdca583] * configure, configure.in: Don't install .mo files if gettext was not found. - [c6b233e829aa] <1.8> - - * configure, configure.in: - Don't install .mo files if gettext was not found. [1397b34cc165] 2011-05-27 Todd C. Miller - * Always allocate a pty when running a command in the background but - call setsid() after forking to make sure we don't end up with a - controlling tty. - [77c6b2923714] <1.8> - - * Add missing space between command name and the first command line - argument. - [d0a36b9c0f38] <1.8> - - * Quiet a compiler warning on some platforms. - [654e76cf0574] <1.8> - - * README file that directs people to translationproject.org - [5545e9a5ae37] <1.8> - - * Sync translations with TP - [b054ce577022] <1.8> - - * Makefile.in: - Add 'sync-po' target to top-level Makefile to rsync the po files - from translationproject.org. - [87a5011b0410] <1.8> - * src/exec.c: Always allocate a pty when running a command in the background but call setsid() after forking to make sure we don't end up with a @@ -28927,25 +29525,14 @@ from translationproject.org. [20508211aaa3] - * install nls files from install target - [a3feba9ef323] <1.8> - * plugins/sudoers/Makefile.in: install nls files from install target [5fc07b6cab38] - * Makefile.in: - Include .mo files in sudo binary packags. - [bc3ee7e7fb44] <1.8> - * Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, sudo.pp: Include .mo files in sudo binary packags. [278d4821a916] - * configure, configure.in: - Add simplified chinese translation - [c22e6842c766] <1.8> - * configure, configure.in, plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po: Add simplified chinese translation @@ -28953,23 +29540,11 @@ 2011-05-26 Todd C. Miller - * configure, configure.in: - Add ukranian translation - [0bb9e6437f0f] <1.8> - * configure, configure.in, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/uk.mo, src/po/uk.po: Add ukranian translation [2d8102688e93] - * refer to siglist.c, not ./siglist.c since not all makes will treat - foo and ./foo the same. - [909051ff6061] <1.8> - - * Set def_preserve_groups before searching for the command when the -P - flag is specified. - [08e9378f50e4] <1.8> - * compat/Makefile.in: refer to siglist.c, not ./siglist.c since not all makes will treat foo and ./foo the same. @@ -28980,35 +29555,20 @@ flag is specified. [0edc7942f875] - * Makefile.in: - Add dependency for siglist.lo in compat. This is a generated file so - "make depend" needs to depend on it. - [e6c0daf36af0] <1.8> - * Makefile.in, compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in: Add dependency for siglist.lo in compat. This is a generated file so "make depend" needs to depend on it. [28d0932f8b50] - * More dependency fixes. - [7fed03624689] <1.8> - * compat/Makefile.in: More dependency fixes. [aad0d05cd020] - * Fix a few dependencies. - [7cb86c721961] <1.8> - * compat/Makefile.in: Fix a few dependencies. [eb21aa35a032] - * Place compiled mo files in the src dir, not the build dir. When - installing compiled mo files, display a status message. - [b87aa18a9968] <1.8> - * plugins/sudoers/Makefile.in, src/Makefile.in: Place compiled mo files in the src dir, not the build dir. When installing compiled mo files, display a status message. @@ -29016,40 +29576,15 @@ 2011-05-25 Todd C. Miller - * Tivoli Directory Server requires that seconds be present in a - timestamp, even though RFC 4517 states that they are optional. - [47ebf110ea7a] <1.8> - * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: Tivoli Directory Server requires that seconds be present in a timestamp, even though RFC 4517 states that they are optional. [55fe23dd4ef9] - * Add missing bit of copyright - [d05d28a91bc4] <1.8> - * plugins/sudoers/sudo_nss.h: Add missing bit of copyright [d2eba3c364ca] - * Mention cycle detection warnings - [ee8231aa1aed] <1.8> - - * When checking aliases, also check the contents of the alias in case - there are problems with an alias that is referenced inside another. - Replace the self reference check with real alias cycle detection. - [abcfe1bc95d8] <1.8> - - * Set errno to ELOOP in alias_find() if there is a cycle. Set errno to - ENOENT in alias_find() and alias_remove() if the entry could not be - found. - [e73d169f4e9b] <1.8> - - * Increment alias_seqno before calls to alias_remove_recursive() to - avoid false positives with the alias loop detection. Fixes spurious - warnings about unused aliases when they are nested. - [ac094820ef19] <1.8> - * doc/visudo.pod: Mention cycle detection warnings [a76bef15ab67] @@ -29072,20 +29607,6 @@ warnings about unused aliases when they are nested. [a344483b8193] - * add mkdep.pl - [3721e9654ba6] <1.8> - - * Add dependency on convenience libs to binaries - [8a4db8226dfe] <1.8> - - * Makefile.in: - mkdep.pl only works when run from the src dir - [2480427a0680] <1.8> - - * Makefile.in: - Auto-generate Makefile dependencies with a perl script. - [ef5f56907d97] <1.8> - * MANIFEST: add mkdep.pl [86b7ed33eab2] @@ -29106,13 +29627,6 @@ 2011-05-23 Todd C. Miller - * If the user specifies a runas group via sudo's -g option that - matches the runas user's group in the passwd database and that group - is not denied in the Runas_Spec, allow it. Thus, if user root's gid - in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if - no groups are present in the Runas_Spec. - [942e1e7c5090] <1.8> - * plugins/sudoers/match.c: If the user specifies a runas group via sudo's -g option that matches the runas user's group in the passwd database and that group @@ -29123,45 +29637,16 @@ 2011-05-22 Todd C. Miller - * NEWS: - Mention what is new in 1.8.2 (for now) - [d44b26eceee5] <1.8> - - * Add dependencies on gettext.h - [32c61c6af852] <1.8> - * plugins/sudoers/Makefile.in, src/Makefile.in: Add dependencies on gettext.h [a3a9dc51f78b] - * Fix install-nls target with HP-UX sh when gettext is not present. - [3441cece9638] <1.8> - * plugins/sudoers/Makefile.in, src/Makefile.in: Fix install-nls target with HP-UX sh when gettext is not present. [0c6b9655cd41] - * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, - doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, - doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: - Regen for sudo 1.8.2 - [9ea124b542cc] <1.8> - 2011-05-20 Todd C. Miller - * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: - regenerate .pot files for lbuf changes - [a8a9cc62c3a5] <1.8> - - * configure, configure.in: - Add missing "checking" message for gettext when using the cache. - [4136bc346576] <1.8> - - * Add primitive format string support to the lbuf code to make - translations simpler. - [22fc74618d09] <1.8> - * plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot: regenerate .pot files for lbuf changes @@ -29178,132 +29663,6 @@ translations simpler. [ee71c7ef5299] - * configure, configure.in, plugins/sudoers/po/sudoers.pot, - src/po/sudo.pot: - Bump version to 1.8.2 - [999de1ac5b3e] <1.8> - - * Add message catalog template files for sudo and the sudoers module. - [6afad75e7afa] <1.8> - - * configure.in: - Add gettext.h convenience header. This is similar to but distinct - from the one included with the gettext package. - [5ae5a86e0d06] <1.8> - - * configure, configure.in: - Add checks for nroff -c and -Tascii flags - [580c21905280] <1.8> - - * configure, configure.in: - Add check for HP bundled C Compiler (which cannot create shared - libs) - [34f616cbb0f3] <1.8> - - * Fix C format warnings. - [f20a43a817f0] <1.8> - - * Add __printflike - [76bf8a4bf075] <1.8> - - * Translate help / usage strings. - [16c5b7902d4c] <1.8> - - * Set --msgid-bugs-address to the bugzilla url - [3e3cfa7b4ceb] <1.8> - - * INSTALL, Makefile.in, README, configure, configure.in: - Add scaffolding to update .po files and install .mo files. - [a51e60b35e47] <1.8> - - * Minor warning/error cleanup - [593144ac87ff] <1.8> - - * configure.in: - Emulate ngettext for the non-nls case - [7cdf82de4dee] <1.8> - - * Do not mark untranslatable strings for translation - [088271ed02d0] <1.8> - - * Use ROOT_UID not 0. - [f901fa2fdaf2] <1.8> - - * Minor warning/error message cleanup - [b99c7ef46236] <1.8> - - * cannot -> "unable to" in warning/error messages can't -> "unable to" - in warning/error messages - [5119140fabc7] <1.8> - - * configure, configure.in: - FreeBSD needs the main sudo executable to link with -lpam when - loading dynaic pam modules for some reason. - [738b6778a505] <1.8> - - * We don't want to translate debugging messages. - [357a575c2dfd] <1.8> - - * configure, configure.in: - Add calls to bindtextdomain() and textdomain() Currently there are - two domains, one for the sudo front-end and one for the sudoers - plugin and its associated utilities. - [907f39439d80] <1.8> - - * configure, configure.in: - Fix caching of libc gettext check. - [e229c21f412f] <1.8> - - * Mark defaults descriptions for translation - [65e03d1f8203] <1.8> - - * NEWS: - Update for sudo 1.8.1p2 - [89c31f2aa11e] <1.8> - - * Quiet compiler warning when SELinux is enabled. - [51b1d7c8aa86] <1.8> - - * dd missing includes of libintl.h. - [25662143d36d] <1.8> - - * Fix gettext marker. - [7618856ba5de] <1.8> - - * Include libint.h where needed. - [cc256b297b9d] <1.8> - - * Prepare sudoers module messages for translation. - [1b7f0bbaa55f] <1.8> - - * Only check gid of sudoers file if it is group-readable. - [f3cae943f35a] <1.8> - - * For AIX, keep calling authenticate() until reenter reaches 0. - [e412676bac73] <1.8> - - * configure, configure.in: - Cache the status of the initial gettext() check. - [c32281768c0f] <1.8> - - * INSTALL, configure, configure.in: - Add --disable-nls flag and improve checks for gettext. - [b39674c1e538] <1.8> - - * configure, configure.in: - When building with gcc on HP-UX, use -march=1.1 to produce portable - binaries on a pa-risc2 host. Previously, the +Dportable option was - used for the HP-UX C compiler but gcc always produced native - binaries. - [41351c23ad41] <1.8> - - * Prepare sudo front end messages for translation. - [7807d6f74dac] <1.8> - - * configure, configure.in: - Add initial scaffolding to support localization via gettext() - [cdbbff7e6376] <1.8> - * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot: Add message catalog template files for sudo and the sudoers module. @@ -29359,22 +29718,10 @@ update copyright year [fa0c62523875] - * doc/license.pod: - update copyright year - [d681661f03cc] <1.8> - * INSTALL, README: No need to include version number at the top of these files. [9f2981325351] - * INSTALL, README: - No need to include version number at the top of these files. - [7e11f673f773] <1.8> - - * README: - This is sudo 1.8.1 not 1.8.0 - [4d674f230d8a] <1.8> - 2011-05-18 Todd C. Miller * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/env.c, @@ -29532,20 +29879,12 @@ Add initial scaffolding to support localization via gettext() [7d47b59fcf95] - * Don't let the fnmatch/glob macros expand the function prototype. - [d449e9a8f447] <1.8> - * compat/fnmatch.h, compat/glob.h: Don't let the fnmatch/glob macros expand the function prototype. [a9014aa0288e] 2011-05-03 Todd C. Miller - * Resolve namespace collisions on HP-UX ia64 and possibly others by - adding a rpl_ prefix to our fnmatch and glob replacements and - #defining rpl_foo to foo in the header files. - [d23889375b21] <1.8> - * compat/fnmatch.c, compat/fnmatch.h, compat/glob.c, compat/glob.h: Resolve namespace collisions on HP-UX ia64 and possibly others by adding a rpl_ prefix to our fnmatch and glob replacements and @@ -29554,12 +29893,6 @@ 2011-04-29 Todd C. Miller - * Split ALL, ROLE and TYPE into their own actions. Since you can only - have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in - the non-SELinux case. This is safe because the actions are in one - big switch() statement. - [0bd9b7e37ab1] <1.8> - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Split ALL, ROLE and TYPE into their own actions. Since you can only have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in @@ -29567,17 +29900,6 @@ big switch() statement. [7473fc2cfa2c] - * Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie. - [8dec97b359e0] <1.8> - - * askpass moved from sudoers to sudo.conf in sudo 1.8.0 - [1001d87d82ed] <1.8> - - * Remove obsolete warning about runas_default and ordering. Move - syslog facility and priority lists into the section where the - relevant options are described. - [1286b9624021] <1.8> - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie. [9be3480c2865] @@ -29596,17 +29918,6 @@ 2011-04-26 Todd C. Miller - * Fix SIA support; we no longer have access to the real argc and argv - so allocate space for a fake one and use the argv passed to the - plugin with "sudo" for argv[0]. - [7c11eeffb91c] <1.8> - - * Remove useless realloc when trying to get the buffer size right. - [58128e7f4e28] <1.8> - - * Be explicit when setting euid to 0 before call to setreuid(0, 0) - [95769a564ab8] <1.8> - * plugins/sudoers/auth/sia.c: Fix SIA support; we no longer have access to the real argc and argv so allocate space for a fake one and use the argv passed to the @@ -29625,16 +29936,6 @@ 2011-04-18 Todd C. Miller - * NEWS: - sudo 1.8.1p1 updates - [de3d688b5bb1] <1.8> - - * configure, configure.in: - Need to do checks for krb5_verify_user, krb5_init_secure_context and - krb5_get_init_creds_opt_alloc regardless of whether or - notkrb5-config is present. - [456c4a9cd5d6] <1.8> - * configure, configure.in: Need to do checks for krb5_verify_user, krb5_init_secure_context and krb5_get_init_creds_opt_alloc regardless of whether or not @@ -29643,11 +29944,6 @@ 2011-04-15 Todd C. Miller - * Work around weird AIX saved uid semantics on setuid() and - setreuid(). On AIX, setuid() will only set the saved uid if the euid - is already 0. - [5d0a69e9d181] <1.8> - * plugins/sudoers/set_perms.c: Work around weird AIX saved uid semantics on setuid() and setreuid(). On AIX, setuid() will only set the saved uid if the euid @@ -29656,17 +29952,10 @@ 2011-04-14 Todd C. Miller - * update copyright year - [fa8da6d55783] <1.8> - * sudo.pp: update copyright year [1c42d579ba6e] - * Treat a missing includedir like an empty one and do not return an - error. - [5fd9fe004728] <1.8> - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Treat a missing includedir like an empty one and do not return an error. @@ -29674,12 +29963,6 @@ 2011-04-12 Todd C. Miller - * Fix ARCH setting in cross-compile Solaris packages. - [8ce40940f6c9] <1.8> - - * Fix aix version setting. - [02a9e25d46ba] <1.8> - * pp: Fix ARCH setting in cross-compile Solaris packages. [b0de281cc889] @@ -29688,10 +29971,6 @@ Fix aix version setting. [98437dbfb085] - * Remove extraneous parens in LDAP filter when sudoers_search_filter - is enabled that causes a search error. From Matthew Thomas. - [b67be9b51ec6] <1.8> - * plugins/sudoers/ldap.c: Remove extraneous parens in LDAP filter when sudoers_search_filter is enabled that causes a search error. From Matthew Thomas. @@ -29699,58 +29978,27 @@ 2011-04-11 Todd C. Miller - * Correct sizeof() to fix test failure. - [a11b89fd13f9] <1.8> - * plugins/sudoers/regress/iolog_path/check_iolog_path.c: Correct sizeof() to fix test failure. [fd2f7c0c0572] - * "install" target should depend on "install-dirs". Fixes "make -j" - problem and closes bz #487. From Chris Coleman. - [06ab0558f848] <1.8> - * plugins/sudoers/Makefile.in: "install" target should depend on "install-dirs". Fixes "make -j" problem and closes bz #487. From Chris Coleman. [083902d38edb] -2011-04-09 Todd C. Miller - - * .hgtags: - Added tag SUDO_1_8_1 for changeset 0ed6281995f0 - [543d41a163e9] <1.8> - - * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, - doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, - doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, - doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: - Regen man pages for 1.8.1 - [0ed6281995f0] [SUDO_1_8_1] <1.8> - 2011-04-07 Todd C. Miller - * Add HAVE_RFC1938_SKEYCHALLENGE - [c0d7eb39799d] <1.8> - * config.h.in: Add HAVE_RFC1938_SKEYCHALLENGE [a94cb33758a8] 2011-04-06 Todd C. Miller - * Mention plugin loading and libgcc changes - [b74929cba37c] <1.8> - * NEWS: Mention plugin loading and libgcc changes [e11b30b5026a] - * Load plugins after parsing arguments and potentially printing the - version. That way, an error loading or initializing a plugin doesn't - break "sudo -h" or "sudo -V". - [c1ecb5979cf0] <1.8> - * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h: Load plugins after parsing arguments and potentially printing the version. That way, an error loading or initializing a plugin doesn't @@ -29760,57 +30008,21 @@ * Makefile.in: When using a sub-shell to invoke the sub-make, exec make instead of running it inside the shell to avoid an extra process. - [9439f016c993] <1.8> - - * Makefile.in: - When using a sub-shell to invoke the sub-make, exec make instead of - running it inside the shell to avoid an extra process. [fd2c04a71fbf] - * Stop testing unspecified behavior in fnmatch Make glob test more - portable - [87a91d76fbff] <1.8> - - * No need to add current dir to include path and having it breaks the - test programs that expect to get the system glob.h and fnmatch.h - [3ae7f9e7b710] <1.8> - * compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c: Stop testing unspecified behavior in fnmatch Make glob test more portable - [229803093725] - - * compat/Makefile.in: - No need to add current dir to include path and having it breaks the - test programs that expect to get the system glob.h and fnmatch.h - [68085f624be4] - - * configure, configure.in: - Fix and document --with-plugindir; partially from Diego Elio Petteno - [0220a0c2606f] <1.8> - - * INSTALL, configure, configure.in: - Fix and document --with-plugindir; partially from Diego Elio Petteno - [07edc52ea89e] - - * Fix fnmatch and glob tests to not use hard-coded flag values in the - input file. Link test programs with libreplace so we get our - replacement verions as needed. - [66bab80241e0] <1.8> - - * Makefile.in: - If make in a subdir fails, fail the target in the upper level - Makefile too. Adapted from a patch from Diego Elio Petteno - [bc35b7813507] <1.8> - - * configure, configure.in: - Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also - has this. Adapted from a patch from Diego Elio Petteno - [bb6228f484b9] <1.8> + [229803093725] - * Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@ - directly. - [47e6d5fadc6d] <1.8> + * compat/Makefile.in: + No need to add current dir to include path and having it breaks the + test programs that expect to get the system glob.h and fnmatch.h + [68085f624be4] + + * INSTALL, configure, configure.in: + Fix and document --with-plugindir; partially from Diego Elio Petteno + [07edc52ea89e] * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c, compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c, @@ -29838,26 +30050,12 @@ * configure, configure.in: Fix warnings when -without-skey, --without-opie, --without-kerb4, --without-kerb5 or --without-SecurID were specified. - [1b75035dd129] <1.8> - - * configure, configure.in: - Fix warnings when -without-skey, --without-opie, --without-kerb4, - --without-kerb5 or --without-SecurID were specified. [71ad150f4d24] - * Add plugins/sudoers/sudoers_version.h - [1d470c6033ca] <1.8> - * MANIFEST: Add plugins/sudoers/sudoers_version.h [7423966de440] - * configure, configure.in: - Back out the --with-libpath addition to SUDOERS_LDFLAGS since that - now include LDFLAGS in the sudoers Makefile.in. Add missing settng - of @LDFLAGS@ in plugin Makefile.in files. - [dd237f43aa12] <1.8> - * configure, configure.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: Back out the --with-libpath addition to SUDOERS_LDFLAGS since that @@ -29867,20 +30065,10 @@ 2011-04-05 Todd C. Miller - * Mention %#gid support in User_List and Runas_List - [37e259b9181b] <1.8> - * NEWS: Mention %#gid support in User_List and Runas_List [5a983dff017a] - * Keep track of sudoers grammar version and report it in the -V - output. - [0e0b891dd8a4] <1.8> - - * Add multiple inclusion guard - [ec6884f51ea8] <1.8> - * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_version.h, plugins/sudoers/visudo.c: Keep track of sudoers grammar version and report it in the -V @@ -29891,13 +30079,6 @@ Add multiple inclusion guard [50853aed046e] - * configure, configure.in: - The --with-libpath option now adds to SUDOERS_LDFLAGS as well as - LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and - set it to -Wc,-static-libgcc if not using GNU ld so we don't have a - dependency on the shared libgcc in sudoers.so. - [28d03f3eb0d2] <1.8> - * configure, configure.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: The --with-libpath option now adds to SUDOERS_LDFLAGS as well as @@ -29906,19 +30087,12 @@ dependency on the shared libgcc in sudoers.so. [66ad8bc5e32d] - * Fix typo; from Petr Uzel - [d19b9bd92bd3] <1.8> - * doc/sudoers.pod: Fix typo; from Petr Uzel [f9a7afd80892] 2011-04-01 Todd C. Miller - * In dump-only mode, use "root" as the default username instead of - "nobody" as the latter may not be available on all systems. - [b304111616dd] <1.8> - * plugins/sudoers/testsudoers.c: In dump-only mode, use "root" as the default username instead of "nobody" as the latter may not be available on all systems. @@ -29926,19 +30100,10 @@ 2011-03-31 Todd C. Miller - * Remove NewArgv/NewArgc, they are no longer needed. - [c0a36a42a68c] <1.8> - * plugins/sudoers/testsudoers.c: Remove NewArgv/NewArgc, they are no longer needed. [16e18f734c7e] - * Fix setting of user_args - [529e79ea95d1] <1.8> - - * Add '!' token to lex tracing - [aef295d428e7] <1.8> - * plugins/sudoers/testsudoers.c: Fix setting of user_args [aa29e0d0a54a] @@ -29947,20 +30112,11 @@ Add '!' token to lex tracing [5227ad266235] - * Use group bin in test, not wheel as most systems have the bin group - but the same is no longer true of wheel. - [350347f09c1a] <1.8> - * plugins/sudoers/regress/testsudoers/test1.sh: Use group bin in test, not wheel as most systems have the bin group but the same is no longer true of wheel. [718802b3b45e] - * Avoid using pre or post increment in a parameter to a ctype(3) - function as it might be a macro that causes the increment to happen - more than once. - [8a94ebdd53b8] <1.8> - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Avoid using pre or post increment in a parameter to a ctype(3) function as it might be a macro that causes the increment to happen @@ -29969,10 +30125,6 @@ 2011-03-30 Todd C. Miller - * Strip off the beta or release candidate version when building AIX - packages. - [00ad950764e2] <1.8> - * sudo.pp: Strip off the beta or release candidate version when building AIX packages. @@ -29982,21 +30134,8 @@ We need to include OSDEFS in CFLAGS when doing the utmp/utmpx structure checks for glibc which only has __e_termination visible when _GNU_SOURCE is *not* defined. - [1d58420a4a4a] <1.8> - - * configure, configure.in: - We need to include OSDEFS in CFLAGS when doing the utmp/utmpx - structure checks for glibc which only has __e_termination visible - when _GNU_SOURCE is *not* defined. [59ae1698911f] - * getuserattr(user, ...) will fall back to the "default" entry - automatically, there's no need to check "default" manually. - [cefffa82967d] <1.8> - - * Document parser changes. - [5038238f60eb] <1.8> - * common/aix.c: getuserattr(user, ...) will fall back to the "default" entry automatically, there's no need to check "default" manually. @@ -30008,11 +30147,6 @@ Document parser changes. [ec415503308d] - * Makefile.in: - If there is an existing sudoers file, only install if it passes a - syntax check. - [b1e4c9c56fe0] <1.8> - * Makefile.in, common/Makefile.in, compat/Makefile.in, doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, @@ -30021,12 +30155,6 @@ syntax check. [37427c73e8cb] - * Add runasgroup support to testsudoers - [30838590e9de] <1.8> - - * For "make check", keep going even if a test fails. - [d3a72f67227e] <1.8> - * plugins/sudoers/regress/sudoers/test6.out.ok, plugins/sudoers/testsudoers.c: Add runasgroup support to testsudoers @@ -30036,13 +30164,6 @@ For "make check", keep going even if a test fails. [ce6a0a73c372] - * More useful exit codes: - * 0 - parsed OK and command matched. - * 1 - parse error - * 2 - command not matched - * 3 - command denied - [59301e0769cd] <1.8> - * plugins/sudoers/testsudoers.c: More useful exit codes: * 0 - parsed OK and command matched. @@ -30051,28 +30172,15 @@ * 3 - command denied [1d2ce1361903] - * Document %#gid, and %:#nonunix_gid syntax. - [39ee15af58e9] <1.8> - * doc/sudoers.pod: Document %#gid, and %:#nonunix_gid syntax. [492d4f9696c4] - * Add support to user_in_group() for treating group names that begin - with a '#' as gids. - [0eb19980cf5f] <1.8> - * plugins/sudoers/pwutil.c: Add support to user_in_group() for treating group names that begin with a '#' as gids. [20240c94a134] - * configure, configure.in: - Add explicit check for struct utmpx.ut_exit.e_termination and struct - utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update - ut_exit if we detect one or the other. - [ab5b665fc04b] <1.8> - * config.h.in, configure, configure.in, src/utmp.c: Add explicit check for struct utmpx.ut_exit.e_termination and struct utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update @@ -30081,39 +30189,22 @@ 2011-03-28 Todd C. Miller - * Add back missing #include of config.h - [9c82bec81018] <1.8> - * plugins/sudoers/toke.c: Add back missing #include of config.h [9ab3897a1b2e] - * Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like - strftime() does. - [1ae630470f8a] <1.8> - * plugins/sudoers/iolog_path.c, plugins/sudoers/regress/iolog_path/data: Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like strftime() does. [93395762cdcd] - * Quote first argument to AC_DEFUN(); from Elan Ruusamae - [c467e9e3b399] <1.8> - * aclocal.m4: Quote first argument to AC_DEFUN(); from Elan Ruusamae [97f53ad31d77] 2011-03-27 Todd C. Miller - * add new sudoers tests - [05f2a0924acc] <1.8> - - * Add test for a newline in the middle of a string when no line - continuation character is used. - [24b79be5822b] <1.8> - * MANIFEST: add new sudoers tests [476af91b3da3] @@ -30125,24 +30216,12 @@ continuation character is used. [de2394bc86ab] - * Use bitwise AND instead of modulus to check for length being odd. A - newline in the middle of a string is an error unless a line - continuation character is used. - [65c468599688] <1.8> - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Use bitwise AND instead of modulus to check for length being odd. A newline in the middle of a string is an error unless a line continuation character is used. [bdb1d762a1d5] - * Move lexer globals initialization into init_lexer. - [07a1171a1853] <1.8> - - * Fix a potential crash when a non-regular file is present in an - includedir. Fixes bz #452 - [5057cb9516e4] <1.8> - * plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/toke.c, plugins/sudoers/toke.l: Move lexer globals initialization into init_lexer. @@ -30153,11 +30232,6 @@ includedir. Fixes bz #452 [1586760c3525] - * On some Linux systems, "uname -p" contains detailed processor info - so check "uname -m" first and then "uname -p" if needed. Recognize - PLD Linux. - [56226c84a060] <1.8> - * pp: On some Linux systems, "uname -p" contains detailed processor info so check "uname -m" first and then "uname -p" if needed. Recognize @@ -30166,12 +30240,6 @@ 2011-03-25 Todd C. Miller - * Don't need all sudoers.h here. - [43b6ae5999c5] <1.8> - - * Print sudo version early, in case policy plugin init fails. - [620f2d0ec4b1] <1.8> - * plugins/sudoers/redblack.c: Don't need all sudoers.h here. [8c0929f42dab] @@ -30182,33 +30250,10 @@ 2011-03-24 Todd C. Miller - * Update to match change in input. - [69540f84721d] <1.8> - * plugins/sudoers/regress/sudoers/test4.toke.ok: Update to match change in input. [4a3af8e68790] - * Make an empty group or netgroup a syntax error. - [4b85bddc494e] <1.8> - - * An empty group or netgroup should be a syntax error. - [6ec796972eff] <1.8> - - * Check that uids work in per-user and per-runas Defaults Check that - uids and gids work in a Command_Spec - [68cf62353420] <1.8> - - * Test empty string in User_Alias and Command_Spec - [017d487c31be] <1.8> - - * Allow a group ID in the User_Spec. - [37e0bf69c8d8] <1.8> - - * Return an error for the empty string when a word is expected. Allow - an ID for per-user or per-runas Defaults. - [4c9020779582] <1.8> - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Make an empty group or netgroup a syntax error. [66f51ddc2ff6] @@ -30243,28 +30288,16 @@ an ID for per-user or per-runas Defaults. [915c259b00ff] - * Fix printing "User_Alias FOO = ALL" - [97c9fd7caeb7] <1.8> - * plugins/sudoers/testsudoers.c: Fix printing "User_Alias FOO = ALL" [ba58c3d548b3] 2011-03-22 Todd C. Miller - * Better error message about invalid -C argument - [2301e7a3835b] <1.8> - * src/parse_args.c: Better error message about invalid -C argument [c9a8d15bbf5d] - * fix typo - [c5acde62a309] <1.8> - - * Fix placement of equal size ('=') in user specification summary. - [4d0ffef77ae4] <1.8> - * NEWS: fix typo [cdcfbafed013] @@ -30275,68 +30308,21 @@ 2011-03-21 Todd C. Miller - * update to match sudoers regress - [0efb8dc9092a] <1.8> - * MANIFEST: update to match sudoers regress [e04db0648717] - * Restore ability to define TRACELEXER and have trace output go to - stderr. - [441c8b372217] <1.8> - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Restore ability to define TRACELEXER and have trace output go to stderr. [d9531e4d1b20] - * Restore old behavior of setting sawspace = TRUE for command line - args when a line continuation character is hit to avoid causing - problems for existing sudoers files. - [963ded6ce070] <1.8> - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Restore old behavior of setting sawspace = TRUE for command line args when a line continuation character is hit to avoid causing problems for existing sudoers files. [fd930ad25550] - * Add test for line continuation and aliases - [5703d11a3c46] <1.8> - - * Make test output line up nicely for parse vs. toke - [15321ce2d7d9] <1.8> - - * plugins/sudoers/regress/testsudoers/test1.ok, - plugins/sudoers/regress/testsudoers/test2.out, - plugins/sudoers/regress/testsudoers/test2.sh, - plugins/sudoers/regress/testsudoers/test3.ok, - plugins/sudoers/regress/testsudoers/test3.sh, - plugins/sudoers/regress/visudo/test1.ok, - plugins/sudoers/regress/visudo/test1.sh: - Move parser tests to sudoers directory and test the tokenizer output - too. - [111c1ccda334] <1.8> - - * If we match a rule anchored to the beginning of a line after parsing - a line continuation character, return an ERROR token. It would be - nicer to use REJECT instead but that substantially slows down the - lexer. - [67e54b14aa9d] <1.8> - - * Move LEXTRACE macro to toke.h so we can use it in yyerror(). - [e6e04037deed] <1.8> - - * Make lex tracing settable at run-time in testsudoers via the -t - flag. Trace output goes to stderr. Will be used by regress tests to - check lexer. - [a973f43cc0c2] <1.8> - - * Allow whitespace after the modifier in a Defaults entry. E.g. - "Defaults: username set_home" - [bf876c9fc5bb] <1.8> - * plugins/sudoers/regress/sudoers/test4.in, plugins/sudoers/regress/sudoers/test4.out.ok, plugins/sudoers/regress/sudoers/test4.toke.ok: @@ -30399,34 +30385,18 @@ 2011-03-18 Todd C. Miller - * Don't set CC when cross-compiling. - [d3c33dcb02f2] <1.8> - * mkpkg: Don't set CC when cross-compiling. [4b95b0c04e1c] - * Credit Matthew Thomas for the sudoers_search_filter changes. - [2209b80664af] <1.8> - * NEWS: Credit Matthew Thomas for the sudoers_search_filter changes. [a65998ab09f7] - * Add the .sym files to the MANIFEST - [bb452b28a009] <1.8> - * MANIFEST: Add the .sym files to the MANIFEST [f599225cc861] - * Update for sudo 1.8.1 beta - [700d42d80e00] <1.8> - - * user_shell -> run_shell to avoid confusion with the user's SHELL - variable. - [451b96d5f97e] <1.8> - * NEWS: Update for sudo 1.8.1 beta [71021e854c49] @@ -30436,21 +30406,12 @@ variable. [dc0ac6dafc21] - * Save the controlling tty process group before suspending in pty - mode. Previously, we assumed that the child pgrp == child pid (which - is usually, but not always, the case). - [b0841d861191] <1.8> - * src/exec_pty.c: Save the controlling tty process group before suspending in pty mode. Previously, we assumed that the child pgrp == child pid (which is usually, but not always, the case). [10b2883b7875] - * Add support for sudoers_search_filter setting in ldap.conf. This can - be used to restrict the set of records returned by the LDAP query. - [70c5f496e2b3] <1.8> - * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: Add support for sudoers_search_filter setting in ldap.conf. This can be used to restrict the set of records returned by the LDAP query. @@ -30460,38 +30421,12 @@ * configure, configure.in: Remove the hack to disable -g in CFLAGS unless --with-devel - [9459839f50ba] <1.8> - - * configure, configure.in: - Remove the hack to disable -g in CFLAGS unless --with-devel [89822cf84ef4] - * The '@' character does not normally need to be quoted. - [e66c4c64e514] <1.8> - * doc/sudoers.pod: The '@' character does not normally need to be quoted. [7823f5ed829a] - * We normaly transition from GOTDEFS to STARTDEFS on whitespace, but - if that whitespace is followed by a comma, we want to treat it as - part of a list and not transition. - [52ae2df9959d] <1.8> - - * Add check for whitespace when a User_List is used for a per-user - Defaults entry. - [44a4db95be86] <1.8> - - * Expand quoted name checks to cover recent fixes. - [bd494b5c2bed] <1.8> - - * Fix parsing of double-quoted names in Defaults and Aliases which was - broken in 601d97ea8792. - [dfdd58c3eb3b] <1.8> - - * toke_util.c lives in $(srcdir) not $(devdir) - [94f8f024782e] <1.8> - * plugins/sudoers/toke.c, plugins/sudoers/toke.l: We normaly transition from GOTDEFS to STARTDEFS on whitespace, but if that whitespace is followed by a comma, we want to treat it as @@ -30521,18 +30456,6 @@ 2011-03-16 Todd C. Miller * configure, configure.in: - Update version to 1.8.1 - [531a7d520f18] <1.8> - - * Document major changes in 1.8.1 and add upgrade notes. - [116821646140] <1.8> - - * Be careful not to deref user_stat if it is NULL. This cannot - currently happen in sudo but might in other programs using the - parser. - [d72a9c7151c4] <1.8> - - * configure, configure.in: Change trunk version to 1.8.x to distinguish from real 1.8.0. [a9781e61d064] @@ -30546,66 +30469,6 @@ parser. [06a2334dd674] - * configure will not add -O2 to CFLAGS if it is already defined to add - -O2 to the CFLAGS we pass in when PIE is being used. - [2c7fe82be93d] <1.8> - - * Warn about the dangers of log_input and mention iolog_file and - iolog_dir in the log_input and log_output descriptions. - [edc6aa59aa45] <1.8> - - * sync with git version - [b121cf739c77] <1.8> - - * It seems that h comes after i - [99ad15015f05] <1.8> - - * Move log_input and log_output to their proper, sorted, location. - Document set_utmp and utmp_runas. - [216ce8b0ae1a] <1.8> - - * Save the controlling tty process group before suspending so we can - restore it when we resume. Fixes job control problems on Linux - caused by the previous attemp to fix resuming a shell when I/O - logging not enabled. - [dfe038f733be] <1.8> - - * Fix printing of the remainder after a newline. Fixes "sudo -l" - output corruption that could occur in some cases. - [ab2f0a629e0d] <1.8> - - * Add support for ut_exit - [7039ec6a73fa] <1.8> - - * Add support for controlling whether utmp is updated and which user - is listed in the entry. - [1b008ce71eab] <1.8> - - * Fix typo; tupple vs. tuple - [67bb5c67ae3d] <1.8> - - * For legacy utmp, strip the /dev/ prefix before trying to determine - slot since the ttys file does not include the /dev/ prefix. - [8f597114381d] <1.8> - - * Add check for _PATH_UTMP - [fe7e2456f017] <1.8> - - * Adapt check_iolog_path to sessid changes - [3016201869b6] <1.8> - - * Redo utmp handling. If no getutent()/getutxent() is available, - assume a ttyslot-based utmp. If getttyent() is available, use that - directly instead of ttyslot() so we don't have to do the stdin dup2 - dance. - [817490c7c20e] <1.8> - - * Move utmp handling into utmp.c - [e4729d9259e9] <1.8> - - * Update copyright years. - [1065afc00233] <1.8> - * mkpkg: configure will not add -O2 to CFLAGS if it is already defined to add -O2 to the CFLAGS we pass in when PIE is being used. @@ -30719,46 +30582,28 @@ Update copyright years. [16aa39f9060a] - * Add "user_shell" boolean as a way to indicate to the plugin that the - -s flag was given. - [6e8bc49b7ea7] <1.8> - * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/parse_args.c: Add "user_shell" boolean as a way to indicate to the plugin that the -s flag was given. [fb1ef0897b32] - * Move sessid out of sudo_user. - [00d67d5ba894] <1.8> - * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, plugins/sudoers/sudoers.h: Move sessid out of sudo_user. [ba298ddb57f4] - * Log the TSID even if it is not a simple session ID. - [490cf0adae29] <1.8> - * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Log the TSID even if it is not a simple session ID. [d7cc1b9c513c] - * Document noexec in sample.sudo.conf and add back noexec_file section - in sudoers with a note that it is deprecated. - [c7a2d8d0c563] <1.8> - * doc/sample.sudo.conf, doc/sudo.pod, doc/sudoers.pod: Document noexec in sample.sudo.conf and add back noexec_file section in sudoers with a note that it is deprecated. [4a6e961e494d] - * Fix running commands as non-root on systems where setreuid() changes - the saved uid based on the effective uid we are changing to. - [f3b27db56ba6] <1.8> - * plugins/sudoers/set_perms.c: Fix running commands as non-root on systems where setreuid() changes the saved uid based on the effective uid we are changing to. @@ -30766,24 +30611,6 @@ 2011-03-10 Todd C. Miller - * Move noexec path into sudo.conf now that sudo itself handles noexec. - Currently can be configured in sudoers too but is now undocumented - and will be removed in a future release. - [9c5f64709994] <1.8> - - * Document "Path noexec ..." in sudo.conf. No longer document - noexec_file in sudoers, it will be removed in a future release. - [959fa6b5217b] <1.8> - - * Move noexec handling to sudo front-end where it is documented as - being. - [ef6cd4a40c61] <1.8> - - * Add support for disabling exec via solaris privileges. Includes - preparation for moving noexec support out of sudoers and into front - end as documented. - [d9c05ba9a24f] <1.8> - * plugins/sudoers/defaults.c, src/load_plugins.c, src/sudo.c, src/sudo.h: Move noexec path into sudo.conf now that sudo itself handles noexec. @@ -30810,9 +30637,6 @@ end as documented. [dec843ed553e] - * Only export the symbols corresponding to the plugin structs. - [cb07af1d9b39] <1.8> - * plugins/sample/Makefile.in, plugins/sample/sample_plugin.sym, plugins/sample_group/Makefile.in, plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in, @@ -30820,30 +30644,6 @@ Only export the symbols corresponding to the plugin structs. [8d8d03b0ca54] - * Install plugins manually instead of using libtool. This works around - a problem on AIX where libtool will install a .a file containing the - .so file instead of the .so file itself. - [1ccf5af58c05] <1.8> - - * Makefile.in: - Move check into its own rule since some versions of make will run - both targets as the default rule. - [7159f37eb552] <1.8> - - * Update to libtool 2.2.10 - [9e49773b32b7] <1.8> - - * In handle_signals(), restart the read() on EINTR to make sure we - keep up with the signal pipe. Don't return -1 on EAGAIN, it just - means we have emptied the pipe. - [dc2926097b2d] <1.8> - - * Reorder functions to quiet a compiler warning. - [5201367e5db4] <1.8> - - * Use the Sun Studio C compiler on Solaris if possible - [b8d43b423fb9] <1.8> - * configure, configure.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: Install plugins manually instead of using libtool. This works around @@ -30879,26 +30679,10 @@ 2011-03-08 Todd C. Miller - * Fix default setting of osversion variable. - [e12905851be5] <1.8> - * mkpkg: Fix default setting of osversion variable. [52e49ca1cedd] - * Make two login_class entris consistent. - [0671d7b204be] <1.8> - - * Add support for adding a utmp entry when allocating a new pty. - Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent(). - Currently only creates a new entry if the existing tty has a utmp - entry. - [40ff30099e79] <1.8> - - * Avoid pulling in headers we don't need on Linux For getutx?id(), - call setutx?ent() first and always call endutx?ent(). - [b86f7a13aae9] <1.8> - * doc/sudo_plugin.pod: Make two login_class entris consistent. [18ff1fa94a91] @@ -30916,22 +30700,11 @@ call setutx?ent() first and always call endutx?ent(). [5dad21e1ee1b] - * Add some more libs to SUDOERS_LIBS instead of relying on them to be - pulled in by SUDO_LIBS. - [bcbd16ec56c6] <1.8> - * configure, configure.in: Add some more libs to SUDOERS_LIBS instead of relying on them to be pulled in by SUDO_LIBS. [18a7c21c09a7] - * Fix return value of "sudo -l command" when command is not allowed, - broken in [c7097ea22111]. The default return value is now TRUE and a - bad: label is used when permission is denied. Also fixed missing - permissions restoration on certain errors. On error()/errorx(), the - password and group files are now closed before returning. - [757c941a47b2] <1.8> - * plugins/sudoers/sudoers.c: Fix return value of "sudo -l command" when command is not allowed, broken in [c7097ea22111]. The default return value is now TRUE and a @@ -30942,55 +30715,31 @@ 2011-03-07 Todd C. Miller - * Fix passing of login class back to sudo front end. - [5e649de6b7f5] <1.8> - * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: Fix passing of login class back to sudo front end. [6f70a784ce48] - * Add --osversion flag to specify OS instead of running "pp - --probeonly" - [8a03943ac5e8] <1.8> - * mkpkg: Add --osversion flag to specify OS instead of running "pp --probeonly" [a8efdccb7bc1] - * Fix expr usage w/ GNU expr - [bdecfa1f54fc] <1.8> - * sudo.pp: Fix expr usage w/ GNU expr [48895599ee63] 2011-03-06 Todd C. Miller - * Fix exit value for validate and list mode. - [6f8b20199935] <1.8> - * plugins/sudoers/sudoers.c: Fix exit value for validate and list mode. [c7097ea22111] - * Fix non-interactive mode with sudoers plugin. - [cf5aca4fcbcf] <1.8> - * plugins/sudoers/sudoers.c: Fix non-interactive mode with sudoers plugin. [172f29597bd2] 2011-03-05 Todd C. Miller - * sudoreplay can now find IDs other than %{seq} and display the - session. - [60396b417633] <1.8> - - * Add support for replaying sessions when iolog_file is set to - something other than %{seq}. - [1cd2baa74d56] <1.8> - * doc/sudoreplay.pod: sudoreplay can now find IDs other than %{seq} and display the session. @@ -31003,25 +30752,11 @@ something other than %{seq}. [ca3131243874] - * If we are killed by a signal, display the name of the signal that - got us. - [1b38c4d42282] <1.8> - * plugins/sudoers/visudo.c: If we are killed by a signal, display the name of the signal that got us. [994bb76a990e] - * Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS - where they belong. - [78e97a921104] <1.8> - - * Fix bug in skey/opie check that could cause a shell warning. - [f20229a04f30] <1.8> - - * No longer need sudo_getepw() stubs. - [795631ac7db0] <1.8> - * configure, configure.in: Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS where they belong. @@ -31037,39 +30772,22 @@ 2011-03-03 Todd C. Miller - * Fix exit value of "sudo -l command" in sudoers module. - [4a05d6019b3d] <1.8> - * plugins/sudoers/sudo_nss.c: Fix exit value of "sudo -l command" in sudoers module. [a6541867521b] 2011-03-02 Todd C. Miller - * Use fgets() not fgetln() for portability. - [1f2050745096] <1.8> - * compat/regress/glob/globtest.c: Use fgets() not fgetln() for portability. [df1bb67fb168] - * Don't use the beta or release candidate version as the rpm release. - [a5b049477646] <1.8> - * sudo.pp: Don't use the beta or release candidate version as the rpm release. [d661ef78021a] 2011-02-25 Todd C. Miller - * Makefile.in: - Adjust ChangeLog rule now that 1.8 is branched - [a994ac361e44] <1.8> - - * .hgtags: - Added tag SUDO_1_8_0 for changeset f6530d56f6ae - [99a2b3801419] <1.8> - * configure, configure.in: version 1.8.0 [f6530d56f6ae] [SUDO_1_8_0] diff -Nru sudo-1.8.31/config.h.in sudo-1.9.0/config.h.in --- sudo-1.8.31/config.h.in 2020-01-30 12:52:45.000000000 +0000 +++ sudo-1.9.0/config.h.in 2020-05-11 16:28:22.000000000 +0000 @@ -54,9 +54,15 @@ /* Define to 1 if you have the `arc4random' function. */ #undef HAVE_ARC4RANDOM +/* Define to 1 if you have the `arc4random_buf' function. */ +#undef HAVE_ARC4RANDOM_BUF + /* Define to 1 if you have the `arc4random_uniform' function. */ #undef HAVE_ARC4RANDOM_UNIFORM +/* Define to 1 if you have the `ASN1_STRING_get0_data' function. */ +#undef HAVE_ASN1_STRING_GET0_DATA + /* Define to 1 if you have the `asprintf' function. */ #undef HAVE_ASPRINTF @@ -82,6 +88,9 @@ /* Define to 1 to enable BSM audit support. */ #undef HAVE_BSM_AUDIT +/* Define to 1 if you have the `cfmakeraw' function. */ +#undef HAVE_CFMAKERAW + /* Define to 1 if you have the `clock_gettime' function. */ #undef HAVE_CLOCK_GETTIME @@ -227,6 +236,9 @@ /* Define to 1 if the compiler supports the __visibility__ attribute. */ #undef HAVE_DSO_VISIBILITY +/* Define to 1 if you have the `dup3' function. */ +#undef HAVE_DUP3 + /* Define to 1 if you have the header file. */ #undef HAVE_ENDIAN_H @@ -242,6 +254,9 @@ /* Define to 1 if you have the `faccessat' function. */ #undef HAVE_FACCESSAT +/* Define to 1 if you have the `fchmodat' function. */ +#undef HAVE_FCHMODAT + /* Define to 1 if your system has the F_CLOSEM fcntl. */ #undef HAVE_FCNTL_CLOSEM @@ -257,6 +272,9 @@ /* Define to 1 if you have the `fseeko' function. */ #undef HAVE_FSEEKO +/* Define to 1 if you have the `fstatat' function. */ +#undef HAVE_FSTATAT + /* Define to 1 if you have the `futime' function. */ #undef HAVE_FUTIME @@ -543,7 +561,7 @@ /* Define to 1 if you have the `openpty' function. */ #undef HAVE_OPENPTY -/* Define to 1 if you are using OpenSSL's sha2 functions. */ +/* Define to 1 if you are using OpenSSL's TLS and sha2 functions. */ #undef HAVE_OPENSSL /* Define to 1 if you use NRL OPIE. */ @@ -709,6 +727,16 @@ /* Define to 1 if you have the header file. */ #undef HAVE_SPAWN_H +/* Define to 1 if you have the `SSL_CTX_get0_certificate' function. */ +#undef HAVE_SSL_CTX_GET0_CERTIFICATE + +/* Define to 1 if you have the `SSL_CTX_set_ciphersuites' function. */ +#undef HAVE_SSL_CTX_SET_CIPHERSUITES + +/* Define to 1 if you have the `SSL_CTX_set_min_proto_version' function or + macro. */ +#undef HAVE_SSL_CTX_SET_MIN_PROTO_VERSION + /* Define to 1 to enable SSSD support. */ #undef HAVE_SSSD @@ -858,12 +886,21 @@ /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TYPES_H +/* Define to 1 if you have the `TLS_client_method' function. */ +#undef HAVE_TLS_CLIENT_METHOD + +/* Define to 1 if you have the `TLS_server_method' function. */ +#undef HAVE_TLS_SERVER_METHOD + /* Define to 1 if you have the `ttyslot' function. */ #undef HAVE_TTYSLOT /* Define to 1 if you have the header file. */ #undef HAVE_UNISTD_H +/* Define to 1 if you have the `unlinkat' function. */ +#undef HAVE_UNLINKAT + /* Define to 1 if you have the `unsetenv' function. */ #undef HAVE_UNSETENV @@ -900,6 +937,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_WORDEXP_H +/* Define to 1 if you have the `X509_STORE_CTX_get0_cert' function. */ +#undef HAVE_X509_STORE_CTX_GET0_CERT + /* Define to 1 if you have the header file. */ #undef HAVE_ZLIB_H @@ -995,7 +1035,7 @@ /* Define to 1 if you don't want to use sudo's PAM session support. */ #undef NO_PAM_SESSION -/* Define to avoid runing the mailer as root. */ +/* Define to avoid running the mailer as root. */ #undef NO_ROOT_MAILER /* Define to 1 if root should not be allowed to use sudo. */ @@ -1112,6 +1152,10 @@ /* Define to 1 if the code in interfaces.c does not compile for you. */ #undef STUB_LOAD_INTERFACES +/* Define to 1 to compile support for sudo_logsrvd in the sudoers I/O log + plugin. */ +#undef SUDOERS_IOLOG_CLIENT + /* An instance string to append to the username (separated by a slash) for Kerberos V authentication. */ #undef SUDO_KRB5_INSTANCE diff -Nru sudo-1.8.31/configure sudo-1.9.0/configure --- sudo-1.8.31/configure 2020-01-30 12:52:43.000000000 +0000 +++ sudo-1.9.0/configure 2020-05-11 16:28:23.000000000 +0000 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for sudo 1.8.31. +# Generated by GNU Autoconf 2.69 for sudo 1.9.0. # # Report bugs to . # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.8.31' -PACKAGE_STRING='sudo 1.8.31' +PACKAGE_VERSION='1.9.0' +PACKAGE_STRING='sudo 1.9.0' PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/' PACKAGE_URL='' @@ -639,6 +639,18 @@ ac_subst_vars='LTLIBOBJS KRB5CONFIG LIBOBJS +PYTHON_CONFIG +PYTHON_LIBS +PYTHON_INCLUDE +pkgpyexecdir +pyexecdir +pkgpythondir +pythondir +PYTHON_PLATFORM +PYTHON_EXEC_PREFIX +PYTHON_PREFIX +PYTHON_VERSION +PYTHON FLEX YFLAGS YACC @@ -721,7 +733,15 @@ timeout vardir rundir +logpath +log_dir iolog_dir +PPFILES +LOGSRVD_CONF +LOGSRVD +LIBLOGSRV +LOGSRV +PYTHON_PLUGIN_SRC SIGNAME devsearch DIGEST @@ -743,6 +763,7 @@ LOCALEDIR_SUFFIX SUDO_NLS LIBPTHREAD +LIBTLS LIBMD LIBINTL LIBRT @@ -971,6 +992,8 @@ enable_package_build enable_gss_krb5_ccache_name enable_pvs_studio +enable_log_server +enable_log_client enable_shared enable_static with_pic @@ -984,6 +1007,7 @@ with_netsvc enable_sia enable_largefile +enable_python with_pam_login enable_pam_session enable_kerb5_instance @@ -1003,7 +1027,11 @@ CPP LT_SYS_LIBRARY_PATH YACC -YFLAGS' +YFLAGS +PYTHON +PYTHON_INCLUDE +PYTHON_LIBS +PYTHON_CONFIG' # Initialize some variables set by options. @@ -1544,7 +1572,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.8.31 to adapt to many kinds of systems. +\`configure' configures sudo 1.9.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1609,7 +1637,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.8.31:";; + short | recursive ) echo "Configuration of sudo 1.9.0:";; esac cat <<\_ACEOF @@ -1634,8 +1662,7 @@ --enable-env-reset Whether to enable environment resetting by default. --enable-warnings Whether to enable compiler warnings --enable-werror Whether to enable the -Werror compiler option - --enable-openssl Use OpenSSL's message digest functions instead of - sudo's + --enable-openssl Use OpenSSL's TLS and sha2 functions --enable-gcrypt Use GNU crypt's message digest functions instead of sudo's --disable-hardening Do not use compiler/linker exploit mitigation @@ -1652,7 +1679,7 @@ Disable use of the libsudo_util shared library. --enable-tmpfiles.d=DIR Set the path to the systemd tmpfiles.d directory. --enable-devsearch=PATH The colon-delimited path to search for device nodes - when determing the tty name. + when determining the tty name. --enable-sasl Enable/disable LDAP SASL support --timestamp-type=TYPE Set the default time stamp record type to global, ppid or tty. @@ -1662,6 +1689,9 @@ --enable-gss-krb5-ccache-name Use GSS-API to set the Kerberos V cred cache name --enable-pvs-studio Create a PVS-Studio.cfg file. + --disable-log-server Disable building the sudo_logsrvd log server. + --disable-log-client Disable sudoers support for using the sudo_logsrvd + log server. --enable-shared[=PKGS] build shared libraries [default=yes] --enable-static[=PKGS] build static libraries [default=yes] --enable-fast-install[=PKGS] @@ -1669,6 +1699,7 @@ --disable-libtool-lock avoid locking (might break parallel builds) --disable-sia Disable SIA on Digital UNIX --disable-largefile omit support for large files + --enable-python Compile python plugin support --disable-pam-session Disable PAM session support --enable-kerb5-instance instance string to append to the username (separated by a slash) @@ -1808,6 +1839,12 @@ YFLAGS The list of arguments that will be passed by default to $YACC. This script will default YFLAGS to the empty string to avoid a default value of `-d' given by some make applications. + PYTHON the Python interpreter + PYTHON_INCLUDE + Include flags for python, bypassing python-config + PYTHON_LIBS Linker flags for python, bypassing python-config + PYTHON_CONFIG + Path to python-config Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. @@ -1875,7 +1912,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.8.31 +sudo configure 1.9.0 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2584,7 +2621,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.8.31, which was +It was created by sudo $as_me 1.9.0, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2881,10 +2918,10 @@ as_fn_append ac_func_list " nl_langinfo" as_fn_append ac_func_list " pread" as_fn_append ac_func_list " pwrite" -as_fn_append ac_func_list " openat" as_fn_append ac_func_list " faccessat" as_fn_append ac_func_list " wordexp" as_fn_append ac_func_list " getauxval" +as_fn_append ac_func_list " fseeko" as_fn_append ac_func_list " seteuid" # Check that the precious variables saved in the cache have kept the same # value. @@ -3082,10 +3119,20 @@ + + + + + + + + # # Begin initial values for man page substitution # iolog_dir=/var/log/sudo-io +log_dir=/var/log +logpath=/var/log/sudo.log rundir=/var/run/sudo vardir=/var/adm/sudo timeout=5 @@ -3151,6 +3198,7 @@ SEMAN=0 LIBINTL= LIBMD= +LIBTLS= ZLIB= ZLIB_SRC= AUTH_OBJS= @@ -3174,6 +3222,11 @@ shadow_libs= TMPFILES_D= CONFIGURE_ARGS="$@" +LOGSRVD=logsrvd +LOGSRVD_CONF='$(srcdir)/sudo_logsrvd.conf' +LOGSRV=lib/logsrv +LIBLOGSRV='$(top_builddir)/lib/logsrv/liblogsrv.la' +PPFILES='$(srcdir)/etc/sudo.pp' RTLD_PRELOAD_VAR="LD_PRELOAD" RTLD_PRELOAD_ENABLE_VAR= @@ -4539,7 +4592,7 @@ # Check whether --with-CC was given. if test "${with_CC+set}" = set; then : withval=$with_CC; case $with_CC in - *) as_fn_error $? "the --with-CC option is no longer supported, please set the CC environment variable instead." "$LINENO" 5 + *) as_fn_error $? "the --with-CC option is no longer supported, please pass CC=$with_CC to configure instead." "$LINENO" 5 ;; esac fi @@ -5672,7 +5725,7 @@ ;; [1-9]*) passwd_tries=$with_passwd_tries ;; - *) as_fn_error $? "\"you must enter the numer of tries, > 0\"" "$LINENO" 5 + *) as_fn_error $? "\"you must enter the number of tries, > 0\"" "$LINENO" 5 ;; esac fi @@ -5696,7 +5749,7 @@ ;; [0-9]*) timeout=$with_timeout ;; - *) as_fn_error $? "\"you must enter the numer of minutes.\"" "$LINENO" 5 + *) as_fn_error $? "\"you must enter the number of minutes.\"" "$LINENO" 5 ;; esac fi @@ -5720,7 +5773,7 @@ ;; [0-9]*) password_timeout=$with_password_timeout ;; - *) as_fn_error $? "\"you must enter the numer of minutes.\"" "$LINENO" 5 + *) as_fn_error $? "\"you must enter the number of minutes.\"" "$LINENO" 5 ;; esac fi @@ -6427,7 +6480,7 @@ enableval=$enable_openssl; case $enableval in no) ;; *) LIBMD="-lcrypto" - DIGEST=digest_openssl.lo + LIBTLS="-lssl -lcrypto" $as_echo "#define HAVE_OPENSSL 1" >>confdefs.h if test "$enableval" != "yes"; then @@ -6465,20 +6518,20 @@ -if ${SUDOERS_LDFLAGS+:} false; then : +if ${LDFLAGS+:} false; then : - case " $SUDOERS_LDFLAGS " in #( + case " $LDFLAGS " in #( *" -L${enableval}/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains -L\${enableval}/lib"; } >&5 - (: SUDOERS_LDFLAGS already contains -L${enableval}/lib) 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains -L\${enableval}/lib"; } >&5 + (: LDFLAGS already contains -L${enableval}/lib) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : - as_fn_append SUDOERS_LDFLAGS " -L${enableval}/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 - (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 + as_fn_append LDFLAGS " -L${enableval}/lib" + { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + (: LDFLAGS="$LDFLAGS") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } @@ -6487,9 +6540,9 @@ else - SUDOERS_LDFLAGS=-L${enableval}/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 - (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 + LDFLAGS=-L${enableval}/lib + { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + (: LDFLAGS="$LDFLAGS") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } @@ -6498,20 +6551,20 @@ if test X"$enable_rpath" = X"yes"; then -if ${SUDOERS_LDFLAGS_R+:} false; then : +if ${LDFLAGS_R+:} false; then : - case " $SUDOERS_LDFLAGS_R " in #( + case " $LDFLAGS_R " in #( *" -R${enableval}/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R already contains -R\${enableval}/lib"; } >&5 - (: SUDOERS_LDFLAGS_R already contains -R${enableval}/lib) 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R already contains -R\${enableval}/lib"; } >&5 + (: LDFLAGS_R already contains -R${enableval}/lib) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : - as_fn_append SUDOERS_LDFLAGS_R " -R${enableval}/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 - (: SUDOERS_LDFLAGS_R="$SUDOERS_LDFLAGS_R") 2>&5 + as_fn_append LDFLAGS_R " -R${enableval}/lib" + { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R=\"\$LDFLAGS_R\""; } >&5 + (: LDFLAGS_R="$LDFLAGS_R") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } @@ -6520,9 +6573,9 @@ else - SUDOERS_LDFLAGS_R=-R${enableval}/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 - (: SUDOERS_LDFLAGS_R="$SUDOERS_LDFLAGS_R") 2>&5 + LDFLAGS_R=-R${enableval}/lib + { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R=\"\$LDFLAGS_R\""; } >&5 + (: LDFLAGS_R="$LDFLAGS_R") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } @@ -6581,20 +6634,20 @@ -if ${SUDOERS_LDFLAGS+:} false; then : +if ${LDFLAGS+:} false; then : - case " $SUDOERS_LDFLAGS " in #( + case " $LDFLAGS " in #( *" -L${enableval}/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains -L\${enableval}/lib"; } >&5 - (: SUDOERS_LDFLAGS already contains -L${enableval}/lib) 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains -L\${enableval}/lib"; } >&5 + (: LDFLAGS already contains -L${enableval}/lib) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : - as_fn_append SUDOERS_LDFLAGS " -L${enableval}/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 - (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 + as_fn_append LDFLAGS " -L${enableval}/lib" + { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + (: LDFLAGS="$LDFLAGS") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } @@ -6603,9 +6656,9 @@ else - SUDOERS_LDFLAGS=-L${enableval}/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 - (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 + LDFLAGS=-L${enableval}/lib + { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + (: LDFLAGS="$LDFLAGS") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } @@ -6614,20 +6667,20 @@ if test X"$enable_rpath" = X"yes"; then -if ${SUDOERS_LDFLAGS_R+:} false; then : +if ${LDFLAGS_R+:} false; then : - case " $SUDOERS_LDFLAGS_R " in #( + case " $LDFLAGS_R " in #( *" -R${enableval}/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R already contains -R\${enableval}/lib"; } >&5 - (: SUDOERS_LDFLAGS_R already contains -R${enableval}/lib) 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R already contains -R\${enableval}/lib"; } >&5 + (: LDFLAGS_R already contains -R${enableval}/lib) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : - as_fn_append SUDOERS_LDFLAGS_R " -R${enableval}/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 - (: SUDOERS_LDFLAGS_R="$SUDOERS_LDFLAGS_R") 2>&5 + as_fn_append LDFLAGS_R " -R${enableval}/lib" + { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R=\"\$LDFLAGS_R\""; } >&5 + (: LDFLAGS_R="$LDFLAGS_R") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } @@ -6636,9 +6689,9 @@ else - SUDOERS_LDFLAGS_R=-R${enableval}/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 - (: SUDOERS_LDFLAGS_R="$SUDOERS_LDFLAGS_R") 2>&5 + LDFLAGS_R=-R${enableval}/lib + { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R=\"\$LDFLAGS_R\""; } >&5 + (: LDFLAGS_R="$LDFLAGS_R") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } @@ -6888,6 +6941,52 @@ fi +# Check whether --enable-log-server was given. +if test "${enable_log_server+set}" = set; then : + enableval=$enable_log_server; case "$enableval" in + yes) + ;; + no) + LOGSRVD= + LOGSRVD_CONF= + ;; + *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-log-server: $enableval" >&5 +$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-log-server: $enableval" >&2;} + ;; + esac + +fi + + +# Check whether --enable-log-client was given. +if test "${enable_log_client+set}" = set; then : + enableval=$enable_log_client; case "$enableval" in + yes) + $as_echo "#define SUDOERS_IOLOG_CLIENT 1" >>confdefs.h + + ;; + no) + ;; + *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-log-client: $enableval" >&5 +$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-log-client: $enableval" >&2;} + ;; + esac + +else + $as_echo "#define SUDOERS_IOLOG_CLIENT 1" >>confdefs.h + +fi + + +if test X"$enable_log_server" = X"no" -a X"$enable_log_client" = X"no"; then + # No need for liblogsrv.la + LOGSRV= + LIBLOGSRV= +fi +if test X"$LOGSRVD" != X""; then + PPFILES="$PPFILES "'$(srcdir)/etc/sudo-logsrvd.pp' +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing strerror" >&5 $as_echo_n "checking for library containing strerror... " >&6; } if ${ac_cv_search_strerror+:} false; then : @@ -19007,142 +19106,521 @@ fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking type of array argument to getgroups" >&5 -$as_echo_n "checking type of array argument to getgroups... " >&6; } -if ${ac_cv_type_getgroups+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test "$cross_compiling" = yes; then : - ac_cv_type_getgroups=cross -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -/* Thanks to Mike Rendell for this test. */ -$ac_includes_default -#define NGID 256 -#undef MAX -#define MAX(x, y) ((x) > (y) ? (x) : (y)) - -int -main () -{ - gid_t gidset[NGID]; - int i, n; - union { gid_t gval; long int lval; } val; +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to compile python plugin support" >&5 +$as_echo_n "checking whether to compile python plugin support... " >&6; } +# Check whether --enable-python was given. +if test "${enable_python+set}" = set; then : + enableval=$enable_python; case "$enableval" in + yes|no) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5 +$as_echo "$enableval" >&6; } + USE_PYTHON=$enableval + ;; + *) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-python: $enableval" >&5 +$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-python: $enableval" >&2;} + ;; + esac - val.lval = -1; - for (i = 0; i < NGID; i++) - gidset[i] = val.gval; - n = getgroups (sizeof (gidset) / MAX (sizeof (int), sizeof (gid_t)) - 1, - gidset); - /* Exit non-zero if getgroups seems to require an array of ints. This - happens when gid_t is short int but getgroups modifies an array - of ints. */ - return n > 0 && gidset[n] != val.gval; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - ac_cv_type_getgroups=gid_t else - ac_cv_type_getgroups=int -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi -if test $ac_cv_type_getgroups = cross; then - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "getgroups.*int.*gid_t" >/dev/null 2>&1; then : - ac_cv_type_getgroups=gid_t +if test ${USE_PYTHON-'no'} = "yes"; then + + + + + + + if test -n "$PYTHON"; then + # If the user set $PYTHON, use it and don't search something else. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $PYTHON version is >= 3" >&5 +$as_echo_n "checking whether $PYTHON version is >= 3... " >&6; } + prog="import sys +# split strings by '.' and convert to numeric. Append some zeros +# because we need at least 4 digits for the hex conversion. +# map returns an iterator in Python 3.0 and a list in 2.x +minver = list(map(int, '3'.split('.'))) + [0, 0, 0] +minverhex = 0 +# xrange is not present in Python 3.0 and range returns an iterator +for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i] +sys.exit(sys.hexversion < minverhex)" + if { echo "$as_me:$LINENO: $PYTHON -c "$prog"" >&5 + ($PYTHON -c "$prog") >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } else - ac_cv_type_getgroups=int + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + as_fn_error $? "Python interpreter is too old" "$LINENO" 5 fi -rm -f conftest* + am_display_PYTHON=$PYTHON + else + # Otherwise, try each interpreter until we find one that satisfies + # VERSION. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a Python interpreter with version >= 3" >&5 +$as_echo_n "checking for a Python interpreter with version >= 3... " >&6; } +if ${am_cv_pathless_PYTHON+:} false; then : + $as_echo_n "(cached) " >&6 +else + for am_cv_pathless_PYTHON in python python2 python3 python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0 none; do + test "$am_cv_pathless_PYTHON" = none && break + prog="import sys +# split strings by '.' and convert to numeric. Append some zeros +# because we need at least 4 digits for the hex conversion. +# map returns an iterator in Python 3.0 and a list in 2.x +minver = list(map(int, '3'.split('.'))) + [0, 0, 0] +minverhex = 0 +# xrange is not present in Python 3.0 and range returns an iterator +for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i] +sys.exit(sys.hexversion < minverhex)" + if { echo "$as_me:$LINENO: $am_cv_pathless_PYTHON -c "$prog"" >&5 + ($am_cv_pathless_PYTHON -c "$prog") >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then : + break fi + done fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_getgroups" >&5 -$as_echo "$ac_cv_type_getgroups" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_pathless_PYTHON" >&5 +$as_echo "$am_cv_pathless_PYTHON" >&6; } + # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON. + if test "$am_cv_pathless_PYTHON" = none; then + PYTHON=: + else + # Extract the first word of "$am_cv_pathless_PYTHON", so it can be a program name with args. +set dummy $am_cv_pathless_PYTHON; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PYTHON+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PYTHON in + [\\/]* | ?:[\\/]*) + ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS -cat >>confdefs.h <<_ACEOF -#define GETGROUPS_T $ac_cv_type_getgroups -_ACEOF + ;; +esac +fi +PYTHON=$ac_cv_path_PYTHON +if test -n "$PYTHON"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5 +$as_echo "$PYTHON" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi -ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default" -if test "x$ac_cv_type_size_t" = xyes; then : + fi + am_display_PYTHON=$am_cv_pathless_PYTHON + fi -else -cat >>confdefs.h <<_ACEOF -#define size_t unsigned int -_ACEOF + if test "$PYTHON" = :; then + as_fn_error $? "no suitable Python interpreter found" "$LINENO" 5 + else + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON version" >&5 +$as_echo_n "checking for $am_display_PYTHON version... " >&6; } +if ${am_cv_python_version+:} false; then : + $as_echo_n "(cached) " >&6 +else + am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[:3])"` fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_version" >&5 +$as_echo "$am_cv_python_version" >&6; } + PYTHON_VERSION=$am_cv_python_version -ac_fn_c_check_func "$LINENO" "getgroups" "ac_cv_func_getgroups" -if test "x$ac_cv_func_getgroups" = xyes; then : -fi + PYTHON_PREFIX='${prefix}' -# If we don't yet have getgroups, see if it's in -lbsd. -# This is reported to be necessary on an ITOS 3000WS running SEIUX 3.1. -ac_save_LIBS=$LIBS -if test $ac_cv_func_getgroups = no; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getgroups in -lbsd" >&5 -$as_echo_n "checking for getgroups in -lbsd... " >&6; } -if ${ac_cv_lib_bsd_getgroups+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lbsd $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ + PYTHON_EXEC_PREFIX='${exec_prefix}' -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char getgroups (); -int -main () -{ -return getgroups (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_bsd_getgroups=yes -else - ac_cv_lib_bsd_getgroups=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsd_getgroups" >&5 -$as_echo "$ac_cv_lib_bsd_getgroups" >&6; } -if test "x$ac_cv_lib_bsd_getgroups" = xyes; then : - GETGROUPS_LIB=-lbsd -fi -fi -# Run the program to test the functionality of the system-supplied -# getgroups function only if there is such a function. -if test $ac_cv_func_getgroups = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working getgroups" >&5 -$as_echo_n "checking for working getgroups... " >&6; } -if ${ac_cv_func_getgroups_works+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON platform" >&5 +$as_echo_n "checking for $am_display_PYTHON platform... " >&6; } +if ${am_cv_python_platform+:} false; then : + $as_echo_n "(cached) " >&6 +else + am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"` +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_platform" >&5 +$as_echo "$am_cv_python_platform" >&6; } + PYTHON_PLATFORM=$am_cv_python_platform + + + # Just factor out some code duplication. + am_python_setup_sysconfig="\ +import sys +# Prefer sysconfig over distutils.sysconfig, for better compatibility +# with python 3.x. See automake bug#10227. +try: + import sysconfig +except ImportError: + can_use_sysconfig = 0 +else: + can_use_sysconfig = 1 +# Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs: +# +try: + from platform import python_implementation + if python_implementation() == 'CPython' and sys.version[:3] == '2.7': + can_use_sysconfig = 0 +except ImportError: + pass" + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory" >&5 +$as_echo_n "checking for $am_display_PYTHON script directory... " >&6; } +if ${am_cv_python_pythondir+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "x$prefix" = xNONE + then + am_py_prefix=$ac_default_prefix + else + am_py_prefix=$prefix + fi + am_cv_python_pythondir=`$PYTHON -c " +$am_python_setup_sysconfig +if can_use_sysconfig: + sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'}) +else: + from distutils import sysconfig + sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix') +sys.stdout.write(sitedir)"` + case $am_cv_python_pythondir in + $am_py_prefix*) + am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'` + am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"` + ;; + *) + case $am_py_prefix in + /usr|/System*) ;; + *) + am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages + ;; + esac + ;; + esac + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pythondir" >&5 +$as_echo "$am_cv_python_pythondir" >&6; } + pythondir=$am_cv_python_pythondir + + + + pkgpythondir=\${pythondir}/$PACKAGE + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON extension module directory" >&5 +$as_echo_n "checking for $am_display_PYTHON extension module directory... " >&6; } +if ${am_cv_python_pyexecdir+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "x$exec_prefix" = xNONE + then + am_py_exec_prefix=$am_py_prefix + else + am_py_exec_prefix=$exec_prefix + fi + am_cv_python_pyexecdir=`$PYTHON -c " +$am_python_setup_sysconfig +if can_use_sysconfig: + sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'}) +else: + from distutils import sysconfig + sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix') +sys.stdout.write(sitedir)"` + case $am_cv_python_pyexecdir in + $am_py_exec_prefix*) + am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'` + am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"` + ;; + *) + case $am_py_exec_prefix in + /usr|/System*) ;; + *) + am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages + ;; + esac + ;; + esac + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pyexecdir" >&5 +$as_echo "$am_cv_python_pyexecdir" >&6; } + pyexecdir=$am_cv_python_pyexecdir + + + + pkgpyexecdir=\${pyexecdir}/$PACKAGE + + + + fi + + + + + + + + if test -z "$PYTHON_INCLUDE" || test -z "$PYTHON_LIBS"; then : + + if test -z "$PYTHON_CONFIG"; then : + + for ac_prog in python$PYTHON_VERSION-config python-config +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PYTHON_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PYTHON_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PYTHON_CONFIG="$PYTHON_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in `dirname $PYTHON` +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PYTHON_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PYTHON_CONFIG=$ac_cv_path_PYTHON_CONFIG +if test -n "$PYTHON_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_CONFIG" >&5 +$as_echo "$PYTHON_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$PYTHON_CONFIG" && break +done +test -n "$PYTHON_CONFIG" || PYTHON_CONFIG="no" + + if test "$PYTHON_CONFIG" = no; then : + as_fn_error $? "cannot find python-config for $PYTHON." "$LINENO" 5 +fi + +fi + +fi + + if test -z "$PYTHON_INCLUDE"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking python include flags" >&5 +$as_echo_n "checking python include flags... " >&6; } + PYTHON_INCLUDE=`$PYTHON_CONFIG --cflags` + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_INCLUDE" >&5 +$as_echo "$PYTHON_INCLUDE" >&6; } + +fi + + if test -z "$PYTHON_LIBS"; then : + + # Newer versions of python3-config need --embed to include libpython + if $PYTHON_CONFIG 2>&1 | grep embed >/dev/null; then + PY_EMBED=--embed + else + PY_EMBED= + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking python linker flags" >&5 +$as_echo_n "checking python linker flags... " >&6; } + PYTHON_LIBS=`$PYTHON_CONFIG --ldflags $PY_EMBED` + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_LIBS" >&5 +$as_echo "$PYTHON_LIBS" >&6; } + +fi + + PPFILES="$PPFILES "'$(srcdir)/etc/sudo-python.pp' + PYTHON_PLUGIN_SRC=plugins/python + ac_config_files="$ac_config_files $PYTHON_PLUGIN_SRC/Makefile" + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking type of array argument to getgroups" >&5 +$as_echo_n "checking type of array argument to getgroups... " >&6; } +if ${ac_cv_type_getgroups+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + ac_cv_type_getgroups=cross +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Thanks to Mike Rendell for this test. */ +$ac_includes_default +#define NGID 256 +#undef MAX +#define MAX(x, y) ((x) > (y) ? (x) : (y)) + +int +main () +{ + gid_t gidset[NGID]; + int i, n; + union { gid_t gval; long int lval; } val; + + val.lval = -1; + for (i = 0; i < NGID; i++) + gidset[i] = val.gval; + n = getgroups (sizeof (gidset) / MAX (sizeof (int), sizeof (gid_t)) - 1, + gidset); + /* Exit non-zero if getgroups seems to require an array of ints. This + happens when gid_t is short int but getgroups modifies an array + of ints. */ + return n > 0 && gidset[n] != val.gval; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_type_getgroups=gid_t +else + ac_cv_type_getgroups=int +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +if test $ac_cv_type_getgroups = cross; then + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "getgroups.*int.*gid_t" >/dev/null 2>&1; then : + ac_cv_type_getgroups=gid_t +else + ac_cv_type_getgroups=int +fi +rm -f conftest* + +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_getgroups" >&5 +$as_echo "$ac_cv_type_getgroups" >&6; } + +cat >>confdefs.h <<_ACEOF +#define GETGROUPS_T $ac_cv_type_getgroups +_ACEOF + + +ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default" +if test "x$ac_cv_type_size_t" = xyes; then : + +else + +cat >>confdefs.h <<_ACEOF +#define size_t unsigned int +_ACEOF + +fi + +ac_fn_c_check_func "$LINENO" "getgroups" "ac_cv_func_getgroups" +if test "x$ac_cv_func_getgroups" = xyes; then : + +fi + + +# If we don't yet have getgroups, see if it's in -lbsd. +# This is reported to be necessary on an ITOS 3000WS running SEIUX 3.1. +ac_save_LIBS=$LIBS +if test $ac_cv_func_getgroups = no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getgroups in -lbsd" >&5 +$as_echo_n "checking for getgroups in -lbsd... " >&6; } +if ${ac_cv_lib_bsd_getgroups+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lbsd $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char getgroups (); +int +main () +{ +return getgroups (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_bsd_getgroups=yes +else + ac_cv_lib_bsd_getgroups=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsd_getgroups" >&5 +$as_echo "$ac_cv_lib_bsd_getgroups" >&6; } +if test "x$ac_cv_lib_bsd_getgroups" = xyes; then : + GETGROUPS_LIB=-lbsd +fi + +fi + +# Run the program to test the functionality of the system-supplied +# getgroups function only if there is such a function. +if test $ac_cv_func_getgroups = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working getgroups" >&5 +$as_echo_n "checking for working getgroups... " >&6; } +if ${ac_cv_func_getgroups_works+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : @@ -19242,6 +19720,32 @@ fi ;; esac +for ac_func in cfmakeraw +do : + ac_fn_c_check_func "$LINENO" "cfmakeraw" "ac_cv_func_cfmakeraw" +if test "x$ac_cv_func_cfmakeraw" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_CFMAKERAW 1 +_ACEOF + +else + + case " $LIBOBJS " in + *" cfmakeraw.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS cfmakeraw.$ac_objext" + ;; +esac + + + for _sym in sudo_cfmakeraw; do + COMPAT_EXP="${COMPAT_EXP}${_sym} +" + done + + +fi +done + for ac_func in getgrouplist do : ac_fn_c_check_func "$LINENO" "getgrouplist" "ac_cv_func_getgrouplist" @@ -19442,7 +19946,67 @@ esac - for _sym in sudo_reallocarray; do + for _sym in sudo_reallocarray; do + COMPAT_EXP="${COMPAT_EXP}${_sym} +" + done + + +fi +done + +for ac_func in arc4random +do : + ac_fn_c_check_func "$LINENO" "arc4random" "ac_cv_func_arc4random" +if test "x$ac_cv_func_arc4random" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_ARC4RANDOM 1 +_ACEOF + + for ac_func in arc4random_uniform +do : + ac_fn_c_check_func "$LINENO" "arc4random_uniform" "ac_cv_func_arc4random_uniform" +if test "x$ac_cv_func_arc4random_uniform" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_ARC4RANDOM_UNIFORM 1 +_ACEOF + +else + + case " $LIBOBJS " in + *" arc4random_uniform.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS arc4random_uniform.$ac_objext" + ;; +esac + + + for _sym in sudo_arc4random_uniform; do + COMPAT_EXP="${COMPAT_EXP}${_sym} +" + done + + +fi +done + + for ac_func in arc4random_buf +do : + ac_fn_c_check_func "$LINENO" "arc4random_buf" "ac_cv_func_arc4random_buf" +if test "x$ac_cv_func_arc4random_buf" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_ARC4RANDOM_BUF 1 +_ACEOF + +else + + case " $LIBOBJS " in + *" arc4random_buf.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS arc4random_buf.$ac_objext" + ;; +esac + + + for _sym in sudo_arc4random_buf; do COMPAT_EXP="${COMPAT_EXP}${_sym} " done @@ -19451,52 +20015,41 @@ fi done -for ac_func in arc4random_uniform -do : - ac_fn_c_check_func "$LINENO" "arc4random_uniform" "ac_cv_func_arc4random_uniform" -if test "x$ac_cv_func_arc4random_uniform" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_ARC4RANDOM_UNIFORM 1 -_ACEOF else case " $LIBOBJS " in - *" arc4random_uniform.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS arc4random_uniform.$ac_objext" + *" arc4random.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS arc4random.$ac_objext" ;; esac - for _sym in sudo_arc4random_uniform; do + for _sym in sudo_arc4random; do COMPAT_EXP="${COMPAT_EXP}${_sym} " done - for ac_func in arc4random -do : - ac_fn_c_check_func "$LINENO" "arc4random" "ac_cv_func_arc4random" -if test "x$ac_cv_func_arc4random" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_ARC4RANDOM 1 -_ACEOF -else + for _sym in sudo_arc4random_buf; do + COMPAT_EXP="${COMPAT_EXP}${_sym} +" + done - case " $LIBOBJS " in - *" arc4random.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS arc4random.$ac_objext" + case " $LIBOBJS " in + *" arc4random_uniform.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS arc4random_uniform.$ac_objext" ;; esac - for _sym in sudo_arc4random; do + for _sym in sudo_arc4random_uniform; do COMPAT_EXP="${COMPAT_EXP}${_sym} " done - # arc4random.c needs getentropy() - for ac_func in getentropy + # arc4random.c needs getentropy() + for ac_func in getentropy do : ac_fn_c_check_func "$LINENO" "getentropy" "ac_cv_func_getentropy" if test "x$ac_cv_func_getentropy" = xyes; then : @@ -19504,7 +20057,7 @@ #define HAVE_GETENTROPY 1 _ACEOF - for ac_header in sys/random.h + for ac_header in sys/random.h do : ac_fn_c_check_header_mongrel "$LINENO" "sys/random.h" "ac_cv_header_sys_random_h" "$ac_includes_default" if test "x$ac_cv_header_sys_random_h" = xyes; then : @@ -19519,7 +20072,7 @@ else - case " $LIBOBJS " in + case " $LIBOBJS " in *" getentropy.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS getentropy.$ac_objext" ;; @@ -19535,8 +20088,8 @@ fi done - # arc4random.c wants pthread_atfork - for ac_header in pthread.h + # arc4random.c wants pthread_atfork + for ac_header in pthread.h do : ac_fn_c_check_header_mongrel "$LINENO" "pthread.h" "ac_cv_header_pthread_h" "$ac_includes_default" if test "x$ac_cv_header_pthread_h" = xyes; then : @@ -19544,7 +20097,7 @@ #define HAVE_PTHREAD_H 1 _ACEOF - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lpthread" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lpthread" >&5 $as_echo_n "checking for main in -lpthread... " >&6; } if ${ac_cv_lib_pthread_main+:} false; then : $as_echo_n "(cached) " >&6 @@ -19578,7 +20131,7 @@ LIBPTHREAD="-lpthread" fi - for ac_func in pthread_atfork + for ac_func in pthread_atfork do : ac_fn_c_check_func "$LINENO" "pthread_atfork" "ac_cv_func_pthread_atfork" if test "x$ac_cv_func_pthread_atfork" = xyes; then : @@ -19599,10 +20152,6 @@ done -fi -done - - utmp_style=LEGACY for ac_func in getutsid getutxid getutid do : @@ -19629,17 +20178,6 @@ fi done - for ac_func in fseeko -do : - ac_fn_c_check_func "$LINENO" "fseeko" "ac_cv_func_fseeko" -if test "x$ac_cv_func_fseeko" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_FSEEKO 1 -_ACEOF - -fi -done - fi for ac_func in sysctl @@ -20477,6 +21015,136 @@ fi done +for ac_func in openat +do : + ac_fn_c_check_func "$LINENO" "openat" "ac_cv_func_openat" +if test "x$ac_cv_func_openat" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_OPENAT 1 +_ACEOF + +else + + case " $LIBOBJS " in + *" openat.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS openat.$ac_objext" + ;; +esac + + + for _sym in sudo_openat; do + COMPAT_EXP="${COMPAT_EXP}${_sym} +" + done + + +fi +done + +for ac_func in unlinkat +do : + ac_fn_c_check_func "$LINENO" "unlinkat" "ac_cv_func_unlinkat" +if test "x$ac_cv_func_unlinkat" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_UNLINKAT 1 +_ACEOF + +else + + case " $LIBOBJS " in + *" unlinkat.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS unlinkat.$ac_objext" + ;; +esac + + + for _sym in sudo_unlinkat; do + COMPAT_EXP="${COMPAT_EXP}${_sym} +" + done + + +fi +done + +for ac_func in fchmodat +do : + ac_fn_c_check_func "$LINENO" "fchmodat" "ac_cv_func_fchmodat" +if test "x$ac_cv_func_fchmodat" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_FCHMODAT 1 +_ACEOF + +else + + case " $LIBOBJS " in + *" fchmodat.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS fchmodat.$ac_objext" + ;; +esac + + + for _sym in sudo_fchmodat; do + COMPAT_EXP="${COMPAT_EXP}${_sym} +" + done + + +fi +done + +for ac_func in fstatat +do : + ac_fn_c_check_func "$LINENO" "fstatat" "ac_cv_func_fstatat" +if test "x$ac_cv_func_fstatat" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_FSTATAT 1 +_ACEOF + +else + + case " $LIBOBJS " in + *" fstatat.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS fstatat.$ac_objext" + ;; +esac + + + for _sym in sudo_fstatat; do + COMPAT_EXP="${COMPAT_EXP}${_sym} +" + done + + +fi +done + +for ac_func in dup3 +do : + ac_fn_c_check_func "$LINENO" "dup3" "ac_cv_func_dup3" +if test "x$ac_cv_func_dup3" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_DUP3 1 +_ACEOF + +else + + case " $LIBOBJS " in + *" dup3.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS dup3.$ac_objext" + ;; +esac + + + for _sym in sudo_dup3; do + COMPAT_EXP="${COMPAT_EXP}${_sym} +" + done + + +fi +done + for ac_func in pipe2 do : ac_fn_c_check_func "$LINENO" "pipe2" "ac_cv_func_pipe2" @@ -21416,6 +22084,34 @@ fi +if test "${enable_openssl-no}" != no; then + OLIBS="$LIBS" + LIBS="$LIBS $LIBTLS" + for ac_func in X509_STORE_CTX_get0_cert ASN1_STRING_get0_data SSL_CTX_get0_certificate SSL_CTX_set_ciphersuites TLS_client_method TLS_server_method +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + # SSL_CTX_set_min_proto_version may be a macro + ac_fn_c_check_decl "$LINENO" "SSL_CTX_set_min_proto_version" "ac_cv_have_decl_SSL_CTX_set_min_proto_version" " + $ac_includes_default + #include + +" +if test "x$ac_cv_have_decl_SSL_CTX_set_min_proto_version" = xyes; then : + $as_echo "#define HAVE_SSL_CTX_SET_MIN_PROTO_VERSION 1" >>confdefs.h + +fi + + LIBS="$OLIBS" +fi OLIBS="$LIBS" LIBS="${LIBS} ${NET_LIBS}" ac_fn_c_check_func "$LINENO" "socket" "ac_cv_func_socket" @@ -25759,40 +26455,48 @@ fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for log file location" >&5 -$as_echo_n "checking for log file location... " >&6; } -if test -n "$with_logpath"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_logpath" >&5 -$as_echo "$with_logpath" >&6; } - cat >>confdefs.h <&5 -$as_echo "/var/log/sudo.log" >&6; } - cat >>confdefs.h <<\EOF -#define _PATH_SUDO_LOGFILE "/var/log/sudo.log" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for log dir location" >&5 +$as_echo_n "checking for log dir location... " >&6; } + if test "${with_logdir-yes}" != "yes"; then + log_dir="$with_logdir" + else + # Default value of log_dir set in configure.ac + for d in /var/log /var/adm /usr/adm; do + if test -d "$d"; then + log_dir="$d" + break + fi + done + fi + if test "${with_logdir}" != "no"; then + cat >>confdefs.h <&5 -$as_echo "/var/adm/sudo.log" >&6; } - cat >>confdefs.h <<\EOF -#define _PATH_SUDO_LOGFILE "/var/adm/sudo.log" -EOF + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $log_dir" >&5 +$as_echo "$log_dir" >&6; } -elif test -d "/usr/adm"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: /usr/adm/sudo.log" >&5 -$as_echo "/usr/adm/sudo.log" >&6; } - cat >>confdefs.h <<\EOF -#define _PATH_SUDO_LOGFILE "/usr/adm/sudo.log" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for log file location" >&5 +$as_echo_n "checking for log file location... " >&6; } + if test "${with_logpath-yes}" != "yes"; then + logpath="$with_logpath" + else + # Default value of logpath set in configure.ac + for d in /var/log /var/adm /usr/adm; do + if test -d "$d"; then + logpath="$d/sudo.log" + break + fi + done + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $logpath" >&5 +$as_echo "$logpath" >&6; } + cat >>confdefs.h <&5 -$as_echo "unknown" >&6; } -fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sudo run dir location" >&5 $as_echo_n "checking for sudo run dir location... " >&6; } @@ -25811,6 +26515,10 @@ #define _PATH_SUDO_TIMEDIR "$rundir/ts" EOF +cat >>confdefs.h <&5 $as_echo_n "checking for sudo var dir location... " >&6; } @@ -25835,12 +26543,14 @@ $as_echo_n "checking for I/O log dir location... " >&6; } if test "${with_iologdir-yes}" != "yes"; then iolog_dir="$with_iologdir" - elif test -d "/var/log"; then - iolog_dir="/var/log/sudo-io" - elif test -d "/var/adm"; then - iolog_dir="/var/adm/sudo-io" else - iolog_dir="/usr/adm/sudo-io" + # Default value of iolog_dir set in configure.ac + for d in /var/log /var/adm /usr/adm; do + if test -d "$d"; then + iolog_dir="$d/sudo-io" + break + fi + done fi if test "${with_iologdir}" != "no"; then cat >>confdefs.h <&5 +$as_echo_n "checking whether the linker accepts -Wl,--enable-new-dtags... " >&6; } +if ${ax_cv_check_ldflags___Wl___enable_new_dtags+:} false; then : + $as_echo_n "(cached) " >&6 +else + + ax_check_save_flags=$LDFLAGS + LDFLAGS="$LDFLAGS -Wl,--enable-new-dtags" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ax_cv_check_ldflags___Wl___enable_new_dtags=yes +else + ax_cv_check_ldflags___Wl___enable_new_dtags=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$ax_check_save_flags +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl___enable_new_dtags" >&5 +$as_echo "$ax_cv_check_ldflags___Wl___enable_new_dtags" >&6; } +if test x"$ax_cv_check_ldflags___Wl___enable_new_dtags" = xyes; then : + +if ${LDFLAGS+:} false; then : + + case " $LDFLAGS " in #( + *" -Wl,--enable-new-dtags "*) : + { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains -Wl,--enable-new-dtags"; } >&5 + (: LDFLAGS already contains -Wl,--enable-new-dtags) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append LDFLAGS " -Wl,--enable-new-dtags" + { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + (: LDFLAGS="$LDFLAGS") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else + + LDFLAGS=-Wl,--enable-new-dtags + { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + (: LDFLAGS="$LDFLAGS") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + +else + : +fi + + ;; +esac + if test -n "$GCC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fvisibility=hidden" >&5 $as_echo_n "checking whether C compiler accepts -fvisibility=hidden... " >&6; } @@ -27029,13 +27813,15 @@ test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc' if test X"$INIT_SCRIPT" != X""; then - ac_config_files="$ac_config_files init.d/$INIT_SCRIPT" + ac_config_files="$ac_config_files etc/init.d/$INIT_SCRIPT" elif test X"$TMPFILES_D" != X""; then - ac_config_files="$ac_config_files init.d/sudo.conf" + ac_config_files="$ac_config_files etc/init.d/sudo.conf" fi -ac_config_files="$ac_config_files Makefile doc/Makefile examples/Makefile include/Makefile lib/util/Makefile lib/util/util.exp src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers" + +ac_config_files="$ac_config_files Makefile doc/Makefile examples/Makefile examples/sudo.conf include/Makefile lib/iolog/Makefile lib/logsrv/Makefile lib/util/Makefile lib/util/util.exp logsrvd/Makefile src/sudo_usage.h src/Makefile plugins/audit_json/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/sample_approval/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers" + cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -27543,7 +28329,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.8.31, which was +This file was extended by sudo $as_me 1.9.0, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -27609,7 +28395,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -sudo config.status 1.8.31 +sudo config.status 1.9.0 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -28025,20 +28811,27 @@ "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; "pathnames.h") CONFIG_HEADERS="$CONFIG_HEADERS pathnames.h" ;; "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;; + "$PYTHON_PLUGIN_SRC/Makefile") CONFIG_FILES="$CONFIG_FILES $PYTHON_PLUGIN_SRC/Makefile" ;; "lib/zlib/zconf.h") CONFIG_HEADERS="$CONFIG_HEADERS lib/zlib/zconf.h" ;; "lib/zlib/Makefile") CONFIG_FILES="$CONFIG_FILES lib/zlib/Makefile" ;; - "init.d/$INIT_SCRIPT") CONFIG_FILES="$CONFIG_FILES init.d/$INIT_SCRIPT" ;; - "init.d/sudo.conf") CONFIG_FILES="$CONFIG_FILES init.d/sudo.conf" ;; + "etc/init.d/$INIT_SCRIPT") CONFIG_FILES="$CONFIG_FILES etc/init.d/$INIT_SCRIPT" ;; + "etc/init.d/sudo.conf") CONFIG_FILES="$CONFIG_FILES etc/init.d/sudo.conf" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; "examples/Makefile") CONFIG_FILES="$CONFIG_FILES examples/Makefile" ;; + "examples/sudo.conf") CONFIG_FILES="$CONFIG_FILES examples/sudo.conf" ;; "include/Makefile") CONFIG_FILES="$CONFIG_FILES include/Makefile" ;; + "lib/iolog/Makefile") CONFIG_FILES="$CONFIG_FILES lib/iolog/Makefile" ;; + "lib/logsrv/Makefile") CONFIG_FILES="$CONFIG_FILES lib/logsrv/Makefile" ;; "lib/util/Makefile") CONFIG_FILES="$CONFIG_FILES lib/util/Makefile" ;; "lib/util/util.exp") CONFIG_FILES="$CONFIG_FILES lib/util/util.exp" ;; + "logsrvd/Makefile") CONFIG_FILES="$CONFIG_FILES logsrvd/Makefile" ;; "src/sudo_usage.h") CONFIG_FILES="$CONFIG_FILES src/sudo_usage.h" ;; "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; + "plugins/audit_json/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/audit_json/Makefile" ;; "plugins/sample/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/sample/Makefile" ;; "plugins/group_file/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/group_file/Makefile" ;; + "plugins/sample_approval/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/sample_approval/Makefile" ;; "plugins/system_group/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/system_group/Makefile" ;; "plugins/sudoers/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/sudoers/Makefile" ;; "plugins/sudoers/sudoers") CONFIG_FILES="$CONFIG_FILES plugins/sudoers/sudoers" ;; @@ -29213,6 +30006,9 @@ + + + diff -Nru sudo-1.8.31/configure.ac sudo-1.9.0/configure.ac --- sudo-1.8.31/configure.ac 2020-01-30 12:52:13.000000000 +0000 +++ sudo-1.9.0/configure.ac 2020-05-11 16:28:22.000000000 +0000 @@ -18,7 +18,7 @@ dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. dnl AC_PREREQ([2.59]) -AC_INIT([sudo], [1.8.31], [https://bugzilla.sudo.ws/], [sudo]) +AC_INIT([sudo], [1.9.0], [https://bugzilla.sudo.ws/], [sudo]) AC_CONFIG_HEADER([config.h pathnames.h]) AC_CONFIG_SRCDIR([src/sudo.c]) dnl @@ -93,6 +93,7 @@ AC_SUBST([LIBRT]) AC_SUBST([LIBINTL]) AC_SUBST([LIBMD]) +AC_SUBST([LIBTLS]) AC_SUBST([LIBPTHREAD]) AC_SUBST([SUDO_NLS]) AC_SUBST([LOCALEDIR_SUFFIX]) @@ -114,10 +115,19 @@ AC_SUBST([DIGEST]) AC_SUBST([devsearch]) AC_SUBST([SIGNAME]) +AC_SUBST([PYTHON_PLUGIN_SRC]) +AC_SUBST([LOGSRV]) +AC_SUBST([LIBLOGSRV]) +AC_SUBST([LOGSRVD]) +AC_SUBST([LOGSRVD_CONF]) +AC_SUBST([PPFILES]) + dnl dnl Variables that get substituted in docs (not overridden by environment) dnl AC_SUBST([iolog_dir])dnl real initial value from SUDO_IO_LOGDIR +AC_SUBST([log_dir])dnl real initial value from SUDO_LOGDIR +AC_SUBST([logpath])dnl real initial value from SUDO_LOGFILE AC_SUBST([rundir])dnl real initial value from SUDO_RUNDIR AC_SUBST([vardir])dnl real initial value from SUDO_VARDIR AC_SUBST([timeout]) @@ -161,6 +171,8 @@ # Begin initial values for man page substitution # iolog_dir=/var/log/sudo-io +log_dir=/var/log +logpath=/var/log/sudo.log rundir=/var/run/sudo vardir=/var/adm/sudo timeout=5 @@ -230,6 +242,7 @@ SEMAN=0 LIBINTL= LIBMD= +LIBTLS= ZLIB= ZLIB_SRC= AUTH_OBJS= @@ -248,7 +261,7 @@ COMPAT_EXP= SIGNAME= dnl -dnl Other vaiables +dnl Other variables dnl WEAK_ALIAS=no CHECKSHADOW=true @@ -256,6 +269,11 @@ shadow_libs= TMPFILES_D= CONFIGURE_ARGS="$@" +LOGSRVD=logsrvd +LOGSRVD_CONF='$(srcdir)/sudo_logsrvd.conf' +LOGSRV=lib/logsrv +LIBLOGSRV='$(top_builddir)/lib/logsrv/liblogsrv.la' +PPFILES='$(srcdir)/etc/sudo.pp' dnl dnl LD_PRELOAD equivalents @@ -333,7 +351,7 @@ AC_ARG_WITH(CC, [AS_HELP_STRING([--with-CC], [C compiler to use])], [case $with_CC in - *) AC_MSG_ERROR([the --with-CC option is no longer supported, please set the CC environment variable instead.]) + *) AC_MSG_ERROR([the --with-CC option is no longer supported, please pass CC=$with_CC to configure instead.]) ;; esac]) @@ -1033,7 +1051,7 @@ ;; [[1-9]]*) passwd_tries=$with_passwd_tries ;; - *) AC_MSG_ERROR(["you must enter the numer of tries, > 0"]) + *) AC_MSG_ERROR(["you must enter the number of tries, > 0"]) ;; esac]) AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.]) @@ -1047,7 +1065,7 @@ ;; [[0-9]]*) timeout=$with_timeout ;; - *) AC_MSG_ERROR(["you must enter the numer of minutes."]) + *) AC_MSG_ERROR(["you must enter the number of minutes."]) ;; esac]) AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.]) @@ -1061,7 +1079,7 @@ ;; [[0-9]]*) password_timeout=$with_password_timeout ;; - *) AC_MSG_ERROR(["you must enter the numer of minutes."]) + *) AC_MSG_ERROR(["you must enter the number of minutes."]) ;; esac]) AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).]) @@ -1484,15 +1502,15 @@ ]) AC_ARG_ENABLE(openssl, -[AS_HELP_STRING([--enable-openssl], [Use OpenSSL's message digest functions instead of sudo's])], +[AS_HELP_STRING([--enable-openssl], [Use OpenSSL's TLS and sha2 functions])], [ case $enableval in no) ;; *) LIBMD="-lcrypto" - DIGEST=digest_openssl.lo + LIBTLS="-lssl -lcrypto" AC_DEFINE(HAVE_OPENSSL) if test "$enableval" != "yes"; then AX_APPEND_FLAG([-I${enableval}/include], [CPPFLAGS]) - SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${enableval}/lib]) + SUDO_APPEND_LIBPATH(LDFLAGS, [${enableval}/lib]) fi ;; esac @@ -1507,7 +1525,7 @@ AC_DEFINE(HAVE_GCRYPT) if test "$enableval" != "yes"; then AX_APPEND_FLAG([-I${enableval}/include], [CPPFLAGS]) - SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${enableval}/lib]) + SUDO_APPEND_LIBPATH(LDFLAGS, [${enableval}/lib]) fi ;; esac @@ -1566,7 +1584,7 @@ ]) AC_ARG_ENABLE(devsearch, -[AS_HELP_STRING([--enable-devsearch=PATH], [The colon-delimited path to search for device nodes when determing the tty name.])], +[AS_HELP_STRING([--enable-devsearch=PATH], [The colon-delimited path to search for device nodes when determining the tty name.])], [case $enableval in yes) # use default value ;; @@ -1636,6 +1654,42 @@ AC_ARG_ENABLE(pvs-studio, [AS_HELP_STRING([--enable-pvs-studio], [Create a PVS-Studio.cfg file.])]) +AC_ARG_ENABLE(log-server, +[AS_HELP_STRING([--disable-log-server], [Disable building the sudo_logsrvd log server.])], +[ case "$enableval" in + yes) + ;; + no) + LOGSRVD= + LOGSRVD_CONF= + ;; + *) AC_MSG_WARN([Ignoring unknown argument to --enable-log-server: $enableval]) + ;; + esac +]) + +AC_ARG_ENABLE(log-client, +[AS_HELP_STRING([--disable-log-client], [Disable sudoers support for using the sudo_logsrvd log server.])], +[ case "$enableval" in + yes) + AC_DEFINE([SUDOERS_IOLOG_CLIENT]) + ;; + no) + ;; + *) AC_MSG_WARN([Ignoring unknown argument to --enable-log-client: $enableval]) + ;; + esac +], [AC_DEFINE([SUDOERS_IOLOG_CLIENT])]) + +if test X"$enable_log_server" = X"no" -a X"$enable_log_client" = X"no"; then + # No need for liblogsrv.la + LOGSRV= + LIBLOGSRV= +fi +if test X"$LOGSRVD" != X""; then + PPFILES="$PPFILES "'$(srcdir)/etc/sudo-logsrvd.pp' +fi + dnl dnl C compiler checks dnl @@ -2506,10 +2560,67 @@ fi dnl +dnl Python plugin support +dnl +AC_MSG_CHECKING(whether to compile python plugin support) +AC_ARG_ENABLE(python, +[AS_HELP_STRING([--enable-python], [Compile python plugin support])], +[ case "$enableval" in + yes|no) + AC_MSG_RESULT($enableval) + USE_PYTHON=$enableval + ;; + *) + AC_MSG_WARN([Ignoring unknown argument to --enable-python: $enableval]) + ;; + esac +], AC_MSG_RESULT(no)) + +if test ${USE_PYTHON-'no'} = "yes"; then + AM_PATH_PYTHON([3]) + + AC_ARG_VAR([PYTHON_INCLUDE], [Include flags for python, bypassing python-config]) + AC_ARG_VAR([PYTHON_LIBS], [Linker flags for python, bypassing python-config]) + AC_ARG_VAR([PYTHON_CONFIG], [Path to python-config]) + + AS_IF([test -z "$PYTHON_INCLUDE" || test -z "$PYTHON_LIBS"], [ + AS_IF([test -z "$PYTHON_CONFIG"], [ + AC_PATH_PROGS([PYTHON_CONFIG], + [python$PYTHON_VERSION-config python-config], + [no], + [`dirname $PYTHON`]) + AS_IF([test "$PYTHON_CONFIG" = no], [AC_MSG_ERROR([cannot find python-config for $PYTHON.])]) + ]) + ]) + + AS_IF([test -z "$PYTHON_INCLUDE"], [ + AC_MSG_CHECKING([python include flags]) + PYTHON_INCLUDE=`$PYTHON_CONFIG --cflags` + AC_MSG_RESULT([$PYTHON_INCLUDE]) + ]) + + AS_IF([test -z "$PYTHON_LIBS"], [ + # Newer versions of python3-config need --embed to include libpython + if $PYTHON_CONFIG 2>&1 | grep embed >/dev/null; then + PY_EMBED=--embed + else + PY_EMBED= + fi + AC_MSG_CHECKING([python linker flags]) + PYTHON_LIBS=`$PYTHON_CONFIG --ldflags $PY_EMBED` + AC_MSG_RESULT([$PYTHON_LIBS]) + ]) + + PPFILES="$PPFILES "'$(srcdir)/etc/sudo-python.pp' + PYTHON_PLUGIN_SRC=plugins/python + AC_CONFIG_FILES([$PYTHON_PLUGIN_SRC/Makefile]) +fi + +dnl dnl Function checks dnl AC_FUNC_GETGROUPS -AC_CHECK_FUNCS_ONCE([fexecve killpg nl_langinfo pread pwrite openat faccessat wordexp getauxval]) +AC_CHECK_FUNCS_ONCE([fexecve killpg nl_langinfo pread pwrite faccessat wordexp getauxval fseeko]) case "$host_os" in hpux*) if test X"$ac_cv_func_pread" = X"yes"; then @@ -2522,6 +2633,10 @@ fi ;; esac +AC_CHECK_FUNCS([cfmakeraw], [], [ + AC_LIBOBJ(cfmakeraw) + SUDO_APPEND_COMPAT_EXP(sudo_cfmakeraw) +]) AC_CHECK_FUNCS([getgrouplist], [], [ case "$host_os" in aix*) @@ -2573,24 +2688,32 @@ AC_LIBOBJ(reallocarray) SUDO_APPEND_COMPAT_EXP(sudo_reallocarray) ]) -AC_CHECK_FUNCS([arc4random_uniform], [], [ +AC_CHECK_FUNCS([arc4random], [ + AC_CHECK_FUNCS([arc4random_uniform], [], [ + AC_LIBOBJ(arc4random_uniform) + SUDO_APPEND_COMPAT_EXP(sudo_arc4random_uniform) + ]) + AC_CHECK_FUNCS([arc4random_buf], [], [ + AC_LIBOBJ(arc4random_buf) + SUDO_APPEND_COMPAT_EXP(sudo_arc4random_buf) + ]) +], [ + AC_LIBOBJ(arc4random) + SUDO_APPEND_COMPAT_EXP(sudo_arc4random) + SUDO_APPEND_COMPAT_EXP(sudo_arc4random_buf) AC_LIBOBJ(arc4random_uniform) SUDO_APPEND_COMPAT_EXP(sudo_arc4random_uniform) - AC_CHECK_FUNCS([arc4random], [], [ - AC_LIBOBJ(arc4random) - SUDO_APPEND_COMPAT_EXP(sudo_arc4random) - # arc4random.c needs getentropy() - AC_CHECK_FUNCS([getentropy], [ - AC_CHECK_HEADERS([sys/random.h]) - ], [ - AC_LIBOBJ(getentropy) - SUDO_APPEND_COMPAT_EXP(sudo_getentropy) - ]) - # arc4random.c wants pthread_atfork - AC_CHECK_HEADERS([pthread.h], [ - AC_CHECK_LIB(pthread, main, [LIBPTHREAD="-lpthread"]) - AC_CHECK_FUNCS([pthread_atfork]) - ]) + # arc4random.c needs getentropy() + AC_CHECK_FUNCS([getentropy], [ + AC_CHECK_HEADERS([sys/random.h]) + ], [ + AC_LIBOBJ(getentropy) + SUDO_APPEND_COMPAT_EXP(sudo_getentropy) + ]) + # arc4random.c wants pthread_atfork + AC_CHECK_HEADERS([pthread.h], [ + AC_CHECK_LIB(pthread, main, [LIBPTHREAD="-lpthread"]) + AC_CHECK_FUNCS([pthread_atfork]) ]) ]) @@ -2598,7 +2721,6 @@ AC_CHECK_FUNCS([getutsid getutxid getutid], [utmp_style=POSIX; break]) if test "$utmp_style" = "LEGACY"; then AC_CHECK_FUNCS([getttyent ttyslot], [break]) - AC_CHECK_FUNCS([fseeko]) fi AC_CHECK_FUNCS([sysctl], [AC_CHECK_FUNCS([devname]) @@ -2727,6 +2849,26 @@ SUDO_APPEND_COMPAT_EXP(sudo_nanosleep) ]) ]) +AC_CHECK_FUNCS([openat], [], [ + AC_LIBOBJ(openat) + SUDO_APPEND_COMPAT_EXP(sudo_openat) +]) +AC_CHECK_FUNCS([unlinkat], [], [ + AC_LIBOBJ(unlinkat) + SUDO_APPEND_COMPAT_EXP(sudo_unlinkat) +]) +AC_CHECK_FUNCS([fchmodat], [], [ + AC_LIBOBJ(fchmodat) + SUDO_APPEND_COMPAT_EXP(sudo_fchmodat) +]) +AC_CHECK_FUNCS([fstatat], [], [ + AC_LIBOBJ(fstatat) + SUDO_APPEND_COMPAT_EXP(sudo_fstatat) +]) +AC_CHECK_FUNCS([dup3], [], [ + AC_LIBOBJ(dup3) + SUDO_APPEND_COMPAT_EXP(sudo_dup3) +]) AC_CHECK_FUNCS([pipe2], [], [ AC_LIBOBJ(pipe2) SUDO_APPEND_COMPAT_EXP(sudo_pipe2) @@ -2873,6 +3015,20 @@ #include <$ac_header_dirent> ]) dnl +dnl Check for functions only present in OpenSSL 1.1 and above +dnl +if test "${enable_openssl-no}" != no; then + OLIBS="$LIBS" + LIBS="$LIBS $LIBTLS" + AC_CHECK_FUNCS([X509_STORE_CTX_get0_cert ASN1_STRING_get0_data SSL_CTX_get0_certificate SSL_CTX_set_ciphersuites TLS_client_method TLS_server_method]) + # SSL_CTX_set_min_proto_version may be a macro + AC_CHECK_DECL([SSL_CTX_set_min_proto_version], [AC_DEFINE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION)], [], [ + AC_INCLUDES_DEFAULT + #include + ]) + LIBS="$OLIBS" +fi +dnl dnl If socket(2) not in libc, check -lsocket and -linet dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols dnl @@ -4033,6 +4189,7 @@ if test "$utmp_style" = "LEGACY"; then SUDO_PATH_UTMP fi +SUDO_LOGDIR SUDO_LOGFILE SUDO_RUNDIR SUDO_VARDIR @@ -4085,6 +4242,19 @@ fi dnl +dnl We want to use DT_RUNPATH in preference to DT_RPATH in ELF binaries. +dnl Otherwise, LD_LIBRARY_PATH does not work when running the tests. +dnl We don't do this on NetBSD where RPATH already supports LD_LIBRARY_PATH. +dnl +case "$OS" in + netbsd) + ;; + *) + AX_CHECK_LINK_FLAG([-Wl,--enable-new-dtags], [AX_APPEND_FLAG([-Wl,--enable-new-dtags], [LDFLAGS])]) + ;; +esac + +dnl dnl Check for symbol visibility support. dnl This test relies on AC_LANG_WERROR dnl @@ -4483,11 +4653,13 @@ dnl Substitute into the Makefile and man pages dnl if test X"$INIT_SCRIPT" != X""; then - AC_CONFIG_FILES([init.d/$INIT_SCRIPT]) + AC_CONFIG_FILES([etc/init.d/$INIT_SCRIPT]) elif test X"$TMPFILES_D" != X""; then - AC_CONFIG_FILES([init.d/sudo.conf]) + AC_CONFIG_FILES([etc/init.d/sudo.conf]) fi -AC_CONFIG_FILES([Makefile doc/Makefile examples/Makefile include/Makefile lib/util/Makefile lib/util/util.exp src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers]) + +AC_CONFIG_FILES([Makefile doc/Makefile examples/Makefile examples/sudo.conf include/Makefile lib/iolog/Makefile lib/logsrv/Makefile lib/util/Makefile lib/util/util.exp logsrvd/Makefile src/sudo_usage.h src/Makefile plugins/audit_json/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/sample_approval/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers]) + AC_OUTPUT dnl @@ -4591,7 +4763,7 @@ AH_TEMPLATE(NO_LEAKS, [Define to 1 if you want sudo to free up memory before exiting.]) AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.]) AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support.]) -AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.]) +AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid running the mailer as root.]) AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.]) AH_TEMPLATE(TIMESTAMP_TYPE, [Define to global, ppid or tty to set the default timestamp record type.]) AH_TEMPLATE(OFFENSIVE_INSULTS, [Define to 1 to include offensive insults from the classic version of sudo.]) @@ -4633,8 +4805,11 @@ AH_TEMPLATE(HAVE_KINFO_PROC_FREEBSD, [Define to 1 if your system has a FreeBSD-style kinfo_proc struct.]) AH_TEMPLATE(HAVE_KINFO_PROC2_NETBSD, [Define to 1 if your system has a NetBSD-style kinfo_proc2 struct.]) AH_TEMPLATE(HAVE_KINFO_PROC_OPENBSD, [Define to 1 if your system has an OpenBSD-style kinfo_proc struct.]) -AH_TEMPLATE(HAVE_OPENSSL, [Define to 1 if you are using OpenSSL's sha2 functions.]) +AH_TEMPLATE(HAVE_OPENSSL, [Define to 1 if you are using OpenSSL's TLS and sha2 functions.]) AH_TEMPLATE(HAVE_GCRYPT, [Define to 1 if you are using gcrypt's sha2 functions.]) +AH_TEMPLATE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION, [Define to 1 if you have the `SSL_CTX_set_min_proto_version' function or macro.]) +AH_TEMPLATE(SUDOERS_IOLOG_CLIENT, [Define to 1 to compile support for sudo_logsrvd in the sudoers I/O log plugin.]) + dnl dnl Bits to copy verbatim into config.h.in dnl diff -Nru sudo-1.8.31/debian/changelog sudo-1.9.0/debian/changelog --- sudo-1.8.31/debian/changelog 2020-02-03 14:32:18.000000000 +0000 +++ sudo-1.9.0/debian/changelog 2020-05-21 00:07:02.000000000 +0000 @@ -1,3 +1,41 @@ +sudo (1.9.0-1ubuntu1) groovy; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/rules: + + use dh-autoreconf + - debian/rules: stop shipping init scripts, as they are no longer + necessary. + - debian/rules: + + compile with --without-lecture --with-tty-tickets --enable-admin-flag + + install man/man8/sudo_root.8 in both flavours + + install apport hooks + - debian/sudo-ldap.dirs, debian/sudo.dirs: + + add usr/share/apport/package-hooks + - debian/sudo.pam: + + Use pam_env to read /etc/environment and /etc/default/locale + environment files. Reading ~/.pam_environment is not permitted due + to security reasons. + - debian/sudoers: + + also grant admin group sudo access + + include /snap/bin in the secure_path + * Dropped changes, no longer needed: + - debian/control: + + use dh-autoreconf + + -- Steve Langasek Wed, 20 May 2020 17:07:02 -0700 + +sudo (1.9.0-1) unstable; urgency=medium + + * new upstream version, closes: #669687, #571621, #734752 + + -- Bdale Garbee Wed, 13 May 2020 18:34:59 -0600 + +sudo (1.8.31p1-1) unstable; urgency=medium + + * new upstream version + + -- Bdale Garbee Thu, 19 Mar 2020 15:47:17 -0600 + sudo (1.8.31-1ubuntu1) focal; urgency=medium * Merge from Debian unstable. Remaining changes: @@ -2129,3 +2167,4 @@ * New upstream version * Minor changes to debian.rules + diff -Nru sudo-1.8.31/debian/control sudo-1.9.0/debian/control --- sudo-1.8.31/debian/control 2020-02-03 14:32:10.000000000 +0000 +++ sudo-1.9.0/debian/control 2020-05-21 00:07:02.000000000 +0000 @@ -3,8 +3,7 @@ Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Bdale Garbee -Build-Depends: debhelper (>= 10), libpam0g-dev, libldap2-dev, libsasl2-dev, libselinux1-dev [linux-any], autoconf, autotools-dev, bison, flex, libaudit-dev [linux-any], mandoc, - dh-autoreconf, +Build-Depends: debhelper (>= 10), libpam0g-dev, libldap2-dev, libsasl2-dev, libselinux1-dev [linux-any], autoconf, bison, flex, libaudit-dev [linux-any], mandoc Standards-Version: 4.1.1 Vcs-Git: https://salsa.debian.org/debian/sudo.git Vcs-Browser: https://salsa.debian.org/debian/sudo diff -Nru sudo-1.8.31/doc/CONTRIBUTORS sudo-1.9.0/doc/CONTRIBUTORS --- sudo-1.8.31/doc/CONTRIBUTORS 2019-10-28 12:27:45.000000000 +0000 +++ sudo-1.9.0/doc/CONTRIBUTORS 2020-05-11 16:28:22.000000000 +0000 @@ -94,6 +94,7 @@ McLaughlin, Tom Makey, Jeff Mallayya, Sangamesh + Manner, Róbert Marchionna, Michael D. Markham, Paul Martinian, Emin @@ -109,6 +110,7 @@ Nieusma, Jeff Nikitser, Peter A. Nussel, Ludwig + Orbán, László Ouellet, Jean-Philippe Paquet, Eric Paradis, Chantal @@ -231,3 +233,8 @@ Uranga, Mikel Olasagasti Vorotnikov, Artem Wang, Wylmer + +The following people designed the artwork used on the sudo website: + + Shield logo: Badger, Trent + Sandwich logo: Stillman, Mark diff -Nru sudo-1.8.31/doc/LICENSE sudo-1.9.0/doc/LICENSE --- sudo-1.8.31/doc/LICENSE 2020-01-30 12:52:27.000000000 +0000 +++ sudo-1.9.0/doc/LICENSE 2020-05-11 16:28:23.000000000 +0000 @@ -19,6 +19,38 @@ Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F39502-99-1-0512. +The Python plugin bindings bear the following license: + + Copyright (c) 2019-2020 Robert Manner + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +The files hostcheck.c and hostcheck.h bear the following license: + + Copyright (c) 2020 Laszlo Orban + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + The file redblack.c bears the following license: Copyright (c) 2001 Emin Martinian @@ -41,6 +73,56 @@ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +The file sssd.c bears the following license: + + Copyright (c) 2011 Daniel Kopecek + + This code is derived from software contributed by Aaron Spangler. + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +The files bsm_audit.c and bsm_audit.h bear the following license: + + Copyright (c) 2009 Christian S.J. Peron + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +The files solaris_audit.c and solaris_audit.h bear the following license: + + Copyright (c) 2014, Oracle and/or its affiliates. + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + The file reallocarray.c bears the following license: Copyright (c) 2008 Otto Moerbeek @@ -234,3 +316,32 @@ Jean-loup Gailly Mark Adler jloup@gzip.org madler@alumni.caltech.edu + +The embedded copy of protobuf-c bears the following license: + + Copyright (c) 2008-2018, Dave Benson and the protobuf-c authors. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials + provided with the distribution. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff -Nru sudo-1.8.31/doc/Makefile.in sudo-1.9.0/doc/Makefile.in --- sudo-1.8.31/doc/Makefile.in 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/doc/Makefile.in 2020-05-11 16:28:22.000000000 +0000 @@ -1,7 +1,7 @@ # # SPDX-License-Identifier: ISC # -# Copyright (c) 2010-2015, 2017-2018 Todd C. Miller +# Copyright (c) 2010-2015, 2017-2019 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -21,9 +21,13 @@ #### Start of system configuration section. #### srcdir = @srcdir@ -docdir = @docdir@ -top_builddir = @top_builddir@ +abs_srcdir = @abs_srcdir@ top_srcdir = @top_srcdir@ +abs_top_srcdir = @abs_top_srcdir@ +top_builddir = @top_builddir@ +abs_top_builddir = @abs_top_builddir@ +docdir = @docdir@ +scriptdir = $(top_srcdir)/scripts # Tools to use SED = @SED@ @@ -71,16 +75,24 @@ SHELL = @SHELL@ DOCS = $(mansrcdir)/cvtsudoers.$(mantype) $(mansrcdir)/sudo.$(mantype) \ - $(mansrcdir)/sudo.conf.$(mantype) $(mansrcdir)/sudo_plugin.$(mantype) \ + $(mansrcdir)/sudo.conf.$(mantype) $(mansrcdir)/sudo_logsrvd.$(mantype) \ + $(mansrcdir)/sudo_logsrv.proto.$(mantype) \ + $(mansrcdir)/sudo_logsrvd.conf.$(mantype) \ + $(mansrcdir)/sudo_plugin.$(mantype) \ + $(mansrcdir)/sudo_plugin_python.$(mantype) \ + $(mansrcdir)/sudo_sendlog.$(mantype) \ $(mansrcdir)/sudoers.$(mantype) $(mansrcdir)/sudoers.ldap.$(mantype) \ $(mansrcdir)/sudoers_timestamp.$(mantype) \ $(mansrcdir)/sudoreplay.$(mantype) $(mansrcdir)/visudo.$(mantype) DEVDOCS = $(srcdir)/cvtsudoers.man.in $(srcdir)/sudo.conf.man.in \ - $(srcdir)/sudo.man.in $(srcdir)/sudo_plugin.man.in \ - $(srcdir)/sudoers.ldap.man.in $(srcdir)/sudoers.man.in \ - $(srcdir)/sudoers_timestamp.man.in $(srcdir)/sudoreplay.man.in \ - $(srcdir)/visudo.man.in + $(srcdir)/sudo.man.in $(srcdir)/sudo_logsrvd.man.in \ + $(srcdir)/sudo_logsrv.proto.man.in \ + $(srcdir)/sudo_logsrvd.conf.man.in \ + $(srcdir)/sudo_plugin.man.in $(srcdir)/sudo_plugin_python.man.in \ + $(srcdir)/sudo_sendlog.man.in $(srcdir)/sudoers.ldap.man.in \ + $(srcdir)/sudoers.man.in $(srcdir)/sudoers_timestamp.man.in \ + $(srcdir)/sudoreplay.man.in $(srcdir)/visudo.man.in OTHER_DOCS = $(top_srcdir)/ChangeLog $(top_srcdir)/README \ $(top_srcdir)/NEWS $(srcdir)/HISTORY $(srcdir)/CONTRIBUTORS \ @@ -241,6 +253,48 @@ $(mansrcdir)/sudoreplay.mdoc: $(top_builddir)/config.status $(srcdir)/sudoreplay.mdoc.in cd $(top_builddir) && $(SHELL) config.status --file=doc/$@ +$(srcdir)/sudo_logsrvd.man.in: $(srcdir)/sudo_logsrvd.mdoc.in + @if [ -n "$(DEVEL)" ]; then \ + echo "Generating $@"; \ + mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ + mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ + $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_logsrvd.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_LOGSRVD" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \ + fi + +$(mansrcdir)/sudo_logsrvd.man: $(top_builddir)/config.status $(srcdir)/sudo_logsrvd.man.in fixman.sed + (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_logsrvd.man.in | $(SED) -f fixman.sed > $@ + +$(mansrcdir)/sudo_logsrvd.mdoc: $(top_builddir)/config.status $(srcdir)/sudo_logsrvd.mdoc.in + cd $(top_builddir) && $(SHELL) config.status --file=doc/$@ + +$(srcdir)/sudo_logsrv.proto.man.in: $(srcdir)/sudo_logsrv.proto.mdoc.in + @if [ -n "$(DEVEL)" ]; then \ + echo "Generating $@"; \ + mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ + mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ + $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_logsrv.proto.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_LOGSRV.PROTO" \)"5"\(.*\)/\1"'$$mansectform'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(5)/($$mansectform)/g" > $@; \ + fi + +$(mansrcdir)/sudo_logsrv.proto.man: $(top_builddir)/config.status $(srcdir)/sudo_logsrv.proto.man.in fixman.sed + (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_logsrv.proto.man.in | $(SED) -f fixman.sed > $@ + +$(mansrcdir)/sudo_logsrv.proto.mdoc: $(top_builddir)/config.status $(srcdir)/sudo_logsrv.proto.mdoc.in + cd $(top_builddir) && $(SHELL) config.status --file=doc/$@ + +$(srcdir)/sudo_logsrvd.conf.man.in: $(srcdir)/sudo_logsrvd.conf.mdoc.in + @if [ -n "$(DEVEL)" ]; then \ + echo "Generating $@"; \ + mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ + mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ + $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_logsrvd.conf.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_LOGSRVD.CONF" \)"5"\(.*\)/\1"'$$mansectform'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(5)/($$mansectform)/g" > $@; \ + fi + +$(mansrcdir)/sudo_logsrvd.conf.man: $(top_builddir)/config.status $(srcdir)/sudo_logsrvd.conf.man.in fixman.sed + (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_logsrvd.conf.man.in | $(SED) -f fixman.sed > $@ + +$(mansrcdir)/sudo_logsrvd.conf.mdoc: $(top_builddir)/config.status $(srcdir)/sudo_logsrvd.conf.mdoc.in + cd $(top_builddir) && $(SHELL) config.status --file=doc/$@ + $(srcdir)/sudo_plugin.man.in: $(srcdir)/sudo_plugin.mdoc.in @if [ -n "$(DEVEL)" ]; then \ echo "Generating $@"; \ @@ -255,12 +309,40 @@ $(mansrcdir)/sudo_plugin.mdoc: $(top_builddir)/config.status $(srcdir)/sudo_plugin.mdoc.in cd $(top_builddir) && $(SHELL) config.status --file=doc/$@ +$(srcdir)/sudo_plugin_python.man.in: $(srcdir)/sudo_plugin_python.mdoc.in + @if [ -n "$(DEVEL)" ]; then \ + echo "Generating $@"; \ + mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ + mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ + $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_plugin_python.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_PLUGIN" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \ + fi + +$(mansrcdir)/sudo_plugin_python.man: $(top_builddir)/config.status $(srcdir)/sudo_plugin_python.man.in fixman.sed + (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_plugin_python.man.in | $(SED) -f fixman.sed > $@ + +$(mansrcdir)/sudo_plugin_python.mdoc: $(top_builddir)/config.status $(srcdir)/sudo_plugin_python.mdoc.in + cd $(top_builddir) && $(SHELL) config.status --file=doc/$@ + +$(srcdir)/sudo_sendlog.man.in: $(srcdir)/sudo_sendlog.mdoc.in + @if [ -n "$(DEVEL)" ]; then \ + echo "Generating $@"; \ + mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ + mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ + $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_sendlog.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_SENDLOG" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \ + fi + +$(mansrcdir)/sudo_sendlog.man: $(top_builddir)/config.status $(srcdir)/sudo_sendlog.man.in fixman.sed + (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_sendlog.man.in | $(SED) -f fixman.sed > $@ + +$(mansrcdir)/sudo_sendlog.mdoc: $(top_builddir)/config.status $(srcdir)/sudo_sendlog.mdoc.in + cd $(top_builddir) && $(SHELL) config.status --file=doc/$@ + pre-install: install: install-doc install-dirs: - $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(docdir) \ + $(SHELL) $(scriptdir)/mkinstalldirs $(DESTDIR)$(docdir) \ $(DESTDIR)$(mandirexe) $(DESTDIR)$(mandirform) $(DESTDIR)$(mandirsu) install-binaries: @@ -272,15 +354,20 @@ @LDAP@for f in $(OTHER_DOCS_LDAP); do $(INSTALL) $(INSTALL_OWNER) -m 0644 $$f $(DESTDIR)$(docdir); done $(INSTALL) $(INSTALL_OWNER) -m 0644 $(mansrcdir)/cvtsudoers.$(mantype) $(DESTDIR)$(mandirexe)/cvtsudoers.1 $(INSTALL) $(INSTALL_OWNER) -m 0644 $(mansrcdir)/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) + $(INSTALL) $(INSTALL_OWNER) -m 0644 $(mansrcdir)/sudo_logsrvd.$(mantype) $(DESTDIR)$(mandirsu)/sudo_logsrvd.$(mansectsu) $(INSTALL) $(INSTALL_OWNER) -m 0644 $(mansrcdir)/sudo_plugin.$(mantype) $(DESTDIR)$(mandirsu)/sudo_plugin.$(mansectsu) + $(INSTALL) $(INSTALL_OWNER) -m 0644 $(mansrcdir)/sudo_plugin_python.$(mantype) $(DESTDIR)$(mandirsu)/sudo_plugin_python.$(mansectsu) + $(INSTALL) $(INSTALL_OWNER) -m 0644 $(mansrcdir)/sudo_sendlog.$(mantype) $(DESTDIR)$(mandirsu)/sudo_sendlog.$(mansectsu) $(INSTALL) $(INSTALL_OWNER) -m 0644 $(mansrcdir)/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu) $(INSTALL) $(INSTALL_OWNER) -m 0644 $(mansrcdir)/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu) $(INSTALL) $(INSTALL_OWNER) -m 0644 $(mansrcdir)/sudo.conf.$(mantype) $(DESTDIR)$(mandirform)/sudo.conf.$(mansectform) + $(INSTALL) $(INSTALL_OWNER) -m 0644 $(mansrcdir)/sudo_logsrv.proto.$(mantype) $(DESTDIR)$(mandirform)/sudo_logsrv.proto.$(mansectform) + $(INSTALL) $(INSTALL_OWNER) -m 0644 $(mansrcdir)/sudo_logsrvd.conf.$(mantype) $(DESTDIR)$(mandirform)/sudo_logsrvd.conf.$(mansectform) $(INSTALL) $(INSTALL_OWNER) -m 0644 $(mansrcdir)/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform) $(INSTALL) $(INSTALL_OWNER) -m 0644 $(mansrcdir)/sudoers_timestamp.$(mantype) $(DESTDIR)$(mandirform)/sudoers_timestamp.$(mansectform) @LDAP@$(INSTALL) $(INSTALL_OWNER) -m 0644 $(mansrcdir)/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) @if test -n "$(MANCOMPRESS)"; then \ - for f in $(mandirexe)/cvtsudoers.1 $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/sudo_plugin.$(mansectsu) $(mandirsu)/sudoreplay.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudo.conf.$(mansectform) $(mandirform)/sudoers.$(mansectform) $(mandirform)/sudoers_timestamp.$(mansectform) $(mandirform)/sudoers.ldap.$(mansectform); do \ + for f in $(mandirexe)/cvtsudoers.1 $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/sudo_logsrvd.$(mansectsu) $(mandirsu)/sudo_plugin.$(mansectsu) $(mandirsu)/sudo_plugin_python.$(mansectsu) $(mandirsu)/sudo_sendlog.$(mansectsu) $(mandirsu)/sudoreplay.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudo.conf.$(mansectform) $(mandirform)/sudo_logsrv.proto.$(mansectform) $(mandirform)/sudo_logsrvd.conf.$(mansectform) $(mandirform)/sudoers.$(mansectform) $(mandirform)/sudoers_timestamp.$(mansectform) $(mandirform)/sudoers.ldap.$(mansectform); do \ if test -f $(DESTDIR)$$f; then \ echo $(MANCOMPRESS) -f $(DESTDIR)$$f; \ $(MANCOMPRESS) -f $(DESTDIR)$$f; \ @@ -302,10 +389,15 @@ -rm -f $(DESTDIR)$(mandirexe)/cvtsudoers.1 \ $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) \ $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu) \ + $(DESTDIR)$(mandirsu)/sudo_logsrvd.$(mansectsu) \ $(DESTDIR)$(mandirsu)/sudo_plugin.$(mansectsu) \ + $(DESTDIR)$(mandirsu)/sudo_plugin_python.$(mansectsu) \ + $(DESTDIR)$(mandirsu)/sudo_sendlog.$(mansectsu) \ $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu) \ $(DESTDIR)$(mandirsu)/visudo.$(mansectsu) \ $(DESTDIR)$(mandirform)/sudo.conf.$(mansectform) \ + $(DESTDIR)$(mandirform)/sudo_logsrv.proto.$(mansectform) \ + $(DESTDIR)$(mandirform)/sudo_logsrvd.conf.$(mansectform) \ $(DESTDIR)$(mandirform)/sudoers.$(mansectform) \ $(DESTDIR)$(mandirform)/sudoers_timestamp.$(mansectform) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) diff -Nru sudo-1.8.31/doc/sudo.conf.man.in sudo-1.9.0/doc/sudo.conf.man.in --- sudo-1.8.31/doc/sudo.conf.man.in 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/doc/sudo.conf.man.in 2020-05-11 16:28:23.000000000 +0000 @@ -354,6 +354,38 @@ version 1.8.4 and higher. .RE .TP 10n +developer_mode +By default +\fBsudo\fR +refuses to load plugins which can be modified by other than the root user. +The plugin should be owned by root and write access permissions should be +disabled for +\(lqgroup\(rq +and +\(lqother\(rq\&. +To make development of a plugin easier, you can disable that by setting +\(lqdeveloper_mode\(rq +option to true in +\fBsudo.conf\fR +as follows: +.nf +.sp +.RS 16n +Set developer_mode true +.RE +.fi +.RS 10n +.sp +Please note that this creates a security risk, so it is not recommended +on critical systems such as a desktop machine for daily use, but is intended +to be used in development environments (VM, container, etc). +Before enabling developer mode, ensure you understand the implications. +.sp +This setting is only available in +\fBsudo\fR +version 1.9.0 and higher. +.RE +.TP 10n group_source \fBsudo\fR passes the invoking user's group list to the policy and I/O plugins. @@ -643,12 +675,8 @@ # # Default @sysconfdir@/sudo.conf file # -# Format: +# Sudo plugins: # Plugin plugin_name plugin_path plugin_options ... -# Path askpass /path/to/askpass -# Path noexec /path/to/sudo_noexec.so -# Debug sudo /var/log/sudo_debug all@warn -# Set disable_coredump true # # The plugin_path is relative to @plugindir@ unless # fully qualified. @@ -656,17 +684,17 @@ # that contains the plugin interface structure. # The plugin_options are optional. # -# The sudoers plugin is used by default if no Plugin lines are -# present. +# The sudoers plugin is used by default if no Plugin lines are present. Plugin sudoers_policy sudoers.so Plugin sudoers_io sudoers.so # # Sudo askpass: +# Path askpass /path/to/askpass # # An askpass helper program may be specified to provide a graphical -# password prompt for "sudo -A" support. Sudo does not ship with -# its own askpass program but can use the OpenSSH askpass. +# password prompt for "sudo -A" support. Sudo does not ship with its +# own askpass program but can use the OpenSSH askpass. # # Use the OpenSSH askpass #Path askpass /usr/X11R6/bin/ssh-askpass @@ -675,22 +703,51 @@ #Path askpass /usr/libexec/openssh/gnome-ssh-askpass # +# Sudo device search path: +# Path devsearch /dev/path1:/dev/path2:/dev +# +# A colon-separated list of paths to check when searching for a user's +# terminal device. +# +#Path devsearch /dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev + +# # Sudo noexec: +# Path noexec /path/to/sudo_noexec.so # # Path to a shared library containing dummy versions of the execv(), # execve() and fexecve() library functions that just return an error. # This is used to implement the "noexec" functionality on systems that -# support C or its equivalent. -# The compiled-in value is usually sufficient and should only be -# changed if you rename or move the sudo_noexec.so file. +# support LD_PRELOAD or its equivalent. +# +# The compiled-in value is usually sufficient and should only be changed +# if you rename or move the sudo_noexec.so file. +# +#Path noexec @plugindir@/sudo_noexec.so + +# +# Sudo plugin directory: +# Path plugin_dir /path/to/plugins +# +# The default directory to use when searching for plugins that are +# specified without a fully qualified path name. +# +#Path plugin_dir @plugindir@ + +# +# Sudo developer mode: +# Set developer_mode true|false # -#Path noexec @noexec_file@ +# Allow loading of plugins that are owned by non-root or are writable +# by "group" or "other". Should only be used during plugin development. +#Set developer_mode true # # Core dumps: +# Set disable_coredump true|false # -# By default, sudo disables core dumps while it is executing -# (they are re-enabled for the command that is run). +# By default, sudo disables core dumps while it is executing (they +# are re-enabled for the command that is run). # To aid in debugging sudo problems, you may wish to enable core # dumps by setting "disable_coredump" to false. # @@ -698,6 +755,7 @@ # # User groups: +# Set group_source static|dynamic|adaptive # # Sudo passes the user's group list to the policy plugin. # If the user is a member of the maximum number of groups (usually 16), @@ -709,9 +767,34 @@ # static - use the user's list of groups returned by the kernel. # dynamic - query the group database to find the list of groups. # adaptive - if user is in less than the maximum number of groups. -# use the kernel list, else query the group database. +# use the kernel list, else query the group database. # #Set group_source static + +# +# Sudo interface probing: +# Set probe_interfaces true|false +# +# By default, sudo will probe the system's network interfaces and +# pass the IP address of each enabled interface to the policy plugin. +# On systems with a large number of virtual interfaces this may take +# a noticeable amount of time. +# +#Set probe_interfaces false + +# +# Sudo debug files: +# Debug program /path/to/debug_log subsystem@priority[,subsyste@priority] +# +# Sudo and related programs support logging debug information to a file. +# The program is typically sudo, sudoers.so, sudoreplay or visudo. +# +# Subsystems vary based on the program; "all" matches all subsystems. +# Priority may be crit, err, warn, notice, diag, info, trace or debug. +# Multiple subsystem@priority may be specified, separated by a comma. +# +#Debug sudo /var/log/sudo_debug all@debug +#Debug sudoers.so /var/log/sudoers_debug all@debug .RE .fi .SH "SEE ALSO" diff -Nru sudo-1.8.31/doc/sudo.conf.mdoc.in sudo-1.9.0/doc/sudo.conf.mdoc.in --- sudo-1.8.31/doc/sudo.conf.mdoc.in 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/doc/sudo.conf.mdoc.in 2020-05-11 16:28:22.000000000 +0000 @@ -323,6 +323,35 @@ This setting is only available in .Nm sudo version 1.8.4 and higher. +.It developer_mode +By default +.Nm sudo +refuses to load plugins which can be modified by other than the root user. +The plugin should be owned by root and write access permissions should be +disabled for +.Dq group +and +.Sm off +.Dq other +\&. +.Sm on +To make development of a plugin easier, you can disable that by setting +.Dq developer_mode +option to true in +.Nm sudo.conf +as follows: +.Bd -literal -offset indent +Set developer_mode true +.Ed +.Pp +Please note that this creates a security risk, so it is not recommended +on critical systems such as a desktop machine for daily use, but is intended +to be used in development environments (VM, container, etc). +Before enabling developer mode, ensure you understand the implications. +.Pp +This setting is only available in +.Nm sudo +version 1.9.0 and higher. .It group_source .Nm sudo passes the invoking user's group list to the policy and I/O plugins. @@ -580,12 +609,8 @@ # # Default @sysconfdir@/sudo.conf file # -# Format: +# Sudo plugins: # Plugin plugin_name plugin_path plugin_options ... -# Path askpass /path/to/askpass -# Path noexec /path/to/sudo_noexec.so -# Debug sudo /var/log/sudo_debug all@warn -# Set disable_coredump true # # The plugin_path is relative to @plugindir@ unless # fully qualified. @@ -593,17 +618,17 @@ # that contains the plugin interface structure. # The plugin_options are optional. # -# The sudoers plugin is used by default if no Plugin lines are -# present. +# The sudoers plugin is used by default if no Plugin lines are present. Plugin sudoers_policy sudoers.so Plugin sudoers_io sudoers.so # # Sudo askpass: +# Path askpass /path/to/askpass # # An askpass helper program may be specified to provide a graphical -# password prompt for "sudo -A" support. Sudo does not ship with -# its own askpass program but can use the OpenSSH askpass. +# password prompt for "sudo -A" support. Sudo does not ship with its +# own askpass program but can use the OpenSSH askpass. # # Use the OpenSSH askpass #Path askpass /usr/X11R6/bin/ssh-askpass @@ -612,22 +637,51 @@ #Path askpass /usr/libexec/openssh/gnome-ssh-askpass # +# Sudo device search path: +# Path devsearch /dev/path1:/dev/path2:/dev +# +# A colon-separated list of paths to check when searching for a user's +# terminal device. +# +#Path devsearch /dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev + +# # Sudo noexec: +# Path noexec /path/to/sudo_noexec.so # # Path to a shared library containing dummy versions of the execv(), # execve() and fexecve() library functions that just return an error. # This is used to implement the "noexec" functionality on systems that -# support C or its equivalent. -# The compiled-in value is usually sufficient and should only be -# changed if you rename or move the sudo_noexec.so file. +# support LD_PRELOAD or its equivalent. +# +# The compiled-in value is usually sufficient and should only be changed +# if you rename or move the sudo_noexec.so file. # -#Path noexec @noexec_file@ +#Path noexec @plugindir@/sudo_noexec.so + +# +# Sudo plugin directory: +# Path plugin_dir /path/to/plugins +# +# The default directory to use when searching for plugins that are +# specified without a fully qualified path name. +# +#Path plugin_dir @plugindir@ + +# +# Sudo developer mode: +# Set developer_mode true|false +# +# Allow loading of plugins that are owned by non-root or are writable +# by "group" or "other". Should only be used during plugin development. +#Set developer_mode true # # Core dumps: +# Set disable_coredump true|false # -# By default, sudo disables core dumps while it is executing -# (they are re-enabled for the command that is run). +# By default, sudo disables core dumps while it is executing (they +# are re-enabled for the command that is run). # To aid in debugging sudo problems, you may wish to enable core # dumps by setting "disable_coredump" to false. # @@ -635,6 +689,7 @@ # # User groups: +# Set group_source static|dynamic|adaptive # # Sudo passes the user's group list to the policy plugin. # If the user is a member of the maximum number of groups (usually 16), @@ -646,9 +701,34 @@ # static - use the user's list of groups returned by the kernel. # dynamic - query the group database to find the list of groups. # adaptive - if user is in less than the maximum number of groups. -# use the kernel list, else query the group database. +# use the kernel list, else query the group database. # #Set group_source static + +# +# Sudo interface probing: +# Set probe_interfaces true|false +# +# By default, sudo will probe the system's network interfaces and +# pass the IP address of each enabled interface to the policy plugin. +# On systems with a large number of virtual interfaces this may take +# a noticeable amount of time. +# +#Set probe_interfaces false + +# +# Sudo debug files: +# Debug program /path/to/debug_log subsystem@priority[,subsyste@priority] +# +# Sudo and related programs support logging debug information to a file. +# The program is typically sudo, sudoers.so, sudoreplay or visudo. +# +# Subsystems vary based on the program; "all" matches all subsystems. +# Priority may be crit, err, warn, notice, diag, info, trace or debug. +# Multiple subsystem@priority may be specified, separated by a comma. +# +#Debug sudo /var/log/sudo_debug all@debug +#Debug sudoers.so /var/log/sudoers_debug all@debug .Ed .Sh SEE ALSO .Xr sudo_plugin @mansectform@ , diff -Nru sudo-1.8.31/doc/sudoers.man.in sudo-1.9.0/doc/sudoers.man.in --- sudo-1.8.31/doc/sudoers.man.in 2019-12-10 13:09:55.000000000 +0000 +++ sudo-1.9.0/doc/sudoers.man.in 2020-05-11 16:28:23.000000000 +0000 @@ -2,7 +2,7 @@ .\" .\" SPDX-License-Identifier: ISC .\" -.\" Copyright (c) 1994-1996, 1998-2005, 2007-2019 +.\" Copyright (c) 1994-1996, 1998-2005, 2007-2020 .\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -25,7 +25,7 @@ .nr BA @BAMAN@ .nr LC @LCMAN@ .nr PS @PSMAN@ -.TH "SUDOERS" "@mansectform@" "December 9, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDOERS" "@mansectform@" "April 30, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -617,13 +617,21 @@ \fRHost_Alias\fR and \fRCmnd_Alias\fR. +Beginning with +\fBsudo\fR +1.9.0, +\fRCmd_Alias\fR +may be used in place of +\fRCmnd_Alias\fR +if desired. .nf .sp .RS 0n Alias ::= 'User_Alias' User_Alias_Spec (':' User_Alias_Spec)* | 'Runas_Alias' Runas_Alias_Spec (':' Runas_Alias_Spec)* | 'Host_Alias' Host_Alias_Spec (':' Host_Alias_Spec)* | - 'Cmnd_Alias' Cmnd_Alias_Spec (':' Cmnd_Alias_Spec)* + 'Cmnd_Alias' Cmnd_Alias_Spec (':' Cmnd_Alias_Spec)* | + 'Cmd_Alias' Cmnd_Alias_Spec (':' Cmnd_Alias_Spec)* User_Alias ::= NAME @@ -879,6 +887,9 @@ "sha384" ':' digest | "sha512" ':' digest +Digest_List ::= Digest_Spec | + Digest_Spec ',' Digest_List + Cmnd_List ::= Cmnd | Cmnd ',' Cmnd_List @@ -886,9 +897,11 @@ file name args | file name '""' -Cmnd ::= Digest_Spec? '!'* command name | +Edit_Spec ::= "sudoedit" file name+ + +Cmnd ::= Digest_List? '!'* command name | '!'* directory | - '!'* "sudoedit" | + '!'* Edit_Spec | '!'* Cmnd_Alias .RE .fi @@ -959,12 +972,21 @@ is treated as an error by \fBvisudo\fR. .PP -If a +A \fRcommand name\fR -is prefixed with a -\fRDigest_Spec\fR, -the command will only match successfully if it can be verified -using the specified SHA-2 digest. +may be preceded by a +\fRDigest_List\fR, +a comma-separated list of one or more +\fRDigest_Spec\fR +entries. +If a +\fRDigest_List\fR +is present, the command will only match successfully if it can be verified +using one of the SHA-2 digests in the list. +Starting with version 1.9.0, the +\fBALL\fR +reserved word can be used in conjunction with a +\fRDigest_List\fR. The following digest formats are supported: sha224, sha256, sha384 and sha512. The string may be specified in either hex or base64 format (base64 is more compact). @@ -2463,7 +2485,7 @@ ignore_iolog_errors Allow commands to be run even if \fBsudoers\fR -cannot write to the I/O log. +cannot write to the I/O log (local or remote). If enabled, an I/O log write failure is not treated as a fatal error. If disabled, the command will be terminated if the I/O log cannot be written to. This flag is @@ -2592,6 +2614,31 @@ \fIoff\fR by default. .TP 18n +log_server_keepalive +If set, +\fBsudo\fR +will enable the TCP keepalive socket option on the connection to the log server. +This enables the periodic transmission of keepalive messages to the server. +If the server does not respond to a message, the connection will +be closed and the running command will be killed unless the +\fIignore_iolog_errors\fR +flag is set. +This flag is +\fIon\fR +by default. +.TP 18n +log_server_verify +.br +If set, the server certificate received during the TLS handshake +must be valid and it must contain either the server name (from +\fIlog_servers\fR) +or its IP address. +If either of these conditions is not met, the TLS handshake will fail. +This flag is +\fIon\fR +by default. +\fBsudo\fR +.TP 18n log_year If set, the four-digit year will be logged in the (non-syslog) \fBsudo\fR @@ -2792,6 +2839,41 @@ .sp This setting is only supported by version 1.8.28 or higher. .TP 18n +pam_rhost +On systems that use PAM for authentication, +\fBsudo\fR +will set the PAM remote host value to the name of the local host +when the +\fIpam_rhost\fR +flag is enabled. +On Linux systems, enabling +\fIpam_rhost\fR +may result in DNS lookups of the local host name when PAM is initialized. +On Solaris versions prior to Solaris 8, +\fIpam_rhost\fR +must be enabled if +\fIpam_ruser\fR +is also enabled to avoid a crash in the Solaris PAM implementation. +.sp +This flag is +\fIoff\fR +by default on systems other than Solaris. +.sp +This setting is only supported by version 1.9.0 or higher. +.TP 18n +pam_ruser +On systems that use PAM for authentication, +\fBsudo\fR +will set the PAM remote user value to the name of the user that invoked sudo +when the +\fIpam_ruser\fR +flag is enabled. +This flag is +\fIon\fR +by default. +.sp +This setting is only supported by version 1.9.0 or higher. +.TP 18n pam_session On systems that use PAM for authentication, \fBsudo\fR @@ -3356,6 +3438,16 @@ .sp This setting is only supported by version 1.8.20 or higher. .TP 18n +log_server_timeout +The maximum amount of time to wait when connecting to a log server +or waiting for a server response. +See the +\fRTimeout_Spec\fR +section for a description of the timeout syntax. +The default value is 30 seconds. +.sp +This setting is only supported by version 1.9.0 or higher. +.TP 18n maxseq The maximum sequence number that will be substituted for the \(lq\fR%{seq}\fR\(rq @@ -3739,6 +3831,27 @@ is built on Solaris 10 or higher. .\} .TP 18n +log_server_cabundle +The path to a certificate authority bundle file, in PEM format, +to use instead of the system's default certificate authority database +when authenticating the log server. +The default is to use the system's default certificate authority database. +This setting has no effect unless the +\fIlog_server\fR +flag is enabled and the remote log server is secured with TLS. +.TP 18n +log_server_peer_cert +The path to the client's certificate file, in PEM format. +This setting is required when the +\fIlog_server\fR +flag is enabled and the remote log server is secured with TLS. +.TP 18n +log_server_peer_key +The path to the client's private key file, in PEM format. +This setting is required when the +\fIlog_server\fR +flag is enabled and the remote log server is secured with TLS. +.TP 18n mailsub Subject of the mail sent to the \fImailto\fR @@ -4499,6 +4612,47 @@ \fBsudo\fR \fB\-e\fR) to get their accustomed editor configuration instead of invoking the editor directly. +.TP 18n +log_servers +A list of one or more remote servers to use for I/O log storage, separated +by white space. +Starting with +\fBsudo\fR +1.9, it is possible to send I/O logs to a remote server instead of +logging them locally. +Log servers must be running +\fBsudo_logsrvd\fR +or another service that implements the protocol described by +sudo_logsrv.proto(@mansectform@). +.sp +Server addresses should be of the form +\(lqhost[:port][(tls)]\(rq. +The host portion may be a host name, an IPv4 address, or an IPv6 address +in square brackets. +.sp +If the optional tls flag is present, the connection will be secured +with Transport Layer Security (TLS) version 1.2 or 1.3. +Versions of TLS prior to 1.2 are not supported. +.sp +If a port is specified, it may either be a port number or a known +service name as defined by the system service name database. +If no port is specified, port 30343 will be used for plaintext +connections and port 30344 will be used for TLS connections. +.sp +When +\fIlog_servers\fR +is enabled, I/O logs will not be logged locally. +If multiple hosts are specified, +\fBsudoers\fR +will try them in reverse order until it connects successfully. +If no log servers are reachable, the user will not be able +to run a command unless the +\fIignore_iolog_errors\fR +flag is set. +If the connection to the log server is interrupted while +the command is running, the command will be killed unless +\fIignore_iolog_errors\fR +is set. .SH "GROUP PROVIDER PLUGINS" The \fBsudoers\fR @@ -4911,7 +5065,8 @@ \fBsudo\fR will run the command in a pseudo-terminal and log all user input and/or output, depending on which options are enabled. -I/O is logged to the directory specified by the +I/O can be logged either to the local machine or to a remote log server. +For local logs, I/O is logged to the directory specified by the \fIiolog_dir\fR option (\fI@iolog_dir@\fR @@ -4923,9 +5078,15 @@ The \fIiolog_file\fR option may be used to control the format of the session ID. +For remote logs, the +\fIlog_servers\fR +setting is used to specify one or more log servers running +\fBsudo_logsrvd\fR +or another server that implements the protocol described by +sudo_logsrv.proto(@mansectform@). .PP -Each I/O log is stored in a separate directory that contains the -following files: +For both local and remote I/O logs, each log is stored in a separate +directory that contains the following files: .TP 10n \fIlog\fR A text file containing information about the command. diff -Nru sudo-1.8.31/doc/sudoers.mdoc.in sudo-1.9.0/doc/sudoers.mdoc.in --- sudo-1.8.31/doc/sudoers.mdoc.in 2019-12-10 13:09:55.000000000 +0000 +++ sudo-1.9.0/doc/sudoers.mdoc.in 2020-05-11 16:28:22.000000000 +0000 @@ -1,7 +1,7 @@ .\" .\" SPDX-License-Identifier: ISC .\" -.\" Copyright (c) 1994-1996, 1998-2005, 2007-2019 +.\" Copyright (c) 1994-1996, 1998-2005, 2007-2020 .\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -24,7 +24,7 @@ .nr BA @BAMAN@ .nr LC @LCMAN@ .nr PS @PSMAN@ -.Dd December 9, 2019 +.Dd April 30, 2020 .Dt SUDOERS @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -603,11 +603,19 @@ .Li Host_Alias and .Li Cmnd_Alias . +Beginning with +.Nm sudo +1.9.0, +.Li Cmd_Alias +may be used in place of +.Li Cmnd_Alias +if desired. .Bd -literal Alias ::= 'User_Alias' User_Alias_Spec (':' User_Alias_Spec)* | 'Runas_Alias' Runas_Alias_Spec (':' Runas_Alias_Spec)* | 'Host_Alias' Host_Alias_Spec (':' Host_Alias_Spec)* | - 'Cmnd_Alias' Cmnd_Alias_Spec (':' Cmnd_Alias_Spec)* + 'Cmnd_Alias' Cmnd_Alias_Spec (':' Cmnd_Alias_Spec)* | + 'Cmd_Alias' Cmnd_Alias_Spec (':' Cmnd_Alias_Spec)* User_Alias ::= NAME @@ -844,6 +852,9 @@ "sha384" ':' digest | "sha512" ':' digest +Digest_List ::= Digest_Spec | + Digest_Spec ',' Digest_List + Cmnd_List ::= Cmnd | Cmnd ',' Cmnd_List @@ -851,9 +862,11 @@ file name args | file name '""' -Cmnd ::= Digest_Spec? '!'* command name | +Edit_Spec ::= "sudoedit" file name+ + +Cmnd ::= Digest_List? '!'* command name | '!'* directory | - '!'* "sudoedit" | + '!'* Edit_Spec | '!'* Cmnd_Alias .Ed .Pp @@ -923,12 +936,21 @@ is treated as an error by .Nm visudo . .Pp -If a +A .Li command name -is prefixed with a -.Li Digest_Spec , -the command will only match successfully if it can be verified -using the specified SHA-2 digest. +may be preceded by a +.Li Digest_List , +a comma-separated list of one or more +.Li Digest_Spec +entries. +If a +.Li Digest_List +is present, the command will only match successfully if it can be verified +using one of the SHA-2 digests in the list. +Starting with version 1.9.0, the +.Sy ALL +reserved word can be used in conjunction with a +.Li Digest_List . The following digest formats are supported: sha224, sha256, sha384 and sha512. The string may be specified in either hex or base64 format (base64 is more compact). @@ -2320,7 +2342,7 @@ .It ignore_iolog_errors Allow commands to be run even if .Nm -cannot write to the I/O log. +cannot write to the I/O log (local or remote). If enabled, an I/O log write failure is not treated as a fatal error. If disabled, the command will be terminated if the I/O log cannot be written to. This flag is @@ -2439,6 +2461,28 @@ This flag is .Em off by default. +.It log_server_keepalive +If set, +.Nm sudo +will enable the TCP keepalive socket option on the connection to the log server. +This enables the periodic transmission of keepalive messages to the server. +If the server does not respond to a message, the connection will +be closed and the running command will be killed unless the +.Em ignore_iolog_errors +flag is set. +This flag is +.Em on +by default. +.It log_server_verify +If set, the server certificate received during the TLS handshake +must be valid and it must contain either the server name (from +.Em log_servers ) +or its IP address. +If either of these conditions is not met, the TLS handshake will fail. +This flag is +.Em on +by default. +.Nm sudo .It log_year If set, the four-digit year will be logged in the (non-syslog) .Nm sudo @@ -2627,6 +2671,39 @@ by default. .Pp This setting is only supported by version 1.8.28 or higher. +.It pam_rhost +On systems that use PAM for authentication, +.Nm sudo +will set the PAM remote host value to the name of the local host +when the +.Em pam_rhost +flag is enabled. +On Linux systems, enabling +.Em pam_rhost +may result in DNS lookups of the local host name when PAM is initialized. +On Solaris versions prior to Solaris 8, +.Em pam_rhost +must be enabled if +.Em pam_ruser +is also enabled to avoid a crash in the Solaris PAM implementation. +.Pp +This flag is +.Em off +by default on systems other than Solaris. +.Pp +This setting is only supported by version 1.9.0 or higher. +.It pam_ruser +On systems that use PAM for authentication, +.Nm sudo +will set the PAM remote user value to the name of the user that invoked sudo +when the +.Em pam_ruser +flag is enabled. +This flag is +.Em on +by default. +.Pp +This setting is only supported by version 1.9.0 or higher. .It pam_session On systems that use PAM for authentication, .Nm sudo @@ -3159,6 +3236,15 @@ section for a description of the timeout syntax. .Pp This setting is only supported by version 1.8.20 or higher. +.It log_server_timeout +The maximum amount of time to wait when connecting to a log server +or waiting for a server response. +See the +.Li Timeout_Spec +section for a description of the timeout syntax. +The default value is 30 seconds. +.Pp +This setting is only supported by version 1.9.0 or higher. .It maxseq The maximum sequence number that will be substituted for the .Dq Li %{seq} @@ -3517,6 +3603,24 @@ .Nm is built on Solaris 10 or higher. .\} +.It log_server_cabundle +The path to a certificate authority bundle file, in PEM format, +to use instead of the system's default certificate authority database +when authenticating the log server. +The default is to use the system's default certificate authority database. +This setting has no effect unless the +.Em log_server +flag is enabled and the remote log server is secured with TLS. +.It log_server_peer_cert +The path to the client's certificate file, in PEM format. +This setting is required when the +.Em log_server +flag is enabled and the remote log server is secured with TLS. +.It log_server_peer_key +The path to the client's private key file, in PEM format. +This setting is required when the +.Em log_server +flag is enabled and the remote log server is secured with TLS. .It mailsub Subject of the mail sent to the .Em mailto @@ -4199,6 +4303,46 @@ .Nm sudo Fl e ) to get their accustomed editor configuration instead of invoking the editor directly. +.It log_servers +A list of one or more remote servers to use for I/O log storage, separated +by white space. +Starting with +.Nm sudo +1.9, it is possible to send I/O logs to a remote server instead of +logging them locally. +Log servers must be running +.Nm sudo_logsrvd +or another service that implements the protocol described by +.Xr sudo_logsrv.proto @mansectform@ . +.Pp +Server addresses should be of the form +.Dq host Ns Oo : Ns port Oc Ns Op (tls) . +The host portion may be a host name, an IPv4 address, or an IPv6 address +in square brackets. +.Pp +If the optional tls flag is present, the connection will be secured +with Transport Layer Security (TLS) version 1.2 or 1.3. +Versions of TLS prior to 1.2 are not supported. +.Pp +If a port is specified, it may either be a port number or a known +service name as defined by the system service name database. +If no port is specified, port 30343 will be used for plaintext +connections and port 30344 will be used for TLS connections. +.Pp +When +.Em log_servers +is enabled, I/O logs will not be logged locally. +If multiple hosts are specified, +.Nm +will try them in reverse order until it connects successfully. +If no log servers are reachable, the user will not be able +to run a command unless the +.Em ignore_iolog_errors +flag is set. +If the connection to the log server is interrupted while +the command is running, the command will be killed unless +.Em ignore_iolog_errors +is set. .El .Sh GROUP PROVIDER PLUGINS The @@ -4578,7 +4722,8 @@ .Nm sudo will run the command in a pseudo-terminal and log all user input and/or output, depending on which options are enabled. -I/O is logged to the directory specified by the +I/O can be logged either to the local machine or to a remote log server. +For local logs, I/O is logged to the directory specified by the .Em iolog_dir option .Po @@ -4592,9 +4737,15 @@ The .Em iolog_file option may be used to control the format of the session ID. +For remote logs, the +.Em log_servers +setting is used to specify one or more log servers running +.Nm sudo_logsrvd +or another server that implements the protocol described by +.Xr sudo_logsrv.proto @mansectform@ . .Pp -Each I/O log is stored in a separate directory that contains the -following files: +For both local and remote I/O logs, each log is stored in a separate +directory that contains the following files: .Bl -tag -width 8n .It Pa log A text file containing information about the command. diff -Nru sudo-1.8.31/doc/sudo_logsrvd.conf.man.in sudo-1.9.0/doc/sudo_logsrvd.conf.man.in --- sudo-1.8.31/doc/sudo_logsrvd.conf.man.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/doc/sudo_logsrvd.conf.man.in 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,764 @@ +.\" Automatically generated from an mdoc input file. Do not edit. +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2019-2020 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.TH "SUDO_LOGSRVD.CONF" "@mansectform@" "May 8, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.nh +.if n .ad l +.SH "NAME" +\fBsudo_logsrvd.conf\fR +\- configuration for sudo_logsrvd +.SH "DESCRIPTION" +The +\fBsudo_logsrvd.conf\fR +file is used to configure the +\fBsudo_logsrvd\fR +log server. +It uses an INI-style format made up of sections in square brackets and +\(lqkey = value\(rq +pairs specific to each section below the section name. +Depending on the key, values may be integers, booleans or strings. +Section and key names are not case sensitive, but values are. +.PP +The pound sign +(\(oq#\(cq) +is used to indicate a comment. +Both the comment character and any text after it, up to the end of +the line, are ignored. +Lines beginning with a semi-colon +(\(oq\&;\(cq) +are also ignored. +.PP +Long lines can be continued with a backslash +(\(oq\e\(cq) +as the last character on the line. +Note that leading white space is removed from the beginning of lines +even when the continuation character is used. +.PP +The +\fIEXAMPLES\fR +section contains a copy of the default +\fBsudo_logsrvd.conf\fR +file. +.PP +The following configuration sections are recognized: +.PP +.RS 6n +.PD 0 +.TP 4n +\fB\(bu\fR +server +.TP 4n +\fB\(bu\fR +iolog +.TP 4n +\fB\(bu\fR +eventlog +.TP 4n +\fB\(bu\fR +syslog +.TP 4n +\fB\(bu\fR +logfile +.RE +.PD +.PP +Each section is described in detail below. +.SS "server" +The +\fIserver\fR +section configures the address and port the server will listen on. +The following keys are recognized: +.TP 10n +listen_address = host[:port][(tls)] +The host name or IP address, optional port to listen on and +an optional Transport Layer Security (TLS) flag in parentheses. +.sp +The host may be a host name, an IPv4 address, an IPv6 address +in square brackets or the wild card entry +\(oq*\(cq. +A host setting of +\(oq*\(cq +will cause +\fBsudo_logsrvd\fR +to listen on all configured network interfaces. +.sp +If the optional tls flag is present, +\fBsudo_logsrvd\fR +will secure the connection with TLS version 1.2 or 1.3. +Versions of TLS prior to 1.2 are not supported. +See +sudo_logsrvd(8) +for details on generating TLS keys and certificates. +.sp +If a port is specified, it may either be a port number or a known +service name as defined by the system service name database. +If no port is specified, port 30343 will be used for plaintext +connections and port 30344 will be used for TLS connections. +.sp +The default value is: +.nf +.RS 16n +listen_address = *:30343 +listen_address = *:30344(tls) +.RE +.fi +.RS 10n +which will listen on all configured network interfaces for both +plaintext and TLS connections. +Multiple +\fIlisten_address\fR +lines may be specified to listen on more than one port or interface. +.RE +.TP 10n +pid_file = path +The path to the file containing the process ID of the running +\fBsudo_logsrvd\fR. +This file is not created when +\fBsudo_logsrvd\fR +is run with the +\fB\-n\fR +option. +The default value is +\fI@rundir@/sudo_logsrvd.pid\fR. +.TP 10n +tcp_keepalive = boolean +If true, +\fBsudo_logsrvd\fR +will enable the TCP keepalive socket option on the client connection. +This enables the periodic transmission of keepalive messages to the client. +If the client does not respond to a message, the connection will be closed. +.TP 10n +timeout = number +The amount of time, in seconds, +\fBsudo_logsrvd\fR +will wait for the client to respond. +A value of 0 will disable the timeout. +The default value is 30. +.TP 10n +tls_cacert = path +The path to a certificate authority bundle file, in PEM format, +to use instead of the system's default certificate authority database +when authenticating clients. +The default is to use +\fI/etc/ssl/sudo/cacert.pem\fR +if it exists, otherwise the system's default certificate authority +database is used. +.TP 10n +tls_cert = path +The path to the server's certificate file, in PEM format. +The default value is +\fI/etc/ssl/sudo/certs/logsrvd_cert.pem\fR. +.TP 10n +tls_checkpeer = bool +If true, client certificates will be validated by the server; +clients without a valid certificate will be unable to connect. +If false, no validation of client certificates will be performed. +It true and client certificates are created using a private certificate +authority, the +\fItls_cacert\fR +setting must be set to a CA bundle that contains the CA certificate +used to generate the client certificate. +The default value is +\fRfalse\fR. +.TP 10n +tls_ciphers_v12 = string +A list of ciphers to use for connections secured by TLS version 1.2 only, +separated by a colon +\(oq:\&\(cq. +See the +\fICIPHER LIST FORMAT\fR +section in +openssl-ciphers(1) +for full details. +The default value is +\fRHIGH:!aNULL\fR +which consists of encryption cipher suites with key lengths larger than +128 bits, and some cipher suites with 128-bit keys. +Cipher suites that offer no authentication are excluded. +.TP 10n +tls_ciphers_v13 = string +A list of ciphers to use for connections secured by TLS version 1.3 only, +separated by a colon +\(oq:\&\(cq. +Supported cipher suites depend on the version of OpenSSL used, +but should include the following: +.sp +.RS 16n +.PD 0 +.TP 10n +TLS_AES_128_GCM_SHA256 +.TP 10n +TLS_AES_256_GCM_SHA384 +.TP 10n +TLS_CHACHA20_POLY1305_SHA256 +.TP 10n +TLS_AES_128_CCM_SHA256 +.TP 10n +TLS_AES_128_CCM_8_SHA256 +.RE +.RS 10n +.sp +The default cipher suite is TLS_AES_256_GCM_SHA384. +.RE +.PD +.TP 10n +tls_dhparams = path +The path to a file containing custom Diffie-Hellman parameters in PEM format. +This file can be created with the following command: +.nf +.sp +.RS 10n +openssl dhparam -out /etc/sudo_logsrvd_dhparams.pem 2048 +.RE +.fi +.RS 10n +.sp +By default, +\fBsudo_logsrvd\fR +will use the OpenSSL defaults for Diffie-Hellman key generation. +.RE +.TP 10n +tls_key = path +The path to the server's private key file, in PEM format. +The default value is +\fI/etc/ssl/sudo/private/logsrvd_key.pem\fR. +.TP 10n +tls_verify = bool +If true, the server certificate will be verified at startup and +clients will authenticate the server by verifying its certificate +and identity. +If false, no verification is performed of the server certificate +by the server or the client. +When using self-signed certificates without a certificate authority, +this setting should be set to false. +The default value is true. +.SS "iolog" +The +\fIiolog\fR +section configures I/O log parameters. +These settings are identical to the I/O configuration in +sudoers(@mansectform@). +The following keys are recognized: +.TP 10n +iolog_compress = boolean +If set, I/O logs will be compressed using +\fBzlib\fR. +Enabling compression can make it harder to view the logs in real-time as +the program is executing due to buffering. +The default value is +\fRfalse\fR. +.TP 10n +iolog_dir = path +The top-level directory to use when constructing the path +name for the I/O log directory. +The session sequence number, if any, is stored in the directory. +The default value is +\fI@iolog_dir@\fR. +.sp +The following percent +(\(oq%\(cq) +escape sequences are supported: +.PP +.RS 10n +.PD 0 +.TP 6n +\fR%{seq}\fR +expanded to a monotonically increasing base-36 sequence number, such as 0100A5, +where every two digits are used to form a new directory, e.g., +\fI01/00/A5\fR +.PD +.TP 6n +\fR%{user}\fR +expanded to the invoking user's login name +.TP 6n +\fR%{group}\fR +expanded to the name of the invoking user's real group-ID +.TP 6n +\fR%{runas_user}\fR +expanded to the login name of the user the command will +be run as (e.g., root) +.TP 6n +\fR%{runas_group}\fR +expanded to the group name of the user the command will +be run as (e.g., wheel) +.TP 6n +\fR%{hostname}\fR +expanded to the local host name without the domain name +.TP 6n +\fR%{command}\fR +expanded to the base name of the command being run +.PP +In addition, any escape sequences supported by the system's +strftime(3) +function will be expanded. +.sp +To include a literal +\(oq%\(cq +character, the string +\(oq%%\(cq +should be used. +.RE +.TP 10n +iolog_file = path +The path name, relative to +\fIiolog_dir\fR, +in which to store I/O logs. +Note that +\fIiolog_file\fR +may contain directory components. +The default value is +\fR%{seq}\fR. +.sp +See the +\fIiolog_dir\fR +setting above for a list of supported percent +(\(oq%\(cq) +escape sequences. +.sp +In addition to the escape sequences, path names that end in six or +more +\fRX\fRs +will have the +\fRX\fRs +replaced with a unique combination of digits and letters, similar to the +mktemp(3) +function. +.sp +If the path created by concatenating +\fIiolog_dir\fR +and +\fIiolog_file\fR +already exists, the existing I/O log file will be truncated and +overwritten unless +\fIiolog_file\fR +ends in six or +more +\fRX\fRs. +.TP 10n +iolog_flush = boolean +If set, I/O log data is flushed to disk after each write instead of +buffering it. +This makes it possible to view the logs in real-time as the program is +executing but may significantly reduce the effectiveness +of I/O log compression. +The default value is +\fRtrue\fR. +.TP 10n +iolog_group = name +The group name to look up when setting the group-ID on new I/O log +files and directories. +If +\fIiolog_group\fR +is not set, +the primary group-ID of the user specified by +\fIiolog_user is used.\fR +If neither +\fIiolog_group\fR +nor +\fIiolog_user\fR +are set, I/O log files and directories are created with group-ID 0. +.TP 10n +iolog_mode = mode +The file mode to use when creating I/O log files. +Mode bits for read and write permissions for owner, group or other +are honored, everything else is ignored. +The file permissions will always include the owner read and +write bits, even if they are not present in the specified mode. +When creating I/O log directories, search (execute) bits are added +to match the read and write bits specified by +\fIiolog_mode\fR. +The default value is +\fR0600\fR. +.TP 10n +iolog_user = name +The user name to look up when setting the owner of new +I/O log files and directories. +If +\fIiolog_group\fR +is set, it will be used instead of the user's primary group-ID. +By default, I/O log files and directories are created with user and +group-ID 0. +.TP 10n +maxseq = number +The maximum sequence number that will be substituted for the +\(lq\fR%{seq}\fR\(rq +escape in the I/O log file (see the +\fIiolog_dir\fR +description above for more information). +While the value substituted for +\(lq\fR%{seq}\fR\(rq +is in base 36, +\fImaxseq\fR +itself should be expressed in decimal. +Values larger than 2176782336 (which corresponds to the +base 36 sequence number +\(lqZZZZZZ\(rq) +will be silently truncated to 2176782336. +The default value is 2176782336. +.SS "eventlog" +The +\fIeventlog\fR +section configures how (and if) security policy events are logged. +.TP 6n +log_type = string +Where to log accept, reject and alert events reported by the policy. +Supported values are +\fIsyslog\fR, +\fIlogfile\fR, +and +\fInone\fR. +The default value is +\fIsyslog\fR. +.TP 6n +log_format = string +The event log format. +Supported log formats are +\(lqsudo\(rq +for traditional sudo-style logs and +\(lqjson\(rq +for JSON-format logs. +The JSON log entries contain the full contents of the accept, reject +and alert messages. +The default value is +\fIsudo\fR. +.SS "syslog" +The +\fIsyslog\fR +section configures how events are logged via +syslog(3). +.TP 6n +facility = string +Syslog facility if syslog is being used for logging. +Defaults to +\fR@logfac@\fR. +.sp +The following syslog facilities are supported: +\fBauthpriv\fR +(if your +OS supports it), +\fBauth\fR, +\fBdaemon\fR, +\fBuser\fR, +\fBlocal0\fR, +\fBlocal1\fR, +\fBlocal2\fR, +\fBlocal3\fR, +\fBlocal4\fR, +\fBlocal5\fR, +\fBlocal6\fR, +and +\fBlocal7\fR. +.TP 6n +accept_priority = string +Syslog priority to use when the user is allowed to run a command and +authentication is successful. +Defaults to +\fR@goodpri@\fR. +.sp +The following syslog priorities are supported: +\fBalert\fR, +\fBcrit\fR, +\fBdebug\fR, +\fBemerg\fR, +\fBerr\fR, +\fBinfo\fR, +\fBnotice\fR, +\fBwarning\fR, +and +\fBnone\fR. +Setting it to a value of +\fBnone\fR +will disable logging of successful commands. +.TP 6n +reject_priority = string +Syslog priority to use when the user is not allowed to run a command or +when authentication is unsuccessful. +Defaults to +\fR@badpri@\fR. +.sp +See +\fIaccept_priority\fR +for the list of supported syslog priorities. +.TP 6n +alert_priority = string +Syslog priority to use for event log alert messages received from the client. +Defaults to +\fR@badpri@\fR. +.sp +See +\fIaccept_priority\fR +for the list of supported syslog priorities. +.TP 6n +maxlen = number +On many systems, +syslog(3) +has a relatively small log buffer. +IETF RFC 5424 states that syslog servers must support messages of +at least 480 bytes and should support messages up to 2048 bytes. +By default, +\fBsudo_logsrvd\fR +creates log messages up to 960 bytes which corresponds to the +historic +BSD +syslog implementation which used a 1024 byte buffer +to store the message, date, hostname and program name. +.sp +To prevent syslog messages from being truncated, +\fBsudo_logsrvd\fR +will split up sudo-style log messages that are larger than +\fImaxlen\fR +bytes. +When a message is split, additional parts will include the string +\(lq(command continued)\(rq +after the user name and before the continued command line arguments. +JSON-format log entries are never split and are not affected by +\fImaxlen\fR. +.SS "logfile" +The +\fIlogfile\fR +section consists of settings related to logging to a plain file +(not syslog). +.TP 6n +path = string +The path to the file-based event log. +This path must be fully-qualified and start with a +\(oq/\(cq +character. +The default value is +\fI@logpath@\fR. +.TP 6n +time_format = string +The string used when formatting the date and time for file-based event logs. +Formatting is performed via the system's +strftime(3) +function so any escape sequences supported by that function will be expanded. +The default value is +\(lq\fR%h %e %T\fR\(rq +which produces dates like +\(lqOct 3 07:15:24\(rq +in the C locale. +.SH "FILES" +.TP 26n +\fI@sysconfdir@/sudo_logsrvd.conf\fR +Sudo log server configuration file +.SH "EXAMPLES" +.nf +.RS 0n +# +# sudo logsrv configuration +# + +[server] +# The host name or IP address and port to listen on with an optional TLS +# flag. If no port is specified, port 30343 will be used for plaintext +# connections and port 30344 will be used to TLS connections. +# The following forms are accepted: +# listen_address = hostname(tls) +# listen_address = hostname:port(tls) +# listen_address = IPv4_address(tls) +# listen_address = IPv4_address:port(tls) +# listen_address = [IPv6_address](tls) +# listen_address = [IPv6_address]:port(tls) +# +# The (tls) suffix should be omitted for plaintext connections. +# +# Multiple listen_address settings may be specified. +# The default is to listen on all addresses. +#listen_address = *:30343 +#listen_address = *:30344(tls) + +# The file containing the ID of the running sudo_logsrvd process. +#pid_file = @rundir@/sudo_logsrvd.pid + +# If set, enable the SO_KEEPALIVE socket option on the connected socket. +#tcp_keepalive = true + +# The amount of time, in seconds, the server will wait for the client to +# respond. A value of 0 will disable the timeout. The default value is 30. +#timeout = 30 + +# If set, server certificate will be verified at server startup and +# also connecting clients will perform server authentication by +# verifying the server's certificate and identity. +#tls_verify = true + +# Whether to verify client certificates for TLS connections. +# By default client certs are not checked. +#tls_checkpeer = false + +# Path to the certificate authority bundle file in PEM format. +# Required if 'tls_verify' or 'tls_checkpeer' is set. +#tls_cacert = /etc/ssl/sudo/cacert.pem + +# Path to the server's certificate file in PEM format. +# Required for TLS connections. +#tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem + +# Path to the server's private key file in PEM format. +# Required for TLS connections. +#tls_key = /etc/ssl/sudo/private/logsrvd_key.pem + +# TLS cipher list (see "CIPHER LIST FORMAT" in the openssl-ciphers manual). +# NOTE that this setting is only effective if the negotiated protocol +# is TLS version 1.2. +# The default cipher list is HIGH:!aNULL. +#tls_ciphers_v12 = HIGH:!aNULL + +# TLS cipher list if the negotiated protocol is TLS version 1.3. +# The default cipher list is TLS_AES_256_GCM_SHA384. +#tls_ciphers_v13 = TLS_AES_256_GCM_SHA384 + +# Path to the Diffie-Hellman parameter file in PEM format. +# If not set, the server will use the OpenSSL defaults. +#tls_dhparams = /etc/ssl/sudo/logsrvd_dhparams.pem + +[iolog] +# The top-level directory to use when constructing the path name for the +# I/O log directory. The session sequence number, if any, is stored here. +#iolog_dir = /var/log/sudo-io + +# The path name, relative to iolog_dir, in which to store I/O logs. +# Note that iolog_file may contain directory components. +#iolog_file = %{seq} + +# If set, I/O logs will be compressed using zlib. Enabling compression can +# make it harder to view the logs in real-time as the program is executing. +#iolog_compress = false + +# If set, I/O log data is flushed to disk after each write instead of +# buffering it. This makes it possible to view the logs in real-time +# as the program is executing but reduces the effectiveness of compression. +#iolog_flush = true + +# The group to use when creating new I/O log files and directories. +# If iolog_group is not set, the primary group-ID of the user specified +# by iolog_user is used. If neither iolog_group nor iolog_user +# are set, I/O log files and directories are created with group-ID 0. +#iolog_group = wheel + +# The user to use when setting the user-ID and group-ID of new I/O +# log files and directories. If iolog_group is set, it will be used +# instead of the user's primary group-ID. By default, I/O log files +# and directories are created with user and group-ID 0. +#iolog_user = root + +# The file mode to use when creating I/O log files. The file permissions +# will always include the owner read and write bits, even if they are +# not present in the specified mode. When creating I/O log directories, +# search (execute) bits are added to match the read and write bits +# specified by iolog_mode. +#iolog_mode = 0600 + +# The maximum sequence number that will be substituted for the "%{seq}" +# escape in the I/O log file. While the value substituted for "%{seq}" +# is in base 36, maxseq itself should be expressed in decimal. Values +# larger than 2176782336 (which corresponds to the base 36 sequence +# number "ZZZZZZ") will be silently truncated to 2176782336. +#maxseq = 2176782336 + +[eventlog] +# Where to log accept, reject and alert events. +# Accepted values are syslog, logfile, or none. +# Defaults to syslog +#log_type = syslog + +# Event log format. +# Currently only sudo-style event logs are supported. +#log_format = sudo + +[syslog] +# The maximum length of a syslog payload. +# On many systems, syslog(3) has a relatively small log buffer. +# IETF RFC 5424 states that syslog servers must support messages +# of at least 480 bytes and should support messages up to 2048 bytes. +# Messages larger than this value will be split into multiple messages. +#maxlen = 960 + +# The syslog facility to use for event log messages. +# The following syslog facilities are supported: authpriv (if your OS +# supports it), auth, daemon, user, local0, local1, local2, local3, +# local4, local5, local6, and local7. +#facility = authpriv + +# Syslog priority to use for event log accept messages, when the command +# is allowed by the security policy. The following syslog priorities are +# supported: alert, crit, debug, emerg, err, info, notice, warning, none. +#accept_priority = notice + +# Syslog priority to use for event log reject messages, when the command +# is not allowed by the security policy. +#reject_priority = alert + +# Syslog priority to use for event log alert messages reported by the +# client. +#alert_priority = alert + +[logfile] +# The path to the file-based event log. +# This path must be fully-qualified and start with a '/' character. +#path = /var/log/sudo + +# The format string used when formatting the date and time for +# file-based event logs. Formatting is performed via strftime(3) so +# any format string supported by that function is allowed. +#time_format = %h %e %T +.RE +.fi +.SH "SEE ALSO" +strftime(3), +sudo.conf(@mansectform@), +sudoers(@mansectform@), +sudo(8), +sudo_logsrvd(8) +.SH "HISTORY" +See the HISTORY file in the +\fBsudo\fR +distribution (https://www.sudo.ws/history.html) for a brief +history of sudo. +.SH "AUTHORS" +Many people have worked on +\fBsudo\fR +over the years; this version consists of code written primarily by: +.sp +.RS 6n +Todd C. Miller +.RE +.PP +See the CONTRIBUTORS file in the +\fBsudo\fR +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +\fBsudo\fR. +.SH "BUGS" +If you feel you have found a bug in +\fBsudo\fR, +please submit a bug report at https://bugzilla.sudo.ws/ +.SH "SUPPORT" +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.SH "DISCLAIMER" +\fBsudo\fR +is provided +\(lqAS IS\(rq +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +\fBsudo\fR +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.8.31/doc/sudo_logsrvd.conf.mdoc.in sudo-1.9.0/doc/sudo_logsrvd.conf.mdoc.in --- sudo-1.8.31/doc/sudo_logsrvd.conf.mdoc.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/doc/sudo_logsrvd.conf.mdoc.in 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,707 @@ +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2019-2020 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd May 8, 2020 +.Dt SUDO_LOGSRVD.CONF @mansectform@ +.Os Sudo @PACKAGE_VERSION@ +.Sh NAME +.Nm sudo_logsrvd.conf +.Nd configuration for sudo_logsrvd +.Sh DESCRIPTION +The +.Nm sudo_logsrvd.conf +file is used to configure the +.Nm sudo_logsrvd +log server. +It uses an INI-style format made up of sections in square brackets and +.Dq key = value +pairs specific to each section below the section name. +Depending on the key, values may be integers, booleans or strings. +Section and key names are not case sensitive, but values are. +.Pp +The pound sign +.Pq Ql # +is used to indicate a comment. +Both the comment character and any text after it, up to the end of +the line, are ignored. +Lines beginning with a semi-colon +.Pq Ql \&; +are also ignored. +.Pp +Long lines can be continued with a backslash +.Pq Ql \e +as the last character on the line. +Note that leading white space is removed from the beginning of lines +even when the continuation character is used. +.Pp +The +.Sx EXAMPLES +section contains a copy of the default +.Nm +file. +.Pp +The following configuration sections are recognized: +.Pp +.Bl -bullet -compact -offset indent +.It +server +.It +iolog +.It +eventlog +.It +syslog +.It +logfile +.El +.Pp +Each section is described in detail below. +.Ss server +The +.Em server +section configures the address and port the server will listen on. +The following keys are recognized: +.Bl -tag -width 8n +.It listen_address = host Ns Oo : Ns port Oc Ns Op (tls) +The host name or IP address, optional port to listen on and +an optional Transport Layer Security (TLS) flag in parentheses. +.Pp +The host may be a host name, an IPv4 address, an IPv6 address +in square brackets or the wild card entry +.Ql * . +A host setting of +.Ql * +will cause +.Nm sudo_logsrvd +to listen on all configured network interfaces. +.Pp +If the optional tls flag is present, +.Nm sudo_logsrvd +will secure the connection with TLS version 1.2 or 1.3. +Versions of TLS prior to 1.2 are not supported. +See +.Xr sudo_logsrvd @mansectsu@ +for details on generating TLS keys and certificates. +.Pp +If a port is specified, it may either be a port number or a known +service name as defined by the system service name database. +If no port is specified, port 30343 will be used for plaintext +connections and port 30344 will be used for TLS connections. +.Pp +The default value is: +.Bd -literal -compact -offset indent +listen_address = *:30343 +listen_address = *:30344(tls) +.Ed +which will listen on all configured network interfaces for both +plaintext and TLS connections. +Multiple +.Em listen_address +lines may be specified to listen on more than one port or interface. +.It pid_file = path +The path to the file containing the process ID of the running +.Nm sudo_logsrvd . +This file is not created when +.Nm sudo_logsrvd +is run with the +.Fl n +option. +The default value is +.Pa @rundir@/sudo_logsrvd.pid . +.It tcp_keepalive = boolean +If true, +.Nm sudo_logsrvd +will enable the TCP keepalive socket option on the client connection. +This enables the periodic transmission of keepalive messages to the client. +If the client does not respond to a message, the connection will be closed. +.It timeout = number +The amount of time, in seconds, +.Nm sudo_logsrvd +will wait for the client to respond. +A value of 0 will disable the timeout. +The default value is 30. +.It tls_cacert = path +The path to a certificate authority bundle file, in PEM format, +to use instead of the system's default certificate authority database +when authenticating clients. +The default is to use +.Pa /etc/ssl/sudo/cacert.pem +if it exists, otherwise the system's default certificate authority +database is used. +.It tls_cert = path +The path to the server's certificate file, in PEM format. +The default value is +.Pa /etc/ssl/sudo/certs/logsrvd_cert.pem . +.It tls_checkpeer = bool +If true, client certificates will be validated by the server; +clients without a valid certificate will be unable to connect. +If false, no validation of client certificates will be performed. +It true and client certificates are created using a private certificate +authority, the +.Em tls_cacert +setting must be set to a CA bundle that contains the CA certificate +used to generate the client certificate. +The default value is +.Li false . +.It tls_ciphers_v12 = string +A list of ciphers to use for connections secured by TLS version 1.2 only, +separated by a colon +.Ql :\& . +See the +.Sx CIPHER LIST FORMAT +section in +.Xr openssl-ciphers 1 +for full details. +The default value is +.Li HIGH:!aNULL +which consists of encryption cipher suites with key lengths larger than +128 bits, and some cipher suites with 128-bit keys. +Cipher suites that offer no authentication are excluded. +.It tls_ciphers_v13 = string +A list of ciphers to use for connections secured by TLS version 1.3 only, +separated by a colon +.Ql :\& . +Supported cipher suites depend on the version of OpenSSL used, +but should include the following: +.Pp +.Bl -tag -compact -width 8n -offset indent +.It TLS_AES_128_GCM_SHA256 +.It TLS_AES_256_GCM_SHA384 +.It TLS_CHACHA20_POLY1305_SHA256 +.It TLS_AES_128_CCM_SHA256 +.It TLS_AES_128_CCM_8_SHA256 +.El +.Pp +The default cipher suite is TLS_AES_256_GCM_SHA384. +.It tls_dhparams = path +The path to a file containing custom Diffie-Hellman parameters in PEM format. +This file can be created with the following command: +.Bd -literal +openssl dhparam -out /etc/sudo_logsrvd_dhparams.pem 2048 +.Ed +.Pp +By default, +.Nm sudo_logsrvd +will use the OpenSSL defaults for Diffie-Hellman key generation. +.It tls_key = path +The path to the server's private key file, in PEM format. +The default value is +.Pa /etc/ssl/sudo/private/logsrvd_key.pem . +.It tls_verify = bool +If true, the server certificate will be verified at startup and +clients will authenticate the server by verifying its certificate +and identity. +If false, no verification is performed of the server certificate +by the server or the client. +When using self-signed certificates without a certificate authority, +this setting should be set to false. +The default value is true. +.El +.Ss iolog +The +.Em iolog +section configures I/O log parameters. +These settings are identical to the I/O configuration in +.Xr sudoers @mansectform@ . +The following keys are recognized: +.Bl -tag -width 8n +.It iolog_compress = boolean +If set, I/O logs will be compressed using +.Sy zlib . +Enabling compression can make it harder to view the logs in real-time as +the program is executing due to buffering. +The default value is +.Li false . +.It iolog_dir = path +The top-level directory to use when constructing the path +name for the I/O log directory. +The session sequence number, if any, is stored in the directory. +The default value is +.Pa @iolog_dir@ . +.Pp +The following percent +.Pq Ql % +escape sequences are supported: +.Bl -tag -width 4n +.It Li %{seq} +expanded to a monotonically increasing base-36 sequence number, such as 0100A5, +where every two digits are used to form a new directory, e.g., +.Pa 01/00/A5 +.It Li %{user} +expanded to the invoking user's login name +.It Li %{group} +expanded to the name of the invoking user's real group-ID +.It Li %{runas_user} +expanded to the login name of the user the command will +be run as (e.g., root) +.It Li %{runas_group} +expanded to the group name of the user the command will +be run as (e.g., wheel) +.It Li %{hostname} +expanded to the local host name without the domain name +.It Li %{command} +expanded to the base name of the command being run +.El +.Pp +In addition, any escape sequences supported by the system's +.Xr strftime 3 +function will be expanded. +.Pp +To include a literal +.Ql % +character, the string +.Ql %% +should be used. +.It iolog_file = path +The path name, relative to +.Em iolog_dir , +in which to store I/O logs. +Note that +.Em iolog_file +may contain directory components. +The default value is +.Li %{seq} . +.Pp +See the +.Em iolog_dir +setting above for a list of supported percent +.Pq Ql % +escape sequences. +.Pp +In addition to the escape sequences, path names that end in six or +more +.Li X Ns s +will have the +.Li X Ns s +replaced with a unique combination of digits and letters, similar to the +.Xr mktemp 3 +function. +.Pp +If the path created by concatenating +.Em iolog_dir +and +.Em iolog_file +already exists, the existing I/O log file will be truncated and +overwritten unless +.Em iolog_file +ends in six or +more +.Li X Ns s . +.It iolog_flush = boolean +If set, I/O log data is flushed to disk after each write instead of +buffering it. +This makes it possible to view the logs in real-time as the program is +executing but may significantly reduce the effectiveness +of I/O log compression. +The default value is +.Li true . +.It iolog_group = name +The group name to look up when setting the group-ID on new I/O log +files and directories. +If +.Em iolog_group +is not set, +the primary group-ID of the user specified by +.Em iolog_user is used. +If neither +.Em iolog_group +nor +.Em iolog_user +are set, I/O log files and directories are created with group-ID 0. +.It iolog_mode = mode +The file mode to use when creating I/O log files. +Mode bits for read and write permissions for owner, group or other +are honored, everything else is ignored. +The file permissions will always include the owner read and +write bits, even if they are not present in the specified mode. +When creating I/O log directories, search (execute) bits are added +to match the read and write bits specified by +.Em iolog_mode . +The default value is +.Li 0600 . +.It iolog_user = name +The user name to look up when setting the owner of new +I/O log files and directories. +If +.Em iolog_group +is set, it will be used instead of the user's primary group-ID. +By default, I/O log files and directories are created with user and +group-ID 0. +.It maxseq = number +The maximum sequence number that will be substituted for the +.Dq Li %{seq} +escape in the I/O log file (see the +.Em iolog_dir +description above for more information). +While the value substituted for +.Dq Li %{seq} +is in base 36, +.Em maxseq +itself should be expressed in decimal. +Values larger than 2176782336 (which corresponds to the +base 36 sequence number +.Dq ZZZZZZ ) +will be silently truncated to 2176782336. +The default value is 2176782336. +.El +.Ss eventlog +The +.Em eventlog +section configures how (and if) security policy events are logged. +.Bl -tag -width 4n +.It log_type = string +Where to log accept, reject and alert events reported by the policy. +Supported values are +.Em syslog , +.Em logfile , +and +.Em none . +The default value is +.Em syslog . +.It log_format = string +The event log format. +Supported log formats are +.Dq sudo +for traditional sudo-style logs and +.Dq json +for JSON-format logs. +The JSON log entries contain the full contents of the accept, reject +and alert messages. +The default value is +.Em sudo . +.El +.Ss syslog +The +.Em syslog +section configures how events are logged via +.Xr syslog 3 . +.Bl -tag -width 4n +.It facility = string +Syslog facility if syslog is being used for logging. +Defaults to +.Li @logfac@ . +.Pp +The following syslog facilities are supported: +.Sy authpriv +(if your +OS supports it), +.Sy auth , +.Sy daemon , +.Sy user , +.Sy local0 , +.Sy local1 , +.Sy local2 , +.Sy local3 , +.Sy local4 , +.Sy local5 , +.Sy local6 , +and +.Sy local7 . +.It accept_priority = string +Syslog priority to use when the user is allowed to run a command and +authentication is successful. +Defaults to +.Li @goodpri@ . +.Pp +The following syslog priorities are supported: +.Sy alert , +.Sy crit , +.Sy debug , +.Sy emerg , +.Sy err , +.Sy info , +.Sy notice , +.Sy warning , +and +.Sy none . +Setting it to a value of +.Sy none +will disable logging of successful commands. +.It reject_priority = string +Syslog priority to use when the user is not allowed to run a command or +when authentication is unsuccessful. +Defaults to +.Li @badpri@ . +.Pp +See +.Em accept_priority +for the list of supported syslog priorities. +.It alert_priority = string +Syslog priority to use for event log alert messages received from the client. +Defaults to +.Li @badpri@ . +.Pp +See +.Em accept_priority +for the list of supported syslog priorities. +.It maxlen = number +On many systems, +.Xr syslog 3 +has a relatively small log buffer. +IETF RFC 5424 states that syslog servers must support messages of +at least 480 bytes and should support messages up to 2048 bytes. +By default, +.Nm sudo_logsrvd +creates log messages up to 960 bytes which corresponds to the +historic +.Bx +syslog implementation which used a 1024 byte buffer +to store the message, date, hostname and program name. +.Pp +To prevent syslog messages from being truncated, +.Nm sudo_logsrvd +will split up sudo-style log messages that are larger than +.Em maxlen +bytes. +When a message is split, additional parts will include the string +.Dq Pq command continued +after the user name and before the continued command line arguments. +JSON-format log entries are never split and are not affected by +.Em maxlen . +.El +.Ss logfile +The +.Em logfile +section consists of settings related to logging to a plain file +(not syslog). +.Bl -tag -width 4n +.It path = string +The path to the file-based event log. +This path must be fully-qualified and start with a +.Sq / +character. +The default value is +.Pa @logpath@ . +.It time_format = string +The string used when formatting the date and time for file-based event logs. +Formatting is performed via the system's +.Xr strftime 3 +function so any escape sequences supported by that function will be expanded. +The default value is +.Dq Li "%h %e %T" +which produces dates like +.Dq Oct 3 07:15:24 +in the C locale. +.El +.Sh FILES +.Bl -tag -width 24n +.It Pa @sysconfdir@/sudo_logsrvd.conf +Sudo log server configuration file +.El +.Sh EXAMPLES +.Bd -literal +# +# sudo logsrv configuration +# + +[server] +# The host name or IP address and port to listen on with an optional TLS +# flag. If no port is specified, port 30343 will be used for plaintext +# connections and port 30344 will be used to TLS connections. +# The following forms are accepted: +# listen_address = hostname(tls) +# listen_address = hostname:port(tls) +# listen_address = IPv4_address(tls) +# listen_address = IPv4_address:port(tls) +# listen_address = [IPv6_address](tls) +# listen_address = [IPv6_address]:port(tls) +# +# The (tls) suffix should be omitted for plaintext connections. +# +# Multiple listen_address settings may be specified. +# The default is to listen on all addresses. +#listen_address = *:30343 +#listen_address = *:30344(tls) + +# The file containing the ID of the running sudo_logsrvd process. +#pid_file = @rundir@/sudo_logsrvd.pid + +# If set, enable the SO_KEEPALIVE socket option on the connected socket. +#tcp_keepalive = true + +# The amount of time, in seconds, the server will wait for the client to +# respond. A value of 0 will disable the timeout. The default value is 30. +#timeout = 30 + +# If set, server certificate will be verified at server startup and +# also connecting clients will perform server authentication by +# verifying the server's certificate and identity. +#tls_verify = true + +# Whether to verify client certificates for TLS connections. +# By default client certs are not checked. +#tls_checkpeer = false + +# Path to the certificate authority bundle file in PEM format. +# Required if 'tls_verify' or 'tls_checkpeer' is set. +#tls_cacert = /etc/ssl/sudo/cacert.pem + +# Path to the server's certificate file in PEM format. +# Required for TLS connections. +#tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem + +# Path to the server's private key file in PEM format. +# Required for TLS connections. +#tls_key = /etc/ssl/sudo/private/logsrvd_key.pem + +# TLS cipher list (see "CIPHER LIST FORMAT" in the openssl-ciphers manual). +# NOTE that this setting is only effective if the negotiated protocol +# is TLS version 1.2. +# The default cipher list is HIGH:!aNULL. +#tls_ciphers_v12 = HIGH:!aNULL + +# TLS cipher list if the negotiated protocol is TLS version 1.3. +# The default cipher list is TLS_AES_256_GCM_SHA384. +#tls_ciphers_v13 = TLS_AES_256_GCM_SHA384 + +# Path to the Diffie-Hellman parameter file in PEM format. +# If not set, the server will use the OpenSSL defaults. +#tls_dhparams = /etc/ssl/sudo/logsrvd_dhparams.pem + +[iolog] +# The top-level directory to use when constructing the path name for the +# I/O log directory. The session sequence number, if any, is stored here. +#iolog_dir = /var/log/sudo-io + +# The path name, relative to iolog_dir, in which to store I/O logs. +# Note that iolog_file may contain directory components. +#iolog_file = %{seq} + +# If set, I/O logs will be compressed using zlib. Enabling compression can +# make it harder to view the logs in real-time as the program is executing. +#iolog_compress = false + +# If set, I/O log data is flushed to disk after each write instead of +# buffering it. This makes it possible to view the logs in real-time +# as the program is executing but reduces the effectiveness of compression. +#iolog_flush = true + +# The group to use when creating new I/O log files and directories. +# If iolog_group is not set, the primary group-ID of the user specified +# by iolog_user is used. If neither iolog_group nor iolog_user +# are set, I/O log files and directories are created with group-ID 0. +#iolog_group = wheel + +# The user to use when setting the user-ID and group-ID of new I/O +# log files and directories. If iolog_group is set, it will be used +# instead of the user's primary group-ID. By default, I/O log files +# and directories are created with user and group-ID 0. +#iolog_user = root + +# The file mode to use when creating I/O log files. The file permissions +# will always include the owner read and write bits, even if they are +# not present in the specified mode. When creating I/O log directories, +# search (execute) bits are added to match the read and write bits +# specified by iolog_mode. +#iolog_mode = 0600 + +# The maximum sequence number that will be substituted for the "%{seq}" +# escape in the I/O log file. While the value substituted for "%{seq}" +# is in base 36, maxseq itself should be expressed in decimal. Values +# larger than 2176782336 (which corresponds to the base 36 sequence +# number "ZZZZZZ") will be silently truncated to 2176782336. +#maxseq = 2176782336 + +[eventlog] +# Where to log accept, reject and alert events. +# Accepted values are syslog, logfile, or none. +# Defaults to syslog +#log_type = syslog + +# Event log format. +# Currently only sudo-style event logs are supported. +#log_format = sudo + +[syslog] +# The maximum length of a syslog payload. +# On many systems, syslog(3) has a relatively small log buffer. +# IETF RFC 5424 states that syslog servers must support messages +# of at least 480 bytes and should support messages up to 2048 bytes. +# Messages larger than this value will be split into multiple messages. +#maxlen = 960 + +# The syslog facility to use for event log messages. +# The following syslog facilities are supported: authpriv (if your OS +# supports it), auth, daemon, user, local0, local1, local2, local3, +# local4, local5, local6, and local7. +#facility = authpriv + +# Syslog priority to use for event log accept messages, when the command +# is allowed by the security policy. The following syslog priorities are +# supported: alert, crit, debug, emerg, err, info, notice, warning, none. +#accept_priority = notice + +# Syslog priority to use for event log reject messages, when the command +# is not allowed by the security policy. +#reject_priority = alert + +# Syslog priority to use for event log alert messages reported by the +# client. +#alert_priority = alert + +[logfile] +# The path to the file-based event log. +# This path must be fully-qualified and start with a '/' character. +#path = /var/log/sudo + +# The format string used when formatting the date and time for +# file-based event logs. Formatting is performed via strftime(3) so +# any format string supported by that function is allowed. +#time_format = %h %e %T +.Ed +.Sh SEE ALSO +.Xr strftime 3 , +.Xr sudo.conf @mansectform@ , +.Xr sudoers @mansectform@ , +.Xr sudo @mansectsu@ , +.Xr sudo_logsrvd @mansectsu@ +.Sh HISTORY +See the HISTORY file in the +.Nm sudo +distribution (https://www.sudo.ws/history.html) for a brief +history of sudo. +.Sh AUTHORS +Many people have worked on +.Nm sudo +over the years; this version consists of code written primarily by: +.Bd -ragged -offset indent +.An Todd C. Miller +.Ed +.Pp +See the CONTRIBUTORS file in the +.Nm sudo +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +.Nm sudo . +.Sh BUGS +If you feel you have found a bug in +.Nm sudo , +please submit a bug report at https://bugzilla.sudo.ws/ +.Sh SUPPORT +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.Sh DISCLAIMER +.Nm sudo +is provided +.Dq AS IS +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +.Nm sudo +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.8.31/doc/sudo_logsrvd.man.in sudo-1.9.0/doc/sudo_logsrvd.man.in --- sudo-1.8.31/doc/sudo_logsrvd.man.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/doc/sudo_logsrvd.man.in 2020-05-11 16:28:22.000000000 +0000 @@ -0,0 +1,438 @@ +.\" Automatically generated from an mdoc input file. Do not edit. +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2019 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.TH "SUDO_LOGSRVD" "@mansectsu@" "October 16, 2019" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" +.nh +.if n .ad l +.SH "NAME" +\fBsudo_logsrvd\fR +\- sudo event and I/O log server +.SH "SYNOPSIS" +.HP 13n +\fBsudo_logsrvd\fR +[\fB\-hnV\fR] +[\fB\-f\fR\ \fIfile\fR] +[\fB\-R\fR\ \fIpercentage\fR] +.SH "DESCRIPTION" +\fBsudo_logsrvd\fR +is a high-performance log server that accepts event and I/O logs from +\fBsudo\fR. +It can be used to implement centralized logging of +\fBsudo\fR +logs. +Event log entries may be logged either via +syslog(3) +or to a file. +I/O Logs created by +\fBsudo_logsrvd\fR +can be replayed via the +sudoreplay(@mansectsu@) +utility in the same way as logs generated directly by the +\fBsudoers\fR +plugin. +.PP +The server also supports restarting interrupted log transfers. +To distinguish completed I/O logs from incomplete ones, the +I/O log timing file is set to be read-only when the log is complete. +.PP +Configuration parameters for +\fBsudo_logsrvd\fR +may be specified in the +sudo_logsrvd.conf(@mansectform@) +file. +.PP +The options are as follows: +.TP 12n +\fB\-f\fR, \fB\--file\fR +Read configuration from +\fIfile\fR +instead of the default, +\fI@sysconfdir@/sudo_logsrvd.conf\fR. +.TP 12n +\fB\-h\fR, \fB\--help\fR +Display a short help message to the standard output and exit. +.TP 12n +\fB\-n\fR, \fB\--no-fork\fR +Run +\fBsudo_logsrvd\fR +in the foreground instead of detaching from the terminal and becoming +a daemon. +.TP 12n +\fB\-R\fR, \fB\--random-drop\fR +For each message, there is a +\fIpercentage\fR +chance that the server will drop the connection. +This is only intended for debugging the ability of a +client to restart a connection. +.TP 12n +\fB\-V\fR, \fB\--version\fR +Print the +\fBsudo_logsrvd\fR +version and exit. +.SS "Securing server connections" +The I/O log data sent to +\fBsudo_logsrvd\fR +may contain sensitive information such as passwords and should be +secured using Transport Layer Security (TLS). +Doing so requires having a signed certificate on the server and, if +\fItls_checkpeer\fR +is enabled in +sudo_logsrvd.conf(@mansectform@), +a signed certificate on the client as well. +.PP +The certificates can either be signed by a well-known Certificate +Authority (CA), or a private CA can be used. +Instructions for creating a private CA are included below in the +\fIEXAMPLES\fR +section. +.SS "Debugging sudo_logsrvd" +\fBsudo_logsrvd\fR +supports a flexible debugging framework that is configured via +\fRDebug\fR +lines in the +sudo.conf(@mansectform@) +file. +.PP +For more information on configuring +sudo.conf(@mansectform@), +please refer to its manual. +.SH "FILES" +.TP 26n +\fI@sysconfdir@/sudo.conf\fR +Sudo front end configuration +.TP 26n +\fI@sysconfdir@/sudo_logsrvd.conf\fR +Sudo log server configuration file +.TP 26n +\fI@iolog_dir@\fR +Default I/O log file location +.TP 26n +\fI@rundir@/sudo_logsrvd.pid\fR +.br +Process ID file for +\fBsudo_logsrvd\fR +.SH "EXAMPLES" +.SS "Creating self-signed certificates" +Unless you are using certificates signed by a well-known Certificate +Authority (or a local enterprise CA), you will need to create your +own CA that can sign the certificates used by +\fBsudo_logsrvd\fR, +\fBsudo_sendlog\fR, +and the +\fBsudoers\fR +plugin. +The following steps use the +openssl(1) +command to create keys and certificates. +.SS "Initial setup" +First, we need to create a directory structure to store the +files for the CA. +We'll create a new directory hierarchy in +\fI/etc/ssl/sudo\fR +for this purpose. +.nf +.sp +.RS 6n +# mkdir /etc/ssl/sudo +# cd /etc/ssl/sudo +# mkdir certs csr newcerts private +# chmod 700 private +# touch index.txt +# echo 1000 > serial +.RE +.fi +.PP +The serial and index.txt files are used to keep track of signed certificates. +.PP +Next, we need to make a copy of the openssl.conf file and customize +it for our new CA. +The path to openssl.cnf is system-dependent but +\fI/etc/ssl/openssl.cnf\fR +is the most common location. +You will need to adjust the example below if it has a different location on +your system. +.nf +.sp +.RS 6n +# cp /etc/ssl/openssl.cnf . +.RE +.fi +.PP +Now edit the +\fIopenssl.cnf\fR +file in the current directory and make sure it contains +\(lqca\(rq +and +\(lqCA_default\(rq +sections. +Those sections should include the following settings: +.nf +.sp +.RS 6n +[ ca ] +default_ca = CA_default + +[ CA_default ] +dir = /etc/ssl/sudo +certs = $dir/certs +database = $dir/index.txt +certificate = $dir/cacert.pem +serial = $dir/serial +.RE +.fi +.PP +If your +\fIopenssl.conf\fR +file already has a +\(lqCA_default\(rq +section, you may only need to modify the +\(lqdir\(rq +setting. +.SS "Creating the CA key and certificate" +In order to create and sign our own certificates, we need to create +a private key and a certificate for the root of the CA. +First, create the private key and protect it with a pass phrase: +.nf +.sp +.RS 6n +# openssl genrsa -aes256 -out private/cakey.pem 4096 +# chmod 400 private/cakey.pem +.RE +.fi +.PP +Next, generate the root certificate, using appropriate values for +the site-specific fields: +.nf +.sp +.RS 6n +# openssl req -config openssl.cnf -key private/cakey.pem \e + -new -x509 -days 7300 -sha256 -extensions v3_ca \e + -out cacert.pem + +Enter pass phrase for private/cakey.pem: +You are about to be asked to enter information that will be +incorporated into your certificate request. +What you are about to enter is what is called a Distinguished Name +or a DN. +There are quite a few fields but you can leave some blank. +For some fields there will be a default value, +If you enter '.', the field will be left blank. +----- +Country Name (2 letter code) [AU]:US +State or Province Name (full name) [Some-State]:Colorado +Locality Name (eg, city) []: +Organization Name (eg, company) [Internet Widgits Pty Ltd]:sudo +Organizational Unit Name (eg, section) []:sudo Certificate Authority +Common Name (e.g., server FQDN or YOUR name) []:sudo Root CA +Email Address []: + +# chmod 444 cacert.pem +.RE +.fi +.PP +Finally, verify the root certificate: +.nf +.sp +.RS 6n +# openssl x509 -noout -text -in cacert.pem +.RE +.fi +.SS "Creating and signing certificates" +The server and client certificates will be signed by the previously +created root CA. +Usually, the root CA is not used to sign server/client certificates +directly. +Instead, intermediate certificates are created and signed with the +root CA and the intermediate certs are used to sign CSRs (Certificate +Signing Request). +In this example we'll skip this part for simplicity's sake and sign the +CSRs with the root CA. +.PP +First, generate the private key without a pass phrase. +.nf +.sp +.RS 6n +# openssl genrsa -out private/logsrvd_key.pem 2048 +# chmod 400 private/logsrvd_key.pem +.RE +.fi +.PP +Next, create a certificate signing request (CSR) for the server's certificate. +The organization name must match the name given in the root certificate. +The common name should be either the server's IP address or a fully +qualified domain name. +.nf +.sp +.RS 6n +# openssl req -config openssl.cnf -key private/logsrvd_key.pem -new \e + -sha256 -out csr/logsrvd_csr.pem + +Enter pass phrase for private/logsrvd_key.pem: +You are about to be asked to enter information that will be +incorporated into your certificate request. +What you are about to enter is what is called a Distinguished Name +or a DN. +There are quite a few fields but you can leave some blank. +For some fields there will be a default value, +If you enter '.', the field will be left blank. +----- +Country Name (2 letter code) [AU]:US +State or Province Name (full name) [Some-State]:Colorado +Locality Name (eg, city) []: +Organization Name (eg, company) [Internet Widgits Pty Ltd]:sudo +Organizational Unit Name (eg, section) []:sudo log server +Common Name (e.g., server FQDN or YOUR name) []:logserver.example.com +Email Address []: + +Please enter the following 'extra' attributes +to be sent with your certificate request +A challenge password []: +An optional company name []: +.RE +.fi +.PP +Now sign the CSR that was just created: +.nf +.sp +.RS 6n +# openssl ca -config openssl.cnf -days 375 -notext -md sha256 \e + -in csr/logsrvd_csr.pem -out certs/logsrvd_cert.pem + +Using configuration from openssl.cnf +Enter pass phrase for ./private/cakey.pem: +Check that the request matches the signature +Signature ok +Certificate Details: + Serial Number: 4096 (0x1000) + Validity + Not Before: Nov 11 14:05:05 2019 GMT + Not After : Nov 20 14:05:05 2020 GMT + Subject: + countryName = US + stateOrProvinceName = Colorado + organizationName = sudo + organizationalUnitName = sudo log server + commonName = logserve.example.com + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 4C:50:F9:D0:BE:1A:4C:B2:AC:90:76:56:C7:9E:16:AE:E6:9E:E5:B5 + X509v3 Authority Key Identifier: + keyid:D7:91:24:16:B1:03:06:65:1A:7A:6E:CF:51:E9:5C:CB:7A:95:3E:0C + +Certificate is to be certified until Nov 20 14:05:05 2020 GMT (375 days) +Sign the certificate? [y/n]:y + +1 out of 1 certificate requests certified, commit? [y/n]y +Write out database with 1 new entries +Data Base Updated +.RE +.fi +.PP +Finally, verify the new certificate: +.nf +.sp +.RS 6n +# openssl verify -CAfile cacert.pem certs/logsrvd_cert.pem +certs/logsrvd_cert.pem: OK +.RE +.fi +.PP +The +\fI/etc/ssl/sudo/certs\fR +directory now contains a signed and verified certificate for use with +\fBsudo_logsrvd\fR. +.PP +To generate a client certificate, repeat the process above using +a different file name. +.SS "Configuring sudo_logsrvd to use TLS" +To use TLS for client/server communication, both +\fBsudo_logsrvd\fR +and the +\fBsudoers\fR +plugin need to be configured to use TLS. +Configuring +\fBsudo_logsrvd\fR +for TLS requires the following settings, assuming the same path +names used earlier: +.nf +.sp +.RS 6n +# If set, secure connections with TLS 1.2 or 1.3. +tls = true + +# Path to the certificate authority bundle file in PEM format. +tls_cacert = /etc/ssl/sudo/cacert.pem + +# Path to the server's certificate file in PEM format. +tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem + +# Path to the server's private key file in PEM format. +tls_key = /etc/ssl/sudo/private/logsrvd_key.pem +.RE +.fi +.PP +The root CA cert +(\fIcacert.pem\fR) +must be installed on the system running +\fBsudo_logsrvd\fR. +If peer authentication is enabled on the client, a copy of +\fIcacert.pem\fR +must be present on the client system too. +.SH "SEE ALSO" +sudo.conf(@mansectform@), +sudo_logsrvd.conf(@mansectform@), +sudoers(@mansectform@), +sudo(@mansectsu@), +sudo_sendlog(@mansectsu@), +sudoreplay(@mansectsu@) +.SH "AUTHORS" +Many people have worked on +\fBsudo\fR +over the years; this version consists of code written primarily by: +.sp +.RS 6n +Todd C. Miller +.RE +.PP +See the CONTRIBUTORS file in the +\fBsudo\fR +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +\fBsudo\fR. +.SH "BUGS" +If you feel you have found a bug in +\fBsudo_logsrvd\fR, +please submit a bug report at https://bugzilla.sudo.ws/ +.SH "SUPPORT" +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.SH "DISCLAIMER" +\fBsudo_logsrvd\fR +is provided +\(lqAS IS\(rq +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +\fBsudo\fR +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.8.31/doc/sudo_logsrvd.mdoc.in sudo-1.9.0/doc/sudo_logsrvd.mdoc.in --- sudo-1.8.31/doc/sudo_logsrvd.mdoc.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/doc/sudo_logsrvd.mdoc.in 2020-05-11 16:28:22.000000000 +0000 @@ -0,0 +1,396 @@ +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2019-2020 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd March 28, 2020 +.Dt SUDO_LOGSRVD @mansectsu@ +.Os Sudo @PACKAGE_VERSION@ +.Sh NAME +.Nm sudo_logsrvd +.Nd sudo event and I/O log server +.Sh SYNOPSIS +.Nm sudo_logsrvd +.Op Fl hnV +.Op Fl f Ar file +.Op Fl R Ar percentage +.Sh DESCRIPTION +.Nm +is a high-performance log server that accepts event and I/O logs from +.Nm sudo . +It can be used to implement centralized logging of +.Nm sudo +logs. +Event log entries may be logged either via +.Xr syslog 3 +or to a file. +I/O Logs created by +.Nm +can be replayed via the +.Xr sudoreplay @mansectsu@ +utility in the same way as logs generated directly by the +.Nm sudoers +plugin. +.Pp +The server also supports restarting interrupted log transfers. +To distinguish completed I/O logs from incomplete ones, the +I/O log timing file is set to be read-only when the log is complete. +.Pp +Configuration parameters for +.Nm +may be specified in the +.Xr sudo_logsrvd.conf @mansectform@ +file. +.Pp +The options are as follows: +.Bl -tag -width Fl +.It Fl f , -file +Read configuration from +.Ar file +instead of the default, +.Pa @sysconfdir@/sudo_logsrvd.conf . +.It Fl h , -help +Display a short help message to the standard output and exit. +.It Fl n , -no-fork +Run +.Nm +in the foreground instead of detaching from the terminal and becoming +a daemon. +.It Fl R , -random-drop +For each message, there is a +.Ar percentage +chance that the server will drop the connection. +This is only intended for debugging the ability of a +client to restart a connection. +.It Fl V , -version +Print the +.Nm +version and exit. +.El +.Ss Securing server connections +The I/O log data sent to +.Nm +may contain sensitive information such as passwords and should be +secured using Transport Layer Security (TLS). +Doing so requires having a signed certificate on the server and, if +.Em tls_checkpeer +is enabled in +.Xr sudo_logsrvd.conf @mansectform@ , +a signed certificate on the client as well. +.Pp +The certificates can either be signed by a well-known Certificate +Authority (CA), or a private CA can be used. +Instructions for creating a private CA are included below in the +.Sx EXAMPLES +section. +.Ss Debugging sudo_logsrvd +.Nm +supports a flexible debugging framework that is configured via +.Li Debug +lines in the +.Xr sudo.conf @mansectform@ +file. +.Pp +For more information on configuring +.Xr sudo.conf @mansectform@ , +please refer to its manual. +.Sh FILES +.Bl -tag -width 24n +.It Pa @sysconfdir@/sudo.conf +Sudo front end configuration +.It Pa @sysconfdir@/sudo_logsrvd.conf +Sudo log server configuration file +.It Pa @iolog_dir@ +Default I/O log file location +.It Pa @rundir@/sudo_logsrvd.pid +Process ID file for +.Nm +.El +.Sh EXAMPLES +.Ss Creating self-signed certificates +Unless you are using certificates signed by a well-known Certificate +Authority (or a local enterprise CA), you will need to create your +own CA that can sign the certificates used by +.Nm , +.Nm sudo_sendlog , +and the +.Nm sudoers +plugin. +The following steps use the +.Xr openssl 1 +command to create keys and certificates. +.Ss Initial setup +First, we need to create a directory structure to store the +files for the CA. +We'll create a new directory hierarchy in +.Pa /etc/ssl/sudo +for this purpose. +.Bd -literal -offset indent +# mkdir /etc/ssl/sudo +# cd /etc/ssl/sudo +# mkdir certs csr newcerts private +# chmod 700 private +# touch index.txt +# echo 1000 > serial +.Ed +.Pp +The serial and index.txt files are used to keep track of signed certificates. +.Pp +Next, we need to make a copy of the openssl.conf file and customize +it for our new CA. +The path to openssl.cnf is system-dependent but +.Pa /etc/ssl/openssl.cnf +is the most common location. +You will need to adjust the example below if it has a different location on +your system. +.Bd -literal -offset indent +# cp /etc/ssl/openssl.cnf . +.Ed +.Pp +Now edit the +.Pa openssl.cnf +file in the current directory and make sure it contains +.Dq ca +and +.Dq CA_default +sections. +Those sections should include the following settings: +.Bd -literal -offset indent +[ ca ] +default_ca = CA_default + +[ CA_default ] +dir = /etc/ssl/sudo +certs = $dir/certs +database = $dir/index.txt +certificate = $dir/cacert.pem +serial = $dir/serial +.Ed +.Pp +If your +.Pa openssl.conf +file already has a +.Dq CA_default +section, you may only need to modify the +.Dq dir +setting. +.Ss Creating the CA key and certificate +In order to create and sign our own certificates, we need to create +a private key and a certificate for the root of the CA. +First, create the private key and protect it with a pass phrase: +.Bd -literal -offset indent +# openssl genrsa -aes256 -out private/cakey.pem 4096 +# chmod 400 private/cakey.pem +.Ed +.Pp +Next, generate the root certificate, using appropriate values for +the site-specific fields: +.Bd -literal -offset indent +# openssl req -config openssl.cnf -key private/cakey.pem \e + -new -x509 -days 7300 -sha256 -extensions v3_ca \e + -out cacert.pem + +Enter pass phrase for private/cakey.pem: +You are about to be asked to enter information that will be +incorporated into your certificate request. +What you are about to enter is what is called a Distinguished Name +or a DN. +There are quite a few fields but you can leave some blank. +For some fields there will be a default value, +If you enter '.', the field will be left blank. +----- +Country Name (2 letter code) [AU]:US +State or Province Name (full name) [Some-State]:Colorado +Locality Name (eg, city) []: +Organization Name (eg, company) [Internet Widgits Pty Ltd]:sudo +Organizational Unit Name (eg, section) []:sudo Certificate Authority +Common Name (e.g., server FQDN or YOUR name) []:sudo Root CA +Email Address []: + +# chmod 444 cacert.pem +.Ed +.Pp +Finally, verify the root certificate: +.Bd -literal -offset indent +# openssl x509 -noout -text -in cacert.pem +.Ed +.Ss Creating and signing certificates +The server and client certificates will be signed by the previously +created root CA. +Usually, the root CA is not used to sign server/client certificates +directly. +Instead, intermediate certificates are created and signed with the +root CA and the intermediate certs are used to sign CSRs (Certificate +Signing Request). +In this example we'll skip this part for simplicity's sake and sign the +CSRs with the root CA. +.Pp +First, generate the private key without a pass phrase. +.Bd -literal -offset indent +# openssl genrsa -out private/logsrvd_key.pem 2048 +# chmod 400 private/logsrvd_key.pem +.Ed +.Pp +Next, create a certificate signing request (CSR) for the server's certificate. +The organization name must match the name given in the root certificate. +The common name should be either the server's IP address or a fully +qualified domain name. +.Bd -literal -offset indent +# openssl req -config openssl.cnf -key private/logsrvd_key.pem -new \e + -sha256 -out csr/logsrvd_csr.pem + +Enter pass phrase for private/logsrvd_key.pem: +You are about to be asked to enter information that will be +incorporated into your certificate request. +What you are about to enter is what is called a Distinguished Name +or a DN. +There are quite a few fields but you can leave some blank. +For some fields there will be a default value, +If you enter '.', the field will be left blank. +----- +Country Name (2 letter code) [AU]:US +State or Province Name (full name) [Some-State]:Colorado +Locality Name (eg, city) []: +Organization Name (eg, company) [Internet Widgits Pty Ltd]:sudo +Organizational Unit Name (eg, section) []:sudo log server +Common Name (e.g., server FQDN or YOUR name) []:logserver.example.com +Email Address []: + +Please enter the following 'extra' attributes +to be sent with your certificate request +A challenge password []: +An optional company name []: +.Ed +.Pp +Now sign the CSR that was just created: +.Bd -literal -offset indent +# openssl ca -config openssl.cnf -days 375 -notext -md sha256 \e + -in csr/logsrvd_csr.pem -out certs/logsrvd_cert.pem + +Using configuration from openssl.cnf +Enter pass phrase for ./private/cakey.pem: +Check that the request matches the signature +Signature ok +Certificate Details: + Serial Number: 4096 (0x1000) + Validity + Not Before: Nov 11 14:05:05 2019 GMT + Not After : Nov 20 14:05:05 2020 GMT + Subject: + countryName = US + stateOrProvinceName = Colorado + organizationName = sudo + organizationalUnitName = sudo log server + commonName = logserve.example.com + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 4C:50:F9:D0:BE:1A:4C:B2:AC:90:76:56:C7:9E:16:AE:E6:9E:E5:B5 + X509v3 Authority Key Identifier: + keyid:D7:91:24:16:B1:03:06:65:1A:7A:6E:CF:51:E9:5C:CB:7A:95:3E:0C + +Certificate is to be certified until Nov 20 14:05:05 2020 GMT (375 days) +Sign the certificate? [y/n]:y + +1 out of 1 certificate requests certified, commit? [y/n]y +Write out database with 1 new entries +Data Base Updated +.Ed +.Pp +Finally, verify the new certificate: +.Bd -literal -offset indent +# openssl verify -CAfile cacert.pem certs/logsrvd_cert.pem +certs/logsrvd_cert.pem: OK +.Ed +.Pp +The +.Pa /etc/ssl/sudo/certs +directory now contains a signed and verified certificate for use with +.Nm sudo_logsrvd . +.Pp +To generate a client certificate, repeat the process above using +a different file name. +.Ss Configuring sudo_logsrvd to use TLS +To use TLS for client/server communication, both +.Nm +and the +.Nm sudoers +plugin need to be configured to use TLS. +Configuring +.Nm +for TLS requires the following settings, assuming the same path +names used earlier: +.Bd -literal -offset indent +# If set, secure connections with TLS 1.2 or 1.3. +tls = true + +# Path to the certificate authority bundle file in PEM format. +tls_cacert = /etc/ssl/sudo/cacert.pem + +# Path to the server's certificate file in PEM format. +tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem + +# Path to the server's private key file in PEM format. +tls_key = /etc/ssl/sudo/private/logsrvd_key.pem +.Ed +.Pp +The root CA cert +.Pq Pa cacert.pem +must be installed on the system running +.Nm . +If peer authentication is enabled on the client, a copy of +.Pa cacert.pem +must be present on the client system too. +.Sh SEE ALSO +.Xr sudo.conf @mansectform@ , +.Xr sudo_logsrvd.conf @mansectform@ , +.Xr sudoers @mansectform@ , +.Xr sudo @mansectsu@ , +.Xr sudo_sendlog @mansectsu@ , +.Xr sudoreplay @mansectsu@ +.Sh AUTHORS +Many people have worked on +.Nm sudo +over the years; this version consists of code written primarily by: +.Bd -ragged -offset indent +.An Todd C. Miller +.Ed +.Pp +See the CONTRIBUTORS file in the +.Nm sudo +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +.Nm sudo . +.Sh BUGS +If you feel you have found a bug in +.Nm , +please submit a bug report at https://bugzilla.sudo.ws/ +.Sh SUPPORT +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.Sh DISCLAIMER +.Nm +is provided +.Dq AS IS +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +.Nm sudo +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.8.31/doc/sudo_logsrv.proto.man.in sudo-1.9.0/doc/sudo_logsrv.proto.man.in --- sudo-1.8.31/doc/sudo_logsrv.proto.man.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/doc/sudo_logsrv.proto.man.in 2020-05-11 16:28:22.000000000 +0000 @@ -0,0 +1,890 @@ +.\" Automatically generated from an mdoc input file. Do not edit. +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2019-2020 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.TH "SUDO_LOGSRV.PROTO" "@mansectform@" "May 4, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.nh +.if n .ad l +.SH "NAME" +\fBsudo_logsrv.proto\fR +\- Sudo log server protocol +.SH "DESCRIPTION" +Starting with version 1.9.0, +\fBsudo\fR +supports sending event and I/O logs to a log server. +The protocol used is written in Google's Protocol Buffers domain +specific language. +The +\fIEXAMPLES\fR +section includes a complete description of the protocol in Protocol +Buffers format. +.PP +Because there is no way to determine message boundaries when using +Protocol Buffers, the wire size of each message is sent immediately +preceding the message itself as a 32-bit unsigned integer in network +byte order. +This is referred to as +\(lqlength-prefix framing\(rq +and is how Google suggests handling the lack of message delimiters. +.PP +The protocol is made up of two basic messages, +\fIClientMessage\fR +and +\fIServerMessage\fR, +described below. +The server must accept messages up to two megabytes in size. +The server may return an error if the client tries to send a message +larger than two megabytes. +.SH "Client Messages" +A +\fIClientMessage\fR +is a container used to encapsulate all the possible message types +a client may send to the server. +.nf +.sp +.RS 0n +message ClientMessage { + oneof type { + AcceptMessage accept_msg = 1; + RejectMessage reject_msg = 2; + ExitMessage exit_msg = 3; + RestartMessage restart_msg = 4; + AlertMessage alert_msg = 5; + IoBuffer ttyin_buf = 6; + IoBuffer ttyout_buf = 7; + IoBuffer stdin_buf = 8; + IoBuffer stdout_buf = 9; + IoBuffer stderr_buf = 10; + ChangeWindowSize winsize_event = 11; + CommandSuspend suspend_event = 12; + ClientHello hello_msg = 13; + } +} +.RE +.fi +.PP +The different +\fIClientMessage\fR +sub-messages the client may sent to the server are described below. +.SS "TimeSpec" +.nf +.RS 0n +message TimeSpec { + int64 tv_sec = 1; + int32 tv_nsec = 2; +} +.RE +.fi +.PP +A +\fITimeSpec\fR +is the equivalent of a POSIX +\fRstruct timespec\fR, +containing seconds and nanoseconds members. +The +\fItv_sec\fR +member is a 64-bit integer to support dates after the year 2038. +.SS "InfoMessage" +.nf +.RS 0n +message InfoMessage { + message StringList { + repeated string strings = 1; + } + message NumberList { + repeated int64 numbers = 1; + } + string key = 1; + oneof value { + int64 numval = 2; + string strval = 3; + StringList strlistval = 4; + NumberList numlistval = 5; + } +} +.RE +.fi +.PP +An +\fIInfoMessage\fR +is used to represent information about the invoking user as well as the +execution environment the command runs in the form of key-value pairs. +The key is always a string but the value may be a 64-bit integer, +a string, an array of strings or an array of 64-bit integers. +The event log data is composed of +\fIInfoMessage\fR +entries. +See the +\fIEVENT LOG VARIABLES\fR +section for more information. +.SS "ClientHello hello_msg" +.nf +.RS 0n +message ClientHello { + string client_id = 1; +} +.RE +.fi +.PP +A +\fIClientHello\fR +message consists of client information that may be sent to the +server when the client first connects. +.TP 8n +client_id +A free-form client description. +This usually includes the name and version of the client implementation. +.SS "AcceptMessage accept_msg" +.nf +.RS 0n +message AcceptMessage { + TimeSpec submit_time = 1; + repeated InfoMessage info_msgs = 2; + bool expect_iobufs = 3; +} +.RE +.fi +.PP +An +\fIAcceptMessage\fR +is sent by the client when a command is allowed by the security policy. +It contains the following members: +.TP 8n +submit_time +The wall clock time when the command was submitted to the security policy. +.TP 8n +info_msgs +An array of +\fIInfoMessage\fR +describing the user who submitted the command as well as the execution +environment of the command. +This information is used to generate an event log entry and may also be +used by server to determine where and how the I/O log is stored. +as choose the +.TP 8n +expect_iobufs +Set to true if the server should expect +\fIIoBuffer\fR +messages to follow (for I/O logging) or false if the server should only +store the event log. +.PP +If an +\fIAcceptMessage\fR +is sent, the client must not send a +\fIRejectMessage\fR +or +\fIRestartMessage\fR. +.SS "RejectMessage reject_msg" +.nf +.RS 0n +message RejectMessage { + TimeSpec submit_time = 1; + string reason = 2; + repeated InfoMessage info_msgs = 3; +} +.RE +.fi +.PP +A +\fIRejectMessage\fR +is sent by the client when a command is denied by the security policy. +It contains the following members: +.TP 8n +submit_time +The wall clock time when the command was submitted to the security policy. +.TP 8n +reason +The reason the security policy gave for denying the command. +.TP 8n +info_msgs +An array of +\fIInfoMessage\fR +describing the user who submitted the command as well as the execution +environment of the command. +This information is used to generate an event log entry. +.PP +If a +\fIRejectMessage\fR +is sent, the client must not send an +\fIAcceptMessage\fR +or +\fIRestartMessage\fR. +.SS "ExitMessage exit_msg" +.nf +.RS 0n +message ExitMessage { + TimeSpec run_time = 1; + int32 exit_value = 2; + bool dumped_core = 3; + string signal = 4; + string error = 5; +} +.PP +.RE +.fi +An +\fIExitMessage\fR +is sent by the client after the command has exited or has been +terminated by a signal. +It contains the following members: +.TP 8n +run_time +The total amount of elapsed time since the command started, +calculated using a monotonic clock where possible. +This is not the wall clock time. +.TP 8n +exit_value +The command's exit value in the range 0-255. +.TP 8n +dumped_core +True if the command was terminated by a signal and dumped core. +.TP 8n +signal +If the command was terminated by a signal, this is set to the +name of the signal without the leading +\(lqSIG\(rq. +For example, +\fRINT\fR, +\fRTERM\fR, +\fRKILL\fR, +\fRSEGV\fR. +.TP 8n +error +A message from the client indicating that the command was terminated +unexpectedly due to an error. +.PP +When performing I/O logging, the client should wait for a +\fIcommit_point\fR +corresponding to the final +\fIIoBuffer\fR +before closing the connection unless the final +\fIcommit_point\fR +has already been received. +.SS "RestartMessage restart_msg" +.nf +.RS 0n +message RestartMessage { + string log_id = 1; + TimeSpec resume_point = 2; +} +.RE +.fi +.PP +A +\fIRestartMessage\fR +is sent by the client to resume sending an existing I/O log that +was previously interrupted. +It contains the following members: +.TP 8n +log_id +The the server-side name for an I/O log that was previously +sent to the client by the server. +This may be a path name on the server or some other kind of server-side +identifier. +.TP 8n +resume_point +The point in time after which to resume the I/O log. +This is in the form of a +\fITimeSpec\fR +representing the amount of time since the command started, not +the wall clock time. +The +\fIresume_point\fR +should correspond to a +\fIcommit_point\fR +previously sent to the client by the server. +If the server receives a +\fIRestartMessage\fR +containing a +\fIresume_point\fR +it has not previously seen, an error will be returned to the client +and the connection will be dropped. +.PP +If a +\fIRestartMessage\fR +is sent, the client must not send an +\fIAcceptMessage\fR +or +\fIRejectMessage\fR. +.SS "AlertMessage alert_msg" +.nf +.RS 0n +message AlertMessage { + TimeSpec alert_time = 1; + string reason = 2; +} +.RE +.fi +.PP +An +\fIAlertMessage\fR +is sent by the client to indicate a problem detected by the security +policy while the command is running that should be stored in the event log. +It contains the following members: +.TP 8n +alert_time +The wall clock time when the alert occurred. +.TP 8n +reason +The reason for the alert. +.SS "IoBuffer ttyin_buf | ttyout_buf | stdin_buf | stdout_buf | stderr_buf" +.nf +.RS 0n +message IoBuffer { + TimeSpec delay = 1; + bytes data = 2; +} +.RE +.fi +.PP +An +\fIIoBuffer\fR +is used to represent data from terminal input, terminal +output, standard input, standard output or standard error. +It contains the following members: +.TP 8n +delay +The elapsed time since the last record in the form of a +\fITimeSpec\fR. +The +\fIdelay\fR +should be calculated using a monotonic clock where possible. +.TP 8n +data +The binary I/O log data from terminal input, terminal output, +standard input, standard output or standard error. +.SS "ChangeWindowSize winsize_event" +.nf +.RS 0n +message ChangeWindowSize { + TimeSpec delay = 1; + int32 rows = 2; + int32 cols = 3; +} +.RE +.fi +.PP +A +\fIChangeWindowSize\fR +message is sent by the client when the terminal running the command +changes size. +It contains the following members: +.TP 8n +delay +The elapsed time since the last record in the form of a +\fITimeSpec\fR. +The +\fIdelay\fR +should be calculated using a monotonic clock where possible. +.TP 8n +rows +The new number of terminal rows. +.TP 8n +cols +The new number of terminal columns. +.SS "CommandSuspend suspend_event" +.nf +.RS 0n +message CommandSuspend { + TimeSpec delay = 1; + string signal = 2; +} +.RE +.fi +.PP +A +\fICommandSuspend\fR +message is sent by the client when the command is either suspended +or resumed. +It contains the following members: +.TP 8n +delay +The elapsed time since the last record in the form of a +\fITimeSpec\fR. +The +\fIdelay\fR +should be calculated using a monotonic clock where possible. +.TP 8n +signal +The signal name without the leading +\(lqSIG\(rq. +For example, +\fRSTOP\fR, +\fRTSTP\fR, +\fRCONT\fR. +.SH "Server Messages" +A +\fIServerMessage\fR +is a container used to encapsulate all the possible message types +the server may send to a client. +.nf +.sp +.RS 0n +message ServerMessage { + oneof type { + ServerHello hello = 1; + TimeSpec commit_point = 2; + string log_id = 3; + string error = 4; + string abort = 5; + } +} +.RE +.fi +.PP +The different +\fIServerMessage\fR +sub-messages the server may sent to the client are described below. +.SS "ServerHello hello" +.nf +.RS 0n +message ServerHello { + string server_id = 1; + string redirect = 2; + repeated string servers = 3; +} +.RE +.fi +.PP +The +\fIServerHello\fR +message consists of server information sent when the client first connects. +It contains the following members: +.TP 8n +server_id +A free-form server description. +Usually this includes the name and version of the implementation +running on the log server. +This member is always present. +.TP 8n +redirect +A host and port separated by a colon +(\(oq\(cq): +that the client should connect to instead. +The host may be a host name, an IPv4 address, or an IPv6 address +in square brackets. +This may be used for server load balancing. +The server will disconnect after sending the +\fIServerHello\fR +when it includes a +\fBredirect\fR. +.TP 8n +servers +.br +A list of other known log servers. +This can be used to implement log server redundancy and allows the +client to discover all other log servers simply by connecting to +one known server. +This member may be omitted when there is only a single log server. +.SS "TimeSpec commit_point" +A periodic time stamp sent by the server to indicate when I/O log +buffers have been committed to storage. +This message is not sent after every +\fIIoBuffer\fR +but rather at a server-configurable interval. +When the server receives an +\fIExitMessage\fR, +it will respond with a +\fIcommit_point\fR +corresponding to the last received +\fIIoBuffer\fR +before closing the connection. +.SS "string log_id" +The server-side ID of the I/O log being stored, sent in response +to an +\fIAcceptMessage\fR +where +\fIexpect_iobufs\fR +is true. +.SS "string error" +A fatal server-side error. +The server will close the connection after sending the +\fIerror\fR +message. +.SS "string abort" +An +\fIabort\fR +message from the server indicates that the client should kill the +command and terminate the session. +It may be used to implement simple server-side policy. +The server will close the connection after sending the +\fIabort\fR +message. +.SH "Protocol flow of control" +The expected protocol flow is as follows: +.TP 5n +1.\& +Client connects to the first available server. +If the client is configured to use TLS, a TLS handshake will be +attempted. +.TP 5n +2.\& +Client sends +\fIClientHello\fR. +This is currently optional but allows the server to detect a +non-TLS connection on the TLS port. +.TP 5n +3.\& +Server sends +\fIServerHello\fR. +.TP 5n +4.\& +Client responds with either +\fIAcceptMessage\fR, +\fIRejectMessage\fR, +or +\fIRestartMessage\fR. +.TP 5n +5.\& +If client sent a +\fIAcceptMessage\fR +with +\fIexpect_iobufs\fR +set, server creates a new I/O log and responds with a +\fIlog_id\fR. +.TP 5n +6.\& +Client sends zero or more +\fIIoBuffer\fR +messages. +.TP 5n +7.\& +Server periodically responds to +\fIIoBuffer\fR +messages with a +\fIcommit_point\fR. +.TP 5n +8.\& +Client sends an +\fIExitMessage\fR +when the command exits or is killed. +.TP 5n +9.\& +Server sends the final +\fIcommit_point\fR +if one is pending. +.TP 5n +10.\& +Server closes the connection. +After receiving the final +\fIcommit_point\fR, +the client shuts down its side of the TLS connection if TLS +is in use, and closes the connection. +.TP 5n +11.\& +Server shuts down its side of the TLS connection if TLS is in use, +and closes the connection. +.PP +At any point, the server may send an +\fIerror\fR +or +\fIabort\fR +message to the client at which point the server will close the +connection. +If an +\fIabort\fR +message is received, the client should terminate the running command. +.SH "EVENT LOG VARIABLES" +\fIAcceptMessage\fR +and +\fIRejectMessage\fR +classes contain an array of +\fIInfoMessage\fR +that should contain information about the user who submitted the command +as well as information about the execution environment of the command +if it was accepted. +.PP +Some variables have a +\fIclient\fR, +\fIrun\fR, +or +\fIsubmit\fR +prefix. +These prefixes are used to eliminate ambiguity for variables that +could apply to the client program, the user submitting the command, +or the command being run. +Variables with a +\fIclient\fR +prefix pertain to the program performing the connection to the log +server, for example +\fBsudo\fR. +Variables with a +\fIrun\fR +prefix pertain to the command that the user requested be run. +Variables with a +\fIsubmit\fR +prefix pertain to the user submitting the request +(the user running \fBsudo\fR). +.PP +The following +\fIInfoMessage\fR +entries are required: +.TS +l l l. +.PP +\fBKey\fR \fBType\fR \fBDescription\fR +.PP +command string command that was submitted +.PP +runuser string name of user the command was run as +.PP +submithost string name of host the command was submitted on +.PP +submituser string name of user submitting the command +.TE +.PP +The following +\fIInfoMessage\fR +entries are recognized, but not required: +.TS +l l l. +.PP +\fBKey\fR \fBType\fR \fBDescription\fR +.PP +clientargv StringList client's original argument vector +.PP +clientpid int64 client's process ID +.PP +clientppid int64 client's parent process ID +.PP +clientsid int64 client's terminal session ID +.PP +columns int64 number of columns in the terminal +.PP +lines int64 number of lines in the terminal +.PP +runargv StringList argument vector of command to run +.PP +runchroot string root directory of command to run +.PP +runcwd string running command's working directory +.PP +runenv StringList the running command's environment +.PP +rungid int64 primary group-ID of the command +.PP +rungids NumberList supplementary group-IDs for the command +.PP +rungroup string primary group name of the command +.PP +rungroups StringList supplementary group names for the command +.PP +runuid int64 run user's user-ID +.PP +submitcwd string submit user's current working directory +.PP +submitenv StringList the submit user's environment +.PP +submitgid int64 submit user's primary group-ID +.PP +submitgids NumberList submit user's supplementary group-IDs +.PP +submitgroup string submitting user's primary group name +.PP +submitgroups StringList submit user's supplementary group names +.PP +submituid int64 submit user's user-ID +.PP +ttyname string the terminal the command was submitted from +.TE +.PP +The server must accept other variables not listed above but may +ignore them. +.SH "EXAMPLES" +The Protocol Buffers description of the log server protocol is included +in full below. +Note that this uses the newer +\(lqproto3\(rq +syntax. +.nf +.sp +.RS 0n +syntax = "proto3"; + +/* + * Client message to the server. Messages on the wire are + * prefixed with a 32-bit size in network byte order. + */ +message ClientMessage { + oneof type { + AcceptMessage accept_msg = 1; + RejectMessage reject_msg = 2; + ExitMessage exit_msg = 3; + RestartMessage restart_msg = 4; + AlertMessage alert_msg = 5; + IoBuffer ttyin_buf = 6; + IoBuffer ttyout_buf = 7; + IoBuffer stdin_buf = 8; + IoBuffer stdout_buf = 9; + IoBuffer stderr_buf = 10; + ChangeWindowSize winsize_event = 11; + CommandSuspend suspend_event = 12; + } +} + +/* Equivalent of POSIX struct timespec */ +message TimeSpec { + int64 tv_sec = 1; /* seconds */ + int32 tv_nsec = 2; /* nanoseconds */ +} + +/* I/O buffer with keystroke data */ +message IoBuffer { + TimeSpec delay = 1; /* elapsed time since last record */ + bytes data = 2; /* keystroke data */ +} + +/* + * Key/value pairs, like Privilege Manager struct info. + * The value may be a number, a string, or a list of strings. + */ +message InfoMessage { + message StringList { + repeated string strings = 1; + } + message NumberList { + repeated int64 numbers = 1; + } + string key = 1; + oneof value { + int64 numval = 2; + string strval = 3; + StringList strlistval = 4; + NumberList numlistval = 5; + } +} + +/* + * Event log data for command accepted by the policy. + */ +message AcceptMessage { + TimeSpec submit_time = 1; /* when command was submitted */ + repeated InfoMessage info_msgs = 2; /* key,value event log data */ + bool expect_iobufs = 3; /* true if I/O logging enabled */ +} + +/* + * Event log data for command rejected by the policy. + */ +message RejectMessage { + TimeSpec submit_time = 1; /* when command was submitted */ + string reason = 2; /* reason command was rejected */ + repeated InfoMessage info_msgs = 3; /* key,value event log data */ +} + +/* Message sent by client when command exits. */ +/* Might revisit runtime and use end_time instead */ +message ExitMessage { + TimeSpec run_time = 1; /* total elapsed run time */ + int32 exit_value = 2; /* 0-255 */ + bool dumped_core = 3; /* true if command dumped core */ + string signal = 4; /* signal name if killed by signal */ + string error = 5; /* if killed due to other error */ +} + +/* Alert message, policy module-specific. */ +message AlertMessage { + TimeSpec alert_time = 1; /* time alert message occurred */ + string reason = 2; /* description of policy violation */ +} + +/* Used to restart an existing I/O log on the server. */ +message RestartMessage { + string log_id = 1; /* ID of log being restarted */ + TimeSpec resume_point = 2; /* resume point (elapsed time) */ +} + +/* Window size change event. */ +message ChangeWindowSize { + TimeSpec delay = 1; /* elapsed time since last record */ + int32 rows = 2; /* new number of rows */ + int32 cols = 3; /* new number of columns */ +} + +/* Command suspend/resume event. */ +message CommandSuspend { + TimeSpec delay = 1; /* elapsed time since last record */ + string signal = 2; /* signal that caused suspend/resume */ +} + +/* + * Server messages to the client. Messages on the wire are + * prefixed with a 32-bit size in network byte order. + */ +message ServerMessage { + oneof type { + ServerHello hello = 1; /* server hello message */ + TimeSpec commit_point = 2; /* cumulative time of records stored */ + string log_id = 3; /* ID of server-side I/O log */ + string error = 4; /* error message from server */ + string abort = 5; /* abort message, kill command */ + } +} + +/* Hello message from server when client connects. */ +message ServerHello { + string server_id = 1; /* free-form server description */ + string redirect = 2; /* optional redirect if busy */ + repeated string servers = 3; /* optional list of known servers */ +} +.RE +.fi +.SH "SEE ALSO" +sudo_logsrvd.conf(@mansectform@), +sudoers(@mansectform@), +sudo(8), +sudo_logsrvd(8) +.PP +\fIProtocol Buffers\fR, +https://developers.google.com/protocol-buffers/. +.SH "HISTORY" +See the HISTORY file in the +\fBsudo\fR +distribution (https://www.sudo.ws/history.html) for a brief +history of sudo. +.SH "AUTHORS" +Many people have worked on +\fBsudo\fR +over the years; this version consists of code written primarily by: +.sp +.RS 6n +Todd C. Miller +.RE +.PP +See the CONTRIBUTORS file in the +\fBsudo\fR +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +\fBsudo\fR. +.SH "BUGS" +If you feel you have found a bug in +\fBsudo\fR, +please submit a bug report at https://bugzilla.sudo.ws/ +.SH "SUPPORT" +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.SH "DISCLAIMER" +\fBsudo\fR +is provided +\(lqAS IS\(rq +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +\fBsudo\fR +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.8.31/doc/sudo_logsrv.proto.mdoc.in sudo-1.9.0/doc/sudo_logsrv.proto.mdoc.in --- sudo-1.8.31/doc/sudo_logsrv.proto.mdoc.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/doc/sudo_logsrv.proto.mdoc.in 2020-05-11 16:28:22.000000000 +0000 @@ -0,0 +1,809 @@ +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2019-2020 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd May 4, 2020 +.Dt SUDO_LOGSRV.PROTO @mansectform@ +.Os Sudo @PACKAGE_VERSION@ +.Sh NAME +.Nm sudo_logsrv.proto +.Nd Sudo log server protocol +.Sh DESCRIPTION +Starting with version 1.9.0, +.Nm sudo +supports sending event and I/O logs to a log server. +The protocol used is written in Google's Protocol Buffers domain +specific language. +The +.Sx EXAMPLES +section includes a complete description of the protocol in Protocol +Buffers format. +.Pp +Because there is no way to determine message boundaries when using +Protocol Buffers, the wire size of each message is sent immediately +preceding the message itself as a 32-bit unsigned integer in network +byte order. +This is referred to as +.Dq length-prefix framing +and is how Google suggests handling the lack of message delimiters. +.Pp +The protocol is made up of two basic messages, +.Em ClientMessage +and +.Em ServerMessage , +described below. +The server must accept messages up to two megabytes in size. +The server may return an error if the client tries to send a message +larger than two megabytes. +.Sh Client Messages +A +.Em ClientMessage +is a container used to encapsulate all the possible message types +a client may send to the server. +.Bd -literal +message ClientMessage { + oneof type { + AcceptMessage accept_msg = 1; + RejectMessage reject_msg = 2; + ExitMessage exit_msg = 3; + RestartMessage restart_msg = 4; + AlertMessage alert_msg = 5; + IoBuffer ttyin_buf = 6; + IoBuffer ttyout_buf = 7; + IoBuffer stdin_buf = 8; + IoBuffer stdout_buf = 9; + IoBuffer stderr_buf = 10; + ChangeWindowSize winsize_event = 11; + CommandSuspend suspend_event = 12; + ClientHello hello_msg = 13; + } +} +.Ed +.Pp +The different +.Em ClientMessage +sub-messages the client may sent to the server are described below. +.Ss TimeSpec +.Bd -literal +message TimeSpec { + int64 tv_sec = 1; + int32 tv_nsec = 2; +} +.Ed +.Pp +A +.Em TimeSpec +is the equivalent of a POSIX +.Li struct timespec , +containing seconds and nanoseconds members. +The +.Em tv_sec +member is a 64-bit integer to support dates after the year 2038. +.Ss InfoMessage +.Bd -literal +message InfoMessage { + message StringList { + repeated string strings = 1; + } + message NumberList { + repeated int64 numbers = 1; + } + string key = 1; + oneof value { + int64 numval = 2; + string strval = 3; + StringList strlistval = 4; + NumberList numlistval = 5; + } +} +.Ed +.Pp +An +.Em InfoMessage +is used to represent information about the invoking user as well as the +execution environment the command runs in the form of key-value pairs. +The key is always a string but the value may be a 64-bit integer, +a string, an array of strings or an array of 64-bit integers. +The event log data is composed of +.Em InfoMessage +entries. +See the +.Sx EVENT LOG VARIABLES +section for more information. +.Ss ClientHello hello_msg +.Bd -literal +message ClientHello { + string client_id = 1; +} +.Ed +.Pp +A +.Em ClientHello +message consists of client information that may be sent to the +server when the client first connects. +.Bl -tag -width Ds +.It client_id +A free-form client description. +This usually includes the name and version of the client implementation. +.El +.Ss AcceptMessage accept_msg +.Bd -literal +message AcceptMessage { + TimeSpec submit_time = 1; + repeated InfoMessage info_msgs = 2; + bool expect_iobufs = 3; +} +.Ed +.Pp +An +.Em AcceptMessage +is sent by the client when a command is allowed by the security policy. +It contains the following members: +.Bl -tag -width Ds +.It submit_time +The wall clock time when the command was submitted to the security policy. +.It info_msgs +An array of +.Em InfoMessage +describing the user who submitted the command as well as the execution +environment of the command. +This information is used to generate an event log entry and may also be +used by server to determine where and how the I/O log is stored. +as choose the +.It expect_iobufs +Set to true if the server should expect +.Em IoBuffer +messages to follow (for I/O logging) or false if the server should only +store the event log. +.El +.Pp +If an +.Em AcceptMessage +is sent, the client must not send a +.Em RejectMessage +or +.Em RestartMessage . +.Ss RejectMessage reject_msg +.Bd -literal +message RejectMessage { + TimeSpec submit_time = 1; + string reason = 2; + repeated InfoMessage info_msgs = 3; +} +.Ed +.Pp +A +.Em RejectMessage +is sent by the client when a command is denied by the security policy. +It contains the following members: +.Bl -tag -width Ds +.It submit_time +The wall clock time when the command was submitted to the security policy. +.It reason +The reason the security policy gave for denying the command. +.It info_msgs +An array of +.Em InfoMessage +describing the user who submitted the command as well as the execution +environment of the command. +This information is used to generate an event log entry. +.El +.Pp +If a +.Em RejectMessage +is sent, the client must not send an +.Em AcceptMessage +or +.Em RestartMessage . +.Ss ExitMessage exit_msg +.Bd -literal +message ExitMessage { + TimeSpec run_time = 1; + int32 exit_value = 2; + bool dumped_core = 3; + string signal = 4; + string error = 5; +} +.Pp +.Ed +An +.Em ExitMessage +is sent by the client after the command has exited or has been +terminated by a signal. +It contains the following members: +.Bl -tag -width Ds +.It run_time +The total amount of elapsed time since the command started, +calculated using a monotonic clock where possible. +This is not the wall clock time. +.It exit_value +The command's exit value in the range 0-255. +.It dumped_core +True if the command was terminated by a signal and dumped core. +.It signal +If the command was terminated by a signal, this is set to the +name of the signal without the leading +.Dq SIG . +For example, +.Li INT , +.Li TERM , +.Li KILL , +.Li SEGV . +.It error +A message from the client indicating that the command was terminated +unexpectedly due to an error. +.El +.Pp +When performing I/O logging, the client should wait for a +.Em commit_point +corresponding to the final +.Em IoBuffer +before closing the connection unless the final +.Em commit_point +has already been received. +.Ss RestartMessage restart_msg +.Bd -literal +message RestartMessage { + string log_id = 1; + TimeSpec resume_point = 2; +} +.Ed +.Pp +A +.Em RestartMessage +is sent by the client to resume sending an existing I/O log that +was previously interrupted. +It contains the following members: +.Bl -tag -width Ds +.It log_id +The the server-side name for an I/O log that was previously +sent to the client by the server. +This may be a path name on the server or some other kind of server-side +identifier. +.It resume_point +The point in time after which to resume the I/O log. +This is in the form of a +.Em TimeSpec +representing the amount of time since the command started, not +the wall clock time. +The +.Em resume_point +should correspond to a +.Em commit_point +previously sent to the client by the server. +If the server receives a +.Em RestartMessage +containing a +.Em resume_point +it has not previously seen, an error will be returned to the client +and the connection will be dropped. +.El +.Pp +If a +.Em RestartMessage +is sent, the client must not send an +.Em AcceptMessage +or +.Em RejectMessage . +.Ss AlertMessage alert_msg +.Bd -literal +message AlertMessage { + TimeSpec alert_time = 1; + string reason = 2; +} +.Ed +.Pp +An +.Em AlertMessage +is sent by the client to indicate a problem detected by the security +policy while the command is running that should be stored in the event log. +It contains the following members: +.Bl -tag -width Ds +.It alert_time +The wall clock time when the alert occurred. +.It reason +The reason for the alert. +.El +.Ss IoBuffer ttyin_buf | ttyout_buf | stdin_buf | stdout_buf | stderr_buf +.Bd -literal +message IoBuffer { + TimeSpec delay = 1; + bytes data = 2; +} +.Ed +.Pp +An +.Em IoBuffer +is used to represent data from terminal input, terminal +output, standard input, standard output or standard error. +It contains the following members: +.Bl -tag -width Ds +.It delay +The elapsed time since the last record in the form of a +.Em TimeSpec . +The +.Em delay +should be calculated using a monotonic clock where possible. +.It data +The binary I/O log data from terminal input, terminal output, +standard input, standard output or standard error. +.El +.Ss ChangeWindowSize winsize_event +.Bd -literal +message ChangeWindowSize { + TimeSpec delay = 1; + int32 rows = 2; + int32 cols = 3; +} +.Ed +.Pp +A +.Em ChangeWindowSize +message is sent by the client when the terminal running the command +changes size. +It contains the following members: +.Bl -tag -width Ds +.It delay +The elapsed time since the last record in the form of a +.Em TimeSpec . +The +.Em delay +should be calculated using a monotonic clock where possible. +.It rows +The new number of terminal rows. +.It cols +The new number of terminal columns. +.El +.Ss CommandSuspend suspend_event +.Bd -literal +message CommandSuspend { + TimeSpec delay = 1; + string signal = 2; +} +.Ed +.Pp +A +.Em CommandSuspend +message is sent by the client when the command is either suspended +or resumed. +It contains the following members: +.Bl -tag -width Ds +.It delay +The elapsed time since the last record in the form of a +.Em TimeSpec . +The +.Em delay +should be calculated using a monotonic clock where possible. +.It signal +The signal name without the leading +.Dq SIG . +For example, +.Li STOP , +.Li TSTP , +.Li CONT . +.El +.Sh Server Messages +A +.Em ServerMessage +is a container used to encapsulate all the possible message types +the server may send to a client. +.Bd -literal +message ServerMessage { + oneof type { + ServerHello hello = 1; + TimeSpec commit_point = 2; + string log_id = 3; + string error = 4; + string abort = 5; + } +} +.Ed +.Pp +The different +.Em ServerMessage +sub-messages the server may sent to the client are described below. +.Ss ServerHello hello +.Bd -literal +message ServerHello { + string server_id = 1; + string redirect = 2; + repeated string servers = 3; +} +.Ed +.Pp +The +.Em ServerHello +message consists of server information sent when the client first connects. +It contains the following members: +.Bl -tag -width Ds +.It server_id +A free-form server description. +Usually this includes the name and version of the implementation +running on the log server. +This member is always present. +.It redirect +A host and port separated by a colon +.Pq Ql : +that the client should connect to instead. +The host may be a host name, an IPv4 address, or an IPv6 address +in square brackets. +This may be used for server load balancing. +The server will disconnect after sending the +.Em ServerHello +when it includes a +.Sy redirect . +.It servers +A list of other known log servers. +This can be used to implement log server redundancy and allows the +client to discover all other log servers simply by connecting to +one known server. +This member may be omitted when there is only a single log server. +.El +.Ss TimeSpec commit_point +A periodic time stamp sent by the server to indicate when I/O log +buffers have been committed to storage. +This message is not sent after every +.Em IoBuffer +but rather at a server-configurable interval. +When the server receives an +.Em ExitMessage , +it will respond with a +.Em commit_point +corresponding to the last received +.Em IoBuffer +before closing the connection. +.Ss string log_id +The server-side ID of the I/O log being stored, sent in response +to an +.Em AcceptMessage +where +.Em expect_iobufs +is true. +.Ss string error +A fatal server-side error. +The server will close the connection after sending the +.Em error +message. +.Ss string abort +An +.Em abort +message from the server indicates that the client should kill the +command and terminate the session. +It may be used to implement simple server-side policy. +The server will close the connection after sending the +.Em abort +message. +.Sh Protocol flow of control +The expected protocol flow is as follows: +.Bl -enum +.It +Client connects to the first available server. +If the client is configured to use TLS, a TLS handshake will be +attempted. +.It +Client sends +.Em ClientHello . +This is currently optional but allows the server to detect a +non-TLS connection on the TLS port. +.It +Server sends +.Em ServerHello . +.It +Client responds with either +.Em AcceptMessage , +.Em RejectMessage , +or +.Em RestartMessage . +.It +If client sent a +.Em AcceptMessage +with +.Em expect_iobufs +set, server creates a new I/O log and responds with a +.Em log_id . +.It +Client sends zero or more +.Em IoBuffer +messages. +.It +Server periodically responds to +.Em IoBuffer +messages with a +.Em commit_point . +.It +Client sends an +.Em ExitMessage +when the command exits or is killed. +.It +Server sends the final +.Em commit_point +if one is pending. +.It +Server closes the connection. +After receiving the final +.Em commit_point , +the client shuts down its side of the TLS connection if TLS +is in use, and closes the connection. +.It +Server shuts down its side of the TLS connection if TLS is in use, +and closes the connection. +.El +.Pp +At any point, the server may send an +.Em error +or +.Em abort +message to the client at which point the server will close the +connection. +If an +.Em abort +message is received, the client should terminate the running command. +.Sh EVENT LOG VARIABLES +.Em AcceptMessage +and +.Em RejectMessage +classes contain an array of +.Em InfoMessage +that should contain information about the user who submitted the command +as well as information about the execution environment of the command +if it was accepted. +.Pp +Some variables have a +.Em client , +.Em run , +or +.Em submit +prefix. +These prefixes are used to eliminate ambiguity for variables that +could apply to the client program, the user submitting the command, +or the command being run. +Variables with a +.Em client +prefix pertain to the program performing the connection to the log +server, for example +.Nm sudo . +Variables with a +.Em run +prefix pertain to the command that the user requested be run. +Variables with a +.Em submit +prefix pertain to the user submitting the request +.Pq the user running Nm sudo . +.Pp +The following +.Em InfoMessage +entries are required: +.Bl -column "submitgroup" "stringlist" "name of host the command was submitted on" +.It Sy Key Ta Sy Type Ta Sy Description +.It command Ta string Ta command that was submitted +.It runuser Ta string Ta name of user the command was run as +.It submithost Ta string Ta name of host the command was submitted on +.It submituser Ta string Ta name of user submitting the command +.El +.Pp +The following +.Em InfoMessage +entries are recognized, but not required: +.Bl -column "submitgroup" "stringlist" "name of host the command was submitted on" +.It Sy Key Ta Sy Type Ta Sy Description +.It clientargv Ta StringList Ta client's original argument vector +.It clientpid Ta int64 Ta client's process ID +.It clientppid Ta int64 Ta client's parent process ID +.It clientsid Ta int64 Ta client's terminal session ID +.It columns Ta int64 Ta number of columns in the terminal +.It lines Ta int64 Ta number of lines in the terminal +.It runargv Ta StringList Ta argument vector of command to run +.It runchroot Ta string Ta root directory of command to run +.It runcwd Ta string Ta running command's working directory +.It runenv Ta StringList Ta the running command's environment +.It rungid Ta int64 Ta primary group-ID of the command +.It rungids Ta NumberList Ta supplementary group-IDs for the command +.It rungroup Ta string Ta primary group name of the command +.It rungroups Ta StringList Ta supplementary group names for the command +.It runuid Ta int64 Ta run user's user-ID +.It submitcwd Ta string Ta submit user's current working directory +.It submitenv Ta StringList Ta the submit user's environment +.It submitgid Ta int64 Ta submit user's primary group-ID +.It submitgids Ta NumberList Ta submit user's supplementary group-IDs +.It submitgroup Ta string Ta submitting user's primary group name +.It submitgroups Ta StringList Ta submit user's supplementary group names +.It submituid Ta int64 Ta submit user's user-ID +.It ttyname Ta string Ta the terminal the command was submitted from +.El +.Pp +The server must accept other variables not listed above but may +ignore them. +.Sh EXAMPLES +The Protocol Buffers description of the log server protocol is included +in full below. +Note that this uses the newer +.Dq proto3 +syntax. +.Bd -literal +syntax = "proto3"; + +/* + * Client message to the server. Messages on the wire are + * prefixed with a 32-bit size in network byte order. + */ +message ClientMessage { + oneof type { + AcceptMessage accept_msg = 1; + RejectMessage reject_msg = 2; + ExitMessage exit_msg = 3; + RestartMessage restart_msg = 4; + AlertMessage alert_msg = 5; + IoBuffer ttyin_buf = 6; + IoBuffer ttyout_buf = 7; + IoBuffer stdin_buf = 8; + IoBuffer stdout_buf = 9; + IoBuffer stderr_buf = 10; + ChangeWindowSize winsize_event = 11; + CommandSuspend suspend_event = 12; + } +} + +/* Equivalent of POSIX struct timespec */ +message TimeSpec { + int64 tv_sec = 1; /* seconds */ + int32 tv_nsec = 2; /* nanoseconds */ +} + +/* I/O buffer with keystroke data */ +message IoBuffer { + TimeSpec delay = 1; /* elapsed time since last record */ + bytes data = 2; /* keystroke data */ +} + +/* + * Key/value pairs, like Privilege Manager struct info. + * The value may be a number, a string, or a list of strings. + */ +message InfoMessage { + message StringList { + repeated string strings = 1; + } + message NumberList { + repeated int64 numbers = 1; + } + string key = 1; + oneof value { + int64 numval = 2; + string strval = 3; + StringList strlistval = 4; + NumberList numlistval = 5; + } +} + +/* + * Event log data for command accepted by the policy. + */ +message AcceptMessage { + TimeSpec submit_time = 1; /* when command was submitted */ + repeated InfoMessage info_msgs = 2; /* key,value event log data */ + bool expect_iobufs = 3; /* true if I/O logging enabled */ +} + +/* + * Event log data for command rejected by the policy. + */ +message RejectMessage { + TimeSpec submit_time = 1; /* when command was submitted */ + string reason = 2; /* reason command was rejected */ + repeated InfoMessage info_msgs = 3; /* key,value event log data */ +} + +/* Message sent by client when command exits. */ +/* Might revisit runtime and use end_time instead */ +message ExitMessage { + TimeSpec run_time = 1; /* total elapsed run time */ + int32 exit_value = 2; /* 0-255 */ + bool dumped_core = 3; /* true if command dumped core */ + string signal = 4; /* signal name if killed by signal */ + string error = 5; /* if killed due to other error */ +} + +/* Alert message, policy module-specific. */ +message AlertMessage { + TimeSpec alert_time = 1; /* time alert message occurred */ + string reason = 2; /* description of policy violation */ +} + +/* Used to restart an existing I/O log on the server. */ +message RestartMessage { + string log_id = 1; /* ID of log being restarted */ + TimeSpec resume_point = 2; /* resume point (elapsed time) */ +} + +/* Window size change event. */ +message ChangeWindowSize { + TimeSpec delay = 1; /* elapsed time since last record */ + int32 rows = 2; /* new number of rows */ + int32 cols = 3; /* new number of columns */ +} + +/* Command suspend/resume event. */ +message CommandSuspend { + TimeSpec delay = 1; /* elapsed time since last record */ + string signal = 2; /* signal that caused suspend/resume */ +} + +/* + * Server messages to the client. Messages on the wire are + * prefixed with a 32-bit size in network byte order. + */ +message ServerMessage { + oneof type { + ServerHello hello = 1; /* server hello message */ + TimeSpec commit_point = 2; /* cumulative time of records stored */ + string log_id = 3; /* ID of server-side I/O log */ + string error = 4; /* error message from server */ + string abort = 5; /* abort message, kill command */ + } +} + +/* Hello message from server when client connects. */ +message ServerHello { + string server_id = 1; /* free-form server description */ + string redirect = 2; /* optional redirect if busy */ + repeated string servers = 3; /* optional list of known servers */ +} +.Ed +.Sh SEE ALSO +.Xr sudo_logsrvd.conf @mansectform@ , +.Xr sudoers @mansectform@ , +.Xr sudo @mansectsu@ , +.Xr sudo_logsrvd @mansectsu@ +.Rs +.%T Protocol Buffers +.%U https://developers.google.com/protocol-buffers/ +.Re +.Sh HISTORY +See the HISTORY file in the +.Nm sudo +distribution (https://www.sudo.ws/history.html) for a brief +history of sudo. +.Sh AUTHORS +Many people have worked on +.Nm sudo +over the years; this version consists of code written primarily by: +.Bd -ragged -offset indent +.An Todd C. Miller +.Ed +.Pp +See the CONTRIBUTORS file in the +.Nm sudo +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +.Nm sudo . +.Sh BUGS +If you feel you have found a bug in +.Nm sudo , +please submit a bug report at https://bugzilla.sudo.ws/ +.Sh SUPPORT +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.Sh DISCLAIMER +.Nm sudo +is provided +.Dq AS IS +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +.Nm sudo +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.8.31/doc/sudo.man.in sudo-1.9.0/doc/sudo.man.in --- sudo-1.8.31/doc/sudo.man.in 2019-11-03 14:03:06.000000000 +0000 +++ sudo-1.9.0/doc/sudo.man.in 2020-05-11 16:28:22.000000000 +0000 @@ -2,7 +2,7 @@ .\" .\" SPDX-License-Identifier: ISC .\" -.\" Copyright (c) 1994-1996, 1998-2005, 2007-2019 +.\" Copyright (c) 1994-1996, 1998-2005, 2007-2020 .\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -25,7 +25,7 @@ .nr BA @BAMAN@ .nr LC @LCMAN@ .nr PS @PSMAN@ -.TH "SUDO" "@mansectsu@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" +.TH "SUDO" "@mansectsu@" "May 7, 2020" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" .nh .if n .ad l .SH "NAME" @@ -290,6 +290,7 @@ from the user's environment. The security policy may return an error if the user does not have permission to preserve the environment. +This option may be specified multiple times. .TP 12n \fB\-e\fR, \fB\--edit\fR Edit one or more files instead of running a command. @@ -686,6 +687,13 @@ \fBsudo\fR should stop processing command line arguments. .PP +Options that take a value may only be specified once unless +otherwise indicated in the description. +This is to help guard against problems caused by poorly written +scripts that invoke +\fBsudo\fR +with user-controlled input. +.PP Environment variables to be set for the command may also be passed on the command line in the form of \fIVAR\fR=\fIvalue\fR, @@ -835,6 +843,10 @@ and \fIpam_setcred\fR are enabled by default on systems using PAM. +.PP +On systems that use PAM, the security policy's close function +is responsible for closing the PAM session. +It may also log the command's exit status. .SS "Signal handling" When the command is run as a child of the \fBsudo\fR @@ -1136,7 +1148,9 @@ option is specified. .TP 17n \fRSUDO_COMMAND\fR -Set to the command run by sudo. +Set to the command run by sudo, including command line arguments. +The command line arguments are truncated at 4096 characters to +prevent a potential execution error. .TP 17n \fRSUDO_EDITOR\fR Default editor to use in diff -Nru sudo-1.8.31/doc/sudo.mdoc.in sudo-1.9.0/doc/sudo.mdoc.in --- sudo-1.8.31/doc/sudo.mdoc.in 2019-11-03 14:03:06.000000000 +0000 +++ sudo-1.9.0/doc/sudo.mdoc.in 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ .\" .\" SPDX-License-Identifier: ISC .\" -.\" Copyright (c) 1994-1996, 1998-2005, 2007-2019 +.\" Copyright (c) 1994-1996, 1998-2005, 2007-2020 .\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -24,7 +24,7 @@ .nr BA @BAMAN@ .nr LC @LCMAN@ .nr PS @PSMAN@ -.Dd October 20, 2019 +.Dd May 7, 2020 .Dt SUDO @mansectsu@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -280,6 +280,7 @@ from the user's environment. The security policy may return an error if the user does not have permission to preserve the environment. +This option may be specified multiple times. .It Fl e , -edit Edit one or more files instead of running a command. In lieu of a path name, the string "sudoedit" is used when consulting @@ -638,6 +639,13 @@ should stop processing command line arguments. .El .Pp +Options that take a value may only be specified once unless +otherwise indicated in the description. +This is to help guard against problems caused by poorly written +scripts that invoke +.Nm sudo +with user-controlled input. +.Pp Environment variables to be set for the command may also be passed on the command line in the form of .Ar VAR Ns = Ns Ar value , @@ -776,6 +784,10 @@ and .Em pam_setcred are enabled by default on systems using PAM. +.Pp +On systems that use PAM, the security policy's close function +is responsible for closing the PAM session. +It may also log the command's exit status. .Ss Signal handling When the command is run as a child of the .Nm @@ -1067,7 +1079,9 @@ .Fl A option is specified. .It Ev SUDO_COMMAND -Set to the command run by sudo. +Set to the command run by sudo, including command line arguments. +The command line arguments are truncated at 4096 characters to +prevent a potential execution error. .It Ev SUDO_EDITOR Default editor to use in .Fl e diff -Nru sudo-1.8.31/doc/sudo_plugin.man.in sudo-1.9.0/doc/sudo_plugin.man.in --- sudo-1.8.31/doc/sudo_plugin.man.in 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/doc/sudo_plugin.man.in 2020-05-11 16:28:23.000000000 +0000 @@ -2,7 +2,7 @@ .\" .\" SPDX-License-Identifier: ISC .\" -.\" Copyright (c) 2009-2019 Todd C. Miller +.\" Copyright (c) 2009-2020 Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -16,7 +16,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.TH "SUDO_PLUGIN" "5" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDO_PLUGIN" "5" "April 1, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -71,23 +71,25 @@ unsigned int type; /* always SUDO_POLICY_PLUGIN */ unsigned int version; /* always SUDO_API_VERSION */ int (*open)(unsigned int version, sudo_conv_t conversation, - sudo_printf_t plugin_printf, char * const settings[], - char * const user_info[], char * const user_env[], - char * const plugin_options[]); + sudo_printf_t plugin_printf, char * const settings[], + char * const user_info[], char * const user_env[], + char * const plugin_options[], const char **errstr); void (*close)(int exit_status, int error); int (*show_version)(int verbose); int (*check_policy)(int argc, char * const argv[], - char *env_add[], char **command_info[], - char **argv_out[], char **user_env_out[]); + char *env_add[], char **command_info[], + char **argv_out[], char **user_env_out[], const char **errstr); int (*list)(int argc, char * const argv[], int verbose, - const char *list_user); - int (*validate)(void); + const char *list_user, const char **errstr); + int (*validate)(const char **errstr); void (*invalidate)(int remove); - int (*init_session)(struct passwd *pwd, char **user_env[]); + int (*init_session)(struct passwd *pwd, char **user_env[], + const char **errstr); void (*register_hooks)(int version, int (*register_hook)(struct sudo_hook *hook)); void (*deregister_hooks)(int version, int (*deregister_hook)(struct sudo_hook *hook)); + struct sudo_plugin_event * (*event_alloc)(void); }; .RE .fi @@ -114,9 +116,9 @@ .nf .RS 6n int (*open)(unsigned int version, sudo_conv_t conversation, - sudo_printf_t plugin_printf, char * const settings[], - char * const user_info[], char * const user_env[], - char * const plugin_options[]); + sudo_printf_t plugin_printf, char * const settings[], + char * const user_info[], char * const user_env[], + char * const plugin_options[], const char **errstr); .RE .fi .RS 6n @@ -146,14 +148,17 @@ conversation A pointer to the \fBconversation\fR() -function that can be used by the plugin to interact with the user (see below). +function that can be used by the plugin to interact with the user (see +\fIConversation API\fR +for details). Returns 0 on success and \-1 on failure. .TP 6n plugin_printf A pointer to a \fBprintf\fR()-style -function that may be used to display informational or error messages -(see below). +function that may be used to display informational or error messages (see +\fIConversation API\fR +for details). Returns the number of characters printed on success and \-1 on failure. .TP 6n settings @@ -182,6 +187,9 @@ itself but the \fIvalue\fR might. +.sp +The following values may be set by +\fBsudo\fR: .PP .RS 6n .PD 0 @@ -446,6 +454,9 @@ itself but the \fIvalue\fR might. +.sp +The following values may be set by +\fBsudo\fR: .PP .RS 6n .PD 0 @@ -496,33 +507,6 @@ process. Only available starting with API version 1.2. .TP 6n -plugin_options -Any (non-comment) strings immediately after the plugin path are -passed as arguments to the plugin. -These arguments are split on a white space boundary and are passed to -the plugin in the form of a -\fRNULL\fR-terminated -array of strings. -If no arguments were -specified, -\fIplugin_options\fR -will be the -\fRNULL\fR -pointer. -.sp -NOTE: the -\fIplugin_options\fR -parameter is only available starting with -API version 1.2. -A plugin -\fBmust\fR -check the API version specified -by the -\fBsudo\fR -front end before using -\fIplugin_options\fR. -Failure to do so may result in a crash. -.TP 6n ppid=int The parent process ID of the running \fBsudo\fR @@ -541,8 +525,7 @@ The ID of the foreground process group associated with the terminal device associated with the \fBsudo\fR -process or \-1 if there is no -terminal present. +process or 0 if there is no terminal present. Only available starting with API version 1.2. .TP 6n tty=string @@ -585,6 +568,60 @@ itself but the \fIvalue\fR might. +.TP 6n +plugin_options +Any (non-comment) strings immediately after the plugin path are +passed as arguments to the plugin. +These arguments are split on a white space boundary and are passed to +the plugin in the form of a +\fRNULL\fR-terminated +array of strings. +If no arguments were +specified, +\fIplugin_options\fR +will be the +\fRNULL\fR +pointer. +.sp +NOTE: the +\fIplugin_options\fR +parameter is only available starting with +API version 1.2. +A plugin +\fBmust\fR +check the API version specified +by the +\fBsudo\fR +front end before using +\fIplugin_options\fR. +Failure to do so may result in a crash. +.TP 6n +errstr +If the +\fBopen\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.sp +NOTE: the +\fIerrstr\fR +parameter is only available starting with +API version 1.15. +A plugin +\fBmust\fR +check the API version specified by the +\fBsudo\fR +front end before using +\fIerrstr\fR. +Failure to do so may result in a crash. .PD 0 .PP .RE @@ -601,16 +638,29 @@ .sp The \fBclose\fR() -function is called when the command being run by +function is called when \fBsudo\fR -finishes. +is finished, shortly before it exits. +Starting with API version 1.15, +\fBclose\fR() +is called regardless of whether or not a command was actually executed. +This makes it possible for plugins to perform cleanup even when a +command was not run. +It is not possible to tell whether a command was run based solely +on the arguments passed to the +\fBclose\fR() +function. +To determine if a command was actually run, +the plugin must keep track of whether or not the +\fBcheck_policy\fR() +function returned successfully. .sp The function arguments are as follows: .TP 6n exit_status The command's exit status, as returned by the wait(2) -system call. +system call, or zero if no command was run. The value of \fRexit_status\fR is undefined if @@ -631,7 +681,7 @@ function. If the command was successfully executed, the value of \fRerror\fR -is 0. +is zero. .PP If no \fBclose\fR() @@ -680,9 +730,9 @@ check_policy .nf .RS 6n -int (*check_policy)(int argc, char * const argv[], - char *env_add[], char **command_info[], - char **argv_out[], char **user_env_out[]); +int (*check_policy)(int argc, char * const argv[], char *env_add[], + char **command_info[], char **argv_out[], char **user_env_out[], + const char **errstr); .RE .fi .RS 6n @@ -836,6 +886,21 @@ .TP 6n cwd=string The current working directory to change to when executing the command. +If +\fBsudo\fR +is unable to change to the new working directory, the command will +not be run unless +\fIcwd_optional\fR +is also set (see below). +.TP 6n +cwd_optional=bool +If enabled, +\fBsudo\fR +will treat an inability to change to the new working directory as a +non-fatal error. +This setting has no effect unless +\fIcwd\fR +is also set. .TP 6n exec_background=bool By default, @@ -1005,6 +1070,19 @@ runas_gid=gid Group-ID to run the command as. .TP 6n +runas_group=string +The name of the group the command will run as, if it is different +from the +\fIrunas_user\fR's +default group. +This value is provided for auditing purposes only, the +\fBsudo\fR +front-end uses +\fIrunas_egid\fR +and +\fIrunas_gid\fR +when executing the command. +.TP 6n runas_groups=list The supplementary group vector to use for the command in the form of a comma-separated list of group-IDs. @@ -1015,6 +1093,22 @@ runas_uid=uid User-ID to run the command as. .TP 6n +runas_user=string +The name of the user the command will run as, which should correspond to +\fIrunas_euid\fR +(or +\fIrunas_uid\fR +if +\fIrunas_euid\fR +is not set). +This value is provided for auditing purposes only, the +\fBsudo\fR +front-end uses +\fIrunas_euid\fR +and +\fIrunas_uid\fR +when executing the command. +.TP 6n selinux_role=string SELinux role to use when executing the command. .TP 6n @@ -1124,6 +1218,33 @@ \fRNULL\fR-terminated environment vector to use when executing the command. The plugin is responsible for allocating and populating the vector. +.TP 6n +errstr +If the +\fBcheck_policy\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.sp +NOTE: the +\fIerrstr\fR +parameter is only available starting with +API version 1.15. +A plugin +\fBmust\fR +check the API version specified by the +\fBsudo\fR +front end before using +\fIerrstr\fR. +Failure to do so may result in a crash. .PD 0 .PP .RE @@ -1132,8 +1253,8 @@ list .nf .RS 6n -int (*list)(int argc, char * const argv[], - int verbose, const char *list_user); +int (*list)(int argc, char * const argv[], int verbose, + const char *list_user, const char **errstr); .RE .fi .RS 6n @@ -1154,17 +1275,9 @@ or \fBplugin_printf\fR() function using -\fRSUDO_CONV_INFO_MSG\fR, -.TP 6n -verbose -Flag indicating whether to list in verbose mode or not. -.TP 6n -list_user -The name of a different user to list privileges for if the policy -allows it. -If -\fRNULL\fR, -the plugin should list the privileges of the invoking user. +\fRSUDO_CONV_INFO_MSG\fR. +.sp +The function arguments are as follows: .TP 6n argc The number of elements in @@ -1183,6 +1296,43 @@ system call. If the command is permitted by the policy, the fully-qualified path to the command should be displayed along with any command line arguments. +.TP 6n +verbose +Flag indicating whether to list in verbose mode or not. +.TP 6n +list_user +The name of a different user to list privileges for if the policy +allows it. +If +\fRNULL\fR, +the plugin should list the privileges of the invoking user. +.TP 6n +errstr +If the +\fBlist\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.sp +NOTE: the +\fIerrstr\fR +parameter is only available starting with +API version 1.15. +A plugin +\fBmust\fR +check the API version specified by the +\fBsudo\fR +front end before using +\fIerrstr\fR. +Failure to do so may result in a crash. .PD 0 .PP .RE @@ -1191,7 +1341,7 @@ validate .nf .RS 6n -int (*validate)(void); +int (*validate)(const char **errstr); .RE .fi .RS 6n @@ -1224,7 +1374,39 @@ \fRSUDO_CONF_ERROR_MSG\fR to present additional error information to the user. +.sp +The function arguments are as follows: +.TP 6n +errstr +If the +\fBvalidate\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.sp +NOTE: the +\fIerrstr\fR +parameter is only available starting with +API version 1.15. +A plugin +\fBmust\fR +check the API version specified by the +\fBsudo\fR +front end before using +\fIerrstr\fR. +Failure to do so may result in a crash. +.PD 0 +.PP .RE +.PD .TP 6n invalidate .nf @@ -1238,8 +1420,7 @@ \fBinvalidate\fR() function is called when \fBsudo\fR -is called with -the +is run with the \fB\-k\fR or \fB\-K\fR @@ -1264,7 +1445,7 @@ init_session .nf .RS 6n -int (*init_session)(struct passwd *pwd, char **user_envp[); +int (*init_session)(struct passwd *pwd, char **user_env_out[]); .RE .fi .RS 6n @@ -1295,7 +1476,7 @@ \fRNULL\fR. .sp The -\fIuser_env\fR +\fIuser_env_out\fR argument points to the environment the command will run in, in the form of a \fRNULL\fR-terminated @@ -1310,12 +1491,12 @@ \fBinit_session\fR() function needs to modify the user environment, it should update the pointer stored in -\fIuser_env\fR. +\fIuser_env_out\fR. The expected use case is to merge the contents of the PAM environment (if any) with the contents of -\fIuser_env\fR. +\fIuser_env_out\fR. NOTE: the -\fIuser_env\fR +\fIuser_env_out\fR parameter is only available starting with API version 1.2. A plugin @@ -1324,7 +1505,7 @@ version specified by the \fBsudo\fR front end before using -\fIuser_env\fR. +\fIuser_env_out\fR. Failure to do so may result in a crash. .sp Returns 1 on success, 0 on failure and \-1 on error. @@ -1442,6 +1623,71 @@ \fRderegister_hooks\fR will not be called. .RE +.TP 6n +event_alloc +.nf +.RS 6n +struct sudo_plugin_event * (*event_alloc)(void); +.RE +.fi +.RS 6n +.sp +The +\fBevent_alloc\fR() +function is used to allocate a +\fRstruct sudo_plugin_event\fR +which provides access to the main +\fBsudo\fR +event loop. +Unlike the other fields, the +\fBevent_alloc\fR() +pointer is filled in by the +\fBsudo\fR +front end, not by the plugin. +.sp +See the +\fIEvent API\fR +section below for more information +about events. +.sp +NOTE: the +\fBevent_alloc\fR() +function is only available starting +with API version 1.15. +If the +\fBsudo\fR +front end doesn't support API +version 1.15 or higher, +\fBevent_alloc\fR() +will not be set. +.RE +.TP 6n +errstr +If the +\fBinit_session\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.sp +NOTE: the +\fIerrstr\fR +parameter is only available starting with +API version 1.15. +A plugin +\fBmust\fR +check the API version specified by the +\fBsudo\fR +front end before using +\fIerrstr\fR. +Failure to do so may result in a crash. .PP \fIPolicy Plugin Version Macros\fR .nf @@ -1473,23 +1719,30 @@ unsigned int type; /* always SUDO_IO_PLUGIN */ unsigned int version; /* always SUDO_API_VERSION */ int (*open)(unsigned int version, sudo_conv_t conversation, - sudo_printf_t plugin_printf, char * const settings[], - char * const user_info[], char * const command_info[], - int argc, char * const argv[], char * const user_env[], - char * const plugin_options[]); + sudo_printf_t plugin_printf, char * const settings[], + char * const user_info[], char * const command_info[], + int argc, char * const argv[], char * const user_env[], + char * const plugin_options[], const char **errstr); void (*close)(int exit_status, int error); /* wait status or error */ int (*show_version)(int verbose); - int (*log_ttyin)(const char *buf, unsigned int len); - int (*log_ttyout)(const char *buf, unsigned int len); - int (*log_stdin)(const char *buf, unsigned int len); - int (*log_stdout)(const char *buf, unsigned int len); - int (*log_stderr)(const char *buf, unsigned int len); + int (*log_ttyin)(const char *buf, unsigned int len, + const char **errstr); + int (*log_ttyout)(const char *buf, unsigned int len, + const char **errstr); + int (*log_stdin)(const char *buf, unsigned int len, + const char **errstr); + int (*log_stdout)(const char *buf, unsigned int len, + const char **errstr); + int (*log_stderr)(const char *buf, unsigned int len, + const char **errstr); void (*register_hooks)(int version, int (*register_hook)(struct sudo_hook *hook)); void (*deregister_hooks)(int version, int (*deregister_hook)(struct sudo_hook *hook)); - int (*change_winsize)(unsigned int lines, unsigned int cols); - int (*log_suspend)(int signo); + int (*change_winsize)(unsigned int lines, unsigned int cols, + const char **errstr); + int (*log_suspend)(int signo, const char **errstr); + struct sudo_plugin_event * (*event_alloc)(void); }; .RE .fi @@ -1538,7 +1791,7 @@ command will be terminated and the data will not be written to the terminal, though it will still be sent to any other I/O logging plugins. .PP -The io_plugin struct has the following fields: +The audit_plugin struct has the following fields: .TP 6n type The @@ -1561,10 +1814,10 @@ .nf .RS 6n int (*open)(unsigned int version, sudo_conv_t conversation, - sudo_printf_t plugin_printf, char * const settings[], - char * const user_info[], char * const command_info[], - int argc, char * const argv[], char * const user_env[], - char * const plugin_options[]); + sudo_printf_t plugin_printf, char * const settings[], + char * const user_info[], char * const command_info[], + int argc, char * const argv[], char * const user_env[], + char * const plugin_options[]); .RE .fi .RS 6n @@ -1597,8 +1850,7 @@ \fBplugin_printf\fR() function with \fRSUDO_CONF_ERROR_MSG\fR -to present -additional error information to the user. +to present additional error information to the user. .sp The function arguments are as follows: .TP 6n @@ -1694,6 +1946,31 @@ \fIPolicy plugin API\fR section for a list of all possible strings. .TP 6n +command_info +A vector of information describing the command being run in the form of +\(lqname=value\(rq +strings. +The vector is terminated by a +\fRNULL\fR +pointer. +.sp +When parsing +\fIcommand_info\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.sp +See the +\fIPolicy plugin API\fR +section for a list of all possible strings. +.TP 6n argc The number of elements in \fIargv\fR, @@ -1758,6 +2035,33 @@ front end before using \fIplugin_options\fR. Failure to do so may result in a crash. +.TP 6n +errstr +If the +\fBopen\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.sp +NOTE: the +\fIerrstr\fR +parameter is only available starting with +API version 1.15. +A plugin +\fBmust\fR +check the API version specified by the +\fBsudo\fR +front end before using +\fIerrstr\fR. +Failure to do so may result in a crash. .PD 0 .PP .RE @@ -1774,16 +2078,16 @@ .sp The \fBclose\fR() -function is called when the command being run by +function is called when \fBsudo\fR -finishes. +is finished, shortly before it exits. .sp The function arguments are as follows: .TP 6n exit_status The command's exit status, as returned by the wait(2) -system call. +system call, or zero if no command was run. The value of \fRexit_status\fR is undefined if @@ -1799,7 +2103,7 @@ system call. If the command was successfully executed, the value of \fRerror\fR -is 0. +is zero. .PD 0 .PP .RE @@ -1827,7 +2131,6 @@ \fBplugin_printf\fR() function using \fRSUDO_CONV_INFO_MSG\fR. -If the user requests detailed version information, the verbose flag will be set. .sp Returns 1 on success, 0 on failure, \-1 if a general error occurred, or \-2 if there was a usage error, although the return value is currently @@ -1837,7 +2140,8 @@ log_ttyin .nf .RS 6n -int (*log_ttyin)(const char *buf, unsigned int len); +int (*log_ttyin)(const char *buf, unsigned int len, + const char **errstr); .RE .fi .RS 6n @@ -1861,19 +2165,47 @@ The length of \fIbuf\fR in bytes. -.PD 0 -.PP -.RE -.PD .TP 6n -log_ttyout -.nf -.RS 6n -int (*log_ttyout)(const char *buf, unsigned int len); -.RE -.fi -.RS 6n -.sp +errstr +If the +\fBlog_ttyin\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.sp +NOTE: the +\fIerrstr\fR +parameter is only available starting with +API version 1.15. +A plugin +\fBmust\fR +check the API version specified by the +\fBsudo\fR +front end before using +\fIerrstr\fR. +Failure to do so may result in a crash. +.PD 0 +.PP +.RE +.PD +.TP 6n +log_ttyout +.nf +.RS 6n +int (*log_ttyout)(const char *buf, unsigned int len, + const char **errstr); +.RE +.fi +.RS 6n +.sp The \fBlog_ttyout\fR() function is called whenever data can be read from @@ -1892,6 +2224,33 @@ The length of \fIbuf\fR in bytes. +.TP 6n +errstr +If the +\fBlog_ttyout\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.sp +NOTE: the +\fIerrstr\fR +parameter is only available starting with +API version 1.15. +A plugin +\fBmust\fR +check the API version specified by the +\fBsudo\fR +front end before using +\fIerrstr\fR. +Failure to do so may result in a crash. .PD 0 .PP .RE @@ -1900,7 +2259,8 @@ log_stdin .nf .RS 6n -int (*log_stdin)(const char *buf, unsigned int len); +int (*log_stdin)(const char *buf, unsigned int len, + const char **errstr); .RE .fi .RS 6n @@ -1925,6 +2285,33 @@ The length of \fIbuf\fR in bytes. +.TP 6n +errstr +If the +\fBlog_stdin\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.sp +NOTE: the +\fIerrstr\fR +parameter is only available starting with +API version 1.15. +A plugin +\fBmust\fR +check the API version specified by the +\fBsudo\fR +front end before using +\fIerrstr\fR. +Failure to do so may result in a crash. .PD 0 .PP .RE @@ -1933,7 +2320,8 @@ log_stdout .nf .RS 6n -int (*log_stdout)(const char *buf, unsigned int len); +int (*log_stdout)(const char *buf, unsigned int len, + const char **errstr); .RE .fi .RS 6n @@ -1958,6 +2346,33 @@ The length of \fIbuf\fR in bytes. +.TP 6n +errstr +If the +\fBlog_stdout\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.sp +NOTE: the +\fIerrstr\fR +parameter is only available starting with +API version 1.15. +A plugin +\fBmust\fR +check the API version specified by the +\fBsudo\fR +front end before using +\fIerrstr\fR. +Failure to do so may result in a crash. .PD 0 .PP .RE @@ -1966,7 +2381,8 @@ log_stderr .nf .RS 6n -int (*log_stderr)(const char *buf, unsigned int len); +int (*log_stderr)(const char *buf, unsigned int len, + const char **errstr); .RE .fi .RS 6n @@ -1982,78 +2398,1214 @@ Returns 1 if the data should be passed to the user, 0 if the data is rejected (which will terminate the running command) or \-1 if an error occurred. .sp -The function arguments are as follows: -.TP 6n -buf -The buffer containing command output. -.TP 6n -len -The length of -\fIbuf\fR -in bytes. -.PD 0 -.PP -.RE -.PD -.TP 6n -register_hooks +The function arguments are as follows: +.TP 6n +buf +The buffer containing command output. +.TP 6n +len +The length of +\fIbuf\fR +in bytes. +.TP 6n +errstr +If the +\fBlog_stderr\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.sp +NOTE: the +\fIerrstr\fR +parameter is only available starting with +API version 1.15. +A plugin +\fBmust\fR +check the API version specified by the +\fBsudo\fR +front end before using +\fIerrstr\fR. +Failure to do so may result in a crash. +.PD 0 +.PP +.RE +.PD +.TP 6n +register_hooks +See the +\fIPolicy plugin API\fR +section for a description of +\fRregister_hooks\fR. +.TP 6n +deregister_hooks +See the +\fIPolicy plugin API\fR +section for a description of +\fRderegister_hooks\fR. +.TP 6n +change_winsize +.nf +.RS 6n +int (*change_winsize)(unsigned int lines, unsigned int cols, + const char **errstr); +.RE +.fi +.RS 6n +.sp +The +\fBchange_winsize\fR() +function is called whenever the window size of the terminal changes from +the initial values specified in the +\fRuser_info\fR +list. +Returns \-1 if an error occurred, in which case no further calls to +\fBchange_winsize\fR() +will be made, +.sp +The function arguments are as follows: +.TP 6n +lines +.br +The number of lines (rows) in the re-sized terminal. +.TP 6n +cols +The number of columns in the re-sized terminal. +.TP 6n +errstr +If the +\fBchange_winsize\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.sp +NOTE: the +\fIerrstr\fR +parameter is only available starting with +API version 1.15. +A plugin +\fBmust\fR +check the API version specified by the +\fBsudo\fR +front end before using +\fIerrstr\fR. +Failure to do so may result in a crash. +.PD 0 +.PP +.RE +.PD +.TP 6n +log_suspend +.nf +.RS 6n +int (*log_suspend)(int signo, const char **errstr); +.RE +.fi +.RS 6n +.sp +The +\fBlog_suspend\fR() +function is called whenever a command is suspended or resumed. +Logging this information makes it possible to skip the period of time when +the command was suspended during playback of a session. +Returns \-1 if an error occurred, in which case no further calls to +\fBlog_suspend\fR() +will be made, +.sp +The function arguments are as follows: +.TP 6n +signo +.br +The signal that caused the command to be suspended, or +\fRSIGCONT\fR +if the command was resumed. +.TP 6n +errstr +If the +\fBlog_suspend\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.sp +NOTE: the +\fIerrstr\fR +parameter is only available starting with +API version 1.15. +A plugin +\fBmust\fR +check the API version specified by the +\fBsudo\fR +front end before using +\fIerrstr\fR. +Failure to do so may result in a crash. +.TP 6n +event_alloc +.nf +.RS 6n +struct sudo_plugin_event * (*event_alloc)(void); +.RE +.fi +.RS 6n +.sp +The +\fBevent_alloc\fR() +function is used to allocate a +\fRstruct sudo_plugin_event\fR +which provides access to the main +\fBsudo\fR +event loop. +Unlike the other fields, the +\fBevent_alloc\fR() +pointer is filled in by the +\fBsudo\fR +front end, not by the plugin. +.sp +See the +\fIEvent API\fR +section below for more information +about events. +.sp +NOTE: the +\fBevent_alloc\fR() +function is only available starting +with API version 1.15. +If the +\fBsudo\fR +front end doesn't support API +version 1.15 or higher, +\fBevent_alloc\fR() +will not be set. +.RE +.PP +\fII/O Plugin Version Macros\fR +.sp +Same as for the +\fIPolicy plugin API\fR. +.RE +.SS "Audit plugin API" +.nf +.RS 0n +/* Audit plugin close function status types. */ +#define SUDO_PLUGIN_NO_STATUS 0 +#define SUDO_PLUGIN_WAIT_STATUS 1 +#define SUDO_PLUGIN_EXEC_ERROR 2 +#define SUDO_PLUGIN_SUDO_ERROR 3 + +#define SUDO_AUDIT_PLUGIN 3 +struct audit_plugin { + unsigned int type; /* always SUDO_AUDIT_PLUGIN */ + unsigned int version; /* always SUDO_API_VERSION */ + int (*open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t sudo_printf, char * const settings[], + char * const user_info[], int submit_optind, + char * const submit_argv[], char * const submit_envp[], + char * const plugin_options[], const char **errstr); + void (*close)(int status_type, int status); + int (*accept)(const char *plugin_name, + unsigned int plugin_type, char * const command_info[], + char * const run_argv[], char * const run_envp[], + const char **errstr); + int (*reject)(const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[], + const char **errstr); + int (*error)(const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[], + const char **errstr); + int (*show_version)(int verbose); + void (*register_hooks)(int version, + int (*register_hook)(struct sudo_hook *hook)); + void (*deregister_hooks)(int version, + int (*deregister_hook)(struct sudo_hook *hook)); +} +.RE +.fi +.PP +An audit plugin can be used to log successful and unsuccessful attempts +to run +\fBsudo\fR +independent of the policy or any I/O plugins. +Multiple audit plugins may be specified in +sudo.conf(@mansectform@). +.PP +The audit_plugin struct has the following fields: +.TP 6n +type +The +\fRtype\fR +field should always be set to +\fRSUDO_AUDIT_PLUGIN\fR. +.TP 6n +version +The +\fRversion\fR +field should be set to +\fRSUDO_API_VERSION\fR. +.sp +This allows +\fBsudo\fR +to determine the API version the plugin was +built against. +.TP 6n +open +.nf +.RS 6n +int (*open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t sudo_printf, char * const settings[], + char * const user_info[], int submit_optind, + char * const submit_argv[], char * const submit_envp[], + char * const plugin_options[], const char **errstr); +.RE +.fi +.RS 6n +.sp +The audit +\fBopen\fR() +function is run before any other +\fBsudo\fR +plugin API functions. +This makes it possible to audit failures in the other plugins. +It returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error. +In the latter case, +\fBsudo\fR +will print a usage message before it exits. +If an error occurs, the plugin may optionally call the +\fBconversation\fR() +or +\fBplugin_printf\fR() +function with +\fRSUDO_CONF_ERROR_MSG\fR +to present additional error information to the user. +.sp +The function arguments are as follows: +.TP 6n +version +The version passed in by +\fBsudo\fR +allows the plugin to determine the +major and minor version number of the plugin API supported by +\fBsudo\fR. +.TP 6n +conversation +A pointer to the +\fBconversation\fR() +function that may be used by the +\fBshow_version\fR() +function to display version information (see +\fBshow_version\fR() +below). +The +\fBconversation\fR() +function may also be used to display additional error message to the user. +The +\fBconversation\fR() +function returns 0 on success and \-1 on failure. +.TP 6n +plugin_printf +A pointer to a +\fBprintf\fR()-style +function that may be used by the +\fBshow_version\fR() +function to display version information (see +show_version below). +The +\fBplugin_printf\fR() +function may also be used to display additional error message to the user. +The +\fBplugin_printf\fR() +function returns number of characters printed on success and \-1 on failure. +.TP 6n +settings +A vector of user-supplied +\fBsudo\fR +settings in the form of +\(lqname=value\(rq +strings. +The vector is terminated by a +\fRNULL\fR +pointer. +These settings correspond to options the user specified when running +\fBsudo\fR. +As such, they will only be present when the corresponding option has +been specified on the command line. +.sp +When parsing +\fIsettings\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.sp +See the +\fIPolicy plugin API\fR +section for a list of all possible settings. +.TP 6n +user_info +A vector of information about the user running the command in the form of +\(lqname=value\(rq +strings. +The vector is terminated by a +\fRNULL\fR +pointer. +.sp +When parsing +\fIuser_info\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.sp +See the +\fIPolicy plugin API\fR +section for a list of all possible strings. +.TP 6n +submit_optind +The index into +\fIsubmit_argv\fR +that corresponds to the first entry that is not a command line option. +If +\fIsubmit_argv\fR +only consists of options, which may be the case with the +\fB\-l\fR +or +\fB\-v\fR +options, +\fRsubmit_argv[submit_optind]\fR +will evaluate to the NULL pointer. +.TP 6n +submit_argv +The argument vector +\fBsudo\fR +was invoked with, including all command line options. +The +\fIsubmit_optind\fR +argument can be used to determine the end of the command line options. +.TP 6n +submit_envp +The invoking user's environment in the form of a +\fRNULL\fR-terminated +vector of +\(lqname=value\(rq +strings. +.sp +When parsing +\fIsubmit_envp\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.TP 6n +plugin_options +Any (non-comment) strings immediately after the plugin path are +treated as arguments to the plugin. +These arguments are split on a white space boundary and are passed to +the plugin in the form of a +\fRNULL\fR-terminated +array of strings. +If no arguments were specified, +\fIplugin_options\fR +will be the +\fRNULL\fR +pointer. +.TP 6n +errstr +If the +\fBopen\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.PD 0 +.PP +.RE +.PD +.TP 6n +close +.br +.nf +.RS 6n +void (*close)(int status_type, int status); +.RE +.fi +.RS 6n +.sp +The +\fBclose\fR() +function is called when +\fBsudo\fR +is finished, shortly before it exits. +.sp +The function arguments are as follows: +.TP 6n +status_type +The type of status being passed. +One of +\fRSUDO_PLUGIN_NO_STATUS\fR, +\fRSUDO_PLUGIN_WAIT_STATUS\fR, +\fRSUDO_PLUGIN_EXEC_ERROR\fR +or +\fRSUDO_PLUGIN_SUDO_ERROR\fR. +.TP 6n +status +Depending on the value of +\fIstatus_type\fR, +this value is either +ignored, the command's exit status as returned by the +wait(2) +system call, the value of +\fRerrno\fR +set by the +execve(2) +system call, or the value of +\fRerrno\fR +resulting from an error in the +\fBsudo\fR +front end. +.PD 0 +.PP +.RE +.PD +.TP 6n +accept +.nf +.RS 6n +int (*accept)(const char *plugin_name, unsigned int plugin_type, + char * const command_info[], char * const run_argv[], + char * const run_envp[], const char **errstr); +.RE +.fi +.RS 6n +.sp +The +\fBaccept\fR() +function is called when a command or action is accepted by the policy +plugin. +The function arguments are as follows: +.TP 6n +plugin_name +The name of the plugin that accepted the command. +.TP 6n +plugin_type +The type of plugin that accepted the command, currently always +\fRSUDO_POLICY_PLUGIN\fR. +.TP 6n +command_info +A vector of information describing the command being run in the form of +\(lqname=value\(rq +strings. +The vector is terminated by a +\fRNULL\fR +pointer. +.sp +When parsing +\fIcommand_info\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.sp +See the +\fIPolicy plugin API\fR +section for a list of all possible strings. +.TP 6n +run_argv +A +\fRNULL\fR-terminated +argument vector describing a command that will be run in the +same form as what would be passed to the +execve(2) +system call. +.TP 6n +run_envp +The environment the command will be run with in the form of a +\fRNULL\fR-terminated +vector of +\(lqname=value\(rq +strings. +.sp +When parsing +\fIrun_envp\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.TP 6n +errstr +If the +\fBaccept\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.PD 0 +.PP +.RE +.PD +.TP 6n +reject +.nf +.RS 6n +int (*reject)(const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[], + const char **errstr); +.RE +.fi +.RS 6n +.sp +The +\fBreject\fR() +function is called when a command or action is rejected by a plugin. +The function arguments are as follows: +.TP 6n +plugin_name +The name of the plugin that accepted the command. +.TP 6n +plugin_type +The type of plugin that accepted the command, currently either +\fRSUDO_POLICY_PLUGIN\fR +or +\fRSUDO_IO_PLUGIN\fR. +.TP 6n +audit_msg +An optional string describing the reason the command was rejected +by the plugin. +If the plugin did not provide a reason, +\fIaudit_msg\fR +will be the +\fRNULL\fR +pointer. +.TP 6n +command_info +A vector of information describing the command being run in the form of +\(lqname=value\(rq +strings. +The vector is terminated by a +\fRNULL\fR +pointer. +.sp +When parsing +\fIcommand_info\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.sp +See the +\fIPolicy plugin API\fR +section for a list of all possible strings. +.TP 6n +errstr +If the +\fBreject\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.PD 0 +.PP +.RE +.PD +.TP 6n +error +.br +.nf +.RS 6n +int (*error)(const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[], + const char **errstr); +.RE +.fi +.RS 6n +.sp +The +\fBerror\fR() +function is called when a plugin returns an error. +The function arguments are as follows: +.TP 6n +plugin_name +The name of the plugin that accepted the command. +.TP 6n +plugin_type +The type of plugin that accepted the command, currently either +\fRSUDO_POLICY_PLUGIN\fR +or +\fRSUDO_IO_PLUGIN\fR. +.TP 6n +audit_msg +An optional string describing the plugin error. +If the plugin did not provide a description, +\fIaudit_msg\fR +will be the +\fRNULL\fR +pointer. +.TP 6n +command_info +A vector of information describing the command being run in the form of +\(lqname=value\(rq +strings. +The vector is terminated by a +\fRNULL\fR +pointer. +.sp +When parsing +\fIcommand_info\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.sp +See the +\fIPolicy plugin API\fR +section for a list of all possible strings. +.TP 6n +errstr +If the +\fBerror\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.PD 0 +.PP +.RE +.PD +.TP 6n +show_version +.nf +.RS 6n +int (*show_version)(int verbose); +.RE +.fi +.RS 6n +.sp +The +\fBshow_version\fR() +function is called by +\fBsudo\fR +when the user specifies +the +\fB\-V\fR +option. +The plugin may display its version information to the user via the +\fBconversation\fR() +or +\fBplugin_printf\fR() +function using +\fRSUDO_CONV_INFO_MSG\fR. +If the user requests detailed version information, the verbose flag will be set. +.sp +Returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error, although the return value is currently +ignored. +.RE +.TP 6n +register_hooks +See the +\fIPolicy plugin API\fR +section for a description of +\fRregister_hooks\fR. +.TP 6n +deregister_hooks +See the +\fIPolicy plugin API\fR +section for a description of +\fRderegister_hooks\fR. +.SS "Approval plugin API" +.nf +.RS 0n +struct approval_plugin { +#define SUDO_APPROVAL_PLUGIN 4 + unsigned int type; /* always SUDO_APPROVAL_PLUGIN */ + unsigned int version; /* always SUDO_API_VERSION */ + int (*open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t sudo_printf, char * const settings[], + char * const user_info[], int submit_optind, + char * const submit_argv[], char * const submit_envp[], + char * const plugin_options[], const char **errstr); + void (*close)(void); + int (*check)(char * const command_info[], char * const run_argv[], + char * const run_envp[], const char **errstr); + int (*show_version)(int verbose); +}; +.RE +.fi +.PP +An approval plugin can be used to apply extra constraints after a +command has been accepted by the policy plugin. +Unlike the other plugin types, it does not remain open until the command +completes. +The plugin is opened before a call to +\fBcheck\fR() +or +\fBshow_version\fR() +and closed shortly thereafter (audit plugin functions must be called +before the plugin is closed). +Multiple approval plugins may be specified in +sudo.conf(@mansectform@). +.PP +The approval_plugin struct has the following fields: +.TP 6n +type +The +\fRtype\fR +field should always be set to +\fRSUDO_APPROVAL_PLUGIN\fR. +.TP 6n +version +The +\fRversion\fR +field should be set to +\fRSUDO_API_VERSION\fR. +.sp +This allows +\fBsudo\fR +to determine the API version the plugin was +built against. +.TP 6n +open +.nf +.RS 6n +int (*open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t sudo_printf, char * const settings[], + char * const user_info[], int submit_optind, + char * const submit_argv[], char * const submit_envp[], + char * const plugin_options[], const char **errstr); +.RE +.fi +.RS 6n +.sp +The approval +\fBopen\fR() +function is run immediately before a call to the plugin's +\fBcheck\fR() +or +\fBshow_version\fR() +functions. +It is only called if the version is being requested or if the +policy plugin's +\fBcheck_policy\fR() +function has returned successfully. +It returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error. +In the latter case, +\fBsudo\fR +will print a usage message before it exits. +If an error occurs, the plugin may optionally call the +\fBconversation\fR() +or +\fBplugin_printf\fR() +function with +\fRSUDO_CONF_ERROR_MSG\fR +to present additional error information to the user. +.sp +The function arguments are as follows: +.TP 6n +version +The version passed in by +\fBsudo\fR +allows the plugin to determine the +major and minor version number of the plugin API supported by +\fBsudo\fR. +.TP 6n +conversation +A pointer to the +\fBconversation\fR() +function that can be used by the plugin to interact with the user (see +\fIConversation API\fR +for details). +Returns 0 on success and \-1 on failure. +.TP 6n +plugin_printf +A pointer to a +\fBprintf\fR()-style +function that may be used to display informational or error messages (see +\fIConversation API\fR +for details). +Returns the number of characters printed on success and \-1 on failure. +.TP 6n +settings +A vector of user-supplied +\fBsudo\fR +settings in the form of +\(lqname=value\(rq +strings. +The vector is terminated by a +\fRNULL\fR +pointer. +These settings correspond to options the user specified when running +\fBsudo\fR. +As such, they will only be present when the corresponding option has +been specified on the command line. +.sp +When parsing +\fIsettings\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.sp +See the +\fIPolicy plugin API\fR +section for a list of all possible settings. +.TP 6n +user_info +A vector of information about the user running the command in the form of +\(lqname=value\(rq +strings. +The vector is terminated by a +\fRNULL\fR +pointer. +.sp +When parsing +\fIuser_info\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.sp +See the +\fIPolicy plugin API\fR +section for a list of all possible strings. +.TP 6n +submit_optind +The index into +\fIsubmit_argv\fR +that corresponds to the first entry that is not a command line option. +If +\fIsubmit_argv\fR +only consists of options, which may be the case with the +\fB\-l\fR +or +\fB\-v\fR +options, +\fRsubmit_argv[submit_optind]\fR +will evaluate to the NULL pointer. +.TP 6n +submit_argv +The argument vector +\fBsudo\fR +was invoked with, including all command line options. +The +\fIsubmit_optind\fR +argument can be used to determine the end of the command line options. +.TP 6n +submit_envp +The invoking user's environment in the form of a +\fRNULL\fR-terminated +vector of +\(lqname=value\(rq +strings. +.sp +When parsing +\fIsubmit_envp\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.TP 6n +plugin_options +Any (non-comment) strings immediately after the plugin path are +treated as arguments to the plugin. +These arguments are split on a white space boundary and are passed to +the plugin in the form of a +\fRNULL\fR-terminated +array of strings. +If no arguments were specified, +\fIplugin_options\fR +will be the +\fRNULL\fR +pointer. +.TP 6n +errstr +If the +\fBopen\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.PD 0 +.PP +.RE +.PD +.TP 6n +close +.br +.nf +.RS 6n +void (*close)(void); +.RE +.fi +.RS 6n +.sp +The +\fBclose\fR() +function is called after the approval plugin's +\fBcheck\fR() +or +\fBshow_version\fR() +functions have been called. +It takes no arguments. +The +\fBclose\fR() +function is typically used to perform plugin-specific cleanup, +such as the freeing of memory objects allocated by the plugin. +If the plugin does not need to perform any cleanup, +\fBclose\fR() +may be set to the +\fRNULL\fR +pointer. +.RE +.TP 6n +check +.br +.nf +.RS 6n +int (*check)(char * const command_info[], char * const run_argv[], + char * const run_envp[], const char **errstr); +.RE +.fi +.RS 6n +.sp +The approval +\fBcheck\fR() +function is run after the policy plugin +\fBcheck_policy\fR() +function and before any I/O logging plugins. +If multiple approval plugins are loaded, they must all succeed for +the command to be allowed. +It returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error. +In the latter case, +\fBsudo\fR +will print a usage message before it exits. +If an error occurs, the plugin may optionally call the +\fBconversation\fR() +or +\fBplugin_printf\fR() +function with +\fRSUDO_CONF_ERROR_MSG\fR +to present additional error information to the user. +.sp +The function arguments are as follows: +.TP 6n +command_info +A vector of information describing the command being run in the form of +\(lqname=value\(rq +strings. +The vector is terminated by a +\fRNULL\fR +pointer. +.sp +When parsing +\fIcommand_info\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.sp See the \fIPolicy plugin API\fR -section for a description of -\fRregister_hooks\fR. +section for a list of all possible strings. .TP 6n -deregister_hooks -See the -\fIPolicy plugin API\fR -section for a description of -\fRderegister_hooks\fR. +run_argv +A +\fRNULL\fR-terminated +argument vector describing a command that will be run in the +same form as what would be passed to the +execve(2) +system call. .TP 6n -change_winsize -.nf -.RS 6n -int (*change_winsize)(unsigned int lines, unsigned int cols); -.RE -.fi -.RS 6n +run_envp +The environment the command will be run with in the form of a +\fRNULL\fR-terminated +vector of +\(lqname=value\(rq +strings. .sp +When parsing +\fIrun_envp\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.TP 6n +errstr +If the +\fBopen\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. The -\fBchange_winsize\fR() -function is called whenever the window size of the terminal changes from -the initial values specified in the -\fRuser_info\fR -list. -Returns \-1 if an error occurred, in which case no further calls to -\fBchange_winsize\fR() -will be made, +\fBsudo\fR +front end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.PD 0 +.PP .RE +.PD .TP 6n -log_suspend +show_version .nf .RS 6n -int (*log_suspend)(int signo); +int (*show_version)(int verbose); .RE .fi .RS 6n .sp The -\fBlog_suspend\fR() -function is called whenever a command is suspended or resumed. -The -\fIsigno\fR -argument is either the signal that caused the command to be suspended or -\fRSIGCONT\fR -if the command was resumed. -Logging this information makes it possible to skip the period of time when -the command was suspended during playback of a session. -Returns \-1 if an error occurred, in which case no further calls to -\fBlog_suspend\fR() -will be made, +\fBshow_version\fR() +function is called by +\fBsudo\fR +when the user specifies +the +\fB\-V\fR +option. +The plugin may display its version information to the user via the +\fBconversation\fR() +or +\fBplugin_printf\fR() +function using +\fRSUDO_CONV_INFO_MSG\fR. +If the user requests detailed version information, the verbose flag will be set. +.sp +Returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error, although the return value is currently +ignored. .RE -.PP -\fII/O Plugin Version Macros\fR -.PP -Same as for the -\fIPolicy plugin API\fR. .SS "Signal handlers" The \fBsudo\fR @@ -2338,6 +3890,309 @@ .PP For getters and setters see the \fIPolicy plugin API\fR. +.SS "Event API" +When +\fBsudo\fR +runs a command, it uses an event loop to service signals and I/O. +Events may be triggered based on time, a file or socket descriptor +becoming ready, or due to receipt of a signal. +Starting with API version 1.15, it is possible for a plugin to +participate in this event loop by calling the +\fBevent_alloc\fR() +function. +.PP +\fIEvent structure\fR +.PP +Events are described by the following structure: +.nf +.RS 0n +typedef void (*sudo_plugin_ev_callback_t)(int fd, int what, void *closure); + +struct sudo_plugin_event { + int (*set)(struct sudo_plugin_event *pev, int fd, int events, + sudo_plugin_ev_callback_t callback, void *closure); + int (*add)(struct sudo_plugin_event *pev, struct timespec *timeout); + int (*del)(struct sudo_plugin_event *pev); + int (*pending)(struct sudo_plugin_event *pev, int events, + struct timespec *ts); + int (*fd)(struct sudo_plugin_event *pev); + void (*setbase)(struct sudo_plugin_event *pev, void *base); + void (*loopbreak)(struct sudo_plugin_event *pev); + void (*free)(struct sudo_plugin_event *pev); +}; +.RE +.fi +.PP +The sudo_plugin_event struct contains the following function pointers: +.TP 6n +\fBset\fR() +.br +.nf +.RS 6n +int (*set)(struct sudo_plugin_event *pev, int fd, int events, + sudo_plugin_ev_callback_t callback, void *closure); +.RE +.fi +.RS 6n +.sp +The +\fBset\fR() +function takes the following arguments: +.TP 6n +struct sudo_plugin_event *\fIpev\fR +A pointer to the struct sudo_plugin_event itself. +.TP 6n +\fIfd\fR +The file or socket descriptor for I/O-based events or the signal +number for signal events. +For time-based events, +\fIfd\fR +must be -1. +.TP 6n +\fIevents\fR +The following values determine what will trigger the event callback: +.PP +.RS 6n +.PD 0 +.TP 6n +SUDO_PLUGIN_EV_TIMEOUT +callback is run after the specified timeout expires +.PD +.TP 6n +SUDO_PLUGIN_EV_READ +callback is run when the file descriptor is readable +.TP 6n +SUDO_PLUGIN_EV_WRITE +callback is run when the file descriptor is writable +.TP 6n +SUDO_PLUGIN_EV_PERSIST +event is persistent and remains enabled until explicitly deleted +.TP 6n +SUDO_PLUGIN_EV_SIGNAL +callback is run when the specified signal is received +.PP +The +\fRSUDO_PLUGIN_EV_PERSIST\fR +flag may be ORed with any of the event types. +It is also possible to OR +\fRSUDO_PLUGIN_EV_READ\fR +and +\fRSUDO_PLUGIN_EV_WRITE\fR +together to run the callback when a descriptor is ready to be +either read from or written to. +All other event values are mutually exclusive. +.RE +.TP 6n +sudo_plugin_ev_callback_t \fIcallback\fR +.nf +.RS 6n +typedef void (*sudo_plugin_ev_callback_t)(int fd, int what, + void *closure); +.RE +.fi +.RS 6n +.sp +The function to call when an event is triggered. +The +\fBcallback\fR() +function is run with the following arguments: +.TP 6n +\fIfd\fR +The file or socket descriptor for I/O-based events or the signal +number for signal events. +.TP 6n +\fIwhat\fR +The event type that triggered that callback. +For events that have multiple event types (for example +\fRSUDO_PLUGIN_EV_READ\fR +and +\fRSUDO_PLUGIN_EV_WRITE\fR) +or have an associated timeout, +\fIwhat\fR +can be used to determine why the callback was run. +.TP 6n +\fIclosure\fR +The generic pointer that was specified in the +\fBset\fR() +function. +.PD 0 +.PP +.RE +.PD +.TP 6n +closure +A generic pointer that will be passed to the callback function. +.PP +The +\fBset\fR() +function returns 1 on success, and \-1 if a error occurred. +.RE +.TP 6n +\fBadd\fR() +.br +.nf +.RS 6n +int (*add)(struct sudo_plugin_event *pev, struct timespec *timeout); +.RE +.fi +.RS 6n +.sp +The +\fBadd\fR() +function adds the event +\fIpev\fR +to +\fBsudo\fR's +event loop. +The event must have previously been initialized via the +\fBset\fR() +function. +If the +\fItimeout\fR +argument is not NULL, it should specify a (relative) timeout after +which the event will be triggered if the main event criteria has +not been met. +This is often used to implement an I/O timeout where the event +will fire if a descriptor is not ready within a certain time +period. +If the event is already present in the event loop, its +\fItimeout\fR +will be adjusted to match the new value, if any. +.sp +The +\fBadd\fR() +function returns 1 on success, and \-1 if a error occurred. +.RE +.TP 6n +\fBdel\fR() +.br +.nf +.RS 6n +int (*del)(struct sudo_plugin_event *pev); +.RE +.fi +.RS 6n +.sp +The +\fBdel\fR() +function deletes the event +\fIpev\fR +from +\fBsudo\fR's +event loop. +Deleted events can be added back via the +\fBadd\fR() +function. +.sp +The +\fBdel\fR() +function returns 1 on success, and \-1 if a error occurred. +.RE +.TP 6n +\fBpending\fR() +.nf +.RS 6n +int (*pending)(struct sudo_plugin_event *pev, int events, + struct timespec *ts); +.RE +.fi +.RS 6n +.sp +The +\fBpending\fR() +function can be used to determine whether one or more events is pending. +The +\fIevents\fR +argument specifies which events to check for. +See the +\fBset\fR() +function for a list of valid event types. +If +\fRSUDO_PLUGIN_EV_TIMEOUT\fR +is specified in +\fRevents\fR, +the event has an associated timeout and the +\fIts\fR +pointer is non-NULL, it will be filled in with the remaining time. +.RE +.TP 6n +\fBfd\fR() +.nf +.RS 6n +int (*fd)(struct sudo_plugin_event *pev); +.RE +.fi +.RS 6n +.sp +The +\fBfd\fR() +function returns the descriptor or signal number associated with +the event +\fIpev\fR. +.RE +.TP 6n +\fBsetbase\fR() +.nf +.RS 6n +void (*setbase)(struct sudo_plugin_event *pev, void *base); +.RE +.fi +.RS 6n +.sp +The +\fBsetbase\fR() +function sets the underlying event +\fIbase\fR +for +\fIpev\fR +to the specified value. +This can be used to move an event created via +\fBevent_alloc\fR() +to a new event loop allocated by sudo's event subsystem. +If +\fIbase\fR +is +\fRNULL\fR, +\fIpev\fR's +event base is reset to the default value, which corresponds to +\fBsudo\fR's +main event loop. +Using this function requires linking the plugin with the sudo_util +library. +It is unlikely to be used outside of the +\fBsudoers\fR +plugin. +.RE +.TP 6n +\fBloopbreak\fR() +.nf +.RS 6n +void (*loopbreak)(struct sudo_plugin_event *pev); +.RE +.fi +.RS 6n +.sp +The +\fBloopbreak\fR() +function causes +\fBsudo\fR's +event loop to exit immediately and the running command to be terminated. +.RE +.TP 6n +\fBfree\fR() +.nf +.RS 6n +void (*free)(struct sudo_plugin_event *pev); +.RE +.fi +.RS 6n +.sp +The +\fBfree\fR() +function deletes the event +\fIpev\fR +from the event loop and frees the memory associated with it. +.RE .SS "Remote command execution" The \fBsudo\fR @@ -2415,7 +4270,7 @@ const char *msg; }; -#define SUDO_CONV_REPL_MAX 255 +#define SUDO_CONV_REPL_MAX 1023 struct sudo_conv_reply { char *reply; @@ -2446,9 +4301,8 @@ .sp .RS 0n typedef int (*sudo_conv_t)(int num_msgs, - const struct sudo_conv_message msgs[], - struct sudo_conv_reply replies[], - struct sudo_conv_callback *callback); + const struct sudo_conv_message msgs[], + struct sudo_conv_reply replies[], struct sudo_conv_callback *callback); typedef int (*sudo_printf_t)(int msg_type, const char *fmt, ...); .RE @@ -2632,12 +4486,12 @@ .sp .RS 0n struct sudoers_group_plugin { - unsigned int version; - int (*init)(int version, sudo_printf_t sudo_printf, - char *const argv[]); - void (*cleanup)(void); - int (*query)(const char *user, const char *group, - const struct passwd *pwd); + unsigned int version; + int (*init)(int version, sudo_printf_t sudo_printf, + char *const argv[]); + void (*cleanup)(void); + int (*query)(const char *user, const char *group, + const struct passwd *pwd); }; .RE .fi @@ -2660,7 +4514,7 @@ .nf .RS 6n int (*init)(int version, sudo_printf_t plugin_printf, - char *const argv[]); + char *const argv[]); .RE .fi .RS 6n @@ -2677,8 +4531,7 @@ \fBplugin_printf\fR() function with \fRSUDO_CONF_ERROR_MSG\fR -to present additional error information -to the user. +to present additional error information to the user. .sp The function arguments are as follows: .TP 6n @@ -2733,7 +4586,7 @@ .nf .RS 6n int (*query)(const char *user, const char *group, - const struct passwd *pwd); + const struct passwd *pwd); .RE .fi .RS 6n @@ -2966,6 +4819,36 @@ entry was added to the \fRcommand_info\fR list. +.TP 6n +Version 1.15 (sudo 1.9.0) +The +\fIcwd_optional\fR +entry was added to the +\fRcommand_info\fR +list. +.sp +The +\fIevent_alloc\fR +field was added to the policy_plugin and io_plugin structs. +.sp +The +\fIerrstr\fR +argument was added to the policy and I/O plugin functions +which the plugin function can use to return an error string. +This string may be used by the audit plugin to report failure or +error conditions set by the other plugins. +.sp +The +\fBclose\fR() +function is now is called regardless of whether or not a command +was actually executed. +This makes it possible for plugins to perform cleanup even when a +command was not run. +.sp +\fRSUDO_CONV_REPL_MAX\fR +has increased from 255 to 1023 bytes. +.sp +Support for audit and approval plugins was added. .SH "SEE ALSO" sudo.conf(@mansectform@), sudoers(@mansectform@), diff -Nru sudo-1.8.31/doc/sudo_plugin.mdoc.in sudo-1.9.0/doc/sudo_plugin.mdoc.in --- sudo-1.8.31/doc/sudo_plugin.mdoc.in 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/doc/sudo_plugin.mdoc.in 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ .\" .\" SPDX-License-Identifier: ISC .\" -.\" Copyright (c) 2009-2019 Todd C. Miller +.\" Copyright (c) 2009-2020 Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd October 20, 2019 +.Dd April 1, 2020 .Dt SUDO_PLUGIN @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -68,23 +68,25 @@ unsigned int type; /* always SUDO_POLICY_PLUGIN */ unsigned int version; /* always SUDO_API_VERSION */ int (*open)(unsigned int version, sudo_conv_t conversation, - sudo_printf_t plugin_printf, char * const settings[], - char * const user_info[], char * const user_env[], - char * const plugin_options[]); + sudo_printf_t plugin_printf, char * const settings[], + char * const user_info[], char * const user_env[], + char * const plugin_options[], const char **errstr); void (*close)(int exit_status, int error); int (*show_version)(int verbose); int (*check_policy)(int argc, char * const argv[], - char *env_add[], char **command_info[], - char **argv_out[], char **user_env_out[]); + char *env_add[], char **command_info[], + char **argv_out[], char **user_env_out[], const char **errstr); int (*list)(int argc, char * const argv[], int verbose, - const char *list_user); - int (*validate)(void); + const char *list_user, const char **errstr); + int (*validate)(const char **errstr); void (*invalidate)(int remove); - int (*init_session)(struct passwd *pwd, char **user_env[]); + int (*init_session)(struct passwd *pwd, char **user_env[], + const char **errstr); void (*register_hooks)(int version, int (*register_hook)(struct sudo_hook *hook)); void (*deregister_hooks)(int version, int (*deregister_hook)(struct sudo_hook *hook)); + struct sudo_plugin_event * (*event_alloc)(void); }; .Ed .Pp @@ -107,9 +109,9 @@ .It open .Bd -literal -compact int (*open)(unsigned int version, sudo_conv_t conversation, - sudo_printf_t plugin_printf, char * const settings[], - char * const user_info[], char * const user_env[], - char * const plugin_options[]); + sudo_printf_t plugin_printf, char * const settings[], + char * const user_info[], char * const user_env[], + char * const plugin_options[], const char **errstr); .Ed .Pp Returns 1 on success, 0 on failure, \-1 if a general error occurred, @@ -136,13 +138,16 @@ .It conversation A pointer to the .Fn conversation -function that can be used by the plugin to interact with the user (see below). +function that can be used by the plugin to interact with the user (see +.Sx Conversation API +for details). Returns 0 on success and \-1 on failure. .It plugin_printf A pointer to a .Fn printf Ns -style -function that may be used to display informational or error messages -(see below). +function that may be used to display informational or error messages (see +.Sx Conversation API +for details). Returns the number of characters printed on success and \-1 on failure. .It settings A vector of user-supplied @@ -170,6 +175,9 @@ itself but the .Em value might. +.Pp +The following values may be set by +.Nm sudo : .Bl -tag -width 4n .It bsdauth_type=string Authentication type, if specified by the @@ -404,6 +412,9 @@ itself but the .Em value might. +.Pp +The following values may be set by +.Nm sudo : .Bl -tag -width 4n .It cols=int The number of columns the user's terminal supports. @@ -440,32 +451,6 @@ .Nm sudo process. Only available starting with API version 1.2. -.It plugin_options -Any (non-comment) strings immediately after the plugin path are -passed as arguments to the plugin. -These arguments are split on a white space boundary and are passed to -the plugin in the form of a -.Dv NULL Ns -terminated -array of strings. -If no arguments were -specified, -.Em plugin_options -will be the -.Dv NULL -pointer. -.Pp -NOTE: the -.Em plugin_options -parameter is only available starting with -API version 1.2. -A plugin -.Sy must -check the API version specified -by the -.Nm sudo -front end before using -.Em plugin_options . -Failure to do so may result in a crash. .It ppid=int The parent process ID of the running .Nm sudo @@ -482,8 +467,7 @@ The ID of the foreground process group associated with the terminal device associated with the .Nm sudo -process or \-1 if there is no -terminal present. +process or 0 if there is no terminal present. Only available starting with API version 1.2. .It tty=string The path to the user's terminal device. @@ -518,6 +502,58 @@ itself but the .Em value might. +.It plugin_options +Any (non-comment) strings immediately after the plugin path are +passed as arguments to the plugin. +These arguments are split on a white space boundary and are passed to +the plugin in the form of a +.Dv NULL Ns -terminated +array of strings. +If no arguments were +specified, +.Em plugin_options +will be the +.Dv NULL +pointer. +.Pp +NOTE: the +.Em plugin_options +parameter is only available starting with +API version 1.2. +A plugin +.Sy must +check the API version specified +by the +.Nm sudo +front end before using +.Em plugin_options . +Failure to do so may result in a crash. +.It errstr +If the +.Fn open +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.Pp +NOTE: the +.Fa errstr +parameter is only available starting with +API version 1.15. +A plugin +.Sy must +check the API version specified by the +.Nm sudo +front end before using +.Fa errstr . +Failure to do so may result in a crash. .El .It close .Bd -literal -compact @@ -526,16 +562,29 @@ .Pp The .Fn close -function is called when the command being run by +function is called when .Nm sudo -finishes. +is finished, shortly before it exits. +Starting with API version 1.15, +.Fn close +is called regardless of whether or not a command was actually executed. +This makes it possible for plugins to perform cleanup even when a +command was not run. +It is not possible to tell whether a command was run based solely +on the arguments passed to the +.Fn close +function. +To determine if a command was actually run, +the plugin must keep track of whether or not the +.Fn check_policy +function returned successfully. .Pp The function arguments are as follows: .Bl -tag -width 4n .It exit_status The command's exit status, as returned by the .Xr wait 2 -system call. +system call, or zero if no command was run. The value of .Li exit_status is undefined if @@ -554,7 +603,7 @@ function. If the command was successfully executed, the value of .Li error -is 0. +is zero. .El .Pp If no @@ -596,9 +645,9 @@ ignored. .It check_policy .Bd -literal -compact -int (*check_policy)(int argc, char * const argv[], - char *env_add[], char **command_info[], - char **argv_out[], char **user_env_out[]); +int (*check_policy)(int argc, char * const argv[], char *env_add[], + char **command_info[], char **argv_out[], char **user_env_out[], + const char **errstr); .Ed .Pp The @@ -740,6 +789,20 @@ Fully qualified path to the command to be executed. .It cwd=string The current working directory to change to when executing the command. +If +.Nm sudo +is unable to change to the new working directory, the command will +not be run unless +.Em cwd_optional +is also set (see below). +.It cwd_optional=bool +If enabled, +.Nm sudo +will treat an inability to change to the new working directory as a +non-fatal error. +This setting has no effect unless +.Em cwd +is also set. .It exec_background=bool By default, .Nm sudo @@ -888,6 +951,18 @@ is used. .It runas_gid=gid Group-ID to run the command as. +.It runas_group=string +The name of the group the command will run as, if it is different +from the +.Em runas_user Ns 's +default group. +This value is provided for auditing purposes only, the +.Nm sudo +front-end uses +.Em runas_egid +and +.Em runas_gid +when executing the command. .It runas_groups=list The supplementary group vector to use for the command in the form of a comma-separated list of group-IDs. @@ -896,6 +971,21 @@ is set, this option is ignored. .It runas_uid=uid User-ID to run the command as. +.It runas_user=string +The name of the user the command will run as, which should correspond to +.Em runas_euid +(or +.Em runas_uid +if +.Em runas_euid +is not set). +This value is provided for auditing purposes only, the +.Nm sudo +front-end uses +.Em runas_euid +and +.Em runas_uid +when executing the command. .It selinux_role=string SELinux role to use when executing the command. .It selinux_type=string @@ -993,11 +1083,37 @@ .Dv NULL Ns -terminated environment vector to use when executing the command. The plugin is responsible for allocating and populating the vector. +.It errstr +If the +.Fn check_policy +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.Pp +NOTE: the +.Fa errstr +parameter is only available starting with +API version 1.15. +A plugin +.Sy must +check the API version specified by the +.Nm sudo +front end before using +.Fa errstr . +Failure to do so may result in a crash. .El .It list .Bd -literal -compact -int (*list)(int argc, char * const argv[], - int verbose, const char *list_user); +int (*list)(int argc, char * const argv[], int verbose, + const char *list_user, const char **errstr); .Ed .Pp List available privileges for the invoking user. @@ -1016,16 +1132,10 @@ or .Fn plugin_printf function using -.Dv SUDO_CONV_INFO_MSG , +.Dv SUDO_CONV_INFO_MSG . +.Pp +The function arguments are as follows: .Bl -tag -width 4n -.It verbose -Flag indicating whether to list in verbose mode or not. -.It list_user -The name of a different user to list privileges for if the policy -allows it. -If -.Dv NULL , -the plugin should list the privileges of the invoking user. .It argc The number of elements in .Em argv , @@ -1042,10 +1152,44 @@ system call. If the command is permitted by the policy, the fully-qualified path to the command should be displayed along with any command line arguments. +.It verbose +Flag indicating whether to list in verbose mode or not. +.It list_user +The name of a different user to list privileges for if the policy +allows it. +If +.Dv NULL , +the plugin should list the privileges of the invoking user. +.It errstr +If the +.Fn list +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.Pp +NOTE: the +.Fa errstr +parameter is only available starting with +API version 1.15. +A plugin +.Sy must +check the API version specified by the +.Nm sudo +front end before using +.Fa errstr . +Failure to do so may result in a crash. .El .It validate .Bd -literal -compact -int (*validate)(void); +int (*validate)(const char **errstr); .Ed .Pp The @@ -1076,6 +1220,36 @@ .Dv SUDO_CONF_ERROR_MSG to present additional error information to the user. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It errstr +If the +.Fn validate +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.Pp +NOTE: the +.Fa errstr +parameter is only available starting with +API version 1.15. +A plugin +.Sy must +check the API version specified by the +.Nm sudo +front end before using +.Fa errstr . +Failure to do so may result in a crash. +.El .It invalidate .Bd -literal -compact void (*invalidate)(int remove); @@ -1085,8 +1259,7 @@ .Fn invalidate function is called when .Nm sudo -is called with -the +is run with the .Fl k or .Fl K @@ -1108,7 +1281,7 @@ if the plugin does not support credential caching. .It init_session .Bd -literal -compact -int (*init_session)(struct passwd *pwd, char **user_envp[); +int (*init_session)(struct passwd *pwd, char **user_env_out[]); .Ed .Pp The @@ -1137,7 +1310,7 @@ .Dv NULL . .Pp The -.Em user_env +.Em user_env_out argument points to the environment the command will run in, in the form of a .Dv NULL Ns -terminated @@ -1152,12 +1325,12 @@ .Fn init_session function needs to modify the user environment, it should update the pointer stored in -.Em user_env . +.Em user_env_out . The expected use case is to merge the contents of the PAM environment (if any) with the contents of -.Em user_env . +.Em user_env_out . NOTE: the -.Em user_env +.Em user_env_out parameter is only available starting with API version 1.2. A plugin @@ -1166,7 +1339,7 @@ version specified by the .Nm sudo front end before using -.Em user_env . +.Em user_env_out . Failure to do so may result in a crash. .Pp Returns 1 on success, 0 on failure and \-1 on error. @@ -1273,6 +1446,65 @@ version 1.2 or higher, .Li deregister_hooks will not be called. +.It event_alloc +.Bd -literal -compact +struct sudo_plugin_event * (*event_alloc)(void); +.Ed +.Pp +The +.Fn event_alloc +function is used to allocate a +.Li struct sudo_plugin_event +which provides access to the main +.Nm sudo +event loop. +Unlike the other fields, the +.Fn event_alloc +pointer is filled in by the +.Nm sudo +front end, not by the plugin. +.Pp +See the +.Sx Event API +section below for more information +about events. +.Pp +NOTE: the +.Fn event_alloc +function is only available starting +with API version 1.15. +If the +.Nm sudo +front end doesn't support API +version 1.15 or higher, +.Fn event_alloc +will not be set. +.It errstr +If the +.Fn init_session +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.Pp +NOTE: the +.Fa errstr +parameter is only available starting with +API version 1.15. +A plugin +.Sy must +check the API version specified by the +.Nm sudo +front end before using +.Fa errstr . +Failure to do so may result in a crash. .El .Pp .Em Policy Plugin Version Macros @@ -1301,23 +1533,30 @@ unsigned int type; /* always SUDO_IO_PLUGIN */ unsigned int version; /* always SUDO_API_VERSION */ int (*open)(unsigned int version, sudo_conv_t conversation, - sudo_printf_t plugin_printf, char * const settings[], - char * const user_info[], char * const command_info[], - int argc, char * const argv[], char * const user_env[], - char * const plugin_options[]); + sudo_printf_t plugin_printf, char * const settings[], + char * const user_info[], char * const command_info[], + int argc, char * const argv[], char * const user_env[], + char * const plugin_options[], const char **errstr); void (*close)(int exit_status, int error); /* wait status or error */ int (*show_version)(int verbose); - int (*log_ttyin)(const char *buf, unsigned int len); - int (*log_ttyout)(const char *buf, unsigned int len); - int (*log_stdin)(const char *buf, unsigned int len); - int (*log_stdout)(const char *buf, unsigned int len); - int (*log_stderr)(const char *buf, unsigned int len); + int (*log_ttyin)(const char *buf, unsigned int len, + const char **errstr); + int (*log_ttyout)(const char *buf, unsigned int len, + const char **errstr); + int (*log_stdin)(const char *buf, unsigned int len, + const char **errstr); + int (*log_stdout)(const char *buf, unsigned int len, + const char **errstr); + int (*log_stderr)(const char *buf, unsigned int len, + const char **errstr); void (*register_hooks)(int version, int (*register_hook)(struct sudo_hook *hook)); void (*deregister_hooks)(int version, int (*deregister_hook)(struct sudo_hook *hook)); - int (*change_winsize)(unsigned int lines, unsigned int cols); - int (*log_suspend)(int signo); + int (*change_winsize)(unsigned int lines, unsigned int cols, + const char **errstr); + int (*log_suspend)(int signo, const char **errstr); + struct sudo_plugin_event * (*event_alloc)(void); }; .Ed .Pp @@ -1365,7 +1604,7 @@ command will be terminated and the data will not be written to the terminal, though it will still be sent to any other I/O logging plugins. .Pp -The io_plugin struct has the following fields: +The audit_plugin struct has the following fields: .Bl -tag -width 4n .It type The @@ -1385,10 +1624,10 @@ .It open .Bd -literal -compact int (*open)(unsigned int version, sudo_conv_t conversation, - sudo_printf_t plugin_printf, char * const settings[], - char * const user_info[], char * const command_info[], - int argc, char * const argv[], char * const user_env[], - char * const plugin_options[]); + sudo_printf_t plugin_printf, char * const settings[], + char * const user_info[], char * const command_info[], + int argc, char * const argv[], char * const user_env[], + char * const plugin_options[]); .Ed .Pp The @@ -1419,8 +1658,7 @@ .Fn plugin_printf function with .Dv SUDO_CONF_ERROR_MSG -to present -additional error information to the user. +to present additional error information to the user. .Pp The function arguments are as follows: .Bl -tag -width 4n @@ -1511,6 +1749,30 @@ See the .Sx Policy plugin API section for a list of all possible strings. +.It command_info +A vector of information describing the command being run in the form of +.Dq name=value +strings. +The vector is terminated by a +.Dv NULL +pointer. +.Pp +When parsing +.Em command_info , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.Pp +See the +.Sx Policy plugin API +section for a list of all possible strings. .It argc The number of elements in .Em argv , @@ -1572,6 +1834,32 @@ front end before using .Em plugin_options . Failure to do so may result in a crash. +.It errstr +If the +.Fn open +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.Pp +NOTE: the +.Fa errstr +parameter is only available starting with +API version 1.15. +A plugin +.Sy must +check the API version specified by the +.Nm sudo +front end before using +.Fa errstr . +Failure to do so may result in a crash. .El .It close .Bd -literal -compact @@ -1580,16 +1868,16 @@ .Pp The .Fn close -function is called when the command being run by +function is called when .Nm sudo -finishes. +is finished, shortly before it exits. .Pp The function arguments are as follows: .Bl -tag -width 4n .It exit_status The command's exit status, as returned by the .Xr wait 2 -system call. +system call, or zero if no command was run. The value of .Li exit_status is undefined if @@ -1603,7 +1891,7 @@ system call. If the command was successfully executed, the value of .Li error -is 0. +is zero. .El .It show_version .Bd -literal -compact @@ -1624,14 +1912,14 @@ .Fn plugin_printf function using .Dv SUDO_CONV_INFO_MSG . -If the user requests detailed version information, the verbose flag will be set. .Pp Returns 1 on success, 0 on failure, \-1 if a general error occurred, or \-2 if there was a usage error, although the return value is currently ignored. .It log_ttyin .Bd -literal -compact -int (*log_ttyin)(const char *buf, unsigned int len); +int (*log_ttyin)(const char *buf, unsigned int len, + const char **errstr); .Ed .Pp The @@ -1652,10 +1940,37 @@ The length of .Em buf in bytes. +.It errstr +If the +.Fn log_ttyin +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.Pp +NOTE: the +.Fa errstr +parameter is only available starting with +API version 1.15. +A plugin +.Sy must +check the API version specified by the +.Nm sudo +front end before using +.Fa errstr . +Failure to do so may result in a crash. .El .It log_ttyout .Bd -literal -compact -int (*log_ttyout)(const char *buf, unsigned int len); +int (*log_ttyout)(const char *buf, unsigned int len, + const char **errstr); .Ed .Pp The @@ -1675,10 +1990,37 @@ The length of .Em buf in bytes. +.It errstr +If the +.Fn log_ttyout +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.Pp +NOTE: the +.Fa errstr +parameter is only available starting with +API version 1.15. +A plugin +.Sy must +check the API version specified by the +.Nm sudo +front end before using +.Fa errstr . +Failure to do so may result in a crash. .El .It log_stdin .Bd -literal -compact -int (*log_stdin)(const char *buf, unsigned int len); +int (*log_stdin)(const char *buf, unsigned int len, + const char **errstr); .Ed .Pp The @@ -1700,14 +2042,41 @@ The length of .Em buf in bytes. -.El -.It log_stdout -.Bd -literal -compact -int (*log_stdout)(const char *buf, unsigned int len); -.Ed -.Pp +.It errstr +If the +.Fn log_stdin +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . The -.Fn log_stdout +.Nm sudo +front end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.Pp +NOTE: the +.Fa errstr +parameter is only available starting with +API version 1.15. +A plugin +.Sy must +check the API version specified by the +.Nm sudo +front end before using +.Fa errstr . +Failure to do so may result in a crash. +.El +.It log_stdout +.Bd -literal -compact +int (*log_stdout)(const char *buf, unsigned int len, + const char **errstr); +.Ed +.Pp +The +.Fn log_stdout function is only used if the standard output does not correspond to a tty device. It is called whenever data can be read from the command but before @@ -1725,80 +2094,1122 @@ The length of .Em buf in bytes. +.It errstr +If the +.Fn log_stdout +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.Pp +NOTE: the +.Fa errstr +parameter is only available starting with +API version 1.15. +A plugin +.Sy must +check the API version specified by the +.Nm sudo +front end before using +.Fa errstr . +Failure to do so may result in a crash. +.El +.It log_stderr +.Bd -literal -compact +int (*log_stderr)(const char *buf, unsigned int len, + const char **errstr); +.Ed +.Pp +The +.Fn log_stderr +function is only used if the standard error does +not correspond to a tty device. +It is called whenever data can be read from the command but before it +is written to the standard error. +This allows the plugin to reject data if it chooses to +(for instance if the output contains banned content). +Returns 1 if the data should be passed to the user, 0 if the data is +rejected (which will terminate the running command) or \-1 if an error occurred. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It buf +The buffer containing command output. +.It len +The length of +.Em buf +in bytes. +.It errstr +If the +.Fn log_stderr +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.Pp +NOTE: the +.Fa errstr +parameter is only available starting with +API version 1.15. +A plugin +.Sy must +check the API version specified by the +.Nm sudo +front end before using +.Fa errstr . +Failure to do so may result in a crash. +.El +.It register_hooks +See the +.Sx Policy plugin API +section for a description of +.Li register_hooks . +.It deregister_hooks +See the +.Sx Policy plugin API +section for a description of +.Li deregister_hooks . +.It change_winsize +.Bd -literal -compact +int (*change_winsize)(unsigned int lines, unsigned int cols, + const char **errstr); +.Ed +.Pp +The +.Fn change_winsize +function is called whenever the window size of the terminal changes from +the initial values specified in the +.Li user_info +list. +Returns \-1 if an error occurred, in which case no further calls to +.Fn change_winsize +will be made, +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It lines +The number of lines (rows) in the re-sized terminal. +.It cols +The number of columns in the re-sized terminal. +.It errstr +If the +.Fn change_winsize +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.Pp +NOTE: the +.Fa errstr +parameter is only available starting with +API version 1.15. +A plugin +.Sy must +check the API version specified by the +.Nm sudo +front end before using +.Fa errstr . +Failure to do so may result in a crash. +.El +.It log_suspend +.Bd -literal -compact +int (*log_suspend)(int signo, const char **errstr); +.Ed +.Pp +The +.Fn log_suspend +function is called whenever a command is suspended or resumed. +Logging this information makes it possible to skip the period of time when +the command was suspended during playback of a session. +Returns \-1 if an error occurred, in which case no further calls to +.Fn log_suspend +will be made, +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It signo +The signal that caused the command to be suspended, or +.Dv SIGCONT +if the command was resumed. +.It errstr +If the +.Fn log_suspend +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.Pp +NOTE: the +.Fa errstr +parameter is only available starting with +API version 1.15. +A plugin +.Sy must +check the API version specified by the +.Nm sudo +front end before using +.Fa errstr . +Failure to do so may result in a crash. +.It event_alloc +.Bd -literal -compact +struct sudo_plugin_event * (*event_alloc)(void); +.Ed +.Pp +The +.Fn event_alloc +function is used to allocate a +.Li struct sudo_plugin_event +which provides access to the main +.Nm sudo +event loop. +Unlike the other fields, the +.Fn event_alloc +pointer is filled in by the +.Nm sudo +front end, not by the plugin. +.Pp +See the +.Sx Event API +section below for more information +about events. +.Pp +NOTE: the +.Fn event_alloc +function is only available starting +with API version 1.15. +If the +.Nm sudo +front end doesn't support API +version 1.15 or higher, +.Fn event_alloc +will not be set. +.El +.Pp +.Em I/O Plugin Version Macros +.Pp +Same as for the +.Sx Policy plugin API . +.El +.Ss Audit plugin API +.Bd -literal +/* Audit plugin close function status types. */ +#define SUDO_PLUGIN_NO_STATUS 0 +#define SUDO_PLUGIN_WAIT_STATUS 1 +#define SUDO_PLUGIN_EXEC_ERROR 2 +#define SUDO_PLUGIN_SUDO_ERROR 3 + +#define SUDO_AUDIT_PLUGIN 3 +struct audit_plugin { + unsigned int type; /* always SUDO_AUDIT_PLUGIN */ + unsigned int version; /* always SUDO_API_VERSION */ + int (*open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t sudo_printf, char * const settings[], + char * const user_info[], int submit_optind, + char * const submit_argv[], char * const submit_envp[], + char * const plugin_options[], const char **errstr); + void (*close)(int status_type, int status); + int (*accept)(const char *plugin_name, + unsigned int plugin_type, char * const command_info[], + char * const run_argv[], char * const run_envp[], + const char **errstr); + int (*reject)(const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[], + const char **errstr); + int (*error)(const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[], + const char **errstr); + int (*show_version)(int verbose); + void (*register_hooks)(int version, + int (*register_hook)(struct sudo_hook *hook)); + void (*deregister_hooks)(int version, + int (*deregister_hook)(struct sudo_hook *hook)); +} +.Ed +.Pp +An audit plugin can be used to log successful and unsuccessful attempts +to run +.Nm sudo +independent of the policy or any I/O plugins. +Multiple audit plugins may be specified in +.Xr sudo.conf @mansectform@ . +.Pp +The audit_plugin struct has the following fields: +.Bl -tag -width 4n +.It type +The +.Li type +field should always be set to +.Dv SUDO_AUDIT_PLUGIN . +.It version +The +.Li version +field should be set to +.Dv SUDO_API_VERSION . +.Pp +This allows +.Nm sudo +to determine the API version the plugin was +built against. +.It open +.Bd -literal -compact +int (*open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t sudo_printf, char * const settings[], + char * const user_info[], int submit_optind, + char * const submit_argv[], char * const submit_envp[], + char * const plugin_options[], const char **errstr); +.Ed +.Pp +The audit +.Fn open +function is run before any other +.Nm sudo +plugin API functions. +This makes it possible to audit failures in the other plugins. +It returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error. +In the latter case, +.Nm sudo +will print a usage message before it exits. +If an error occurs, the plugin may optionally call the +.Fn conversation +or +.Fn plugin_printf +function with +.Dv SUDO_CONF_ERROR_MSG +to present additional error information to the user. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It version +The version passed in by +.Nm sudo +allows the plugin to determine the +major and minor version number of the plugin API supported by +.Nm sudo . +.It conversation +A pointer to the +.Fn conversation +function that may be used by the +.Fn show_version +function to display version information (see +.Fn show_version +below). +The +.Fn conversation +function may also be used to display additional error message to the user. +The +.Fn conversation +function returns 0 on success and \-1 on failure. +.It plugin_printf +A pointer to a +.Fn printf Ns -style +function that may be used by the +.Fn show_version +function to display version information (see +show_version below). +The +.Fn plugin_printf +function may also be used to display additional error message to the user. +The +.Fn plugin_printf +function returns number of characters printed on success and \-1 on failure. +.It settings +A vector of user-supplied +.Nm sudo +settings in the form of +.Dq name=value +strings. +The vector is terminated by a +.Dv NULL +pointer. +These settings correspond to options the user specified when running +.Nm sudo . +As such, they will only be present when the corresponding option has +been specified on the command line. +.Pp +When parsing +.Em settings , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.Pp +See the +.Sx Policy plugin API +section for a list of all possible settings. +.It user_info +A vector of information about the user running the command in the form of +.Dq name=value +strings. +The vector is terminated by a +.Dv NULL +pointer. +.Pp +When parsing +.Em user_info , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.Pp +See the +.Sx Policy plugin API +section for a list of all possible strings. +.It submit_optind +The index into +.Fa submit_argv +that corresponds to the first entry that is not a command line option. +If +.Fa submit_argv +only consists of options, which may be the case with the +.Fl l +or +.Fl v +options, +.Li submit_argv[submit_optind] +will evaluate to the NULL pointer. +.It submit_argv +The argument vector +.Nm sudo +was invoked with, including all command line options. +The +.Fa submit_optind +argument can be used to determine the end of the command line options. +.It submit_envp +The invoking user's environment in the form of a +.Dv NULL Ns -terminated +vector of +.Dq name=value +strings. +.Pp +When parsing +.Em submit_envp , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.It plugin_options +Any (non-comment) strings immediately after the plugin path are +treated as arguments to the plugin. +These arguments are split on a white space boundary and are passed to +the plugin in the form of a +.Dv NULL Ns -terminated +array of strings. +If no arguments were specified, +.Em plugin_options +will be the +.Dv NULL +pointer. +.It errstr +If the +.Fn open +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.El +.It close +.Bd -literal -compact +void (*close)(int status_type, int status); +.Ed +.Pp +The +.Fn close +function is called when +.Nm sudo +is finished, shortly before it exits. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It status_type +The type of status being passed. +One of +.Dv SUDO_PLUGIN_NO_STATUS , +.Dv SUDO_PLUGIN_WAIT_STATUS , +.Dv SUDO_PLUGIN_EXEC_ERROR +or +.Dv SUDO_PLUGIN_SUDO_ERROR . +.It status +Depending on the value of +.Fa status_type , +this value is either +ignored, the command's exit status as returned by the +.Xr wait 2 +system call, the value of +.Li errno +set by the +.Xr execve 2 +system call, or the value of +.Li errno +resulting from an error in the +.Nm sudo +front end. +.El +.It accept +.Bd -literal -compact +int (*accept)(const char *plugin_name, unsigned int plugin_type, + char * const command_info[], char * const run_argv[], + char * const run_envp[], const char **errstr); +.Ed +.Pp +The +.Fn accept +function is called when a command or action is accepted by the policy +plugin. +The function arguments are as follows: +.Bl -tag -width 4n +.It plugin_name +The name of the plugin that accepted the command. +.It plugin_type +The type of plugin that accepted the command, currently always +.Dv SUDO_POLICY_PLUGIN . +.It command_info +A vector of information describing the command being run in the form of +.Dq name=value +strings. +The vector is terminated by a +.Dv NULL +pointer. +.Pp +When parsing +.Em command_info , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.Pp +See the +.Sx Policy plugin API +section for a list of all possible strings. +.It run_argv +A +.Dv NULL Ns -terminated +argument vector describing a command that will be run in the +same form as what would be passed to the +.Xr execve 2 +system call. +.It run_envp +The environment the command will be run with in the form of a +.Dv NULL Ns -terminated +vector of +.Dq name=value +strings. +.Pp +When parsing +.Em run_envp , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.It errstr +If the +.Fn accept +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.El +.It reject +.Bd -literal -compact +int (*reject)(const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[], + const char **errstr); +.Ed +.Pp +The +.Fn reject +function is called when a command or action is rejected by a plugin. +The function arguments are as follows: +.Bl -tag -width 4n +.It plugin_name +The name of the plugin that accepted the command. +.It plugin_type +The type of plugin that accepted the command, currently either +.Dv SUDO_POLICY_PLUGIN +or +.Dv SUDO_IO_PLUGIN . +.It audit_msg +An optional string describing the reason the command was rejected +by the plugin. +If the plugin did not provide a reason, +.Fa audit_msg +will be the +.Dv NULL +pointer. +.It command_info +A vector of information describing the command being run in the form of +.Dq name=value +strings. +The vector is terminated by a +.Dv NULL +pointer. +.Pp +When parsing +.Em command_info , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.Pp +See the +.Sx Policy plugin API +section for a list of all possible strings. +.It errstr +If the +.Fn reject +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.El +.It error +.Bd -literal -compact +int (*error)(const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[], + const char **errstr); +.Ed +.Pp +The +.Fn error +function is called when a plugin returns an error. +The function arguments are as follows: +.Bl -tag -width 4n +.It plugin_name +The name of the plugin that accepted the command. +.It plugin_type +The type of plugin that accepted the command, currently either +.Dv SUDO_POLICY_PLUGIN +or +.Dv SUDO_IO_PLUGIN . +.It audit_msg +An optional string describing the plugin error. +If the plugin did not provide a description, +.Fa audit_msg +will be the +.Dv NULL +pointer. +.It command_info +A vector of information describing the command being run in the form of +.Dq name=value +strings. +The vector is terminated by a +.Dv NULL +pointer. +.Pp +When parsing +.Em command_info , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.Pp +See the +.Sx Policy plugin API +section for a list of all possible strings. +.It errstr +If the +.Fn error +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.El +.It show_version +.Bd -literal -compact +int (*show_version)(int verbose); +.Ed +.Pp +The +.Fn show_version +function is called by +.Nm sudo +when the user specifies +the +.Fl V +option. +The plugin may display its version information to the user via the +.Fn conversation +or +.Fn plugin_printf +function using +.Dv SUDO_CONV_INFO_MSG . +If the user requests detailed version information, the verbose flag will be set. +.Pp +Returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error, although the return value is currently +ignored. +.It register_hooks +See the +.Sx Policy plugin API +section for a description of +.Li register_hooks . +.It deregister_hooks +See the +.Sx Policy plugin API +section for a description of +.Li deregister_hooks . +.El +.Ss Approval plugin API +.Bd -literal +struct approval_plugin { +#define SUDO_APPROVAL_PLUGIN 4 + unsigned int type; /* always SUDO_APPROVAL_PLUGIN */ + unsigned int version; /* always SUDO_API_VERSION */ + int (*open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t sudo_printf, char * const settings[], + char * const user_info[], int submit_optind, + char * const submit_argv[], char * const submit_envp[], + char * const plugin_options[], const char **errstr); + void (*close)(void); + int (*check)(char * const command_info[], char * const run_argv[], + char * const run_envp[], const char **errstr); + int (*show_version)(int verbose); +}; +.Ed +.Pp +An approval plugin can be used to apply extra constraints after a +command has been accepted by the policy plugin. +Unlike the other plugin types, it does not remain open until the command +completes. +The plugin is opened before a call to +.Fn check +or +.Fn show_version +and closed shortly thereafter (audit plugin functions must be called +before the plugin is closed). +Multiple approval plugins may be specified in +.Xr sudo.conf @mansectform@ . +.Pp +The approval_plugin struct has the following fields: +.Bl -tag -width 4n +.It type +The +.Li type +field should always be set to +.Dv SUDO_APPROVAL_PLUGIN . +.It version +The +.Li version +field should be set to +.Dv SUDO_API_VERSION . +.Pp +This allows +.Nm sudo +to determine the API version the plugin was +built against. +.It open +.Bd -literal -compact +int (*open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t sudo_printf, char * const settings[], + char * const user_info[], int submit_optind, + char * const submit_argv[], char * const submit_envp[], + char * const plugin_options[], const char **errstr); +.Ed +.Pp +The approval +.Fn open +function is run immediately before a call to the plugin's +.Fn check +or +.Fn show_version +functions. +It is only called if the version is being requested or if the +policy plugin's +.Fn check_policy +function has returned successfully. +It returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error. +In the latter case, +.Nm sudo +will print a usage message before it exits. +If an error occurs, the plugin may optionally call the +.Fn conversation +or +.Fn plugin_printf +function with +.Dv SUDO_CONF_ERROR_MSG +to present additional error information to the user. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It version +The version passed in by +.Nm sudo +allows the plugin to determine the +major and minor version number of the plugin API supported by +.Nm sudo . +.It conversation +A pointer to the +.Fn conversation +function that can be used by the plugin to interact with the user (see +.Sx Conversation API +for details). +Returns 0 on success and \-1 on failure. +.It plugin_printf +A pointer to a +.Fn printf Ns -style +function that may be used to display informational or error messages (see +.Sx Conversation API +for details). +Returns the number of characters printed on success and \-1 on failure. +.It settings +A vector of user-supplied +.Nm sudo +settings in the form of +.Dq name=value +strings. +The vector is terminated by a +.Dv NULL +pointer. +These settings correspond to options the user specified when running +.Nm sudo . +As such, they will only be present when the corresponding option has +been specified on the command line. +.Pp +When parsing +.Em settings , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.Pp +See the +.Sx Policy plugin API +section for a list of all possible settings. +.It user_info +A vector of information about the user running the command in the form of +.Dq name=value +strings. +The vector is terminated by a +.Dv NULL +pointer. +.Pp +When parsing +.Em user_info , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.Pp +See the +.Sx Policy plugin API +section for a list of all possible strings. +.It submit_optind +The index into +.Fa submit_argv +that corresponds to the first entry that is not a command line option. +If +.Fa submit_argv +only consists of options, which may be the case with the +.Fl l +or +.Fl v +options, +.Li submit_argv[submit_optind] +will evaluate to the NULL pointer. +.It submit_argv +The argument vector +.Nm sudo +was invoked with, including all command line options. +The +.Fa submit_optind +argument can be used to determine the end of the command line options. +.It submit_envp +The invoking user's environment in the form of a +.Dv NULL Ns -terminated +vector of +.Dq name=value +strings. +.Pp +When parsing +.Em submit_envp , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.It plugin_options +Any (non-comment) strings immediately after the plugin path are +treated as arguments to the plugin. +These arguments are split on a white space boundary and are passed to +the plugin in the form of a +.Dv NULL Ns -terminated +array of strings. +If no arguments were specified, +.Em plugin_options +will be the +.Dv NULL +pointer. +.It errstr +If the +.Fn open +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. .El -.It log_stderr +.It close .Bd -literal -compact -int (*log_stderr)(const char *buf, unsigned int len); +void (*close)(void); .Ed .Pp The -.Fn log_stderr -function is only used if the standard error does -not correspond to a tty device. -It is called whenever data can be read from the command but before it -is written to the standard error. -This allows the plugin to reject data if it chooses to -(for instance if the output contains banned content). -Returns 1 if the data should be passed to the user, 0 if the data is -rejected (which will terminate the running command) or \-1 if an error occurred. +.Fn close +function is called after the approval plugin's +.Fn check +or +.Fn show_version +functions have been called. +It takes no arguments. +The +.Fn close +function is typically used to perform plugin-specific cleanup, +such as the freeing of memory objects allocated by the plugin. +If the plugin does not need to perform any cleanup, +.Fn close +may be set to the +.Dv NULL +pointer. +.It check +.Bd -literal -compact +int (*check)(char * const command_info[], char * const run_argv[], + char * const run_envp[], const char **errstr); +.Ed +.Pp +The approval +.Fn check +function is run after the policy plugin +.Fn check_policy +function and before any I/O logging plugins. +If multiple approval plugins are loaded, they must all succeed for +the command to be allowed. +It returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error. +In the latter case, +.Nm sudo +will print a usage message before it exits. +If an error occurs, the plugin may optionally call the +.Fn conversation +or +.Fn plugin_printf +function with +.Dv SUDO_CONF_ERROR_MSG +to present additional error information to the user. .Pp The function arguments are as follows: .Bl -tag -width 4n -.It buf -The buffer containing command output. -.It len -The length of -.Em buf -in bytes. -.El -.It register_hooks -See the -.Sx Policy plugin API -section for a description of -.Li register_hooks . -.It deregister_hooks +.It command_info +A vector of information describing the command being run in the form of +.Dq name=value +strings. +The vector is terminated by a +.Dv NULL +pointer. +.Pp +When parsing +.Em command_info , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.Pp See the .Sx Policy plugin API -section for a description of -.Li deregister_hooks . -.It change_winsize -.Bd -literal -compact -int (*change_winsize)(unsigned int lines, unsigned int cols); -.Ed +section for a list of all possible strings. +.It run_argv +A +.Dv NULL Ns -terminated +argument vector describing a command that will be run in the +same form as what would be passed to the +.Xr execve 2 +system call. +.It run_envp +The environment the command will be run with in the form of a +.Dv NULL Ns -terminated +vector of +.Dq name=value +strings. .Pp +When parsing +.Em run_envp , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.It errstr +If the +.Fn open +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . The -.Fn change_winsize -function is called whenever the window size of the terminal changes from -the initial values specified in the -.Li user_info -list. -Returns \-1 if an error occurred, in which case no further calls to -.Fn change_winsize -will be made, -.It log_suspend +.Nm sudo +front end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.El +.It show_version .Bd -literal -compact -int (*log_suspend)(int signo); +int (*show_version)(int verbose); .Ed .Pp The -.Fn log_suspend -function is called whenever a command is suspended or resumed. -The -.Fa signo -argument is either the signal that caused the command to be suspended or -.Dv SIGCONT -if the command was resumed. -Logging this information makes it possible to skip the period of time when -the command was suspended during playback of a session. -Returns \-1 if an error occurred, in which case no further calls to -.Fn log_suspend -will be made, -.El -.Pp -.Em I/O Plugin Version Macros +.Fn show_version +function is called by +.Nm sudo +when the user specifies +the +.Fl V +option. +The plugin may display its version information to the user via the +.Fn conversation +or +.Fn plugin_printf +function using +.Dv SUDO_CONV_INFO_MSG . +If the user requests detailed version information, the verbose flag will be set. .Pp -Same as for the -.Sx Policy plugin API . +Returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error, although the return value is currently +ignored. +.El .Ss Signal handlers The .Nm sudo @@ -2028,6 +3439,248 @@ .Pp For getters and setters see the .Sx Policy plugin API . +.Ss Event API +When +.Nm sudo +runs a command, it uses an event loop to service signals and I/O. +Events may be triggered based on time, a file or socket descriptor +becoming ready, or due to receipt of a signal. +Starting with API version 1.15, it is possible for a plugin to +participate in this event loop by calling the +.Fn event_alloc +function. +.Pp +.Em Event structure +.Pp +Events are described by the following structure: +.Pp +.Bd -literal -compact +typedef void (*sudo_plugin_ev_callback_t)(int fd, int what, void *closure); + +struct sudo_plugin_event { + int (*set)(struct sudo_plugin_event *pev, int fd, int events, + sudo_plugin_ev_callback_t callback, void *closure); + int (*add)(struct sudo_plugin_event *pev, struct timespec *timeout); + int (*del)(struct sudo_plugin_event *pev); + int (*pending)(struct sudo_plugin_event *pev, int events, + struct timespec *ts); + int (*fd)(struct sudo_plugin_event *pev); + void (*setbase)(struct sudo_plugin_event *pev, void *base); + void (*loopbreak)(struct sudo_plugin_event *pev); + void (*free)(struct sudo_plugin_event *pev); +}; +.Ed +.Pp +The sudo_plugin_event struct contains the following function pointers: +.Bl -tag -width 4n +.It Fn set +.Bd -literal -compact +int (*set)(struct sudo_plugin_event *pev, int fd, int events, + sudo_plugin_ev_callback_t callback, void *closure); +.Ed +.Pp +The +.Fn set +function takes the following arguments: +.Bl -tag -width 4n +.It struct sudo_plugin_event * Ns Fa pev +A pointer to the struct sudo_plugin_event itself. +.It Fa fd +The file or socket descriptor for I/O-based events or the signal +number for signal events. +For time-based events, +.Fa fd +must be -1. +.It Fa events +The following values determine what will trigger the event callback: +.Bl -tag -width 4n +.It SUDO_PLUGIN_EV_TIMEOUT +callback is run after the specified timeout expires +.It SUDO_PLUGIN_EV_READ +callback is run when the file descriptor is readable +.It SUDO_PLUGIN_EV_WRITE +callback is run when the file descriptor is writable +.It SUDO_PLUGIN_EV_PERSIST +event is persistent and remains enabled until explicitly deleted +.It SUDO_PLUGIN_EV_SIGNAL +callback is run when the specified signal is received +.El +.Pp +The +.Ev SUDO_PLUGIN_EV_PERSIST +flag may be ORed with any of the event types. +It is also possible to OR +.Ev SUDO_PLUGIN_EV_READ +and +.Ev SUDO_PLUGIN_EV_WRITE +together to run the callback when a descriptor is ready to be +either read from or written to. +All other event values are mutually exclusive. +.It sudo_plugin_ev_callback_t Fa callback +.Bd -literal -compact +typedef void (*sudo_plugin_ev_callback_t)(int fd, int what, + void *closure); +.Ed +.Pp +The function to call when an event is triggered. +The +.Fn callback +function is run with the following arguments: +.Bl -tag -width 4n +.It Fa fd +The file or socket descriptor for I/O-based events or the signal +number for signal events. +.It Fa what +The event type that triggered that callback. +For events that have multiple event types (for example +.Ev SUDO_PLUGIN_EV_READ +and +.Ev SUDO_PLUGIN_EV_WRITE ) +or have an associated timeout, +.Fa what +can be used to determine why the callback was run. +.It Fa closure +The generic pointer that was specified in the +.Fn set +function. +.El +.It closure +A generic pointer that will be passed to the callback function. +.El +.Pp +The +.Fn set +function returns 1 on success, and \-1 if a error occurred. +.It Fn add +.Bd -literal -compact +int (*add)(struct sudo_plugin_event *pev, struct timespec *timeout); +.Ed +.Pp +The +.Fn add +function adds the event +.Fa pev +to +.Nm sudo Ns No 's +event loop. +The event must have previously been initialized via the +.Fn set +function. +If the +.Fa timeout +argument is not NULL, it should specify a (relative) timeout after +which the event will be triggered if the main event criteria has +not been met. +This is often used to implement an I/O timeout where the event +will fire if a descriptor is not ready within a certain time +period. +If the event is already present in the event loop, its +.Fa timeout +will be adjusted to match the new value, if any. +.Pp +The +.Fn add +function returns 1 on success, and \-1 if a error occurred. +.It Fn del +.Bd -literal -compact +int (*del)(struct sudo_plugin_event *pev); +.Ed +.Pp +The +.Fn del +function deletes the event +.Fa pev +from +.Nm sudo Ns No 's +event loop. +Deleted events can be added back via the +.Fn add +function. +.Pp +The +.Fn del +function returns 1 on success, and \-1 if a error occurred. +.It Fn pending +.Bd -literal -compact +int (*pending)(struct sudo_plugin_event *pev, int events, + struct timespec *ts); +.Ed +.Pp +The +.Fn pending +function can be used to determine whether one or more events is pending. +The +.Fa events +argument specifies which events to check for. +See the +.Fn set +function for a list of valid event types. +If +.Dv SUDO_PLUGIN_EV_TIMEOUT +is specified in +.Dv events , +the event has an associated timeout and the +.Fa ts +pointer is non-NULL, it will be filled in with the remaining time. +.It Fn fd +.Bd -literal -compact +int (*fd)(struct sudo_plugin_event *pev); +.Ed +.Pp +The +.Fn fd +function returns the descriptor or signal number associated with +the event +.Fa pev . +.It Fn setbase +.Bd -literal -compact +void (*setbase)(struct sudo_plugin_event *pev, void *base); +.Ed +.Pp +The +.Fn setbase +function sets the underlying event +.Fa base +for +.Fa pev +to the specified value. +This can be used to move an event created via +.Fn event_alloc +to a new event loop allocated by sudo's event subsystem. +If +.Fa base +is +.Dv NULL , +.Fa pev Ns 's +event base is reset to the default value, which corresponds to +.Nm sudo Ns 's +main event loop. +Using this function requires linking the plugin with the sudo_util +library. +It is unlikely to be used outside of the +.Nm sudoers +plugin. +.It Fn loopbreak +.Bd -literal -compact +void (*loopbreak)(struct sudo_plugin_event *pev); +.Ed +.Pp +The +.Fn loopbreak +function causes +.Nm sudo Ns No 's +event loop to exit immediately and the running command to be terminated. +.It Fn free +.Bd -literal -compact +void (*free)(struct sudo_plugin_event *pev); +.Ed +.Pp +The +.Fn free +function deletes the event +.Fa pev +from the event loop and frees the memory associated with it. +.El .Ss Remote command execution The .Nm sudo @@ -2103,7 +3756,7 @@ const char *msg; }; -#define SUDO_CONV_REPL_MAX 255 +#define SUDO_CONV_REPL_MAX 1023 struct sudo_conv_reply { char *reply; @@ -2131,9 +3784,8 @@ function: .Bd -literal typedef int (*sudo_conv_t)(int num_msgs, - const struct sudo_conv_message msgs[], - struct sudo_conv_reply replies[], - struct sudo_conv_callback *callback); + const struct sudo_conv_message msgs[], + struct sudo_conv_reply replies[], struct sudo_conv_callback *callback); typedef int (*sudo_printf_t)(int msg_type, const char *fmt, ...); .Ed @@ -2311,12 +3963,12 @@ initialization, cleanup and group lookup. .Bd -literal struct sudoers_group_plugin { - unsigned int version; - int (*init)(int version, sudo_printf_t sudo_printf, - char *const argv[]); - void (*cleanup)(void); - int (*query)(const char *user, const char *group, - const struct passwd *pwd); + unsigned int version; + int (*init)(int version, sudo_printf_t sudo_printf, + char *const argv[]); + void (*cleanup)(void); + int (*query)(const char *user, const char *group, + const struct passwd *pwd); }; .Ed .Pp @@ -2336,7 +3988,7 @@ .It init .Bd -literal -compact int (*init)(int version, sudo_printf_t plugin_printf, - char *const argv[]); + char *const argv[]); .Ed .Pp The @@ -2351,8 +4003,7 @@ .Fn plugin_printf function with .Dv SUDO_CONF_ERROR_MSG -to present additional error information -to the user. +to present additional error information to the user. .Pp The function arguments are as follows: .Bl -tag -width 4n @@ -2394,7 +4045,7 @@ .It query .Bd -literal -compact int (*query)(const char *user, const char *group, - const struct passwd *pwd); + const struct passwd *pwd); .Ed .Pp The @@ -2603,6 +4254,35 @@ entry was added to the .Li command_info list. +.It Version 1.15 (sudo 1.9.0) +The +.Em cwd_optional +entry was added to the +.Li command_info +list. +.Pp +The +.Em event_alloc +field was added to the policy_plugin and io_plugin structs. +.Pp +The +.Fa errstr +argument was added to the policy and I/O plugin functions +which the plugin function can use to return an error string. +This string may be used by the audit plugin to report failure or +error conditions set by the other plugins. +.Pp +The +.Fn close +function is now is called regardless of whether or not a command +was actually executed. +This makes it possible for plugins to perform cleanup even when a +command was not run. +.Pp +.Dv SUDO_CONV_REPL_MAX +has increased from 255 to 1023 bytes. +.Pp +Support for audit and approval plugins was added. .El .Sh SEE ALSO .Xr sudo.conf @mansectform@ , diff -Nru sudo-1.8.31/doc/sudo_plugin_python.man.in sudo-1.9.0/doc/sudo_plugin_python.man.in --- sudo-1.8.31/doc/sudo_plugin_python.man.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/doc/sudo_plugin_python.man.in 2020-05-11 16:28:22.000000000 +0000 @@ -0,0 +1,1844 @@ +.\" Automatically generated from an mdoc input file. Do not edit. +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2019 Robert Manner +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.TH "SUDO_PLUGIN_PYTHON" "5" "February 19, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.nh +.if n .ad l +.SH "NAME" +\fBsudo_plugin_python\fR +\- Sudo Plugin API (Python) +.SH "DESCRIPTION" +Starting with version 1.9, +\fBsudo\fR +plugins can be written in python. +The API closely follows the C +\fBsudo\fR +plugin API described by +sudo_plugin(@mansectform@). +.PP +The supported plugins types are: +.PP +.RS 4n +.PD 0 +.TP 3n +\fB\(bu\fR +Policy plugin +.TP 3n +\fB\(bu\fR +I/O plugin +.TP 3n +\fB\(bu\fR +Audit plugin +.TP 3n +\fB\(bu\fR +Approval plugin +.TP 3n +\fB\(bu\fR +Group provider plugin +.RE +.PD +.PP +Python plugin support needs to be explicitly enabled at build time +with the configure option +\(lq--enable-python\(rq. +Python version 3.0 or higher is required. +.SS "Sudo Python Plugin Base" +A plugin written in Python should be a class in a python file that +inherits from +\fIsudo.Plugin\fR. +The +\fIsudo.Plugin\fR +base class has no real purpose other than to identify this class as a plugin. +.PP +The only implemented method is a constructor, which stores the +keyword arguments it receives as fields (member variables) in the object. +This is intended as a convenience to allow you to avoid writing the +constructor yourself. +.PP +For example: +.nf +.sp +.RS 6n +import sudo + +class MySudoPlugin(sudo.Plugin): + # example constructor (optional) + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + + # example destructor (optional) + def __del__(self): + pass +.RE +.fi +.PP +Both the constructor and destructor are optional and can be omitted. +.PP +The customized Plugin class should define a few plugin-specific methods. +When the plugin loads, +\fBsudo\fR +will create an instance of this class and call the methods. +The actual methods required depent on the type of the plugin, +but most return an +\(lqint\(rq +result code, as documented in +sudo_plugin(@mansctsu@), +that indicates whether or not the method was successful. +The Python sudo module defines the following constants to improve readability: +.RS 4n +.TS +l l. +.PP +\fBDefine\fR \fBValue\fR +.PP +\fRsudo.RC.OK\fR 1 +.PP +\fRsudo.RC.ACCEPT\fR 1 +.PP +\fRsudo.RC.REJECT\fR 0 +.PP +\fRsudo.RC.ERROR\fR -1 +.PP +\fRsudo.RC.USAGE_ERROR\fR -2 +.TE +.RE +.PP +If a function returns +\fINone\fR +(for example, if it does not call return), +it will be considered to have returned +\fRsudo.RC.OK\fR. +If an exception is raised (other than sudo.PluginException), the backtrace will be +shown to the user and the plugin function will return +\fRsudo.RC.ERROR\fR. +If that is not acceptable, you must catch the exception and handle it yourself. +.PP +Instead of just returning +\fRsudo.RC.ERROR\fR +or +\fRsudo.RC.REJECT\fR +result code the plugin can also provide a message describing the problem. +This can be done by raising one of the special exceptions: +.nf +.sp +.RS 6n +raise sudo.PluginError("Message") +raise sudo.PluginReject("Message") +.RE +.fi +.PP +This added message will be used by the audit plugins. +Both exceptions inherit from +\fRsudo.PluginException\fR +.SS "Python Plugin Loader" +Running the Python interpreter and bridging between C and Python is +handled by the +\fBsudo\fR +plugin +\fRpython_plugin.so\fR. +This shared object can be loaded like any other dynamic +\fBsudo\fR +plugin and should receive the path and the class name of the Python +plugin it is loading as arguments. +.PP +Example usage in +sudo.conf(@mansectform@): +.nf +.sp +.RS 6n +Plugin python_policy python_plugin.so ModulePath= ClassName= +Plugin python_io python_plugin.so ModulePath= ClassName= +Plugin python_audit python_plugin.so ModulePath= ClassName= +Plugin python_approval python_plugin.so ModulePath= ClassName= +.RE +.fi +.PP +Example group provider plugin usage in the +\fIsudoers\fR +file: +.nf +.sp +.RS 6n +Defaults group_plugin="python_plugin.so ModulePath= ClassName=" +.RE +.fi +.PP +The plugin arguments are as follows: +.TP 6n +ModulePath +The path of a python file which contains the class of the sudo Python plugin. +It must be either an absolute path or a path relative to the sudo Python plugin +directory: "@plugindir@/python". +.TP 6n +ClassName +(Optional.) The name of the class implementing the sudo Python plugin. +If not supplied, the one and only sudo.Plugin that is present in the module +will be used. +If there are multiple such plugins in the module (or none), it +will result in an error. +.SS "Policy plugin API" +Policy plugins must be registered in +sudo.conf(@mansectform@). +For example: +.nf +.sp +.RS 6n +Plugin python_policy python_plugin.so ModulePath= ClassName= +.RE +.fi +.PP +Currently, only a single policy plugin may be specified in +sudo.conf(@mansectform@). +.PP +A policy plugin may have the following member functions: +.TP 6n +\fBconstructor\fR +.nf +.RS 6n +__init__(self, user_env: Tuple[str, ...], settings: Tuple[str, ...], + version: str, user_info: Tuple[str, ...], + plugin_options: Tuple[str, ...]) +.RE +.fi +.RS 6n +.sp +Implementing this function is optional. +The default constructor will set the keyword arguments it receives +as member variables in the object. +.sp +The constructor matches the +\fBopen\fR() +function in the C sudo plugin API. +.sp +The function arguments are as follows: +.TP 6n +\fIuser_env\fR +The user's environment as a tuple of strings in +\(lqkey=value\(rq +format. +.TP 6n +\fIsettings\fR +A tuple of user-supplied +\fIsudo\fR +settings in the form of +\(lqkey=value\(rq +strings. +.TP 6n +\fIversion\fR +The version of the Python Policy Plugin API. +.TP 6n +\fIuser_info\fR +A tuple of information about the user running the command in the form of +\(lqkey=value\(rq +strings. +.TP 6n +\fIplugin_options\fR +The plugin options passed as arguments in the +sudo.conf(@mansectform@) +plugin registration. +This is a tuple of strings, usually (but not necessarily) in +\(lqkey=value\(rq +format. +.PP +The +\fBsudo.options_as_dict\fR() +convenience function can be used to convert +\(lqkey=value\(rq +pairs to a dictionary. +For a list of recognized keys and their supported values, +see the policy plugin +\fBopen\fR() +documentation in +sudo_plugin(@mansectform@). +.RE +.TP 6n +\fBcheck_policy\fR +.nf +.RS 6n +check_policy(self, argv: Tuple[str, ...], env_add: Tuple[str, ...]) +.RE +.fi +.RS 6n +.sp +The +\fBcheck_policy\fR() +function is called by +\fBsudo\fR +to determine whether the user is allowed to run the specified command. +Implementing this function is mandatory for a policy plugin. +.sp +The function arguments are as follows: +.TP 6n +\fIargv\fR +A tuple describing the command the user wishes to run. +.TP 6n +\fIenv_add\fR +Additional environment variables specified by the user on the command line in +the form of a tuple of +\(lqkey=value\(rq +pairs. +The +\fBsudo.options_as_dict\fR() +convenience function can be used to convert them to a dictionary. +.PP +This function should return a result code or a tuple in the following format: +.nf +.sp +.RS 12n +return (rc, command_info_out, argv_out, user_env_out) +.RE +.fi +.sp +The tuple values are as follows: +.TP 6n +\fIrc\fR +The result of the policy check, one of the +\fRsudo.RC.*\fR +constants. +\fRsudo.RC.ACCEPT\fR +if the command is allowed, +\fRsudo.RC.REJECT\fR +if not allowed, +\fRsudo.RC.ERROR\fR +for a general error, or +\fRsudo.RC.USAGE_ERROR\fR +for a usage error. +.TP 6n +\fIcommand_info_out\fR +Optional (only required when the command is accepted). +Information about the command being run in the form of +\(lqkey=value\(rq +strings. +.sp +To accept a command, at the very minimum the plugin must set in the +\fIcommand\fR, +\fIrunas_uid\fR +and +\fIrunas_gid\fR +keys. +.sp +For a list of recognized keys and supported values, +see the +\fBcheck_policy\fR() +documentation in +sudo_plugin(@mansectform@). +.TP 6n +\fIargv_out\fR +Optional (only required when the command is accepted). +The arguments to pass to the +execve(2) +system call when executing the command. +.TP 6n +\fIuser_env_out\fR +Optional (only required when the command is accepted). +The environment to use when executing the command in the form of a +tuple of strings in +\(lqkey=value\(rq +format. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBinit_session\fR +.nf +.RS 6n +init_session(self, user_pwd: Tuple, user_env: Tuple[str, ...]) +.RE +.fi +.RS 6n +.sp +Perform session setup (optional). +The +\fBinit_session\fR() +function is called before +\fBsudo\fR +sets up the +execution environment for the command before any uid or gid changes. +.sp +The function arguments are as follows: +.TP 6n +\fIuser_pwd\fR +A tuple describing the user's passwd entry. +Convertible to pwd.struct_passwd or +\fINone\fR +if the user is not present in the password database. +.sp +Example conversion: +.nf +.RS 12n +user_pwd = pwd.struct_passwd(user_pwd) if user_pwd else None +.RE +.fi +.TP 6n +\fIuser_env\fR +The environment the command will run in. +This is a tuple of strings in +\(lqkey=value\(rq +format. +.PP +This function should return a result code or a tuple in the following format: +.nf +.sp +.RS 10n +return (rc, user_env_out) +.RE +.fi +.sp +The tuple values are as follows: +.TP 6n +\fIrc\fR +The result of the session init, one of the +\fRsudo.RC.*\fR +constants. +\fRsudo.RC.OK\fR +on success, 0 on failure, or +\fRsudo.RC.ERROR\fR +if an error occurred. +.TP 6n +\fIuser_env_out\fR +Optional. +If the +\fBinit_session\fR() +function needs to modify the user environment, it can return the new +environment in +\fIuser_env_out\fR. +If this is omitted, no changes will be made to +\fIuser_env\fR. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBlist\fR +.nf +.RS 6n +list(self, argv: Tuple[str, ...], is_verbose: int, user: str) +.RE +.fi +.RS 6n +.sp +List available privileges for the invoking user. +.sp +The function arguments are as follows: +.TP 6n +\fIargv\fR +If not set to +\fINone\fR, +an argument vector describing a command the user wishes to check +against the policy. +.TP 6n +\fIis_verbose\fR +Flag indicating whether to list in verbose mode or not. +.TP 6n +\fIuser\fR +The name of a different user to list privileges for if the policy allows it. +If +\fINone\fR, +the plugin should list the privileges of the invoking user. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBvalidate\fR +.nf +.RS 6n +validate(self) +.RE +.fi +.RS 6n +.sp +For policy plugins that cache authentication credentials, this function is used to validate and cache the credentials (optional). +.RE +.TP 6n +\fBinvalidate\fR +.nf +.RS 6n +invalidate(self, remove: int) +.RE +.fi +.RS 6n +.sp +For policy plugins that cache authentication credentials, this function is used to invalidate the credentials (optional). +.sp +The function arguments are as follows: +.TP 6n +\fIremove\fR +If this flag is set, the plugin may remove the credentials instead of simply +invalidating them. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBshow_version\fR +.nf +.RS 6n +show_version(self, is_verbose: int) +.RE +.fi +.RS 6n +.sp +Display the plugin version information to the user. +The +\fBsudo.log_info\fR() +function should be used. +.sp +The function arguments are as follows: +.TP 6n +\fIis_verbose\fR +A flag to indicate displaying more verbose information. +Currently this is 1 if +\(oqsudo -V\(cq +is run as the root user. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBclose\fR +.br +.nf +.RS 6n +close(self, exit_status: int, error: int) +.RE +.fi +.RS 6n +.sp +Called when a command finishes executing. +.sp +Works the same as the +\fBclose\fR() +function in the C sudo plugin API, except that it only gets called if +\fBsudo\fR +attempts to execute the command. +.sp +The function arguments are as follows: +.TP 6n +\fIexit_status\fR +The exit status of the command if was executed, otherwise -1. +.TP 6n +\fIerror\fR +.br +If the command could not be executed, this is set to the value of +errno set by the +execve(2) +system call, otherwise 0. +.PD 0 +.PP +.RE +.PD +.SS "Policy plugin example" +Sudo ships with an example Python policy plugin. +To try it, register it by adding the following lines to +\fI@sysconfdir@/sudo.conf\fR: +.nf +.sp +.RS 0n +Plugin python_policy python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_policy_plugin.py \e + ClassName=SudoPolicyPlugin +.RE +.fi +.PP +Be aware, however, that you cannot enable the Python policy plugin +in addition to another policy plugin, such as +sudoers(@mansectform@). +.SS "I/O plugin API" +I/O plugins must be registered in +sudo.conf(@mansectform@). +For example: +.nf +.sp +.RS 6n +Plugin python_io python_plugin.so ModulePath= ClassName= +.RE +.fi +.PP +Sudo supports loading multiple I/O plugins. +Currently only 8 python I/O plugins can be loaded at once. +.PP +An I/O plugin may have the following member functions: +.TP 6n +\fBconstructor\fR +.nf +.RS 6n +__init__(self, user_env: Tuple[str, ...], settings: Tuple[str, ...], + version: str, user_info: Tuple[str, ...], + plugin_options: Tuple[str, ...]) +.RE +.fi +.RS 6n +.sp +Implementing this function is optional. +The default constructor will set the keyword arguments it receives +as member variables in the object. +.sp +The constructor matches the +\fBopen\fR() +function in the C sudo plugin API. +.sp +The function arguments are as follows: +.TP 6n +\fIuser_env\fR +The user's environment as a tuple of strings in +\(lqkey=value\(rq +format. +.TP 6n +\fIsettings\fR +A tuple of user-supplied +\fIsudo\fR +settings in the form of +\(lqkey=value\(rq +strings. +.TP 6n +\fIversion\fR +The version of the Python I/O Plugin API. +.TP 6n +\fIuser_info\fR +A tuple of information about the user running the command in the form of +\(lqkey=value\(rq +strings. +.TP 6n +\fIplugin_options\fR +The plugin options passed as arguments in the +sudo.conf(@mansectform@) +plugin registration. +This is a tuple of strings, usually (but not necessarily) in +\(lqkey=value\(rq +format. +.PP +The +\fBsudo.options_as_dict\fR() +convenience function can be used to convert +\(lqkey=value\(rq +pairs to a dictionary. +For a list of recognized keys and their supported values, +see the I/O plugin +\fBopen\fR() +documentation in +sudo_plugin(@mansectform@). +.RE +.TP 6n +\fBopen\fR +.nf +.RS 6n +open(self, argv: Tuple[str, ...], + command_info: Tuple[str, ...]) -> int +.RE +.fi +.RS 6n +.sp +Receives the command the user wishes to run. +.sp +Works the same as the +\fBopen\fR() +function in the C sudo plugin API except that: +.sp +.RS 10n +.PD 0 +.TP 3n +\fB\(bu\fR +It only gets called before the user would execute some command +(and not for a version query for example). +.TP 3n +\fB\(bu\fR +Other arguments of the C API +\fBopen\fR() +function are received through the constructor. +.RE +.sp +The function arguments are as follows: +.PD +.TP 6n +\fIargv\fR +A tuple of the arguments describing the command the user wishes to run. +.TP 6n +\fIcommand_info\fR +Information about the command being run in the form of +\(lqkey=value\(rq +strings. +.PP +The +\fBsudo.options_as_dict\fR() +convenience function can be used to convert +\(lqkey=value\(rq +pairs to a dictionary. +For a list of recognized keys and their supported values, +see the I/O plugin +\fBopen\fR() +documentation in +sudo_plugin(@mansectform@). +.sp +The +\fBopen\fR() +function should return a result code, one of the +\fRsudo.RC.*\fR +constants. +If the function returns +\fRsudo.RC.REJECT\fR, +no I/O will be sent to the plugin. +.RE +.TP 6n +\fBlog_ttyin\fR, \fBlog_ttyout\fR, \fBlog_stdin\fR, \fBlog_stdout\fR, \fBlog_stderr\fR +.nf +.RS 6n +log_ttyin(self, buf: str) -> int +log_ttyout(self, buf: str) -> int +log_stdin(self, buf: str) -> int +log_stdout(self, buf: str) -> int +log_stderr(self, buf: str) -> int +.RE +.fi +.RS 6n +.sp +Receive the user input or output of the terminal device and +application standard input / output / error. +See the matching calls in +sudo_plugin(@mansectform@). +.sp +The function arguments are as follows: +.TP 6n +\fIbuf\fR +The input (or output) buffer in the form of a string. +.PP +The function should return a result code, one of the +\fRsudo.RC.*\fR +constants. +.sp +If +\fRsudo.RC.ERROR\fR +is returned, the running command will be terminated and all of the plugin's logging +functions will be disabled. +Other I/O logging plugins will still receive any remaining +input or output that has not yet been processed. +.sp +If an input logging function rejects the data by returning +\fRsudo.RC.REJECT\fR, +the command will be terminated and the data will not be passed to the +command, though it will still be sent to any other I/O logging plugins. +If an output logging function rejects the data by returning +\fRsudo.RC.REJECT\fR, +the command will be terminated and the data will not be written to the +terminal, though it will still be sent to any other I/O logging plugins. +.RE +.TP 6n +\fBchange_winsize\fR +.nf +.RS 6n +change_winsize(self, line: int, cols: int) -> int +.RE +.fi +.RS 6n +.sp +Called whenever the window size of the terminal changes. +The function arguments are as follows: +.TP 6n +\fIline\fR +The number of lines of the terminal. +.TP 6n +\fIcols\fR +The number of columns of the terminal. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBlog_suspend\fR +.nf +.RS 6n +log_suspend(self, signo: int) -> int +.RE +.fi +.RS 6n +Called whenever a command is suspended or resumed. +.sp +The function arguments are as follows: +.TP 6n +\fIsigno\fR +.br +The number of the signal that caused the command to be suspended or +\fRSIGCONT\fR +if the command was resumed. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBshow_version\fR +.nf +.RS 6n +show_version(self, is_verbose: int) +.RE +.fi +.RS 6n +Display the plugin version information to the user. +The +\fBsudo.log_info\fR() +function should be used. +.sp +The function arguments are as follows: +.TP 6n +\fIis_verbose\fR +A flag to indicate displaying more verbose information. +Currently this is 1 if +\(oqsudo -V\(cq +is run as the root user. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBclose\fR +.br +.nf +.RS 6n +close(self, exit_status: int, error: int) -> None +.RE +.fi +.RS 6n +Called when a command execution finished. +.sp +Works the same as the +\fBclose\fR() +function in the C sudo plugin API, except that it only gets called if +\fBsudo\fR +attempts to execute the command. +.sp +The function arguments are as follows: +.TP 6n +\fIexit_status\fR +The exit status of the command if was executed, otherwise -1. +.TP 6n +\fIerror\fR +.br +If the command could not be executed, this is set to the value of +errno set by the +execve(2) +system call, otherwise 0. +.PD 0 +.PP +.RE +.PD +.SS "I/O plugin example" +Sudo ships a Python I/O plugin example. +To try it, register it by adding the following lines to +\fI@sysconfdir@/sudo.conf\fR: +.nf +.sp +.RS 6n +Plugin python_io python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_io_plugin.py \e + ClassName=SudoIOPlugin +.RE +.fi +.SS "Audit plugin API" +Audit plugins must be registered in +sudo.conf(@mansectform@). +For example: +.nf +.sp +.RS 6n +Plugin python_audit python_plugin.so ModulePath= ClassName= +.RE +.fi +.PP +Sudo supports loading multiple audit plugins. +Currently only 8 python audit plugins can be loaded at once. +.PP +An audit plugin may have the following member functions (all of them are optional): +.TP 6n +\fBconstructor\fR +.nf +.RS 6n +__init__(self, user_env: Tuple[str, ...], settings: Tuple[str, ...], + version: str, user_info: Tuple[str, ...], plugin_options: Tuple[str, ...]) +.RE +.fi +.RS 6n +.sp +The default constructor will set the keyword arguments it receives +as member variables in the object. +.sp +The constructor matches the +\fBopen\fR() +function in the C sudo plugin API. +.sp +The function arguments are as follows: +.TP 6n +\fIuser_env\fR +The user's environment as a tuple of strings in +\(lqkey=value\(rq +format. +.TP 6n +\fIsettings\fR +A tuple of user-supplied +\fIsudo\fR +settings in the form of +\(lqkey=value\(rq +strings. +.TP 6n +\fIversion\fR +The version of the Python Audit Plugin API. +.TP 6n +\fIuser_info\fR +A tuple of information about the user running the command in the form of +\(lqkey=value\(rq +strings. +.TP 6n +\fIplugin_options\fR +The plugin options passed as arguments in the +sudo.conf(@mansectform@) +plugin registration. +This is a tuple of strings, usually (but not necessarily) in +\(lqkey=value\(rq +format. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBopen\fR +.nf +.RS 6n +open(self, submit_optind: int, + submit_argv: Tuple[str, ...]) -> int +.RE +.fi +.RS 6n +.sp +The function arguments are as follows: +.TP 6n +\fIsubmit_optind\fR +The index into +\fIsubmit_argv\fR +that corresponds to the first entry that is not a command line option. +.TP 6n +\fIsubmit_argv\fR +The argument vector sudo was invoked with, including all command line options. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBclose\fR +.br +.nf +.RS 6n +close(self, status_type: int, status: int) -> None +.RE +.fi +.RS 6n +.sp +Called when sudo is finished, shortly before it exits. +.sp +The function arguments are as follows: +.TP 6n +\fIstatus_type\fR +The type of status being passed. +One of the sudo.EXIT_REASON.* constants. +.TP 6n +\fIstatus\fR +Depending on the value of +\fIstatus_type\fR, +this value is either +ignored, the command's exit status as returned by the +wait(2) +system call, the value of +\fRerrno\fR +set by the +execve(2) +system call, or the value of +\fRerrno\fR +resulting from an error in the +\fBsudo\fR +front end. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBshow_version\fR +.nf +.RS 6n +show_version(self, is_verbose: int) -> int +.RE +.fi +.RS 6n +.sp +Display the plugin version information to the user. +The +\fBsudo.log_info\fR() +function should be used. +.sp +The function arguments are as follows: +.TP 6n +\fIis_verbose\fR +A flag to indicate displaying more verbose information. +Currently this is 1 if +\(oqsudo -V\(cq +is run as the root user. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBaccept\fR +.nf +.RS 6n +accept(self, plugin_name: str, plugin_type: int, command_info: Tuple[str, ...], + run_argv: Tuple[str, ...], run_envp: Tuple[str, ...]) -> int +.RE +.fi +.RS 6n +.sp +This function is called when a command or action is accepted by the policy +plugin. +The function arguments are as follows: +.TP 6n +plugin_name +The name of the plugin that accepted the command. +.TP 6n +plugin_type +The type of plugin that accepted the command, currently always +\fRsudo.PLUGIN_TYPE.POLICY\fR. +.TP 6n +command_info +A vector of information describing the command being run. +See the +sudo_plugin(@mansectform@) +manual for possible values. +.TP 6n +run_argv +Argument vector describing a command that will be run. +.TP 6n +run_envp +The environment the command will be run with. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBreject\fR +.nf +.RS 6n +reject(self, plugin_name: str, plugin_type: int, audit_msg: str, + command_info: Tuple[str, ...]) -> int +.RE +.fi +.RS 6n +.sp +This function is called when a command or action is rejected by the policy +plugin. +The function arguments are as follows: +.TP 6n +plugin_name +The name of the plugin that accepted the command. +.TP 6n +plugin_type +The type of plugin that accepted the command, currently always +\fRsudo.PLUGIN_TYPE.POLICY\fR. +.TP 6n +audit_msg +An optional string describing the reason the command was rejected by the plugin. +If the plugin did not provide a reason, audit_msg will be +\fINone\fR +.TP 6n +command_info +A vector of information describing the rejected command. +See the +sudo_plugin(@mansectform@) +manual for possible values. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBerror\fR +.br +.nf +.RS 6n +error(self, plugin_name: str, plugin_type: int, audit_msg: str, + command_info: Tuple[str, ...]) -> int +.RE +.fi +.RS 6n +.sp +This function is called when a plugin returns an error. +The function arguments are as follows: +.TP 6n +plugin_name +The name of the plugin that accepted the command. +.TP 6n +plugin_type +The type of plugin that accepted the command, currently +\fRsudo.PLUGIN_TYPE.POLICY\fR +or +\fRsudo.PLUGIN_TYPE.IO\fR +.TP 6n +audit_msg +An optional string describing the plugin error. +If the plugin did not provide a description, it will be +\fINone\fR +.TP 6n +command_info +A vector of information describing the command. +See the +sudo_plugin(@mansectform@) +manual for possible values. +.PD 0 +.PP +.RE +.PD +.SS "Audit plugin example" +Sudo ships a Python Audit plugin example. +To try it, register it by adding the following lines to +\fI@sysconfdir@/sudo.conf\fR: +.nf +.sp +.RS 6n +Plugin python_audit python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_audit_plugin.py \e + ClassName=SudoAuditPlugin +.RE +.fi +.PP +It will log the plugin accept / reject / error results to the output. +.SS "Approval plugin API" +Approval plugins must be registered in +sudo.conf(@mansectform@). +For example: +.nf +.sp +.RS 6n +Plugin python_approval python_plugin.so ModulePath= ClassName= +.RE +.fi +.PP +Sudo supports loading multiple approval plugins. +Currently only 8 python approval plugins can be loaded at once. +.PP +An approval plugin may have the following member functions: +.TP 6n +\fBconstructor\fR +.nf +.RS 6n +__init__(self, user_env: Tuple[str, ...], settings: Tuple[str, ...], + version: str, user_info: Tuple[str, ...], plugin_options: Tuple[str, ...], + submit_optind: int, submit_argv: Tuple[str, ...]) +.RE +.fi +.RS 6n +.sp +Optional. +The default constructor will set the keyword arguments it receives +as member variables in the object. +.sp +The constructor matches the +\fBopen\fR() +function in the C sudo plugin API. +.sp +The function arguments are as follows: +.TP 6n +\fIuser_env\fR +The user's environment as a tuple of strings in +\(lqkey=value\(rq +format. +.TP 6n +\fIsettings\fR +A tuple of user-supplied +\fIsudo\fR +settings in the form of +\(lqkey=value\(rq +strings. +.TP 6n +\fIversion\fR +The version of the Python Approval Plugin API. +.TP 6n +\fIuser_info\fR +A tuple of information about the user running the command in the form of +\(lqkey=value\(rq +strings. +.TP 6n +\fIplugin_options\fR +The plugin options passed as arguments in the +sudo.conf(@mansectform@) +plugin registration. +This is a tuple of strings, usually (but not necessarily) in +\(lqkey=value\(rq +format. +.TP 6n +\fIsubmit_optind\fR +The index into +\fIsubmit_argv\fR +that corresponds to the first entry that is not a command line option. +.TP 6n +\fIsubmit_argv\fR +The argument vector sudo was invoked with, including all command line options. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBshow_version\fR +.nf +.RS 6n +show_version(self, is_verbose: int) -> int +.RE +.fi +.RS 6n +.sp +Display the version. (Same as for all the other plugins.) +.RE +.TP 6n +\fBcheck\fR +.br +.nf +.RS 6n +check(self, command_info: Tuple[str, ...], run_argv: Tuple[str, ...], + run_env: Tuple[str, ...]) -> int +.RE +.fi +.RS 6n +.sp +This function is called after policy plugin's check_policy has succeeded. +It can reject execution of the command by returning sudo.RC.REJECT or +raising the special exception: +.nf +.sp +.RS 12n +raise sudo.PluginReject("some message") +.RE +.fi +.sp +with the message describing the problem. +In the latter case, the audit plugins will get the description. +.sp +The function arguments are as follows: +.TP 6n +command_info +A vector of information describing the command that will run. +See the +sudo_plugin(@mansectform@) +manual for possible values. +.TP 6n +run_argv +Argument vector describing a command that will be run. +.TP 6n +run_env +The environment the command will be run with. +.PD 0 +.PP +.RE +.PD +.SS "Approval plugin example" +Sudo ships a Python Approval plugin example. +To try it, register it by adding the following lines to +\fI@sysconfdir@/sudo.conf\fR: +.nf +.sp +.RS 6n +Plugin python_approval python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_approval_plugin.py \e + ClassName=BusinessHoursApprovalPlugin +.RE +.fi +.PP +It will only allow execution of commands in the "business hours" (from Monday +to Friday between 8:00 and 17:59:59). +.SS "Sudoers group provider plugin API" +A group provider plugin is registered in the +sudoers(@mansectform@) +file. +For example: +.nf +.sp +.RS 6n +Defaults group_plugin="python_plugin.so ModulePath= ClassName=" +.RE +.fi +.PP +Currently, only a single group plugin can be registered in +\fIsudoers\fR. +.PP +A group provider plugin may have the following member functions: +.TP 6n +\fBconstructor\fR +.nf +.RS 6n +__init__(self, args: Tuple[str, ...], version: str) +.RE +.fi +.RS 6n +.sp +Implementing this function is optional. +The default constructor will set the keyword arguments it receives +as member variables in the object. +.sp +The function arguments are as follows: +.TP 6n +\fIargs\fR +The plugin options passed as arguments in the +\fIsudoers\fR +file plugin registration. +All the arguments are free form strings (not necessarily in +\(lqkey=value\(rq +format). +.TP 6n +\fIversion\fR +The version of the Python Group Plugin API. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBquery\fR +.br +.nf +.RS 6n +query(self, user: str, group: str, user_pwd: Tuple) +.RE +.fi +.RS 6n +.sp +The +\fBquery\fR() +function is used to ask the group plugin whether +\fIuser\fR +is a member of +\fIgroup\fR. +This method is required. +.RE +.PP +The function arguments are as follows: +.TP 6n +\fIuser\fR +The name of the user being looked up in the external group database. +.TP 6n +\fIgroup\fR +.br +The name of the group being queried. +.TP 6n +\fIuser_pwd\fR +The password database entry for the user, if any. +If +\fIuser\fR +is not present in the password database, +\fIuser_pwd\fR +will be +\fRNULL\fR. +.SS "Group plugin example" +Sudo ships a Python group plugin example. +To try it, register it in the +\fIsudoers\fR +file by adding the following lines: +.nf +.sp +.RS 6n +Defaults group_plugin="python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_group_plugin.py \e + ClassName=SudoGroupPlugin" +.RE +.fi +.PP +The example plugin will tell +\fBsudo\fR +that the user +\fItest\fR +is part of the non-unix group +\fImygroup\fR. +If you add a rule that uses this group, it will affect the +\fItest\fR +user. +For example: +.nf +.sp +.RS 6n +%:mygroup ALL=(ALL) NOPASSWD: ALL +.RE +.fi +.PP +Will allow user +\fItest\fR +to run +\fBsudo\fR +without a password. +.SS "Hook function API" +The hook function API is currently not supported for plugins +written in Python. +.SS "Conversation API" +A Python plugin can interact with the user using the +\fBsudo.conv\fR() +function which displays one or more messages described by the +\fBsudo.ConvMessage\fR +class. +This is the Python equivalent of the +\fBconversation\fR() +function in the C sudo plugin API. +A plugin should not attempt to read directly from the standard input or +the user's tty (neither of which are guaranteed to exist). +.PP +The +\fBsudo.ConvMessage\fR +class specifies how the user interaction should occur: +.nf +.sp +.RS 4n +sudo.ConvMessage(msg_type: int, msg: str, timeout: int) +.RE +.fi +.PP +\fBsudo.ConvMessage\fR +member variables: +.TP 6n +\fImsg_type\fR +Specifies the type of the conversation. +See the +\fRsudo.CONV.*\fR +constants below. +.TP 6n +\fImsg\fR +The message to display to the user. +The caller must include a trailing newline in +\fRmsg\fR +if one is to be displayed. +.TP 6n +\fItimeout\fR +Optional. +The maximum amount of time for the conversation in seconds. +If the timeout is exceeded, the +\fBsudo.conv\fR() +function will raise a +\fRsudo.ConversationInterrupted\fR +exception. +The default is to wait forever (no timeout). +.PP +To specify the message type, the following constants are available: +.PP +.RS 4n +.PD 0 +.TP 3n +\fB\(bu\fR +sudo.CONV.PROMPT_ECHO_OFF +.TP 3n +\fB\(bu\fR +sudo.CONV.PROMPT_ECHO_ON +.TP 3n +\fB\(bu\fR +sudo.CONV.ERROR_MSG +.TP 3n +\fB\(bu\fR +sudo.CONV.INFO_MSG +.TP 3n +\fB\(bu\fR +sudo.CONV.PROMPT_MASK +.TP 3n +\fB\(bu\fR +sudo.CONV.PROMPT_ECHO_OK +.TP 3n +\fB\(bu\fR +sudo.CONV.PREFER_TTY +.RE +.PD +.PP +See the +sudo_plugin(@mansectform@) +manual for a description of the message types. +.PP +The +\fBsudo.conv\fR() +function performs the actual user interaction: +.nf +.sp +.RS 4n +sudo.conv(message(s), on_suspend=suspend_function, + on_resume=resume_function) +.RE +.fi +.PP +The function arguments are as follows: +.TP 6n +\fImessage(s)\fR +One of more messages (of type +\fBsudo.ConvMessage\fR), +each describing a conversation. +At least one message is required. +.TP 6n +\fIon_suspend\fR +An optional callback function which gets called if the conversation +is suspended, for example by the user pressing control-Z. +The specified function must take a single argument which will be filled +with the number of the signal that caused the process to be suspended. +.TP 6n +\fIon_resume\fR +An optional callback function which gets called when the previously +suspended conversation is resumed. +The specified function must take a single argument which will be filled +with the number of the signal that caused the process to be suspended. +.PP +The +\fBsudo.conv\fR() +function can raise the following exceptions: +.TP 6n +\fBsudo.SudoException\fR +If the conversation fails, for example when the conversation function is not +available. +.TP 6n +\fBsudo.ConversationInterrupted\fR +If the conversation function returns an error, e.g., the timeout passed +or the user interrupted the conversation by pressing control-C. +.SS "Conversation example" +Sudo ships with an example plugin demonstrating the Python conversation API. +To try it, register it by adding the following lines to +\fI@sysconfdir@/sudo.conf\fR: +.nf +.sp +.RS 6n +Plugin python_io python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_conversation.py \e + ClassName=ReasonLoggerIOPlugin +.RE +.fi +.SS "Information / error display API" +.nf +.RS 0n +sudo.log_info(string(s), sep=" ", end="\en") +sudo.log_error(string(s), sep=" ", end="\en") +.RE +.fi +.PP +To display information to the user, the +\fBsudo.log_info\fR() +function can be used. +To display error messages, use +\fBsudo.log_error\fR(). +The syntax is similar to the Python +\fBprint\fR() +function. +.PP +The function arguments are as follows: +.TP 6n +\fIstring(s)\fR +One or more strings to display. +.TP 6n +\fIsep\fR +An optional string which will be used as the separator between the +specified strings. +The default is a space character, +(\(oq\ \(cq). +.TP 6n +\fIend\fR +An optional string which will be displayed at the end of the message. +The default is a new line character +(\(oq\en\(cq). +.SS "Debug API" +Debug messages are not visible to the user and are only logged debugging +is explicitly enabled in +sudo.conf(@mansectform@). +Python plugins can use the +\fBsudo.debug\fR() +function to make use of +\fBsudo\fR's +debug system. +.PP +\fIEnabling debugging in sudo.conf\fR +.PP +To enable debug messages, add a +\fRDebug\fR +line to +sudo.conf(@mansectform@) +with the program set to +\fIpython_plugin.so\fR. +For example, to store debug output in +\fI/var/log/sudo_python_debug\fR, +use a line like the following: +.nf +.sp +.RS 6n +Debug python_plugin.so /var/log/sudo_python_debug \e + plugin@trace,c_calls@trace +.RE +.fi +.PP +The debug options are in the form of multiple +\(lqsubsystem@level\(rq +strings, separated by commas +(\(oq\&,\(cq). +For example to just see the debug output of +\fBsudo.debug\fR() +calls, use: +.nf +.sp +.RS 6n +Debug python_plugin.so /var/log/sudo_python_debug plugin@trace +.RE +.fi +.PP +See +sudo_conf(@mansectform@) +for more details. +.PP +The most interesting subsystems for Python plugin development are: +.TP 6n +\fIplugin\fR +Logs each +\fBsudo.debug\fR() +API call. +.TP 6n +\fIpy_calls\fR +Logs whenever a C function calls into the python module. +For example, calling the +\fB__init__\fR() +function. +.TP 6n +\fIc_calls\fR +Logs whenever python calls into a C +\fBsudo\fR +API function. +.TP 6n +\fIinternal\fR +Logs internal functions of the python language wrapper plugin. +.TP 6n +\fIsudo_cb\fR +Logs when +\fBsudo\fR +calls into the python plugin API. +.TP 6n +\fIload\fR +Logs python plugin loading / unloading events. +.PP +You can also specify +\(lqall\(rq +as the subsystem name to log debug messages for all subsystems. +.PP +The +\fBsudo.debug\fR() +function is defined as: +.nf +.sp +.RS 4n +sudo.debug(level, message(s)) +.RE +.fi +.PP +The function arguments are as follows: +.TP 6n +\fIlevel\fR +.br +an integer, use one of the log level constants below +.TP 6n +\fImessage(s)\fR +one or more messages to log +.PP +\fIAvailable log levels:\fR +.TS +l l l. +.PP +\fBsudo.conf name\fR \fBPython constant\fR \fBdescription\fR +.PP +crit sudo.DEBUG.CRIT only critical messages +.PP +err sudo.DEBUG.ERROR +.PP +warn sudo.DEBUG.WARN +.PP +notice sudo.DEBUG.NOTICE +.PP +diag sudo.DEBUG.DIAG +.PP +info sudo.DEBUG.INFO +.PP +trace sudo.DEBUG.TRACE +.PP +debug sudo.DEBUG.DEBUG very extreme verbose debugging +.TE +.PP +\fIUsing the logging module\fR +.PP +Alternatively, a plugin can use the built in logging module of Python as well. +Sudo adds its log handler to the root logger, so by default all output of a +logger will get forwarded to sudo log system, as it would call sudo.debug. +.PP +The log handler of sudo will map each Python log level of a message to +the appropriate sudo debug level. +Note however, that sudo debug system will only get the messages not filtered +out by the Python loggers. +For example, the log level of the python logger will be an additional filter +for the log messages, and is usually very different from what level is set in sudo.conf +for the sudo debug system. +.SS "Debug example" +Sudo ships an example debug plugin by default. +To try it, register it by adding the following lines to +\fI@sysconfdir@/sudo.conf\fR: +.nf +.sp +.RS 6n +Plugin python_io python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_debugging.py \e + ClassName=DebugDemoPlugin + +Debug python_plugin.so \e + /var/log/sudo_python_debug plugin@trace,c_calls@trace +.RE +.fi +.SS "Option conversion API" +The Python plugin API includes two convenience functions to +convert options in +\(lqkey=value\(rq +format to a dictionary and vice versa. +.TP 6n +options_as_dict +.nf +.RS 6n +options_as_dict(options) +.RE +.fi +.RS 6n +.sp +The function arguments are as follows: +.TP 6n +\fIoptions\fR +An iterable (tuple, list, etc.) of strings, each in +\(lqkey=value\(rq +format. +This is how the plugin API passes options and settings to a Python plugin. +.PP +The function returns the resulting dictionary. +Each string of the passed in +\fIoptions\fR +will be split at the first equal sign +(\(oq\&=\(cq) +into a +\fIkey\fR +and +\fIvalue\fR. +Dictionary keys will never contain this symbol (but values may). +.RE +.TP 6n +options_from_dict +.nf +.RS 6n +options_from_dict(options_dict) +.RE +.fi +.RS 6n +.sp +The function arguments are as follows: +.TP 6n +\fIoptions_dict\fR +A dictionary where both the key and the value are strings. +Note that the key should not contain an equal sign +(\(oq\&=\(cq), +otherwise the resulting string will have a different meaning. +However, this is not currently enforced. +.PP +The function returns a tuple containing the strings in +\(lqkey=value\(rq +form for each key and value in the +\fIoptions_dict\fR +dictionary passed in. +This is how the plugin API accepts options and settings. +.RE +.SH "PLUGIN API CHANGELOG (Python)" +None yet +.SH "LIMITATIONS" +Only a maximum number of 8 python I/O plugins can be loaded at once. +If +\fI@sysconfdir@/sudo.conf\fR +contains more, those will be rejected with a warning message. +.PP +The Event API and the hook function API is currently not accessible for Python plugins. +.SH "SEE ALSO" +sudo.conf(@mansectform@), +sudo_plugin(@mansectform@), +sudoers(@mansectform@), +sudo(@mansectsu@) +.SH "AUTHORS" +Many people have worked on +\fBsudo\fR +over the years; this version consists of code written primarily by: +.sp +.RS 6n +Todd C. Miller +.RE +.PP +See the CONTRIBUTORS file in the +\fBsudo\fR +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +\fBsudo\fR. +.SH "BUGS" +Python plugin support is currently considered experimental. +.PP +If you feel you have found a bug in +\fBsudo\fR, +please submit a bug report at https://bugzilla.sudo.ws/ +.SH "SECURITY CONSIDERATIONS" +All Python plugin handling is implemented inside the +\fRpython_plugin.so\fR +dynamic plugin. +Therefore, if no Python plugin is registered in +sudo.conf(@mansectform@) +or the +\fIsudoers\fR +file, +\fBsudo\fR +will not load the Python interpreter or the Python libraries. +.PP +By default, a Python plugin can only import Python modules which are +owned by +\fIroot\fR +and are only writable by the owner. +The reason for this is to prevent a file getting imported accidentally +which is modifiable by a non-root user. +As +\fBsudo\fR +plugins run as +\fIroot\fR, +accidentally importing such file would make it possible for any user +(having write access) to execute any code with administrative rights. +.PP +However, during development of a plugin this might not be very convenient. +The +sudo.conf(@mansectform@) +\fRdeveloper_mode\fR +option can be used to disable it. +For example: +.RS 6n +Set developer_mode true +.RE +.PP +Please note that this creates a security risk, so it is not recommended +on critical systems such as a desktop machine for daily use, but is intended +to be used in development environments (VM, container, etc). +Before enabling developer mode, ensure you understand the implications. +.SH "SUPPORT" +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.SH "DISCLAIMER" +\fBsudo\fR +is provided +\(lqAS IS\(rq +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +\fBsudo\fR +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.8.31/doc/sudo_plugin_python.mdoc.in sudo-1.9.0/doc/sudo_plugin_python.mdoc.in --- sudo-1.8.31/doc/sudo_plugin_python.mdoc.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/doc/sudo_plugin_python.mdoc.in 2020-05-11 16:28:22.000000000 +0000 @@ -0,0 +1,1496 @@ +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2019 Robert Manner +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd February 19, 2020 +.Dt SUDO_PLUGIN_PYTHON @mansectform@ +.Os Sudo @PACKAGE_VERSION@ +.Sh NAME +.Nm sudo_plugin_python +.Nd Sudo Plugin API (Python) +.Sh DESCRIPTION +Starting with version 1.9, +.Nm sudo +plugins can be written in python. +The API closely follows the C +.Nm sudo +plugin API described by +.Xr sudo_plugin @mansectform@ . +.Pp +The supported plugins types are: +.Pp +.Bl -bullet -compact -offset 4n -width 1n +.It +Policy plugin +.It +I/O plugin +.It +Audit plugin +.It +Approval plugin +.It +Group provider plugin +.El +.Pp +Python plugin support needs to be explicitly enabled at build time +with the configure option +.Dq --enable-python . +Python version 3.0 or higher is required. +.Ss Sudo Python Plugin Base +A plugin written in Python should be a class in a python file that +inherits from +.Em sudo.Plugin . +The +.Em sudo.Plugin +base class has no real purpose other than to identify this class as a plugin. +.Pp +The only implemented method is a constructor, which stores the +keyword arguments it receives as fields (member variables) in the object. +This is intended as a convenience to allow you to avoid writing the +constructor yourself. +.Pp +For example: +.Bd -literal -offset indent +import sudo + +class MySudoPlugin(sudo.Plugin): + # example constructor (optional) + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + + # example destructor (optional) + def __del__(self): + pass +.Ed +.Pp +Both the constructor and destructor are optional and can be omitted. +.Pp +The customized Plugin class should define a few plugin-specific methods. +When the plugin loads, +.Nm sudo +will create an instance of this class and call the methods. +The actual methods required depent on the type of the plugin, +but most return an +.Dq int +result code, as documented in +.Xr sudo_plugin @mansctsu@ , +that indicates whether or not the method was successful. +The Python sudo module defines the following constants to improve readability: +.Bl -column "sudo.RC.USAGE_ERROR" "XXX" -offset 4n +.It Sy Define Ta Sy Value +.It Dv sudo.RC.OK Ta 1 +.It Dv sudo.RC.ACCEPT Ta 1 +.It Dv sudo.RC.REJECT Ta 0 +.It Dv sudo.RC.ERROR Ta -1 +.It Dv sudo.RC.USAGE_ERROR Ta -2 +.El +.Pp +If a function returns +.Em None +(for example, if it does not call return), +it will be considered to have returned +.Dv sudo.RC.OK . +If an exception is raised (other than sudo.PluginException), the backtrace will be +shown to the user and the plugin function will return +.Dv sudo.RC.ERROR . +If that is not acceptable, you must catch the exception and handle it yourself. +.Pp +Instead of just returning +.Dv sudo.RC.ERROR +or +.Dv sudo.RC.REJECT +result code the plugin can also provide a message describing the problem. +This can be done by raising one of the special exceptions: +.Bd -literal -offset indent +raise sudo.PluginError("Message") +raise sudo.PluginReject("Message") +.Ed +.Pp +This added message will be used by the audit plugins. +Both exceptions inherit from +.Dv sudo.PluginException +.Ss Python Plugin Loader +Running the Python interpreter and bridging between C and Python is +handled by the +.Nm sudo +plugin +.Li python_plugin.so . +This shared object can be loaded like any other dynamic +.Nm sudo +plugin and should receive the path and the class name of the Python +plugin it is loading as arguments. +.Pp +Example usage in +.Xr sudo.conf @mansectform@ : +.Bd -literal -offset indent +Plugin python_policy python_plugin.so ModulePath= ClassName= +Plugin python_io python_plugin.so ModulePath= ClassName= +Plugin python_audit python_plugin.so ModulePath= ClassName= +Plugin python_approval python_plugin.so ModulePath= ClassName= +.Ed +.Pp +Example group provider plugin usage in the +.Em sudoers +file: +.Bd -literal -offset indent +Defaults group_plugin="python_plugin.so ModulePath= ClassName=" +.Ed +.Pp +The plugin arguments are as follows: +.Bl -tag -width 4n +.It ModulePath +The path of a python file which contains the class of the sudo Python plugin. +It must be either an absolute path or a path relative to the sudo Python plugin +directory: "@plugindir@/python". +.It ClassName +(Optional.) The name of the class implementing the sudo Python plugin. +If not supplied, the one and only sudo.Plugin that is present in the module +will be used. +If there are multiple such plugins in the module (or none), it +will result in an error. +.El +.Ss Policy plugin API +Policy plugins must be registered in +.Xr sudo.conf @mansectform@ . +For example: +.Bd -literal -offset indent +Plugin python_policy python_plugin.so ModulePath= ClassName= +.Ed +.Pp +Currently, only a single policy plugin may be specified in +.Xr sudo.conf @mansectform@ . +.Pp +A policy plugin may have the following member functions: +.Bl -tag -width 4n +.It Sy constructor +.Bd -literal +__init__(self, user_env: Tuple[str, ...], settings: Tuple[str, ...], + version: str, user_info: Tuple[str, ...], + plugin_options: Tuple[str, ...]) +.Ed +.Pp +Implementing this function is optional. +The default constructor will set the keyword arguments it receives +as member variables in the object. +.Pp +The constructor matches the +.Fn open +function in the C sudo plugin API. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa user_env +The user's environment as a tuple of strings in +.Dq key=value +format. +.It Fa settings +A tuple of user-supplied +.Em sudo +settings in the form of +.Dq key=value +strings. +.It Fa version +The version of the Python Policy Plugin API. +.It Fa user_info +A tuple of information about the user running the command in the form of +.Dq key=value +strings. +.It Fa plugin_options +The plugin options passed as arguments in the +.Xr sudo.conf @mansectform@ +plugin registration. +This is a tuple of strings, usually (but not necessarily) in +.Dq key=value +format. +.El +.Pp +The +.Fn sudo.options_as_dict +convenience function can be used to convert +.Dq key=value +pairs to a dictionary. +For a list of recognized keys and their supported values, +see the policy plugin +.Fn open +documentation in +.Xr sudo_plugin @mansectform@ . +.It Sy check_policy +.Bd -literal -compact +check_policy(self, argv: Tuple[str, ...], env_add: Tuple[str, ...]) +.Ed +.Pp +The +.Fn check_policy +function is called by +.Nm sudo +to determine whether the user is allowed to run the specified command. +Implementing this function is mandatory for a policy plugin. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa argv +A tuple describing the command the user wishes to run. +.It Fa env_add +Additional environment variables specified by the user on the command line in +the form of a tuple of +.Dq key=value +pairs. +The +.Fn sudo.options_as_dict +convenience function can be used to convert them to a dictionary. +.El +.Pp +This function should return a result code or a tuple in the following format: +.Bd -literal -offset indent +return (rc, command_info_out, argv_out, user_env_out) +.Ed +.Pp +The tuple values are as follows: +.Bl -tag -width 4n +.It Fa rc +The result of the policy check, one of the +.Dv sudo.RC.* +constants. +.Dv sudo.RC.ACCEPT +if the command is allowed, +.Dv sudo.RC.REJECT +if not allowed, +.Dv sudo.RC.ERROR +for a general error, or +.Dv sudo.RC.USAGE_ERROR +for a usage error. +.It Fa command_info_out +Optional (only required when the command is accepted). +Information about the command being run in the form of +.Dq key=value +strings. +.Pp +To accept a command, at the very minimum the plugin must set in the +.Em command , +.Em runas_uid +and +.Em runas_gid +keys. +.Pp +For a list of recognized keys and supported values, +see the +.Fn check_policy +documentation in +.Xr sudo_plugin @mansectform@ . +.It Fa argv_out +Optional (only required when the command is accepted). +The arguments to pass to the +.Xr execve 2 +system call when executing the command. +.It Fa user_env_out +Optional (only required when the command is accepted). +The environment to use when executing the command in the form of a +tuple of strings in +.Dq key=value +format. +.El +.It Sy init_session +.Bd -literal -compact +init_session(self, user_pwd: Tuple, user_env: Tuple[str, ...]) +.Ed +.Pp +Perform session setup (optional). +The +.Fn init_session +function is called before +.Nm sudo +sets up the +execution environment for the command before any uid or gid changes. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa user_pwd +A tuple describing the user's passwd entry. +Convertible to pwd.struct_passwd or +.Em None +if the user is not present in the password database. +.Pp +Example conversion: +.Bd -literal -compact -offset indent +user_pwd = pwd.struct_passwd(user_pwd) if user_pwd else None +.Ed +.It Fa user_env +The environment the command will run in. +This is a tuple of strings in +.Dq key=value +format. +.El +.Pp +This function should return a result code or a tuple in the following format: +.Bd -literal -offset 4n +return (rc, user_env_out) +.Ed +.Pp +The tuple values are as follows: +.Bl -tag -width 4n +.It Fa rc +The result of the session init, one of the +.Dv sudo.RC.* +constants. +.Dv sudo.RC.OK +on success, 0 on failure, or +.Dv sudo.RC.ERROR +if an error occurred. +.It Fa user_env_out +Optional. +If the +.Fn init_session +function needs to modify the user environment, it can return the new +environment in +.Fa user_env_out . +If this is omitted, no changes will be made to +.Fa user_env . +.El +.It Sy list +.Bd -literal -compact +list(self, argv: Tuple[str, ...], is_verbose: int, user: str) +.Ed +.Pp +List available privileges for the invoking user. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa argv +If not set to +.Em None , +an argument vector describing a command the user wishes to check +against the policy. +.It Fa is_verbose +Flag indicating whether to list in verbose mode or not. +.It Fa user +The name of a different user to list privileges for if the policy allows it. +If +.Em None , +the plugin should list the privileges of the invoking user. +.El +.It Sy validate +.Bd -literal -compact +validate(self) +.Ed +.Pp +For policy plugins that cache authentication credentials, this function is used to validate and cache the credentials (optional). +.It Sy invalidate +.Bd -literal -compact +invalidate(self, remove: int) +.Ed +.Pp +For policy plugins that cache authentication credentials, this function is used to invalidate the credentials (optional). +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa remove +If this flag is set, the plugin may remove the credentials instead of simply +invalidating them. +.El +.It Sy show_version +.Bd -literal -compact +show_version(self, is_verbose: int) +.Ed +.Pp +Display the plugin version information to the user. +The +.Fn sudo.log_info +function should be used. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa is_verbose +A flag to indicate displaying more verbose information. +Currently this is 1 if +.Ql sudo -V +is run as the root user. +.El +.It Sy close +.Bd -literal -compact +close(self, exit_status: int, error: int) +.Ed +.Pp +Called when a command finishes executing. +.Pp +Works the same as the +.Fn close +function in the C sudo plugin API, except that it only gets called if +.Nm sudo +attempts to execute the command. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa exit_status +The exit status of the command if was executed, otherwise -1. +.It Fa error +If the command could not be executed, this is set to the value of +errno set by the +.Xr execve 2 +system call, otherwise 0. +.El +.El +.Ss Policy plugin example +Sudo ships with an example Python policy plugin. +To try it, register it by adding the following lines to +.Pa @sysconfdir@/sudo.conf : +.Bd -literal +Plugin python_policy python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_policy_plugin.py \e + ClassName=SudoPolicyPlugin +.Ed +.Pp +Be aware, however, that you cannot enable the Python policy plugin +in addition to another policy plugin, such as +.Xr sudoers @mansectform@ . +.Ss I/O plugin API +I/O plugins must be registered in +.Xr sudo.conf @mansectform@ . +For example: +.Bd -literal -offset indent +Plugin python_io python_plugin.so ModulePath= ClassName= +.Ed +.Pp +Sudo supports loading multiple I/O plugins. +Currently only 8 python I/O plugins can be loaded at once. +.Pp +An I/O plugin may have the following member functions: +.Bl -tag -width 4n +.It Sy constructor +.Bd -literal -compact +__init__(self, user_env: Tuple[str, ...], settings: Tuple[str, ...], + version: str, user_info: Tuple[str, ...], + plugin_options: Tuple[str, ...]) +.Ed +.Pp +Implementing this function is optional. +The default constructor will set the keyword arguments it receives +as member variables in the object. +.Pp +The constructor matches the +.Fn open +function in the C sudo plugin API. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa user_env +The user's environment as a tuple of strings in +.Dq key=value +format. +.It Fa settings +A tuple of user-supplied +.Em sudo +settings in the form of +.Dq key=value +strings. +.It Fa version +The version of the Python I/O Plugin API. +.It Fa user_info +A tuple of information about the user running the command in the form of +.Dq key=value +strings. +.It Fa plugin_options +The plugin options passed as arguments in the +.Xr sudo.conf @mansectform@ +plugin registration. +This is a tuple of strings, usually (but not necessarily) in +.Dq key=value +format. +.El +.Pp +The +.Fn sudo.options_as_dict +convenience function can be used to convert +.Dq key=value +pairs to a dictionary. +For a list of recognized keys and their supported values, +see the I/O plugin +.Fn open +documentation in +.Xr sudo_plugin @mansectform@ . +.It Sy open +.Bd -literal -compact +open(self, argv: Tuple[str, ...], + command_info: Tuple[str, ...]) -> int +.Ed +.Pp +Receives the command the user wishes to run. +.Pp +Works the same as the +.Fn open +function in the C sudo plugin API except that: +.Pp +.Bl -bullet -compact -offset 4n -width 1n +.It +It only gets called before the user would execute some command +(and not for a version query for example). +.It +Other arguments of the C API +.Fn open +function are received through the constructor. +.El +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa argv +A tuple of the arguments describing the command the user wishes to run. +.It Fa command_info +Information about the command being run in the form of +.Dq key=value +strings. +.El +.Pp +The +.Fn sudo.options_as_dict +convenience function can be used to convert +.Dq key=value +pairs to a dictionary. +For a list of recognized keys and their supported values, +see the I/O plugin +.Fn open +documentation in +.Xr sudo_plugin @mansectform@ . +.Pp +The +.Fn open +function should return a result code, one of the +.Dv sudo.RC.* +constants. +If the function returns +.Dv sudo.RC.REJECT , +no I/O will be sent to the plugin. +.It Sy log_ttyin , log_ttyout , log_stdin , log_stdout , log_stderr +.Bd -literal -compact +log_ttyin(self, buf: str) -> int +log_ttyout(self, buf: str) -> int +log_stdin(self, buf: str) -> int +log_stdout(self, buf: str) -> int +log_stderr(self, buf: str) -> int +.Ed +.Pp +Receive the user input or output of the terminal device and +application standard input / output / error. +See the matching calls in +.Xr sudo_plugin @mansectform@ . +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa buf +The input (or output) buffer in the form of a string. +.El +.Pp +The function should return a result code, one of the +.Dv sudo.RC.* +constants. +.Pp +If +.Dv sudo.RC.ERROR +is returned, the running command will be terminated and all of the plugin's logging +functions will be disabled. +Other I/O logging plugins will still receive any remaining +input or output that has not yet been processed. +.Pp +If an input logging function rejects the data by returning +.Dv sudo.RC.REJECT , +the command will be terminated and the data will not be passed to the +command, though it will still be sent to any other I/O logging plugins. +If an output logging function rejects the data by returning +.Dv sudo.RC.REJECT , +the command will be terminated and the data will not be written to the +terminal, though it will still be sent to any other I/O logging plugins. +.It Sy change_winsize +.Bd -literal -compact +change_winsize(self, line: int, cols: int) -> int +.Ed +.Pp +Called whenever the window size of the terminal changes. +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa line +The number of lines of the terminal. +.It Fa cols +The number of columns of the terminal. +.El +.It Sy log_suspend +.Bd -literal -compact +log_suspend(self, signo: int) -> int +.Ed +Called whenever a command is suspended or resumed. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa signo +The number of the signal that caused the command to be suspended or +.Dv SIGCONT +if the command was resumed. +.El +.It Sy show_version +.Bd -literal -compact +show_version(self, is_verbose: int) +.Ed +Display the plugin version information to the user. +The +.Fn sudo.log_info +function should be used. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa is_verbose +A flag to indicate displaying more verbose information. +Currently this is 1 if +.Ql sudo -V +is run as the root user. +.El +.It Sy close +.Bd -literal -compact +close(self, exit_status: int, error: int) -> None +.Ed +Called when a command execution finished. +.Pp +Works the same as the +.Fn close +function in the C sudo plugin API, except that it only gets called if +.Nm sudo +attempts to execute the command. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa exit_status +The exit status of the command if was executed, otherwise -1. +.It Fa error +If the command could not be executed, this is set to the value of +errno set by the +.Xr execve 2 +system call, otherwise 0. +.El +.El +.Ss I/O plugin example +Sudo ships a Python I/O plugin example. +To try it, register it by adding the following lines to +.Pa @sysconfdir@/sudo.conf : +.Bd -literal -offset indent +Plugin python_io python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_io_plugin.py \e + ClassName=SudoIOPlugin +.Ed +.Ss Audit plugin API +Audit plugins must be registered in +.Xr sudo.conf @mansectform@ . +For example: +.Bd -literal -offset indent +Plugin python_audit python_plugin.so ModulePath= ClassName= +.Ed +.Pp +Sudo supports loading multiple audit plugins. +Currently only 8 python audit plugins can be loaded at once. +.Pp +An audit plugin may have the following member functions (all of them are optional): +.Bl -tag -width 4n +.It Sy constructor +.Bd -literal -compact +__init__(self, user_env: Tuple[str, ...], settings: Tuple[str, ...], + version: str, user_info: Tuple[str, ...], plugin_options: Tuple[str, ...]) +.Ed +.Pp +The default constructor will set the keyword arguments it receives +as member variables in the object. +.Pp +The constructor matches the +.Fn open +function in the C sudo plugin API. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa user_env +The user's environment as a tuple of strings in +.Dq key=value +format. +.It Fa settings +A tuple of user-supplied +.Em sudo +settings in the form of +.Dq key=value +strings. +.It Fa version +The version of the Python Audit Plugin API. +.It Fa user_info +A tuple of information about the user running the command in the form of +.Dq key=value +strings. +.It Fa plugin_options +The plugin options passed as arguments in the +.Xr sudo.conf @mansectform@ +plugin registration. +This is a tuple of strings, usually (but not necessarily) in +.Dq key=value +format. +.El +.It Sy open +.Bd -literal -compact +open(self, submit_optind: int, + submit_argv: Tuple[str, ...]) -> int +.Ed +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa submit_optind +The index into +.Fa submit_argv +that corresponds to the first entry that is not a command line option. +.It Fa submit_argv +The argument vector sudo was invoked with, including all command line options. +.El +.It Sy close +.Bd -literal -compact +close(self, status_type: int, status: int) -> None +.Ed +.Pp +Called when sudo is finished, shortly before it exits. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa status_type +The type of status being passed. +One of the sudo.EXIT_REASON.* constants. +.It Fa status +Depending on the value of +.Fa status_type , +this value is either +ignored, the command's exit status as returned by the +.Xr wait 2 +system call, the value of +.Li errno +set by the +.Xr execve 2 +system call, or the value of +.Li errno +resulting from an error in the +.Nm sudo +front end. +.El +.It Sy show_version +.Bd -literal -compact +show_version(self, is_verbose: int) -> int +.Ed +.Pp +Display the plugin version information to the user. +The +.Fn sudo.log_info +function should be used. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa is_verbose +A flag to indicate displaying more verbose information. +Currently this is 1 if +.Ql sudo -V +is run as the root user. +.El +.It Sy accept +.Bd -literal -compact +accept(self, plugin_name: str, plugin_type: int, command_info: Tuple[str, ...], + run_argv: Tuple[str, ...], run_envp: Tuple[str, ...]) -> int +.Ed +.Pp +This function is called when a command or action is accepted by the policy +plugin. +The function arguments are as follows: +.Bl -tag -width 4n +.It plugin_name +The name of the plugin that accepted the command. +.It plugin_type +The type of plugin that accepted the command, currently always +.Dv sudo.PLUGIN_TYPE.POLICY . +.It command_info +A vector of information describing the command being run. +See the +.Xr sudo_plugin @mansectform@ +manual for possible values. +.It run_argv +Argument vector describing a command that will be run. +.It run_envp +The environment the command will be run with. +.El +.It Sy reject +.Bd -literal -compact +reject(self, plugin_name: str, plugin_type: int, audit_msg: str, + command_info: Tuple[str, ...]) -> int +.Ed +.Pp +This function is called when a command or action is rejected by the policy +plugin. +The function arguments are as follows: +.Bl -tag -width 4n +.It plugin_name +The name of the plugin that accepted the command. +.It plugin_type +The type of plugin that accepted the command, currently always +.Dv sudo.PLUGIN_TYPE.POLICY . +.It audit_msg +An optional string describing the reason the command was rejected by the plugin. +If the plugin did not provide a reason, audit_msg will be +.Em None +. +.It command_info +A vector of information describing the rejected command. +See the +.Xr sudo_plugin @mansectform@ +manual for possible values. +.El +.It Sy error +.Bd -literal -compact +error(self, plugin_name: str, plugin_type: int, audit_msg: str, + command_info: Tuple[str, ...]) -> int +.Ed +.Pp +This function is called when a plugin returns an error. +The function arguments are as follows: +.Bl -tag -width 4n +.It plugin_name +The name of the plugin that accepted the command. +.It plugin_type +The type of plugin that accepted the command, currently +.Dv sudo.PLUGIN_TYPE.POLICY +or +.Dv sudo.PLUGIN_TYPE.IO +. +.It audit_msg +An optional string describing the plugin error. +If the plugin did not provide a description, it will be +.Em None +. +.It command_info +A vector of information describing the command. +See the +.Xr sudo_plugin @mansectform@ +manual for possible values. +.El +.El +.Ss Audit plugin example +Sudo ships a Python Audit plugin example. +To try it, register it by adding the following lines to +.Pa @sysconfdir@/sudo.conf : +.Bd -literal -offset indent +Plugin python_audit python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_audit_plugin.py \e + ClassName=SudoAuditPlugin +.Ed +.Pp +It will log the plugin accept / reject / error results to the output. +.Ss Approval plugin API +Approval plugins must be registered in +.Xr sudo.conf @mansectform@ . +For example: +.Bd -literal -offset indent +Plugin python_approval python_plugin.so ModulePath= ClassName= +.Ed +.Pp +Sudo supports loading multiple approval plugins. +Currently only 8 python approval plugins can be loaded at once. +.Pp +An approval plugin may have the following member functions: +.Bl -tag -width 4n +.It Sy constructor +.Bd -literal -compact +__init__(self, user_env: Tuple[str, ...], settings: Tuple[str, ...], + version: str, user_info: Tuple[str, ...], plugin_options: Tuple[str, ...], + submit_optind: int, submit_argv: Tuple[str, ...]) +.Ed +.Pp +Optional. +The default constructor will set the keyword arguments it receives +as member variables in the object. +.Pp +The constructor matches the +.Fn open +function in the C sudo plugin API. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa user_env +The user's environment as a tuple of strings in +.Dq key=value +format. +.It Fa settings +A tuple of user-supplied +.Em sudo +settings in the form of +.Dq key=value +strings. +.It Fa version +The version of the Python Approval Plugin API. +.It Fa user_info +A tuple of information about the user running the command in the form of +.Dq key=value +strings. +.It Fa plugin_options +The plugin options passed as arguments in the +.Xr sudo.conf @mansectform@ +plugin registration. +This is a tuple of strings, usually (but not necessarily) in +.Dq key=value +format. +.It Fa submit_optind +The index into +.Fa submit_argv +that corresponds to the first entry that is not a command line option. +.It Fa submit_argv +The argument vector sudo was invoked with, including all command line options. +.El +.It Sy show_version +.Bd -literal -compact +show_version(self, is_verbose: int) -> int +.Ed +.Pp +Display the version. (Same as for all the other plugins.) +.It Sy check +.Bd -literal -compact +check(self, command_info: Tuple[str, ...], run_argv: Tuple[str, ...], + run_env: Tuple[str, ...]) -> int +.Ed +.Pp +This function is called after policy plugin's check_policy has succeeded. +It can reject execution of the command by returning sudo.RC.REJECT or +raising the special exception: +.Bd -literal -offset indent +raise sudo.PluginReject("some message") +.Ed +.Pp +with the message describing the problem. +In the latter case, the audit plugins will get the description. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It command_info +A vector of information describing the command that will run. +See the +.Xr sudo_plugin @mansectform@ +manual for possible values. +.It run_argv +Argument vector describing a command that will be run. +.It run_env +The environment the command will be run with. +.El +.El +.Ss Approval plugin example +Sudo ships a Python Approval plugin example. +To try it, register it by adding the following lines to +.Pa @sysconfdir@/sudo.conf : +.Bd -literal -offset indent +Plugin python_approval python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_approval_plugin.py \e + ClassName=BusinessHoursApprovalPlugin +.Ed +.Pp +It will only allow execution of commands in the "business hours" (from Monday +to Friday between 8:00 and 17:59:59). +.Ss Sudoers group provider plugin API +A group provider plugin is registered in the +.Xr sudoers @mansectform@ +file. +For example: +.Bd -literal -offset indent +Defaults group_plugin="python_plugin.so ModulePath= ClassName=" +.Ed +.Pp +Currently, only a single group plugin can be registered in +.Em sudoers . +.Pp +A group provider plugin may have the following member functions: +.Bl -tag -width 4n +.It Sy constructor +.Bd -literal -compact +__init__(self, args: Tuple[str, ...], version: str) +.Ed +.Pp +Implementing this function is optional. +The default constructor will set the keyword arguments it receives +as member variables in the object. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa args +The plugin options passed as arguments in the +.Em sudoers +file plugin registration. +All the arguments are free form strings (not necessarily in +.Dq key=value +format). +.It Fa version +The version of the Python Group Plugin API. +.El +.It Sy query +.Bd -literal -compact +query(self, user: str, group: str, user_pwd: Tuple) +.Ed +.Pp +The +.Fn query +function is used to ask the group plugin whether +.Fa user +is a member of +.Fa group . +This method is required. +.El +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa user +The name of the user being looked up in the external group database. +.It Fa group +The name of the group being queried. +.It Fa user_pwd +The password database entry for the user, if any. +If +.Fa user +is not present in the password database, +.Fa user_pwd +will be +.Dv NULL . +.El +.Ss Group plugin example +Sudo ships a Python group plugin example. +To try it, register it in the +.Em sudoers +file by adding the following lines: +.Bd -literal -offset indent +Defaults group_plugin="python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_group_plugin.py \e + ClassName=SudoGroupPlugin" +.Ed +.Pp +The example plugin will tell +.Nm sudo +that the user +.Em test +is part of the non-unix group +.Em mygroup . +If you add a rule that uses this group, it will affect the +.Em test +user. +For example: +.Bd -literal -offset indent +%:mygroup ALL=(ALL) NOPASSWD: ALL +.Ed +.Pp +Will allow user +.Em test +to run +.Nm sudo +without a password. +.Ss Hook function API +The hook function API is currently not supported for plugins +written in Python. +.Ss Conversation API +A Python plugin can interact with the user using the +.Fn sudo.conv +function which displays one or more messages described by the +.Sy sudo.ConvMessage +class. +This is the Python equivalent of the +.Fn conversation +function in the C sudo plugin API. +A plugin should not attempt to read directly from the standard input or +the user's tty (neither of which are guaranteed to exist). +.Pp +The +.Sy sudo.ConvMessage +class specifies how the user interaction should occur: +.Bd -literal -offset 4n +sudo.ConvMessage(msg_type: int, msg: str, timeout: int) +.Ed +.Pp +.Sy sudo.ConvMessage +member variables: +.Bl -tag -width 4n +.It Fa msg_type +Specifies the type of the conversation. +See the +.Dv sudo.CONV.* +constants below. +.It Fa msg +The message to display to the user. +The caller must include a trailing newline in +.Li msg +if one is to be displayed. +.It Fa timeout +Optional. +The maximum amount of time for the conversation in seconds. +If the timeout is exceeded, the +.Fn sudo.conv +function will raise a +.Dv sudo.ConversationInterrupted +exception. +The default is to wait forever (no timeout). +.El +.Pp +To specify the message type, the following constants are available: +.Pp +.Bl -bullet -compact -offset 4n -width 1n +.It +sudo.CONV.PROMPT_ECHO_OFF +.It +sudo.CONV.PROMPT_ECHO_ON +.It +sudo.CONV.ERROR_MSG +.It +sudo.CONV.INFO_MSG +.It +sudo.CONV.PROMPT_MASK +.It +sudo.CONV.PROMPT_ECHO_OK +.It +sudo.CONV.PREFER_TTY +.El +.Pp +See the +.Xr sudo_plugin @mansectform@ +manual for a description of the message types. +.Pp +The +.Fn sudo.conv +function performs the actual user interaction: +.Bd -literal -offset 4n +sudo.conv(message(s), on_suspend=suspend_function, + on_resume=resume_function) +.Ed +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa message(s) +One of more messages (of type +.Sy sudo.ConvMessage ) , +each describing a conversation. +At least one message is required. +.It Fa on_suspend +An optional callback function which gets called if the conversation +is suspended, for example by the user pressing control-Z. +The specified function must take a single argument which will be filled +with the number of the signal that caused the process to be suspended. +.It Fa on_resume +An optional callback function which gets called when the previously +suspended conversation is resumed. +The specified function must take a single argument which will be filled +with the number of the signal that caused the process to be suspended. +.El +.Pp +The +.Fn sudo.conv +function can raise the following exceptions: +.Bl -tag -width 4n +.It Sy sudo.SudoException +If the conversation fails, for example when the conversation function is not +available. +.It Sy sudo.ConversationInterrupted +If the conversation function returns an error, e.g., the timeout passed +or the user interrupted the conversation by pressing control-C. +.El +.Ss Conversation example +Sudo ships with an example plugin demonstrating the Python conversation API. +To try it, register it by adding the following lines to +.Pa @sysconfdir@/sudo.conf : +.Bd -literal -offset indent +Plugin python_io python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_conversation.py \e + ClassName=ReasonLoggerIOPlugin +.Ed +.Ss Information / error display API +.Bd -literal +sudo.log_info(string(s), sep=" ", end="\en") +sudo.log_error(string(s), sep=" ", end="\en") +.Ed +.Pp +To display information to the user, the +.Fn sudo.log_info +function can be used. +To display error messages, use +.Fn sudo.log_error . +The syntax is similar to the Python +.Fn print +function. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa string(s) +One or more strings to display. +.It Fa sep +An optional string which will be used as the separator between the +specified strings. +The default is a space character, +.Pq Sq \ . +.It Fa end +An optional string which will be displayed at the end of the message. +The default is a new line character +.Pq Sq \en . +.El +.Ss Debug API +Debug messages are not visible to the user and are only logged debugging +is explicitly enabled in +.Xr sudo.conf @mansectform@ . +Python plugins can use the +.Fn sudo.debug +function to make use of +.Nm sudo Ns No 's +debug system. +.Pp +.Em Enabling debugging in sudo.conf +.Pp +To enable debug messages, add a +.Li Debug +line to +.Xr sudo.conf @mansectform@ +with the program set to +.Pa python_plugin.so . +For example, to store debug output in +.Pa /var/log/sudo_python_debug , +use a line like the following: +.Bd -literal -offset indent +Debug python_plugin.so /var/log/sudo_python_debug \e + plugin@trace,c_calls@trace +.Ed +.Pp +The debug options are in the form of multiple +.Dq subsystem@level +strings, separated by commas +.Pq Sq \&, . +For example to just see the debug output of +.Fn sudo.debug +calls, use: +.Bd -literal -offset indent +Debug python_plugin.so /var/log/sudo_python_debug plugin@trace +.Ed +.Pp +See +.Xr sudo_conf @mansectform@ +for more details. +.Pp +The most interesting subsystems for Python plugin development are: +.Bl -tag -width 4n +.It Em plugin +Logs each +.Fn sudo.debug +API call. +.It Em py_calls +Logs whenever a C function calls into the python module. +For example, calling the +.Fn __init__ +function. +.It Em c_calls +Logs whenever python calls into a C +.Nm sudo +API function. +.It Em internal +Logs internal functions of the python language wrapper plugin. +.It Em sudo_cb +Logs when +.Nm sudo +calls into the python plugin API. +.It Em load +Logs python plugin loading / unloading events. +.El +.Pp +You can also specify +.Dq all +as the subsystem name to log debug messages for all subsystems. +.Pp +The +.Fn sudo.debug +function is defined as: +.Bd -literal -offset 4n +sudo.debug(level, message(s)) +.Ed +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa level +an integer, use one of the log level constants below +.It Fa message(s) +one or more messages to log +.El +.Pp +.Em Available log levels: +.Bl -column "name in sudo.conf" "Python constant" "only critical messages" +.It Sy sudo.conf name Ta Sy Python constant Ta Sy description +.It crit Ta sudo.DEBUG.CRIT Ta only critical messages +.It err Ta sudo.DEBUG.ERROR Ta +.It warn Ta sudo.DEBUG.WARN Ta +.It notice Ta sudo.DEBUG.NOTICE Ta +.It diag Ta sudo.DEBUG.DIAG Ta +.It info Ta sudo.DEBUG.INFO Ta +.It trace Ta sudo.DEBUG.TRACE Ta +.It debug Ta sudo.DEBUG.DEBUG Ta very extreme verbose debugging +.El +.Pp +.Em Using the logging module +.Pp +Alternatively, a plugin can use the built in logging module of Python as well. +Sudo adds its log handler to the root logger, so by default all output of a +logger will get forwarded to sudo log system, as it would call sudo.debug. +.Pp +The log handler of sudo will map each Python log level of a message to +the appropriate sudo debug level. +Note however, that sudo debug system will only get the messages not filtered +out by the Python loggers. +For example, the log level of the python logger will be an additional filter +for the log messages, and is usually very different from what level is set in sudo.conf +for the sudo debug system. +.Ss Debug example +Sudo ships an example debug plugin by default. +To try it, register it by adding the following lines to +.Pa @sysconfdir@/sudo.conf : +.Bd -literal -offset indent +Plugin python_io python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_debugging.py \e + ClassName=DebugDemoPlugin + +Debug python_plugin.so \e + /var/log/sudo_python_debug plugin@trace,c_calls@trace +.Ed +.Ss Option conversion API +The Python plugin API includes two convenience functions to +convert options in +.Dq key=value +format to a dictionary and vice versa. +.Bl -tag -width 4n +.It options_as_dict +.Bd -literal -compact +options_as_dict(options) +.Ed +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa options +An iterable (tuple, list, etc.) of strings, each in +.Dq key=value +format. +This is how the plugin API passes options and settings to a Python plugin. +.El +.Pp +The function returns the resulting dictionary. +Each string of the passed in +.Fa options +will be split at the first equal sign +.Pq Sq \&= +into a +.Em key +and +.Em value . +Dictionary keys will never contain this symbol (but values may). +.It options_from_dict +.Bd -literal -compact +options_from_dict(options_dict) +.Ed +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa options_dict +A dictionary where both the key and the value are strings. +Note that the key should not contain an equal sign +.Pq Sq \&= , +otherwise the resulting string will have a different meaning. +However, this is not currently enforced. +.El +.Pp +The function returns a tuple containing the strings in +.Dq key=value +form for each key and value in the +.Fa options_dict +dictionary passed in. +This is how the plugin API accepts options and settings. +.El +.Sh PLUGIN API CHANGELOG (Python) +None yet +.Sh LIMITATIONS +Only a maximum number of 8 python I/O plugins can be loaded at once. +If +.Pa @sysconfdir@/sudo.conf +contains more, those will be rejected with a warning message. +.Pp +The Event API and the hook function API is currently not accessible for Python plugins. +.Sh SEE ALSO +.Xr sudo.conf @mansectform@ , +.Xr sudo_plugin @mansectform@ , +.Xr sudoers @mansectform@ , +.Xr sudo @mansectsu@ +.Sh AUTHORS +Many people have worked on +.Nm sudo +over the years; this version consists of code written primarily by: +.Bd -ragged -offset indent +.An Todd C. Miller +.Ed +.Pp +See the CONTRIBUTORS file in the +.Nm sudo +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +.Nm sudo . +.Sh BUGS +Python plugin support is currently considered experimental. +.Pp +If you feel you have found a bug in +.Nm sudo , +please submit a bug report at https://bugzilla.sudo.ws/ +.Sh SECURITY CONSIDERATIONS +All Python plugin handling is implemented inside the +.Li python_plugin.so +dynamic plugin. +Therefore, if no Python plugin is registered in +.Xr sudo.conf @mansectform@ +or the +.Em sudoers +file, +.Nm sudo +will not load the Python interpreter or the Python libraries. +.Pp +By default, a Python plugin can only import Python modules which are +owned by +.Em root +and are only writable by the owner. +The reason for this is to prevent a file getting imported accidentally +which is modifiable by a non-root user. +As +.Nm sudo +plugins run as +.Em root , +accidentally importing such file would make it possible for any user +(having write access) to execute any code with administrative rights. +.Pp +However, during development of a plugin this might not be very convenient. +The +.Xr sudo.conf @mansectform@ +.Li developer_mode +option can be used to disable it. +For example: +.Dl Set developer_mode true +.Pp +Please note that this creates a security risk, so it is not recommended +on critical systems such as a desktop machine for daily use, but is intended +to be used in development environments (VM, container, etc). +Before enabling developer mode, ensure you understand the implications. +.Sh SUPPORT +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.Sh DISCLAIMER +.Nm sudo +is provided +.Dq AS IS +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +.Nm sudo +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.8.31/doc/sudoreplay.man.in sudo-1.9.0/doc/sudoreplay.man.in --- sudo-1.8.31/doc/sudoreplay.man.in 2019-10-28 12:27:45.000000000 +0000 +++ sudo-1.9.0/doc/sudoreplay.man.in 2020-05-11 16:28:23.000000000 +0000 @@ -2,7 +2,7 @@ .\" .\" SPDX-License-Identifier: ISC .\" -.\" Copyright (c) 2009-2019 Todd C. Miller +.\" Copyright (c) 2009-2020 Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -16,7 +16,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.TH "SUDOREPLAY" "@mansectsu@" "August 27, 2019" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" +.TH "SUDOREPLAY" "@mansectsu@" "March 26, 2019" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" .nh .if n .ad l .SH "NAME" @@ -183,6 +183,10 @@ \fBsudo\fR was run this field will be empty in the log. .TP 8n +host \fIhostname\fR +Evaluates to true if the command was run on the specified +\fIhostname\fR. +.TP 8n runas \fIrunas_user\fR Evaluates to true if the command was run as the specified \fIrunas_user\fR. @@ -396,6 +400,9 @@ \fI@iolog_dir@/00/00/01/log\fR Example session log info. .TP 26n +\fI@iolog_dir@/00/00/01/log.json\fR +Example session log info (JSON format). +.TP 26n \fI@iolog_dir@/00/00/01/stdin\fR Example session standard input log. .TP 26n diff -Nru sudo-1.8.31/doc/sudoreplay.mdoc.in sudo-1.9.0/doc/sudoreplay.mdoc.in --- sudo-1.8.31/doc/sudoreplay.mdoc.in 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/doc/sudoreplay.mdoc.in 2020-05-11 16:28:22.000000000 +0000 @@ -1,7 +1,7 @@ .\" .\" SPDX-License-Identifier: ISC .\" -.\" Copyright (c) 2009-2019 Todd C. Miller +.\" Copyright (c) 2009-2020 Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd August 27, 2019 +.Dd March 26, 2019 .Dt SUDOREPLAY @mansectsu@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -168,6 +168,9 @@ was explicitly specified when .Nm sudo was run this field will be empty in the log. +.It host Ar hostname +Evaluates to true if the command was run on the specified +.Ar hostname . .It runas Ar runas_user Evaluates to true if the command was run as the specified .Ar runas_user . @@ -358,6 +361,8 @@ The default I/O log directory. .It Pa @iolog_dir@/00/00/01/log Example session log info. +.It Pa @iolog_dir@/00/00/01/log.json +Example session log info (JSON format). .It Pa @iolog_dir@/00/00/01/stdin Example session standard input log. .It Pa @iolog_dir@/00/00/01/stdout diff -Nru sudo-1.8.31/doc/sudo_sendlog.man.in sudo-1.9.0/doc/sudo_sendlog.man.in --- sudo-1.8.31/doc/sudo_sendlog.man.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/doc/sudo_sendlog.man.in 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,177 @@ +.\" Automatically generated from an mdoc input file. Do not edit. +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2019-2020 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.TH "SUDO_SENDLOG" "@mansectsu@" "April 30, 2020" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" +.nh +.if n .ad l +.SH "NAME" +\fBsudo_sendlog\fR +\- send sudo I/O log to log server +.SH "SYNOPSIS" +.HP 13n +\fBsudo_sendlog\fR +[\fB\-nV\fR] +[\fB\-b\fR\ \fIca_bundle\fR] +[\fB\-c\fR\ \fIcert_file\fR] +[\fB\-h\fR\ \fIhost\fR] +[\fB\-i\fR\ \fIiolog-id\fR] +[\fB\-k\fR\ \fIkey_file\fR] +[\fB\-p\fR\ \fIport\fR] +[\fB\-r\fR\ \fIrestart-point\fR] +[\fB\-t\fR\ \fInumber\fR] +\fIpath\fR +.SH "DESCRIPTION" +\fBsudo_sendlog\fR +can be used to send the existing +\fBsudoers\fR +I/O log +\fIpath\fR +to a remote log server such as +sudo_logsrvd(@mansectsu@) +for central storage. +.PP +The options are as follows: +.TP 12n +\fB\-b\fR, \fB\--ca-bundle\fR +The path to a certificate authority bundle file, in PEM format, +to use instead of the system's default certificate authority database +when authenticating the log server. +The default is to use the system's default certificate authority database. +.TP 12n +\fB\-c\fR, \fB\--cert\fR +The path to the client's certificate file in PEM format. +This setting is required when the connection to the remote log server +is secured with TLS. +.TP 12n +\fB\--help\fR +Display a short help message to the standard output and exit. +.TP 12n +\fB\-h\fR, \fB\--host\fR +Connect to the specified +\fIhost\fR +instead of localhost. +.TP 12n +\fB\-i\fR, \fB\--iolog-id\fR +Use the specified +\fIiolog-id\fR +when restarting a log transfer. +The +\fIiolog-id\fR +is reported by the server when it creates the remote I/O log. +This option may only be used in conjunction with the +\fB\-r\fR +option. +.TP 12n +\fB\-k\fR, \fB\--key\fR +.br +The path to the client's private key file in PEM format. +This setting is required when the connection to the remote log server +is secured with TLS. +.TP 12n +\fB\-n\fR, \fB\--no-verify\fR +If specified, the server's certificate will not be verified during +the TLS handshake. +By default, +\fBsudo_sendlog\fR +verifies that the server's certificate is valid and that it contains either +the server's host name or its IP address. +This setting is only supported when the connection to the remote log server +is secured with TLS. +.TP 12n +\fB\-p\fR, \fB\--port\fR +Use the specified network +\fIport\fR +when connecting to the log server instead of the +default, port 30344. +.TP 12n +\fB\-r\fR, \fB\--restart\fR +Restart an interrupted connection to the log server. +The specified +\fIrestart-point\fR +is used to tell the server the point in time at which to continue the log. +The +\fIrestart-point\fR +is specified in the form +\(lqseconds,nanoseconds\(rq +and is usually the last commit point received from the server. +The +\fB\-i\fR +option must also be specified when restarting a transfer. +.TP 12n +\fB\-t\fR, \fB\--test\fR +Open +\fInumber\fR +simultaneous connections to the log server and send the specified +I/O log file on each one. +This option is useful for performance testing. +.TP 12n +\fB\-V\fR, \fB\--version\fR +Print the +\fBsudo_sendlog\fR +version and exit. +.SS "Debugging sendlog" +\fBsudo_sendlog\fR +supports a flexible debugging framework that is configured via +\fRDebug\fR +lines in the +sudo.conf(@mansectform@) +file. +.PP +For more information on configuring +sudo.conf(@mansectform@), +please refer to its manual. +.SH "FILES" +.TP 26n +\fI@sysconfdir@/sudo.conf\fR +Sudo front end configuration +.SH "SEE ALSO" +sudo.conf(@mansectform@), +sudo(@mansectsu@), +sudo_logsrvd(@mansectsu@) +.SH "AUTHORS" +Many people have worked on +\fBsudo\fR +over the years; this version consists of code written primarily by: +.sp +.RS 6n +Todd C. Miller +.RE +.PP +See the CONTRIBUTORS file in the +\fBsudo\fR +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +\fBsudo\fR. +.SH "BUGS" +If you feel you have found a bug in +\fBsudo_sendlog\fR, +please submit a bug report at https://bugzilla.sudo.ws/ +.SH "SUPPORT" +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.SH "DISCLAIMER" +\fBsudo_sendlog\fR +is provided +\(lqAS IS\(rq +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +\fBsudo\fR +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.8.31/doc/sudo_sendlog.mdoc.in sudo-1.9.0/doc/sudo_sendlog.mdoc.in --- sudo-1.8.31/doc/sudo_sendlog.mdoc.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/doc/sudo_sendlog.mdoc.in 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,165 @@ +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2019-2020 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd April 30, 2020 +.Dt SUDO_SENDLOG @mansectsu@ +.Os Sudo @PACKAGE_VERSION@ +.Sh NAME +.Nm sudo_sendlog +.Nd send sudo I/O log to log server +.Sh SYNOPSIS +.Nm sudo_sendlog +.Op Fl nV +.Op Fl b Ar ca_bundle +.Op Fl c Ar cert_file +.Op Fl h Ar host +.Op Fl i Ar iolog-id +.Op Fl k Ar key_file +.Op Fl p Ar port +.Op Fl r Ar restart-point +.Op Fl t Ar number +.Ar path +.Sh DESCRIPTION +.Nm +can be used to send the existing +.Nm sudoers +I/O log +.Ar path +to a remote log server such as +.Xr sudo_logsrvd @mansectsu@ +for central storage. +.Pp +The options are as follows: +.Bl -tag -width Fl +.It Fl b , -ca-bundle +The path to a certificate authority bundle file, in PEM format, +to use instead of the system's default certificate authority database +when authenticating the log server. +The default is to use the system's default certificate authority database. +.It Fl c , -cert +The path to the client's certificate file in PEM format. +This setting is required when the connection to the remote log server +is secured with TLS. +.It Fl -help +Display a short help message to the standard output and exit. +.It Fl h , -host +Connect to the specified +.Ar host +instead of localhost. +.It Fl i , -iolog-id +Use the specified +.Ar iolog-id +when restarting a log transfer. +The +.Ar iolog-id +is reported by the server when it creates the remote I/O log. +This option may only be used in conjunction with the +.Fl r +option. +.It Fl k , -key +The path to the client's private key file in PEM format. +This setting is required when the connection to the remote log server +is secured with TLS. +.It Fl n , -no-verify +If specified, the server's certificate will not be verified during +the TLS handshake. +By default, +.Nm +verifies that the server's certificate is valid and that it contains either +the server's host name or its IP address. +This setting is only supported when the connection to the remote log server +is secured with TLS. +.It Fl p , -port +Use the specified network +.Ar port +when connecting to the log server instead of the +default, port 30344. +.It Fl r , -restart +Restart an interrupted connection to the log server. +The specified +.Ar restart-point +is used to tell the server the point in time at which to continue the log. +The +.Ar restart-point +is specified in the form +.Dq seconds,nanoseconds +and is usually the last commit point received from the server. +The +.Fl i +option must also be specified when restarting a transfer. +.It Fl t , -test +Open +.Ar number +simultaneous connections to the log server and send the specified +I/O log file on each one. +This option is useful for performance testing. +.It Fl V , -version +Print the +.Nm +version and exit. +.El +.Ss Debugging sendlog +.Nm +supports a flexible debugging framework that is configured via +.Li Debug +lines in the +.Xr sudo.conf @mansectform@ +file. +.Pp +For more information on configuring +.Xr sudo.conf @mansectform@ , +please refer to its manual. +.Sh FILES +.Bl -tag -width 24n +.It Pa @sysconfdir@/sudo.conf +Sudo front end configuration +.El +.Sh SEE ALSO +.Xr sudo.conf @mansectform@ , +.Xr sudo @mansectsu@ , +.Xr sudo_logsrvd @mansectsu@ +.Sh AUTHORS +Many people have worked on +.Nm sudo +over the years; this version consists of code written primarily by: +.Bd -ragged -offset indent +.An Todd C. Miller +.Ed +.Pp +See the CONTRIBUTORS file in the +.Nm sudo +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +.Nm sudo . +.Sh BUGS +If you feel you have found a bug in +.Nm , +please submit a bug report at https://bugzilla.sudo.ws/ +.Sh SUPPORT +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.Sh DISCLAIMER +.Nm +is provided +.Dq AS IS +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +.Nm sudo +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.8.31/etc/codespell.exclude sudo-1.9.0/etc/codespell.exclude --- sudo-1.8.31/etc/codespell.exclude 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/etc/codespell.exclude 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,32 @@ + * Returns true if any tags set in nt differ between ot and nt, else false. +#define TAGS_CHANGED(ot, nt) \ + ((TAG_SET((nt).follow) && (nt).follow != (ot).follow) || \ + (TAG_SET((nt).log_input) && (nt).log_input != (ot).log_input) || \ + (TAG_SET((nt).log_output) && (nt).log_output != (ot).log_output) || \ + (TAG_SET((nt).noexec) && (nt).noexec != (ot).noexec) || \ + (TAG_SET((nt).nopasswd) && (nt).nopasswd != (ot).nopasswd) || \ + (TAG_SET((nt).setenv) && (nt).setenv != (ot).setenv) || \ + (TAG_SET((nt).send_mail) && (nt).send_mail != (ot).send_mail)) + sv sw ta te tg th tr uk ur vi wa wo zh_CN zh_HK + if (!PyArg_ParseTupleAndKeywords(py_args ? py_args : py_empty, py_kwargs, "Ois|i:sudo.ConvMessage", keywords, + $ans = ; + if ($ans =~ /^[yY]/) { +.nr BA @BAMAN@ +.if \n(BA \{\ +.Nd convert between sudoers file formats +.Nd configuration for sudo front end +.Nd execute a command as another user +.Nd Sudo log server protocol +.Nd configuration for sudo_logsrvd +.Nd sudo event and I/O log server +.Nd Sudo Plugin API +.Nd Sudo Plugin API (Python) +.Nd send sudo I/O log to log server +.Nd sudo LDAP configuration +.Nd default sudo security policy plugin +.Nd Sudoers Time Stamp Format +.Nd replay sudo session logs +.Nd edit the sudoers file + * If path doesn't end in /, return true iff cmnd & path name the same inode; + * Tim Fraser + echo ".Nd sudo" >> conftest diff -Nru sudo-1.8.31/etc/codespell.ignore sudo-1.9.0/etc/codespell.ignore --- sudo-1.8.31/etc/codespell.ignore 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/etc/codespell.ignore 2020-05-11 16:28:22.000000000 +0000 @@ -0,0 +1,14 @@ +Ois +SOM +VAS +alloced +edn +fIDN +ist +numer +pleas +sav +thur +toke +vas +wit diff -Nru sudo-1.8.31/etc/codespell.skip sudo-1.9.0/etc/codespell.skip --- sudo-1.8.31/etc/codespell.skip 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/etc/codespell.skip 2020-05-11 16:28:22.000000000 +0000 @@ -0,0 +1,25 @@ +\.in\.sed$ +/data +Makefile\.in +^ChangeLog$ +^MANIFEST$ +^aclocal\.m4$ +^autogen\.sh$ +^config\.guess$ +^config\.h\.in$ +^config\.sub$ +^configure$ +^doc/.*\.man\.in$ +^doc/CONTRIBUTORS$ +^etc/codespell +^lib/util/fnmatch\.c$ +^lib/util/getaddrinfo\.c$ +^lib/zlib/ +^libtool$ +^ltmain\.sh$ +^m4/libtool\.m4$ +^m4/lt.*\.m4$ +^mkinstalldirs$ +^plugins/sudoers/po/ +^po/ +^scripts/pp$ diff -Nru sudo-1.8.31/etc/init.d/aix.sh.in sudo-1.9.0/etc/init.d/aix.sh.in --- sudo-1.8.31/etc/init.d/aix.sh.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/etc/init.d/aix.sh.in 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,25 @@ +#!/bin/sh +# +# Simple AIX rc.d script to remove the sudo timestamp directory on boot. +# This is needed because AIX does not have /var/run. +# Install as /etc/rc.d/init.d/sudo with a link /etc/rc.d/rc2.d/S90sudo +# + +PATH=/usr/sbin:/usr/bin:/sbin +export PATH + +TSDIR="@rundir@/ts" +rval=0 + +case "$1" in +start) + echo "Removing the $TSDIR directory" + rm -rf "$TSDIR" + ;; +*) + echo "usage: $0 start" + rval=1 + ;; +esac + +exit $rval diff -Nru sudo-1.8.31/etc/init.d/hpux.sh.in sudo-1.9.0/etc/init.d/hpux.sh.in --- sudo-1.8.31/etc/init.d/hpux.sh.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/etc/init.d/hpux.sh.in 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,27 @@ +#!/sbin/sh +# +# Simple HP-UX init.d script to remove the sudo timestamp directory on boot. +# This is needed because HP-UX does not clear /var/run on its own. +# Install as /sbin/init.d/sudo with a link /sbin/rc2.d/S900sudo +# + +PATH=/usr/sbin:/usr/bin:/sbin +export PATH + +TSDIR="@rundir@/ts" +rval=0 + +case "$1" in +start_msg) + echo "Removing the $TSDIR directory" + ;; +start) + rm -rf "$TSDIR" + ;; +*) + echo "usage: $0 {start|start_msg}" + rval=1 + ;; +esac + +exit $rval diff -Nru sudo-1.8.31/etc/init.d/sudo.conf.in sudo-1.9.0/etc/init.d/sudo.conf.in --- sudo-1.8.31/etc/init.d/sudo.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/etc/init.d/sudo.conf.in 2020-05-11 16:28:22.000000000 +0000 @@ -0,0 +1,6 @@ +# Create an empty sudo time stamp directory on OSes using systemd. +# Sudo will create the directory itself but this can cause problems +# on systems that have SELinux enabled since the directories will be +# created with the user's security context. +d @rundir@ 0711 root root +D @rundir@/ts 0700 root root diff -Nru sudo-1.8.31/etc/sudo-logsrvd.pp sudo-1.9.0/etc/sudo-logsrvd.pp --- sudo-1.8.31/etc/sudo-logsrvd.pp 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/etc/sudo-logsrvd.pp 2020-05-11 16:28:22.000000000 +0000 @@ -0,0 +1,250 @@ +%set + name="sudo-logsrvd" + summary="Sudo event and I/O log server" + description="The sudo_logsrvd daemon collects event and I/O logs \ +from sudo clients. +This makes it possible to have all sudo I/O logs on a central server." + vendor="Todd C. Miller" + copyright="(c) 2019-2020 Todd C. Miller" + +%if [aix] + # Convert to 4 part version for AIX, including patch level + pp_aix_version=`echo $version|sed -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)p\([0-9]*\)$/\1.\2/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)[^0-9\.].*$/\1/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)$/\1.0/'` + + # Don't allow sudo to prompt for a password + pp_aix_sudo="sudo -n" +%endif + +%if [sd] + pp_sd_vendor_tag="TCM" +%endif + +%if [solaris] + pp_solaris_name="TCM${name}" + pp_solaris_pstamp=`/usr/bin/date "+%B %d, %Y"` +%endif + +%if [macos] + # System Integrity Protection on macOS won't allow us to write + # directly to /etc or /var. We must install in /private instead. + case "$sysconfdir" in + /etc|/etc/*) + mkdir -p ${pp_destdir}/private + chmod 755 ${pp_destdir}/private + if test -d ${pp_destdir}/etc; then + mv ${pp_destdir}/etc ${pp_destdir}/private/etc + fi + sysconfdir="/private${sysconfdir}" + ;; + esac + case "$vardir" in + /var|/var/*) + mkdir -p ${pp_destdir}/private + chmod 755 ${pp_destdir}/private + if test -d ${pp_destdir}/var; then + mv ${pp_destdir}/var ${pp_destdir}/private/var + fi + vardir="/private${vardir}" + ;; + esac + case "$rundir" in + /var|/var/*) + mkdir -p ${pp_destdir}/private + chmod 755 ${pp_destdir}/private + if test -d ${pp_destdir}/var; then + mv ${pp_destdir}/var ${pp_destdir}/private/var + fi + rundir="/private${rundir}" + ;; + esac +%endif + +%if [rpm,deb] + # Convert patch level into release and remove from version + pp_rpm_release="`expr \( $version : '.*p\([0-9][0-9]*\)$' \| 0 \) + 1`" + pp_rpm_version="`expr \( $version : '\(.*\)p[0-9][0-9]*$' \| $version \)`" + pp_rpm_license="BSD" + pp_rpm_url="https://www.sudo.ws" + pp_rpm_group="Applications/System" + pp_rpm_packager="Todd C. Miller " +%else + # We install sudo_logsrvd.conf from the example dir during post-install + rm -f ${pp_destdir}$sysconfdir/sudo_logsrvd.conf +%endif + + # Stash original docdir and exampledir + odocdir="${docdir}" + oexampledir="${exampledir}" + + # For RedHat the doc dir is expected to include version and release + case "$pp_rpm_distro" in + centos*|rhel*|f[0-9]*) + docdir="${docdir}-${pp_rpm_version}-${pp_rpm_release}" + exampledir="${docdir}/examples" + ;; + esac + + # docdir and exampledir are installed with "sudo" as the package + # name which may not be correct. + docdir="`echo \"${docdir}\" | sed \"s#/sudo#/${name}#g\"`" + exampledir="`echo \"${exampledir}\" | sed \"s#/sudo#/${name}#g\"`" + + # Copy docdir and exampledir to new names if needed + if test ! -d "${pp_destdir}${docdir}"; then + cp -R ${pp_destdir}${odocdir} ${pp_destdir}${docdir} + find ${pp_destdir}${docdir} -depth | sed "s#^${pp_destdir}##" >> ${pp_wrkdir}/pp_cleanup + fi + if test ! -d "${pp_destdir}${exampledir}"; then + cp -R ${pp_destdir}${oexampledir} ${pp_destdir}${exampledir} + find ${pp_destdir}${exampledir} -depth | sed "s#^${pp_destdir}##" >> ${pp_wrkdir}/pp_cleanup + fi + +%if [deb] + pp_deb_maintainer="$pp_rpm_packager" + pp_deb_release="$pp_rpm_release" + pp_deb_version="$pp_rpm_version" + pp_deb_section=admin + install -D -m 644 ${pp_destdir}$docdir/LICENSE ${pp_wrkdir}/${name}/usr/share/doc/${name}/copyright + install -D -m 644 ${pp_destdir}$docdir/ChangeLog ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog + gzip -9f ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog + printf "$name ($pp_deb_version-$pp_deb_release) admin; urgency=low\n\n * see upstream changelog\n\n -- $pp_deb_maintainer `date '+%a, %d %b %Y %T %z'`\n" > ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian + chmod 644 ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian + gzip -9f ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian + # Create lintian override file + mkdir -p ${pp_wrkdir}/${name}/usr/share/lintian/overrides + cat >${pp_wrkdir}/${name}/usr/share/lintian/overrides/${name} <<-EOF + # Sudo ships with debugging symbols + $name: unstripped-binary-or-object + EOF + chmod 644 ${pp_wrkdir}/${name}/usr/share/lintian/overrides/${name} +%endif + +%if [rpm] + # Add distro info to release + osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,2\}\).*/\1/'` + case "$pp_rpm_distro" in + centos*|rhel*|f[0-9]*) + pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}" + ;; + sles*) + pp_rpm_release="$pp_rpm_release.sles$osrelease" + ;; + esac +%endif + +%if [macos] + pp_macos_bundle_id=ws.sudo.pkg.sudo + pp_macos_pkg_license=${pp_destdir}$docdir/LICENSE + pp_macos_pkg_readme=${pp_wrkdir}/ReadMe.txt + pp_macos_pkg_type=flat + perl -pe 'last if (/^What/i && $seen++)' ${pp_destdir}$docdir/NEWS > ${pp_wrkdir}/ReadMe.txt +%endif + +%if X"$aix_freeware" = X"true" + # Create links from /opt/freeware/sbin -> /usr/sbin + mkdir -p ${pp_destdir}/usr/sbin + ln -s -f ${sbindir}/sudo_logsrvd ${pp_destdir}/usr/sbin +%endif + + # Package parent directories when not installing under /usr + if test "${prefix}" != "/usr"; then + extradirs=`echo ${pp_destdir}${mandir}/[mc]* | sed "s#${pp_destdir}##g"` + extradirs="$extradirs `dirname $docdir` `dirname $rundir`" + test "`dirname $exampledir`" != "$docdir" && extradirs="$extradirs `dirname $exampledir`" + for dir in $sbindir $extradirs; do + while test "$dir" != "/"; do + parentdirs="${parentdirs}${parentdirs+ }$dir/" + dir=`dirname $dir` + done + done + parentdirs=`echo $parentdirs | tr " " "\n" | sort -u` + fi + +%depend [deb] + libc6, zlib1g, libssl1.1, sudo + +%fixup [deb] + echo "Homepage: https://www.sudo.ws" >> %{pp_wrkdir}/%{name}/DEBIAN/control + echo "Bugs: https://bugzilla.sudo.ws" >> %{pp_wrkdir}/%{name}/DEBIAN/control + +%fixup [rpm] + cat > %{pp_wrkdir}/${name}.spec.sed <<-'EOF' + /^%files/ { + i\ + %clean\ + :\ + + } + EOF + mv %{pp_wrkdir}/${name}.spec %{pp_wrkdir}/${name}.spec.bak + sed -f %{pp_wrkdir}/${name}.spec.sed %{pp_wrkdir}/${name}.spec.bak > %{pp_wrkdir}/${name}.spec + +%files + /** ignore +%if X"$parentdirs" != X"" + $parentdirs - ignore-others +%endif + $sbindir/sudo_logsrvd 0755 ignore-others + $mandir/man*/*logsrv* 0644 ignore-others + $rundir/ 0711 root: ignore-others + $docdir/ 0755 ignore-others + $exampledir/ 0755 ignore-others + $exampledir/*logsrv* 0644 ignore-others +%if [rpm,deb] + $sysconfdir/sudo_logsrvd.conf 0644 root: volatile,ignore-others +%endif +%if X"$aix_freeware" = X"true" + # Links for binaries from /opt/freeware to /usr + /usr/sbin/sudo_logsrvd 0755 root: symlink,ignore-others $sbindir/logsrvd +%endif + +%post [!rpm,deb] + # Don't overwrite existing sudo_logsrvd.conf files +%if [solaris] + sysconfdir=${PKG_INSTALL_ROOT}%{sysconfdir} + exampledir=${PKG_INSTALL_ROOT}%{exampledir} +%else + sysconfdir=%{sysconfdir} + exampledir=%{exampledir} +%endif + if test ! -r $sysconfdir/sudo_logsrvd.conf; then + cp $exampledir/sudo_logsrvd.conf $sysconfdir/sudo_logsrvd.conf + chmod 644 $sysconfdir/sudo_logsrvd.conf + chown root $sysconfdir/sudo_logsrvd.conf + fi + +%service sudo_logsrvd +%if [aix,macos] + cmd="${sbindir}/sudo_logsrvd -n" +%else + cmd=${sbindir}/sudo_logsrvd + pidfile=${rundir}/sudo_logsrvd.pid +%endif +%if [macos] + pp_macos_service_id=ws.sudo.sudo_logsrvd +%endif +%if [rpm,deb] + # Only include systemd support if it exists on the build machine. + # This assumes that we are building on the same distro that the + # package will be installed on (which is the case for sudo). + if test -d /etc/systemd; then + for d in `pkg-config systemd --variable=systemdsystemunitdir 2>/dev/null` /lib/systemd/system /usr/lib/systemd/system; do + if test -d "$d"; then + break + fi + done + pp_systemd_service_description="Sudo central log server" + pp_systemd_service_dir="$d" + pp_systemd_service_exec="${cmd}" + pp_systemd_service_exec_args="-n" + pp_systemd_service_man="man:sudo_logsrvd(8) man:sudo_logsrvd.conf(5)" + pp_systemd_service_documentation="https://www.sudo.ws/man.html" + pp_systemd_service_after="syslog.target network.target auditd.service" + pp_systemd_service_killmode="process" + pp_systemd_service_type="exec" + pp_systemd_system_target="multi-user.target" + else + # No systemd support + pp_systemd_disabled=true + fi +%endif diff -Nru sudo-1.8.31/etc/sudo.pp sudo-1.9.0/etc/sudo.pp --- sudo-1.8.31/etc/sudo.pp 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/etc/sudo.pp 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,590 @@ +%set + if test -n "$flavor"; then + name="sudo-$flavor" + else + name="sudo" + fi + summary="Provide limited super-user privileges to specific users" + description="Sudo is a program designed to allow a sysadmin to give \ +limited root privileges to users and log root activity. \ +The basic philosophy is to give as few privileges as possible but \ +still allow people to get their work done." + vendor="Todd C. Miller" + copyright="(c) 1993-1996,1998-2020 Todd C. Miller" + sudoedit_man=`echo ${pp_destdir}$mandir/*/sudoedit.*|sed "s:^${pp_destdir}::"` + sudoedit_man_target=`basename $sudoedit_man | sed 's/edit//'` + +%if [aix] + # AIX package summary is limited to 40 characters + summary="Configurable super-user privileges" + + # Convert to 4 part version for AIX, including patch level + pp_aix_version=`echo $version|sed -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)p\([0-9]*\)$/\1.\2/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)[^0-9\.].*$/\1/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)$/\1.0/'` + + # Don't allow sudo to prompt for a password + pp_aix_sudo="sudo -n" +%endif + +%if [sd] + pp_sd_vendor_tag="TCM" +%endif + +%if [solaris] + pp_solaris_name="TCM${name}" + pp_solaris_pstamp=`/usr/bin/date "+%B %d, %Y"` +%endif + +%if [macos] + # System Integrity Protection on macOS won't allow us to write + # directly to /etc or /var. We must install in /private instead. + case "$sudoersdir" in + /etc|/etc/*) + mkdir -p ${pp_destdir}/private + chmod 755 ${pp_destdir}/private + if test -d ${pp_destdir}/etc; then + mv ${pp_destdir}/etc ${pp_destdir}/private/etc + fi + sudoersdir="/private${sudoersdir}" + ;; + esac + case "$sysconfdir" in + /etc|/etc/*) + mkdir -p ${pp_destdir}/private + chmod 755 ${pp_destdir}/private + if test -d ${pp_destdir}/etc; then + mv ${pp_destdir}/etc ${pp_destdir}/private/etc + fi + sysconfdir="/private${sysconfdir}" + ;; + esac + case "$vardir" in + /var|/var/*) + mkdir -p ${pp_destdir}/private + chmod 755 ${pp_destdir}/private + if test -d ${pp_destdir}/var; then + mv ${pp_destdir}/var ${pp_destdir}/private/var + fi + vardir="/private${vardir}" + ;; + esac + case "$rundir" in + /var|/var/*) + mkdir -p ${pp_destdir}/private + chmod 755 ${pp_destdir}/private + if test -d ${pp_destdir}/var; then + mv ${pp_destdir}/var ${pp_destdir}/private/var + fi + rundir="/private${rundir}" + ;; + esac +%endif + +%if [rpm,deb] + # Convert patch level into release and remove from version + pp_rpm_release="`expr \( $version : '.*p\([0-9][0-9]*\)$' \| 0 \) + 1`" + pp_rpm_version="`expr \( $version : '\(.*\)p[0-9][0-9]*$' \| $version \)`" + pp_rpm_license="BSD" + pp_rpm_url="https://www.sudo.ws" + pp_rpm_group="Applications/System" + pp_rpm_packager="Todd C. Miller " + if test -n "$linux_audit"; then + pp_rpm_requires="audit-libs >= $linux_audit" + fi + # The package manager will handle an existing sudoers file + rm -f ${pp_destdir}$sudoersdir/sudoers.dist +%else + # For all but RPM and Debian we copy sudoers in a post-install script. + rm -f ${pp_destdir}$sudoersdir/sudoers + # We install sudo.conf from the example dir in a post-install script. + rm -f ${pp_destdir}$sysconfdir/sudo.conf +%endif + + # Stash original docdir and exampledir + odocdir="${docdir}" + oexampledir="${exampledir}" + + # For RedHat the doc dir is expected to include version and release + case "$pp_rpm_distro" in + centos*|rhel*|f[0-9]*) + docdir="${docdir}-${pp_rpm_version}-${pp_rpm_release}" + exampledir="${docdir}/examples" + ;; + esac + + if test -n "$flavor"; then + # docdir and exampledir are installed with "sudo" as the package + # name which is not be correct for flavors. + docdir="`echo \"${docdir}\" | sed \"s#/sudo#/${name}#g\"`" + exampledir="`echo \"${exampledir}\" | sed \"s#/sudo#/${name}#g\"`" + fi + + # Copy docdir and exampledir to new names if needed + if test ! -d "${pp_destdir}${docdir}"; then + cp -R ${pp_destdir}${odocdir} ${pp_destdir}${docdir} + find ${pp_destdir}${docdir} -depth | sed "s#^${pp_destdir}##" >> ${pp_wrkdir}/pp_cleanup + fi + if test ! -d "${pp_destdir}${exampledir}"; then + cp -R ${pp_destdir}${oexampledir} ${pp_destdir}${exampledir} + find ${pp_destdir}${exampledir} -depth | sed "s#^${pp_destdir}##" >> ${pp_wrkdir}/pp_cleanup + fi + +%if [deb] + pp_deb_maintainer="$pp_rpm_packager" + pp_deb_release="$pp_rpm_release" + pp_deb_version="$pp_rpm_version" + pp_deb_section=admin + install -D -m 644 ${pp_destdir}$docdir/LICENSE ${pp_wrkdir}/${name}/usr/share/doc/${name}/copyright + install -D -m 644 ${pp_destdir}$docdir/ChangeLog ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog + gzip -9f ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog + printf "$name ($pp_deb_version-$pp_deb_release) admin; urgency=low\n\n * see upstream changelog\n\n -- $pp_deb_maintainer `date '+%a, %d %b %Y %T %z'`\n" > ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian + chmod 644 ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian + gzip -9f ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian + # Create lintian override file + mkdir -p ${pp_wrkdir}/${name}/usr/share/lintian/overrides + cat >${pp_wrkdir}/${name}/usr/share/lintian/overrides/${name} <<-EOF + # The sudo binary must be setuid root + $name: setuid-binary usr/bin/sudo 4755 root/root + # Sudo configuration and data dirs must not be world-readable + $name: non-standard-file-perm etc/sudoers 0440 != 0644 + $name: non-standard-dir-perm etc/sudoers.d/ 0750 != 0755 + $name: non-standard-dir-perm var/lib/sudo/ 0700 != 0755 + # Sudo ships with debugging symbols + $name: unstripped-binary-or-object + EOF + chmod 644 ${pp_wrkdir}/${name}/usr/share/lintian/overrides/${name} +%endif + +%if [rpm] + # Add distro info to release + osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,2\}\).*/\1/'` + case "$pp_rpm_distro" in + centos*|rhel*|f[0-9]*) + pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}" + ;; + sles*) + pp_rpm_release="$pp_rpm_release.sles$osrelease" + ;; + esac + + # Uncomment some Defaults in sudoers + # Note that the order must match that of sudoers. + case "$pp_rpm_distro" in + centos*|rhel*|f[0-9]*) + chmod u+w ${pp_destdir}${sudoersdir}/sudoers + /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF' + /Locale settings/+1,s/^# // + /Desktop path settings/+1,s/^# // + /allow members of group wheel to execute any command/+1,s/^# // + w + q + EOF + chmod u-w ${pp_destdir}${sudoersdir}/sudoers + ;; + sles*) + chmod u+w ${pp_destdir}${sudoersdir}/sudoers + /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF' + /Locale settings/+1,s/^# // + /ConsoleKit session/+1,s/^# // + /allow any user to run sudo if they know the password/+2,s/^# // + /allow any user to run sudo if they know the password/+3,s/^# // + w + q + EOF + chmod u-w ${pp_destdir}${sudoersdir}/sudoers + ;; + esac + + # Choose the correct PAM file by distro, must be tab indented for "<<-" + case "$pp_rpm_distro" in + centos*|rhel*) + mkdir -p ${pp_destdir}/etc/pam.d + if test $osrelease -lt 50; then + cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF + #%PAM-1.0 + auth required pam_stack.so service=system-auth + account required pam_stack.so service=system-auth + password required pam_stack.so service=system-auth + session required pam_limits.so + EOF + else + cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF + #%PAM-1.0 + auth include system-auth + account include system-auth + password include system-auth + session optional pam_keyinit.so revoke + session required pam_limits.so + EOF + cat > ${pp_destdir}/etc/pam.d/sudo-i <<-EOF + #%PAM-1.0 + auth include sudo + account include sudo + password include sudo + session optional pam_keyinit.so force revoke + session required pam_limits.so + EOF + fi + ;; + f[0-9]*) + # XXX - share with rhel + mkdir -p ${pp_destdir}/etc/pam.d + cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF + #%PAM-1.0 + auth include system-auth + account include system-auth + password include system-auth + session optional pam_keyinit.so revoke + session required pam_limits.so + EOF + cat > ${pp_destdir}/etc/pam.d/sudo-i <<-EOF + #%PAM-1.0 + auth include sudo + account include sudo + password include sudo + session optional pam_keyinit.so force revoke + session required pam_limits.so + EOF + ;; + sles*) + mkdir -p ${pp_destdir}/etc/pam.d + if test $osrelease -lt 10; then + cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF + #%PAM-1.0 + auth required pam_unix2.so + session required pam_limits.so + EOF + else + cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF + #%PAM-1.0 + auth include common-auth + account include common-account + password include common-password + session include common-session + # session optional pam_xauth.so + EOF + fi + ;; + esac +%endif + +%if [deb] + # Uncomment some Defaults and the %sudo rule in sudoers + # Note that the order must match that of sudoers and be tab-indented. + chmod u+w ${pp_destdir}${sudoersdir}/sudoers + /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF' + /Locale settings/+1,s/^# // + /X11 resource/+1,s/^# // + /^# \%sudo/,s/^# // + /^# Defaults secure_path/,s/^# // + /^# Defaults mail_badpass/,s/^# // + w + q + EOF + chmod u-w ${pp_destdir}${sudoersdir}/sudoers + mkdir -p ${pp_destdir}/etc/pam.d + cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF + #%PAM-1.0 + + @include common-auth + @include common-account + + session required pam_permit.so + session required pam_limits.so + EOF +%endif + +%if [macos] + pp_macos_pkg_type=flat + pp_macos_bundle_id=ws.sudo.pkg.sudo + pp_macos_pkg_license=${pp_destdir}$docdir/LICENSE + pp_macos_pkg_readme=${pp_wrkdir}/ReadMe.txt + perl -pe 'last if (/^What/i && $seen++)' ${pp_destdir}$docdir/NEWS > ${pp_wrkdir}/ReadMe.txt +%endif + +%if X"$aix_freeware" = X"true" + # Create links from /opt/freeware/{bin,sbin} -> /usr/{bin,sbin} + mkdir -p ${pp_destdir}/usr/bin ${pp_destdir}/usr/sbin + ln -s -f ${bindir}/cvtsudoers ${pp_destdir}/usr/bin + ln -s -f ${bindir}/sudo ${pp_destdir}/usr/bin + ln -s -f ${bindir}/sudoedit ${pp_destdir}/usr/bin + ln -s -f ${bindir}/sudoreplay ${pp_destdir}/usr/bin + ln -s -f ${sbindir}/sudo_sendlog ${pp_destdir}/usr/sbin + ln -s -f ${sbindir}/visudo ${pp_destdir}/usr/sbin +%endif + + # Package parent directories when not installing under /usr + if test "${prefix}" != "/usr"; then + extradirs=`echo ${pp_destdir}${mandir}/[mc]* | sed "s#${pp_destdir}##g"` + extradirs="$extradirs `dirname $docdir` `dirname $rundir` `dirname $vardir`" + test "`dirname $exampledir`" != "$docdir" && extradirs="$extradirs `dirname $exampledir`" + test -d ${pp_destdir}${localedir} && extradirs="$extradirs $localedir" + for dir in $bindir $sbindir $libexecdir $includedir $extradirs; do + while test "$dir" != "/"; do + parentdirs="${parentdirs}${parentdirs+ }$dir/" + dir=`dirname $dir` + done + done + parentdirs=`echo $parentdirs | tr " " "\n" | sort -u` + fi + +%depend [deb] + libc6, libpam0g, libpam-modules, zlib1g, libselinux1, libssl1.1 + +%fixup [deb] + # Add Conflicts, Replaces headers and add libldap dependency as needed. + DEPENDS="%{linux_audit}" + if test -z "%{flavor}"; then + echo "Conflicts: sudo-ldap" >> %{pp_wrkdir}/%{name}/DEBIAN/control + echo "Replaces: sudo-ldap" >> %{pp_wrkdir}/%{name}/DEBIAN/control + elif test "%{flavor}" = "ldap"; then + echo "Conflicts: sudo" >> %{pp_wrkdir}/%{name}/DEBIAN/control + echo "Replaces: sudo" >> %{pp_wrkdir}/%{name}/DEBIAN/control + echo "Provides: sudo" >> %{pp_wrkdir}/%{name}/DEBIAN/control + DEPENDS="${DEPENDS}${DEPENDS:+, }libldap-2.4-2" + fi + cp -p %{pp_wrkdir}/%{name}/DEBIAN/control %{pp_wrkdir}/%{name}/DEBIAN/control.$$ + if test -n "${DEPENDS}"; then + sed "s/^\(Depends:.*\) *$/\1, ${DEPENDS}/" %{pp_wrkdir}/%{name}/DEBIAN/control.$$ > %{pp_wrkdir}/%{name}/DEBIAN/control + fi + rm -f %{pp_wrkdir}/%{name}/DEBIAN/control.$$ + echo "Homepage: https://www.sudo.ws" >> %{pp_wrkdir}/%{name}/DEBIAN/control + echo "Bugs: https://bugzilla.sudo.ws" >> %{pp_wrkdir}/%{name}/DEBIAN/control + +%fixup [rpm] + cat > %{pp_wrkdir}/${name}.spec.sed <<-'EOF' + /^%files/ { + i\ + %clean\ + :\ + + } + EOF + mv %{pp_wrkdir}/${name}.spec %{pp_wrkdir}/${name}.spec.bak + sed -f %{pp_wrkdir}/${name}.spec.sed %{pp_wrkdir}/${name}.spec.bak > %{pp_wrkdir}/${name}.spec + +%files +%if X"$parentdirs" != X"" + $parentdirs - +%endif +%if X"$odocdir" != X"$docdir" + $odocdir/ ignore + $odocdir/** ignore +%endif +%if X"$oexampledir" != X"$exampledir" -a X"$exampledir" != X"$docdir/examples" + $oexampledir/ ignore + $oexampledir/** ignore +%endif + $bindir/cvtsudoers 0755 root: + $bindir/sudo 4755 root: + $bindir/sudoedit 0755 root: symlink sudo + $bindir/sudoreplay 0755 + $sbindir/sudo_sendlog 0755 + $sbindir/sudo_logsrvd optional,ignore + $sbindir/visudo 0755 + $includedir/sudo_plugin.h 0644 + $libexecdir/sudo/ 0755 + $libexecdir/sudo/sesh 0755 optional,ignore-others + $libexecdir/sudo/python* optional,ignore,ignore-others + $libexecdir/sudo/* $shlib_mode optional + $sudoersdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid + $rundir/ 0711 root: + $vardir/ 0711 root: ignore-others + $vardir/lectured/ 0700 root: + $docdir/ 0755 + $docdir/** 0644 +%if [deb] + $docdir/LICENSE ignore,ignore-others + $docdir/ChangeLog ignore,ignore-others +%endif +%if X"$exampledir" != X"$docdir/examples" + $exampledir/ 0755 ignore-others + $exampledir/* 0644 +%endif + $exampledir/sudo_logsrv* optional,ignore,ignore-others + $exampledir/*.py optional,ignore,ignore-others + $localedir/*/ - optional + $localedir/*/LC_MESSAGES/ - optional + $localedir/*/LC_MESSAGES/* 0644 optional + /etc/pam.d/* 0644 volatile,optional +%if [rpm,deb] + $sudoersdir/sudoers $sudoers_mode $sudoers_uid:$sudoers_gid volatile + $sysconfdir/sudo.conf 0644 root: volatile +%else + $sudoersdir/sudoers.dist $sudoers_mode $sudoers_uid:$sudoers_gid +%endif +%if X"$aix_freeware" = X"true" + # Links for binaries from /opt/freeware to /usr + /usr/bin/cvtsudoers 0755 root: symlink $bindir/cvtsudoers + /usr/bin/sudo 0755 root: symlink $bindir/sudo + /usr/bin/sudoedit 0755 root: symlink $bindir/sudoedit + /usr/bin/sudoreplay 0755 root: symlink $bindir/sudoreplay + /usr/sbin/sudo_sendlog 0755 root: symlink $sbindir/sendlog + /usr/sbin/visudo 0755 root: symlink $sbindir/visudo +%endif +%if [rpm] + /etc/rc.d/init.d/sudo 0755 root: optional +%endif +%if [aix] + /etc/rc.d/ ignore + /etc/rc.d/rc2.d/ ignore + /etc/rc.d/rc2.d/** ignore + /etc/rc.d/init.d/ ignore + /etc/rc.d/init.d/sudo 0755 root: +%endif +%if [sd] + /sbin/ ignore + /sbin/rc2.d/ ignore + /sbin/rc2.d/** ignore + /sbin/init.d/ ignore + /sbin/init.d/sudo 0755 root: +%endif + $mandir/man*/* 0644 + $mandir/man*/sudo_logsrv* ignore,ignore-others + $mandir/man*/*python* ignore,ignore-others + $sudoedit_man 0644 symlink,ignore-others $sudoedit_man_target + +%pre [aix] + if rpm -q %{name} >/dev/null 2>&1; then + echo "Another version of sudo is currently installed via rpm." 2>&1 + echo "Please either uninstall the rpm version of sudo by running \"rpm -e sudo\"" 2>&1 + echo "or upgrade the existing version of sudo using the .rpm packagae instead" 2>&1 + echo "instead of the .bff package." 2>&1 + echo "" 2>&1 + echo "Note that you may need to pass rpm the --oldpackage flag when upgrading" 2>&1 + echo "the AIX Toolbox version of sudo to the latest sudo rpm from sudo.ws." 2>&1 + echo "" 2>&1 + exit 1 + fi + +%post [!rpm,deb] + # Don't overwrite existing sudoers or sudo.conf files +%if [solaris] + sudoersdir=${PKG_INSTALL_ROOT}%{sudoersdir} + sysconfdir=${PKG_INSTALL_ROOT}%{sysconfdir} + exampledir=${PKG_INSTALL_ROOT}%{exampledir} +%else + sudoersdir=%{sudoersdir} + sysconfdir=%{sysconfdir} + exampledir=%{exampledir} +%endif + if test ! -r $sudoersdir/sudoers; then + cp $sudoersdir/sudoers.dist $sudoersdir/sudoers + chmod %{sudoers_mode} $sudoersdir/sudoers + chown %{sudoers_uid} $sudoersdir/sudoers + chgrp %{sudoers_gid} $sudoersdir/sudoers + fi + if test ! -r $sysconfdir/sudo.conf; then + cp $exampledir/sudo.conf $sysconfdir/sudo.conf + chmod 644 $sysconfdir/sudo.conf + chown root $sysconfdir/sudo.conf + fi + +%post [deb] + set -e + + # dpkg-deb does not maintain the mode on the sudoers file, and + # installs it 0640 when sudo requires 0440 + chmod %{sudoers_mode} %{sudoersdir}/sudoers + + # create symlink to ease transition to new path for ldap config + # if old config file exists and new one doesn't + if test X"%{flavor}" = X"ldap" -a \ + -r /etc/ldap/ldap.conf -a ! -r /etc/sudo-ldap.conf; then + ln -s /etc/ldap/ldap.conf /etc/sudo-ldap.conf + fi + + # Debian uses a sudo group in its default sudoers file + perl -e ' + exit 0 if getgrnam("sudo"); + $gid = 27; # default debian sudo gid + setgrent(); + while (getgrgid($gid)) { $gid++; } + if ($gid != 27) { + print "On Debian we normally use gid 27 for \"sudo\".\n"; + $gname = getgrgid(27); + print "However, on your system gid 27 is group \"$gname\".\n\n"; + print "Would you like me to stop configuring sudo so that you can change this? [n] "; + $ans = ; + if ($ans =~ /^[yY]/) { + print "\"dpkg --pending --configure\" will restart the configuration.\n\n"; + exit 1; + } + } + print "Creating group \"sudo\" with gid = $gid\n"; + system("groupadd -g $gid sudo"); + exit 0; + ' + +%post [rpm] + case "%{pp_rpm_distro}" in + aix*) + # Create /etc/rc.d/rc2.d/S90sudo link if possible + if [ -d /etc/rc.d/rc2.d ]; then + rm -f /etc/rc.d/rc2.d/S90sudo + ln -s /etc/rc.d/init.d/sudo /etc/rc.d/rc2.d/S90sudo + fi + ;; + esac + +%post [rpm,deb] + # Create /usr/lib/tmpfiles.d/sudo.conf if systemd is configured. + if [ -f /usr/lib/tmpfiles.d/systemd.conf ]; then + cat > /usr/lib/tmpfiles.d/sudo.conf <<-EOF + # Create an empty sudo time stamp directory on OSes using systemd. + # Sudo will create the directory itself but this can cause problems + # on systems that have SELinux enabled since the directories will be + # created with the user's security context. + d %{rundir} 0711 root root + D %{rundir}/ts 0700 root root + EOF + fi + +%post [aix] + # Create /etc/rc.d/rc2.d/S90sudo link if /etc/rc.d exists + if [ -d /etc/rc.d ]; then + rm -f /etc/rc.d/rc2.d/S90sudo + ln -s /etc/rc.d/init.d/sudo /etc/rc.d/rc2.d/S90sudo + fi + +%post [sd] + # Create /sbin/rc2.d/S900sudo link + rm -f /sbin/rc2.d/S900sudo + ln -s /sbin/init.d/sudo /sbin/rc2.d/S900sudo + +%preun + # Remove the time stamp dir and its contents + # We currently leave the lecture status files installed + rm -rf %{rundir}/ts +%if [deb] + set -e + + # Remove the /etc/ldap/ldap.conf -> /etc/sudo-ldap.conf symlink if + # it matches what we created in the postinstall script. + if test X"%{flavor}" = X"ldap" -a \ + X"`readlink /etc/sudo-ldap.conf 2>/dev/null`" = X"/etc/ldap/ldap.conf"; then + rm -f /etc/sudo-ldap.conf + fi + + # Remove systemd tmpfile config + rm -f /usr/lib/tmpfiles.d/sudo.conf +%endif +%if [rpm] + case "%{pp_rpm_distro}" in + aix*) + # Remove /etc/rc.d/rc2.d/S90sudo link + rm -f /etc/rc.d/rc2.d/S90sudo + ;; + *) + # Remove systemd tmpfile config + rm -f /usr/lib/tmpfiles.d/sudo.conf + ;; + esac +%endif +%if [aix] + # Remove /etc/rc.d/rc2.d/S90sudo link + rm -f /etc/rc.d/rc2.d/S90sudo +%endif +%if [sd] + # Remove /sbin/rc2.d/S900sudo link + rm -f /sbin/rc2.d/S900sudo +%endif diff -Nru sudo-1.8.31/etc/sudo-python.pp sudo-1.9.0/etc/sudo-python.pp --- sudo-1.8.31/etc/sudo-python.pp 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/etc/sudo-python.pp 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,149 @@ +%set + name="sudo-python" + summary="Sudo Python plugin framework" + description="The sudo Python plugin allows you to extend sudo using Python." + vendor="Todd C. Miller" + copyright="(c) 2019-2020 Todd C. Miller" + +%if [aix] + # Convert to 4 part version for AIX, including patch level + pp_aix_version=`echo $version|sed -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)p\([0-9]*\)$/\1.\2/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)[^0-9\.].*$/\1/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)$/\1.0/'` + + # Don't allow sudo to prompt for a password + pp_aix_sudo="sudo -n" +%endif + +%if [sd] + pp_sd_vendor_tag="TCM" +%endif + +%if [solaris] + pp_solaris_name="TCM${name}" + pp_solaris_pstamp=`/usr/bin/date "+%B %d, %Y"` +%endif + +%if [rpm,deb] + # Convert patch level into release and remove from version + pp_rpm_release="`expr \( $version : '.*p\([0-9][0-9]*\)$' \| 0 \) + 1`" + pp_rpm_version="`expr \( $version : '\(.*\)p[0-9][0-9]*$' \| $version \)`" + pp_rpm_license="BSD" + pp_rpm_url="https://www.sudo.ws" + pp_rpm_group="Applications/System" + pp_rpm_packager="Todd C. Miller " +%endif + + # Stash original docdir and exampledir + odocdir="${docdir}" + oexampledir="${exampledir}" + + # For RedHat the doc dir is expected to include version and release + case "$pp_rpm_distro" in + centos*|rhel*|f[0-9]*) + docdir="${docdir}-${pp_rpm_version}-${pp_rpm_release}" + exampledir="${docdir}/examples" + ;; + esac + + # docdir and exampledir are installed with "sudo" as the package + # name which may not be correct. + docdir="`echo \"${docdir}\" | sed \"s#/sudo#/${name}#g\"`" + exampledir="`echo \"${exampledir}\" | sed \"s#/sudo#/${name}#g\"`" + + # Copy docdir and exampledir to new names if needed + if test ! -d "${pp_destdir}${docdir}"; then + cp -R ${pp_destdir}${odocdir} ${pp_destdir}${docdir} + find ${pp_destdir}${docdir} -depth | sed "s#^${pp_destdir}##" >> ${pp_wrkdir}/pp_cleanup + fi + if test ! -d "${pp_destdir}${exampledir}"; then + cp -R ${pp_destdir}${oexampledir} ${pp_destdir}${exampledir} + find ${pp_destdir}${exampledir} -depth | sed "s#^${pp_destdir}##" >> ${pp_wrkdir}/pp_cleanup + fi + +%if [deb] + pp_deb_maintainer="$pp_rpm_packager" + pp_deb_release="$pp_rpm_release" + pp_deb_version="$pp_rpm_version" + pp_deb_section=admin + install -D -m 644 ${pp_destdir}$docdir/LICENSE ${pp_wrkdir}/${name}/usr/share/doc/${name}/copyright + install -D -m 644 ${pp_destdir}$docdir/ChangeLog ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog + gzip -9f ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog + printf "$name ($pp_deb_version-$pp_deb_release) admin; urgency=low\n\n * see upstream changelog\n\n -- $pp_deb_maintainer `date '+%a, %d %b %Y %T %z'`\n" > ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian + chmod 644 ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian + gzip -9f ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian + # Create lintian override file + mkdir -p ${pp_wrkdir}/${name}/usr/share/lintian/overrides + cat >${pp_wrkdir}/${name}/usr/share/lintian/overrides/${name} <<-EOF + # Sudo ships with debugging symbols + $name: unstripped-binary-or-object + EOF + chmod 644 ${pp_wrkdir}/${name}/usr/share/lintian/overrides/${name} +%endif + +%if [rpm] + # Add distro info to release + osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,2\}\).*/\1/'` + case "$pp_rpm_distro" in + centos*|rhel*|f[0-9]*) + pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}" + ;; + sles*) + pp_rpm_release="$pp_rpm_release.sles$osrelease" + ;; + esac +%endif + +%if [macos] + pp_macos_pkg_type=flat + pp_macos_bundle_id=ws.sudo.pkg.sudo + pp_macos_pkg_license=${pp_destdir}$docdir/LICENSE + pp_macos_pkg_readme=${pp_wrkdir}/ReadMe.txt + perl -pe 'last if (/^What/i && $seen++)' ${pp_destdir}$docdir/NEWS > ${pp_wrkdir}/ReadMe.txt +%endif + + # Package parent directories when not installing under /usr + if test "${prefix}" != "/usr"; then + extradirs=`echo ${pp_destdir}${mandir}/[mc]* | sed "s#${pp_destdir}##g"` + extradirs="$extradirs `dirname $docdir`" + test "`dirname $exampledir`" != "$docdir" && extradirs="$extradirs `dirname $exampledir`" + for dir in $libexecdir $extradirs; do + while test "$dir" != "/"; do + parentdirs="${parentdirs}${parentdirs+ }$dir/" + dir=`dirname $dir` + done + done + parentdirs=`echo $parentdirs | tr " " "\n" | sort -u` + fi + +%depend [deb] + libc6, libpython@PYTHON_VERSION@, sudo + +%fixup [deb] + cp -p %{pp_wrkdir}/%{name}/DEBIAN/control %{pp_wrkdir}/%{name}/DEBIAN/control.$$ + sed "s/@PYTHON_VERSION@/%{python_version}/g" %{pp_wrkdir}/%{name}/DEBIAN/control.$$ > %{pp_wrkdir}/%{name}/DEBIAN/control + rm -f %{pp_wrkdir}/%{name}/DEBIAN/control.$$ + echo "Homepage: https://www.sudo.ws" >> %{pp_wrkdir}/%{name}/DEBIAN/control + echo "Bugs: https://bugzilla.sudo.ws" >> %{pp_wrkdir}/%{name}/DEBIAN/control + +%fixup [rpm] + cat > %{pp_wrkdir}/${name}.spec.sed <<-'EOF' + /^%files/ { + i\ + %clean\ + :\ + + } + EOF + mv %{pp_wrkdir}/${name}.spec %{pp_wrkdir}/${name}.spec.bak + sed -f %{pp_wrkdir}/${name}.spec.sed %{pp_wrkdir}/${name}.spec.bak > %{pp_wrkdir}/${name}.spec + +%files + /** ignore +%if X"$parentdirs" != X"" + $parentdirs - ignore-others +%endif + $libexecdir/sudo/ 0755 ignore-others + $libexecdir/sudo/python* $shlib_mode ignore-others + $docdir/ 0755 ignore-others + $exampledir/ 0755 ignore-others + $exampledir/*.py 0644 ignore-others + $mandir/man*/*python* 0644 ignore-others diff -Nru sudo-1.8.31/examples/Makefile.in sudo-1.9.0/examples/Makefile.in --- sudo-1.8.31/examples/Makefile.in 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/examples/Makefile.in 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ # # SPDX-License-Identifier: ISC # -# Copyright (c) 2014, 2017-2018 Todd C. Miller +# Copyright (c) 2014, 2017-2020 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -21,10 +21,14 @@ #### Start of system configuration section. #### srcdir = @srcdir@ -docdir = @docdir@ -exampledir = @exampledir@ -top_builddir = @top_builddir@ +abs_srcdir = @abs_srcdir@ top_srcdir = @top_srcdir@ +abs_top_srcdir = @abs_top_srcdir@ +top_builddir = @top_builddir@ +abs_top_builddir = @abs_top_builddir@ +exampledir = @exampledir@ +docdir = @docdir@ +scriptdir = $(top_srcdir)/scripts # Our install program supports extra flags... INSTALL = $(SHELL) $(top_srcdir)/install-sh -c @@ -48,8 +52,10 @@ SHELL = @SHELL@ -EXAMPLES = $(srcdir)/pam.conf $(srcdir)/sudo.conf $(srcdir)/sudoers \ - $(srcdir)/syslog.conf +LOGSRVD_CONF = @LOGSRVD_CONF@ + +EXAMPLES = $(srcdir)/pam.conf sudo.conf $(LOGSRVD_CONF) \ + $(srcdir)/sudoers $(srcdir)/syslog.conf VERSION = @PACKAGE_VERSION@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ @@ -61,12 +67,15 @@ Makefile: $(srcdir)/Makefile.in cd $(top_builddir) && ./config.status --file examples/Makefile +sudo.conf: $(srcdir)/sudo.conf.in + cd $(top_builddir) && ./config.status --file examples/sudo.conf + pre-install: install: install-doc install-dirs: - $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(exampledir) + $(SHELL) $(scriptdir)/mkinstalldirs $(DESTDIR)$(exampledir) install-binaries: @@ -74,6 +83,11 @@ install-doc: install-dirs for f in $(EXAMPLES); do $(INSTALL) $(INSTALL_OWNER) -m 0644 $$f $(DESTDIR)$(exampledir); done + test -r $(DESTDIR)$(sysconfdir)/sudo.conf || \ + $(INSTALL) $(INSTALL_OWNER) -m 0644 sudo.conf $(DESTDIR)$(sysconfdir) + if test -n "$(LOGSRVD_CONF)" -a ! -r $(DESTDIR)$(sysconfdir)/sudo_logsrvd.conf; then \ + $(INSTALL) $(INSTALL_OWNER) -m 0644 $(LOGSRVD_CONF) $(DESTDIR)$(sysconfdir); \ + fi install-plugin: diff -Nru sudo-1.8.31/examples/sudo.conf sudo-1.9.0/examples/sudo.conf --- sudo-1.8.31/examples/sudo.conf 2020-01-29 17:59:26.000000000 +0000 +++ sudo-1.9.0/examples/sudo.conf 1970-01-01 00:00:00.000000000 +0000 @@ -1,72 +0,0 @@ -# -# Sample /etc/sudo.conf file -# -# Format: -# Plugin plugin_name plugin_path plugin_options ... -# Path askpass /path/to/askpass -# Path noexec /path/to/sudo_noexec.so -# Debug sudo /var/log/sudo_debug all@warn -# Set disable_coredump true -# -# Sudo plugins: -# -# The plugin_path is relative to ${prefix}/libexec unless fully qualified. -# The plugin_name corresponds to a global symbol in the plugin -# that contains the plugin interface structure. -# The plugin_options are optional. -# -# The sudoers plugin is used by default if no Plugin lines are present. -Plugin sudoers_policy sudoers.so -Plugin sudoers_io sudoers.so - -# -# Sudo askpass: -# -# An askpass helper program may be specified to provide a graphical -# password prompt for "sudo -A" support. Sudo does not ship with its -# own askpass program but can use the OpenSSH askpass. -# -# Use the OpenSSH askpass -#Path askpass /usr/X11R6/bin/ssh-askpass -# -# Use the Gnome OpenSSH askpass -#Path askpass /usr/libexec/openssh/gnome-ssh-askpass - -# -# Sudo noexec: -# -# Path to a shared library containing dummy versions of the execv(), -# execve() and fexecve() library functions that just return an error. -# This is used to implement the "noexec" functionality on systems that -# support C or its equivalent. -# The compiled-in value is usually sufficient and should only be changed -# if you rename or move the sudo_noexec.so file. -# -#Path noexec /usr/libexec/sudo_noexec.so - -# -# Core dumps: -# -# By default, sudo disables core dumps while it is executing (they -# are re-enabled for the command that is run). -# To aid in debugging sudo problems, you may wish to enable core -# dumps by setting "disable_coredump" to false. -# -#Set disable_coredump false - -# -# User groups: -# -# Sudo passes the user's group list to the policy plugin. -# If the user is a member of the maximum number of groups (usually 16), -# sudo will query the group database directly to be sure to include -# the full list of groups. -# -# On some systems, this can be expensive so the behavior is configurable. -# The "group_source" setting has three possible values: -# static - use the user's list of groups returned by the kernel. -# dynamic - query the group database to find the list of groups. -# adaptive - if user is in less than the maximum number of groups. -# use the kernel list, else query the group database. -# -#Set group_source static diff -Nru sudo-1.8.31/examples/sudo.conf.in sudo-1.9.0/examples/sudo.conf.in --- sudo-1.8.31/examples/sudo.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/examples/sudo.conf.in 2020-05-11 16:28:22.000000000 +0000 @@ -0,0 +1,123 @@ +# +# Default @sysconfdir@/sudo.conf file +# +# Sudo plugins: +# Plugin plugin_name plugin_path plugin_options ... +# +# The plugin_path is relative to @plugindir@ unless +# fully qualified. +# The plugin_name corresponds to a global symbol in the plugin +# that contains the plugin interface structure. +# The plugin_options are optional. +# +# The sudoers plugin is used by default if no Plugin lines are present. +Plugin sudoers_policy sudoers.so +Plugin sudoers_io sudoers.so + +# +# Sudo askpass: +# Path askpass /path/to/askpass +# +# An askpass helper program may be specified to provide a graphical +# password prompt for "sudo -A" support. Sudo does not ship with its +# own askpass program but can use the OpenSSH askpass. +# +# Use the OpenSSH askpass +#Path askpass /usr/X11R6/bin/ssh-askpass +# +# Use the Gnome OpenSSH askpass +#Path askpass /usr/libexec/openssh/gnome-ssh-askpass + +# +# Sudo device search path: +# Path devsearch /dev/path1:/dev/path2:/dev +# +# A colon-separated list of paths to check when searching for a user's +# terminal device. +# +#Path devsearch /dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev + +# +# Sudo noexec: +# Path noexec /path/to/sudo_noexec.so +# +# Path to a shared library containing dummy versions of the execv(), +# execve() and fexecve() library functions that just return an error. +# This is used to implement the "noexec" functionality on systems that +# support LD_PRELOAD or its equivalent. +# +# The compiled-in value is usually sufficient and should only be changed +# if you rename or move the sudo_noexec.so file. +# +#Path noexec @plugindir@/sudo_noexec.so + +# +# Sudo plugin directory: +# Path plugin_dir /path/to/plugins +# +# The default directory to use when searching for plugins that are +# specified without a fully qualified path name. +# +#Path plugin_dir @plugindir@ + +# +# Sudo developer mode: +# Set developer_mode true|false +# +# Allow loading of plugins that are owned by non-root or are writable +# by "group" or "other". Should only be used during plugin development. +#Set developer_mode true + +# +# Core dumps: +# Set disable_coredump true|false +# +# By default, sudo disables core dumps while it is executing (they +# are re-enabled for the command that is run). +# To aid in debugging sudo problems, you may wish to enable core +# dumps by setting "disable_coredump" to false. +# +#Set disable_coredump false + +# +# User groups: +# Set group_source static|dynamic|adaptive +# +# Sudo passes the user's group list to the policy plugin. +# If the user is a member of the maximum number of groups (usually 16), +# sudo will query the group database directly to be sure to include +# the full list of groups. +# +# On some systems, this can be expensive so the behavior is configurable. +# The "group_source" setting has three possible values: +# static - use the user's list of groups returned by the kernel. +# dynamic - query the group database to find the list of groups. +# adaptive - if user is in less than the maximum number of groups. +# use the kernel list, else query the group database. +# +#Set group_source static + +# +# Sudo interface probing: +# Set probe_interfaces true|false +# +# By default, sudo will probe the system's network interfaces and +# pass the IP address of each enabled interface to the policy plugin. +# On systems with a large number of virtual interfaces this may take +# a noticeable amount of time. +# +#Set probe_interfaces false + +# +# Sudo debug files: +# Debug program /path/to/debug_log subsystem@priority[,subsyste@priority] +# +# Sudo and related programs support logging debug information to a file. +# The program is typically sudo, sudoers.so, sudoreplay or visudo. +# +# Subsystems vary based on the program; "all" matches all subsystems. +# Priority may be crit, err, warn, notice, diag, info, trace or debug. +# Multiple subsystem@priority may be specified, separated by a comma. +# +#Debug sudo /var/log/sudo_debug all@debug +#Debug sudoers.so /var/log/sudoers_debug all@debug diff -Nru sudo-1.8.31/examples/sudo_logsrvd.conf sudo-1.9.0/examples/sudo_logsrvd.conf --- sudo-1.8.31/examples/sudo_logsrvd.conf 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/examples/sudo_logsrvd.conf 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,159 @@ +# +# sudo logsrv configuration +# + +[server] +# The host name or IP address and port to listen on with an optional TLS +# flag. If no port is specified, port 30343 will be used for plaintext +# connections and port 30344 will be used to TLS connections. +# The following forms are accepted: +# listen_address = hostname(tls) +# listen_address = hostname:port(tls) +# listen_address = IPv4_address(tls) +# listen_address = IPv4_address:port(tls) +# listen_address = [IPv6_address](tls) +# listen_address = [IPv6_address]:port(tls) +# +# The (tls) suffix should be omitted for plaintext connections. +# +# Multiple listen_address settings may be specified. +# The default is to listen on all addresses. +#listen_address = *:30343 +#listen_address = *:30344(tls) + +# The file containing the ID of the running sudo_logsrvd process. +#pid_file = /var/run/sudo/sudo_logsrvd.pid + +# If set, enable the SO_KEEPALIVE socket option on the connected socket. +#tcp_keepalive = true + +# The amount of time, in seconds, the server will wait for the client to +# respond. A value of 0 will disable the timeout. The default value is 30. +#timeout = 30 + +# If set, server certificate will be verified at server startup and +# also connecting clients will perform server authentication by +# verifying the server's certificate and identity. +#tls_verify = true + +# Whether to verify client certificates for TLS connections. +# By default client certs are not checked. +#tls_checkpeer = false + +# Path to the certificate authority bundle file in PEM format. +# Required if 'tls_verify' or 'tls_checkpeer' is set. +#tls_cacert = /etc/ssl/sudo/cacert.pem + +# Path to the server's certificate file in PEM format. +# Required for TLS connections. +#tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem + +# Path to the server's private key file in PEM format. +# Required for TLS connections. +#tls_key = /etc/ssl/sudo/private/logsrvd_key.pem + +# TLS cipher list (see "CIPHER LIST FORMAT" in the openssl-ciphers manual). +# NOTE that this setting is only effective if the negotiated protocol +# is TLS version 1.2. +# The default cipher list is HIGH:!aNULL. +#tls_ciphers_v12 = HIGH:!aNULL + +# TLS cipher list if the negotiated protocol is TLS version 1.3. +# The default cipher list is TLS_AES_256_GCM_SHA384. +#tls_ciphers_v13 = TLS_AES_256_GCM_SHA384 + +# Path to the Diffie-Hellman parameter file in PEM format. +# If not set, the server will use the OpenSSL defaults. +#tls_dhparams = /etc/ssl/sudo/logsrvd_dhparams.pem + +[iolog] +# The top-level directory to use when constructing the path name for the +# I/O log directory. The session sequence number, if any, is stored here. +#iolog_dir = /var/log/sudo-io + +# The path name, relative to iolog_dir, in which to store I/O logs. +# Note that iolog_file may contain directory components. +#iolog_file = %{seq} + +# If set, I/O logs will be compressed using zlib. Enabling compression can +# make it harder to view the logs in real-time as the program is executing. +#iolog_compress = false + +# If set, I/O log data is flushed to disk after each write instead of +# buffering it. This makes it possible to view the logs in real-time +# as the program is executing but reduces the effectiveness of compression. +#iolog_flush = true + +# The group to use when creating new I/O log files and directories. +# If iolog_group is not set, the primary group-ID of the user specified +# by iolog_user is used. If neither iolog_group nor iolog_user +# are set, I/O log files and directories are created with group-ID 0. +#iolog_group = wheel + +# The user to use when setting the user-ID and group-ID of new I/O +# log files and directories. If iolog_group is set, it will be used +# instead of the user's primary group-ID. By default, I/O log files +# and directories are created with user and group-ID 0. +#iolog_user = root + +# The file mode to use when creating I/O log files. The file permissions +# will always include the owner read and write bits, even if they are +# not present in the specified mode. When creating I/O log directories, +# search (execute) bits are added to match the read and write bits +# specified by iolog_mode. +#iolog_mode = 0600 + +# The maximum sequence number that will be substituted for the "%{seq}" +# escape in the I/O log file. While the value substituted for "%{seq}" +# is in base 36, maxseq itself should be expressed in decimal. Values +# larger than 2176782336 (which corresponds to the base 36 sequence +# number "ZZZZZZ") will be silently truncated to 2176782336. +#maxseq = 2176782336 + +[eventlog] +# Where to log accept, reject and alert events. +# Accepted values are syslog, logfile, or none. +# Defaults to syslog +#log_type = syslog + +# Event log format. +# Supported log formats are "sudo" and "json" +# Defaults to sudo +#log_format = sudo + +[syslog] +# The maximum length of a syslog payload. +# On many systems, syslog(3) has a relatively small log buffer. +# IETF RFC 5424 states that syslog servers must support messages +# of at least 480 bytes and should support messages up to 2048 bytes. +# Messages larger than this value will be split into multiple messages. +#maxlen = 960 + +# The syslog facility to use for event log messages. +# The following syslog facilities are supported: authpriv (if your OS +# supports it), auth, daemon, user, local0, local1, local2, local3, +# local4, local5, local6, and local7. +#facility = authpriv + +# Syslog priority to use for event log accept messages, when the command +# is allowed by the security policy. The following syslog priorities are +# supported: alert, crit, debug, emerg, err, info, notice, warning, none. +#accept_priority = notice + +# Syslog priority to use for event log reject messages, when the command +# is not allowed by the security policy. +#reject_priority = alert + +# Syslog priority to use for event log alert messages reported by the +# client. +#alert_priority = alert + +[logfile] +# The path to the file-based event log. +# This path must be fully-qualified and start with a '/' character. +#path = /var/log/sudo + +# The format string used when formatting the date and time for +# file-based event logs. Formatting is performed via strftime(3) so +# any format string supported by that function is allowed. +#time_format = %h %e %T diff -Nru sudo-1.8.31/include/compat/getaddrinfo.h sudo-1.9.0/include/compat/getaddrinfo.h --- sudo-1.8.31/include/compat/getaddrinfo.h 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/include/compat/getaddrinfo.h 2020-05-11 16:28:22.000000000 +0000 @@ -3,7 +3,7 @@ * * This is an implementation of the getaddrinfo family of functions for * systems that lack it, so that code can use getaddrinfo always. It provides - * IPv4 support only; for IPv6 support, a native getaddrinfo implemenation is + * IPv4 support only; for IPv6 support, a native getaddrinfo implementation is * required. * * The canonical version of this file is maintained in the rra-c-util package, diff -Nru sudo-1.8.31/include/compat/glob.h sudo-1.9.0/include/compat/glob.h --- sudo-1.8.31/include/compat/glob.h 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/include/compat/glob.h 2020-05-11 16:28:23.000000000 +0000 @@ -39,9 +39,9 @@ struct stat; typedef struct { - int gl_pathc; /* Count of total paths so far. */ - int gl_matchc; /* Count of paths matching pattern. */ - int gl_offs; /* Reserved at beginning of gl_pathv. */ + size_t gl_pathc; /* Count of total paths so far. */ + size_t gl_matchc; /* Count of paths matching pattern. */ + size_t gl_offs; /* Reserved at beginning of gl_pathv. */ int gl_flags; /* Copy of flags parameter to glob. */ char **gl_pathv; /* List of paths matching pattern. */ /* Copy of errfunc parameter to glob. */ diff -Nru sudo-1.8.31/include/hostcheck.h sudo-1.9.0/include/hostcheck.h --- sudo-1.8.31/include/hostcheck.h 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/include/hostcheck.h 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,37 @@ +/* + * Copyright (c) 2020 Laszlo Orban + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef SUDO_HOSTCHECK_H +#define SUDO_HOSTCHECK_H + +#if defined(HAVE_OPENSSL) + +# include + +typedef enum { + MatchFound, + MatchNotFound, + NoSANPresent, + MalformedCertificate, + Error +} HostnameValidationResult; + +HostnameValidationResult validate_hostname(const X509 *cert, + const char *hostname, const char *ipaddr, int resolve); + +#endif /* HAVE_OPENSSL */ + +#endif /* SUDO_HOSTCHECK_H */ diff -Nru sudo-1.8.31/include/log_server.pb-c.h sudo-1.9.0/include/log_server.pb-c.h --- sudo-1.8.31/include/log_server.pb-c.h 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/include/log_server.pb-c.h 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,781 @@ +/* Generated by the protocol buffer compiler. DO NOT EDIT! */ +/* Generated from: log_server.proto */ + +#ifndef PROTOBUF_C_log_5fserver_2eproto__INCLUDED +#define PROTOBUF_C_log_5fserver_2eproto__INCLUDED + +#include + +PROTOBUF_C__BEGIN_DECLS + +#if PROTOBUF_C_VERSION_NUMBER < 1003000 +# error This file was generated by a newer version of protoc-c which is incompatible with your libprotobuf-c headers. Please update your headers. +#elif 1003002 < PROTOBUF_C_MIN_COMPILER_VERSION +# error This file was generated by an older version of protoc-c which is incompatible with your libprotobuf-c headers. Please regenerate this file with a newer version of protoc-c. +#endif + + +typedef struct _ClientMessage ClientMessage; +typedef struct _TimeSpec TimeSpec; +typedef struct _IoBuffer IoBuffer; +typedef struct _InfoMessage InfoMessage; +typedef struct _InfoMessage__StringList InfoMessage__StringList; +typedef struct _InfoMessage__NumberList InfoMessage__NumberList; +typedef struct _AcceptMessage AcceptMessage; +typedef struct _RejectMessage RejectMessage; +typedef struct _ExitMessage ExitMessage; +typedef struct _AlertMessage AlertMessage; +typedef struct _RestartMessage RestartMessage; +typedef struct _ChangeWindowSize ChangeWindowSize; +typedef struct _CommandSuspend CommandSuspend; +typedef struct _ClientHello ClientHello; +typedef struct _ServerMessage ServerMessage; +typedef struct _ServerHello ServerHello; + + +/* --- enums --- */ + + +/* --- messages --- */ + +typedef enum { + CLIENT_MESSAGE__TYPE__NOT_SET = 0, + CLIENT_MESSAGE__TYPE_ACCEPT_MSG = 1, + CLIENT_MESSAGE__TYPE_REJECT_MSG = 2, + CLIENT_MESSAGE__TYPE_EXIT_MSG = 3, + CLIENT_MESSAGE__TYPE_RESTART_MSG = 4, + CLIENT_MESSAGE__TYPE_ALERT_MSG = 5, + CLIENT_MESSAGE__TYPE_TTYIN_BUF = 6, + CLIENT_MESSAGE__TYPE_TTYOUT_BUF = 7, + CLIENT_MESSAGE__TYPE_STDIN_BUF = 8, + CLIENT_MESSAGE__TYPE_STDOUT_BUF = 9, + CLIENT_MESSAGE__TYPE_STDERR_BUF = 10, + CLIENT_MESSAGE__TYPE_WINSIZE_EVENT = 11, + CLIENT_MESSAGE__TYPE_SUSPEND_EVENT = 12, + CLIENT_MESSAGE__TYPE_HELLO_MSG = 13 + PROTOBUF_C__FORCE_ENUM_TO_BE_INT_SIZE(CLIENT_MESSAGE__TYPE) +} ClientMessage__TypeCase; + +/* + * Client message to the server. Messages on the wire are + * prefixed with a 32-bit size in network byte order. + */ +struct _ClientMessage +{ + ProtobufCMessage base; + ClientMessage__TypeCase type_case; + union { + AcceptMessage *accept_msg; + RejectMessage *reject_msg; + ExitMessage *exit_msg; + RestartMessage *restart_msg; + AlertMessage *alert_msg; + IoBuffer *ttyin_buf; + IoBuffer *ttyout_buf; + IoBuffer *stdin_buf; + IoBuffer *stdout_buf; + IoBuffer *stderr_buf; + ChangeWindowSize *winsize_event; + CommandSuspend *suspend_event; + ClientHello *hello_msg; + }; +}; +#define CLIENT_MESSAGE__INIT \ + { PROTOBUF_C_MESSAGE_INIT (&client_message__descriptor) \ + , CLIENT_MESSAGE__TYPE__NOT_SET, {0} } + + +/* + * Equivalent of POSIX struct timespec + */ +struct _TimeSpec +{ + ProtobufCMessage base; + /* + * seconds + */ + int64_t tv_sec; + /* + * nanoseconds + */ + int32_t tv_nsec; +}; +#define TIME_SPEC__INIT \ + { PROTOBUF_C_MESSAGE_INIT (&time_spec__descriptor) \ + , 0, 0 } + + +/* + * I/O buffer with keystroke data + */ +struct _IoBuffer +{ + ProtobufCMessage base; + /* + * elapsed time since last record + */ + TimeSpec *delay; + /* + * keystroke data + */ + ProtobufCBinaryData data; +}; +#define IO_BUFFER__INIT \ + { PROTOBUF_C_MESSAGE_INIT (&io_buffer__descriptor) \ + , NULL, {0,NULL} } + + +struct _InfoMessage__StringList +{ + ProtobufCMessage base; + size_t n_strings; + char **strings; +}; +#define INFO_MESSAGE__STRING_LIST__INIT \ + { PROTOBUF_C_MESSAGE_INIT (&info_message__string_list__descriptor) \ + , 0,NULL } + + +struct _InfoMessage__NumberList +{ + ProtobufCMessage base; + size_t n_numbers; + int64_t *numbers; +}; +#define INFO_MESSAGE__NUMBER_LIST__INIT \ + { PROTOBUF_C_MESSAGE_INIT (&info_message__number_list__descriptor) \ + , 0,NULL } + + +typedef enum { + INFO_MESSAGE__VALUE__NOT_SET = 0, + INFO_MESSAGE__VALUE_NUMVAL = 2, + INFO_MESSAGE__VALUE_STRVAL = 3, + INFO_MESSAGE__VALUE_STRLISTVAL = 4, + INFO_MESSAGE__VALUE_NUMLISTVAL = 5 + PROTOBUF_C__FORCE_ENUM_TO_BE_INT_SIZE(INFO_MESSAGE__VALUE) +} InfoMessage__ValueCase; + +/* + * Key/value pairs, like Privilege Manager struct info. + * The value may be a number, a string, or a list of strings. + */ +struct _InfoMessage +{ + ProtobufCMessage base; + char *key; + InfoMessage__ValueCase value_case; + union { + int64_t numval; + char *strval; + InfoMessage__StringList *strlistval; + InfoMessage__NumberList *numlistval; + }; +}; +#define INFO_MESSAGE__INIT \ + { PROTOBUF_C_MESSAGE_INIT (&info_message__descriptor) \ + , (char *)protobuf_c_empty_string, INFO_MESSAGE__VALUE__NOT_SET, {0} } + + +/* + * Event log data for command accepted by the policy. + */ +struct _AcceptMessage +{ + ProtobufCMessage base; + /* + * when command was submitted + */ + TimeSpec *submit_time; + /* + * key,value event log data + */ + size_t n_info_msgs; + InfoMessage **info_msgs; + /* + * true if I/O logging enabled + */ + protobuf_c_boolean expect_iobufs; +}; +#define ACCEPT_MESSAGE__INIT \ + { PROTOBUF_C_MESSAGE_INIT (&accept_message__descriptor) \ + , NULL, 0,NULL, 0 } + + +/* + * Event log data for command rejected by the policy. + */ +struct _RejectMessage +{ + ProtobufCMessage base; + /* + * when command was submitted + */ + TimeSpec *submit_time; + /* + * reason command was rejected + */ + char *reason; + /* + * key,value event log data + */ + size_t n_info_msgs; + InfoMessage **info_msgs; +}; +#define REJECT_MESSAGE__INIT \ + { PROTOBUF_C_MESSAGE_INIT (&reject_message__descriptor) \ + , NULL, (char *)protobuf_c_empty_string, 0,NULL } + + +/* + * Might revisit runtime and use end_time instead + */ +struct _ExitMessage +{ + ProtobufCMessage base; + /* + * total elapsed run time + */ + TimeSpec *run_time; + /* + * 0-255 + */ + int32_t exit_value; + /* + * true if command dumped core + */ + protobuf_c_boolean dumped_core; + /* + * signal name if killed by signal + */ + char *signal; + /* + * if killed due to other error + */ + char *error; +}; +#define EXIT_MESSAGE__INIT \ + { PROTOBUF_C_MESSAGE_INIT (&exit_message__descriptor) \ + , NULL, 0, 0, (char *)protobuf_c_empty_string, (char *)protobuf_c_empty_string } + + +/* + * Alert message, policy module-specific. + */ +struct _AlertMessage +{ + ProtobufCMessage base; + /* + * time alert message occurred + */ + TimeSpec *alert_time; + /* + * description of policy violation + */ + char *reason; +}; +#define ALERT_MESSAGE__INIT \ + { PROTOBUF_C_MESSAGE_INIT (&alert_message__descriptor) \ + , NULL, (char *)protobuf_c_empty_string } + + +/* + * Used to restart an existing I/O log on the server. + */ +struct _RestartMessage +{ + ProtobufCMessage base; + /* + * ID of log being restarted + */ + char *log_id; + /* + * resume point (elapsed time) + */ + TimeSpec *resume_point; +}; +#define RESTART_MESSAGE__INIT \ + { PROTOBUF_C_MESSAGE_INIT (&restart_message__descriptor) \ + , (char *)protobuf_c_empty_string, NULL } + + +/* + * Window size change event. + */ +struct _ChangeWindowSize +{ + ProtobufCMessage base; + /* + * elapsed time since last record + */ + TimeSpec *delay; + /* + * new number of rows + */ + int32_t rows; + /* + * new number of columns + */ + int32_t cols; +}; +#define CHANGE_WINDOW_SIZE__INIT \ + { PROTOBUF_C_MESSAGE_INIT (&change_window_size__descriptor) \ + , NULL, 0, 0 } + + +/* + * Command suspend/resume event. + */ +struct _CommandSuspend +{ + ProtobufCMessage base; + /* + * elapsed time since last record + */ + TimeSpec *delay; + /* + * signal that caused suspend/resume + */ + char *signal; +}; +#define COMMAND_SUSPEND__INIT \ + { PROTOBUF_C_MESSAGE_INIT (&command_suspend__descriptor) \ + , NULL, (char *)protobuf_c_empty_string } + + +/* + * Hello message from client when connecting to server. + */ +struct _ClientHello +{ + ProtobufCMessage base; + /* + * free-form client description + */ + char *client_id; +}; +#define CLIENT_HELLO__INIT \ + { PROTOBUF_C_MESSAGE_INIT (&client_hello__descriptor) \ + , (char *)protobuf_c_empty_string } + + +typedef enum { + SERVER_MESSAGE__TYPE__NOT_SET = 0, + SERVER_MESSAGE__TYPE_HELLO = 1, + SERVER_MESSAGE__TYPE_COMMIT_POINT = 2, + SERVER_MESSAGE__TYPE_LOG_ID = 3, + SERVER_MESSAGE__TYPE_ERROR = 4, + SERVER_MESSAGE__TYPE_ABORT = 5 + PROTOBUF_C__FORCE_ENUM_TO_BE_INT_SIZE(SERVER_MESSAGE__TYPE) +} ServerMessage__TypeCase; + +/* + * Server messages to the client. Messages on the wire are + * prefixed with a 32-bit size in network byte order. + */ +struct _ServerMessage +{ + ProtobufCMessage base; + ServerMessage__TypeCase type_case; + union { + /* + * server hello message + */ + ServerHello *hello; + /* + * cumulative time of records stored + */ + TimeSpec *commit_point; + /* + * ID of server-side I/O log + */ + char *log_id; + /* + * error message from server + */ + char *error; + /* + * abort message, kill command + */ + char *abort; + }; +}; +#define SERVER_MESSAGE__INIT \ + { PROTOBUF_C_MESSAGE_INIT (&server_message__descriptor) \ + , SERVER_MESSAGE__TYPE__NOT_SET, {0} } + + +/* + * Hello message from server when client connects. + */ +struct _ServerHello +{ + ProtobufCMessage base; + /* + * free-form server description + */ + char *server_id; + /* + * optional redirect if busy + */ + char *redirect; + /* + * optional list of known servers + */ + size_t n_servers; + char **servers; +}; +#define SERVER_HELLO__INIT \ + { PROTOBUF_C_MESSAGE_INIT (&server_hello__descriptor) \ + , (char *)protobuf_c_empty_string, (char *)protobuf_c_empty_string, 0,NULL } + + +/* ClientMessage methods */ +void client_message__init + (ClientMessage *message); +size_t client_message__get_packed_size + (const ClientMessage *message); +size_t client_message__pack + (const ClientMessage *message, + uint8_t *out); +size_t client_message__pack_to_buffer + (const ClientMessage *message, + ProtobufCBuffer *buffer); +ClientMessage * + client_message__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data); +void client_message__free_unpacked + (ClientMessage *message, + ProtobufCAllocator *allocator); +/* TimeSpec methods */ +void time_spec__init + (TimeSpec *message); +size_t time_spec__get_packed_size + (const TimeSpec *message); +size_t time_spec__pack + (const TimeSpec *message, + uint8_t *out); +size_t time_spec__pack_to_buffer + (const TimeSpec *message, + ProtobufCBuffer *buffer); +TimeSpec * + time_spec__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data); +void time_spec__free_unpacked + (TimeSpec *message, + ProtobufCAllocator *allocator); +/* IoBuffer methods */ +void io_buffer__init + (IoBuffer *message); +size_t io_buffer__get_packed_size + (const IoBuffer *message); +size_t io_buffer__pack + (const IoBuffer *message, + uint8_t *out); +size_t io_buffer__pack_to_buffer + (const IoBuffer *message, + ProtobufCBuffer *buffer); +IoBuffer * + io_buffer__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data); +void io_buffer__free_unpacked + (IoBuffer *message, + ProtobufCAllocator *allocator); +/* InfoMessage__StringList methods */ +void info_message__string_list__init + (InfoMessage__StringList *message); +/* InfoMessage__NumberList methods */ +void info_message__number_list__init + (InfoMessage__NumberList *message); +/* InfoMessage methods */ +void info_message__init + (InfoMessage *message); +size_t info_message__get_packed_size + (const InfoMessage *message); +size_t info_message__pack + (const InfoMessage *message, + uint8_t *out); +size_t info_message__pack_to_buffer + (const InfoMessage *message, + ProtobufCBuffer *buffer); +InfoMessage * + info_message__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data); +void info_message__free_unpacked + (InfoMessage *message, + ProtobufCAllocator *allocator); +/* AcceptMessage methods */ +void accept_message__init + (AcceptMessage *message); +size_t accept_message__get_packed_size + (const AcceptMessage *message); +size_t accept_message__pack + (const AcceptMessage *message, + uint8_t *out); +size_t accept_message__pack_to_buffer + (const AcceptMessage *message, + ProtobufCBuffer *buffer); +AcceptMessage * + accept_message__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data); +void accept_message__free_unpacked + (AcceptMessage *message, + ProtobufCAllocator *allocator); +/* RejectMessage methods */ +void reject_message__init + (RejectMessage *message); +size_t reject_message__get_packed_size + (const RejectMessage *message); +size_t reject_message__pack + (const RejectMessage *message, + uint8_t *out); +size_t reject_message__pack_to_buffer + (const RejectMessage *message, + ProtobufCBuffer *buffer); +RejectMessage * + reject_message__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data); +void reject_message__free_unpacked + (RejectMessage *message, + ProtobufCAllocator *allocator); +/* ExitMessage methods */ +void exit_message__init + (ExitMessage *message); +size_t exit_message__get_packed_size + (const ExitMessage *message); +size_t exit_message__pack + (const ExitMessage *message, + uint8_t *out); +size_t exit_message__pack_to_buffer + (const ExitMessage *message, + ProtobufCBuffer *buffer); +ExitMessage * + exit_message__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data); +void exit_message__free_unpacked + (ExitMessage *message, + ProtobufCAllocator *allocator); +/* AlertMessage methods */ +void alert_message__init + (AlertMessage *message); +size_t alert_message__get_packed_size + (const AlertMessage *message); +size_t alert_message__pack + (const AlertMessage *message, + uint8_t *out); +size_t alert_message__pack_to_buffer + (const AlertMessage *message, + ProtobufCBuffer *buffer); +AlertMessage * + alert_message__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data); +void alert_message__free_unpacked + (AlertMessage *message, + ProtobufCAllocator *allocator); +/* RestartMessage methods */ +void restart_message__init + (RestartMessage *message); +size_t restart_message__get_packed_size + (const RestartMessage *message); +size_t restart_message__pack + (const RestartMessage *message, + uint8_t *out); +size_t restart_message__pack_to_buffer + (const RestartMessage *message, + ProtobufCBuffer *buffer); +RestartMessage * + restart_message__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data); +void restart_message__free_unpacked + (RestartMessage *message, + ProtobufCAllocator *allocator); +/* ChangeWindowSize methods */ +void change_window_size__init + (ChangeWindowSize *message); +size_t change_window_size__get_packed_size + (const ChangeWindowSize *message); +size_t change_window_size__pack + (const ChangeWindowSize *message, + uint8_t *out); +size_t change_window_size__pack_to_buffer + (const ChangeWindowSize *message, + ProtobufCBuffer *buffer); +ChangeWindowSize * + change_window_size__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data); +void change_window_size__free_unpacked + (ChangeWindowSize *message, + ProtobufCAllocator *allocator); +/* CommandSuspend methods */ +void command_suspend__init + (CommandSuspend *message); +size_t command_suspend__get_packed_size + (const CommandSuspend *message); +size_t command_suspend__pack + (const CommandSuspend *message, + uint8_t *out); +size_t command_suspend__pack_to_buffer + (const CommandSuspend *message, + ProtobufCBuffer *buffer); +CommandSuspend * + command_suspend__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data); +void command_suspend__free_unpacked + (CommandSuspend *message, + ProtobufCAllocator *allocator); +/* ClientHello methods */ +void client_hello__init + (ClientHello *message); +size_t client_hello__get_packed_size + (const ClientHello *message); +size_t client_hello__pack + (const ClientHello *message, + uint8_t *out); +size_t client_hello__pack_to_buffer + (const ClientHello *message, + ProtobufCBuffer *buffer); +ClientHello * + client_hello__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data); +void client_hello__free_unpacked + (ClientHello *message, + ProtobufCAllocator *allocator); +/* ServerMessage methods */ +void server_message__init + (ServerMessage *message); +size_t server_message__get_packed_size + (const ServerMessage *message); +size_t server_message__pack + (const ServerMessage *message, + uint8_t *out); +size_t server_message__pack_to_buffer + (const ServerMessage *message, + ProtobufCBuffer *buffer); +ServerMessage * + server_message__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data); +void server_message__free_unpacked + (ServerMessage *message, + ProtobufCAllocator *allocator); +/* ServerHello methods */ +void server_hello__init + (ServerHello *message); +size_t server_hello__get_packed_size + (const ServerHello *message); +size_t server_hello__pack + (const ServerHello *message, + uint8_t *out); +size_t server_hello__pack_to_buffer + (const ServerHello *message, + ProtobufCBuffer *buffer); +ServerHello * + server_hello__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data); +void server_hello__free_unpacked + (ServerHello *message, + ProtobufCAllocator *allocator); +/* --- per-message closures --- */ + +typedef void (*ClientMessage_Closure) + (const ClientMessage *message, + void *closure_data); +typedef void (*TimeSpec_Closure) + (const TimeSpec *message, + void *closure_data); +typedef void (*IoBuffer_Closure) + (const IoBuffer *message, + void *closure_data); +typedef void (*InfoMessage__StringList_Closure) + (const InfoMessage__StringList *message, + void *closure_data); +typedef void (*InfoMessage__NumberList_Closure) + (const InfoMessage__NumberList *message, + void *closure_data); +typedef void (*InfoMessage_Closure) + (const InfoMessage *message, + void *closure_data); +typedef void (*AcceptMessage_Closure) + (const AcceptMessage *message, + void *closure_data); +typedef void (*RejectMessage_Closure) + (const RejectMessage *message, + void *closure_data); +typedef void (*ExitMessage_Closure) + (const ExitMessage *message, + void *closure_data); +typedef void (*AlertMessage_Closure) + (const AlertMessage *message, + void *closure_data); +typedef void (*RestartMessage_Closure) + (const RestartMessage *message, + void *closure_data); +typedef void (*ChangeWindowSize_Closure) + (const ChangeWindowSize *message, + void *closure_data); +typedef void (*CommandSuspend_Closure) + (const CommandSuspend *message, + void *closure_data); +typedef void (*ClientHello_Closure) + (const ClientHello *message, + void *closure_data); +typedef void (*ServerMessage_Closure) + (const ServerMessage *message, + void *closure_data); +typedef void (*ServerHello_Closure) + (const ServerHello *message, + void *closure_data); + +/* --- services --- */ + + +/* --- descriptors --- */ + +extern const ProtobufCMessageDescriptor client_message__descriptor; +extern const ProtobufCMessageDescriptor time_spec__descriptor; +extern const ProtobufCMessageDescriptor io_buffer__descriptor; +extern const ProtobufCMessageDescriptor info_message__descriptor; +extern const ProtobufCMessageDescriptor info_message__string_list__descriptor; +extern const ProtobufCMessageDescriptor info_message__number_list__descriptor; +extern const ProtobufCMessageDescriptor accept_message__descriptor; +extern const ProtobufCMessageDescriptor reject_message__descriptor; +extern const ProtobufCMessageDescriptor exit_message__descriptor; +extern const ProtobufCMessageDescriptor alert_message__descriptor; +extern const ProtobufCMessageDescriptor restart_message__descriptor; +extern const ProtobufCMessageDescriptor change_window_size__descriptor; +extern const ProtobufCMessageDescriptor command_suspend__descriptor; +extern const ProtobufCMessageDescriptor client_hello__descriptor; +extern const ProtobufCMessageDescriptor server_message__descriptor; +extern const ProtobufCMessageDescriptor server_hello__descriptor; + +PROTOBUF_C__END_DECLS + + +#endif /* PROTOBUF_C_log_5fserver_2eproto__INCLUDED */ diff -Nru sudo-1.8.31/include/Makefile.in sudo-1.9.0/include/Makefile.in --- sudo-1.8.31/include/Makefile.in 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/include/Makefile.in 2020-05-11 16:28:22.000000000 +0000 @@ -21,9 +21,13 @@ #### Start of system configuration section. #### srcdir = @srcdir@ -top_builddir = @top_builddir@ +abs_srcdir = @abs_srcdir@ top_srcdir = @top_srcdir@ +abs_top_srcdir = @abs_top_srcdir@ +top_builddir = @top_builddir@ +abs_top_builddir = @abs_top_builddir@ includedir = @includedir@ +scriptdir = $(top_srcdir)/scripts cross_compiling = @CROSS_COMPILING@ # Our install program supports extra flags... @@ -62,7 +66,7 @@ install: install-includes install-dirs: - $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(includedir) + $(SHELL) $(scriptdir)/mkinstalldirs $(DESTDIR)$(includedir) install-binaries: diff -Nru sudo-1.8.31/include/protobuf-c/protobuf-c.h sudo-1.9.0/include/protobuf-c/protobuf-c.h --- sudo-1.8.31/include/protobuf-c/protobuf-c.h 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/include/protobuf-c/protobuf-c.h 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,1106 @@ +/* + * Copyright (c) 2008-2018, Dave Benson and the protobuf-c authors. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/*! \file + * \mainpage Introduction + * + * This is [protobuf-c], a C implementation of [Protocol Buffers]. + * + * This file defines the public API for the `libprotobuf-c` support library. + * This API includes interfaces that can be used directly by client code as well + * as the interfaces used by the code generated by the `protoc-c` compiler. + * + * The `libprotobuf-c` support library performs the actual serialization and + * deserialization of Protocol Buffers messages. It interacts with structures, + * definitions, and metadata generated by the `protoc-c` compiler from .proto + * files. + * + * \authors Dave Benson and the `protobuf-c` authors. + * + * \copyright 2008-2014. Licensed under the terms of the [BSD-2-Clause] license. + * + * [protobuf-c]: https://github.com/protobuf-c/protobuf-c + * [Protocol Buffers]: https://developers.google.com/protocol-buffers/ + * [BSD-2-Clause]: http://opensource.org/licenses/BSD-2-Clause + * + * \page gencode Generated Code + * + * For each enum, we generate a C enum. For each message, we generate a C + * structure which can be cast to a `ProtobufCMessage`. + * + * For each enum and message, we generate a descriptor object that allows us to + * implement a kind of reflection on the structures. + * + * First, some naming conventions: + * + * - The name of the type for enums and messages and services is camel case + * (meaning WordsAreCrammedTogether) except that double underscores are used + * to delimit scopes. For example, the following `.proto` file: + * +~~~{.proto} + package foo.bar; + message BazBah { + optional int32 val = 1; + } +~~~ + * + * would generate a C type `Foo__Bar__BazBah`. + * + * - Identifiers for functions and globals are all lowercase, with camel case + * words separated by single underscores. For example, one of the function + * prototypes generated by `protoc-c` for the above example: + * +~~~{.c} +Foo__Bar__BazBah * + foo__bar__baz_bah__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data); +~~~ + * + * - Identifiers for enum values contain an uppercase prefix which embeds the + * package name and the enum type name. + * + * - A double underscore is used to separate further components of identifier + * names. + * + * For example, in the name of the unpack function above, the package name + * `foo.bar` has become `foo__bar`, the message name BazBah has become + * `baz_bah`, and the method name is `unpack`. These are all joined with double + * underscores to form the C identifier `foo__bar__baz_bah__unpack`. + * + * We also generate descriptor objects for messages and enums. These are + * declared in the `.pb-c.h` files: + * +~~~{.c} +extern const ProtobufCMessageDescriptor foo__bar__baz_bah__descriptor; +~~~ + * + * The message structures all begin with `ProtobufCMessageDescriptor *` which is + * sufficient to allow them to be cast to `ProtobufCMessage`. + * + * For each message defined in a `.proto` file, we generate a number of + * functions and macros. Each function name contains a prefix based on the + * package name and message name in order to make it a unique C identifier. + * + * - `INIT`. Statically initializes a message object, initializing its + * descriptor and setting its fields to default values. Uninitialized + * messages cannot be processed by the protobuf-c library. + * +~~~{.c} +#define FOO__BAR__BAZ_BAH__INIT \ + { PROTOBUF_C_MESSAGE_INIT (&foo__bar__baz_bah__descriptor), 0 } +~~~ + * - `init()`. Initializes a message object, initializing its descriptor and + * setting its fields to default values. Uninitialized messages cannot be + * processed by the protobuf-c library. + * +~~~{.c} +void foo__bar__baz_bah__init + (Foo__Bar__BazBah *message); +~~~ + * - `unpack()`. Unpacks data for a particular message format. Note that the + * `allocator` parameter is usually `NULL` to indicate that the system's + * `malloc()` and `free()` functions should be used for dynamically allocating + * memory. + * +~~~{.c} +Foo__Bar__BazBah * + foo__bar__baz_bah__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data); +~~~ + * + * - `free_unpacked()`. Frees a message object obtained with the `unpack()` + * method. Freeing `NULL` is allowed (the same as with `free()`). + * +~~~{.c} +void foo__bar__baz_bah__free_unpacked + (Foo__Bar__BazBah *message, + ProtobufCAllocator *allocator); +~~~ + * + * - `get_packed_size()`. Calculates the length in bytes of the serialized + * representation of the message object. + * +~~~{.c} +size_t foo__bar__baz_bah__get_packed_size + (const Foo__Bar__BazBah *message); +~~~ + * + * - `pack()`. Pack a message object into a preallocated buffer. Assumes that + * the buffer is large enough. (Use `get_packed_size()` first.) + * +~~~{.c} +size_t foo__bar__baz_bah__pack + (const Foo__Bar__BazBah *message, + uint8_t *out); +~~~ + * + * - `pack_to_buffer()`. Packs a message into a "virtual buffer". This is an + * object which defines an "append bytes" callback to consume data as it is + * serialized. + * +~~~{.c} +size_t foo__bar__baz_bah__pack_to_buffer + (const Foo__Bar__BazBah *message, + ProtobufCBuffer *buffer); +~~~ + * + * \page pack Packing and unpacking messages + * + * To pack a message, first compute the packed size of the message with + * protobuf_c_message_get_packed_size(), then allocate a buffer of at least + * that size, then call protobuf_c_message_pack(). + * + * Alternatively, a message can be serialized without calculating the final size + * first. Use the protobuf_c_message_pack_to_buffer() function and provide a + * ProtobufCBuffer object which implements an "append" method that consumes + * data. + * + * To unpack a message, call the protobuf_c_message_unpack() function. The + * result can be cast to an object of the type that matches the descriptor for + * the message. + * + * The result of unpacking a message should be freed with + * protobuf_c_message_free_unpacked(). + */ + +#ifndef PROTOBUF_C_H +#define PROTOBUF_C_H + +#include +#include +#include +#include /* stdint.h not present on older systems */ + +#ifdef __cplusplus +# define PROTOBUF_C__BEGIN_DECLS extern "C" { +# define PROTOBUF_C__END_DECLS } +#else +# define PROTOBUF_C__BEGIN_DECLS +# define PROTOBUF_C__END_DECLS +#endif + +PROTOBUF_C__BEGIN_DECLS + +#if defined(_WIN32) && defined(PROTOBUF_C_USE_SHARED_LIB) +# ifdef PROTOBUF_C_EXPORT +# define PROTOBUF_C__API __declspec(dllexport) +# else +# define PROTOBUF_C__API __declspec(dllimport) +# endif +#else +# define PROTOBUF_C__API +#endif + +#if !defined(PROTOBUF_C__NO_DEPRECATED) && \ + ((__GNUC__ > 3) || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1)) +# define PROTOBUF_C__DEPRECATED __attribute__((__deprecated__)) +#else +# define PROTOBUF_C__DEPRECATED +#endif + +#ifndef PROTOBUF_C__FORCE_ENUM_TO_BE_INT_SIZE + #define PROTOBUF_C__FORCE_ENUM_TO_BE_INT_SIZE(enum_name) \ + , _##enum_name##_IS_INT_SIZE = INT_MAX +#endif + +#define PROTOBUF_C__SERVICE_DESCRIPTOR_MAGIC 0x14159bc3 +#define PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC 0x28aaeef9 +#define PROTOBUF_C__ENUM_DESCRIPTOR_MAGIC 0x114315af + +/* Empty string used for initializers */ +extern const char protobuf_c_empty_string[]; + +/** + * \defgroup api Public API + * + * This is the public API for `libprotobuf-c`. These interfaces are stable and + * subject to Semantic Versioning guarantees. + * + * @{ + */ + +/** + * Values for the `flags` word in `ProtobufCFieldDescriptor`. + */ +typedef enum { + /** Set if the field is repeated and marked with the `packed` option. */ + PROTOBUF_C_FIELD_FLAG_PACKED = (1 << 0), + + /** Set if the field is marked with the `deprecated` option. */ + PROTOBUF_C_FIELD_FLAG_DEPRECATED = (1 << 1), + + /** Set if the field is a member of a oneof (union). */ + PROTOBUF_C_FIELD_FLAG_ONEOF = (1 << 2), +} ProtobufCFieldFlag; + +/** + * Message field rules. + * + * \see [Defining A Message Type] in the Protocol Buffers documentation. + * + * [Defining A Message Type]: + * https://developers.google.com/protocol-buffers/docs/proto#simple + */ +typedef enum { + /** A well-formed message must have exactly one of this field. */ + PROTOBUF_C_LABEL_REQUIRED, + + /** + * A well-formed message can have zero or one of this field (but not + * more than one). + */ + PROTOBUF_C_LABEL_OPTIONAL, + + /** + * This field can be repeated any number of times (including zero) in a + * well-formed message. The order of the repeated values will be + * preserved. + */ + PROTOBUF_C_LABEL_REPEATED, + + /** + * This field has no label. This is valid only in proto3 and is + * equivalent to OPTIONAL but no "has" quantifier will be consulted. + */ + PROTOBUF_C_LABEL_NONE, +} ProtobufCLabel; + +/** + * Field value types. + * + * \see [Scalar Value Types] in the Protocol Buffers documentation. + * + * [Scalar Value Types]: + * https://developers.google.com/protocol-buffers/docs/proto#scalar + */ +typedef enum { + PROTOBUF_C_TYPE_INT32, /**< int32 */ + PROTOBUF_C_TYPE_SINT32, /**< signed int32 */ + PROTOBUF_C_TYPE_SFIXED32, /**< signed int32 (4 bytes) */ + PROTOBUF_C_TYPE_INT64, /**< int64 */ + PROTOBUF_C_TYPE_SINT64, /**< signed int64 */ + PROTOBUF_C_TYPE_SFIXED64, /**< signed int64 (8 bytes) */ + PROTOBUF_C_TYPE_UINT32, /**< unsigned int32 */ + PROTOBUF_C_TYPE_FIXED32, /**< unsigned int32 (4 bytes) */ + PROTOBUF_C_TYPE_UINT64, /**< unsigned int64 */ + PROTOBUF_C_TYPE_FIXED64, /**< unsigned int64 (8 bytes) */ + PROTOBUF_C_TYPE_FLOAT, /**< float */ + PROTOBUF_C_TYPE_DOUBLE, /**< double */ + PROTOBUF_C_TYPE_BOOL, /**< boolean */ + PROTOBUF_C_TYPE_ENUM, /**< enumerated type */ + PROTOBUF_C_TYPE_STRING, /**< UTF-8 or ASCII string */ + PROTOBUF_C_TYPE_BYTES, /**< arbitrary byte sequence */ + PROTOBUF_C_TYPE_MESSAGE, /**< nested message */ +} ProtobufCType; + +/** + * Field wire types. + * + * \see [Message Structure] in the Protocol Buffers documentation. + * + * [Message Structure]: + * https://developers.google.com/protocol-buffers/docs/encoding#structure + */ +typedef enum { + PROTOBUF_C_WIRE_TYPE_VARINT = 0, + PROTOBUF_C_WIRE_TYPE_64BIT = 1, + PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED = 2, + /* "Start group" and "end group" wire types are unsupported. */ + PROTOBUF_C_WIRE_TYPE_32BIT = 5, +} ProtobufCWireType; + +struct ProtobufCAllocator; +struct ProtobufCBinaryData; +struct ProtobufCBuffer; +struct ProtobufCBufferSimple; +struct ProtobufCEnumDescriptor; +struct ProtobufCEnumValue; +struct ProtobufCEnumValueIndex; +struct ProtobufCFieldDescriptor; +struct ProtobufCIntRange; +struct ProtobufCMessage; +struct ProtobufCMessageDescriptor; +struct ProtobufCMessageUnknownField; +struct ProtobufCMethodDescriptor; +struct ProtobufCService; +struct ProtobufCServiceDescriptor; + +typedef struct ProtobufCAllocator ProtobufCAllocator; +typedef struct ProtobufCBinaryData ProtobufCBinaryData; +typedef struct ProtobufCBuffer ProtobufCBuffer; +typedef struct ProtobufCBufferSimple ProtobufCBufferSimple; +typedef struct ProtobufCEnumDescriptor ProtobufCEnumDescriptor; +typedef struct ProtobufCEnumValue ProtobufCEnumValue; +typedef struct ProtobufCEnumValueIndex ProtobufCEnumValueIndex; +typedef struct ProtobufCFieldDescriptor ProtobufCFieldDescriptor; +typedef struct ProtobufCIntRange ProtobufCIntRange; +typedef struct ProtobufCMessage ProtobufCMessage; +typedef struct ProtobufCMessageDescriptor ProtobufCMessageDescriptor; +typedef struct ProtobufCMessageUnknownField ProtobufCMessageUnknownField; +typedef struct ProtobufCMethodDescriptor ProtobufCMethodDescriptor; +typedef struct ProtobufCService ProtobufCService; +typedef struct ProtobufCServiceDescriptor ProtobufCServiceDescriptor; + +/** Boolean type. */ +typedef int protobuf_c_boolean; + +typedef void (*ProtobufCClosure)(const ProtobufCMessage *, void *closure_data); +typedef void (*ProtobufCMessageInit)(ProtobufCMessage *); +typedef void (*ProtobufCServiceDestroy)(ProtobufCService *); + +/** + * Structure for defining a custom memory allocator. + */ +struct ProtobufCAllocator { + /** Function to allocate memory. */ + void *(*alloc)(void *allocator_data, size_t size); + + /** Function to free memory. */ + void (*free)(void *allocator_data, void *pointer); + + /** Opaque pointer passed to `alloc` and `free` functions. */ + void *allocator_data; +}; + +/** + * Structure for the protobuf `bytes` scalar type. + * + * The data contained in a `ProtobufCBinaryData` is an arbitrary sequence of + * bytes. It may contain embedded `NUL` characters and is not required to be + * `NUL`-terminated. + */ +struct ProtobufCBinaryData { + size_t len; /**< Number of bytes in the `data` field. */ + uint8_t *data; /**< Data bytes. */ +}; + +/** + * Structure for defining a virtual append-only buffer. Used by + * protobuf_c_message_pack_to_buffer() to abstract the consumption of serialized + * bytes. + * + * `ProtobufCBuffer` "subclasses" may be defined on the stack. For example, to + * write to a `FILE` object: + * +~~~{.c} +typedef struct { + ProtobufCBuffer base; + FILE *fp; +} BufferAppendToFile; + +static void +my_buffer_file_append(ProtobufCBuffer *buffer, + size_t len, + const uint8_t *data) +{ + BufferAppendToFile *file_buf = (BufferAppendToFile *) buffer; + fwrite(data, len, 1, file_buf->fp); // XXX: No error handling! +} +~~~ + * + * To use this new type of ProtobufCBuffer, it could be called as follows: + * +~~~{.c} +... +BufferAppendToFile tmp = {0}; +tmp.base.append = my_buffer_file_append; +tmp.fp = fp; +protobuf_c_message_pack_to_buffer(&message, &tmp); +... +~~~ + */ +struct ProtobufCBuffer { + /** Append function. Consumes the `len` bytes stored at `data`. */ + void (*append)(ProtobufCBuffer *buffer, + size_t len, + const uint8_t *data); +}; + +/** + * Simple buffer "subclass" of `ProtobufCBuffer`. + * + * A `ProtobufCBufferSimple` object is declared on the stack and uses a + * scratch buffer provided by the user for the initial allocation. It performs + * exponential resizing, using dynamically allocated memory. A + * `ProtobufCBufferSimple` object can be created and used as follows: + * +~~~{.c} +uint8_t pad[128]; +ProtobufCBufferSimple simple = PROTOBUF_C_BUFFER_SIMPLE_INIT(pad); +ProtobufCBuffer *buffer = (ProtobufCBuffer *) &simple; +~~~ + * + * `buffer` can now be used with `protobuf_c_message_pack_to_buffer()`. Once a + * message has been serialized to a `ProtobufCBufferSimple` object, the + * serialized data bytes can be accessed from the `.data` field. + * + * To free the memory allocated by a `ProtobufCBufferSimple` object, if any, + * call PROTOBUF_C_BUFFER_SIMPLE_CLEAR() on the object, for example: + * +~~~{.c} +PROTOBUF_C_BUFFER_SIMPLE_CLEAR(&simple); +~~~ + * + * \see PROTOBUF_C_BUFFER_SIMPLE_INIT + * \see PROTOBUF_C_BUFFER_SIMPLE_CLEAR + */ +struct ProtobufCBufferSimple { + /** "Base class". */ + ProtobufCBuffer base; + /** Number of bytes allocated in `data`. */ + size_t alloced; + /** Number of bytes currently stored in `data`. */ + size_t len; + /** Data bytes. */ + uint8_t *data; + /** Whether `data` must be freed. */ + protobuf_c_boolean must_free_data; + /** Allocator to use. May be NULL to indicate the system allocator. */ + ProtobufCAllocator *allocator; +}; + +/** + * Describes an enumeration as a whole, with all of its values. + */ +struct ProtobufCEnumDescriptor { + /** Magic value checked to ensure that the API is used correctly. */ + uint32_t magic; + + /** The qualified name (e.g., "namespace.Type"). */ + const char *name; + /** The unqualified name as given in the .proto file (e.g., "Type"). */ + const char *short_name; + /** Identifier used in generated C code. */ + const char *c_name; + /** The dot-separated namespace. */ + const char *package_name; + + /** Number elements in `values`. */ + unsigned n_values; + /** Array of distinct values, sorted by numeric value. */ + const ProtobufCEnumValue *values; + + /** Number of elements in `values_by_name`. */ + unsigned n_value_names; + /** Array of named values, including aliases, sorted by name. */ + const ProtobufCEnumValueIndex *values_by_name; + + /** Number of elements in `value_ranges`. */ + unsigned n_value_ranges; + /** Value ranges, for faster lookups by numeric value. */ + const ProtobufCIntRange *value_ranges; + + /** Reserved for future use. */ + void *reserved1; + /** Reserved for future use. */ + void *reserved2; + /** Reserved for future use. */ + void *reserved3; + /** Reserved for future use. */ + void *reserved4; +}; + +/** + * Represents a single value of an enumeration. + */ +struct ProtobufCEnumValue { + /** The string identifying this value in the .proto file. */ + const char *name; + + /** The string identifying this value in generated C code. */ + const char *c_name; + + /** The numeric value assigned in the .proto file. */ + int value; +}; + +/** + * Used by `ProtobufCEnumDescriptor` to look up enum values. + */ +struct ProtobufCEnumValueIndex { + /** Name of the enum value. */ + const char *name; + /** Index into values[] array. */ + unsigned index; +}; + +/** + * Describes a single field in a message. + */ +struct ProtobufCFieldDescriptor { + /** Name of the field as given in the .proto file. */ + const char *name; + + /** Tag value of the field as given in the .proto file. */ + uint32_t id; + + /** Whether the field is `REQUIRED`, `OPTIONAL`, or `REPEATED`. */ + ProtobufCLabel label; + + /** The type of the field. */ + ProtobufCType type; + + /** + * The offset in bytes of the message's C structure's quantifier field + * (the `has_MEMBER` field for optional members or the `n_MEMBER` field + * for repeated members or the case enum for oneofs). + */ + unsigned quantifier_offset; + + /** + * The offset in bytes into the message's C structure for the member + * itself. + */ + unsigned offset; + + /** + * A type-specific descriptor. + * + * If `type` is `PROTOBUF_C_TYPE_ENUM`, then `descriptor` points to the + * corresponding `ProtobufCEnumDescriptor`. + * + * If `type` is `PROTOBUF_C_TYPE_MESSAGE`, then `descriptor` points to + * the corresponding `ProtobufCMessageDescriptor`. + * + * Otherwise this field is NULL. + */ + const void *descriptor; /* for MESSAGE and ENUM types */ + + /** The default value for this field, if defined. May be NULL. */ + const void *default_value; + + /** + * A flag word. Zero or more of the bits defined in the + * `ProtobufCFieldFlag` enum may be set. + */ + uint32_t flags; + + /** Reserved for future use. */ + unsigned reserved_flags; + /** Reserved for future use. */ + void *reserved2; + /** Reserved for future use. */ + void *reserved3; +}; + +/** + * Helper structure for optimizing int => index lookups in the case + * where the keys are mostly consecutive values, as they presumably are for + * enums and fields. + * + * The data structures requires that the values in the original array are + * sorted. + */ +struct ProtobufCIntRange { + int start_value; + unsigned orig_index; + /* + * NOTE: the number of values in the range can be inferred by looking + * at the next element's orig_index. A dummy element is added to make + * this simple. + */ +}; + +/** + * An instance of a message. + * + * `ProtobufCMessage` is a light-weight "base class" for all messages. + * + * In particular, `ProtobufCMessage` doesn't have any allocation policy + * associated with it. That's because it's common to create `ProtobufCMessage` + * objects on the stack. In fact, that's what we recommend for sending messages. + * If the object is allocated from the stack, you can't really have a memory + * leak. + * + * This means that calls to functions like protobuf_c_message_unpack() which + * return a `ProtobufCMessage` must be paired with a call to a free function, + * like protobuf_c_message_free_unpacked(). + */ +struct ProtobufCMessage { + /** The descriptor for this message type. */ + const ProtobufCMessageDescriptor *descriptor; + /** The number of elements in `unknown_fields`. */ + unsigned n_unknown_fields; + /** The fields that weren't recognized by the parser. */ + ProtobufCMessageUnknownField *unknown_fields; +}; + +/** + * Describes a message. + */ +struct ProtobufCMessageDescriptor { + /** Magic value checked to ensure that the API is used correctly. */ + uint32_t magic; + + /** The qualified name (e.g., "namespace.Type"). */ + const char *name; + /** The unqualified name as given in the .proto file (e.g., "Type"). */ + const char *short_name; + /** Identifier used in generated C code. */ + const char *c_name; + /** The dot-separated namespace. */ + const char *package_name; + + /** + * Size in bytes of the C structure representing an instance of this + * type of message. + */ + size_t sizeof_message; + + /** Number of elements in `fields`. */ + unsigned n_fields; + /** Field descriptors, sorted by tag number. */ + const ProtobufCFieldDescriptor *fields; + /** Used for looking up fields by name. */ + const unsigned *fields_sorted_by_name; + + /** Number of elements in `field_ranges`. */ + unsigned n_field_ranges; + /** Used for looking up fields by id. */ + const ProtobufCIntRange *field_ranges; + + /** Message initialisation function. */ + ProtobufCMessageInit message_init; + + /** Reserved for future use. */ + void *reserved1; + /** Reserved for future use. */ + void *reserved2; + /** Reserved for future use. */ + void *reserved3; +}; + +/** + * An unknown message field. + */ +struct ProtobufCMessageUnknownField { + /** The tag number. */ + uint32_t tag; + /** The wire type of the field. */ + ProtobufCWireType wire_type; + /** Number of bytes in `data`. */ + size_t len; + /** Field data. */ + uint8_t *data; +}; + +/** + * Method descriptor. + */ +struct ProtobufCMethodDescriptor { + /** Method name. */ + const char *name; + /** Input message descriptor. */ + const ProtobufCMessageDescriptor *input; + /** Output message descriptor. */ + const ProtobufCMessageDescriptor *output; +}; + +/** + * Service. + */ +struct ProtobufCService { + /** Service descriptor. */ + const ProtobufCServiceDescriptor *descriptor; + /** Function to invoke the service. */ + void (*invoke)(ProtobufCService *service, + unsigned method_index, + const ProtobufCMessage *input, + ProtobufCClosure closure, + void *closure_data); + /** Function to destroy the service. */ + void (*destroy)(ProtobufCService *service); +}; + +/** + * Service descriptor. + */ +struct ProtobufCServiceDescriptor { + /** Magic value checked to ensure that the API is used correctly. */ + uint32_t magic; + + /** Service name. */ + const char *name; + /** Short version of service name. */ + const char *short_name; + /** C identifier for the service name. */ + const char *c_name; + /** Package name. */ + const char *package; + /** Number of elements in `methods`. */ + unsigned n_methods; + /** Method descriptors, in the order defined in the .proto file. */ + const ProtobufCMethodDescriptor *methods; + /** Sort index of methods. */ + const unsigned *method_indices_by_name; +}; + +/** + * Get the version of the protobuf-c library. Note that this is the version of + * the library linked against, not the version of the headers compiled against. + * + * \return A string containing the version number of protobuf-c. + */ +PROTOBUF_C__API +const char * +protobuf_c_version(void); + +/** + * Get the version of the protobuf-c library. Note that this is the version of + * the library linked against, not the version of the headers compiled against. + * + * \return A 32 bit unsigned integer containing the version number of + * protobuf-c, represented in base-10 as (MAJOR*1E6) + (MINOR*1E3) + PATCH. + */ +PROTOBUF_C__API +uint32_t +protobuf_c_version_number(void); + +/** + * The version of the protobuf-c headers, represented as a string using the same + * format as protobuf_c_version(). + */ +#define PROTOBUF_C_VERSION "1.3.2" + +/** + * The version of the protobuf-c headers, represented as an integer using the + * same format as protobuf_c_version_number(). + */ +#define PROTOBUF_C_VERSION_NUMBER 1003002 + +/** + * The minimum protoc-c version which works with the current version of the + * protobuf-c headers. + */ +#define PROTOBUF_C_MIN_COMPILER_VERSION 1000000 + +/** + * Look up a `ProtobufCEnumValue` from a `ProtobufCEnumDescriptor` by name. + * + * \param desc + * The `ProtobufCEnumDescriptor` object. + * \param name + * The `name` field from the corresponding `ProtobufCEnumValue` object to + * match. + * \return + * A `ProtobufCEnumValue` object. + * \retval NULL + * If not found or if the optimize_for = CODE_SIZE option was set. + */ +PROTOBUF_C__API +const ProtobufCEnumValue * +protobuf_c_enum_descriptor_get_value_by_name( + const ProtobufCEnumDescriptor *desc, + const char *name); + +/** + * Look up a `ProtobufCEnumValue` from a `ProtobufCEnumDescriptor` by numeric + * value. + * + * \param desc + * The `ProtobufCEnumDescriptor` object. + * \param value + * The `value` field from the corresponding `ProtobufCEnumValue` object to + * match. + * + * \return + * A `ProtobufCEnumValue` object. + * \retval NULL + * If not found. + */ +PROTOBUF_C__API +const ProtobufCEnumValue * +protobuf_c_enum_descriptor_get_value( + const ProtobufCEnumDescriptor *desc, + int value); + +/** + * Look up a `ProtobufCFieldDescriptor` from a `ProtobufCMessageDescriptor` by + * the name of the field. + * + * \param desc + * The `ProtobufCMessageDescriptor` object. + * \param name + * The name of the field. + * \return + * A `ProtobufCFieldDescriptor` object. + * \retval NULL + * If not found or if the optimize_for = CODE_SIZE option was set. + */ +PROTOBUF_C__API +const ProtobufCFieldDescriptor * +protobuf_c_message_descriptor_get_field_by_name( + const ProtobufCMessageDescriptor *desc, + const char *name); + +/** + * Look up a `ProtobufCFieldDescriptor` from a `ProtobufCMessageDescriptor` by + * the tag value of the field. + * + * \param desc + * The `ProtobufCMessageDescriptor` object. + * \param value + * The tag value of the field. + * \return + * A `ProtobufCFieldDescriptor` object. + * \retval NULL + * If not found. + */ +PROTOBUF_C__API +const ProtobufCFieldDescriptor * +protobuf_c_message_descriptor_get_field( + const ProtobufCMessageDescriptor *desc, + unsigned value); + +/** + * Determine the number of bytes required to store the serialised message. + * + * \param message + * The message object to serialise. + * \return + * Number of bytes. + */ +PROTOBUF_C__API +size_t +protobuf_c_message_get_packed_size(const ProtobufCMessage *message); + +/** + * Serialise a message from its in-memory representation. + * + * This function stores the serialised bytes of the message in a pre-allocated + * buffer. + * + * \param message + * The message object to serialise. + * \param[out] out + * Buffer to store the bytes of the serialised message. This buffer must + * have enough space to store the packed message. Use + * protobuf_c_message_get_packed_size() to determine the number of bytes + * required. + * \return + * Number of bytes stored in `out`. + */ +PROTOBUF_C__API +size_t +protobuf_c_message_pack(const ProtobufCMessage *message, uint8_t *out); + +/** + * Serialise a message from its in-memory representation to a virtual buffer. + * + * This function calls the `append` method of a `ProtobufCBuffer` object to + * consume the bytes generated by the serialiser. + * + * \param message + * The message object to serialise. + * \param buffer + * The virtual buffer object. + * \return + * Number of bytes passed to the virtual buffer. + */ +PROTOBUF_C__API +size_t +protobuf_c_message_pack_to_buffer( + const ProtobufCMessage *message, + ProtobufCBuffer *buffer); + +/** + * Unpack a serialised message into an in-memory representation. + * + * \param descriptor + * The message descriptor. + * \param allocator + * `ProtobufCAllocator` to use for memory allocation. May be NULL to + * specify the default allocator. + * \param len + * Length in bytes of the serialised message. + * \param data + * Pointer to the serialised message. + * \return + * An unpacked message object. + * \retval NULL + * If an error occurred during unpacking. + */ +PROTOBUF_C__API +ProtobufCMessage * +protobuf_c_message_unpack( + const ProtobufCMessageDescriptor *descriptor, + ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data); + +/** + * Free an unpacked message object. + * + * This function should be used to deallocate the memory used by a call to + * protobuf_c_message_unpack(). + * + * \param message + * The message object to free. May be NULL. + * \param allocator + * `ProtobufCAllocator` to use for memory deallocation. May be NULL to + * specify the default allocator. + */ +PROTOBUF_C__API +void +protobuf_c_message_free_unpacked( + ProtobufCMessage *message, + ProtobufCAllocator *allocator); + +/** + * Check the validity of a message object. + * + * Makes sure all required fields (`PROTOBUF_C_LABEL_REQUIRED`) are present. + * Recursively checks nested messages. + * + * \retval TRUE + * Message is valid. + * \retval FALSE + * Message is invalid. + */ +PROTOBUF_C__API +protobuf_c_boolean +protobuf_c_message_check(const ProtobufCMessage *); + +/** Message initialiser. */ +#define PROTOBUF_C_MESSAGE_INIT(descriptor) { descriptor, 0, NULL } + +/** + * Initialise a message object from a message descriptor. + * + * \param descriptor + * Message descriptor. + * \param message + * Allocated block of memory of size `descriptor->sizeof_message`. + */ +PROTOBUF_C__API +void +protobuf_c_message_init( + const ProtobufCMessageDescriptor *descriptor, + void *message); + +/** + * Free a service. + * + * \param service + * The service object to free. + */ +PROTOBUF_C__API +void +protobuf_c_service_destroy(ProtobufCService *service); + +/** + * Look up a `ProtobufCMethodDescriptor` by name. + * + * \param desc + * Service descriptor. + * \param name + * Name of the method. + * + * \return + * A `ProtobufCMethodDescriptor` object. + * \retval NULL + * If not found or if the optimize_for = CODE_SIZE option was set. + */ +PROTOBUF_C__API +const ProtobufCMethodDescriptor * +protobuf_c_service_descriptor_get_method_by_name( + const ProtobufCServiceDescriptor *desc, + const char *name); + +/** + * Initialise a `ProtobufCBufferSimple` object. + */ +#define PROTOBUF_C_BUFFER_SIMPLE_INIT(array_of_bytes) \ +{ \ + { protobuf_c_buffer_simple_append }, \ + sizeof(array_of_bytes), \ + 0, \ + (array_of_bytes), \ + 0, \ + NULL \ +} + +/** + * Clear a `ProtobufCBufferSimple` object, freeing any allocated memory. + */ +#define PROTOBUF_C_BUFFER_SIMPLE_CLEAR(simp_buf) \ +do { \ + if ((simp_buf)->must_free_data) { \ + if ((simp_buf)->allocator != NULL) \ + (simp_buf)->allocator->free( \ + (simp_buf)->allocator, \ + (simp_buf)->data); \ + else \ + free((simp_buf)->data); \ + } \ +} while (0) + +/** + * The `append` method for `ProtobufCBufferSimple`. + * + * \param buffer + * The buffer object to append to. Must actually be a + * `ProtobufCBufferSimple` object. + * \param len + * Number of bytes in `data`. + * \param data + * Data to append. + */ +PROTOBUF_C__API +void +protobuf_c_buffer_simple_append( + ProtobufCBuffer *buffer, + size_t len, + const unsigned char *data); + +PROTOBUF_C__API +void +protobuf_c_service_generated_init( + ProtobufCService *service, + const ProtobufCServiceDescriptor *descriptor, + ProtobufCServiceDestroy destroy); + +PROTOBUF_C__API +void +protobuf_c_service_invoke_internal( + ProtobufCService *service, + unsigned method_index, + const ProtobufCMessage *input, + ProtobufCClosure closure, + void *closure_data); + +/**@}*/ + +PROTOBUF_C__END_DECLS + +#endif /* PROTOBUF_C_H */ diff -Nru sudo-1.8.31/include/sudo_compat.h sudo-1.9.0/include/sudo_compat.h --- sudo-1.8.31/include/sudo_compat.h 2019-12-25 19:19:11.000000000 +0000 +++ sudo-1.9.0/include/sudo_compat.h 2020-05-11 16:28:23.000000000 +0000 @@ -212,16 +212,21 @@ # define UTIME_NOW -2L # endif #endif -#if !defined(HAVE_OPENAT) || (!defined(HAVE_FUTIMENS) && !defined(HAVE_UTIMENSAT)) +#if !defined(HAVE_OPENAT) || (!defined(HAVE_FUTIMENS) && !defined(HAVE_UTIMENSAT)) || !defined(HAVE_FCHMODAT) || !defined(HAVE_FSTATAT) || !defined(HAVE_UNLINKAT) # ifndef AT_FDCWD -# define AT_FDCWD -100 +# define AT_FDCWD -100 +# endif +# ifndef AT_SYMLINK_NOFOLLOW +# define AT_SYMLINK_NOFOLLOW 0x02 # endif #endif -/* For pipe2() emulation. */ -#if !defined(HAVE_PIPE2) && defined(O_NONBLOCK) && (!defined(O_CLOEXEC) || O_CLOEXEC > 0xffffffff) -# undef O_CLOEXEC -# define O_CLOEXEC 0x80000000 +/* For dup3() and pipe2() emulation. */ +#if (!defined(HAVE_PIPE2) || !defined(HAVE_DUP3)) && defined(O_NONBLOCK) +# if !defined(O_CLOEXEC) || O_CLOEXEC > 0xffffffff +# undef O_CLOEXEC +# define O_CLOEXEC 0x80000000 +# endif #endif /* @@ -386,13 +391,45 @@ #endif /* __hpux && !__LP64__ */ /* + * Older systems may lack fseeko(3), just use fseek(3) instead. + */ +#ifndef HAVE_FSEEKO +# define fseeko(f, o, w) fseek((f), (long)(o), (w)) +#endif + +/* + * Compatibility defines for OpenSSL 1.0.2 (not needed for 1.1.x) + */ +#if defined(HAVE_OPENSSL) +# ifndef HAVE_X509_STORE_CTX_GET0_CERT +# define X509_STORE_CTX_get0_cert(x) ((x)->cert) +# endif +# ifndef HAVE_ASN1_STRING_GET0_DATA +# define ASN1_STRING_get0_data(x) ASN1_STRING_data(x) +# endif +# ifndef HAVE_TLS_CLIENT_METHOD +# define TLS_client_method() SSLv23_client_method() +# endif +# ifndef HAVE_TLS_SERVER_METHOD +# define TLS_server_method() SSLv23_server_method() +# endif +#endif /* HAVE_OPENSSL */ + +/* * Functions "missing" from libc. * All libc replacements are prefixed with "sudo_" to avoid namespace issues. */ struct passwd; +struct stat; struct timespec; +struct termios; +#ifndef HAVE_CFMAKERAW +__dso_public void sudo_cfmakeraw(struct termios *term); +# undef cfmakeraw +# define cfmakeraw(_a) sudo_cfmakeraw((_a)) +#endif /* HAVE_CFMAKERAW */ #ifndef HAVE_CLOSEFROM __dso_public void sudo_closefrom(int); # undef closefrom @@ -429,6 +466,16 @@ # undef utimensat # define utimensat(_a, _b, _c, _d) sudo_utimensat((_a), (_b), (_c), (_d)) #endif /* HAVE_UTIMENSAT */ +#ifndef HAVE_FCHMODAT +__dso_public int sudo_fchmodat(int dfd, const char *path, mode_t mode, int flag); +# undef fchmodat +# define fchmodat(_a, _b, _c, _d) sudo_fchmodat((_a), (_b), (_c), (_d)) +#endif /* HAVE_FCHMODAT */ +#ifndef HAVE_FSTATAT +__dso_public int sudo_fstatat(int dfd, const char *path, struct stat *sb, int flag); +# undef fstatat +# define fstatat(_a, _b, _c, _d) sudo_fstatat((_a), (_b), (_c), (_d)) +#endif /* HAVE_FSTATAT */ #ifndef HAVE_FUTIMENS __dso_public int sudo_futimens(int fd, const struct timespec *times); # undef futimens @@ -496,7 +543,12 @@ __dso_public int sudo_nanosleep(const struct timespec *timeout, struct timespec *remainder); #undef nanosleep # define nanosleep(_a, _b) sudo_nanosleep((_a), (_b)) -#endif +#endif /* HAVE_NANOSLEEP */ +#ifndef HAVE_OPENAT +__dso_public int sudo_openat(int dfd, const char *path, int flags, mode_t mode); +# undef openat +# define openat(_a, _b, _c, _d) sudo_openat((_a), (_b), (_c), (_d)) +#endif /* HAVE_OPENAT */ #ifndef HAVE_PW_DUP __dso_public struct passwd *sudo_pw_dup(const struct passwd *pw); # undef pw_dup @@ -517,7 +569,7 @@ # undef str2sig # define str2sig(_a, _b) sudo_str2sig((_a), (_b)) #endif /* HAVE_STR2SIG */ -#if !defined(HAVE_INET_NTOP) && defined(SUDO_NET_IFS_C) +#if !defined(HAVE_INET_NTOP) && defined(NEED_INET_NTOP) __dso_public char *sudo_inet_ntop(int af, const void *src, char *dst, socklen_t size); # undef inet_ntop # define inet_ntop(_a, _b, _c, _d) sudo_inet_ntop((_a), (_b), (_c), (_d)) @@ -542,10 +594,20 @@ # undef vsyslog # define vsyslog(_a, _b, _c) sudo_vsyslog((_a), (_b), (_c)) #endif /* HAVE_VSYSLOG */ +#ifndef HAVE_DUP3 +__dso_public int sudo_dup3(int oldd, int newd, int flags); +# undef dup3 +# define dup3(_a, _b, _c) sudo_dup3((_a), (_b), (_c)) +#endif /* HAVE_DUP3 */ #ifndef HAVE_PIPE2 __dso_public int sudo_pipe2(int fildes[2], int flags); # undef pipe2 # define pipe2(_a, _b) sudo_pipe2((_a), (_b)) #endif /* HAVE_PIPE2 */ +#ifndef HAVE_UNLINKAT +__dso_public int sudo_unlinkat(int dfd, const char *path, int flag); +# undef unlinkat +# define unlinkat(_a, _b, _c) sudo_unlinkat((_a), (_b), (_c)) +#endif /* HAVE_UNLINKAT */ #endif /* SUDO_COMPAT_H */ diff -Nru sudo-1.8.31/include/sudo_conf.h sudo-1.9.0/include/sudo_conf.h --- sudo-1.8.31/include/sudo_conf.h 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/include/sudo_conf.h 2020-05-11 16:28:23.000000000 +0000 @@ -66,6 +66,7 @@ __dso_public struct sudo_conf_debug_file_list *sudo_conf_debug_files_v1(const char *progname); __dso_public struct plugin_info_list *sudo_conf_plugins_v1(void); __dso_public bool sudo_conf_disable_coredump_v1(void); +__dso_public bool sudo_conf_developer_mode_v1(void); __dso_public bool sudo_conf_probe_interfaces_v1(void); __dso_public int sudo_conf_group_source_v1(void); __dso_public int sudo_conf_max_groups_v1(void); @@ -79,6 +80,7 @@ #define sudo_conf_debug_files(_a) sudo_conf_debug_files_v1((_a)) #define sudo_conf_plugins() sudo_conf_plugins_v1() #define sudo_conf_disable_coredump() sudo_conf_disable_coredump_v1() +#define sudo_conf_developer_mode() sudo_conf_developer_mode_v1() #define sudo_conf_probe_interfaces() sudo_conf_probe_interfaces_v1() #define sudo_conf_group_source() sudo_conf_group_source_v1() #define sudo_conf_max_groups() sudo_conf_max_groups_v1() diff -Nru sudo-1.8.31/include/sudo_debug.h sudo-1.9.0/include/sudo_debug.h --- sudo-1.8.31/include/sudo_debug.h 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/include/sudo_debug.h 2020-05-11 16:28:23.000000000 +0000 @@ -105,17 +105,17 @@ #ifdef HAVE___FUNC__ # define debug_decl_func(funcname) # define debug_decl_vars(funcname, subsys) \ - const int sudo_debug_subsys = (subsys); + const int sudo_debug_subsys = (subsys) #else # define debug_decl_func(funcname) \ const char __func__[] = #funcname; # define debug_decl_vars(funcname, subsys) \ - const int sudo_debug_subsys = (subsys); \ - debug_decl_func(funcname); + debug_decl_func(funcname) \ + const int sudo_debug_subsys = (subsys) #endif #define debug_decl(funcname, subsys) \ - debug_decl_vars((funcname), (subsys)) \ - sudo_debug_enter(__func__, __FILE__, __LINE__, sudo_debug_subsys); + debug_decl_vars((funcname), (subsys)); \ + sudo_debug_enter(__func__, __FILE__, __LINE__, sudo_debug_subsys) /* * Wrappers for sudo_debug_exit() and friends. @@ -262,6 +262,7 @@ __dso_public int sudo_debug_get_active_instance_v1(void); __dso_public int sudo_debug_get_fds_v1(unsigned char **fds); __dso_public int sudo_debug_get_instance_v1(const char *program); +__dso_public int sudo_debug_parse_flags_v1(struct sudo_conf_debug_file_list *debug_files, const char *entry); __dso_public void sudo_debug_printf2_v1(const char *func, const char *file, int line, int level, const char *fmt, ...) __printf0like(5, 6); __dso_public void sudo_debug_printf_nvm_v1(int pri, const char *fmt, ...) __printf0like(2, 3); __dso_public int sudo_debug_register_v1(const char *program, const char *const subsystems[], unsigned int ids[], struct sudo_conf_debug_file_list *debug_files); @@ -269,7 +270,9 @@ __dso_public void sudo_debug_update_fd_v1(int ofd, int nfd); __dso_public void sudo_debug_vprintf2_v1(const char *func, const char *file, int line, int level, const char *fmt, va_list ap) __printf0like(5, 0); __dso_public void sudo_debug_write2_v1(int fd, const char *func, const char *file, int line, const char *str, int len, int errnum); +__dso_public bool sudo_debug_needed_v1(int level); +#define sudo_debug_needed(level) sudo_debug_needed_v1((level)|sudo_debug_subsys) #define sudo_debug_deregister(_a) sudo_debug_deregister_v1((_a)) #define sudo_debug_enter(_a, _b, _c, _d) sudo_debug_enter_v1((_a), (_b), (_c), (_d)) #define sudo_debug_execve2(_a, _b, _c, _d) sudo_debug_execve2_v1((_a), (_b), (_c), (_d)) @@ -288,6 +291,7 @@ #define sudo_debug_get_active_instance() sudo_debug_get_active_instance_v1() #define sudo_debug_get_fds(_a) sudo_debug_get_fds_v1((_a)) #define sudo_debug_get_instance(_a) sudo_debug_get_instance_v1((_a)) +#define sudo_debug_parse_flags(_a, _b) sudo_debug_parse_flags_v1((_a), (_b)) #define sudo_debug_printf2 sudo_debug_printf2_v1 #define sudo_debug_printf_nvm sudo_debug_printf_nvm_v1 #define sudo_debug_register(_a, _b, _c, _d) sudo_debug_register_v1((_a), (_b), (_c), (_d)) diff -Nru sudo-1.8.31/include/sudo_event.h sudo-1.9.0/include/sudo_event.h --- sudo-1.8.31/include/sudo_event.h 2019-12-25 19:19:37.000000000 +0000 +++ sudo-1.9.0/include/sudo_event.h 2020-05-11 16:28:23.000000000 +0000 @@ -19,12 +19,13 @@ #ifndef SUDO_EVENT_H #define SUDO_EVENT_H +#include /* for struct timespec */ #include /* for sigatomic_t and NSIG */ #include "sudo_queue.h" struct timeval; /* for deprecated APIs */ -/* Event types */ +/* Event types (keep in sync with sudo_plugin.h) */ #define SUDO_EV_TIMEOUT 0x01 /* fire after timeout */ #define SUDO_EV_READ 0x02 /* fire when readable */ #define SUDO_EV_WRITE 0x04 /* fire when writable */ @@ -32,6 +33,9 @@ #define SUDO_EV_SIGNAL 0x10 /* fire on signal receipt */ #define SUDO_EV_SIGINFO 0x20 /* fire on signal receipt (siginfo) */ +/* User-settable events for sudo_ev_init() (SUDO_EV_TIMEOUT not valid here) */ +#define SUDO_EV_MASK (SUDO_EV_READ|SUDO_EV_WRITE|SUDO_EV_PERSIST|SUDO_EV_SIGNAL|SUDO_EV_SIGINFO) + /* Event flags (internal) */ #define SUDO_EVQ_INSERTED 0x01 /* event is on the event queue */ #define SUDO_EVQ_ACTIVE 0x02 /* event is on the active queue */ @@ -50,6 +54,7 @@ #define SUDO_EVBASE_GOT_BREAK 0x20 #define SUDO_EVBASE_GOT_MASK 0xf0 +/* Must match sudo_plugin_ev_callback_t in sudo_plugin.h */ typedef void (*sudo_ev_callback_t)(int fd, int what, void *closure); /* @@ -90,7 +95,7 @@ sig_atomic_t signal_pending[NSIG]; /* pending signals */ sig_atomic_t signal_caught; /* at least one signal caught */ int num_handlers; /* number of installed handlers */ - int signal_pipe[2]; /* so we can wake up on singal */ + int signal_pipe[2]; /* so we can wake up on signal */ #if defined(HAVE_POLL) || defined(HAVE_PPOLL) struct pollfd *pfds; /* array of struct pollfd */ int pfd_max; /* size of the pfds array */ @@ -127,9 +132,13 @@ __dso_public void sudo_ev_free_v1(struct sudo_event *ev); #define sudo_ev_free(_a) sudo_ev_free_v1((_a)) +/* Set an event struct that was pre-allocated. */ +__dso_public int sudo_ev_set_v1(struct sudo_event *ev, int fd, short events, sudo_ev_callback_t callback, void *closure); +#define sudo_ev_set(_a, _b, _c, _d, _e) sudo_ev_set_v1((_a), (_b), (_c), (_d), (_e)) + /* Add an event, returns 0 on success, -1 on error */ -__dso_public int sudo_ev_add_v1(struct sudo_event_base *head, struct sudo_event *ev, struct timeval *timo, bool tohead); -__dso_public int sudo_ev_add_v2(struct sudo_event_base *head, struct sudo_event *ev, struct timespec *timo, bool tohead); +__dso_public int sudo_ev_add_v1(struct sudo_event_base *head, struct sudo_event *ev, const struct timeval *timo, bool tohead); +__dso_public int sudo_ev_add_v2(struct sudo_event_base *head, struct sudo_event *ev, const struct timespec *timo, bool tohead); #define sudo_ev_add(_a, _b, _c, _d) sudo_ev_add_v2((_a), (_b), (_c), (_d)) /* Delete an event, returns 0 on success, -1 on error */ @@ -144,7 +153,11 @@ __dso_public int sudo_ev_loop_v1(struct sudo_event_base *head, int flags); #define sudo_ev_loop(_a, _b) sudo_ev_loop_v1((_a), (_b)) -/* Return the remaining timeout associated with an event. */ +/* Return pending event types, fills in ts if non-NULL and there is a timeout */ +__dso_public int sudo_ev_pending_v1(struct sudo_event *ev, short events, struct timespec *ts); +#define sudo_ev_pending(_a, _b, _c) sudo_ev_pending_v1((_a), (_b), (_c)) + +/* Return the remaining timeout associated with an event (deprecated). */ __dso_public int sudo_ev_get_timeleft_v1(struct sudo_event *ev, struct timeval *tv); __dso_public int sudo_ev_get_timeleft_v2(struct sudo_event *ev, struct timespec *tv); #define sudo_ev_get_timeleft(_a, _b) sudo_ev_get_timeleft_v2((_a), (_b)) diff -Nru sudo-1.8.31/include/sudo_iolog.h sudo-1.9.0/include/sudo_iolog.h --- sudo-1.8.31/include/sudo_iolog.h 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/include/sudo_iolog.h 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,151 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2009-2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef SUDO_IOLOG_H +#define SUDO_IOLOG_H + +#ifdef HAVE_ZLIB_H +# include /* for gzFile */ +#endif + +/* Default maximum session ID */ +#define SESSID_MAX 2176782336U + +/* + * I/O log event types as stored as the first field in the timing file. + * Changing existing values will result in incompatible I/O log files. + */ +#define IO_EVENT_STDIN 0 +#define IO_EVENT_STDOUT 1 +#define IO_EVENT_STDERR 2 +#define IO_EVENT_TTYIN 3 +#define IO_EVENT_TTYOUT 4 +#define IO_EVENT_WINSIZE 5 +#define IO_EVENT_TTYOUT_1_8_7 6 +#define IO_EVENT_SUSPEND 7 +#define IO_EVENT_COUNT 8 + +/* + * Indexes into iolog_files[] array. + * These must match the IO_EVENT_ defines above. + * TODO: eliminate use of IOFD_* and IO_EVENT_* as indexes in favor of + * a struct containing iolog_file *s for each (and names too?). + */ +#define IOFD_STDIN 0 +#define IOFD_STDOUT 1 +#define IOFD_STDERR 2 +#define IOFD_TTYIN 3 +#define IOFD_TTYOUT 4 +#define IOFD_TIMING 5 +#define IOFD_MAX 6 + +/* + * Info present in the I/O log file + */ +struct iolog_info { + char *cwd; + char *user; + char *runas_user; + char *runas_group; + char *tty; + char *cmd; + char *host; + struct timespec tstamp; + int lines; + int cols; + uid_t runas_uid; + gid_t runas_gid; + char **argv; + char **envp; +}; + +struct timing_closure { + struct timespec delay; + const char *decimal; + struct iolog_file *iol; + int event; + union { + struct { + int lines; + int cols; + } winsize; + size_t nbytes; + int signo; + } u; +}; + +struct iolog_file { + bool enabled; + bool compressed; + bool writable; + union { + FILE *f; +#ifdef HAVE_ZLIB_H + gzFile g; +#endif + void *v; + } fd; +}; + +struct iolog_path_escape { + const char *name; + size_t (*copy_fn)(char *, size_t, void *); +}; + +/* host_port.c */ +bool iolog_parse_host_port(char *str, char **hostp, char **portp, bool *tlsp, char *defport, char *defport_tls); + +/* iolog_path.c */ +bool expand_iolog_path(const char *inpath, char *path, size_t pathlen, const struct iolog_path_escape *escapes, void *closure); + +/* iolog_util.c */ +bool iolog_parse_timing(const char *line, struct timing_closure *timing); +char *iolog_parse_delay(const char *cp, struct timespec *delay, const char *decimal_point); +int iolog_read_timing_record(struct iolog_file *iol, struct timing_closure *timing); +struct iolog_info *iolog_parse_loginfo(int dfd, const char *iolog_dir); +bool iolog_parse_loginfo_json(FILE *fp, const char *iolog_dir, struct iolog_info *li); +void iolog_adjust_delay(struct timespec *delay, struct timespec *max_delay, double scale_factor); +void iolog_free_loginfo(struct iolog_info *li); + +/* iolog_fileio.c */ +struct passwd; +struct group; +bool iolog_close(struct iolog_file *iol, const char **errstr); +bool iolog_eof(struct iolog_file *iol); +bool iolog_mkdtemp(char *path); +bool iolog_mkpath(char *path); +bool iolog_nextid(char *iolog_dir, char sessid[7]); +bool iolog_open(struct iolog_file *iol, int dfd, int iofd, const char *mode); +bool iolog_rename(const char *from, const char *to); +bool iolog_write_info_file(int dfd, const char *parent, struct iolog_info *log_info); +char *iolog_gets(struct iolog_file *iol, char *buf, size_t nbytes, const char **errsttr); +const char *iolog_fd_to_name(int iofd); +int iolog_openat(int fdf, const char *path, int flags); +off_t iolog_seek(struct iolog_file *iol, off_t offset, int whence); +ssize_t iolog_read(struct iolog_file *iol, void *buf, size_t nbytes, const char **errstr); +ssize_t iolog_write(struct iolog_file *iol, const void *buf, size_t len, const char **errstr); +void iolog_rewind(struct iolog_file *iol); +void iolog_set_compress(bool); +void iolog_set_defaults(void); +void iolog_set_flush(bool); +void iolog_set_gid(gid_t gid); +void iolog_set_maxseq(unsigned int maxval); +void iolog_set_mode(mode_t mode); +void iolog_set_owner(uid_t uid, uid_t gid); + +#endif /* SUDO_IOLOG_H */ diff -Nru sudo-1.8.31/include/sudo_json.h sudo-1.9.0/include/sudo_json.h --- sudo-1.8.31/include/sudo_json.h 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/include/sudo_json.h 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,85 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2013-2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * JSON values may be of the following types. + */ +enum json_value_type { + JSON_STRING, + JSON_ID, + JSON_NUMBER, + JSON_OBJECT, + JSON_ARRAY, + JSON_BOOL, + JSON_NULL +}; + +/* + * JSON value suitable for printing. + * Note: this does not support object values. + */ +struct json_value { + enum json_value_type type; + union { + const char *string; + long long number; + id_t id; + bool boolean; + } u; +}; + +struct json_container { + char *buf; + unsigned int buflen; + unsigned int bufsize; + unsigned int indent_level; + unsigned int indent_increment; + bool compact; + bool memfatal; + bool need_comma; +}; + +__dso_public bool sudo_json_init_v1(struct json_container *json, int indent, bool compact, bool memfatal); +#define sudo_json_init(_a, _b, _c, _d) sudo_json_init_v1((_a), (_b), (_c), (_d)) + +__dso_public void sudo_json_free_v1(struct json_container *json); +#define sudo_json_free(_a) sudo_json_free_v1((_a)) + +__dso_public bool sudo_json_open_object_v1(struct json_container *json, const char *name); +#define sudo_json_open_object(_a, _b) sudo_json_open_object_v1((_a), (_b)) + +__dso_public bool sudo_json_close_object_v1(struct json_container *json); +#define sudo_json_close_object(_a) sudo_json_close_object_v1((_a)) + +__dso_public bool sudo_json_open_array_v1(struct json_container *json, const char *name); +#define sudo_json_open_array(_a, _b) sudo_json_open_array_v1((_a), (_b)) + +__dso_public bool sudo_json_close_array_v1(struct json_container *json); +#define sudo_json_close_array(_a) sudo_json_close_array_v1((_a)) + +__dso_public bool sudo_json_add_value_v1(struct json_container *json, const char *name, struct json_value *value); +#define sudo_json_add_value(_a, _b, _c) sudo_json_add_value_v1((_a), (_b), (_c)) + +__dso_public bool sudo_json_add_value_as_object_v1(struct json_container *json, const char *name, struct json_value *value); +#define sudo_json_add_value_as_object(_a, _b, _c) sudo_json_add_value_as_object_v1((_a), (_b), (_c)) + +__dso_public char *sudo_json_get_buf_v1(struct json_container *json); +#define sudo_json_get_buf(_a) sudo_json_get_buf_v1((_a)) + +__dso_public unsigned int sudo_json_get_len_v1(struct json_container *json); +#define sudo_json_get_len(_a) sudo_json_get_len_v1((_a)) diff -Nru sudo-1.8.31/include/sudo_plugin.h sudo-1.9.0/include/sudo_plugin.h --- sudo-1.8.31/include/sudo_plugin.h 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/include/sudo_plugin.h 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2009-2018 Todd C. Miller + * Copyright (c) 2009-2020 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -21,7 +21,7 @@ /* API version major/minor */ #define SUDO_API_VERSION_MAJOR 1 -#define SUDO_API_VERSION_MINOR 14 +#define SUDO_API_VERSION_MINOR 15 #define SUDO_API_MKVERSION(x, y) (((x) << 16) | (y)) #define SUDO_API_VERSION SUDO_API_MKVERSION(SUDO_API_VERSION_MAJOR, SUDO_API_VERSION_MINOR) @@ -58,7 +58,7 @@ * for memset_s() when clearing passwords returned by the conversation * function. */ -#define SUDO_CONV_REPL_MAX 255 +#define SUDO_CONV_REPL_MAX 1023 struct sudo_conv_reply { char *reply; @@ -90,6 +90,10 @@ * Hooks allow a plugin to hook into specific sudo and/or libc functions. */ +#if defined(__GNUC__) && ((__GNUC__ == 4 && __GNUC_MINOR__ >= 4) || __GNUC__ > 4) +# pragma GCC diagnostic ignored "-Wstrict-prototypes" +#endif + /* Hook functions typedefs. */ typedef int (*sudo_hook_fn_t)(); typedef int (*sudo_hook_fn_setenv_t)(const char *name, const char *value, int overwrite, void *closure); @@ -128,7 +132,32 @@ #define SUDO_HOOK_PUTENV 3 #define SUDO_HOOK_GETENV 4 -/* Policy plugin type and defines */ +/* + * Plugin interface to sudo's main event loop. + */ +typedef void (*sudo_plugin_ev_callback_t)(int fd, int what, void *closure); + +struct timespec; +struct sudo_plugin_event { + int (*set)(struct sudo_plugin_event *pev, int fd, int events, sudo_plugin_ev_callback_t callback, void *closure); + int (*add)(struct sudo_plugin_event *pev, struct timespec *timeout); + int (*del)(struct sudo_plugin_event *pev); + int (*pending)(struct sudo_plugin_event *pev, int events, struct timespec *ts); + int (*fd)(struct sudo_plugin_event *pev); + void (*setbase)(struct sudo_plugin_event *pev, void *base); + void (*loopbreak)(struct sudo_plugin_event *pev); + void (*free)(struct sudo_plugin_event *pev); + /* actually larger... */ +}; + +/* Sudo plugin Event types */ +#define SUDO_PLUGIN_EV_TIMEOUT 0x01 /* fire after timeout */ +#define SUDO_PLUGIN_EV_READ 0x02 /* fire when readable */ +#define SUDO_PLUGIN_EV_WRITE 0x04 /* fire when writable */ +#define SUDO_PLUGIN_EV_PERSIST 0x08 /* persist until deleted */ +#define SUDO_PLUGIN_EV_SIGNAL 0x10 /* fire on signal receipt */ + +/* Policy plugin type and defines. */ struct passwd; struct policy_plugin { #define SUDO_POLICY_PLUGIN 1 @@ -137,22 +166,24 @@ int (*open)(unsigned int version, sudo_conv_t conversation, sudo_printf_t sudo_printf, char * const settings[], char * const user_info[], char * const user_env[], - char * const plugin_options[]); + char * const plugin_options[], const char **errstr); void (*close)(int exit_status, int error); /* wait status or error */ int (*show_version)(int verbose); int (*check_policy)(int argc, char * const argv[], char *env_add[], char **command_info[], - char **argv_out[], char **user_env_out[]); + char **argv_out[], char **user_env_out[], const char **errstr); int (*list)(int argc, char * const argv[], int verbose, - const char *list_user); - int (*validate)(void); + const char *list_user, const char **errstr); + int (*validate)(const char **errstr); void (*invalidate)(int remove); - int (*init_session)(struct passwd *pwd, char **user_env_out[]); + int (*init_session)(struct passwd *pwd, char **user_env_out[], + const char **errstr); void (*register_hooks)(int version, int (*register_hook)(struct sudo_hook *hook)); void (*deregister_hooks)(int version, int (*deregister_hook)(struct sudo_hook *hook)); + struct sudo_plugin_event * (*event_alloc)(void); }; -/* I/O plugin type and defines */ +/* I/O plugin type and defines. */ struct io_plugin { #define SUDO_IO_PLUGIN 2 unsigned int type; /* always SUDO_IO_PLUGIN */ @@ -161,18 +192,69 @@ sudo_printf_t sudo_printf, char * const settings[], char * const user_info[], char * const command_info[], int argc, char * const argv[], char * const user_env[], - char * const plugin_options[]); + char * const plugin_options[], const char **errstr); void (*close)(int exit_status, int error); /* wait status or error */ int (*show_version)(int verbose); - int (*log_ttyin)(const char *buf, unsigned int len); - int (*log_ttyout)(const char *buf, unsigned int len); - int (*log_stdin)(const char *buf, unsigned int len); - int (*log_stdout)(const char *buf, unsigned int len); - int (*log_stderr)(const char *buf, unsigned int len); + int (*log_ttyin)(const char *buf, unsigned int len, const char **errstr); + int (*log_ttyout)(const char *buf, unsigned int len, const char **errstr); + int (*log_stdin)(const char *buf, unsigned int len, const char **errstr); + int (*log_stdout)(const char *buf, unsigned int len, const char **errstr); + int (*log_stderr)(const char *buf, unsigned int len, const char **errstr); + void (*register_hooks)(int version, + int (*register_hook)(struct sudo_hook *hook)); + void (*deregister_hooks)(int version, + int (*deregister_hook)(struct sudo_hook *hook)); + int (*change_winsize)(unsigned int line, unsigned int cols, + const char **errstr); + int (*log_suspend)(int signo, const char **errstr); + struct sudo_plugin_event * (*event_alloc)(void); +}; + +/* Differ audit plugin close status types. */ +#define SUDO_PLUGIN_NO_STATUS 0 +#define SUDO_PLUGIN_WAIT_STATUS 1 +#define SUDO_PLUGIN_EXEC_ERROR 2 +#define SUDO_PLUGIN_SUDO_ERROR 3 + +/* Audit plugin type and defines */ +struct audit_plugin { +#define SUDO_AUDIT_PLUGIN 3 + unsigned int type; /* always SUDO_AUDIT_PLUGIN */ + unsigned int version; /* always SUDO_API_VERSION */ + int (*open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t sudo_printf, char * const settings[], + char * const user_info[], int submit_optind, + char * const submit_argv[], char * const submit_envp[], + char * const plugin_options[], const char **errstr); + void (*close)(int status_type, int status); + int (*accept)(const char *plugin_name, unsigned int plugin_type, + char * const command_info[], char * const run_argv[], + char * const run_envp[], const char **errstr); + int (*reject)(const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[], + const char **errstr); + int (*error)(const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[], + const char **errstr); + int (*show_version)(int verbose); void (*register_hooks)(int version, int (*register_hook)(struct sudo_hook *hook)); void (*deregister_hooks)(int version, int (*deregister_hook)(struct sudo_hook *hook)); - int (*change_winsize)(unsigned int line, unsigned int cols); - int (*log_suspend)(int signo); +}; + +/* Approval plugin type and defines */ +struct approval_plugin { +#define SUDO_APPROVAL_PLUGIN 4 + unsigned int type; /* always SUDO_APPROVAL_PLUGIN */ + unsigned int version; /* always SUDO_API_VERSION */ + int (*open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t sudo_printf, char * const settings[], + char * const user_info[], int submit_optind, + char * const submit_argv[], char * const submit_envp[], + char * const plugin_options[], const char **errstr); + void (*close)(void); + int (*check)(char * const command_info[], char * const run_argv[], + char * const run_envp[], const char **errstr); + int (*show_version)(int verbose); }; /* Sudoers group plugin version major/minor */ diff -Nru sudo-1.8.31/include/sudo_rand.h sudo-1.9.0/include/sudo_rand.h --- sudo-1.8.31/include/sudo_rand.h 2019-10-28 12:27:45.000000000 +0000 +++ sudo-1.9.0/include/sudo_rand.h 2020-05-11 16:28:23.000000000 +0000 @@ -30,12 +30,17 @@ */ #ifndef HAVE_ARC4RANDOM -/* Note: not exported by libutil. */ -uint32_t sudo_arc4random(void); +__dso_public uint32_t sudo_arc4random(void); # undef arc4random # define arc4random() sudo_arc4random() #endif /* ARC4RANDOM */ +#ifndef HAVE_ARC4RANDOM_BUF +__dso_public void sudo_arc4random_buf(void *buf, size_t n); +# undef arc4random_buf +# define arc4random_buf(a, b) sudo_arc4random_buf((a), (b)) +#endif /* ARC4RANDOM_BUF */ + #ifndef HAVE_ARC4RANDOM_UNIFORM __dso_public uint32_t sudo_arc4random_uniform(uint32_t upper_bound); # undef arc4random_uniform diff -Nru sudo-1.8.31/include/sudo_util.h sudo-1.9.0/include/sudo_util.h --- sudo-1.8.31/include/sudo_util.h 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/include/sudo_util.h 2020-05-11 16:28:23.000000000 +0000 @@ -25,6 +25,13 @@ # include "compat/stdbool.h" #endif /* HAVE_STDBOOL_H */ +#ifdef __TANDEM +# define ROOT_UID 65535 +#else +# define ROOT_UID 0 +#endif +#define ROOT_GID 0 + #ifndef TIME_T_MAX # if SIZEOF_TIME_T == 8 # define TIME_T_MAX LLONG_MAX @@ -154,7 +161,7 @@ #define sudo_isclr(_a, _i) (((_a)[(_i) / NBBY] & (1<<((_i) % NBBY))) == 0) /* sudo_parseln() flags */ -#define PARSELN_COMM_BOL 0x01 /* comments only at begining of line */ +#define PARSELN_COMM_BOL 0x01 /* comments only at beginning of line */ #define PARSELN_CONT_IGN 0x02 /* ignore line continuation char */ /* @@ -213,6 +220,22 @@ __dso_public bool sudo_lock_region_v1(int fd, int action, off_t len); #define sudo_lock_region(_a, _b, _c) sudo_lock_region_v1((_a), (_b), (_c)) +/* logfac.c */ +__dso_public bool sudo_str2logfac_v1(const char *str, int *logfac); +#define sudo_str2logfac(_a, _b) sudo_str2logfac_v1((_a), (_b)) +__dso_public const char *sudo_logfac2str_v1(int num); +#define sudo_logfac2str(_a) sudo_logfac2str_v1((_a)) + +/* logpri.c */ +__dso_public bool sudo_str2logpri_v1(const char *str, int *logpri); +#define sudo_str2logpri(_a, _b) sudo_str2logpri_v1((_a), (_b)) +__dso_public const char *sudo_logpri2str_v1(int num); +#define sudo_logpri2str(_a) sudo_logpri2str_v1((_a)) + +/* mkdir_parents.c */ +__dso_public bool sudo_mkdir_parents_v1(char *path, uid_t uid, gid_t gid, mode_t mode, bool quiet); +#define sudo_mkdir_parents(_a, _b, _c, _d, _e) sudo_mkdir_parents_v1((_a), (_b), (_c), (_d), (_e)) + /* parseln.c */ __dso_public ssize_t sudo_parseln_v1(char **buf, size_t *bufsize, unsigned int *lineno, FILE *fp); __dso_public ssize_t sudo_parseln_v2(char **buf, size_t *bufsize, unsigned int *lineno, FILE *fp, int flags); @@ -221,6 +244,10 @@ /* progname.c */ __dso_public void initprogname(const char *); +/* roundup.c */ +__dso_public unsigned int sudo_pow2_roundup_v1(unsigned int len); +#define sudo_pow2_roundup(_a) sudo_pow2_roundup_v1((_a)) + /* secure_path.c */ #define SUDO_PATH_SECURE 0 #define SUDO_PATH_MISSING -1 @@ -284,4 +311,10 @@ __dso_public void sudo_get_ttysize_v1(int *rowp, int *colp); #define sudo_get_ttysize(_a, _b) sudo_get_ttysize_v1((_a), (_b)) +/* uuid.c */ +__dso_public void sudo_uuid_create_v1(unsigned char uuid_out[16]); +#define sudo_uuid_create(_a) sudo_uuid_create_v1((_a)) +__dso_public char *sudo_uuid_to_string_v1(unsigned char uuid[16], char *dst, size_t dstsiz); +#define sudo_uuid_to_string(_a, _b, _c) sudo_uuid_to_string_v1((_a), (_b), (_c)) + #endif /* SUDO_UTIL_H */ diff -Nru sudo-1.8.31/indent.pro sudo-1.9.0/indent.pro --- sudo-1.8.31/indent.pro 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/indent.pro 1970-01-01 00:00:00.000000000 +0000 @@ -1,36 +0,0 @@ --br --cdb --ce --d0 --di1 --ei --i4 --nlp --npcs --npsl --ps --sc --TYYSTYPE --TLIST --TLINK --Tu_char --Tu_short --Tu_int --Tu_long --Tushort --Tuint --Tdaddr_t --Tcaddr_t --Tino_t --Tswblk_t --Tsize_t --Ttime_t --Tdev_t --Toff_t --Tuid_t --Tgid_t --Tfixpt_t --Tkey_t --Tpaddr_t --Tfd_mask --Tfd_set diff -Nru sudo-1.8.31/init.d/aix.sh.in sudo-1.9.0/init.d/aix.sh.in --- sudo-1.8.31/init.d/aix.sh.in 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/init.d/aix.sh.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,25 +0,0 @@ -#!/bin/sh -# -# Simple AIX rc.d script to remove the sudo timestamp directory on boot. -# This is needed because AIX does not have /var/run. -# Install as /etc/rc.d/init.d/sudo with a link /etc/rc.d/rc2.d/S90sudo -# - -PATH=/usr/sbin:/usr/bin:/sbin -export PATH - -TSDIR="@rundir@/ts" -rval=0 - -case "$1" in -start) - echo "Removing the $TSDIR directory" - rm -rf "$TSDIR" - ;; -*) - echo "usage: $0 start" - rval=1 - ;; -esac - -exit $rval diff -Nru sudo-1.8.31/init.d/hpux.sh.in sudo-1.9.0/init.d/hpux.sh.in --- sudo-1.8.31/init.d/hpux.sh.in 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/init.d/hpux.sh.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,27 +0,0 @@ -#!/sbin/sh -# -# Simple HP-UX init.d script to remove the sudo timestamp directory on boot. -# This is needed because HP-UX does not clear /var/run on its own. -# Install as /sbin/init.d/sudo with a link /sbin/rc2.d/S900sudo -# - -PATH=/usr/sbin:/usr/bin:/sbin -export PATH - -TSDIR="@rundir@/ts" -rval=0 - -case "$1" in -start_msg) - echo "Removing the $TSDIR directory" - ;; -start) - rm -rf "$TSDIR" - ;; -*) - echo "usage: $0 {start|start_msg}" - rval=1 - ;; -esac - -exit $rval diff -Nru sudo-1.8.31/init.d/sudo.conf.in sudo-1.9.0/init.d/sudo.conf.in --- sudo-1.8.31/init.d/sudo.conf.in 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/init.d/sudo.conf.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,6 +0,0 @@ -# Create an empty sudo time stamp directory on OSes using systemd. -# Sudo will create the directory itself but this can cause problems -# on systems that have SELinux enabled since the directories will be -# created with the user's security context. -d @rundir@ 0711 root root -D @rundir@/ts 0700 root root diff -Nru sudo-1.8.31/INSTALL sudo-1.9.0/INSTALL --- sudo-1.8.31/INSTALL 2019-10-28 12:27:45.000000000 +0000 +++ sudo-1.9.0/INSTALL 2020-05-11 16:28:22.000000000 +0000 @@ -370,6 +370,17 @@ platform type. The "pvs-studio" Makefile target can then be used if PVS-Studio is installed. + --enable-python + Enable support for sudo plugins written in Python 3. + This requires a Python 3 development environment (including + Python 3 header files). + + --disable-log-server + Disable building the sudo_logsrvd log server. + + --disable-log-client + Disable sudoers support for using the sudo_logsrvd log server. + Operating system-specific options: --disable-setreuid Disable use of the setreuid() function for operating systems @@ -545,14 +556,15 @@ --enable-gcrypt[=DIR] Use GNU crypt's SHA-2 message digest functions instead of the ones bundled with sudo (or in the system's C library). - If specified, DIR should contain include and lib directories - with gcrypt.h and libgcrypt respectively. + If specified, DIR should contain the GNU crypt include and + lib directories. --enable-openssl[=DIR] - Use OpenSSL's SHA-2 message digest functions instead of the - ones bundled with sudo (or in the system's C library). - If specified, DIR should contain include and lib directories - with openssl/sha.h and libcrypto respectively. + Use OpenSSL's TLS and SHA-2 message digest functions. + By default, sudo does not support TLS and will use either its + own SHA-2 functions or the ones in the system's C library. + If specified, DIR should contain the OpenSSL include and + lib directories. Development options: --enable-env-debug diff -Nru sudo-1.8.31/install-sh sudo-1.9.0/install-sh --- sudo-1.8.31/install-sh 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/install-sh 2020-05-11 16:28:23.000000000 +0000 @@ -191,7 +191,7 @@ exit 1 fi -## Get the destination and a temp file in the destination diretory. +## Get the destination and a temp file in the destination directory. if [ -d "$2" ] ; then DEST="$2/`basename $1`" TEMP="$2/$$.tmp" diff -Nru sudo-1.8.31/lib/iolog/hostcheck.c sudo-1.9.0/lib/iolog/hostcheck.c --- sudo-1.8.31/lib/iolog/hostcheck.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/iolog/hostcheck.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,388 @@ +/* + * Copyright (c) 2020 Laszlo Orban + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include "config.h" + +#if defined(HAVE_OPENSSL) +# include +# include +# include +# include +# include + +# define NEED_INET_NTOP /* to expose sudo_inet_ntop in sudo_compat.h */ + +# include "sudo_compat.h" +# include "sudo_debug.h" +# include "sudo_util.h" +# include "hostcheck.h" + +/** + * @brief Checks if given hostname resolves to the given IP address. + * + * @param hostname hostname to be resolved + * @param ipaddr ip address to be checked + * + * @return 1 if hostname resolves to the given IP address + * 0 otherwise + */ +static int +forward_lookup_match(const char *hostname, const char *ipaddr) +{ + int rc, ret = 0; + struct addrinfo *res = NULL, *p; + void *addr; + struct sockaddr_in *ipv4; +#if defined(HAVE_STRUCT_IN6_ADDR) + struct sockaddr_in6 *ipv6; + char ipstr[INET6_ADDRSTRLEN]; +#else + char ipstr[INET_ADDRSTRLEN]; +#endif + debug_decl(forward_lookup_match, SUDO_DEBUG_UTIL); + + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "verify %s resolves to %s", hostname, ipaddr); + + if ((rc = getaddrinfo(hostname, NULL, NULL, &res)) != 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to resolve %s: %s", hostname, gai_strerror(rc)); + goto exit; + } + + for (p = res; p != NULL; p = p->ai_next) { + if (p->ai_family == AF_INET) { + ipv4 = (struct sockaddr_in *)p->ai_addr; + addr = &(ipv4->sin_addr); +#if defined(HAVE_STRUCT_IN6_ADDR) + } else if (p->ai_family == AF_INET6) { + ipv6 = (struct sockaddr_in6 *)p->ai_addr; + addr = &(ipv6->sin6_addr); +#endif + } else { + goto exit; + } + + if (inet_ntop(p->ai_family, addr, ipstr, sizeof(ipstr)) != 0) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "comparing %s to %s", ipstr, ipaddr); + if (strcmp(ipaddr, ipstr) == 0) { + ret = 1; + break; + } + } + } + +exit: + if (res != NULL) { + freeaddrinfo(res); + } + debug_return_int(ret); +} + +/** + * @brief Compares the given hostname with a DNS entry in a certificate. + * + * The certificate DNS name can contain wildcards in the left-most label. + * A wildcard can match only one label. + * Accepted names: + * - foo.bar.example.com + * - *.example.com + * - *.bar.example.com + * + * @param hostname peer's name + * @param certname_asn1 hostname in the certificate + * + * @return MatchFound + * MatchNotFound + */ +static HostnameValidationResult +validate_name(const char *hostname, ASN1_STRING *certname_asn1) +{ + char *certname_s = (char *) ASN1_STRING_get0_data(certname_asn1); + int certname_len = ASN1_STRING_length(certname_asn1); + int hostname_len = strlen(hostname); + debug_decl(validate_name, SUDO_DEBUG_UTIL); + + /* remove last '.' from hostname if exists */ + if (hostname_len != 0 && hostname[hostname_len - 1] == '.') { + --hostname_len; + } + + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "comparing %.*s to %.*s in cert", hostname_len, hostname, + certname_len, certname_s); + + /* skip the first label if wildcard */ + if (certname_len > 2 && certname_s[0] == '*' && certname_s[1] == '.') { + if (hostname_len != 0) { + do { + --hostname_len; + if (*hostname++ == '.') { + break; + } + } while (hostname_len != 0); + } + certname_s += 2; + certname_len -= 2; + } + /* Compare expected hostname with the DNS name */ + if (certname_len != hostname_len) { + debug_return_int(MatchNotFound); + } + if (strncasecmp(hostname, certname_s, hostname_len) != 0) { + debug_return_int(MatchNotFound); + } + + debug_return_int(MatchFound); +} + +/** + * @brief Matches a hostname with the cert's CN. + * + * @param hostname peer's name + * on client side: it is the name where the client is connected to + * on server side, it is in fact an IP address of the remote client + * @param ipaddr peer's IP address + * @param cert peer's X509 certificate + * @param resolve if the value is not 0, the function checks that the value of the CN + * resolves to the given ipaddr or not. + * + * @return MatchFound + * MatchNotFound + * MalformedCertificate + * Error + */ +static HostnameValidationResult +matches_common_name(const char *hostname, const char *ipaddr, const X509 *cert, int resolve) +{ + X509_NAME_ENTRY *common_name_entry = NULL; + ASN1_STRING *common_name_asn1 = NULL; + int common_name_loc = -1; + debug_decl(matches_common_name, SUDO_DEBUG_UTIL); + + /* Find the position of the CN field in the Subject field of the certificate */ + common_name_loc = X509_NAME_get_index_by_NID(X509_get_subject_name((X509 *) cert), NID_commonName, -1); + if (common_name_loc < 0) { + debug_return_int(Error); + } + + /* Extract the CN field */ + common_name_entry = X509_NAME_get_entry(X509_get_subject_name((X509 *) cert), common_name_loc); + if (common_name_entry == NULL) { + debug_return_int(Error); + } + + /* Convert the CN field to a C string */ + common_name_asn1 = X509_NAME_ENTRY_get_data(common_name_entry); + if (common_name_asn1 == NULL) { + debug_return_int(Error); + } + const unsigned char *common_name_str = ASN1_STRING_get0_data(common_name_asn1); + + /* Make sure there isn't an embedded NUL character in the CN */ + if (memchr(common_name_str, '\0', ASN1_STRING_length(common_name_asn1)) != NULL) { + debug_return_int(MalformedCertificate); + } + + /* Compare expected hostname with the CN */ + if (validate_name(hostname, common_name_asn1) == MatchFound) { + debug_return_int(MatchFound); + } + + int common_name_length = ASN1_STRING_length(common_name_asn1); + char *nullterm_common_name = malloc(common_name_length + 1); + + if (nullterm_common_name == NULL) { + debug_return_int(Error); + } + + memcpy(nullterm_common_name, common_name_str, common_name_length); + nullterm_common_name[common_name_length] = '\0'; + + + /* check if hostname in the CN field resolves to the given ip address */ + if (resolve && forward_lookup_match(nullterm_common_name, ipaddr)) { + free(nullterm_common_name); + debug_return_int(MatchFound); + } + + free(nullterm_common_name); + debug_return_int(MatchNotFound); +} + +/** + * @brief Matches a hostname or ipaddr with the cert's corresponding SAN field. + * + * SAN can have different fields. For hostname matching, the GEN_DNS field is used, + * for IP address matching, the GEN_IPADD field is used. + * Since SAN is an X503 v3 extension, it can happen that the cert does + * not contain SAN at all. + * + * @param hostname remote peer's name + * on client side: it is the name where the client is connected to + * on server side, it is in fact an IP address of the remote client + * @param ipaddr remote peer's IP address + * @param cert peer's X509 certificate + * @param resolve if the value is not 0, the function checks that the value of the + * SAN GEN_DNS resolves to the given ipaddr or not. + * + * @return MatchFound + * MatchNotFound + * NoSANPresent + * MalformedCertificate + * Error + */ +static HostnameValidationResult +matches_subject_alternative_name(const char *hostname, const char *ipaddr, const X509 *cert, int resolve) +{ + HostnameValidationResult result = MatchNotFound; + int i; + int san_names_nb = -1; + STACK_OF(GENERAL_NAME) *san_names = NULL; + debug_decl(matches_subject_alternative_name, SUDO_DEBUG_UTIL); + + /* Try to extract the names within the SAN extension from the certificate */ + san_names = X509_get_ext_d2i((X509 *) cert, NID_subject_alt_name, NULL, NULL); + if (san_names == NULL) { + debug_return_int(NoSANPresent); + } + san_names_nb = sk_GENERAL_NAME_num(san_names); + + /* Check each name within the extension */ + for (i=0; itype == GEN_DNS) { + const unsigned char *dns_name = ASN1_STRING_get0_data(current_name->d.dNSName); + + /* Make sure there isn't an embedded NUL character in the DNS name */ + if (memchr(dns_name, '\0', ASN1_STRING_length(current_name->d.dNSName)) != NULL) { + result = MalformedCertificate; + break; + } else { + /* Compare expected hostname with the DNS name */ + if (validate_name(hostname, current_name->d.dNSName) == MatchFound) { + result = MatchFound; + break; + } + + int dns_name_length = ASN1_STRING_length(current_name->d.dNSName); + char *nullterm_dns_name = malloc(dns_name_length + 1); + + if (nullterm_dns_name == NULL) { + debug_return_int(Error); + } + + memcpy(nullterm_dns_name, dns_name, dns_name_length); + nullterm_dns_name[dns_name_length] = '\0'; + + if (resolve && forward_lookup_match(nullterm_dns_name, ipaddr)) { + free(nullterm_dns_name); + result = MatchFound; + break; + } + free(nullterm_dns_name); + } + } else if (current_name->type == GEN_IPADD) { + const unsigned char *san_ip = ASN1_STRING_get0_data(current_name->d.iPAddress); +#if defined(HAVE_STRUCT_IN6_ADDR) + char san_ip_str[INET6_ADDRSTRLEN]; +#else + char san_ip_str[INET_ADDRSTRLEN]; +#endif + + /* IPV4 address */ + if(current_name->d.iPAddress->length == 4) { + if (inet_ntop(AF_INET, san_ip, san_ip_str, INET_ADDRSTRLEN) == NULL) { + result = MalformedCertificate; + break; + } +#if defined(HAVE_STRUCT_IN6_ADDR) + /* IPV6 address */ + } else if (current_name->d.iPAddress->length == 16) { + if (inet_ntop(AF_INET6, san_ip, san_ip_str, INET6_ADDRSTRLEN) == NULL) { + result = MalformedCertificate; + break; + } +# endif + } else { + result = MalformedCertificate; + break; + } + + if (strcasecmp(ipaddr, san_ip_str) == 0) { + result = MatchFound; + break; + } + } + } + sk_GENERAL_NAME_pop_free(san_names, GENERAL_NAME_free); + + debug_return_int(result); +} + +/** + * @brief Do hostname/IP validation on the given X509 certificate. + * + * According to RFC 6125 section 6.4.4, first the certificate's SAN field + * has to be checked. If there is no SAN field, the certificate's CN field + * has to be checked. + * + * @param cert X509 certificate + * @param hostname remote peer's name + * on client side: it is the name where the client is connected to + * on server side, it is in fact an IP address of the remote client + * @param ipaddr remote peer's IP address + * @param resolve if the value is not 0, the function checks that the value of the + * SAN GEN_DNS or the value of CN resolves to the given ipaddr or not. + * + * @return MatchFound + * MatchNotFound + * MalformedCertificate + * Error + */ +HostnameValidationResult +validate_hostname(const X509 *cert, const char *hostname, const char *ipaddr, int resolve) +{ + HostnameValidationResult res = MatchFound; + debug_decl(validate_hostname, SUDO_DEBUG_UTIL); + + /* hostname can be also an ip address, if client connects + * to ip instead of FQDN + */ + if((ipaddr == NULL) || (cert == NULL)) { + debug_return_int(Error); + } + + /* check SAN first if exists */ + res = matches_subject_alternative_name(hostname, ipaddr, cert, resolve); + + /* According to RFC 6125 section 6.4.4, check CN only, + * if no SAN name was provided + */ + if (res == NoSANPresent) { + res = matches_common_name(hostname, ipaddr, cert, resolve); + } + + debug_return_int(res); +} +#endif /* HAVE_OPENSSL */ diff -Nru sudo-1.8.31/lib/iolog/host_port.c sudo-1.9.0/lib/iolog/host_port.c --- sudo-1.8.31/lib/iolog/host_port.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/iolog/host_port.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,106 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019-2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "config.h" + +#include + +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ +#include +#include +#include +#include + +#include "sudo_gettext.h" /* must be included before sudo_compat.h */ +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_util.h" + +/* + * Parse a string in the form host[:port] where host can also be + * an IPv4 address or an IPv6 address in square brackets. + * Fills in hostp and portp which may point within str, which is modified. + */ +bool +iolog_parse_host_port(char *str, char **hostp, char **portp, bool *tlsp, + char *defport, char *defport_tls) +{ + char *flags, *port, *host = str; + bool ret = false; + bool tls = false; + debug_decl(iolog_parse_host_port, SUDO_DEBUG_UTIL); + + /* Check for IPv6 address like [::0] followed by optional port */ + if (*host == '[') { + host++; + port = strchr(host, ']'); + if (port == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "invalid IPv6 address %s", str); + goto done; + } + *port++ = '\0'; + switch (*port) { + case ':': + port++; + break; + case '\0': + port = NULL; /* no port specified */ + break; + case '(': + /* flag, handled below */ + break; + default: + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "invalid IPv6 address %s", str); + goto done; + } + } else { + port = strrchr(host, ':'); + if (port != NULL) + *port++ = '\0'; + } + + /* Check for optional tls flag at the end. */ + flags = strchr(port ? port : host, '('); + if (flags != NULL) { + if (strcasecmp(flags, "(tls)") == 0) + tls = true; + *flags = '\0'; + if (port == flags) + port = NULL; + } + + if (port == NULL) + port = tls ? defport_tls : defport; + else if (*port == '\0') + goto done; + + *hostp = host; + *portp = port; + *tlsp = tls; + + ret = true; + +done: + debug_return_bool(ret); +} diff -Nru sudo-1.8.31/lib/iolog/iolog_fileio.c sudo-1.9.0/lib/iolog/iolog_fileio.c --- sudo-1.8.31/lib/iolog/iolog_fileio.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/iolog/iolog_fileio.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,1148 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2009-2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif +#ifdef HAVE_STRING_H +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#include +#include +#include +#include +#include +#include + +#include "sudo_gettext.h" /* must be included before sudo_compat.h */ +#include "sudo_compat.h" +#include "sudo_conf.h" +#include "sudo_debug.h" +#include "sudo_event.h" +#include "sudo_json.h" +#include "sudo_queue.h" +#include "sudo_util.h" +#include "sudo_fatal.h" +#include "sudo_iolog.h" +#include "pathnames.h" + +static unsigned char const gzip_magic[2] = {0x1f, 0x8b}; +static unsigned int sessid_max = SESSID_MAX; +static mode_t iolog_filemode = S_IRUSR|S_IWUSR; +static mode_t iolog_dirmode = S_IRWXU; +static uid_t iolog_uid = ROOT_UID; +static gid_t iolog_gid = ROOT_GID; +static bool iolog_gid_set; +static bool iolog_compress; +static bool iolog_flush; + +/* + * Set effective user and group-IDs to iolog_uid and iolog_gid. + * If restore flag is set, swap them back. + */ +static bool +io_swapids(bool restore) +{ +#ifdef HAVE_SETEUID + static uid_t user_euid = (uid_t)-1; + static gid_t user_egid = (gid_t)-1; + debug_decl(io_swapids, SUDO_DEBUG_UTIL); + + if (user_euid == (uid_t)-1) + user_euid = geteuid(); + if (user_egid == (gid_t)-1) + user_euid = getegid(); + + if (restore) { + if (seteuid(user_euid) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to restore effective uid to %d", __func__, + (int)user_euid); + sudo_warn("seteuid() %d -> %d", (int)iolog_uid, (int)user_euid); + debug_return_bool(false); + } + if (setegid(user_egid) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to restore effective gid to %d", __func__, + (int)user_egid); + sudo_warn("setegid() %d -> %d", (int)iolog_gid, (int)user_egid); + debug_return_bool(false); + } + } else { + /* Fail silently if the user has insufficient privileges. */ + if (setegid(iolog_gid) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to set effective gid to %d", __func__, + (int)iolog_gid); + debug_return_bool(false); + } + if (seteuid(iolog_uid) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to set effective uid to %d", __func__, + (int)iolog_uid); + debug_return_bool(false); + } + } + debug_return_bool(true); +#else + return false; +#endif +} + +/* + * Create directory and any parent directories as needed. + */ +static bool +iolog_mkdirs(char *path) +{ + mode_t omask; + struct stat sb; + int dfd; + bool ok = false, uid_changed = false; + debug_decl(iolog_mkdirs, SUDO_DEBUG_UTIL); + + if ((dfd = open(path, O_RDONLY|O_NONBLOCK)) != -1) + ok = true; + if (!ok && errno == EACCES) { + /* Try again as the I/O log owner (for NFS). */ + if (io_swapids(false)) { + if ((dfd = open(path, O_RDONLY|O_NONBLOCK)) != -1) + ok = true; + if (!io_swapids(true)) + ok = false; + } + } + if (ok && fstat(dfd, &sb) == -1) + ok = false; + if (ok) { + if (S_ISDIR(sb.st_mode)) { + if (sb.st_uid != iolog_uid || sb.st_gid != iolog_gid) { + if (fchown(dfd, iolog_uid, iolog_gid) != 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to chown %d:%d %s", __func__, + (int)iolog_uid, (int)iolog_gid, path); + } + } + if ((sb.st_mode & ALLPERMS) != iolog_dirmode) { + if (fchmod(dfd, iolog_dirmode) != 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to chmod 0%o %s", __func__, + (int)iolog_dirmode, path); + } + } + } else { + sudo_warnx(U_("%s exists but is not a directory (0%o)"), + path, (unsigned int) sb.st_mode); + ok = false; + } + goto done; + } + + /* umask must not be more restrictive than the file modes. */ + omask = umask(ACCESSPERMS & ~(iolog_filemode|iolog_dirmode)); + + ok = sudo_mkdir_parents(path, iolog_uid, iolog_gid, iolog_dirmode, true); + if (!ok && errno == EACCES) { + /* Try again as the I/O log owner (for NFS). */ + uid_changed = io_swapids(false); + if (uid_changed) + ok = sudo_mkdir_parents(path, -1, -1, iolog_dirmode, false); + } + if (ok) { + /* Create final path component. */ + sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, + "mkdir %s, mode 0%o", path, (unsigned int) iolog_dirmode); + ok = mkdir(path, iolog_dirmode) == 0 || errno == EEXIST; + if (!ok) { + if (errno == EACCES && !uid_changed) { + /* Try again as the I/O log owner (for NFS). */ + uid_changed = io_swapids(false); + if (uid_changed) + ok = mkdir(path, iolog_dirmode) == 0 || errno == EEXIST; + } + if (!ok) + sudo_warn(U_("unable to mkdir %s"), path); + } else { + if (chown(path, iolog_uid, iolog_gid) != 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to chown %d:%d %s", __func__, + (int)iolog_uid, (int)iolog_gid, path); + } + } + } + if (uid_changed) { + if (!io_swapids(true)) + ok = false; + } + + umask(omask); + +done: + if (dfd != -1) + close(dfd); + debug_return_bool(ok); +} + +/* + * Create temporary directory and any parent directories as needed. + */ +bool +iolog_mkdtemp(char *path) +{ + bool ok, uid_changed = false; + debug_decl(iolog_mkdtemp, SUDO_DEBUG_UTIL); + + ok = sudo_mkdir_parents(path, iolog_uid, iolog_gid, iolog_dirmode, true); + if (!ok && errno == EACCES) { + /* Try again as the I/O log owner (for NFS). */ + uid_changed = io_swapids(false); + if (uid_changed) + ok = sudo_mkdir_parents(path, -1, -1, iolog_dirmode, false); + } + if (ok) { + /* Create final path component. */ + sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, + "mkdtemp %s", path); + /* We cannot retry mkdtemp() so always open as iolog user */ + if (!uid_changed) + uid_changed = io_swapids(false); + if (mkdtemp(path) == NULL) { + sudo_warn(U_("unable to mkdir %s"), path); + ok = false; + } else { + if (chmod(path, iolog_dirmode) != 0) { + sudo_warn(U_("unable to change mode of %s to 0%o"), + path, (unsigned int)iolog_dirmode); + } + } + } + + if (uid_changed) { + if (!io_swapids(true)) + ok = false; + } + debug_return_bool(ok); +} + +/* + * Like rename(2) but changes UID as needed. + */ +bool +iolog_rename(const char *from, const char *to) +{ + bool ok, uid_changed = false; + debug_decl(iolog_rename, SUDO_DEBUG_UTIL); + + ok = rename(from, to) == 0; + if (!ok && errno == EACCES) { + uid_changed = io_swapids(false); + if (uid_changed) + ok = rename(from, to) == 0; + } + + if (uid_changed) { + if (!io_swapids(true)) + ok = false; + } + debug_return_bool(ok); +} + +/* + * Reset I/O log settings to default values. + */ +void +iolog_set_defaults(void) +{ + sessid_max = SESSID_MAX; + iolog_filemode = S_IRUSR|S_IWUSR; + iolog_dirmode = S_IRWXU; + iolog_uid = ROOT_UID; + iolog_gid = ROOT_GID; + iolog_gid_set = false; + iolog_compress = false; + iolog_flush = false; +} + +/* + * Set max sequence number (aka session ID) + */ +void +iolog_set_maxseq(unsigned int newval) +{ + debug_decl(iolog_set_maxseq, SUDO_DEBUG_UTIL); + + /* Clamp to SESSID_MAX as documented. */ + if (newval > SESSID_MAX) + newval = SESSID_MAX; + sessid_max = newval; + + debug_return; +} + +/* + * Set iolog_uid (and iolog_gid if gid not explicitly set). + */ +void +iolog_set_owner(uid_t uid, gid_t gid) +{ + debug_decl(iolog_set_owner, SUDO_DEBUG_UTIL); + + iolog_uid = uid; + if (!iolog_gid_set) + iolog_gid = gid; + + debug_return; +} + +/* + * Set iolog_gid. + */ +void +iolog_set_gid(gid_t gid) +{ + debug_decl(iolog_set_gid, SUDO_DEBUG_UTIL); + + iolog_gid = gid; + iolog_gid_set = true; + + debug_return; +} + +/* + * Set iolog_filemode and iolog_dirmode. + */ +void +iolog_set_mode(mode_t mode) +{ + debug_decl(iolog_set_mode, SUDO_DEBUG_UTIL); + + /* I/O log files must be readable and writable by owner. */ + iolog_filemode = S_IRUSR|S_IWUSR; + + /* Add in group and other read/write if specified. */ + iolog_filemode |= mode & (S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH); + + /* For directory mode, add execute bits as needed. */ + iolog_dirmode = iolog_filemode | S_IXUSR; + if (iolog_dirmode & (S_IRGRP|S_IWGRP)) + iolog_dirmode |= S_IXGRP; + if (iolog_dirmode & (S_IROTH|S_IWOTH)) + iolog_dirmode |= S_IXOTH; + + debug_return; +} + +/* + * Set iolog_compress + */ +void +iolog_set_compress(bool newval) +{ + debug_decl(iolog_set_compress, SUDO_DEBUG_UTIL); + iolog_compress = newval; + debug_return; +} + +/* + * Set iolog_flush + */ +void +iolog_set_flush(bool newval) +{ + debug_decl(iolog_set_flush, SUDO_DEBUG_UTIL); + iolog_flush = newval; + debug_return; +} + +/* + * Wrapper for openat(2) that sets umask and retries as iolog_uid/iolog_gid + * if openat(2) returns EACCES. + */ +int +iolog_openat(int dfd, const char *path, int flags) +{ + int fd; + mode_t omask = S_IRWXG|S_IRWXO; + debug_decl(iolog_openat, SUDO_DEBUG_UTIL); + + if (ISSET(flags, O_CREAT)) { + /* umask must not be more restrictive than the file modes. */ + omask = umask(ACCESSPERMS & ~(iolog_filemode|iolog_dirmode)); + } + fd = openat(dfd, path, flags, iolog_filemode); + if (fd == -1 && errno == EACCES) { + /* Try again as the I/O log owner (for NFS). */ + if (io_swapids(false)) { + fd = openat(dfd, path, flags, iolog_filemode); + if (!io_swapids(true)) { + /* io_swapids() warns on error. */ + if (fd != -1) { + close(fd); + fd = -1; + } + } + } + } + if (ISSET(flags, O_CREAT)) + umask(omask); + debug_return_int(fd); +} + +/* + * Read the on-disk sequence number, set sessid to the next + * number, and update the on-disk copy. + * Uses file locking to avoid sequence number collisions. + */ +bool +iolog_nextid(char *iolog_dir, char sessid[7]) +{ + char buf[32], *ep; + int i, len, fd = -1; + unsigned long id = 0; + ssize_t nread; + bool ret = false; + char pathbuf[PATH_MAX]; + static const char b36char[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; + debug_decl(iolog_nextid, SUDO_DEBUG_UTIL); + + /* + * Create I/O log directory if it doesn't already exist. + */ + if (!iolog_mkdirs(iolog_dir)) + goto done; + + /* + * Open sequence file + */ + len = snprintf(pathbuf, sizeof(pathbuf), "%s/seq", iolog_dir); + if (len < 0 || len >= ssizeof(pathbuf)) { + errno = ENAMETOOLONG; + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: %s/seq", __func__, iolog_dir); + goto done; + } + fd = iolog_openat(AT_FDCWD, pathbuf, O_RDWR|O_CREAT); + if (fd == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to open %s", __func__, pathbuf); + goto done; + } + if (!sudo_lock_file(fd, SUDO_LOCK)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to lock %s", pathbuf); + goto done; + } + if (fchown(fd, iolog_uid, iolog_gid) != 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to fchown %d:%d %s", __func__, + (int)iolog_uid, (int)iolog_gid, pathbuf); + } + + /* Read current seq number (base 36). */ + if (id == 0) { + nread = read(fd, buf, sizeof(buf) - 1); + if (nread != 0) { + if (nread == -1) { + goto done; + } + if (buf[nread - 1] == '\n') + nread--; + buf[nread] = '\0'; + id = strtoul(buf, &ep, 36); + if (ep == buf || *ep != '\0' || id >= sessid_max) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "%s: bad sequence number: %s", pathbuf, buf); + id = 0; + } + } + } + id++; + + /* + * Convert id to a string and stash in sessid. + * Note that that least significant digits go at the end of the string. + */ + for (i = 5; i >= 0; i--) { + buf[i] = b36char[id % 36]; + id /= 36; + } + buf[6] = '\n'; + + /* Stash id for logging purposes. */ + memcpy(sessid, buf, 6); + sessid[6] = '\0'; + + /* Rewind and overwrite old seq file, including the NUL byte. */ +#ifdef HAVE_PWRITE + if (pwrite(fd, buf, 7, 0) != 7) { +#else + if (lseek(fd, 0, SEEK_SET) == -1 || write(fd, buf, 7) != 7) { +#endif + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to write %s", __func__, pathbuf); + goto done; + } + ret = true; + +done: + if (fd != -1) + close(fd); + debug_return_bool(ret); +} + +/* + * Create path and any intermediate directories. + * If path ends in 'XXXXXX', use mkdtemp(). + */ +bool +iolog_mkpath(char *path) +{ + size_t len; + bool ret; + debug_decl(iolog_mkpath, SUDO_DEBUG_UTIL); + + /* + * Create path and intermediate subdirs as needed. + * If path ends in at least 6 Xs (ala POSIX mktemp), use mkdtemp(). + * Sets iolog_gid (if it is not already set) as a side effect. + */ + len = strlen(path); + if (len >= 6 && strcmp(&path[len - 6], "XXXXXX") == 0) + ret = iolog_mkdtemp(path); + else + ret = iolog_mkdirs(path); + + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "iolog path %s", path); + + debug_return_bool(ret); +} + +/* + * Append suffix to pathbuf after len chars and open the resulting file. + * Note that the size of pathbuf is assumed to be PATH_MAX. + * Stores the open file handle which has the close-on-exec flag set. + * XXX - move enabled logic into caller? + */ +bool +iolog_open(struct iolog_file *iol, int dfd, int iofd, const char *mode) +{ + int flags; + const char *file; + unsigned char magic[2]; + debug_decl(iolog_open, SUDO_DEBUG_UTIL); + + if (mode[0] == 'r') { + flags = mode[1] == '+' ? O_RDWR : O_RDONLY; + } else if (mode[0] == 'w') { + flags = O_CREAT|O_TRUNC; + flags |= mode[1] == '+' ? O_RDWR : O_WRONLY; + } else { + sudo_debug_printf(SUDO_DEBUG_ERROR, + "%s: invalid I/O mode %s", __func__, mode); + debug_return_bool(false); + } + if ((file = iolog_fd_to_name(iofd)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR, + "%s: invalid iofd %d", __func__, iofd); + debug_return_bool(false); + } + + iol->writable = false; + iol->compressed = false; + if (iol->enabled) { + int fd = iolog_openat(dfd, file, flags); + if (fd != -1) { + if (*mode == 'w') { + if (fchown(fd, iolog_uid, iolog_gid) != 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to fchown %d:%d %s", __func__, + (int)iolog_uid, (int)iolog_gid, file); + } + iol->compressed = iolog_compress; + } else { + /* check for gzip magic number */ + if (read(fd, magic, sizeof(magic)) == ssizeof(magic)) { + if (magic[0] == gzip_magic[0] && magic[1] == gzip_magic[1]) + iol->compressed = true; + } + (void)lseek(fd, 0, SEEK_SET); + } + (void)fcntl(fd, F_SETFD, FD_CLOEXEC); +#ifdef HAVE_ZLIB_H + if (iol->compressed) + iol->fd.g = gzdopen(fd, mode); + else +#endif + iol->fd.f = fdopen(fd, mode); + if (iol->fd.v != NULL) { + switch ((flags & O_ACCMODE)) { + case O_WRONLY: + case O_RDWR: + iol->writable = true; + break; + } + } else { + int save_errno = errno; + close(fd); + errno = save_errno; + fd = -1; + } + } + if (fd == -1) { + iol->enabled = false; + debug_return_bool(false); + } + } else { + if (*mode == 'w') { + /* Remove old log file in case we recycled sequence numbers. */ + (void)unlinkat(dfd, file, 0); + } + } + debug_return_bool(true); +} + +#ifdef HAVE_ZLIB_H +static const char * +gzstrerror(gzFile file) +{ + const char *errstr; + int errnum; + + errstr = gzerror(file, &errnum); + if (errnum == Z_ERRNO) + errstr = strerror(errno); + + return errstr; +} +#endif /* HAVE_ZLIB_H */ + +/* + * Close an I/O log. + */ +bool +iolog_close(struct iolog_file *iol, const char **errstr) +{ + bool ret = true; + debug_decl(iolog_close, SUDO_DEBUG_UTIL); + +#ifdef HAVE_ZLIB_H + if (iol->compressed) { + int errnum; + + /* Must check error indicator before closing. */ + if (iol->writable) { + if (gzflush(iol->fd.g, Z_SYNC_FLUSH) != Z_OK) { + ret = false; + if (errstr != NULL) + *errstr = gzstrerror(iol->fd.g); + } + } + errnum = gzclose(iol->fd.g); + if (ret && errnum != Z_OK) { + ret = false; + if (errstr != NULL) + *errstr = errnum == Z_ERRNO ? strerror(errno) : "unknown error"; + } + } else +#endif + if (fclose(iol->fd.f) != 0) { + ret = false; + if (errstr != NULL) + *errstr = strerror(errno); + } + + debug_return_bool(ret); +} + +/* + * I/O log wrapper for fseek/gzseek. + */ +off_t +iolog_seek(struct iolog_file *iol, off_t offset, int whence) +{ + off_t ret; + //debug_decl(iolog_seek, SUDO_DEBUG_UTIL); + +#ifdef HAVE_ZLIB_H + if (iol->compressed) + ret = gzseek(iol->fd.g, offset, whence); + else +#endif + ret = fseeko(iol->fd.f, offset, whence); + + //debug_return_off_t(ret); + return ret; +} + +/* + * I/O log wrapper for rewind/gzrewind. + */ +void +iolog_rewind(struct iolog_file *iol) +{ + debug_decl(iolog_rewind, SUDO_DEBUG_UTIL); + +#ifdef HAVE_ZLIB_H + if (iol->compressed) + (void)gzrewind(iol->fd.g); + else +#endif + rewind(iol->fd.f); + + debug_return; +} + +/* + * Read from a (possibly compressed) I/O log file. + */ +ssize_t +iolog_read(struct iolog_file *iol, void *buf, size_t nbytes, + const char **errstr) +{ + ssize_t nread; + debug_decl(iolog_read, SUDO_DEBUG_UTIL); + + if (nbytes > UINT_MAX) { + errno = EINVAL; + if (errstr != NULL) + *errstr = strerror(errno); + debug_return_ssize_t(-1); + } + +#ifdef HAVE_ZLIB_H + if (iol->compressed) { + if ((nread = gzread(iol->fd.g, buf, nbytes)) == -1) { + if (errstr != NULL) + *errstr = gzstrerror(iol->fd.g); + } + } else +#endif + { + nread = (ssize_t)fread(buf, 1, nbytes, iol->fd.f); + if (nread == 0 && ferror(iol->fd.f)) { + nread = -1; + if (errstr != NULL) + *errstr = strerror(errno); + } + } + debug_return_ssize_t(nread); +} + +/* + * Write to an I/O log, optionally compressing. + */ +ssize_t +iolog_write(struct iolog_file *iol, const void *buf, size_t len, + const char **errstr) +{ + ssize_t ret; + debug_decl(iolog_write, SUDO_DEBUG_UTIL); + + if (len > UINT_MAX) { + errno = EINVAL; + if (errstr != NULL) + *errstr = strerror(errno); + debug_return_ssize_t(-1); + } + +#ifdef HAVE_ZLIB_H + if (iol->compressed) { + ret = gzwrite(iol->fd.g, (const voidp)buf, len); + if (ret == 0) { + ret = -1; + if (errstr != NULL) + *errstr = gzstrerror(iol->fd.g); + goto done; + } + if (iolog_flush) { + if (gzflush(iol->fd.g, Z_SYNC_FLUSH) != Z_OK) { + ret = -1; + if (errstr != NULL) + *errstr = gzstrerror(iol->fd.g); + goto done; + } + } + } else +#endif + { + ret = fwrite(buf, 1, len, iol->fd.f); + if (ret == 0) { + ret = -1; + if (errstr != NULL) + *errstr = strerror(errno); + goto done; + } + if (iolog_flush) { + if (fflush(iol->fd.f) != 0) { + ret = -1; + if (errstr != NULL) + *errstr = strerror(errno); + goto done; + } + } + } + +done: + debug_return_ssize_t(ret); +} + +/* + * Returns true if at end of I/O log file, else false. + */ +bool +iolog_eof(struct iolog_file *iol) +{ + bool ret; + debug_decl(iolog_eof, SUDO_DEBUG_UTIL); + +#ifdef HAVE_ZLIB_H + if (iol->compressed) + ret = gzeof(iol->fd.g) == 1; + else +#endif + ret = feof(iol->fd.f) == 1; + debug_return_int(ret); +} + +/* + * Like gets() but for struct iolog_file. + */ +char * +iolog_gets(struct iolog_file *iol, char *buf, size_t nbytes, + const char **errstr) +{ + char *str; + debug_decl(iolog_gets, SUDO_DEBUG_UTIL); + + if (nbytes > UINT_MAX) { + errno = EINVAL; + if (errstr != NULL) + *errstr = strerror(errno); + debug_return_str(NULL); + } + +#ifdef HAVE_ZLIB_H + if (iol->compressed) { + if ((str = gzgets(iol->fd.g, buf, nbytes)) == NULL) { + if (errstr != NULL) + *errstr = gzstrerror(iol->fd.g); + } + } else +#endif + { + if ((str = fgets(buf, nbytes, iol->fd.f)) == NULL) { + if (errstr != NULL) + *errstr = strerror(errno); + } + } + debug_return_str(str); +} + +/* + * Write the legacy I/O log file that contains the user and command info. + * This file is not compressed. + */ +static bool +iolog_write_info_file_legacy(int dfd, const char *parent, + struct iolog_info *log_info) +{ + char * const *av; + FILE *fp; + int error, fd; + debug_decl(iolog_info_write_log, SUDO_DEBUG_UTIL); + + fd = iolog_openat(dfd, "log", O_CREAT|O_TRUNC|O_WRONLY); + if (fd == -1 || (fp = fdopen(fd, "w")) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to open %s/log", parent); + if (fd != -1) + close(fd); + debug_return_bool(false); + } + if (fchown(fd, iolog_uid, iolog_gid) != 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to fchown %d:%d %s/log", __func__, + (int)iolog_uid, (int)iolog_gid, parent); + } + + fprintf(fp, "%lld:%s:%s:%s:%s:%d:%d\n%s\n", + (long long)log_info->tstamp.tv_sec, + log_info->user ? log_info->user : "unknown", + log_info->runas_user ? log_info->runas_user : RUNAS_DEFAULT, + log_info->runas_group ? log_info->runas_group : "", + log_info->tty ? log_info->tty : "unknown", + log_info->lines, log_info->cols, + log_info->cwd ? log_info->cwd : "unknown"); + fputs(log_info->cmd ? log_info->cmd : "unknown", fp); + for (av = log_info->argv + 1; *av != NULL; av++) { + fputc(' ', fp); + fputs(*av, fp); + } + fputc('\n', fp); + fflush(fp); + if ((error = ferror(fp))) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to write to I/O log file %s/log", parent); + } + fclose(fp); + + debug_return_bool(!error); +} + +/* + * Write the "log.json" file that contains the user and command info. + * This file is not compressed. + */ +static bool +iolog_write_info_file_json(int dfd, const char *parent, struct iolog_info *info) +{ + struct json_container json; + struct json_value json_value; + bool ret = false; + FILE *fp = NULL; + int fd = -1; + size_t i; + char *cp; + debug_decl(iolog_write_info_file_json, SUDO_DEBUG_UTIL); + + if (info->cmd == NULL || info->user == NULL || info->runas_user == NULL) + debug_return_bool(false); + + if (!sudo_json_init(&json, 4, false, false)) + debug_return_bool(false); + + /* Timestamp */ + if (!sudo_json_open_object(&json, "timestamp")) + goto oom; + + json_value.type = JSON_NUMBER; + json_value.u.number = info->tstamp.tv_sec; + if (!sudo_json_add_value(&json, "seconds", &json_value)) + goto oom; + + json_value.type = JSON_NUMBER; + json_value.u.number = info->tstamp.tv_nsec; + if (!sudo_json_add_value(&json, "nanoseconds", &json_value)) + goto oom; + + if (!sudo_json_close_object(&json)) + goto oom; + + json_value.type = JSON_NUMBER; + json_value.u.number = info->cols; + if (!sudo_json_add_value(&json, "columns", &json_value)) + goto oom; + + /* Required */ + json_value.type = JSON_STRING; + json_value.u.string = info->cmd; + if (!sudo_json_add_value(&json, "command", &json_value)) + goto oom; + + json_value.type = JSON_NUMBER; + json_value.u.number = info->lines; + if (!sudo_json_add_value(&json, "lines", &json_value)) + goto oom; + + if (info->argv != NULL) { + if (!sudo_json_open_array(&json, "runargv")) + goto oom; + for (i = 0; (cp = info->argv[i]) != NULL; i++) { + json_value.type = JSON_STRING; + json_value.u.string = cp; + if (!sudo_json_add_value(&json, NULL, &json_value)) + goto oom; + } + if (!sudo_json_close_array(&json)) + goto oom; + } + + if (info->envp != NULL) { + if (!sudo_json_open_array(&json, "runenv")) + goto oom; + for (i = 0; (cp = info->envp[i]) != NULL; i++) { + json_value.type = JSON_STRING; + json_value.u.string = cp; + if (!sudo_json_add_value(&json, NULL, &json_value)) + goto oom; + } + if (!sudo_json_close_array(&json)) + goto oom; + } + + if (info->runas_group!= NULL) { + if (info->runas_uid != (uid_t)-1) { + json_value.type = JSON_ID; + json_value.u.id = info->runas_gid; + if (!sudo_json_add_value(&json, "rungid", &json_value)) + goto oom; + } + + json_value.type = JSON_STRING; + json_value.u.string = info->runas_group; + if (!sudo_json_add_value(&json, "rungroup", &json_value)) + goto oom; + } + + if (info->runas_uid != (uid_t)-1) { + json_value.type = JSON_ID; + json_value.u.id = info->runas_uid; + if (!sudo_json_add_value(&json, "runuid", &json_value)) + goto oom; + } + + /* Required */ + json_value.type = JSON_STRING; + json_value.u.string = info->runas_user; + if (!sudo_json_add_value(&json, "runuser", &json_value)) + goto oom; + + if (info->cwd != NULL) { + json_value.type = JSON_STRING; + json_value.u.string = info->cwd; + if (!sudo_json_add_value(&json, "submitcwd", &json_value)) + goto oom; + } + + if (info->host != NULL) { + json_value.type = JSON_STRING; + json_value.u.string = info->host; + if (!sudo_json_add_value(&json, "submithost", &json_value)) + goto oom; + } + + /* Required */ + json_value.type = JSON_STRING; + json_value.u.string = info->user; + if (!sudo_json_add_value(&json, "submituser", &json_value)) + goto oom; + + if (info->tty != NULL) { + json_value.type = JSON_STRING; + json_value.u.string = info->tty; + if (!sudo_json_add_value(&json, "ttyname", &json_value)) + goto oom; + } + + fd = iolog_openat(dfd, "log.json", O_CREAT|O_TRUNC|O_WRONLY); + if (fd == -1 || (fp = fdopen(fd, "w")) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to open %s/log.json", parent); + goto done; + } + + if (fchown(fd, iolog_uid, iolog_gid) != 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to fchown %d:%d %s/log", __func__, + (int)iolog_uid, (int)iolog_gid, parent); + } + fd = -1; + + fprintf(fp, "{%s\n}\n", sudo_json_get_buf(&json)); + fflush(fp); + if (ferror(fp)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to write to I/O log file %s/log.json", parent); + goto done; + } + + ret = true; + goto done; + +oom: + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); +done: + sudo_json_free(&json); + if (fp != NULL) + fclose(fp); + if (fd != -1) + close(fd); + + debug_return_bool(ret); +} + +/* + * Write the I/O log and log.json files that contain user and command info. + * These files are not compressed. + */ +bool +iolog_write_info_file(int dfd, const char *parent, + struct iolog_info *log_info) +{ + debug_decl(iolog_write_info_file, SUDO_DEBUG_UTIL); + + if (!iolog_write_info_file_legacy(dfd, parent, log_info)) + debug_return_bool(false); + if (!iolog_write_info_file_json(dfd, parent, log_info)) + debug_return_bool(false); + + debug_return_bool(true); +} + +/* + * Map IOFD_* -> name. + */ +const char * +iolog_fd_to_name(int iofd) +{ + const char *ret; + debug_decl(iolog_fd_to_name, SUDO_DEBUG_UTIL); + + switch (iofd) { + case IOFD_STDIN: + ret = "stdin"; + break; + case IOFD_STDOUT: + ret = "stdout"; + break; + case IOFD_STDERR: + ret = "stderr"; + break; + case IOFD_TTYIN: + ret = "ttyin"; + break; + case IOFD_TTYOUT: + ret = "ttyout"; + break; + case IOFD_TIMING: + ret = "timing"; + break; + default: + ret = "unknown"; + sudo_debug_printf(SUDO_DEBUG_ERROR, "%s: unexpected iofd %d", + __func__, iofd); + break; + } + debug_return_const_str(ret); +} diff -Nru sudo-1.8.31/lib/iolog/iolog_json.c sudo-1.9.0/lib/iolog/iolog_json.c --- sudo-1.8.31/lib/iolog/iolog_json.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/iolog/iolog_json.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,774 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ +#ifdef HAVE_STRING_H +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#include +#include +#include +#include +#include +#include + +#include "sudo_gettext.h" /* must be included before sudo_compat.h */ + +#include "sudo_compat.h" +#include "sudo_fatal.h" +#include "sudo_debug.h" +#include "sudo_util.h" +#include "sudo_iolog.h" + +#include "iolog_json.h" + +struct json_stack { + unsigned int depth; + unsigned int maxdepth; + struct json_object *frames[64]; +}; +#define JSON_STACK_INTIALIZER(s) { 0, nitems((s).frames) }; + +static bool +json_store_columns(struct json_item *item, struct iolog_info *li) +{ + debug_decl(json_store_columns, SUDO_DEBUG_UTIL); + + if (item->u.number < 1 || item->u.number > INT_MAX) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "tty cols %lld: out of range", item->u.number); + li->cols = 0; + debug_return_bool(false); + } + + li->cols = item->u.number; + debug_return_bool(true); +} + +static bool +json_store_command(struct json_item *item, struct iolog_info *li) +{ + debug_decl(json_store_command, SUDO_DEBUG_UTIL); + + /* + * Note: struct iolog_info must store command + args. + * We don't have argv yet so we append the args later. + */ + li->cmd = item->u.string; + item->u.string = NULL; + debug_return_bool(true); +} + +static bool +json_store_lines(struct json_item *item, struct iolog_info *li) +{ + debug_decl(json_store_lines, SUDO_DEBUG_UTIL); + + if (item->u.number < 1 || item->u.number > INT_MAX) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "tty lines %lld: out of range", item->u.number); + li->lines = 0; + debug_return_bool(false); + } + + li->lines = item->u.number; + debug_return_bool(true); +} + +char ** +json_array_to_strvec(struct json_object *array) +{ + struct json_item *item; + int len = 0; + char **ret; + debug_decl(json_array_to_strvec, SUDO_DEBUG_UTIL); + + TAILQ_FOREACH(item, &array->items, entries) { + /* Can only convert arrays of string. */ + if (item->type != JSON_STRING) { + sudo_warnx(U_("expected JSON_STRING, got %d"), item->type); + debug_return_ptr(NULL); + } + len++; + } + if ((ret = reallocarray(NULL, len + 1, sizeof(char *))) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + debug_return_ptr(NULL); + } + len = 0; + TAILQ_FOREACH(item, &array->items, entries) { + ret[len++] = item->u.string; + item->u.string = NULL; + } + ret[len] = NULL; + + debug_return_ptr(ret); +} + +static bool +json_store_runargv(struct json_item *item, struct iolog_info *li) +{ + debug_decl(json_store_runargv, SUDO_DEBUG_UTIL); + + li->argv = json_array_to_strvec(&item->u.child); + + debug_return_bool(li->argv != NULL); +} + +static bool +json_store_runenv(struct json_item *item, struct iolog_info *li) +{ + debug_decl(json_store_runenv, SUDO_DEBUG_UTIL); + + li->envp = json_array_to_strvec(&item->u.child); + + debug_return_bool(li->envp != NULL); +} + +static bool +json_store_rungid(struct json_item *item, struct iolog_info *li) +{ + debug_decl(json_store_rungid, SUDO_DEBUG_UTIL); + + li->runas_gid = (gid_t)item->u.number; + debug_return_bool(true); +} + +static bool +json_store_rungroup(struct json_item *item, struct iolog_info *li) +{ + debug_decl(json_store_rungroup, SUDO_DEBUG_UTIL); + + li->runas_group = item->u.string; + item->u.string = NULL; + debug_return_bool(true); +} + +static bool +json_store_runuid(struct json_item *item, struct iolog_info *li) +{ + debug_decl(json_store_runuid, SUDO_DEBUG_UTIL); + + li->runas_uid = (uid_t)item->u.number; + debug_return_bool(true); +} + +static bool +json_store_runuser(struct json_item *item, struct iolog_info *li) +{ + debug_decl(json_store_runuser, SUDO_DEBUG_UTIL); + + li->runas_user = item->u.string; + item->u.string = NULL; + debug_return_bool(true); +} + +static bool +json_store_submitcwd(struct json_item *item, struct iolog_info *li) +{ + debug_decl(json_store_submitcwd, SUDO_DEBUG_UTIL); + + li->cwd = item->u.string; + item->u.string = NULL; + debug_return_bool(true); +} + +static bool +json_store_submithost(struct json_item *item, struct iolog_info *li) +{ + debug_decl(json_store_submithost, SUDO_DEBUG_UTIL); + + li->host = item->u.string; + item->u.string = NULL; + debug_return_bool(true); +} + +static bool +json_store_submituser(struct json_item *item, struct iolog_info *li) +{ + debug_decl(json_store_submituser, SUDO_DEBUG_UTIL); + + li->user = item->u.string; + item->u.string = NULL; + debug_return_bool(true); +} + +static bool +json_store_timestamp(struct json_item *item, struct iolog_info *li) +{ + struct json_object *object; + debug_decl(json_store_timestamp, SUDO_DEBUG_UTIL); + + object = &item->u.child; + TAILQ_FOREACH(item, &object->items, entries) { + if (item->type != JSON_NUMBER) + continue; + if (strcmp(item->name, "seconds") == 0) { + li->tstamp.tv_sec = item->u.number; + continue; + } + if (strcmp(item->name, "nanoseconds") == 0) { + li->tstamp.tv_nsec = item->u.number; + continue; + } + } + debug_return_bool(true); +} + +static bool +json_store_ttyname(struct json_item *item, struct iolog_info *li) +{ + debug_decl(json_store_ttyname, SUDO_DEBUG_UTIL); + + li->tty = item->u.string; + item->u.string = NULL; + debug_return_bool(true); +} + +static struct iolog_json_key { + const char *name; + enum json_value_type type; + bool (*setter)(struct json_item *, struct iolog_info *); +} iolog_json_keys[] = { + { "columns", JSON_NUMBER, json_store_columns }, + { "command", JSON_STRING, json_store_command }, + { "lines", JSON_NUMBER, json_store_lines }, + { "runargv", JSON_ARRAY, json_store_runargv }, + { "runenv", JSON_ARRAY, json_store_runenv }, + { "rungid", JSON_ID, json_store_rungid }, + { "rungroup", JSON_STRING, json_store_rungroup }, + { "runuid", JSON_ID, json_store_runuid }, + { "runuser", JSON_STRING, json_store_runuser }, + { "submitcwd", JSON_STRING, json_store_submitcwd }, + { "submithost", JSON_STRING, json_store_submithost }, + { "submituser", JSON_STRING, json_store_submituser }, + { "timestamp", JSON_OBJECT, json_store_timestamp }, + { "ttyname", JSON_STRING, json_store_ttyname }, + { NULL } +}; + +static struct json_item * +new_json_item(enum json_value_type type, char *name, unsigned int lineno) +{ + struct json_item *item; + debug_decl(new_json_item, SUDO_DEBUG_UTIL); + + if ((item = malloc(sizeof(*item))) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); + debug_return_ptr(NULL); + } + item->name = name; + item->type = type; + item->lineno = lineno; + + debug_return_ptr(item); +} + +static char * +json_parse_string(char **strp) +{ + char *dst, *end, *ret, *src = *strp + 1; + size_t len; + debug_decl(json_parse_string, SUDO_DEBUG_UTIL); + + for (end = src; *end != '"' && *end != '\0'; end++) { + if (end[0] == '\\' && end[1] == '"') + end++; + } + if (*end != '"') { + sudo_warnx(U_("missing double quote in name")); + debug_return_str(NULL); + } + len = (size_t)(end - src); + + /* Copy string, flattening escaped chars. */ + dst = ret = malloc(len + 1); + if (ret == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + while (src < end) { + char ch = *src++; + /* TODO: handle unicode escapes */ + if (ch == '\\') { + switch (*src) { + case 'b': + ch = '\b'; + break; + case 'f': + ch = '\f'; + break; + case 'n': + ch = '\n'; + break; + case 'r': + ch = '\r'; + break; + case 't': + ch = '\t'; + break; + case '"': + case '\\': + default: + /* Note: a bare \ at the end of a string will be removed. */ + ch = *src; + break; + } + src++; + } + *dst++ = ch; + } + *dst = '\0'; + + /* Trim trailing whitespace. */ + do { + end++; + } while (isspace((unsigned char)*end)); + *strp = end; + + debug_return_str(ret); +} + +void +free_json_items(struct json_item_list *items) +{ + struct json_item *item; + debug_decl(free_json_items, SUDO_DEBUG_UTIL); + + while ((item = TAILQ_FIRST(items)) != NULL) { + TAILQ_REMOVE(items, item, entries); + switch (item->type) { + case JSON_STRING: + free(item->u.string); + break; + case JSON_ARRAY: + case JSON_OBJECT: + free_json_items(&item->u.child.items); + break; + default: + break; + } + free(item->name); + free(item); + } + + debug_return; +} + +static bool +iolog_parse_json_object(struct json_object *object, struct iolog_info *li) +{ + struct json_item *item; + bool ret = false; + debug_decl(iolog_parse_json_object, SUDO_DEBUG_UTIL); + + /* First object holds all the actual data. */ + item = TAILQ_FIRST(&object->items); + if (item->type != JSON_OBJECT) { + sudo_warnx(U_("expected JSON_OBJECT, got %d"), item->type); + goto done; + } + object = &item->u.child; + + TAILQ_FOREACH(item, &object->items, entries) { + struct iolog_json_key *key; + + /* lookup name */ + for (key = iolog_json_keys; key->name != NULL; key++) { + if (strcmp(item->name, key->name) == 0) + break; + } + if (key->name == NULL) { + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "%s: unknown key %s", __func__, item->name); + } else if (key->type != item->type && + (key->type != JSON_ID || item->type != JSON_NUMBER)) { + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "%s: key mismatch %s type %d, expected %d", __func__, + item->name, item->type, key->type); + goto done; + } else { + /* Matched name and type. */ + if (!key->setter(item, li)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to store %s", key->name); + goto done; + } + } + } + + /* Merge cmd and argv as sudoreplay expects. */ + if (li->cmd != NULL && li->argv != NULL) { + size_t len = strlen(li->cmd) + 1; + char *newcmd; + int ac; + + /* Skip argv[0], we use li->cmd instead. */ + for (ac = 1; li->argv[ac] != NULL; ac++) + len += strlen(li->argv[ac]) + 1; + + if ((newcmd = malloc(len)) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + goto done; + } + + /* TODO: optimize this. */ + if (strlcpy(newcmd, li->cmd, len) >= len) + sudo_fatalx(U_("internal error, %s overflow"), __func__); + for (ac = 1; li->argv[ac] != NULL; ac++) { + if (strlcat(newcmd, " ", len) >= len) + sudo_fatalx(U_("internal error, %s overflow"), __func__); + if (strlcat(newcmd, li->argv[ac], len) >= len) + sudo_fatalx(U_("internal error, %s overflow"), __func__); + } + + free(li->cmd); + li->cmd = newcmd; + } + + ret = true; + +done: + debug_return_bool(ret); +} + +static bool +json_insert_bool(struct json_item_list *items, char *name, bool value, + unsigned int lineno) +{ + struct json_item *item; + debug_decl(json_insert_bool, SUDO_DEBUG_UTIL); + + if ((item = new_json_item(JSON_BOOL, name, lineno)) == NULL) + debug_return_bool(false); + item->u.boolean = value; + TAILQ_INSERT_TAIL(items, item, entries); + + debug_return_bool(true); +} + +static bool +json_insert_null(struct json_item_list *items, char *name, unsigned int lineno) +{ + struct json_item *item; + debug_decl(json_insert_null, SUDO_DEBUG_UTIL); + + if ((item = new_json_item(JSON_NULL, name, lineno)) == NULL) + debug_return_bool(false); + TAILQ_INSERT_TAIL(items, item, entries); + + debug_return_bool(true); +} + +static bool +json_insert_num(struct json_item_list *items, char *name, long long value, + unsigned int lineno) +{ + struct json_item *item; + debug_decl(json_insert_num, SUDO_DEBUG_UTIL); + + if ((item = new_json_item(JSON_NUMBER, name, lineno)) == NULL) + debug_return_bool(false); + item->u.number = value; + TAILQ_INSERT_TAIL(items, item, entries); + + debug_return_bool(true); +} + +static bool +json_insert_str(struct json_item_list *items, char *name, char **strp, + unsigned int lineno) +{ + struct json_item *item; + debug_decl(json_insert_str, SUDO_DEBUG_UTIL); + + if ((item = new_json_item(JSON_STRING, name, lineno)) == NULL) + debug_return_bool(false); + item->u.string = json_parse_string(strp); + if (item->u.string == NULL) { + free(item); + debug_return_bool(false); + } + TAILQ_INSERT_TAIL(items, item, entries); + + debug_return_bool(true); +} + +static struct json_object * +json_stack_push(struct json_stack *stack, struct json_item_list *items, + struct json_object *frame, enum json_value_type type, char *name, + unsigned int lineno) +{ + struct json_item *item; + debug_decl(iolog_parse_loginfo_json, SUDO_DEBUG_UTIL); + + /* Allocate a new item and insert it into the list. */ + if ((item = new_json_item(type, name, lineno)) == NULL) + debug_return_ptr(NULL); + TAILQ_INIT(&item->u.child.items); + item->u.child.parent = item; + TAILQ_INSERT_TAIL(items, item, entries); + + /* Push the current frame onto the stack. */ + if (stack->depth == stack->maxdepth) + sudo_fatalx(U_("internal error, %s overflow"), __func__); + stack->frames[stack->depth++] = frame; + + /* Return the new frame */ + debug_return_ptr(&item->u.child); +} + +/* Only expect a value if a name is defined or we are in an array. */ +#define expect_value (name != NULL || (frame->parent != NULL && frame->parent->type == JSON_ARRAY)) + +bool +iolog_parse_json(FILE *fp, const char *filename, struct json_object *root) +{ + struct json_object *frame = root; + struct json_stack stack = JSON_STACK_INTIALIZER(stack); + unsigned int lineno = 0; + char *name = NULL; + char *buf = NULL; + size_t bufsize = 0; + ssize_t len; + bool ret = false; + long long num; + char ch; + debug_decl(iolog_parse_json, SUDO_DEBUG_UTIL); + + root->parent = NULL; + TAILQ_INIT(&root->items); + + while ((len = getdelim(&buf, &bufsize, '\n', fp)) != -1) { + char *cp = buf; + char *ep = buf + len - 1; + + lineno++; + + /* Trim trailing whitespace. */ + while (ep > cp && isspace((unsigned char)*ep)) + ep--; + ep[1] = '\0'; + + for (;;) { + const char *errstr; + + /* Trim leading whitespace, skip blank lines. */ + while (isspace((unsigned char)*cp)) + cp++; + + /* Strip out commas. TODO: require commas between values. */ + if (*cp == ',') { + cp++; + while (isspace((unsigned char)*cp)) + cp++; + } + + if (*cp == '\0') + break; + + switch (*cp) { + case '{': + cp++; + frame = json_stack_push(&stack, &frame->items, frame, + JSON_OBJECT, name, lineno); + if (frame == NULL) + goto parse_error; + name = NULL; + break; + case '}': + cp++; + if (stack.depth == 0 || frame->parent == NULL || + frame->parent->type != JSON_OBJECT) { + sudo_warnx(U_("unmatched close brace")); + goto parse_error; + } + frame = stack.frames[--stack.depth]; + break; + case '[': + cp++; + if (frame->parent == NULL) { + /* Must have an enclosing object. */ + sudo_warnx(U_("unexpected array")); + goto parse_error; + } + frame = json_stack_push(&stack, &frame->items, frame, + JSON_ARRAY, name, lineno); + if (frame == NULL) + goto parse_error; + name = NULL; + break; + case ']': + cp++; + if (stack.depth == 0 || frame->parent == NULL || + frame->parent->type != JSON_ARRAY) { + sudo_warnx(U_("unmatched close bracket")); + goto parse_error; + } + frame = stack.frames[--stack.depth]; + break; + case '"': + if (frame->parent == NULL) { + /* Must have an enclosing object. */ + sudo_warnx(U_("unexpected string")); + goto parse_error; + } + + if (!expect_value) { + /* Parse "name": */ + if ((name = json_parse_string(&cp)) == NULL) + goto parse_error; + /* TODO: allow colon on next line? */ + if (*cp++ != ':') { + sudo_warnx(U_("missing colon after name")); + goto parse_error; + } + } else { + if (!json_insert_str(&frame->items, name, &cp, lineno)) + goto parse_error; + name = NULL; + } + break; + case 't': + if (!expect_value) { + sudo_warnx(U_("unexpected boolean")); + goto parse_error; + } + if (strncmp(cp, "true", sizeof("true") - 1) != 0) + goto parse_error; + cp += sizeof("true") - 1; + if (*cp != ',' && !isspace((unsigned char)*cp) && *cp != '\0') + goto parse_error; + + if (!json_insert_bool(&frame->items, name, true, lineno)) + goto parse_error; + name = NULL; + break; + case 'f': + if (!expect_value) { + sudo_warnx(U_("unexpected boolean")); + goto parse_error; + } + if (strncmp(cp, "false", sizeof("false") - 1) != 0) + goto parse_error; + cp += sizeof("false") - 1; + if (*cp != ',' && !isspace((unsigned char)*cp) && *cp != '\0') + goto parse_error; + + if (!json_insert_bool(&frame->items, name, false, lineno)) + goto parse_error; + name = NULL; + break; + case 'n': + if (!expect_value) { + sudo_warnx(U_("unexpected boolean")); + goto parse_error; + } + if (strncmp(cp, "null", sizeof("null") - 1) != 0) + goto parse_error; + cp += sizeof("null") - 1; + if (*cp != ',' && !isspace((unsigned char)*cp) && *cp != '\0') + goto parse_error; + + if (!json_insert_null(&frame->items, name, lineno)) + goto parse_error; + name = NULL; + break; + case '+': case '-': case '0': case '1': case '2': case '3': + case '4': case '5': case '6': case '7': case '8': case '9': + if (!expect_value) { + sudo_warnx(U_("unexpected number")); + goto parse_error; + } + /* XXX - strtonumx() would be simpler here. */ + len = strcspn(cp, " \f\n\r\t\v,"); + ch = cp[len]; + cp[len] = '\0'; + num = sudo_strtonum(cp, LLONG_MIN, LLONG_MAX, &errstr); + if (errstr != NULL) { + sudo_warnx(U_("%s: %s"), cp, U_(errstr)); + goto parse_error; + } + cp += len; + *cp = ch; + + if (!json_insert_num(&frame->items, name, num, lineno)) + goto parse_error; + name = NULL; + break; + default: + goto parse_error; + } + } + } + if (stack.depth != 0) { + frame = stack.frames[stack.depth - 1]; + if (frame->parent == NULL || frame->parent->type == JSON_OBJECT) + sudo_warnx(U_("unmatched close brace")); + else + sudo_warnx(U_("unmatched close bracket")); + goto parse_error; + } + + ret = true; + goto done; + +parse_error: + sudo_warnx(U_("%s:%u unable to parse \"%s\""), filename, lineno, buf); +done: + free(buf); + free(name); + if (!ret) + free_json_items(&root->items); + + debug_return_bool(ret); +} + +bool +iolog_parse_loginfo_json(FILE *fp, const char *iolog_dir, struct iolog_info *li) +{ + struct json_object root; + bool ret = false; + debug_decl(iolog_parse_loginfo_json, SUDO_DEBUG_UTIL); + + if (iolog_parse_json(fp, iolog_dir, &root)) { + /* Walk the stack and parse entries. */ + ret = iolog_parse_json_object(&root, li); + + /* Cleanup. */ + free_json_items(&root.items); + } + + debug_return_bool(ret); +} diff -Nru sudo-1.8.31/lib/iolog/iolog_json.h sudo-1.9.0/lib/iolog/iolog_json.h --- sudo-1.8.31/lib/iolog/iolog_json.h 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/iolog/iolog_json.h 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,50 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef IOLOG_JSON_H +#define IOLOG_JSON_H + +#include "sudo_json.h" +#include "sudo_queue.h" + +TAILQ_HEAD(json_item_list, json_item); + +struct json_object { + struct json_item *parent; + struct json_item_list items; +}; + +struct json_item { + TAILQ_ENTRY(json_item) entries; + char *name; /* may be NULL for first brace */ + unsigned int lineno; + enum json_value_type type; + union { + struct json_object child; + char *string; + long long number; + id_t id; + bool boolean; + } u; +}; + +void free_json_items(struct json_item_list *items); +bool iolog_parse_json(FILE *fp, const char *filename, struct json_object *root); +char **json_array_to_strvec(struct json_object *array); + +#endif /* IOLOG_JSON_H */ diff -Nru sudo-1.8.31/lib/iolog/iolog_path.c sudo-1.9.0/lib/iolog/iolog_path.c --- sudo-1.8.31/lib/iolog/iolog_path.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/iolog/iolog_path.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,139 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2011-2015 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ +#ifdef HAVE_STRING_H +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#include +#include +#include +#include +#include + +#include "sudo_gettext.h" /* must be included before sudo_compat.h */ + +#include "sudo_compat.h" +#include "sudo_fatal.h" +#include "sudo_debug.h" +#include "sudo_util.h" +#include "sudo_iolog.h" + +/* + * Expand any escape sequences in inpath, returning the expanded path. + */ +bool +expand_iolog_path(const char *inpath, char *path, size_t pathlen, + const struct iolog_path_escape *escapes, void *closure) +{ + char *dst, *pathend, tmpbuf[PATH_MAX]; + const char *endbrace, *src; + bool strfit = false; + size_t len; + debug_decl(expand_iolog_path, SUDO_DEBUG_UTIL); + + /* Collapse multiple leading slashes. */ + while (inpath[0] == '/' && inpath[1] == '/') + inpath++; + + pathend = path + pathlen; + for (src = inpath, dst = path; *src != '\0'; src++) { + if (src[0] == '%') { + if (src[1] == '{') { + endbrace = strchr(src + 2, '}'); + if (endbrace != NULL) { + const struct iolog_path_escape *esc; + len = (size_t)(endbrace - src - 2); + for (esc = escapes; esc->name != NULL; esc++) { + if (strncmp(src + 2, esc->name, len) == 0 && + esc->name[len] == '\0') + break; + } + if (esc->name != NULL) { + len = esc->copy_fn(dst, (size_t)(pathend - dst), + closure); + if (len >= (size_t)(pathend - dst)) + goto bad; + dst += len; + src = endbrace; + continue; + } + } + } else if (src[1] == '%') { + /* Collapse %% -> % */ + src++; + } else { + /* May need strftime() */ + strfit = true; + } + } + /* Need at least 2 chars, including the NUL terminator. */ + if (dst + 1 >= pathend) + goto bad; + *dst++ = *src; + } + + /* Trim trailing slashes and NUL terminate. */ + while (dst > path && dst[-1] == '/') + dst--; + *dst = '\0'; + + /* Expand strftime escapes as needed. */ + if (strfit) { + time_t now; + struct tm *timeptr; + + time(&now); + if ((timeptr = localtime(&now)) == NULL) + goto bad; + + /* We only call strftime() on the current part of the buffer. */ + tmpbuf[sizeof(tmpbuf) - 1] = '\0'; + len = strftime(tmpbuf, sizeof(tmpbuf), path, timeptr); + + if (len == 0 || tmpbuf[sizeof(tmpbuf) - 1] != '\0') + goto bad; /* strftime() failed, buf too small? */ + + if (len >= (size_t)(pathend - path)) + goto bad; /* expanded buffer too big to fit. */ + memcpy(path, tmpbuf, len); + dst = path + len; + *dst = '\0'; + } + + debug_return_bool(true); +bad: + debug_return_bool(false); +} diff -Nru sudo-1.8.31/lib/iolog/iolog_util.c sudo-1.9.0/lib/iolog/iolog_util.c --- sudo-1.8.31/lib/iolog/iolog_util.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/iolog/iolog_util.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,464 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2009-2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ +#ifdef HAVE_STRING_H +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#include +#include +#include +#include +#include +#include +#include + +#include "sudo_gettext.h" /* must be included before sudo_compat.h */ + +#include "sudo_compat.h" +#include "sudo_fatal.h" +#include "sudo_debug.h" +#include "sudo_util.h" +#include "sudo_iolog.h" + +static int timing_event_adj; + +static bool +iolog_parse_loginfo_legacy(FILE *fp, const char *iolog_dir, + struct iolog_info *li) +{ + char *buf = NULL, *cp, *ep; + const char *errstr; + size_t bufsize = 0, cwdsize = 0, cmdsize = 0; + bool ret = false; + debug_decl(iolog_parse_loginfo_legacy, SUDO_DEBUG_UTIL); + + /* + * Info file has three lines: + * 1) a log info line + * 2) cwd + * 3) command with args + */ + if (getdelim(&buf, &bufsize, '\n', fp) == -1 || + getdelim(&li->cwd, &cwdsize, '\n', fp) == -1 || + getdelim(&li->cmd, &cmdsize, '\n', fp) == -1) { + sudo_warn(U_("%s: invalid log file"), iolog_dir); + goto done; + } + + /* Strip the newline from the cwd and command. */ + li->cwd[strcspn(li->cwd, "\n")] = '\0'; + li->cmd[strcspn(li->cmd, "\n")] = '\0'; + + /* + * Crack the log line (lines and cols not present in old versions). + * timestamp:user:runas_user:runas_group:tty:lines:cols + * XXX - probably better to use strtok and switch on the state. + */ + buf[strcspn(buf, "\n")] = '\0'; + cp = buf; + + /* timestamp */ + if ((ep = strchr(cp, ':')) == NULL) { + sudo_warn(U_("%s: time stamp field is missing"), iolog_dir); + goto done; + } + *ep = '\0'; + li->tstamp.tv_sec = sudo_strtonum(cp, 0, TIME_T_MAX, &errstr); + if (errstr != NULL) { + sudo_warn(U_("%s: time stamp %s: %s"), iolog_dir, cp, errstr); + goto done; + } + + /* submit user */ + cp = ep + 1; + if ((ep = strchr(cp, ':')) == NULL) { + sudo_warn(U_("%s: user field is missing"), iolog_dir); + goto done; + } + if ((li->user = strndup(cp, (size_t)(ep - cp))) == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + + /* runas user */ + cp = ep + 1; + if ((ep = strchr(cp, ':')) == NULL) { + sudo_warn(U_("%s: runas user field is missing"), iolog_dir); + goto done; + } + if ((li->runas_user = strndup(cp, (size_t)(ep - cp))) == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + + /* runas group */ + cp = ep + 1; + if ((ep = strchr(cp, ':')) == NULL) { + sudo_warn(U_("%s: runas group field is missing"), iolog_dir); + goto done; + } + if (cp != ep) { + if ((li->runas_group = strndup(cp, (size_t)(ep - cp))) == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + } + + /* tty, followed by optional lines + cols */ + cp = ep + 1; + if ((ep = strchr(cp, ':')) == NULL) { + /* just the tty */ + if ((li->tty = strdup(cp)) == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + } else { + /* tty followed by lines + cols */ + if ((li->tty = strndup(cp, (size_t)(ep - cp))) == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + cp = ep + 1; + /* need to NULL out separator to use sudo_strtonum() */ + /* XXX - use sudo_strtonumx */ + if ((ep = strchr(cp, ':')) != NULL) { + *ep = '\0'; + } + li->lines = sudo_strtonum(cp, 1, INT_MAX, &errstr); + if (errstr != NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "%s: tty lines %s: %s", iolog_dir, cp, errstr); + } + if (ep != NULL) { + cp = ep + 1; + li->cols = sudo_strtonum(cp, 1, INT_MAX, &errstr); + if (errstr != NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "%s: tty cols %s: %s", iolog_dir, cp, errstr); + } + } + } + + ret = true; + +done: + free(buf); + debug_return_bool(ret); +} + +struct iolog_info * +iolog_parse_loginfo(int dfd, const char *iolog_dir) +{ + struct iolog_info *li = NULL; + FILE *fp = NULL; + int fd = -1; + int tmpfd = -1; + bool ok, legacy = false; + debug_decl(iolog_parse_loginfo, SUDO_DEBUG_UTIL); + + if (dfd == -1) { + if ((tmpfd = open(iolog_dir, O_RDONLY)) == -1) { + sudo_warn("%s", iolog_dir); + goto bad; + } + dfd = tmpfd; + } + if ((fd = openat(dfd, "log.json", O_RDONLY, 0)) == -1) { + fd = openat(dfd, "log", O_RDONLY, 0); + legacy = true; + } + if (tmpfd != -1) + close(tmpfd); + if (fd == -1 || (fp = fdopen(fd, "r")) == NULL) { + sudo_warn("%s/log", iolog_dir); + goto bad; + } + fd = -1; + + if ((li = calloc(1, sizeof(*li))) == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + li->runas_uid = (uid_t)-1; + li->runas_gid = (gid_t)-1; + + ok = legacy ? iolog_parse_loginfo_legacy(fp, iolog_dir, li) : + iolog_parse_loginfo_json(fp, iolog_dir, li); + if (ok) { + fclose(fp); + debug_return_ptr(li); + } + +bad: + if (fd != -1) + close(fd); + if (fp != NULL) + fclose(fp); + iolog_free_loginfo(li); + debug_return_ptr(NULL); +} + +void +iolog_adjust_delay(struct timespec *delay, struct timespec *max_delay, + double scale_factor) +{ + double seconds; + debug_decl(iolog_adjust_delay, SUDO_DEBUG_UTIL); + + if (scale_factor != 1.0) { + /* Order is important: we don't want to double the remainder. */ + seconds = (double)delay->tv_sec / scale_factor; + delay->tv_sec = (time_t)seconds; + delay->tv_nsec /= scale_factor; + delay->tv_nsec += (seconds - delay->tv_sec) * 1000000000; + while (delay->tv_nsec >= 1000000000) { + delay->tv_sec++; + delay->tv_nsec -= 1000000000; + } + } + + /* Clamp to max delay. */ + if (max_delay != NULL) { + if (sudo_timespeccmp(delay, max_delay, >)) { + delay->tv_sec = max_delay->tv_sec; + delay->tv_nsec = max_delay->tv_nsec; + } + } + + debug_return; +} + +/* + * Parse the delay as seconds and nanoseconds: %lld.%09ld + * Sudo used to write this as a double, but since timing data is logged + * in the C locale this may not match the current locale. + */ +char * +iolog_parse_delay(const char *cp, struct timespec *delay, + const char *decimal_point) +{ + char numbuf[(((sizeof(long long) * 8) + 2) / 3) + 2]; + const char *errstr, *ep; + long long llval; + size_t len; + debug_decl(iolog_parse_delay, SUDO_DEBUG_UTIL); + + /* Parse seconds (whole number portion). */ + for (ep = cp; isdigit((unsigned char)*ep); ep++) + continue; + len = (size_t)(ep - cp); + if (len >= sizeof(numbuf)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "%s: number of seconds is too large", cp); + debug_return_ptr(NULL); + } + memcpy(numbuf, cp, len); + numbuf[len] = '\0'; + delay->tv_sec = sudo_strtonum(numbuf, 0, TIME_T_MAX, &errstr); + if (errstr != NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "%s: number of seconds is %s", numbuf, errstr); + debug_return_ptr(NULL); + } + + /* Radix may be in user's locale for sudo < 1.7.4 so accept that too. */ + if (*ep != '.' && *ep != *decimal_point) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "invalid characters after seconds: %s", ep); + debug_return_ptr(NULL); + } + cp = ep + 1; + + /* Parse fractional part, we may read more precision than we can store. */ + for (ep = cp; isdigit((unsigned char)*ep); ep++) + continue; + len = (size_t)(ep - cp); + if (len >= sizeof(numbuf)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "%s: number of nanoseconds is too large", cp); + debug_return_ptr(NULL); + } + memcpy(numbuf, cp, len); + numbuf[len] = '\0'; + llval = sudo_strtonum(numbuf, 0, LLONG_MAX, &errstr); + if (errstr != NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "%s: number of nanoseconds is %s", numbuf, errstr); + debug_return_ptr(NULL); + } + + /* Adjust fractional part to nanosecond precision. */ + if (len < 9) { + /* Convert to nanosecond precision. */ + do { + llval *= 10; + } while (++len < 9); + } else if (len > 9) { + /* Clamp to nanoseconds. */ + do { + llval /= 10; + } while (--len > 9); + } + delay->tv_nsec = (long)llval; + + /* Advance to the next field. */ + while (isspace((unsigned char)*ep)) + ep++; + + debug_return_str((char *)ep); +} + +/* + * Parse a timing line, which is formatted as: + * IO_EVENT_TTYOUT sleep_time num_bytes + * IO_EVENT_WINSIZE sleep_time lines cols + * IO_EVENT_SUSPEND sleep_time signo + * Where type is IO_EVENT_*, sleep_time is the number of seconds to sleep + * before writing the data and num_bytes is the number of bytes to output. + * Returns true on success and false on failure. + */ +bool +iolog_parse_timing(const char *line, struct timing_closure *timing) +{ + unsigned long ulval; + char *cp, *ep; + debug_decl(iolog_parse_timing, SUDO_DEBUG_UTIL); + + /* Clear iolog descriptor. */ + timing->iol = NULL; + + /* Parse event type. */ + ulval = strtoul(line, &ep, 10); + if (ep == line || !isspace((unsigned char) *ep)) + goto bad; + if (ulval >= IO_EVENT_COUNT) + goto bad; + if (ulval == IO_EVENT_TTYOUT_1_8_7) { + /* work around a bug in timing files generated by sudo 1.8.7 */ + timing_event_adj = 2; + } + timing->event = (int)ulval - timing_event_adj; + for (cp = ep + 1; isspace((unsigned char) *cp); cp++) + continue; + + /* Parse delay, returns the next field or NULL on error. */ + if ((cp = iolog_parse_delay(cp, &timing->delay, timing->decimal)) == NULL) + goto bad; + + switch (timing->event) { + case IO_EVENT_SUSPEND: + /* Signal name (no leading SIG prefix) or number. */ + if (str2sig(cp, &timing->u.signo) == -1) + goto bad; + break; + case IO_EVENT_WINSIZE: + ulval = strtoul(cp, &ep, 10); + if (ep == cp || !isspace((unsigned char) *ep)) + goto bad; + if (ulval > INT_MAX) + goto bad; + timing->u.winsize.lines = (int)ulval; + for (cp = ep + 1; isspace((unsigned char) *cp); cp++) + continue; + + ulval = strtoul(cp, &ep, 10); + if (ep == cp || *ep != '\0') + goto bad; + if (ulval > INT_MAX) + goto bad; + timing->u.winsize.cols = (int)ulval; + break; + default: + errno = 0; + ulval = strtoul(cp, &ep, 10); + if (ep == cp || *ep != '\0') + goto bad; + /* Note: assumes SIZE_MAX == ULONG_MAX */ + if (errno == ERANGE && ulval == ULONG_MAX) + goto bad; + timing->u.nbytes = (size_t)ulval; + break; + } + + debug_return_bool(true); +bad: + debug_return_bool(false); +} + +/* + * Read the next record from the timing file. + * Return 0 on success, 1 on EOF and -1 on error. + */ +int +iolog_read_timing_record(struct iolog_file *iol, struct timing_closure *timing) +{ + char line[LINE_MAX]; + const char *errstr; + debug_decl(iolog_read_timing_record, SUDO_DEBUG_UTIL); + + /* Read next record from timing file. */ + if (iolog_gets(iol, line, sizeof(line), &errstr) == NULL) { + /* EOF or error reading timing file, we are done. */ + if (iolog_eof(iol)) + debug_return_int(1); + sudo_warnx(U_("error reading timing file: %s"), errstr); + debug_return_int(-1); + } + + /* Parse timing file record. */ + line[strcspn(line, "\n")] = '\0'; + if (!iolog_parse_timing(line, timing)) { + sudo_warnx(U_("invalid timing file line: %s"), line); + debug_return_int(-1); + } + + debug_return_int(0); +} + +void +iolog_free_loginfo(struct iolog_info *li) +{ + char **p; + + if (li != NULL) { + if (li->argv != NULL) { + for (p = li->argv; *p != NULL; p++) + free(*p); + free(li->argv); + } + if (li->envp != NULL) { + for (p = li->envp; *p != NULL; p++) + free(*p); + free(li->envp); + } + free(li->cwd); + free(li->user); + free(li->runas_user); + free(li->runas_group); + free(li->tty); + free(li->cmd); + free(li->host); + free(li); + } +} diff -Nru sudo-1.8.31/lib/iolog/Makefile.in sudo-1.9.0/lib/iolog/Makefile.in --- sudo-1.8.31/lib/iolog/Makefile.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/iolog/Makefile.in 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,332 @@ +# +# SPDX-License-Identifier: ISC +# +# Copyright (c) 2011-2020 Todd C. Miller +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# +# @configure_input@ +# + +#### Start of system configuration section. #### + +srcdir = @srcdir@ +abs_srcdir = @abs_srcdir@ +top_srcdir = @top_srcdir@ +abs_top_srcdir = @abs_top_srcdir@ +top_builddir = @top_builddir@ +abs_top_builddir = @abs_top_builddir@ +devdir = @devdir@ +incdir = $(top_srcdir)/include +scriptdir = $(top_srcdir)/scripts +cross_compiling = @CROSS_COMPILING@ + +# Compiler & tools to use +CC = @CC@ +LIBTOOL = @LIBTOOL@ + +# Libraries +LT_LIBS = $(top_builddir)/lib/util/libsudo_util.la +LIBS = @LIBS@ @ZLIB@ $(LT_LIBS) + +# C preprocessor flags +CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(srcdir) @CPPFLAGS@ + +# Usually -O and/or -g +CFLAGS = @CFLAGS@ + +# Flags to pass to the link stage +LDFLAGS = @LDFLAGS@ + +# Flags to pass to libtool +LTFLAGS = @LT_STATIC@ + +# Address sanitizer flags +ASAN_CFLAGS = @ASAN_CFLAGS@ +ASAN_LDFLAGS = @ASAN_LDFLAGS@ + +# PIE flags +PIE_CFLAGS = @PIE_CFLAGS@ +PIE_LDFLAGS = @PIE_LDFLAGS@ + +# Stack smashing protection flags +SSP_CFLAGS = @SSP_CFLAGS@ +SSP_LDFLAGS = @SSP_LDFLAGS@ + +# cppcheck options, usually set in the top-level Makefile +CPPCHECK_OPTS = -q --force --enable=warning,performance,portability --suppress=constStatement --error-exitcode=1 --inline-suppr -Dva_copy=va_copy -U__cplusplus -UQUAD_MAX -UQUAD_MIN -UUQUAD_MAX -U_POSIX_HOST_NAME_MAX -U_POSIX_PATH_MAX -U__NBBY -DNSIG=64 + +# splint options, usually set in the top-level Makefile +SPLINT_OPTS = -D__restrict= -checks + +# PVS-studio options +PVS_CFG = $(top_srcdir)/PVS-Studio.cfg +PVS_IGNORE = 'V707,V011,V002,V536' +PVS_LOG_OPTS = -a 'GA:1,2' -e -t errorfile -d $(PVS_IGNORE) + +# Regression tests +TEST_PROGS = check_iolog_json check_iolog_path check_iolog_util host_port_test +TEST_LIBS = @LIBS@ +TEST_LDFLAGS = @LDFLAGS@ + +# Set to non-empty for development mode +DEVEL = @DEVEL@ + +#### End of system configuration section. #### + +SHELL = @SHELL@ + +LIBIOLOG_OBJS = iolog_fileio.lo iolog_json.lo iolog_path.lo iolog_util.lo \ + host_port.lo hostcheck.lo + +IOBJS = $(LIBIOLOG_OBJS:.lo=.i) + +POBJS = $(IOBJS:.i=.plog) + +CHECK_IOLOG_PATH_OBJS = check_iolog_path.lo iolog_path.lo + +CHECK_IOLOG_UTIL_OBJS = check_iolog_util.lo iolog_json.lo iolog_util.lo + +CHECK_IOLOG_JSON_OBJS = check_iolog_json.lo iolog_json.lo + +HOST_PORT_TEST_OBJS = host_port_test.lo host_port.lo + +all: libsudo_iolog.la + +pvs-log-files: $(POBJS) + +pvs-studio: $(POBJS) + plog-converter $(PVS_LOG_OPTS) $(POBJS) + +depend: + $(scriptdir)/mkdep.pl --srcdir=$(abs_top_srcdir) \ + --builddir=$(abs_top_builddir) lib/iolog/Makefile.in + cd $(top_builddir) && ./config.status --file lib/iolog/Makefile + +Makefile: $(srcdir)/Makefile.in + cd $(top_builddir) && ./config.status --file lib/iolog/Makefile + +.SUFFIXES: .c .h .i .lo .plog + +.c.lo: + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $< + +.c.i: + $(CC) -E -o $@ $(CPPFLAGS) $< + +.i.plog: + ifile=$<; rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $${ifile%i}c --i-file $< --output-file $@ + +libsudo_iolog.la: $(LIBIOLOG_OBJS) + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(LIBIOLOG_OBJS) $(LT_LIBS) @ZLIB@ @NET_LIBS@ + +check_iolog_path: $(CHECK_IOLOG_PATH_OBJS) libsudo_iolog.la + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_IOLOG_PATH_OBJS) libsudo_iolog.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) + +check_iolog_util: $(CHECK_IOLOG_UTIL_OBJS) libsudo_iolog.la + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_IOLOG_UTIL_OBJS) libsudo_iolog.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) + +check_iolog_json: $(CHECK_IOLOG_JSON_OBJS) libsudo_iolog.la + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_IOLOG_JSON_OBJS) libsudo_iolog.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) + +host_port_test: $(HOST_PORT_TEST_OBJS) libsudo_iolog.la + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(HOST_PORT_TEST_OBJS) libsudo_iolog.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) + +pre-install: + +install: + +install-binaries: + +install-includes: + +install-doc: + +install-plugin: + +uninstall: + +splint: + splint $(SPLINT_OPTS) -I$(incdir) -I$(top_builddir) $(srcdir)/*.c + +cppcheck: + cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) $(srcdir)/*.c + +pvs-log-files: $(POBJS) + +check: $(TEST_PROGS) + @if test X"$(cross_compiling)" != X"yes"; then \ + LC_ALL=C; export LC_ALL; \ + unset LANG || LANG=; \ + rval=0; \ + ./check_iolog_json $(srcdir)/regress/iolog_json/*.in || rval=`expr $$rval + $$?`; \ + ./check_iolog_path $(srcdir)/regress/iolog_path/data || rval=`expr $$rval + $$?`; \ + ./check_iolog_util || rval=`expr $$rval + $$?`; \ + ./host_port_test || rval=`expr $$rval + $$?`; \ + exit $$rval; \ + fi + +clean: + -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f $(TEST_PROGS) *.lo *.o *.la + -rm -f *.i *.plog stamp-* core *.core core.* regress/*/*.out \ + regress/*/*.err + +mostlyclean: clean + +distclean: clean + -rm -rf Makefile .libs + +clobber: distclean + +realclean: distclean + rm -f TAGS tags + +cleandir: realclean + +# Autogenerated dependencies, do not modify +check_iolog_json.lo: $(srcdir)/regress/iolog_json/check_iolog_json.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_json.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/iolog_json.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/iolog_json/check_iolog_json.c +check_iolog_json.i: $(srcdir)/regress/iolog_json/check_iolog_json.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_json.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/iolog_json.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +check_iolog_json.plog: check_iolog_json.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/iolog_json/check_iolog_json.c --i-file $< --output-file $@ +check_iolog_path.lo: $(srcdir)/regress/iolog_path/check_iolog_path.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/iolog_path/check_iolog_path.c +check_iolog_path.i: $(srcdir)/regress/iolog_path/check_iolog_path.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +check_iolog_path.plog: check_iolog_path.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/iolog_path/check_iolog_path.c --i-file $< --output-file $@ +check_iolog_util.lo: $(srcdir)/regress/iolog_util/check_iolog_util.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/iolog_util/check_iolog_util.c +check_iolog_util.i: $(srcdir)/regress/iolog_util/check_iolog_util.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +check_iolog_util.plog: check_iolog_util.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/iolog_util/check_iolog_util.c --i-file $< --output-file $@ +host_port.lo: $(srcdir)/host_port.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/host_port.c +host_port.i: $(srcdir)/host_port.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +host_port.plog: host_port.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/host_port.c --i-file $< --output-file $@ +host_port_test.lo: $(srcdir)/regress/host_port/host_port_test.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/host_port/host_port_test.c +host_port_test.i: $(srcdir)/regress/host_port/host_port_test.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +host_port_test.plog: host_port_test.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/host_port/host_port_test.c --i-file $< --output-file $@ +hostcheck.lo: $(srcdir)/hostcheck.c $(incdir)/compat/stdbool.h \ + $(incdir)/hostcheck.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/hostcheck.c +hostcheck.i: $(srcdir)/hostcheck.c $(incdir)/compat/stdbool.h \ + $(incdir)/hostcheck.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +hostcheck.plog: hostcheck.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/hostcheck.c --i-file $< --output-file $@ +iolog_fileio.lo: $(srcdir)/iolog_fileio.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_json.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_fileio.c +iolog_fileio.i: $(srcdir)/iolog_fileio.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_json.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +iolog_fileio.plog: iolog_fileio.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_fileio.c --i-file $< --output-file $@ +iolog_json.lo: $(srcdir)/iolog_json.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_json.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/iolog_json.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_json.c +iolog_json.i: $(srcdir)/iolog_json.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_json.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/iolog_json.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +iolog_json.plog: iolog_json.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_json.c --i-file $< --output-file $@ +iolog_path.lo: $(srcdir)/iolog_path.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_path.c +iolog_path.i: $(srcdir)/iolog_path.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +iolog_path.plog: iolog_path.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_path.c --i-file $< --output-file $@ +iolog_util.lo: $(srcdir)/iolog_util.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_util.c +iolog_util.i: $(srcdir)/iolog_util.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +iolog_util.plog: iolog_util.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_util.c --i-file $< --output-file $@ diff -Nru sudo-1.8.31/lib/iolog/regress/host_port/host_port_test.c sudo-1.9.0/lib/iolog/regress/host_port/host_port_test.c --- sudo-1.8.31/lib/iolog/regress/host_port/host_port_test.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/iolog/regress/host_port/host_port_test.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,151 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019-2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#ifdef HAVE_STRING_H +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif +#include +#include + +#include "sudo_compat.h" +#include "sudo_fatal.h" +#include "sudo_iolog.h" +#include "sudo_util.h" + +__dso_public int main(int argc, char *argv[]); + +/* + * Test that iolog_parse_host_port() works as expected. + */ + +struct host_port_test { + const char *str; /* input string */ + const char *host; /* parsed host */ + const char *port; /* parsed port */ + bool tls; /* parsed TLS flag */ + char *defport; /* default port */ + char *defport_tls; /* default port */ + bool ret; /* return value */ +}; + +static struct host_port_test test_data[] = { + /* No TLS */ + { "xerxes", "xerxes", "12345", false, "12345", NULL, true }, + { "xerxes:12345", "xerxes", "12345", false, "67890", NULL, true }, + { "127.0.0.1", "127.0.0.1", "12345", false, "12345", NULL, true }, + { "127.0.0.1:12345", "127.0.0.1", "12345", false, "67890", NULL, true }, + { "[::1]", "::1", "12345", false, "12345", NULL, true }, + { "[::1]:12345", "::1", "12345", false, "67890", NULL, true }, + + /* With TLS */ + { "xerxes(tls)", "xerxes", "12345", true, "5678", "12345", true }, + { "xerxes:12345(tls)", "xerxes", "12345", true, "5678", "67890", true }, + { "127.0.0.1(tls)", "127.0.0.1", "12345", true, "5678", "12345", true }, + { "127.0.0.1:12345(tls)", "127.0.0.1", "12345", true, "5678", "67890", true }, + { "[::1](tls)", "::1", "12345", true, "5678", "12345", true }, + { "[::1]:12345(tls)", "::1", "12345", true, "5678", "67890", true }, + + /* Errors */ + { "xerxes:", NULL, NULL, false, "12345", NULL, false }, /* missing port */ + { "127.0.0.1:", NULL, NULL, false, "12345", NULL, false }, /* missing port */ + { "[::1:12345", NULL, NULL, false, "67890", NULL, false }, /* missing bracket */ + { "[::1]:", NULL, NULL, false, "12345", NULL, false }, /* missing port */ + { NULL } +}; + +int +main(int argc, char *argv[]) +{ + int i, errors = 0, ntests = 0; + char *host, *port, *copy = NULL; + bool ret, tls; + + initprogname(argc > 0 ? argv[0] : "host_port_test"); + + for (i = 0; test_data[i].str != NULL; i++) { + host = port = NULL; + tls = false; + free(copy); + if ((copy = strdup(test_data[i].str)) == NULL) + sudo_fatal_nodebug(NULL); + + ntests++; + ret = iolog_parse_host_port(copy, &host, &port, &tls, + test_data[i].defport, test_data[i].defport_tls); + if (ret != test_data[i].ret) { + sudo_warnx_nodebug("test #%d: %s: returned %s, expected %s", + ntests, test_data[i].str, ret ? "true" : "false", + test_data[i].ret ? "true" : "false"); + errors++; + continue; + } + if (!ret) + continue; + + if (host == NULL) { + sudo_warnx_nodebug("test #%d: %s: NULL host", + ntests, test_data[i].str); + errors++; + continue; + } + if (strcmp(host, test_data[i].host) != 0) { + sudo_warnx_nodebug("test #%d: %s: bad host, expected %s, got %s", + ntests, test_data[i].str, test_data[i].host, host); + errors++; + continue; + } + if (port == NULL) { + sudo_warnx_nodebug("test #%d: %s: NULL port", + ntests, test_data[i].str); + errors++; + continue; + } + if (strcmp(port, test_data[i].port) != 0) { + sudo_warnx_nodebug("test #%d: %s: bad port, expected %s, got %s", + ntests, test_data[i].str, test_data[i].port, port); + errors++; + continue; + } + if (tls != test_data[i].tls) { + sudo_warnx_nodebug("test #%d: %s: bad tls, expected %s, got %s", + ntests, test_data[i].str, test_data[i].tls ? "true" : "false", + tls ? "true" : "false"); + errors++; + continue; + } + } + free(copy); + if (ntests != 0) { + printf("%s: %d tests run, %d errors, %d%% success rate\n", + getprogname(), ntests, errors, (ntests - errors) * 100 / ntests); + } + exit(errors); +} diff -Nru sudo-1.8.31/lib/iolog/regress/iolog_json/check_iolog_json.c sudo-1.9.0/lib/iolog/regress/iolog_json/check_iolog_json.c --- sudo-1.8.31/lib/iolog/regress/iolog_json/check_iolog_json.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/iolog/regress/iolog_json/check_iolog_json.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,271 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#ifdef HAVE_STRING_H +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#include +#include + +#define SUDO_ERROR_WRAP 0 + +#include "sudo_compat.h" +#include "sudo_util.h" +#include "sudo_fatal.h" + +#include "iolog_json.h" + +__dso_public int main(int argc, char *argv[]); + +bool +json_print_object(struct json_container *json, struct json_object *object) +{ + struct json_item *item; + struct json_value json_value; + bool ret = false; + + TAILQ_FOREACH(item, &object->items, entries) { + switch (item->type) { + case JSON_STRING: + json_value.type = JSON_STRING; + json_value.u.string = item->u.string; + if (!sudo_json_add_value(json, item->name, &json_value)) + goto oom; + break; + case JSON_NUMBER: + json_value.type = JSON_NUMBER; + json_value.u.number = item->u.number; + if (!sudo_json_add_value(json, item->name, &json_value)) + goto oom; + break; + case JSON_OBJECT: + if (!sudo_json_open_object(json, item->name)) + goto oom; + if (!json_print_object(json, &item->u.child)) + goto done; + if (!sudo_json_close_object(json)) + goto oom; + break; + case JSON_ARRAY: + if (!sudo_json_open_array(json, item->name)) + goto oom; + if (!json_print_object(json, &item->u.child)) + goto done; + if (!sudo_json_close_array(json)) + goto oom; + break; + case JSON_BOOL: + json_value.type = JSON_BOOL; + json_value.u.boolean = item->u.boolean; + if (!sudo_json_add_value(json, item->name, &json_value)) + goto oom; + break; + case JSON_NULL: + json_value.type = JSON_NULL; + if (!sudo_json_add_value(json, item->name, &json_value)) + goto oom; + break; + default: + sudo_warnx("unsupported JSON type %d", item->type); + goto done; + } + } + + ret = true; + goto done; + +oom: + sudo_warnx("%s: %s", __func__, "unable to allocate memory"); +done: + return ret; +} + +static bool +json_format(struct json_container *json, struct json_object *object) +{ + struct json_item *item; + bool ret = false; + + /* First object holds all the actual data. */ + item = TAILQ_FIRST(&object->items); + if (item->type != JSON_OBJECT) { + sudo_warnx("expected JSON_OBJECT, got %d", item->type); + goto done; + } + object = &item->u.child; + + if (!json_print_object(json, object)) + goto done; + + ret = true; + +done: + return ret; +} + +static void +usage(void) +{ + fprintf(stderr, "usage: %s [-c] input_file ...\n", + getprogname()); + exit(EXIT_FAILURE); +} + +static bool +compare(FILE *fp, const char *infile, struct json_container *json) +{ + const char *cp; + unsigned int lineno = 0; + size_t linesize = 0; + char *line = NULL; + ssize_t len; + + cp = sudo_json_get_buf(json); + + while ((len = getdelim(&line, &linesize, '\n', fp)) != -1) { + lineno++; + + /* skip open/close brace, not present in formatted output */ + if (lineno == 1 && strcmp(line, "{\n") == 0) + continue; + if (*cp == '\0' && strcmp(line, "}\n") == 0) + continue; + + /* Ignore newlines in output to make comparison easier. */ + if (*cp == '\n') + cp++; + if (line[len - 1] == '\n') + len--; + + if (strncmp(line, cp, len) != 0) { + fprintf(stderr, "%s: mismatch on line %u\n", infile, lineno); + fprintf(stderr, "expected: %s", line); + fprintf(stderr, "got : %.*s\n", (int)len, cp); + return false; + } + cp += len; + } + free(line); + + return true; +} + +int +main(int argc, char *argv[]) +{ + struct json_object root; + int ch, i, tests = 0, errors = 0; + bool cat = false; + + initprogname(argc > 0 ? argv[0] : "check_iolog_json"); + + while ((ch = getopt(argc, argv, "c")) != -1) { + switch (ch) { + case 'c': + cat = true; + break; + default: + usage(); + } + } + argc -= optind; + argv += optind; + + if (argc < 1) + usage(); + + for (i = 0; i < argc; i++) { + struct json_container json; + const char *infile = argv[i]; + const char *outfile = argv[i]; + const char *cp; + char pathbuf[PATH_MAX]; + FILE *infp = NULL; + FILE *outfp = NULL; + + tests++; + + if (!sudo_json_init(&json, 4, false, true)) { + errors++; + continue; + } + + /* Parse input file. */ + if ((infp = fopen(infile, "r")) == NULL) { + sudo_warn("%s", argv[1]); + errors++; + goto next; + } + if (!iolog_parse_json(infp, infile, &root)) { + errors++; + goto next; + } + + /* Format as pretty-printed JSON */ + if (!json_format(&json, &root)) { + errors++; + goto next; + } + + /* Check for a .out.ok file in the same location as the .in file. */ + cp = strrchr(infile, '.'); + if (cp != NULL && strcmp(cp, ".in") == 0) { + snprintf(pathbuf, sizeof(pathbuf), "%.*s.out.ok", + (int)(cp - infile), infile); + if ((outfp = fopen(pathbuf, "r")) != NULL) + outfile = pathbuf; + } + if (outfp == NULL) + outfp = infp; + + /* Compare output to expected output. */ + rewind(outfp); + if (!compare(outfp, outfile, &json)) + errors++; + + /* Write the formatted output to stdout for -c (cat) */ + if (cat) { + fprintf(stdout, "{%s\n}\n", sudo_json_get_buf(&json)); + fflush(stdout); + } + +next: + free_json_items(&root.items); + sudo_json_free(&json); + if (infp != NULL) + fclose(infp); + if (outfp != NULL && outfp != infp) + fclose(outfp); + } + + if (tests != 0) { + printf("iolog_json: %d test%s run, %d errors, %d%% success rate\n", + tests, tests == 1 ? "" : "s", errors, + (tests - errors) * 100 / tests); + } + + exit(errors); +} diff -Nru sudo-1.8.31/lib/iolog/regress/iolog_json/test1.in sudo-1.9.0/lib/iolog/regress/iolog_json/test1.in --- sudo-1.8.31/lib/iolog/regress/iolog_json/test1.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/iolog/regress/iolog_json/test1.in 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,34 @@ +{ + "timestamp": { + "seconds": 1584993067, + "nanoseconds": 880288287 + }, + "columns": 80, + "command": "/usr/bin/make", + "lines": 24, + "runargv": [ + "make", + "test" + ], + "runenv": [ + "LANG=en_US.UTF-8", + "PATH=/bin:/sbin:/usr/games:/usr/bin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin", + "TERM=vt100", + "MAIL=/var/mail/root", + "LOGNAME=root", + "USER=root", + "HOME=/root", + "SHELL=/bin/ksh", + "SUDO_COMMAND=/usr/bin/make test", + "SUDO_USER=millert", + "SUDO_UID=8036", + "SUDO_GID=20", + "A__z=\"*SHLVL" + ], + "runuid": 0, + "runuser": "root", + "submitcwd": "/home/test", + "submithost": "sudo.ws", + "submituser": "millert", + "ttyname": "/dev/console" +} diff -Nru sudo-1.8.31/lib/iolog/regress/iolog_json/test2.in sudo-1.9.0/lib/iolog/regress/iolog_json/test2.in --- sudo-1.8.31/lib/iolog/regress/iolog_json/test2.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/iolog/regress/iolog_json/test2.in 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,28 @@ +{ + "timestamp": { "seconds": 1584993067, "nanoseconds": 880288287 }, + "columns": 80, + "command": "/usr/bin/make", + "lines": 24, + "runargv": [ "make", "test" ], + "runenv": [ + "LANG=en_US.UTF-8", + "PATH=/bin:/sbin:/usr/games:/usr/bin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin", + "TERM=vt100", + "MAIL=/var/mail/root", + "LOGNAME=root", + "USER=root", + "HOME=/root", + "SHELL=/bin/ksh", + "SUDO_COMMAND=/usr/bin/make test", + "SUDO_USER=millert", + "SUDO_UID=8036", + "SUDO_GID=20", + "A__z=\"*SHLVL" + ], + "runuid": 0, + "runuser": "root", + "submitcwd": "/home/test", + "submithost": "sudo.ws", + "submituser": "millert", + "ttyname": "/dev/console" +} diff -Nru sudo-1.8.31/lib/iolog/regress/iolog_json/test2.out.ok sudo-1.9.0/lib/iolog/regress/iolog_json/test2.out.ok --- sudo-1.8.31/lib/iolog/regress/iolog_json/test2.out.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/iolog/regress/iolog_json/test2.out.ok 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,34 @@ +{ + "timestamp": { + "seconds": 1584993067, + "nanoseconds": 880288287 + }, + "columns": 80, + "command": "/usr/bin/make", + "lines": 24, + "runargv": [ + "make", + "test" + ], + "runenv": [ + "LANG=en_US.UTF-8", + "PATH=/bin:/sbin:/usr/games:/usr/bin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin", + "TERM=vt100", + "MAIL=/var/mail/root", + "LOGNAME=root", + "USER=root", + "HOME=/root", + "SHELL=/bin/ksh", + "SUDO_COMMAND=/usr/bin/make test", + "SUDO_USER=millert", + "SUDO_UID=8036", + "SUDO_GID=20", + "A__z=\"*SHLVL" + ], + "runuid": 0, + "runuser": "root", + "submitcwd": "/home/test", + "submithost": "sudo.ws", + "submituser": "millert", + "ttyname": "/dev/console" +} diff -Nru sudo-1.8.31/lib/iolog/regress/iolog_json/test3.in sudo-1.9.0/lib/iolog/regress/iolog_json/test3.in --- sudo-1.8.31/lib/iolog/regress/iolog_json/test3.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/iolog/regress/iolog_json/test3.in 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,22 @@ +{ + "true": false, + "false": true, + "number": 1234567890, + "null": null, + "string": "nonsense", + "scope": { + "a": "b", + "bah": null + }, + "array1": [ + "foo", + "bar", + [ + 123, + null, + false, + "fizz", + "buzz" + ] + ] +} diff -Nru sudo-1.8.31/lib/iolog/regress/iolog_path/check_iolog_path.c sudo-1.9.0/lib/iolog/regress/iolog_path/check_iolog_path.c --- sudo-1.8.31/lib/iolog/regress/iolog_path/check_iolog_path.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/iolog/regress/iolog_path/check_iolog_path.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,279 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2011-2013 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#ifdef HAVE_STRING_H +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#include +#include +#include + +#define SUDO_ERROR_WRAP 0 + +#include "sudo_compat.h" +#include "sudo_util.h" +#include "sudo_fatal.h" +#include "sudo_iolog.h" + +static struct iolog_escape_data { + char sessid[7]; + char *user; + char *group; + char *runas_user; + char *runas_group; + char *host; + char *command; +} escape_data; + +__dso_public int main(int argc, char *argv[]); + +static void +usage(void) +{ + fprintf(stderr, "usage: %s datafile\n", getprogname()); + exit(EXIT_FAILURE); +} + +static void +reset_escape_data(struct iolog_escape_data *data) +{ + free(data->user); + free(data->group); + free(data->runas_user); + free(data->runas_group); + free(data->host); + free(data->command); + memset(data, 0, sizeof(*data)); +} + +static size_t +fill_seq(char *str, size_t strsize, void *unused) +{ + int len; + + /* Path is of the form /var/log/sudo-io/00/00/01. */ + len = snprintf(str, strsize, "%c%c/%c%c/%c%c", escape_data.sessid[0], + escape_data.sessid[1], escape_data.sessid[2], escape_data.sessid[3], + escape_data.sessid[4], escape_data.sessid[5]); + if (len < 0) + return strsize; /* handle non-standard snprintf() */ + return len; +} + +static size_t +fill_user(char *str, size_t strsize, void *unused) +{ + return strlcpy(str, escape_data.user, strsize); +} + +static size_t +fill_group(char *str, size_t strsize, void *unused) +{ + return strlcpy(str, escape_data.group, strsize); +} + +static size_t +fill_runas_user(char *str, size_t strsize, void *unused) +{ + return strlcpy(str, escape_data.runas_user, strsize); +} + +static size_t +fill_runas_group(char *str, size_t strsize, void *unused) +{ + return strlcpy(str, escape_data.runas_group, strsize); +} + +static size_t +fill_hostname(char *str, size_t strsize, void *unused) +{ + return strlcpy(str, escape_data.host, strsize); +} + +static size_t +fill_command(char *str, size_t strsize, void *unused) +{ + return strlcpy(str, escape_data.command, strsize); +} + +/* Note: "seq" must be first in the list. */ +static struct iolog_path_escape path_escapes[] = { + { "seq", fill_seq }, + { "user", fill_user }, + { "group", fill_group }, + { "runas_user", fill_runas_user }, + { "runas_group", fill_runas_group }, + { "hostname", fill_hostname }, + { "command", fill_command }, + { NULL, NULL } +}; + +static int +do_check(char *dir_in, char *file_in, char *tdir_out, char *tfile_out) +{ + char dir[PATH_MAX], dir_out[PATH_MAX]; + char file[PATH_MAX], file_out[PATH_MAX]; + struct tm *timeptr; + time_t now; + int error = 0; + + /* + * Expand any strftime(3) escapes + * XXX - want to pass timeptr to expand_iolog_path + */ + time(&now); + timeptr = localtime(&now); + if (timeptr == NULL) + sudo_fatalx("localtime returned NULL"); + strftime(dir_out, sizeof(dir_out), tdir_out, timeptr); + strftime(file_out, sizeof(file_out), tfile_out, timeptr); + + if (!expand_iolog_path(dir_in, dir, sizeof(dir), &path_escapes[1], NULL)) + sudo_fatalx("unable to expand I/O log dir"); + if (!expand_iolog_path(file_in, file, sizeof(file), &path_escapes[0], dir)) + sudo_fatalx("unable to expand I/O log file"); + + if (strcmp(dir, dir_out) != 0) { + sudo_warnx("%s: expected %s, got %s", dir_in, dir_out, dir); + error = 1; + } + if (strcmp(file, file_out) != 0) { + sudo_warnx("%s: expected %s, got %s", file_in, file_out, file); + error = 1; + } + + return error; +} + +#define MAX_STATE 12 + +int +main(int argc, char *argv[]) +{ + size_t len; + FILE *fp; + char line[2048]; + char *file_in = NULL, *file_out = NULL; + char *dir_in = NULL, *dir_out = NULL; + int state = 0; + int errors = 0; + int tests = 0; + + initprogname(argc > 0 ? argv[0] : "check_iolog_path"); + + if (argc != 2) + usage(); + + fp = fopen(argv[1], "r"); + if (fp == NULL) + sudo_fatalx("unable to open %s", argv[1]); + + /* + * Input consists of 12 lines: + * sequence number + * user name + * user gid + * runas user name + * runas gid + * hostname [short form] + * command + * dir [with escapes] + * file [with escapes] + * expanded dir + * expanded file + * empty line + */ + while (fgets(line, sizeof(line), fp) != NULL) { + len = strcspn(line, "\n"); + line[len] = '\0'; + + switch (state) { + case 0: + strlcpy(escape_data.sessid, line, sizeof(escape_data.sessid)); + break; + case 1: + if ((escape_data.user = strdup(line)) == NULL) + sudo_fatal(NULL); + break; + case 2: + if ((escape_data.group = strdup(line)) == NULL) + sudo_fatal(NULL); + break; + case 3: + if ((escape_data.runas_user = strdup(line)) == NULL) + sudo_fatal(NULL); + break; + case 4: + if ((escape_data.runas_group = strdup(line)) == NULL) + sudo_fatal(NULL); + break; + case 5: + if ((escape_data.host = strdup(line)) == NULL) + sudo_fatal(NULL); + break; + case 6: + if ((escape_data.command = strdup(line)) == NULL) + sudo_fatal(NULL); + break; + case 7: + if (dir_in != NULL) + free(dir_in); + dir_in = strdup(line); + break; + case 8: + if (file_in != NULL) + free(file_in); + file_in = strdup(line); + break; + case 9: + if (dir_out != NULL) + free(dir_out); + dir_out = strdup(line); + break; + case 10: + if (file_out != NULL) + free(file_out); + file_out = strdup(line); + break; + case 11: + errors += do_check(dir_in, file_in, dir_out, file_out); + tests++; + reset_escape_data(&escape_data); + break; + default: + sudo_fatalx("internal error, invalid state %d", state); + } + state = (state + 1) % MAX_STATE; + } + + if (tests != 0) { + printf("iolog_path: %d test%s run, %d errors, %d%% success rate\n", + tests, tests == 1 ? "" : "s", errors, + (tests - errors) * 100 / tests); + } + + exit(errors); +} diff -Nru sudo-1.8.31/lib/iolog/regress/iolog_path/data sudo-1.9.0/lib/iolog/regress/iolog_path/data --- sudo-1.8.31/lib/iolog/regress/iolog_path/data 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/iolog/regress/iolog_path/data 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,96 @@ +000001 +nobody +nogroup +root +root +somehost +id +/var/log/sudo-io +%%{bogus} +/var/log/sudo-io +%%{bogus} + +000001 +nobody +nogroup +root +wheel +somehost +id +/var/log/sudo-io +%%{seq} +/var/log/sudo-io +%%{seq} + +000001 +nobody +nogroup +root +wheel +somehost +id +/var/log/sudo-io +%{seq} +/var/log/sudo-io +00/00/01 + +000001 +nobody +nogroup +root +wheel +somehost +id +/var/log/sudo-io/%{user} +%{seq} +/var/log/sudo-io/nobody +00/00/01 + +000001 +nobody +nogroup +root +wheel +somehost +su +/var/log/sudo-io/%{user}/%{runas_user} +%{command}_%Y%m%s_%H%M +/var/log/sudo-io/nobody/root +su_%Y%m%s_%H%M + +000001 +nobody +nogroup +root +wheel +somehost +su +/var/log/sudo-io/ +//%{user}/%{runas_user}/%{command}_%Y%m%s_%H%M +/var/log/sudo-io +/nobody/root/su_%Y%m%s_%H%M + +000001 +nobody +nogroup +root +wheel +somehost +su +/var/log/sudo-io/%d%m%Y +%{user}/%{runas_user}/%{command} +/var/log/sudo-io/%d%m%Y +nobody/root/su + +000001 +nobody +nogroup +root +wheel +somehost +su +//////// +%{user}/%{runas_user}/%{command} + +nobody/root/su + diff -Nru sudo-1.8.31/lib/iolog/regress/iolog_util/check_iolog_util.c sudo-1.9.0/lib/iolog/regress/iolog_util/check_iolog_util.c --- sudo-1.8.31/lib/iolog/regress/iolog_util/check_iolog_util.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/iolog/regress/iolog_util/check_iolog_util.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,154 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2018 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#ifdef HAVE_STRING_H +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#include +#include + +#define SUDO_ERROR_WRAP 0 + +#include "sudo_compat.h" +#include "sudo_util.h" +#include "sudo_fatal.h" +#include "sudo_iolog.h" + +__dso_public int main(int argc, char *argv[]); + +static struct parse_delay_test { + const char *input; + const char *next_field; + struct timespec expected_delay; +} parse_delay_tests[] = { + { "10.99999999999 X", "X", { 10, 999999999 } }, /* clamp to nsec */ + { "10.999999999 X", "X", { 10, 999999999 } }, /* nsec */ + { "10.999999 X", "X", { 10, 999999000 } }, /* usec -> nsec */ + { "10.000999999 X", "X", { 10, 999999 } }, + { "10.9 X", "X", { 10, 900000000 } }, + { "10.0 X", "X", { 10, 0 } } +}; + +/* + * Test iolog_parse_delay() + */ +void +test_parse_delay(int *ntests, int *nerrors) +{ + unsigned int i; + + for (i = 0; i < nitems(parse_delay_tests); i++) { + struct timespec delay; + struct parse_delay_test *test = &parse_delay_tests[i]; + char *cp = iolog_parse_delay(test->input, &delay, "."); + if (cp == NULL) { + sudo_warnx("%s:%u failed to parse delay: %s", __func__, + i, test->input); + (*nerrors)++; + continue; + } + if (strcmp(cp, test->next_field) != 0) { + sudo_warnx("%s:%u next field (want \"%s\", got \"%s\"", __func__, + i, test->next_field, cp); + (*nerrors)++; + continue; + } + if (delay.tv_sec != test->expected_delay.tv_sec) { + sudo_warnx("%s:%u wrong seconds (want %lld, got %lld)", __func__, + i, (long long)test->expected_delay.tv_sec, + (long long)delay.tv_sec); + (*nerrors)++; + continue; + } + if (delay.tv_nsec != test->expected_delay.tv_nsec) { + sudo_warnx("%s:%u wrong nanoseconds (want %ld, got %ld)", __func__, + i, test->expected_delay.tv_nsec, delay.tv_nsec); + (*nerrors)++; + continue; + } + } + (*ntests) += i; +} + +static struct adjust_delay_test { + struct timespec in_delay; + struct timespec out_delay; + struct timespec max_delay; + double scale_factor; +} adjust_delay_tests[] = { + { { 10, 300 }, { 10, 300 }, { 0, 0 }, 1.0 }, + { { 10, 300 }, { 5, 150 }, { 0, 0 }, 2.0 }, + { { 5, 300 }, { 2, 500000150 }, { 0, 0 }, 2.0 }, + { { 0, 1000000 }, { 0, 333333 }, { 0, 0 }, 3 }, + { { 10, 1000000 }, { 3, 333666666 }, { 0, 0 }, 3 }, + { { 5, 150 }, { 10, 300 }, { 0, 0 }, 0.5 }, + { { 5, 500000000 }, { 11, 0 }, { 0, 0 }, 0.5 }, + { { 5, 150 }, { 5, 0 }, { 5, 0 }, 0.5 } +}; + +/* + * Test iolog_adjust_delay() + */ +void +test_adjust_delay(int *ntests, int *nerrors) +{ + unsigned int i; + + for (i = 0; i < nitems(adjust_delay_tests); i++) { + struct adjust_delay_test *test = &adjust_delay_tests[i]; + + iolog_adjust_delay(&test->in_delay, + sudo_timespecisset(&test->max_delay) ? &test->max_delay : NULL, + test->scale_factor); + if (!sudo_timespeccmp(&test->in_delay, &test->out_delay, ==)) { + sudo_warnx("%s:%u want {%lld, %ld}, got {%lld, %ld}", __func__, i, + (long long)test->out_delay.tv_sec, test->out_delay.tv_nsec, + (long long)test->in_delay.tv_sec, test->in_delay.tv_nsec); + (*nerrors)++; + } + } + (*ntests) += i; +} + +int +main(int argc, char *argv[]) +{ + int tests = 0, errors = 0; + + initprogname(argc > 0 ? argv[0] : "check_iolog_util"); + + test_parse_delay(&tests, &errors); + + test_adjust_delay(&tests, &errors); + + if (tests != 0) { + printf("iolog_util: %d test%s run, %d errors, %d%% success rate\n", + tests, tests == 1 ? "" : "s", errors, + (tests - errors) * 100 / tests); + } + + exit(errors); +} diff -Nru sudo-1.8.31/lib/logsrv/log_server.pb-c.c sudo-1.9.0/lib/logsrv/log_server.pb-c.c --- sudo-1.8.31/lib/logsrv/log_server.pb-c.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/logsrv/log_server.pb-c.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,1740 @@ +/* Generated by the protocol buffer compiler. DO NOT EDIT! */ +/* Generated from: log_server.proto */ + +/* Do not generate deprecated warnings for self */ +#ifndef PROTOBUF_C__NO_DEPRECATED +#define PROTOBUF_C__NO_DEPRECATED +#endif + +#include "log_server.pb-c.h" +void client_message__init + (ClientMessage *message) +{ + static const ClientMessage init_value = CLIENT_MESSAGE__INIT; + *message = init_value; +} +size_t client_message__get_packed_size + (const ClientMessage *message) +{ + assert(message->base.descriptor == &client_message__descriptor); + return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); +} +size_t client_message__pack + (const ClientMessage *message, + uint8_t *out) +{ + assert(message->base.descriptor == &client_message__descriptor); + return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); +} +size_t client_message__pack_to_buffer + (const ClientMessage *message, + ProtobufCBuffer *buffer) +{ + assert(message->base.descriptor == &client_message__descriptor); + return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); +} +ClientMessage * + client_message__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data) +{ + return (ClientMessage *) + protobuf_c_message_unpack (&client_message__descriptor, + allocator, len, data); +} +void client_message__free_unpacked + (ClientMessage *message, + ProtobufCAllocator *allocator) +{ + if(!message) + return; + assert(message->base.descriptor == &client_message__descriptor); + protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); +} +void time_spec__init + (TimeSpec *message) +{ + static const TimeSpec init_value = TIME_SPEC__INIT; + *message = init_value; +} +size_t time_spec__get_packed_size + (const TimeSpec *message) +{ + assert(message->base.descriptor == &time_spec__descriptor); + return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); +} +size_t time_spec__pack + (const TimeSpec *message, + uint8_t *out) +{ + assert(message->base.descriptor == &time_spec__descriptor); + return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); +} +size_t time_spec__pack_to_buffer + (const TimeSpec *message, + ProtobufCBuffer *buffer) +{ + assert(message->base.descriptor == &time_spec__descriptor); + return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); +} +TimeSpec * + time_spec__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data) +{ + return (TimeSpec *) + protobuf_c_message_unpack (&time_spec__descriptor, + allocator, len, data); +} +void time_spec__free_unpacked + (TimeSpec *message, + ProtobufCAllocator *allocator) +{ + if(!message) + return; + assert(message->base.descriptor == &time_spec__descriptor); + protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); +} +void io_buffer__init + (IoBuffer *message) +{ + static const IoBuffer init_value = IO_BUFFER__INIT; + *message = init_value; +} +size_t io_buffer__get_packed_size + (const IoBuffer *message) +{ + assert(message->base.descriptor == &io_buffer__descriptor); + return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); +} +size_t io_buffer__pack + (const IoBuffer *message, + uint8_t *out) +{ + assert(message->base.descriptor == &io_buffer__descriptor); + return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); +} +size_t io_buffer__pack_to_buffer + (const IoBuffer *message, + ProtobufCBuffer *buffer) +{ + assert(message->base.descriptor == &io_buffer__descriptor); + return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); +} +IoBuffer * + io_buffer__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data) +{ + return (IoBuffer *) + protobuf_c_message_unpack (&io_buffer__descriptor, + allocator, len, data); +} +void io_buffer__free_unpacked + (IoBuffer *message, + ProtobufCAllocator *allocator) +{ + if(!message) + return; + assert(message->base.descriptor == &io_buffer__descriptor); + protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); +} +void info_message__string_list__init + (InfoMessage__StringList *message) +{ + static const InfoMessage__StringList init_value = INFO_MESSAGE__STRING_LIST__INIT; + *message = init_value; +} +void info_message__number_list__init + (InfoMessage__NumberList *message) +{ + static const InfoMessage__NumberList init_value = INFO_MESSAGE__NUMBER_LIST__INIT; + *message = init_value; +} +void info_message__init + (InfoMessage *message) +{ + static const InfoMessage init_value = INFO_MESSAGE__INIT; + *message = init_value; +} +size_t info_message__get_packed_size + (const InfoMessage *message) +{ + assert(message->base.descriptor == &info_message__descriptor); + return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); +} +size_t info_message__pack + (const InfoMessage *message, + uint8_t *out) +{ + assert(message->base.descriptor == &info_message__descriptor); + return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); +} +size_t info_message__pack_to_buffer + (const InfoMessage *message, + ProtobufCBuffer *buffer) +{ + assert(message->base.descriptor == &info_message__descriptor); + return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); +} +InfoMessage * + info_message__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data) +{ + return (InfoMessage *) + protobuf_c_message_unpack (&info_message__descriptor, + allocator, len, data); +} +void info_message__free_unpacked + (InfoMessage *message, + ProtobufCAllocator *allocator) +{ + if(!message) + return; + assert(message->base.descriptor == &info_message__descriptor); + protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); +} +void accept_message__init + (AcceptMessage *message) +{ + static const AcceptMessage init_value = ACCEPT_MESSAGE__INIT; + *message = init_value; +} +size_t accept_message__get_packed_size + (const AcceptMessage *message) +{ + assert(message->base.descriptor == &accept_message__descriptor); + return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); +} +size_t accept_message__pack + (const AcceptMessage *message, + uint8_t *out) +{ + assert(message->base.descriptor == &accept_message__descriptor); + return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); +} +size_t accept_message__pack_to_buffer + (const AcceptMessage *message, + ProtobufCBuffer *buffer) +{ + assert(message->base.descriptor == &accept_message__descriptor); + return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); +} +AcceptMessage * + accept_message__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data) +{ + return (AcceptMessage *) + protobuf_c_message_unpack (&accept_message__descriptor, + allocator, len, data); +} +void accept_message__free_unpacked + (AcceptMessage *message, + ProtobufCAllocator *allocator) +{ + if(!message) + return; + assert(message->base.descriptor == &accept_message__descriptor); + protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); +} +void reject_message__init + (RejectMessage *message) +{ + static const RejectMessage init_value = REJECT_MESSAGE__INIT; + *message = init_value; +} +size_t reject_message__get_packed_size + (const RejectMessage *message) +{ + assert(message->base.descriptor == &reject_message__descriptor); + return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); +} +size_t reject_message__pack + (const RejectMessage *message, + uint8_t *out) +{ + assert(message->base.descriptor == &reject_message__descriptor); + return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); +} +size_t reject_message__pack_to_buffer + (const RejectMessage *message, + ProtobufCBuffer *buffer) +{ + assert(message->base.descriptor == &reject_message__descriptor); + return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); +} +RejectMessage * + reject_message__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data) +{ + return (RejectMessage *) + protobuf_c_message_unpack (&reject_message__descriptor, + allocator, len, data); +} +void reject_message__free_unpacked + (RejectMessage *message, + ProtobufCAllocator *allocator) +{ + if(!message) + return; + assert(message->base.descriptor == &reject_message__descriptor); + protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); +} +void exit_message__init + (ExitMessage *message) +{ + static const ExitMessage init_value = EXIT_MESSAGE__INIT; + *message = init_value; +} +size_t exit_message__get_packed_size + (const ExitMessage *message) +{ + assert(message->base.descriptor == &exit_message__descriptor); + return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); +} +size_t exit_message__pack + (const ExitMessage *message, + uint8_t *out) +{ + assert(message->base.descriptor == &exit_message__descriptor); + return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); +} +size_t exit_message__pack_to_buffer + (const ExitMessage *message, + ProtobufCBuffer *buffer) +{ + assert(message->base.descriptor == &exit_message__descriptor); + return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); +} +ExitMessage * + exit_message__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data) +{ + return (ExitMessage *) + protobuf_c_message_unpack (&exit_message__descriptor, + allocator, len, data); +} +void exit_message__free_unpacked + (ExitMessage *message, + ProtobufCAllocator *allocator) +{ + if(!message) + return; + assert(message->base.descriptor == &exit_message__descriptor); + protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); +} +void alert_message__init + (AlertMessage *message) +{ + static const AlertMessage init_value = ALERT_MESSAGE__INIT; + *message = init_value; +} +size_t alert_message__get_packed_size + (const AlertMessage *message) +{ + assert(message->base.descriptor == &alert_message__descriptor); + return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); +} +size_t alert_message__pack + (const AlertMessage *message, + uint8_t *out) +{ + assert(message->base.descriptor == &alert_message__descriptor); + return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); +} +size_t alert_message__pack_to_buffer + (const AlertMessage *message, + ProtobufCBuffer *buffer) +{ + assert(message->base.descriptor == &alert_message__descriptor); + return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); +} +AlertMessage * + alert_message__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data) +{ + return (AlertMessage *) + protobuf_c_message_unpack (&alert_message__descriptor, + allocator, len, data); +} +void alert_message__free_unpacked + (AlertMessage *message, + ProtobufCAllocator *allocator) +{ + if(!message) + return; + assert(message->base.descriptor == &alert_message__descriptor); + protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); +} +void restart_message__init + (RestartMessage *message) +{ + static const RestartMessage init_value = RESTART_MESSAGE__INIT; + *message = init_value; +} +size_t restart_message__get_packed_size + (const RestartMessage *message) +{ + assert(message->base.descriptor == &restart_message__descriptor); + return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); +} +size_t restart_message__pack + (const RestartMessage *message, + uint8_t *out) +{ + assert(message->base.descriptor == &restart_message__descriptor); + return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); +} +size_t restart_message__pack_to_buffer + (const RestartMessage *message, + ProtobufCBuffer *buffer) +{ + assert(message->base.descriptor == &restart_message__descriptor); + return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); +} +RestartMessage * + restart_message__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data) +{ + return (RestartMessage *) + protobuf_c_message_unpack (&restart_message__descriptor, + allocator, len, data); +} +void restart_message__free_unpacked + (RestartMessage *message, + ProtobufCAllocator *allocator) +{ + if(!message) + return; + assert(message->base.descriptor == &restart_message__descriptor); + protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); +} +void change_window_size__init + (ChangeWindowSize *message) +{ + static const ChangeWindowSize init_value = CHANGE_WINDOW_SIZE__INIT; + *message = init_value; +} +size_t change_window_size__get_packed_size + (const ChangeWindowSize *message) +{ + assert(message->base.descriptor == &change_window_size__descriptor); + return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); +} +size_t change_window_size__pack + (const ChangeWindowSize *message, + uint8_t *out) +{ + assert(message->base.descriptor == &change_window_size__descriptor); + return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); +} +size_t change_window_size__pack_to_buffer + (const ChangeWindowSize *message, + ProtobufCBuffer *buffer) +{ + assert(message->base.descriptor == &change_window_size__descriptor); + return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); +} +ChangeWindowSize * + change_window_size__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data) +{ + return (ChangeWindowSize *) + protobuf_c_message_unpack (&change_window_size__descriptor, + allocator, len, data); +} +void change_window_size__free_unpacked + (ChangeWindowSize *message, + ProtobufCAllocator *allocator) +{ + if(!message) + return; + assert(message->base.descriptor == &change_window_size__descriptor); + protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); +} +void command_suspend__init + (CommandSuspend *message) +{ + static const CommandSuspend init_value = COMMAND_SUSPEND__INIT; + *message = init_value; +} +size_t command_suspend__get_packed_size + (const CommandSuspend *message) +{ + assert(message->base.descriptor == &command_suspend__descriptor); + return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); +} +size_t command_suspend__pack + (const CommandSuspend *message, + uint8_t *out) +{ + assert(message->base.descriptor == &command_suspend__descriptor); + return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); +} +size_t command_suspend__pack_to_buffer + (const CommandSuspend *message, + ProtobufCBuffer *buffer) +{ + assert(message->base.descriptor == &command_suspend__descriptor); + return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); +} +CommandSuspend * + command_suspend__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data) +{ + return (CommandSuspend *) + protobuf_c_message_unpack (&command_suspend__descriptor, + allocator, len, data); +} +void command_suspend__free_unpacked + (CommandSuspend *message, + ProtobufCAllocator *allocator) +{ + if(!message) + return; + assert(message->base.descriptor == &command_suspend__descriptor); + protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); +} +void client_hello__init + (ClientHello *message) +{ + static const ClientHello init_value = CLIENT_HELLO__INIT; + *message = init_value; +} +size_t client_hello__get_packed_size + (const ClientHello *message) +{ + assert(message->base.descriptor == &client_hello__descriptor); + return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); +} +size_t client_hello__pack + (const ClientHello *message, + uint8_t *out) +{ + assert(message->base.descriptor == &client_hello__descriptor); + return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); +} +size_t client_hello__pack_to_buffer + (const ClientHello *message, + ProtobufCBuffer *buffer) +{ + assert(message->base.descriptor == &client_hello__descriptor); + return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); +} +ClientHello * + client_hello__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data) +{ + return (ClientHello *) + protobuf_c_message_unpack (&client_hello__descriptor, + allocator, len, data); +} +void client_hello__free_unpacked + (ClientHello *message, + ProtobufCAllocator *allocator) +{ + if(!message) + return; + assert(message->base.descriptor == &client_hello__descriptor); + protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); +} +void server_message__init + (ServerMessage *message) +{ + static const ServerMessage init_value = SERVER_MESSAGE__INIT; + *message = init_value; +} +size_t server_message__get_packed_size + (const ServerMessage *message) +{ + assert(message->base.descriptor == &server_message__descriptor); + return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); +} +size_t server_message__pack + (const ServerMessage *message, + uint8_t *out) +{ + assert(message->base.descriptor == &server_message__descriptor); + return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); +} +size_t server_message__pack_to_buffer + (const ServerMessage *message, + ProtobufCBuffer *buffer) +{ + assert(message->base.descriptor == &server_message__descriptor); + return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); +} +ServerMessage * + server_message__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data) +{ + return (ServerMessage *) + protobuf_c_message_unpack (&server_message__descriptor, + allocator, len, data); +} +void server_message__free_unpacked + (ServerMessage *message, + ProtobufCAllocator *allocator) +{ + if(!message) + return; + assert(message->base.descriptor == &server_message__descriptor); + protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); +} +void server_hello__init + (ServerHello *message) +{ + static const ServerHello init_value = SERVER_HELLO__INIT; + *message = init_value; +} +size_t server_hello__get_packed_size + (const ServerHello *message) +{ + assert(message->base.descriptor == &server_hello__descriptor); + return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); +} +size_t server_hello__pack + (const ServerHello *message, + uint8_t *out) +{ + assert(message->base.descriptor == &server_hello__descriptor); + return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); +} +size_t server_hello__pack_to_buffer + (const ServerHello *message, + ProtobufCBuffer *buffer) +{ + assert(message->base.descriptor == &server_hello__descriptor); + return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); +} +ServerHello * + server_hello__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data) +{ + return (ServerHello *) + protobuf_c_message_unpack (&server_hello__descriptor, + allocator, len, data); +} +void server_hello__free_unpacked + (ServerHello *message, + ProtobufCAllocator *allocator) +{ + if(!message) + return; + assert(message->base.descriptor == &server_hello__descriptor); + protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); +} +static const ProtobufCFieldDescriptor client_message__field_descriptors[13] = +{ + { + "accept_msg", + 1, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + offsetof(ClientMessage, type_case), + offsetof(ClientMessage, accept_msg), + &accept_message__descriptor, + NULL, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "reject_msg", + 2, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + offsetof(ClientMessage, type_case), + offsetof(ClientMessage, reject_msg), + &reject_message__descriptor, + NULL, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "exit_msg", + 3, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + offsetof(ClientMessage, type_case), + offsetof(ClientMessage, exit_msg), + &exit_message__descriptor, + NULL, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "restart_msg", + 4, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + offsetof(ClientMessage, type_case), + offsetof(ClientMessage, restart_msg), + &restart_message__descriptor, + NULL, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "alert_msg", + 5, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + offsetof(ClientMessage, type_case), + offsetof(ClientMessage, alert_msg), + &alert_message__descriptor, + NULL, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "ttyin_buf", + 6, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + offsetof(ClientMessage, type_case), + offsetof(ClientMessage, ttyin_buf), + &io_buffer__descriptor, + NULL, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "ttyout_buf", + 7, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + offsetof(ClientMessage, type_case), + offsetof(ClientMessage, ttyout_buf), + &io_buffer__descriptor, + NULL, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "stdin_buf", + 8, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + offsetof(ClientMessage, type_case), + offsetof(ClientMessage, stdin_buf), + &io_buffer__descriptor, + NULL, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "stdout_buf", + 9, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + offsetof(ClientMessage, type_case), + offsetof(ClientMessage, stdout_buf), + &io_buffer__descriptor, + NULL, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "stderr_buf", + 10, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + offsetof(ClientMessage, type_case), + offsetof(ClientMessage, stderr_buf), + &io_buffer__descriptor, + NULL, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "winsize_event", + 11, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + offsetof(ClientMessage, type_case), + offsetof(ClientMessage, winsize_event), + &change_window_size__descriptor, + NULL, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "suspend_event", + 12, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + offsetof(ClientMessage, type_case), + offsetof(ClientMessage, suspend_event), + &command_suspend__descriptor, + NULL, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "hello_msg", + 13, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + offsetof(ClientMessage, type_case), + offsetof(ClientMessage, hello_msg), + &client_hello__descriptor, + NULL, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, +}; +static const unsigned client_message__field_indices_by_name[] = { + 0, /* field[0] = accept_msg */ + 4, /* field[4] = alert_msg */ + 2, /* field[2] = exit_msg */ + 12, /* field[12] = hello_msg */ + 1, /* field[1] = reject_msg */ + 3, /* field[3] = restart_msg */ + 9, /* field[9] = stderr_buf */ + 7, /* field[7] = stdin_buf */ + 8, /* field[8] = stdout_buf */ + 11, /* field[11] = suspend_event */ + 5, /* field[5] = ttyin_buf */ + 6, /* field[6] = ttyout_buf */ + 10, /* field[10] = winsize_event */ +}; +static const ProtobufCIntRange client_message__number_ranges[1 + 1] = +{ + { 1, 0 }, + { 0, 13 } +}; +const ProtobufCMessageDescriptor client_message__descriptor = +{ + PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, + "ClientMessage", + "ClientMessage", + "ClientMessage", + "", + sizeof(ClientMessage), + 13, + client_message__field_descriptors, + client_message__field_indices_by_name, + 1, client_message__number_ranges, + (ProtobufCMessageInit) client_message__init, + NULL,NULL,NULL /* reserved[123] */ +}; +static const ProtobufCFieldDescriptor time_spec__field_descriptors[2] = +{ + { + "tv_sec", + 1, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_INT64, + 0, /* quantifier_offset */ + offsetof(TimeSpec, tv_sec), + NULL, + NULL, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "tv_nsec", + 2, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_INT32, + 0, /* quantifier_offset */ + offsetof(TimeSpec, tv_nsec), + NULL, + NULL, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, +}; +static const unsigned time_spec__field_indices_by_name[] = { + 1, /* field[1] = tv_nsec */ + 0, /* field[0] = tv_sec */ +}; +static const ProtobufCIntRange time_spec__number_ranges[1 + 1] = +{ + { 1, 0 }, + { 0, 2 } +}; +const ProtobufCMessageDescriptor time_spec__descriptor = +{ + PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, + "TimeSpec", + "TimeSpec", + "TimeSpec", + "", + sizeof(TimeSpec), + 2, + time_spec__field_descriptors, + time_spec__field_indices_by_name, + 1, time_spec__number_ranges, + (ProtobufCMessageInit) time_spec__init, + NULL,NULL,NULL /* reserved[123] */ +}; +static const ProtobufCFieldDescriptor io_buffer__field_descriptors[2] = +{ + { + "delay", + 1, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + 0, /* quantifier_offset */ + offsetof(IoBuffer, delay), + &time_spec__descriptor, + NULL, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "data", + 2, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_BYTES, + 0, /* quantifier_offset */ + offsetof(IoBuffer, data), + NULL, + NULL, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, +}; +static const unsigned io_buffer__field_indices_by_name[] = { + 1, /* field[1] = data */ + 0, /* field[0] = delay */ +}; +static const ProtobufCIntRange io_buffer__number_ranges[1 + 1] = +{ + { 1, 0 }, + { 0, 2 } +}; +const ProtobufCMessageDescriptor io_buffer__descriptor = +{ + PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, + "IoBuffer", + "IoBuffer", + "IoBuffer", + "", + sizeof(IoBuffer), + 2, + io_buffer__field_descriptors, + io_buffer__field_indices_by_name, + 1, io_buffer__number_ranges, + (ProtobufCMessageInit) io_buffer__init, + NULL,NULL,NULL /* reserved[123] */ +}; +static const ProtobufCFieldDescriptor info_message__string_list__field_descriptors[1] = +{ + { + "strings", + 1, + PROTOBUF_C_LABEL_REPEATED, + PROTOBUF_C_TYPE_STRING, + offsetof(InfoMessage__StringList, n_strings), + offsetof(InfoMessage__StringList, strings), + NULL, + &protobuf_c_empty_string, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, +}; +static const unsigned info_message__string_list__field_indices_by_name[] = { + 0, /* field[0] = strings */ +}; +static const ProtobufCIntRange info_message__string_list__number_ranges[1 + 1] = +{ + { 1, 0 }, + { 0, 1 } +}; +const ProtobufCMessageDescriptor info_message__string_list__descriptor = +{ + PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, + "InfoMessage.StringList", + "StringList", + "InfoMessage__StringList", + "", + sizeof(InfoMessage__StringList), + 1, + info_message__string_list__field_descriptors, + info_message__string_list__field_indices_by_name, + 1, info_message__string_list__number_ranges, + (ProtobufCMessageInit) info_message__string_list__init, + NULL,NULL,NULL /* reserved[123] */ +}; +static const ProtobufCFieldDescriptor info_message__number_list__field_descriptors[1] = +{ + { + "numbers", + 1, + PROTOBUF_C_LABEL_REPEATED, + PROTOBUF_C_TYPE_INT64, + offsetof(InfoMessage__NumberList, n_numbers), + offsetof(InfoMessage__NumberList, numbers), + NULL, + NULL, + 0 | PROTOBUF_C_FIELD_FLAG_PACKED, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, +}; +static const unsigned info_message__number_list__field_indices_by_name[] = { + 0, /* field[0] = numbers */ +}; +static const ProtobufCIntRange info_message__number_list__number_ranges[1 + 1] = +{ + { 1, 0 }, + { 0, 1 } +}; +const ProtobufCMessageDescriptor info_message__number_list__descriptor = +{ + PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, + "InfoMessage.NumberList", + "NumberList", + "InfoMessage__NumberList", + "", + sizeof(InfoMessage__NumberList), + 1, + info_message__number_list__field_descriptors, + info_message__number_list__field_indices_by_name, + 1, info_message__number_list__number_ranges, + (ProtobufCMessageInit) info_message__number_list__init, + NULL,NULL,NULL /* reserved[123] */ +}; +static const ProtobufCFieldDescriptor info_message__field_descriptors[5] = +{ + { + "key", + 1, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_STRING, + 0, /* quantifier_offset */ + offsetof(InfoMessage, key), + NULL, + &protobuf_c_empty_string, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "numval", + 2, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_INT64, + offsetof(InfoMessage, value_case), + offsetof(InfoMessage, numval), + NULL, + NULL, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "strval", + 3, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_STRING, + offsetof(InfoMessage, value_case), + offsetof(InfoMessage, strval), + NULL, + &protobuf_c_empty_string, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "strlistval", + 4, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + offsetof(InfoMessage, value_case), + offsetof(InfoMessage, strlistval), + &info_message__string_list__descriptor, + NULL, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "numlistval", + 5, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + offsetof(InfoMessage, value_case), + offsetof(InfoMessage, numlistval), + &info_message__number_list__descriptor, + NULL, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, +}; +static const unsigned info_message__field_indices_by_name[] = { + 0, /* field[0] = key */ + 4, /* field[4] = numlistval */ + 1, /* field[1] = numval */ + 3, /* field[3] = strlistval */ + 2, /* field[2] = strval */ +}; +static const ProtobufCIntRange info_message__number_ranges[1 + 1] = +{ + { 1, 0 }, + { 0, 5 } +}; +const ProtobufCMessageDescriptor info_message__descriptor = +{ + PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, + "InfoMessage", + "InfoMessage", + "InfoMessage", + "", + sizeof(InfoMessage), + 5, + info_message__field_descriptors, + info_message__field_indices_by_name, + 1, info_message__number_ranges, + (ProtobufCMessageInit) info_message__init, + NULL,NULL,NULL /* reserved[123] */ +}; +static const ProtobufCFieldDescriptor accept_message__field_descriptors[3] = +{ + { + "submit_time", + 1, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + 0, /* quantifier_offset */ + offsetof(AcceptMessage, submit_time), + &time_spec__descriptor, + NULL, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "info_msgs", + 2, + PROTOBUF_C_LABEL_REPEATED, + PROTOBUF_C_TYPE_MESSAGE, + offsetof(AcceptMessage, n_info_msgs), + offsetof(AcceptMessage, info_msgs), + &info_message__descriptor, + NULL, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "expect_iobufs", + 3, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_BOOL, + 0, /* quantifier_offset */ + offsetof(AcceptMessage, expect_iobufs), + NULL, + NULL, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, +}; +static const unsigned accept_message__field_indices_by_name[] = { + 2, /* field[2] = expect_iobufs */ + 1, /* field[1] = info_msgs */ + 0, /* field[0] = submit_time */ +}; +static const ProtobufCIntRange accept_message__number_ranges[1 + 1] = +{ + { 1, 0 }, + { 0, 3 } +}; +const ProtobufCMessageDescriptor accept_message__descriptor = +{ + PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, + "AcceptMessage", + "AcceptMessage", + "AcceptMessage", + "", + sizeof(AcceptMessage), + 3, + accept_message__field_descriptors, + accept_message__field_indices_by_name, + 1, accept_message__number_ranges, + (ProtobufCMessageInit) accept_message__init, + NULL,NULL,NULL /* reserved[123] */ +}; +static const ProtobufCFieldDescriptor reject_message__field_descriptors[3] = +{ + { + "submit_time", + 1, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + 0, /* quantifier_offset */ + offsetof(RejectMessage, submit_time), + &time_spec__descriptor, + NULL, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "reason", + 2, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_STRING, + 0, /* quantifier_offset */ + offsetof(RejectMessage, reason), + NULL, + &protobuf_c_empty_string, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "info_msgs", + 3, + PROTOBUF_C_LABEL_REPEATED, + PROTOBUF_C_TYPE_MESSAGE, + offsetof(RejectMessage, n_info_msgs), + offsetof(RejectMessage, info_msgs), + &info_message__descriptor, + NULL, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, +}; +static const unsigned reject_message__field_indices_by_name[] = { + 2, /* field[2] = info_msgs */ + 1, /* field[1] = reason */ + 0, /* field[0] = submit_time */ +}; +static const ProtobufCIntRange reject_message__number_ranges[1 + 1] = +{ + { 1, 0 }, + { 0, 3 } +}; +const ProtobufCMessageDescriptor reject_message__descriptor = +{ + PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, + "RejectMessage", + "RejectMessage", + "RejectMessage", + "", + sizeof(RejectMessage), + 3, + reject_message__field_descriptors, + reject_message__field_indices_by_name, + 1, reject_message__number_ranges, + (ProtobufCMessageInit) reject_message__init, + NULL,NULL,NULL /* reserved[123] */ +}; +static const ProtobufCFieldDescriptor exit_message__field_descriptors[5] = +{ + { + "run_time", + 1, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + 0, /* quantifier_offset */ + offsetof(ExitMessage, run_time), + &time_spec__descriptor, + NULL, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "exit_value", + 2, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_INT32, + 0, /* quantifier_offset */ + offsetof(ExitMessage, exit_value), + NULL, + NULL, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "dumped_core", + 3, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_BOOL, + 0, /* quantifier_offset */ + offsetof(ExitMessage, dumped_core), + NULL, + NULL, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "signal", + 4, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_STRING, + 0, /* quantifier_offset */ + offsetof(ExitMessage, signal), + NULL, + &protobuf_c_empty_string, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "error", + 5, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_STRING, + 0, /* quantifier_offset */ + offsetof(ExitMessage, error), + NULL, + &protobuf_c_empty_string, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, +}; +static const unsigned exit_message__field_indices_by_name[] = { + 2, /* field[2] = dumped_core */ + 4, /* field[4] = error */ + 1, /* field[1] = exit_value */ + 0, /* field[0] = run_time */ + 3, /* field[3] = signal */ +}; +static const ProtobufCIntRange exit_message__number_ranges[1 + 1] = +{ + { 1, 0 }, + { 0, 5 } +}; +const ProtobufCMessageDescriptor exit_message__descriptor = +{ + PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, + "ExitMessage", + "ExitMessage", + "ExitMessage", + "", + sizeof(ExitMessage), + 5, + exit_message__field_descriptors, + exit_message__field_indices_by_name, + 1, exit_message__number_ranges, + (ProtobufCMessageInit) exit_message__init, + NULL,NULL,NULL /* reserved[123] */ +}; +static const ProtobufCFieldDescriptor alert_message__field_descriptors[2] = +{ + { + "alert_time", + 1, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + 0, /* quantifier_offset */ + offsetof(AlertMessage, alert_time), + &time_spec__descriptor, + NULL, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "reason", + 2, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_STRING, + 0, /* quantifier_offset */ + offsetof(AlertMessage, reason), + NULL, + &protobuf_c_empty_string, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, +}; +static const unsigned alert_message__field_indices_by_name[] = { + 0, /* field[0] = alert_time */ + 1, /* field[1] = reason */ +}; +static const ProtobufCIntRange alert_message__number_ranges[1 + 1] = +{ + { 1, 0 }, + { 0, 2 } +}; +const ProtobufCMessageDescriptor alert_message__descriptor = +{ + PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, + "AlertMessage", + "AlertMessage", + "AlertMessage", + "", + sizeof(AlertMessage), + 2, + alert_message__field_descriptors, + alert_message__field_indices_by_name, + 1, alert_message__number_ranges, + (ProtobufCMessageInit) alert_message__init, + NULL,NULL,NULL /* reserved[123] */ +}; +static const ProtobufCFieldDescriptor restart_message__field_descriptors[2] = +{ + { + "log_id", + 1, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_STRING, + 0, /* quantifier_offset */ + offsetof(RestartMessage, log_id), + NULL, + &protobuf_c_empty_string, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "resume_point", + 2, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + 0, /* quantifier_offset */ + offsetof(RestartMessage, resume_point), + &time_spec__descriptor, + NULL, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, +}; +static const unsigned restart_message__field_indices_by_name[] = { + 0, /* field[0] = log_id */ + 1, /* field[1] = resume_point */ +}; +static const ProtobufCIntRange restart_message__number_ranges[1 + 1] = +{ + { 1, 0 }, + { 0, 2 } +}; +const ProtobufCMessageDescriptor restart_message__descriptor = +{ + PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, + "RestartMessage", + "RestartMessage", + "RestartMessage", + "", + sizeof(RestartMessage), + 2, + restart_message__field_descriptors, + restart_message__field_indices_by_name, + 1, restart_message__number_ranges, + (ProtobufCMessageInit) restart_message__init, + NULL,NULL,NULL /* reserved[123] */ +}; +static const ProtobufCFieldDescriptor change_window_size__field_descriptors[3] = +{ + { + "delay", + 1, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + 0, /* quantifier_offset */ + offsetof(ChangeWindowSize, delay), + &time_spec__descriptor, + NULL, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "rows", + 2, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_INT32, + 0, /* quantifier_offset */ + offsetof(ChangeWindowSize, rows), + NULL, + NULL, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "cols", + 3, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_INT32, + 0, /* quantifier_offset */ + offsetof(ChangeWindowSize, cols), + NULL, + NULL, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, +}; +static const unsigned change_window_size__field_indices_by_name[] = { + 2, /* field[2] = cols */ + 0, /* field[0] = delay */ + 1, /* field[1] = rows */ +}; +static const ProtobufCIntRange change_window_size__number_ranges[1 + 1] = +{ + { 1, 0 }, + { 0, 3 } +}; +const ProtobufCMessageDescriptor change_window_size__descriptor = +{ + PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, + "ChangeWindowSize", + "ChangeWindowSize", + "ChangeWindowSize", + "", + sizeof(ChangeWindowSize), + 3, + change_window_size__field_descriptors, + change_window_size__field_indices_by_name, + 1, change_window_size__number_ranges, + (ProtobufCMessageInit) change_window_size__init, + NULL,NULL,NULL /* reserved[123] */ +}; +static const ProtobufCFieldDescriptor command_suspend__field_descriptors[2] = +{ + { + "delay", + 1, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + 0, /* quantifier_offset */ + offsetof(CommandSuspend, delay), + &time_spec__descriptor, + NULL, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "signal", + 2, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_STRING, + 0, /* quantifier_offset */ + offsetof(CommandSuspend, signal), + NULL, + &protobuf_c_empty_string, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, +}; +static const unsigned command_suspend__field_indices_by_name[] = { + 0, /* field[0] = delay */ + 1, /* field[1] = signal */ +}; +static const ProtobufCIntRange command_suspend__number_ranges[1 + 1] = +{ + { 1, 0 }, + { 0, 2 } +}; +const ProtobufCMessageDescriptor command_suspend__descriptor = +{ + PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, + "CommandSuspend", + "CommandSuspend", + "CommandSuspend", + "", + sizeof(CommandSuspend), + 2, + command_suspend__field_descriptors, + command_suspend__field_indices_by_name, + 1, command_suspend__number_ranges, + (ProtobufCMessageInit) command_suspend__init, + NULL,NULL,NULL /* reserved[123] */ +}; +static const ProtobufCFieldDescriptor client_hello__field_descriptors[1] = +{ + { + "client_id", + 1, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_STRING, + 0, /* quantifier_offset */ + offsetof(ClientHello, client_id), + NULL, + &protobuf_c_empty_string, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, +}; +static const unsigned client_hello__field_indices_by_name[] = { + 0, /* field[0] = client_id */ +}; +static const ProtobufCIntRange client_hello__number_ranges[1 + 1] = +{ + { 1, 0 }, + { 0, 1 } +}; +const ProtobufCMessageDescriptor client_hello__descriptor = +{ + PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, + "ClientHello", + "ClientHello", + "ClientHello", + "", + sizeof(ClientHello), + 1, + client_hello__field_descriptors, + client_hello__field_indices_by_name, + 1, client_hello__number_ranges, + (ProtobufCMessageInit) client_hello__init, + NULL,NULL,NULL /* reserved[123] */ +}; +static const ProtobufCFieldDescriptor server_message__field_descriptors[5] = +{ + { + "hello", + 1, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + offsetof(ServerMessage, type_case), + offsetof(ServerMessage, hello), + &server_hello__descriptor, + NULL, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "commit_point", + 2, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + offsetof(ServerMessage, type_case), + offsetof(ServerMessage, commit_point), + &time_spec__descriptor, + NULL, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "log_id", + 3, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_STRING, + offsetof(ServerMessage, type_case), + offsetof(ServerMessage, log_id), + NULL, + &protobuf_c_empty_string, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "error", + 4, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_STRING, + offsetof(ServerMessage, type_case), + offsetof(ServerMessage, error), + NULL, + &protobuf_c_empty_string, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "abort", + 5, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_STRING, + offsetof(ServerMessage, type_case), + offsetof(ServerMessage, abort), + NULL, + &protobuf_c_empty_string, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, +}; +static const unsigned server_message__field_indices_by_name[] = { + 4, /* field[4] = abort */ + 1, /* field[1] = commit_point */ + 3, /* field[3] = error */ + 0, /* field[0] = hello */ + 2, /* field[2] = log_id */ +}; +static const ProtobufCIntRange server_message__number_ranges[1 + 1] = +{ + { 1, 0 }, + { 0, 5 } +}; +const ProtobufCMessageDescriptor server_message__descriptor = +{ + PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, + "ServerMessage", + "ServerMessage", + "ServerMessage", + "", + sizeof(ServerMessage), + 5, + server_message__field_descriptors, + server_message__field_indices_by_name, + 1, server_message__number_ranges, + (ProtobufCMessageInit) server_message__init, + NULL,NULL,NULL /* reserved[123] */ +}; +static const ProtobufCFieldDescriptor server_hello__field_descriptors[3] = +{ + { + "server_id", + 1, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_STRING, + 0, /* quantifier_offset */ + offsetof(ServerHello, server_id), + NULL, + &protobuf_c_empty_string, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "redirect", + 2, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_STRING, + 0, /* quantifier_offset */ + offsetof(ServerHello, redirect), + NULL, + &protobuf_c_empty_string, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "servers", + 3, + PROTOBUF_C_LABEL_REPEATED, + PROTOBUF_C_TYPE_STRING, + offsetof(ServerHello, n_servers), + offsetof(ServerHello, servers), + NULL, + &protobuf_c_empty_string, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, +}; +static const unsigned server_hello__field_indices_by_name[] = { + 1, /* field[1] = redirect */ + 0, /* field[0] = server_id */ + 2, /* field[2] = servers */ +}; +static const ProtobufCIntRange server_hello__number_ranges[1 + 1] = +{ + { 1, 0 }, + { 0, 3 } +}; +const ProtobufCMessageDescriptor server_hello__descriptor = +{ + PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, + "ServerHello", + "ServerHello", + "ServerHello", + "", + sizeof(ServerHello), + 3, + server_hello__field_descriptors, + server_hello__field_indices_by_name, + 1, server_hello__number_ranges, + (ProtobufCMessageInit) server_hello__init, + NULL,NULL,NULL /* reserved[123] */ +}; diff -Nru sudo-1.8.31/lib/logsrv/log_server.proto sudo-1.9.0/lib/logsrv/log_server.proto --- sudo-1.8.31/lib/logsrv/log_server.proto 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/logsrv/log_server.proto 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,134 @@ +syntax = "proto3"; + +/* + * Client message to the server. Messages on the wire are + * prefixed with a 32-bit size in network byte order. + */ +message ClientMessage { + oneof type { + AcceptMessage accept_msg = 1; + RejectMessage reject_msg = 2; + ExitMessage exit_msg = 3; + RestartMessage restart_msg = 4; + AlertMessage alert_msg = 5; + IoBuffer ttyin_buf = 6; + IoBuffer ttyout_buf = 7; + IoBuffer stdin_buf = 8; + IoBuffer stdout_buf = 9; + IoBuffer stderr_buf = 10; + ChangeWindowSize winsize_event = 11; + CommandSuspend suspend_event = 12; + ClientHello hello_msg = 13; + } +} + +/* Equivalent of POSIX struct timespec */ +message TimeSpec { + int64 tv_sec = 1; /* seconds */ + int32 tv_nsec = 2; /* nanoseconds */ +} + +/* I/O buffer with keystroke data */ +message IoBuffer { + TimeSpec delay = 1; /* elapsed time since last record */ + bytes data = 2; /* keystroke data */ +} + +/* + * Key/value pairs, like Privilege Manager struct info. + * The value may be a number, a string, or a list of strings. + */ +message InfoMessage { + message StringList { + repeated string strings = 1; + } + message NumberList { + repeated int64 numbers = 1; + } + string key = 1; + oneof value { + int64 numval = 2; + string strval = 3; + StringList strlistval = 4; + NumberList numlistval = 5; + } +} + +/* + * Event log data for command accepted by the policy. + */ +message AcceptMessage { + TimeSpec submit_time = 1; /* when command was submitted */ + repeated InfoMessage info_msgs = 2; /* key,value event log data */ + bool expect_iobufs = 3; /* true if I/O logging enabled */ +} + +/* + * Event log data for command rejected by the policy. + */ +message RejectMessage { + TimeSpec submit_time = 1; /* when command was submitted */ + string reason = 2; /* reason command was rejected */ + repeated InfoMessage info_msgs = 3; /* key,value event log data */ +} + +/* Message sent by client when command exits. */ +/* Might revisit runtime and use end_time instead */ +message ExitMessage { + TimeSpec run_time = 1; /* total elapsed run time */ + int32 exit_value = 2; /* 0-255 */ + bool dumped_core = 3; /* true if command dumped core */ + string signal = 4; /* signal name if killed by signal */ + string error = 5; /* if killed due to other error */ +} + +/* Alert message, policy module-specific. */ +message AlertMessage { + TimeSpec alert_time = 1; /* time alert message occurred */ + string reason = 2; /* description of policy violation */ +} + +/* Used to restart an existing I/O log on the server. */ +message RestartMessage { + string log_id = 1; /* ID of log being restarted */ + TimeSpec resume_point = 2; /* resume point (elapsed time) */ +} + +/* Window size change event. */ +message ChangeWindowSize { + TimeSpec delay = 1; /* elapsed time since last record */ + int32 rows = 2; /* new number of rows */ + int32 cols = 3; /* new number of columns */ +} + +/* Command suspend/resume event. */ +message CommandSuspend { + TimeSpec delay = 1; /* elapsed time since last record */ + string signal = 2; /* signal that caused suspend/resume */ +} + +/* Hello message from client when connecting to server. */ +message ClientHello { + string client_id = 1; /* free-form client description */ +} + +/* + * Server messages to the client. Messages on the wire are + * prefixed with a 32-bit size in network byte order. + */ +message ServerMessage { + oneof type { + ServerHello hello = 1; /* server hello message */ + TimeSpec commit_point = 2; /* cumulative time of records stored */ + string log_id = 3; /* ID of server-side I/O log */ + string error = 4; /* error message from server */ + string abort = 5; /* abort message, kill command */ + } +} + +/* Hello message from server when client connects. */ +message ServerHello { + string server_id = 1; /* free-form server description */ + string redirect = 2; /* optional redirect if busy */ + repeated string servers = 3; /* optional list of known servers */ +} diff -Nru sudo-1.8.31/lib/logsrv/Makefile.in sudo-1.9.0/lib/logsrv/Makefile.in --- sudo-1.8.31/lib/logsrv/Makefile.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/logsrv/Makefile.in 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,183 @@ +# +# SPDX-License-Identifier: ISC +# +# Copyright (c) 2019 Todd C. Miller +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# +# @configure_input@ +# + +#### Start of system configuration section. #### + +srcdir = @srcdir@ +abs_srcdir = @abs_srcdir@ +top_srcdir = @top_srcdir@ +abs_top_srcdir = @abs_top_srcdir@ +top_builddir = @top_builddir@ +abs_top_builddir = @abs_top_builddir@ +devdir = @devdir@ +scriptdir = $(top_srcdir)/scripts +incdir = $(top_srcdir)/include + +# Compiler & tools to use +CC = @CC@ +LIBTOOL = @LIBTOOL@ + +# C preprocessor flags +CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(srcdir) -I$(top_srcdir) @CPPFLAGS@ + +# Usually -O and/or -g +CFLAGS = @CFLAGS@ + +# Flags to pass to libtool +LTFLAGS = @LT_STATIC@ + +# Address sanitizer flags +ASAN_CFLAGS = @ASAN_CFLAGS@ +ASAN_LDFLAGS = @ASAN_LDFLAGS@ + +# PIE flags +PIE_CFLAGS = @PIE_CFLAGS@ +PIE_LDFLAGS = @PIE_LDFLAGS@ + +# Stack smashing protection flags +SSP_CFLAGS = @SSP_CFLAGS@ +SSP_LDFLAGS = @SSP_LDFLAGS@ + +# cppcheck options, usually set in the top-level Makefile +CPPCHECK_OPTS = -q --force --enable=warning,performance,portability --suppress=constStatement --error-exitcode=1 --inline-suppr -Dva_copy=va_copy -U__cplusplus -UQUAD_MAX -UQUAD_MIN -UUQUAD_MAX -U_POSIX_HOST_NAME_MAX -U_POSIX_PATH_MAX -U__NBBY -DNSIG=64 + +# splint options, usually set in the top-level Makefile +SPLINT_OPTS = -D__restrict= -checks + +# PVS-studio options +PVS_CFG = $(top_srcdir)/PVS-Studio.cfg +PVS_IGNORE = 'V707,V011,V002,V536' +PVS_LOG_OPTS = -a 'GA:1,2' -e -t errorfile -d $(PVS_IGNORE) + +# Set to non-empty for development mode +DEVEL = @DEVEL@ + +#### End of system configuration section. #### + +SHELL = @SHELL@ + +LIBLOGSRV_OBJS = protobuf-c.lo log_server.pb-c.lo + +IOBJS = $(LIBLOGSRV_OBJS:.lo=.i) + +POBJS = $(IOBJS:.i=.plog) + +GENERATED = log_server.pb-c.h log_server.pb-c.c + +all: liblogsrv.la + +pvs-log-files: $(POBJS) + +pvs-studio: $(POBJS) + plog-converter $(PVS_LOG_OPTS) $(POBJS) + +depend: + $(scriptdir)/mkdep.pl --srcdir=$(abs_top_srcdir) \ + --builddir=$(abs_top_builddir) lib/logsrv/Makefile.in + cd $(top_builddir) && ./config.status --file lib/logsrv/Makefile + +Makefile: $(srcdir)/Makefile.in + cd $(top_builddir) && ./config.status --file lib/logsrv/Makefile + +.SUFFIXES: .c .h .i .lo .plog + +.c.lo: + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $< + +.c.i: + $(CC) -E -o $@ $(CPPFLAGS) $< + +.i.plog: + ifile=$<; rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $${ifile%i}c --i-file $< --output-file $@ + +$(devdir)/log_server.pb-c.c: $(srcdir)/log_server.proto + @if [ -n "$(DEVEL)" ]; then \ + cmd='protoc-c --c_out=$(devdir) --proto_path=$(srcdir) $(srcdir)/log_server.proto'; \ + echo "$$cmd"; eval $$cmd; \ + if [ "$(devdir)" == "$(srcdir)" ]; then \ + cmd='mv -f $(devdir)/log_server.pb-c.h $(incdir)/log_server.pb-c.h'; \ + else \ + cmd='mv -f $(devdir)/log_server.pb-c.h $(top_builddir)/log_server.pb-c.h'; \ + fi; \ + echo "$$cmd"; eval $$cmd; \ + fi + +liblogsrv.la: $(LIBLOGSRV_OBJS) + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(LIBLOGSRV_OBJS) + +pre-install: + +install: + +install-binaries: + +install-includes: + +install-doc: + +install-plugin: + +uninstall: + +splint: + splint $(SPLINT_OPTS) -I$(incdir) -I$(top_builddir) -I$(top_srcdir) $(srcdir)/*.c + +cppcheck: + cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) -I$(top_srcdir) $(srcdir)/*.c + +pvs-log-files: $(POBJS) + +check: + +clean: + -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la + -rm -f *.i *.plog stamp-* core *.core core.* + +mostlyclean: clean + +distclean: clean + -rm -rf Makefile .libs + @if [ -n "$(DEVEL)" -a "$(devdir)" != "$(srcdir)" ]; then \ + cmd='rm -rf $(GENERATED)'; \ + echo "$$cmd"; eval $$cmd; \ + fi + +clobber: distclean + +realclean: distclean + rm -f TAGS tags + +cleandir: realclean + +# Autogenerated dependencies, do not modify +log_server.pb-c.lo: $(srcdir)/log_server.pb-c.c $(incdir)/log_server.pb-c.h \ + $(incdir)/protobuf-c/protobuf-c.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/log_server.pb-c.c +log_server.pb-c.i: $(srcdir)/log_server.pb-c.c $(incdir)/log_server.pb-c.h \ + $(incdir)/protobuf-c/protobuf-c.h + $(CC) -E -o $@ $(CPPFLAGS) $< +log_server.pb-c.plog: log_server.pb-c.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/log_server.pb-c.c --i-file $< --output-file $@ +protobuf-c.lo: $(srcdir)/protobuf-c.c $(incdir)/protobuf-c/protobuf-c.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/protobuf-c.c +protobuf-c.i: $(srcdir)/protobuf-c.c $(incdir)/protobuf-c/protobuf-c.h + $(CC) -E -o $@ $(CPPFLAGS) $< +protobuf-c.plog: protobuf-c.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/protobuf-c.c --i-file $< --output-file $@ diff -Nru sudo-1.8.31/lib/logsrv/protobuf-c.c sudo-1.9.0/lib/logsrv/protobuf-c.c --- sudo-1.8.31/lib/logsrv/protobuf-c.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/logsrv/protobuf-c.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,3666 @@ +/* + * Copyright (c) 2008-2015, Dave Benson and the protobuf-c authors. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/*! \file + * Support library for `protoc-c` generated code. + * + * This file implements the public API used by the code generated + * by `protoc-c`. + * + * \authors Dave Benson and the protobuf-c authors + * + * \copyright 2008-2014. Licensed under the terms of the [BSD-2-Clause] license. + */ + +/** + * \todo 64-BIT OPTIMIZATION: certain implementations use 32-bit math + * even on 64-bit platforms (uint64_size, uint64_pack, parse_uint64). + * + * \todo Use size_t consistently. + */ + +#include /* for malloc, free */ +#include /* for strcmp, strlen, memcpy, memmove, memset */ + +#include "protobuf-c/protobuf-c.h" + +#define TRUE 1 +#define FALSE 0 + +#define PROTOBUF_C__ASSERT_NOT_REACHED() assert(0) + +/* Workaround for Microsoft compilers. */ +#ifdef _MSC_VER +# define inline __inline +#endif + +/** + * \defgroup internal Internal functions and macros + * + * These are not exported by the library but are useful to developers working + * on `libprotobuf-c` itself. + */ + +/** + * \defgroup macros Utility macros for manipulating structures + * + * Macros and constants used to manipulate the base "classes" generated by + * `protobuf-c`. They also define limits and check correctness. + * + * \ingroup internal + * @{ + */ + +/** The maximum length of a 64-bit integer in varint encoding. */ +#define MAX_UINT64_ENCODED_SIZE 10 + +#ifndef PROTOBUF_C_UNPACK_ERROR +# define PROTOBUF_C_UNPACK_ERROR(...) +#endif + +const char protobuf_c_empty_string[] = ""; + +/** + * Internal `ProtobufCMessage` manipulation macro. + * + * Base macro for manipulating a `ProtobufCMessage`. Used by STRUCT_MEMBER() and + * STRUCT_MEMBER_PTR(). + */ +#define STRUCT_MEMBER_P(struct_p, struct_offset) \ + ((void *) ((uint8_t *) (struct_p) + (struct_offset))) + +/** + * Return field in a `ProtobufCMessage` based on offset. + * + * Take a pointer to a `ProtobufCMessage` and find the field at the offset. + * Cast it to the passed type. + */ +#define STRUCT_MEMBER(member_type, struct_p, struct_offset) \ + (*(member_type *) STRUCT_MEMBER_P((struct_p), (struct_offset))) + +/** + * Return field in a `ProtobufCMessage` based on offset. + * + * Take a pointer to a `ProtobufCMessage` and find the field at the offset. Cast + * it to a pointer to the passed type. + */ +#define STRUCT_MEMBER_PTR(member_type, struct_p, struct_offset) \ + ((member_type *) STRUCT_MEMBER_P((struct_p), (struct_offset))) + +/* Assertions for magic numbers. */ + +#define ASSERT_IS_ENUM_DESCRIPTOR(desc) \ + assert((desc)->magic == PROTOBUF_C__ENUM_DESCRIPTOR_MAGIC) + +#define ASSERT_IS_MESSAGE_DESCRIPTOR(desc) \ + assert((desc)->magic == PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC) + +#define ASSERT_IS_MESSAGE(message) \ + ASSERT_IS_MESSAGE_DESCRIPTOR((message)->descriptor) + +#define ASSERT_IS_SERVICE_DESCRIPTOR(desc) \ + assert((desc)->magic == PROTOBUF_C__SERVICE_DESCRIPTOR_MAGIC) + +/**@}*/ + +/* --- version --- */ + +const char * +protobuf_c_version(void) +{ + return PROTOBUF_C_VERSION; +} + +uint32_t +protobuf_c_version_number(void) +{ + return PROTOBUF_C_VERSION_NUMBER; +} + +/* --- allocator --- */ + +static void * +system_alloc(void *allocator_data, size_t size) +{ + return malloc(size); +} + +static void +system_free(void *allocator_data, void *data) +{ + free(data); +} + +static inline void * +do_alloc(ProtobufCAllocator *allocator, size_t size) +{ + return allocator->alloc(allocator->allocator_data, size); +} + +static inline void +do_free(ProtobufCAllocator *allocator, void *data) +{ + if (data != NULL) + allocator->free(allocator->allocator_data, data); +} + +/* + * This allocator uses the system's malloc() and free(). It is the default + * allocator used if NULL is passed as the ProtobufCAllocator to an exported + * function. + */ +static ProtobufCAllocator protobuf_c__allocator = { + .alloc = &system_alloc, + .free = &system_free, + .allocator_data = NULL, +}; + +/* === buffer-simple === */ + +void +protobuf_c_buffer_simple_append(ProtobufCBuffer *buffer, + size_t len, const uint8_t *data) +{ + ProtobufCBufferSimple *simp = (ProtobufCBufferSimple *) buffer; + size_t new_len = simp->len + len; + + if (new_len > simp->alloced) { + ProtobufCAllocator *allocator = simp->allocator; + size_t new_alloced = simp->alloced * 2; + uint8_t *new_data; + + if (allocator == NULL) + allocator = &protobuf_c__allocator; + while (new_alloced < new_len) + new_alloced += new_alloced; + new_data = do_alloc(allocator, new_alloced); + if (!new_data) + return; + memcpy(new_data, simp->data, simp->len); + if (simp->must_free_data) + do_free(allocator, simp->data); + else + simp->must_free_data = TRUE; + simp->data = new_data; + simp->alloced = new_alloced; + } + memcpy(simp->data + simp->len, data, len); + simp->len = new_len; +} + +/** + * \defgroup packedsz protobuf_c_message_get_packed_size() implementation + * + * Routines mainly used by protobuf_c_message_get_packed_size(). + * + * \ingroup internal + * @{ + */ + +/** + * Return the number of bytes required to store the tag for the field. Includes + * 3 bits for the wire-type, and a single bit that denotes the end-of-tag. + * + * \param number + * Field tag to encode. + * \return + * Number of bytes required. + */ +static inline size_t +get_tag_size(uint32_t number) +{ + if (number < (1UL << 4)) { + return 1; + } else if (number < (1UL << 11)) { + return 2; + } else if (number < (1UL << 18)) { + return 3; + } else if (number < (1UL << 25)) { + return 4; + } else { + return 5; + } +} + +/** + * Return the number of bytes required to store a variable-length unsigned + * 32-bit integer in base-128 varint encoding. + * + * \param v + * Value to encode. + * \return + * Number of bytes required. + */ +static inline size_t +uint32_size(uint32_t v) +{ + if (v < (1UL << 7)) { + return 1; + } else if (v < (1UL << 14)) { + return 2; + } else if (v < (1UL << 21)) { + return 3; + } else if (v < (1UL << 28)) { + return 4; + } else { + return 5; + } +} + +/** + * Return the number of bytes required to store a variable-length signed 32-bit + * integer in base-128 varint encoding. + * + * \param v + * Value to encode. + * \return + * Number of bytes required. + */ +static inline size_t +int32_size(int32_t v) +{ + if (v < 0) { + return 10; + } else if (v < (1L << 7)) { + return 1; + } else if (v < (1L << 14)) { + return 2; + } else if (v < (1L << 21)) { + return 3; + } else if (v < (1L << 28)) { + return 4; + } else { + return 5; + } +} + +/** + * Return the ZigZag-encoded 32-bit unsigned integer form of a 32-bit signed + * integer. + * + * \param v + * Value to encode. + * \return + * ZigZag encoded integer. + */ +static inline uint32_t +zigzag32(int32_t v) +{ + if (v < 0) + return (-(uint32_t)v) * 2 - 1; + else + return (uint32_t)(v) * 2; +} + +/** + * Return the number of bytes required to store a signed 32-bit integer, + * converted to an unsigned 32-bit integer with ZigZag encoding, using base-128 + * varint encoding. + * + * \param v + * Value to encode. + * \return + * Number of bytes required. + */ +static inline size_t +sint32_size(int32_t v) +{ + return uint32_size(zigzag32(v)); +} + +/** + * Return the number of bytes required to store a 64-bit unsigned integer in + * base-128 varint encoding. + * + * \param v + * Value to encode. + * \return + * Number of bytes required. + */ +static inline size_t +uint64_size(uint64_t v) +{ + uint32_t upper_v = (uint32_t) (v >> 32); + + if (upper_v == 0) { + return uint32_size((uint32_t) v); + } else if (upper_v < (1UL << 3)) { + return 5; + } else if (upper_v < (1UL << 10)) { + return 6; + } else if (upper_v < (1UL << 17)) { + return 7; + } else if (upper_v < (1UL << 24)) { + return 8; + } else if (upper_v < (1UL << 31)) { + return 9; + } else { + return 10; + } +} + +/** + * Return the ZigZag-encoded 64-bit unsigned integer form of a 64-bit signed + * integer. + * + * \param v + * Value to encode. + * \return + * ZigZag encoded integer. + */ +static inline uint64_t +zigzag64(int64_t v) +{ + if (v < 0) + return (-(uint64_t)v) * 2 - 1; + else + return (uint64_t)(v) * 2; +} + +/** + * Return the number of bytes required to store a signed 64-bit integer, + * converted to an unsigned 64-bit integer with ZigZag encoding, using base-128 + * varint encoding. + * + * \param v + * Value to encode. + * \return + * Number of bytes required. + */ +static inline size_t +sint64_size(int64_t v) +{ + return uint64_size(zigzag64(v)); +} + +/** + * Calculate the serialized size of a single required message field, including + * the space needed by the preceding tag. + * + * \param field + * Field descriptor for member. + * \param member + * Field to encode. + * \return + * Number of bytes required. + */ +static size_t +required_field_get_packed_size(const ProtobufCFieldDescriptor *field, + const void *member) +{ + size_t rv = get_tag_size(field->id); + + switch (field->type) { + case PROTOBUF_C_TYPE_SINT32: + return rv + sint32_size(*(const int32_t *) member); + case PROTOBUF_C_TYPE_ENUM: + case PROTOBUF_C_TYPE_INT32: + return rv + int32_size(*(const int32_t *) member); + case PROTOBUF_C_TYPE_UINT32: + return rv + uint32_size(*(const uint32_t *) member); + case PROTOBUF_C_TYPE_SINT64: + return rv + sint64_size(*(const int64_t *) member); + case PROTOBUF_C_TYPE_INT64: + case PROTOBUF_C_TYPE_UINT64: + return rv + uint64_size(*(const uint64_t *) member); + case PROTOBUF_C_TYPE_SFIXED32: + case PROTOBUF_C_TYPE_FIXED32: + return rv + 4; + case PROTOBUF_C_TYPE_SFIXED64: + case PROTOBUF_C_TYPE_FIXED64: + return rv + 8; + case PROTOBUF_C_TYPE_BOOL: + return rv + 1; + case PROTOBUF_C_TYPE_FLOAT: + return rv + 4; + case PROTOBUF_C_TYPE_DOUBLE: + return rv + 8; + case PROTOBUF_C_TYPE_STRING: { + const char *str = *(char * const *) member; + size_t len = str ? strlen(str) : 0; + return rv + uint32_size(len) + len; + } + case PROTOBUF_C_TYPE_BYTES: { + size_t len = ((const ProtobufCBinaryData *) member)->len; + return rv + uint32_size(len) + len; + } + case PROTOBUF_C_TYPE_MESSAGE: { + const ProtobufCMessage *msg = *(ProtobufCMessage * const *) member; + size_t subrv = msg ? protobuf_c_message_get_packed_size(msg) : 0; + return rv + uint32_size(subrv) + subrv; + } + } + PROTOBUF_C__ASSERT_NOT_REACHED(); + return 0; +} + +/** + * Calculate the serialized size of a single oneof message field, including + * the space needed by the preceding tag. Returns 0 if the oneof field isn't + * selected or is not set. + * + * \param field + * Field descriptor for member. + * \param oneof_case + * Enum value that selects the field in the oneof. + * \param member + * Field to encode. + * \return + * Number of bytes required. + */ +static size_t +oneof_field_get_packed_size(const ProtobufCFieldDescriptor *field, + uint32_t oneof_case, + const void *member) +{ + if (oneof_case != field->id) { + return 0; + } + if (field->type == PROTOBUF_C_TYPE_MESSAGE || + field->type == PROTOBUF_C_TYPE_STRING) + { + const void *ptr = *(const void * const *) member; + if (ptr == NULL || ptr == field->default_value) + return 0; + } + return required_field_get_packed_size(field, member); +} + +/** + * Calculate the serialized size of a single optional message field, including + * the space needed by the preceding tag. Returns 0 if the optional field isn't + * set. + * + * \param field + * Field descriptor for member. + * \param has + * True if the field exists, false if not. + * \param member + * Field to encode. + * \return + * Number of bytes required. + */ +static size_t +optional_field_get_packed_size(const ProtobufCFieldDescriptor *field, + const protobuf_c_boolean has, + const void *member) +{ + if (field->type == PROTOBUF_C_TYPE_MESSAGE || + field->type == PROTOBUF_C_TYPE_STRING) + { + const void *ptr = *(const void * const *) member; + if (ptr == NULL || ptr == field->default_value) + return 0; + } else { + if (!has) + return 0; + } + return required_field_get_packed_size(field, member); +} + +static protobuf_c_boolean +field_is_zeroish(const ProtobufCFieldDescriptor *field, + const void *member) +{ + protobuf_c_boolean ret = FALSE; + + switch (field->type) { + case PROTOBUF_C_TYPE_BOOL: + ret = (0 == *(const protobuf_c_boolean *) member); + break; + case PROTOBUF_C_TYPE_ENUM: + case PROTOBUF_C_TYPE_SINT32: + case PROTOBUF_C_TYPE_INT32: + case PROTOBUF_C_TYPE_UINT32: + case PROTOBUF_C_TYPE_SFIXED32: + case PROTOBUF_C_TYPE_FIXED32: + ret = (0 == *(const uint32_t *) member); + break; + case PROTOBUF_C_TYPE_SINT64: + case PROTOBUF_C_TYPE_INT64: + case PROTOBUF_C_TYPE_UINT64: + case PROTOBUF_C_TYPE_SFIXED64: + case PROTOBUF_C_TYPE_FIXED64: + ret = (0 == *(const uint64_t *) member); + break; + case PROTOBUF_C_TYPE_FLOAT: + ret = (0 == *(const float *) member); + break; + case PROTOBUF_C_TYPE_DOUBLE: + ret = (0 == *(const double *) member); + break; + case PROTOBUF_C_TYPE_STRING: + ret = (NULL == *(const char * const *) member) || + ('\0' == **(const char * const *) member); + break; + case PROTOBUF_C_TYPE_BYTES: + case PROTOBUF_C_TYPE_MESSAGE: + ret = (NULL == *(const void * const *) member); + break; + default: + ret = TRUE; + break; + } + + return ret; +} + +/** + * Calculate the serialized size of a single unlabeled message field, including + * the space needed by the preceding tag. Returns 0 if the field isn't set or + * if it is set to a "zeroish" value (null pointer or 0 for numerical values). + * Unlabeled fields are supported only in proto3. + * + * \param field + * Field descriptor for member. + * \param member + * Field to encode. + * \return + * Number of bytes required. + */ +static size_t +unlabeled_field_get_packed_size(const ProtobufCFieldDescriptor *field, + const void *member) +{ + if (field_is_zeroish(field, member)) + return 0; + return required_field_get_packed_size(field, member); +} + +/** + * Calculate the serialized size of repeated message fields, which may consist + * of any number of values (including 0). Includes the space needed by the + * preceding tags (as needed). + * + * \param field + * Field descriptor for member. + * \param count + * Number of repeated field members. + * \param member + * Field to encode. + * \return + * Number of bytes required. + */ +static size_t +repeated_field_get_packed_size(const ProtobufCFieldDescriptor *field, + size_t count, const void *member) +{ + size_t header_size; + size_t rv = 0; + unsigned i; + void *array = *(void * const *) member; + + if (count == 0) + return 0; + header_size = get_tag_size(field->id); + if (0 == (field->flags & PROTOBUF_C_FIELD_FLAG_PACKED)) + header_size *= count; + + switch (field->type) { + case PROTOBUF_C_TYPE_SINT32: + for (i = 0; i < count; i++) + rv += sint32_size(((int32_t *) array)[i]); + break; + case PROTOBUF_C_TYPE_ENUM: + case PROTOBUF_C_TYPE_INT32: + for (i = 0; i < count; i++) + rv += int32_size(((int32_t *) array)[i]); + break; + case PROTOBUF_C_TYPE_UINT32: + for (i = 0; i < count; i++) + rv += uint32_size(((uint32_t *) array)[i]); + break; + case PROTOBUF_C_TYPE_SINT64: + for (i = 0; i < count; i++) + rv += sint64_size(((int64_t *) array)[i]); + break; + case PROTOBUF_C_TYPE_INT64: + case PROTOBUF_C_TYPE_UINT64: + for (i = 0; i < count; i++) + rv += uint64_size(((uint64_t *) array)[i]); + break; + case PROTOBUF_C_TYPE_SFIXED32: + case PROTOBUF_C_TYPE_FIXED32: + case PROTOBUF_C_TYPE_FLOAT: + rv += 4 * count; + break; + case PROTOBUF_C_TYPE_SFIXED64: + case PROTOBUF_C_TYPE_FIXED64: + case PROTOBUF_C_TYPE_DOUBLE: + rv += 8 * count; + break; + case PROTOBUF_C_TYPE_BOOL: + rv += count; + break; + case PROTOBUF_C_TYPE_STRING: + for (i = 0; i < count; i++) { + size_t len = strlen(((char **) array)[i]); + rv += uint32_size(len) + len; + } + break; + case PROTOBUF_C_TYPE_BYTES: + for (i = 0; i < count; i++) { + size_t len = ((ProtobufCBinaryData *) array)[i].len; + rv += uint32_size(len) + len; + } + break; + case PROTOBUF_C_TYPE_MESSAGE: + for (i = 0; i < count; i++) { + size_t len = protobuf_c_message_get_packed_size( + ((ProtobufCMessage **) array)[i]); + rv += uint32_size(len) + len; + } + break; + } + + if (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_PACKED)) + header_size += uint32_size(rv); + return header_size + rv; +} + +/** + * Calculate the serialized size of an unknown field, i.e. one that is passed + * through mostly uninterpreted. This is required for forward compatibility if + * new fields are added to the message descriptor. + * + * \param field + * Unknown field type. + * \return + * Number of bytes required. + */ +static inline size_t +unknown_field_get_packed_size(const ProtobufCMessageUnknownField *field) +{ + return get_tag_size(field->tag) + field->len; +} + +/**@}*/ + +/* + * Calculate the serialized size of the message. + */ +size_t protobuf_c_message_get_packed_size(const ProtobufCMessage *message) +{ + unsigned i; + size_t rv = 0; + + ASSERT_IS_MESSAGE(message); + for (i = 0; i < message->descriptor->n_fields; i++) { + const ProtobufCFieldDescriptor *field = + message->descriptor->fields + i; + const void *member = + ((const char *) message) + field->offset; + const void *qmember = + ((const char *) message) + field->quantifier_offset; + + if (field->label == PROTOBUF_C_LABEL_REQUIRED) { + rv += required_field_get_packed_size(field, member); + } else if ((field->label == PROTOBUF_C_LABEL_OPTIONAL || + field->label == PROTOBUF_C_LABEL_NONE) && + (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_ONEOF))) { + rv += oneof_field_get_packed_size( + field, + *(const uint32_t *) qmember, + member + ); + } else if (field->label == PROTOBUF_C_LABEL_OPTIONAL) { + rv += optional_field_get_packed_size( + field, + *(protobuf_c_boolean *) qmember, + member + ); + } else if (field->label == PROTOBUF_C_LABEL_NONE) { + rv += unlabeled_field_get_packed_size( + field, + member + ); + } else { + rv += repeated_field_get_packed_size( + field, + *(const size_t *) qmember, + member + ); + } + } + for (i = 0; i < message->n_unknown_fields; i++) + rv += unknown_field_get_packed_size(&message->unknown_fields[i]); + return rv; +} + +/** + * \defgroup pack protobuf_c_message_pack() implementation + * + * Routines mainly used by protobuf_c_message_pack(). + * + * \ingroup internal + * @{ + */ + +/** + * Pack an unsigned 32-bit integer in base-128 varint encoding and return the + * number of bytes written, which must be 5 or less. + * + * \param value + * Value to encode. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static inline size_t +uint32_pack(uint32_t value, uint8_t *out) +{ + unsigned rv = 0; + + if (value >= 0x80) { + out[rv++] = value | 0x80; + value >>= 7; + if (value >= 0x80) { + out[rv++] = value | 0x80; + value >>= 7; + if (value >= 0x80) { + out[rv++] = value | 0x80; + value >>= 7; + if (value >= 0x80) { + out[rv++] = value | 0x80; + value >>= 7; + } + } + } + } + /* assert: value<128 */ + out[rv++] = value; + return rv; +} + +/** + * Pack a signed 32-bit integer and return the number of bytes written. + * Negative numbers are encoded as two's complement 64-bit integers. + * + * \param value + * Value to encode. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static inline size_t +int32_pack(int32_t value, uint8_t *out) +{ + if (value < 0) { + out[0] = value | 0x80; + out[1] = (value >> 7) | 0x80; + out[2] = (value >> 14) | 0x80; + out[3] = (value >> 21) | 0x80; + out[4] = (value >> 28) | 0x80; + out[5] = out[6] = out[7] = out[8] = 0xff; + out[9] = 0x01; + return 10; + } else { + return uint32_pack(value, out); + } +} + +/** + * Pack a signed 32-bit integer using ZigZag encoding and return the number of + * bytes written. + * + * \param value + * Value to encode. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static inline size_t +sint32_pack(int32_t value, uint8_t *out) +{ + return uint32_pack(zigzag32(value), out); +} + +/** + * Pack a 64-bit unsigned integer using base-128 varint encoding and return the + * number of bytes written. + * + * \param value + * Value to encode. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static size_t +uint64_pack(uint64_t value, uint8_t *out) +{ + uint32_t hi = (uint32_t) (value >> 32); + uint32_t lo = (uint32_t) value; + unsigned rv; + + if (hi == 0) + return uint32_pack((uint32_t) lo, out); + out[0] = (lo) | 0x80; + out[1] = (lo >> 7) | 0x80; + out[2] = (lo >> 14) | 0x80; + out[3] = (lo >> 21) | 0x80; + if (hi < 8) { + out[4] = (hi << 4) | (lo >> 28); + return 5; + } else { + out[4] = ((hi & 7) << 4) | (lo >> 28) | 0x80; + hi >>= 3; + } + rv = 5; + while (hi >= 128) { + out[rv++] = hi | 0x80; + hi >>= 7; + } + out[rv++] = hi; + return rv; +} + +/** + * Pack a 64-bit signed integer in ZigZag encoding and return the number of + * bytes written. + * + * \param value + * Value to encode. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static inline size_t +sint64_pack(int64_t value, uint8_t *out) +{ + return uint64_pack(zigzag64(value), out); +} + +/** + * Pack a 32-bit quantity in little-endian byte order. Used for protobuf wire + * types fixed32, sfixed32, float. Similar to "htole32". + * + * \param value + * Value to encode. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static inline size_t +fixed32_pack(uint32_t value, void *out) +{ +#if !defined(WORDS_BIGENDIAN) + memcpy(out, &value, 4); +#else + uint8_t *buf = out; + + buf[0] = value; + buf[1] = value >> 8; + buf[2] = value >> 16; + buf[3] = value >> 24; +#endif + return 4; +} + +/** + * Pack a 64-bit quantity in little-endian byte order. Used for protobuf wire + * types fixed64, sfixed64, double. Similar to "htole64". + * + * \todo The big-endian impl is really only good for 32-bit machines, a 64-bit + * version would be appreciated, plus a way to decide to use 64-bit math where + * convenient. + * + * \param value + * Value to encode. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static inline size_t +fixed64_pack(uint64_t value, void *out) +{ +#if !defined(WORDS_BIGENDIAN) + memcpy(out, &value, 8); +#else + fixed32_pack(value, out); + fixed32_pack(value >> 32, ((char *) out) + 4); +#endif + return 8; +} + +/** + * Pack a boolean value as an integer and return the number of bytes written. + * + * \todo Perhaps on some platforms *out = !!value would be a better impl, b/c + * that is idiomatic C++ in some STL implementations. + * + * \param value + * Value to encode. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static inline size_t +boolean_pack(protobuf_c_boolean value, uint8_t *out) +{ + *out = value ? TRUE : FALSE; + return 1; +} + +/** + * Pack a NUL-terminated C string and return the number of bytes written. The + * output includes a length delimiter. + * + * The NULL pointer is treated as an empty string. This isn't really necessary, + * but it allows people to leave required strings blank. (See Issue #13 in the + * bug tracker for a little more explanation). + * + * \param str + * String to encode. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static inline size_t +string_pack(const char *str, uint8_t *out) +{ + if (str == NULL) { + out[0] = 0; + return 1; + } else { + size_t len = strlen(str); + size_t rv = uint32_pack(len, out); + memcpy(out + rv, str, len); + return rv + len; + } +} + +/** + * Pack a ProtobufCBinaryData and return the number of bytes written. The output + * includes a length delimiter. + * + * \param bd + * ProtobufCBinaryData to encode. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static inline size_t +binary_data_pack(const ProtobufCBinaryData *bd, uint8_t *out) +{ + size_t len = bd->len; + size_t rv = uint32_pack(len, out); + memcpy(out + rv, bd->data, len); + return rv + len; +} + +/** + * Pack a ProtobufCMessage and return the number of bytes written. The output + * includes a length delimiter. + * + * \param message + * ProtobufCMessage object to pack. + * \param[out] out + * Packed message. + * \return + * Number of bytes written to `out`. + */ +static inline size_t +prefixed_message_pack(const ProtobufCMessage *message, uint8_t *out) +{ + if (message == NULL) { + out[0] = 0; + return 1; + } else { + size_t rv = protobuf_c_message_pack(message, out + 1); + uint32_t rv_packed_size = uint32_size(rv); + if (rv_packed_size != 1) + memmove(out + rv_packed_size, out + 1, rv); + return uint32_pack(rv, out) + rv; + } +} + +/** + * Pack a field tag. + * + * Wire-type will be added in required_field_pack(). + * + * \todo Just call uint64_pack on 64-bit platforms. + * + * \param id + * Tag value to encode. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static size_t +tag_pack(uint32_t id, uint8_t *out) +{ + if (id < (1UL << (32 - 3))) + return uint32_pack(id << 3, out); + else + return uint64_pack(((uint64_t) id) << 3, out); +} + +/** + * Pack a required field and return the number of bytes written. + * + * \param field + * Field descriptor. + * \param member + * The field member. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static size_t +required_field_pack(const ProtobufCFieldDescriptor *field, + const void *member, uint8_t *out) +{ + size_t rv = tag_pack(field->id, out); + + switch (field->type) { + case PROTOBUF_C_TYPE_SINT32: + out[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; + return rv + sint32_pack(*(const int32_t *) member, out + rv); + case PROTOBUF_C_TYPE_ENUM: + case PROTOBUF_C_TYPE_INT32: + out[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; + return rv + int32_pack(*(const int32_t *) member, out + rv); + case PROTOBUF_C_TYPE_UINT32: + out[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; + return rv + uint32_pack(*(const uint32_t *) member, out + rv); + case PROTOBUF_C_TYPE_SINT64: + out[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; + return rv + sint64_pack(*(const int64_t *) member, out + rv); + case PROTOBUF_C_TYPE_INT64: + case PROTOBUF_C_TYPE_UINT64: + out[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; + return rv + uint64_pack(*(const uint64_t *) member, out + rv); + case PROTOBUF_C_TYPE_SFIXED32: + case PROTOBUF_C_TYPE_FIXED32: + case PROTOBUF_C_TYPE_FLOAT: + out[0] |= PROTOBUF_C_WIRE_TYPE_32BIT; + return rv + fixed32_pack(*(const uint32_t *) member, out + rv); + case PROTOBUF_C_TYPE_SFIXED64: + case PROTOBUF_C_TYPE_FIXED64: + case PROTOBUF_C_TYPE_DOUBLE: + out[0] |= PROTOBUF_C_WIRE_TYPE_64BIT; + return rv + fixed64_pack(*(const uint64_t *) member, out + rv); + case PROTOBUF_C_TYPE_BOOL: + out[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; + return rv + boolean_pack(*(const protobuf_c_boolean *) member, out + rv); + case PROTOBUF_C_TYPE_STRING: + out[0] |= PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED; + return rv + string_pack(*(char *const *) member, out + rv); + case PROTOBUF_C_TYPE_BYTES: + out[0] |= PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED; + return rv + binary_data_pack((const ProtobufCBinaryData *) member, out + rv); + case PROTOBUF_C_TYPE_MESSAGE: + out[0] |= PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED; + return rv + prefixed_message_pack(*(ProtobufCMessage * const *) member, out + rv); + } + PROTOBUF_C__ASSERT_NOT_REACHED(); + return 0; +} + +/** + * Pack a oneof field and return the number of bytes written. Only packs the + * field that is selected by the case enum. + * + * \param field + * Field descriptor. + * \param oneof_case + * Enum value that selects the field in the oneof. + * \param member + * The field member. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static size_t +oneof_field_pack(const ProtobufCFieldDescriptor *field, + uint32_t oneof_case, + const void *member, uint8_t *out) +{ + if (oneof_case != field->id) { + return 0; + } + if (field->type == PROTOBUF_C_TYPE_MESSAGE || + field->type == PROTOBUF_C_TYPE_STRING) + { + const void *ptr = *(const void * const *) member; + if (ptr == NULL || ptr == field->default_value) + return 0; + } + return required_field_pack(field, member, out); +} + +/** + * Pack an optional field and return the number of bytes written. + * + * \param field + * Field descriptor. + * \param has + * Whether the field is set. + * \param member + * The field member. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static size_t +optional_field_pack(const ProtobufCFieldDescriptor *field, + const protobuf_c_boolean has, + const void *member, uint8_t *out) +{ + if (field->type == PROTOBUF_C_TYPE_MESSAGE || + field->type == PROTOBUF_C_TYPE_STRING) + { + const void *ptr = *(const void * const *) member; + if (ptr == NULL || ptr == field->default_value) + return 0; + } else { + if (!has) + return 0; + } + return required_field_pack(field, member, out); +} + +/** + * Pack an unlabeled field and return the number of bytes written. + * + * \param field + * Field descriptor. + * \param member + * The field member. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static size_t +unlabeled_field_pack(const ProtobufCFieldDescriptor *field, + const void *member, uint8_t *out) +{ + if (field_is_zeroish(field, member)) + return 0; + return required_field_pack(field, member, out); +} + +/** + * Given a field type, return the in-memory size. + * + * \todo Implement as a table lookup. + * + * \param type + * Field type. + * \return + * Size of the field. + */ +static inline size_t +sizeof_elt_in_repeated_array(ProtobufCType type) +{ + switch (type) { + case PROTOBUF_C_TYPE_SINT32: + case PROTOBUF_C_TYPE_INT32: + case PROTOBUF_C_TYPE_UINT32: + case PROTOBUF_C_TYPE_SFIXED32: + case PROTOBUF_C_TYPE_FIXED32: + case PROTOBUF_C_TYPE_FLOAT: + case PROTOBUF_C_TYPE_ENUM: + return 4; + case PROTOBUF_C_TYPE_SINT64: + case PROTOBUF_C_TYPE_INT64: + case PROTOBUF_C_TYPE_UINT64: + case PROTOBUF_C_TYPE_SFIXED64: + case PROTOBUF_C_TYPE_FIXED64: + case PROTOBUF_C_TYPE_DOUBLE: + return 8; + case PROTOBUF_C_TYPE_BOOL: + return sizeof(protobuf_c_boolean); + case PROTOBUF_C_TYPE_STRING: + case PROTOBUF_C_TYPE_MESSAGE: + return sizeof(void *); + case PROTOBUF_C_TYPE_BYTES: + return sizeof(ProtobufCBinaryData); + } + PROTOBUF_C__ASSERT_NOT_REACHED(); + return 0; +} + +/** + * Pack an array of 32-bit quantities. + * + * \param[out] out + * Destination. + * \param[in] in + * Source. + * \param[in] n + * Number of elements in the source array. + */ +static void +copy_to_little_endian_32(void *out, const void *in, const unsigned n) +{ +#if !defined(WORDS_BIGENDIAN) + memcpy(out, in, n * 4); +#else + unsigned i; + const uint32_t *ini = in; + for (i = 0; i < n; i++) + fixed32_pack(ini[i], (uint32_t *) out + i); +#endif +} + +/** + * Pack an array of 64-bit quantities. + * + * \param[out] out + * Destination. + * \param[in] in + * Source. + * \param[in] n + * Number of elements in the source array. + */ +static void +copy_to_little_endian_64(void *out, const void *in, const unsigned n) +{ +#if !defined(WORDS_BIGENDIAN) + memcpy(out, in, n * 8); +#else + unsigned i; + const uint64_t *ini = in; + for (i = 0; i < n; i++) + fixed64_pack(ini[i], (uint64_t *) out + i); +#endif +} + +/** + * Get the minimum number of bytes required to pack a field value of a + * particular type. + * + * \param type + * Field type. + * \return + * Number of bytes. + */ +static unsigned +get_type_min_size(ProtobufCType type) +{ + if (type == PROTOBUF_C_TYPE_SFIXED32 || + type == PROTOBUF_C_TYPE_FIXED32 || + type == PROTOBUF_C_TYPE_FLOAT) + { + return 4; + } + if (type == PROTOBUF_C_TYPE_SFIXED64 || + type == PROTOBUF_C_TYPE_FIXED64 || + type == PROTOBUF_C_TYPE_DOUBLE) + { + return 8; + } + return 1; +} + +/** + * Packs the elements of a repeated field and returns the serialised field and + * its length. + * + * \param field + * Field descriptor. + * \param count + * Number of elements in the repeated field array. + * \param member + * Pointer to the elements for this repeated field. + * \param[out] out + * Serialised representation of the repeated field. + * \return + * Number of bytes serialised to `out`. + */ +static size_t +repeated_field_pack(const ProtobufCFieldDescriptor *field, + size_t count, const void *member, uint8_t *out) +{ + void *array = *(void * const *) member; + unsigned i; + + if (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_PACKED)) { + unsigned header_len; + unsigned len_start; + unsigned min_length; + unsigned payload_len; + unsigned length_size_min; + unsigned actual_length_size; + uint8_t *payload_at; + + if (count == 0) + return 0; + header_len = tag_pack(field->id, out); + out[0] |= PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED; + len_start = header_len; + min_length = get_type_min_size(field->type) * count; + length_size_min = uint32_size(min_length); + header_len += length_size_min; + payload_at = out + header_len; + + switch (field->type) { + case PROTOBUF_C_TYPE_SFIXED32: + case PROTOBUF_C_TYPE_FIXED32: + case PROTOBUF_C_TYPE_FLOAT: + copy_to_little_endian_32(payload_at, array, count); + payload_at += count * 4; + break; + case PROTOBUF_C_TYPE_SFIXED64: + case PROTOBUF_C_TYPE_FIXED64: + case PROTOBUF_C_TYPE_DOUBLE: + copy_to_little_endian_64(payload_at, array, count); + payload_at += count * 8; + break; + case PROTOBUF_C_TYPE_ENUM: + case PROTOBUF_C_TYPE_INT32: { + const int32_t *arr = (const int32_t *) array; + for (i = 0; i < count; i++) + payload_at += int32_pack(arr[i], payload_at); + break; + } + case PROTOBUF_C_TYPE_SINT32: { + const int32_t *arr = (const int32_t *) array; + for (i = 0; i < count; i++) + payload_at += sint32_pack(arr[i], payload_at); + break; + } + case PROTOBUF_C_TYPE_SINT64: { + const int64_t *arr = (const int64_t *) array; + for (i = 0; i < count; i++) + payload_at += sint64_pack(arr[i], payload_at); + break; + } + case PROTOBUF_C_TYPE_UINT32: { + const uint32_t *arr = (const uint32_t *) array; + for (i = 0; i < count; i++) + payload_at += uint32_pack(arr[i], payload_at); + break; + } + case PROTOBUF_C_TYPE_INT64: + case PROTOBUF_C_TYPE_UINT64: { + const uint64_t *arr = (const uint64_t *) array; + for (i = 0; i < count; i++) + payload_at += uint64_pack(arr[i], payload_at); + break; + } + case PROTOBUF_C_TYPE_BOOL: { + const protobuf_c_boolean *arr = (const protobuf_c_boolean *) array; + for (i = 0; i < count; i++) + payload_at += boolean_pack(arr[i], payload_at); + break; + } + default: + PROTOBUF_C__ASSERT_NOT_REACHED(); + } + + payload_len = payload_at - (out + header_len); + actual_length_size = uint32_size(payload_len); + if (length_size_min != actual_length_size) { + assert(actual_length_size == length_size_min + 1); + memmove(out + header_len + 1, out + header_len, + payload_len); + header_len++; + } + uint32_pack(payload_len, out + len_start); + return header_len + payload_len; + } else { + /* not "packed" cased */ + /* CONSIDER: optimize this case a bit (by putting the loop inside the switch) */ + size_t rv = 0; + unsigned siz = sizeof_elt_in_repeated_array(field->type); + + for (i = 0; i < count; i++) { + rv += required_field_pack(field, array, out + rv); + array = (char *)array + siz; + } + return rv; + } +} + +static size_t +unknown_field_pack(const ProtobufCMessageUnknownField *field, uint8_t *out) +{ + size_t rv = tag_pack(field->tag, out); + out[0] |= field->wire_type; + memcpy(out + rv, field->data, field->len); + return rv + field->len; +} + +/**@}*/ + +size_t +protobuf_c_message_pack(const ProtobufCMessage *message, uint8_t *out) +{ + unsigned i; + size_t rv = 0; + + ASSERT_IS_MESSAGE(message); + for (i = 0; i < message->descriptor->n_fields; i++) { + const ProtobufCFieldDescriptor *field = + message->descriptor->fields + i; + const void *member = ((const char *) message) + field->offset; + + /* + * It doesn't hurt to compute qmember (a pointer to the + * quantifier field of the structure), but the pointer is only + * valid if the field is: + * - a repeated field, or + * - a field that is part of a oneof + * - an optional field that isn't a pointer type + * (Meaning: not a message or a string). + */ + const void *qmember = + ((const char *) message) + field->quantifier_offset; + + if (field->label == PROTOBUF_C_LABEL_REQUIRED) { + rv += required_field_pack(field, member, out + rv); + } else if ((field->label == PROTOBUF_C_LABEL_OPTIONAL || + field->label == PROTOBUF_C_LABEL_NONE) && + (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_ONEOF))) { + rv += oneof_field_pack( + field, + *(const uint32_t *) qmember, + member, + out + rv + ); + } else if (field->label == PROTOBUF_C_LABEL_OPTIONAL) { + rv += optional_field_pack( + field, + *(const protobuf_c_boolean *) qmember, + member, + out + rv + ); + } else if (field->label == PROTOBUF_C_LABEL_NONE) { + rv += unlabeled_field_pack(field, member, out + rv); + } else { + rv += repeated_field_pack(field, *(const size_t *) qmember, + member, out + rv); + } + } + for (i = 0; i < message->n_unknown_fields; i++) + rv += unknown_field_pack(&message->unknown_fields[i], out + rv); + return rv; +} + +/** + * \defgroup packbuf protobuf_c_message_pack_to_buffer() implementation + * + * Routines mainly used by protobuf_c_message_pack_to_buffer(). + * + * \ingroup internal + * @{ + */ + +/** + * Pack a required field to a virtual buffer. + * + * \param field + * Field descriptor. + * \param member + * The element to be packed. + * \param[out] buffer + * Virtual buffer to append data to. + * \return + * Number of bytes packed. + */ +static size_t +required_field_pack_to_buffer(const ProtobufCFieldDescriptor *field, + const void *member, ProtobufCBuffer *buffer) +{ + size_t rv; + uint8_t scratch[MAX_UINT64_ENCODED_SIZE * 2]; + + rv = tag_pack(field->id, scratch); + switch (field->type) { + case PROTOBUF_C_TYPE_SINT32: + scratch[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; + rv += sint32_pack(*(const int32_t *) member, scratch + rv); + buffer->append(buffer, rv, scratch); + break; + case PROTOBUF_C_TYPE_ENUM: + case PROTOBUF_C_TYPE_INT32: + scratch[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; + rv += int32_pack(*(const int32_t *) member, scratch + rv); + buffer->append(buffer, rv, scratch); + break; + case PROTOBUF_C_TYPE_UINT32: + scratch[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; + rv += uint32_pack(*(const uint32_t *) member, scratch + rv); + buffer->append(buffer, rv, scratch); + break; + case PROTOBUF_C_TYPE_SINT64: + scratch[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; + rv += sint64_pack(*(const int64_t *) member, scratch + rv); + buffer->append(buffer, rv, scratch); + break; + case PROTOBUF_C_TYPE_INT64: + case PROTOBUF_C_TYPE_UINT64: + scratch[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; + rv += uint64_pack(*(const uint64_t *) member, scratch + rv); + buffer->append(buffer, rv, scratch); + break; + case PROTOBUF_C_TYPE_SFIXED32: + case PROTOBUF_C_TYPE_FIXED32: + case PROTOBUF_C_TYPE_FLOAT: + scratch[0] |= PROTOBUF_C_WIRE_TYPE_32BIT; + rv += fixed32_pack(*(const uint32_t *) member, scratch + rv); + buffer->append(buffer, rv, scratch); + break; + case PROTOBUF_C_TYPE_SFIXED64: + case PROTOBUF_C_TYPE_FIXED64: + case PROTOBUF_C_TYPE_DOUBLE: + scratch[0] |= PROTOBUF_C_WIRE_TYPE_64BIT; + rv += fixed64_pack(*(const uint64_t *) member, scratch + rv); + buffer->append(buffer, rv, scratch); + break; + case PROTOBUF_C_TYPE_BOOL: + scratch[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; + rv += boolean_pack(*(const protobuf_c_boolean *) member, scratch + rv); + buffer->append(buffer, rv, scratch); + break; + case PROTOBUF_C_TYPE_STRING: { + const char *str = *(char *const *) member; + size_t sublen = str ? strlen(str) : 0; + + scratch[0] |= PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED; + rv += uint32_pack(sublen, scratch + rv); + buffer->append(buffer, rv, scratch); + buffer->append(buffer, sublen, (const uint8_t *) str); + rv += sublen; + break; + } + case PROTOBUF_C_TYPE_BYTES: { + const ProtobufCBinaryData *bd = ((const ProtobufCBinaryData *) member); + size_t sublen = bd->len; + + scratch[0] |= PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED; + rv += uint32_pack(sublen, scratch + rv); + buffer->append(buffer, rv, scratch); + buffer->append(buffer, sublen, bd->data); + rv += sublen; + break; + } + case PROTOBUF_C_TYPE_MESSAGE: { + uint8_t simple_buffer_scratch[256]; + size_t sublen; + const ProtobufCMessage *msg = *(ProtobufCMessage * const *) member; + ProtobufCBufferSimple simple_buffer = + PROTOBUF_C_BUFFER_SIMPLE_INIT(simple_buffer_scratch); + + scratch[0] |= PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED; + if (msg == NULL) + sublen = 0; + else + sublen = protobuf_c_message_pack_to_buffer(msg, &simple_buffer.base); + rv += uint32_pack(sublen, scratch + rv); + buffer->append(buffer, rv, scratch); + buffer->append(buffer, sublen, simple_buffer.data); + rv += sublen; + PROTOBUF_C_BUFFER_SIMPLE_CLEAR(&simple_buffer); + break; + } + default: + PROTOBUF_C__ASSERT_NOT_REACHED(); + } + return rv; +} + +/** + * Pack a oneof field to a buffer. Only packs the field that is selected by the case enum. + * + * \param field + * Field descriptor. + * \param oneof_case + * Enum value that selects the field in the oneof. + * \param member + * The element to be packed. + * \param[out] buffer + * Virtual buffer to append data to. + * \return + * Number of bytes serialised to `buffer`. + */ +static size_t +oneof_field_pack_to_buffer(const ProtobufCFieldDescriptor *field, + uint32_t oneof_case, + const void *member, ProtobufCBuffer *buffer) +{ + if (oneof_case != field->id) { + return 0; + } + if (field->type == PROTOBUF_C_TYPE_MESSAGE || + field->type == PROTOBUF_C_TYPE_STRING) + { + const void *ptr = *(const void *const *) member; + if (ptr == NULL || ptr == field->default_value) + return 0; + } + return required_field_pack_to_buffer(field, member, buffer); +} + +/** + * Pack an optional field to a buffer. + * + * \param field + * Field descriptor. + * \param has + * Whether the field is set. + * \param member + * The element to be packed. + * \param[out] buffer + * Virtual buffer to append data to. + * \return + * Number of bytes serialised to `buffer`. + */ +static size_t +optional_field_pack_to_buffer(const ProtobufCFieldDescriptor *field, + const protobuf_c_boolean has, + const void *member, ProtobufCBuffer *buffer) +{ + if (field->type == PROTOBUF_C_TYPE_MESSAGE || + field->type == PROTOBUF_C_TYPE_STRING) + { + const void *ptr = *(const void *const *) member; + if (ptr == NULL || ptr == field->default_value) + return 0; + } else { + if (!has) + return 0; + } + return required_field_pack_to_buffer(field, member, buffer); +} + +/** + * Pack an unlabeled field to a buffer. + * + * \param field + * Field descriptor. + * \param member + * The element to be packed. + * \param[out] buffer + * Virtual buffer to append data to. + * \return + * Number of bytes serialised to `buffer`. + */ +static size_t +unlabeled_field_pack_to_buffer(const ProtobufCFieldDescriptor *field, + const void *member, ProtobufCBuffer *buffer) +{ + if (field_is_zeroish(field, member)) + return 0; + return required_field_pack_to_buffer(field, member, buffer); +} + +/** + * Get the packed size of an array of same field type. + * + * \param field + * Field descriptor. + * \param count + * Number of elements of this type. + * \param array + * The elements to get the size of. + * \return + * Number of bytes required. + */ +static size_t +get_packed_payload_length(const ProtobufCFieldDescriptor *field, + unsigned count, const void *array) +{ + unsigned rv = 0; + unsigned i; + + switch (field->type) { + case PROTOBUF_C_TYPE_SFIXED32: + case PROTOBUF_C_TYPE_FIXED32: + case PROTOBUF_C_TYPE_FLOAT: + return count * 4; + case PROTOBUF_C_TYPE_SFIXED64: + case PROTOBUF_C_TYPE_FIXED64: + case PROTOBUF_C_TYPE_DOUBLE: + return count * 8; + case PROTOBUF_C_TYPE_ENUM: + case PROTOBUF_C_TYPE_INT32: { + const int32_t *arr = (const int32_t *) array; + for (i = 0; i < count; i++) + rv += int32_size(arr[i]); + break; + } + case PROTOBUF_C_TYPE_SINT32: { + const int32_t *arr = (const int32_t *) array; + for (i = 0; i < count; i++) + rv += sint32_size(arr[i]); + break; + } + case PROTOBUF_C_TYPE_UINT32: { + const uint32_t *arr = (const uint32_t *) array; + for (i = 0; i < count; i++) + rv += uint32_size(arr[i]); + break; + } + case PROTOBUF_C_TYPE_SINT64: { + const int64_t *arr = (const int64_t *) array; + for (i = 0; i < count; i++) + rv += sint64_size(arr[i]); + break; + } + case PROTOBUF_C_TYPE_INT64: + case PROTOBUF_C_TYPE_UINT64: { + const uint64_t *arr = (const uint64_t *) array; + for (i = 0; i < count; i++) + rv += uint64_size(arr[i]); + break; + } + case PROTOBUF_C_TYPE_BOOL: + return count; + default: + PROTOBUF_C__ASSERT_NOT_REACHED(); + } + return rv; +} + +/** + * Pack an array of same field type to a virtual buffer. + * + * \param field + * Field descriptor. + * \param count + * Number of elements of this type. + * \param array + * The elements to get the size of. + * \param[out] buffer + * Virtual buffer to append data to. + * \return + * Number of bytes packed. + */ +static size_t +pack_buffer_packed_payload(const ProtobufCFieldDescriptor *field, + unsigned count, const void *array, + ProtobufCBuffer *buffer) +{ + uint8_t scratch[16]; + size_t rv = 0; + unsigned i; + + switch (field->type) { + case PROTOBUF_C_TYPE_SFIXED32: + case PROTOBUF_C_TYPE_FIXED32: + case PROTOBUF_C_TYPE_FLOAT: +#if !defined(WORDS_BIGENDIAN) + rv = count * 4; + goto no_packing_needed; +#else + for (i = 0; i < count; i++) { + unsigned len = fixed32_pack(((uint32_t *) array)[i], scratch); + buffer->append(buffer, len, scratch); + rv += len; + } + break; +#endif + case PROTOBUF_C_TYPE_SFIXED64: + case PROTOBUF_C_TYPE_FIXED64: + case PROTOBUF_C_TYPE_DOUBLE: +#if !defined(WORDS_BIGENDIAN) + rv = count * 8; + goto no_packing_needed; +#else + for (i = 0; i < count; i++) { + unsigned len = fixed64_pack(((uint64_t *) array)[i], scratch); + buffer->append(buffer, len, scratch); + rv += len; + } + break; +#endif + case PROTOBUF_C_TYPE_ENUM: + case PROTOBUF_C_TYPE_INT32: + for (i = 0; i < count; i++) { + unsigned len = int32_pack(((int32_t *) array)[i], scratch); + buffer->append(buffer, len, scratch); + rv += len; + } + break; + case PROTOBUF_C_TYPE_SINT32: + for (i = 0; i < count; i++) { + unsigned len = sint32_pack(((int32_t *) array)[i], scratch); + buffer->append(buffer, len, scratch); + rv += len; + } + break; + case PROTOBUF_C_TYPE_UINT32: + for (i = 0; i < count; i++) { + unsigned len = uint32_pack(((uint32_t *) array)[i], scratch); + buffer->append(buffer, len, scratch); + rv += len; + } + break; + case PROTOBUF_C_TYPE_SINT64: + for (i = 0; i < count; i++) { + unsigned len = sint64_pack(((int64_t *) array)[i], scratch); + buffer->append(buffer, len, scratch); + rv += len; + } + break; + case PROTOBUF_C_TYPE_INT64: + case PROTOBUF_C_TYPE_UINT64: + for (i = 0; i < count; i++) { + unsigned len = uint64_pack(((uint64_t *) array)[i], scratch); + buffer->append(buffer, len, scratch); + rv += len; + } + break; + case PROTOBUF_C_TYPE_BOOL: + for (i = 0; i < count; i++) { + unsigned len = boolean_pack(((protobuf_c_boolean *) array)[i], scratch); + buffer->append(buffer, len, scratch); + rv += len; + } + return count; + default: + PROTOBUF_C__ASSERT_NOT_REACHED(); + } + return rv; + +#if !defined(WORDS_BIGENDIAN) +no_packing_needed: + buffer->append(buffer, rv, array); + return rv; +#endif +} + +static size_t +repeated_field_pack_to_buffer(const ProtobufCFieldDescriptor *field, + unsigned count, const void *member, + ProtobufCBuffer *buffer) +{ + char *array = *(char * const *) member; + + if (count == 0) + return 0; + if (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_PACKED)) { + uint8_t scratch[MAX_UINT64_ENCODED_SIZE * 2]; + size_t rv = tag_pack(field->id, scratch); + size_t payload_len = get_packed_payload_length(field, count, array); + size_t tmp; + + scratch[0] |= PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED; + rv += uint32_pack(payload_len, scratch + rv); + buffer->append(buffer, rv, scratch); + tmp = pack_buffer_packed_payload(field, count, array, buffer); + assert(tmp == payload_len); + return rv + payload_len; + } else { + size_t siz; + unsigned i; + /* CONSIDER: optimize this case a bit (by putting the loop inside the switch) */ + unsigned rv = 0; + + siz = sizeof_elt_in_repeated_array(field->type); + for (i = 0; i < count; i++) { + rv += required_field_pack_to_buffer(field, array, buffer); + array += siz; + } + return rv; + } +} + +static size_t +unknown_field_pack_to_buffer(const ProtobufCMessageUnknownField *field, + ProtobufCBuffer *buffer) +{ + uint8_t header[MAX_UINT64_ENCODED_SIZE]; + size_t rv = tag_pack(field->tag, header); + + header[0] |= field->wire_type; + buffer->append(buffer, rv, header); + buffer->append(buffer, field->len, field->data); + return rv + field->len; +} + +/**@}*/ + +size_t +protobuf_c_message_pack_to_buffer(const ProtobufCMessage *message, + ProtobufCBuffer *buffer) +{ + unsigned i; + size_t rv = 0; + + ASSERT_IS_MESSAGE(message); + for (i = 0; i < message->descriptor->n_fields; i++) { + const ProtobufCFieldDescriptor *field = + message->descriptor->fields + i; + const void *member = + ((const char *) message) + field->offset; + const void *qmember = + ((const char *) message) + field->quantifier_offset; + + if (field->label == PROTOBUF_C_LABEL_REQUIRED) { + rv += required_field_pack_to_buffer(field, member, buffer); + } else if ((field->label == PROTOBUF_C_LABEL_OPTIONAL || + field->label == PROTOBUF_C_LABEL_NONE) && + (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_ONEOF))) { + rv += oneof_field_pack_to_buffer( + field, + *(const uint32_t *) qmember, + member, + buffer + ); + } else if (field->label == PROTOBUF_C_LABEL_OPTIONAL) { + rv += optional_field_pack_to_buffer( + field, + *(const protobuf_c_boolean *) qmember, + member, + buffer + ); + } else if (field->label == PROTOBUF_C_LABEL_NONE) { + rv += unlabeled_field_pack_to_buffer( + field, + member, + buffer + ); + } else { + rv += repeated_field_pack_to_buffer( + field, + *(const size_t *) qmember, + member, + buffer + ); + } + } + for (i = 0; i < message->n_unknown_fields; i++) + rv += unknown_field_pack_to_buffer(&message->unknown_fields[i], buffer); + + return rv; +} + +/** + * \defgroup unpack unpacking implementation + * + * Routines mainly used by the unpacking functions. + * + * \ingroup internal + * @{ + */ + +static inline int +int_range_lookup(unsigned n_ranges, const ProtobufCIntRange *ranges, int value) +{ + unsigned n; + unsigned start; + + if (n_ranges == 0) + return -1; + start = 0; + n = n_ranges; + while (n > 1) { + unsigned mid = start + n / 2; + + if (value < ranges[mid].start_value) { + n = mid - start; + } else if (value >= ranges[mid].start_value + + (int) (ranges[mid + 1].orig_index - + ranges[mid].orig_index)) + { + unsigned new_start = mid + 1; + n = start + n - new_start; + start = new_start; + } else + return (value - ranges[mid].start_value) + + ranges[mid].orig_index; + } + if (n > 0) { + unsigned start_orig_index = ranges[start].orig_index; + unsigned range_size = + ranges[start + 1].orig_index - start_orig_index; + + if (ranges[start].start_value <= value && + value < (int) (ranges[start].start_value + range_size)) + { + return (value - ranges[start].start_value) + + start_orig_index; + } + } + return -1; +} + +static size_t +parse_tag_and_wiretype(size_t len, + const uint8_t *data, + uint32_t *tag_out, + ProtobufCWireType *wiretype_out) +{ + unsigned max_rv = len > 5 ? 5 : len; + uint32_t tag = (data[0] & 0x7f) >> 3; + unsigned shift = 4; + unsigned rv; + + /* 0 is not a valid tag value */ + if ((data[0] & 0xf8) == 0) { + return 0; + } + + *wiretype_out = data[0] & 7; + if ((data[0] & 0x80) == 0) { + *tag_out = tag; + return 1; + } + for (rv = 1; rv < max_rv; rv++) { + if (data[rv] & 0x80) { + tag |= (data[rv] & 0x7f) << shift; + shift += 7; + } else { + tag |= data[rv] << shift; + *tag_out = tag; + return rv + 1; + } + } + return 0; /* error: bad header */ +} + +/* sizeof(ScannedMember) must be <= (1UL< INT_MAX) { + // Protobuf messages should always be less than 2 GiB in size. + // We also want to return early here so that hdr_len + val does + // not overflow on 32-bit systems. + PROTOBUF_C_UNPACK_ERROR("length prefix of %lu is too large", val); + return 0; + } + if (hdr_len + val > len) { + PROTOBUF_C_UNPACK_ERROR("data too short after length-prefix of %lu", val); + return 0; + } + return hdr_len + val; +} + +static size_t +max_b128_numbers(size_t len, const uint8_t *data) +{ + size_t rv = 0; + while (len--) + if ((*data++ & 0x80) == 0) + ++rv; + return rv; +} + +/**@}*/ + +/** + * Merge earlier message into a latter message. + * + * For numeric types and strings, if the same value appears multiple + * times, the parser accepts the last value it sees. For embedded + * message fields, the parser merges multiple instances of the same + * field. That is, all singular scalar fields in the latter instance + * replace those in the former, singular embedded messages are merged, + * and repeated fields are concatenated. + * + * The earlier message should be freed after calling this function, as + * some of its fields may have been reused and changed to their default + * values during the merge. + */ +static protobuf_c_boolean +merge_messages(ProtobufCMessage *earlier_msg, + ProtobufCMessage *latter_msg, + ProtobufCAllocator *allocator) +{ + unsigned i; + const ProtobufCFieldDescriptor *fields = + latter_msg->descriptor->fields; + for (i = 0; i < latter_msg->descriptor->n_fields; i++) { + if (fields[i].label == PROTOBUF_C_LABEL_REPEATED) { + size_t *n_earlier = + STRUCT_MEMBER_PTR(size_t, earlier_msg, + fields[i].quantifier_offset); + uint8_t **p_earlier = + STRUCT_MEMBER_PTR(uint8_t *, earlier_msg, + fields[i].offset); + size_t *n_latter = + STRUCT_MEMBER_PTR(size_t, latter_msg, + fields[i].quantifier_offset); + uint8_t **p_latter = + STRUCT_MEMBER_PTR(uint8_t *, latter_msg, + fields[i].offset); + + if (*n_earlier > 0) { + if (*n_latter > 0) { + /* Concatenate the repeated field */ + size_t el_size = + sizeof_elt_in_repeated_array(fields[i].type); + uint8_t *new_field; + + new_field = do_alloc(allocator, + (*n_earlier + *n_latter) * el_size); + if (!new_field) + return FALSE; + + memcpy(new_field, *p_earlier, + *n_earlier * el_size); + memcpy(new_field + + *n_earlier * el_size, + *p_latter, + *n_latter * el_size); + + do_free(allocator, *p_latter); + do_free(allocator, *p_earlier); + *p_latter = new_field; + *n_latter = *n_earlier + *n_latter; + } else { + /* Zero copy the repeated field from the earlier message */ + *n_latter = *n_earlier; + *p_latter = *p_earlier; + } + /* Make sure the field does not get double freed */ + *n_earlier = 0; + *p_earlier = 0; + } + } else if (fields[i].label == PROTOBUF_C_LABEL_OPTIONAL || + fields[i].label == PROTOBUF_C_LABEL_NONE) { + const ProtobufCFieldDescriptor *field; + uint32_t *earlier_case_p = STRUCT_MEMBER_PTR(uint32_t, + earlier_msg, + fields[i]. + quantifier_offset); + uint32_t *latter_case_p = STRUCT_MEMBER_PTR(uint32_t, + latter_msg, + fields[i]. + quantifier_offset); + protobuf_c_boolean need_to_merge = FALSE; + void *earlier_elem; + void *latter_elem; + const void *def_val; + + if (fields[i].flags & PROTOBUF_C_FIELD_FLAG_ONEOF) { + if (*latter_case_p == 0) { + /* lookup correct oneof field */ + int field_index = + int_range_lookup( + latter_msg->descriptor + ->n_field_ranges, + latter_msg->descriptor + ->field_ranges, + *earlier_case_p); + if (field_index < 0) + return FALSE; + field = latter_msg->descriptor->fields + + field_index; + } else { + /* Oneof is present in the latter message, move on */ + continue; + } + } else { + field = &fields[i]; + } + + earlier_elem = STRUCT_MEMBER_P(earlier_msg, field->offset); + latter_elem = STRUCT_MEMBER_P(latter_msg, field->offset); + def_val = field->default_value; + + switch (field->type) { + case PROTOBUF_C_TYPE_MESSAGE: { + ProtobufCMessage *em = *(ProtobufCMessage **) earlier_elem; + ProtobufCMessage *lm = *(ProtobufCMessage **) latter_elem; + if (em != NULL) { + if (lm != NULL) { + if (!merge_messages(em, lm, allocator)) + return FALSE; + /* Already merged */ + need_to_merge = FALSE; + } else { + /* Zero copy the message */ + need_to_merge = TRUE; + } + } + break; + } + case PROTOBUF_C_TYPE_BYTES: { + uint8_t *e_data = + ((ProtobufCBinaryData *) earlier_elem)->data; + uint8_t *l_data = + ((ProtobufCBinaryData *) latter_elem)->data; + const ProtobufCBinaryData *d_bd = + (ProtobufCBinaryData *) def_val; + + need_to_merge = + (e_data != NULL && + (d_bd == NULL || + e_data != d_bd->data)) && + (l_data == NULL || + (d_bd != NULL && + l_data == d_bd->data)); + break; + } + case PROTOBUF_C_TYPE_STRING: { + char *e_str = *(char **) earlier_elem; + char *l_str = *(char **) latter_elem; + const char *d_str = def_val; + + need_to_merge = e_str != d_str && l_str == d_str; + break; + } + default: { + /* Could be has field or case enum, the logic is + * equivalent, since 0 (FALSE) means not set for + * oneof */ + need_to_merge = (*earlier_case_p != 0) && + (*latter_case_p == 0); + break; + } + } + + if (need_to_merge) { + size_t el_size = + sizeof_elt_in_repeated_array(field->type); + memcpy(latter_elem, earlier_elem, el_size); + /* + * Reset the element from the old message to 0 + * to make sure earlier message deallocation + * doesn't corrupt zero-copied data in the new + * message, earlier message will be freed after + * this function is called anyway + */ + memset(earlier_elem, 0, el_size); + + if (field->quantifier_offset != 0) { + /* Set the has field or the case enum, + * if applicable */ + *latter_case_p = *earlier_case_p; + *earlier_case_p = 0; + } + } + } + } + return TRUE; +} + +/** + * Count packed elements. + * + * Given a raw slab of packed-repeated values, determine the number of + * elements. This function detects certain kinds of errors but not + * others; the remaining error checking is done by + * parse_packed_repeated_member(). + */ +static protobuf_c_boolean +count_packed_elements(ProtobufCType type, + size_t len, const uint8_t *data, size_t *count_out) +{ + switch (type) { + case PROTOBUF_C_TYPE_SFIXED32: + case PROTOBUF_C_TYPE_FIXED32: + case PROTOBUF_C_TYPE_FLOAT: + if (len % 4 != 0) { + PROTOBUF_C_UNPACK_ERROR("length must be a multiple of 4 for fixed-length 32-bit types"); + return FALSE; + } + *count_out = len / 4; + return TRUE; + case PROTOBUF_C_TYPE_SFIXED64: + case PROTOBUF_C_TYPE_FIXED64: + case PROTOBUF_C_TYPE_DOUBLE: + if (len % 8 != 0) { + PROTOBUF_C_UNPACK_ERROR("length must be a multiple of 8 for fixed-length 64-bit types"); + return FALSE; + } + *count_out = len / 8; + return TRUE; + case PROTOBUF_C_TYPE_ENUM: + case PROTOBUF_C_TYPE_INT32: + case PROTOBUF_C_TYPE_SINT32: + case PROTOBUF_C_TYPE_UINT32: + case PROTOBUF_C_TYPE_INT64: + case PROTOBUF_C_TYPE_SINT64: + case PROTOBUF_C_TYPE_UINT64: + *count_out = max_b128_numbers(len, data); + return TRUE; + case PROTOBUF_C_TYPE_BOOL: + *count_out = len; + return TRUE; + case PROTOBUF_C_TYPE_STRING: + case PROTOBUF_C_TYPE_BYTES: + case PROTOBUF_C_TYPE_MESSAGE: + default: + PROTOBUF_C_UNPACK_ERROR("bad protobuf-c type %u for packed-repeated", type); + return FALSE; + } +} + +static inline uint32_t +parse_uint32(unsigned len, const uint8_t *data) +{ + uint32_t rv = data[0] & 0x7f; + if (len > 1) { + rv |= ((uint32_t) (data[1] & 0x7f) << 7); + if (len > 2) { + rv |= ((uint32_t) (data[2] & 0x7f) << 14); + if (len > 3) { + rv |= ((uint32_t) (data[3] & 0x7f) << 21); + if (len > 4) + rv |= ((uint32_t) (data[4]) << 28); + } + } + } + return rv; +} + +static inline uint32_t +parse_int32(unsigned len, const uint8_t *data) +{ + return parse_uint32(len, data); +} + +static inline int32_t +unzigzag32(uint32_t v) +{ + if (v & 1) + return -(v >> 1) - 1; + else + return v >> 1; +} + +static inline uint32_t +parse_fixed_uint32(const uint8_t *data) +{ +#if !defined(WORDS_BIGENDIAN) + uint32_t t; + memcpy(&t, data, 4); + return t; +#else + return data[0] | + ((uint32_t) (data[1]) << 8) | + ((uint32_t) (data[2]) << 16) | + ((uint32_t) (data[3]) << 24); +#endif +} + +static uint64_t +parse_uint64(unsigned len, const uint8_t *data) +{ + unsigned shift, i; + uint64_t rv; + + if (len < 5) + return parse_uint32(len, data); + rv = ((uint64_t) (data[0] & 0x7f)) | + ((uint64_t) (data[1] & 0x7f) << 7) | + ((uint64_t) (data[2] & 0x7f) << 14) | + ((uint64_t) (data[3] & 0x7f) << 21); + shift = 28; + for (i = 4; i < len; i++) { + rv |= (((uint64_t) (data[i] & 0x7f)) << shift); + shift += 7; + } + return rv; +} + +static inline int64_t +unzigzag64(uint64_t v) +{ + if (v & 1) + return -(v >> 1) - 1; + else + return v >> 1; +} + +static inline uint64_t +parse_fixed_uint64(const uint8_t *data) +{ +#if !defined(WORDS_BIGENDIAN) + uint64_t t; + memcpy(&t, data, 8); + return t; +#else + return (uint64_t) parse_fixed_uint32(data) | + (((uint64_t) parse_fixed_uint32(data + 4)) << 32); +#endif +} + +static protobuf_c_boolean +parse_boolean(unsigned len, const uint8_t *data) +{ + unsigned i; + for (i = 0; i < len; i++) + if (data[i] & 0x7f) + return TRUE; + return FALSE; +} + +static protobuf_c_boolean +parse_required_member(ScannedMember *scanned_member, + void *member, + ProtobufCAllocator *allocator, + protobuf_c_boolean maybe_clear) +{ + unsigned len = scanned_member->len; + const uint8_t *data = scanned_member->data; + ProtobufCWireType wire_type = scanned_member->wire_type; + + switch (scanned_member->field->type) { + case PROTOBUF_C_TYPE_ENUM: + case PROTOBUF_C_TYPE_INT32: + if (wire_type != PROTOBUF_C_WIRE_TYPE_VARINT) + return FALSE; + *(int32_t *) member = parse_int32(len, data); + return TRUE; + case PROTOBUF_C_TYPE_UINT32: + if (wire_type != PROTOBUF_C_WIRE_TYPE_VARINT) + return FALSE; + *(uint32_t *) member = parse_uint32(len, data); + return TRUE; + case PROTOBUF_C_TYPE_SINT32: + if (wire_type != PROTOBUF_C_WIRE_TYPE_VARINT) + return FALSE; + *(int32_t *) member = unzigzag32(parse_uint32(len, data)); + return TRUE; + case PROTOBUF_C_TYPE_SFIXED32: + case PROTOBUF_C_TYPE_FIXED32: + case PROTOBUF_C_TYPE_FLOAT: + if (wire_type != PROTOBUF_C_WIRE_TYPE_32BIT) + return FALSE; + *(uint32_t *) member = parse_fixed_uint32(data); + return TRUE; + case PROTOBUF_C_TYPE_INT64: + case PROTOBUF_C_TYPE_UINT64: + if (wire_type != PROTOBUF_C_WIRE_TYPE_VARINT) + return FALSE; + *(uint64_t *) member = parse_uint64(len, data); + return TRUE; + case PROTOBUF_C_TYPE_SINT64: + if (wire_type != PROTOBUF_C_WIRE_TYPE_VARINT) + return FALSE; + *(int64_t *) member = unzigzag64(parse_uint64(len, data)); + return TRUE; + case PROTOBUF_C_TYPE_SFIXED64: + case PROTOBUF_C_TYPE_FIXED64: + case PROTOBUF_C_TYPE_DOUBLE: + if (wire_type != PROTOBUF_C_WIRE_TYPE_64BIT) + return FALSE; + *(uint64_t *) member = parse_fixed_uint64(data); + return TRUE; + case PROTOBUF_C_TYPE_BOOL: + *(protobuf_c_boolean *) member = parse_boolean(len, data); + return TRUE; + case PROTOBUF_C_TYPE_STRING: { + char **pstr = member; + unsigned pref_len = scanned_member->length_prefix_len; + + if (wire_type != PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED) + return FALSE; + + if (maybe_clear && *pstr != NULL) { + const char *def = scanned_member->field->default_value; + if (*pstr != NULL && *pstr != def) + do_free(allocator, *pstr); + } + *pstr = do_alloc(allocator, len - pref_len + 1); + if (*pstr == NULL) + return FALSE; + memcpy(*pstr, data + pref_len, len - pref_len); + (*pstr)[len - pref_len] = 0; + return TRUE; + } + case PROTOBUF_C_TYPE_BYTES: { + ProtobufCBinaryData *bd = member; + const ProtobufCBinaryData *def_bd; + unsigned pref_len = scanned_member->length_prefix_len; + + if (wire_type != PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED) + return FALSE; + + def_bd = scanned_member->field->default_value; + if (maybe_clear && + bd->data != NULL && + (def_bd == NULL || bd->data != def_bd->data)) + { + do_free(allocator, bd->data); + } + if (len - pref_len > 0) { + bd->data = do_alloc(allocator, len - pref_len); + if (bd->data == NULL) + return FALSE; + memcpy(bd->data, data + pref_len, len - pref_len); + } else { + bd->data = NULL; + } + bd->len = len - pref_len; + return TRUE; + } + case PROTOBUF_C_TYPE_MESSAGE: { + ProtobufCMessage **pmessage = member; + ProtobufCMessage *subm; + const ProtobufCMessage *def_mess; + protobuf_c_boolean merge_successful = TRUE; + unsigned pref_len = scanned_member->length_prefix_len; + + if (wire_type != PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED) + return FALSE; + + def_mess = scanned_member->field->default_value; + subm = protobuf_c_message_unpack(scanned_member->field->descriptor, + allocator, + len - pref_len, + data + pref_len); + + if (maybe_clear && + *pmessage != NULL && + *pmessage != def_mess) + { + if (subm != NULL) + merge_successful = merge_messages(*pmessage, subm, allocator); + /* Delete the previous message */ + protobuf_c_message_free_unpacked(*pmessage, allocator); + } + *pmessage = subm; + if (subm == NULL || !merge_successful) + return FALSE; + return TRUE; + } + } + return FALSE; +} + +static protobuf_c_boolean +parse_oneof_member (ScannedMember *scanned_member, + void *member, + ProtobufCMessage *message, + ProtobufCAllocator *allocator) +{ + uint32_t *oneof_case = STRUCT_MEMBER_PTR(uint32_t, message, + scanned_member->field->quantifier_offset); + + /* If we have already parsed a member of this oneof, free it. */ + if (*oneof_case != 0) { + const ProtobufCFieldDescriptor *old_field; + size_t el_size; + /* lookup field */ + int field_index = + int_range_lookup(message->descriptor->n_field_ranges, + message->descriptor->field_ranges, + *oneof_case); + if (field_index < 0) + return FALSE; + old_field = message->descriptor->fields + field_index; + el_size = sizeof_elt_in_repeated_array(old_field->type); + + switch (old_field->type) { + case PROTOBUF_C_TYPE_STRING: { + char **pstr = member; + const char *def = old_field->default_value; + if (*pstr != NULL && *pstr != def) + do_free(allocator, *pstr); + break; + } + case PROTOBUF_C_TYPE_BYTES: { + ProtobufCBinaryData *bd = member; + const ProtobufCBinaryData *def_bd = old_field->default_value; + if (bd->data != NULL && + (def_bd == NULL || bd->data != def_bd->data)) + { + do_free(allocator, bd->data); + } + break; + } + case PROTOBUF_C_TYPE_MESSAGE: { + ProtobufCMessage **pmessage = member; + const ProtobufCMessage *def_mess = old_field->default_value; + if (*pmessage != NULL && *pmessage != def_mess) + protobuf_c_message_free_unpacked(*pmessage, allocator); + break; + } + default: + break; + } + + memset (member, 0, el_size); + } + if (!parse_required_member (scanned_member, member, allocator, TRUE)) + return FALSE; + + *oneof_case = scanned_member->tag; + return TRUE; +} + + +static protobuf_c_boolean +parse_optional_member(ScannedMember *scanned_member, + void *member, + ProtobufCMessage *message, + ProtobufCAllocator *allocator) +{ + if (!parse_required_member(scanned_member, member, allocator, TRUE)) + return FALSE; + if (scanned_member->field->quantifier_offset != 0) + STRUCT_MEMBER(protobuf_c_boolean, + message, + scanned_member->field->quantifier_offset) = TRUE; + return TRUE; +} + +static protobuf_c_boolean +parse_repeated_member(ScannedMember *scanned_member, + void *member, + ProtobufCMessage *message, + ProtobufCAllocator *allocator) +{ + const ProtobufCFieldDescriptor *field = scanned_member->field; + size_t *p_n = STRUCT_MEMBER_PTR(size_t, message, field->quantifier_offset); + size_t siz = sizeof_elt_in_repeated_array(field->type); + char *array = *(char **) member; + + if (!parse_required_member(scanned_member, array + siz * (*p_n), + allocator, FALSE)) + { + return FALSE; + } + *p_n += 1; + return TRUE; +} + +static unsigned +scan_varint(unsigned len, const uint8_t *data) +{ + unsigned i; + if (len > 10) + len = 10; + for (i = 0; i < len; i++) + if ((data[i] & 0x80) == 0) + break; + if (i == len) + return 0; + return i + 1; +} + +static protobuf_c_boolean +parse_packed_repeated_member(ScannedMember *scanned_member, + void *member, + ProtobufCMessage *message) +{ + const ProtobufCFieldDescriptor *field = scanned_member->field; + size_t *p_n = STRUCT_MEMBER_PTR(size_t, message, field->quantifier_offset); + size_t siz = sizeof_elt_in_repeated_array(field->type); + void *array = *(char **) member + siz * (*p_n); + const uint8_t *at = scanned_member->data + scanned_member->length_prefix_len; + size_t rem = scanned_member->len - scanned_member->length_prefix_len; + size_t count = 0; + unsigned i; + + switch (field->type) { + case PROTOBUF_C_TYPE_SFIXED32: + case PROTOBUF_C_TYPE_FIXED32: + case PROTOBUF_C_TYPE_FLOAT: + count = (scanned_member->len - scanned_member->length_prefix_len) / 4; +#if !defined(WORDS_BIGENDIAN) + goto no_unpacking_needed; +#else + for (i = 0; i < count; i++) { + ((uint32_t *) array)[i] = parse_fixed_uint32(at); + at += 4; + } + break; +#endif + case PROTOBUF_C_TYPE_SFIXED64: + case PROTOBUF_C_TYPE_FIXED64: + case PROTOBUF_C_TYPE_DOUBLE: + count = (scanned_member->len - scanned_member->length_prefix_len) / 8; +#if !defined(WORDS_BIGENDIAN) + goto no_unpacking_needed; +#else + for (i = 0; i < count; i++) { + ((uint64_t *) array)[i] = parse_fixed_uint64(at); + at += 8; + } + break; +#endif + case PROTOBUF_C_TYPE_ENUM: + case PROTOBUF_C_TYPE_INT32: + while (rem > 0) { + unsigned s = scan_varint(rem, at); + if (s == 0) { + PROTOBUF_C_UNPACK_ERROR("bad packed-repeated int32 value"); + return FALSE; + } + ((int32_t *) array)[count++] = parse_int32(s, at); + at += s; + rem -= s; + } + break; + case PROTOBUF_C_TYPE_SINT32: + while (rem > 0) { + unsigned s = scan_varint(rem, at); + if (s == 0) { + PROTOBUF_C_UNPACK_ERROR("bad packed-repeated sint32 value"); + return FALSE; + } + ((int32_t *) array)[count++] = unzigzag32(parse_uint32(s, at)); + at += s; + rem -= s; + } + break; + case PROTOBUF_C_TYPE_UINT32: + while (rem > 0) { + unsigned s = scan_varint(rem, at); + if (s == 0) { + PROTOBUF_C_UNPACK_ERROR("bad packed-repeated enum or uint32 value"); + return FALSE; + } + ((uint32_t *) array)[count++] = parse_uint32(s, at); + at += s; + rem -= s; + } + break; + + case PROTOBUF_C_TYPE_SINT64: + while (rem > 0) { + unsigned s = scan_varint(rem, at); + if (s == 0) { + PROTOBUF_C_UNPACK_ERROR("bad packed-repeated sint64 value"); + return FALSE; + } + ((int64_t *) array)[count++] = unzigzag64(parse_uint64(s, at)); + at += s; + rem -= s; + } + break; + case PROTOBUF_C_TYPE_INT64: + case PROTOBUF_C_TYPE_UINT64: + while (rem > 0) { + unsigned s = scan_varint(rem, at); + if (s == 0) { + PROTOBUF_C_UNPACK_ERROR("bad packed-repeated int64/uint64 value"); + return FALSE; + } + ((int64_t *) array)[count++] = parse_uint64(s, at); + at += s; + rem -= s; + } + break; + case PROTOBUF_C_TYPE_BOOL: + count = rem; + for (i = 0; i < count; i++) { + if (at[i] > 1) { + PROTOBUF_C_UNPACK_ERROR("bad packed-repeated boolean value"); + return FALSE; + } + ((protobuf_c_boolean *) array)[i] = at[i]; + } + break; + default: + PROTOBUF_C__ASSERT_NOT_REACHED(); + } + *p_n += count; + return TRUE; + +#if !defined(WORDS_BIGENDIAN) +no_unpacking_needed: + memcpy(array, at, count * siz); + *p_n += count; + return TRUE; +#endif +} + +static protobuf_c_boolean +is_packable_type(ProtobufCType type) +{ + return + type != PROTOBUF_C_TYPE_STRING && + type != PROTOBUF_C_TYPE_BYTES && + type != PROTOBUF_C_TYPE_MESSAGE; +} + +static protobuf_c_boolean +parse_member(ScannedMember *scanned_member, + ProtobufCMessage *message, + ProtobufCAllocator *allocator) +{ + const ProtobufCFieldDescriptor *field = scanned_member->field; + void *member; + + if (field == NULL) { + ProtobufCMessageUnknownField *ufield = + message->unknown_fields + + (message->n_unknown_fields++); + ufield->tag = scanned_member->tag; + ufield->wire_type = scanned_member->wire_type; + ufield->len = scanned_member->len; + ufield->data = do_alloc(allocator, scanned_member->len); + if (ufield->data == NULL) + return FALSE; + memcpy(ufield->data, scanned_member->data, ufield->len); + return TRUE; + } + member = (char *) message + field->offset; + switch (field->label) { + case PROTOBUF_C_LABEL_REQUIRED: + return parse_required_member(scanned_member, member, + allocator, TRUE); + case PROTOBUF_C_LABEL_OPTIONAL: + case PROTOBUF_C_LABEL_NONE: + if (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_ONEOF)) { + return parse_oneof_member(scanned_member, member, + message, allocator); + } else { + return parse_optional_member(scanned_member, member, + message, allocator); + } + case PROTOBUF_C_LABEL_REPEATED: + if (scanned_member->wire_type == + PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED && + (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_PACKED) || + is_packable_type(field->type))) + { + return parse_packed_repeated_member(scanned_member, + member, message); + } else { + return parse_repeated_member(scanned_member, + member, message, + allocator); + } + } + PROTOBUF_C__ASSERT_NOT_REACHED(); + return 0; +} + +/** + * Initialise messages generated by old code. + * + * This function is used if desc->message_init == NULL (which occurs + * for old code, and which would be useful to support allocating + * descriptors dynamically). + */ +static void +message_init_generic(const ProtobufCMessageDescriptor *desc, + ProtobufCMessage *message) +{ + unsigned i; + + memset(message, 0, desc->sizeof_message); + message->descriptor = desc; + for (i = 0; i < desc->n_fields; i++) { + if (desc->fields[i].default_value != NULL && + desc->fields[i].label != PROTOBUF_C_LABEL_REPEATED) + { + void *field = + STRUCT_MEMBER_P(message, desc->fields[i].offset); + const void *dv = desc->fields[i].default_value; + + switch (desc->fields[i].type) { + case PROTOBUF_C_TYPE_INT32: + case PROTOBUF_C_TYPE_SINT32: + case PROTOBUF_C_TYPE_SFIXED32: + case PROTOBUF_C_TYPE_UINT32: + case PROTOBUF_C_TYPE_FIXED32: + case PROTOBUF_C_TYPE_FLOAT: + case PROTOBUF_C_TYPE_ENUM: + memcpy(field, dv, 4); + break; + case PROTOBUF_C_TYPE_INT64: + case PROTOBUF_C_TYPE_SINT64: + case PROTOBUF_C_TYPE_SFIXED64: + case PROTOBUF_C_TYPE_UINT64: + case PROTOBUF_C_TYPE_FIXED64: + case PROTOBUF_C_TYPE_DOUBLE: + memcpy(field, dv, 8); + break; + case PROTOBUF_C_TYPE_BOOL: + memcpy(field, dv, sizeof(protobuf_c_boolean)); + break; + case PROTOBUF_C_TYPE_BYTES: + memcpy(field, dv, sizeof(ProtobufCBinaryData)); + break; + + case PROTOBUF_C_TYPE_STRING: + case PROTOBUF_C_TYPE_MESSAGE: + /* + * The next line essentially implements a cast + * from const, which is totally unavoidable. + */ + *(const void **) field = dv; + break; + } + } + } +} + +/**@}*/ + +/* + * ScannedMember slabs (an unpacking implementation detail). Before doing real + * unpacking, we first scan through the elements to see how many there are (for + * repeated fields), and which field to use (for non-repeated fields given + * twice). + * + * In order to avoid allocations for small messages, we keep a stack-allocated + * slab of ScannedMembers of size FIRST_SCANNED_MEMBER_SLAB_SIZE (16). After we + * fill that up, we allocate each slab twice as large as the previous one. + */ +#define FIRST_SCANNED_MEMBER_SLAB_SIZE_LOG2 4 + +/* + * The number of slabs, including the stack-allocated ones; choose the number so + * that we would overflow if we needed a slab larger than provided. + */ +#define MAX_SCANNED_MEMBER_SLAB \ + (sizeof(unsigned int)*8 - 1 \ + - BOUND_SIZEOF_SCANNED_MEMBER_LOG2 \ + - FIRST_SCANNED_MEMBER_SLAB_SIZE_LOG2) + +#define REQUIRED_FIELD_BITMAP_SET(index) \ + (required_fields_bitmap[(index)/8] |= (1UL<<((index)%8))) + +#define REQUIRED_FIELD_BITMAP_IS_SET(index) \ + (required_fields_bitmap[(index)/8] & (1UL<<((index)%8))) + +ProtobufCMessage * +protobuf_c_message_unpack(const ProtobufCMessageDescriptor *desc, + ProtobufCAllocator *allocator, + size_t len, const uint8_t *data) +{ + ProtobufCMessage *rv; + size_t rem = len; + const uint8_t *at = data; + const ProtobufCFieldDescriptor *last_field = desc->fields + 0; + ScannedMember first_member_slab[1UL << + FIRST_SCANNED_MEMBER_SLAB_SIZE_LOG2]; + + /* + * scanned_member_slabs[i] is an array of arrays of ScannedMember. + * The first slab (scanned_member_slabs[0] is just a pointer to + * first_member_slab), above. All subsequent slabs will be allocated + * using the allocator. + */ + ScannedMember *scanned_member_slabs[MAX_SCANNED_MEMBER_SLAB + 1]; + unsigned which_slab = 0; /* the slab we are currently populating */ + unsigned in_slab_index = 0; /* number of members in the slab */ + size_t n_unknown = 0; + unsigned f; + unsigned j; + unsigned i_slab; + unsigned last_field_index = 0; + unsigned required_fields_bitmap_len; + unsigned char required_fields_bitmap_stack[16]; + unsigned char *required_fields_bitmap = required_fields_bitmap_stack; + protobuf_c_boolean required_fields_bitmap_alloced = FALSE; + + ASSERT_IS_MESSAGE_DESCRIPTOR(desc); + + if (allocator == NULL) + allocator = &protobuf_c__allocator; + + rv = do_alloc(allocator, desc->sizeof_message); + if (!rv) + return (NULL); + scanned_member_slabs[0] = first_member_slab; + + required_fields_bitmap_len = (desc->n_fields + 7) / 8; + if (required_fields_bitmap_len > sizeof(required_fields_bitmap_stack)) { + required_fields_bitmap = do_alloc(allocator, required_fields_bitmap_len); + if (!required_fields_bitmap) { + do_free(allocator, rv); + return (NULL); + } + required_fields_bitmap_alloced = TRUE; + } + memset(required_fields_bitmap, 0, required_fields_bitmap_len); + + /* + * Generated code always defines "message_init". However, we provide a + * fallback for (1) users of old protobuf-c generated-code that do not + * provide the function, and (2) descriptors constructed from some other + * source (most likely, direct construction from the .proto file). + */ + if (desc->message_init != NULL) + protobuf_c_message_init(desc, rv); + else + message_init_generic(desc, rv); + + while (rem > 0) { + uint32_t tag; + ProtobufCWireType wire_type; + size_t used = parse_tag_and_wiretype(rem, at, &tag, &wire_type); + const ProtobufCFieldDescriptor *field; + ScannedMember tmp; + + if (used == 0) { + PROTOBUF_C_UNPACK_ERROR("error parsing tag/wiretype at offset %u", + (unsigned) (at - data)); + goto error_cleanup_during_scan; + } + /* + * \todo Consider optimizing for field[1].id == tag, if field[1] + * exists! + */ + if (last_field == NULL || last_field->id != tag) { + /* lookup field */ + int field_index = + int_range_lookup(desc->n_field_ranges, + desc->field_ranges, + tag); + if (field_index < 0) { + field = NULL; + n_unknown++; + } else { + field = desc->fields + field_index; + last_field = field; + last_field_index = field_index; + } + } else { + field = last_field; + } + + if (field != NULL && field->label == PROTOBUF_C_LABEL_REQUIRED) + REQUIRED_FIELD_BITMAP_SET(last_field_index); + + at += used; + rem -= used; + tmp.tag = tag; + tmp.wire_type = wire_type; + tmp.field = field; + tmp.data = at; + tmp.length_prefix_len = 0; + + switch (wire_type) { + case PROTOBUF_C_WIRE_TYPE_VARINT: { + unsigned max_len = rem < 10 ? rem : 10; + unsigned i; + + for (i = 0; i < max_len; i++) + if ((at[i] & 0x80) == 0) + break; + if (i == max_len) { + PROTOBUF_C_UNPACK_ERROR("unterminated varint at offset %u", + (unsigned) (at - data)); + goto error_cleanup_during_scan; + } + tmp.len = i + 1; + break; + } + case PROTOBUF_C_WIRE_TYPE_64BIT: + if (rem < 8) { + PROTOBUF_C_UNPACK_ERROR("too short after 64bit wiretype at offset %u", + (unsigned) (at - data)); + goto error_cleanup_during_scan; + } + tmp.len = 8; + break; + case PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED: { + size_t pref_len; + + tmp.len = scan_length_prefixed_data(rem, at, &pref_len); + if (tmp.len == 0) { + /* NOTE: scan_length_prefixed_data calls UNPACK_ERROR */ + goto error_cleanup_during_scan; + } + tmp.length_prefix_len = pref_len; + break; + } + case PROTOBUF_C_WIRE_TYPE_32BIT: + if (rem < 4) { + PROTOBUF_C_UNPACK_ERROR("too short after 32bit wiretype at offset %u", + (unsigned) (at - data)); + goto error_cleanup_during_scan; + } + tmp.len = 4; + break; + default: + PROTOBUF_C_UNPACK_ERROR("unsupported tag %u at offset %u", + wire_type, (unsigned) (at - data)); + goto error_cleanup_during_scan; + } + + if (in_slab_index == (1UL << + (which_slab + FIRST_SCANNED_MEMBER_SLAB_SIZE_LOG2))) + { + size_t size; + + in_slab_index = 0; + if (which_slab == MAX_SCANNED_MEMBER_SLAB) { + PROTOBUF_C_UNPACK_ERROR("too many fields"); + goto error_cleanup_during_scan; + } + which_slab++; + size = sizeof(ScannedMember) + << (which_slab + FIRST_SCANNED_MEMBER_SLAB_SIZE_LOG2); + scanned_member_slabs[which_slab] = do_alloc(allocator, size); + if (scanned_member_slabs[which_slab] == NULL) + goto error_cleanup_during_scan; + } + scanned_member_slabs[which_slab][in_slab_index++] = tmp; + + if (field != NULL && field->label == PROTOBUF_C_LABEL_REPEATED) { + size_t *n = STRUCT_MEMBER_PTR(size_t, rv, + field->quantifier_offset); + if (wire_type == PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED && + (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_PACKED) || + is_packable_type(field->type))) + { + size_t count; + if (!count_packed_elements(field->type, + tmp.len - + tmp.length_prefix_len, + tmp.data + + tmp.length_prefix_len, + &count)) + { + PROTOBUF_C_UNPACK_ERROR("counting packed elements"); + goto error_cleanup_during_scan; + } + *n += count; + } else { + *n += 1; + } + } + + at += tmp.len; + rem -= tmp.len; + } + + /* allocate space for repeated fields, also check that all required fields have been set */ + for (f = 0; f < desc->n_fields; f++) { + const ProtobufCFieldDescriptor *field = desc->fields + f; + if (field->label == PROTOBUF_C_LABEL_REPEATED) { + size_t siz = + sizeof_elt_in_repeated_array(field->type); + size_t *n_ptr = + STRUCT_MEMBER_PTR(size_t, rv, + field->quantifier_offset); + if (*n_ptr != 0) { + unsigned n = *n_ptr; + void *a; + *n_ptr = 0; + assert(rv->descriptor != NULL); +#define CLEAR_REMAINING_N_PTRS() \ + for(f++;f < desc->n_fields; f++) \ + { \ + field = desc->fields + f; \ + if (field->label == PROTOBUF_C_LABEL_REPEATED) \ + STRUCT_MEMBER (size_t, rv, field->quantifier_offset) = 0; \ + } + a = do_alloc(allocator, siz * n); + if (!a) { + CLEAR_REMAINING_N_PTRS(); + goto error_cleanup; + } + STRUCT_MEMBER(void *, rv, field->offset) = a; + } + } else if (field->label == PROTOBUF_C_LABEL_REQUIRED) { + if (field->default_value == NULL && + !REQUIRED_FIELD_BITMAP_IS_SET(f)) + { + CLEAR_REMAINING_N_PTRS(); + PROTOBUF_C_UNPACK_ERROR("message '%s': missing required field '%s'", + desc->name, field->name); + goto error_cleanup; + } + } + } +#undef CLEAR_REMAINING_N_PTRS + + /* allocate space for unknown fields */ + if (n_unknown) { + rv->unknown_fields = do_alloc(allocator, + n_unknown * sizeof(ProtobufCMessageUnknownField)); + if (rv->unknown_fields == NULL) + goto error_cleanup; + } + + /* do real parsing */ + for (i_slab = 0; i_slab <= which_slab; i_slab++) { + unsigned max = (i_slab == which_slab) ? + in_slab_index : (1UL << (i_slab + 4)); + ScannedMember *slab = scanned_member_slabs[i_slab]; + + for (j = 0; j < max; j++) { + if (!parse_member(slab + j, rv, allocator)) { + PROTOBUF_C_UNPACK_ERROR("error parsing member %s of %s", + slab->field ? slab->field->name : "*unknown-field*", + desc->name); + goto error_cleanup; + } + } + } + + /* cleanup */ + for (j = 1; j <= which_slab; j++) + do_free(allocator, scanned_member_slabs[j]); + if (required_fields_bitmap_alloced) + do_free(allocator, required_fields_bitmap); + return rv; + +error_cleanup: + protobuf_c_message_free_unpacked(rv, allocator); + for (j = 1; j <= which_slab; j++) + do_free(allocator, scanned_member_slabs[j]); + if (required_fields_bitmap_alloced) + do_free(allocator, required_fields_bitmap); + return NULL; + +error_cleanup_during_scan: + do_free(allocator, rv); + for (j = 1; j <= which_slab; j++) + do_free(allocator, scanned_member_slabs[j]); + if (required_fields_bitmap_alloced) + do_free(allocator, required_fields_bitmap); + return NULL; +} + +void +protobuf_c_message_free_unpacked(ProtobufCMessage *message, + ProtobufCAllocator *allocator) +{ + const ProtobufCMessageDescriptor *desc; + unsigned f; + + if (message == NULL) + return; + + desc = message->descriptor; + + ASSERT_IS_MESSAGE(message); + + if (allocator == NULL) + allocator = &protobuf_c__allocator; + message->descriptor = NULL; + for (f = 0; f < desc->n_fields; f++) { + if (0 != (desc->fields[f].flags & PROTOBUF_C_FIELD_FLAG_ONEOF) && + desc->fields[f].id != + STRUCT_MEMBER(uint32_t, message, desc->fields[f].quantifier_offset)) + { + /* This is not the selected oneof, skip it */ + continue; + } + + if (desc->fields[f].label == PROTOBUF_C_LABEL_REPEATED) { + size_t n = STRUCT_MEMBER(size_t, + message, + desc->fields[f].quantifier_offset); + void *arr = STRUCT_MEMBER(void *, + message, + desc->fields[f].offset); + + if (arr != NULL) { + if (desc->fields[f].type == PROTOBUF_C_TYPE_STRING) { + unsigned i; + for (i = 0; i < n; i++) + do_free(allocator, ((char **) arr)[i]); + } else if (desc->fields[f].type == PROTOBUF_C_TYPE_BYTES) { + unsigned i; + for (i = 0; i < n; i++) + do_free(allocator, ((ProtobufCBinaryData *) arr)[i].data); + } else if (desc->fields[f].type == PROTOBUF_C_TYPE_MESSAGE) { + unsigned i; + for (i = 0; i < n; i++) + protobuf_c_message_free_unpacked( + ((ProtobufCMessage **) arr)[i], + allocator + ); + } + do_free(allocator, arr); + } + } else if (desc->fields[f].type == PROTOBUF_C_TYPE_STRING) { + char *str = STRUCT_MEMBER(char *, message, + desc->fields[f].offset); + + if (str && str != desc->fields[f].default_value) + do_free(allocator, str); + } else if (desc->fields[f].type == PROTOBUF_C_TYPE_BYTES) { + void *data = STRUCT_MEMBER(ProtobufCBinaryData, message, + desc->fields[f].offset).data; + const ProtobufCBinaryData *default_bd; + + default_bd = desc->fields[f].default_value; + if (data != NULL && + (default_bd == NULL || + default_bd->data != data)) + { + do_free(allocator, data); + } + } else if (desc->fields[f].type == PROTOBUF_C_TYPE_MESSAGE) { + ProtobufCMessage *sm; + + sm = STRUCT_MEMBER(ProtobufCMessage *, message, + desc->fields[f].offset); + if (sm && sm != desc->fields[f].default_value) + protobuf_c_message_free_unpacked(sm, allocator); + } + } + + for (f = 0; f < message->n_unknown_fields; f++) + do_free(allocator, message->unknown_fields[f].data); + if (message->unknown_fields != NULL) + do_free(allocator, message->unknown_fields); + + do_free(allocator, message); +} + +void +protobuf_c_message_init(const ProtobufCMessageDescriptor * descriptor, + void *message) +{ + descriptor->message_init((ProtobufCMessage *) (message)); +} + +protobuf_c_boolean +protobuf_c_message_check(const ProtobufCMessage *message) +{ + unsigned i; + + if (!message || + !message->descriptor || + message->descriptor->magic != PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC) + { + return FALSE; + } + + for (i = 0; i < message->descriptor->n_fields; i++) { + const ProtobufCFieldDescriptor *f = message->descriptor->fields + i; + ProtobufCType type = f->type; + ProtobufCLabel label = f->label; + void *field = STRUCT_MEMBER_P (message, f->offset); + + if (f->flags & PROTOBUF_C_FIELD_FLAG_ONEOF) { + const uint32_t *oneof_case = STRUCT_MEMBER_P (message, f->quantifier_offset); + if (f->id != *oneof_case) { + continue; //Do not check if it is an unpopulated oneof member. + } + } + + if (label == PROTOBUF_C_LABEL_REPEATED) { + size_t *quantity = STRUCT_MEMBER_P (message, f->quantifier_offset); + + if (*quantity > 0 && *(void **) field == NULL) { + return FALSE; + } + + if (type == PROTOBUF_C_TYPE_MESSAGE) { + ProtobufCMessage **submessage = *(ProtobufCMessage ***) field; + unsigned j; + for (j = 0; j < *quantity; j++) { + if (!protobuf_c_message_check(submessage[j])) + return FALSE; + } + } else if (type == PROTOBUF_C_TYPE_STRING) { + char **string = *(char ***) field; + unsigned j; + for (j = 0; j < *quantity; j++) { + if (!string[j]) + return FALSE; + } + } else if (type == PROTOBUF_C_TYPE_BYTES) { + ProtobufCBinaryData *bd = *(ProtobufCBinaryData **) field; + unsigned j; + for (j = 0; j < *quantity; j++) { + if (bd[j].len > 0 && bd[j].data == NULL) + return FALSE; + } + } + + } else { /* PROTOBUF_C_LABEL_REQUIRED or PROTOBUF_C_LABEL_OPTIONAL */ + + if (type == PROTOBUF_C_TYPE_MESSAGE) { + ProtobufCMessage *submessage = *(ProtobufCMessage **) field; + if (label == PROTOBUF_C_LABEL_REQUIRED || submessage != NULL) { + if (!protobuf_c_message_check(submessage)) + return FALSE; + } + } else if (type == PROTOBUF_C_TYPE_STRING) { + char *string = *(char **) field; + if (label == PROTOBUF_C_LABEL_REQUIRED && string == NULL) + return FALSE; + } else if (type == PROTOBUF_C_TYPE_BYTES) { + protobuf_c_boolean *has = STRUCT_MEMBER_P (message, f->quantifier_offset); + ProtobufCBinaryData *bd = field; + if (label == PROTOBUF_C_LABEL_REQUIRED || *has == TRUE) { + if (bd->len > 0 && bd->data == NULL) + return FALSE; + } + } + } + } + + return TRUE; +} + +/* === services === */ + +typedef void (*GenericHandler) (void *service, + const ProtobufCMessage *input, + ProtobufCClosure closure, + void *closure_data); +void +protobuf_c_service_invoke_internal(ProtobufCService *service, + unsigned method_index, + const ProtobufCMessage *input, + ProtobufCClosure closure, + void *closure_data) +{ + GenericHandler *handlers; + GenericHandler handler; + + /* + * Verify that method_index is within range. If this fails, you are + * likely invoking a newly added method on an old service. (Although + * other memory corruption bugs can cause this assertion too.) + */ + assert(method_index < service->descriptor->n_methods); + + /* + * Get the array of virtual methods (which are enumerated by the + * generated code). + */ + handlers = (GenericHandler *) (service + 1); + + /* + * Get our method and invoke it. + * \todo Seems like handler == NULL is a situation that needs handling. + */ + handler = handlers[method_index]; + (*handler)(service, input, closure, closure_data); +} + +void +protobuf_c_service_generated_init(ProtobufCService *service, + const ProtobufCServiceDescriptor *descriptor, + ProtobufCServiceDestroy destroy) +{ + ASSERT_IS_SERVICE_DESCRIPTOR(descriptor); + service->descriptor = descriptor; + service->destroy = destroy; + service->invoke = protobuf_c_service_invoke_internal; + memset(service + 1, 0, descriptor->n_methods * sizeof(GenericHandler)); +} + +void protobuf_c_service_destroy(ProtobufCService *service) +{ + service->destroy(service); +} + +/* --- querying the descriptors --- */ + +const ProtobufCEnumValue * +protobuf_c_enum_descriptor_get_value_by_name(const ProtobufCEnumDescriptor *desc, + const char *name) +{ + unsigned start = 0; + unsigned count; + + if (desc == NULL || desc->values_by_name == NULL) + return NULL; + + count = desc->n_value_names; + + while (count > 1) { + unsigned mid = start + count / 2; + int rv = strcmp(desc->values_by_name[mid].name, name); + if (rv == 0) + return desc->values + desc->values_by_name[mid].index; + else if (rv < 0) { + count = start + count - (mid + 1); + start = mid + 1; + } else + count = mid - start; + } + if (count == 0) + return NULL; + if (strcmp(desc->values_by_name[start].name, name) == 0) + return desc->values + desc->values_by_name[start].index; + return NULL; +} + +const ProtobufCEnumValue * +protobuf_c_enum_descriptor_get_value(const ProtobufCEnumDescriptor *desc, + int value) +{ + int rv = int_range_lookup(desc->n_value_ranges, desc->value_ranges, value); + if (rv < 0) + return NULL; + return desc->values + rv; +} + +const ProtobufCFieldDescriptor * +protobuf_c_message_descriptor_get_field_by_name(const ProtobufCMessageDescriptor *desc, + const char *name) +{ + unsigned start = 0; + unsigned count; + const ProtobufCFieldDescriptor *field; + + if (desc == NULL || desc->fields_sorted_by_name == NULL) + return NULL; + + count = desc->n_fields; + + while (count > 1) { + unsigned mid = start + count / 2; + int rv; + field = desc->fields + desc->fields_sorted_by_name[mid]; + rv = strcmp(field->name, name); + if (rv == 0) + return field; + else if (rv < 0) { + count = start + count - (mid + 1); + start = mid + 1; + } else + count = mid - start; + } + if (count == 0) + return NULL; + field = desc->fields + desc->fields_sorted_by_name[start]; + if (strcmp(field->name, name) == 0) + return field; + return NULL; +} + +const ProtobufCFieldDescriptor * +protobuf_c_message_descriptor_get_field(const ProtobufCMessageDescriptor *desc, + unsigned value) +{ + int rv = int_range_lookup(desc->n_field_ranges,desc->field_ranges, value); + if (rv < 0) + return NULL; + return desc->fields + rv; +} + +const ProtobufCMethodDescriptor * +protobuf_c_service_descriptor_get_method_by_name(const ProtobufCServiceDescriptor *desc, + const char *name) +{ + unsigned start = 0; + unsigned count; + + if (desc == NULL || desc->method_indices_by_name == NULL) + return NULL; + + count = desc->n_methods; + + while (count > 1) { + unsigned mid = start + count / 2; + unsigned mid_index = desc->method_indices_by_name[mid]; + const char *mid_name = desc->methods[mid_index].name; + int rv = strcmp(mid_name, name); + + if (rv == 0) + return desc->methods + desc->method_indices_by_name[mid]; + if (rv < 0) { + count = start + count - (mid + 1); + start = mid + 1; + } else { + count = mid - start; + } + } + if (count == 0) + return NULL; + if (strcmp(desc->methods[desc->method_indices_by_name[start]].name, name) == 0) + return desc->methods + desc->method_indices_by_name[start]; + return NULL; +} diff -Nru sudo-1.8.31/lib/util/aix.c sudo-1.9.0/lib/util/aix.c --- sudo-1.8.31/lib/util/aix.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/aix.c 2020-05-11 16:28:23.000000000 +0000 @@ -73,7 +73,7 @@ static int aix_getlimit(char *user, char *lim, int *valp) { - debug_decl(aix_getlimit, SUDO_DEBUG_UTIL) + debug_decl(aix_getlimit, SUDO_DEBUG_UTIL); if (getuserattr(user, lim, valp, SEC_INT) != 0) debug_return_int(-1); @@ -86,7 +86,7 @@ struct rlimit64 rlim; int val; size_t n; - debug_decl(aix_setlimits, SUDO_DEBUG_UTIL) + debug_decl(aix_setlimits, SUDO_DEBUG_UTIL); if (setuserdb(S_READ) != 0) { sudo_warn(U_("unable to open userdb")); @@ -162,7 +162,7 @@ { int serrno = errno; int ret = -1; - debug_decl(aix_getauthregistry, SUDO_DEBUG_UTIL) + debug_decl(aix_getauthregistry, SUDO_DEBUG_UTIL); saved_registry[0] = '\0'; if (user != NULL) { @@ -213,7 +213,7 @@ authdb_t regbuf; int serrno = errno; int ret = -1; - debug_decl(aix_setauthdb, SUDO_DEBUG_UTIL) + debug_decl(aix_setauthdb, SUDO_DEBUG_UTIL); if (user != NULL) { /* Look up authentication registry if one is not provided. */ @@ -246,7 +246,7 @@ { int serrno = errno; int ret = 0; - debug_decl(aix_setauthdb, SUDO_DEBUG_UTIL) + debug_decl(aix_setauthdb, SUDO_DEBUG_UTIL); if (setauthdb(old_registry, NULL) != 0) { sudo_warn(U_("unable to restore registry")); @@ -266,7 +266,7 @@ { char *info; int len; - debug_decl(aix_setauthdb, SUDO_DEBUG_UTIL) + debug_decl(aix_setauthdb, SUDO_DEBUG_UTIL); /* set usrinfo, like login(1) does */ len = asprintf(&info, "NAME=%s%cLOGIN=%s%cLOGNAME=%s%cTTY=%s%c", diff -Nru sudo-1.8.31/lib/util/arc4random_buf.c sudo-1.9.0/lib/util/arc4random_buf.c --- sudo-1.8.31/lib/util/arc4random_buf.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/util/arc4random_buf.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,69 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#ifndef HAVE_ARC4RANDOM_BUF + +#include +#include +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif + +#include "sudo_compat.h" +#include "sudo_rand.h" + +/* + * Call arc4random() repeatedly to fill buf with n bytes of random data. + */ +void +sudo_arc4random_buf(void *buf, size_t n) +{ + char *cp = buf; + + while (n != 0) { + size_t m = minimum(n, 4); + uint32_t val = arc4random(); + + switch (m) { + case 4: + *cp++ = (val >> 24) & 0xff; + /* FALLTHROUGH */ + case 3: + *cp++ = (val >> 16) & 0xff; + /* FALLTHROUGH */ + case 2: + *cp++ = (val >> 8) & 0xff; + /* FALLTHROUGH */ + case 1: + *cp++ = val & 0xff; + break; + } + n -= m; + } +} + +#endif /* HAVE_ARC4RANDOM_BUF */ diff -Nru sudo-1.8.31/lib/util/arc4random.c sudo-1.9.0/lib/util/arc4random.c --- sudo-1.8.31/lib/util/arc4random.c 2020-01-28 16:49:16.000000000 +0000 +++ sudo-1.9.0/lib/util/arc4random.c 2020-05-11 16:28:23.000000000 +0000 @@ -148,7 +148,6 @@ rs_have = sizeof(rs_buf) - KEYSZ - IVSZ; } -#ifdef notdef static inline void _rs_random_buf(void *_buf, size_t n) { @@ -171,7 +170,6 @@ _rs_rekey(NULL, 0); } } -#endif static inline void _rs_random_u32(uint32_t *val) @@ -198,7 +196,6 @@ return val; } -#ifdef notdef void sudo_arc4random_buf(void *buf, size_t n) { @@ -206,6 +203,5 @@ _rs_random_buf(buf, n); _ARC4_UNLOCK(); } -#endif #endif /* HAVE_ARC4RANDOM */ diff -Nru sudo-1.8.31/lib/util/cfmakeraw.c sudo-1.9.0/lib/util/cfmakeraw.c --- sudo-1.8.31/lib/util/cfmakeraw.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/util/cfmakeraw.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,59 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include + +#include "sudo_compat.h" + +/* Non-standard termios input flags */ +#ifndef IUCLC +# define IUCLC 0 +#endif +#ifndef IMAXBEL +# define IMAXBEL 0 +#endif + +/* Non-standard termios local flags */ +#ifndef IEXTEN +# define IEXTEN 0 +#endif + +/* + * Set termios to raw mode (BSD extension). + */ +void +sudo_cfmakeraw(struct termios *term) +{ + /* Set terminal to raw mode */ + CLR(term->c_iflag, + IGNBRK|BRKINT|PARMRK|ISTRIP|INLCR|IGNCR|ICRNL|IXON|IMAXBEL|IUCLC); + CLR(term->c_oflag, OPOST); + CLR(term->c_lflag, ECHO|ECHONL|ICANON|ISIG|IEXTEN); + CLR(term->c_cflag, CSIZE|PARENB); + SET(term->c_cflag, CS8); + term->c_cc[VMIN] = 1; + term->c_cc[VTIME] = 0; +} diff -Nru sudo-1.8.31/lib/util/closefrom.c sudo-1.9.0/lib/util/closefrom.c --- sudo-1.8.31/lib/util/closefrom.c 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/lib/util/closefrom.c 2020-05-11 16:28:23.000000000 +0000 @@ -42,8 +42,8 @@ #include "sudo_util.h" #include "pathnames.h" -#ifndef _POSIX_OPEN_MAX -# define _POSIX_OPEN_MAX 20 +#ifndef OPEN_MAX +# define OPEN_MAX 256 #endif /* @@ -56,13 +56,19 @@ long fd, maxfd; /* - * Fall back on sysconf(_SC_OPEN_MAX). We avoid checking - * resource limits since it is possible to open a file descriptor - * and then drop the rlimit such that it is below the open fd. + * Fall back on sysconf(_SC_OPEN_MAX). This is equivalent to + * checking the RLIMIT_NOFILE soft limit. It is possible for + * there to be open file descriptors past this limit but there's + * not much we can do about that since the hard limit may be + * RLIM_INFINITY (LLONG_MAX or ULLONG_MAX on modern systems). */ maxfd = sysconf(_SC_OPEN_MAX); - if (maxfd < 0) - maxfd = _POSIX_OPEN_MAX; + if (maxfd < OPEN_MAX) + maxfd = OPEN_MAX; + + /* Make sure we didn't get RLIM_INFINITY as the upper limit. */ + if (maxfd > INT_MAX) + maxfd = INT_MAX; for (fd = lowfd; fd < maxfd; fd++) { #ifdef __APPLE__ diff -Nru sudo-1.8.31/lib/util/digest.c sudo-1.9.0/lib/util/digest.c --- sudo-1.8.31/lib/util/digest.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/digest.c 2020-05-11 16:28:23.000000000 +0000 @@ -96,7 +96,7 @@ struct sudo_digest * sudo_digest_alloc_v1(int digest_type) { - debug_decl(sudo_digest_alloc, SUDO_DEBUG_UTIL) + debug_decl(sudo_digest_alloc, SUDO_DEBUG_UTIL); struct digest_function *func = NULL; struct sudo_digest *dig; int i; @@ -123,7 +123,7 @@ void sudo_digest_free_v1(struct sudo_digest *dig) { - debug_decl(sudo_digest_free, SUDO_DEBUG_UTIL) + debug_decl(sudo_digest_free, SUDO_DEBUG_UTIL); free(dig); @@ -133,7 +133,7 @@ void sudo_digest_reset_v1(struct sudo_digest *dig) { - debug_decl(sudo_digest_reset, SUDO_DEBUG_UTIL) + debug_decl(sudo_digest_reset, SUDO_DEBUG_UTIL); dig->func->init(&dig->ctx); @@ -143,7 +143,7 @@ int sudo_digest_getlen_v1(int digest_type) { - debug_decl(sudo_digest_getlen, SUDO_DEBUG_UTIL) + debug_decl(sudo_digest_getlen, SUDO_DEBUG_UTIL); int i; for (i = 0; digest_functions[i].digest_len != 0; i++) { @@ -157,7 +157,7 @@ void sudo_digest_update_v1(struct sudo_digest *dig, const void *data, size_t len) { - debug_decl(sudo_digest_update, SUDO_DEBUG_UTIL) + debug_decl(sudo_digest_update, SUDO_DEBUG_UTIL); dig->func->update(&dig->ctx, data, len); @@ -167,7 +167,7 @@ void sudo_digest_final_v1(struct sudo_digest *dig, unsigned char *md) { - debug_decl(sudo_digest_final, SUDO_DEBUG_UTIL) + debug_decl(sudo_digest_final, SUDO_DEBUG_UTIL); dig->func->final(md, &dig->ctx); diff -Nru sudo-1.8.31/lib/util/digest_gcrypt.c sudo-1.9.0/lib/util/digest_gcrypt.c --- sudo-1.8.31/lib/util/digest_gcrypt.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/digest_gcrypt.c 2020-05-11 16:28:23.000000000 +0000 @@ -56,16 +56,12 @@ switch (digest_type) { case SUDO_DIGEST_SHA224: return GCRY_MD_SHA224; - break; case SUDO_DIGEST_SHA256: return GCRY_MD_SHA256; - break; case SUDO_DIGEST_SHA384: return GCRY_MD_SHA384; - break; case SUDO_DIGEST_SHA512: return GCRY_MD_SHA512; - break; default: return -1; } @@ -74,7 +70,7 @@ struct sudo_digest * sudo_digest_alloc_v1(int digest_type) { - debug_decl(sudo_digest_alloc, SUDO_DEBUG_UTIL) + debug_decl(sudo_digest_alloc, SUDO_DEBUG_UTIL); struct sudo_digest *dig; int gcry_digest_type; @@ -100,7 +96,7 @@ void sudo_digest_free_v1(struct sudo_digest *dig) { - debug_decl(sudo_digest_free, SUDO_DEBUG_UTIL) + debug_decl(sudo_digest_free, SUDO_DEBUG_UTIL); if (dig != NULL) { gcry_md_close(dig->ctx); @@ -113,7 +109,7 @@ void sudo_digest_reset_v1(struct sudo_digest *dig) { - debug_decl(sudo_digest_reset, SUDO_DEBUG_UTIL) + debug_decl(sudo_digest_reset, SUDO_DEBUG_UTIL); gcry_md_reset(dig->ctx); @@ -123,7 +119,7 @@ int sudo_digest_getlen_v1(int digest_type) { - debug_decl(sudo_digest_getlen, SUDO_DEBUG_UTIL) + debug_decl(sudo_digest_getlen, SUDO_DEBUG_UTIL); int gcry_digest_type; gcry_digest_type = sudo_digest_type_to_gcry(digest_type); @@ -136,7 +132,7 @@ void sudo_digest_update_v1(struct sudo_digest *dig, const void *data, size_t len) { - debug_decl(sudo_digest_update, SUDO_DEBUG_UTIL) + debug_decl(sudo_digest_update, SUDO_DEBUG_UTIL); gcry_md_write(dig->ctx, data, len); @@ -146,7 +142,7 @@ void sudo_digest_final_v1(struct sudo_digest *dig, unsigned char *md) { - debug_decl(sudo_digest_final, SUDO_DEBUG_UTIL) + debug_decl(sudo_digest_final, SUDO_DEBUG_UTIL); gcry_md_final(dig->ctx); memcpy(md, gcry_md_read(dig->ctx, 0), dig->digest_len); diff -Nru sudo-1.8.31/lib/util/digest_openssl.c sudo-1.9.0/lib/util/digest_openssl.c --- sudo-1.8.31/lib/util/digest_openssl.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/digest_openssl.c 2020-05-11 16:28:23.000000000 +0000 @@ -87,7 +87,7 @@ struct sudo_digest * sudo_digest_alloc_v1(int digest_type) { - debug_decl(sudo_digest_alloc, SUDO_DEBUG_UTIL) + debug_decl(sudo_digest_alloc, SUDO_DEBUG_UTIL); struct digest_function *func = NULL; struct sudo_digest *dig; int i; @@ -114,7 +114,7 @@ void sudo_digest_free_v1(struct sudo_digest *dig) { - debug_decl(sudo_digest_free, SUDO_DEBUG_UTIL) + debug_decl(sudo_digest_free, SUDO_DEBUG_UTIL); free(dig); @@ -124,7 +124,7 @@ void sudo_digest_reset_v1(struct sudo_digest *dig) { - debug_decl(sudo_digest_reset, SUDO_DEBUG_UTIL) + debug_decl(sudo_digest_reset, SUDO_DEBUG_UTIL); dig->func->init(&dig->ctx); @@ -133,7 +133,7 @@ int sudo_digest_getlen_v1(int digest_type) { - debug_decl(sudo_digest_getlen, SUDO_DEBUG_UTIL) + debug_decl(sudo_digest_getlen, SUDO_DEBUG_UTIL); int i; for (i = 0; digest_functions[i].digest_len != 0; i++) { @@ -147,7 +147,7 @@ void sudo_digest_update_v1(struct sudo_digest *dig, const void *data, size_t len) { - debug_decl(sudo_digest_update, SUDO_DEBUG_UTIL) + debug_decl(sudo_digest_update, SUDO_DEBUG_UTIL); dig->func->update(&dig->ctx, data, len); @@ -157,7 +157,7 @@ void sudo_digest_final_v1(struct sudo_digest *dig, unsigned char *md) { - debug_decl(sudo_digest_final, SUDO_DEBUG_UTIL) + debug_decl(sudo_digest_final, SUDO_DEBUG_UTIL); dig->func->final(md, &dig->ctx); diff -Nru sudo-1.8.31/lib/util/dup3.c sudo-1.9.0/lib/util/dup3.c --- sudo-1.8.31/lib/util/dup3.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/util/dup3.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,76 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2013 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#ifndef HAVE_DUP3 + +#include + +#include +#include +#include + +#include "sudo_compat.h" + +int +sudo_dup3(int oldd, int newd, int flags) +{ + int oflags; + + if (oldd == newd) { + errno = EINVAL; + return -1; + } + + if (dup2(oldd, newd) == -1) + return -1; + + oflags = fcntl(newd, F_GETFL, 0); + if (oflags == -1) + goto bad; + + if (ISSET(flags, O_NONBLOCK)) { + if (!ISSET(oflags, O_NONBLOCK)) { + SET(oflags, O_NONBLOCK); + if (fcntl(newd, F_SETFL, oflags) == -1) + goto bad; + } + } else { + if (ISSET(oflags, O_NONBLOCK)) { + CLR(oflags, O_NONBLOCK); + if (fcntl(newd, F_SETFL, oflags) == -1) + goto bad; + } + } + if (ISSET(flags, O_CLOEXEC)) { + if (fcntl(newd, F_SETFD, FD_CLOEXEC) == -1) + goto bad; + } + return 0; +bad: + close(newd); + return -1; +} + +#endif /* HAVE_DUP3 */ diff -Nru sudo-1.8.31/lib/util/event.c sudo-1.9.0/lib/util/event.c --- sudo-1.8.31/lib/util/event.c 2019-10-28 12:27:45.000000000 +0000 +++ sudo-1.9.0/lib/util/event.c 2020-05-11 16:28:23.000000000 +0000 @@ -86,7 +86,7 @@ sudo_ev_deactivate_all(struct sudo_event_base *base) { struct sudo_event *ev; - debug_decl(sudo_ev_deactivate_all, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_deactivate_all, SUDO_DEBUG_EVENT); while ((ev = TAILQ_FIRST(&base->active)) != NULL) sudo_ev_deactivate(base, ev); @@ -104,7 +104,7 @@ struct sudo_event *ev; sigset_t set, oset; int i; - debug_decl(sudo_ev_activate_sigevents, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_activate_sigevents, SUDO_DEBUG_EVENT); /* * We treat this as a critical section since the signal handler @@ -148,7 +148,7 @@ struct sudo_event_base *base = v; unsigned char ch; ssize_t nread; - debug_decl(signal_pipe_cb, SUDO_DEBUG_EVENT) + debug_decl(signal_pipe_cb, SUDO_DEBUG_EVENT); /* * Drain signal_pipe, the signal handler updated base->signals_pending. @@ -174,7 +174,7 @@ sudo_ev_base_init(struct sudo_event_base *base) { int i; - debug_decl(sudo_ev_base_init, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_base_init, SUDO_DEBUG_EVENT); TAILQ_INIT(&base->events); TAILQ_INIT(&base->timeouts); @@ -204,7 +204,7 @@ sudo_ev_base_alloc_v1(void) { struct sudo_event_base *base; - debug_decl(sudo_ev_base_alloc, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_base_alloc, SUDO_DEBUG_EVENT); base = calloc(1, sizeof(*base)); if (base == NULL) { @@ -224,7 +224,7 @@ { struct sudo_event *ev, *next; int i; - debug_decl(sudo_ev_base_free, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_base_free, SUDO_DEBUG_EVENT); if (base == NULL) debug_return; @@ -236,10 +236,12 @@ /* Remove any existing events before freeing the base. */ TAILQ_FOREACH_SAFE(ev, &base->events, entries, next) { sudo_ev_del(base, ev); + ev->base = NULL; } for (i = 0; i < NSIG; i++) { TAILQ_FOREACH_SAFE(ev, &base->signals[i], entries, next) { sudo_ev_del(base, ev); + ev->base = NULL; } free(base->siginfo[i]); free(base->orig_handlers[i]); @@ -255,7 +257,7 @@ void sudo_ev_base_setdef_v1(struct sudo_event_base *base) { - debug_decl(sudo_ev_base_setdef, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_base_setdef, SUDO_DEBUG_EVENT); default_base = base; @@ -269,12 +271,11 @@ sudo_ev_init(struct sudo_event *ev, int fd, short events, sudo_ev_callback_t callback, void *closure) { - debug_decl(sudo_ev_init, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_init, SUDO_DEBUG_EVENT); - /* XXX - sanity check events value */ memset(ev, 0, sizeof(*ev)); ev->fd = fd; - ev->events = events; + ev->events = events & SUDO_EV_MASK; ev->pfd_idx = -1; ev->callback = callback; ev->closure = closure; @@ -282,18 +283,16 @@ debug_return; } -struct sudo_event * -sudo_ev_alloc_v1(int fd, short events, sudo_ev_callback_t callback, void *closure) +/* + * Set a pre-allocated struct sudo_event. + * Allocates space for siginfo_t for SUDO_EV_SIGINFO as needed. + */ +int +sudo_ev_set_v1(struct sudo_event *ev, int fd, short events, + sudo_ev_callback_t callback, void *closure) { - struct sudo_event *ev; - debug_decl(sudo_ev_alloc, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_set, SUDO_DEBUG_EVENT); - ev = malloc(sizeof(*ev)); - if (ev == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "%s: unable to allocate event", __func__); - debug_return_ptr(NULL); - } /* For SUDO_EV_SIGINFO we use a container to store closure + siginfo_t */ if (ISSET(events, SUDO_EV_SIGINFO)) { struct sudo_ev_siginfo_container *container = @@ -301,21 +300,39 @@ if (container == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "%s: unable to allocate siginfo container", __func__); - free(ev); - debug_return_ptr(NULL); + debug_return_int(-1); } container->closure = closure; closure = container; } sudo_ev_init(ev, fd, events, callback, closure); + debug_return_int(0); +} + +struct sudo_event * +sudo_ev_alloc_v1(int fd, short events, sudo_ev_callback_t callback, void *closure) +{ + struct sudo_event *ev; + debug_decl(sudo_ev_alloc, SUDO_DEBUG_EVENT); + + ev = malloc(sizeof(*ev)); + if (ev == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "%s: unable to allocate event", __func__); + debug_return_ptr(NULL); + } + if (sudo_ev_set(ev, fd, events, callback, closure) == -1) { + free(ev); + debug_return_ptr(NULL); + } debug_return_ptr(ev); } void sudo_ev_free_v1(struct sudo_event *ev) { - debug_decl(sudo_ev_free, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_free, SUDO_DEBUG_EVENT); if (ev == NULL) debug_return; @@ -358,7 +375,7 @@ bool tohead) { const int signo = ev->fd; - debug_decl(sudo_ev_add_signal, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_add_signal, SUDO_DEBUG_EVENT); sudo_debug_printf(SUDO_DEBUG_INFO, "%s: adding event %p to base %p, signal %d, events %d", @@ -437,7 +454,7 @@ int sudo_ev_add_v1(struct sudo_event_base *base, struct sudo_event *ev, - struct timeval *timo, bool tohead) + const struct timeval *timo, bool tohead) { struct timespec tsbuf, *ts = NULL; @@ -451,9 +468,9 @@ int sudo_ev_add_v2(struct sudo_event_base *base, struct sudo_event *ev, - struct timespec *timo, bool tohead) + const struct timespec *timo, bool tohead) { - debug_decl(sudo_ev_add, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_add, SUDO_DEBUG_EVENT); /* If no base specified, use existing or default base. */ if (base == NULL) { @@ -529,7 +546,7 @@ int sudo_ev_del_v1(struct sudo_event_base *base, struct sudo_event *ev) { - debug_decl(sudo_ev_del, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_del, SUDO_DEBUG_EVENT); /* Make sure event is really in the queue. */ if (!ISSET(ev->flags, SUDO_EVQ_INSERTED)) { @@ -620,7 +637,7 @@ struct timespec now; struct sudo_event *ev; int nready, rc = 0; - debug_decl(sudo_ev_loop, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_loop, SUDO_DEBUG_EVENT); /* * If sudo_ev_loopexit() was called when events were not running @@ -644,7 +661,7 @@ nready = sudo_ev_scan_impl(base, flags); switch (nready) { case -1: - if (errno == ENOMEM) + if (errno == ENOMEM || errno == EAGAIN) continue; if (errno == EINTR) { /* Interrupted by signal, check for sigevents. */ @@ -724,7 +741,7 @@ void sudo_ev_loopexit_v1(struct sudo_event_base *base) { - debug_decl(sudo_ev_loopexit, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_loopexit, SUDO_DEBUG_EVENT); if (base == NULL) { if ((base = default_base) == NULL) @@ -743,7 +760,7 @@ void sudo_ev_loopbreak_v1(struct sudo_event_base *base) { - debug_decl(sudo_ev_loopbreak, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_loopbreak, SUDO_DEBUG_EVENT); if (base == NULL) { if ((base = default_base) == NULL) @@ -759,7 +776,7 @@ void sudo_ev_loopcontinue_v1(struct sudo_event_base *base) { - debug_decl(sudo_ev_loopcontinue, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_loopcontinue, SUDO_DEBUG_EVENT); if (base == NULL) { if ((base = default_base) == NULL) @@ -776,7 +793,7 @@ bool sudo_ev_got_exit_v1(struct sudo_event_base *base) { - debug_decl(sudo_ev_got_exit, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_got_exit, SUDO_DEBUG_EVENT); if (base == NULL) { if ((base = default_base) == NULL) @@ -788,7 +805,7 @@ bool sudo_ev_got_break_v1(struct sudo_event_base *base) { - debug_decl(sudo_ev_got_break, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_got_break, SUDO_DEBUG_EVENT); if (base == NULL) { if ((base = default_base) == NULL) @@ -812,17 +829,39 @@ int sudo_ev_get_timeleft_v2(struct sudo_event *ev, struct timespec *ts) { - struct timespec now; - debug_decl(sudo_ev_get_timeleft, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_get_timeleft, SUDO_DEBUG_EVENT); - if (!ISSET(ev->flags, SUDO_EVQ_TIMEOUTS)) { + if (sudo_ev_pending_v1(ev, SUDO_EV_TIMEOUT, ts) != SUDO_EV_TIMEOUT) { sudo_timespecclear(ts); debug_return_int(-1); } - - sudo_gettime_mono(&now); - sudo_timespecsub(&ev->timeout, &now, ts); - if (ts->tv_sec < 0) - sudo_timespecclear(ts); debug_return_int(0); } + +int +sudo_ev_pending_v1(struct sudo_event *ev, short events, struct timespec *ts) +{ + int ret; + debug_decl(sudo_ev_pending, SUDO_DEBUG_EVENT); + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: event %p, flags 0x%x, events 0x%x", + __func__, ev, ev->flags, ev->events); + + if (!ISSET(ev->flags, SUDO_EVQ_INSERTED)) + debug_return_int(0); + + ret = ev->events & events; + if (ISSET(ev->flags, SUDO_EVQ_TIMEOUTS) && ISSET(events, SUDO_EV_TIMEOUT)) { + ret |= SUDO_EV_TIMEOUT; + if (ts != NULL) { + struct timespec now; + + sudo_gettime_mono(&now); + sudo_timespecsub(&ev->timeout, &now, ts); + if (ts->tv_sec < 0) + sudo_timespecclear(ts); + } + } + + debug_return_int(ret); +} diff -Nru sudo-1.8.31/lib/util/event_poll.c sudo-1.9.0/lib/util/event_poll.c --- sudo-1.8.31/lib/util/event_poll.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/event_poll.c 2020-05-11 16:28:23.000000000 +0000 @@ -24,6 +24,7 @@ #include #include +#include #include #include #ifdef HAVE_STDBOOL_H @@ -52,7 +53,7 @@ sudo_ev_base_alloc_impl(struct sudo_event_base *base) { int i; - debug_decl(sudo_ev_base_alloc_impl, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_base_alloc_impl, SUDO_DEBUG_EVENT); base->pfd_high = -1; base->pfd_max = 32; @@ -73,7 +74,7 @@ void sudo_ev_base_free_impl(struct sudo_event_base *base) { - debug_decl(sudo_ev_base_free_impl, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_base_free_impl, SUDO_DEBUG_EVENT); free(base->pfds); debug_return; } @@ -81,29 +82,49 @@ int sudo_ev_add_impl(struct sudo_event_base *base, struct sudo_event *ev) { + static int nofile_max = -1; struct pollfd *pfd; - debug_decl(sudo_ev_add_impl, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_add_impl, SUDO_DEBUG_EVENT); + + if (nofile_max == -1) { + struct rlimit rlim; + if (getrlimit(RLIMIT_NOFILE, &rlim) == 0) { + nofile_max = rlim.rlim_cur; + } + } /* If out of space in pfds array, realloc. */ if (base->pfd_free == base->pfd_max) { struct pollfd *pfds; - int i; + int i, new_max; - pfds = - reallocarray(base->pfds, base->pfd_max, 2 * sizeof(struct pollfd)); + /* Don't allow pfd_max to go over RLIM_NOFILE */ + new_max = base->pfd_max * 2; + if (new_max > nofile_max) + new_max = nofile_max; + if (base->pfd_free == new_max) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "%s: out of fds (max %d)", __func__, nofile_max); + debug_return_int(-1); + } + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "%s: pfd_max %d -> %d", __func__, base->pfd_max, new_max); + pfds = reallocarray(base->pfds, new_max, sizeof(struct pollfd)); if (pfds == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "%s: unable to allocate %d pollfds", __func__, base->pfd_max * 2); + "%s: unable to allocate %d pollfds", __func__, new_max); debug_return_int(-1); } base->pfds = pfds; - base->pfd_max *= 2; + base->pfd_max = new_max; for (i = base->pfd_free; i < base->pfd_max; i++) { base->pfds[i].fd = -1; } } /* Fill in pfd entry. */ + sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, + "%s: choosing free slot %d", __func__, base->pfd_free); ev->pfd_idx = base->pfd_free; pfd = &base->pfds[ev->pfd_idx]; pfd->fd = ev->fd; @@ -129,12 +150,15 @@ int sudo_ev_del_impl(struct sudo_event_base *base, struct sudo_event *ev) { - debug_decl(sudo_ev_del_impl, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_del_impl, SUDO_DEBUG_EVENT); /* Mark pfd entry unused, add to free list and adjust high slot. */ base->pfds[ev->pfd_idx].fd = -1; - if (ev->pfd_idx < base->pfd_free) + if (ev->pfd_idx < base->pfd_free) { base->pfd_free = ev->pfd_idx; + sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, + "%s: new free slot %d", __func__, base->pfd_free); + } while (base->pfd_high >= 0 && base->pfds[base->pfd_high].fd == -1) base->pfd_high--; @@ -164,7 +188,7 @@ struct timespec now, ts, *timeout; struct sudo_event *ev; int nready; - debug_decl(sudo_ev_scan_impl, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_scan_impl, SUDO_DEBUG_EVENT); if ((ev = TAILQ_FIRST(&base->timeouts)) != NULL) { sudo_gettime_mono(&now); @@ -182,16 +206,20 @@ } nready = sudo_ev_poll(base->pfds, base->pfd_high + 1, timeout); - sudo_debug_printf(SUDO_DEBUG_INFO, "%s: %d fds ready", __func__, nready); switch (nready) { case -1: - /* Error or interrupted by signal. */ - debug_return_int(-1); + /* Error: EINTR (signal) or EINVAL (nfds > RLIMIT_NOFILE) */ + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "sudo_ev_poll"); + break; case 0: /* Front end will activate timeout events. */ + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: timeout", __func__); break; default: /* Activate each I/O event that fired. */ + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: %d fds ready", __func__, + nready); TAILQ_FOREACH(ev, &base->events, entries) { if (ev->pfd_idx != -1 && base->pfds[ev->pfd_idx].revents) { int what = 0; diff -Nru sudo-1.8.31/lib/util/event_select.c sudo-1.9.0/lib/util/event_select.c --- sudo-1.8.31/lib/util/event_select.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/event_select.c 2020-05-11 16:28:23.000000000 +0000 @@ -57,7 +57,7 @@ int sudo_ev_base_alloc_impl(struct sudo_event_base *base) { - debug_decl(sudo_ev_base_alloc_impl, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_base_alloc_impl, SUDO_DEBUG_EVENT); base->maxfd = NFDBITS - 1; base->readfds_in = calloc(1, sizeof(fd_mask)); @@ -78,7 +78,7 @@ void sudo_ev_base_free_impl(struct sudo_event_base *base) { - debug_decl(sudo_ev_base_free_impl, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_base_free_impl, SUDO_DEBUG_EVENT); free(base->readfds_in); free(base->writefds_in); free(base->readfds_out); @@ -89,7 +89,7 @@ int sudo_ev_add_impl(struct sudo_event_base *base, struct sudo_event *ev) { - debug_decl(sudo_ev_add_impl, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_add_impl, SUDO_DEBUG_EVENT); /* If out of space in fd sets, realloc. */ if (ev->fd > base->maxfd) { @@ -149,7 +149,7 @@ int sudo_ev_del_impl(struct sudo_event_base *base, struct sudo_event *ev) { - debug_decl(sudo_ev_del_impl, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_del_impl, SUDO_DEBUG_EVENT); /* Remove from readfds and writefds and adjust high fd. */ if (ISSET(ev->events, SUDO_EV_READ)) { @@ -204,7 +204,7 @@ struct sudo_event *ev; size_t setsize; int nready; - debug_decl(sudo_ev_loop, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_loop, SUDO_DEBUG_EVENT); if ((ev = TAILQ_FIRST(&base->timeouts)) != NULL) { sudo_gettime_mono(&now); @@ -234,7 +234,7 @@ switch (nready) { case -1: /* Error or interrupted by signal. */ - debug_return_int(-1); + break; case 0: /* Front end will activate timeout events. */ break; diff -Nru sudo-1.8.31/lib/util/fatal.c sudo-1.9.0/lib/util/fatal.c --- sudo-1.8.31/lib/util/fatal.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/fatal.c 2020-05-11 16:28:23.000000000 +0000 @@ -36,6 +36,7 @@ #else # include "compat/stdbool.h" #endif /* HAVE_STDBOOL_H */ +#include #define DEFAULT_TEXT_DOMAIN "sudo" #include "sudo_gettext.h" /* must be included before sudo_compat.h */ @@ -242,6 +243,8 @@ fputs(": ", stderr); fputs(errstr, stderr); } + if (isatty(fileno(stderr))) + putc('\r', stderr); putc('\n', stderr); } diff -Nru sudo-1.8.31/lib/util/fchmodat.c sudo-1.9.0/lib/util/fchmodat.c --- sudo-1.8.31/lib/util/fchmodat.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/util/fchmodat.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,71 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include + +#include +#include +#include +#include +#include + +#include "sudo_compat.h" + +#ifndef HAVE_FCHMODAT +int +sudo_fchmodat(int dfd, const char *path, mode_t mode, int flag) +{ + int odfd, ret = -1; + + if (ISSET(flag, AT_SYMLINK_NOFOLLOW)) { + errno = ENOTSUP; + return -1; + } + + if (dfd == (int)AT_FDCWD) + return chmod(path, mode); + + /* Save cwd */ + if ((odfd = open(".", O_RDONLY)) == -1) + goto done; + + if (fchdir(dfd) == -1) + goto done; + + ret = chmod(path, mode); + + /* Restore cwd */ + if (fchdir(odfd) == -1) { + /* Should not happen */ + ret = -1; + } + +done: + if (odfd != -1) + close(odfd); + + return ret; +} +#endif /* HAVE_FCHMODAT */ diff -Nru sudo-1.8.31/lib/util/fnmatch.c sudo-1.9.0/lib/util/fnmatch.c --- sudo-1.8.31/lib/util/fnmatch.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/fnmatch.c 2020-05-11 16:28:23.000000000 +0000 @@ -310,7 +310,7 @@ const char *dummyptr; const char *matchptr; int wild; - /* For '*' wild processing only; surpress 'used before initialization' + /* For '*' wild processing only; suppress 'used before initialization' * warnings with dummy initialization values; */ const char *strstartseg = NULL; diff -Nru sudo-1.8.31/lib/util/fstatat.c sudo-1.9.0/lib/util/fstatat.c --- sudo-1.8.31/lib/util/fstatat.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/util/fstatat.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,72 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include + +#include +#include +#include +#include + +#include "sudo_compat.h" + +#ifndef HAVE_FSTATAT +int +sudo_fstatat(int dfd, const char *path, struct stat *sb, int flag) +{ + int odfd, ret = -1; + + if (dfd == (int)AT_FDCWD) { + if (ISSET(flag, AT_SYMLINK_NOFOLLOW)) + return lstat(path, sb); + else + return stat(path, sb); + } + + /* Save cwd */ + if ((odfd = open(".", O_RDONLY)) == -1) + goto done; + + if (fchdir(dfd) == -1) + goto done; + + if (ISSET(flag, AT_SYMLINK_NOFOLLOW)) + ret = lstat(path, sb); + else + ret = stat(path, sb); + + /* Restore cwd */ + if (fchdir(odfd) == -1) { + /* Should not happen */ + ret = -1; + } + +done: + if (odfd != -1) + close(odfd); + + return ret; +} +#endif /* HAVE_FSTATAT */ diff -Nru sudo-1.8.31/lib/util/getaddrinfo.c sudo-1.9.0/lib/util/getaddrinfo.c --- sudo-1.8.31/lib/util/getaddrinfo.c 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/lib/util/getaddrinfo.c 2020-05-11 16:28:23.000000000 +0000 @@ -2,7 +2,7 @@ * Replacement for a missing getaddrinfo. * * This is an implementation of getaddrinfo for systems that don't have one so - * that networking code can use a consistant interface without #ifdef. It is + * that networking code can use a consistent interface without #ifdef. It is * a fairly minimal implementation, with the following limitations: * * - IPv4 support only. IPv6 is not supported. diff -Nru sudo-1.8.31/lib/util/gettime.c sudo-1.9.0/lib/util/gettime.c --- sudo-1.8.31/lib/util/gettime.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/gettime.c 2020-05-11 16:28:23.000000000 +0000 @@ -68,7 +68,7 @@ int sudo_gettime_real_v1(struct timespec *ts) { - debug_decl(sudo_gettime_real, SUDO_DEBUG_UTIL) + debug_decl(sudo_gettime_real, SUDO_DEBUG_UTIL); if (clock_gettime(CLOCK_REALTIME, ts) == -1) { struct timeval tv; @@ -86,7 +86,7 @@ sudo_gettime_real_v1(struct timespec *ts) { struct timeval tv; - debug_decl(sudo_gettime_real, SUDO_DEBUG_UTIL) + debug_decl(sudo_gettime_real, SUDO_DEBUG_UTIL); if (gettimeofday(&tv, NULL) == -1) debug_return_int(-1); @@ -104,7 +104,7 @@ sudo_gettime_mono_v1(struct timespec *ts) { static int has_monoclock = -1; - debug_decl(sudo_gettime_mono, SUDO_DEBUG_UTIL) + debug_decl(sudo_gettime_mono, SUDO_DEBUG_UTIL); /* Check whether the kernel/libc actually supports a monotonic clock. */ # ifdef _SC_MONOTONIC_CLOCK @@ -127,7 +127,7 @@ sudo_gettime_mono_v1(struct timespec *ts) { hrtime_t nsec; - debug_decl(sudo_gettime_mono, SUDO_DEBUG_UTIL) + debug_decl(sudo_gettime_mono, SUDO_DEBUG_UTIL); nsec = gethrtime(); ts->tv_sec = nsec / 1000000000; @@ -140,7 +140,7 @@ { uint64_t abstime, nsec; static mach_timebase_info_data_t timebase_info; - debug_decl(sudo_gettime_mono, SUDO_DEBUG_UTIL) + debug_decl(sudo_gettime_mono, SUDO_DEBUG_UTIL); if (timebase_info.denom == 0) (void) mach_timebase_info(&timebase_info); @@ -172,7 +172,7 @@ sudo_gettime_awake_v1(struct timespec *ts) { static int has_monoclock = -1; - debug_decl(sudo_gettime_awake, SUDO_DEBUG_UTIL) + debug_decl(sudo_gettime_awake, SUDO_DEBUG_UTIL); /* Check whether the kernel/libc actually supports a monotonic clock. */ # ifdef _SC_MONOTONIC_CLOCK @@ -195,7 +195,7 @@ sudo_gettime_awake_v1(struct timespec *ts) { hrtime_t nsec; - debug_decl(sudo_gettime_awake, SUDO_DEBUG_UTIL) + debug_decl(sudo_gettime_awake, SUDO_DEBUG_UTIL); /* Currently the same as sudo_gettime_mono() */ nsec = gethrtime(); @@ -209,7 +209,7 @@ { uint64_t abstime, nsec; static mach_timebase_info_data_t timebase_info; - debug_decl(sudo_gettime_awake, SUDO_DEBUG_UTIL) + debug_decl(sudo_gettime_awake, SUDO_DEBUG_UTIL); if (timebase_info.denom == 0) (void) mach_timebase_info(&timebase_info); diff -Nru sudo-1.8.31/lib/util/getusershell.c sudo-1.9.0/lib/util/getusershell.c --- sudo-1.8.31/lib/util/getusershell.c 2019-12-10 13:09:55.000000000 +0000 +++ sudo-1.9.0/lib/util/getusershell.c 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2019 Todd C. Miller + * Copyright (c) 2019 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -58,7 +58,7 @@ size_t linesize = 0; char *line = NULL; FILE *fp; - debug_decl(read_shells, SUDO_DEBUG_UTIL) + debug_decl(read_shells, SUDO_DEBUG_UTIL); if ((fp = fopen("/etc/shells", "r")) == NULL) goto bad; @@ -101,7 +101,7 @@ void sudo_setusershell(void) { - debug_decl(setusershell, SUDO_DEBUG_UTIL) + debug_decl(setusershell, SUDO_DEBUG_UTIL); current_shell = read_shells(); @@ -111,7 +111,7 @@ void sudo_endusershell(void) { - debug_decl(endusershell, SUDO_DEBUG_UTIL) + debug_decl(endusershell, SUDO_DEBUG_UTIL); if (allowed_shells != NULL) { char **shell; @@ -129,7 +129,7 @@ char * sudo_getusershell(void) { - debug_decl(getusershell, SUDO_DEBUG_UTIL) + debug_decl(getusershell, SUDO_DEBUG_UTIL); if (current_shell == NULL) current_shell = read_shells(); diff -Nru sudo-1.8.31/lib/util/gidlist.c sudo-1.9.0/lib/util/gidlist.c --- sudo-1.8.31/lib/util/gidlist.c 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/lib/util/gidlist.c 2020-05-11 16:28:23.000000000 +0000 @@ -51,7 +51,7 @@ const char *cp = gidstr; const char *errstr; char *ep; - debug_decl(sudo_parse_gids, SUDO_DEBUG_UTIL) + debug_decl(sudo_parse_gids, SUDO_DEBUG_UTIL); /* Count groups. */ if (*cp != '\0') { diff -Nru sudo-1.8.31/lib/util/glob.c sudo-1.9.0/lib/util/glob.c --- sudo-1.8.31/lib/util/glob.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/glob.c 2020-05-11 16:28:23.000000000 +0000 @@ -144,7 +144,7 @@ }; static int compare(const void *, const void *); -static int g_Ctoc(const Char *, char *, unsigned int); +static int g_Ctoc(const Char *, char *, size_t); static int g_lstat(Char *, struct stat *, glob_t *); static DIR *g_opendir(Char *, glob_t *); static Char *g_strchr(const Char *, int); @@ -188,9 +188,8 @@ pglob->gl_errfunc = errfunc; pglob->gl_matchc = 0; - if (pglob->gl_offs < 0 || pglob->gl_pathc < 0 || - pglob->gl_offs >= INT_MAX || pglob->gl_pathc >= INT_MAX || - pglob->gl_pathc >= INT_MAX - pglob->gl_offs - 1) + if (pglob->gl_offs >= SSIZE_MAX || pglob->gl_pathc >= SSIZE_MAX || + pglob->gl_pathc >= SSIZE_MAX - pglob->gl_offs - 1) return GLOB_NOSPACE; if (strnlen(pattern, PATH_MAX) == PATH_MAX) @@ -457,7 +456,8 @@ glob0(const Char *pattern, glob_t *pglob, struct glob_lim *limitp) { const Char *qpatnext; - int c, err, oldpathc; + int c, err; + size_t oldpathc; Char *bufnext, patbuf[PATH_MAX]; qpatnext = globtilde(pattern, patbuf, PATH_MAX, pglob); @@ -731,18 +731,17 @@ struct stat *sb) { char **pathv; - ssize_t i; - size_t newn, len; + size_t i, newn, len; char *copy = NULL; const Char *p; newn = 2 + pglob->gl_pathc + pglob->gl_offs; - if (pglob->gl_offs >= INT_MAX || - pglob->gl_pathc >= INT_MAX || - newn >= INT_MAX || + if (pglob->gl_offs >= SSIZE_MAX || + pglob->gl_pathc >= SSIZE_MAX || + newn >= SSIZE_MAX || SIZE_MAX / sizeof(*pathv) <= newn) { nospace: - for (i = pglob->gl_offs; i < (ssize_t)(newn - 2); i++) { + for (i = pglob->gl_offs; i < newn - 2; i++) { if (pglob->gl_pathv && pglob->gl_pathv[i]) free(pglob->gl_pathv[i]); } @@ -759,7 +758,7 @@ if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) { /* first time around -- clear initial gl_offs items */ pathv += pglob->gl_offs; - for (i = pglob->gl_offs; --i >= 0; ) + for (i = pglob->gl_offs; i > 0; i--) *--pathv = NULL; } pglob->gl_pathv = pathv; @@ -869,7 +868,7 @@ void sudo_globfree(glob_t *pglob) { - int i; + size_t i; char **pp; if (pglob->gl_pathv != NULL) { @@ -929,7 +928,7 @@ } static int -g_Ctoc(const Char *str, char *buf, unsigned int len) +g_Ctoc(const Char *str, char *buf, size_t len) { while (len--) { diff -Nru sudo-1.8.31/lib/util/json.c sudo-1.9.0/lib/util/json.c --- sudo-1.8.31/lib/util/json.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/util/json.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,402 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2013-2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ +#ifdef HAVE_STRING_H +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#include +#include +#include +#include + +#define DEFAULT_TEXT_DOMAIN "sudo" +#include "sudo_gettext.h" /* must be included before sudo_compat.h */ + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_fatal.h" +#include "sudo_util.h" +#include "sudo_json.h" + +/* + * Double the size of the json buffer. + * Returns true on success, false if out of memory. + */ +static bool +json_expand_buf(struct json_container *json) +{ + char *newbuf; + debug_decl(json_expand_buf, SUDO_DEBUG_UTIL); + + if ((newbuf = reallocarray(json->buf, 2, json->bufsize)) == NULL) { + if (json->memfatal) { + sudo_fatalx(U_("%s: %s"), + __func__, U_("unable to allocate memory")); + } + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO, + "%s: %s", __func__, "unable to allocate memory"); + debug_return_bool(false); + } + json->buf = newbuf; + json->bufsize *= 2; + + debug_return_bool(true); +} + +/* + * Append "indent" number of blank characters. + */ +static bool +json_append_indent(struct json_container *json, int indent) +{ + debug_decl(json_append_indent, SUDO_DEBUG_UTIL); + + /* No indentation in compact mode. */ + if (json->compact) + debug_return_bool(true); + + while (json->buflen + indent >= json->bufsize) { + if (!json_expand_buf(json)) + debug_return_bool(false); + } + while (indent--) { + json->buf[json->buflen++] = ' '; + } + json->buf[json->buflen] = '\0'; + + debug_return_bool(true); +} + +/* + * Append a string to the JSON buffer, expanding as needed. + * Does not perform any quoting. + */ +static bool +json_append_buf(struct json_container *json, const char *str) +{ + size_t len; + debug_decl(json_append_buf, SUDO_DEBUG_UTIL); + + len = strlen(str); + while (json->buflen + len >= json->bufsize) { + if (!json_expand_buf(json)) + debug_return_bool(false); + } + + memcpy(json->buf + json->buflen, str, len); + json->buflen += len; + json->buf[json->buflen] = '\0'; + + debug_return_bool(true); +} + +/* + * Append a quoted JSON string, escaping special chars and expanding as needed. + * Does not support unicode escapes. + */ +static bool +json_append_string(struct json_container *json, const char *str) +{ + char ch; + debug_decl(json_append_string, SUDO_DEBUG_UTIL); + + if (!json_append_buf(json, "\"")) + debug_return_bool(false); + while ((ch = *str++) != '\0') { + char buf[3], *cp = buf; + + switch (ch) { + case '"': + case '\\': + *cp++ = '\\'; + break; + case '\b': + *cp++ = '\\'; + ch = 'b'; + break; + case '\f': + *cp++ = '\\'; + ch = 'f'; + break; + case '\n': + *cp++ = '\\'; + ch = 'n'; + break; + case '\r': + *cp++ = '\\'; + ch = 'r'; + break; + case '\t': + *cp++ = '\\'; + ch = 't'; + break; + } + *cp++ = ch; + *cp++ = '\0'; + if (!json_append_buf(json, buf)) + debug_return_bool(false); + } + if (!json_append_buf(json, "\"")) + debug_return_bool(false); + + debug_return_bool(true); +} + +bool +sudo_json_init_v1(struct json_container *json, int indent, bool compact, + bool memfatal) +{ + debug_decl(sudo_json_init, SUDO_DEBUG_UTIL); + + memset(json, 0, sizeof(*json)); + json->indent_level = indent; + json->indent_increment = indent; + json->compact = compact; + json->memfatal = memfatal; + json->buf = malloc(64 * 1024); + if (json->buf == NULL) { + if (json->memfatal) { + sudo_fatalx(U_("%s: %s"), + __func__, U_("unable to allocate memory")); + } + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO, + "%s: %s", __func__, "unable to allocate memory"); + debug_return_bool(false); + } + *json->buf = '\0'; + json->bufsize = 64 * 1024; + + debug_return_bool(true); +} + +void +sudo_json_free_v1(struct json_container *json) +{ + debug_decl(sudo_json_free, SUDO_DEBUG_UTIL); + + free(json->buf); + memset(json, 0, sizeof(*json)); + + debug_return; +} + +bool +sudo_json_open_object_v1(struct json_container *json, const char *name) +{ + debug_decl(sudo_json_open_object, SUDO_DEBUG_UTIL); + + /* Add comma if we are continuing an object/array. */ + if (json->need_comma) { + if (!json_append_buf(json, ",")) + debug_return_bool(false); + } + if (!json_append_buf(json, json->compact ? " " : "\n")) + debug_return_bool(false); + + json_append_indent(json, json->indent_level); + + if (name != NULL) { + json_append_string(json, name); + if (!json_append_buf(json, ": {")) + debug_return_bool(false); + } else { + if (!json_append_buf(json, "{")) + debug_return_bool(false); + } + + json->indent_level += json->indent_increment; + json->need_comma = false; + + debug_return_bool(true); +} + +bool +sudo_json_close_object_v1(struct json_container *json) +{ + debug_decl(sudo_json_close_object, SUDO_DEBUG_UTIL); + + json->indent_level -= json->indent_increment; + if (!json_append_buf(json, json->compact ? " " : "\n")) + debug_return_bool(false); + if (!json_append_indent(json, json->indent_level)) + debug_return_bool(false); + if (!json_append_buf(json, "}")) + debug_return_bool(false); + + debug_return_bool(true); +} + +bool +sudo_json_open_array_v1(struct json_container *json, const char *name) +{ + debug_decl(sudo_json_open_array, SUDO_DEBUG_UTIL); + + /* Add comma if we are continuing an object/array. */ + if (json->need_comma) { + if (!json_append_buf(json, ",")) + debug_return_bool(false); + } + if (!json_append_buf(json, json->compact ? " " : "\n")) + debug_return_bool(false); + + json_append_indent(json, json->indent_level); + + if (name != NULL) { + json_append_string(json, name); + if (!json_append_buf(json, ": [")) + debug_return_bool(false); + } else { + if (!json_append_buf(json, "[")) + debug_return_bool(false); + } + + json->indent_level += json->indent_increment; + json->need_comma = false; + + debug_return_bool(true); +} + +bool +sudo_json_close_array_v1(struct json_container *json) +{ + debug_decl(sudo_json_close_array, SUDO_DEBUG_UTIL); + + json->indent_level -= json->indent_increment; + if (!json_append_buf(json, json->compact ? " " : "\n")) + debug_return_bool(false); + if (!json_append_indent(json, json->indent_level)) + debug_return_bool(false); + if (!json_append_buf(json, "]")) + debug_return_bool(false); + + debug_return_bool(true); +} + +static bool +sudo_json_add_value_int(struct json_container *json, const char *name, + struct json_value *value, bool as_object) +{ + char numbuf[(((sizeof(long long) * 8) + 2) / 3) + 2]; + debug_decl(sudo_json_add_value, SUDO_DEBUG_UTIL); + + /* Add comma if we are continuing an object/array. */ + if (json->need_comma) { + if (!json_append_buf(json, ",")) + debug_return_bool(false); + } + if (!json_append_buf(json, json->compact ? " " : "\n")) + debug_return_bool(false); + json->need_comma = true; + + if (!json_append_indent(json, json->indent_level)) + debug_return_bool(false); + + if (as_object) { + if (!json_append_buf(json, "{ ")) + debug_return_bool(false); + } + + /* name */ + if (name != NULL) { + if (!json_append_string(json, name) || !json_append_buf(json, ": ")) + debug_return_bool(false); + } + + /* value */ + switch (value->type) { + case JSON_STRING: + if (!json_append_string(json, value->u.string)) + debug_return_bool(false); + break; + case JSON_ID: + snprintf(numbuf, sizeof(numbuf), "%u", (unsigned int)value->u.id); + if (!json_append_buf(json, numbuf)) + debug_return_bool(false); + break; + case JSON_NUMBER: + snprintf(numbuf, sizeof(numbuf), "%lld", value->u.number); + if (!json_append_buf(json, numbuf)) + debug_return_bool(false); + break; + case JSON_NULL: + if (!json_append_buf(json, "null")) + debug_return_bool(false); + break; + case JSON_BOOL: + if (!json_append_buf(json, value->u.boolean ? "true" : "false")) + debug_return_bool(false); + break; + case JSON_ARRAY: + sudo_fatalx("internal error: can't print JSON_ARRAY"); + break; + case JSON_OBJECT: + sudo_fatalx("internal error: can't print JSON_OBJECT"); + break; + } + + if (as_object) { + if (!json_append_buf(json, " }")) + debug_return_bool(false); + } + + debug_return_bool(true); +} + +bool +sudo_json_add_value_v1(struct json_container *json, const char *name, + struct json_value *value) +{ + return sudo_json_add_value_int(json, name, value, false); +} + +bool +sudo_json_add_value_as_object_v1(struct json_container *json, const char *name, + struct json_value *value) +{ + return sudo_json_add_value_int(json, name, value, true); +} + +char * +sudo_json_get_buf_v1(struct json_container *json) +{ + return json->buf; +} + +unsigned int +sudo_json_get_len_v1(struct json_container *json) +{ + return json->buflen; +} diff -Nru sudo-1.8.31/lib/util/key_val.c sudo-1.9.0/lib/util/key_val.c --- sudo-1.8.31/lib/util/key_val.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/key_val.c 2020-05-11 16:28:23.000000000 +0000 @@ -48,7 +48,7 @@ size_t key_len = strlen(key); size_t val_len = strlen(val); char *cp, *str; - debug_decl(sudo_new_key_val, SUDO_DEBUG_UTIL) + debug_decl(sudo_new_key_val, SUDO_DEBUG_UTIL); cp = str = malloc(key_len + 1 + val_len + 1); if (cp != NULL) { diff -Nru sudo-1.8.31/lib/util/lbuf.c sudo-1.9.0/lib/util/lbuf.c --- sudo-1.8.31/lib/util/lbuf.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/lbuf.c 2020-05-11 16:28:23.000000000 +0000 @@ -43,7 +43,7 @@ sudo_lbuf_init_v1(struct sudo_lbuf *lbuf, sudo_lbuf_output_t output, int indent, const char *continuation, int cols) { - debug_decl(sudo_lbuf_init, SUDO_DEBUG_UTIL) + debug_decl(sudo_lbuf_init, SUDO_DEBUG_UTIL); lbuf->output = output; lbuf->continuation = continuation; @@ -60,7 +60,7 @@ void sudo_lbuf_destroy_v1(struct sudo_lbuf *lbuf) { - debug_decl(sudo_lbuf_destroy, SUDO_DEBUG_UTIL) + debug_decl(sudo_lbuf_destroy, SUDO_DEBUG_UTIL); free(lbuf->buf); lbuf->buf = NULL; @@ -71,7 +71,7 @@ static bool sudo_lbuf_expand(struct sudo_lbuf *lbuf, int extra) { - debug_decl(sudo_lbuf_expand, SUDO_DEBUG_UTIL) + debug_decl(sudo_lbuf_expand, SUDO_DEBUG_UTIL); if (lbuf->len + extra + 1 >= lbuf->size) { char *new_buf; @@ -103,7 +103,7 @@ bool ret = false; char *cp, *s; va_list ap; - debug_decl(sudo_lbuf_append_quoted, SUDO_DEBUG_UTIL) + debug_decl(sudo_lbuf_append_quoted, SUDO_DEBUG_UTIL); if (sudo_lbuf_error(lbuf)) debug_return_bool(false); @@ -161,7 +161,7 @@ bool ret = false; va_list ap; char *s; - debug_decl(sudo_lbuf_append, SUDO_DEBUG_UTIL) + debug_decl(sudo_lbuf_append, SUDO_DEBUG_UTIL); if (sudo_lbuf_error(lbuf)) debug_return_bool(false); @@ -203,7 +203,7 @@ int i, have, contlen = 0; int indent = lbuf->indent; bool is_comment = false; - debug_decl(sudo_lbuf_println, SUDO_DEBUG_UTIL) + debug_decl(sudo_lbuf_println, SUDO_DEBUG_UTIL); /* Comment lines don't use continuation and only indent is for "# " */ if (line[0] == '#' && isblank((unsigned char)line[1])) { @@ -276,7 +276,7 @@ { char *cp, *ep; int len; - debug_decl(sudo_lbuf_print, SUDO_DEBUG_UTIL) + debug_decl(sudo_lbuf_print, SUDO_DEBUG_UTIL); if (lbuf->buf == NULL || lbuf->len == 0) goto done; diff -Nru sudo-1.8.31/lib/util/locking.c sudo-1.9.0/lib/util/locking.c --- sudo-1.8.31/lib/util/locking.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/locking.c 2020-05-11 16:28:23.000000000 +0000 @@ -50,66 +50,93 @@ #include "sudo_util.h" #include "sudo_debug.h" -/* - * Lock/unlock all or part of a file. - */ -#ifdef HAVE_LOCKF bool sudo_lock_file_v1(int fd, int type) { return sudo_lock_region_v1(fd, type, 0); } +/* + * Lock/unlock all or part of a file. + */ +#ifdef HAVE_LOCKF bool sudo_lock_region_v1(int fd, int type, off_t len) { - int op; - debug_decl(sudo_lock_region, SUDO_DEBUG_UTIL) + int op, rc; + off_t oldpos = -1; + debug_decl(sudo_lock_region, SUDO_DEBUG_UTIL); switch (type) { case SUDO_LOCK: + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: lock %d:%lld", + __func__, fd, (long long)len); op = F_LOCK; break; case SUDO_TLOCK: + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: tlock %d:%lld", + __func__, fd, (long long)len); op = F_TLOCK; break; case SUDO_UNLOCK: + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: unlock %d:%lld", + __func__, fd, (long long)len); op = F_ULOCK; + /* Must seek to start of file to unlock the entire thing. */ + if (len == 0 && (oldpos = lseek(fd, 0, SEEK_CUR)) != -1) { + if (lseek(fd, 0, SEEK_SET) == -1) { + sudo_debug_printf( + SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to seek to beginning"); + } + } break; default: + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: bad lock type %d", + __func__, type); errno = EINVAL; debug_return_bool(false); } - debug_return_bool(lockf(fd, op, len) == 0); + rc = lockf(fd, op, len); + if (oldpos != -1) { + if (lseek(fd, oldpos, SEEK_SET) == -1) { + sudo_debug_printf( + SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to restore offset"); + } + } + debug_return_bool(rc == 0); } #else bool -sudo_lock_file_v1(int fd, int type) -{ - return sudo_lock_region_v1(fd, type, 0); -} - -bool sudo_lock_region_v1(int fd, int type, off_t len) { struct flock lock; int func; - debug_decl(sudo_lock_file, SUDO_DEBUG_UTIL) + debug_decl(sudo_lock_file, SUDO_DEBUG_UTIL); switch (type) { case SUDO_LOCK: + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: lock %d:%lld", + __func__, fd, (long long)len); lock.l_type = F_WRLCK; func = F_SETLKW; break; case SUDO_TLOCK: + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: tlock %d:%lld", + __func__, fd, (long long)len); lock.l_type = F_WRLCK; func = F_SETLK; break; case SUDO_UNLOCK: + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: unlock %d:%lld", + __func__, fd, (long long)len); lock.l_type = F_UNLCK; func = F_SETLK; break; default: + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: bad lock type %d", + __func__, type); errno = EINVAL; debug_return_bool(false); } diff -Nru sudo-1.8.31/lib/util/logfac.c sudo-1.9.0/lib/util/logfac.c --- sudo-1.8.31/lib/util/logfac.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/util/logfac.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,93 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 1999-2005, 2007-2019 + * Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F39502-99-1-0512. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#include +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_util.h" + +/* + * For converting between syslog numbers and strings. + */ +struct strmap { + char *name; + int num; +}; + +static const struct strmap facilities[] = { +#ifdef LOG_AUTHPRIV + { "authpriv", LOG_AUTHPRIV }, +#endif + { "auth", LOG_AUTH }, + { "daemon", LOG_DAEMON }, + { "user", LOG_USER }, + { "local0", LOG_LOCAL0 }, + { "local1", LOG_LOCAL1 }, + { "local2", LOG_LOCAL2 }, + { "local3", LOG_LOCAL3 }, + { "local4", LOG_LOCAL4 }, + { "local5", LOG_LOCAL5 }, + { "local6", LOG_LOCAL6 }, + { "local7", LOG_LOCAL7 }, + { NULL, -1 } +}; + +bool +sudo_str2logfac_v1(const char *str, int *logfac) +{ + const struct strmap *fac; + debug_decl(sudo_str2logfac, SUDO_DEBUG_UTIL); + + for (fac = facilities; fac->name != NULL; fac++) { + if (strcmp(str, fac->name) == 0) { + *logfac = fac->num; + debug_return_bool(true); + } + } + debug_return_bool(false); +} + +const char * +sudo_logfac2str_v1(int num) +{ + const struct strmap *fac; + debug_decl(sudo_logfac2str, SUDO_DEBUG_UTIL); + + for (fac = facilities; fac->name != NULL; fac++) { + if (fac->num == num) + break; + } + debug_return_const_str(fac->name); +} diff -Nru sudo-1.8.31/lib/util/logpri.c sudo-1.9.0/lib/util/logpri.c --- sudo-1.8.31/lib/util/logpri.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/util/logpri.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,88 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 1999-2005, 2007-2019 + * Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F39502-99-1-0512. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#include +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_util.h" + +/* + * For converting between syslog numbers and strings. + */ +struct strmap { + char *name; + int num; +}; + +static const struct strmap priorities[] = { + { "alert", LOG_ALERT }, + { "crit", LOG_CRIT }, + { "debug", LOG_DEBUG }, + { "emerg", LOG_EMERG }, + { "err", LOG_ERR }, + { "info", LOG_INFO }, + { "notice", LOG_NOTICE }, + { "warning", LOG_WARNING }, + { "none", -1 }, + { NULL, -1 } +}; + +bool +sudo_str2logpri_v1(const char *str, int *logpri) +{ + const struct strmap *pri; + debug_decl(sudo_str2logpri, SUDO_DEBUG_UTIL); + + for (pri = priorities; pri->name != NULL; pri++) { + if (strcmp(str, pri->name) == 0) { + *logpri = pri->num; + debug_return_bool(true); + } + } + debug_return_bool(false); +} + +const char * +sudo_logpri2str_v1(int num) +{ + const struct strmap *pri; + debug_decl(sudo_logpri2str, SUDO_DEBUG_UTIL); + + for (pri = priorities; pri->name != NULL; pri++) { + if (pri->num == num) + break; + } + debug_return_const_str(pri->name); +} diff -Nru sudo-1.8.31/lib/util/Makefile.in sudo-1.9.0/lib/util/Makefile.in --- sudo-1.8.31/lib/util/Makefile.in 2020-01-28 16:49:16.000000000 +0000 +++ sudo-1.9.0/lib/util/Makefile.in 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ # # SPDX-License-Identifier: ISC # -# Copyright (c) 2011-2019 Todd C. Miller +# Copyright (c) 2011-2020 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -21,9 +21,13 @@ #### Start of system configuration section. #### srcdir = @srcdir@ -devdir = @devdir@ -top_builddir = @top_builddir@ +abs_srcdir = @abs_srcdir@ top_srcdir = @top_srcdir@ +abs_top_srcdir = @abs_top_srcdir@ +top_builddir = @top_builddir@ +abs_top_builddir = @abs_top_builddir@ +devdir = @devdir@ +scriptdir = $(top_srcdir)/scripts incdir = $(top_srcdir)/include cross_compiling = @CROSS_COMPILING@ @@ -59,7 +63,7 @@ CPPDEFS = -D_PATH_SUDO_CONF=\"$(sysconfdir)/sudo.conf\" # C preprocessor flags -CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(srcdir) -I$(top_srcdir) $(CPPDEFS) @CPPFLAGS@ +CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(srcdir) $(CPPDEFS) @CPPFLAGS@ # Usually -O and/or -g CFLAGS = @CFLAGS@ @@ -116,10 +120,12 @@ SHELL = @SHELL@ LTOBJS = @DIGEST@ event.lo fatal.lo key_val.lo gethostname.lo gettime.lo \ - getgrouplist.lo gidlist.lo lbuf.lo locking.lo parseln.lo progname.lo \ - secure_path.lo setgroups.lo strsplit.lo strtobool.lo strtoid.lo \ - strtomode.lo strtonum.lo sudo_conf.lo sudo_debug.lo sudo_dso.lo \ - term.lo ttyname_dev.lo ttysize.lo @COMMON_OBJS@ @LTLIBOBJS@ + getgrouplist.lo gidlist.lo json.lo lbuf.lo locking.lo \ + logfac.lo logpri.lo mkdir_parents.lo parseln.lo progname.lo \ + roundup.lo secure_path.lo setgroups.lo strsplit.lo strtobool.lo \ + strtoid.lo strtomode.lo strtonum.lo sudo_conf.lo \ + sudo_debug.lo sudo_dso.lo term.lo ttyname_dev.lo \ + ttysize.lo uuid.lo @COMMON_OBJS@ @LTLIBOBJS@ IOBJS = $(LTOBJS:.lo=.i) @@ -166,9 +172,9 @@ pvs-studio: $(POBJS) plog-converter $(PVS_LOG_OPTS) $(POBJS) -depend: - $(top_srcdir)/mkdep.pl --srcdir=$(top_srcdir) \ - --builddir=`pwd`/$(top_builddir) lib/util/Makefile.in +depend: siglist.c signame.c + $(scriptdir)/mkdep.pl --srcdir=$(abs_top_srcdir) \ + --builddir=$(abs_top_builddir) lib/util/Makefile.in cd $(top_builddir) && ./config.status --file lib/util/Makefile Makefile: $(srcdir)/Makefile.in @@ -283,7 +289,7 @@ esac install-dirs: - $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)/sudo + $(SHELL) $(scriptdir)/mkinstalldirs $(DESTDIR)$(libexecdir)/sudo install-binaries: @@ -299,10 +305,10 @@ rf -f $(DESTDIR)$(libexecdir)/sudo/libsudo_util.*~ splint: - splint $(SPLINT_OPTS) -I$(incdir) -I$(top_builddir) -I$(top_srcdir) $(srcdir)/*.c + splint $(SPLINT_OPTS) -I$(incdir) -I$(top_builddir) $(srcdir)/*.c cppcheck: - cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) -I$(top_srcdir) $(srcdir)/*.c + cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) $(srcdir)/*.c pvs-log-files: $(POBJS) @@ -402,8 +408,8 @@ fi clean: - -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f $(TEST_PROGS) *.lo *.o \ - *.la *.a *.i *.plog stamp-* core *.core core.* regress/*/*.out \ + -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f $(TEST_PROGS) *.lo *.o *.la + -rm -f *.i *.plog stamp-* core *.core core.* regress/*/*.out \ regress/*/*.err mostlyclean: clean @@ -508,6 +514,12 @@ $(CC) -E -o $@ $(CPPFLAGS) $< digest_openssl.plog: digest_openssl.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/digest_openssl.c --i-file $< --output-file $@ +dup3.lo: $(srcdir)/dup3.c $(incdir)/sudo_compat.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/dup3.c +dup3.i: $(srcdir)/dup3.c $(incdir)/sudo_compat.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +dup3.plog: dup3.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/dup3.c --i-file $< --output-file $@ event.lo: $(srcdir)/event.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(top_builddir)/config.h @@ -560,6 +572,14 @@ $(CC) -E -o $@ $(CPPFLAGS) $< fatal.plog: fatal.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/fatal.c --i-file $< --output-file $@ +fchmodat.lo: $(srcdir)/fchmodat.c $(incdir)/sudo_compat.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/fchmodat.c +fchmodat.i: $(srcdir)/fchmodat.c $(incdir)/sudo_compat.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +fchmodat.plog: fchmodat.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/fchmodat.c --i-file $< --output-file $@ fnm_test.lo: $(srcdir)/regress/fnmatch/fnm_test.c $(incdir)/compat/fnmatch.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_util.h $(top_builddir)/config.h @@ -580,6 +600,12 @@ $(CC) -E -o $@ $(CPPFLAGS) $< fnmatch.plog: fnmatch.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/fnmatch.c --i-file $< --output-file $@ +fstatat.lo: $(srcdir)/fstatat.c $(incdir)/sudo_compat.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/fstatat.c +fstatat.i: $(srcdir)/fstatat.c $(incdir)/sudo_compat.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +fstatat.plog: fstatat.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/fstatat.c --i-file $< --output-file $@ getaddrinfo.lo: $(srcdir)/getaddrinfo.c $(incdir)/compat/getaddrinfo.h \ $(incdir)/sudo_compat.h $(top_builddir)/config.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/getaddrinfo.c @@ -748,6 +774,18 @@ $(CC) -E -o $@ $(CPPFLAGS) $< isblank.plog: isblank.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/isblank.c --i-file $< --output-file $@ +json.lo: $(srcdir)/json.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_json.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/json.c +json.i: $(srcdir)/json.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_json.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +json.plog: json.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/json.c --i-file $< --output-file $@ key_val.lo: $(srcdir)/key_val.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ @@ -782,6 +820,26 @@ $(CC) -E -o $@ $(CPPFLAGS) $< locking.plog: locking.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/locking.c --i-file $< --output-file $@ +logfac.lo: $(srcdir)/logfac.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/logfac.c +logfac.i: $(srcdir)/logfac.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +logfac.plog: logfac.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logfac.c --i-file $< --output-file $@ +logpri.lo: $(srcdir)/logpri.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/logpri.c +logpri.i: $(srcdir)/logpri.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +logpri.plog: logpri.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logpri.c --i-file $< --output-file $@ memrchr.lo: $(srcdir)/memrchr.c $(incdir)/sudo_compat.h $(top_builddir)/config.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/memrchr.c memrchr.i: $(srcdir)/memrchr.c $(incdir)/sudo_compat.h $(top_builddir)/config.h @@ -796,6 +854,20 @@ $(CC) -E -o $@ $(CPPFLAGS) $< memset_s.plog: memset_s.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/memset_s.c --i-file $< --output-file $@ +mkdir_parents.lo: $(srcdir)/mkdir_parents.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/mkdir_parents.c +mkdir_parents.i: $(srcdir)/mkdir_parents.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +mkdir_parents.plog: mkdir_parents.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/mkdir_parents.c --i-file $< --output-file $@ mksiglist.lo: $(srcdir)/mksiglist.c $(incdir)/sudo_compat.h \ $(srcdir)/mksiglist.h $(top_builddir)/config.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/mksiglist.c @@ -842,6 +914,12 @@ $(CC) -E -o $@ $(CPPFLAGS) $< nanosleep.plog: nanosleep.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/nanosleep.c --i-file $< --output-file $@ +openat.lo: $(srcdir)/openat.c $(incdir)/sudo_compat.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/openat.c +openat.i: $(srcdir)/openat.c $(incdir)/sudo_compat.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +openat.plog: openat.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/openat.c --i-file $< --output-file $@ parse_gids_test.lo: $(srcdir)/regress/parse_gids/parse_gids_test.c \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_util.h \ @@ -916,6 +994,18 @@ $(CC) -E -o $@ $(CPPFLAGS) $< reallocarray.plog: reallocarray.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/reallocarray.c --i-file $< --output-file $@ +roundup.lo: $(srcdir)/roundup.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/roundup.c +roundup.i: $(srcdir)/roundup.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +roundup.plog: roundup.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/roundup.c --i-file $< --output-file $@ secure_path.lo: $(srcdir)/secure_path.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ @@ -1222,6 +1312,14 @@ $(CC) -E -o $@ $(CPPFLAGS) $< ttysize.plog: ttysize.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/ttysize.c --i-file $< --output-file $@ +unlinkat.lo: $(srcdir)/unlinkat.c $(incdir)/sudo_compat.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/unlinkat.c +unlinkat.i: $(srcdir)/unlinkat.c $(incdir)/sudo_compat.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +unlinkat.plog: unlinkat.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/unlinkat.c --i-file $< --output-file $@ utimens.lo: $(srcdir)/utimens.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \ $(top_builddir)/config.h @@ -1232,6 +1330,14 @@ $(CC) -E -o $@ $(CPPFLAGS) $< utimens.plog: utimens.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/utimens.c --i-file $< --output-file $@ +uuid.lo: $(srcdir)/uuid.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_rand.h $(incdir)/sudo_util.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/uuid.c +uuid.i: $(srcdir)/uuid.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_rand.h $(incdir)/sudo_util.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +uuid.plog: uuid.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/uuid.c --i-file $< --output-file $@ vsyslog.lo: $(srcdir)/vsyslog.c $(incdir)/sudo_compat.h $(top_builddir)/config.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/vsyslog.c vsyslog.i: $(srcdir)/vsyslog.c $(incdir)/sudo_compat.h $(top_builddir)/config.h diff -Nru sudo-1.8.31/lib/util/mkdir_parents.c sudo-1.9.0/lib/util/mkdir_parents.c --- sudo-1.8.31/lib/util/mkdir_parents.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/util/mkdir_parents.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,121 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2009-2017 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ +#ifdef HAVE_STRING_H +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#include +#include +#include +#include +#include + +#define DEFAULT_TEXT_DOMAIN "sudo" +#include "sudo_gettext.h" /* must be included before sudo_compat.h */ + +#include "sudo_compat.h" +#include "sudo_fatal.h" +#include "sudo_debug.h" +#include "sudo_util.h" + +/* + * Create any parent directories needed by path (but not path itself). + * Note that path is modified but is restored before it returns. + */ +bool +sudo_mkdir_parents_v1(char *path, uid_t uid, gid_t gid, mode_t mode, bool quiet) +{ + char *slash = path; + debug_decl(sudo_mkdir_parents, SUDO_DEBUG_UTIL); + + /* cppcheck-suppress nullPointerRedundantCheck */ + while ((slash = strchr(slash + 1, '/')) != NULL) { + struct stat sb; + int dfd; + + *slash = '\0'; + sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, + "mkdir %s, mode 0%o, uid %d, gid %d", path, (unsigned int)mode, + (int)uid, (int)gid); +reopen: + dfd = open(path, O_RDONLY|O_NONBLOCK); + if (dfd == -1) { + if (errno != ENOENT) { + if (!quiet) + sudo_warn(U_("unable to open %s"), path); + goto bad; + } + if (mkdir(path, mode) == 0) { + if (uid != (uid_t)-1 && gid != (gid_t)-1) { + if (chown(path, uid, gid) != 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to chown %d:%d %s", __func__, + (int)uid, (int)gid, path); + } + } + } else { + if (errno == EEXIST) + goto reopen; + if (!quiet) + sudo_warn(U_("unable to mkdir %s"), path); + goto bad; + } + } else { + /* Already exists, make sure it is a directory. */ + int rc = fstat(dfd, &sb); + close(dfd); + if (rc != 0) { + if (!quiet) + sudo_warn(U_("unable to stat %s"), path); + goto bad; + } + if (!S_ISDIR(sb.st_mode)) { + if (!quiet) + sudo_warnx(U_("%s exists but is not a directory (0%o)"), + path, (unsigned int) sb.st_mode); + goto bad; + } + } + *slash = '/'; + } + + debug_return_bool(true); +bad: + /* We must restore the path before we return. */ + *slash = '/'; + debug_return_bool(false); +} diff -Nru sudo-1.8.31/lib/util/mksiglist.c sudo-1.9.0/lib/util/mksiglist.c --- sudo-1.8.31/lib/util/mksiglist.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/mksiglist.c 2020-05-11 16:28:23.000000000 +0000 @@ -56,5 +56,5 @@ } printf("};\n"); - exit(0); + exit(EXIT_SUCCESS); } diff -Nru sudo-1.8.31/lib/util/mksigname.c sudo-1.9.0/lib/util/mksigname.c --- sudo-1.8.31/lib/util/mksigname.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/mksigname.c 2020-05-11 16:28:23.000000000 +0000 @@ -56,5 +56,5 @@ } printf("};\n"); - exit(0); + exit(EXIT_SUCCESS); } diff -Nru sudo-1.8.31/lib/util/openat.c sudo-1.9.0/lib/util/openat.c --- sudo-1.8.31/lib/util/openat.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/util/openat.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,65 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2015, 2019 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#include + +#include "sudo_compat.h" + +#ifndef HAVE_OPENAT +int +sudo_openat(int dfd, const char *path, int flags, mode_t mode) +{ + int fd, odfd; + + if (dfd == AT_FDCWD) + return open(path, flags, mode); + + /* Save cwd */ + if ((odfd = open(".", O_RDONLY)) == -1) + return -1; + + if (fchdir(dfd) == -1) { + close(odfd); + return -1; + } + + fd = open(path, flags, mode); + + /* Restore cwd */ + if (fchdir(odfd) == -1) { + /* Should not happen */ + if (fd != -1) { + close(fd); + fd = -1; + } + } + close(odfd); + + return fd; +} +#endif /* HAVE_OPENAT */ diff -Nru sudo-1.8.31/lib/util/parseln.c sudo-1.9.0/lib/util/parseln.c --- sudo-1.8.31/lib/util/parseln.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/parseln.c 2020-05-11 16:28:23.000000000 +0000 @@ -24,6 +24,7 @@ #include #include +#include #include #ifdef HAVE_STRING_H # include @@ -58,7 +59,7 @@ ssize_t len; char *cp, *line = NULL; bool continued, comment; - debug_decl(sudo_parseln, SUDO_DEBUG_UTIL) + debug_decl(sudo_parseln, SUDO_DEBUG_UTIL); do { comment = false; diff -Nru sudo-1.8.31/lib/util/regress/fnmatch/fnm_test.c sudo-1.9.0/lib/util/regress/fnmatch/fnm_test.c --- sudo-1.8.31/lib/util/regress/fnmatch/fnm_test.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/regress/fnmatch/fnm_test.c 2020-05-11 16:28:23.000000000 +0000 @@ -39,7 +39,7 @@ if (argc > 1) { if ((fp = fopen(argv[1], "r")) == NULL) { perror(argv[1]); - exit(1); + exit(EXIT_FAILURE); } } diff -Nru sudo-1.8.31/lib/util/regress/getdelim/getdelim_test.c sudo-1.9.0/lib/util/regress/getdelim/getdelim_test.c --- sudo-1.8.31/lib/util/regress/getdelim/getdelim_test.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/regress/getdelim/getdelim_test.c 2020-05-11 16:28:23.000000000 +0000 @@ -87,7 +87,7 @@ sudo_warn_nodebug("send"); _exit(127); } - _exit(0); + _exit(EXIT_SUCCESS); break; default: /* parent */ diff -Nru sudo-1.8.31/lib/util/regress/glob/globtest.c sudo-1.9.0/lib/util/regress/glob/globtest.c --- sudo-1.8.31/lib/util/regress/glob/globtest.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/regress/glob/globtest.c 2020-05-11 16:28:23.000000000 +0000 @@ -51,7 +51,7 @@ if (argc > 1) { if ((fp = fopen(argv[1], "r")) == NULL) { perror(argv[1]); - exit(1); + exit(EXIT_FAILURE); } } @@ -74,7 +74,7 @@ if (buf[len - 1] != '\n') { fprintf(stderr, "globtest: missing newline at EOF\n"); - exit(1); + exit(EXIT_FAILURE); } buf[--len] = '\0'; } @@ -93,14 +93,14 @@ fprintf(stderr, "globtest: invalid entry on line %d\n", lineno); - exit(1); + exit(EXIT_FAILURE); } len = cp - buf - 1; if (len >= sizeof(entry.pattern)) { fprintf(stderr, "globtest: pattern too big on line %d\n", lineno); - exit(1); + exit(EXIT_FAILURE); } memcpy(entry.pattern, buf + 1, len); entry.pattern[len] = '\0'; @@ -110,14 +110,14 @@ fprintf(stderr, "globtest: invalid entry on line %d\n", lineno); - exit(1); + exit(EXIT_FAILURE); } ep = strchr(cp, '>'); if (ep == NULL) { fprintf(stderr, "globtest: invalid entry on line %d\n", lineno); - exit(1); + exit(EXIT_FAILURE); } *ep = '\0'; entry.flags = 0; @@ -144,7 +144,7 @@ fprintf(stderr, "globtest: invalid flags on line %d\n", lineno); - exit(1); + exit(EXIT_FAILURE); } } entry.nresults = 0; @@ -153,14 +153,14 @@ if (!entry.pattern[0]) { fprintf(stderr, "globtest: missing entry on line %d\n", lineno); - exit(1); + exit(EXIT_FAILURE); } if (entry.nresults + 1 > MAX_RESULTS) { fprintf(stderr, "globtest: too many results for %s, max %d\n", entry.pattern, MAX_RESULTS); - exit(1); + exit(EXIT_FAILURE); } entry.results[entry.nresults++] = strdup(buf); } @@ -185,7 +185,7 @@ if (glob(entry->pattern, entry->flags, NULL, &gl) != 0) { fprintf(stderr, "glob failed: %s: %s\n", entry->pattern, strerror(errno)); - exit(1); + exit(EXIT_FAILURE); } for (ap = gl.gl_pathv; *ap != NULL; ap++) diff -Nru sudo-1.8.31/lib/util/regress/parse_gids/parse_gids_test.c sudo-1.9.0/lib/util/regress/parse_gids/parse_gids_test.c --- sudo-1.8.31/lib/util/regress/parse_gids/parse_gids_test.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/regress/parse_gids/parse_gids_test.c 2020-05-11 16:28:23.000000000 +0000 @@ -87,7 +87,7 @@ free(gidlist); ngids = sudo_parse_gids(test_data[i].gids, test_data[i].baseptr, &gidlist); if (ngids == -1) - exit(1); /* out of memory? */ + exit(EXIT_FAILURE); /* out of memory? */ ntests++; if (ngids != test_data[i].ngids) { sudo_warnx_nodebug("test #%d: expected %d gids, got %d", diff -Nru sudo-1.8.31/lib/util/regress/progname/progname_test.c sudo-1.9.0/lib/util/regress/progname/progname_test.c --- sudo-1.8.31/lib/util/regress/progname/progname_test.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/regress/progname/progname_test.c 2020-05-11 16:28:23.000000000 +0000 @@ -60,8 +60,8 @@ if (strcmp(getprogname(), progbase) != 0) { printf("%s: FAIL: incorrect program name \"%s\"\n", progbase, getprogname()); - exit(1); + exit(EXIT_FAILURE); } - exit(0); + exit(EXIT_SUCCESS); } diff -Nru sudo-1.8.31/lib/util/regress/strsig/strsig_test.c sudo-1.9.0/lib/util/regress/strsig/strsig_test.c --- sudo-1.8.31/lib/util/regress/strsig/strsig_test.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/regress/strsig/strsig_test.c 2020-05-11 16:28:23.000000000 +0000 @@ -37,7 +37,7 @@ /* * Note: we do not test SIGUNUSED as it may not appear in sys_sigabbrev[] - * on Linux. + * on Linux. FreeBSD is missing SIGLWP (aka SIGTHR) in sys_signame[]. */ static struct signal_data { int rval; @@ -159,7 +159,7 @@ #ifdef SIGWAITING { 0, SIGWAITING, "WAITING", NULL }, #endif -#ifdef SIGLWP +#if defined(SIGLWP) && !defined(__FreeBSD__) { 0, SIGLWP, "LWP", NULL }, #endif #ifdef SIGFREEZE diff -Nru sudo-1.8.31/lib/util/regress/sudo_conf/conf_test.c sudo-1.9.0/lib/util/regress/sudo_conf/conf_test.c --- sudo-1.8.31/lib/util/regress/sudo_conf/conf_test.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/regress/sudo_conf/conf_test.c 2020-05-11 16:28:23.000000000 +0000 @@ -72,6 +72,8 @@ struct sudo_debug_file *debug_file; struct plugin_info *info; + printf("Set developer_mode %s\n", + sudo_conf_developer_mode() ? "true" : "false"); printf("Set disable_coredump %s\n", sudo_conf_disable_coredump() ? "true" : "false"); printf("Set group_source %s\n", diff -Nru sudo-1.8.31/lib/util/regress/sudo_conf/test1.in sudo-1.9.0/lib/util/regress/sudo_conf/test1.in --- sudo-1.8.31/lib/util/regress/sudo_conf/test1.in 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/regress/sudo_conf/test1.in 2020-05-11 16:28:23.000000000 +0000 @@ -38,7 +38,7 @@ # Path to a shared library containing dummy versions of the execv(), # execve() and fexecve() library functions that just return an error. # This is used to implement the "noexec" functionality on systems that -# support C or its equivalent. +# support LD_PRELOAD or its equivalent. # The compiled-in value is usually sufficient and should only be changed # if you rename or move the sudo_noexec.so file. # @@ -56,6 +56,15 @@ Set disable_coredump false # +# Developer mode: +# +# By default, sudo enforces that each plugin it loads is only modifiable as +# non root user. This might not be very convenient for plugin development, +# so this can be disabled by setting "developer_mode" to true. +# +Set developer_mode true + +# # User groups: # # Sudo passes the user's group list to the policy plugin. diff -Nru sudo-1.8.31/lib/util/regress/sudo_conf/test1.out.ok sudo-1.9.0/lib/util/regress/sudo_conf/test1.out.ok --- sudo-1.8.31/lib/util/regress/sudo_conf/test1.out.ok 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/regress/sudo_conf/test1.out.ok 2020-05-11 16:28:23.000000000 +0000 @@ -1,3 +1,4 @@ +Set developer_mode true Set disable_coredump false Set group_source static Set max_groups -1 diff -Nru sudo-1.8.31/lib/util/regress/sudo_conf/test2.out.ok sudo-1.9.0/lib/util/regress/sudo_conf/test2.out.ok --- sudo-1.8.31/lib/util/regress/sudo_conf/test2.out.ok 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/regress/sudo_conf/test2.out.ok 2020-05-11 16:28:23.000000000 +0000 @@ -1,3 +1,4 @@ +Set developer_mode false Set disable_coredump true Set group_source adaptive Set max_groups -1 diff -Nru sudo-1.8.31/lib/util/regress/sudo_conf/test3.out.ok sudo-1.9.0/lib/util/regress/sudo_conf/test3.out.ok --- sudo-1.8.31/lib/util/regress/sudo_conf/test3.out.ok 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/regress/sudo_conf/test3.out.ok 2020-05-11 16:28:23.000000000 +0000 @@ -1,3 +1,4 @@ +Set developer_mode false Set disable_coredump true Set group_source adaptive Set max_groups -1 diff -Nru sudo-1.8.31/lib/util/regress/sudo_conf/test4.out.ok sudo-1.9.0/lib/util/regress/sudo_conf/test4.out.ok --- sudo-1.8.31/lib/util/regress/sudo_conf/test4.out.ok 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/regress/sudo_conf/test4.out.ok 2020-05-11 16:28:23.000000000 +0000 @@ -1,3 +1,4 @@ +Set developer_mode false Set disable_coredump true Set group_source adaptive Set max_groups -1 diff -Nru sudo-1.8.31/lib/util/regress/sudo_conf/test5.out.ok sudo-1.9.0/lib/util/regress/sudo_conf/test5.out.ok --- sudo-1.8.31/lib/util/regress/sudo_conf/test5.out.ok 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/regress/sudo_conf/test5.out.ok 2020-05-11 16:28:23.000000000 +0000 @@ -1,3 +1,4 @@ +Set developer_mode false Set disable_coredump true Set group_source adaptive Set max_groups -1 diff -Nru sudo-1.8.31/lib/util/regress/sudo_conf/test6.out.ok sudo-1.9.0/lib/util/regress/sudo_conf/test6.out.ok --- sudo-1.8.31/lib/util/regress/sudo_conf/test6.out.ok 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/regress/sudo_conf/test6.out.ok 2020-05-11 16:28:23.000000000 +0000 @@ -1,3 +1,4 @@ +Set developer_mode false Set disable_coredump true Set group_source adaptive Set max_groups 16 diff -Nru sudo-1.8.31/lib/util/regress/sudo_conf/test7.out.ok sudo-1.9.0/lib/util/regress/sudo_conf/test7.out.ok --- sudo-1.8.31/lib/util/regress/sudo_conf/test7.out.ok 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/regress/sudo_conf/test7.out.ok 2020-05-11 16:28:23.000000000 +0000 @@ -1,3 +1,4 @@ +Set developer_mode false Set disable_coredump true Set group_source adaptive Set max_groups -1 diff -Nru sudo-1.8.31/lib/util/regress/sudo_conf/test8.err.ok sudo-1.9.0/lib/util/regress/sudo_conf/test8.err.ok --- sudo-1.8.31/lib/util/regress/sudo_conf/test8.err.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/util/regress/sudo_conf/test8.err.ok 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1 @@ +conf_test: invalid value for developer_mode "foo" in regress/sudo_conf/test8.in, line 1 diff -Nru sudo-1.8.31/lib/util/regress/sudo_conf/test8.in sudo-1.9.0/lib/util/regress/sudo_conf/test8.in --- sudo-1.8.31/lib/util/regress/sudo_conf/test8.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/util/regress/sudo_conf/test8.in 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1 @@ +Set developer_mode foo diff -Nru sudo-1.8.31/lib/util/regress/sudo_conf/test8.out.ok sudo-1.9.0/lib/util/regress/sudo_conf/test8.out.ok --- sudo-1.8.31/lib/util/regress/sudo_conf/test8.out.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/util/regress/sudo_conf/test8.out.ok 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,4 @@ +Set developer_mode false +Set disable_coredump true +Set group_source adaptive +Set max_groups -1 diff -Nru sudo-1.8.31/lib/util/regress/sudo_parseln/parseln_test.c sudo-1.9.0/lib/util/regress/sudo_parseln/parseln_test.c --- sudo-1.8.31/lib/util/regress/sudo_parseln/parseln_test.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/regress/sudo_parseln/parseln_test.c 2020-05-11 16:28:23.000000000 +0000 @@ -56,5 +56,5 @@ while (sudo_parseln(&line, &linesize, &lineno, stdin, 0) != -1) printf("%6u\t%s\n", lineno, line); free(line); - exit(0); + exit(EXIT_SUCCESS); } diff -Nru sudo-1.8.31/lib/util/regress/sudo_parseln/test1.in sudo-1.9.0/lib/util/regress/sudo_parseln/test1.in --- sudo-1.8.31/lib/util/regress/sudo_parseln/test1.in 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/regress/sudo_parseln/test1.in 2020-05-11 16:28:23.000000000 +0000 @@ -38,7 +38,7 @@ # Path to a shared library containing dummy versions of the execv(), # execve() and fexecve() library functions that just return an error. # This is used to implement the "noexec" functionality on systems that -# support C or its equivalent. +# support LD_PRELOAD or its equivalent. # The compiled-in value is usually sufficient and should only be changed # if you rename or move the sudo_noexec.so file. # diff -Nru sudo-1.8.31/lib/util/regress/vsyslog/vsyslog_test.c sudo-1.9.0/lib/util/regress/vsyslog/vsyslog_test.c --- sudo-1.8.31/lib/util/regress/vsyslog/vsyslog_test.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/regress/vsyslog/vsyslog_test.c 2020-05-11 16:28:23.000000000 +0000 @@ -100,7 +100,7 @@ len = snprintf(buf1, sizeof(buf1), "unable to open %s: %s", "/var/log/sudo-io/seq", strerror(ENOENT)); if (len < 0 || len >= ssizeof(buf1)) - sudo_warnx_nodebug("buf1 trucated at %s:%d", __FILE__, __LINE__); + sudo_warnx_nodebug("buf1 truncated at %s:%d", __FILE__, __LINE__); expected_result = buf1; errno = ENOENT; test_vsyslog(0, "unable to open %s: %m", "/var/log/sudo-io/seq"); @@ -116,7 +116,7 @@ buf1[8184] = '\0'; len = snprintf(buf2, sizeof(buf2), "%s: %s", buf1, strerror(EINVAL)); if (len < 0 || len >= ssizeof(buf2)) - sudo_warnx_nodebug("buf2 trucated at %s:%d", __FILE__, __LINE__); + sudo_warnx_nodebug("buf2 truncated at %s:%d", __FILE__, __LINE__); expected_result = buf2; errno = EINVAL; test_vsyslog(0, "%s: %m", buf1); @@ -126,7 +126,7 @@ buf1[8184] = '\0'; len = snprintf(buf2, sizeof(buf2), "%.*s", 2047, buf1); if (len < 0 || len >= ssizeof(buf2)) - sudo_warnx_nodebug("buf2 trucated at %s:%d", __FILE__, __LINE__); + sudo_warnx_nodebug("buf2 truncated at %s:%d", __FILE__, __LINE__); expected_result = buf2; test_vsyslog(0, buf1); diff -Nru sudo-1.8.31/lib/util/roundup.c sudo-1.9.0/lib/util/roundup.c --- sudo-1.8.31/lib/util/roundup.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/util/roundup.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,45 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "config.h" + +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_util.h" + +/* + * Round 32-bit unsigned length to the next highest power of two. + * Always returns at least 64. + * Algorithm from bit twiddling hacks. + */ +unsigned int +sudo_pow2_roundup_v1(unsigned int len) +{ + if (len < 64) + return 64; + len--; + len |= len >> 1; + len |= len >> 2; + len |= len >> 4; + len |= len >> 8; + len |= len >> 16; + len++; + return len; +} diff -Nru sudo-1.8.31/lib/util/secure_path.c sudo-1.9.0/lib/util/secure_path.c --- sudo-1.8.31/lib/util/secure_path.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/secure_path.c 2020-05-11 16:28:23.000000000 +0000 @@ -47,7 +47,7 @@ { struct stat sb; int ret = SUDO_PATH_MISSING; - debug_decl(sudo_secure_path, SUDO_DEBUG_UTIL) + debug_decl(sudo_secure_path, SUDO_DEBUG_UTIL); if (path != NULL && stat(path, &sb) == 0) { if ((sb.st_mode & _S_IFMT) != type) { diff -Nru sudo-1.8.31/lib/util/setgroups.c sudo-1.9.0/lib/util/setgroups.c --- sudo-1.8.31/lib/util/setgroups.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/setgroups.c 2020-05-11 16:28:23.000000000 +0000 @@ -39,7 +39,7 @@ sudo_setgroups_v1(int ngids, const GETGROUPS_T *gids) { int maxgids, ret; - debug_decl(sudo_setgroups, SUDO_DEBUG_UTIL) + debug_decl(sudo_setgroups, SUDO_DEBUG_UTIL); ret = setgroups(ngids, (GETGROUPS_T *)gids); if (ret == -1 && errno == EINVAL) { diff -Nru sudo-1.8.31/lib/util/strsplit.c sudo-1.9.0/lib/util/strsplit.c --- sudo-1.8.31/lib/util/strsplit.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/strsplit.c 2020-05-11 16:28:23.000000000 +0000 @@ -42,7 +42,7 @@ sudo_strsplit_v1(const char *str, const char *endstr, const char *sep, const char **last) { const char *cp, *s; - debug_decl(sudo_strsplit, SUDO_DEBUG_UTIL) + debug_decl(sudo_strsplit, SUDO_DEBUG_UTIL); /* If no str specified, use last ptr (if any). */ if (str == NULL) diff -Nru sudo-1.8.31/lib/util/strtobool.c sudo-1.9.0/lib/util/strtobool.c --- sudo-1.8.31/lib/util/strtobool.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/strtobool.c 2020-05-11 16:28:23.000000000 +0000 @@ -41,7 +41,7 @@ int sudo_strtobool_v1(const char *str) { - debug_decl(sudo_strtobool, SUDO_DEBUG_UTIL) + debug_decl(sudo_strtobool, SUDO_DEBUG_UTIL); switch (*str) { case '0': diff -Nru sudo-1.8.31/lib/util/strtoid.c sudo-1.9.0/lib/util/strtoid.c --- sudo-1.8.31/lib/util/strtoid.c 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/lib/util/strtoid.c 2020-05-11 16:28:23.000000000 +0000 @@ -84,7 +84,7 @@ const char *errstr; char *ep; id_t ret; - debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL) + debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL); ret = sudo_strtonumx(p, INT_MIN, UINT_MAX, &ep, &errstr); if (errstr == NULL) { diff -Nru sudo-1.8.31/lib/util/strtomode.c sudo-1.9.0/lib/util/strtomode.c --- sudo-1.8.31/lib/util/strtomode.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/strtomode.c 2020-05-11 16:28:23.000000000 +0000 @@ -47,7 +47,7 @@ { char *ep; long lval; - debug_decl(sudo_strtomode, SUDO_DEBUG_UTIL) + debug_decl(sudo_strtomode, SUDO_DEBUG_UTIL); errno = 0; lval = strtol(cp, &ep, 8); diff -Nru sudo-1.8.31/lib/util/sudo_conf.c sudo-1.9.0/lib/util/sudo_conf.c --- sudo-1.8.31/lib/util/sudo_conf.c 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/lib/util/sudo_conf.c 2020-05-11 16:28:23.000000000 +0000 @@ -56,12 +56,6 @@ #include "sudo_debug.h" #include "sudo_util.h" -#ifdef __TANDEM -# define ROOT_UID 65535 -#else -# define ROOT_UID 0 -#endif - struct sudo_conf_table { const char *name; unsigned int namelen; @@ -88,12 +82,14 @@ { NULL } }; +static int set_var_developer_mode(const char *entry, const char *conf_file, unsigned int); static int set_var_disable_coredump(const char *entry, const char *conf_file, unsigned int); static int set_var_group_source(const char *entry, const char *conf_file, unsigned int); static int set_var_max_groups(const char *entry, const char *conf_file, unsigned int); static int set_var_probe_interfaces(const char *entry, const char *conf_file, unsigned int); static struct sudo_conf_table sudo_conf_var_table[] = { + { "developer_mode", sizeof("developer_mode") - 1, set_var_developer_mode }, { "disable_coredump", sizeof("disable_coredump") - 1, set_var_disable_coredump }, { "group_source", sizeof("group_source") - 1, set_var_group_source }, { "max_groups", sizeof("max_groups") - 1, set_var_max_groups }, @@ -109,6 +105,7 @@ #define SUDO_CONF_PATH_DEVSEARCH 4 static struct sudo_conf_data { + bool developer_mode; bool disable_coredump; bool probe_interfaces; int group_source; @@ -117,6 +114,7 @@ struct plugin_info_list plugins; struct sudo_conf_path_table path_table[6]; } sudo_conf_data = { + false, true, true, GROUP_SOURCE_ADAPTIVE, @@ -141,7 +139,7 @@ { struct sudo_conf_table *var; int ret; - debug_decl(parse_variable, SUDO_DEBUG_UTIL) + debug_decl(parse_variable, SUDO_DEBUG_UTIL); for (var = sudo_conf_var_table; var->name != NULL; var++) { if (strncmp(entry, var->name, var->namelen) == 0 && @@ -172,7 +170,7 @@ const char *ep, *name, *path; struct sudo_conf_path_table *cur; size_t namelen; - debug_decl(parse_path, SUDO_DEBUG_UTIL) + debug_decl(parse_path, SUDO_DEBUG_UTIL); /* Parse name. */ name = sudo_strsplit(entry, entry_end, " \t", &ep); @@ -225,7 +223,7 @@ const char *ep, *path, *progname, *flags; const char *entry_end = entry + strlen(entry); size_t pathlen, prognamelen; - debug_decl(parse_debug, SUDO_DEBUG_UTIL) + debug_decl(parse_debug, SUDO_DEBUG_UTIL); /* Parse progname. */ progname = sudo_strsplit(entry, entry_end, " \t", &ep); @@ -297,7 +295,7 @@ char **options = NULL; size_t pathlen, symlen; unsigned int nopts = 0; - debug_decl(parse_plugin, SUDO_DEBUG_UTIL) + debug_decl(parse_plugin, SUDO_DEBUG_UTIL); /* Parse symbol. */ symbol = sudo_strsplit(entry, entry_end, " \t", &ep); @@ -368,11 +366,27 @@ } static int +set_var_developer_mode(const char *strval, const char *conf_file, + unsigned int lineno) +{ + int val = sudo_strtobool(strval); + debug_decl(set_var_developer_mode, SUDO_DEBUG_UTIL); + + if (val == -1) { + sudo_warnx(U_("invalid value for %s \"%s\" in %s, line %u"), + "developer_mode", strval, conf_file, lineno); + debug_return_bool(false); + } + sudo_conf_data.developer_mode = val; + debug_return_bool(true); +} + +static int set_var_disable_coredump(const char *strval, const char *conf_file, unsigned int lineno) { int val = sudo_strtobool(strval); - debug_decl(set_var_disable_coredump, SUDO_DEBUG_UTIL) + debug_decl(set_var_disable_coredump, SUDO_DEBUG_UTIL); if (val == -1) { sudo_warnx(U_("invalid value for %s \"%s\" in %s, line %u"), @@ -387,7 +401,7 @@ set_var_group_source(const char *strval, const char *conf_file, unsigned int lineno) { - debug_decl(set_var_group_source, SUDO_DEBUG_UTIL) + debug_decl(set_var_group_source, SUDO_DEBUG_UTIL); if (strcasecmp(strval, "adaptive") == 0) { sudo_conf_data.group_source = GROUP_SOURCE_ADAPTIVE; @@ -408,7 +422,7 @@ unsigned int lineno) { int max_groups; - debug_decl(set_var_max_groups, SUDO_DEBUG_UTIL) + debug_decl(set_var_max_groups, SUDO_DEBUG_UTIL); max_groups = sudo_strtonum(strval, 1, INT_MAX, NULL); if (max_groups <= 0) { @@ -425,7 +439,7 @@ unsigned int lineno) { int val = sudo_strtobool(strval); - debug_decl(set_var_probe_interfaces, SUDO_DEBUG_UTIL) + debug_decl(set_var_probe_interfaces, SUDO_DEBUG_UTIL); if (val == -1) { sudo_warnx(U_("invalid value for %s \"%s\" in %s, line %u"), @@ -497,7 +511,7 @@ struct sudo_conf_debug *debug_spec; size_t prognamelen, progbaselen; const char *progbase = progname; - debug_decl(sudo_conf_debug_files, SUDO_DEBUG_UTIL) + debug_decl(sudo_conf_debug_files, SUDO_DEBUG_UTIL); /* Determine basename if program is fully qualified (like for plugins). */ prognamelen = progbaselen = strlen(progname); @@ -527,6 +541,12 @@ } bool +sudo_conf_developer_mode_v1(void) +{ + return sudo_conf_data.developer_mode; +} + +bool sudo_conf_disable_coredump_v1(void) { return sudo_conf_data.disable_coredump; @@ -550,7 +570,7 @@ char *prev_locale, *line = NULL; unsigned int conf_lineno = 0; size_t linesize = 0; - debug_decl(sudo_conf_read, SUDO_DEBUG_UTIL) + debug_decl(sudo_conf_read, SUDO_DEBUG_UTIL); if ((prev_locale = setlocale(LC_ALL, NULL)) == NULL) { sudo_warn("setlocale(LC_ALL, NULL)"); @@ -649,7 +669,7 @@ sudo_conf_clear_paths_v1(void) { struct sudo_conf_path_table *cur; - debug_decl(sudo_conf_clear_paths, SUDO_DEBUG_UTIL) + debug_decl(sudo_conf_clear_paths, SUDO_DEBUG_UTIL); for (cur = sudo_conf_data.path_table; cur->pname != NULL; cur++) { if (cur->dynamic) diff -Nru sudo-1.8.31/lib/util/sudo_debug.c sudo-1.9.0/lib/util/sudo_debug.c --- sudo-1.8.31/lib/util/sudo_debug.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/sudo_debug.c 2020-05-11 16:28:23.000000000 +0000 @@ -106,6 +106,7 @@ const char *const *subsystems; const unsigned int *subsystem_ids; unsigned int max_subsystem; + unsigned int refcnt; struct sudo_debug_output_list outputs; }; @@ -328,6 +329,7 @@ instance->subsystems = subsystems; instance->subsystem_ids = ids; instance->max_subsystem = max_id; + instance->refcnt = 1; SLIST_INIT(&instance->outputs); sudo_debug_instances[idx] = instance; if (idx != free_idx) @@ -340,6 +342,7 @@ for (i = 0; subsystems[i] != NULL; i++) ids[i] = instance->subsystem_ids[i]; } + instance->refcnt++; } TAILQ_FOREACH(debug_file, debug_files, entries) { @@ -364,6 +367,7 @@ /* * De-register the specified instance from the debug subsystem * and free up any associated data structures. + * Returns the number of remaining references for the instance or -1 on error. */ int sudo_debug_deregister_v1(int idx) @@ -383,7 +387,10 @@ instance = sudo_debug_instances[idx]; if (instance == NULL) - return -1; /* already deregistered */ + return -1; /* already deregistered */ + + if (--instance->refcnt != 0) + return instance->refcnt; /* ref held by other caller */ /* Free up instance data, note that subsystems[] is owned by caller. */ sudo_debug_instances[idx] = NULL; @@ -402,6 +409,45 @@ return 0; } +/* + * Parse the "filename flags,..." debug_flags entry from sudo.conf + * and insert a new sudo_debug_file struct into the list. + * Returns 0 on success, 1 on parse error or -1 on malloc failure. + */ +int +sudo_debug_parse_flags_v1(struct sudo_conf_debug_file_list *debug_files, + const char *entry) +{ + struct sudo_debug_file *debug_file; + const char *filename, *flags; + size_t namelen; + + /* Only process new-style debug flags: filename flags,... */ + filename = entry; + if (*filename != '/' || (flags = strpbrk(filename, " \t")) == NULL) + return 1; + namelen = (size_t)(flags - filename); + while (isblank((unsigned char)*flags)) + flags++; + if (*flags != '\0') { + if ((debug_file = calloc(1, sizeof(*debug_file))) == NULL) + goto oom; + if ((debug_file->debug_file = strndup(filename, namelen)) == NULL) + goto oom; + if ((debug_file->debug_flags = strdup(flags)) == NULL) + goto oom; + TAILQ_INSERT_TAIL(debug_files, debug_file, entries); + } + return 0; +oom: + if (debug_file != NULL) { + free(debug_file->debug_file); + free(debug_file->debug_flags); + free(debug_file); + } + return -1; +} + int sudo_debug_get_instance_v1(const char *program) { @@ -616,6 +662,41 @@ ignore_result(writev(fd, iov, iovcnt)); } +bool +sudo_debug_needed_v1(int level) +{ + unsigned int subsys; + int pri; + struct sudo_debug_instance *instance; + struct sudo_debug_output *output; + bool result = false; + + if (sudo_debug_active_instance == -1) + goto out; + + /* Extract priority and subsystem from level. */ + pri = SUDO_DEBUG_PRI(level); + subsys = (unsigned int)SUDO_DEBUG_SUBSYS(level); + + if (sudo_debug_active_instance > sudo_debug_last_instance) + goto out; + + instance = sudo_debug_instances[sudo_debug_active_instance]; + if (instance == NULL) + goto out; + + if (subsys <= instance->max_subsystem) { + SLIST_FOREACH(output, &instance->outputs, entries) { + if (output->settings[subsys] >= pri) { + result = true; + break; + } + } + } +out: + return result; +} + void sudo_debug_vprintf2_v1(const char *func, const char *file, int lineno, int level, const char *fmt, va_list ap) diff -Nru sudo-1.8.31/lib/util/term.c sudo-1.9.0/lib/util/term.c --- sudo-1.8.31/lib/util/term.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/term.c 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2011-2015, 2017 Todd C. Miller + * Copyright (c) 2011-2015, 2017-2019 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -147,7 +147,7 @@ bool sudo_term_restore_v1(int fd, bool flush) { - debug_decl(sudo_term_restore, SUDO_DEBUG_UTIL) + debug_decl(sudo_term_restore, SUDO_DEBUG_UTIL); if (changed) { const int flags = flush ? (TCSASOFT|TCSAFLUSH) : (TCSASOFT|TCSADRAIN); @@ -165,7 +165,7 @@ bool sudo_term_noecho_v1(int fd) { - debug_decl(sudo_term_noecho, SUDO_DEBUG_UTIL) + debug_decl(sudo_term_noecho, SUDO_DEBUG_UTIL); if (!changed && tcgetattr(fd, &oterm) != 0) debug_return_bool(false); @@ -182,24 +182,20 @@ } /* - * Set terminal to raw mode. + * Set terminal to raw mode with optional terminal signals. * Returns true on success or false on failure. */ bool sudo_term_raw_v1(int fd, int isig) { struct termios term; - debug_decl(sudo_term_raw, SUDO_DEBUG_UTIL) + debug_decl(sudo_term_raw, SUDO_DEBUG_UTIL); if (!changed && tcgetattr(fd, &oterm) != 0) debug_return_bool(false); (void) memcpy(&term, &oterm, sizeof(term)); - /* Set terminal to raw mode */ - term.c_cc[VMIN] = 1; - term.c_cc[VTIME] = 0; - CLR(term.c_iflag, ICRNL | IGNCR | INLCR | IUCLC | IXON); - CLR(term.c_oflag, OPOST); - CLR(term.c_lflag, ECHO | ICANON | ISIG | IEXTEN); + /* Set terminal to raw mode but optionally enable terminal signals. */ + cfmakeraw(&term); if (isig) SET(term.c_lflag, ISIG); if (tcsetattr_nobg(fd, TCSASOFT|TCSADRAIN, &term) == 0) { @@ -216,7 +212,7 @@ bool sudo_term_cbreak_v1(int fd) { - debug_decl(sudo_term_cbreak, SUDO_DEBUG_UTIL) + debug_decl(sudo_term_cbreak, SUDO_DEBUG_UTIL); if (!changed && tcgetattr(fd, &oterm) != 0) debug_return_bool(false); @@ -260,7 +256,7 @@ struct winsize wsize; speed_t speed; int i; - debug_decl(sudo_term_copy, SUDO_DEBUG_UTIL) + debug_decl(sudo_term_copy, SUDO_DEBUG_UTIL); if (tcgetattr(src, &tt_src) != 0 || tcgetattr(dst, &tt_dst) != 0) debug_return_bool(false); diff -Nru sudo-1.8.31/lib/util/ttyname_dev.c sudo-1.9.0/lib/util/ttyname_dev.c --- sudo-1.8.31/lib/util/ttyname_dev.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/lib/util/ttyname_dev.c 2020-05-11 16:28:23.000000000 +0000 @@ -62,7 +62,7 @@ sudo_ttyname_dev_v1(dev_t tdev, char *name, size_t namelen) { char *dev; - debug_decl(sudo_ttyname_dev, SUDO_DEBUG_UTIL) + debug_decl(sudo_ttyname_dev, SUDO_DEBUG_UTIL); /* Some versions of devname() return NULL on failure, others do not. */ dev = devname(tdev, S_IFCHR); @@ -89,7 +89,7 @@ sudo_ttyname_dev_v1(dev_t tdev, char *name, size_t namelen) { int serrno = errno; - debug_decl(sudo_ttyname_dev, SUDO_DEBUG_UTIL) + debug_decl(sudo_ttyname_dev, SUDO_DEBUG_UTIL); /* * _ttyname_dev() sets errno to ERANGE if namelen is too small @@ -128,7 +128,7 @@ struct stat sb; unsigned int i; DIR *d = NULL; - debug_decl(sudo_ttyname_scan, SUDO_DEBUG_UTIL) + debug_decl(sudo_ttyname_scan, SUDO_DEBUG_UTIL); if (dir[0] == '\0') { errno = ENOENT; @@ -233,7 +233,7 @@ sudo_dev_check(dev_t rdev, const char *devname, char *buf, size_t buflen) { struct stat sb; - debug_decl(sudo_dev_check, SUDO_DEBUG_UTIL) + debug_decl(sudo_dev_check, SUDO_DEBUG_UTIL); if (stat(devname, &sb) == 0) { if (S_ISCHR(sb.st_mode) && sb.st_rdev == rdev) { @@ -265,7 +265,7 @@ char path[PATH_MAX], *ret; const char *cp, *ep; size_t len; - debug_decl(sudo_ttyname_dev, SUDO_DEBUG_UTIL) + debug_decl(sudo_ttyname_dev, SUDO_DEBUG_UTIL); /* * First, check /dev/console. diff -Nru sudo-1.8.31/lib/util/ttysize.c sudo-1.9.0/lib/util/ttysize.c --- sudo-1.8.31/lib/util/ttysize.c 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/lib/util/ttysize.c 2020-05-11 16:28:23.000000000 +0000 @@ -39,7 +39,7 @@ get_ttysize_ioctl(int *rowp, int *colp) { struct winsize wsize; - debug_decl(get_ttysize_ioctl, SUDO_DEBUG_UTIL) + debug_decl(get_ttysize_ioctl, SUDO_DEBUG_UTIL); if (ioctl(STDERR_FILENO, TIOCGWINSZ, &wsize) == 0 && wsize.ws_row != 0 && wsize.ws_col != 0) { @@ -53,7 +53,7 @@ void sudo_get_ttysize_v1(int *rowp, int *colp) { - debug_decl(sudo_get_ttysize, SUDO_DEBUG_UTIL) + debug_decl(sudo_get_ttysize, SUDO_DEBUG_UTIL); if (get_ttysize_ioctl(rowp, colp) == -1) { char *p; diff -Nru sudo-1.8.31/lib/util/unlinkat.c sudo-1.9.0/lib/util/unlinkat.c --- sudo-1.8.31/lib/util/unlinkat.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/util/unlinkat.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,62 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#include + +#include "sudo_compat.h" + +#ifndef HAVE_UNLINKAT +int +sudo_unlinkat(int dfd, const char *path, int flag) +{ + int odfd, ret; + + if (dfd == AT_FDCWD) + return unlink(path); + + /* Save cwd */ + if ((odfd = open(".", O_RDONLY)) == -1) + return -1; + + if (fchdir(dfd) == -1) { + close(odfd); + return -1; + } + + ret = unlink(path); + + /* Restore cwd */ + if (fchdir(odfd) == -1) { + /* Should not happen */ + ret = -1; + } + close(odfd); + + return ret; +} +#endif /* HAVE_UNLINKAT */ diff -Nru sudo-1.8.31/lib/util/util.exp.in sudo-1.9.0/lib/util/util.exp.in --- sudo-1.8.31/lib/util/util.exp.in 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/lib/util/util.exp.in 2020-05-11 16:28:23.000000000 +0000 @@ -3,6 +3,7 @@ sudo_conf_clear_paths_v1 sudo_conf_debug_files_v1 sudo_conf_debugging_v1 +sudo_conf_developer_mode_v1 sudo_conf_devsearch_path_v1 sudo_conf_disable_coredump_v1 sudo_conf_group_source_v1 @@ -31,6 +32,8 @@ sudo_debug_get_active_instance_v1 sudo_debug_get_fds_v1 sudo_debug_get_instance_v1 +sudo_debug_needed_v1 +sudo_debug_parse_flags_v1 sudo_debug_printf2_v1 sudo_debug_register_v1 sudo_debug_set_active_instance_v1 @@ -65,6 +68,8 @@ sudo_ev_loopbreak_v1 sudo_ev_loopcontinue_v1 sudo_ev_loopexit_v1 +sudo_ev_pending_v1 +sudo_ev_set_v1 sudo_fatal_callback_deregister_v1 sudo_fatal_callback_register_v1 sudo_fatal_nodebug_v1 @@ -79,6 +84,16 @@ sudo_gettime_awake_v1 sudo_gettime_mono_v1 sudo_gettime_real_v1 +sudo_json_add_value_as_object_v1 +sudo_json_add_value_v1 +sudo_json_close_array_v1 +sudo_json_close_object_v1 +sudo_json_free_v1 +sudo_json_get_buf_v1 +sudo_json_get_len_v1 +sudo_json_init_v1 +sudo_json_open_array_v1 +sudo_json_open_object_v1 sudo_lbuf_append_quoted_v1 sudo_lbuf_append_v1 sudo_lbuf_clearerr_v1 @@ -88,13 +103,19 @@ sudo_lbuf_print_v1 sudo_lock_file_v1 sudo_lock_region_v1 +sudo_logfac2str_v1 +sudo_logpri2str_v1 +sudo_mkdir_parents_v1 sudo_new_key_val_v1 sudo_parse_gids_v1 sudo_parseln_v1 sudo_parseln_v2 +sudo_pow2_roundup_v1 sudo_secure_dir_v1 sudo_secure_file_v1 sudo_setgroups_v1 +sudo_str2logfac_v1 +sudo_str2logpri_v1 sudo_strsplit_v1 sudo_strtobool_v1 sudo_strtoid_v1 @@ -111,6 +132,8 @@ sudo_term_raw_v1 sudo_term_restore_v1 sudo_ttyname_dev_v1 +sudo_uuid_create_v1 +sudo_uuid_to_string_v1 sudo_vfatal_nodebug_v1 sudo_vfatalx_nodebug_v1 sudo_vwarn_nodebug_v1 diff -Nru sudo-1.8.31/lib/util/uuid.c sudo-1.9.0/lib/util/uuid.c --- sudo-1.8.31/lib/util/uuid.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/lib/util/uuid.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,112 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif +#include +#include + +#include "sudo_compat.h" +#include "sudo_util.h" +#include "sudo_rand.h" + +struct uuid { + uint32_t time_low; + uint16_t time_mid; + uint16_t time_high_and_version; + uint16_t clock_seq_and_variant; + unsigned char node[6]; +}; + +/* + * Create a type 4 (random), variant 1 universally unique identifier (UUID). + */ +void +sudo_uuid_create_v1(unsigned char uuid_out[16]) +{ + union { + struct uuid id; + unsigned char u8[16]; + } uuid; + + arc4random_buf(&uuid, sizeof(uuid)); + + /* Convert fields to host by order. */ + uuid.id.time_low = ntohl(uuid.id.time_low); + uuid.id.time_mid = ntohs(uuid.id.time_mid); + uuid.id.time_high_and_version = ntohs(uuid.id.time_high_and_version); + uuid.id.clock_seq_and_variant = ntohs(uuid.id.clock_seq_and_variant); + + /* Set version to 4 (random) in the high nibble. */ + uuid.id.time_high_and_version &= 0x0fff; + uuid.id.time_high_and_version |= 0x4000; + + /* Set variant to 1 (first two bits are 10) */ + uuid.id.clock_seq_and_variant &= 0x3fff; + uuid.id.clock_seq_and_variant |= 0x8000; + + /* Store fields in network byte order (big endian). */ + uuid.id.time_low = htonl(uuid.id.time_low); + uuid.id.time_mid = htons(uuid.id.time_mid); + uuid.id.time_high_and_version = htons(uuid.id.time_high_and_version); + uuid.id.clock_seq_and_variant = htons(uuid.id.clock_seq_and_variant); + memcpy(uuid_out, &uuid, 16); +} + +/* + * Format a uuid as a 36-byte string (plus one for the NUL). + */ +char * +sudo_uuid_to_string_v1(unsigned char uuid[16], char *dst, size_t dstsiz) +{ + const char hex[] = "0123456789abcdef"; + char *cp = dst; + int i; + + if (dstsiz < sizeof("123e4567-e89b-12d3-a456-426655440000")) + return NULL; + + for (i = 0; i < 16; i++) { + *cp++ = hex[uuid[i] >> 4]; + *cp++ = hex[uuid[i] & 0x0f]; + + switch (i) { + case 4: + case 6: + case 8: + case 10: + *cp++ = '-'; + break; + } + } + *cp = '\0'; + + return dst; +} diff -Nru sudo-1.8.31/lib/zlib/Makefile.in sudo-1.9.0/lib/zlib/Makefile.in --- sudo-1.8.31/lib/zlib/Makefile.in 2019-12-10 13:11:38.000000000 +0000 +++ sudo-1.9.0/lib/zlib/Makefile.in 2020-05-11 16:28:23.000000000 +0000 @@ -21,8 +21,12 @@ #### Start of system configuration section. #### srcdir = @srcdir@ -top_builddir = @top_builddir@ +abs_srcdir = @abs_srcdir@ top_srcdir = @top_srcdir@ +abs_top_srcdir = @abs_top_srcdir@ +top_builddir = @top_builddir@ +abs_top_builddir = @abs_top_builddir@ +scriptdir = $(top_srcdir)/scripts cross_compiling = @CROSS_COMPILING@ # Where to install things... @@ -96,8 +100,8 @@ all: libsudo_z.la depend: - $(top_srcdir)/mkdep.pl --srcdir=$(top_srcdir) \ - --builddir=`pwd`/$(top_builddir) lib/zlib/Makefile.in + $(scriptdir)/mkdep.pl --srcdir=$(abs_top_srcdir) \ + --builddir=$(abs_top_builddir) lib/zlib/Makefile.in cd $(top_builddir) && ./config.status --file lib/zlib/Makefile Makefile: $(srcdir)/Makefile.in @@ -158,8 +162,8 @@ check: clean: - -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la *.a stamp-* \ - core *.core core.* + -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la + -rm -f stamp-* core *.core core.* mostlyclean: clean diff -Nru sudo-1.8.31/log2cl.pl sudo-1.9.0/log2cl.pl --- sudo-1.8.31/log2cl.pl 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/log2cl.pl 1970-01-01 00:00:00.000000000 +0000 @@ -1,104 +0,0 @@ -#!/usr/bin/env perl -# -# SPDX-License-Identifier: ISC -# -# Copyright (c) 2017 Todd C. Miller -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -# -# Simple script to massage "git log" output into a GNU style ChangeLog. -# The goal is to emulate "hg log --style=changelog" via perl format. - -use warnings; - -my $format="%ad %aN <%aE>%n%h%n%B%n"; -my @cmd = ("git", "log", "--log-size", "--name-only", "--date=short", "--format=$format", @ARGV); -open(LOG, '-|', @cmd) || die "$0: unable to run git log: $!"; - -my $hash; -my $body; -my @files; -my $key_date = ""; -my $log_size = 0; -my @lines; - -while () { - chomp; - if (/^log size (\d+)$/) { - $log_size = $1; - - # Print previous entry if there is one - print_entry($hash, $body, @files) if defined($hash); - - # Init new entry - undef $hash; - undef $body; - undef @files; - undef @lines; - - # Read entry and split on newlines - read(LOG, my $buf, $log_size) || - die "$0: unable to read $log_size bytes: $!\n"; - @lines = split(/\r?\n/, $buf); - - # Check for continued entry (duplicate Date + Author) - $_ = shift(@lines); - if ($_ ne $key_date) { - # New entry - print "$_\n\n"; - $key_date = $_; - } - - # Hash comes first - $hash = shift(@lines); - - # Commit message body (multi-line) - foreach (@lines) { - last if $_ eq "--HG--"; - if (defined($body)) { - $_ = "\r" if $_ eq ""; - $body .= " $_"; - } else { - $body = $_; - } - } - } else { - # Not a log entry, must be the file list - push(@files, $_) unless $_ eq ""; - } -} - -# Print the last entry -print_entry($hash, $body, @files) if defined($hash); - -exit(0); - -sub print_entry -{ - my $hash = '[' . shift . ']'; - my $body = shift; - my $files = "* " . join(", ", @_) . ":"; - - local $= = 9999; # to silence warning (hack) - - format = - ^<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< ~~ - $files - ^<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< ~~ - $body - @* - $hash - -. - write; -} diff -Nru sudo-1.8.31/logsrvd/eventlog.c sudo-1.9.0/logsrvd/eventlog.c --- sudo-1.8.31/logsrvd/eventlog.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/logsrvd/eventlog.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,743 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 1994-1996, 1998-2019 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F39502-99-1-0512. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "log_server.pb-c.h" +#include "sudo_gettext.h" /* must be included before sudo_compat.h */ +#include "sudo_compat.h" +#include "sudo_fatal.h" +#include "sudo_json.h" +#include "sudo_queue.h" +#include "sudo_debug.h" +#include "sudo_util.h" +#include "sudo_iolog.h" +#include "logsrvd.h" + +#define LL_HOST_STR "HOST=" +#define LL_TTY_STR "TTY=" +#define LL_CWD_STR "PWD=" +#define LL_USER_STR "USER=" +#define LL_GROUP_STR "GROUP=" +#define LL_ENV_STR "ENV=" +#define LL_CMND_STR "COMMAND=" +#define LL_TSID_STR "TSID=" + +#define IS_SESSID(s) ( \ + isalnum((unsigned char)(s)[0]) && isalnum((unsigned char)(s)[1]) && \ + (s)[2] == '/' && \ + isalnum((unsigned char)(s)[3]) && isalnum((unsigned char)(s)[4]) && \ + (s)[5] == '/' && \ + isalnum((unsigned char)(s)[6]) && isalnum((unsigned char)(s)[7]) && \ + (s)[8] == '\0') + +/* + * Allocate and fill in a new logline. + */ +static char * +new_logline(const char *message, const char *errstr, + const struct iolog_details *details) +{ + char *line = NULL, *evstr = NULL; + const char *iolog_file = details->iolog_file; + char sessid[7]; + const char *tsid = NULL; + size_t len = 0; + int i; + debug_decl(new_logline, SUDO_DEBUG_UTIL); + + /* A TSID may be a sudoers-style session ID or a free-form string. */ + if (iolog_file != NULL) { + if (IS_SESSID(iolog_file)) { + sessid[0] = iolog_file[0]; + sessid[1] = iolog_file[1]; + sessid[2] = iolog_file[3]; + sessid[3] = iolog_file[4]; + sessid[4] = iolog_file[6]; + sessid[5] = iolog_file[7]; + sessid[6] = '\0'; + tsid = sessid; + } else { + tsid = iolog_file; + } + } + + /* + * Compute line length + */ + if (message != NULL) + len += strlen(message) + 3; + if (errstr != NULL) + len += strlen(errstr) + 3; + len += sizeof(LL_HOST_STR) + 2 + strlen(details->submithost); + len += sizeof(LL_TTY_STR) + 2 + strlen(details->ttyname); + len += sizeof(LL_CWD_STR) + 2 + strlen(details->cwd); + if (details->runuser != NULL) + len += sizeof(LL_USER_STR) + 2 + strlen(details->runuser); + if (details->rungroup != NULL) + len += sizeof(LL_GROUP_STR) + 2 + strlen(details->rungroup); + if (tsid != NULL) + len += sizeof(LL_TSID_STR) + 2 + strlen(tsid); + if (details->env_add != NULL) { + size_t evlen = 0; + char * const *ep; + + for (ep = details->env_add; *ep != NULL; ep++) + evlen += strlen(*ep) + 1; + if (evlen != 0) { + if ((evstr = malloc(evlen)) == NULL) + goto oom; + ep = details->env_add; + if (strlcpy(evstr, *ep, evlen) >= evlen) + goto toobig; + while (*++ep != NULL) { + if (strlcat(evstr, " ", evlen) >= evlen || + strlcat(evstr, *ep, evlen) >= evlen) + goto toobig; + } + len += sizeof(LL_ENV_STR) + 2 + evlen; + } + } + if (details->command != NULL) { + len += sizeof(LL_CMND_STR) - 1 + strlen(details->command); + if (details->argc > 1) { + for (i = 1; i < details->argc; i++) + len += strlen(details->argv[i]) + 1; + } + } + + /* + * Allocate and build up the line. + */ + if ((line = malloc(++len)) == NULL) + goto oom; + line[0] = '\0'; + + if (message != NULL) { + if (strlcat(line, message, len) >= len || + strlcat(line, errstr ? " : " : " ; ", len) >= len) + goto toobig; + } + if (errstr != NULL) { + if (strlcat(line, errstr, len) >= len || + strlcat(line, " ; ", len) >= len) + goto toobig; + } + if (strlcat(line, LL_HOST_STR, len) >= len || + strlcat(line, details->submithost, len) >= len || + strlcat(line, " ; ", len) >= len) + goto toobig; + if (strlcat(line, LL_TTY_STR, len) >= len || + strlcat(line, details->ttyname, len) >= len || + strlcat(line, " ; ", len) >= len) + goto toobig; + if (strlcat(line, LL_CWD_STR, len) >= len || + strlcat(line, details->cwd, len) >= len || + strlcat(line, " ; ", len) >= len) + goto toobig; + if (details->runuser != NULL) { + if (strlcat(line, LL_USER_STR, len) >= len || + strlcat(line, details->runuser, len) >= len || + strlcat(line, " ; ", len) >= len) + goto toobig; + } + if (details->rungroup != NULL) { + if (strlcat(line, LL_GROUP_STR, len) >= len || + strlcat(line, details->rungroup, len) >= len || + strlcat(line, " ; ", len) >= len) + goto toobig; + } + if (tsid != NULL) { + if (strlcat(line, LL_TSID_STR, len) >= len || + strlcat(line, tsid, len) >= len || + strlcat(line, " ; ", len) >= len) + goto toobig; + } + if (evstr != NULL) { + if (strlcat(line, LL_ENV_STR, len) >= len || + strlcat(line, evstr, len) >= len || + strlcat(line, " ; ", len) >= len) + goto toobig; + free(evstr); + evstr = NULL; + } + if (details->command != NULL) { + if (strlcat(line, LL_CMND_STR, len) >= len) + goto toobig; + if (strlcat(line, details->command, len) >= len) + goto toobig; + if (details->argc > 1) { + for (i = 1; i < details->argc; i++) { + if (strlcat(line, " ", len) >= len || + strlcat(line, details->argv[i], len) >= len) + goto toobig; + } + } + } + + debug_return_str(line); +oom: + free(evstr); + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + debug_return_str(NULL); +toobig: + free(evstr); + free(line); + sudo_warnx(U_("internal error, %s overflow"), __func__); + debug_return_str(NULL); +} + +static bool +json_add_timestamp(struct json_container *json, const char *name, + struct timespec *ts) +{ + const char *timefmt = logsrvd_conf_logfile_time_format(); + struct json_value json_value; + time_t secs = ts->tv_sec; + char timebuf[1024]; + struct tm *tm; + debug_decl(json_add_timestamp, SUDO_DEBUG_PLUGIN); + + if ((tm = gmtime(&secs)) == NULL) + debug_return_bool(false); + + if (!sudo_json_open_object(json, name)) + goto oom; + + json_value.type = JSON_NUMBER; + json_value.u.number = ts->tv_sec; + if (!sudo_json_add_value(json, "seconds", &json_value)) + goto oom; + + json_value.type = JSON_NUMBER; + json_value.u.number = ts->tv_nsec; + if (!sudo_json_add_value(json, "nanoseconds", &json_value)) + goto oom; + + strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%SZ", tm); + json_value.type = JSON_STRING; + json_value.u.string = timebuf; + if (!sudo_json_add_value(json, "iso8601", &json_value)) + goto oom; + + strftime(timebuf, sizeof(timebuf), timefmt, tm); + json_value.type = JSON_STRING; + json_value.u.string = timebuf; + if (!sudo_json_add_value(json, "localtime", &json_value)) + goto oom; + + if (!sudo_json_close_object(json)) + goto oom; + + debug_return_bool(true); +oom: + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO, + "%s: %s", __func__, "unable to allocate memory"); + debug_return_bool(false); +} + +static char * +format_json(ClientMessage__TypeCase event_type, + const char *reason, TimeSpec *event_time, InfoMessage **info_msgs, + size_t infolen, bool compact) +{ + const char *type_str; + const char *time_str; + struct json_container json = { 0 }; + struct json_value json_value; + struct timespec ts; + size_t idx; + debug_decl(format_json, SUDO_DEBUG_UTIL); + + if (sudo_gettime_real(&ts) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to read the clock"); + debug_return_str(NULL); + } + + switch (event_type) { + case CLIENT_MESSAGE__TYPE_ACCEPT_MSG: + type_str = "accept"; + time_str = "submit_time"; + break; + case CLIENT_MESSAGE__TYPE_REJECT_MSG: + type_str = "reject"; + time_str = "submit_time"; + break; + case CLIENT_MESSAGE__TYPE_ALERT_MSG: + type_str = "alert"; + time_str = "alert_time"; + break; + default: + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected event type %d", event_type); + debug_return_str(NULL); + } + + if (!sudo_json_init(&json, 4, compact, false)) + goto bad; + if (!sudo_json_open_object(&json, type_str)) + goto bad; + + /* Reject and Alert events include a reason */ + if (reason != NULL) { + json_value.type = JSON_STRING; + json_value.u.string = reason; + if (!sudo_json_add_value(&json, "reason", &json_value)) + goto bad; + } + + /* XXX - create and log uuid? */ + + /* Log event time on server (set earlier) */ + if (!json_add_timestamp(&json, "server_time", &ts)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO, + "unable format timestamp"); + goto bad; + } + + /* Log event time from client */ + ts.tv_sec = event_time->tv_sec; + ts.tv_nsec = event_time->tv_nsec; + if (!json_add_timestamp(&json, time_str, &ts)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO, + "unable format timestamp"); + goto bad; + } + + /* Dump details */ + for (idx = 0; idx < infolen; idx++) { + InfoMessage *info = info_msgs[idx]; + + switch (info->value_case) { + case INFO_MESSAGE__VALUE_NUMVAL: + json_value.type = JSON_NUMBER; + json_value.u.number = info->numval; + if (!sudo_json_add_value(&json, info->key, &json_value)) + goto bad; + break; + case INFO_MESSAGE__VALUE_STRVAL: + json_value.type = JSON_STRING; + json_value.u.string = info->strval; + if (!sudo_json_add_value(&json, info->key, &json_value)) + goto bad; + break; + case INFO_MESSAGE__VALUE_STRLISTVAL: { + InfoMessage__StringList *strlist = info->strlistval; + size_t n; + + if (!sudo_json_open_array(&json, info->key)) + goto bad; + for (n = 0; n < strlist->n_strings; n++) { + json_value.type = JSON_STRING; + json_value.u.string = strlist->strings[n]; + if (!sudo_json_add_value(&json, NULL, &json_value)) + goto bad; + } + if (!sudo_json_close_array(&json)) + goto bad; + break; + } + default: + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected value case %d", info->value_case); + goto bad; + } + } + + if (!sudo_json_close_object(&json)) + goto bad; + + /* Caller is responsible for freeing the buffer. */ + debug_return_str(sudo_json_get_buf(&json)); + +bad: + sudo_json_free(&json); + debug_return_str(NULL); +} + +/* + * Log a message to syslog, pre-pending the username and splitting the + * message into parts if it is longer than syslog_maxlen. + */ +static bool +do_syslog_sudo(int pri, const char *reason, const struct iolog_details *details) +{ + size_t len, maxlen; + char *logline, *p, *tmp, save; + const char *fmt; + debug_decl(do_syslog_sudo, SUDO_DEBUG_UTIL); + + /* A priority of -1 corresponds to "none". */ + if (pri == -1) + debug_return_bool(true); + + if ((logline = new_logline(reason, NULL, details)) == NULL) + debug_return_bool(false); + + /* + * Log the full line, breaking into multiple syslog(3) calls if necessary + */ + fmt = _("%8s : %s"); + maxlen = logsrvd_conf_syslog_maxlen() - + (strlen(fmt) - 5 + strlen(details->submituser)); + for (p = logline; *p != '\0'; ) { + len = strlen(p); + if (len > maxlen) { + /* + * Break up the line into what will fit on one syslog(3) line + * Try to avoid breaking words into several lines if possible. + */ + tmp = memrchr(p, ' ', maxlen); + if (tmp == NULL) + tmp = p + maxlen; + + /* NULL terminate line, but save the char to restore later */ + save = *tmp; + *tmp = '\0'; + + syslog(pri, fmt, details->submituser, p); + + *tmp = save; /* restore saved character */ + + /* Advance p and eliminate leading whitespace */ + for (p = tmp; *p == ' '; p++) + continue; + } else { + syslog(pri, fmt, details->submituser, p); + p += len; + } + fmt = _("%8s : (command continued) %s"); + maxlen = logsrvd_conf_syslog_maxlen() - + (strlen(fmt) - 5 + strlen(details->submituser)); + } + free(logline); + + debug_return_bool(true); +} + +static bool +do_syslog_json(int pri, ClientMessage__TypeCase event_type, const char *reason, + TimeSpec *event_time, InfoMessage **info_msgs, size_t infolen) +{ + char *json_str; + debug_decl(do_syslog_json, SUDO_DEBUG_UTIL); + + /* A priority of -1 corresponds to "none". */ + if (pri == -1) + debug_return_bool(true); + + /* Format as a compact JSON message (no newlines) */ + json_str = format_json(event_type, reason, event_time, info_msgs, + infolen, true); + if (json_str == NULL) + debug_return_bool(false); + + /* Syslog it with a @cee: prefix */ + /* TODO: use logsrvd_conf_syslog_maxlen() to break up long messages. */ + syslog(pri, "@cee:{%s }", json_str); + free(json_str); + debug_return_bool(true); +} + +/* + * Log a message to syslog in either sudo or JSON format. + */ +static bool +do_syslog(ClientMessage__TypeCase event_type, const char *reason, + const struct iolog_details *details, TimeSpec *event_time, + InfoMessage **info_msgs, size_t infolen) +{ + int pri; + bool ret = false; + debug_decl(do_syslog, SUDO_DEBUG_UTIL); + + switch (event_type) { + case CLIENT_MESSAGE__TYPE_ACCEPT_MSG: + pri = logsrvd_conf_syslog_acceptpri(); + break; + case CLIENT_MESSAGE__TYPE_REJECT_MSG: + pri = logsrvd_conf_syslog_rejectpri(); + break; + case CLIENT_MESSAGE__TYPE_ALERT_MSG: + pri = logsrvd_conf_syslog_alertpri(); + break; + default: + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected event type %d", event_type); + pri = -1; + break; + } + if (pri == -1) { + /* syslog disabled for this message type */ + debug_return_bool(true); + } + + switch (logsrvd_conf_eventlog_format()) { + case EVLOG_SUDO: + ret = do_syslog_sudo(pri, reason, details); + break; + case EVLOG_JSON: + ret = do_syslog_json(pri, event_type, reason, event_time, + info_msgs, infolen); + break; + default: + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected eventlog format %d", logsrvd_conf_eventlog_format()); + break; + } + + debug_return_bool(ret); +} + +static bool +do_logfile_sudo(const char *reason, const struct iolog_details *details) +{ + const char *timefmt = logsrvd_conf_logfile_time_format(); + const char *logfile = logsrvd_conf_logfile_path(); + FILE *fp = logsrvd_conf_logfile_stream(); + char *logline, timebuf[8192], *timestr = NULL; + struct tm *timeptr; + bool ret = false; + + debug_decl(do_logfile_sudo, SUDO_DEBUG_UTIL); + + if ((logline = new_logline(reason, NULL, details)) == NULL) + debug_return_bool(false); + + if (!sudo_lock_file(fileno(fp), SUDO_LOCK)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to lock log file %s", logfile); + goto done; + } + + if ((timeptr = localtime(&details->submit_time.tv_sec)) != NULL) { + /* strftime() does not guarantee to NUL-terminate so we must check. */ + timebuf[sizeof(timebuf) - 1] = '\0'; + if (strftime(timebuf, sizeof(timebuf), timefmt, timeptr) != 0 && + timebuf[sizeof(timebuf) - 1] == '\0') { + timestr = timebuf; + } + } + (void)fprintf(fp, "%s : %s : %s\n", timestr ? timestr : "invalid date", + details->submituser, logline); + (void)fflush(fp); + if (ferror(fp)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to write log file %s", logfile); + goto done; + } + ret = true; + +done: + free(logline); + (void)sudo_lock_file(fileno(fp), SUDO_UNLOCK); + debug_return_bool(ret); +} + +static bool +do_logfile_json(ClientMessage__TypeCase event_type, const char *reason, + TimeSpec *event_time, InfoMessage **info_msgs, size_t infolen) +{ + const char *logfile = logsrvd_conf_logfile_path(); + FILE *fp = logsrvd_conf_logfile_stream(); + struct stat sb; + char *json_str; + int ret = false; + debug_decl(do_logfile_json, SUDO_DEBUG_UTIL); + + json_str = format_json(event_type, reason, event_time, info_msgs, + infolen, false); + if (json_str == NULL) + goto done; + + if (!sudo_lock_file(fileno(fp), SUDO_LOCK)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to lock log file %s", logfile); + goto done; + } + + /* Note: assumes file ends in "\n}\n" */ + if (fstat(fileno(fp), &sb) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO, + "unable to stat %s", logfile); + goto done; + } + if (sb.st_size == 0) { + /* New file */ + putc('{', fp); + } else if (fseeko(fp, -3, SEEK_END) == 0) { + /* Continue file, overwrite the final "\n}\n" */ + putc(',', fp); + } else { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO, + "unable to seek %s", logfile); + goto done; + } + fputs(json_str, fp); + fputs("\n}\n", fp); /* close JSON */ + fflush(fp); + /* XXX - check for file error and recover */ + + ret = true; + +done: + free(json_str); + (void)sudo_lock_file(fileno(fp), SUDO_UNLOCK); + debug_return_bool(ret); +} + +static bool +do_logfile(ClientMessage__TypeCase event_type, const char *reason, + const struct iolog_details *details, TimeSpec *event_time, + InfoMessage **info_msgs, size_t infolen) +{ + bool ret = false; + debug_decl(do_logfile, SUDO_DEBUG_UTIL); + + switch (logsrvd_conf_eventlog_format()) { + case EVLOG_SUDO: + ret = do_logfile_sudo(reason, details); + break; + case EVLOG_JSON: + ret = do_logfile_json(event_type, reason, event_time, + info_msgs, infolen); + break; + default: + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected eventlog format %d", logsrvd_conf_eventlog_format()); + break; + } + + debug_return_bool(ret); +} + +bool +log_accept(const struct iolog_details *details, TimeSpec *submit_time, + InfoMessage **info_msgs, size_t infolen) +{ + const enum logsrvd_eventlog_type log_type = logsrvd_conf_eventlog_type(); + bool ret; + debug_decl(log_accept, SUDO_DEBUG_UTIL); + + if (log_type == EVLOG_NONE) + debug_return_bool(true); + + switch (log_type) { + case EVLOG_SYSLOG: + ret = do_syslog(CLIENT_MESSAGE__TYPE_ACCEPT_MSG, NULL, details, + submit_time, info_msgs, infolen); + break; + case EVLOG_FILE: + ret = do_logfile(CLIENT_MESSAGE__TYPE_ACCEPT_MSG, NULL, details, + submit_time, info_msgs, infolen); + break; + default: + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected eventlog type %d", log_type); + ret = false; + } + + debug_return_bool(ret); +} + +bool +log_reject(const struct iolog_details *details, const char *reason, + TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen) +{ + const enum logsrvd_eventlog_type log_type = logsrvd_conf_eventlog_type(); + bool ret; + debug_decl(log_reject, SUDO_DEBUG_UTIL); + + if (log_type == EVLOG_NONE) + debug_return_bool(true); + + switch (log_type) { + case EVLOG_SYSLOG: + ret = do_syslog(CLIENT_MESSAGE__TYPE_REJECT_MSG, NULL, details, + submit_time, info_msgs, infolen); + break; + case EVLOG_FILE: + ret = do_logfile(CLIENT_MESSAGE__TYPE_REJECT_MSG, reason, details, + submit_time, info_msgs, infolen); + break; + default: + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected eventlog type %d", log_type); + ret = false; + } + + debug_return_bool(ret); +} + +bool +log_alert(const struct iolog_details *details, TimeSpec *alert_time, + const char *reason) +{ + const enum logsrvd_eventlog_type log_type = logsrvd_conf_eventlog_type(); + bool ret; + debug_decl(log_alert, SUDO_DEBUG_UTIL); + + if (log_type == EVLOG_NONE) + debug_return_bool(true); + + /* TODO: log alert_time */ + switch (log_type) { + case EVLOG_SYSLOG: + ret = do_syslog(CLIENT_MESSAGE__TYPE_REJECT_MSG, NULL, details, + alert_time, NULL, 0); + break; + case EVLOG_FILE: + ret = do_logfile(CLIENT_MESSAGE__TYPE_ALERT_MSG, reason, details, + alert_time, NULL, 0); + break; + default: + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected eventlog type %d", log_type); + ret = false; + } + + debug_return_bool(ret); +} diff -Nru sudo-1.8.31/logsrvd/iolog_writer.c sudo-1.9.0/logsrvd/iolog_writer.c --- sudo-1.8.31/logsrvd/iolog_writer.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/logsrvd/iolog_writer.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,1102 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "config.h" + +#include +#include +#include +#include + +#include +#include +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ +#include +#include +#include +#include +#include + +#include "log_server.pb-c.h" +#include "sudo_gettext.h" /* must be included before sudo_compat.h */ +#include "sudo_compat.h" +#include "sudo_queue.h" +#include "sudo_debug.h" +#include "sudo_util.h" +#include "sudo_iolog.h" +#include "logsrvd.h" + +static inline bool +has_numval(InfoMessage *info) +{ + return info->value_case == INFO_MESSAGE__VALUE_NUMVAL; +} + +static inline bool +has_strval(InfoMessage *info) +{ + return info->value_case == INFO_MESSAGE__VALUE_STRVAL; +} + +static inline bool +has_strlistval(InfoMessage *info) +{ + return info->value_case == INFO_MESSAGE__VALUE_STRLISTVAL; +} + +/* + * Copy the specified string list. + * The input string list need not be NULL-terminated. + * Returns a NULL-terminated string vector. + */ +static char ** +strlist_copy(InfoMessage__StringList *strlist) +{ + char **dst, **src = strlist->strings; + size_t i, len = strlist->n_strings; + debug_decl(strlist_copy, SUDO_DEBUG_UTIL); + + dst = reallocarray(NULL, len + 1, sizeof(char *)); + if (dst == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "reallocarray(NULL, %zu, %zu)", len + 1, sizeof(char *)); + goto bad; + } + for (i = 0; i < len; i++) { + if ((dst[i] = strdup(src[i])) == NULL) { + sudo_debug_printf( + SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, "strdup"); + goto bad; + } + } + dst[i] = NULL; + debug_return_ptr(dst); + +bad: + if (dst != NULL) { + while (i--) + free(dst[i]); + free(dst); + } + debug_return_ptr(NULL); +} + +/* + * Free the strings in a struct iolog_details. + */ +void +iolog_details_free(struct iolog_details *details) +{ + int i; + debug_decl(iolog_details_free, SUDO_DEBUG_UTIL); + + if (details != NULL) { + free(details->iolog_path); + free(details->command); + free(details->cwd); + free(details->rungroup); + free(details->runuser); + free(details->submithost); + free(details->submituser); + free(details->submitgroup); + free(details->ttyname); + for (i = 0; i < details->argc; i++) + free(details->argv[i]); + free(details->argv); + if (details->envp != NULL) { + for (i = 0; details->envp[i] != NULL; i++) + free(details->envp[i]); + free(details->envp); + } + } + + debug_return; +} + +/* + * Fill in I/O log details from an AcceptMessage + * Caller is responsible for freeing strings in struct iolog_details. + * Returns true on success and false on failure. + */ +bool +iolog_details_fill(struct iolog_details *details, TimeSpec *submit_time, + InfoMessage **info_msgs, size_t infolen) +{ + size_t idx; + bool ret = false; + debug_decl(iolog_details_fill, SUDO_DEBUG_UTIL); + + memset(details, 0, sizeof(*details)); + + /* Submit time. */ + details->submit_time.tv_sec = submit_time->tv_sec; + details->submit_time.tv_nsec = submit_time->tv_nsec; + + /* Default values */ + details->lines = 24; + details->columns = 80; + details->runuid = (uid_t)-1; + details->rungid = (gid_t)-1; + + /* Pull out values by key from info array. */ + for (idx = 0; idx < infolen; idx++) { + InfoMessage *info = info_msgs[idx]; + const char *key = info->key; + switch (key[0]) { + case 'c': + if (strcmp(key, "columns") == 0) { + if (!has_numval(info)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "columns specified but not a number"); + } else if (info->numval <= 0 || info->numval > INT_MAX) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "columns (%" PRId64 ") out of range", info->numval); + } else { + details->columns = info->numval; + } + continue; + } + if (strcmp(key, "command") == 0) { + if (has_strval(info)) { + if ((details->command = strdup(info->strval)) == NULL) { + sudo_debug_printf( + SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "strdup"); + goto done; + } + } else { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "command specified but not a string"); + } + continue; + } + break; + case 'l': + if (strcmp(key, "lines") == 0) { + if (!has_numval(info)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "lines specified but not a number"); + } else if (info->numval <= 0 || info->numval > INT_MAX) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "lines (%" PRId64 ") out of range", info->numval); + } else { + details->lines = info->numval; + } + continue; + } + break; + case 'r': + if (strcmp(key, "runargv") == 0) { + if (has_strlistval(info)) { + details->argv = strlist_copy(info->strlistval); + if (details->argv == NULL) + goto done; + details->argc = info->strlistval->n_strings; + } else { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "runargv specified but not a string list"); + } + continue; + } + if (strcmp(key, "runenv") == 0) { + if (has_strlistval(info)) { + details->envp = strlist_copy(info->strlistval); + if (details->envp == NULL) + goto done; + } else { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "runenv specified but not a string list"); + } + continue; + } + if (strcmp(key, "rungid") == 0) { + if (!has_numval(info)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "rungid specified but not a number"); + } else if (info->numval < 0 || info->numval > INT_MAX) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "rungid (%" PRId64 ") out of range", info->numval); + } else { + details->rungid = info->numval; + } + continue; + } + if (strcmp(key, "rungroup") == 0) { + if (has_strval(info)) { + if ((details->rungroup = strdup(info->strval)) == NULL) { + sudo_debug_printf( + SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "strdup"); + goto done; + } + } else { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "rungroup specified but not a string"); + } + continue; + } + if (strcmp(key, "runuid") == 0) { + if (!has_numval(info)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "runuid specified but not a number"); + } else if (info->numval < 0 || info->numval > INT_MAX) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "runuid (%" PRId64 ") out of range", info->numval); + } else { + details->runuid = info->numval; + } + continue; + } + if (strcmp(key, "runuser") == 0) { + if (has_strval(info)) { + if ((details->runuser = strdup(info->strval)) == NULL) { + sudo_debug_printf( + SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "strdup"); + goto done; + } + } else { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "runuser specified but not a string"); + } + continue; + } + break; + case 's': + if (strcmp(key, "submitcwd") == 0) { + if (has_strval(info)) { + if ((details->cwd = strdup(info->strval)) == NULL) { + sudo_debug_printf( + SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "strdup"); + goto done; + } + } else { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "submitcwd specified but not a string"); + } + continue; + } + if (strcmp(key, "submitgroup") == 0) { + if (has_strval(info)) { + if ((details->submitgroup = strdup(info->strval)) == NULL) { + sudo_debug_printf( + SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "strdup"); + goto done; + } + } else { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "submitgroup specified but not a string"); + } + continue; + } + if (strcmp(key, "submithost") == 0) { + if (has_strval(info)) { + if ((details->submithost = strdup(info->strval)) == NULL) { + sudo_debug_printf( + SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "strdup"); + goto done; + } + } else { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "submithost specified but not a string"); + } + continue; + } + if (strcmp(key, "submituser") == 0) { + if (has_strval(info)) { + if ((details->submituser = strdup(info->strval)) == NULL) { + sudo_debug_printf( + SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "strdup"); + goto done; + } + } else { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "submituser specified but not a string"); + } + continue; + } + break; + case 't': + if (strcmp(key, "ttyname") == 0) { + if (has_strval(info)) { + if ((details->ttyname = strdup(info->strval)) == NULL) { + sudo_debug_printf( + SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "strdup"); + goto done; + } + } else { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ttyname specified but not a string"); + } + continue; + } + break; + } + } + + /* Check for required settings */ + if (details->submituser == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "missing submituser in AcceptMessage"); + goto done; + } + if (details->submithost == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "missing submithost in AcceptMessage"); + goto done; + } + if (details->runuser == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "missing runuser in AcceptMessage"); + goto done; + } + if (details->command == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "missing command in AcceptMessage"); + goto done; + } + + /* Other settings that must exist for event logging. */ + if (details->cwd == NULL) { + if ((details->cwd = strdup("unknown")) == NULL) { + sudo_debug_printf( + SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "strdup"); + goto done; + } + } + if (details->submitgroup == NULL) { + /* TODO: make submitgroup required */ + if ((details->submitgroup = strdup("unknown")) == NULL) { + sudo_debug_printf( + SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "strdup"); + goto done; + } + } + if (details->ttyname == NULL) { + if ((details->ttyname = strdup("unknown")) == NULL) { + sudo_debug_printf( + SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "strdup"); + goto done; + } + } + + ret = true; + +done: + if (!ret) + iolog_details_free(details); + debug_return_bool(ret); +} + +struct iolog_path_closure { + char *iolog_dir; + struct iolog_details *details; +}; + +static size_t +fill_seq(char *str, size_t strsize, void *v) +{ + struct iolog_path_closure *closure = v; + char *sessid = closure->details->sessid; + int len; + debug_decl(fill_seq, SUDO_DEBUG_UTIL); + + if (sessid[0] == '\0') { + if (!iolog_nextid(closure->iolog_dir, sessid)) + debug_return_size_t((size_t)-1); + } + + /* Path is of the form /var/log/sudo-io/00/00/01. */ + len = snprintf(str, strsize, "%c%c/%c%c/%c%c", sessid[0], + sessid[1], sessid[2], sessid[3], sessid[4], sessid[5]); + if (len < 0 || len >= (ssize_t)strsize) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to format session id"); + debug_return_size_t(strsize); /* handle non-standard snprintf() */ + } + debug_return_size_t(len); +} + +static size_t +fill_user(char *str, size_t strsize, void *v) +{ + struct iolog_path_closure *closure = v; + const struct iolog_details *details = closure->details; + debug_decl(fill_user, SUDO_DEBUG_UTIL); + + if (details->submituser == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "submituser not set"); + debug_return_size_t(strsize); + } + debug_return_size_t(strlcpy(str, details->submituser, strsize)); +} + +static size_t +fill_group(char *str, size_t strsize, void *v) +{ + struct iolog_path_closure *closure = v; + const struct iolog_details *details = closure->details; + debug_decl(fill_group, SUDO_DEBUG_UTIL); + + if (details->submitgroup == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "submitgroup not set"); + debug_return_size_t(strsize); + } + debug_return_size_t(strlcpy(str, details->submitgroup, strsize)); +} + +static size_t +fill_runas_user(char *str, size_t strsize, void *v) +{ + struct iolog_path_closure *closure = v; + const struct iolog_details *details = closure->details; + debug_decl(fill_runas_user, SUDO_DEBUG_UTIL); + + if (details->runuser == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "runuser not set"); + debug_return_size_t(strsize); + } + debug_return_size_t(strlcpy(str, details->runuser, strsize)); +} + +static size_t +fill_runas_group(char *str, size_t strsize, void *v) +{ + struct iolog_path_closure *closure = v; + const struct iolog_details *details = closure->details; + debug_decl(fill_runas_group, SUDO_DEBUG_UTIL); + + /* FIXME: rungroup not guaranteed to be set */ + if (details->rungroup == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "rungroup not set"); + debug_return_size_t(strsize); + } + debug_return_size_t(strlcpy(str, details->rungroup, strsize)); +} + +static size_t +fill_hostname(char *str, size_t strsize, void *v) +{ + struct iolog_path_closure *closure = v; + const struct iolog_details *details = closure->details; + debug_decl(fill_hostname, SUDO_DEBUG_UTIL); + + if (details->submithost == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "submithost not set"); + debug_return_size_t(strsize); + } + debug_return_size_t(strlcpy(str, details->submithost, strsize)); +} + +static size_t +fill_command(char *str, size_t strsize, void *v) +{ + struct iolog_path_closure *closure = v; + const struct iolog_details *details = closure->details; + debug_decl(fill_command, SUDO_DEBUG_UTIL); + + if (details->command == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "command not set"); + debug_return_size_t(strsize); + } + debug_return_size_t(strlcpy(str, details->command, strsize)); +} + +/* Note: "seq" must be first in the list. */ +static const struct iolog_path_escape path_escapes[] = { + { "seq", fill_seq }, + { "user", fill_user }, + { "group", fill_group }, + { "runas_user", fill_runas_user }, + { "runas_group", fill_runas_group }, + { "hostname", fill_hostname }, + { "command", fill_command }, + { NULL, NULL } +}; + +/* + * Create I/O log path + * Sets iolog_path, iolog_file and iolog_dir_fd in the closure + */ +static bool +create_iolog_path(struct connection_closure *closure) +{ + struct iolog_details *details = &closure->details; + struct iolog_path_closure path_closure; + char expanded_dir[PATH_MAX], expanded_file[PATH_MAX], pathbuf[PATH_MAX]; + size_t len; + debug_decl(create_iolog_path, SUDO_DEBUG_UTIL); + + path_closure.details = details; + path_closure.iolog_dir = expanded_dir; + + if (!expand_iolog_path(logsrvd_conf_iolog_dir(), expanded_dir, + sizeof(expanded_dir), &path_escapes[1], &path_closure)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to expand iolog dir %s", logsrvd_conf_iolog_dir()); + goto bad; + } + + if (!expand_iolog_path(logsrvd_conf_iolog_file(), expanded_file, + sizeof(expanded_file), &path_escapes[0], &path_closure)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to expand iolog dir %s", logsrvd_conf_iolog_file()); + goto bad; + } + + len = snprintf(pathbuf, sizeof(pathbuf), "%s/%s", expanded_dir, + expanded_file); + if (len >= sizeof(pathbuf)) { + errno = ENAMETOOLONG; + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "%s/%s", expanded_dir, expanded_file); + goto bad; + } + + /* + * Create log path, along with any intermediate subdirs. + * Calls mkdtemp() if pathbuf ends in XXXXXX. + */ + if (!iolog_mkpath(pathbuf)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to mkdir iolog path %s", pathbuf); + goto bad; + } + if ((details->iolog_path = strdup(pathbuf)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "strdup"); + goto bad; + } + details->iolog_file = details->iolog_path + strlen(expanded_dir) + 1; + + /* We use iolog_dir_fd in calls to openat(2) */ + closure->iolog_dir_fd = + iolog_openat(AT_FDCWD, details->iolog_path, O_RDONLY); + if (closure->iolog_dir_fd == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "%s", details->iolog_path); + goto bad; + } + + debug_return_bool(true); +bad: + free(details->iolog_path); + details->iolog_path = NULL; + debug_return_bool(false); +} + +/* + * Write the sudo-style I/O log info file containing user and command info. + */ +static bool +iolog_details_write(struct iolog_details *details, + struct connection_closure *closure) +{ + struct iolog_info log_info; + debug_decl(iolog_details_write, SUDO_DEBUG_UTIL); + + /* Convert to iolog_info */ + memset(&log_info, 0, sizeof(log_info)); + log_info.cwd = details->cwd; + log_info.user = details->submituser; + log_info.runas_user = details->runuser; + log_info.runas_group = details->rungroup; + log_info.tty = details->ttyname; + log_info.cmd = details->command; + log_info.host = details->submithost; + log_info.tstamp = details->submit_time; + log_info.lines = details->lines; + log_info.cols = details->columns; + log_info.runas_uid = details->runuid; + log_info.runas_gid = details->rungid; + log_info.argv = details->argv; + log_info.envp = details->envp; + + debug_return_bool(iolog_write_info_file(closure->iolog_dir_fd, + details->iolog_path, &log_info)); +} + +static bool +iolog_create(int iofd, struct connection_closure *closure) +{ + debug_decl(iolog_create, SUDO_DEBUG_UTIL); + + if (iofd < 0 || iofd >= IOFD_MAX) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "invalid iofd %d", iofd); + debug_return_bool(false); + } + + closure->iolog_files[iofd].enabled = true; + debug_return_bool(iolog_open(&closure->iolog_files[iofd], + closure->iolog_dir_fd, iofd, "w")); +} + +void +iolog_close_all(struct connection_closure *closure) +{ + const char *errstr; + int i; + debug_decl(iolog_close, SUDO_DEBUG_UTIL); + + for (i = 0; i < IOFD_MAX; i++) { + if (!closure->iolog_files[i].enabled) + continue; + if (!iolog_close(&closure->iolog_files[i], &errstr)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "error closing iofd %d: %s", i, errstr); + } + } + if (closure->iolog_dir_fd != -1) + close(closure->iolog_dir_fd); + + debug_return; +} + +bool +iolog_init(AcceptMessage *msg, struct connection_closure *closure) +{ + debug_decl(iolog_init, SUDO_DEBUG_UTIL); + + /* Create I/O log path */ + if (!create_iolog_path(closure)) + debug_return_bool(false); + + /* Write sudo I/O log info file */ + if (!iolog_details_write(&closure->details, closure)) + debug_return_bool(false); + + /* + * Create timing, stdout, stderr and ttyout files for sudoreplay. + * Others will be created on demand. + */ + if (!iolog_create(IOFD_TIMING, closure) || + !iolog_create(IOFD_STDOUT, closure) || + !iolog_create(IOFD_STDERR, closure) || + !iolog_create(IOFD_TTYOUT, closure)) + debug_return_bool(false); + + /* Ready to log I/O buffers. */ + debug_return_bool(true); +} + +/* + * Copy len bytes from src to dst. + */ +static bool +iolog_copy(struct iolog_file *src, struct iolog_file *dst, off_t remainder, + const char **errstr) +{ + char buf[64 * 1024]; + ssize_t nread; + debug_decl(iolog_copy, SUDO_DEBUG_UTIL); + + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "copying %lld bytes", (long long)remainder); + while (remainder > 0) { + const ssize_t toread = MIN(remainder, ssizeof(buf)); + nread = iolog_read(src, buf, toread, errstr); + if (nread == -1) + debug_return_bool(false); + remainder -= nread; + + do { + ssize_t nwritten = iolog_write(dst, buf, nread, errstr); + if (nwritten == -1) + debug_return_bool(false); + nread -= nwritten; + } while (nread > 0); + } + + debug_return_bool(true); +} + +/* Compressed logs don't support random access, need to rewrite them. */ +static bool +iolog_rewrite(const struct timespec *target, struct connection_closure *closure) +{ + struct iolog_file new_iolog_files[IOFD_MAX]; + off_t iolog_file_sizes[IOFD_MAX] = { 0 }; + struct timing_closure timing; + int iofd, len, tmpdir_fd = -1; + const char *name, *errstr; + char tmpdir[PATH_MAX]; + bool ret = false; + debug_decl(iolog_rewrite, SUDO_DEBUG_UTIL); + + /* Parse timing file until we reach the target point. */ + /* TODO: use iolog_seekto with a callback? */ + for (;;) { + /* Read next record from timing file. */ + if (iolog_read_timing_record(&closure->iolog_files[IOFD_TIMING], &timing) != 0) + goto done; + sudo_timespecadd(&timing.delay, &closure->elapsed_time, + &closure->elapsed_time); + if (timing.event < IOFD_TIMING) { + if (!closure->iolog_files[timing.event].enabled) { + /* Missing log file. */ + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "iofd %d referenced but not open", timing.event); + goto done; + } + iolog_file_sizes[timing.event] += timing.u.nbytes; + } + + if (sudo_timespeccmp(&closure->elapsed_time, target, >=)) { + if (sudo_timespeccmp(&closure->elapsed_time, target, ==)) + break; + + /* Mismatch between resume point and stored log. */ + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "resume point mismatch, target [%lld, %ld], have [%lld, %ld]", + (long long)target->tv_sec, target->tv_nsec, + (long long)closure->elapsed_time.tv_sec, + closure->elapsed_time.tv_nsec); + goto done; + } + } + iolog_file_sizes[IOFD_TIMING] = + iolog_seek(&closure->iolog_files[IOFD_TIMING], 0, SEEK_CUR); + iolog_rewind(&closure->iolog_files[IOFD_TIMING]); + + /* Create new I/O log files in a temporary directory. */ + len = snprintf(tmpdir, sizeof(tmpdir), "%s/restart.XXXXXX", + closure->details.iolog_path); + if (len < 0 || len >= ssizeof(tmpdir)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to format %s/restart.XXXXXX", closure->details.iolog_path); + goto done; + } + if (!iolog_mkdtemp(tmpdir)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to mkdtemp %s", tmpdir); + goto done; + } + if ((tmpdir_fd = iolog_openat(AT_FDCWD, tmpdir, O_RDONLY)) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to open %s", tmpdir); + goto done; + } + + /* Create new copies of the existing iologs */ + memset(new_iolog_files, 0, sizeof(new_iolog_files)); + for (iofd = 0; iofd < IOFD_MAX; iofd++) { + if (!closure->iolog_files[iofd].enabled) + continue; + new_iolog_files[iofd].enabled = true; + if (!iolog_open(&new_iolog_files[iofd], tmpdir_fd, iofd, "w")) { + if (errno != ENOENT) { + sudo_debug_printf( + SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to open %s/%s", tmpdir, iolog_fd_to_name(iofd)); + goto done; + } + } + } + + for (iofd = 0; iofd < IOFD_MAX; iofd++) { + if (!closure->iolog_files[iofd].enabled) + continue; + if (!iolog_copy(&closure->iolog_files[iofd], &new_iolog_files[iofd], + iolog_file_sizes[iofd], &errstr)) { + name = iolog_fd_to_name(iofd); + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to copy %s/%s to %s/%s: %s", + closure->details.iolog_path, name, tmpdir, name, errstr); + goto done; + } + } + + /* Move copied log files into place. */ + for (iofd = 0; iofd < IOFD_MAX; iofd++) { + char from[PATH_MAX], to[PATH_MAX]; + + if (!closure->iolog_files[iofd].enabled) + continue; + + /* This would be easier with renameat(2), old systems are annoying. */ + name = iolog_fd_to_name(iofd); + len = snprintf(from, sizeof(from), "%s/%s", tmpdir, name); + if (len < 0 || len >= ssizeof(from)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to format %s/%s", tmpdir, name); + goto done; + } + len = snprintf(to, sizeof(to), "%s/%s", closure->details.iolog_path, + name); + if (len < 0 || len >= ssizeof(from)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to format %s/%s", closure->details.iolog_path, name); + goto done; + } + if (!iolog_rename(from, to)) { + sudo_debug_printf( + SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to rename %s to %s", from, to); + goto done; + } + } + + for (iofd = 0; iofd < IOFD_MAX; iofd++) { + if (!closure->iolog_files[iofd].enabled) + continue; + (void)iolog_close(&closure->iolog_files[iofd], &errstr); + closure->iolog_files[iofd] = new_iolog_files[iofd]; + new_iolog_files[iofd].enabled = false; + } + + /* Ready to log I/O buffers. */ + ret = true; +done: + if (tmpdir_fd != -1) { + if (!ret) { + for (iofd = 0; iofd < IOFD_MAX; iofd++) { + if (!new_iolog_files[iofd].enabled) + continue; + (void)iolog_close(&new_iolog_files[iofd], &errstr); + (void)unlinkat(tmpdir_fd, iolog_fd_to_name(iofd), 0); + } + } + close(tmpdir_fd); + (void)rmdir(tmpdir); + } + debug_return_bool(ret); +} + +bool +iolog_restart(RestartMessage *msg, struct connection_closure *closure) +{ + struct timespec target; + struct stat sb; + int iofd; + debug_decl(iolog_restart, SUDO_DEBUG_UTIL); + + target.tv_sec = msg->resume_point->tv_sec; + target.tv_nsec = msg->resume_point->tv_nsec; + + if ((closure->details.iolog_path = strdup(msg->log_id)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "strdup"); + goto bad; + } + + /* We use iolog_dir_fd in calls to openat(2) */ + closure->iolog_dir_fd = + iolog_openat(AT_FDCWD, closure->details.iolog_path, O_RDONLY); + if (closure->iolog_dir_fd == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "%s", closure->details.iolog_path); + goto bad; + } + + /* If the timing file write bit is clear, log is already complete. */ + if (fstatat(closure->iolog_dir_fd, "timing", &sb, 0) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to stat %s/timing", closure->details.iolog_path); + goto bad; + } + if (!ISSET(sb.st_mode, S_IWUSR)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "%s already complete", closure->details.iolog_path); + closure->errstr = _("log is already complete, cannot be restarted"); + goto bad; + } + + /* Open existing I/O log files. */ + if (!iolog_open_all(closure->iolog_dir_fd, closure->details.iolog_path, + closure->iolog_files, "r+")) + goto bad; + + /* Compressed logs don't support random access, so rewrite them. */ + for (iofd = 0; iofd < IOFD_MAX; iofd++) { + if (closure->iolog_files[iofd].compressed) + debug_return_bool(iolog_rewrite(&target, closure)); + } + + /* Parse timing file until we reach the target point. */ + if (!iolog_seekto(closure->iolog_dir_fd, closure->details.iolog_path, + closure->iolog_files, &closure->elapsed_time, &target)) + goto bad; + + /* Must seek or flush before switching from read -> write. */ + if (iolog_seek(&closure->iolog_files[IOFD_TIMING], 0, SEEK_CUR) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "lseek(IOFD_TIMING, 0, SEEK_CUR)"); + goto bad; + } + + /* Ready to log I/O buffers. */ + debug_return_bool(true); +bad: + if (closure->errstr == NULL) + closure->errstr = _("unable to restart log"); + debug_return_bool(false); +} + +/* + * Add given delta to elapsed time. + * We cannot use timespecadd here since delta is not struct timespec. + */ +static void +update_elapsed_time(TimeSpec *delta, struct timespec *elapsed) +{ + debug_decl(update_elapsed_time, SUDO_DEBUG_UTIL); + + /* Cannot use timespecadd since msg doesn't use struct timespec. */ + elapsed->tv_sec += delta->tv_sec; + elapsed->tv_nsec += delta->tv_nsec; + while (elapsed->tv_nsec >= 1000000000) { + elapsed->tv_sec++; + elapsed->tv_nsec -= 1000000000; + } + + debug_return; +} + +int +store_iobuf(int iofd, IoBuffer *msg, struct connection_closure *closure) +{ + const char *errstr; + char tbuf[1024]; + int len; + debug_decl(store_iobuf, SUDO_DEBUG_UTIL); + + /* Open log file as needed. */ + if (!closure->iolog_files[iofd].enabled) { + if (!iolog_create(iofd, closure)) + debug_return_int(-1); + } + + /* Format timing data. */ + /* FIXME - assumes IOFD_* matches IO_EVENT_* */ + len = snprintf(tbuf, sizeof(tbuf), "%d %lld.%09d %zu\n", + iofd, (long long)msg->delay->tv_sec, (int)msg->delay->tv_nsec, + msg->data.len); + if (len < 0 || len >= ssizeof(tbuf)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to format timing buffer, len %d", len); + debug_return_int(-1); + } + + /* Write to specified I/O log file. */ + if (!iolog_write(&closure->iolog_files[iofd], msg->data.data, + msg->data.len, &errstr)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to write to %s/%s: %s", closure->details.iolog_path, + iolog_fd_to_name(iofd), errstr); + debug_return_int(-1); + } + + /* Write timing data. */ + if (!iolog_write(&closure->iolog_files[IOFD_TIMING], tbuf, + len, &errstr)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to write to %s/%s: %s", closure->details.iolog_path, + iolog_fd_to_name(IOFD_TIMING), errstr); + debug_return_int(-1); + } + + update_elapsed_time(msg->delay, &closure->elapsed_time); + + debug_return_int(0); +} + +int +store_suspend(CommandSuspend *msg, struct connection_closure *closure) +{ + const char *errstr; + char tbuf[1024]; + int len; + debug_decl(store_suspend, SUDO_DEBUG_UTIL); + + /* Format timing data including suspend signal. */ + len = snprintf(tbuf, sizeof(tbuf), "%d %lld.%09d %s\n", IO_EVENT_SUSPEND, + (long long)msg->delay->tv_sec, (int)msg->delay->tv_nsec, + msg->signal); + if (len < 0 || len >= ssizeof(tbuf)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to format timing buffer, len %d, signal %s", + len, msg->signal); + debug_return_int(-1); + } + + /* Write timing data. */ + if (!iolog_write(&closure->iolog_files[IOFD_TIMING], tbuf, + len, &errstr)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to write to %s/%s: %s", closure->details.iolog_path, + iolog_fd_to_name(IOFD_TIMING), errstr); + debug_return_int(-1); + } + + update_elapsed_time(msg->delay, &closure->elapsed_time); + + debug_return_int(0); +} + +int +store_winsize(ChangeWindowSize *msg, struct connection_closure *closure) +{ + const char *errstr; + char tbuf[1024]; + int len; + debug_decl(store_winsize, SUDO_DEBUG_UTIL); + + /* Format timing data including new window size. */ + len = snprintf(tbuf, sizeof(tbuf), "%d %lld.%09d %d %d\n", IO_EVENT_WINSIZE, + (long long)msg->delay->tv_sec, (int)msg->delay->tv_nsec, + msg->rows, msg->cols); + if (len < 0 || len >= ssizeof(tbuf)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to format timing buffer, len %d", len); + debug_return_int(-1); + } + + /* Write timing data. */ + if (!iolog_write(&closure->iolog_files[IOFD_TIMING], tbuf, + len, &errstr)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to write to %s/%s: %s", closure->details.iolog_path, + iolog_fd_to_name(IOFD_TIMING), errstr); + debug_return_int(-1); + } + + update_elapsed_time(msg->delay, &closure->elapsed_time); + + debug_return_int(0); +} diff -Nru sudo-1.8.31/logsrvd/logsrvd.c sudo-1.9.0/logsrvd/logsrvd.c --- sudo-1.8.31/logsrvd/logsrvd.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/logsrvd/logsrvd.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,1918 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019-2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif +#include +#include +#include +#include +#include + +#if defined(HAVE_OPENSSL) +# include +# include +#endif + +#define NEED_INET_NTOP /* to expose sudo_inet_ntop in sudo_compat.h */ + +#include "log_server.pb-c.h" +#include "sudo_gettext.h" /* must be included before sudo_compat.h */ +#include "sudo_compat.h" +#include "sudo_conf.h" +#include "sudo_debug.h" +#include "sudo_event.h" +#include "sudo_queue.h" +#include "sudo_util.h" +#include "sudo_rand.h" +#include "sudo_fatal.h" +#include "sudo_iolog.h" +#include "pathnames.h" +#include "hostcheck.h" +#include "logsrvd.h" + +#ifdef HAVE_GETOPT_LONG +# include +# else +# include "compat/getopt.h" +#endif /* HAVE_GETOPT_LONG */ + +#if defined(HAVE_OPENSSL) +# define LOGSRVD_DEFAULT_CIPHER_LST12 "HIGH:!aNULL" +# define LOGSRVD_DEFAULT_CIPHER_LST13 "TLS_AES_256_GCM_SHA384" +#endif + +/* + * Sudo I/O audit server. + */ +TAILQ_HEAD(connection_list, connection_closure); +static struct connection_list connections = TAILQ_HEAD_INITIALIZER(connections); +static struct listener_list listeners = TAILQ_HEAD_INITIALIZER(listeners); +static const char server_id[] = "Sudo Audit Server 0.1"; +static const char *conf_file = _PATH_SUDO_LOGSRVD_CONF; +static double random_drop; + +/* Server callback may redirect to client callback for TLS. */ +static void client_msg_cb(int fd, int what, void *v); + +/* + * Free a struct connection_closure container and its contents. + */ +static void +connection_closure_free(struct connection_closure *closure) +{ + debug_decl(connection_closure_free, SUDO_DEBUG_UTIL); + + if (closure != NULL) { + bool shutting_down = closure->state == SHUTDOWN; + struct sudo_event_base *evbase = closure->evbase; + + TAILQ_REMOVE(&connections, closure, entries); +#if defined(HAVE_OPENSSL) + if (closure->tls) { + SSL_shutdown(closure->ssl); + SSL_free(closure->ssl); + } +#endif + close(closure->sock); + iolog_close_all(closure); + sudo_ev_free(closure->commit_ev); + sudo_ev_free(closure->read_ev); + sudo_ev_free(closure->write_ev); +#if defined(HAVE_OPENSSL) + sudo_ev_free(closure->ssl_accept_ev); +#endif + iolog_details_free(&closure->details); + free(closure->read_buf.data); + free(closure->write_buf.data); + free(closure); + + if (shutting_down && TAILQ_EMPTY(&connections)) + sudo_ev_loopbreak(evbase); + } + + debug_return; +} + +static bool +fmt_server_message(struct connection_buffer *buf, ServerMessage *msg) +{ + uint32_t msg_len; + bool ret = false; + size_t len; + debug_decl(fmt_server_message, SUDO_DEBUG_UTIL); + + if (buf->len != 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "pending write, unable to format ServerMessage"); + debug_return_bool(false); + } + + len = server_message__get_packed_size(msg); + if (len > MESSAGE_SIZE_MAX) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "server message too large: %zu", len); + goto done; + } + + /* Wire message size is used for length encoding, precedes message. */ + msg_len = htonl((uint32_t)len); + len += sizeof(msg_len); + + /* Resize buffer as needed. */ + if (len > buf->size) { + free(buf->data); + buf->size = sudo_pow2_roundup(len); + if ((buf->data = malloc(buf->size)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to malloc %u", buf->size); + buf->size = 0; + goto done; + } + } + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "size + server message %zu bytes", len); + + memcpy(buf->data, &msg_len, sizeof(msg_len)); + server_message__pack(msg, buf->data + sizeof(msg_len)); + buf->len = len; + ret = true; + +done: + debug_return_bool(ret); +} + +static bool +fmt_hello_message(struct connection_buffer *buf, bool tls) +{ + ServerMessage msg = SERVER_MESSAGE__INIT; + ServerHello hello = SERVER_HELLO__INIT; + debug_decl(fmt_hello_message, SUDO_DEBUG_UTIL); + + /* TODO: implement redirect and servers array. */ + hello.server_id = (char *)server_id; + msg.hello = &hello; + msg.type_case = SERVER_MESSAGE__TYPE_HELLO; + + debug_return_bool(fmt_server_message(buf, &msg)); +} + +static bool +fmt_log_id_message(const char *id, struct connection_buffer *buf) +{ + ServerMessage msg = SERVER_MESSAGE__INIT; + debug_decl(fmt_log_id_message, SUDO_DEBUG_UTIL); + + msg.log_id = (char *)id; + msg.type_case = SERVER_MESSAGE__TYPE_LOG_ID; + + debug_return_bool(fmt_server_message(buf, &msg)); +} + +static bool +fmt_error_message(const char *errstr, struct connection_buffer *buf) +{ + ServerMessage msg = SERVER_MESSAGE__INIT; + debug_decl(fmt_error_message, SUDO_DEBUG_UTIL); + + msg.error = (char *)errstr; + msg.type_case = SERVER_MESSAGE__TYPE_ERROR; + + debug_return_bool(fmt_server_message(buf, &msg)); +} + +/* + * Parse an AcceptMessage + */ +static bool +handle_accept(AcceptMessage *msg, struct connection_closure *closure) +{ + debug_decl(handle_accept, SUDO_DEBUG_UTIL); + + if (closure->state != INITIAL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected state %d", closure->state); + closure->errstr = _("state machine error"); + debug_return_bool(false); + } + + /* Sanity check message. */ + if (msg->submit_time == NULL || msg->n_info_msgs == 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "invalid AcceptMessage, submit_time: %p, n_info_msgs: %zu", + msg->submit_time, msg->n_info_msgs); + closure->errstr = _("invalid AcceptMessage"); + debug_return_bool(false); + } + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received AcceptMessage", __func__); + + /* Save start time. */ + closure->submit_time.tv_sec = msg->submit_time->tv_sec; + closure->submit_time.tv_nsec = msg->submit_time->tv_nsec; + + if (!iolog_details_fill(&closure->details, msg->submit_time, msg->info_msgs, + msg->n_info_msgs)) { + closure->errstr = _("error parsing AcceptMessage"); + debug_return_bool(false); + } + + /* Create I/O log info file and parent directories. */ + if (msg->expect_iobufs) { + if (!iolog_init(msg, closure)) { + closure->errstr = _("error creating I/O log"); + debug_return_bool(false); + } + } + + if (!log_accept(&closure->details, msg->submit_time, msg->info_msgs, + msg->n_info_msgs)) { + closure->errstr = _("error logging accept event"); + debug_return_bool(false); + } + + if (!msg->expect_iobufs) { + closure->state = FLUSHED; + debug_return_bool(true); + } + + /* Send log ID to client for restarting connections. */ + if (!fmt_log_id_message(closure->details.iolog_path, &closure->write_buf)) + debug_return_bool(false); + if (sudo_ev_add(closure->evbase, closure->write_ev, + logsrvd_conf_get_sock_timeout(), false) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to add server write event"); + debug_return_bool(false); + } + + closure->state = RUNNING; + debug_return_bool(true); +} + +/* + * Parse a RejectMessage + */ +static bool +handle_reject(RejectMessage *msg, struct connection_closure *closure) +{ + debug_decl(handle_reject, SUDO_DEBUG_UTIL); + + if (closure->state != INITIAL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected state %d", closure->state); + closure->errstr = _("state machine error"); + debug_return_bool(false); + } + + /* Sanity check message. */ + if (msg->submit_time == NULL || msg->n_info_msgs == 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "invalid RejectMessage, submit_time: %p, n_info_msgs: %zu", + msg->submit_time, msg->n_info_msgs); + closure->errstr = _("invalid RejectMessage"); + debug_return_bool(false); + } + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received RejectMessage", __func__); + + /* Save start time. */ + closure->submit_time.tv_sec = msg->submit_time->tv_sec; + closure->submit_time.tv_nsec = msg->submit_time->tv_nsec; + + if (!iolog_details_fill(&closure->details, msg->submit_time, msg->info_msgs, + msg->n_info_msgs)) { + closure->errstr = _("error parsing RejectMessage"); + debug_return_bool(false); + } + + if (!log_reject(&closure->details, msg->reason, msg->submit_time, + msg->info_msgs, msg->n_info_msgs)) { + closure->errstr = _("error logging reject event"); + debug_return_bool(false); + } + + closure->state = FLUSHED; + debug_return_bool(true); +} + +static bool +handle_exit(ExitMessage *msg, struct connection_closure *closure) +{ + struct timespec tv = { 0, 0 }; + mode_t mode; + debug_decl(handle_exit, SUDO_DEBUG_UTIL); + + if (closure->state != RUNNING) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected state %d", closure->state); + closure->errstr = _("state machine error"); + debug_return_bool(false); + } + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received ExitMessage", __func__); + + /* Sudo I/O logs don't store this info. */ + if (msg->signal != NULL && msg->signal[0] != '\0') { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "command was killed by SIG%s%s", msg->signal, + msg->dumped_core ? " (core dumped)" : ""); + } else { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "command exited with %d", msg->exit_value); + } + + /* No more data, command exited. */ + closure->state = EXITED; + sudo_ev_del(closure->evbase, closure->read_ev); + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: elapsed time: %lld, %ld", + __func__, (long long)closure->elapsed_time.tv_sec, + closure->elapsed_time.tv_nsec); + + /* Clear write bits from I/O timing file to indicate completion. */ + mode = logsrvd_conf_iolog_mode(); + CLR(mode, S_IWUSR|S_IWGRP|S_IWOTH); + if (fchmodat(closure->iolog_dir_fd, "timing", mode, 0) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to fchmodat timing file"); + } + + /* Schedule the final commit point event immediately. */ + if (sudo_ev_add(closure->evbase, closure->commit_ev, &tv, false) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to add commit point event"); + debug_return_bool(false); + } + + debug_return_bool(true); +} + +static bool +handle_restart(RestartMessage *msg, struct connection_closure *closure) +{ + debug_decl(handle_restart, SUDO_DEBUG_UTIL); + + if (closure->state != INITIAL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected state %d", closure->state); + closure->errstr = _("state machine error"); + debug_return_bool(false); + } + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received RestartMessage for %s", + __func__, msg->log_id); + + if (!iolog_restart(msg, closure)) { + sudo_debug_printf(SUDO_DEBUG_WARN, "%s: unable to restart I/O log", __func__); + /* XXX - structured error message so client can send from beginning */ + if (!fmt_error_message(closure->errstr, &closure->write_buf)) + debug_return_bool(false); + sudo_ev_del(closure->evbase, closure->read_ev); + if (sudo_ev_add(closure->evbase, closure->write_ev, + logsrvd_conf_get_sock_timeout(), false) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to add server write event"); + debug_return_bool(false); + } + closure->state = ERROR; + debug_return_bool(true); + } + + closure->state = RUNNING; + debug_return_bool(true); +} + +static bool +handle_alert(AlertMessage *msg, struct connection_closure *closure) +{ + debug_decl(handle_alert, SUDO_DEBUG_UTIL); + + if (!log_alert(&closure->details, msg->alert_time, msg->reason)) { + closure->errstr = _("error logging alert event"); + debug_return_bool(false); + } + + debug_return_bool(true); +} + +static bool +handle_iobuf(int iofd, IoBuffer *msg, struct connection_closure *closure) +{ + debug_decl(handle_iobuf, SUDO_DEBUG_UTIL); + + if (closure->state != RUNNING) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected state %d", closure->state); + closure->errstr = _("state machine error"); + debug_return_bool(false); + } + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received IoBuffer", __func__); + + /* Store IoBuffer in log. */ + if (store_iobuf(iofd, msg, closure) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "failed to store IoBuffer"); + closure->errstr = _("error writing IoBuffer"); + debug_return_bool(false); + } + + /* Random drop is a debugging tool to test client restart. */ + if (random_drop > 0.0) { + double randval = arc4random() / (double)UINT32_MAX; + if (randval < random_drop) { + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "randomly dropping connection (%f < %f)", randval, random_drop); + debug_return_bool(false); + } + } + + /* Schedule a commit point in 10 sec if one is not already pending. */ + if (!ISSET(closure->commit_ev->flags, SUDO_EVQ_INSERTED)) { + struct timespec tv = { ACK_FREQUENCY, 0 }; + if (sudo_ev_add(closure->evbase, closure->commit_ev, &tv, false) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to add commit point event"); + debug_return_bool(false); + } + } + + debug_return_bool(true); +} + +static bool +handle_winsize(ChangeWindowSize *msg, struct connection_closure *closure) +{ + debug_decl(handle_winsize, SUDO_DEBUG_UTIL); + + if (closure->state != RUNNING) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected state %d", closure->state); + closure->errstr = _("state machine error"); + debug_return_bool(false); + } + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received ChangeWindowSize", + __func__); + + /* Store new window size in log. */ + if (store_winsize(msg, closure) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "failed to store ChangeWindowSize"); + closure->errstr = _("error writing ChangeWindowSize"); + debug_return_bool(false); + } + + debug_return_bool(true); +} + +static bool +handle_suspend(CommandSuspend *msg, struct connection_closure *closure) +{ + debug_decl(handle_suspend, SUDO_DEBUG_UTIL); + + if (closure->state != RUNNING) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected state %d", closure->state); + closure->errstr = _("state machine error"); + debug_return_bool(false); + } + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received CommandSuspend", + __func__); + + /* Store suspend signal in log. */ + if (store_suspend(msg, closure) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "failed to store CommandSuspend"); + closure->errstr = _("error writing CommandSuspend"); + debug_return_bool(false); + } + + debug_return_bool(true); +} + +static bool +handle_client_hello(ClientHello *msg, struct connection_closure *closure) +{ + debug_decl(handle_client_hello, SUDO_DEBUG_UTIL); + + if (closure->state != INITIAL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected state %d", closure->state); + closure->errstr = _("state machine error"); + debug_return_bool(false); + } + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received ClientHello", + __func__); + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: client ID %s", + __func__, msg->client_id); + + debug_return_bool(true); +} + +static bool +handle_client_message(uint8_t *buf, size_t len, + struct connection_closure *closure) +{ + ClientMessage *msg; + bool ret = false; + debug_decl(handle_client_message, SUDO_DEBUG_UTIL); + + msg = client_message__unpack(NULL, len, buf); + if (msg == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to unpack ClientMessage size %zu", len); + debug_return_bool(false); + } + + switch (msg->type_case) { + case CLIENT_MESSAGE__TYPE_ACCEPT_MSG: + ret = handle_accept(msg->accept_msg, closure); + break; + case CLIENT_MESSAGE__TYPE_REJECT_MSG: + ret = handle_reject(msg->reject_msg, closure); + break; + case CLIENT_MESSAGE__TYPE_EXIT_MSG: + ret = handle_exit(msg->exit_msg, closure); + break; + case CLIENT_MESSAGE__TYPE_RESTART_MSG: + ret = handle_restart(msg->restart_msg, closure); + break; + case CLIENT_MESSAGE__TYPE_ALERT_MSG: + ret = handle_alert(msg->alert_msg, closure); + break; + case CLIENT_MESSAGE__TYPE_TTYIN_BUF: + ret = handle_iobuf(IOFD_TTYIN, msg->ttyin_buf, closure); + break; + case CLIENT_MESSAGE__TYPE_TTYOUT_BUF: + ret = handle_iobuf(IOFD_TTYOUT, msg->ttyout_buf, closure); + break; + case CLIENT_MESSAGE__TYPE_STDIN_BUF: + ret = handle_iobuf(IOFD_STDIN, msg->stdin_buf, closure); + break; + case CLIENT_MESSAGE__TYPE_STDOUT_BUF: + ret = handle_iobuf(IOFD_STDOUT, msg->stdout_buf, closure); + break; + case CLIENT_MESSAGE__TYPE_STDERR_BUF: + ret = handle_iobuf(IOFD_STDERR, msg->stderr_buf, closure); + break; + case CLIENT_MESSAGE__TYPE_WINSIZE_EVENT: + ret = handle_winsize(msg->winsize_event, closure); + break; + case CLIENT_MESSAGE__TYPE_SUSPEND_EVENT: + ret = handle_suspend(msg->suspend_event, closure); + break; + case CLIENT_MESSAGE__TYPE_HELLO_MSG: + ret = handle_client_hello(msg->hello_msg, closure); + break; + default: + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected type_case value %d", msg->type_case); + closure->errstr = _("unrecognized ClientMessage type"); + break; + } + client_message__free_unpacked(msg, NULL); + + debug_return_bool(ret); +} + +static void +shutdown_cb(int unused, int what, void *v) +{ + struct sudo_event_base *base = v; + debug_decl(shutdown_cb, SUDO_DEBUG_UTIL); + +#if defined(HAVE_OPENSSL) + /* deallocate server's SSL context object */ + struct logsrvd_tls_runtime *tls_runtime = logsrvd_get_tls_runtime(); + if (tls_runtime != NULL) { + SSL_CTX_free(tls_runtime->ssl_ctx); + } +#endif + sudo_ev_loopbreak(base); + + debug_return; +} + +/* + * Shut down active client connections if any, or exit immediately. + */ +static void +server_shutdown(struct sudo_event_base *base) +{ + struct connection_closure *closure; + struct sudo_event *ev; + struct timespec tv = { 0, 0 }; + debug_decl(server_shutdown, SUDO_DEBUG_UTIL); + + if (TAILQ_EMPTY(&connections)) { + sudo_ev_loopbreak(base); + debug_return; + } + + /* Schedule final commit point for each active connection. */ + TAILQ_FOREACH(closure, &connections, entries) { + closure->state = SHUTDOWN; + sudo_ev_del(base, closure->read_ev); + if (sudo_ev_add(base, closure->commit_ev, &tv, false) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to add commit point event"); + } + } + + /* We need a timed event to exit even if clients time out. */ + ev = sudo_ev_alloc(-1, SUDO_EV_TIMEOUT, shutdown_cb, base); + if (ev != NULL) { + tv.tv_sec = SHUTDOWN_TIMEO; + if (sudo_ev_add(base, ev, &tv, false) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to add shutdown event"); + } + } + + debug_return; +} + +/* + * Send a server message to the client. + */ +static void +server_msg_cb(int fd, int what, void *v) +{ + struct connection_closure *closure = v; + struct connection_buffer *buf = &closure->write_buf; + ssize_t nwritten; + debug_decl(server_msg_cb, SUDO_DEBUG_UTIL); + + /* For TLS we may need to write as part of SSL_read(). */ + if (closure->read_instead_of_write) { + closure->read_instead_of_write = false; + /* Delete write event if it was only due to SSL_read(). */ + if (closure->temporary_write_event) { + closure->temporary_write_event = false; + sudo_ev_del(closure->evbase, closure->write_ev); + } + client_msg_cb(fd, what, v); + debug_return; + } + + if (what == SUDO_EV_TIMEOUT) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "Writing to client timed out"); + goto finished; + } + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: sending %u bytes to client", + __func__, buf->len - buf->off); + +#if defined(HAVE_OPENSSL) + if (closure->tls) { + nwritten = SSL_write(closure->ssl, buf->data + buf->off, + buf->len - buf->off); + if (nwritten <= 0) { + int err = SSL_get_error(closure->ssl, nwritten); + switch (err) { + case SSL_ERROR_WANT_READ: + /* ssl wants to read, read event always active */ + sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO, + "SSL_write returns SSL_ERROR_WANT_READ"); + /* Redirect persistent read event to finish SSL_write() */ + closure->write_instead_of_read = true; + debug_return; + case SSL_ERROR_WANT_WRITE: + /* ssl wants to write more, write event remains active */ + sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO, + "SSL_write returns SSL_ERROR_WANT_WRITE"); + debug_return; + case SSL_ERROR_SYSCALL: + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected error during SSL_write(): %d (%s)", + err, strerror(errno)); + goto finished; + default: + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected error during SSL_write(): %d (%s)", + err, ERR_error_string(ERR_get_error(), NULL)); + goto finished; + } + } + } else +#endif + { + nwritten = send(fd, buf->data + buf->off, buf->len - buf->off, 0); + } + + if (nwritten == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to send %u bytes", buf->len - buf->off); + goto finished; + } + buf->off += nwritten; + + if (buf->off == buf->len) { + /* sent entire message */ + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: finished sending %u bytes to client", __func__, buf->len); + buf->off = 0; + buf->len = 0; + sudo_ev_del(closure->evbase, closure->write_ev); + if (closure->state == FLUSHED || closure->state == SHUTDOWN || + closure->state == ERROR) + goto finished; + } + debug_return; + +finished: + connection_closure_free(closure); + debug_return; +} + +/* + * Receive client message(s). + */ +static void +client_msg_cb(int fd, int what, void *v) +{ + struct connection_closure *closure = v; + struct connection_buffer *buf = &closure->read_buf; + uint32_t msg_len; + ssize_t nread; + debug_decl(client_msg_cb, SUDO_DEBUG_UTIL); + + /* For TLS we may need to read as part of SSL_write(). */ + if (closure->write_instead_of_read) { + closure->write_instead_of_read = false; + server_msg_cb(fd, what, v); + debug_return; + } + + if (what == SUDO_EV_TIMEOUT) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "Reading from client timed out"); + goto finished; + } + +#if defined(HAVE_OPENSSL) + if (closure->tls) { + nread = SSL_read(closure->ssl, buf->data + buf->len, buf->size); + if (nread <= 0) { + int err = SSL_get_error(closure->ssl, nread); + switch (err) { + case SSL_ERROR_ZERO_RETURN: + /* ssl connection shutdown cleanly */ + nread = 0; + break; + case SSL_ERROR_WANT_READ: + /* ssl wants to read more, read event is always active */ + sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO, + "SSL_read returns SSL_ERROR_WANT_READ"); + /* Read event is always active. */ + debug_return; + case SSL_ERROR_WANT_WRITE: + /* ssl wants to write, schedule a write if not pending */ + sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO, + "SSL_read returns SSL_ERROR_WANT_WRITE"); + if (!sudo_ev_pending(closure->write_ev, SUDO_EV_WRITE, NULL)) { + /* Enable a temporary write event. */ + if (sudo_ev_add(closure->evbase, closure->write_ev, + logsrvd_conf_get_sock_timeout(), false) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to add event to queue"); + goto finished; + } + closure->temporary_write_event = true; + } + /* Redirect write event to finish SSL_read() */ + closure->read_instead_of_write = true; + debug_return; + case SSL_ERROR_SYSCALL: + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected error during SSL_read(): %d (%s)", + err, strerror(errno)); + goto finished; + default: + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected error during SSL_read(): %d (%s)", + err, ERR_error_string(ERR_get_error(), NULL)); + goto finished; + } + } + } else +#endif + { + nread = recv(fd, buf->data + buf->len, buf->size - buf->len, 0); + } + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received %zd bytes from client", + __func__, nread); + switch (nread) { + case -1: + if (errno == EAGAIN) + debug_return; + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to receive %u bytes", buf->size - buf->len); + goto finished; + case 0: + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, "unexpected EOF"); + goto finished; + default: + break; + } + buf->len += nread; + + while (buf->len - buf->off >= sizeof(msg_len)) { + /* Read wire message size (uint32_t in network byte order). */ + memcpy(&msg_len, buf->data + buf->off, sizeof(msg_len)); + msg_len = ntohl(msg_len); + + if (msg_len > MESSAGE_SIZE_MAX) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "client message too large: %u", msg_len); + closure->errstr = _("client message too large"); + goto send_error; + } + + if (msg_len + sizeof(msg_len) > buf->len - buf->off) { + /* Incomplete message, we'll read the rest next time. */ + if (!expand_buf(buf, msg_len + sizeof(msg_len))) + goto finished; + debug_return; + } + + /* Parse ClientMessage, could be zero bytes. */ + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: parsing ClientMessage, size %u", __func__, msg_len); + buf->off += sizeof(msg_len); + if (!handle_client_message(buf->data + buf->off, msg_len, closure)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to parse ClientMessage, size %u", msg_len); + goto send_error; + } + buf->off += msg_len; + } + buf->len -= buf->off; + buf->off = 0; + debug_return; +send_error: + if (closure->errstr == NULL) + goto finished; + if (fmt_error_message(closure->errstr, &closure->write_buf)) { + sudo_ev_del(closure->evbase, closure->read_ev); + if (sudo_ev_add(closure->evbase, closure->write_ev, + logsrvd_conf_get_sock_timeout(), false) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to add server write event"); + } + } +finished: + connection_closure_free(closure); + debug_return; +} + +/* + * Format and schedule a commit_point message. + */ +static void +server_commit_cb(int unused, int what, void *v) +{ + ServerMessage msg = SERVER_MESSAGE__INIT; + TimeSpec commit_point = TIME_SPEC__INIT; + struct connection_closure *closure = v; + + debug_decl(server_commit_cb, SUDO_DEBUG_UTIL); + + /* Send the client an acknowledgement of what has been committed to disk. */ + commit_point.tv_sec = closure->elapsed_time.tv_sec; + commit_point.tv_nsec = closure->elapsed_time.tv_nsec; + msg.commit_point = &commit_point; + msg.type_case = SERVER_MESSAGE__TYPE_COMMIT_POINT; + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: sending commit point [%lld, %ld]", + __func__, (long long)closure->elapsed_time.tv_sec, + closure->elapsed_time.tv_nsec); + + /* XXX - assumes no other server message pending, use a queue instead? */ + if (!fmt_server_message(&closure->write_buf, &msg)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to format ServerMessage (commit point)"); + goto bad; + } + if (sudo_ev_add(closure->evbase, closure->write_ev, + logsrvd_conf_get_sock_timeout(), false) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to add server write event"); + goto bad; + } + + if (closure->state == EXITED) + closure->state = FLUSHED; + debug_return; +bad: + connection_closure_free(closure); + debug_return; +} + +/* + * Begin the sudo logserver protocol. + * When we enter the event loop the ServerHello message will be written + * and any pending ClientMessage will be read. + */ +static bool +start_protocol(struct connection_closure *closure) +{ + const struct timespec *timeout = logsrvd_conf_get_sock_timeout(); + debug_decl(start_protocol, SUDO_DEBUG_UTIL); + + if (!fmt_hello_message(&closure->write_buf, closure->tls)) + debug_return_bool(false); + + if (sudo_ev_add(closure->evbase, closure->write_ev, timeout, false) == -1) + debug_return_bool(false); + + /* No read timeout, client messages may happen at arbitrary times. */ + if (sudo_ev_add(closure->evbase, closure->read_ev, NULL, false) == -1) + debug_return_bool(false); + + debug_return_bool(true); +} + +#if defined(HAVE_OPENSSL) +static int +verify_peer_identity(int preverify_ok, X509_STORE_CTX *ctx) +{ + HostnameValidationResult result; + struct connection_closure *closure; + SSL *ssl; + X509 *current_cert; + X509 *peer_cert; + debug_decl(verify_peer_identity, SUDO_DEBUG_UTIL); + + /* if pre-verification of the cert failed, just propagate that result back */ + if (preverify_ok != 1) { + debug_return_int(0); + } + + /* since this callback is called for each cert in the chain, + * check that current cert is the peer's certificate + */ + current_cert = X509_STORE_CTX_get_current_cert(ctx); + peer_cert = X509_STORE_CTX_get0_cert(ctx); + + if (current_cert != peer_cert) { + debug_return_int(1); + } + + /* read out the attached object (closure) from the ssl connection object */ + ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); + closure = (struct connection_closure *)SSL_get_ex_data(ssl, 1); + + result = validate_hostname(peer_cert, closure->ipaddr, closure->ipaddr, 1); + + switch(result) + { + case MatchFound: + debug_return_int(1); + default: + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "hostname validation failed"); + debug_return_int(0); + } +} + +static bool +verify_server_cert(SSL_CTX *ctx, const struct logsrvd_tls_config *tls_config) +{ +#ifdef HAVE_SSL_CTX_GET0_CERTIFICATE + bool ret = false; + X509_STORE_CTX *store_ctx = NULL; + X509_STORE *ca_store; + STACK_OF(X509) *chain_certs; + X509 *x509; + debug_decl(verify_server_cert, SUDO_DEBUG_UTIL); + + if ((x509 = SSL_CTX_get0_certificate(ctx)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to get X509 object from SSL_CTX: %s", + ERR_error_string(ERR_get_error(), NULL)); + goto exit; + } + + if ((store_ctx = X509_STORE_CTX_new()) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to allocate X509_STORE_CTX object: %s", + ERR_error_string(ERR_get_error(), NULL)); + goto exit; + } + + if (!SSL_CTX_get0_chain_certs(ctx, &chain_certs)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to get chain certs: %s", + ERR_error_string(ERR_get_error(), NULL)); + goto exit; + } + + if ((ca_store = SSL_CTX_get_cert_store(ctx)) != NULL) + X509_STORE_set_flags(ca_store, X509_V_FLAG_X509_STRICT); + + if (!X509_STORE_CTX_init(store_ctx, ca_store, x509, chain_certs)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to initialize X509_STORE_CTX object: %s", + ERR_error_string(ERR_get_error(), NULL)); + goto exit; + } + + if (X509_verify_cert(store_ctx) <= 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to verify cert %s: %s", tls_config->cert_path, + ERR_error_string(ERR_get_error(), NULL)); + goto exit; + } + + ret = true; +exit: + X509_STORE_CTX_free(store_ctx); + + debug_return_bool(ret); +#else + /* TODO: verify server cert with old OpenSSL */ + return true; +#endif /* HAVE_SSL_CTX_GET0_CERTIFICATE */ +} + +static bool +init_tls_ciphersuites(SSL_CTX *ctx, const struct logsrvd_tls_config *tls_config) +{ + const char *errstr; + int success = 0; + debug_decl(init_tls_ciphersuites, SUDO_DEBUG_UTIL); + + if (tls_config->ciphers_v12) { + /* try to set TLS v1.2 ciphersuite list from config if given */ + success = SSL_CTX_set_cipher_list(ctx, tls_config->ciphers_v12); + if (success) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "TLS 1.2 ciphersuite list set to %s", tls_config->ciphers_v12); + } else { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("unable to set TLS 1.2 ciphersuite to %s: %s"), + tls_config->ciphers_v12, errstr); + } + } + if (!success) { + /* fallback to default ciphersuites for TLS v1.2 */ + if (SSL_CTX_set_cipher_list(ctx, LOGSRVD_DEFAULT_CIPHER_LST12) <= 0) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("unable to set TLS 1.2 ciphersuite to %s: %s"), + LOGSRVD_DEFAULT_CIPHER_LST12, errstr); + debug_return_bool(false); + } else { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "TLS v1.2 ciphersuite list set to %s (default)", + LOGSRVD_DEFAULT_CIPHER_LST12); + } + } + +# if defined(HAVE_SSL_CTX_SET_CIPHERSUITES) + success = 0; + if (tls_config->ciphers_v13) { + /* try to set TLSv1.3 ciphersuite list from config */ + success = SSL_CTX_set_ciphersuites(ctx, tls_config->ciphers_v13); + if (success) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "TLS v1.3 ciphersuite list set to %s", tls_config->ciphers_v13); + } else { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("unable to set TLS 1.3 ciphersuite to %s: %s"), + tls_config->ciphers_v13, errstr); + } + } + if (!success) { + /* fallback to default ciphersuites for TLS v1.3 */ + if (SSL_CTX_set_ciphersuites(ctx, LOGSRVD_DEFAULT_CIPHER_LST13) <= 0) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("unable to set TLS 1.3 ciphersuite to %s: %s"), + LOGSRVD_DEFAULT_CIPHER_LST13, errstr); + debug_return_bool(false); + } else { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "TLS v1.3 ciphersuite list set to %s (default)", + LOGSRVD_DEFAULT_CIPHER_LST13); + } + } +# endif + + debug_return_bool(true); +} + +/* + * Calls series of openssl initialization functions in order to + * be able to establish configured network connections over TLS + */ +static bool +init_tls_server_context(void) +{ + const SSL_METHOD *method; + FILE *dhparam_file = NULL; + SSL_CTX *ctx = NULL; + struct logsrvd_tls_runtime *tls_runtime = logsrvd_get_tls_runtime(); + const struct logsrvd_tls_config *tls_config = logsrvd_get_tls_config(); + bool ca_bundle_required = tls_config->verify | tls_config->check_peer; + const char *errstr; + debug_decl(init_tls_server_context, SUDO_DEBUG_UTIL); + + SSL_library_init(); + OpenSSL_add_all_algorithms(); + SSL_load_error_strings(); + + if ((method = TLS_server_method()) == NULL) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("unable to get TLS server method: %s"), errstr); + goto bad; + } + if ((ctx = SSL_CTX_new(method)) == NULL) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("unable to create TLS context: %s"), errstr); + goto bad; + } + + if (SSL_CTX_use_certificate_chain_file(ctx, tls_config->cert_path) <= 0) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("%s: %s"), tls_config->cert_path, errstr); + sudo_warnx(U_("unable to load certificate %s"), tls_config->cert_path); + goto bad; + } + + /* if server or client authentication is required, CA bundle file has to be prepared */ + if (ca_bundle_required) { + if (tls_config->cacert_path != NULL) { + STACK_OF(X509_NAME) *cacerts = + SSL_load_client_CA_file(tls_config->cacert_path); + + if (cacerts == NULL) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("%s: %s"), tls_config->cacert_path, errstr); + sudo_warnx(U_("unable to load certificate authority bundle %s"), + tls_config->cacert_path); + goto bad; + } + SSL_CTX_set_client_CA_list(ctx, cacerts); + + /* set the location of the CA bundle file for verification */ + if (SSL_CTX_load_verify_locations(ctx, tls_config->cacert_path, NULL) <= 0) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx("SSL_CTX_load_verify_locations: %s", errstr); + goto bad; + } + } else { + if (!SSL_CTX_set_default_verify_paths(ctx)) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx("SSL_CTX_set_default_verify_paths: %s", errstr); + goto bad; + } + } + + /* only verify server cert if it is set in the configuration */ + if (tls_config->verify) { + if (!verify_server_cert(ctx, tls_config)) + goto bad; + } else { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "skipping server cert check"); + } + } + + /* if peer authentication is enabled, verify client cert during TLS handshake + * The last parameter is a callback, where identity validation (hostname/ip) + * will be performed, because it is not automatically done by openssl. + */ + if (tls_config->check_peer) { + SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_peer_identity); + } + + /* if private key file was not set, assume that the cert file contains the private key */ + char* pkey = (tls_config->pkey_path == NULL ? tls_config->cert_path : tls_config->pkey_path); + + if (!SSL_CTX_use_PrivateKey_file(ctx, pkey, SSL_FILETYPE_PEM) || + !SSL_CTX_check_private_key(ctx)) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("%s: %s"), pkey, errstr); + sudo_warnx(U_("unable to load private key %s"), pkey); + goto bad; + } + + /* initialize TLSv1.2 and TLSv1.3 ciphersuites */ + if (!init_tls_ciphersuites(ctx, tls_config)) { + goto bad; + } + + /* try to load and set diffie-hellman parameters */ + if (tls_config->dhparams_path != NULL) + dhparam_file = fopen(tls_config->dhparams_path, "r"); + if (dhparam_file != NULL) { + DH *dhparams = PEM_read_DHparams(dhparam_file, NULL, NULL, NULL); + if (dhparams != NULL) { + if (!SSL_CTX_set_tmp_dh(ctx, dhparams)) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("unable to set diffie-hellman parameters: %s"), + errstr); + DH_free(dhparams); + } else { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "diffie-hellman parameters are loaded"); + } + } else { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("unable to set diffie-hellman parameters: %s"), + errstr); + } + fclose(dhparam_file); + } else { + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "dhparam file not found, will use default parameters"); + } + + /* audit server supports TLS version 1.2 or higher */ +#ifdef HAVE_SSL_CTX_SET_MIN_PROTO_VERSION + if (!SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION)) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("unable to set minimum protocol version to TLS 1.2: %s"), + errstr); + goto bad; + } +#else + SSL_CTX_set_options(ctx, + SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1); +#endif + + tls_runtime->ssl_ctx = ctx; + + debug_return_bool(true); + +bad: + SSL_CTX_free(ctx); + + debug_return_bool(false); +} + +static void +tls_handshake_cb(int fd, int what, void *v) +{ + struct connection_closure *closure = v; + debug_decl(tls_handshake_cb, SUDO_DEBUG_UTIL); + + if (what == SUDO_EV_TIMEOUT) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "TLS handshake timed out"); + goto bad; + } + + int handshake_status = SSL_accept(closure->ssl); + int err = SSL_ERROR_NONE; + switch (err = SSL_get_error(closure->ssl, handshake_status)) { + case SSL_ERROR_NONE: + /* ssl handshake was successful */ + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "TLS handshake successful"); + break; + case SSL_ERROR_WANT_READ: + /* ssl handshake is ongoing, re-schedule the SSL_accept() call */ + sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO, + "SSL_accept returns SSL_ERROR_WANT_READ"); + if (what != SUDO_EV_READ) { + if (sudo_ev_set(closure->ssl_accept_ev, closure->sock, + SUDO_EV_READ, tls_handshake_cb, closure) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to set ssl_accept_ev to SUDO_EV_READ"); + goto bad; + } + } + if (sudo_ev_add(closure->evbase, closure->ssl_accept_ev, + logsrvd_conf_get_sock_timeout(), false) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to add ssl_accept_ev to queue"); + goto bad; + } + debug_return; + case SSL_ERROR_WANT_WRITE: + /* ssl handshake is ongoing, re-schedule the SSL_accept() call */ + sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO, + "SSL_accept returns SSL_ERROR_WANT_WRITE"); + if (what != SUDO_EV_WRITE) { + if (sudo_ev_set(closure->ssl_accept_ev, closure->sock, + SUDO_EV_WRITE, tls_handshake_cb, closure) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to set ssl_accept_ev to SUDO_EV_WRITE"); + goto bad; + } + } + if (sudo_ev_add(closure->evbase, closure->ssl_accept_ev, + logsrvd_conf_get_sock_timeout(), false) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to add ssl_accept_ev to queue"); + goto bad; + } + debug_return; + case SSL_ERROR_SYSCALL: + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected error during TLS handshake: %d (%s)", + err, strerror(errno)); + goto bad; + default: + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected error during TLS handshake: %d (%s)", + err, ERR_error_string(ERR_get_error(), NULL)); + goto bad; + } + + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "TLS version: %s, negotiated cipher suite: %s", + SSL_get_version(closure->ssl), + SSL_get_cipher(closure->ssl)); + + /* Start the actual protocol now that the TLS handshake is complete. */ + if (!start_protocol(closure)) + goto bad; + + debug_return; +bad: + connection_closure_free(closure); + debug_return; +} +#endif /* HAVE_OPENSSL */ + +/* + * Allocate a new connection closure. + */ +static struct connection_closure * +connection_closure_alloc(int sock, bool tls, struct sudo_event_base *base) +{ + struct connection_closure *closure; + debug_decl(connection_closure_alloc, SUDO_DEBUG_UTIL); + + if ((closure = calloc(1, sizeof(*closure))) == NULL) + debug_return_ptr(NULL); + + closure->iolog_dir_fd = -1; + closure->sock = sock; + closure->tls = tls; + closure->evbase = base; + + TAILQ_INSERT_TAIL(&connections, closure, entries); + + closure->read_buf.size = 64 * 1024; + closure->read_buf.data = malloc(closure->read_buf.size); + if (closure->read_buf.data == NULL) + goto bad; + + closure->commit_ev = sudo_ev_alloc(-1, SUDO_EV_TIMEOUT, + server_commit_cb, closure); + if (closure->commit_ev == NULL) + goto bad; + + closure->read_ev = sudo_ev_alloc(sock, SUDO_EV_READ|SUDO_EV_PERSIST, + client_msg_cb, closure); + if (closure->read_ev == NULL) + goto bad; + + closure->write_ev = sudo_ev_alloc(sock, SUDO_EV_WRITE|SUDO_EV_PERSIST, + server_msg_cb, closure); + if (closure->write_ev == NULL) + goto bad; + +#if defined(HAVE_OPENSSL) + if (tls) { + closure->ssl_accept_ev = sudo_ev_alloc(sock, SUDO_EV_READ, + tls_handshake_cb, closure); + if (closure->ssl_accept_ev == NULL) + goto bad; + } +#endif + + debug_return_ptr(closure); +bad: + connection_closure_free(closure); + debug_return_ptr(NULL); +} + +/* + * New connection. + * Allocate a connection closure and optionally perform TLS handshake. + */ +static bool +new_connection(int sock, bool tls, const struct sockaddr *sa, + struct sudo_event_base *evbase) +{ + struct connection_closure *closure; + debug_decl(new_connection, SUDO_DEBUG_UTIL); + + if ((closure = connection_closure_alloc(sock, tls, evbase)) == NULL) + goto bad; + + /* store the peer's IP address in the closure object */ + if (sa->sa_family == AF_INET) { + struct sockaddr_in *sin = (struct sockaddr_in *)sa; + inet_ntop(AF_INET, &sin->sin_addr, closure->ipaddr, + sizeof(closure->ipaddr)); +#if defined(HAVE_STRUCT_IN6_ADDR) + } else if (sa->sa_family == AF_INET6) { + struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa; + inet_ntop(AF_INET6, &sin6->sin6_addr, closure->ipaddr, + sizeof(closure->ipaddr)); +#endif /* HAVE_STRUCT_IN6_ADDR */ + } else { + sudo_fatal(U_("unable to get remote IP addr")); + goto bad; + } + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "connection from %s", closure->ipaddr); + +#if defined(HAVE_OPENSSL) + /* If TLS is enabled, perform the TLS handshake first. */ + if (tls) { + /* Create the SSL object for the closure and attach it to the socket */ + if ((closure->ssl = SSL_new(logsrvd_get_tls_runtime()->ssl_ctx)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to create new ssl object: %s", + ERR_error_string(ERR_get_error(), NULL)); + goto bad; + } + + if (SSL_set_fd(closure->ssl, closure->sock) != 1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to set fd for TLS: %s", + ERR_error_string(ERR_get_error(), NULL)); + goto bad; + } + + /* attach the closure object to the ssl connection object to make it + available during hostname matching + */ + if (SSL_set_ex_data(closure->ssl, 1, closure) <= 0) { + sudo_warnx(U_("Unable to attach user data to the ssl object: %s"), + ERR_error_string(ERR_get_error(), NULL)); + goto bad; + } + + /* Enable SSL_accept to begin handshake with client. */ + if (sudo_ev_add(evbase, closure->ssl_accept_ev, + logsrvd_conf_get_sock_timeout(), false) == -1) { + sudo_fatal(U_("unable to add event to queue")); + goto bad; + } + } +#endif + /* If no TLS handshake, start the protocol immediately. */ + if (!tls) { + if (!start_protocol(closure)) + goto bad; + } + + debug_return_bool(true); +bad: + connection_closure_free(closure); + debug_return_bool(false); +} + +static int +create_listener(struct listen_address *addr) +{ + int flags, on, sock; + const char *family = "inet4"; + debug_decl(create_listener, SUDO_DEBUG_UTIL); + + if ((sock = socket(addr->sa_un.sa.sa_family, SOCK_STREAM, 0)) == -1) { + sudo_warn("socket"); + goto bad; + } + on = 1; +#ifdef HAVE_STRUCT_IN6_ADDR + if (addr->sa_un.sa.sa_family == AF_INET6) { + family = "inet6"; +# ifdef IPV6_V6ONLY + /* Disable IPv4-mapped IPv6 addresses. */ + if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) == -1) + sudo_warn("IPV6_V6ONLY"); +# endif + } +#endif + if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1) + sudo_warn("SO_REUSEADDR"); + if (bind(sock, &addr->sa_un.sa, addr->sa_len) == -1) { + /* TODO: only warn once for IPv4 and IPv6 or disambiguate */ + sudo_warn("%s (%s)", addr->sa_str, family); + goto bad; + } + if (listen(sock, SOMAXCONN) == -1) { + sudo_warn("listen"); + goto bad; + } + flags = fcntl(sock, F_GETFL, 0); + if (flags == -1 || fcntl(sock, F_SETFL, flags | O_NONBLOCK) == -1) { + sudo_warn("fcntl(O_NONBLOCK)"); + goto bad; + } + sudo_debug_printf(SUDO_DEBUG_INFO, "listening on %s (%s)", addr->sa_str, + family); + + debug_return_int(sock); +bad: + if (sock != -1) + close(sock); + debug_return_int(-1); +} + +static void +listener_cb(int fd, int what, void *v) +{ + struct listener *l = v; + struct sudo_event_base *evbase = sudo_ev_get_base(l->ev); + union sockaddr_union s_un; + socklen_t salen = sizeof(s_un); + int sock; + debug_decl(listener_cb, SUDO_DEBUG_UTIL); + + sock = accept(fd, &s_un.sa, &salen); + if (sock != -1) { + /* set keepalive socket option on socket returned by accept */ + if (logsrvd_conf_tcp_keepalive()) { + int keepalive = 1; + if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &keepalive, + sizeof(keepalive)) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to set SO_KEEPALIVE option"); + } + } + if (!new_connection(sock, l->tls, &s_un.sa, evbase)) { + /* TODO: pause accepting on ENOMEM */ + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to start new connection"); + } + } else { + if (errno != EAGAIN) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to accept new connection"); + } + /* TODO: pause accepting on ENFILE and EMFILE */ + } + + debug_return; +} + +static bool +register_listener(struct listen_address *addr, struct sudo_event_base *evbase) +{ + struct listener *l; + int sock; + debug_decl(register_listener, SUDO_DEBUG_UTIL); + + sock = create_listener(addr); + if (sock == -1) + debug_return_bool(false); + + /* TODO: make non-fatal */ + if ((l = malloc(sizeof(*l))) == NULL) + sudo_fatal(NULL); + l->sock = sock; + l->tls = addr->tls; + l->ev = sudo_ev_alloc(sock, SUDO_EV_READ|SUDO_EV_PERSIST, listener_cb, l); + if (l->ev == NULL) + sudo_fatal(NULL); + if (sudo_ev_add(evbase, l->ev, NULL, false) == -1) + sudo_fatal(U_("unable to add event to queue")); + TAILQ_INSERT_TAIL(&listeners, l, entries); + + debug_return_bool(true); +} + +/* + * Register listeners and init the TLS context. + */ +static bool +server_setup(struct sudo_event_base *base) +{ + struct listen_address *addr; + struct listener *l; + int nlisteners = 0; + bool ret, config_tls = false; + debug_decl(server_setup, SUDO_DEBUG_UTIL); + + /* Free old listeners (if any) and register new ones. */ + while ((l = TAILQ_FIRST(&listeners)) != NULL) { + TAILQ_REMOVE(&listeners, l, entries); + sudo_ev_free(l->ev); + close(l->sock); + free(l); + } + TAILQ_FOREACH(addr, logsrvd_conf_listen_address(), entries) { + nlisteners += register_listener(addr, base); + if (addr->tls) + config_tls = true; + } + ret = nlisteners > 0; + + if (ret && config_tls) { +#if defined(HAVE_OPENSSL) + if (!init_tls_server_context()) + ret = false; +#endif + } + + debug_return_bool(ret); +} + +/* + * Reload config and re-initialize listeners and TLS context. + */ +static void +server_reload(struct sudo_event_base *base) +{ + debug_decl(server_reload, SUDO_DEBUG_UTIL); + + sudo_debug_printf(SUDO_DEBUG_INFO, "reloading server config"); + if (logsrvd_conf_read(conf_file)) { + /* Re-initialize listeners and TLS context. */ + if (!server_setup(base)) + sudo_fatalx(U_("unable setup listen socket")); + + /* Re-initialize debugging. */ + if (sudo_conf_read(NULL, SUDO_CONF_DEBUG) != -1) { + sudo_debug_register(getprogname(), NULL, NULL, + sudo_conf_debug_files(getprogname())); + } + } + + debug_return; +} + +static void +signal_cb(int signo, int what, void *v) +{ + struct sudo_event_base *base = v; + debug_decl(signal_cb, SUDO_DEBUG_UTIL); + + switch (signo) { + case SIGHUP: + server_reload(base); + break; + case SIGINT: + case SIGTERM: + /* Shut down active connections. */ + server_shutdown(base); + break; + default: + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected signal %d", signo); + break; + } + + debug_return; +} + +static void +register_signal(int signo, struct sudo_event_base *base) +{ + struct sudo_event *ev; + debug_decl(register_signal, SUDO_DEBUG_UTIL); + + ev = sudo_ev_alloc(signo, SUDO_EV_SIGNAL, signal_cb, base); + if (ev == NULL) + sudo_fatal(NULL); + if (sudo_ev_add(base, ev, NULL, false) == -1) + sudo_fatal(U_("unable to add event to queue")); + + debug_return; +} + +static void +logsrvd_cleanup(void) +{ + /* TODO: cleanup like on signal */ + return; +} + +/* + * Write the process ID into a file, typically /var/run/sudo/sudo_logsrvd.pid. + * If the parent directory doesn't exist, it will be created. + */ +static void +write_pidfile(void) +{ + FILE *fp; + bool success; + char *pid_file = (char *)logsrvd_conf_pid_file(); + debug_decl(write_pidfile, SUDO_DEBUG_UTIL); + + /* sudo_mkdir_parents() modifies the path but restores it before return. */ + success = sudo_mkdir_parents(pid_file, ROOT_UID, ROOT_GID, + S_IRWXU|S_IXGRP|S_IXOTH, false); + if (success) { + fp = fopen(logsrvd_conf_pid_file(), "w"); + if (fp == NULL) { + sudo_warn("%s", pid_file); + } else { + fprintf(fp, "%u\n", (unsigned int)getpid()); + fflush(fp); + if (ferror(fp)) + sudo_warn("%s", pid_file); + fclose(fp); + } + } + debug_return; +} + +/* + * Fork, detach from the terminal and write pid file unless nofork set. + */ +static void +daemonize(bool nofork) +{ + int fd; + debug_decl(daemonize, SUDO_DEBUG_UTIL); + + if (!nofork) { + switch (fork()) { + case -1: + sudo_fatal("fork"); + case 0: + /* child */ + break; + default: + /* parent, exit */ + _exit(EXIT_SUCCESS); + } + + /* detach from terminal and write pid file. */ + if (setsid() == -1) + sudo_fatal("setsid"); + write_pidfile(); + } + + if (chdir("/") == -1) + sudo_warn("chdir(\"/\")"); + if ((fd = open(_PATH_DEVNULL, O_RDWR)) != -1) { + (void) dup2(fd, STDIN_FILENO); + (void) dup2(fd, STDOUT_FILENO); + (void) dup2(fd, STDERR_FILENO); + if (fd > STDERR_FILENO) + (void) close(fd); + } + + debug_return; +} + +static void +usage(bool fatal) +{ + fprintf(stderr, "usage: %s [-n] [-f conf_file] [-R percentage]\n", + getprogname()); + if (fatal) + exit(EXIT_FAILURE); +} + +static void +help(void) +{ + (void)printf(_("%s - send sudo I/O log to remote server\n\n"), + getprogname()); + usage(false); + (void)puts(_("\nOptions:\n" + " -f, --file path to configuration file\n" + " -h --help display help message and exit\n" + " -n, --no-fork do not fork, run in the foreground\n" + " -R, --random-drop percent chance connections will drop\n" + " -V, --version display version information and exit\n")); + exit(EXIT_SUCCESS); +} + +static const char short_opts[] = "f:hnR:V"; +static struct option long_opts[] = { + { "file", required_argument, NULL, 'f' }, + { "help", no_argument, NULL, 'h' }, + { "no-fork", no_argument, NULL, 'n' }, + { "random-drop", required_argument, NULL, 'R' }, + { "version", no_argument, NULL, 'V' }, + { NULL, no_argument, NULL, 0 }, +}; + +__dso_public int main(int argc, char *argv[]); + +int +main(int argc, char *argv[]) +{ + struct sudo_event_base *evbase; + bool nofork = false; + char *ep; + int ch; + debug_decl_vars(main, SUDO_DEBUG_MAIN); + +#if defined(SUDO_DEVEL) && defined(__OpenBSD__) + { + extern char *malloc_options; + malloc_options = "S"; + } +#endif + + initprogname(argc > 0 ? argv[0] : "sudo_logsrvd"); + setlocale(LC_ALL, ""); + bindtextdomain("sudo", LOCALEDIR); /* XXX - add logsrvd domain */ + textdomain("sudo"); + + /* Register fatal/fatalx callback. */ + sudo_fatal_callback_register(logsrvd_cleanup); + + /* Read sudo.conf and initialize the debug subsystem. */ + if (sudo_conf_read(NULL, SUDO_CONF_DEBUG) == -1) + exit(EXIT_FAILURE); + sudo_debug_register(getprogname(), NULL, NULL, + sudo_conf_debug_files(getprogname())); + + if (protobuf_c_version_number() < 1003000) + sudo_fatalx(U_("Protobuf-C version 1.3 or higher required")); + + while ((ch = getopt_long(argc, argv, short_opts, long_opts, NULL)) != -1) { + switch (ch) { + case 'f': + conf_file = optarg; + break; + case 'h': + help(); + break; + case 'n': + nofork = true; + break; + case 'R': + /* random connection drop probability as a percentage (debug) */ + errno = 0; + random_drop = strtod(optarg, &ep); + if (*ep != '\0' || errno != 0) + sudo_fatalx(U_("invalid random drop value: %s"), optarg); + random_drop /= 100.0; /* convert from percentage */ + break; + case 'V': + (void)printf(_("%s version %s\n"), getprogname(), + PACKAGE_VERSION); + return 0; + default: + usage(true); + } + } + + /* Read sudo_logsrvd.conf */ + if (!logsrvd_conf_read(conf_file)) + exit(EXIT_FAILURE); + + if ((evbase = sudo_ev_base_alloc()) == NULL) + sudo_fatal(NULL); + + /* Initialize listeners and TLS context. */ + if (!server_setup(evbase)) + sudo_fatalx(U_("unable setup listen socket")); + + register_signal(SIGHUP, evbase); + register_signal(SIGINT, evbase); + register_signal(SIGTERM, evbase); + + /* Point of no return. */ + daemonize(nofork); + signal(SIGPIPE, SIG_IGN); + + sudo_ev_dispatch(evbase); + if (!nofork) + unlink(logsrvd_conf_pid_file()); + + debug_return_int(1); +} diff -Nru sudo-1.8.31/logsrvd/logsrvd_conf.c sudo-1.9.0/logsrvd/logsrvd_conf.c --- sudo-1.8.31/logsrvd/logsrvd_conf.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/logsrvd/logsrvd_conf.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,1167 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019-2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "config.h" + +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif +#include +#include +#include +#include +#include +#include +#include + +#ifndef HAVE_GETADDRINFO +# include "compat/getaddrinfo.h" +#endif + +#include "log_server.pb-c.h" +#include "sudo_gettext.h" /* must be included before sudo_compat.h */ +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_util.h" +#include "sudo_fatal.h" +#include "sudo_iolog.h" +#include "pathnames.h" +#include "logsrvd.h" + +#if defined(HAVE_OPENSSL) +# define DEFAULT_CA_CERT_PATH "/etc/ssl/sudo/cacert.pem" +# define DEFAULT_SERVER_CERT_PATH "/etc/ssl/sudo/certs/logsrvd_cert.pem" +# define DEFAULT_SERVER_KEY_PATH "/etc/ssl/sudo/private/logsrvd_key.pem" +#endif + +struct logsrvd_config; +typedef bool (*logsrvd_conf_cb_t)(struct logsrvd_config *config, const char *); + +struct logsrvd_config_entry { + char *conf_str; + logsrvd_conf_cb_t setter; +}; + +struct logsrvd_config_section { + char *name; + struct logsrvd_config_entry *entries; +}; + +static struct logsrvd_config { + struct logsrvd_config_server { + struct listen_address_list addresses; + struct timespec timeout; + bool tcp_keepalive; + char *pid_file; +#if defined(HAVE_OPENSSL) + bool tls; + struct logsrvd_tls_config tls_config; + struct logsrvd_tls_runtime tls_runtime; +#endif + } server; + struct logsrvd_config_iolog { + bool compress; + bool flush; + bool gid_set; + uid_t uid; + gid_t gid; + mode_t mode; + unsigned int maxseq; + char *iolog_dir; + char *iolog_file; + } iolog; + struct logsrvd_config_eventlog { + enum logsrvd_eventlog_type log_type; + enum logsrvd_eventlog_format log_format; + } eventlog; + struct logsrvd_config_syslog { + unsigned int maxlen; + int facility; + int acceptpri; + int rejectpri; + int alertpri; + } syslog; + struct logsrvd_config_logfile { + char *path; + char *time_format; + FILE *stream; + } logfile; +} *logsrvd_config; + +/* iolog getters */ +mode_t +logsrvd_conf_iolog_mode(void) +{ + return logsrvd_config->iolog.mode; +} + +const char * +logsrvd_conf_iolog_dir(void) +{ + return logsrvd_config->iolog.iolog_dir; +} + +const char * +logsrvd_conf_iolog_file(void) +{ + return logsrvd_config->iolog.iolog_file; +} + +/* server getters */ +struct listen_address_list * +logsrvd_conf_listen_address(void) +{ + return &logsrvd_config->server.addresses; +} + +bool +logsrvd_conf_tcp_keepalive(void) +{ + return logsrvd_config->server.tcp_keepalive; +} + +const char * +logsrvd_conf_pid_file(void) +{ + return logsrvd_config->server.pid_file; +} + +struct timespec * +logsrvd_conf_get_sock_timeout(void) +{ + if (sudo_timespecisset(&logsrvd_config->server.timeout)) { + return &(logsrvd_config->server.timeout); + } + + return NULL; +} + +#if defined(HAVE_OPENSSL) +const struct logsrvd_tls_config * +logsrvd_get_tls_config(void) +{ + return &logsrvd_config->server.tls_config; +} + +struct logsrvd_tls_runtime * +logsrvd_get_tls_runtime(void) +{ + return &logsrvd_config->server.tls_runtime; +} +#endif + +/* eventlog getters */ +enum logsrvd_eventlog_type +logsrvd_conf_eventlog_type(void) +{ + return logsrvd_config->eventlog.log_type; +} + +enum logsrvd_eventlog_format +logsrvd_conf_eventlog_format(void) +{ + return logsrvd_config->eventlog.log_format; +} + +/* syslog getters */ +unsigned int +logsrvd_conf_syslog_maxlen(void) +{ + return logsrvd_config->syslog.maxlen; +} + +int +logsrvd_conf_syslog_facility(void) +{ + return logsrvd_config->syslog.facility; +} + +int +logsrvd_conf_syslog_acceptpri(void) +{ + return logsrvd_config->syslog.acceptpri; +} + +int +logsrvd_conf_syslog_rejectpri(void) +{ + return logsrvd_config->syslog.rejectpri; +} + +int +logsrvd_conf_syslog_alertpri(void) +{ + return logsrvd_config->syslog.alertpri; +} + +/* logfile getters */ +const char * +logsrvd_conf_logfile_path(void) +{ + return logsrvd_config->logfile.path; +} + +FILE * +logsrvd_conf_logfile_stream(void) +{ + return logsrvd_config->logfile.stream; +} + +const char * +logsrvd_conf_logfile_time_format(void) +{ + return logsrvd_config->logfile.time_format; +} + +/* I/O log callbacks */ +static bool +cb_iolog_dir(struct logsrvd_config *config, const char *path) +{ + debug_decl(cb_iolog_dir, SUDO_DEBUG_UTIL); + + free(config->iolog.iolog_dir); + if ((config->iolog.iolog_dir = strdup(path)) == NULL) { + sudo_warn(NULL); + debug_return_bool(false); + } + debug_return_bool(true); +} + +static bool +cb_iolog_file(struct logsrvd_config *config, const char *path) +{ + debug_decl(cb_iolog_file, SUDO_DEBUG_UTIL); + + free(config->iolog.iolog_file); + if ((config->iolog.iolog_file = strdup(path)) == NULL) { + sudo_warn(NULL); + debug_return_bool(false); + } + debug_return_bool(true); +} + +static bool +cb_iolog_compress(struct logsrvd_config *config, const char *str) +{ + int val; + debug_decl(cb_iolog_compress, SUDO_DEBUG_UTIL); + + if ((val = sudo_strtobool(str)) == -1) + debug_return_bool(false); + + config->iolog.compress = val; + debug_return_bool(true); +} + +static bool +cb_iolog_flush(struct logsrvd_config *config, const char *str) +{ + int val; + debug_decl(cb_iolog_flush, SUDO_DEBUG_UTIL); + + if ((val = sudo_strtobool(str)) == -1) + debug_return_bool(false); + + config->iolog.flush = val; + debug_return_bool(true); +} + +static bool +cb_iolog_user(struct logsrvd_config *config, const char *user) +{ + struct passwd *pw; + debug_decl(cb_iolog_user, SUDO_DEBUG_UTIL); + + if ((pw = getpwnam(user)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unknown user %s", user); + debug_return_bool(false); + } + config->iolog.uid = pw->pw_uid; + if (!config->iolog.gid_set) + config->iolog.gid = pw->pw_gid; + + debug_return_bool(true); +} + +static bool +cb_iolog_group(struct logsrvd_config *config, const char *group) +{ + struct group *gr; + debug_decl(cb_iolog_group, SUDO_DEBUG_UTIL); + + if ((gr = getgrnam(group)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unknown group %s", group); + debug_return_bool(false); + } + config->iolog.gid = gr->gr_gid; + config->iolog.gid_set = true; + + debug_return_bool(true); +} + +static bool +cb_iolog_mode(struct logsrvd_config *config, const char *str) +{ + const char *errstr; + mode_t mode; + debug_decl(cb_iolog_mode, SUDO_DEBUG_UTIL); + + mode = sudo_strtomode(str, &errstr); + if (errstr != NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to parse iolog mode %s", str); + debug_return_bool(false); + } + config->iolog.mode = mode; + debug_return_bool(true); +} + +static bool +cb_iolog_maxseq(struct logsrvd_config *config, const char *str) +{ + const char *errstr; + unsigned int value; + debug_decl(cb_iolog_maxseq, SUDO_DEBUG_UTIL); + + value = sudo_strtonum(str, 0, SESSID_MAX, &errstr); + if (errstr != NULL) { + if (errno != ERANGE) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "bad maxseq: %s: %s", str, errstr); + debug_return_bool(false); + } + /* Out of range, clamp to SESSID_MAX as documented. */ + value = SESSID_MAX; + } + config->iolog.maxseq = value; + debug_return_bool(true); +} + +/* Server callbacks */ +static bool +cb_listen_address(struct logsrvd_config *config, const char *str) +{ + struct addrinfo hints, *res, *res0 = NULL; + char *copy, *host, *port; + bool tls, ret = false; + int error; + debug_decl(cb_iolog_mode, SUDO_DEBUG_UTIL); + + if ((copy = strdup(str)) == NULL) { + sudo_warn(NULL); + debug_return_bool(false); + } + + /* Parse host[:port] */ + if (!iolog_parse_host_port(copy, &host, &port, &tls, DEFAULT_PORT, + DEFAULT_PORT_TLS)) + goto done; + if (host[0] == '*' && host[1] == '\0') + host = NULL; + +#if !defined(HAVE_OPENSSL) + if (tls) { + sudo_warn("%s", U_("TLS not supported")); + goto done; + } +#endif + + /* Resolve host (and port if it is a service). */ + memset(&hints, 0, sizeof(hints)); + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_PASSIVE; + error = getaddrinfo(host, port, &hints, &res0); + if (error != 0) { + sudo_gai_warn(error, U_("%s:%s"), host ? host : "*", port); + goto done; + } + for (res = res0; res != NULL; res = res->ai_next) { + struct listen_address *addr; + + if ((addr = malloc(sizeof(*addr))) == NULL) { + sudo_warn(NULL); + goto done; + } + if ((addr->sa_str = strdup(str)) == NULL) { + sudo_warn(NULL); + free(addr); + goto done; + } + memcpy(&addr->sa_un, res->ai_addr, res->ai_addrlen); + addr->sa_len = res->ai_addrlen; + addr->tls = tls; + TAILQ_INSERT_TAIL(&config->server.addresses, addr, entries); + } + + ret = true; +done: + if (res0 != NULL) + freeaddrinfo(res0); + free(copy); + debug_return_bool(ret); +} + +static bool +cb_timeout(struct logsrvd_config *config, const char *str) +{ + int timeout; + const char* errstr; + debug_decl(cb_timeout, SUDO_DEBUG_UTIL); + + timeout = sudo_strtonum(str, 0, UINT_MAX, &errstr); + if (errstr != NULL) + debug_return_bool(false); + + config->server.timeout.tv_sec = timeout; + + debug_return_bool(true); +} + +static bool +cb_keepalive(struct logsrvd_config *config, const char *str) +{ + int val; + debug_decl(cb_keepalive, SUDO_DEBUG_UTIL); + + if ((val = sudo_strtobool(str)) == -1) + debug_return_bool(false); + + config->server.tcp_keepalive = val; + debug_return_bool(true); +} + +static bool +cb_pid_file(struct logsrvd_config *config, const char *str) +{ + char *copy = NULL; + debug_decl(cb_pid_file, SUDO_DEBUG_UTIL); + + if (*str != '/') { + debug_return_bool(false); + sudo_warnx(U_("%s: not a fully qualified path"), str); + debug_return_bool(false); + } + if ((copy = strdup(str)) == NULL) { + sudo_warn(NULL); + debug_return_bool(false); + } + + free(config->server.pid_file); + config->server.pid_file = copy; + + debug_return_bool(true); +} + +#if defined(HAVE_OPENSSL) +static bool +cb_tls_key(struct logsrvd_config *config, const char *path) +{ + debug_decl(cb_tls_key, SUDO_DEBUG_UTIL); + + free(config->server.tls_config.pkey_path); + if ((config->server.tls_config.pkey_path = strdup(path)) == NULL) { + sudo_warn(NULL); + debug_return_bool(false); + } + debug_return_bool(true); +} + +static bool +cb_tls_cacert(struct logsrvd_config *config, const char *path) +{ + debug_decl(cb_tls_cacert, SUDO_DEBUG_UTIL); + + free(config->server.tls_config.cacert_path); + if ((config->server.tls_config.cacert_path = strdup(path)) == NULL) { + sudo_warn(NULL); + debug_return_bool(false); + } + debug_return_bool(true); +} + +static bool +cb_tls_cert(struct logsrvd_config *config, const char *path) +{ + debug_decl(cb_tls_cert, SUDO_DEBUG_UTIL); + + free(config->server.tls_config.cert_path); + if ((config->server.tls_config.cert_path = strdup(path)) == NULL) { + sudo_warn(NULL); + debug_return_bool(false); + } + debug_return_bool(true); +} + +static bool +cb_tls_dhparam(struct logsrvd_config *config, const char *path) +{ + debug_decl(cb_tls_dhparam, SUDO_DEBUG_UTIL); + + free(config->server.tls_config.dhparams_path); + if ((config->server.tls_config.dhparams_path = strdup(path)) == NULL) { + sudo_warn(NULL); + debug_return_bool(false); + } + debug_return_bool(true); +} + +static bool +cb_tls_ciphers12(struct logsrvd_config *config, const char *str) +{ + debug_decl(cb_tls_ciphers12, SUDO_DEBUG_UTIL); + + free(config->server.tls_config.ciphers_v12); + if ((config->server.tls_config.ciphers_v12 = strdup(str)) == NULL) { + sudo_warn(NULL); + debug_return_bool(false); + } + debug_return_bool(true); +} + +static bool +cb_tls_ciphers13(struct logsrvd_config *config, const char *str) +{ + debug_decl(cb_tls_ciphers13, SUDO_DEBUG_UTIL); + + free(config->server.tls_config.ciphers_v13); + if ((config->server.tls_config.ciphers_v13 = strdup(str)) == NULL) { + sudo_warn(NULL); + debug_return_bool(false); + } + debug_return_bool(true); +} + +static bool +cb_tls_verify(struct logsrvd_config *config, const char *str) +{ + int val; + debug_decl(cb_tls_verify, SUDO_DEBUG_UTIL); + + if ((val = sudo_strtobool(str)) == -1) + debug_return_bool(false); + + config->server.tls_config.verify = val; + debug_return_bool(true); +} + +static bool +cb_tls_checkpeer(struct logsrvd_config *config, const char *str) +{ + int val; + debug_decl(cb_tls_checkpeer, SUDO_DEBUG_UTIL); + + if ((val = sudo_strtobool(str)) == -1) + debug_return_bool(false); + + config->server.tls_config.check_peer = val; + debug_return_bool(true); +} +#endif + +/* eventlog callbacks */ +static bool +cb_eventlog_type(struct logsrvd_config *config, const char *str) +{ + debug_decl(cb_eventlog_type, SUDO_DEBUG_UTIL); + + if (strcmp(str, "none") == 0) + config->eventlog.log_type = EVLOG_NONE; + else if (strcmp(str, "syslog") == 0) + config->eventlog.log_type = EVLOG_SYSLOG; + else if (strcmp(str, "logfile") == 0) + config->eventlog.log_type = EVLOG_FILE; + else + debug_return_bool(false); + + debug_return_bool(true); +} + +static bool +cb_eventlog_format(struct logsrvd_config *config, const char *str) +{ + debug_decl(cb_eventlog_format, SUDO_DEBUG_UTIL); + + if (strcmp(str, "json") == 0) + config->eventlog.log_format = EVLOG_JSON; + else if (strcmp(str, "sudo") == 0) + config->eventlog.log_format = EVLOG_SUDO; + else + debug_return_bool(false); + + debug_return_bool(true); +} + +/* syslog callbacks */ +static bool +cb_syslog_maxlen(struct logsrvd_config *config, const char *str) +{ + unsigned int maxlen; + const char *errstr; + debug_decl(cb_syslog_maxlen, SUDO_DEBUG_UTIL); + + maxlen = sudo_strtonum(str, 1, UINT_MAX, &errstr); + if (errstr != NULL) + debug_return_bool(false); + + config->syslog.maxlen = maxlen; + + debug_return_bool(true); +} + +static bool +cb_syslog_facility(struct logsrvd_config *config, const char *str) +{ + int logfac; + debug_decl(cb_syslog_facility, SUDO_DEBUG_UTIL); + + if (!sudo_str2logfac(str, &logfac)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "invalid syslog priority %s", str); + debug_return_bool(false); + } + + config->syslog.facility = logfac; + + debug_return_bool(true); +} + +static bool +cb_syslog_acceptpri(struct logsrvd_config *config, const char *str) +{ + int logpri; + debug_decl(cb_syslog_acceptpri, SUDO_DEBUG_UTIL); + + if (!sudo_str2logpri(str, &logpri)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "invalid syslog priority %s", str); + debug_return_bool(false); + } + + config->syslog.acceptpri = logpri; + + debug_return_bool(true); +} + +static bool +cb_syslog_rejectpri(struct logsrvd_config *config, const char *str) +{ + int logpri; + debug_decl(cb_syslog_rejectpri, SUDO_DEBUG_UTIL); + + if (!sudo_str2logpri(str, &logpri)) + debug_return_bool(false); + + config->syslog.rejectpri = logpri; + + debug_return_bool(true); +} + +static bool +cb_syslog_alertpri(struct logsrvd_config *config, const char *str) +{ + int logpri; + debug_decl(cb_syslog_alertpri, SUDO_DEBUG_UTIL); + + if (!sudo_str2logpri(str, &logpri)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "invalid syslog priority %s", str); + debug_return_bool(false); + } + + config->syslog.alertpri = logpri; + + debug_return_bool(true); +} + +/* logfile callbacks */ +static bool +cb_logfile_path(struct logsrvd_config *config, const char *str) +{ + char *copy = NULL; + debug_decl(cb_logfile_path, SUDO_DEBUG_UTIL); + + if (*str != '/') { + debug_return_bool(false); + sudo_warnx(U_("%s: not a fully qualified path"), str); + debug_return_bool(false); + } + if ((copy = strdup(str)) == NULL) { + sudo_warn(NULL); + debug_return_bool(false); + } + + free(config->logfile.path); + config->logfile.path = copy; + + debug_return_bool(true); +} + +static bool +cb_logfile_time_format(struct logsrvd_config *config, const char *str) +{ + char *copy = NULL; + debug_decl(cb_logfile_time_format, SUDO_DEBUG_UTIL); + + if ((copy = strdup(str)) == NULL) { + sudo_warn(NULL); + debug_return_bool(false); + } + + free(config->logfile.time_format); + config->logfile.time_format = copy; + + debug_return_bool(true); +} + +static struct logsrvd_config_entry server_conf_entries[] = { + { "listen_address", cb_listen_address }, + { "timeout", cb_timeout }, + { "tcp_keepalive", cb_keepalive }, + { "pid_file", cb_pid_file }, +#if defined(HAVE_OPENSSL) + { "tls_key", cb_tls_key }, + { "tls_cacert", cb_tls_cacert }, + { "tls_cert", cb_tls_cert }, + { "tls_dhparams", cb_tls_dhparam }, + { "tls_ciphers_v12", cb_tls_ciphers12 }, + { "tls_ciphers_v13", cb_tls_ciphers13 }, + { "tls_checkpeer", cb_tls_checkpeer }, + { "tls_verify", cb_tls_verify }, +#endif + { NULL } +}; + +static struct logsrvd_config_entry iolog_conf_entries[] = { + { "iolog_dir", cb_iolog_dir }, + { "iolog_file", cb_iolog_file }, + { "iolog_flush", cb_iolog_flush }, + { "iolog_compress", cb_iolog_compress }, + { "iolog_user", cb_iolog_user }, + { "iolog_group", cb_iolog_group }, + { "iolog_mode", cb_iolog_mode }, + { "maxseq", cb_iolog_maxseq }, + { NULL } +}; + +static struct logsrvd_config_entry eventlog_conf_entries[] = { + { "log_type", cb_eventlog_type }, + { "log_format", cb_eventlog_format }, + { NULL } +}; + +static struct logsrvd_config_entry syslog_conf_entries[] = { + { "maxlen", cb_syslog_maxlen }, + { "facility", cb_syslog_facility }, + { "reject_priority", cb_syslog_rejectpri }, + { "accept_priority", cb_syslog_acceptpri }, + { "alert_priority", cb_syslog_alertpri }, + { NULL } +}; + +static struct logsrvd_config_entry logfile_conf_entries[] = { + { "path", cb_logfile_path }, + { "time_format", cb_logfile_time_format }, + { NULL } +}; + +static struct logsrvd_config_section logsrvd_config_sections[] = { + { "server", server_conf_entries }, + { "iolog", iolog_conf_entries }, + { "eventlog", eventlog_conf_entries }, + { "syslog", syslog_conf_entries }, + { "logfile", logfile_conf_entries }, + { NULL } +}; + +static bool +logsrvd_conf_parse(struct logsrvd_config *config, FILE *fp, const char *path) +{ + struct logsrvd_config_section *conf_section = NULL; + unsigned int lineno = 0; + size_t linesize = 0; + char *line = NULL; + bool ret = false; + debug_decl(logsrvd_conf_parse, SUDO_DEBUG_UTIL); + + while (sudo_parseln(&line, &linesize, &lineno, fp, 0) != -1) { + struct logsrvd_config_entry *entry; + char *ep, *val; + + /* Skip blank, comment or invalid lines. */ + if (*line == '\0' || *line == ';') + continue; + + /* New section */ + if (line[0] == '[') { + char *section_name = line + 1; + char *cp = strchr(section_name, ']'); + if (cp == NULL) { + sudo_warnx(U_("%s:%d unmatched '[': %s"), + path, lineno, line); + goto done; + } + *cp = '\0'; + for (conf_section = logsrvd_config_sections; conf_section->name != NULL; + conf_section++) { + if (strcasecmp(section_name, conf_section->name) == 0) + break; + } + if (conf_section->name == NULL) { + sudo_warnx(U_("%s:%d invalid config section: %s"), + path, lineno, section_name); + goto done; + } + continue; + } + + if ((ep = strchr(line, '=')) == NULL) { + sudo_warnx(U_("%s:%d invalid configuration line: %s"), + path, lineno, line); + goto done; + } + + if (conf_section == NULL) { + sudo_warnx(U_("%s:%d expected section name: %s"), + path, lineno, line); + goto done; + } + + val = ep + 1; + while (isspace((unsigned char)*val)) + val++; + while (ep > line && isspace((unsigned char)ep[-1])) + ep--; + *ep = '\0'; + for (entry = conf_section->entries; entry->conf_str != NULL; entry++) { + if (strcasecmp(line, entry->conf_str) == 0) { + if (!entry->setter(config, val)) { + sudo_warnx(U_("invalid value for %s: %s"), + entry->conf_str, val); + goto done; + } + break; + } + } + if (entry->conf_str == NULL) { + sudo_warnx(U_("%s:%d unknown key: %s"), path, lineno, line); + goto done; + } + } + ret = true; + +done: + free(line); + debug_return_bool(ret); +} + +static FILE * +logsrvd_open_eventlog(struct logsrvd_config *config) +{ + mode_t oldmask; + FILE *fp = NULL; + const char *omode; + int fd, flags; + debug_decl(logsrvd_open_eventlog, SUDO_DEBUG_UTIL); + + /* Cannot append to a JSON file. */ + if (config->eventlog.log_format == EVLOG_JSON) { + flags = O_RDWR|O_CREAT; + omode = "w"; + } else { + flags = O_WRONLY|O_APPEND|O_CREAT; + omode = "a"; + } + oldmask = umask(S_IRWXG|S_IRWXO); + fd = open(config->logfile.path, flags, S_IRUSR|S_IWUSR); + (void)umask(oldmask); + if (fd == -1 || (fp = fdopen(fd, omode)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to open log file %s", config->logfile.path); + if (fd != -1) + close(fd); + } + + debug_return_ptr(fp); +} + +/* Free the specified struct logsrvd_config and its contents. */ +void +logsrvd_conf_free(struct logsrvd_config *config) +{ + struct listen_address *addr; + debug_decl(logsrvd_conf_free, SUDO_DEBUG_UTIL); + + if (config == NULL) + debug_return; + + /* struct logsrvd_config_server */ + while ((addr = TAILQ_FIRST(&config->server.addresses))) { + TAILQ_REMOVE(&config->server.addresses, addr, entries); + free(addr->sa_str); + free(addr); + } + free(config->server.pid_file); + + /* struct logsrvd_config_iolog */ + free(config->iolog.iolog_dir); + free(config->iolog.iolog_file); + + /* struct logsrvd_config_logfile */ + free(config->logfile.path); + free(config->logfile.time_format); + if (config->logfile.stream != NULL) + fclose(config->logfile.stream); + +#if defined(HAVE_OPENSSL) + free(config->server.tls_config.pkey_path); + free(config->server.tls_config.cert_path); + free(config->server.tls_config.cacert_path); + free(config->server.tls_config.dhparams_path); + free(config->server.tls_config.ciphers_v12); + free(config->server.tls_config.ciphers_v13); + + if (config->server.tls_runtime.ssl_ctx != NULL) + SSL_CTX_free(config->server.tls_runtime.ssl_ctx); +#endif + + free(config); + + debug_return; +} + +/* Allocate a new struct logsrvd_config and set default values. */ +struct logsrvd_config * +logsrvd_conf_alloc(void) +{ + struct logsrvd_config *config; + debug_decl(logsrvd_conf_alloc, SUDO_DEBUG_UTIL); + + if ((config = calloc(1, sizeof(*config))) == NULL) { + sudo_warn(NULL); + debug_return_ptr(NULL); + } + + /* Server defaults */ + TAILQ_INIT(&config->server.addresses); + config->server.timeout.tv_sec = DEFAULT_SOCKET_TIMEOUT_SEC; + config->server.tcp_keepalive = true; + config->server.pid_file = strdup(_PATH_SUDO_LOGSRVD_PID); + if (config->server.pid_file == NULL) { + sudo_warn(NULL); + goto bad; + } + +#if defined(HAVE_OPENSSL) + /* + * Only set default CA and cert paths if the files actually exist. + * This ensures we don't enable TLS by default when it is not configured. + */ + if (access(DEFAULT_CA_CERT_PATH, R_OK) == 0) { + config->server.tls_config.cacert_path = strdup(DEFAULT_CA_CERT_PATH); + if (config->server.tls_config.cacert_path == NULL) { + sudo_warn(NULL); + goto bad; + } + } + if (access(DEFAULT_SERVER_CERT_PATH, R_OK) == 0) { + config->server.tls_config.cert_path = strdup(DEFAULT_SERVER_CERT_PATH); + if (config->server.tls_config.cert_path == NULL) { + sudo_warn(NULL); + goto bad; + } + } + config->server.tls_config.pkey_path = strdup(DEFAULT_SERVER_KEY_PATH); + if (config->server.tls_config.pkey_path == NULL) { + sudo_warn(NULL); + goto bad; + } + config->server.tls_config.verify = true; + config->server.tls_config.check_peer = false; +#endif + + /* I/O log defaults */ + config->iolog.compress = false; + config->iolog.flush = true; + config->iolog.mode = S_IRUSR|S_IWUSR; + config->iolog.maxseq = SESSID_MAX; + if (!cb_iolog_dir(config, _PATH_SUDO_IO_LOGDIR)) + goto bad; + if (!cb_iolog_file(config, "%{seq}")) + goto bad; + config->iolog.uid = ROOT_UID; + config->iolog.gid = ROOT_GID; + config->iolog.gid_set = false; + + /* Event log defaults */ + config->eventlog.log_type = EVLOG_SYSLOG; + config->eventlog.log_format = EVLOG_SUDO; + + /* Syslog defaults */ + config->syslog.maxlen = 960; + if (!cb_syslog_facility(config, LOGFAC)) { + sudo_warnx(U_("unknown syslog facility %s"), LOGFAC); + goto bad; + } + if (!cb_syslog_acceptpri(config, PRI_SUCCESS)) { + sudo_warnx(U_("unknown syslog priority %s"), PRI_SUCCESS); + goto bad; + } + if (!cb_syslog_rejectpri(config, PRI_FAILURE)) { + sudo_warnx(U_("unknown syslog priority %s"), PRI_FAILURE); + goto bad; + } + if (!cb_syslog_alertpri(config, PRI_FAILURE)) { + sudo_warnx(U_("unknown syslog priority %s"), PRI_FAILURE); + goto bad; + } + + /* Log file defaults */ + if (!cb_logfile_time_format(config, "%h %e %T")) + goto bad; + if (!cb_logfile_path(config, _PATH_SUDO_LOGFILE)) + goto bad; + + debug_return_ptr(config); +bad: + logsrvd_conf_free(config); + debug_return_ptr(NULL); +} + +bool +logsrvd_conf_apply(struct logsrvd_config *config) +{ + debug_decl(logsrvd_conf_apply, SUDO_DEBUG_UTIL); + + /* There can be multiple addresses so we can't set a default earlier. */ + if (TAILQ_EMPTY(&config->server.addresses)) { + /* Enable plaintext listender. */ + if (!cb_listen_address(config, "*:" DEFAULT_PORT)) + debug_return_bool(false); +#if defined(HAVE_OPENSSL) + /* If a certificate was specified, enable the TLS listener too. */ + if (config->server.tls_config.cert_path != NULL) { + if (!cb_listen_address(config, "*:" DEFAULT_PORT_TLS "(tls)")) + debug_return_bool(false); + } + } else { + struct listen_address *addr; + + /* Sanity check the TLS configuration. */ + TAILQ_FOREACH(addr, &config->server.addresses, entries) { + if (!addr->tls) + continue; + /* + * If a TLS listener was explicitly enabled but the cert path + * was not, use the default. + */ + if (config->server.tls_config.cert_path == NULL) { + config->server.tls_config.cert_path = + strdup(DEFAULT_SERVER_CERT_PATH); + if (config->server.tls_config.cert_path == NULL) { + sudo_warn(NULL); + debug_return_bool(false); + } + } + break; + } +#endif + } + + /* Open event log if specified. */ + switch (config->eventlog.log_type) { + case EVLOG_SYSLOG: + openlog("sudo", 0, config->syslog.facility); + break; + case EVLOG_FILE: + config->logfile.stream = logsrvd_open_eventlog(config); + if (config->logfile.stream == NULL) + debug_return_bool(false); + break; + case EVLOG_NONE: + break; + default: + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "cannot open unknown log type %d", config->eventlog.log_type); + break; + } + + /* Set I/O log library settings */ + iolog_set_defaults(); + iolog_set_compress(config->iolog.compress); + iolog_set_flush(config->iolog.flush); + iolog_set_owner(config->iolog.uid, config->iolog.gid); + iolog_set_mode(config->iolog.mode); + iolog_set_maxseq(config->iolog.maxseq); + + logsrvd_conf_free(logsrvd_config); + logsrvd_config = config; + + debug_return_bool(true); +} + +/* + * Read .ini style logsrvd.conf file. + * Note that we use '#' not ';' for the comment character. + */ +bool +logsrvd_conf_read(const char *path) +{ + struct logsrvd_config *config; + bool ret = false; + FILE *fp = NULL; + debug_decl(logsrvd_conf_read, SUDO_DEBUG_UTIL); + + config = logsrvd_conf_alloc(); + + if ((fp = fopen(path, "r")) == NULL) { + if (errno != ENOENT) { + sudo_warn("%s", path); + goto done; + } + } else { + if (!logsrvd_conf_parse(config, fp, path)) + goto done; + } + + /* Install new config */ + if (logsrvd_conf_apply(config)) { + config = NULL; + ret = true; + } + +done: + logsrvd_conf_free(config); + if (fp != NULL) + fclose(fp); + debug_return_bool(ret); +} diff -Nru sudo-1.8.31/logsrvd/logsrvd.h sudo-1.9.0/logsrvd/logsrvd.h --- sudo-1.8.31/logsrvd/logsrvd.h 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/logsrvd/logsrvd.h 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,217 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019-2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef SUDO_LOGSRVD_H +#define SUDO_LOGSRVD_H + +#if PROTOBUF_C_VERSION_NUMBER < 1003000 +# error protobuf-c version 1.30 or higher required +#endif + +#include "config.h" + +#if defined(HAVE_OPENSSL) +# include +#endif + +#include "logsrv_util.h" + +/* Default timeout value for server socket */ +#define DEFAULT_SOCKET_TIMEOUT_SEC 30 + +/* How often to send an ACK to the client (commit point) in seconds */ +#define ACK_FREQUENCY 10 + +/* Shutdown timeout (in seconds) in case client connections time out. */ +#define SHUTDOWN_TIMEO 10 + +/* + * I/O log details from the AcceptMessage + iolog path and sessid. + */ +struct iolog_details { + char *iolog_path; + char *iolog_file; /* substring of iolog_path, do not free */ + char *command; + char *cwd; + char *rungroup; + char *runuser; + char *submithost; + char *submituser; + char *submitgroup; + char *ttyname; + char **argv; + char **env_add; + char **envp; + struct timespec submit_time; + int argc; + int lines; + int columns; + uid_t runuid; + gid_t rungid; + char sessid[7]; +}; + +/* + * Connection status. + * In the RUNNING state we expect I/O log buffers. + */ +enum connection_status { + INITIAL, + RUNNING, + EXITED, + SHUTDOWN, + FLUSHED, + ERROR +}; + +/* + * Per-connection state. + */ +struct connection_closure { + TAILQ_ENTRY(connection_closure) entries; + struct iolog_details details; + struct timespec submit_time; + struct timespec elapsed_time; + struct connection_buffer read_buf; + struct connection_buffer write_buf; + struct sudo_event_base *evbase; + struct sudo_event *commit_ev; + struct sudo_event *read_ev; + struct sudo_event *write_ev; +#if defined(HAVE_OPENSSL) + struct sudo_event *ssl_accept_ev; + SSL *ssl; +#endif + const char *errstr; + struct iolog_file iolog_files[IOFD_MAX]; + bool tls; + bool read_instead_of_write; + bool write_instead_of_read; + bool temporary_write_event; + int iolog_dir_fd; + int sock; +#ifdef HAVE_STRUCT_IN6_ADDR + char ipaddr[INET6_ADDRSTRLEN]; +#else + char ipaddr[INET_ADDRSTRLEN]; +#endif + enum connection_status state; +}; + +union sockaddr_union { + struct sockaddr sa; + struct sockaddr_in sin; +#ifdef HAVE_STRUCT_IN6_ADDR + struct sockaddr_in6 sin6; +#endif +}; + +/* + * List of listen addresses. + */ +struct listen_address { + TAILQ_ENTRY(listen_address) entries; + char *sa_str; + union sockaddr_union sa_un; + socklen_t sa_len; + bool tls; +}; +TAILQ_HEAD(listen_address_list, listen_address); + +/* + * List of active network listeners. + */ +struct listener { + TAILQ_ENTRY(listener) entries; + struct sudo_event *ev; + int sock; + bool tls; +}; +TAILQ_HEAD(listener_list, listener); + +#if defined(HAVE_OPENSSL) +/* parameters to configure tls */ +struct logsrvd_tls_config { + char *pkey_path; + char *cert_path; + char *cacert_path; + char *dhparams_path; + char *ciphers_v12; + char *ciphers_v13; + bool verify; + bool check_peer; +}; + +struct logsrvd_tls_runtime { + SSL_CTX *ssl_ctx; +}; +#endif + +/* Supported eventlog types */ +enum logsrvd_eventlog_type { + EVLOG_NONE, + EVLOG_SYSLOG, + EVLOG_FILE, +}; + +/* Supported eventlog formats (currently just sudo) */ +enum logsrvd_eventlog_format { + EVLOG_SUDO, + EVLOG_JSON +}; + +/* eventlog.c */ +bool log_accept(const struct iolog_details *details, TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen); +bool log_reject(const struct iolog_details *details, const char *reason, TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen); +bool log_alert(const struct iolog_details *details, TimeSpec *alert_time, const char *reason); + +/* iolog_writer.c */ +bool iolog_details_fill(struct iolog_details *details, TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen); +bool iolog_init(AcceptMessage *msg, struct connection_closure *closure); +bool iolog_restart(RestartMessage *msg, struct connection_closure *closure); +int store_iobuf(int iofd, IoBuffer *msg, struct connection_closure *closure); +int store_suspend(CommandSuspend *msg, struct connection_closure *closure); +int store_winsize(ChangeWindowSize *msg, struct connection_closure *closure); +void iolog_close_all(struct connection_closure *closure); +void iolog_details_free(struct iolog_details *details); + +/* logsrvd_conf.c */ +bool logsrvd_conf_read(const char *path); +const char *logsrvd_conf_iolog_dir(void); +const char *logsrvd_conf_iolog_file(void); +struct listen_address_list *logsrvd_conf_listen_address(void); +bool logsrvd_conf_tcp_keepalive(void); +const char *logsrvd_conf_pid_file(void); +struct timespec *logsrvd_conf_get_sock_timeout(void); +#if defined(HAVE_OPENSSL) +const struct logsrvd_tls_config *logsrvd_get_tls_config(void); +struct logsrvd_tls_runtime *logsrvd_get_tls_runtime(void); +#endif +enum logsrvd_eventlog_type logsrvd_conf_eventlog_type(void); +enum logsrvd_eventlog_format logsrvd_conf_eventlog_format(void); +unsigned int logsrvd_conf_syslog_maxlen(void); +int logsrvd_conf_syslog_facility(void); +int logsrvd_conf_syslog_acceptpri(void); +int logsrvd_conf_syslog_rejectpri(void); +int logsrvd_conf_syslog_alertpri(void); +mode_t logsrvd_conf_iolog_mode(void); +const char *logsrvd_conf_logfile_path(void); +FILE *logsrvd_conf_logfile_stream(void); +const char *logsrvd_conf_logfile_time_format(void); + +#endif /* SUDO_LOGSRVD_H */ diff -Nru sudo-1.8.31/logsrvd/logsrv_util.c sudo-1.9.0/logsrvd/logsrv_util.c --- sudo-1.8.31/logsrvd/logsrv_util.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/logsrvd/logsrv_util.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,158 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "config.h" + +#include + +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif +#include +#include +#include +#include +#include + +#include "sudo_gettext.h" /* must be included before sudo_compat.h */ +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_util.h" +#include "sudo_fatal.h" +#include "sudo_iolog.h" +#include "logsrv_util.h" + +/* + * Expand buf as needed or just reset it. + */ +bool +expand_buf(struct connection_buffer *buf, unsigned int needed) +{ + void *newdata; + debug_decl(expand_buf, SUDO_DEBUG_UTIL); + + if (buf->size < needed) { + /* Expand buffer. */ + needed = sudo_pow2_roundup(needed); + if ((newdata = malloc(needed)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to malloc %u", __func__, needed); + debug_return_bool(false); + } + if (buf->off > 0) + memcpy(newdata, buf->data + buf->off, buf->len - buf->off); + free(buf->data); + buf->data = newdata; + buf->size = needed; + } else { + /* Just reset existing buffer. */ + if (buf->off > 0) { + memmove(buf->data, buf->data + buf->off, + buf->len - buf->off); + } + } + buf->len -= buf->off; + buf->off = 0; + + debug_return_bool(true); +} + +/* + * Open any I/O log files that are present. + * The timing file must always exist. + */ +bool +iolog_open_all(int dfd, const char *iolog_dir, struct iolog_file *iolog_files, + const char *mode) +{ + int iofd; + debug_decl(iolog_open_all, SUDO_DEBUG_UTIL); + + for (iofd = 0; iofd < IOFD_MAX; iofd++) { + iolog_files[iofd].enabled = true; + if (!iolog_open(&iolog_files[iofd], dfd, iofd, mode)) { + if (errno != ENOENT) { + sudo_warn(U_("unable to open %s/%s"), iolog_dir, + iolog_fd_to_name(iofd)); + debug_return_bool(false); + } + } + } + if (!iolog_files[IOFD_TIMING].enabled) { + sudo_warn(U_("unable to open %s/%s"), iolog_dir, + iolog_fd_to_name(IOFD_TIMING)); + debug_return_bool(false); + } + debug_return_bool(true); +} + +/* + * Seek to the specified point in time in the I/O logs. + */ +bool +iolog_seekto(int iolog_dir_fd, const char *iolog_path, + struct iolog_file *iolog_files, struct timespec *elapsed_time, + const struct timespec *target) +{ + struct timing_closure timing; + off_t pos; + debug_decl(iolog_seekto, SUDO_DEBUG_UTIL); + + /* Parse timing file until we reach the target point. */ + for (;;) { + if (iolog_read_timing_record(&iolog_files[IOFD_TIMING], &timing) != 0) + goto bad; + sudo_timespecadd(&timing.delay, elapsed_time, elapsed_time); + if (timing.event < IOFD_TIMING) { + if (!iolog_files[timing.event].enabled) { + /* Missing log file. */ + sudo_warn(U_("missing I/O log file %s/%s"), iolog_path, + iolog_fd_to_name(timing.event)); + goto bad; + } + pos = iolog_seek(&iolog_files[timing.event], timing.u.nbytes, + SEEK_CUR); + if (pos == -1) { + sudo_warn(U_("%s/%s: unable to seek forward %zu"), iolog_path, + iolog_fd_to_name(timing.event), timing.u.nbytes); + goto bad; + } + } + if (sudo_timespeccmp(elapsed_time, target, >=)) { + if (sudo_timespeccmp(elapsed_time, target, ==)) + break; + + /* Mismatch between resume point and stored log. */ + sudo_warnx(U_("unable to find resume point [%lld, %ld] in %s/%s"), + (long long)target->tv_sec, target->tv_nsec, iolog_path, + "timing"); + goto bad; + } + } + debug_return_bool(true); +bad: + debug_return_bool(false); +} diff -Nru sudo-1.8.31/logsrvd/logsrv_util.h sudo-1.9.0/logsrvd/logsrv_util.h --- sudo-1.8.31/logsrvd/logsrv_util.h 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/logsrvd/logsrv_util.h 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,43 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019-2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef SUDO_LOGSRV_UTIL_H +#define SUDO_LOGSRV_UTIL_H + +/* Default ports to listen on */ +#define DEFAULT_PORT "30343" +#define DEFAULT_PORT_TLS "30344" + +/* Maximum message size (2Mb) */ +#define MESSAGE_SIZE_MAX (2 * 1024 * 1024) + +struct connection_buffer { + uint8_t *data; + unsigned int size; + unsigned int len; + unsigned int off; +}; + +/* logsrv_util.c */ +struct iolog_file; +bool expand_buf(struct connection_buffer *buf, unsigned int needed); +bool iolog_open_all(int dfd, const char *iolog_dir, struct iolog_file *iolog_files, const char *mode); +bool iolog_seekto(int iolog_dir_fd, const char *iolog_path, struct iolog_file *iolog_files, struct timespec *elapsed_time, const struct timespec *target); + + +#endif /* SUDO_LOGSRV_UTIL_H */ diff -Nru sudo-1.8.31/logsrvd/Makefile.in sudo-1.9.0/logsrvd/Makefile.in --- sudo-1.8.31/logsrvd/Makefile.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/logsrvd/Makefile.in 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,321 @@ +# +# SPDX-License-Identifier: ISC +# +# Copyright (c) 2019 Todd C. Miller +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# +# @configure_input@ +# + +#### Start of system configuration section. #### + +srcdir = @srcdir@ +abs_srcdir = @abs_srcdir@ +top_srcdir = @top_srcdir@ +abs_top_srcdir = @abs_top_srcdir@ +top_builddir = @top_builddir@ +abs_top_builddir = @abs_top_builddir@ +devdir = @devdir@ +scriptdir = $(top_srcdir)/scripts +incdir = $(top_srcdir)/include +rundir = @rundir@ +cross_compiling = @CROSS_COMPILING@ + +# Compiler & tools to use +CC = @CC@ +LIBTOOL = @LIBTOOL@ +SED = @SED@ + +# Our install program supports extra flags... +INSTALL = $(SHELL) $(top_srcdir)/install-sh -c +INSTALL_OWNER = -o $(install_uid) -g $(install_gid) +INSTALL_BACKUP = @INSTALL_BACKUP@ + +# Libraries +LT_LIBS = $(top_builddir)/lib/iolog/libsudo_iolog.la \ + $(top_builddir)/lib/logsrv/liblogsrv.la +LIBS = $(LT_LIBS) @LIBTLS@ + +# C preprocessor defines +CPPDEFS = -D_PATH_SUDO_LOGSRVD_CONF=\"$(sysconfdir)/sudo_logsrvd.conf\" \ + -DLOCALEDIR=\"$(localedir)\" + +# C preprocessor flags +CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(devdir) -I$(srcdir) \ + $(CPPDEFS) @CPPFLAGS@ + +# Usually -O and/or -g +CFLAGS = @CFLAGS@ + +# Flags to pass to the link stage +LDFLAGS = @LDFLAGS@ +LT_LDFLAGS = @LT_LDFLAGS@ + +# Flags to pass to libtool +LTFLAGS = --tag=disable-static + +# Address sanitizer flags +ASAN_CFLAGS = @ASAN_CFLAGS@ +ASAN_LDFLAGS = @ASAN_LDFLAGS@ + +# PIE flags +PIE_CFLAGS = @PIE_CFLAGS@ +PIE_LDFLAGS = @PIE_LDFLAGS@ + +# Stack smashing protection flags +SSP_CFLAGS = @SSP_CFLAGS@ +SSP_LDFLAGS = @SSP_LDFLAGS@ + +# cppcheck options, usually set in the top-level Makefile +CPPCHECK_OPTS = -q --force --enable=warning,performance,portability --suppress=constStatement --error-exitcode=1 --inline-suppr -Dva_copy=va_copy -U__cplusplus -UQUAD_MAX -UQUAD_MIN -UUQUAD_MAX -U_POSIX_HOST_NAME_MAX -U_POSIX_PATH_MAX -U__NBBY -DNSIG=64 + +# splint options, usually set in the top-level Makefile +SPLINT_OPTS = -D__restrict= -checks + +# PVS-studio options +PVS_CFG = $(top_srcdir)/PVS-Studio.cfg +PVS_IGNORE = 'V707,V011,V002,V536' +PVS_LOG_OPTS = -a 'GA:1,2' -e -t errorfile -d $(PVS_IGNORE) + +# Where to install things... +prefix = @prefix@ +exec_prefix = @exec_prefix@ +bindir = @bindir@ +sbindir = @sbindir@ +sysconfdir = @sysconfdir@ +libexecdir = @libexecdir@ +datarootdir = @datarootdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ + +# User and group IDs the installed files should be "owned" by +install_uid = 0 +install_gid = 0 + +#### End of system configuration section. #### + +SHELL = @SHELL@ + +PROGS = sudo_logsrvd sudo_sendlog + +LOGSRVD_OBJS = logsrv_util.o eventlog.o iolog_writer.o logsrvd.o logsrvd_conf.o + +SENDLOG_OBJS = logsrv_util.o sendlog.o + +IOBJS = $(LOGSRVD_OBJS:.o=.i) $(SENDLOG_OBJS:.o=.i) + +POBJS = $(IOBJS:.i=.plog) + +LIBOBJDIR = $(top_builddir)/@ac_config_libobj_dir@/ + +VERSION = @PACKAGE_VERSION@ + +all: $(PROGS) + +depend: + $(scriptdir)/mkdep.pl --srcdir=$(abs_top_srcdir) \ + --builddir=$(abs_top_builddir) logsrvd/Makefile.in + cd $(top_builddir) && ./config.status --file logsrvd/Makefile + +Makefile: $(srcdir)/Makefile.in + cd $(top_builddir) && ./config.status --file logsrvd/Makefile + +.SUFFIXES: .c .h .i .lo .o .plog + +.c.o: + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $< + +.c.lo: + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $< + +.c.i: + $(CC) -E -o $@ $(CPPFLAGS) $< + +.i.plog: + ifile=$<; rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $${ifile%i}c --i-file $< --output-file $@ + +sudo_logsrvd: $(LOGSRVD_OBJS) $(LT_LIBS) + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(LOGSRVD_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) + +sudo_sendlog: $(SENDLOG_OBJS) $(LT_LIBS) + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(SENDLOG_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) + +pre-install: + +install: install-binaries + +install-dirs: + $(SHELL) $(scriptdir)/mkinstalldirs $(DESTDIR)$(sbindir) + +install-binaries: install-dirs $(PROGS) + INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m 0755 sudo_logsrvd $(DESTDIR)$(sbindir)/sudo_logsrvd + INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m 0755 sudo_sendlog $(DESTDIR)$(sbindir)/sudo_sendlog + +install-doc: + +install-includes: + +install-plugin: + +uninstall: + -rm -f $(DESTDIR)$(sbindir)/sudo_logsrvd \ + $(DESTDIR)$(sbindir)/sudo_sendlog + -test -z "$(INSTALL_BACKUP)" || \ + rm -f $(DESTDIR)$(sbindir)/sudo_logsrvd$(INSTALL_BACKUP) \ + $(DESTDIR)$(sbindir)/sudo_sendlog$(INSTALL_BACKUP) + +splint: + splint $(SPLINT_OPTS) -I$(incdir) -I$(top_builddir) -I. -I$(srcdir) $(srcdir)/*.c + +cppcheck: + cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) -I. -I$(srcdir) $(srcdir)/*.c + +pvs-log-files: $(POBJS) + +pvs-studio: $(POBJS) + plog-converter $(PVS_LOG_OPTS) $(POBJS) + +check: + +clean: + -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f $(PROGS) *.lo *.o *.la + -rm -f *.i *.plog stamp-* core *.core core.* + +mostlyclean: clean + +distclean: clean + -rm -rf Makefile .libs + +clobber: distclean + +realclean: distclean + rm -f TAGS tags + +cleandir: realclean + +# Autogenerated dependencies, do not modify +eventlog.o: $(srcdir)/eventlog.c $(incdir)/compat/stdbool.h \ + $(incdir)/log_server.pb-c.h $(incdir)/protobuf-c/protobuf-c.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_json.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/logsrv_util.h $(srcdir)/logsrvd.h $(top_builddir)/config.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/eventlog.c +eventlog.i: $(srcdir)/eventlog.c $(incdir)/compat/stdbool.h \ + $(incdir)/log_server.pb-c.h $(incdir)/protobuf-c/protobuf-c.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_json.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/logsrv_util.h $(srcdir)/logsrvd.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +eventlog.plog: eventlog.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/eventlog.c --i-file $< --output-file $@ +iolog_writer.o: $(srcdir)/iolog_writer.c $(incdir)/compat/stdbool.h \ + $(incdir)/log_server.pb-c.h $(incdir)/protobuf-c/protobuf-c.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/logsrv_util.h $(srcdir)/logsrvd.h \ + $(top_builddir)/config.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_writer.c +iolog_writer.i: $(srcdir)/iolog_writer.c $(incdir)/compat/stdbool.h \ + $(incdir)/log_server.pb-c.h $(incdir)/protobuf-c/protobuf-c.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/logsrv_util.h $(srcdir)/logsrvd.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +iolog_writer.plog: iolog_writer.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_writer.c --i-file $< --output-file $@ +logsrv_util.o: $(srcdir)/logsrv_util.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/logsrv_util.h \ + $(top_builddir)/config.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/logsrv_util.c +logsrv_util.i: $(srcdir)/logsrv_util.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/logsrv_util.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +logsrv_util.plog: logsrv_util.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logsrv_util.c --i-file $< --output-file $@ +logsrvd.o: $(srcdir)/logsrvd.c $(incdir)/compat/getopt.h \ + $(incdir)/compat/stdbool.h $(incdir)/hostcheck.h \ + $(incdir)/log_server.pb-c.h $(incdir)/protobuf-c/protobuf-c.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h $(incdir)/sudo_rand.h \ + $(incdir)/sudo_util.h $(srcdir)/logsrv_util.h $(srcdir)/logsrvd.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/logsrvd.c +logsrvd.i: $(srcdir)/logsrvd.c $(incdir)/compat/getopt.h \ + $(incdir)/compat/stdbool.h $(incdir)/hostcheck.h \ + $(incdir)/log_server.pb-c.h $(incdir)/protobuf-c/protobuf-c.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h $(incdir)/sudo_rand.h \ + $(incdir)/sudo_util.h $(srcdir)/logsrv_util.h $(srcdir)/logsrvd.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +logsrvd.plog: logsrvd.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logsrvd.c --i-file $< --output-file $@ +logsrvd_conf.o: $(srcdir)/logsrvd_conf.c $(incdir)/compat/getaddrinfo.h \ + $(incdir)/compat/stdbool.h $(incdir)/log_server.pb-c.h \ + $(incdir)/protobuf-c/protobuf-c.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/logsrv_util.h $(srcdir)/logsrvd.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/logsrvd_conf.c +logsrvd_conf.i: $(srcdir)/logsrvd_conf.c $(incdir)/compat/getaddrinfo.h \ + $(incdir)/compat/stdbool.h $(incdir)/log_server.pb-c.h \ + $(incdir)/protobuf-c/protobuf-c.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/logsrv_util.h $(srcdir)/logsrvd.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +logsrvd_conf.plog: logsrvd_conf.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logsrvd_conf.c --i-file $< --output-file $@ +sendlog.o: $(srcdir)/sendlog.c $(incdir)/compat/getaddrinfo.h \ + $(incdir)/compat/getopt.h $(incdir)/compat/stdbool.h \ + $(incdir)/hostcheck.h $(incdir)/log_server.pb-c.h \ + $(incdir)/protobuf-c/protobuf-c.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/logsrv_util.h $(srcdir)/sendlog.h $(top_builddir)/config.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/sendlog.c +sendlog.i: $(srcdir)/sendlog.c $(incdir)/compat/getaddrinfo.h \ + $(incdir)/compat/getopt.h $(incdir)/compat/stdbool.h \ + $(incdir)/hostcheck.h $(incdir)/log_server.pb-c.h \ + $(incdir)/protobuf-c/protobuf-c.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/logsrv_util.h $(srcdir)/sendlog.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +sendlog.plog: sendlog.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/sendlog.c --i-file $< --output-file $@ diff -Nru sudo-1.8.31/logsrvd/sendlog.c sudo-1.9.0/logsrvd/sendlog.c --- sudo-1.8.31/logsrvd/sendlog.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/logsrvd/sendlog.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,1734 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019-2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif +#include +#include +#include +#include +#include + +#include "log_server.pb-c.h" +#include "sudo_gettext.h" /* must be included before sudo_compat.h */ +#include "sudo_compat.h" +#include "sudo_conf.h" +#include "sudo_debug.h" +#include "sudo_util.h" +#include "sudo_event.h" +#include "sudo_fatal.h" +#include "sudo_iolog.h" +#include "hostcheck.h" +#include "sendlog.h" + +#if defined(HAVE_OPENSSL) +# include +# include +#endif + +#ifndef HAVE_GETADDRINFO +# include "compat/getaddrinfo.h" +#endif +#ifdef HAVE_GETOPT_LONG +# include +# else +# include "compat/getopt.h" +#endif /* HAVE_GETOPT_LONG */ + +#if defined(HAVE_OPENSSL) +# define TLS_HANDSHAKE_TIMEO_SEC 10 +#endif + +TAILQ_HEAD(connection_list, client_closure); +static struct connection_list connections = TAILQ_HEAD_INITIALIZER(connections); + +static const char *server_name = "localhost"; +#if defined(HAVE_STRUCT_IN6_ADDR) +static char server_ip[INET6_ADDRSTRLEN]; +#else +static char server_ip[INET_ADDRSTRLEN]; +#endif +static char *iolog_dir; +static bool testrun = false; +static int nr_of_conns = 1; +static int finished_transmissions = 0; + +#if defined(HAVE_OPENSSL) +static SSL_CTX *ssl_ctx = NULL; +static const char *ca_bundle = NULL; +static const char *cert = NULL; +static const char *key = NULL; +static bool verify_server = true; +#endif + +/* Server callback may redirect to client callback for TLS. */ +static void client_msg_cb(int fd, int what, void *v); +static void server_msg_cb(int fd, int what, void *v); + +static void +usage(bool fatal) +{ +#if defined(HAVE_OPENSSL) + fprintf(stderr, "usage: %s [-V] [-b ca_bundle] [-c cert_file] [-h host] " + "[-i iolog-id] [-k key_file] [-p port] " +#else + fprintf(stderr, "usage: %s [-V] [-h host] [-i iolog-id] [-p port] " +#endif + "[-r restart-point] [-t number] /path/to/iolog\n", getprogname()); + if (fatal) + exit(EXIT_FAILURE); +} + +static void +help(void) +{ + (void)printf(_("%s - send sudo I/O log to remote server\n\n"), + getprogname()); + usage(false); + (void)puts(_("\nOptions:\n" + " --help display help message and exit\n" + " -h, --host host to send logs to\n" + " -i, --iolog_id remote ID of I/O log to be resumed\n" + " -p, --port port to use when connecting to host\n" + " -r, --restart restart previous I/O log transfer\n" + " -t, --test test audit server by sending selected I/O log n times in parallel\n" +#if defined(HAVE_OPENSSL) + " -b, --ca-bundle certificate bundle file to verify server's cert against\n" + " -c, --cert certificate file for TLS handshake\n" + " -k, --key private key file\n" +#endif + " -V, --version display version information and exit\n")); + exit(EXIT_SUCCESS); +} + +/* + * Connect to specified host:port + * If host has multiple addresses, the first one that connects is used. + * Returns open socket or -1 on error. + */ +static int +connect_server(const char *host, const char *port) +{ + struct addrinfo hints, *res, *res0; + const char *cause = "getaddrinfo"; + int error, sock, save_errno; + debug_decl(connect_server, SUDO_DEBUG_UTIL); + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + error = getaddrinfo(host, port, &hints, &res0); + if (error != 0) { + sudo_warnx(U_("unable to look up %s:%s: %s"), host, port, + gai_strerror(error)); + debug_return_int(-1); + } + + sock = -1; + for (res = res0; res; res = res->ai_next) { + sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol); + if (sock == -1) { + cause = "socket"; + continue; + } + if (connect(sock, res->ai_addr, res->ai_addrlen) == -1) { + cause = "connect"; + save_errno = errno; + close(sock); + errno = save_errno; + sock = -1; + continue; + } + if (*server_ip == '\0') { + if (inet_ntop(res->ai_family, res->ai_addr, server_ip, + sizeof(server_ip)) == NULL) { + sudo_warnx(U_("unable to get server IP addr")); + } + } + break; /* success */ + } + freeaddrinfo(res0); + + if (sock != -1) { + int flags = fcntl(sock, F_GETFL, 0); + if (flags == -1 || fcntl(sock, F_SETFL, flags | O_NONBLOCK) == -1) { + cause = "fcntl(O_NONBLOCK)"; + save_errno = errno; + close(sock); + errno = save_errno; + sock = -1; + } + } + if (sock == -1) + sudo_warn("%s", cause); + + debug_return_int(sock); +} + +/* + * Read the next I/O buffer as described by closure->timing. + */ +static bool +read_io_buf(struct client_closure *closure) +{ + struct timing_closure *timing = &closure->timing; + const char *errstr = NULL; + size_t nread; + debug_decl(read_io_buf, SUDO_DEBUG_UTIL); + + if (!closure->iolog_files[timing->event].enabled) { + errno = ENOENT; + sudo_warn("%s/%s", iolog_dir, iolog_fd_to_name(timing->event)); + debug_return_bool(false); + } + + /* Expand buf as needed. */ + if (timing->u.nbytes > closure->bufsize) { + free(closure->buf); + closure->bufsize = sudo_pow2_roundup(timing->u.nbytes); + if ((closure->buf = malloc(closure->bufsize)) == NULL) { + sudo_warn(NULL); + timing->u.nbytes = 0; + debug_return_bool(false); + } + } + + nread = iolog_read(&closure->iolog_files[timing->event], closure->buf, + timing->u.nbytes, &errstr); + if (nread != timing->u.nbytes) { + sudo_warnx(U_("unable to read %s/%s: %s"), iolog_dir, + iolog_fd_to_name(timing->event), errstr); + debug_return_bool(false); + } + debug_return_bool(true); +} + +/* + * Format a ClientMessage and store the wire format message in buf. + * Returns true on success, false on failure. + */ +static bool +fmt_client_message(struct connection_buffer *buf, ClientMessage *msg) +{ + uint32_t msg_len; + bool ret = false; + size_t len; + debug_decl(fmt_client_message, SUDO_DEBUG_UTIL); + + len = client_message__get_packed_size(msg); + if (len > MESSAGE_SIZE_MAX) { + sudo_warnx(U_("client message too large: %zu"), len); + goto done; + } + /* Wire message size is used for length encoding, precedes message. */ + msg_len = htonl((uint32_t)len); + len += sizeof(msg_len); + + /* Resize buffer as needed. */ + if (len > buf->size) { + free(buf->data); + buf->size = sudo_pow2_roundup(len); + if ((buf->data = malloc(buf->size)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to malloc %u", buf->size); + buf->size = 0; + goto done; + } + } + + memcpy(buf->data, &msg_len, sizeof(msg_len)); + client_message__pack(msg, buf->data + sizeof(msg_len)); + buf->len = len; + ret = true; + +done: + debug_return_bool(ret); +} + +/* + * Split command + args into an array of strings. + * Returns an array containing command and args, reusing space in "command". + * Note that the returned array does not end with a terminating NULL. + */ +static char ** +split_command(char *command, size_t *lenp) +{ + char *cp; + char **args; + size_t len; + debug_decl(split_command, SUDO_DEBUG_UTIL); + + for (cp = command, len = 0;;) { + len++; + if ((cp = strchr(cp, ' ')) == NULL) + break; + cp++; + } + args = reallocarray(NULL, len, sizeof(char *)); + if (args == NULL) + debug_return_ptr(NULL); + + for (cp = command, len = 0;;) { + args[len++] = cp; + if ((cp = strchr(cp, ' ')) == NULL) + break; + *cp++ = '\0'; + } + + *lenp = len; + debug_return_ptr(args); +} + +static bool +fmt_client_hello(struct client_closure *closure) +{ + ClientMessage client_msg = CLIENT_MESSAGE__INIT; + ClientHello hello_msg = CLIENT_HELLO__INIT; + bool ret = false; + debug_decl(fmt_client_hello, SUDO_DEBUG_UTIL); + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: sending ClientHello", __func__); + hello_msg.client_id = "Sendlog Version 0.1"; + + /* Schedule ClientMessage */ + client_msg.hello_msg = &hello_msg; + client_msg.type_case = CLIENT_MESSAGE__TYPE_HELLO_MSG; + ret = fmt_client_message(&closure->write_buf, &client_msg); + if (ret) { + if (sudo_ev_add(closure->evbase, closure->read_ev, NULL, false) == -1) + ret = false; + if (sudo_ev_add(closure->evbase, closure->write_ev, NULL, false) == -1) + ret = false; + } + + debug_return_bool(ret); +} + +/* + * Build and format an AcceptMessage wrapped in a ClientMessage. + * Stores the wire format message in the closure's write buffer. + * Returns true on success, false on failure. + */ +static bool +fmt_accept_message(struct client_closure *closure) +{ + ClientMessage client_msg = CLIENT_MESSAGE__INIT; + AcceptMessage accept_msg = ACCEPT_MESSAGE__INIT; + TimeSpec tv = TIME_SPEC__INIT; + InfoMessage__StringList runargv = INFO_MESSAGE__STRING_LIST__INIT; + struct iolog_info *log_info = closure->log_info; + char *hostname; + bool ret = false; + size_t info_msgs_size, n; + debug_decl(fmt_accept_message, SUDO_DEBUG_UTIL); + + /* + * Fill in AcceptMessage and add it to ClientMessage. + */ + if ((hostname = sudo_gethostname()) == NULL) { + sudo_warn("gethostname"); + debug_return_bool(false); + } + + /* Sudo I/O logs only store start time in seconds. */ + tv.tv_sec = log_info->tstamp.tv_sec; + tv.tv_nsec = log_info->tstamp.tv_nsec; + accept_msg.submit_time = &tv; + + /* Client will send IoBuffer messages. */ + accept_msg.expect_iobufs = true; + + /* Split command into a StringList. */ + runargv.strings = split_command(log_info->cmd, &runargv.n_strings); + if (runargv.strings == NULL) + sudo_fatal(NULL); + + /* The sudo I/O log info file has limited info. */ + info_msgs_size = 10; + accept_msg.info_msgs = calloc(info_msgs_size, sizeof(InfoMessage *)); + if (accept_msg.info_msgs == NULL) { + info_msgs_size = 0; + goto done; + } + for (n = 0; n < info_msgs_size; n++) { + accept_msg.info_msgs[n] = malloc(sizeof(InfoMessage)); + if (accept_msg.info_msgs[n] == NULL) { + info_msgs_size = n; + goto done; + } + info_message__init(accept_msg.info_msgs[n]); + } + + /* Fill in info_msgs */ + n = 0; + accept_msg.info_msgs[n]->key = "command"; + accept_msg.info_msgs[n]->strval = log_info->cmd; + accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; + n++; + + accept_msg.info_msgs[n]->key = "columns"; + accept_msg.info_msgs[n]->numval = log_info->cols; + accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_NUMVAL; + n++; + + accept_msg.info_msgs[n]->key = "lines"; + accept_msg.info_msgs[n]->numval = log_info->lines; + accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_NUMVAL; + n++; + + accept_msg.info_msgs[n]->key = "runargv"; + accept_msg.info_msgs[n]->strlistval = &runargv; + accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRLISTVAL; + n++; + + if (log_info->runas_group != NULL) { + accept_msg.info_msgs[n]->key = "rungroup"; + accept_msg.info_msgs[n]->strval = log_info->runas_group; + accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; + n++; + } + + accept_msg.info_msgs[n]->key = "runuser"; + accept_msg.info_msgs[n]->strval = log_info->runas_user; + accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; + n++; + + accept_msg.info_msgs[n]->key = "submitcwd"; + accept_msg.info_msgs[n]->strval = log_info->cwd; + accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; + n++; + + accept_msg.info_msgs[n]->key = "submithost"; + accept_msg.info_msgs[n]->strval = hostname; + accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; + n++; + + accept_msg.info_msgs[n]->key = "submituser"; + accept_msg.info_msgs[n]->strval = log_info->user; + accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; + n++; + + accept_msg.info_msgs[n]->key = "ttyname"; + accept_msg.info_msgs[n]->strval = log_info->tty; + accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; + n++; + + /* Update n_info_msgs. */ + accept_msg.n_info_msgs = n; + + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: sending AcceptMessage, array length %zu", __func__, n); + + /* Schedule ClientMessage */ + client_msg.accept_msg = &accept_msg; + client_msg.type_case = CLIENT_MESSAGE__TYPE_ACCEPT_MSG; + ret = fmt_client_message(&closure->write_buf, &client_msg); + if (ret) { + if (sudo_ev_add(closure->evbase, closure->write_ev, NULL, false) == -1) + ret = false; + } + +done: + for (n = 0; n < info_msgs_size; n++) { + free(accept_msg.info_msgs[n]); + } + free(accept_msg.info_msgs); + free(hostname); + free(runargv.strings); + + debug_return_bool(ret); +} + +/* + * Build and format a RestartMessage wrapped in a ClientMessage. + * Stores the wire format message in the closure's write buffer. + * Returns true on success, false on failure. + */ +static bool +fmt_restart_message(struct client_closure *closure) +{ + ClientMessage client_msg = CLIENT_MESSAGE__INIT; + RestartMessage restart_msg = RESTART_MESSAGE__INIT; + TimeSpec tv = TIME_SPEC__INIT; + bool ret = false; + debug_decl(fmt_restart_message, SUDO_DEBUG_UTIL); + + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: sending RestartMessage, [%lld, %ld]", __func__, + (long long)closure->restart.tv_sec, closure->restart.tv_nsec); + + tv.tv_sec = closure->restart.tv_sec; + tv.tv_nsec = closure->restart.tv_nsec; + restart_msg.resume_point = &tv; + restart_msg.log_id = (char *)closure->iolog_id; + + /* Schedule ClientMessage */ + client_msg.restart_msg = &restart_msg; + client_msg.type_case = CLIENT_MESSAGE__TYPE_RESTART_MSG; + ret = fmt_client_message(&closure->write_buf, &client_msg); + if (ret) { + if (sudo_ev_add(closure->evbase, closure->write_ev, NULL, false) == -1) + ret = false; + } + + debug_return_bool(ret); +} + +/* + * Build and format an ExitMessage wrapped in a ClientMessage. + * Stores the wire format message in the closure's write buffer. + * Returns true on success, false on failure. + */ +static bool +fmt_exit_message(struct client_closure *closure) +{ + ClientMessage client_msg = CLIENT_MESSAGE__INIT; + ExitMessage exit_msg = EXIT_MESSAGE__INIT; + bool ret = false; + debug_decl(fmt_exit_message, SUDO_DEBUG_UTIL); + + /* + * We don't have enough data in a sudo I/O log to create a real + * exit message. For example, the exit value and run time are + * not known. This results in a zero-sized message. + */ + exit_msg.exit_value = 0; + + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: sending ExitMessage, exit value %d", + __func__, exit_msg.exit_value); + + /* Send ClientMessage */ + client_msg.exit_msg = &exit_msg; + client_msg.type_case = CLIENT_MESSAGE__TYPE_EXIT_MSG; + if (!fmt_client_message(&closure->write_buf, &client_msg)) + goto done; + + ret = true; + +done: + debug_return_bool(ret); +} + +/* + * Build and format an IoBuffer wrapped in a ClientMessage. + * Stores the wire format message in buf. + * Returns true on success, false on failure. + */ +static bool +fmt_io_buf(int type, struct client_closure *closure, + struct connection_buffer *buf) +{ + ClientMessage client_msg = CLIENT_MESSAGE__INIT; + IoBuffer iobuf_msg = IO_BUFFER__INIT; + TimeSpec delay = TIME_SPEC__INIT; + bool ret = false; + debug_decl(fmt_io_buf, SUDO_DEBUG_UTIL); + + if (!read_io_buf(closure)) + goto done; + + /* Fill in IoBuffer. */ + /* TODO: split buffer if it is too large */ + delay.tv_sec = closure->timing.delay.tv_sec; + delay.tv_nsec = closure->timing.delay.tv_nsec; + iobuf_msg.delay = &delay; + iobuf_msg.data.data = (void *)closure->buf; + iobuf_msg.data.len = closure->timing.u.nbytes; + + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: sending IoBuffer length %zu, type %d, size %zu", __func__, + iobuf_msg.data.len, type, io_buffer__get_packed_size(&iobuf_msg)); + + /* Send ClientMessage, it doesn't matter which IoBuffer we set. */ + client_msg.ttyout_buf = &iobuf_msg; + client_msg.type_case = type; + if (!fmt_client_message(buf, &client_msg)) + goto done; + + ret = true; + +done: + debug_return_bool(ret); +} + +/* + * Build and format a ChangeWindowSize message wrapped in a ClientMessage. + * Stores the wire format message in buf. + * Returns true on success, false on failure. + */ +static bool +fmt_winsize(struct client_closure *closure, struct connection_buffer *buf) +{ + ClientMessage client_msg = CLIENT_MESSAGE__INIT; + ChangeWindowSize winsize_msg = CHANGE_WINDOW_SIZE__INIT; + TimeSpec delay = TIME_SPEC__INIT; + struct timing_closure *timing = &closure->timing; + bool ret = false; + debug_decl(fmt_winsize, SUDO_DEBUG_UTIL); + + /* Fill in ChangeWindowSize message. */ + delay.tv_sec = timing->delay.tv_sec; + delay.tv_nsec = timing->delay.tv_nsec; + winsize_msg.delay = &delay; + winsize_msg.rows = timing->u.winsize.lines; + winsize_msg.cols = timing->u.winsize.cols; + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: sending ChangeWindowSize, %dx%d", + __func__, winsize_msg.rows, winsize_msg.cols); + + /* Send ClientMessage */ + client_msg.winsize_event = &winsize_msg; + client_msg.type_case = CLIENT_MESSAGE__TYPE_WINSIZE_EVENT; + if (!fmt_client_message(buf, &client_msg)) + goto done; + + ret = true; + +done: + debug_return_bool(ret); +} + +/* + * Build and format a CommandSuspend message wrapped in a ClientMessage. + * Stores the wire format message in buf. + * Returns true on success, false on failure. + */ +static bool +fmt_suspend(struct client_closure *closure, struct connection_buffer *buf) +{ + ClientMessage client_msg = CLIENT_MESSAGE__INIT; + CommandSuspend suspend_msg = COMMAND_SUSPEND__INIT; + TimeSpec delay = TIME_SPEC__INIT; + struct timing_closure *timing = &closure->timing; + bool ret = false; + debug_decl(fmt_suspend, SUDO_DEBUG_UTIL); + + /* Fill in CommandSuspend message. */ + delay.tv_sec = timing->delay.tv_sec; + delay.tv_nsec = timing->delay.tv_nsec; + suspend_msg.delay = &delay; + if (sig2str(timing->u.signo, closure->buf) == -1) + goto done; + suspend_msg.signal = closure->buf; + + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: sending CommandSuspend, SIG%s", __func__, suspend_msg.signal); + + /* Send ClientMessage */ + client_msg.suspend_event = &suspend_msg; + client_msg.type_case = CLIENT_MESSAGE__TYPE_SUSPEND_EVENT; + if (!fmt_client_message(buf, &client_msg)) + goto done; + + ret = true; + +done: + debug_return_bool(ret); +} + +/* + * Read the next entry for the I/O log timing file and format a ClientMessage. + * Stores the wire format message in the closure's write buffer. + * Returns true on success, false on failure. + */ +static bool +fmt_next_iolog(struct client_closure *closure) +{ + struct timing_closure *timing = &closure->timing; + struct connection_buffer *buf = &closure->write_buf; + bool ret = false; + debug_decl(fmt_next_iolog, SUDO_DEBUG_UTIL); + + if (buf->len != 0) { + sudo_warnx(U_("%s: write buffer already in use"), __func__); + debug_return_bool(false); + } + + /* TODO: fill write buffer with multiple messages */ +again: + switch (iolog_read_timing_record(&closure->iolog_files[IOFD_TIMING], timing)) { + case 0: + /* OK */ + break; + case 1: + /* no more IO buffers */ + closure->state = SEND_EXIT; + debug_return_bool(fmt_exit_message(closure)); + case -1: + default: + debug_return_bool(false); + } + + /* Track elapsed time for comparison with commit points. */ + sudo_timespecadd(&timing->delay, &closure->elapsed, &closure->elapsed); + + /* If we have a restart point, ignore records until we hit it. */ + if (sudo_timespecisset(&closure->restart)) { + if (sudo_timespeccmp(&closure->restart, &closure->elapsed, >=)) + goto again; + sudo_timespecclear(&closure->restart); /* caught up */ + } + + switch (timing->event) { + case IO_EVENT_STDIN: + ret = fmt_io_buf(CLIENT_MESSAGE__TYPE_STDIN_BUF, closure, buf); + break; + case IO_EVENT_STDOUT: + ret = fmt_io_buf(CLIENT_MESSAGE__TYPE_STDOUT_BUF, closure, buf); + break; + case IO_EVENT_STDERR: + ret = fmt_io_buf(CLIENT_MESSAGE__TYPE_STDERR_BUF, closure, buf); + break; + case IO_EVENT_TTYIN: + ret = fmt_io_buf(CLIENT_MESSAGE__TYPE_TTYIN_BUF, closure, buf); + break; + case IO_EVENT_TTYOUT: + ret = fmt_io_buf(CLIENT_MESSAGE__TYPE_TTYOUT_BUF, closure, buf); + break; + case IO_EVENT_WINSIZE: + ret = fmt_winsize(closure, buf); + break; + case IO_EVENT_SUSPEND: + ret = fmt_suspend(closure, buf); + break; + default: + sudo_warnx(U_("unexpected I/O event %d"), timing->event); + break; + } + + debug_return_bool(ret); +} + +/* + * Additional work to do after a ClientMessage was sent to the server. + * Advances state and formats the next ClientMessage (if any). + */ +static bool +client_message_completion(struct client_closure *closure) +{ + debug_decl(client_message_completion, SUDO_DEBUG_UTIL); + + switch (closure->state) { + case RECV_HELLO: + /* Wait for ServerHello, nothing to write until then. */ + sudo_ev_del(closure->evbase, closure->write_ev); + break; + case SEND_ACCEPT: + case SEND_RESTART: + closure->state = SEND_IO; + /* FALLTHROUGH */ + case SEND_IO: + /* fmt_next_iolog() will advance state on EOF. */ + if (!fmt_next_iolog(closure)) + debug_return_bool(false); + break; + case SEND_EXIT: + /* Done writing, just waiting for final commit point. */ + sudo_ev_del(closure->evbase, closure->write_ev); + closure->state = CLOSING; + break; + default: + sudo_warnx(U_("%s: unexpected state %d"), __func__, closure->state); + debug_return_bool(false); + } + debug_return_bool(true); +} + +/* + * Respond to a ServerHello message from the server. + * Returns true on success, false on error. + */ +static bool +handle_server_hello(ServerHello *msg, struct client_closure *closure) +{ + size_t n; + debug_decl(handle_server_hello, SUDO_DEBUG_UTIL); + + if (closure->state != RECV_HELLO) { + sudo_warnx(U_("%s: unexpected state %d"), __func__, closure->state); + debug_return_bool(false); + } + + /* Sanity check ServerHello message. */ + if (msg->server_id == NULL || msg->server_id[0] == '\0') { + sudo_warnx("%s", U_("invalid ServerHello")); + debug_return_bool(false); + } + + if (!testrun) { + printf("Server ID: %s\n", msg->server_id); + /* TODO: handle redirect */ + if (msg->redirect != NULL && msg->redirect[0] != '\0') + printf("Redirect: %s\n", msg->redirect); + for (n = 0; n < msg->n_servers; n++) { + printf("Server %zu: %s\n", n + 1, msg->servers[n]); + } + } + + debug_return_bool(true); +} + +/* + * Respond to a CommitPoint message from the server. + * Returns true on success, false on error. + */ +static bool +handle_commit_point(TimeSpec *commit_point, struct client_closure *closure) +{ + debug_decl(handle_commit_point, SUDO_DEBUG_UTIL); + + /* Only valid after we have sent an IO buffer. */ + if (closure->state < SEND_IO) { + sudo_warnx(U_("%s: unexpected state %d"), __func__, closure->state); + debug_return_bool(false); + } + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: commit point: [%lld, %d]", + __func__, (long long)commit_point->tv_sec, commit_point->tv_nsec); + closure->committed.tv_sec = commit_point->tv_sec; + closure->committed.tv_nsec = commit_point->tv_nsec; + + debug_return_bool(true); +} + +/* + * Respond to a LogId message from the server. + * Always returns true. + */ +static bool +handle_log_id(char *id, struct client_closure *closure) +{ + debug_decl(handle_log_id, SUDO_DEBUG_UTIL); + + if (!testrun) + printf("Remote log ID: %s\n", id); + + debug_return_bool(true); +} + +/* + * Respond to a ServerError message from the server. + * Always returns false. + */ +static bool +handle_server_error(char *errmsg, struct client_closure *closure) +{ + debug_decl(handle_server_error, SUDO_DEBUG_UTIL); + + sudo_warnx(U_("error message received from server: %s"), errmsg); + debug_return_bool(false); +} + +/* + * Respond to a ServerAbort message from the server. + * Always returns false. + */ +static bool +handle_server_abort(char *errmsg, struct client_closure *closure) +{ + debug_decl(handle_server_abort, SUDO_DEBUG_UTIL); + + sudo_warnx(U_("abort message received from server: %s"), errmsg); + debug_return_bool(false); +} + +/* + * Respond to a ServerMessage from the server. + * Returns true on success, false on error. + */ +static bool +handle_server_message(uint8_t *buf, size_t len, + struct client_closure *closure) +{ + ServerMessage *msg; + bool ret = false; + debug_decl(handle_server_message, SUDO_DEBUG_UTIL); + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: unpacking ServerMessage", __func__); + msg = server_message__unpack(NULL, len, buf); + if (msg == NULL) { + sudo_warnx("%s", U_("unable to unpack ServerMessage")); + debug_return_bool(false); + } + + switch (msg->type_case) { + case SERVER_MESSAGE__TYPE_HELLO: + if ((ret = handle_server_hello(msg->hello, closure))) { + if (sudo_timespecisset(&closure->restart)) { + closure->state = SEND_RESTART; + ret = fmt_restart_message(closure); + } else { + closure->state = SEND_ACCEPT; + ret = fmt_accept_message(closure); + } + } + break; + case SERVER_MESSAGE__TYPE_COMMIT_POINT: + ret = handle_commit_point(msg->commit_point, closure); + if (sudo_timespeccmp(&closure->elapsed, &closure->committed, ==)) { + sudo_ev_del(closure->evbase, closure->read_ev); + closure->state = FINISHED; + if (++finished_transmissions == nr_of_conns) + sudo_ev_loopexit(closure->evbase); + } + break; + case SERVER_MESSAGE__TYPE_LOG_ID: + ret = handle_log_id(msg->log_id, closure); + break; + case SERVER_MESSAGE__TYPE_ERROR: + ret = handle_server_error(msg->error, closure); + closure->state = ERROR; + break; + case SERVER_MESSAGE__TYPE_ABORT: + ret = handle_server_abort(msg->abort, closure); + closure->state = ERROR; + break; + default: + sudo_warnx(U_("%s: unexpected type_case value %d"), + __func__, msg->type_case); + break; + } + + server_message__free_unpacked(msg, NULL); + debug_return_bool(ret); +} + +/* + * Read and unpack a ServerMessage (read callback). + */ +static void +server_msg_cb(int fd, int what, void *v) +{ + struct client_closure *closure = v; + struct connection_buffer *buf = &closure->read_buf; + ssize_t nread; + uint32_t msg_len; + debug_decl(server_msg_cb, SUDO_DEBUG_UTIL); + + /* For TLS we may need to read as part of SSL_write(). */ + if (closure->write_instead_of_read) { + closure->write_instead_of_read = false; + client_msg_cb(fd, what, v); + debug_return; + } + + if (what == SUDO_EV_TIMEOUT) { + sudo_warnx(U_("timeout reading from server")); + goto bad; + } + +#if defined(HAVE_OPENSSL) + if (cert != NULL) { + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: reading ServerMessage (TLS)", __func__); + nread = SSL_read(closure->ssl, buf->data + buf->len, buf->size - buf->len); + if (nread <= 0) { + const char *errstr; + int err; + + switch (SSL_get_error(closure->ssl, nread)) { + case SSL_ERROR_ZERO_RETURN: + /* ssl connection shutdown cleanly */ + nread = 0; + break; + case SSL_ERROR_WANT_READ: + /* ssl wants to read more, read event is always active */ + sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO, + "SSL_read returns SSL_ERROR_WANT_READ"); + debug_return; + case SSL_ERROR_WANT_WRITE: + /* ssl wants to write, schedule a write if not pending */ + sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO, + "SSL_read returns SSL_ERROR_WANT_WRITE"); + if (!sudo_ev_pending(closure->write_ev, SUDO_EV_WRITE, NULL)) { + /* Enable a temporary write event. */ + if (sudo_ev_add(closure->evbase, closure->write_ev, NULL, false) == -1) { + sudo_warnx(U_("unable to add event to queue")); + goto bad; + } + closure->temporary_write_event = true; + } + /* Redirect write event to finish SSL_read() */ + closure->read_instead_of_write = true; + debug_return; + case SSL_ERROR_SSL: + /* + * For TLS 1.3, if the cert verify function on the server + * returns an error, OpenSSL will send an internal error + * alert when we read ServerHello. Convert to a more useful + * message and hope that no actual internal error occurs. + */ + err = ERR_get_error(); + if (closure->state == RECV_HELLO && + ERR_GET_REASON(err) == SSL_R_TLSV1_ALERT_INTERNAL_ERROR) { + errstr = "host name does not match certificate"; + } else { + errstr = ERR_reason_error_string(err); + } + sudo_warnx("%s", errstr); + goto bad; + case SSL_ERROR_SYSCALL: + sudo_warn("recv"); + goto bad; + default: + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx("recv: %s", errstr); + goto bad; + } + } + } else +#endif + { + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: reading ServerMessage", __func__); + nread = recv(fd, buf->data + buf->len, buf->size - buf->len, 0); + } + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received %zd bytes from server", + __func__, nread); + switch (nread) { + case -1: + if (errno == EAGAIN) + debug_return; + sudo_warn("recv"); + goto bad; + case 0: + sudo_warnx("%s", U_("premature EOF")); + goto bad; + default: + break; + } + buf->len += nread; + + while (buf->len - buf->off >= sizeof(msg_len)) { + /* Read wire message size (uint32_t in network byte order). */ + memcpy(&msg_len, buf->data + buf->off, sizeof(msg_len)); + msg_len = ntohl(msg_len); + + if (msg_len > MESSAGE_SIZE_MAX) { + sudo_warnx(U_("server message too large: %u"), msg_len); + goto bad; + } + + if (msg_len + sizeof(msg_len) > buf->len - buf->off) { + /* Incomplete message, we'll read the rest next time. */ + if (!expand_buf(buf, msg_len + sizeof(msg_len))) + goto bad; + debug_return; + } + + /* Parse ServerMessage, could be zero bytes. */ + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: parsing ServerMessage, size %u", __func__, msg_len); + buf->off += sizeof(msg_len); + if (!handle_server_message(buf->data + buf->off, msg_len, closure)) + goto bad; + buf->off += msg_len; + } + buf->len -= buf->off; + buf->off = 0; + debug_return; +bad: + sudo_ev_del(closure->evbase, closure->read_ev); + debug_return; +} + +/* + * Send a ClientMessage to the server (write callback). + */ +static void +client_msg_cb(int fd, int what, void *v) +{ + struct client_closure *closure = v; + struct connection_buffer *buf = &closure->write_buf; + ssize_t nwritten; + debug_decl(client_msg_cb, SUDO_DEBUG_UTIL); + + /* For TLS we may need to write as part of SSL_read(). */ + if (closure->read_instead_of_write) { + closure->read_instead_of_write = false; + /* Delete write event if it was only due to SSL_read(). */ + if (closure->temporary_write_event) { + closure->temporary_write_event = false; + sudo_ev_del(closure->evbase, closure->write_ev); + } + server_msg_cb(fd, what, v); + debug_return; + } + + if (what == SUDO_EV_TIMEOUT) { + sudo_warnx(U_("timeout writing to server")); + goto bad; + } + + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: sending %u bytes to server", __func__, buf->len - buf->off); + +#if defined(HAVE_OPENSSL) + if (cert != NULL) { + nwritten = SSL_write(closure->ssl, buf->data + buf->off, buf->len - buf->off); + if (nwritten <= 0) { + const char *errstr; + + switch (SSL_get_error(closure->ssl, nwritten)) { + case SSL_ERROR_ZERO_RETURN: + /* ssl connection shutdown */ + goto bad; + case SSL_ERROR_WANT_READ: + /* ssl wants to read, read event always active */ + sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO, + "SSL_write returns SSL_ERROR_WANT_READ"); + /* Redirect read event to finish SSL_write() */ + closure->write_instead_of_read = true; + debug_return; + case SSL_ERROR_WANT_WRITE: + /* ssl wants to write more, write event remains active */ + sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO, + "SSL_write returns SSL_ERROR_WANT_WRITE"); + debug_return; + case SSL_ERROR_SYSCALL: + sudo_warn("recv"); + goto bad; + default: + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx("send: %s", errstr); + goto bad; + } + } + } else +#endif + { + nwritten = send(fd, buf->data + buf->off, buf->len - buf->off, 0); + } + if (nwritten == -1) { + sudo_warn("send"); + goto bad; + } + buf->off += nwritten; + + if (buf->off == buf->len) { + /* sent entire message */ + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: finished sending %u bytes to server", __func__, buf->len); + buf->off = 0; + buf->len = 0; + if (!client_message_completion(closure)) + goto bad; + } + debug_return; + +bad: + sudo_ev_del(closure->evbase, closure->read_ev); + sudo_ev_del(closure->evbase, closure->write_ev); + debug_return; +} + +/* + * Parse a timespec on the command line of the form + * seconds[,nanoseconds] + */ +static bool +parse_timespec(struct timespec *ts, char *strval) +{ + const char *errstr; + char *nsecstr; + debug_decl(parse_timespec, SUDO_DEBUG_UTIL); + + if ((nsecstr = strchr(strval, ',')) != NULL) + *nsecstr++ = '\0'; + + ts->tv_nsec = 0; + ts->tv_sec = sudo_strtonum(strval, 0, TIME_T_MAX, &errstr); + if (errstr != NULL) { + sudo_warnx(U_("%s: %s"), strval, U_(errstr)); + debug_return_bool(false); + } + + if (nsecstr != NULL) { + ts->tv_nsec = sudo_strtonum(nsecstr, 0, LONG_MAX, &errstr); + if (errstr != NULL) { + sudo_warnx(U_("%s: %s"), nsecstr, U_(errstr)); + debug_return_bool(false); + } + } + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: parsed timespec [%lld, %ld]", + __func__, (long long)ts->tv_sec, ts->tv_nsec); + debug_return_bool(true); +} + +#if defined(HAVE_OPENSSL) +/* + * Check that the server's certificate is valid that it contains the + * server name or IP address. + * Returns 0 if the cert is invalid, else 1. + */ +static int +verify_peer_identity(int preverify_ok, X509_STORE_CTX *ctx) +{ + X509 *current_cert; + X509 *peer_cert; + debug_decl(verify_peer_identity, SUDO_DEBUG_UTIL); + + /* if pre-verification of the cert failed, just propagate that result back */ + if (preverify_ok != 1) { + debug_return_int(0); + } + + /* since this callback is called for each cert in the chain, + * check that current cert is the peer's certificate + */ + current_cert = X509_STORE_CTX_get_current_cert(ctx); + peer_cert = X509_STORE_CTX_get0_cert(ctx); + if (current_cert != peer_cert) { + debug_return_int(1); + } + + if (validate_hostname(peer_cert, server_name, server_ip, 0) == MatchFound) { + debug_return_int(1); + } + + debug_return_int(0); +} + +static SSL_CTX * +init_tls_client_context(const char *ca_bundle_file, const char *cert_file, const char *key_file) +{ + const SSL_METHOD *method; + SSL_CTX *ctx = NULL; + debug_decl(init_tls_client_context, SUDO_DEBUG_UTIL); + + SSL_library_init(); + OpenSSL_add_all_algorithms(); + SSL_load_error_strings(); + + if ((method = TLS_client_method()) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "creation of SSL_METHOD failed: %s", + ERR_error_string(ERR_get_error(), NULL)); + goto bad; + } + if ((ctx = SSL_CTX_new(method)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "creation of new SSL_CTX object failed: %s", + ERR_error_string(ERR_get_error(), NULL)); + goto bad; + } +#ifdef HAVE_SSL_CTX_SET_MIN_PROTO_VERSION + if (!SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to restrict min. protocol version: %s", + ERR_error_string(ERR_get_error(), NULL)); + goto bad; + } +#else + SSL_CTX_set_options(ctx, + SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1); +#endif + + if (cert_file) { + if (!SSL_CTX_use_certificate_chain_file(ctx, cert_file)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to load cert to the ssl context: %s", + ERR_error_string(ERR_get_error(), NULL)); + goto bad; + } + if (!SSL_CTX_use_PrivateKey_file(ctx, key_file, X509_FILETYPE_PEM)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to load key to the ssl context: %s", + ERR_error_string(ERR_get_error(), NULL)); + goto bad; + } + } + + if (ca_bundle_file != NULL) { + /* sets the location of the CA bundle file for verification purposes */ + if (SSL_CTX_load_verify_locations(ctx, ca_bundle_file, NULL) <= 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "calling SSL_CTX_load_verify_locations() failed: %s", + ERR_error_string(ERR_get_error(), NULL)); + goto bad; + } + } + + if (verify_server) { + /* verify server cert during the handshake */ + SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_peer_identity); + } + + goto done; + +bad: + SSL_CTX_free(ctx); + +done: + debug_return_ptr(ctx); +} + +static void +tls_connect_cb(int sock, int what, void *v) +{ + struct client_closure *closure = v; + struct sudo_event_base *evbase = closure->evbase; + struct timespec timeo = { TLS_HANDSHAKE_TIMEO_SEC, 0 }; + const char *errstr; + int con_stat; + debug_decl(tls_connect_cb, SUDO_DEBUG_UTIL); + + if (what == SUDO_EV_TIMEOUT) { + sudo_warnx(U_("TLS handshake timeout occurred")); + goto bad; + } + + con_stat = SSL_connect(closure->ssl); + + if (con_stat == 1) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "SSL_connect successful"); + closure->tls_connect_state = true; + } else { + switch (SSL_get_error(closure->ssl, con_stat)) { + /* TLS handshake is not finished, reschedule event */ + case SSL_ERROR_WANT_READ: + sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO, + "SSL_connect returns SSL_ERROR_WANT_READ"); + if (what != SUDO_EV_READ) { + if (sudo_ev_set(closure->tls_connect_ev, closure->sock, + SUDO_EV_READ, tls_connect_cb, closure) == -1) { + sudo_warnx(U_("unable to set event")); + goto bad; + } + } + if (sudo_ev_add(evbase, closure->tls_connect_ev, &timeo, false) == -1) { + sudo_warnx(U_("unable to add event to queue")); + goto bad; + } + break; + case SSL_ERROR_WANT_WRITE: + sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO, + "SSL_connect returns SSL_ERROR_WANT_WRITE"); + if (what != SUDO_EV_WRITE) { + if (sudo_ev_set(closure->tls_connect_ev, closure->sock, + SUDO_EV_WRITE, tls_connect_cb, closure) == -1) { + sudo_warnx(U_("unable to set event")); + goto bad; + } + } + if (sudo_ev_add(evbase, closure->tls_connect_ev, &timeo, false) == -1) { + sudo_warnx(U_("unable to add event to queue")); + goto bad; + } + break; + case SSL_ERROR_SYSCALL: + sudo_warnx(U_("TLS connection failed: %s"), strerror(errno)); + goto bad; + default: + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("TLS connection failed: %s"), errstr); + goto bad; + } + } + + if (closure->tls_connect_state) { + if (!testrun) { + printf("Negotiated protocol version: %s\n", SSL_get_version(closure->ssl)); + printf("Negotiated ciphersuite: %s\n", SSL_get_cipher(closure->ssl)); + } + + /* Done with TLS connect, send ClientHello */ + sudo_ev_free(closure->tls_connect_ev); + closure->tls_connect_ev = NULL; + if (!fmt_client_hello(closure)) + goto bad; + } + + debug_return; + +bad: + sudo_ev_loopbreak(evbase); + debug_return; +} + +static bool +tls_setup(struct client_closure *closure) +{ + const char *errstr; + debug_decl(tls_setup, SUDO_DEBUG_UTIL); + + if ((ssl_ctx = init_tls_client_context(ca_bundle, cert, key)) == NULL) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("Unable to initialize ssl context: %s"), errstr); + goto bad; + } + if ((closure->ssl = SSL_new(ssl_ctx)) == NULL) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("Unable to allocate ssl object: %s"), errstr); + goto bad; + } + if (SSL_set_fd(closure->ssl, closure->sock) <= 0) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("Unable to attach socket to the ssl object: %s"), + errstr); + goto bad; + } + + if (sudo_ev_add(closure->evbase, closure->tls_connect_ev, NULL, false) == -1) { + sudo_warnx(U_("unable to add event to queue")); + goto bad; + } + + debug_return_bool(true); + +bad: + debug_return_bool(false); +} +#endif /* HAVE_OPENSSL */ + +/* + * Free client closure contents. + */ +static void +client_closure_free(struct client_closure *closure) +{ + debug_decl(connection_closure_free, SUDO_DEBUG_UTIL); + + if (closure != NULL) { + TAILQ_REMOVE(&connections, closure, entries); +#if defined(HAVE_OPENSSL) + if (closure->ssl != NULL) { + SSL_shutdown(closure->ssl); + SSL_free(closure->ssl); + } + sudo_ev_free(closure->tls_connect_ev); +#endif + sudo_ev_free(closure->read_ev); + sudo_ev_free(closure->write_ev); + free(closure->read_buf.data); + free(closure->write_buf.data); + free(closure->buf); + close(closure->sock); + free(closure); + } + + debug_return; +} + +/* + * Initialize a new client closure + */ +static struct client_closure * +client_closure_alloc(int sock, struct sudo_event_base *base, + struct timespec *elapsed, struct timespec *restart, const char *iolog_id, + struct iolog_info *log_info) +{ + struct client_closure *closure; + debug_decl(client_closure_alloc, SUDO_DEBUG_UTIL); + + if ((closure = calloc(1, sizeof(*closure))) == NULL) + debug_return_ptr(NULL); + + closure->sock = sock; + closure->evbase = base; + + TAILQ_INSERT_TAIL(&connections, closure, entries); + + closure->state = RECV_HELLO; + closure->log_info = log_info; + + closure->elapsed.tv_sec = elapsed->tv_sec; + closure->elapsed.tv_nsec = elapsed->tv_nsec; + closure->restart.tv_sec = restart->tv_sec; + closure->restart.tv_nsec = restart->tv_nsec; + + closure->iolog_id = iolog_id; + + closure->read_buf.size = 8 * 1024; + closure->read_buf.data = malloc(closure->read_buf.size); + if (closure->read_buf.data == NULL) + goto bad; + + closure->read_ev = sudo_ev_alloc(sock, SUDO_EV_READ|SUDO_EV_PERSIST, + server_msg_cb, closure); + if (closure->read_ev == NULL) + goto bad; + + closure->write_ev = sudo_ev_alloc(sock, SUDO_EV_WRITE|SUDO_EV_PERSIST, + client_msg_cb, closure); + if (closure->write_ev == NULL) + goto bad; + +#if defined(HAVE_OPENSSL) + if (cert != NULL) { + closure->tls_connect_ev = sudo_ev_alloc(sock, SUDO_EV_WRITE, + tls_connect_cb, closure); + if (closure->tls_connect_ev == NULL) + goto bad; + } +#endif + + debug_return_ptr(closure); +bad: + client_closure_free(closure); + debug_return_ptr(NULL); +} + +#if defined(HAVE_OPENSSL) +static const char short_opts[] = "h:i:np:r:t:b:c:k:V"; +#else +static const char short_opts[] = "h:i:p:r:t:V"; +#endif +static struct option long_opts[] = { + { "help", no_argument, NULL, 1 }, + { "host", required_argument, NULL, 'h' }, + { "iolog-id", required_argument, NULL, 'i' }, + { "port", required_argument, NULL, 'p' }, + { "restart", required_argument, NULL, 'r' }, + { "test", optional_argument, NULL, 't' }, +#if defined(HAVE_OPENSSL) + { "ca-bundle", required_argument, NULL, 'b' }, + { "cert", required_argument, NULL, 'c' }, + { "key", required_argument, NULL, 'k' }, + { "no-verify", no_argument, NULL, 'n' }, +#endif + { "version", no_argument, NULL, 'V' }, + { NULL, no_argument, NULL, 0 }, +}; + +__dso_public int main(int argc, char *argv[]); + +int +main(int argc, char *argv[]) +{ + struct client_closure *closure = NULL; + struct sudo_event_base *evbase; + struct iolog_info *log_info; + const char *port = NULL; + struct timespec restart = { 0, 0 }; + struct timespec elapsed = { 0, 0 }; + const char *iolog_id = NULL; + const char *open_mode = "r"; + const char *errstr; + int ch, sock, iolog_dir_fd, finished; + debug_decl_vars(main, SUDO_DEBUG_MAIN); + +#if defined(SUDO_DEVEL) && defined(__OpenBSD__) + { + extern char *malloc_options; + malloc_options = "S"; + } +#endif + + signal(SIGPIPE, SIG_IGN); + + initprogname(argc > 0 ? argv[0] : "sudo_sendlog"); + setlocale(LC_ALL, ""); + bindtextdomain("sudo", LOCALEDIR); /* XXX - add logsrvd domain */ + textdomain("sudo"); + + /* Read sudo.conf and initialize the debug subsystem. */ + if (sudo_conf_read(NULL, SUDO_CONF_DEBUG) == -1) + exit(EXIT_FAILURE); + sudo_debug_register(getprogname(), NULL, NULL, + sudo_conf_debug_files(getprogname())); + + if (protobuf_c_version_number() < 1003000) + sudo_fatalx("%s", U_("Protobuf-C version 1.3 or higher required")); + + while ((ch = getopt_long(argc, argv, short_opts, long_opts, NULL)) != -1) { + switch (ch) { + case 'h': + server_name = optarg; + break; + case 'i': + iolog_id = optarg; + break; + case 'p': + port = optarg; + break; + case 'r': + if (!parse_timespec(&restart, optarg)) + goto bad; + open_mode = "r+"; + break; + case 't': + nr_of_conns = sudo_strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr != NULL) { + sudo_warnx(U_("%s: %s"), optarg, U_(errstr)); + goto bad; + } + testrun = true; + break; + case 1: + help(); + break; +#if defined(HAVE_OPENSSL) + case 'b': + ca_bundle = optarg; + break; + case 'c': + cert = optarg; + break; + case 'k': + key = optarg; + break; + case 'n': + verify_server = false; + break; +#endif + case 'V': + (void)printf(_("%s version %s\n"), getprogname(), + PACKAGE_VERSION); + return 0; + default: + usage(true); + } + } + argc -= optind; + argv += optind; + +#if defined(HAVE_OPENSSL) + /* if no key file is given explicitly, try to load the key from the cert */ + if (cert != NULL) { + if (key == NULL) + key = cert; + if (port == NULL) + port = DEFAULT_PORT_TLS; + } +#endif + if (port == NULL) + port = DEFAULT_PORT; + + if (sudo_timespecisset(&restart) != (iolog_id != NULL)) { + sudo_warnx("%s", U_("both restart point and iolog ID must be specified")); + usage(true); + } + + /* Remaining arg should be to I/O log dir to send. */ + if (argc != 1) + usage(true); + iolog_dir = argv[0]; + if ((iolog_dir_fd = open(iolog_dir, O_RDONLY)) == -1) { + sudo_warn("%s", iolog_dir); + goto bad; + } + + /* Parse I/O log info file. */ + if ((log_info = iolog_parse_loginfo(iolog_dir_fd, iolog_dir)) == NULL) + goto bad; + + if ((evbase = sudo_ev_base_alloc()) == NULL) + sudo_fatal(NULL); + + if (testrun) + printf("connecting clients...\n"); + + for (int i = 0; i < nr_of_conns; i++) { + sock = connect_server(server_name, port); + if (sock == -1) + goto bad; + + if (!testrun) + printf("Connected to %s:%s\n", server_name, port); + + closure = client_closure_alloc(sock, evbase, &elapsed, &restart, + iolog_id, log_info); + if (closure == NULL) + goto bad; + + /* Open the I/O log files and seek to restart point if there is one. */ + if (!iolog_open_all(iolog_dir_fd, iolog_dir, closure->iolog_files, open_mode)) + goto bad; + if (sudo_timespecisset(&closure->restart)) { + if (!iolog_seekto(iolog_dir_fd, iolog_dir, closure->iolog_files, + &closure->elapsed, &closure->restart)) + goto bad; + } + +#if defined(HAVE_OPENSSL) + if (cert != NULL) { + if (!tls_setup(closure)) + goto bad; + } else +#endif + { + /* No TLS, send ClientHello */ + if (!fmt_client_hello(closure)) + goto bad; + } + } + + if (testrun) + printf("sending logs...\n"); + + struct timespec t_start, t_end, t_result; + sudo_gettime_real(&t_start); + + sudo_ev_dispatch(evbase); + sudo_ev_base_free(evbase); + + sudo_gettime_real(&t_end); + sudo_timespecsub(&t_end, &t_start, &t_result); + + finished = 0; + while ((closure = TAILQ_FIRST(&connections)) != NULL) { + if (closure->state == FINISHED) { + finished++; + } else { + sudo_warnx(U_("exited prematurely with state %d"), closure->state); + sudo_warnx(U_("elapsed time sent to server [%lld, %ld]"), + (long long)closure->elapsed.tv_sec, closure->elapsed.tv_nsec); + sudo_warnx(U_("commit point received from server [%lld, %ld]"), + (long long)closure->committed.tv_sec, closure->committed.tv_nsec); + } + client_closure_free(closure); + } + iolog_free_loginfo(log_info); +#if defined(HAVE_OPENSSL) + SSL_CTX_free(ssl_ctx); +#endif + + if (finished != 0) { + printf("%d I/O log%s transmitted successfully in %lld.%.9ld seconds\n", + finished, nr_of_conns > 1 ? "s" : "", + (long long)t_result.tv_sec, t_result.tv_nsec); + debug_return_int(EXIT_SUCCESS); + } + +bad: + debug_return_int(EXIT_FAILURE); +} diff -Nru sudo-1.8.31/logsrvd/sendlog.h sudo-1.9.0/logsrvd/sendlog.h --- sudo-1.8.31/logsrvd/sendlog.h 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/logsrvd/sendlog.h 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,73 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019-2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef SUDO_SENDLOG_H +#define SUDO_SENDLOG_H + +#if PROTOBUF_C_VERSION_NUMBER < 1003000 +# error protobuf-c version 1.30 or higher required +#endif + +#include "config.h" + +#if defined(HAVE_OPENSSL) +# include +#endif + +#include "logsrv_util.h" + +enum client_state { + ERROR, + RECV_HELLO, + SEND_RESTART, + SEND_ACCEPT, + SEND_IO, + SEND_EXIT, + CLOSING, + FINISHED +}; + +struct client_closure { + TAILQ_ENTRY(client_closure) entries; + int sock; + bool read_instead_of_write; + bool write_instead_of_read; + bool temporary_write_event; + struct timespec restart; + struct timespec elapsed; + struct timespec committed; + struct timing_closure timing; + struct sudo_event_base *evbase; + struct connection_buffer read_buf; + struct connection_buffer write_buf; +#if defined(HAVE_OPENSSL) + SSL *ssl; + struct sudo_event *tls_connect_ev; + bool tls_connect_state; +#endif + struct sudo_event *read_ev; + struct sudo_event *write_ev; + struct iolog_info *log_info; + struct iolog_file iolog_files[IOFD_MAX]; + const char *iolog_id; + char *buf; /* XXX */ + size_t bufsize; /* XXX */ + enum client_state state; +}; + +#endif /* SUDO_SENDLOG_H */ diff -Nru sudo-1.8.31/m4/sudo.m4 sudo-1.9.0/m4/sudo.m4 --- sudo-1.8.31/m4/sudo.m4 2019-10-28 12:27:45.000000000 +0000 +++ sudo-1.9.0/m4/sudo.m4 2020-05-11 16:28:23.000000000 +0000 @@ -79,21 +79,19 @@ dnl Where the log file goes, use /var/log if it exists, else /{var,usr}/adm dnl AC_DEFUN([SUDO_LOGFILE], [AC_MSG_CHECKING(for log file location) -if test -n "$with_logpath"; then - AC_MSG_RESULT($with_logpath) - SUDO_DEFINE_UNQUOTED(_PATH_SUDO_LOGFILE, "$with_logpath") -elif test -d "/var/log"; then - AC_MSG_RESULT(/var/log/sudo.log) - SUDO_DEFINE(_PATH_SUDO_LOGFILE, "/var/log/sudo.log") -elif test -d "/var/adm"; then - AC_MSG_RESULT(/var/adm/sudo.log) - SUDO_DEFINE(_PATH_SUDO_LOGFILE, "/var/adm/sudo.log") -elif test -d "/usr/adm"; then - AC_MSG_RESULT(/usr/adm/sudo.log) - SUDO_DEFINE(_PATH_SUDO_LOGFILE, "/usr/adm/sudo.log") -else - AC_MSG_RESULT(unknown, you will have to set _PATH_SUDO_LOGFILE by hand) -fi + if test "${with_logpath-yes}" != "yes"; then + logpath="$with_logpath" + else + # Default value of logpath set in configure.ac + for d in /var/log /var/adm /usr/adm; do + if test -d "$d"; then + logpath="$d/sudo.log" + break + fi + done + fi + AC_MSG_RESULT($logpath) + SUDO_DEFINE_UNQUOTED(_PATH_SUDO_LOGFILE, "$logpath") ])dnl dnl @@ -131,6 +129,7 @@ fi AC_MSG_RESULT([$rundir]) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_TIMEDIR, "$rundir/ts") +SUDO_DEFINE_UNQUOTED(_PATH_SUDO_LOGSRVD_PID, "$rundir/sudo_logsrvd.pid") ])dnl dnl @@ -158,12 +157,14 @@ AC_MSG_CHECKING(for I/O log dir location) if test "${with_iologdir-yes}" != "yes"; then iolog_dir="$with_iologdir" - elif test -d "/var/log"; then - iolog_dir="/var/log/sudo-io" - elif test -d "/var/adm"; then - iolog_dir="/var/adm/sudo-io" else - iolog_dir="/usr/adm/sudo-io" + # Default value of iolog_dir set in configure.ac + for d in /var/log /var/adm /usr/adm; do + if test -d "$d"; then + iolog_dir="$d/sudo-io" + break + fi + done fi if test "${with_iologdir}" != "no"; then SUDO_DEFINE_UNQUOTED(_PATH_SUDO_IO_LOGDIR, "$iolog_dir") @@ -172,6 +173,28 @@ ])dnl dnl +dnl Where the log files go, use /var/log if it exists, else /{var,usr}/adm +dnl +AC_DEFUN([SUDO_LOGDIR], [ + AC_MSG_CHECKING(for log dir location) + if test "${with_logdir-yes}" != "yes"; then + log_dir="$with_logdir" + else + # Default value of log_dir set in configure.ac + for d in /var/log /var/adm /usr/adm; do + if test -d "$d"; then + log_dir="$d" + break + fi + done + fi + if test "${with_logdir}" != "no"; then + SUDO_DEFINE_UNQUOTED(_PATH_SUDO_LOGDIR, "$log_dir") + fi + AC_MSG_RESULT($log_dir) +])dnl + +dnl dnl check for working fnmatch(3) dnl AC_DEFUN([SUDO_FUNC_FNMATCH], diff -Nru sudo-1.8.31/Makefile.in sudo-1.9.0/Makefile.in --- sudo-1.8.31/Makefile.in 2019-10-28 13:51:30.000000000 +0000 +++ sudo-1.9.0/Makefile.in 2020-05-11 16:28:22.000000000 +0000 @@ -1,7 +1,7 @@ # # SPDX-License-Identifier: ISC # -# Copyright (c) 2010-2015, 2017-2018 Todd C. Miller +# Copyright (c) 2010-2015, 2017-2020 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -17,9 +17,13 @@ # srcdir = @srcdir@ -devdir = @devdir@ -top_builddir = @top_builddir@ +abs_srcdir = @abs_srcdir@ top_srcdir = @top_srcdir@ +abs_top_srcdir = @abs_top_srcdir@ +top_builddir = @top_builddir@ +abs_top_builddir = @abs_top_builddir@ +devdir = @devdir@ +scriptdir = $(top_srcdir)/scripts # Installation paths for package building prefix = @prefix@ @@ -49,8 +53,13 @@ sudoers_mode = @SUDOERS_MODE@ shlib_mode = @SHLIB_MODE@ -SUBDIRS = lib/util @ZLIB_SRC@ plugins/group_file plugins/sudoers \ - plugins/system_group src include doc examples +# Version of python detected by configure (major.minor) +python_version = @PYTHON_VERSION@ + +SUBDIRS = lib/util @ZLIB_SRC@ lib/iolog @LOGSRV@ @LOGSRVD@ \ + plugins/audit_json plugins/group_file plugins/sample_approval \ + plugins/sudoers plugins/system_group @PYTHON_PLUGIN_SRC@ src \ + include doc examples SAMPLES = plugins/sample @@ -107,6 +116,18 @@ exit $$?; \ done +uncrustify.files: Makefile + grep '\.[ch]$$' $(top_srcdir)/MANIFEST | egrep -v '(/zlib/|/(arc4random|arc4random_uniform|chacha_private|charclass|fnmatch|getaddrinfo|getcwd|getdate|getentropy|getopt|getopt_long|glob|gram|inet_ntop|inet_pton|log_server.pb-c|mktemp|pw_dup|reallocarray|mktemp_test|protobuf-c|snprintf|stdbool|strlcat|strlcpy|sudo_queue|toke)\.[ch]$$)' > uncrustify.files + +reformat: uncrustify.files + ( cd $(top_srcdir) && uncrustify -c etc/uncrustify.cfg --replace --no-backup -F $(top_builddir)/uncrustify.files ) + +check-format: uncrustify.files + ( cd $(top_srcdir) && uncrustify -c etc/uncrustify.cfg --check -F $(top_builddir)/uncrustify.files ) + +spell: + ( cd $(top_srcdir) && codespell -I etc/codespell.ignore -x etc/codespell.exclude `egrep -v -f etc/codespell.skip MANIFEST` ) + cppcheck: config.status rval=0; \ for d in $(SUBDIRS); do \ @@ -187,30 +208,37 @@ cd lib/util && exec $(MAKE) $@ depend: siglist.c signame.c - $(top_srcdir)/mkdep.pl --builddir=`pwd` --srcdir=$(top_srcdir) \ + $(scriptdir)/mkdep.pl \ + --srcdir=$(abs_top_srcdir) --builddir=$(abs_top_builddir) \ lib/util/Makefile.in lib/zlib/Makefile.in \ + lib/iolog/Makefile.in lib/logsrv/Makefile.in logsrvd/Makefile.in \ plugins/group_file/Makefile.in plugins/sample/Makefile.in \ plugins/sudoers/Makefile.in plugins/system_group/Makefile.in \ + plugins/python/Makefile.in \ src/Makefile.in && \ $(top_builddir)/config.status --file $(top_builddir)/lib/util/Makefile \ + --file $(top_builddir)/lib/zlib/Makefile \ + --file $(top_builddir)/lib/iolog/Makefile \ + --file $(top_builddir)/lib/logsrv/Makefile \ + --file $(top_builddir)/logsrvd/Makefile \ --file $(top_builddir)/plugins/sample/Makefile \ --file $(top_builddir)/plugins/group_file/Makefile \ --file $(top_builddir)/plugins/sudoers/Makefile \ --file $(top_builddir)/plugins/system_group/Makefile \ - --file $(top_builddir)/src/Makefile \ - --file $(top_builddir)/lib/zlib/Makefile + --file $(top_builddir)/plugins/python/Makefile \ + --file $(top_builddir)/src/Makefile ChangeLog: - if test -d $(srcdir)/.hg && cd $(srcdir); then \ - if hg log --style=changelog -r "sort(branch(.) or follow(), -date)" > $@.tmp; then \ - mv -f $@.tmp $@; \ + if test -d $(srcdir)/.hg; then \ + if hg log -R $(srcdir) --style=changelog -r "sort(branch(.) or follow(), -date)" > $@.tmp; then \ + mv -f $@.tmp $(srcdir)/$@; \ else \ rm -f $@.tmp; \ fi; \ - elif test -d $(srcdir)/.git && cd $(srcdir); then \ - $(top_srcdir)/log2cl.pl -b master > $@; \ + elif test -d $(srcdir)/.git; then \ + $(scriptdir)/log2cl.pl -R $(srcdir)/.git > $(srcdir)/$@; \ else \ - echo "ChangeLog data not available" > $@; \ + echo "ChangeLog data not available" > $(srcdir)/$@; \ fi config.status: @@ -238,16 +266,16 @@ echo "Updating $$pot"; \ domain=`basename $$pot .pot`; \ case "$$domain" in \ - sudo) tmpfiles=; cfiles="src/*c lib/*/*c";; \ + sudo) tmpfiles=; cfiles="src/*.c lib/util/*.c";; \ sudoers) \ echo "gettext \"syntax error\"" > confstr.sh; \ - $(SED) -n 's/^.*--with-passprompt=\(.*\)$$/gettext \"\1\"/p' mkpkg | sort -u >> confstr.sh; \ + $(SED) -n 's/^.*--with-passprompt=\(.*\)$$/gettext \"\1\"/p' $(scriptdir)/mkpkg | sort -u >> confstr.sh; \ $(SED) -n -e 's/^badpass_message="/gettext "/p' \ -e 's/^passprompt="/gettext "/p' \ -e 's/^mailsub="/gettext "/p' configure.ac \ >> confstr.sh; \ tmpfiles=confstr.sh; \ - cfiles="plugins/sudoers/*.c plugins/sudoers/auth/*.c";; \ + cfiles="lib/iolog/*.c logsrvd/*.c plugins/sudoers/*.c plugins/sudoers/auth/*.c";; \ *) echo unknown domain $$domain; continue;; \ esac; \ $(XGETTEXT) $(XGETTEXT_OPTS) -d$$domain $$cfiles $$tmpfiles -o $$pot.tmp; \ @@ -313,7 +341,7 @@ for lang in $$SUDO_LINGUAS; do \ test -s $$podir/$$lang.mo || continue; \ echo $(ECHO_N) " $$lang$(ECHO_C)"; \ - $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES; \ + $(SHELL) $(scriptdir)/mkinstalldirs $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES; \ if test -n "$(LOCALEDIR_SUFFIX)"; then \ if test ! -d $(DESTDIR)$(localedir)/$$lang$(LOCALEDIR_SUFFIX); then \ ln -s $$lang $(DESTDIR)$(localedir)/$$lang$(LOCALEDIR_SUFFIX); \ @@ -325,7 +353,10 @@ done; \ fi -check-dist: update-pot compile-po +mkdefaults: + cd plugins/sudoers && exec $(MAKE) DEVEL=1 ./def_data.c ./def_data.h + +check-dist: update-pot compile-po mkdefaults @if test -d $(srcdir)/.hg && cd $(srcdir); then \ if test `hg stat -am | wc -l` -ne 0; then \ echo "Uncommitted changes" 1>&2; \ @@ -344,36 +375,37 @@ gzip -9f ../$(PACKAGE_TARNAME)-$(VERSION).tar && \ ls -l ../$(PACKAGE_TARNAME)-$(VERSION).tar.gz -package: $(srcdir)/sudo.pp - DESTDIR=`cd $(top_builddir) && pwd`/destdir; rm -rf $$DESTDIR; \ +package: @PPFILES@ + DESTDIR=$(abs_top_builddir)/destdir; rm -rf $$DESTDIR; \ $(MAKE) install INSTALL_OWNER= DESTDIR=$$DESTDIR && \ - $(SHELL) $(srcdir)/pp $(PPFLAGS) \ - --destdir=$$DESTDIR \ - $(srcdir)/sudo.pp \ - prefix=$(prefix) \ - bindir=$(bindir) \ - sbindir=$(sbindir) \ - libexecdir=$(libexecdir) \ - includedir=$(includedir) \ - vardir=$(vardir) \ - rundir=$(rundir) \ - mandir=$(mandir) \ - localedir=$(localedir) \ - docdir=$(docdir) \ - exampledir=$(exampledir) \ - sysconfdir=$(sysconfdir) \ - sudoersdir=$(sudoersdir) \ - sudoers_uid=$(sudoers_uid) \ - sudoers_gid=$(sudoers_gid) \ - sudoers_mode=$(sudoers_mode) \ - shlib_mode=$(shlib_mode) \ - version=$(VERSION) $(PPVARS) + for p in @PPFILES@; do \ + $(SHELL) $(scriptdir)/pp $(PPFLAGS) --destdir=$$DESTDIR $$p \ + prefix=$(prefix) \ + bindir=$(bindir) \ + sbindir=$(sbindir) \ + libexecdir=$(libexecdir) \ + includedir=$(includedir) \ + vardir=$(vardir) \ + rundir=$(rundir) \ + mandir=$(mandir) \ + localedir=$(localedir) \ + docdir=$(docdir) \ + exampledir=$(exampledir) \ + sysconfdir=$(sysconfdir) \ + sudoersdir=$(sudoersdir) \ + sudoers_uid=$(sudoers_uid) \ + sudoers_gid=$(sudoers_gid) \ + sudoers_mode=$(sudoers_mode) \ + shlib_mode=$(shlib_mode) \ + python_version=$(python_version) \ + version=$(VERSION) $(PPVARS); \ + done clean: config.status for d in $(SUBDIRS) $(SAMPLES); do \ (cd $$d && exec $(MAKE) $@); \ done - -rm -rf cov-int cov-int.tgz + -rm -rf cov-int cov-int.tgz uncrustify.files mostlyclean: clean @@ -381,8 +413,9 @@ for d in $(SUBDIRS) $(SAMPLES); do \ (cd $$d && exec $(MAKE) $@); \ done - -rm -rf autom4te.cache config.cache config.h config.log config.status \ - init.d/*.sh init.d/sudo.conf libtool Makefile pathnames.h stamp-* + -rm -rf autom4te.cache ChangeLog config.cache config.h config.log \ + config.status etc/init.d/*.sh etc/init.d/sudo.conf libtool \ + Makefile pathnames.h stamp-* cleandir: distclean @@ -401,4 +434,4 @@ echo "What? Make it yourself!"; \ fi -.PHONY: ChangeLog me a sandwhich +.PHONY: ChangeLog me a sandwhich check-format reformat diff -Nru sudo-1.8.31/MANIFEST sudo-1.9.0/MANIFEST --- sudo-1.8.31/MANIFEST 2020-01-28 16:49:16.000000000 +0000 +++ sudo-1.9.0/MANIFEST 2020-05-11 16:28:22.000000000 +0000 @@ -34,8 +34,18 @@ doc/sudo.man.in doc/sudo.man.in.sed doc/sudo.mdoc.in +doc/sudo_logsrv.proto.man.in +doc/sudo_logsrv.proto.mdoc.in +doc/sudo_logsrvd.conf.man.in +doc/sudo_logsrvd.conf.mdoc.in +doc/sudo_logsrvd.man.in +doc/sudo_logsrvd.mdoc.in doc/sudo_plugin.man.in doc/sudo_plugin.mdoc.in +doc/sudo_plugin_python.man.in +doc/sudo_plugin_python.mdoc.in +doc/sudo_sendlog.man.in +doc/sudo_sendlog.mdoc.in doc/sudoers.ldap.man.in doc/sudoers.ldap.mdoc.in doc/sudoers.man.in @@ -47,9 +57,19 @@ doc/sudoreplay.mdoc.in doc/visudo.man.in doc/visudo.mdoc.in +etc/codespell.exclude +etc/codespell.ignore +etc/codespell.skip +etc/init.d/aix.sh.in +etc/init.d/hpux.sh.in +etc/init.d/sudo.conf.in +etc/sudo-logsrvd.pp +etc/sudo-python.pp +etc/sudo.pp examples/Makefile.in examples/pam.conf -examples/sudo.conf +examples/sudo.conf.in +examples/sudo_logsrvd.conf examples/sudoers examples/syslog.conf include/Makefile.in @@ -62,6 +82,9 @@ include/compat/nss_dbdefs.h include/compat/sha2.h include/compat/stdbool.h +include/hostcheck.h +include/log_server.pb-c.h +include/protobuf-c/protobuf-c.h include/sudo_compat.h include/sudo_conf.h include/sudo_debug.h @@ -70,30 +93,54 @@ include/sudo_event.h include/sudo_fatal.h include/sudo_gettext.h +include/sudo_iolog.h +include/sudo_json.h include/sudo_lbuf.h include/sudo_plugin.h include/sudo_queue.h include/sudo_rand.h include/sudo_util.h -indent.pro -init.d/aix.sh.in -init.d/hpux.sh.in -init.d/sudo.conf.in install-sh +lib/iolog/Makefile.in +lib/iolog/host_port.c +lib/iolog/hostcheck.c +lib/iolog/iolog_fileio.c +lib/iolog/iolog_json.c +lib/iolog/iolog_json.h +lib/iolog/iolog_path.c +lib/iolog/iolog_util.c +lib/iolog/regress/host_port/host_port_test.c +lib/iolog/regress/iolog_json/check_iolog_json.c +lib/iolog/regress/iolog_json/test1.in +lib/iolog/regress/iolog_json/test2.in +lib/iolog/regress/iolog_json/test2.out.ok +lib/iolog/regress/iolog_json/test3.in +lib/iolog/regress/iolog_path/check_iolog_path.c +lib/iolog/regress/iolog_path/data +lib/iolog/regress/iolog_util/check_iolog_util.c +lib/logsrv/Makefile.in +lib/logsrv/log_server.pb-c.c +lib/logsrv/log_server.proto +lib/logsrv/protobuf-c.c lib/util/Makefile.in lib/util/aix.c lib/util/arc4random.c +lib/util/arc4random_buf.c lib/util/arc4random_uniform.c +lib/util/cfmakeraw.c lib/util/chacha_private.h lib/util/closefrom.c lib/util/digest.c lib/util/digest_gcrypt.c lib/util/digest_openssl.c +lib/util/dup3.c lib/util/event.c lib/util/event_poll.c lib/util/event_select.c lib/util/fatal.c +lib/util/fchmodat.c lib/util/fnmatch.c +lib/util/fstatat.c lib/util/getaddrinfo.c lib/util/getcwd.c lib/util/getdelim.c @@ -108,17 +155,22 @@ lib/util/inet_ntop.c lib/util/inet_pton.c lib/util/isblank.c +lib/util/json.c lib/util/key_val.c lib/util/lbuf.c lib/util/locking.c +lib/util/logfac.c +lib/util/logpri.c lib/util/memrchr.c lib/util/memset_s.c +lib/util/mkdir_parents.c lib/util/mksiglist.c lib/util/mksiglist.h lib/util/mksigname.c lib/util/mksigname.h lib/util/mktemp.c lib/util/nanosleep.c +lib/util/openat.c lib/util/parseln.c lib/util/pipe2.c lib/util/progname.c @@ -157,6 +209,9 @@ lib/util/regress/sudo_conf/test6.out.ok lib/util/regress/sudo_conf/test7.in lib/util/regress/sudo_conf/test7.out.ok +lib/util/regress/sudo_conf/test8.err.ok +lib/util/regress/sudo_conf/test8.in +lib/util/regress/sudo_conf/test8.out.ok lib/util/regress/sudo_parseln/parseln_test.c lib/util/regress/sudo_parseln/test1.in lib/util/regress/sudo_parseln/test1.out.ok @@ -172,6 +227,7 @@ lib/util/regress/sudo_parseln/test6.out.ok lib/util/regress/tailq/hltq_test.c lib/util/regress/vsyslog/vsyslog_test.c +lib/util/roundup.c lib/util/secure_path.c lib/util/setgroups.c lib/util/sha2.c @@ -195,8 +251,10 @@ lib/util/term.c lib/util/ttyname_dev.c lib/util/ttysize.c +lib/util/unlinkat.c lib/util/util.exp.in lib/util/utimens.c +lib/util/uuid.c lib/util/vsyslog.c lib/zlib/Makefile.in lib/zlib/adler32.c @@ -226,7 +284,16 @@ lib/zlib/zlib.h lib/zlib/zutil.c lib/zlib/zutil.h -log2cl.pl +logsrvd/Makefile.in +logsrvd/eventlog.c +logsrvd/iolog_writer.c +logsrvd/logsrv_util.c +logsrvd/logsrv_util.h +logsrvd/logsrvd.c +logsrvd/logsrvd.h +logsrvd/logsrvd_conf.c +logsrvd/sendlog.c +logsrvd/sendlog.h ltmain.sh m4/ax_append_flag.m4 m4/ax_check_compile_flag.m4 @@ -239,19 +306,130 @@ m4/ltversion.m4 m4/lt~obsolete.m4 m4/sudo.m4 -mkdep.pl -mkinstalldirs -mkpkg pathnames.h.in +plugins/audit_json/Makefile.in +plugins/audit_json/audit_json.c +plugins/audit_json/audit_json.exp plugins/group_file/Makefile.in plugins/group_file/getgrent.c plugins/group_file/group_file.c plugins/group_file/group_file.exp plugins/group_file/plugin_test.c +plugins/python/Makefile.in +plugins/python/example_approval_plugin.py +plugins/python/example_audit_plugin.py +plugins/python/example_conversation.py +plugins/python/example_debugging.py +plugins/python/example_group_plugin.py +plugins/python/example_io_plugin.py +plugins/python/example_policy_plugin.py +plugins/python/pyhelpers.c +plugins/python/pyhelpers.h +plugins/python/pyhelpers_cpychecker.h +plugins/python/python_baseplugin.c +plugins/python/python_convmessage.c +plugins/python/python_importblocker.c +plugins/python/python_loghandler.c +plugins/python/python_plugin_approval.c +plugins/python/python_plugin_approval_multi.inc +plugins/python/python_plugin_audit.c +plugins/python/python_plugin_audit_multi.inc +plugins/python/python_plugin_common.c +plugins/python/python_plugin_common.h +plugins/python/python_plugin_group.c +plugins/python/python_plugin_io.c +plugins/python/python_plugin_io_multi.inc +plugins/python/python_plugin_policy.c +plugins/python/regress/check_python_examples.c +plugins/python/regress/iohelpers.c +plugins/python/regress/iohelpers.h +plugins/python/regress/plugin_approval_test.py +plugins/python/regress/plugin_conflict.py +plugins/python/regress/plugin_errorstr.py +plugins/python/regress/testdata/check_example_audit_plugin_receives_accept.stdout +plugins/python/regress/testdata/check_example_audit_plugin_receives_error.stdout +plugins/python/regress/testdata/check_example_audit_plugin_receives_reject.stdout +plugins/python/regress/testdata/check_example_audit_plugin_version_display.stdout +plugins/python/regress/testdata/check_example_audit_plugin_workflow_multiple.stderr +plugins/python/regress/testdata/check_example_audit_plugin_workflow_multiple.stdout +plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_with_suspend.conversation +plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_with_suspend.stderr +plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_with_suspend.stdout +plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_with_suspend.stored +plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_without_suspend.conversation +plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_without_suspend.stderr +plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_without_suspend.stdout +plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_without_suspend.stored +plugins/python/regress/testdata/check_example_conversation_plugin_user_interrupts.conv +plugins/python/regress/testdata/check_example_conversation_plugin_user_interrupts.conversation +plugins/python/regress/testdata/check_example_conversation_plugin_user_interrupts.stderr +plugins/python/regress/testdata/check_example_conversation_plugin_user_interrupts.stdout +plugins/python/regress/testdata/check_example_debugging_c_calls@diag.log +plugins/python/regress/testdata/check_example_debugging_c_calls@info.log +plugins/python/regress/testdata/check_example_debugging_load@diag.log +plugins/python/regress/testdata/check_example_debugging_plugin@err.log +plugins/python/regress/testdata/check_example_debugging_plugin@info.log +plugins/python/regress/testdata/check_example_debugging_py_calls@diag.log +plugins/python/regress/testdata/check_example_debugging_py_calls@info.log +plugins/python/regress/testdata/check_example_debugging_sudo_cb@info.log +plugins/python/regress/testdata/check_example_group_plugin_is_able_to_debug.log +plugins/python/regress/testdata/check_example_io_plugin_command_log.stderr +plugins/python/regress/testdata/check_example_io_plugin_command_log.stdout +plugins/python/regress/testdata/check_example_io_plugin_command_log.stored +plugins/python/regress/testdata/check_example_io_plugin_command_log_multiple.stderr +plugins/python/regress/testdata/check_example_io_plugin_command_log_multiple.stdout +plugins/python/regress/testdata/check_example_io_plugin_command_log_multiple1.stored +plugins/python/regress/testdata/check_example_io_plugin_command_log_multiple2.stored +plugins/python/regress/testdata/check_example_io_plugin_failed_to_start_command.stderr +plugins/python/regress/testdata/check_example_io_plugin_failed_to_start_command.stdout +plugins/python/regress/testdata/check_example_io_plugin_failed_to_start_command.stored +plugins/python/regress/testdata/check_example_io_plugin_fails_with_python_backtrace.stderr +plugins/python/regress/testdata/check_example_io_plugin_fails_with_python_backtrace.stdout +plugins/python/regress/testdata/check_example_io_plugin_version_display.stderr +plugins/python/regress/testdata/check_example_io_plugin_version_display.stdout +plugins/python/regress/testdata/check_example_io_plugin_version_display.stored +plugins/python/regress/testdata/check_example_io_plugin_version_display_full.stdout +plugins/python/regress/testdata/check_example_policy_plugin_accepted_execution.stderr +plugins/python/regress/testdata/check_example_policy_plugin_accepted_execution.stdout +plugins/python/regress/testdata/check_example_policy_plugin_denied_execution.stderr +plugins/python/regress/testdata/check_example_policy_plugin_denied_execution.stdout +plugins/python/regress/testdata/check_example_policy_plugin_failed_execution.stderr +plugins/python/regress/testdata/check_example_policy_plugin_failed_execution.stdout +plugins/python/regress/testdata/check_example_policy_plugin_list.stderr +plugins/python/regress/testdata/check_example_policy_plugin_list.stdout +plugins/python/regress/testdata/check_example_policy_plugin_validate_invalidate.log +plugins/python/regress/testdata/check_example_policy_plugin_version_display.stderr +plugins/python/regress/testdata/check_example_policy_plugin_version_display.stdout +plugins/python/regress/testdata/check_example_policy_plugin_version_display_full.stdout +plugins/python/regress/testdata/check_loading_fails_missing_classname.stderr +plugins/python/regress/testdata/check_loading_fails_missing_classname.stdout +plugins/python/regress/testdata/check_loading_fails_missing_path.stderr +plugins/python/regress/testdata/check_loading_fails_missing_path.stdout +plugins/python/regress/testdata/check_loading_fails_not_owned_by_root.stderr +plugins/python/regress/testdata/check_loading_fails_not_owned_by_root.stdout +plugins/python/regress/testdata/check_loading_fails_wrong_classname.stderr +plugins/python/regress/testdata/check_loading_fails_wrong_classname.stdout +plugins/python/regress/testdata/check_loading_fails_wrong_path.stderr +plugins/python/regress/testdata/check_loading_fails_wrong_path.stdout +plugins/python/regress/testdata/check_loading_succeeds_with_missing_classname.stdout +plugins/python/regress/testdata/check_multiple_approval_plugin_and_arguments.stderr +plugins/python/regress/testdata/check_multiple_approval_plugin_and_arguments.stdout +plugins/python/regress/testdata/check_python_plugins_do_not_affect_each_other.stdout +plugins/python/regress/testdata/sudo.conf.developer_mode +plugins/python/regress/testdata/sudo.conf.normal_mode +plugins/python/regress/testhelpers.c +plugins/python/regress/testhelpers.h +plugins/python/sudo_python_debug.c +plugins/python/sudo_python_debug.h +plugins/python/sudo_python_module.c +plugins/python/sudo_python_module.h plugins/sample/Makefile.in plugins/sample/README plugins/sample/sample_plugin.c plugins/sample/sample_plugin.exp +plugins/sample_approval/Makefile.in +plugins/sample_approval/sample_approval.c +plugins/sample_approval/sample_approval.exp plugins/sudoers/Makefile.in plugins/sudoers/alias.c plugins/sudoers/audit.c @@ -315,10 +493,9 @@ plugins/sudoers/interfaces.c plugins/sudoers/interfaces.h plugins/sudoers/iolog.c -plugins/sudoers/iolog.h -plugins/sudoers/iolog_files.h -plugins/sudoers/iolog_path.c -plugins/sudoers/iolog_util.c +plugins/sudoers/iolog_client.c +plugins/sudoers/iolog_path_escapes.c +plugins/sudoers/iolog_plugin.h plugins/sudoers/ldap.c plugins/sudoers/ldap_conf.c plugins/sudoers/ldap_util.c @@ -333,7 +510,6 @@ plugins/sudoers/match_command.c plugins/sudoers/match_digest.c plugins/sudoers/mkdefaults -plugins/sudoers/mkdir_parents.c plugins/sudoers/parse.c plugins/sudoers/parse.h plugins/sudoers/parse_ldif.c @@ -487,10 +663,7 @@ plugins/sudoers/regress/cvtsudoers/test9.sh plugins/sudoers/regress/env_match/check_env_pattern.c plugins/sudoers/regress/env_match/data -plugins/sudoers/regress/iolog_path/check_iolog_path.c -plugins/sudoers/regress/iolog_path/data plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c -plugins/sudoers/regress/iolog_util/check_iolog_util.c plugins/sudoers/regress/logging/check_wrap.c plugins/sudoers/regress/logging/check_wrap.in plugins/sudoers/regress/logging/check_wrap.out.ok @@ -589,6 +762,13 @@ plugins/sudoers/regress/sudoers/test22.out.ok plugins/sudoers/regress/sudoers/test22.sudo.ok plugins/sudoers/regress/sudoers/test22.toke.ok +plugins/sudoers/regress/sudoers/test23.in +plugins/sudoers/regress/sudoers/test23.json.ok +plugins/sudoers/regress/sudoers/test23.ldif.ok +plugins/sudoers/regress/sudoers/test23.ldif2sudo.ok +plugins/sudoers/regress/sudoers/test23.out.ok +plugins/sudoers/regress/sudoers/test23.sudo.ok +plugins/sudoers/regress/sudoers/test23.toke.ok plugins/sudoers/regress/sudoers/test3.in plugins/sudoers/regress/sudoers/test3.json.ok plugins/sudoers/regress/sudoers/test3.ldif.ok @@ -642,6 +822,8 @@ plugins/sudoers/regress/testsudoers/test6.sh plugins/sudoers/regress/testsudoers/test7.out.ok plugins/sudoers/regress/testsudoers/test7.sh +plugins/sudoers/regress/testsudoers/test8.out.ok +plugins/sudoers/regress/testsudoers/test8.sh plugins/sudoers/regress/visudo/test1.out.ok plugins/sudoers/regress/visudo/test1.sh plugins/sudoers/regress/visudo/test10.out.ok @@ -769,9 +951,15 @@ po/zh_CN.po po/zh_TW.mo po/zh_TW.po -pp +scripts/generate_test_coverage.sh +scripts/log2cl.pl +scripts/mkdep.pl +scripts/mkinstalldirs +scripts/mkpkg +scripts/pp src/Makefile.in src/conversation.c +src/copy_file.c src/env_hooks.c src/exec.c src/exec_common.c @@ -804,4 +992,3 @@ src/tgetpass.c src/ttyname.c src/utmp.c -sudo.pp diff -Nru sudo-1.8.31/mkdep.pl sudo-1.9.0/mkdep.pl --- sudo-1.8.31/mkdep.pl 2019-12-10 13:11:01.000000000 +0000 +++ sudo-1.9.0/mkdep.pl 1970-01-01 00:00:00.000000000 +0000 @@ -1,290 +0,0 @@ -#!/usr/bin/env perl -# -# SPDX-License-Identifier: ISC -# -# Copyright (c) 2011-2017 Todd C. Miller -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -# - -use File::Temp qw/ :mktemp /; -use Fcntl; -use warnings; - -die "usage: $0 [--builddir=dir] [--srcdir=dir] Makefile.in ...\n" unless $#ARGV >= 0; - -my @incpaths; -my %dir_vars; -my %implicit; -my %generated; -my $top_builddir = "."; -my $top_srcdir; - -# Check for srcdir and/or builddir, if present -while ($ARGV[0] =~ /^--(src|build)dir=(.*)/) { - if ($1 eq 'src') { - $top_srcdir = $2; - } else { - $top_builddir = $2; - } - shift @ARGV; -} -chdir($top_srcdir) if defined($top_srcdir); - -# Read in MANIFEST or fail if not present -my %manifest; -die "unable to open MANIFEST: $!\n" unless open(MANIFEST, ") { - chomp; - next unless /([^\/]+\.[cly])$/; - $manifest{$1} = $_; -} - -foreach (@ARGV) { - mkdep($_); -} - -sub fmt_depend { - my ($obj, $src) = @_; - my $ret; - - my $deps = sprintf("%s: %s %s", $obj, $src, - join(' ', find_depends($src))); - if (length($deps) > 80) { - my $off = 0; - my $indent = length($obj) + 2; - while (length($deps) - $off > 80 - $indent) { - my $pos; - if ($off != 0) { - $ret .= ' ' x $indent; - $pos = rindex($deps, ' ', $off + 80 - $indent - 2); - } else { - $pos = rindex($deps, ' ', $off + 78); - } - $ret .= substr($deps, $off, $pos - $off) . " \\\n"; - $off = $pos + 1; - } - $ret .= ' ' x $indent; - $ret .= substr($deps, $off) . "\n"; - } else { - $ret = "$deps\n"; - } - - $ret; -} - -sub mkdep { - my $file = $_[0]; - $file =~ s:^\./+::; # strip off leading ./ - $file =~ m:^(.*)/[^/]+$:; - my $srcdir = $1; # parent dir of Makefile - - my $makefile; - if (open(MF, "<$file")) { - local $/; # enable "slurp" mode - $makefile = ; - } else { - warn "$0: $file: $!\n"; - return undef; - } - close(MF); - - # New makefile, minus the autogenerated dependencies - my $separator = "# Autogenerated dependencies, do not modify"; - my $new_makefile = $makefile; - $new_makefile =~ s/${separator}.*$//s; - $new_makefile .= "$separator\n"; - - # Old makefile, join lines with continuation characters - $makefile =~ s/\\\n//mg; - - # Expand some configure bits - $makefile =~ s:\@DEV\@::g; - $makefile =~ s:\@COMMON_OBJS\@:aix.lo event_poll.lo event_select.lo:; - $makefile =~ s:\@SUDO_OBJS\@:openbsd.o preload.o selinux.o sesh.o solaris.o:; - $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo ldap_util.lo ldap_conf.lo solaris_audit.lo sssd.lo:; - # XXX - fill in AUTH_OBJS from contents of the auth dir instead - $makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid5.lo sia.lo:; - $makefile =~ s:\@DIGEST\@:digest.lo digest_openssl.lo digest_gcrypt.lo:; - $makefile =~ s:\@LTLIBOBJS\@:arc4random.lo arc4random_uniform.lo closefrom.lo fnmatch.lo getaddrinfo.lo getcwd.lo getentropy.lo getgrouplist.lo getdelim.lo getopt_long.lo getusershell.lo glob.lo inet_ntop_lo inet_pton.lo isblank.lo memrchr.lo memset_s.lo mksiglist.lo mksigname.lo mktemp.lo nanosleep.lo pw_dup.lo reallocarray.lo sha2.lo sig2str.lo siglist.lo signame.lo snprintf.lo str2sig.lo strlcat.lo strlcpy.lo strndup.lo strnlen.lo strsignal.lo utimens.lo vsyslog.lo pipe2.lo:; - - # Parse OBJS lines - my %objs; - while ($makefile =~ /^[A-Z0-9_]*OBJS\s*=\s*(.*)/mg) { - foreach (split/\s+/, $1) { - next if /^\$[\(\{].*[\)\}]$/; # skip included vars for now - $objs{$_} = 1; - } - } - - # Find include paths - @incpaths = (); - while ($makefile =~ /-I(\S+)/mg) { - push(@incpaths, $1) unless $1 eq "."; - } - - # Check for generated files - if ($makefile =~ /GENERATED\s*=\s*(.+)$/m) { - foreach (split(/\s+/, $1)) { - $generated{$_} = 1; - } - } - - # Values of srcdir, top_srcdir, top_builddir, incdir - %dir_vars = (); - $file =~ m:^(.*)/+[^/]+:; - $dir_vars{'srcdir'} = $1 || '.'; - $dir_vars{'devdir'} = $dir_vars{'srcdir'}; - $dir_vars{'authdir'} = $dir_vars{'srcdir'} . "/auth"; - $dir_vars{'builddir'} = $top_builddir . "/" . $dir_vars{'srcdir'}; - $dir_vars{'top_srcdir'} = '.'; - #$dir_vars{'top_builddir'} = '.'; - $dir_vars{'incdir'} = 'include'; - - # Find implicit rules for generated .o and .lo files - %implicit = (); - while ($makefile =~ /^\.[ci]\.(l?o|i|plog):\s*\n\t+(.*)$/mg) { - $implicit{$1} = $2; - } - - # Find existing .o and .lo dependencies - my %old_deps; - while ($makefile =~ /^(\w+\.l?o):\s*(\S+\.c)/mg) { - $old_deps{$1} = $2; - } - - # Sort files so we do .lo files first - foreach my $obj (sort keys %objs) { - next unless $obj =~ /(\S+)\.(l?o)$/; - if ($2 eq "o" && exists($objs{"$1.lo"})) { - # We have both .lo and .o files, only the .lo should be used - warn "$file: $obj should be $1.lo\n"; - } else { - # Use old depenencies when mapping objects to their source. - # If no old depenency, use the MANIFEST file to find the source. - my $src = $1 . '.c'; - my $ext = $2; - if (exists $old_deps{$obj}) { - $src = $old_deps{$obj}; - } elsif (exists $manifest{$src}) { - $src = $manifest{$src}; - foreach (sort { length($b) <=> length($a) } keys %dir_vars) { - next if $_ eq "devdir"; - last if $src =~ s:^\Q$dir_vars{$_}/\E:\$\($_\)/:; - } - } else { - warn "$file: unable to find source for $obj ($src) in MANIFEST\n"; - if (-f "$srcdir/$src") { - $src = '$(srcdir)/' . $src; - } - } - my $imp = $implicit{$ext}; - $imp =~ s/\$$newfile")) { - warn("cannot open $newfile: $!\n"); - } else { - print MF $new_makefile || warn("cannot write $newfile: $!\n"); - close(MF) || warn("cannot close $newfile: $!\n");; - rename($newfile, $file); - } -} - -exit(0); - -sub find_depends { - my $src = $_[0]; - my ($deps, $code, %headers); - - if ($src !~ /\//) { - # generated file, local to build dir - $src = "$dir_vars{'builddir'}/$src"; - } - - # resolve $(srcdir) etc. - foreach (keys %dir_vars) { - $src =~ s/\$[\(\{]$_[\)\}]/$dir_vars{$_}/g; - } - - # find open source file and find headers used by it - if (!open(FILE, "<$src")) { - warn "unable to open $src\n"; - return ""; - } - local $/; # enable "slurp" mode - $code = ; - close(FILE); - - # find all headers - while ($code =~ /^#\s*include\s+["<](\S+)[">]/mg) { - my ($hdr, $hdr_path) = find_header($1); - if (defined($hdr)) { - $headers{$hdr} = 1; - # Look for other includes in the .h file - foreach (find_depends($hdr_path)) { - $headers{$_} = 1; - } - } - } - - sort keys %headers; -} - -# find the path to a header file -# returns path or undef if not found -sub find_header { - my $hdr = $_[0]; - - # Look for .h.in files in top_builddir and build dir - return ("\$(top_builddir\)/$hdr", "./${hdr}.in") if -r "./${hdr}.in"; - return ("./$hdr", "$dir_vars{'srcdir'}/${hdr}.in") if -r "$dir_vars{'srcdir'}/${hdr}.in"; - - if (exists $generated{$hdr}) { - my $hdr_path = $dir_vars{'devdir'} . '/' . $hdr; - return ('$(devdir)/' . $hdr, $hdr_path) if -r $hdr_path; - } - foreach my $inc (@incpaths) { - my $hdr_path = "$inc/$hdr"; - # resolve variables in include path - foreach (keys %dir_vars) { - next if $_ eq "devdir"; - $hdr_path =~ s/\$[\(\{]$_[\)\}]/$dir_vars{$_}/g; - } - return ("$inc/$hdr", $hdr_path) if -r $hdr_path; - } - - undef; -} diff -Nru sudo-1.8.31/mkinstalldirs sudo-1.9.0/mkinstalldirs --- sudo-1.8.31/mkinstalldirs 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/mkinstalldirs 1970-01-01 00:00:00.000000000 +0000 @@ -1,84 +0,0 @@ -#! /bin/sh -# mkinstalldirs --- make directory hierarchy -# Author: Noah Friedman -# Created: 1993-05-16 -# Public domain - -umask 022 -errstatus=0 -dirmode="" - -usage="\ -Usage: mkinstalldirs [-h] [--help] [-m mode] dir ..." - -# process command line arguments -while test $# -gt 0 ; do - case $1 in - -h | --help | --h*) # -h for help - echo "$usage" 1>&2 - exit 0 - ;; - -m) # -m PERM arg - shift - test $# -eq 0 && { echo "$usage" 1>&2; exit 1; } - dirmode=$1 - shift - ;; - --) # stop option processing - shift - break - ;; - -*) # unknown option - echo "$usage" 1>&2 - exit 1 - ;; - *) # first non-opt arg - break - ;; - esac -done - -for file -do - set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'` - shift - - pathcomp= - for d - do - pathcomp="$pathcomp$d" - case $pathcomp in - -*) pathcomp=./$pathcomp ;; - esac - - if test ! -d "$pathcomp"; then - echo "mkdir $pathcomp" - - mkdir "$pathcomp" || lasterr=$? - - if test ! -d "$pathcomp"; then - errstatus=$lasterr - else - if test ! -z "$dirmode"; then - echo "chmod $dirmode $pathcomp" - lasterr="" - chmod "$dirmode" "$pathcomp" || lasterr=$? - - if test ! -z "$lasterr"; then - errstatus=$lasterr - fi - fi - fi - fi - - pathcomp="$pathcomp/" - done -done - -exit $errstatus - -# Local Variables: -# mode: shell-script -# sh-indentation: 2 -# End: -# mkinstalldirs ends here diff -Nru sudo-1.8.31/mkpkg sudo-1.9.0/mkpkg --- sudo-1.8.31/mkpkg 2019-10-28 12:27:45.000000000 +0000 +++ sudo-1.9.0/mkpkg 1970-01-01 00:00:00.000000000 +0000 @@ -1,418 +0,0 @@ -#!/bin/sh -# -# SPDX-License-Identifier: ISC -# -# Copyright (c) 2010-2018 Todd C. Miller -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -# -# Build a binary package using polypkg -# Usage: mkpkg [--debug] [--flavor flavor] [--platform platform] [--osversion ver] -# - -# Make sure IFS is set to space, tab, newline in that order. -space=' ' -tab=' ' -nl=' -' -IFS=" $nl" - -# Parse arguments -usage="usage: mkpkg [--debug] [--flavor flavor] [--platform platform] [--osversion ver]" -debug=0 -flavor=vanilla -crossbuild=false -while test $# -gt 0; do - case "$1" in - --debug) - set -x - debug=1 - PPFLAGS="--debug${PPFLAGS+$space}${PPFLAGS}" - ;; - --flavor=?*) - flavor=`echo "$1" | sed -n 's/^--flavor=\(.*\)/\1/p'` - PPVARS="${PPVARS}${PPVARS+$space}flavor=$flavor" - ;; - --flavor) - if [ $# -lt 2 ]; then - echo "$usage" 1>&2 - exit 1 - fi - flavor="$2" - PPVARS="${PPVARS}${PPVARS+$space}flavor=$flavor" - shift - ;; - --platform=?*) - arg=`echo "$1" | sed -n 's/^--platform=\(.*\)/\1/p'` - PPFLAGS="${PPFLAGS}${PPFLAGS+$space}--platform $arg" - ;; - --platform) - if [ $# -lt 2 ]; then - echo "$usage" 1>&2 - exit 1 - fi - PPFLAGS="${PPFLAGS}${PPFLAGS+$space}--platform $2" - shift - ;; - --osversion=?*) - arg=`echo "$1" | sed -n 's/^--osversion=\(.*\)/\1/p'` - osversion="$arg" - ;; - --osversion) - if [ $# -lt 2 ]; then - echo "$usage" 1>&2 - exit 1 - fi - osversion="$2" - shift - ;; - --build|--host) - crossbuild=true - configure_opts="${configure_opts}${configure_opts+$tab}$1" - ;; - *) - # Pass unknown options to configure - configure_opts="${configure_opts}${configure_opts+$tab}$1" - ;; - esac - shift -done - -top_srcdir=`dirname $0` - -: ${osversion="`$top_srcdir/pp --probe`"} -test -n "$osversion" || exit 1 -osrelease=`echo "$osversion" | sed -e 's/^[^0-9]*//' -e 's/-.*$//'` -: ${MAKE=make} - -# If using GNU make, set number of jobs -if ${MAKE} --version 2>&1 | grep GNU >/dev/null; then - NJOBS=0 - case "`uname`" in - Darwin) - # macOS - NJOBS=`sysctl -n hw.ncpu` - ;; - Linux) - if [ -r /proc/cpuinfo ]; then - for c in `sed -n 's/^cpu cores[ ]*: *//p' /proc/cpuinfo`; do - NJOBS=`expr $NJOBS + $c` - done - fi - ;; - SunOS) - # Solaris - if [ -x /usr/sbin/psrinfo ]; then - NJOBS=`/usr/sbin/psrinfo | wc -l` - fi - ;; - HP-UX) - NJOBS=`sar -Mu 1 1 | awk 'END {print NR-5}'` - ;; - AIX) - NJOBS=`bindprocessor -q | awk '{print NF-4}'` - ;; - esac - if [ $NJOBS -gt 1 ]; then - make_opts="-j$NJOBS" - fi -fi - -# Choose compiler options by osversion if not cross-compiling. -if [ "$crossbuild" = "false" ]; then - case "$osversion" in - macos*) - # Use clang on macOS if present - if [ -z "$CC" -a -x /usr/bin/clang ]; then - CC=/usr/bin/clang; export CC - fi - ;; - sol[0-9]*) - # Use the Sun Studio C compiler on Solaris if possible - if [ -z "$CC" -a -x /usr/bin/cc ]; then - CC=/usr/bin/cc; export CC - if [ -z "$CFLAGS" ]; then - CFLAGS=-O; export CFLAGS - fi - fi - ;; - esac -fi - -# Give configure a hint that we are building a package. -# Some libc functions are only available on certain OS revisions. -configure_opts="${configure_opts}${configure_opts+$tab}--enable-package-build" - -# Choose configure options by osversion. -# We use the same configure options as vendor packages when possible. -case "$osversion" in - centos*|rhel*|f[0-9]*) - case "$osversion" in - centos*|rhel*) - osmajor=`sed -n -e 's/^.*release \([0-9]*\)[^0-9].*$/\1/p' /etc/redhat-release` - if [ $osmajor -ge 4 ]; then - # RHEL 4 and up support SELinux - with_selinux=true - if [ $osmajor -ge 5 ]; then - # RHEL 5 and up has audit support and uses a - # separate PAM config file for "sudo -i". - with_linux_audit=true - with_pam_login=true - if [ $osmajor -ge 6 ]; then - # RHEL 6 and above builds sudo with SSSD support - with_sssd=true - # RHEL 6 and above use /etc/sudo-ldap.conf - with_sudo_ldap_conf=true - fi - fi - fi - ;; - f[0-9]*) - # XXX - investigate which features were in which fedora version - with_selinux=true - with_linux_audit=true - with_pam_login=true - with_sssd=true - ;; - esac - - if [ X"$with_selinux" = X"true" ]; then - configure_opts="${configure_opts}${configure_opts+$tab}--with-selinux" - fi - if [ X"$with_linux_audit" = X"true" ]; then - configure_opts="${configure_opts}${configure_opts+$tab}--with-linux-audit" - PPVARS="${PPVARS}${PPVARS+$space}linux_audit=1.4.0" - fi - if [ X"$with_pam_login" = X"true" ]; then - configure_opts="${configure_opts}${configure_opts+$tab}--with-pam-login" - fi - if [ X"$with_sssd" = X"true" ]; then - configure_opts="${configure_opts}${configure_opts+$tab}--with-sssd" - if test "`getconf LONG_BIT`" = "64"; then - # SSSD backend needs to know where to find the sssd lib - configure_opts="${configure_opts}${configure_opts+$tab}--with-sssd-lib=/usr/lib64" - fi - fi - if [ X"$with_sudo_ldap_conf" = X"true" ]; then - configure_opts="${configure_opts}${configure_opts+$tab}--with-ldap-conf-file=/etc/sudo-ldap.conf" - fi - # Note, must indent with tabs, not spaces due to IFS trickery - configure_opts="--prefix=/usr - --with-logging=syslog - --with-logfac=authpriv - --with-pam - --enable-zlib=system - --with-editor=/bin/vi - --with-env-editor - --with-ignore-dot - --with-tty-tickets - --with-ldap - --with-passprompt=[sudo] password for %p: - --with-sendmail=/usr/sbin/sendmail - $configure_opts" - ;; - sles*) - if [ $osrelease -ge 10 ]; then - # SLES 11 and higher has SELinux - if [ $osrelease -ge 11 ]; then - configure_opts="${configure_opts}${configure_opts+$tab}--with-selinux" - fi - fi - # SuSE doesn't have /usr/libexec - libexec=lib - case "$osversion" in - *64*) gcc -v 2>&1 | grep "with-cpu=[^ ]*32" >/dev/null || libexec=lib64 - ;; - esac - # Note, must indent with tabs, not spaces due to IFS trickery - # XXX - SuSE uses secure path but only for env_reset - configure_opts="--prefix=/usr - --libexecdir=/usr/$libexec - --with-logging=syslog - --with-logfac=auth - --with-all-insults - --with-ignore-dot - --with-tty-tickets - --enable-shell-sets-home - --with-sudoers-mode=0440 - --with-pam - --enable-zlib=system - --with-ldap - --with-env-editor - --with-passprompt=%p\'s password: - --with-sendmail=/usr/sbin/sendmail - $configure_opts" - - make_opts="${make_opts}${make_opts+ }"'docdir=$(datarootdir)/doc/packages/$(PACKAGE_TARNAME)' - ;; - deb*|ubu*) - # Man pages should be compressed in .deb files - export MANCOMPRESS='gzip -9' - export MANCOMPRESSEXT='.gz' - # If Ubuntu, add --enable-admin-flag - case "$osversion" in - ubu*) - configure_opts="${configure_opts}${configure_opts+$tab}--enable-admin-flag${tab}--without-lecture" - ;; - esac - # Newer Debian uses arch-specific lib dirs - MULTIARCH=`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null` - # Note, must indent with tabs, not spaces due to IFS trickery - if test "$flavor" = "ldap"; then - configure_opts="${configure_opts}${configure_opts+$tab}--with-ldap - --with-ldap-conf-file=/etc/sudo-ldap.conf" - else - configure_opts="${configure_opts}${configure_opts+$tab}--with-sssd" - if test -n "$MULTIARCH"; then - # SSSD backend needs to know where to find the sssd lib - configure_opts="${configure_opts}${configure_opts+$tab}--with-sssd-lib=/usr/lib/$MULTIARCH" - fi - fi - configure_opts="--prefix=/usr - --with-all-insults - --with-pam - --enable-zlib=system - --with-fqdn - --with-logging=syslog - --with-logfac=authpriv - --with-env-editor - --with-editor=/usr/bin/editor - --with-timeout=15 - --with-password-timeout=0 - --with-passprompt=[sudo] password for %p: - --disable-root-mailer - --with-sendmail=/usr/sbin/sendmail - --mandir=/usr/share/man - --libexecdir=/usr/lib - --with-selinux - --with-linux-audit - $configure_opts" - # Use correct libaudit dependency - for f in /lib/${MULTIARCH}${MULTIARCH:+/}libaudit.so.[0-9]* /lib/libaudit.so.[0-9]*; do - if test -f "$f"; then - linux_audit=`dpkg-query -S "$f" 2>/dev/null | sed -n 's/:.*//p'` - test -n "$linux_audit" && break; - fi - done - if [ -z "$linux_audit" ]; then - echo "unable to determine package for libaudit" 1>&2 - exit 1 - fi - PPVARS="${PPVARS}${PPVARS+$space}linux_audit=$linux_audit" - ;; - macos*) - case "$osversion" in - macos10[0-6]-i386|macos10[0-6]-x86_64) - # Build intel universal binaries for 10.6 and below - ARCH_FLAGS="-arch i386 -arch x86_64" - ;; - esac - if test "${osversion}" != "`$top_srcdir/pp --probe`"; then - sdkvers=`echo "${osversion}" | sed 's/^macos\([0-9][0-9]\)\([0-9]*\)-.*$/\1.\2/'` - # SDKs may be under Xcode.app or CommandLineTools (for non-Xcode) - if [ -d "/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs" ]; then - SDK_DIR="/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs" - elif [ -d "/Library/Developer/CommandLineTools/SDKs" ]; then - SDK_DIR="/Library/Developer/CommandLineTools/SDKs" - else - echo "unable to find macOS SDKs directory" 1>&2 - exit 1 - fi - SDK_DIR="${SDK_DIR}/MacOSX${sdkvers}.sdk" - if test -d "${SDK_DIR}"; then - SDK_FLAGS="-isysroot ${SDK_DIR} -mmacosx-version-min=${sdkvers}" - else - echo "unable to find SDKs directory for macOS $sdkvers" 1>&2 - exit 1 - fi - fi - export CFLAGS="-O2 -g $ARCH_FLAGS $SDK_FLAGS" - export LDFLAGS="$ARCH_FLAGS $SDK_FLAGS" - # Note, must indent with tabs, not spaces due to IFS trickery - configure_opts="--with-pam - --with-bsm-audit - --without-tty-tickets - --enable-zlib=system - --with-ldap - --with-insults=disabled - --with-logging=syslog - --with-logfac=authpriv - --with-editor=/usr/bin/vim - --with-env-editor - $configure_opts" - ;; - aix*) - # Use -gxcoff with gcc instead of -g for dbx-style debugging symbols. - if test -z "$CC" && gcc -v >/dev/null 2>&1; then - CFLAGS="-O2 -gxcoff"; export CFLAGS - fi - # Note, must indent with tabs, not spaces due to IFS trickery - # Note: we include our own zlib instead of relying on the - # AIX freeware version being installed. - configure_opts=" - --prefix=/opt/freeware - --mandir=/opt/freeware/man - --with-insults=disabled - --with-logging=syslog - --with-logfac=auth - --with-editor=/usr/bin/vi - --with-env-editor - --enable-zlib=builtin - --disable-nls - --with-sendmail=/usr/sbin/sendmail - $configure_opts" - PPVARS="${PPVARS}${PPVARS+$space}aix_freeware=true" - ;; - *) - # For Solaris, add project support and use let configure choose zlib. - # For all others, use the builtin zlib and disable NLS support. - case "$osversion" in - sol*) - configure_opts="${configure_opts}${configure_opts+$tab}--with-project" - - if [ $osrelease -ge 11 ]; then - configure_opts="${configure_opts}${configure_opts+$tab}--with-bsm-audit" - fi - ;; - *) - configure_opts="${configure_opts}${configure_opts+$tab}--enable-zlib=builtin${tab}--disable-nls" - ;; - esac - if test "$flavor" = "ldap"; then - configure_opts="${configure_opts}${configure_opts+$tab}--with-ldap" - fi - # Note, must indent with tabs, not spaces due to IFS trickery - configure_opts=" - --with-insults=disabled - --with-logging=syslog - --with-logfac=auth - --with-editor=/usr/bin/vim:/usr/bin/vi:/bin/vi - --with-env-editor - $configure_opts" - ;; -esac - -# The postinstall script will create tmpfiles.d/sudo.conf for us -configure_opts="${configure_opts}${configure_opts+$tab}--disable-tmpfiles.d" - -# Remove spaces from IFS when setting $@ so that passprompt may include them -OIFS="$IFS" -IFS=" $nl" -set -- $configure_opts $extra_opts -IFS="$OIFS" -if [ -r Makefile ]; then - ${MAKE} $make_opts distclean -fi -$top_srcdir/configure "$@" || exit 1 -${MAKE} $make_opts && ${MAKE} $make_opts PPFLAGS="$PPFLAGS" PPVARS="$PPVARS" package -test $debug -eq 0 && rm -rf destdir diff -Nru sudo-1.8.31/NEWS sudo-1.9.0/NEWS --- sudo-1.8.31/NEWS 2020-01-30 12:51:46.000000000 +0000 +++ sudo-1.9.0/NEWS 2020-05-11 16:28:22.000000000 +0000 @@ -1,3 +1,113 @@ +What's new in Sudo 1.9.0 + + * Fixed a test failure in the strsig_test regress test on FreeBSD. + + * Sudo now includes a logging daemon, sudo_logsrvd, which can be + used to implement centralized logging of I/O logs. TLS connections + are supported when sudo is configured with the --enable-openssl + option. For more information, see the sudo_logsrvd, logsrvd.conf + and sudo_logsrv.proto manuals as well as the log_servers setting + in the sudoers manual. + + The --disable-log-server and --disable-log-client configure + options can be used to disable building the I/O log server and/or + remote I/O log support in the sudoers plugin. + + * The new sudo_sendlog utility can be used to test sudo_logsrvd + or send existing sudo I/O logs to a centralized server. + + * It is now possible to write sudo plugins in Python 3 when sudo + is configured with the --enable-python> option. See the + sudo_plugin_python.man.html manual for details. + + Sudo 1.9.0 comes with several Python example plugins that get + installed sudo's examples directory. + + The sudo blog article "What's new in sudo 1.9: Python" + (https://blog.sudo.ws/posts/2020/01/whats-new-in-sudo-1.9-python/) + includes a simple tutorial on writing python plugins. + + * Sudo now supports an "audit" plugin type. An audit plugin + receives accept, reject, exit and error messages and can be used + to implement custom logging that is independent of the underlying + security policy. Multiple audit plugins may be specified in + the sudo.conf file. A sample audit plugin is included that + writes logs in JSON format. + + * Sudo now supports an "approval" plugin type. An approval plugin + is run only after the main security policy (such as sudoers) accepts + a command to be run. The approval policy may perform additional + checks, potentially interacting with the user. Multiple approval + plugins may be specified in the sudo.conf file. Only if all + approval plugins succeed will the command be allowed. + + * Sudo's -S command line option now causes the sudo conversation + function to write to the standard output or standard error instead + of the terminal device. + + * It is now possible to use "Cmd_Alias" instead of "Cmnd_Alias" for + people who find the former more natural. + + * The new "pam_ruser" and "pam_rhost" sudoers settings can be used + to enable or disable setting the PAM remote user and/or host + values during PAM session setup. + + * More than one SHA-2 digest may now be specified for a single + command. Multiple digests must be separated by a comma. + + * It is now possible to specify a SHA-2 digest in conjunction with + the "ALL" reserved word in a command specification. This allows + one to give permission to run any command that matches the + specified digest, regardless of its path. + + * Sudo and sudo_logsrvd now create an extended I/O log info file + in JSON format that contains additional information about the + command that was run, such as the host name. The sudoreplay + utility uses this file in preference to the legacy log file. + + * The sudoreplay utility can now match on a host name in list mode. + The list output also now includes the host name if one is present + in the log file. + + * For "sudo -i", if the target user's home directory does not + exist, sudo will now warn about the problem but run the command + in the current working directory. Previously, this was a fatal + error. Debian bug #598519. + + * The command line arguments in the SUDO_COMMAND environment + variable are now truncated at 4096 characters. This avoids an + "Argument list too long" error when executing a command with a + large number of arguments. Bug #923 (Debian bug #596631). + + * Sudo now properly ends the PAM transaction when the user + authenticates successfully but sudoers denies the command. + Debian bug #669687. + + * The sudoers grammar in the manual now indicates that "sudoedit" + requires one or more arguments. Debian bug #571621. + + * When copying the edited files to the original path, sudoedit now + allocates any additional space needed before writing. Previously, + it could truncate the destination file if the file system was + full. Bug #922. + + * Fixed an issue where PAM session modules could be called with + the wrong user name when multiple users in the passwd database + share the the same user-ID. Debian bug #734752. + + * Sudo command line options that take a value may only be specified + once. This is to help guard against problems caused by poorly + written scripts that invoke sudo with user-controlled input. + Bug #924. + +What's new in Sudo 1.8.31p1 + + * Sudo once again ignores a failure to restore the RLIMIT_CORE + resource limit, as it did prior to version 1.8.29. Linux + containers don't allow RLIMIT_CORE to be set back to RLIM_INFINITY + if we set the limit to zero, even for root, which resulted in a + warning from sudo. + What's new in Sudo 1.8.31 * Fixed CVE-2019-18634, a buffer overflow when the "pwfeedback" @@ -300,7 +410,7 @@ while the system is sleeping is used where available. * Fixed a bug introduced in sudo 1.8.24 where sudoNotAfter in the LDAP - backend was not being properly parsed. Bug #845. + back-end was not being properly parsed. Bug #845. * When sudo runs a command in a pseudo-tty, the slave device is now closed in the main process immediately after starting the @@ -322,12 +432,12 @@ LOGNAME on AIX systems. Bug #848. * Fixed a regression introduced in sudo 1.8.24 where the LDAP and - SSSD backends evaluated the rules in reverse sudoOrder. Bug #849. + SSSD back-ends evaluated the rules in reverse sudoOrder. Bug #849. What's new in Sudo 1.8.24 * The LDAP and SSS back-ends now use the same rule evaluation code - as the sudoers file backend. This builds on the work in sudo + as the sudoers file back-end. This builds on the work in sudo 1.8.23 where the formatting functions for "sudo -l" output were shared. The handling of negated commands in SSS and LDAP is unchanged. @@ -397,7 +507,7 @@ It is also possible to filter the generated output file by user, group or host name. - * The file, ldap and sss sudoers backends now share a common set + * The file, ldap and sss sudoers back-ends now share a common set of formatting functions for "sudo -l" output, which is also used by the cvtsudoers utility. @@ -491,7 +601,7 @@ * A new "authfail_message" sudoers option that overrides the default "N incorrect password attempt(s)". - * An empty sudoRunAsUser attribute in the LDAP and SSSD backends + * An empty sudoRunAsUser attribute in the LDAP and SSSD back-ends will now match the invoking user. This is more consistent with how an empty runas user in the sudoers file is treated. @@ -569,7 +679,7 @@ environment when the "env_reset" sudoers setting is disabled by removing the "*=()*" pattern from the env_delete list. - * A change made in sudo 1.8.15 inadvertantly caused sudoedit to + * A change made in sudo 1.8.15 inadvertently caused sudoedit to send itself SIGHUP instead of exiting when the editor returns an error or the file was not modified. @@ -820,7 +930,7 @@ * The sudoers locale is now set before parsing the sudoers file. If sudoers_locale is set in sudoers, it is applied before evaluating other Defaults entries. Previously, sudoers_locale - was used when evaluating sudoers but not during the inital parse. + was used when evaluating sudoers but not during the initial parse. Bug #748. * A missing or otherwise invalid #includedir is now ignored instead @@ -918,7 +1028,7 @@ file entries were missing the newline when loglinelen is set to a non-positive number. Bug #742. - * Unix groups are now set before the plugin session intialization + * Unix groups are now set before the plugin session initialization code is run. This makes it possible to use dynamic groups with the Linux-PAM pam_group module. @@ -1250,7 +1360,7 @@ * The editor invoked by sudoedit once again uses an unmodified copy of the user's environment as per the documentation. This - was inadvertantly changed in sudo 1.8.0. Bug #688. + was inadvertently changed in sudo 1.8.0. Bug #688. What's new in Sudo 1.8.12 @@ -1998,7 +2108,7 @@ when PAM is used. Sudo now merges the PAM environment into the user's environment which is typically set by the pam_env module. - * The initial evironment created when env_reset is in effect now + * The initial environment created when env_reset is in effect now includes the contents of /etc/environment on AIX systems and the "setenv" and "path" entries from /etc/login.conf on BSD systems. diff -Nru sudo-1.8.31/pathnames.h.in sudo-1.9.0/pathnames.h.in --- sudo-1.8.31/pathnames.h.in 2019-10-28 12:27:45.000000000 +0000 +++ sudo-1.9.0/pathnames.h.in 2020-05-11 16:28:23.000000000 +0000 @@ -79,10 +79,27 @@ #endif /* _PATH_CVTSUDOERS_CONF */ /* + * NOTE: _PATH_SUDO_LOGSRVD_CONF is usually overridden by the Makefile. + */ +#ifndef _PATH_SUDO_LOGSRVD_CONF +# define _PATH_SUDO_LOGSRVD_CONF "/etc/sudo_logsrvd.conf" +#endif /* _PATH_SUDO_LOGSRVD_CONF */ + +/* * The following paths are controlled via the configure script. */ /* + * Where sudo_logsrvd stores its pid file files. Defaults to + * /var/run/sudo/sudo_logsrvd.pid, /var/db/sudo/sudo_logsrvd.pid, + * /var/lib/sudo/sudo_logsrvd.pid, /var/adm/sudo/sudo_logsrvd.pid or + * /usr/adm/sudo/sudo_logsrvd.pid depending on what exists on the system. + */ +#ifndef _PATH_SUDO_LOGSRVD_PID +# undef _PATH_SUDO_LOGSRVD_PID +#endif /* _PATH_SUDO_LOGSRVD_PID */ + +/* * Where to store the time stamp files. Defaults to /var/run/sudo/ts, * /var/db/sudo/ts, /var/lib/sudo/ts, /var/adm/sudo/ts or /usr/adm/sudo/ts * depending on what exists on the system. @@ -109,6 +126,14 @@ #endif /* _PATH_SUDO_IO_LOGDIR */ /* + * Where to put the audit and other log files. Defaults to /var/log, + * /var/adm or /usr/adm depending on what exists. + */ +#ifndef _PATH_SUDO_LOGDIR +# undef _PATH_SUDO_LOGDIR +#endif /* _PATH_SUDO_LOGDIR */ + +/* * Where to put the sudo log file when logging to a file. Defaults to * /var/log/sudo.log if /var/log exists, else /var/adm/sudo.log. */ diff -Nru sudo-1.8.31/plugins/audit_json/audit_json.c sudo-1.9.0/plugins/audit_json/audit_json.c --- sudo-1.8.31/plugins/audit_json/audit_json.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/audit_json/audit_json.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,702 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include + +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ +#ifdef HAVE_STRING_H +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#include +#include +#include +#include +#include +#include +#include + +#include "sudo_gettext.h" /* must be included before sudo_compat.h */ + +#include "sudo_compat.h" +#include "sudo_conf.h" +#include "sudo_debug.h" +#include "sudo_dso.h" +#include "sudo_fatal.h" +#include "sudo_json.h" +#include "sudo_plugin.h" +#include "sudo_util.h" +#include "pathnames.h" + +static int audit_debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER; +static sudo_conv_t audit_conv; +static sudo_printf_t audit_printf; + +static struct audit_state { + int submit_optind; + char uuid_str[37]; + bool accepted; + FILE *log_fp; + char *logfile; + char * const * settings; + char * const * user_info; + char * const * submit_argv; + char * const * submit_envp; +} state = { -1 }; + +/* Filter out entries in settings[] that are not really options. */ +char * const settings_filter[] = { + "debug_flags", + "max_groups", + "network_addrs", + "plugin_dir", + "plugin_path", + "progname", + NULL +}; + +static int +audit_json_open(unsigned int version, sudo_conv_t conversation, + sudo_printf_t plugin_printf, char * const settings[], + char * const user_info[], int submit_optind, char * const submit_argv[], + char * const submit_envp[], char * const plugin_options[], + const char **errstr) +{ + struct sudo_conf_debug_file_list debug_files = + TAILQ_HEAD_INITIALIZER(debug_files); + struct sudo_debug_file *debug_file; + const char *cp, *plugin_path = NULL; + unsigned char uuid[16]; + char * const *cur; + mode_t oldmask; + int fd, ret = -1; + debug_decl_vars(audit_json_open, SUDO_DEBUG_PLUGIN); + + audit_conv = conversation; + audit_printf = plugin_printf; + + /* + * Stash initial values. + */ + state.submit_optind = submit_optind; + state.settings = settings; + state.user_info = user_info; + state.submit_argv = submit_argv; + state.submit_envp = submit_envp; + + /* Initialize the debug subsystem. */ + for (cur = settings; (cp = *cur) != NULL; cur++) { + if (strncmp(cp, "debug_flags=", sizeof("debug_flags=") - 1) == 0) { + cp += sizeof("debug_flags=") - 1; + if (sudo_debug_parse_flags(&debug_files, cp) == -1) + goto oom; + continue; + } + if (strncmp(cp, "plugin_path=", sizeof("plugin_path=") - 1) == 0) { + plugin_path = cp + sizeof("plugin_path=") - 1; + continue; + } + } + if (plugin_path != NULL && !TAILQ_EMPTY(&debug_files)) { + audit_debug_instance = + sudo_debug_register(plugin_path, NULL, NULL, &debug_files); + if (audit_debug_instance == SUDO_DEBUG_INSTANCE_ERROR) { + *errstr = U_("unable to initialize debugging"); + goto bad; + } + sudo_debug_enter(__func__, __FILE__, __LINE__, sudo_debug_subsys); + } + + /* Create a UUID for this command for use with audit records. */ + sudo_uuid_create(uuid); + if (sudo_uuid_to_string(uuid, state.uuid_str, sizeof(state.uuid_str)) == NULL) { + *errstr = U_("unable to generate UUID"); + goto bad; + } + + /* Parse plugin_options to check for logfile option. */ + if (plugin_options != NULL) { + for (cur = plugin_options; (cp = *cur) != NULL; cur++) { + if (strncmp(cp, "logfile=", sizeof("logfile=") - 1) == 0) { + state.logfile = strdup(cp + sizeof("logfile=") - 1); + if (state.logfile == NULL) + goto oom; + } + } + } + if (state.logfile == NULL) { + if (asprintf(&state.logfile, "%s/sudo_audit.json", _PATH_SUDO_LOGDIR) == -1) + goto oom; + } + + /* open log file */ + /* TODO: support pipe */ + oldmask = umask(S_IRWXG|S_IRWXO); + fd = open(state.logfile, O_RDWR|O_CREAT, S_IRUSR|S_IWUSR); + (void)umask(oldmask); + if (fd == -1 || (state.log_fp = fdopen(fd, "w")) == NULL) { + *errstr = U_("unable to open audit system"); + if (fd != -1) + close(fd); + goto bad; + } + + ret = 1; + goto done; + +oom: + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + *errstr = U_("unable to allocate memory"); + +bad: + if (state.log_fp != NULL) { + fclose(state.log_fp); + state.log_fp = NULL; + } + +done: + while ((debug_file = TAILQ_FIRST(&debug_files))) { + TAILQ_REMOVE(&debug_files, debug_file, entries); + free(debug_file->debug_file); + free(debug_file->debug_flags); + free(debug_file); + } + + debug_return_int(ret); +} + +static bool +add_key_value(struct json_container *json, const char *str) +{ + struct json_value json_value; + const char *cp, *errstr; + char name[256]; + size_t len; + debug_decl(add_key_value, SUDO_DEBUG_PLUGIN); + + if ((cp = strchr(str, '=')) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ignoring bad command info string \"%s\"", str); + debug_return_bool(false); + } + len = (size_t)(cp - str); + cp++; + + /* Variable name currently limited to 256 chars */ + if (len >= sizeof(name)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ignoring long command info name \"%.*s\"", (int)len, str); + debug_return_bool(false); + } + memcpy(name, str, len); + name[len] = '\0'; + + /* Check for bool or number. */ + json_value.type = JSON_NULL; + switch (*cp) { + case '+': case '-': case '0': case '1': case '2': case '3': + case '4': case '5': case '6': case '7': case '8': case '9': + json_value.u.number = sudo_strtonum(cp, INT_MIN, INT_MAX, &errstr); + if (errstr == NULL) + json_value.type = JSON_NUMBER; + break; + case 't': + if (strcmp(cp, "true") == 0) { + json_value.type = JSON_BOOL; + json_value.u.boolean = true; + } + break; + case 'f': + if (strcmp(cp, "false") == 0) { + json_value.type = JSON_BOOL; + json_value.u.boolean = false; + } + break; + } + + /* Default to string type. */ + if (json_value.type == JSON_NULL) { + json_value.type = JSON_STRING; + json_value.u.string = cp; + } + + debug_return_bool(sudo_json_add_value(json, name, &json_value)); +} + +static bool +add_array(struct json_container *json, const char *name, char * const * array) +{ + const char *cp; + struct json_value json_value; + debug_decl(add_array, SUDO_DEBUG_PLUGIN); + + if (!sudo_json_open_array(json, name)) + debug_return_bool(false); + while ((cp = *array) != NULL) { + json_value.type = JSON_STRING; + json_value.u.string = cp; + if (!sudo_json_add_value(json, name, &json_value)) + debug_return_bool(false); + array++; + } + if (!sudo_json_close_array(json)) + debug_return_bool(false); + + debug_return_bool(true); +} + +static bool +filter_key_value(const char *kv, char * const * filter) +{ + char * const *cur; + const char *cp; + size_t namelen; + + if (filter != NULL) { + namelen = strcspn(kv, "="); + for (cur = filter; (cp = *cur) != NULL; cur++) { + if (strncmp(kv, cp, namelen) == 0 && cp[namelen] == '\0') + return true; + } + } + return false; +} + +static bool +add_key_value_object(struct json_container *json, const char *name, + char * const * array, char * const * filter) +{ + char * const *cur; + const char *cp; + bool empty = false; + debug_decl(add_key_value_object, SUDO_DEBUG_PLUGIN); + + if (filter != NULL) { + /* Avoid printing an empty object if everything is filtered. */ + empty = true; + for (cur = array; (cp = *cur) != NULL; cur++) { + if (!filter_key_value(cp, filter)) { + empty = false; + break; + } + } + } + if (!empty) { + if (!sudo_json_open_object(json, name)) + goto bad; + for (cur = array; (cp = *cur) != NULL; cur++) { + if (filter_key_value(cp, filter)) + continue; + if (!add_key_value(json, cp)) + goto bad; + } + if (!sudo_json_close_object(json)) + goto bad; + } + + debug_return_bool(true); +bad: + debug_return_bool(false); +} + +static bool +add_timestamp(struct json_container *json, struct timespec *ts) +{ + struct json_value json_value; + time_t secs = ts->tv_sec; + char timebuf[1024]; + struct tm *tm; + debug_decl(add_timestamp, SUDO_DEBUG_PLUGIN); + + if ((tm = gmtime(&secs)) == NULL) + debug_return_bool(false); + + sudo_json_open_object(json, "timestamp"); + + json_value.type = JSON_NUMBER; + json_value.u.number = ts->tv_sec; + sudo_json_add_value(json, "seconds", &json_value); + + json_value.type = JSON_NUMBER; + json_value.u.number = ts->tv_nsec; + sudo_json_add_value(json, "nanoseconds", &json_value); + + strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%SZ", tm); + json_value.type = JSON_STRING; + json_value.u.string = timebuf; + sudo_json_add_value(json, "iso8601", &json_value); + + strftime(timebuf, sizeof(timebuf), "%a %b %e %H:%M:%S %Z %Y", tm); + json_value.type = JSON_STRING; + json_value.u.string = timebuf; + sudo_json_add_value(json, "localtime", &json_value); + + sudo_json_close_object(json); + + debug_return_bool(true); +} + +static int +audit_write_json(struct json_container *json) +{ + struct stat sb; + int ret = -1; + debug_decl(audit_write_json, SUDO_DEBUG_PLUGIN); + + if (!sudo_lock_file(fileno(state.log_fp), SUDO_LOCK)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO, + "unable to lock %s", state.logfile); + goto done; + } + + /* Note: assumes file ends in "\n}\n" */ + if (fstat(fileno(state.log_fp), &sb) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO, + "unable to stat %s", state.logfile); + goto done; + } + if (sb.st_size == 0) { + /* New file */ + putc('{', state.log_fp); + } else if (fseeko(state.log_fp, -3, SEEK_END) == 0) { + /* Continue file, overwrite the final "\n}\n" */ + putc(',', state.log_fp); + } else { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO, + "unable to seek %s", state.logfile); + goto done; + } + + fputs(sudo_json_get_buf(json), state.log_fp); + fputs("\n}\n", state.log_fp); + fflush(state.log_fp); + (void)sudo_lock_file(fileno(state.log_fp), SUDO_UNLOCK); + + /* TODO: undo partial record on error */ + if (!ferror(state.log_fp)) + ret = true; + +done: + debug_return_int(ret); +} + +static int +audit_write_exit_record(int exit_status, int error) +{ + struct json_container json; + struct json_value json_value; + struct timespec now; + int ret = -1; + debug_decl(audit_write_exit_record, SUDO_DEBUG_PLUGIN); + + if (sudo_gettime_real(&now) == -1) { + sudo_warn(U_("unable to read the clock")); + goto done; + } + + if (!sudo_json_init(&json, 4, false, false)) + goto oom; + if (!sudo_json_open_object(&json, "exit")) + goto oom; + + /* Write UUID */ + json_value.type = JSON_STRING; + json_value.u.string = state.uuid_str; + if (!sudo_json_add_value(&json, "uuid", &json_value)) + goto oom; + + /* Write time stamp */ + if (!add_timestamp(&json, &now)) + goto oom; + + if (error != 0) { + /* Error executing command */ + json_value.type = JSON_STRING; + json_value.u.string = strerror(error); + if (!sudo_json_add_value(&json, "error", &json_value)) + goto oom; + } else { + if (WIFEXITED(exit_status)) { + /* Command exited normally. */ + json_value.type = JSON_NUMBER; + json_value.u.number = WEXITSTATUS(exit_status); + if (!sudo_json_add_value(&json, "exit_value", &json_value)) + goto oom; + } else if (WIFSIGNALED(exit_status)) { + /* Command killed by signal. */ + char signame[SIG2STR_MAX]; + int signo = WTERMSIG(exit_status); + if (signo <= 0 || sig2str(signo, signame) == -1) { + json_value.type = JSON_NUMBER; + json_value.u.number = signo; + if (!sudo_json_add_value(&json, "signal", &json_value)) + goto oom; + } else { + json_value.type = JSON_STRING; + json_value.u.string = signame; + if (!sudo_json_add_value(&json, "signal", &json_value)) + goto oom; + } + /* Core dump? */ + json_value.type = JSON_BOOL; + json_value.u.boolean = WCOREDUMP(exit_status); + if (!sudo_json_add_value(&json, "dumped_core", &json_value)) + goto oom; + /* Exit value */ + json_value.type = JSON_NUMBER; + json_value.u.number = WTERMSIG(exit_status) | 128; + if (!sudo_json_add_value(&json, "exit_value", &json_value)) + goto oom; + } + } + + if (!sudo_json_close_object(&json)) + goto oom; + + ret = audit_write_json(&json); + sudo_json_free(&json); +done: + debug_return_int(ret); +oom: + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + sudo_json_free(&json); + debug_return_int(-1); +} + +static int +audit_write_record(const char *audit_str, const char *plugin_name, + unsigned int plugin_type, const char *reason, char * const command_info[], + char * const run_argv[], char * const run_envp[]) +{ + struct json_container json; + struct json_value json_value; + struct timespec now; + int ret = -1; + debug_decl(audit_write_record, SUDO_DEBUG_PLUGIN); + + if (sudo_gettime_real(&now) == -1) { + sudo_warn(U_("unable to read the clock")); + goto done; + } + + if (!sudo_json_init(&json, 4, false, false)) + goto oom; + if (!sudo_json_open_object(&json, audit_str)) + goto oom; + + json_value.type = JSON_STRING; + json_value.u.string = plugin_name; + if (!sudo_json_add_value(&json, "plugin_name", &json_value)) + goto oom; + + switch (plugin_type) { + case 0: + json_value.u.string = "front-end"; + break; + case SUDO_POLICY_PLUGIN: + json_value.u.string = "policy"; + break; + case SUDO_IO_PLUGIN: + json_value.u.string = "io"; + break; + case SUDO_APPROVAL_PLUGIN: + json_value.u.string = "approval"; + break; + case SUDO_AUDIT_PLUGIN: + json_value.u.string = "audit"; + break; + default: + json_value.u.string = "unknown"; + break; + } + json_value.type = JSON_STRING; + if (!sudo_json_add_value(&json, "plugin_type", &json_value)) + goto oom; + + /* error and reject audit events usually contain a reason. */ + if (reason != NULL) { + json_value.type = JSON_STRING; + json_value.u.string = reason; + if (!sudo_json_add_value(&json, "reason", &json_value)) + goto oom; + } + + json_value.type = JSON_STRING; + json_value.u.string = state.uuid_str; + if (!sudo_json_add_value(&json, "uuid", &json_value)) + goto oom; + + if (!add_timestamp(&json, &now)) + goto oom; + + /* Write key=value objects. */ + if (!add_key_value_object(&json, "options", state.settings, settings_filter)) + goto oom; + if (!add_key_value_object(&json, "user_info", state.user_info, NULL)) + goto oom; + if (command_info != NULL) { + if (!add_key_value_object(&json, "command_info", command_info, NULL)) + goto oom; + } + + /* Write submit_optind before submit_argv */ + json_value.type = JSON_NUMBER; + json_value.u.number = state.submit_optind; + if (!sudo_json_add_value(&json, "submit_optind", &json_value)) + goto oom; + + if (!add_array(&json, "submit_argv", state.submit_argv)) + goto oom; + if (!add_array(&json, "submit_envp", state.submit_envp)) + goto oom; + if (run_argv != NULL) { + if (!add_array(&json, "run_argv", run_argv)) + goto oom; + } + if (run_envp != NULL) { + if (!add_array(&json, "run_envp", run_envp)) + goto oom; + } + + if (!sudo_json_close_object(&json)) + goto oom; + + ret = audit_write_json(&json); + sudo_json_free(&json); + +done: + debug_return_int(ret); +oom: + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + sudo_json_free(&json); + debug_return_int(-1); +} + +static int +audit_json_accept(const char *plugin_name, unsigned int plugin_type, + char * const command_info[], char * const run_argv[], + char * const run_envp[], const char **errstr) +{ + int ret; + debug_decl(audit_json_accept, SUDO_DEBUG_PLUGIN); + + state.accepted = true; + + ret = audit_write_record("accept", plugin_name, plugin_type, NULL, + command_info, run_argv, run_envp); + + debug_return_int(ret); +} + +static int +audit_json_reject(const char *plugin_name, unsigned int plugin_type, + const char *reason, char * const command_info[], const char **errstr) +{ + int ret; + debug_decl(audit_json_reject, SUDO_DEBUG_PLUGIN); + + ret = audit_write_record("reject", plugin_name, plugin_type, + reason, command_info, NULL, NULL); + + debug_return_int(ret); +} + +static int +audit_json_error(const char *plugin_name, unsigned int plugin_type, + const char *reason, char * const command_info[], const char **errstr) +{ + int ret; + debug_decl(audit_json_error, SUDO_DEBUG_PLUGIN); + + ret = audit_write_record("error", plugin_name, plugin_type, + reason, command_info, NULL, NULL); + + debug_return_int(ret); +} + +static void +audit_json_close(int status_type, int status) +{ + debug_decl(audit_json_close, SUDO_DEBUG_PLUGIN); + + switch (status_type) { + case SUDO_PLUGIN_NO_STATUS: + break; + case SUDO_PLUGIN_WAIT_STATUS: + audit_write_exit_record(status, 0); + break; + case SUDO_PLUGIN_EXEC_ERROR: + audit_write_exit_record(0, status); + break; + case SUDO_PLUGIN_SUDO_ERROR: + audit_write_record("error", "sudo", 0, strerror(status), + NULL, NULL, NULL); + break; + default: + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected status type %d, value %d", status_type, status); + break; + } + + free(state.logfile); + if (state.log_fp != NULL) + fclose(state.log_fp); + + debug_return; +} + +static int +audit_json_show_version(int verbose) +{ + debug_decl(audit_json_show_version, SUDO_DEBUG_PLUGIN); + + audit_printf(SUDO_CONV_INFO_MSG, "JSON audit plugin version %s\n", + PACKAGE_VERSION); + + debug_return_int(true); +} + +__dso_public struct audit_plugin audit_json = { + SUDO_AUDIT_PLUGIN, + SUDO_API_VERSION, + audit_json_open, + audit_json_close, + audit_json_accept, + audit_json_reject, + audit_json_error, + audit_json_show_version, + NULL, /* register_hooks */ + NULL /* deregister_hooks */ +}; diff -Nru sudo-1.8.31/plugins/audit_json/audit_json.exp sudo-1.9.0/plugins/audit_json/audit_json.exp --- sudo-1.8.31/plugins/audit_json/audit_json.exp 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/audit_json/audit_json.exp 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1 @@ +audit_json diff -Nru sudo-1.8.31/plugins/audit_json/Makefile.in sudo-1.9.0/plugins/audit_json/Makefile.in --- sudo-1.8.31/plugins/audit_json/Makefile.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/audit_json/Makefile.in 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,220 @@ +# +# SPDX-License-Identifier: ISC +# +# Copyright (c) 2020 Todd C. Miller +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# +# @configure_input@ +# + +#### Start of system configuration section. #### + +srcdir = @srcdir@ +devdir = @devdir@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +scriptdir = $(top_srcdir)/scripts +incdir = $(top_srcdir)/include +cross_compiling = @CROSS_COMPILING@ + +# Compiler & tools to use +CC = @CC@ +LIBTOOL = @LIBTOOL@ +SED = @SED@ +AWK = @AWK@ + +# Our install program supports extra flags... +INSTALL = $(SHELL) $(top_srcdir)/install-sh -c +INSTALL_OWNER = -o $(install_uid) -g $(install_gid) +INSTALL_BACKUP = @INSTALL_BACKUP@ + +# Libraries +LT_LIBS = $(top_builddir)/lib/util/libsudo_util.la +LIBS = $(LT_LIBS) + +# C preprocessor flags +CPPFLAGS = -I$(incdir) -I$(top_builddir) @CPPFLAGS@ + +# Usually -O and/or -g +CFLAGS = @CFLAGS@ + +# Flags to pass to the link stage +LDFLAGS = @LDFLAGS@ +LT_LDFLAGS = @LT_LDFLAGS@ @LT_LDEXPORTS@ + +# Flags to pass to libtool +LTFLAGS = --tag=disable-static + +# Address sanitizer flags +ASAN_CFLAGS = @ASAN_CFLAGS@ +ASAN_LDFLAGS = @ASAN_LDFLAGS@ + +# PIE flags +PIE_CFLAGS = @PIE_CFLAGS@ +PIE_LDFLAGS = @PIE_LDFLAGS@ + +# Stack smashing protection flags +SSP_CFLAGS = @SSP_CFLAGS@ +SSP_LDFLAGS = @SSP_LDFLAGS@ + +# cppcheck options, usually set in the top-level Makefile +CPPCHECK_OPTS = -q --force --enable=warning,performance,portability --suppress=constStatement --error-exitcode=1 --inline-suppr -Dva_copy=va_copy -U__cplusplus -UQUAD_MAX -UQUAD_MIN -UUQUAD_MAX -U_POSIX_HOST_NAME_MAX -U_POSIX_PATH_MAX -U__NBBY -DNSIG=64 + +# splint options, usually set in the top-level Makefile +SPLINT_OPTS = -D__restrict= -checks + +# PVS-studio options +PVS_CFG = $(top_srcdir)/PVS-Studio.cfg +PVS_IGNORE = 'V707,V011,V002,V536' +PVS_LOG_OPTS = -a 'GA:1,2' -e -t errorfile -d $(PVS_IGNORE) + +# Where to install things... +prefix = @prefix@ +exec_prefix = @exec_prefix@ +bindir = @bindir@ +sbindir = @sbindir@ +sysconfdir = @sysconfdir@ +libexecdir = @libexecdir@ +datarootdir = @datarootdir@ +localstatedir = @localstatedir@ +plugindir = @plugindir@ + +# File mode and map file to use for shared libraries/objects +shlib_enable = @SHLIB_ENABLE@ +shlib_mode = @SHLIB_MODE@ +shlib_exp = $(srcdir)/audit_json.exp +shlib_map = audit_json.map +shlib_opt = audit_json.opt + +# User and group ids the installed files should be "owned" by +install_uid = 0 +install_gid = 0 + +#### End of system configuration section. #### + +SHELL = @SHELL@ + +OBJS = audit_json.lo + +IOBJS = $(OBJS:.lo=.i) + +POBJS = $(IOBJS:.i=.plog) + +LIBOBJDIR = $(top_builddir)/@ac_config_libobj_dir@/ + +VERSION = @PACKAGE_VERSION@ + +all: audit_json.la + +depend: + $(scriptdir)/mkdep.pl --srcdir=$(top_srcdir) \ + --builddir=`pwd`/$(top_builddir) plugins/audit_json/Makefile.in + cd $(top_builddir) && ./config.status --file plugins/audit_json/Makefile + +Makefile: $(srcdir)/Makefile.in + cd $(top_builddir) && ./config.status --file plugins/audit_json/Makefile + +.SUFFIXES: .c .h .i .lo .plog + +.c.lo: + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $< + +.c.i: + $(CC) -E -o $@ $(CPPFLAGS) $< + +.i.plog: + ifile=$<; rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $${ifile%i}c --i-file $< --output-file $@ + +$(shlib_map): $(shlib_exp) + @$(AWK) 'BEGIN { print "{\n\tglobal:" } { print "\t\t"$$0";" } END { print "\tlocal:\n\t\t*;\n};" }' $(shlib_exp) > $@ + +$(shlib_opt): $(shlib_exp) + @$(SED) 's/^/+e /' $(shlib_exp) > $@ + +audit_json.la: $(OBJS) $(LT_LIBS) @LT_LDDEP@ + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) $(LDFLAGS) $(ASAN_LDFLAGS) $(SSP_LDFLAGS) $(LT_LDFLAGS) -o $@ $(OBJS) $(LIBS) -module -avoid-version -rpath $(plugindir) -shrext .so + +pre-install: + +install: install-plugin + +install-dirs: + $(SHELL) $(scriptdir)/mkinstalldirs $(DESTDIR)$(plugindir) + +install-binaries: + +install-includes: + +install-doc: + +install-plugin: install-dirs audit_json.la + if [ X"$(shlib_enable)" = X"yes" ]; then \ + INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m $(shlib_mode) audit_json.la $(DESTDIR)$(plugindir); \ + fi + +uninstall: + -$(LIBTOOL) $(LTFLAGS) --mode=uninstall rm -f $(DESTDIR)$(plugindir)/audit_json.la + -test -z "$(INSTALL_BACKUP)" || \ + rm -f $(DESTDIR)$(plugindir)/audit_json.so$(INSTALL_BACKUP) + +splint: + splint $(SPLINT_OPTS) -I$(incdir) -I$(top_builddir) $(srcdir)/*.c + +cppcheck: + cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) $(srcdir)/*.c + +pvs-log-files: $(POBJS) + +pvs-studio: $(POBJS) + plog-converter $(PVS_LOG_OPTS) $(POBJS) + +check: + +clean: + -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la *.a *.i *.plog \ + stamp-* core *.core core.* + +mostlyclean: clean + +distclean: clean + -rm -rf Makefile .libs $(shlib_map) $(shlib_opt) + +clobber: distclean + +realclean: distclean + rm -f TAGS tags + +cleandir: realclean + +# Autogenerated dependencies, do not modify +getgrent.lo: $(srcdir)/getgrent.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/getgrent.c +getgrent.i: $(srcdir)/getgrent.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +getgrent.plog: getgrent.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/getgrent.c --i-file $< --output-file $@ +audit_json.lo: $(srcdir)/audit_json.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_plugin.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/audit_json.c +audit_json.i: $(srcdir)/audit_json.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_plugin.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +audit_json.plog: audit_json.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/audit_json.c --i-file $< --output-file $@ diff -Nru sudo-1.8.31/plugins/group_file/Makefile.in sudo-1.9.0/plugins/group_file/Makefile.in --- sudo-1.8.31/plugins/group_file/Makefile.in 2019-12-10 13:11:38.000000000 +0000 +++ sudo-1.9.0/plugins/group_file/Makefile.in 2020-05-11 16:28:23.000000000 +0000 @@ -21,9 +21,13 @@ #### Start of system configuration section. #### srcdir = @srcdir@ -devdir = @devdir@ -top_builddir = @top_builddir@ +abs_srcdir = @abs_srcdir@ top_srcdir = @top_srcdir@ +abs_top_srcdir = @abs_top_srcdir@ +top_builddir = @top_builddir@ +abs_top_builddir = @abs_top_builddir@ +devdir = @devdir@ +scriptdir = $(top_srcdir)/scripts incdir = $(top_srcdir)/include cross_compiling = @CROSS_COMPILING@ @@ -43,7 +47,7 @@ LIBS = $(LT_LIBS) # C preprocessor flags -CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(top_srcdir) @CPPFLAGS@ +CPPFLAGS = -I$(incdir) -I$(top_builddir) @CPPFLAGS@ # Usually -O and/or -g CFLAGS = @CFLAGS@ @@ -117,8 +121,8 @@ all: group_file.la depend: - $(top_srcdir)/mkdep.pl --srcdir=$(top_srcdir) \ - --builddir=`pwd`/$(top_builddir) plugins/group_file/Makefile.in + $(scriptdir)/mkdep.pl --srcdir=$(abs_top_srcdir) \ + --builddir=$(abs_top_builddir) plugins/group_file/Makefile.in cd $(top_builddir) && ./config.status --file plugins/group_file/Makefile Makefile: $(srcdir)/Makefile.in @@ -149,7 +153,7 @@ install: install-plugin install-dirs: - $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(plugindir) + $(SHELL) $(scriptdir)/mkinstalldirs $(DESTDIR)$(plugindir) install-binaries: @@ -168,10 +172,10 @@ rm -f $(DESTDIR)$(plugindir)/group_file.so$(INSTALL_BACKUP) splint: - splint $(SPLINT_OPTS) -I$(incdir) -I$(top_builddir) -I$(top_srcdir) $(srcdir)/*.c + splint $(SPLINT_OPTS) -I$(incdir) -I$(top_builddir) $(srcdir)/*.c cppcheck: - cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) -I$(top_srcdir) $(srcdir)/*.c + cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) $(srcdir)/*.c pvs-log-files: $(POBJS) @@ -181,8 +185,8 @@ check: clean: - -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la *.a *.i *.plog \ - stamp-* core *.core core.* + -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la + -rm -f *.i *.plog stamp-* core *.core core.* mostlyclean: clean diff -Nru sudo-1.8.31/plugins/group_file/plugin_test.c sudo-1.9.0/plugins/group_file/plugin_test.c --- sudo-1.8.31/plugins/group_file/plugin_test.c 2019-11-19 19:49:25.000000000 +0000 +++ sudo-1.9.0/plugins/group_file/plugin_test.c 2020-05-11 16:28:23.000000000 +0000 @@ -175,7 +175,7 @@ { fprintf(stderr, "usage: plugin_test [-p \"plugin.so plugin_args ...\"] user:group ...\n"); - exit(1); + exit(EXIT_FAILURE); } int @@ -203,7 +203,7 @@ if (group_plugin_load(plugin) != 1) { fprintf(stderr, "unable to load plugin: %s\n", plugin); - exit(1); + exit(EXIT_FAILURE); } for (i = 0; argv[i] != NULL; i++) { @@ -218,6 +218,6 @@ } group_plugin_unload(); - exit(0); + exit(EXIT_SUCCESS); } diff -Nru sudo-1.8.31/plugins/python/example_approval_plugin.py sudo-1.9.0/plugins/python/example_approval_plugin.py --- sudo-1.8.31/plugins/python/example_approval_plugin.py 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/example_approval_plugin.py 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,18 @@ +import sudo + +from datetime import datetime + + +class BusinessHoursApprovalPlugin(sudo.Plugin): + def check(self, command_info: tuple, run_argv: tuple, + run_env: tuple) -> int: + error_msg = "" + now = datetime.now() + if now.weekday() >= 5: + error_msg = "That is not allowed on the weekend!" + if now.hour < 8 or now.hour > 17: + error_msg = "That is not allowed outside the business hours!" + + if error_msg: + sudo.log_info(error_msg) + raise sudo.PluginReject(error_msg) diff -Nru sudo-1.8.31/plugins/python/example_audit_plugin.py sudo-1.9.0/plugins/python/example_audit_plugin.py --- sudo-1.8.31/plugins/python/example_audit_plugin.py 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/example_audit_plugin.py 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,84 @@ +import sudo + +import os + + +VERSION = 1.0 + + +class SudoAuditPlugin(sudo.Plugin): + def __init__(self, plugin_options, user_info, **kwargs): + # For loading multiple times, an optional "Id" can be specified + # as argument to identify the log lines + plugin_id = sudo.options_as_dict(plugin_options).get("Id", "") + self._log_line_prefix = "(AUDIT{}) ".format(plugin_id) + + user_info_dict = sudo.options_as_dict(user_info) + user = user_info_dict.get("user", "???") + uid = user_info_dict.get("uid", "???") + self._log("-- Started by user {} ({}) -- ".format(user, uid)) + + def __del__(self): + self._log("-- Finished --") + + def open(self, submit_optind: int, submit_argv: tuple) -> int: + # To cut out the sudo options, use "submit_optind": + program_args = submit_argv[submit_optind:] + if program_args: + self._log("Requested command: " + " ".join(program_args)) + + def accept(self, plugin_name, plugin_type, + command_info, run_argv, run_envp) -> int: + info = sudo.options_as_dict(command_info) + cmd = list(run_argv) + cmd[0] = info.get("command") + self._log("Accepted command: {}".format(" ".join(cmd))) + self._log(" By the plugin: {} (type={})".format( + plugin_name, self.__plugin_type_str(plugin_type))) + + self._log(" Environment: " + " ".join(run_envp)) + + def reject(self, plugin_name, plugin_type, audit_msg, command_info) -> int: + self._log("Rejected by plugin {} (type={}): {}".format( + plugin_name, self.__plugin_type_str(plugin_type), audit_msg)) + + def error(self, plugin_name, plugin_type, audit_msg, command_info) -> int: + self._log("Plugin {} (type={}) got an error: {}".format( + plugin_name, self.__plugin_type_str(plugin_type), audit_msg)) + + def close(self, status_kind: int, status: int) -> None: + if status_kind == sudo.EXIT_REASON.NO_STATUS: + self._log("The command was not executed") + + elif status_kind == sudo.EXIT_REASON.WAIT_STATUS: + if os.WIFEXITED(status): + self._log("Command returned with exit code " + "{}".format(os.WEXITSTATUS(status))) + elif os.WIFSIGNALED(status): + self._log("Command exited due to signal " + "{}".format(os.WTERMSIG(status))) + else: + raise sudo.PluginError("Failed to understand wait exit status") + + elif status_kind == sudo.EXIT_REASON.EXEC_ERROR: + self._log("Sudo has failed to execute the command, " + "execve returned {}".format(status)) + + elif status_kind == sudo.EXIT_REASON.SUDO_ERROR: + self._log("Sudo has run into an error: {}".format(status)) + + else: + raise Exception("Command returned unknown status kind {}".format( + status_kind)) + + def show_version(self, is_verbose: bool) -> int: + version_str = " (version=1.0)" if is_verbose else "" + sudo.log_info("Python Example Audit Plugin" + version_str) + + def _log(self, string): + # For the example, we just log to output (this could be a file) + sudo.log_info(self._log_line_prefix, string) + + @staticmethod + def __plugin_type_str(plugin_type): + return sudo.PLUGIN_TYPE(plugin_type).name diff -Nru sudo-1.8.31/plugins/python/example_conversation.py sudo-1.9.0/plugins/python/example_conversation.py --- sudo-1.8.31/plugins/python/example_conversation.py 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/example_conversation.py 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,98 @@ +import sudo +import signal +from os import path + + +class ReasonLoggerIOPlugin(sudo.Plugin): + """ + An example sudo plugin demonstrating how to use the sudo conversation API. + + From the python plugin, you can ask something from the user using the + "sudo.conv" function. It expects one or more "sudo.ConvMessage" instances + which specifies how the interaction has to look like. + + sudo.ConvMessage has the following fields (see help(sudo.ConvMessage)): + msg_type: int Specifies the type of the conversation. + See sudo.CONV.* constants below. + timeout: int The maximum amount of time for the conversation + in seconds. After the timeout exceeds, the "sudo.conv" + function will raise sudo.ConversationInterrupted + exception. + msg: str The message to display for the user. + + To specify the conversion type you can use the following constants: + sudo.CONV.PROMPT_ECHO_OFF + sudo.CONV.PROMPT_ECHO_ON + sudo.CONV.ERROR_MSG + sudo.CONV.INFO_MSG + sudo.CONV.PROMPT_MASK + sudo.CONV.PROMPT_ECHO_OK + sudo.CONV.PREFER_TTY + """ + + def open(self, argv, command_info): + try: + conv_timeout = 120 # in seconds + sudo.log_info("Please provide your reason " + "for executing {}".format(argv)) + + # We ask two questions, the second is not visible on screen, + # so the user can hide a hidden message in case of criminals are + # forcing him for running the command. + # You can either specify the arguments in strict order (timeout + # being optional), or use named arguments. + message1 = sudo.ConvMessage(sudo.CONV.PROMPT_ECHO_ON, + "Reason: ", + conv_timeout) + message2 = sudo.ConvMessage(msg="Secret reason: ", + timeout=conv_timeout, + msg_type=sudo.CONV.PROMPT_MASK) + reply1, reply2 = sudo.conv(message1, message2, + on_suspend=self.on_conversation_suspend, + on_resume=self.on_conversation_resume) + + with open(self._log_file_path(), "a") as file: + print("Executed", ' '.join(argv), file=file) + print("Reason:", reply1, file=file) + print("Hidden reason:", reply2, file=file) + + except sudo.ConversationInterrupted: + sudo.log_error("You did not answer in time") + return sudo.RC.REJECT + + def on_conversation_suspend(self, signum): + # This is just an example of how to do something on conversation + # suspend. You can skip specifying 'on_suspend' argument if there + # is no need + sudo.log_info("conversation suspend: signal", + self._signal_name(signum)) + + def on_conversation_resume(self, signum): + # This is just an example of how to do something on conversation + # resume. You can skip specifying 'on_resume' argument if there + # is no need + sudo.log_info("conversation resume: signal was", + self._signal_name(signum)) + + # helper functions: + if hasattr(signal, "Signals"): + @classmethod + def _signal_name(cls, signum: int): + try: + return signal.Signals(signum).name + except Exception: + return "{}".format(signum) + else: + @classmethod + def _signal_name(cls, signum: int): + for n, v in sorted(signal.__dict__.items()): + if v != signum: + continue + if n.startswith("SIG") and not n.startswith("SIG_"): + return n + return "{}".format(signum) + + def _log_file_path(self): + options_dict = sudo.options_as_dict(self.plugin_options) + log_path = options_dict.get("LogPath", "/tmp") + return path.join(log_path, "sudo_reasons.txt") diff -Nru sudo-1.8.31/plugins/python/example_debugging.py sudo-1.9.0/plugins/python/example_debugging.py --- sudo-1.8.31/plugins/python/example_debugging.py 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/example_debugging.py 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,85 @@ +import sudo + +import logging + + +class DebugDemoPlugin(sudo.Plugin): + """ + An example sudo plugin demonstrating the debugging capabilities. + + You can install it as an extra IO plugin for example by adding the + following line to sudo.conf: + Plugin python_io python_plugin.so \ + ModulePath=/example_debugging.py \ + ClassName=DebugDemoPlugin + + To see the plugin's debug output, use the following line in sudo.conf: + Debug python_plugin.so \ + /var/log/sudo_python_debug plugin@trace,c_calls@trace + ^ ^-- the options for the logging + ^----- the output will be placed here + + The options for the logging is in format of multiple "subsystem@level" + separated by commas (","). + The most interesting subsystems are: + plugin Shows each call of sudo.debug API in the log + - py_calls Logs whenever a C function calls into the python module. + (For example calling this __init__ function.) + c_calls Logs whenever python calls into a C sudo API function + + You can also specify "all" as subsystem name to get the debug messages of + all subsystems. + + Other subsystems available: + internal logs internal functions of the python language wrapper + sudo_cb logs when sudo calls into its plugin API + load logs python plugin loading / unloading + + Log levels + crit sudo.DEBUG.CRIT --> only critical messages + err sudo.DEBUG.ERROR + warn sudo.DEBUG.WARN + notice sudo.DEBUG.NOTICE + diag sudo.DEBUG.DIAG + info sudo.DEBUG.INFO + trace sudo.DEBUG.TRACE + debug sudo.DEBUG.DEBUG --> very extreme verbose debugging + + See the sudo.conf manual for more details ("man sudo.conf"). + + """ + + def __init__(self, plugin_options, **kwargs): + # Specify: "py_calls@info" debug option to show the call to this + # constructor and the arguments passed in + + # Specifying "plugin@err" debug option will show this message + # (or any more verbose level) + sudo.debug(sudo.DEBUG.ERROR, "My demo purpose plugin shows " + "this ERROR level debug message") + + # Specifying "plugin@info" debug option will show this message + # (or any more verbose level) + sudo.debug(sudo.DEBUG.INFO, "My demo purpose plugin shows " + "this INFO level debug message") + + # You can also use python log system, because sudo sets its log handler + # on the root logger. + # Note that the level of python logging is separate than the one set in + # sudo.conf. If using the python logger, each will have effect. + logger = logging.getLogger() + logger.setLevel(logging.INFO) + logger.error("Python log system shows this ERROR level debug message") + logger.info("Python log system shows this INFO level debug message") + + # If you raise the level to info or below, the call of the debug + # will also be logged. + # An example output you will see in the debug log file: + # Dec 5 15:19:19 sudo[123040] __init__ @ /.../example_debugging.py:54 debugs: + # Dec 5 15:19:19 sudo[123040] My demo purpose plugin shows this ERROR level debug message + + # Specify: "c_calls@diag" debug option to show this call and its + # arguments. If you specify info debug level instead ("c_calls@info"), + # you will also see the python function and line from which you called + # the 'options_as_dict' function. + self.plugin_options = sudo.options_as_dict(plugin_options) diff -Nru sudo-1.8.31/plugins/python/example_group_plugin.py sudo-1.9.0/plugins/python/example_group_plugin.py --- sudo-1.8.31/plugins/python/example_group_plugin.py 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/example_group_plugin.py 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,45 @@ +import sudo + + +class SudoGroupPlugin(sudo.Plugin): + """Example sudo input/output plugin + + Demonstrates how to use the sudo group plugin API. Typing annotations are + just here for the help on the syntax (requires python >= 3.5). + + On detailed description of the functions refer to sudo_plugin manual (man + sudo_plugin). + + Most functions can express error or reject through their "int" return value + as documented in the manual. The sudo module also has constants for these: + sudo.RC.ACCEPT / sudo.RC.OK 1 + sudo.RC.REJECT 0 + sudo.RC.ERROR -1 + sudo.RC.USAGE_ERROR -2 + + If the plugin encounters an error, instead of just returning sudo.RC.ERROR + result code it can also add a message describing the problem. + This can be done by raising the special exception: + raise sudo.PluginError("Message") + This added message will be used by the audit plugins. + + If the function returns "None" (for example does not call return), it will + be considered sudo.RC.OK. If an exception other than sudo.PluginError is + raised, its backtrace will be shown to the user and the plugin function + returns sudo.RC.ERROR. If that is not acceptable, catch it. + """ + + # -- Plugin API functions -- + def query(self, user: str, group: str, user_pwd: tuple): + """Query if user is part of the specified group. + + Beware that user_pwd can be None if user is not present in the password + database. Otherwise it is a tuple convertible to pwd.struct_passwd. + """ + hardcoded_user_groups = { + "testgroup": ["testuser1", "testuser2"], + "mygroup": ["test"] + } + + group_has_user = user in hardcoded_user_groups.get(group, []) + return sudo.RC.ACCEPT if group_has_user else sudo.RC.REJECT diff -Nru sudo-1.8.31/plugins/python/example_io_plugin.py sudo-1.9.0/plugins/python/example_io_plugin.py --- sudo-1.8.31/plugins/python/example_io_plugin.py 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/example_io_plugin.py 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,153 @@ +import sudo + +from os import path +import errno +import signal +import sys +import json + + +VERSION = 1.0 + + +class SudoIOPlugin(sudo.Plugin): + """Example sudo input/output plugin + + Demonstrates how to use the sudo IO plugin API. All functions are added as + an example on their syntax, but note that all of them are optional. + + On detailed description of the functions refer to sudo_plugin manual (man + sudo_plugin). + + Most functions can express error or reject through their "int" return value + as documented in the manual. The sudo module also has constants for these: + sudo.RC.ACCEPT / sudo.RC.OK 1 + sudo.RC.REJECT 0 + sudo.RC.ERROR -1 + sudo.RC.USAGE_ERROR -2 + + If the plugin encounters an error, instead of just returning sudo.RC.ERROR + result code it can also add a message describing the problem. + This can be done by raising the special exception: + raise sudo.PluginError("Message") + This added message will be used by the audit plugins. + + If the function returns "None" (for example does not call return), it will + be considered sudo.RC.OK. If an exception other than sudo.PluginError is + raised, its backtrace will be shown to the user and the plugin function + returns sudo.RC.ERROR. If that is not acceptable, catch it. + """ + + # -- Plugin API functions -- + + def __init__(self, version: str, + plugin_options: tuple, **kwargs): + """The constructor of the IO plugin. + + Other variables you can currently use as arguments are: + user_env: tuple + settings: tuple + user_info: tuple + + For their detailed description, see the open() call of the C plugin API + in the sudo manual ("man sudo"). + """ + if not version.startswith("1."): + raise sudo.SudoException( + "This plugin plugin is not compatible with python plugin" + "API version {}".format(version)) + + # convert tuple of "key=value"s to dict + plugin_options = sudo.options_as_dict(plugin_options) + + log_path = plugin_options.get("LogPath", "/tmp") + self._open_log_file(path.join(log_path, "sudo.log")) + self._log("", "-- Plugin STARTED --") + + def __del__(self): + if hasattr(self, "_log_file"): + self._log("", "-- Plugin DESTROYED --") + self._log_file.close() + + def open(self, argv: tuple, + command_info: tuple) -> int: + """Receives the command the user wishes to run. + + This function works the same as open() call of the C IO plugin API (see + sudo manual), except that: + - It only gets called before the user would execute some command (and + not for a version query for example). + - Other arguments of the C open() call are received through the + constructor. + """ + self._log("EXEC", " ".join(argv)) + self._log("EXEC info", json.dumps(command_info, indent=4)) + + return sudo.RC.ACCEPT + + def log_ttyout(self, buf: str) -> int: + return self._log("TTY OUT", buf.strip()) + + def log_ttyin(self, buf: str) -> int: + return self._log("TTY IN", buf.strip()) + + def log_stdin(self, buf: str) -> int: + return self._log("STD IN", buf.strip()) + + def log_stdout(self, buf: str) -> int: + return self._log("STD OUT", buf.strip()) + + def log_stderr(self, buf: str) -> int: + return self._log("STD ERR", buf.strip()) + + def change_winsize(self, line: int, cols: int) -> int: + self._log("WINSIZE", "{}x{}".format(line, cols)) + + def log_suspend(self, signo: int) -> int: + signal_description = self._signal_name(signo) + + self._log("SUSPEND", signal_description) + + def show_version(self, is_verbose: int) -> int: + sudo.log_info("Python Example IO Plugin version: {}".format(VERSION)) + if is_verbose: + sudo.log_info("Python interpreter version:", sys.version) + + def close(self, exit_status: int, error: int) -> None: + """Called when a command execution finished. + + Works the same as close() from C API (see sudo_plugin manual), except + that it only gets called if there was a command execution trial (open() + returned with sudo.RC.ACCEPT). + """ + if error == 0: + self._log("CLOSE", "Command returned {}".format(exit_status)) + else: + error_name = errno.errorcode.get(error, "???") + self._log("CLOSE", "Failed to execute, execve returned {} ({})" + .format(error, error_name)) + + # -- Helper functions -- + + def _open_log_file(self, log_path): + sudo.log_info("Example sudo python plugin will log to", log_path) + self._log_file = open(log_path, "a") + + def _log(self, type, message): + print(type, message, file=self._log_file) + return sudo.RC.ACCEPT + + if hasattr(signal, "Signals"): + def _signal_name(cls, signo: int): + try: + return signal.Signals(signo).name + except ValueError: + return "signal {}".format(signo) + else: + def _signal_name(cls, signo: int): + for n, v in sorted(signal.__dict__.items()): + if v != signo: + continue; + if n.startswith("SIG") and not n.startswith("SIG_"): + return n + return "signal {}".format(signo) diff -Nru sudo-1.8.31/plugins/python/example_policy_plugin.py sudo-1.9.0/plugins/python/example_policy_plugin.py --- sudo-1.8.31/plugins/python/example_policy_plugin.py 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/example_policy_plugin.py 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,172 @@ +import sudo + +import errno +import sys +import os +import pwd +import grp +import shutil + + +VERSION = 1.0 + + +class SudoPolicyPlugin(sudo.Plugin): + """Example sudo policy plugin + + Demonstrates how to use the sudo policy plugin API. All functions are added + as an example on their syntax, but note that most of them are optional + (except check_policy). + + On detailed description of the functions refer to sudo_plugin manual (man + sudo_plugin). + + Most functions can express error or reject through their "int" return value + as documented in the manual. The sudo module also has constants for these: + sudo.RC.ACCEPT / sudo.RC.OK 1 + sudo.RC.REJECT 0 + sudo.RC.ERROR -1 + sudo.RC.USAGE_ERROR -2 + + If the plugin encounters an error, instead of just returning sudo.RC.ERROR + result code it can also add a message describing the problem. + This can be done by raising the special exception: + raise sudo.PluginError("Message") + This added message will be used by the audit plugins. + + If the function returns "None" (for example does not call return), it will + be considered sudo.RC.OK. If an exception other than sudo.PluginError is + raised, its backtrace will be shown to the user and the plugin function + returns sudo.RC.ERROR. If that is not acceptable, catch it. + """ + + _allowed_commands = ("id", "whoami") + _safe_password = "12345" + + # -- Plugin API functions -- + + def __init__(self, user_env: tuple, settings: tuple, + version: str, **kwargs): + """The constructor matches the C sudo plugin API open() call + + Other variables you can currently use as arguments are: + user_info: tuple + plugin_options: tuple + + For their detailed description, see the open() call of the C plugin API + in the sudo manual ("man sudo"). + """ + if not version.startswith("1."): + raise sudo.PluginError( + "This plugin plugin is not compatible with python plugin" + "API version {}".format(version)) + + self.user_env = sudo.options_as_dict(user_env) + self.settings = sudo.options_as_dict(settings) + + def check_policy(self, argv: tuple, env_add: tuple): + cmd = argv[0] + # Example for a simple reject: + if not self._is_command_allowed(cmd): + sudo.log_error("You are not allowed to run this command!") + return sudo.RC.REJECT + + raise sudo.PluginError("You are not allowed to run this command!") + + # The environment the command will be executed with (we allow any here) + user_env_out = sudo.options_from_dict(self.user_env) + env_add + + command_info_out = sudo.options_from_dict({ + "command": self._find_on_path(cmd), # Absolute path of command + "runas_uid": self._runas_uid(), # The user id + "runas_gid": self._runas_gid(), # The group id + }) + + return (sudo.RC.ACCEPT, command_info_out, argv, user_env_out) + + def init_session(self, user_pwd: tuple, user_env: tuple): + """Perform session setup + + Beware that user_pwd can be None if user is not present in the password + database. Otherwise it is a tuple convertible to pwd.struct_passwd. + """ + # conversion example: + user_pwd = pwd.struct_passwd(user_pwd) if user_pwd else None + + # This is how you change the user_env: + return (sudo.RC.OK, user_env + ("PLUGIN_EXAMPLE_ENV=1",)) + + # If you do not want to change user_env, you can just return (or None): + # return sudo.RC.OK + + def list(self, argv: tuple, is_verbose: int, user: str): + cmd = argv[0] if argv else None + as_user_text = "as user '{}'".format(user) if user else "" + + if cmd: + allowed_text = "" if self._is_command_allowed(cmd) else "NOT " + sudo.log_info("You are {}allowed to execute command '{}'{}" + .format(allowed_text, cmd, as_user_text)) + + if not cmd or is_verbose: + sudo.log_info("Only the following commands are allowed:", + ", ".join(self._allowed_commands), as_user_text) + + def validate(self): + pass # we have no cache + + def invalidate(self, remove: int): + pass # we have no cache + + def show_version(self, is_verbose: int): + sudo.log_info("Python Example Policy Plugin " + "version: {}".format(VERSION)) + if is_verbose: + sudo.log_info("Python interpreter version:", sys.version) + + def close(self, exit_status: int, error: int) -> None: + if error == 0: + sudo.log_info("The command returned with exit_status {}".format( + exit_status)) + else: + error_name = errno.errorcode.get(error, "???") + sudo.log_error( + "Failed to execute command, execve syscall returned " + "{} ({})".format(error, error_name)) + + # -- Helper functions -- + + def _is_command_allowed(self, cmd): + return os.path.basename(cmd) in self._allowed_commands + + def _find_on_path(self, cmd): + if os.path.isabs(cmd): + return cmd + + path = self.user_env.get("PATH", "/usr/bin:/bin") + absolute_cmd = shutil.which(cmd, path=path) + if not absolute_cmd: + raise sudo.PluginError("Can not find cmd '{}' on PATH".format(cmd)) + return absolute_cmd + + def _runas_pwd(self): + runas_user = self.settings.get("runas_user") or "root" + try: + return pwd.getpwnam(runas_user) + except KeyError: + raise sudo.PluginError("Could not find user " + "'{}'".format(runas_user)) + + def _runas_uid(self): + return self._runas_pwd().pw_uid + + def _runas_gid(self): + runas_group = self.settings.get("runas_group") + if runas_group is None: + return self._runas_pwd().pw_gid + + try: + return grp.getgrnam(runas_group).gr_gid + except KeyError: + raise sudo.PluginError( + "Could not find group '{}'".format(runas_group)) diff -Nru sudo-1.8.31/plugins/python/Makefile.in sudo-1.9.0/plugins/python/Makefile.in --- sudo-1.8.31/plugins/python/Makefile.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/Makefile.in 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,513 @@ +# +# SPDX-License-Identifier: ISC +# +# Copyright (c) 2019 Todd C. Miller +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# +# @configure_input@ +# + +#### Start of system configuration section. #### + +PACKAGE_TARNAME = @PACKAGE_TARNAME@ + +srcdir = @srcdir@ +abs_srcdir = @abs_srcdir@ +top_builddir = @top_builddir@ +abs_top_builddir = @abs_top_builddir@ +top_srcdir = @top_srcdir@ +abs_top_srcdir = @abs_top_srcdir@ +devdir = @devdir@ +scriptdir = $(top_srcdir)/scripts +incdir = $(top_srcdir)/include +cross_compiling = @CROSS_COMPILING@ + +# Compiler & tools to use +CC = @CC@ +LIBTOOL = @LIBTOOL@ +SED = @SED@ +AWK = @AWK@ + +# Our install program supports extra flags... +INSTALL = $(SHELL) $(top_srcdir)/install-sh -c +INSTALL_OWNER = -o $(install_uid) -g $(install_gid) +INSTALL_BACKUP = @INSTALL_BACKUP@ + +# Libraries +LT_LIBS = $(top_builddir)/lib/util/libsudo_util.la +LIBS = $(LT_LIBS) + +LIBPYTHONPLUGIN = python_plugin.la + +# C preprocessor flags +CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(top_srcdir) -DPLUGIN_DIR=\"$(plugindir)\" -DSRC_DIR=\"$(abs_srcdir)\" @CPPFLAGS@ @PYTHON_INCLUDE@ + +# Usually -O and/or -g +CFLAGS = @CFLAGS@ + +# Flags to pass to the link stage +LDFLAGS = @LDFLAGS@ @PYTHON_LIBS@ +LT_LDFLAGS = @LT_LDFLAGS@ @LT_LDEXPORTS@ + +# Flags to pass to libtool +LTFLAGS = --tag=disable-static + +# Address sanitizer flags +ASAN_CFLAGS = @ASAN_CFLAGS@ +ASAN_LDFLAGS = @ASAN_LDFLAGS@ + +# PIE flags +PIE_CFLAGS = @PIE_CFLAGS@ +PIE_LDFLAGS = @PIE_LDFLAGS@ + +# Stack smashing protection flags +SSP_CFLAGS = @SSP_CFLAGS@ +SSP_LDFLAGS = @SSP_LDFLAGS@ + +# cppcheck options, usually set in the top-level Makefile +CPPCHECK_OPTS = -q --force --enable=warning,performance,portability --suppress=constStatement --error-exitcode=1 --inline-suppr -Dva_copy=va_copy -U__cplusplus -UQUAD_MAX -UQUAD_MIN -UUQUAD_MAX -U_POSIX_HOST_NAME_MAX -U_POSIX_PATH_MAX -U__NBBY -DNSIG=64 + +# splint options, usually set in the top-level Makefile +SPLINT_OPTS = -D__restrict= -checks + +# PVS-studio options +PVS_CFG = $(top_srcdir)/PVS-Studio.cfg +PVS_IGNORE = 'V707,V011,V002,V536' +PVS_LOG_OPTS = -a 'GA:1,2' -e -t errorfile -d $(PVS_IGNORE) + +# Where to install things... +prefix = @prefix@ +exec_prefix = @exec_prefix@ +bindir = @bindir@ +sbindir = @sbindir@ +sysconfdir = @sysconfdir@ +libexecdir = @libexecdir@ +datarootdir = @datarootdir@ +localstatedir = @localstatedir@ +plugindir = @plugindir@ +docdir = @docdir@ +exampledir = @exampledir@ + +# File mode and map file to use for shared libraries/objects +shlib_enable = @SHLIB_ENABLE@ +shlib_mode = @SHLIB_MODE@ +shlib_exp = $(srcdir)/python_plugin.exp +shlib_map = python_plugin.map +shlib_opt = python_plugin.opt + +# User and group ids the installed files should be "owned" by +install_uid = 0 +install_gid = 0 + +#### End of system configuration section. #### + +SHELL = @SHELL@ + +EXAMPLES = example_conversation.py example_debugging.py example_group_plugin.py example_io_plugin.py example_policy_plugin.py \ + example_audit_plugin.py example_approval_plugin.py + +OBJS = python_plugin_common.lo python_plugin_policy.lo python_plugin_io.lo python_plugin_group.lo pyhelpers.lo \ + python_loghandler.lo \ + python_importblocker.lo python_convmessage.lo sudo_python_module.lo sudo_python_debug.lo \ + python_baseplugin.lo python_plugin_audit.lo python_plugin_approval.lo + +IOBJS = $(OBJS:.lo=.i) + +POBJS = $(IOBJS:.i=.plog) + +LIBOBJDIR = $(top_builddir)/@ac_config_libobj_dir@/ + +VERSION = @PACKAGE_VERSION@ + +TEST_PROGS = check_python_examples + +CHECK_PYTHON_EXAMPLES_OBJS = check_python_examples.o iohelpers.o testhelpers.o pyhelpers.lo sudo_python_debug.lo + +all: python_plugin.la + +depend: + $(scriptdir)/mkdep.pl --srcdir=$(abs_top_srcdir) \ + --builddir=$(abs_top_builddir) plugins/python/Makefile.in + cd $(top_builddir) && ./config.status --file plugins/python/Makefile + +Makefile: $(srcdir)/Makefile.in + cd $(top_builddir) && ./config.status --file plugins/python/Makefile + +.SUFFIXES: .c .h .i .lo .plog .o + +.c.o: + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $< + +.c.lo: + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $< + +.c.i: + $(CC) -E -o $@ $(CPPFLAGS) $< + +.i.plog: + ifile=$<; rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $${ifile%i}c --i-file $< --output-file $@ + +$(shlib_map): $(shlib_exp) + @$(AWK) 'BEGIN { print "{\n\tglobal:" } { print "\t\t"$$0";" } END { print "\tlocal:\n\t\t*;\n};" }' $(shlib_exp) > $@ + +$(shlib_opt): $(shlib_exp) + @$(SED) 's/^/+e /' $(shlib_exp) > $@ + +python_plugin.la: $(OBJS) $(LT_LIBS) @LT_LDDEP@ + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) $(LDFLAGS) $(ASAN_LDFLAGS) $(SSP_LDFLAGS) $(LT_LDFLAGS) -o $@ $(OBJS) $(LIBS) -module -avoid-version -rpath $(plugindir) -shrext .so + +pre-install: + +install: install-plugin install-doc + +install-dirs: + $(SHELL) $(scriptdir)/mkinstalldirs $(DESTDIR)$(plugindir) $(DESTDIR)$(exampledir) + +install-binaries: + +install-includes: + +install-doc: install-dirs + for f in $(EXAMPLES); do $(INSTALL) $(INSTALL_OWNER) -m 0644 $(srcdir)/$$f $(DESTDIR)$(exampledir); done + +install-plugin: install-dirs python_plugin.la + if [ X"$(shlib_enable)" = X"yes" ]; then \ + INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m $(shlib_mode) python_plugin.la $(DESTDIR)$(plugindir); \ + fi + +uninstall: + -$(LIBTOOL) $(LTFLAGS) --mode=uninstall rm -f $(DESTDIR)$(plugindir)/python_plugin.la + -test -z "$(INSTALL_BACKUP)" || \ + rm -f $(DESTDIR)$(plugindir)/python_plugin.so$(INSTALL_BACKUP) + +splint: + splint $(SPLINT_OPTS) -I$(incdir) -I$(top_builddir) -I$(top_srcdir) $(srcdir)/*.c + +cppcheck: + cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) -I$(top_srcdir) $(srcdir)/*.c + +pvs-log-files: $(POBJS) + +pvs-studio: $(POBJS) + plog-converter $(PVS_LOG_OPTS) $(POBJS) + +clean: + -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la + -rm -f *.i *.plog stamp-* core *.core core.* $(TEST_PROGS) + +mostlyclean: clean + +distclean: clean + -rm -rf Makefile .libs $(shlib_map) $(shlib_opt) + +clobber: distclean + +realclean: distclean + rm -f TAGS tags + +cleandir: realclean + +check: $(TEST_PROGS) + @if test X"$(cross_compiling)" != X"yes"; then \ + ./check_python_examples ".libs/python_plugin.so"; \ + fi + +check_python_examples: $(CHECK_PYTHON_EXAMPLES_OBJS) $(LIBPYTHONPLUGIN) + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_PYTHON_EXAMPLES_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) + +# Autogenerated dependencies, do not modify +check_python_examples.o: $(srcdir)/regress/check_python_examples.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_dso.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(srcdir)/pyhelpers.h \ + $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/regress/iohelpers.h \ + $(srcdir)/regress/testhelpers.h \ + $(srcdir)/sudo_python_debug.h $(top_builddir)/config.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/check_python_examples.c +check_python_examples.i: $(srcdir)/regress/check_python_examples.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_dso.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(srcdir)/pyhelpers.h \ + $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/regress/iohelpers.h \ + $(srcdir)/regress/testhelpers.h \ + $(srcdir)/sudo_python_debug.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +check_python_examples.plog: check_python_examples.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/check_python_examples.c --i-file $< --output-file $@ +iohelpers.o: $(srcdir)/regress/iohelpers.c $(incdir)/sudo_compat.h \ + $(srcdir)/regress/iohelpers.h $(top_builddir)/config.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/iohelpers.c +iohelpers.i: $(srcdir)/regress/iohelpers.c $(incdir)/sudo_compat.h \ + $(srcdir)/regress/iohelpers.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +iohelpers.plog: iohelpers.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/iohelpers.c --i-file $< --output-file $@ +pyhelpers.lo: $(srcdir)/pyhelpers.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(srcdir)/pyhelpers.h $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/sudo_python_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/pyhelpers.c +pyhelpers.i: $(srcdir)/pyhelpers.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(srcdir)/pyhelpers.h $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/sudo_python_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +pyhelpers.plog: pyhelpers.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/pyhelpers.c --i-file $< --output-file $@ +python_baseplugin.lo: $(srcdir)/python_baseplugin.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(srcdir)/pyhelpers.h $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/sudo_python_debug.h \ + $(srcdir)/sudo_python_module.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/python_baseplugin.c +python_baseplugin.i: $(srcdir)/python_baseplugin.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(srcdir)/pyhelpers.h $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/sudo_python_debug.h \ + $(srcdir)/sudo_python_module.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +python_baseplugin.plog: python_baseplugin.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/python_baseplugin.c --i-file $< --output-file $@ +python_convmessage.lo: $(srcdir)/python_convmessage.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(srcdir)/pyhelpers.h \ + $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/sudo_python_debug.h \ + $(srcdir)/sudo_python_module.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/python_convmessage.c +python_convmessage.i: $(srcdir)/python_convmessage.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(srcdir)/pyhelpers.h \ + $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/sudo_python_debug.h \ + $(srcdir)/sudo_python_module.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +python_convmessage.plog: python_convmessage.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/python_convmessage.c --i-file $< --output-file $@ +python_importblocker.lo: $(srcdir)/python_importblocker.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/pyhelpers.h \ + $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/sudo_python_debug.h \ + $(srcdir)/sudo_python_module.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/python_importblocker.c +python_importblocker.i: $(srcdir)/python_importblocker.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/pyhelpers.h \ + $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/sudo_python_debug.h \ + $(srcdir)/sudo_python_module.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +python_importblocker.plog: python_importblocker.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/python_importblocker.c --i-file $< --output-file $@ +python_loghandler.lo: $(srcdir)/python_loghandler.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(srcdir)/pyhelpers.h $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/sudo_python_debug.h \ + $(srcdir)/sudo_python_module.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/python_loghandler.c +python_loghandler.i: $(srcdir)/python_loghandler.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(srcdir)/pyhelpers.h $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/sudo_python_debug.h \ + $(srcdir)/sudo_python_module.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +python_loghandler.plog: python_loghandler.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/python_loghandler.c --i-file $< --output-file $@ +python_plugin_approval.lo: $(srcdir)/python_plugin_approval.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(srcdir)/pyhelpers.h \ + $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/python_plugin_approval_multi.inc \ + $(srcdir)/python_plugin_common.h \ + $(srcdir)/sudo_python_debug.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/python_plugin_approval.c +python_plugin_approval.i: $(srcdir)/python_plugin_approval.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(srcdir)/pyhelpers.h \ + $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/python_plugin_approval_multi.inc \ + $(srcdir)/python_plugin_common.h \ + $(srcdir)/sudo_python_debug.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +python_plugin_approval.plog: python_plugin_approval.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/python_plugin_approval.c --i-file $< --output-file $@ +python_plugin_audit.lo: $(srcdir)/python_plugin_audit.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(srcdir)/pyhelpers.h \ + $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/python_plugin_audit_multi.inc \ + $(srcdir)/python_plugin_common.h \ + $(srcdir)/sudo_python_debug.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/python_plugin_audit.c +python_plugin_audit.i: $(srcdir)/python_plugin_audit.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(srcdir)/pyhelpers.h \ + $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/python_plugin_audit_multi.inc \ + $(srcdir)/python_plugin_common.h \ + $(srcdir)/sudo_python_debug.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +python_plugin_audit.plog: python_plugin_audit.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/python_plugin_audit.c --i-file $< --output-file $@ +python_plugin_common.lo: $(srcdir)/python_plugin_common.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(srcdir)/pyhelpers.h \ + $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/python_plugin_common.h \ + $(srcdir)/sudo_python_debug.h \ + $(srcdir)/sudo_python_module.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/python_plugin_common.c +python_plugin_common.i: $(srcdir)/python_plugin_common.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(srcdir)/pyhelpers.h \ + $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/python_plugin_common.h \ + $(srcdir)/sudo_python_debug.h \ + $(srcdir)/sudo_python_module.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +python_plugin_common.plog: python_plugin_common.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/python_plugin_common.c --i-file $< --output-file $@ +python_plugin_group.lo: $(srcdir)/python_plugin_group.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(srcdir)/pyhelpers.h \ + $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/python_plugin_common.h \ + $(srcdir)/sudo_python_debug.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/python_plugin_group.c +python_plugin_group.i: $(srcdir)/python_plugin_group.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(srcdir)/pyhelpers.h \ + $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/python_plugin_common.h \ + $(srcdir)/sudo_python_debug.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +python_plugin_group.plog: python_plugin_group.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/python_plugin_group.c --i-file $< --output-file $@ +python_plugin_io.lo: $(srcdir)/python_plugin_io.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(srcdir)/pyhelpers.h $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/python_plugin_common.h \ + $(srcdir)/python_plugin_io_multi.inc \ + $(srcdir)/sudo_python_debug.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/python_plugin_io.c +python_plugin_io.i: $(srcdir)/python_plugin_io.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(srcdir)/pyhelpers.h $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/python_plugin_common.h \ + $(srcdir)/python_plugin_io_multi.inc \ + $(srcdir)/sudo_python_debug.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +python_plugin_io.plog: python_plugin_io.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/python_plugin_io.c --i-file $< --output-file $@ +python_plugin_policy.lo: $(srcdir)/python_plugin_policy.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(srcdir)/pyhelpers.h \ + $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/python_plugin_common.h \ + $(srcdir)/sudo_python_debug.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/python_plugin_policy.c +python_plugin_policy.i: $(srcdir)/python_plugin_policy.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(srcdir)/pyhelpers.h \ + $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/python_plugin_common.h \ + $(srcdir)/sudo_python_debug.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +python_plugin_policy.plog: python_plugin_policy.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/python_plugin_policy.c --i-file $< --output-file $@ +sudo_python_debug.lo: $(srcdir)/sudo_python_debug.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ + $(srcdir)/sudo_python_debug.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/sudo_python_debug.c +sudo_python_debug.i: $(srcdir)/sudo_python_debug.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ + $(srcdir)/sudo_python_debug.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +sudo_python_debug.plog: sudo_python_debug.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/sudo_python_debug.c --i-file $< --output-file $@ +sudo_python_module.lo: $(srcdir)/sudo_python_module.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(srcdir)/pyhelpers.h \ + $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/sudo_python_debug.h \ + $(srcdir)/sudo_python_module.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/sudo_python_module.c +sudo_python_module.i: $(srcdir)/sudo_python_module.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(srcdir)/pyhelpers.h \ + $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/sudo_python_debug.h \ + $(srcdir)/sudo_python_module.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +sudo_python_module.plog: sudo_python_module.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/sudo_python_module.c --i-file $< --output-file $@ +testhelpers.o: $(srcdir)/regress/testhelpers.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(srcdir)/pyhelpers.h \ + $(srcdir)/pyhelpers_cpychecker.h $(srcdir)/regress/iohelpers.h \ + $(srcdir)/regress/testhelpers.h $(srcdir)/sudo_python_debug.h \ + $(top_builddir)/config.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/testhelpers.c +testhelpers.i: $(srcdir)/regress/testhelpers.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(srcdir)/pyhelpers.h \ + $(srcdir)/pyhelpers_cpychecker.h $(srcdir)/regress/iohelpers.h \ + $(srcdir)/regress/testhelpers.h $(srcdir)/sudo_python_debug.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +testhelpers.plog: testhelpers.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/testhelpers.c --i-file $< --output-file $@ diff -Nru sudo-1.8.31/plugins/python/pyhelpers.c sudo-1.9.0/plugins/python/pyhelpers.c --- sudo-1.8.31/plugins/python/pyhelpers.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/pyhelpers.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,572 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019 Robert Manner + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include "pyhelpers.h" + +#include +#include +#include "pathnames.h" + +static int +_sudo_printf_default(int msg_type, const char *fmt, ...) +{ + FILE *fp = stdout; + FILE *ttyfp = NULL; + va_list ap; + int len; + + if (ISSET(msg_type, SUDO_CONV_PREFER_TTY)) { + /* Try writing to /dev/tty first. */ + ttyfp = fopen(_PATH_TTY, "w"); + } + + switch (msg_type & 0xff) { + case SUDO_CONV_ERROR_MSG: + fp = stderr; + /* FALLTHROUGH */ + case SUDO_CONV_INFO_MSG: + va_start(ap, fmt); + len = vfprintf(ttyfp ? ttyfp : fp, fmt, ap); + va_end(ap); + break; + default: + len = -1; + errno = EINVAL; + break; + } + + if (ttyfp != NULL) + fclose(ttyfp); + + return len; +} + + +struct PythonContext py_ctx = { + .sudo_log = &_sudo_printf_default, +}; + + +int +py_is_sudo_log_available(void) +{ + debug_decl(py_is_sudo_log_available, PYTHON_DEBUG_INTERNAL); + debug_return_int(py_ctx.sudo_log != &_sudo_printf_default); +} + +char * +py_join_str_list(PyObject *py_str_list, const char *separator) +{ + debug_decl(py_join_str_list, PYTHON_DEBUG_INTERNAL); + + char *result = NULL; + PyObject *py_separator = NULL; + PyObject *py_str = NULL; + + py_separator = PyUnicode_FromString(separator); + if (py_separator == NULL) + goto cleanup; + + py_str = PyObject_CallMethod(py_separator, "join", "(O)", py_str_list); + if (py_str == NULL) { + goto cleanup; + } + + const char *str = PyUnicode_AsUTF8(py_str); + if (str != NULL) { + result = strdup(str); + } + +cleanup: + Py_XDECREF(py_str); + Py_XDECREF(py_separator); + + debug_return_str(result); +} + +char * +py_create_traceback_string(PyObject *py_traceback) +{ + debug_decl(py_create_traceback_string, PYTHON_DEBUG_INTERNAL); + if (py_traceback == NULL) + debug_return_str(strdup("")); + + char* traceback = NULL; + + + PyObject *py_traceback_module = PyImport_ImportModule("traceback"); + if (py_traceback_module == NULL) { + PyErr_Clear(); // do not care, we just won't show backtrace + } else { + PyObject *py_traceback_str_list = PyObject_CallMethod(py_traceback_module, "format_tb", "(O)", py_traceback); + + if (py_traceback_str_list != NULL) { + traceback = py_join_str_list(py_traceback_str_list, ""); + Py_DECREF(py_traceback_str_list); + } + + Py_CLEAR(py_traceback_module); + } + + debug_return_str(traceback ? traceback : strdup("")); +} + +void +py_log_last_error(const char *context_message) +{ + debug_decl(py_log_last_error, PYTHON_DEBUG_INTERNAL); + if (!PyErr_Occurred()) { + py_sudo_log(SUDO_CONV_ERROR_MSG, "%s\n", context_message); + debug_return; + } + + PyObject *py_type = NULL, *py_message = NULL, *py_traceback = NULL; + PyErr_Fetch(&py_type, &py_message, &py_traceback); + + char *message = py_message ? py_create_string_rep(py_message) : strdup("(NULL)"); + if (message == NULL) + message = strdup("?"); + + py_sudo_log(SUDO_CONV_ERROR_MSG, "%s%s(%s) %s\n", + context_message ? context_message : "", + context_message && *context_message ? ": " : "", + py_type ? ((PyTypeObject *)py_type)->tp_name : "None", + message); + free(message); + + if (py_traceback != NULL) { + char *traceback = py_create_traceback_string(py_traceback); + py_sudo_log(SUDO_CONV_INFO_MSG, "Traceback:\n%s\n", traceback); + free(traceback); + } + + Py_XDECREF(py_type); + Py_XDECREF(py_message); + Py_XDECREF(py_traceback); + debug_return; +} + +PyObject * +py_str_array_to_tuple_with_count(Py_ssize_t count, char * const strings[]) +{ + debug_decl(py_str_array_to_tuple_with_count, PYTHON_DEBUG_INTERNAL); + + PyObject *py_argv = PyTuple_New(count); + if (py_argv == NULL) + debug_return_ptr(NULL); + + for (int i = 0; i < count; ++i) { + PyObject *py_arg = PyUnicode_FromString(strings[i]); + if (py_arg == NULL || PyTuple_SetItem(py_argv, i, py_arg) != 0) { + Py_CLEAR(py_argv); + break; + } + } + + debug_return_ptr(py_argv); +} + +PyObject * +py_str_array_to_tuple(char * const strings[]) +{ + debug_decl(py_str_array_to_tuple, PYTHON_DEBUG_INTERNAL); + + // find the item count ("strings" ends with NULL terminator): + Py_ssize_t count = 0; + if (strings != NULL) { + while (strings[count] != NULL) + ++count; + } + + debug_return_ptr(py_str_array_to_tuple_with_count(count, strings)); +} + +char ** +py_str_array_from_tuple(PyObject *py_tuple) +{ + debug_decl(py_str_array_from_tuple, PYTHON_DEBUG_INTERNAL); + + if (!PyTuple_Check(py_tuple)) { + PyErr_Format(PyExc_ValueError, "%s: value error, argument should be a tuple but it is '%s'", + __func__, Py_TYPENAME(py_tuple)); + debug_return_ptr(NULL); + } + + Py_ssize_t tuple_size = PyTuple_Size(py_tuple); + + // we need an extra 0 at the end + char **result = calloc(Py_SSIZE2SIZE(tuple_size) + 1, sizeof(char*)); + + for (int i = 0; i < tuple_size; ++i) { + PyObject *py_value = PyTuple_GetItem(py_tuple, i); + if (py_value == NULL) { + str_array_free(&result); + debug_return_ptr(NULL); + } + + // Note that it can be an "int" or something else as well + char *value = py_create_string_rep(py_value); + if (value == NULL) { + // conversion error is already set + str_array_free(&result); + debug_return_ptr(NULL); + } + result[i] = value; + } + + debug_return_ptr(result); +} + +PyObject * +py_tuple_get(PyObject *py_tuple, Py_ssize_t index, PyTypeObject *expected_type) +{ + debug_decl(py_tuple_get, PYTHON_DEBUG_INTERNAL); + + PyObject *py_item = PyTuple_GetItem(py_tuple, index); + if (py_item == NULL) { + debug_return_ptr(NULL); + } + + if (!PyObject_TypeCheck(py_item, expected_type)) { + PyErr_Format(PyExc_ValueError, "Value error: tuple element %d should " + "be a '%s' (but it is '%s')", + index, expected_type->tp_name, Py_TYPENAME(py_item)); + debug_return_ptr(NULL); + } + + debug_return_ptr(py_item); +} + +PyObject * +py_create_version(unsigned int version) +{ + debug_decl(py_create_version, PYTHON_DEBUG_INTERNAL); + debug_return_ptr(PyUnicode_FromFormat("%d.%d", SUDO_API_VERSION_GET_MAJOR(version), + SUDO_API_VERSION_GET_MINOR(version))); +} + +PyObject * +py_from_passwd(const struct passwd *pwd) +{ + debug_decl(py_from_passwd, PYTHON_DEBUG_INTERNAL); + + if (pwd == NULL) { + debug_return_ptr_pynone; + } + + // Create a tuple similar and convertible to python "struct_passwd" of "pwd" module + debug_return_ptr( + Py_BuildValue("(zziizzz)", pwd->pw_name, pwd->pw_passwd, + pwd->pw_uid, pwd->pw_gid, pwd->pw_gecos, + pwd->pw_dir, pwd->pw_shell) + ); +} + +char * +py_create_string_rep(PyObject *py_object) +{ + debug_decl(py_create_string_rep, PYTHON_DEBUG_INTERNAL); + char *result = NULL; + + if (py_object == NULL) + debug_return_ptr(NULL); + + PyObject *py_string = PyObject_Str(py_object); + if (py_string != NULL) { + const char *bytes = PyUnicode_AsUTF8(py_string); + if (bytes != NULL) { + result = strdup(bytes); + } + } + + Py_XDECREF(py_string); + debug_return_ptr(result); +} + +static void +_py_debug_python_function(const char *class_name, const char *function_name, const char *message, + PyObject *py_args, PyObject *py_kwargs, int subsystem_id) +{ + debug_decl_vars(_py_debug_python_function, subsystem_id); + + if (sudo_debug_needed(SUDO_DEBUG_DIAG)) { + char *args_str = NULL; + char *kwargs_str = NULL; + if (py_args != NULL) { + /* Sort by key for consistent output on Python < 3.6 */ + PyObject *py_args_sorted = NULL; + if (PyDict_Check(py_args)) { + py_args_sorted = PyDict_Items(py_args); + if (py_args_sorted != NULL) { + if (PyList_Sort(py_args_sorted) == 0) { + py_args = py_args_sorted; + } + } + } + args_str = py_create_string_rep(py_args); + if (py_args_sorted != NULL) + Py_DECREF(py_args_sorted); + } + if (py_kwargs != NULL) { + /* Sort by key for consistent output on Python < 3.6 */ + PyObject *py_kwargs_sorted = NULL; + if (PyDict_Check(py_kwargs)) { + py_kwargs_sorted = PyDict_Items(py_kwargs); + if (py_kwargs_sorted != NULL) { + if (PyList_Sort(py_kwargs_sorted) == 0) { + py_kwargs = py_kwargs_sorted; + } + } + } + kwargs_str = py_create_string_rep(py_kwargs); + if (py_kwargs_sorted != NULL) + Py_DECREF(py_kwargs_sorted); + } + + if (args_str == NULL) + args_str = strdup("()"); + if (kwargs_str == NULL) + kwargs_str = strdup(""); + + sudo_debug_printf(SUDO_DEBUG_DIAG, "%s.%s %s: %s %s\n", class_name, + function_name, message, args_str, kwargs_str); + free(args_str); + free(kwargs_str); + } +} + +void +py_debug_python_call(const char *class_name, const char *function_name, + PyObject *py_args, PyObject *py_kwargs, int subsystem_id) +{ + debug_decl_vars(py_debug_python_call, subsystem_id); + + if (subsystem_id == PYTHON_DEBUG_C_CALLS && sudo_debug_needed(SUDO_DEBUG_INFO)) { + // at this level we also output the callee python script + char *callee_func_name = NULL, *callee_file_name = NULL; + long callee_line_number = -1; + + if (py_get_current_execution_frame(&callee_file_name, &callee_line_number, &callee_func_name) == SUDO_RC_OK) { + sudo_debug_printf(SUDO_DEBUG_INFO, "%s @ %s:%ld calls C function:\n", + callee_func_name, callee_file_name, callee_line_number); + } + + free(callee_func_name); + free(callee_file_name); + } + + _py_debug_python_function(class_name, function_name, "was called with arguments", + py_args, py_kwargs, subsystem_id); +} + +void +py_debug_python_result(const char *class_name, const char *function_name, + PyObject *py_result, int subsystem_id) +{ + if (py_result == NULL) { + debug_decl_vars(py_debug_python_result, subsystem_id); + sudo_debug_printf(SUDO_CONV_ERROR_MSG, "%s.%s call failed\n", + class_name, function_name); + } else { + _py_debug_python_function(class_name, function_name, "returned result", + py_result, NULL, subsystem_id); + } +} + +void +str_array_free(char ***array) +{ + debug_decl(str_array_free, PYTHON_DEBUG_INTERNAL); + + if (*array == NULL) + debug_return; + + for (char **item_ptr = *array; *item_ptr != NULL; ++item_ptr) + free(*item_ptr); + + free(*array); + *array = NULL; + + debug_return; +} + +int +py_get_current_execution_frame(char **file_name, long *line_number, char **function_name) +{ + *file_name = NULL; + *line_number = (long)-1; + *function_name = NULL; + + PyObject *py_err_type = NULL, *py_err_value = NULL, *py_err_traceback = NULL; + PyErr_Fetch(&py_err_type, &py_err_value, &py_err_traceback); + + PyObject *py_frame = NULL, *py_f_code = NULL, + *py_filename = NULL, *py_function_name = NULL; + + PyObject *py_getframe = PySys_GetObject("_getframe"); + if (py_getframe == NULL) + goto cleanup; + + py_frame = PyObject_CallFunction(py_getframe, "i", 0); + if (py_frame == NULL) + goto cleanup; + + *line_number = py_object_get_optional_attr_number(py_frame, "f_lineno"); + + py_f_code = py_object_get_optional_attr(py_frame, "f_code", NULL); + if (py_f_code != NULL) { + py_filename = py_object_get_optional_attr(py_f_code, "co_filename", NULL); + if (py_filename != NULL) + *file_name = strdup(PyUnicode_AsUTF8(py_filename)); + + py_function_name = py_object_get_optional_attr(py_f_code, "co_name", NULL); + if (py_function_name != NULL) + *function_name = strdup(PyUnicode_AsUTF8(py_function_name)); + } + +cleanup: + Py_CLEAR(py_frame); + Py_CLEAR(py_f_code); + Py_CLEAR(py_filename); + Py_CLEAR(py_function_name); + + // we hide every error happening inside this function + PyErr_Restore(py_err_type, py_err_value, py_err_traceback); + + return (*file_name && *function_name && (*line_number >= 0)) ? + SUDO_RC_OK : SUDO_RC_ERROR; +} + +void +py_ctx_reset() +{ + memset(&py_ctx, 0, sizeof(py_ctx)); + py_ctx.sudo_log = &_sudo_printf_default; +} + +int +py_sudo_conv(int num_msgs, const struct sudo_conv_message msgs[], + struct sudo_conv_reply replies[], struct sudo_conv_callback *callback) +{ + /* Enable suspend during password entry. */ + struct sigaction sa, saved_sigtstp; + sigemptyset(&sa.sa_mask); + sa.sa_flags = SA_RESTART; + sa.sa_handler = SIG_DFL; + (void) sigaction(SIGTSTP, &sa, &saved_sigtstp); + + int rc = SUDO_RC_ERROR; + if (py_ctx.sudo_conv != NULL) + rc = py_ctx.sudo_conv((int)num_msgs, msgs, replies, callback); + + /* Restore signal handlers and signal mask. */ + (void) sigaction(SIGTSTP, &saved_sigtstp, NULL); + + return rc; +} + +PyObject * +py_object_get_optional_attr(PyObject *py_object, const char *attr, PyObject *py_default) +{ + if (PyObject_HasAttrString(py_object, attr)) { + return PyObject_GetAttrString(py_object, attr); + } + Py_XINCREF(py_default); // whatever we return will have its refcount incremented + return py_default; +} + +const char * +py_object_get_optional_attr_string(PyObject *py_object, const char *attr_name) +{ + PyObject *py_value = py_object_get_optional_attr(py_object, attr_name, NULL); + if (py_value == NULL) + return NULL; + + const char *value = PyUnicode_AsUTF8(py_value); + Py_CLEAR(py_value); // Note, the object still has reference to the attribute + return value; +} + +long long +py_object_get_optional_attr_number(PyObject *py_object, const char *attr_name) +{ + PyObject *py_value = py_object_get_optional_attr(py_object, attr_name, NULL); + if (py_value == NULL) + return -1; + + long long value = PyLong_AsLongLong(py_value); + Py_CLEAR(py_value); + return value; +} + +void +py_object_set_attr_number(PyObject *py_object, const char *attr_name, long long number) +{ + PyObject *py_number = PyLong_FromLong(number); + if (py_number == NULL) + return; + + PyObject_SetAttrString(py_object, attr_name, py_number); + Py_CLEAR(py_number); +} + +void +py_object_set_attr_string(PyObject *py_object, const char *attr_name, const char *value) +{ + PyObject *py_value = PyUnicode_FromString(value); + if (py_value == NULL) + return; + + PyObject_SetAttrString(py_object, attr_name, py_value); + Py_CLEAR(py_value); +} + +PyObject * +py_dict_create_string_int(size_t count, struct key_value_str_int *key_values) +{ + debug_decl(py_dict_create_string_int, PYTHON_DEBUG_INTERNAL); + + PyObject *py_value = NULL; + PyObject *py_dict = PyDict_New(); + if (py_dict == NULL) + goto cleanup; + + for (size_t i = 0; i < count; ++i) { + py_value = PyLong_FromLong(key_values[i].value); + if (py_value == NULL) + goto cleanup; + + if (PyDict_SetItemString(py_dict, key_values[i].key, py_value) < 0) + goto cleanup; + + Py_CLEAR(py_value); + } + +cleanup: + if (PyErr_Occurred()) { + Py_CLEAR(py_dict); + } + Py_CLEAR(py_value); + + debug_return_ptr(py_dict); +} diff -Nru sudo-1.8.31/plugins/python/pyhelpers_cpychecker.h sudo-1.9.0/plugins/python/pyhelpers_cpychecker.h --- sudo-1.8.31/plugins/python/pyhelpers_cpychecker.h 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/pyhelpers_cpychecker.h 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,45 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019 Robert Manner + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef SUDO_PLUGIN_PYHELPERS_CPYCHECKER_H +#define SUDO_PLUGIN_PYHELPERS_CPYCHECKER_H + +/* Helper macros for cpychecker */ + +#if defined(WITH_CPYCHECKER_RETURNS_BORROWED_REF_ATTRIBUTE) + #define CPYCHECKER_RETURNS_BORROWED_REF \ + __attribute__((cpychecker_returns_borrowed_ref)) +#else + #define CPYCHECKER_RETURNS_BORROWED_REF +#endif + +#ifdef WITH_CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION_ATTRIBUTE + #define CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION \ + __attribute__ ((cpychecker_negative_result_sets_exception)) +#else + #define CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION +#endif + +#if defined(WITH_CPYCHECKER_STEALS_REFERENCE_TO_ARG_ATTRIBUTE) + #define CPYCHECKER_STEALS_REFERENCE_TO_ARG(n) \ + __attribute__((cpychecker_steals_reference_to_arg(n))) +#else + #define CPYCHECKER_STEALS_REFERENCE_TO_ARG(n) +#endif + +#endif // SUDO_PLUGIN_PYHELPERS_CPYCHECKER_H diff -Nru sudo-1.8.31/plugins/python/pyhelpers.h sudo-1.9.0/plugins/python/pyhelpers.h --- sudo-1.8.31/plugins/python/pyhelpers.h 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/pyhelpers.h 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,105 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019 Robert Manner + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef SUDO_PLUGIN_PYHELPERS_H +#define SUDO_PLUGIN_PYHELPERS_H + +#define PY_SSIZE_T_CLEAN +#include + +#include "config.h" +#include "sudo_compat.h" +#include "sudo_plugin.h" + +#include "pyhelpers_cpychecker.h" + +#include "sudo_python_debug.h" + +enum SudoPluginFunctionReturnCode { + SUDO_RC_OK = 1, + SUDO_RC_ACCEPT = 1, + SUDO_RC_REJECT = 0, + SUDO_RC_ERROR = -1, + SUDO_RC_USAGE_ERROR = -2, +}; + +#define INTERPRETER_MAX 32 + +struct PythonContext +{ + sudo_printf_t sudo_log; + sudo_conv_t sudo_conv; + PyThreadState *py_main_interpreter; + size_t interpreter_count; + PyThreadState *py_subinterpreters[INTERPRETER_MAX]; +}; + +extern struct PythonContext py_ctx; + +#define Py_TYPENAME(object) (object ? Py_TYPE(object)->tp_name : "NULL") +#define Py_SSIZE2SIZE(value) ((value) < 0 ? 0 : (size_t)(value)) + +#define py_sudo_log(...) py_ctx.sudo_log(__VA_ARGS__) + +int py_sudo_conv(int num_msgs, const struct sudo_conv_message msgs[], + struct sudo_conv_reply replies[], struct sudo_conv_callback *callback); + +void py_log_last_error(const char *context_message); + +char *py_create_string_rep(PyObject *py_object); + +char *py_join_str_list(PyObject *py_str_list, const char *separator); + +struct key_value_str_int +{ + const char *key; + int value; +}; + +PyObject *py_dict_create_string_int(size_t count, struct key_value_str_int *key_values); + +PyObject *py_from_passwd(const struct passwd *pwd); + +PyObject *py_str_array_to_tuple_with_count(Py_ssize_t count, char * const strings[]); +PyObject *py_str_array_to_tuple(char * const strings[]); +char **py_str_array_from_tuple(PyObject *py_tuple); + +CPYCHECKER_RETURNS_BORROWED_REF +PyObject *py_tuple_get(PyObject *py_tuple, Py_ssize_t index, PyTypeObject *expected_type); + +PyObject *py_object_get_optional_attr(PyObject *py_object, const char *attr, PyObject *py_default); +long long py_object_get_optional_attr_number(PyObject *py_object, const char *attr_name); +const char *py_object_get_optional_attr_string(PyObject *py_object, const char *attr_name); + +void py_object_set_attr_number(PyObject *py_object, const char *attr_name, long long number); +void py_object_set_attr_string(PyObject *py_object, const char *attr_name, const char *value); + +PyObject *py_create_version(unsigned int version); + +void py_debug_python_call(const char *class_name, const char *function_name, + PyObject *py_args, PyObject *py_kwargs, int subsystem_id); +void py_debug_python_result(const char *class_name, const char *function_name, + PyObject *py_args, int subsystem_id); + +void str_array_free(char ***array); + +int py_get_current_execution_frame(char **file_name, long *line_number, char **function_name); + +void py_ctx_reset(void); + +#endif // SUDO_PLUGIN_PYHELPERS_H diff -Nru sudo-1.8.31/plugins/python/python_baseplugin.c sudo-1.9.0/plugins/python/python_baseplugin.c --- sudo-1.8.31/plugins/python/python_baseplugin.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/python_baseplugin.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,87 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019 Robert Manner + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include "sudo_python_module.h" + +PyTypeObject *sudo_type_Plugin = NULL; + +static PyObject * +_sudo_Plugin__Init(PyObject *py_self, PyObject *py_args, PyObject *py_kwargs) +{ + debug_decl(_sudo_Plugin__Init, PYTHON_DEBUG_C_CALLS); + + py_debug_python_call("Plugin", "__init__", py_args, NULL, PYTHON_DEBUG_C_CALLS); + + if (!PyArg_UnpackTuple(py_args, "sudo.Plugin.__init__", 1, 1, &py_self)) + goto cleanup; + + Py_ssize_t pos = 0; + PyObject *py_key = NULL, *py_value = NULL; // -> borrowed references + + while (PyDict_Next(py_kwargs, &pos, &py_key, &py_value)) { + if (PyObject_SetAttr(py_self, py_key, py_value) != 0) + goto cleanup; + } + +cleanup: + if (PyErr_Occurred()) + debug_return_ptr(NULL); + + debug_return_ptr_pynone; +} + + +static PyMethodDef _sudo_Plugin_class_methods[] = { + {"__init__", (PyCFunction)_sudo_Plugin__Init, + METH_VARARGS | METH_KEYWORDS, + "Base sudo plugin constructor"}, + {NULL, NULL, 0, NULL} +}; + + +int +sudo_module_register_baseplugin(PyObject *py_module) +{ + debug_decl(sudo_module_register_baseplugin, PYTHON_DEBUG_INTERNAL); + int rc = SUDO_RC_ERROR; + PyObject *py_class = NULL; + + py_class = sudo_module_create_class("sudo.Plugin", _sudo_Plugin_class_methods, NULL); + if (py_class == NULL) + goto cleanup; + + if (PyModule_AddObject(py_module, "Plugin", py_class) < 0) { + goto cleanup; + } + + Py_INCREF(py_class); + rc = SUDO_RC_OK; + + Py_CLEAR(sudo_type_Plugin); + sudo_type_Plugin = (PyTypeObject *)py_class; + Py_INCREF(sudo_type_Plugin); + +cleanup: + Py_CLEAR(py_class); + debug_return_int(rc); +} diff -Nru sudo-1.8.31/plugins/python/python_convmessage.c sudo-1.9.0/plugins/python/python_convmessage.c --- sudo-1.8.31/plugins/python/python_convmessage.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/python_convmessage.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,154 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019 Robert Manner + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include "sudo_python_module.h" + +PyTypeObject *sudo_type_ConvMessage; + +static PyObject * +_sudo_ConvMessage__Init(PyObject *py_self, PyObject *py_args, PyObject *py_kwargs) +{ + debug_decl(_sudo_ConvMessage__Init, PYTHON_DEBUG_C_CALLS); + + py_debug_python_call("ConvMessage", "__init__", py_args, py_kwargs, PYTHON_DEBUG_C_CALLS); + + PyObject *py_empty = PyTuple_New(0); + + struct sudo_conv_message conv_message = { 0, 0, NULL }; + + static char *keywords[] = { "self", "msg_type", "msg", "timeout", NULL }; + if (!PyArg_ParseTupleAndKeywords(py_args ? py_args : py_empty, py_kwargs, "Ois|i:sudo.ConvMessage", keywords, + &py_self, &(conv_message.msg_type), &(conv_message.msg), + &(conv_message.timeout))) + goto cleanup; + + sudo_debug_printf(SUDO_DEBUG_TRACE, "Parsed arguments: self='%p' msg_type='%d' timeout='%d' msg='%s'", + (void *)py_self, conv_message.msg_type, conv_message.timeout, conv_message.msg); + + py_object_set_attr_number(py_self, "msg_type", conv_message.msg_type); + if (PyErr_Occurred()) + goto cleanup; + + py_object_set_attr_number(py_self, "timeout", conv_message.timeout); + if (PyErr_Occurred()) + goto cleanup; + + py_object_set_attr_string(py_self, "msg", conv_message.msg); + if (PyErr_Occurred()) + goto cleanup; + +cleanup: + Py_CLEAR(py_empty); + + if (PyErr_Occurred()) + debug_return_ptr(NULL); + + debug_return_ptr_pynone; +} + + +static PyMethodDef _sudo_ConvMessage_class_methods[] = +{ + {"__init__", (PyCFunction)_sudo_ConvMessage__Init, + METH_VARARGS | METH_KEYWORDS, + "Conversation message (same as C type sudo_conv_message)"}, + {NULL, NULL, 0, NULL} +}; + + +int +sudo_module_register_conv_message(PyObject *py_module) +{ + debug_decl(_sudo_module_register_conv_message, PYTHON_DEBUG_INTERNAL); + int rc = SUDO_RC_ERROR; + PyObject *py_class = NULL; + + py_class = sudo_module_create_class("sudo.ConvMessage", _sudo_ConvMessage_class_methods, NULL); + if (py_class == NULL) + goto cleanup; + + if (PyModule_AddObject(py_module, "ConvMessage", py_class) < 0) { + goto cleanup; + } + + Py_INCREF(py_class); + rc = SUDO_RC_OK; + + Py_CLEAR(sudo_type_ConvMessage); + sudo_type_ConvMessage = (PyTypeObject *)py_class; + Py_INCREF(sudo_type_ConvMessage); + +cleanup: + Py_CLEAR(py_class); + debug_return_int(rc); +} + +int +sudo_module_ConvMessage_to_c(PyObject *py_conv_message, struct sudo_conv_message *conv_message) +{ + debug_decl(sudo_module_ConvMessage_to_c, PYTHON_DEBUG_C_CALLS); + + conv_message->msg_type = (int)py_object_get_optional_attr_number(py_conv_message, "msg_type"); + if (PyErr_Occurred()) + debug_return_int(SUDO_RC_ERROR); + + conv_message->timeout = (int)py_object_get_optional_attr_number(py_conv_message, "timeout"); + if (PyErr_Occurred()) + debug_return_int(SUDO_RC_ERROR); + + conv_message->msg = py_object_get_optional_attr_string(py_conv_message, "msg"); + if (PyErr_Occurred()) + debug_return_int(SUDO_RC_ERROR); + + debug_return_int(SUDO_RC_OK); +} + +int +sudo_module_ConvMessages_to_c(PyObject *py_tuple, Py_ssize_t *num_msgs, struct sudo_conv_message **msgs) +{ + debug_decl(sudo_module_ConvMessages_to_c, PYTHON_DEBUG_C_CALLS); + + *num_msgs = PyTuple_Size(py_tuple); + *msgs = NULL; + + if (*num_msgs <= 0) { + *num_msgs = 0; + PyErr_Format(sudo_exc_SudoException, "Expected at least one ConvMessage"); + debug_return_int(SUDO_RC_ERROR); + } + + *msgs = calloc(Py_SSIZE2SIZE(*num_msgs), sizeof(struct sudo_conv_message)); + if (*msgs == NULL) { + debug_return_int(SUDO_RC_ERROR); + } + + for (Py_ssize_t i = 0; i < *num_msgs; ++i) { + PyObject *py_msg = py_tuple_get(py_tuple, i, sudo_type_ConvMessage); + if (py_msg == NULL || sudo_module_ConvMessage_to_c(py_msg, &(*msgs)[i]) < 0) { + debug_return_int(SUDO_RC_ERROR); + } + } + + debug_return_int(SUDO_RC_OK); +} + diff -Nru sudo-1.8.31/plugins/python/python_importblocker.c sudo-1.9.0/plugins/python/python_importblocker.c --- sudo-1.8.31/plugins/python/python_importblocker.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/python_importblocker.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,211 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019 Robert Manner + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include "sudo_python_module.h" + +#include "sudo_util.h" + +#include +#include +#include + + +static int +_verify_import(const char *file_path) +{ + debug_decl(_verify_import, PYTHON_DEBUG_INTERNAL); + + struct stat sb; + if (stat(file_path, &sb) != 0) { + PyErr_Format(PyExc_ImportError, "Failed to stat file '%s'", file_path); + debug_return_int(SUDO_RC_ERROR); + } + + if (sb.st_uid != ROOT_UID) { + PyErr_Format(PyExc_ImportError, "File '%s' must be owned by uid %d", file_path, ROOT_UID); + debug_return_int(SUDO_RC_ERROR); + } + + if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { + PyErr_Format(PyExc_ImportError, "File '%s' must be only be writable by owner", file_path); + debug_return_int(SUDO_RC_ERROR); + } + + debug_return_int(SUDO_RC_OK); +} + +static PyObject * +_sudo_ImportBlocker__Init(PyObject *py_self, PyObject *py_args) +{ + debug_decl(_sudo_ImportBlocker__Init, PYTHON_DEBUG_C_CALLS); + + py_debug_python_call("ImportBlocker", "__init__", py_args, NULL, PYTHON_DEBUG_C_CALLS); + + PyObject *py_meta_path = NULL; + if (!PyArg_UnpackTuple(py_args, "sudo.ImportBlocker.__init__", 2, 2, &py_self, &py_meta_path)) + goto cleanup; + + if (PyObject_SetAttrString(py_self, "meta_path", py_meta_path) != 0) + goto cleanup; + +cleanup: + if (PyErr_Occurred()) + debug_return_ptr(NULL); + + debug_return_ptr_pynone; +} + +static PyObject * +_sudo_ImportBlocker__find_module(PyObject *py_self, PyObject *py_args) +{ + debug_decl(_sudo_ImportBlocker__find_module, PYTHON_DEBUG_C_CALLS); + + PyObject *py_fullname = NULL, *py_path = NULL, *py_meta_path = NULL, + *py_meta_path_iterator = NULL, *py_finder = NULL, + *py_importer = NULL, *py_import_path = NULL; + + py_debug_python_call("ImportBlocker", "find_module", py_args, NULL, PYTHON_DEBUG_C_CALLS); + + if (!PyArg_UnpackTuple(py_args, "sudo.ImportBlocker.find_module", 2, 3, &py_self, &py_fullname, &py_path)) + goto cleanup; + + py_meta_path = PyObject_GetAttrString(py_self, "meta_path"); + if (py_meta_path == NULL) + goto cleanup; + + py_meta_path_iterator = PyObject_GetIter(py_meta_path); + if (py_meta_path_iterator == NULL) + goto cleanup; + + while ((py_finder = PyIter_Next(py_meta_path_iterator)) != NULL) { + py_importer = PyObject_CallMethod(py_finder, "find_module", "(OO)", + py_fullname, py_path); + if (py_importer == NULL) { + goto cleanup; + } + + if (py_importer != Py_None) { // the import could be resolved + if (PyObject_HasAttrString(py_importer, "get_filename")) { + // there is a file associated with the import (.py, .so, etc) + py_import_path = PyObject_CallMethod(py_importer, "get_filename", ""); + const char *import_path = PyUnicode_AsUTF8(py_import_path); + + sudo_debug_printf(SUDO_DEBUG_DIAG, "ImportBlocker: verifying permissions " + "on file '%s'\n", import_path); + if (_verify_import(import_path) != SUDO_RC_OK) + goto cleanup; + + Py_CLEAR(py_import_path); + + } else { + sudo_debug_printf(SUDO_DEBUG_DIAG, "ImportBlocker: internal module import '%s'\n", + PyUnicode_AsUTF8(py_fullname)); + } + + goto cleanup; + } + + Py_CLEAR(py_importer); + Py_CLEAR(py_finder); + } + + Py_CLEAR(py_importer); + py_importer = Py_None; + Py_INCREF(py_importer); + +cleanup: + Py_CLEAR(py_meta_path_iterator); + Py_CLEAR(py_meta_path); + Py_CLEAR(py_finder); + Py_CLEAR(py_import_path); + + if (PyErr_Occurred()) { + Py_CLEAR(py_importer); + debug_return_ptr(NULL); + } + + debug_return_ptr(py_importer); +} + +static PyMethodDef _sudo_ImportBlocker_class_methods[] = +{ + {"__init__", _sudo_ImportBlocker__Init, METH_VARARGS, ""}, + {"find_module", _sudo_ImportBlocker__find_module, METH_VARARGS, ""}, + {NULL, NULL, 0, NULL} +}; + +// This possibly can be replaced with PySys_AddAuditHook for python >= 3.8 +// +// This function is equivalent of the python call: +// sys.meta_path = [sudo.ImportBlocker(sys.meta_path)] +int +sudo_module_register_importblocker(void) +{ + debug_decl(sudo_module_register_importblocker, PYTHON_DEBUG_C_CALLS); + + int rc = SUDO_RC_ERROR; + + PyObject *py_meta_path = NULL, *py_import_blocker_cls = NULL, + *py_import_blocker = NULL; + + py_meta_path = PySys_GetObject("meta_path"); // note: borrowed reference + if (py_meta_path == NULL) { + PyErr_Format(sudo_exc_SudoException, "'sys.meta_path' is not available. " + "Unable to register import blocker hook which is meant to " + "verify that no such module get loaded by the sudo python plugins" + "which are writable by others than root."); + goto cleanup; + } + Py_INCREF(py_meta_path); + + py_import_blocker_cls = sudo_module_create_class("sudo.ImportBlocker", _sudo_ImportBlocker_class_methods, NULL); + if (py_import_blocker_cls == NULL) + goto cleanup; + + // call the constructor + py_import_blocker = PyObject_CallFunctionObjArgs(py_import_blocker_cls, py_meta_path, NULL); + if (py_import_blocker == NULL) + goto cleanup; + + Py_DECREF(py_meta_path); + py_meta_path = PyList_New(1); + if (py_meta_path == NULL) + goto cleanup; + + if (PyList_SetItem(py_meta_path, 0, py_import_blocker) != 0) + goto cleanup; + py_import_blocker = NULL; // list has stolen it + + if (PySys_SetObject("meta_path", py_meta_path) != 0) { + goto cleanup; + } + + rc = SUDO_RC_OK; + +cleanup: + Py_CLEAR(py_meta_path); + Py_CLEAR(py_import_blocker); + Py_CLEAR(py_import_blocker_cls); + + debug_return_int(rc); +} diff -Nru sudo-1.8.31/plugins/python/python_loghandler.c sudo-1.9.0/plugins/python/python_loghandler.c --- sudo-1.8.31/plugins/python/python_loghandler.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/python_loghandler.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,190 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019 Robert Manner + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include "sudo_python_module.h" + +PyObject *sudo_type_LogHandler; + + +static void +_debug_plugin(int log_level, const char *log_message) +{ + debug_decl_vars(python_sudo_debug, PYTHON_DEBUG_PLUGIN); + + if (sudo_debug_needed(SUDO_DEBUG_INFO)) { + // at trace level we output the position for the python log as well + char *func_name = NULL, *file_name = NULL; + long line_number = -1; + + if (py_get_current_execution_frame(&file_name, &line_number, &func_name) == SUDO_RC_OK) { + sudo_debug_printf(SUDO_DEBUG_INFO, "%s @ %s:%ld debugs:\n", + func_name, file_name, line_number); + } + + free(func_name); + free(file_name); + } + + sudo_debug_printf(log_level, "%s\n", log_message); +} + +PyObject * +python_sudo_debug(PyObject *Py_UNUSED(py_self), PyObject *py_args) +{ + debug_decl(python_sudo_debug, PYTHON_DEBUG_C_CALLS); + py_debug_python_call("sudo", "debug", py_args, NULL, PYTHON_DEBUG_C_CALLS); + + int log_level = SUDO_DEBUG_DEBUG; + const char *log_message = NULL; + if (!PyArg_ParseTuple(py_args, "is:sudo.debug", &log_level, &log_message)) { + debug_return_ptr(NULL); + } + + _debug_plugin(log_level, log_message); + + debug_return_ptr_pynone; +} + +static int +_sudo_log_level_from_python(long level) +{ + if (level >= 50) + return SUDO_DEBUG_CRIT; + if (level >= 40) + return SUDO_DEBUG_ERROR; + if (level >= 30) + return SUDO_DEBUG_WARN; + if (level >= 20) + return SUDO_DEBUG_INFO; + + return SUDO_DEBUG_TRACE; +} + +static PyObject * +_sudo_LogHandler__emit(PyObject *py_self, PyObject *py_args) +{ + debug_decl(_sudo_LogHandler__emit, PYTHON_DEBUG_C_CALLS); + + PyObject *py_record = NULL; // borrowed + PyObject *py_message = NULL; + + py_debug_python_call("LogHandler", "emit", py_args, NULL, PYTHON_DEBUG_C_CALLS); + + if (!PyArg_UnpackTuple(py_args, "sudo.LogHandler.emit", 2, 2, &py_self, &py_record)) + goto cleanup; + + long python_loglevel = py_object_get_optional_attr_number(py_record, "levelno"); + if (PyErr_Occurred()) { + PyErr_Format(sudo_exc_SudoException, "sudo.LogHandler: Failed to determine log level"); + goto cleanup; + } + + int sudo_loglevel = _sudo_log_level_from_python(python_loglevel); + + py_message = PyObject_CallMethod(py_self, "format", "O", py_record); + if (py_message == NULL) + goto cleanup; + + _debug_plugin(sudo_loglevel, PyUnicode_AsUTF8(py_message)); + +cleanup: + Py_CLEAR(py_message); + if (PyErr_Occurred()) { + debug_return_ptr(NULL); + } + + debug_return_ptr_pynone; +} + +/* The sudo.LogHandler class can be used to make the default python logger + * use sudo's built in log system. */ +static PyMethodDef _sudo_LogHandler_class_methods[] = +{ + {"emit", _sudo_LogHandler__emit, METH_VARARGS, ""}, + {NULL, NULL, 0, NULL} +}; + +// This function registers sudo.LogHandler class +int +sudo_module_register_loghandler(PyObject *py_module) +{ + debug_decl(sudo_module_register_loghandler, PYTHON_DEBUG_INTERNAL); + + PyObject *py_logging_module = NULL, *py_streamhandler = NULL; + + py_logging_module = PyImport_ImportModule("logging"); + if (py_logging_module == NULL) + goto cleanup; + + py_streamhandler = PyObject_GetAttrString(py_logging_module, "StreamHandler"); + if (py_streamhandler == NULL) + goto cleanup; + + sudo_type_LogHandler = sudo_module_create_class("sudo.LogHandler", + _sudo_LogHandler_class_methods, py_streamhandler); + if (sudo_type_LogHandler == NULL) + goto cleanup; + + if (PyModule_AddObject(py_module, "LogHandler", sudo_type_LogHandler) < 0) + goto cleanup; + + Py_INCREF(sudo_type_LogHandler); + +cleanup: + Py_CLEAR(py_streamhandler); + Py_CLEAR(py_logging_module); + debug_return_int(PyErr_Occurred() ? SUDO_RC_ERROR : SUDO_RC_OK); +} + +// This sets sudo.LogHandler as the default log handler: +// logging.getLogger().addHandler(sudo.LogHandler()) +int +sudo_module_set_default_loghandler(void) +{ + debug_decl(sudo_module_set_default_loghandler, PYTHON_DEBUG_INTERNAL); + + PyObject *py_loghandler = NULL, *py_logging_module = NULL, + *py_logger = NULL, *py_result = NULL; + + py_loghandler = PyObject_CallObject(sudo_type_LogHandler, NULL); + if (py_loghandler == NULL) + goto cleanup; + + py_logging_module = PyImport_ImportModule("logging"); + if (py_logging_module == NULL) + goto cleanup; + + py_logger = PyObject_CallMethod(py_logging_module, "getLogger", NULL); + if (py_logger == NULL) + goto cleanup; + + py_result = PyObject_CallMethod(py_logger, "addHandler", "O", py_loghandler); + +cleanup: + Py_CLEAR(py_result); + Py_CLEAR(py_logger); + Py_CLEAR(py_logging_module); + Py_CLEAR(py_loghandler); + + debug_return_int(PyErr_Occurred() ? SUDO_RC_ERROR : SUDO_RC_OK); +} diff -Nru sudo-1.8.31/plugins/python/python_plugin_approval.c sudo-1.9.0/plugins/python/python_plugin_approval.c --- sudo-1.8.31/plugins/python/python_plugin_approval.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/python_plugin_approval.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,195 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019 Robert Manner + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include "python_plugin_common.h" + +struct ApprovalPluginContext +{ + struct PluginContext base_ctx; + struct approval_plugin *plugin; +}; + +#define BASE_CTX(approval_ctx) (&(approval_ctx->base_ctx)) + +#define PY_APPROVAL_PLUGIN_VERSION SUDO_API_MKVERSION(1, 0) + +#define CALLBACK_PLUGINFUNC(func_name) approval_ctx->plugin->func_name + +// This also verifies compile time that the name matches the sudo plugin API. +#define CALLBACK_PYNAME(func_name) ((void)CALLBACK_PLUGINFUNC(func_name), #func_name) + + +static int +python_plugin_approval_open(struct ApprovalPluginContext *approval_ctx, + unsigned int version, sudo_conv_t conversation, sudo_printf_t sudo_printf, + char * const settings[], char * const user_info[], int submit_optind, + char * const submit_argv[], char * const submit_envp[], + char * const plugin_options[], const char **errstr) +{ + debug_decl(python_plugin_approval_open, PYTHON_DEBUG_CALLBACKS); + (void) version; + + int rc = python_plugin_register_logging(conversation, sudo_printf, settings); + if (rc != SUDO_RC_OK) { + debug_return_int(rc); + } + + struct PluginContext *plugin_ctx = BASE_CTX(approval_ctx); + + rc = python_plugin_init(plugin_ctx, plugin_options, version); + if (rc != SUDO_RC_OK) { + debug_return_int(rc); + } + + PyObject *py_kwargs = NULL, *py_submit_optind = NULL, + *py_submit_argv = NULL; + + if ((py_kwargs = python_plugin_construct_args(version, settings, user_info, + submit_envp, plugin_options)) == NULL || + (py_submit_optind = PyLong_FromLong(submit_optind)) == NULL || + (py_submit_argv = py_str_array_to_tuple(submit_argv)) == NULL) + { + py_log_last_error("Failed to construct plugin instance"); + rc = SUDO_RC_ERROR; + } else { + PyDict_SetItemString(py_kwargs, "submit_optind", py_submit_optind); + PyDict_SetItemString(py_kwargs, "submit_argv", py_submit_argv); + + rc = python_plugin_construct_custom(plugin_ctx, py_kwargs); + CALLBACK_SET_ERROR(plugin_ctx, errstr); + } + + Py_CLEAR(py_kwargs); + Py_CLEAR(py_submit_argv); + Py_CLEAR(py_submit_optind); + + if (rc != SUDO_RC_OK) { + debug_return_int(rc); + } + + debug_return_int(rc); +} + +static void +python_plugin_approval_close(struct ApprovalPluginContext *approval_ctx) +{ + debug_decl(python_plugin_approval_close, PYTHON_DEBUG_CALLBACKS); + + struct PluginContext *plugin_ctx = BASE_CTX(approval_ctx); + PyThreadState_Swap(plugin_ctx->py_interpreter); + python_plugin_deinit(plugin_ctx); + + debug_return; +} + +static int +python_plugin_approval_check(struct ApprovalPluginContext *approval_ctx, + char * const command_info[], char * const run_argv[], + char * const run_envp[], const char **errstr) +{ + debug_decl(python_plugin_approval_check, PYTHON_DEBUG_CALLBACKS); + + struct PluginContext *plugin_ctx = BASE_CTX(approval_ctx); + + PyObject *py_command_info = NULL, *py_run_argv = NULL, *py_run_envp = NULL, + *py_args = NULL; + + int rc = SUDO_RC_ERROR; + if ((py_command_info = py_str_array_to_tuple(command_info)) != NULL && + (py_run_argv = py_str_array_to_tuple(run_argv)) != NULL && + (py_run_envp = py_str_array_to_tuple(run_envp)) != NULL) + { + py_args = Py_BuildValue("(OOO)", py_command_info, py_run_argv, py_run_envp); + } + + // Note, py_args gets cleared by api_rc_call + rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(check), py_args); + CALLBACK_SET_ERROR(plugin_ctx, errstr); + + Py_CLEAR(py_command_info); + Py_CLEAR(py_run_argv); + Py_CLEAR(py_run_envp); + + debug_return_int(rc); +} + +int +python_plugin_approval_show_version(struct ApprovalPluginContext *approval_ctx, int verbose) +{ + debug_decl(python_plugin_approval_show_version, PYTHON_DEBUG_CALLBACKS); + + struct PluginContext *plugin_ctx = BASE_CTX(approval_ctx); + PyThreadState_Swap(plugin_ctx->py_interpreter); + + debug_return_int(python_plugin_show_version(plugin_ctx, + CALLBACK_PYNAME(show_version), verbose, PY_APPROVAL_PLUGIN_VERSION, "approval")); +} + +__dso_public struct approval_plugin python_approval; + +// generate symbols for loading multiple approval plugins: +#define APPROVAL_SYMBOL_NAME(symbol) symbol +#include "python_plugin_approval_multi.inc" +#define APPROVAL_SYMBOL_NAME(symbol) symbol##1 +#include "python_plugin_approval_multi.inc" +#define APPROVAL_SYMBOL_NAME(symbol) symbol##2 +#include "python_plugin_approval_multi.inc" +#define APPROVAL_SYMBOL_NAME(symbol) symbol##3 +#include "python_plugin_approval_multi.inc" +#define APPROVAL_SYMBOL_NAME(symbol) symbol##4 +#include "python_plugin_approval_multi.inc" +#define APPROVAL_SYMBOL_NAME(symbol) symbol##5 +#include "python_plugin_approval_multi.inc" +#define APPROVAL_SYMBOL_NAME(symbol) symbol##6 +#include "python_plugin_approval_multi.inc" +#define APPROVAL_SYMBOL_NAME(symbol) symbol##7 +#include "python_plugin_approval_multi.inc" + +static struct approval_plugin *extra_approval_plugins[] = { + &python_approval1, + &python_approval2, + &python_approval3, + &python_approval4, + &python_approval5, + &python_approval6, + &python_approval7 +}; + +__dso_public struct approval_plugin * +python_approval_clone(void) +{ + static size_t counter = 0; + struct approval_plugin *next_plugin = NULL; + + size_t max = sizeof(extra_approval_plugins) / sizeof(*extra_approval_plugins); + if (counter < max) { + next_plugin = extra_approval_plugins[counter]; + ++counter; + } else if (counter == max) { + ++counter; + py_sudo_log(SUDO_CONV_ERROR_MSG, + "sudo: loading more than %d sudo python approval plugins is not supported\n", counter); + } + + return next_plugin; +} diff -Nru sudo-1.8.31/plugins/python/python_plugin_approval_multi.inc sudo-1.9.0/plugins/python/python_plugin_approval_multi.inc --- sudo-1.8.31/plugins/python/python_plugin_approval_multi.inc 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/python_plugin_approval_multi.inc 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,57 @@ +/* The purpose of this file is to generate a approval_plugin symbols, + * with an I/O plugin context which is unique to it and its functions. + * The callbacks inside are just wrappers around the real functions in python_plugin_approval.c, + * their only purpose is to add the unique context to each separate approval_plugin call. + */ + +#define PLUGIN_CTX APPROVAL_SYMBOL_NAME(plugin_ctx) +#define CALLBACK_CFUNC(func_name) APPROVAL_SYMBOL_NAME(_python_plugin_approval_ ## func_name) + +extern struct approval_plugin APPROVAL_SYMBOL_NAME(python_approval); +static struct ApprovalPluginContext PLUGIN_CTX = { {}, &APPROVAL_SYMBOL_NAME(python_approval) }; + + +int +CALLBACK_CFUNC(open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t sudo_printf, char * const settings[], + char * const user_info[], int submit_optind, + char * const submit_argv[], char * const submit_envp[], + char * const plugin_options[], const char **errstr) +{ + return python_plugin_approval_open(&PLUGIN_CTX, version, conversation, + sudo_printf, settings, user_info, submit_optind, submit_argv, + submit_envp, plugin_options, errstr); +} + +void +CALLBACK_CFUNC(close)(void) +{ + python_plugin_approval_close(&PLUGIN_CTX); +} + +int +CALLBACK_CFUNC(check)(char * const command_info[], char * const run_argv[], + char * const run_envp[], const char **errstr) +{ + return python_plugin_approval_check(&PLUGIN_CTX, command_info, run_argv, + run_envp, errstr); +} + +int +CALLBACK_CFUNC(show_version)(int verbose) +{ + return python_plugin_approval_show_version(&PLUGIN_CTX, verbose); +} + +__dso_public struct approval_plugin APPROVAL_SYMBOL_NAME(python_approval) = { + SUDO_APPROVAL_PLUGIN, + SUDO_API_VERSION, + CALLBACK_CFUNC(open), + CALLBACK_CFUNC(close), + CALLBACK_CFUNC(check), + CALLBACK_CFUNC(show_version) +}; + +#undef PLUGIN_CTX +#undef CALLBACK_CFUNC +#undef APPROVAL_SYMBOL_NAME diff -Nru sudo-1.8.31/plugins/python/python_plugin_audit.c sudo-1.9.0/plugins/python/python_plugin_audit.c --- sudo-1.8.31/plugins/python/python_plugin_audit.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/python_plugin_audit.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,282 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019 Robert Manner + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include "python_plugin_common.h" + +struct AuditPluginContext +{ + struct PluginContext base_ctx; + struct audit_plugin *plugin; +}; + +#define BASE_CTX(audit_ctx) (&(audit_ctx->base_ctx)) + +#define PY_AUDIT_PLUGIN_VERSION SUDO_API_MKVERSION(1, 0) + +#define CALLBACK_PLUGINFUNC(func_name) audit_ctx->plugin->func_name + +// This also verifies compile time that the name matches the sudo plugin API. +#define CALLBACK_PYNAME(func_name) ((void)CALLBACK_PLUGINFUNC(func_name), #func_name) + +#define MARK_CALLBACK_OPTIONAL(function_name) \ + do { \ + python_plugin_mark_callback_optional(plugin_ctx, CALLBACK_PYNAME(function_name), \ + (void **)&CALLBACK_PLUGINFUNC(function_name)); \ + } while(0) + + +static int +_call_plugin_open(struct AuditPluginContext *audit_ctx, int submit_optind, char * const submit_argv[]) +{ + debug_decl(_call_plugin_open, PYTHON_DEBUG_CALLBACKS); + + struct PluginContext *plugin_ctx = BASE_CTX(audit_ctx); + if (!PyObject_HasAttrString(plugin_ctx->py_instance, CALLBACK_PYNAME(open))) { + debug_return_int(SUDO_RC_OK); + } + + int rc = SUDO_RC_ERROR; + PyObject *py_submit_argv = py_str_array_to_tuple(submit_argv); + + if (py_submit_argv != NULL) { + rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(open), + Py_BuildValue("(iO)", submit_optind, py_submit_argv)); + } else { + rc = SUDO_RC_ERROR; + } + + Py_XDECREF(py_submit_argv); + debug_return_int(rc); +} + +static int +python_plugin_audit_open(struct AuditPluginContext *audit_ctx, + unsigned int version, sudo_conv_t conversation, + sudo_printf_t sudo_printf, char * const settings[], + char * const user_info[], int submit_optind, + char * const submit_argv[], char * const submit_envp[], + char * const plugin_options[], const char **errstr) +{ + debug_decl(python_plugin_audit_open, PYTHON_DEBUG_CALLBACKS); + (void) version; + + int rc = python_plugin_register_logging(conversation, sudo_printf, settings); + if (rc != SUDO_RC_OK) { + debug_return_int(rc); + } + + struct PluginContext *plugin_ctx = BASE_CTX(audit_ctx); + + rc = python_plugin_init(plugin_ctx, plugin_options, version); + if (rc != SUDO_RC_OK) { + debug_return_int(rc); + } + + rc = python_plugin_construct(plugin_ctx, PY_AUDIT_PLUGIN_VERSION, settings, + user_info, submit_envp, plugin_options); + CALLBACK_SET_ERROR(plugin_ctx, errstr); + if (rc != SUDO_RC_OK) { + debug_return_int(rc); + } + + // skip plugin callbacks which are not mandatory + MARK_CALLBACK_OPTIONAL(accept); + MARK_CALLBACK_OPTIONAL(reject); + MARK_CALLBACK_OPTIONAL(error); + + plugin_ctx->call_close = 1; + rc = _call_plugin_open(audit_ctx, submit_optind, submit_argv); + CALLBACK_SET_ERROR(plugin_ctx, errstr); + + if (PyErr_Occurred()) { + py_log_last_error("Error during calling audit open"); + } + + debug_return_int(rc); +} + +static void +python_plugin_audit_close(struct AuditPluginContext *audit_ctx, int status_type, int status) +{ + debug_decl(python_plugin_audit_close, PYTHON_DEBUG_CALLBACKS); + + python_plugin_close(BASE_CTX(audit_ctx), CALLBACK_PYNAME(close), + Py_BuildValue("(ii)", status_type, status)); + + debug_return; +} + +int +python_plugin_audit_accept(struct AuditPluginContext *audit_ctx, + const char *plugin_name, unsigned int plugin_type, + char * const command_info[], char * const run_argv[], + char * const run_envp[], const char **errstr) +{ + debug_decl(python_plugin_audit_accept, PYTHON_DEBUG_CALLBACKS); + + struct PluginContext *plugin_ctx = BASE_CTX(audit_ctx); + PyThreadState_Swap(plugin_ctx->py_interpreter); + + PyObject *py_command_info = NULL, *py_run_argv = NULL, *py_run_envp = NULL; + int rc = SUDO_RC_ERROR; + + py_run_argv = py_str_array_to_tuple(run_argv); + if (py_run_argv == NULL) + goto cleanup; + + py_command_info = py_str_array_to_tuple(command_info); + if (py_command_info == NULL) + goto cleanup; + + py_run_envp = py_str_array_to_tuple(run_envp); + if (py_run_envp == NULL) + goto cleanup; + + PyObject *py_args = Py_BuildValue("(ziOOO)", plugin_name, plugin_type, py_command_info, py_run_argv, py_run_envp); + rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(accept), py_args); + CALLBACK_SET_ERROR(plugin_ctx, errstr); + +cleanup: + Py_CLEAR(py_command_info); + Py_CLEAR(py_run_argv); + Py_CLEAR(py_run_envp); + + debug_return_int(rc); +} + +int +python_plugin_audit_reject(struct AuditPluginContext *audit_ctx, + const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[], const char **errstr) +{ + debug_decl(python_plugin_audit_reject, PYTHON_DEBUG_CALLBACKS); + + struct PluginContext *plugin_ctx = BASE_CTX(audit_ctx); + PyThreadState_Swap(plugin_ctx->py_interpreter); + + PyObject *py_command_info = NULL; + int rc = SUDO_RC_ERROR; + + py_command_info = py_str_array_to_tuple(command_info); + if (PyErr_Occurred()) + goto cleanup; + + PyObject *py_args = Py_BuildValue("(zizO)", plugin_name, plugin_type, audit_msg, py_command_info); + rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(reject), py_args); + + CALLBACK_SET_ERROR(plugin_ctx, errstr); + +cleanup: + Py_CLEAR(py_command_info); + if (PyErr_Occurred()) + py_log_last_error("Error during calling audit reject"); + + debug_return_int(rc); +} + +int +python_plugin_audit_error(struct AuditPluginContext *audit_ctx, + const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[], const char **errstr) +{ + debug_decl(python_plugin_audit_error, PYTHON_DEBUG_CALLBACKS); + + struct PluginContext *plugin_ctx = BASE_CTX(audit_ctx); + PyThreadState_Swap(plugin_ctx->py_interpreter); + + PyObject *py_command_info = NULL; + int rc = SUDO_RC_ERROR; + + py_command_info = py_str_array_to_tuple(command_info); + if (PyErr_Occurred()) + goto cleanup; + + PyObject *py_args = Py_BuildValue("(zizO)", plugin_name, plugin_type, audit_msg, py_command_info); + rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(error), py_args); + CALLBACK_SET_ERROR(plugin_ctx, errstr); + +cleanup: + Py_CLEAR(py_command_info); + + debug_return_int(rc); +} + +int +python_plugin_audit_show_version(struct AuditPluginContext *audit_ctx, int verbose) +{ + debug_decl(python_plugin_audit_show_version, PYTHON_DEBUG_CALLBACKS); + + struct PluginContext *plugin_ctx = BASE_CTX(audit_ctx); + PyThreadState_Swap(plugin_ctx->py_interpreter); + + debug_return_int(python_plugin_show_version(plugin_ctx, + CALLBACK_PYNAME(show_version), verbose, PY_AUDIT_PLUGIN_VERSION, "audit")); +} + +__dso_public struct audit_plugin python_audit; + +// generate symbols for loading multiple audit plugins: +#define AUDIT_SYMBOL_NAME(symbol) symbol +#include "python_plugin_audit_multi.inc" +#define AUDIT_SYMBOL_NAME(symbol) symbol##1 +#include "python_plugin_audit_multi.inc" +#define AUDIT_SYMBOL_NAME(symbol) symbol##2 +#include "python_plugin_audit_multi.inc" +#define AUDIT_SYMBOL_NAME(symbol) symbol##3 +#include "python_plugin_audit_multi.inc" +#define AUDIT_SYMBOL_NAME(symbol) symbol##4 +#include "python_plugin_audit_multi.inc" +#define AUDIT_SYMBOL_NAME(symbol) symbol##5 +#include "python_plugin_audit_multi.inc" +#define AUDIT_SYMBOL_NAME(symbol) symbol##6 +#include "python_plugin_audit_multi.inc" +#define AUDIT_SYMBOL_NAME(symbol) symbol##7 +#include "python_plugin_audit_multi.inc" + +static struct audit_plugin *extra_audit_plugins[] = { + &python_audit1, + &python_audit2, + &python_audit3, + &python_audit4, + &python_audit5, + &python_audit6, + &python_audit7 +}; + +__dso_public struct audit_plugin * +python_audit_clone(void) +{ + static size_t counter = 0; + struct audit_plugin *next_plugin = NULL; + + size_t max = sizeof(extra_audit_plugins) / sizeof(*extra_audit_plugins); + if (counter < max) { + next_plugin = extra_audit_plugins[counter]; + ++counter; + } else if (counter == max) { + ++counter; + py_sudo_log(SUDO_CONV_ERROR_MSG, "sudo: loading more than %d sudo python audit plugins is not supported\n", counter); + } + + return next_plugin; +} diff -Nru sudo-1.8.31/plugins/python/python_plugin_audit_multi.inc sudo-1.9.0/plugins/python/python_plugin_audit_multi.inc --- sudo-1.8.31/plugins/python/python_plugin_audit_multi.inc 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/python_plugin_audit_multi.inc 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,78 @@ +/* The purpose of this file is to generate a audit_plugin symbols, + * with an I/O plugin context which is unique to it and its functions. + * The callbacks inside are just wrappers around the real functions in python_plugin_audit.c, + * their only purpose is to add the unique context to each separate audit_plugin call. + */ + +#define PLUGIN_CTX AUDIT_SYMBOL_NAME(plugin_ctx) +#define CALLBACK_CFUNC(func_name) AUDIT_SYMBOL_NAME(_python_plugin_audit_ ## func_name) + +extern struct audit_plugin AUDIT_SYMBOL_NAME(python_audit); +static struct AuditPluginContext PLUGIN_CTX = { {}, &AUDIT_SYMBOL_NAME(python_audit) }; + + +static int +CALLBACK_CFUNC(open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t sudo_printf, char * const settings[], + char * const user_info[], int submit_optind, + char * const submit_argv[], char * const submit_envp[], + char * const plugin_options[], const char **errstr) +{ + return python_plugin_audit_open(&PLUGIN_CTX, version, conversation, sudo_printf, + settings, user_info, submit_optind, submit_argv, submit_envp, + plugin_options, errstr); +} + +static void +CALLBACK_CFUNC(close)(int status_type, int status) +{ + python_plugin_audit_close(&PLUGIN_CTX, status_type, status); +} + +int +CALLBACK_CFUNC(accept)(const char *plugin_name, unsigned int plugin_type, + char * const command_info[], char * const run_argv[], + char * const run_envp[], const char **errstr) +{ + return python_plugin_audit_accept(&PLUGIN_CTX, plugin_name, plugin_type, + command_info, run_argv, run_envp, errstr); +} + +int +CALLBACK_CFUNC(reject)(const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[], const char **errstr) +{ + return python_plugin_audit_reject(&PLUGIN_CTX, plugin_name, plugin_type, + audit_msg, command_info, errstr); +} + +int +CALLBACK_CFUNC(error)(const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[], const char **errstr) +{ + return python_plugin_audit_error(&PLUGIN_CTX, plugin_name, plugin_type, + audit_msg, command_info, errstr); +} + +int +CALLBACK_CFUNC(show_version)(int verbose) +{ + return python_plugin_audit_show_version(&PLUGIN_CTX, verbose); +} + +__dso_public struct audit_plugin AUDIT_SYMBOL_NAME(python_audit) = { + SUDO_AUDIT_PLUGIN, + SUDO_API_VERSION, + CALLBACK_CFUNC(open), + CALLBACK_CFUNC(close), + CALLBACK_CFUNC(accept), + CALLBACK_CFUNC(reject), + CALLBACK_CFUNC(error), + CALLBACK_CFUNC(show_version), + NULL, /* register_hooks */ + NULL /* deregister_hooks */ +}; + +#undef PLUGIN_CTX +#undef CALLBACK_CFUNC +#undef AUDIT_SYMBOL_NAME diff -Nru sudo-1.8.31/plugins/python/python_plugin_common.c sudo-1.9.0/plugins/python/python_plugin_common.c --- sudo-1.8.31/plugins/python/python_plugin_common.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/python_plugin_common.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,742 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019 Robert Manner + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include "python_plugin_common.h" +#include "sudo_python_module.h" + +#include "sudo_queue.h" +#include "sudo_conf.h" + +#include +#include + +static struct _inittab * python_inittab_copy = NULL; +static size_t python_inittab_copy_len = 0; + +#ifndef PLUGIN_DIR +#define PLUGIN_DIR "" +#endif + +/* Py_FinalizeEx is new in version 3.6 */ +#if PY_MAJOR_VERSION > 3 || PY_MINOR_VERSION < 6 +# define Py_FinalizeEx() (Py_Finalize(), 0) +#endif + +const char * +_lookup_value(char * const keyvalues[], const char *key) +{ + debug_decl(_lookup_value, PYTHON_DEBUG_INTERNAL); + if (keyvalues == NULL) + debug_return_const_str(NULL); + + size_t keylen = strlen(key); + for (; *keyvalues != NULL; ++keyvalues) { + const char *keyvalue = *keyvalues; + if (strncmp(keyvalue, key, keylen) == 0 && keyvalue[keylen] == '=') + debug_return_const_str(keyvalue + keylen + 1); + } + debug_return_const_str(NULL); +} + +CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION +int +_append_python_path(const char *module_dir) +{ + debug_decl(_append_python_path, PYTHON_DEBUG_PLUGIN_LOAD); + int rc = -1; + PyObject *py_sys_path = PySys_GetObject("path"); + if (py_sys_path == NULL) { + PyErr_Format(sudo_exc_SudoException, "Failed to get python 'path'"); + debug_return_int(rc); + } + + sudo_debug_printf(SUDO_DEBUG_DIAG, "Extending python 'path' with '%s'\n", module_dir); + + PyObject *py_module_dir = PyUnicode_FromString(module_dir); + if (py_module_dir == NULL || PyList_Append(py_sys_path, py_module_dir) != 0) { + Py_XDECREF(py_module_dir); + debug_return_int(rc); + } + Py_XDECREF(py_module_dir); + + if (sudo_debug_needed(SUDO_DEBUG_INFO)) { + char *path = py_join_str_list(py_sys_path, ":"); + sudo_debug_printf(SUDO_DEBUG_INFO, "Python path became: %s\n", path); + free(path); + } + + rc = 0; + debug_return_int(rc); +} + +static PyObject * +_import_module(const char *path) +{ + debug_decl(_import_module, PYTHON_DEBUG_PLUGIN_LOAD); + + sudo_debug_printf(SUDO_DEBUG_DIAG, "importing module: %s\n", path); + + char path_copy[PATH_MAX]; + if (strlcpy(path_copy, path, sizeof(path_copy)) >= sizeof(path_copy)) + debug_return_ptr(NULL); + + char *module_dir = path_copy; + char *module_name = strrchr(path_copy, '/'); + if (module_name == NULL) { + module_name = path_copy; + module_dir = ""; + } else { + *module_name++ = '\0'; + } + + size_t len = strlen(module_name); + if (len >= 3 && strcmp(".py", module_name + len - 3) == 0) + module_name[len - 3] = '\0'; + + sudo_debug_printf(SUDO_DEBUG_INFO, "module_name: '%s', module_dir: '%s'\n", module_name, module_dir); + + if (_append_python_path(module_dir) < 0) + debug_return_ptr(NULL); + + debug_return_ptr(PyImport_ImportModule(module_name)); +} + +static PyThreadState * +_python_plugin_new_interpreter(void) +{ + debug_decl(_python_plugin_new_interpreter, PYTHON_DEBUG_INTERNAL); + if (py_ctx.interpreter_count >= INTERPRETER_MAX) { + PyErr_Format(PyExc_Exception, "Too many interpreters"); + debug_return_ptr(NULL); + } + + PyThreadState *py_interpreter = Py_NewInterpreter(); + if (py_interpreter != NULL) { + py_ctx.py_subinterpreters[py_ctx.interpreter_count] = py_interpreter; + ++py_ctx.interpreter_count; + } + + debug_return_ptr(py_interpreter); +} + +static int +_save_inittab(void) +{ + debug_decl(_save_inittab, PYTHON_DEBUG_INTERNAL); + free(python_inittab_copy); // just to be sure (it is always NULL) + + for (python_inittab_copy_len = 0; + PyImport_Inittab[python_inittab_copy_len].name != NULL; + ++python_inittab_copy_len) { + } + ++python_inittab_copy_len; // for the null mark + + python_inittab_copy = malloc(sizeof(struct _inittab) * python_inittab_copy_len); + if (python_inittab_copy == NULL) { + debug_return_int(SUDO_RC_ERROR); + } + + memcpy(python_inittab_copy, PyImport_Inittab, python_inittab_copy_len * sizeof(struct _inittab)); + debug_return_int(SUDO_RC_OK); +} + +static void +_restore_inittab(void) +{ + debug_decl(_restore_inittab, PYTHON_DEBUG_INTERNAL); + + if (python_inittab_copy != NULL) + memcpy(PyImport_Inittab, python_inittab_copy, python_inittab_copy_len * sizeof(struct _inittab)); + + free(python_inittab_copy); + python_inittab_copy = NULL; + python_inittab_copy_len = 0; + debug_return; +} + +void +python_plugin_handle_plugin_error_exception(PyObject **py_result, struct PluginContext *plugin_ctx) +{ + debug_decl(python_plugin_handle_plugin_error_exception, PYTHON_DEBUG_INTERNAL); + + free(plugin_ctx->callback_error); + plugin_ctx->callback_error = NULL; + + if (PyErr_Occurred()) { + int rc = SUDO_RC_ERROR; + if (PyErr_ExceptionMatches(sudo_exc_PluginReject)) { + rc = SUDO_RC_REJECT; + } else if (!PyErr_ExceptionMatches(sudo_exc_PluginError)) { + debug_return; + } + + if (py_result != NULL) { + Py_CLEAR(*py_result); + *py_result = PyLong_FromLong(rc); + } + + PyObject *py_type = NULL, *py_message = NULL, *py_traceback = NULL; + PyErr_Fetch(&py_type, &py_message, &py_traceback); + + char *message = py_message ? py_create_string_rep(py_message) : NULL; + sudo_debug_printf(SUDO_DEBUG_INFO, "received sudo.PluginError exception with message '%s'", + message == NULL ? "(null)" : message); + + plugin_ctx->callback_error = message; + + Py_CLEAR(py_type); + Py_CLEAR(py_message); + Py_CLEAR(py_traceback); + } + + debug_return; +} + +int +python_plugin_construct_custom(struct PluginContext *plugin_ctx, PyObject *py_kwargs) +{ + debug_decl(python_plugin_construct_custom, PYTHON_DEBUG_PLUGIN_LOAD); + int rc = SUDO_RC_ERROR; + PyObject *py_args = PyTuple_New(0); + + if (py_args == NULL) + goto cleanup; + + py_debug_python_call(python_plugin_name(plugin_ctx), "__init__", + py_args, py_kwargs, PYTHON_DEBUG_PY_CALLS); + + plugin_ctx->py_instance = PyObject_Call(plugin_ctx->py_class, py_args, py_kwargs); + python_plugin_handle_plugin_error_exception(NULL, plugin_ctx); + + py_debug_python_result(python_plugin_name(plugin_ctx), "__init__", + plugin_ctx->py_instance, PYTHON_DEBUG_PY_CALLS); + + if (plugin_ctx->py_instance) + rc = SUDO_RC_OK; + +cleanup: + if (PyErr_Occurred()) { + py_log_last_error("Failed to construct plugin instance"); + Py_CLEAR(plugin_ctx->py_instance); + rc = SUDO_RC_ERROR; + } + + Py_XDECREF(py_args); + debug_return_int(rc); +} + +PyObject * +python_plugin_construct_args(unsigned int version, + char *const settings[], char *const user_info[], + char *const user_env[], char *const plugin_options[]) +{ + PyObject *py_settings = NULL; + PyObject *py_user_info = NULL; + PyObject *py_user_env = NULL; + PyObject *py_plugin_options = NULL; + PyObject *py_version = NULL; + PyObject *py_kwargs = NULL; + + if ((py_settings = py_str_array_to_tuple(settings)) == NULL || + (py_user_info = py_str_array_to_tuple(user_info)) == NULL || + (py_user_env = py_str_array_to_tuple(user_env)) == NULL || + (py_plugin_options = py_str_array_to_tuple(plugin_options)) == NULL || + (py_version = py_create_version(version)) == NULL || + (py_kwargs = PyDict_New()) == NULL || + PyDict_SetItemString(py_kwargs, "version", py_version) != 0 || + PyDict_SetItemString(py_kwargs, "settings", py_settings) != 0 || + PyDict_SetItemString(py_kwargs, "user_env", py_user_env) != 0 || + PyDict_SetItemString(py_kwargs, "user_info", py_user_info) != 0 || + PyDict_SetItemString(py_kwargs, "plugin_options", py_plugin_options) != 0) + { + Py_CLEAR(py_kwargs); + } + + Py_CLEAR(py_settings); + Py_CLEAR(py_user_info); + Py_CLEAR(py_user_env); + Py_CLEAR(py_plugin_options); + Py_CLEAR(py_version); + return py_kwargs; +} + +int +python_plugin_construct(struct PluginContext *plugin_ctx, unsigned int version, + char *const settings[], char *const user_info[], + char *const user_env[], char *const plugin_options[]) +{ + debug_decl(python_plugin_construct, PYTHON_DEBUG_PLUGIN_LOAD); + + int rc = SUDO_RC_ERROR; + PyObject *py_kwargs = python_plugin_construct_args( + version, settings, user_info, user_env, plugin_options); + + if (py_kwargs == NULL) { + py_log_last_error("Failed to construct plugin instance"); + rc = SUDO_RC_ERROR; + } else { + rc = python_plugin_construct_custom(plugin_ctx, py_kwargs); + } + + Py_CLEAR(py_kwargs); + + debug_return_int(rc); +} + +int +python_plugin_register_logging(sudo_conv_t conversation, + sudo_printf_t sudo_printf, + char * const settings[]) +{ + debug_decl(python_plugin_register_logging, PYTHON_DEBUG_INTERNAL); + + int rc = SUDO_RC_ERROR; + if (conversation != NULL) + py_ctx.sudo_conv = conversation; + + if (sudo_printf) + py_ctx.sudo_log = sudo_printf; + + struct sudo_conf_debug_file_list debug_files = TAILQ_HEAD_INITIALIZER(debug_files); + struct sudo_conf_debug_file_list *debug_files_ptr = &debug_files; + + const char *plugin_path = _lookup_value(settings, "plugin_path"); + if (plugin_path == NULL) + plugin_path = "python_plugin.so"; + + const char *debug_flags = _lookup_value(settings, "debug_flags"); + + if (debug_flags == NULL) { // the group plugin does not have this information, so try to look it up + debug_files_ptr = sudo_conf_debug_files(plugin_path); + } else { + if (!python_debug_parse_flags(&debug_files, debug_flags)) + goto cleanup; + } + + if (debug_files_ptr != NULL) { + if (!python_debug_register(plugin_path, debug_files_ptr)) + goto cleanup; + } + + rc = SUDO_RC_OK; + +cleanup: + debug_return_int(rc); +} + +CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION +static int +_python_plugin_register_plugin_in_py_ctx(void) +{ + debug_decl(_python_plugin_register_plugin_in_py_ctx, PYTHON_DEBUG_PLUGIN_LOAD); + + if (!Py_IsInitialized()) { + // Disable environment variables effecting the python interpreter + // This is important since we are running code here as root, the + // user should not be able to alter what is running any how. + Py_IgnoreEnvironmentFlag = 1; + Py_IsolatedFlag = 1; + Py_NoUserSiteDirectory = 1; + + if (_save_inittab() != SUDO_RC_OK) + debug_return_int(SUDO_RC_ERROR); + + PyImport_AppendInittab("sudo", sudo_module_init); + Py_InitializeEx(0); + py_ctx.py_main_interpreter = PyThreadState_Get(); + + // This ensures we import "sudo" module in the main interpreter, + // each subinterpreter will have a shallow copy. + // (This makes the C sudo module able to eg. import other modules.) + PyObject *py_sudo = NULL; + if ((py_sudo = PyImport_ImportModule("sudo")) == NULL) { + debug_return_int(SUDO_RC_ERROR); + } + Py_CLEAR(py_sudo); + } else { + PyThreadState_Swap(py_ctx.py_main_interpreter); + } + + debug_return_int(SUDO_RC_OK); +} + +int +_python_plugin_set_path(struct PluginContext *plugin_ctx, const char *path) +{ + if (path == NULL) { + py_sudo_log(SUDO_CONV_ERROR_MSG, "No python module path is specified. " + "Use 'ModulePath' plugin config option in 'sudo.conf'\n"); + return SUDO_RC_ERROR; + } + + if (*path == '/') { // absolute path + plugin_ctx->plugin_path = strdup(path); + } else { + if (asprintf(&plugin_ctx->plugin_path, PLUGIN_DIR "/python/%s", path) < 0) + plugin_ctx->plugin_path = NULL; + } + + if (plugin_ctx->plugin_path == NULL) { + py_sudo_log(SUDO_CONV_ERROR_MSG, "Failed to allocate memory"); + return SUDO_RC_ERROR; + } + + return SUDO_RC_OK; +} + +/* Returns the list of sudo.Plugins in a module */ +static PyObject * +_python_plugin_class_list(PyObject *py_module) { + PyObject *py_module_dict = PyModule_GetDict(py_module); // Note: borrowed + PyObject *key, *value; // Note: borrowed + Py_ssize_t pos = 0; + PyObject *py_plugin_list = PyList_New(0); + + while (PyDict_Next(py_module_dict, &pos, &key, &value)) { + if (PyObject_IsSubclass(value, (PyObject *)sudo_type_Plugin) == 1) { + if (PyList_Append(py_plugin_list, key) != 0) + goto cleanup; + } else { + PyErr_Clear(); + } + } + +cleanup: + if (PyErr_Occurred()) { + Py_CLEAR(py_plugin_list); + } + return py_plugin_list; +} + +/* Gets a sudo.Plugin class from the specified module. The argument "plugin_class" + * can be NULL in which case it loads the one and only "sudo.Plugin" present + * in the module (if so), or displays helpful error message. */ +static PyObject * +_python_plugin_get_class(const char *plugin_path, PyObject *py_module, const char *plugin_class) +{ + debug_decl(python_plugin_init, PYTHON_DEBUG_PLUGIN_LOAD); + PyObject *py_plugin_list = NULL, *py_class = NULL; + + if (plugin_class == NULL) { + py_plugin_list = _python_plugin_class_list(py_module); + if (py_plugin_list == NULL) { + goto cleanup; + } + + if (PyList_Size(py_plugin_list) == 1) { + PyObject *py_plugin_name = PyList_GetItem(py_plugin_list, 0); // Note: borrowed + plugin_class = PyUnicode_AsUTF8(py_plugin_name); + } + } + + if (plugin_class == NULL) { + py_sudo_log(SUDO_CONV_ERROR_MSG, "No plugin class is specified for python module '%s'. " + "Use 'ClassName' configuration option in 'sudo.conf'\n", plugin_path); + if (py_plugin_list != NULL) { + /* Sorting the plugin list makes regress test output consistent. */ + PyObject *py_obj = PyObject_CallMethod(py_plugin_list, "sort", ""); + Py_CLEAR(py_obj); + char *possible_plugins = py_join_str_list(py_plugin_list, ", "); + if (possible_plugins != NULL) { + py_sudo_log(SUDO_CONV_ERROR_MSG, "Possible plugins: %s\n", possible_plugins); + free(possible_plugins); + } + } + goto cleanup; + } + + sudo_debug_printf(SUDO_DEBUG_DEBUG, "Using plugin class '%s'", plugin_class); + py_class = PyObject_GetAttrString(py_module, plugin_class); + if (py_class == NULL) { + py_sudo_log(SUDO_CONV_ERROR_MSG, "Failed to find plugin class '%s'\n", plugin_class); + goto cleanup; + } + + if (!PyObject_IsSubclass(py_class, (PyObject *)sudo_type_Plugin)) { + py_sudo_log(SUDO_CONV_ERROR_MSG, "Plugin class '%s' does not inherit from 'sudo.Plugin'\n", plugin_class); + Py_CLEAR(py_class); + goto cleanup; + } + +cleanup: + Py_CLEAR(py_plugin_list); + debug_return_ptr(py_class); +} + +int +python_plugin_init(struct PluginContext *plugin_ctx, char * const plugin_options[], + unsigned int version) +{ + debug_decl(python_plugin_init, PYTHON_DEBUG_PLUGIN_LOAD); + + int rc = SUDO_RC_ERROR; + + if (_python_plugin_register_plugin_in_py_ctx() != SUDO_RC_OK) + goto cleanup; + + plugin_ctx->sudo_api_version = version; + + plugin_ctx->py_interpreter = _python_plugin_new_interpreter(); + if (plugin_ctx->py_interpreter == NULL) { + goto cleanup; + } + PyThreadState_Swap(plugin_ctx->py_interpreter); + + if (!sudo_conf_developer_mode() && sudo_module_register_importblocker() < 0) { + goto cleanup; + } + + if (sudo_module_set_default_loghandler() < 0) + goto cleanup; + + if (_python_plugin_set_path(plugin_ctx, _lookup_value(plugin_options, "ModulePath")) != SUDO_RC_OK) { + goto cleanup; + } + + sudo_debug_printf(SUDO_DEBUG_DEBUG, "Loading python module from path '%s'", plugin_ctx->plugin_path); + plugin_ctx->py_module = _import_module(plugin_ctx->plugin_path); + if (plugin_ctx->py_module == NULL) { + goto cleanup; + } + + plugin_ctx->py_class = _python_plugin_get_class(plugin_ctx->plugin_path, plugin_ctx->py_module, + _lookup_value(plugin_options, "ClassName")); + if (plugin_ctx->py_class == NULL) { + goto cleanup; + } + + rc = SUDO_RC_OK; + +cleanup: + if (plugin_ctx->py_class == NULL) { + py_log_last_error("Failed during loading plugin class"); + rc = SUDO_RC_ERROR; + } + + debug_return_int(rc); +} + +void +python_plugin_deinit(struct PluginContext *plugin_ctx) +{ + debug_decl(python_plugin_deinit, PYTHON_DEBUG_PLUGIN_LOAD); + sudo_debug_printf(SUDO_DEBUG_DIAG, "Deinit was called for a python plugin\n"); + + Py_CLEAR(plugin_ctx->py_instance); + Py_CLEAR(plugin_ctx->py_class); + Py_CLEAR(plugin_ctx->py_module); + + // Note: we are preserving the interpreters here until the unlink because + // of bugs like (strptime does not work after python interpreter reinit): + // https://bugs.python.org/issue27400 + // These potentially effect a lot more python functions, simply because + // it is a rare tested scenario. + + free(plugin_ctx->callback_error); + free(plugin_ctx->plugin_path); + memset(plugin_ctx, 0, sizeof(*plugin_ctx)); + + python_debug_deregister(); + debug_return; +} + +PyObject * +python_plugin_api_call(struct PluginContext *plugin_ctx, const char *func_name, PyObject *py_args) +{ + debug_decl(python_plugin_api_call, PYTHON_DEBUG_PY_CALLS); + + // Note: call fails if py_args is an empty tuple. Passing no arguments works passing NULL + // instead. So having such must be handled as valid. (See policy_plugin.validate()) + if (py_args == NULL && PyErr_Occurred()) { + py_sudo_log(SUDO_CONV_ERROR_MSG, "Failed to build arguments for python plugin API call '%s'\n", func_name); + py_log_last_error(NULL); + debug_return_ptr(NULL); + } + + PyObject *py_callable = NULL; + py_callable = PyObject_GetAttrString(plugin_ctx->py_instance, func_name); + + if (py_callable == NULL) { + Py_CLEAR(py_args); + debug_return_ptr(NULL); + } + + py_debug_python_call(python_plugin_name(plugin_ctx), func_name, + py_args, NULL, PYTHON_DEBUG_PY_CALLS); + + PyObject *py_result = PyObject_CallObject(py_callable, py_args); + Py_CLEAR(py_args); + Py_CLEAR(py_callable); + + py_debug_python_result(python_plugin_name(plugin_ctx), func_name, + py_result, PYTHON_DEBUG_PY_CALLS); + + python_plugin_handle_plugin_error_exception(&py_result, plugin_ctx); + + if (PyErr_Occurred()) { + py_log_last_error(NULL); + } + + debug_return_ptr(py_result); +} + +int +python_plugin_rc_to_int(PyObject *py_result) +{ + debug_decl(python_plugin_rc_to_int, PYTHON_DEBUG_PY_CALLS); + if (py_result == NULL) + debug_return_int(SUDO_RC_ERROR); + + if (py_result == Py_None) + debug_return_int(SUDO_RC_OK); + + debug_return_int((int)PyLong_AsLong(py_result)); +} + +int +python_plugin_api_rc_call(struct PluginContext *plugin_ctx, const char *func_name, PyObject *py_args) +{ + debug_decl(python_plugin_api_rc_call, PYTHON_DEBUG_PY_CALLS); + + PyObject *py_result = python_plugin_api_call(plugin_ctx, func_name, py_args); + int rc = python_plugin_rc_to_int(py_result); + Py_XDECREF(py_result); + debug_return_int(rc); +} + +int +python_plugin_show_version(struct PluginContext *plugin_ctx, const char *python_callback_name, + int is_verbose, unsigned int plugin_api_version, const char *plugin_api_name) +{ + debug_decl(python_plugin_show_version, PYTHON_DEBUG_CALLBACKS); + + if (is_verbose) { + py_sudo_log(SUDO_CONV_INFO_MSG, "Python %s plugin (API %d.%d): %s (loaded from '%s')\n", + plugin_api_name, + SUDO_API_VERSION_GET_MAJOR(plugin_api_version), + SUDO_API_VERSION_GET_MINOR(plugin_api_version), + python_plugin_name(plugin_ctx), + plugin_ctx->plugin_path); + } + + int rc = SUDO_RC_OK; + if (PyObject_HasAttrString(plugin_ctx->py_instance, python_callback_name)) { + rc = python_plugin_api_rc_call(plugin_ctx, python_callback_name, + Py_BuildValue("(i)", is_verbose)); + } + + debug_return_int(rc); +} + +void +python_plugin_close(struct PluginContext *plugin_ctx, const char *callback_name, + PyObject *py_args) +{ + debug_decl(python_plugin_close, PYTHON_DEBUG_CALLBACKS); + + PyThreadState_Swap(plugin_ctx->py_interpreter); + + // Note, this should handle the case when init has failed + if (plugin_ctx->py_instance != NULL) { + if (!plugin_ctx->call_close) { + sudo_debug_printf(SUDO_DEBUG_INFO, "Skipping close call, because there was no command run\n"); + + } else if (!PyObject_HasAttrString(plugin_ctx->py_instance, callback_name)) { + sudo_debug_printf(SUDO_DEBUG_INFO, "Python plugin function 'close' is skipped (not present)\n"); + } else { + PyObject *py_result = python_plugin_api_call(plugin_ctx, callback_name, py_args); + py_args = NULL; // api call already freed it + Py_XDECREF(py_result); + } + } + + Py_CLEAR(py_args); + + if (PyErr_Occurred()) { + py_log_last_error(NULL); + } + + python_plugin_deinit(plugin_ctx); + + debug_return; +} + +void +python_plugin_mark_callback_optional(struct PluginContext *plugin_ctx, + const char *function_name, void **function) +{ + if (!PyObject_HasAttrString(plugin_ctx->py_instance, function_name)) { + debug_decl_vars(python_plugin_mark_callback_optional, PYTHON_DEBUG_PY_CALLS); + sudo_debug_printf(SUDO_DEBUG_INFO, "%s function '%s' is not implemented\n", + Py_TYPENAME(plugin_ctx->py_instance), function_name); + *function = NULL; + } +} + +const char * +python_plugin_name(struct PluginContext *plugin_ctx) +{ + debug_decl(python_plugin_name, PYTHON_DEBUG_INTERNAL); + + const char *name = "(NULL)"; + + if (plugin_ctx == NULL || !PyType_Check(plugin_ctx->py_class)) + debug_return_const_str(name); + + debug_return_const_str(((PyTypeObject *)(plugin_ctx->py_class))->tp_name); +} + +void python_plugin_unlink(void) __attribute__((destructor)); + +// this gets run only when sudo unlinks the python_plugin.so +void +python_plugin_unlink(void) +{ + debug_decl(python_plugin_unlink, PYTHON_DEBUG_INTERNAL); + if (py_ctx.py_main_interpreter == NULL) + return; + + if (Py_IsInitialized()) { + sudo_debug_printf(SUDO_DEBUG_NOTICE, "Closing: deinit python %zu subinterpreters\n", + py_ctx.interpreter_count); + for (size_t i = 0; i < py_ctx.interpreter_count; ++i) { + PyThreadState *py_interpreter = py_ctx.py_subinterpreters[i]; + PyThreadState_Swap(py_interpreter); + Py_EndInterpreter(py_interpreter); + } + + sudo_debug_printf(SUDO_DEBUG_NOTICE, "Closing: deinit main interpreter\n"); + + // we need to call finalize from the main interpreter + PyThreadState_Swap(py_ctx.py_main_interpreter); + + if (Py_FinalizeEx() != 0) { + sudo_debug_printf(SUDO_DEBUG_WARN, "Closing: failed to deinit python interpreter\n"); + } + + // Restore inittab so "sudo" module does not remain there (as garbage) + _restore_inittab(); + } + py_ctx_reset(); + debug_return; +} diff -Nru sudo-1.8.31/plugins/python/python_plugin_common.h sudo-1.9.0/plugins/python/python_plugin_common.h --- sudo-1.8.31/plugins/python/python_plugin_common.h 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/python_plugin_common.h 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,85 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019 Robert Manner + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef SUDO_PYTHON_PLUGIN_COMMON_H +#define SUDO_PYTHON_PLUGIN_COMMON_H + +#include "pyhelpers.h" + +struct PluginContext { + PyThreadState *py_interpreter; + PyObject *py_module; + PyObject *py_class; + PyObject *py_instance; + int call_close; + unsigned int sudo_api_version; + char *plugin_path; + + // We use this to let the error string live until sudo and the audit plugins + // are using it. + char *callback_error; +}; + +int python_plugin_register_logging(sudo_conv_t conversation, sudo_printf_t sudo_printf, char * const settings[]); + +int python_plugin_init(struct PluginContext *plugin_ctx, char * const plugin_options[], unsigned int version); + +int python_plugin_construct_custom(struct PluginContext *plugin_ctx, PyObject *py_kwargs); + +PyObject *python_plugin_construct_args(unsigned int version, char *const settings[], + char *const user_info[], char *const user_env[], char *const plugin_options[]); + +int python_plugin_construct(struct PluginContext *plugin_ctx, unsigned int version, + char *const settings[], char *const user_info[], + char *const user_env[], char *const plugin_options[]); + +void python_plugin_deinit(struct PluginContext *plugin_ctx); + +int python_plugin_show_version(struct PluginContext *plugin_ctx, + const char *python_callback_name, int isVerbose, unsigned int plugin_api_version, const char *plugin_api_name); + +CPYCHECKER_STEALS_REFERENCE_TO_ARG(3) +void python_plugin_close(struct PluginContext *plugin_ctx, const char *callback_name, + PyObject *py_args); + +CPYCHECKER_STEALS_REFERENCE_TO_ARG(3) +PyObject *python_plugin_api_call(struct PluginContext *plugin_ctx, + const char *func_name, PyObject *py_args); + +CPYCHECKER_STEALS_REFERENCE_TO_ARG(3) +int python_plugin_api_rc_call(struct PluginContext *plugin_ctx, + const char *func_name, PyObject *py_args); + +int python_plugin_rc_to_int(PyObject *py_result); + +void python_plugin_mark_callback_optional(struct PluginContext *plugin_ctx, + const char *function_name, void **function); + +const char *python_plugin_name(struct PluginContext *plugin_ctx); + +// sets the callback error stored in plugin_ctx into "errstr" but only if API +// version is enough and "errstr" is valid +#define CALLBACK_SET_ERROR(plugin_ctx, errstr) \ + do { \ + if ((plugin_ctx)->sudo_api_version >= SUDO_API_MKVERSION(1, 15) && errstr != NULL) { \ + if (errstr != NULL) \ + *errstr = (plugin_ctx)->callback_error; \ + } \ + } while(0) + +#endif // SUDO_PYTHON_PLUGIN_COMMON_H diff -Nru sudo-1.8.31/plugins/python/python_plugin_group.c sudo-1.9.0/plugins/python/python_plugin_group.c --- sudo-1.8.31/plugins/python/python_plugin_group.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/python_plugin_group.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,114 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019 Robert Manner + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include "python_plugin_common.h" + +static struct PluginContext plugin_ctx; + +extern struct sudoers_group_plugin group_plugin; + +#define PY_GROUP_PLUGIN_VERSION SUDO_API_MKVERSION(1, 0) + +#define CALLBACK_PLUGINFUNC(func_name) group_plugin.func_name +#define CALLBACK_CFUNC(func_name) python_plugin_group_ ## func_name + +// This also verifies compile time that the name matches the sudo plugin API. +#define CALLBACK_PYNAME(func_name) ((void)CALLBACK_PLUGINFUNC(func_name), #func_name) + + +int +python_plugin_group_init(int version, sudo_printf_t sudo_printf, char *const plugin_options[]) +{ + debug_decl(python_plugin_group_init, PYTHON_DEBUG_CALLBACKS); + + if (version < SUDO_API_MKVERSION(1, 0)) { + sudo_printf(SUDO_CONV_ERROR_MSG, + "Error: Python group plugin requires at least plugin API version 1.0\n"); + debug_return_int(SUDO_RC_ERROR); + } + + int rc = SUDO_RC_ERROR; + + rc = python_plugin_register_logging(NULL, sudo_printf, NULL); + if (rc != SUDO_RC_OK) + debug_return_int(rc); + + rc = python_plugin_init(&plugin_ctx, plugin_options, (unsigned int)version); + if (rc != SUDO_RC_OK) + debug_return_int(rc); + + PyObject *py_version = NULL, + *py_plugin_options = NULL, + *py_kwargs = NULL; + + if ((py_kwargs = PyDict_New()) == NULL || + (py_version = py_create_version(PY_GROUP_PLUGIN_VERSION)) == NULL || + (py_plugin_options = py_str_array_to_tuple(plugin_options)) == NULL || + PyDict_SetItemString(py_kwargs, "args", py_plugin_options) != 0 || + PyDict_SetItemString(py_kwargs, "version", py_version)) + { + py_log_last_error("Failed to construct arguments for plugin constructor call."); + rc = SUDO_RC_ERROR; + } else { + rc = python_plugin_construct_custom(&plugin_ctx, py_kwargs); + } + + Py_XDECREF(py_version); + Py_XDECREF(py_plugin_options); + Py_XDECREF(py_kwargs); + debug_return_int(rc); +} + +void +python_plugin_group_cleanup(void) +{ + debug_decl(python_plugin_group_cleanup, PYTHON_DEBUG_CALLBACKS); + PyThreadState_Swap(plugin_ctx.py_interpreter); + python_plugin_deinit(&plugin_ctx); +} + +int +python_plugin_group_query(const char *user, const char *group, const struct passwd *pwd) +{ + debug_decl(python_plugin_group_query, PYTHON_DEBUG_CALLBACKS); + + PyThreadState_Swap(plugin_ctx.py_interpreter); + + PyObject *py_pwd = py_from_passwd(pwd); + if (py_pwd == NULL) { + debug_return_int(SUDO_RC_ERROR); + } + + int rc = python_plugin_api_rc_call(&plugin_ctx, CALLBACK_PYNAME(query), + Py_BuildValue("(zzO)", user, group, py_pwd)); + Py_XDECREF(py_pwd); + + debug_return_int(rc); +} + +__dso_public struct sudoers_group_plugin group_plugin = { + GROUP_API_VERSION, + CALLBACK_CFUNC(init), + CALLBACK_CFUNC(cleanup), + CALLBACK_CFUNC(query) +}; diff -Nru sudo-1.8.31/plugins/python/python_plugin_io.c sudo-1.9.0/plugins/python/python_plugin_io.c --- sudo-1.8.31/plugins/python/python_plugin_io.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/python_plugin_io.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,277 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019 Robert Manner + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include "python_plugin_common.h" + +struct IOPluginContext +{ + struct PluginContext base_ctx; + struct io_plugin *io_plugin; +}; + +#define BASE_CTX(io_ctx) (&(io_ctx->base_ctx)) + +#define PY_IO_PLUGIN_VERSION SUDO_API_MKVERSION(1, 0) + +#define CALLBACK_PLUGINFUNC(func_name) io_ctx->io_plugin->func_name + +// This also verifies compile time that the name matches the sudo plugin API. +#define CALLBACK_PYNAME(func_name) ((void)CALLBACK_PLUGINFUNC(func_name), #func_name) + +#define MARK_CALLBACK_OPTIONAL(function_name) \ + do { \ + python_plugin_mark_callback_optional(plugin_ctx, CALLBACK_PYNAME(function_name), \ + (void **)&CALLBACK_PLUGINFUNC(function_name)); \ + } while(0) + + +static int +_call_plugin_open(struct IOPluginContext *io_ctx, int argc, char * const argv[], char * const command_info[]) +{ + debug_decl(_call_plugin_open, PYTHON_DEBUG_CALLBACKS); + struct PluginContext *plugin_ctx = BASE_CTX(io_ctx); + plugin_ctx->call_close = 1; + + if (!PyObject_HasAttrString(plugin_ctx->py_instance, CALLBACK_PYNAME(open))) { + debug_return_int(SUDO_RC_OK); + } + + int rc = SUDO_RC_ERROR; + PyObject *py_argv = py_str_array_to_tuple_with_count(argc, argv); + PyObject *py_command_info = py_str_array_to_tuple(command_info); + + if (py_argv != NULL && py_command_info != NULL) { + rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(open), + Py_BuildValue("(OO)", py_argv, py_command_info)); + } else { + rc = SUDO_RC_ERROR; + } + + if (rc != SUDO_RC_OK) + plugin_ctx->call_close = 0; + + Py_XDECREF(py_argv); + Py_XDECREF(py_command_info); + debug_return_int(rc); +} + +int +python_plugin_io_open(struct IOPluginContext *io_ctx, + unsigned int version, sudo_conv_t conversation, + sudo_printf_t sudo_printf, char * const settings[], + char * const user_info[], char * const command_info[], + int argc, char * const argv[], char * const user_env[], + char * const plugin_options[], const char **errstr) +{ + debug_decl(python_plugin_io_open, PYTHON_DEBUG_CALLBACKS); + + if (version < SUDO_API_MKVERSION(1, 2)) { + sudo_printf(SUDO_CONV_ERROR_MSG, + "Error: Python IO plugin requires at least plugin API version 1.2\n"); + debug_return_int(SUDO_RC_ERROR); + } + + int rc = python_plugin_register_logging(conversation, sudo_printf, settings); + if (rc != SUDO_RC_OK) + debug_return_int(rc); + + struct PluginContext *plugin_ctx = BASE_CTX(io_ctx); + rc = python_plugin_init(plugin_ctx, plugin_options, version); + + if (rc != SUDO_RC_OK) + debug_return_int(rc); + + rc = python_plugin_construct(plugin_ctx, PY_IO_PLUGIN_VERSION, + settings, user_info, user_env, plugin_options); + CALLBACK_SET_ERROR(plugin_ctx, errstr); + if (rc != SUDO_RC_OK) { + debug_return_int(rc); + } + + // skip plugin callbacks which are not mandatory + MARK_CALLBACK_OPTIONAL(log_ttyin); + MARK_CALLBACK_OPTIONAL(log_ttyout); + MARK_CALLBACK_OPTIONAL(log_stdin); + MARK_CALLBACK_OPTIONAL(log_stdout); + MARK_CALLBACK_OPTIONAL(log_stderr); + MARK_CALLBACK_OPTIONAL(change_winsize); + MARK_CALLBACK_OPTIONAL(log_suspend); + // open and close are mandatory + + if (argc > 0) // we only call open if there is request for running sg + rc = _call_plugin_open(io_ctx, argc, argv, command_info); + + CALLBACK_SET_ERROR(plugin_ctx, errstr); + debug_return_int(rc); +} + +void +python_plugin_io_close(struct IOPluginContext *io_ctx, int exit_status, int error) +{ + debug_decl(python_plugin_io_close, PYTHON_DEBUG_CALLBACKS); + python_plugin_close(BASE_CTX(io_ctx), CALLBACK_PYNAME(close), + Py_BuildValue("(ii)", error == 0 ? exit_status : -1, error)); + debug_return; +} + +int +python_plugin_io_show_version(struct IOPluginContext *io_ctx, int verbose) +{ + debug_decl(python_plugin_io_show_version, PYTHON_DEBUG_CALLBACKS); + + PyThreadState_Swap(BASE_CTX(io_ctx)->py_interpreter); + + debug_return_int(python_plugin_show_version(BASE_CTX(io_ctx), CALLBACK_PYNAME(show_version), + verbose, PY_IO_PLUGIN_VERSION, "io")); +} + +int +python_plugin_io_log_ttyin(struct IOPluginContext *io_ctx, const char *buf, unsigned int len, const char **errstr) +{ + debug_decl(python_plugin_io_log_ttyin, PYTHON_DEBUG_CALLBACKS); + struct PluginContext *plugin_ctx = BASE_CTX(io_ctx); + PyThreadState_Swap(plugin_ctx->py_interpreter); + int rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(log_ttyin), + Py_BuildValue("(s#)", buf, len)); + CALLBACK_SET_ERROR(plugin_ctx, errstr); + debug_return_int(rc); +} + +int +python_plugin_io_log_ttyout(struct IOPluginContext *io_ctx, const char *buf, unsigned int len, const char **errstr) +{ + debug_decl(python_plugin_io_log_ttyout, PYTHON_DEBUG_CALLBACKS); + struct PluginContext *plugin_ctx = BASE_CTX(io_ctx); + PyThreadState_Swap(plugin_ctx->py_interpreter); + int rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(log_ttyout), + Py_BuildValue("(s#)", buf, len)); + CALLBACK_SET_ERROR(plugin_ctx, errstr); + debug_return_int(rc); +} + +int +python_plugin_io_log_stdin(struct IOPluginContext *io_ctx, const char *buf, unsigned int len, const char **errstr) +{ + debug_decl(python_plugin_io_log_stdin, PYTHON_DEBUG_CALLBACKS); + struct PluginContext *plugin_ctx = BASE_CTX(io_ctx); + PyThreadState_Swap(plugin_ctx->py_interpreter); + int rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(log_stdin), + Py_BuildValue("(s#)", buf, len)); + CALLBACK_SET_ERROR(plugin_ctx, errstr); + debug_return_int(rc); +} + +int +python_plugin_io_log_stdout(struct IOPluginContext *io_ctx, const char *buf, unsigned int len, const char **errstr) +{ + debug_decl(python_plugin_io_log_stdout, PYTHON_DEBUG_CALLBACKS); + struct PluginContext *plugin_ctx = BASE_CTX(io_ctx); + PyThreadState_Swap(plugin_ctx->py_interpreter); + int rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(log_stdout), + Py_BuildValue("(s#)", buf, len)); + CALLBACK_SET_ERROR(plugin_ctx, errstr); + debug_return_int(rc); +} + +int +python_plugin_io_log_stderr(struct IOPluginContext *io_ctx, const char *buf, unsigned int len, const char **errstr) +{ + debug_decl(python_plugin_io_log_stderr, PYTHON_DEBUG_CALLBACKS); + struct PluginContext *plugin_ctx = BASE_CTX(io_ctx); + PyThreadState_Swap(plugin_ctx->py_interpreter); + int rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(log_stderr), + Py_BuildValue("(s#)", buf, len)); + CALLBACK_SET_ERROR(plugin_ctx, errstr); + debug_return_int(rc); +} + +int +python_plugin_io_change_winsize(struct IOPluginContext *io_ctx, unsigned int line, unsigned int cols, const char **errstr) +{ + debug_decl(python_plugin_io_change_winsize, PYTHON_DEBUG_CALLBACKS); + struct PluginContext *plugin_ctx = BASE_CTX(io_ctx); + PyThreadState_Swap(plugin_ctx->py_interpreter); + int rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(change_winsize), + Py_BuildValue("(ii)", line, cols)); + CALLBACK_SET_ERROR(plugin_ctx, errstr); + debug_return_int(rc); +} + +int +python_plugin_io_log_suspend(struct IOPluginContext *io_ctx, int signo, const char **errstr) +{ + debug_decl(python_plugin_io_log_suspend, PYTHON_DEBUG_CALLBACKS); + struct PluginContext *plugin_ctx = BASE_CTX(io_ctx); + PyThreadState_Swap(plugin_ctx->py_interpreter); + int rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(log_suspend), + Py_BuildValue("(i)", signo)); + CALLBACK_SET_ERROR(plugin_ctx, errstr); + debug_return_int(rc); +} + +// generate symbols for loading multiple io plugins: +__dso_public struct io_plugin python_io; +#define IO_SYMBOL_NAME(symbol) symbol +#include "python_plugin_io_multi.inc" +#define IO_SYMBOL_NAME(symbol) symbol##1 +#include "python_plugin_io_multi.inc" +#define IO_SYMBOL_NAME(symbol) symbol##2 +#include "python_plugin_io_multi.inc" +#define IO_SYMBOL_NAME(symbol) symbol##3 +#include "python_plugin_io_multi.inc" +#define IO_SYMBOL_NAME(symbol) symbol##4 +#include "python_plugin_io_multi.inc" +#define IO_SYMBOL_NAME(symbol) symbol##5 +#include "python_plugin_io_multi.inc" +#define IO_SYMBOL_NAME(symbol) symbol##6 +#include "python_plugin_io_multi.inc" +#define IO_SYMBOL_NAME(symbol) symbol##7 +#include "python_plugin_io_multi.inc" + +static struct io_plugin *extra_io_plugins[] = { + &python_io1, + &python_io2, + &python_io3, + &python_io4, + &python_io5, + &python_io6, + &python_io7 +}; + +__dso_public struct io_plugin * +python_io_clone(void) +{ + static size_t counter = 0; + struct io_plugin *next_plugin = NULL; + + size_t max = sizeof(extra_io_plugins) / sizeof(*extra_io_plugins); + if (counter < max) { + next_plugin = extra_io_plugins[counter]; + ++counter; + } else if (counter == max) { + ++counter; + py_sudo_log(SUDO_CONV_ERROR_MSG, "sudo: loading more than %d sudo python IO plugins is not supported\n", counter); + } + + return next_plugin; +} diff -Nru sudo-1.8.31/plugins/python/python_plugin_io_multi.inc sudo-1.9.0/plugins/python/python_plugin_io_multi.inc --- sudo-1.8.31/plugins/python/python_plugin_io_multi.inc 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/python_plugin_io_multi.inc 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,99 @@ +/* The purpose of this file is to generate a io_plugin symbols, + * with an I/O plugin context which is unique to it and its functions. + * The callbacks inside are just wrappers around the real functions in python_plugin_io.c, + * their only purpose is to add the unique context to each separate io_plugin call. + */ + +#define PLUGIN_CTX IO_SYMBOL_NAME(plugin_ctx) +#define CALLBACK_CFUNC(func_name) IO_SYMBOL_NAME(_python_plugin_io_ ## func_name) + +extern struct io_plugin IO_SYMBOL_NAME(python_io); +static struct IOPluginContext PLUGIN_CTX = { {}, &IO_SYMBOL_NAME(python_io) }; + +int +CALLBACK_CFUNC(open)( + unsigned int version, sudo_conv_t conversation, + sudo_printf_t sudo_printf, char * const settings[], + char * const user_info[], char * const command_info[], + int argc, char * const argv[], char * const user_env[], + char * const plugin_options[], const char **errstr) +{ + return python_plugin_io_open(&PLUGIN_CTX, version, conversation, + sudo_printf, settings, user_info, command_info, argc, argv, user_env, plugin_options, errstr); +} + +void +CALLBACK_CFUNC(close)(int exit_status, int error) +{ + python_plugin_io_close(&PLUGIN_CTX, exit_status, error); +} + +int +CALLBACK_CFUNC(show_version)(int verbose) +{ + return python_plugin_io_show_version(&PLUGIN_CTX, verbose); +} + +int +CALLBACK_CFUNC(log_ttyin)(const char *buf, unsigned int len, const char **errstr) +{ + return python_plugin_io_log_ttyin(&PLUGIN_CTX, buf, len, errstr); +} + +int +CALLBACK_CFUNC(log_ttyout)(const char *buf, unsigned int len, const char **errstr) +{ + return python_plugin_io_log_ttyout(&PLUGIN_CTX, buf, len, errstr); +} + +int +CALLBACK_CFUNC(log_stdin)(const char *buf, unsigned int len, const char **errstr) +{ + return python_plugin_io_log_stdin(&PLUGIN_CTX, buf, len, errstr); +} + +int +CALLBACK_CFUNC(log_stdout)(const char *buf, unsigned int len, const char **errstr) +{ + return python_plugin_io_log_stdout(&PLUGIN_CTX, buf, len, errstr); +} + +int +CALLBACK_CFUNC(log_stderr)(const char *buf, unsigned int len, const char **errstr) +{ + return python_plugin_io_log_stderr(&PLUGIN_CTX, buf, len, errstr); +} + +int +CALLBACK_CFUNC(change_winsize)(unsigned int line, unsigned int cols, const char **errstr) +{ + return python_plugin_io_change_winsize(&PLUGIN_CTX, line, cols, errstr); +} + +int +CALLBACK_CFUNC(log_suspend)(int signo, const char **errstr) +{ + return python_plugin_io_log_suspend(&PLUGIN_CTX, signo, errstr); +} + +struct io_plugin IO_SYMBOL_NAME(python_io) = { + SUDO_IO_PLUGIN, + SUDO_API_VERSION, + CALLBACK_CFUNC(open), + CALLBACK_CFUNC(close), + CALLBACK_CFUNC(show_version), + CALLBACK_CFUNC(log_ttyin), + CALLBACK_CFUNC(log_ttyout), + CALLBACK_CFUNC(log_stdin), + CALLBACK_CFUNC(log_stdout), + CALLBACK_CFUNC(log_stderr), + NULL, // register_hooks, + NULL, // deregister_hooks, + CALLBACK_CFUNC(change_winsize), + CALLBACK_CFUNC(log_suspend), + NULL // event_alloc +}; + +#undef PLUGIN_CTX +#undef CALLBACK_CFUNC +#undef IO_SYMBOL_NAME diff -Nru sudo-1.8.31/plugins/python/python_plugin_policy.c sudo-1.9.0/plugins/python/python_plugin_policy.c --- sudo-1.8.31/plugins/python/python_plugin_policy.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/python_plugin_policy.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,290 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019 Robert Manner + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include "python_plugin_common.h" + + +static struct PluginContext plugin_ctx; + +extern struct policy_plugin python_policy; + +#define PY_POLICY_PLUGIN_VERSION SUDO_API_MKVERSION(1, 0) + +#define CALLBACK_PLUGINFUNC(func_name) python_policy.func_name +#define CALLBACK_CFUNC(func_name) python_plugin_policy_ ## func_name + +// This also verifies compile time that the name matches the sudo plugin API. +#define CALLBACK_PYNAME(func_name) ((void)CALLBACK_PLUGINFUNC(func_name), #func_name) + +#define MARK_CALLBACK_OPTIONAL(function_name) \ + do { \ + python_plugin_mark_callback_optional(&plugin_ctx, CALLBACK_PYNAME(function_name), \ + (void **)&CALLBACK_PLUGINFUNC(function_name)); \ + } while(0) + + +static int +python_plugin_policy_open(unsigned int version, sudo_conv_t conversation, + sudo_printf_t sudo_printf, char * const settings[], + char * const user_info[], char * const user_env[], + char * const plugin_options[], const char **errstr) +{ + debug_decl(python_plugin_policy_open, PYTHON_DEBUG_CALLBACKS); + + if (version < SUDO_API_MKVERSION(1, 2)) { + sudo_printf(SUDO_CONV_ERROR_MSG, + "Error: Python policy plugin requires at least plugin API version 1.2\n"); + debug_return_int(SUDO_RC_ERROR); + } + + int rc = python_plugin_register_logging(conversation, sudo_printf, settings); + if (rc != SUDO_RC_OK) + debug_return_int(rc); + + rc = python_plugin_init(&plugin_ctx, plugin_options, version); + if (rc != SUDO_RC_OK) + debug_return_int(rc); + + rc = python_plugin_construct(&plugin_ctx, PY_POLICY_PLUGIN_VERSION, settings, + user_info, user_env, plugin_options); + CALLBACK_SET_ERROR(&plugin_ctx, errstr); + if (rc != SUDO_RC_OK) { + debug_return_int(rc); + } + + // skip plugin callbacks which are not mandatory + MARK_CALLBACK_OPTIONAL(list); + MARK_CALLBACK_OPTIONAL(validate); + MARK_CALLBACK_OPTIONAL(invalidate); + MARK_CALLBACK_OPTIONAL(init_session); + // check_policy, open and close are mandatory + + debug_return_int(rc); +} + +static void +python_plugin_policy_close(int exit_status, int error) +{ + debug_decl(python_plugin_policy_close, PYTHON_DEBUG_CALLBACKS); + python_plugin_close(&plugin_ctx, CALLBACK_PYNAME(close), + Py_BuildValue("(ii)", error == 0 ? exit_status : -1, error)); + debug_return; +} + +static int +python_plugin_policy_check(int argc, char * const argv[], + char *env_add[], char **command_info_out[], + char **argv_out[], char **user_env_out[], const char **errstr) +{ + debug_decl(python_plugin_policy_check, PYTHON_DEBUG_CALLBACKS); + int rc = SUDO_RC_ERROR; + + PyThreadState_Swap(plugin_ctx.py_interpreter); + + *command_info_out = *argv_out = *user_env_out = NULL; + + PyObject *py_argv = py_str_array_to_tuple_with_count(argc, argv); + + PyObject *py_env_add = py_str_array_to_tuple(env_add); + PyObject *py_result = NULL; + + if (py_argv == NULL || py_env_add == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR, "Failed to create some of the arguments for the python call " + "(py_argv=%p py_env_add=%p)\n", (void *)py_argv, (void *)py_env_add); + goto cleanup; + } + + py_result = python_plugin_api_call(&plugin_ctx, CALLBACK_PYNAME(check_policy), + Py_BuildValue("(OO)", py_argv, py_env_add)); + CALLBACK_SET_ERROR(&plugin_ctx, errstr); + if (py_result == NULL) + goto cleanup; + + PyObject *py_rc = NULL, + *py_command_info_out = NULL, + *py_argv_out = NULL, + *py_user_env_out = NULL; + if (PyTuple_Check(py_result)) + { + if (!PyArg_ParseTuple(py_result, "O!|O!O!O!:python_plugin.check_policy", + &PyLong_Type, &py_rc, + &PyTuple_Type, &py_command_info_out, + &PyTuple_Type, &py_argv_out, + &PyTuple_Type, &py_user_env_out)) + { + rc = SUDO_RC_ERROR; + goto cleanup; + } + } else { + py_rc = py_result; + } + + if (py_command_info_out != NULL) + *command_info_out = py_str_array_from_tuple(py_command_info_out); + + if (py_argv_out != NULL) + *argv_out = py_str_array_from_tuple(py_argv_out); + + if (py_user_env_out != NULL) + *user_env_out = py_str_array_from_tuple(py_user_env_out); + + rc = python_plugin_rc_to_int(py_rc); + +cleanup: + if (PyErr_Occurred()) { + py_log_last_error(NULL); + rc = SUDO_RC_ERROR; + free(*command_info_out); + free(*argv_out); + free(*user_env_out); + *command_info_out = *argv_out = *user_env_out = NULL; + } + + Py_XDECREF(py_argv); + Py_XDECREF(py_env_add); + Py_XDECREF(py_result); + + if (rc == SUDO_RC_ACCEPT) + plugin_ctx.call_close = 1; + + debug_return_int(rc); +} + +static int +python_plugin_policy_list(int argc, char * const argv[], int verbose, const char *list_user, const char **errstr) +{ + debug_decl(python_plugin_policy_list, PYTHON_DEBUG_CALLBACKS); + + PyThreadState_Swap(plugin_ctx.py_interpreter); + + PyObject *py_argv = py_str_array_to_tuple_with_count(argc, argv); + if (py_argv == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR, "%s: Failed to create argv argument for the python call\n", __func__); + debug_return_int(SUDO_RC_ERROR); + } + + int rc = python_plugin_api_rc_call(&plugin_ctx, CALLBACK_PYNAME(list), + Py_BuildValue("(Oiz)", py_argv, verbose, list_user)); + + Py_XDECREF(py_argv); + + CALLBACK_SET_ERROR(&plugin_ctx, errstr); + debug_return_int(rc); +} + +static int +python_plugin_policy_version(int verbose) +{ + debug_decl(python_plugin_policy_version, PYTHON_DEBUG_CALLBACKS); + + PyThreadState_Swap(plugin_ctx.py_interpreter); + + debug_return_int(python_plugin_show_version(&plugin_ctx, CALLBACK_PYNAME(show_version), + verbose, PY_POLICY_PLUGIN_VERSION, "policy")); +} + +int +python_plugin_policy_validate(const char **errstr) +{ + debug_decl(python_plugin_policy_validate, PYTHON_DEBUG_CALLBACKS); + PyThreadState_Swap(plugin_ctx.py_interpreter); + int rc = python_plugin_api_rc_call(&plugin_ctx, CALLBACK_PYNAME(validate), NULL); + CALLBACK_SET_ERROR(&plugin_ctx, errstr); + debug_return_int(rc); +} + +void +python_plugin_policy_invalidate(int remove) +{ + debug_decl(python_plugin_policy_invalidate, PYTHON_DEBUG_CALLBACKS); + PyThreadState_Swap(plugin_ctx.py_interpreter); + python_plugin_api_rc_call(&plugin_ctx, CALLBACK_PYNAME(invalidate), + Py_BuildValue("(i)", remove)); + debug_return; +} + +int +python_plugin_policy_init_session(struct passwd *pwd, char **user_env[], const char **errstr) +{ + debug_decl(python_plugin_policy_init_session, PYTHON_DEBUG_CALLBACKS); + int rc = SUDO_RC_ERROR; + PyThreadState_Swap(plugin_ctx.py_interpreter); + PyObject *py_pwd = NULL, *py_user_env = NULL, *py_result = NULL; + + py_pwd = py_from_passwd(pwd); + if (py_pwd == NULL) + goto cleanup; + + py_user_env = py_str_array_to_tuple(*user_env); + if (py_user_env == NULL) + goto cleanup; + + py_result = python_plugin_api_call(&plugin_ctx, CALLBACK_PYNAME(init_session), + Py_BuildValue("(OO)", py_pwd, py_user_env)); + CALLBACK_SET_ERROR(&plugin_ctx, errstr); + if (py_result == NULL) + goto cleanup; + + PyObject *py_user_env_out = NULL, *py_rc = NULL; + if (PyTuple_Check(py_result)) { + if (!PyArg_ParseTuple(py_result, "O!|O!:python_plugin.init_session", + &PyLong_Type, &py_rc, + &PyTuple_Type, &py_user_env_out)) { + goto cleanup; + } + } else { + py_rc = py_result; + } + + if (py_user_env_out != NULL) { + str_array_free(user_env); + *user_env = py_str_array_from_tuple(py_user_env_out); + if (*user_env == NULL) + goto cleanup; + } + + rc = python_plugin_rc_to_int(py_rc); + +cleanup: + Py_XDECREF(py_pwd); + Py_XDECREF(py_user_env); + Py_XDECREF(py_result); + + debug_return_int(rc); +} + +__dso_public struct policy_plugin python_policy = { + SUDO_POLICY_PLUGIN, + SUDO_API_VERSION, + CALLBACK_CFUNC(open), + CALLBACK_CFUNC(close), + CALLBACK_CFUNC(version), + CALLBACK_CFUNC(check), + CALLBACK_CFUNC(list), + CALLBACK_CFUNC(validate), + CALLBACK_CFUNC(invalidate), + CALLBACK_CFUNC(init_session), + NULL, /* register_hooks */ + NULL, /* deregister_hooks */ + NULL /* event_alloc */ +}; diff -Nru sudo-1.8.31/plugins/python/regress/check_python_examples.c sudo-1.9.0/plugins/python/regress/check_python_examples.c --- sudo-1.8.31/plugins/python/regress/check_python_examples.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/check_python_examples.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,1599 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2020 Robert Manner + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include "testhelpers.h" + +#include "sudo_dso.h" + +#define DECL_PLUGIN(type, variable_name) \ + static struct type *variable_name = NULL; \ + static struct type variable_name ## _original + +#define RESTORE_PYTHON_PLUGIN(variable_name) \ + memcpy(variable_name, &(variable_name ## _original), sizeof(variable_name ## _original)) + +#define SAVE_PYTHON_PLUGIN(variable_name) \ + memcpy(&(variable_name ## _original), variable_name, sizeof(variable_name ## _original)) + +static const char *python_plugin_so_path = NULL; +static void *python_plugin_handle = NULL; +DECL_PLUGIN(io_plugin, python_io); +DECL_PLUGIN(policy_plugin, python_policy); +DECL_PLUGIN(approval_plugin, python_approval); +DECL_PLUGIN(audit_plugin, python_audit); +DECL_PLUGIN(sudoers_group_plugin, group_plugin); + +static struct passwd example_pwd; + +static int _init_symbols(void); +static int _unlink_symbols(void); + +void +create_plugin_options(const char *module_name, const char *class_name, const char *extra_option) +{ + char opt_module_path[PATH_MAX + 256]; + char opt_classname[PATH_MAX + 256]; + snprintf(opt_module_path, sizeof(opt_module_path), + "ModulePath=" SRC_DIR "/%s.py", module_name); + + snprintf(opt_classname, sizeof(opt_classname), "ClassName=%s", class_name); + + str_array_free(&data.plugin_options); + size_t count = 3 + (extra_option != NULL); + data.plugin_options = create_str_array(count, opt_module_path, + opt_classname, extra_option, NULL); +} + +void +create_io_plugin_options(const char *log_path) +{ + char opt_logpath[PATH_MAX + 16]; + snprintf(opt_logpath, sizeof(opt_logpath), "LogPath=%s", log_path); + create_plugin_options("example_io_plugin", "SudoIOPlugin", opt_logpath); +} + +void +create_debugging_plugin_options(void) +{ + create_plugin_options("example_debugging", "DebugDemoPlugin", NULL); +} + +void +create_audit_plugin_options(const char *extra_argument) +{ + create_plugin_options("example_audit_plugin", "SudoAuditPlugin", extra_argument); +} + +void +create_conversation_plugin_options(void) +{ + char opt_logpath[PATH_MAX + 16]; + snprintf(opt_logpath, sizeof(opt_logpath), "LogPath=%s", data.tmp_dir); + create_plugin_options("example_conversation", "ReasonLoggerIOPlugin", opt_logpath); +} + +void +create_policy_plugin_options(void) +{ + create_plugin_options("example_policy_plugin", "SudoPolicyPlugin", NULL); +} + +int +init(void) +{ + // always start each test from clean state + memset(&data, 0, sizeof(data)); + + memset(&example_pwd, 0, sizeof(example_pwd)); + example_pwd.pw_name = "pw_name"; + example_pwd.pw_passwd = "pw_passwd"; + example_pwd.pw_gecos = "pw_gecos"; + example_pwd.pw_shell ="pw_shell"; + example_pwd.pw_dir = "pw_dir"; + example_pwd.pw_uid = (uid_t)1001; + example_pwd.pw_gid = (gid_t)101; + + VERIFY_TRUE(asprintf(&data.tmp_dir, TEMP_PATH_TEMPLATE) >= 0); + VERIFY_NOT_NULL(mkdtemp(data.tmp_dir)); + + // by default we test in developer mode, so the python plugin can be loaded + sudo_conf_clear_paths(); + VERIFY_INT(sudo_conf_read(sudo_conf_developer_mode, SUDO_CONF_ALL), true); + VERIFY_TRUE(sudo_conf_developer_mode()); + + // some default values for the plugin open: + data.settings = create_str_array(1, NULL); + data.user_info = create_str_array(1, NULL); + data.command_info = create_str_array(1, NULL); + data.plugin_argc = 0; + data.plugin_argv = create_str_array(1, NULL); + data.user_env = create_str_array(1, NULL); + + VERIFY_TRUE(_init_symbols()); + return true; +} + +int +cleanup(int success) +{ + if (!success) { + printf("\nThe output of the plugin:\n%s", data.stdout_str); + printf("\nThe error output of the plugin:\n%s", data.stderr_str); + } + + VERIFY_TRUE(rmdir_recursive(data.tmp_dir)); + if (data.tmp_dir2) { + VERIFY_TRUE(rmdir_recursive(data.tmp_dir2)); + } + + free(data.tmp_dir); + free(data.tmp_dir2); + + str_array_free(&data.settings); + str_array_free(&data.user_info); + str_array_free(&data.command_info); + str_array_free(&data.plugin_argv); + str_array_free(&data.user_env); + str_array_free(&data.plugin_options); + + return true; +} + +int +check_example_io_plugin_version_display(int is_verbose) +{ + const char *errstr = NULL; + create_io_plugin_options(data.tmp_dir); + + VERIFY_INT(python_io->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, + data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, data.user_env, + data.plugin_options, &errstr), SUDO_RC_OK); + VERIFY_INT(python_io->show_version(is_verbose), SUDO_RC_OK); + + python_io->close(0, 0); // this should not call the python plugin close as there was no command run invocation + + if (is_verbose) { + // Note: the exact python version is environment dependent + VERIFY_STR_CONTAINS(data.stdout_str, "Python interpreter version:"); + *strstr(data.stdout_str, "Python interpreter version:") = '\0'; + VERIFY_STDOUT(expected_path("check_example_io_plugin_version_display_full.stdout")); + } else { + VERIFY_STDOUT(expected_path("check_example_io_plugin_version_display.stdout")); + } + + VERIFY_STDERR(expected_path("check_example_io_plugin_version_display.stderr")); + VERIFY_FILE("sudo.log", expected_path("check_example_io_plugin_version_display.stored")); + + return true; +} + +int +check_example_io_plugin_command_log(void) +{ + const char *errstr = NULL; + create_io_plugin_options(data.tmp_dir); + + str_array_free(&data.plugin_argv); + data.plugin_argc = 2; + data.plugin_argv = create_str_array(3, "id", "--help", NULL); + + str_array_free(&data.command_info); + data.command_info = create_str_array(3, "command=/bin/id", "runas_uid=0", NULL); + + VERIFY_INT(python_io->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, + data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + VERIFY_INT(python_io->log_stdin("some standard input", strlen("some standard input"), &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + VERIFY_INT(python_io->log_stdout("some standard output", strlen("some standard output"), &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + VERIFY_INT(python_io->log_stderr("some standard error", strlen("some standard error"), &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + VERIFY_INT(python_io->log_suspend(SIGTSTP, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + VERIFY_INT(python_io->log_suspend(SIGCONT, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + VERIFY_INT(python_io->change_winsize(200, 100, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + VERIFY_INT(python_io->log_ttyin("some tty input", strlen("some tty input"), &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + VERIFY_INT(python_io->log_ttyout("some tty output", strlen("some tty output"), &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + python_io->close(1, 0); // successful execution, command returned 1 + + VERIFY_STDOUT(expected_path("check_example_io_plugin_command_log.stdout")); + VERIFY_STDERR(expected_path("check_example_io_plugin_command_log.stderr")); + VERIFY_FILE("sudo.log", expected_path("check_example_io_plugin_command_log.stored")); + + return true; +} + +typedef struct io_plugin * (io_clone_func)(void); + +int +check_example_io_plugin_command_log_multiple(void) +{ + const char *errstr = NULL; + + // verify multiple python io plugin symbols are available + io_clone_func *python_io_clone = (io_clone_func *)sudo_dso_findsym(python_plugin_handle, "python_io_clone"); + VERIFY_PTR_NE(python_io_clone, NULL); + + struct io_plugin *python_io2 = NULL; + + for (int i = 0; i < 7; ++i) { + python_io2 = (*python_io_clone)(); + VERIFY_PTR_NE(python_io2, NULL); + VERIFY_PTR_NE(python_io2, python_io); + } + + // open the first plugin and let it log to tmp_dir + create_io_plugin_options(data.tmp_dir); + + str_array_free(&data.plugin_argv); + data.plugin_argc = 2; + data.plugin_argv = create_str_array(3, "id", "--help", NULL); + + str_array_free(&data.command_info); + data.command_info = create_str_array(3, "command=/bin/id", "runas_uid=0", NULL); + + VERIFY_INT(python_io->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, + data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + // For verifying the error message of no more plugin. It should be displayed only once. + VERIFY_PTR((*python_io_clone)(), NULL); + VERIFY_PTR((*python_io_clone)(), NULL); + + // open the second plugin with another log directory + VERIFY_TRUE(asprintf(&data.tmp_dir2, TEMP_PATH_TEMPLATE) >= 0); + VERIFY_NOT_NULL(mkdtemp(data.tmp_dir2)); + create_io_plugin_options(data.tmp_dir2); + + str_array_free(&data.plugin_argv); + data.plugin_argc = 1; + data.plugin_argv = create_str_array(2, "whoami", NULL); + + str_array_free(&data.command_info); + data.command_info = create_str_array(3, "command=/bin/whoami", "runas_uid=1", NULL); + + VERIFY_INT(python_io2->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, + data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + VERIFY_INT(python_io->log_stdin("stdin for plugin 1", strlen("stdin for plugin 1"), &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + VERIFY_INT(python_io2->log_stdin("stdin for plugin 2", strlen("stdin for plugin 2"), &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + VERIFY_INT(python_io->log_stdout("stdout for plugin 1", strlen("stdout for plugin 1"), &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + VERIFY_INT(python_io2->log_stdout("stdout for plugin 2", strlen("stdout for plugin 2"), &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + VERIFY_INT(python_io->log_stderr("stderr for plugin 1", strlen("stderr for plugin 1"), &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + VERIFY_INT(python_io2->log_stderr("stderr for plugin 2", strlen("stderr for plugin 2"), &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + VERIFY_INT(python_io->log_suspend(SIGTSTP, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + VERIFY_INT(python_io2->log_suspend(SIGSTOP, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + VERIFY_INT(python_io->log_suspend(SIGCONT, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + VERIFY_INT(python_io2->log_suspend(SIGCONT, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + VERIFY_INT(python_io->change_winsize(20, 10, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + VERIFY_INT(python_io2->change_winsize(30, 40, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + VERIFY_INT(python_io->log_ttyin("tty input for plugin 1", strlen("tty input for plugin 1"), &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + VERIFY_INT(python_io2->log_ttyin("tty input for plugin 2", strlen("tty input for plugin 2"), &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + VERIFY_INT(python_io->log_ttyout("tty output for plugin 1", strlen("tty output for plugin 1"), &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + VERIFY_INT(python_io2->log_ttyout("tty output for plugin 2", strlen("tty output for plugin 2"), &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + python_io->close(1, 0); // successful execution, command returned 1 + python_io2->close(2, 0); // command returned 2 + + VERIFY_STDOUT(expected_path("check_example_io_plugin_command_log_multiple.stdout")); + VERIFY_STDERR(expected_path("check_example_io_plugin_command_log_multiple.stderr")); + VERIFY_FILE("sudo.log", expected_path("check_example_io_plugin_command_log_multiple1.stored")); + VERIFY_TRUE(verify_file(data.tmp_dir2, "sudo.log", expected_path("check_example_io_plugin_command_log_multiple2.stored"))); + + return true; +} + +int +check_example_io_plugin_failed_to_start_command(void) +{ + const char *errstr = NULL; + + create_io_plugin_options(data.tmp_dir); + + str_array_free(&data.plugin_argv); + data.plugin_argc = 1; + data.plugin_argv = create_str_array(2, "cmd", NULL); + + str_array_free(&data.command_info); + data.command_info = create_str_array(3, "command=/usr/share/cmd", "runas_uid=0", NULL); + + VERIFY_INT(python_io->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, + data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + python_io->close(0, EPERM); // execve returned with error + + VERIFY_STDOUT(expected_path("check_example_io_plugin_failed_to_start_command.stdout")); + VERIFY_STDERR(expected_path("check_example_io_plugin_failed_to_start_command.stderr")); + VERIFY_FILE("sudo.log", expected_path("check_example_io_plugin_failed_to_start_command.stored")); + + return true; +} + +int +check_example_io_plugin_fails_with_python_backtrace(void) +{ + const char *errstr = NULL; + + create_io_plugin_options("/some/not/writable/directory"); + + VERIFY_INT(python_io->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, + data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, + data.user_env, data.plugin_options, &errstr), SUDO_RC_ERROR); + VERIFY_PTR(errstr, NULL); + + VERIFY_STDOUT(expected_path("check_example_io_plugin_fails_with_python_backtrace.stdout")); + VERIFY_STDERR(expected_path("check_example_io_plugin_fails_with_python_backtrace.stderr")); + + python_io->close(0, 0); + return true; +} + +int +check_io_plugin_reports_error(void) +{ + const char *errstr = NULL; + str_array_free(&data.plugin_options); + data.plugin_options = create_str_array( + 3, + "ModulePath=" SRC_DIR "/regress/plugin_errorstr.py", + "ClassName=ConstructErrorPlugin", + NULL + ); + + VERIFY_INT(python_io->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, + data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, + data.user_env, data.plugin_options, &errstr), SUDO_RC_ERROR); + + VERIFY_STR(errstr, "Something wrong in plugin constructor"); + errstr = NULL; + + python_io->close(0, 0); + + str_array_free(&data.plugin_options); + data.plugin_options = create_str_array( + 3, + "ModulePath=" SRC_DIR "/regress/plugin_errorstr.py", + "ClassName=ErrorMsgPlugin", + NULL + ); + + VERIFY_INT(python_io->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, + data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + VERIFY_INT(python_io->log_stdin("", 0, &errstr), SUDO_RC_ERROR); + VERIFY_STR(errstr, "Something wrong in log_stdin"); + + errstr = (void *)13; + VERIFY_INT(python_io->log_stdout("", 0, &errstr), SUDO_RC_ERROR); + VERIFY_STR(errstr, "Something wrong in log_stdout"); + + errstr = NULL; + VERIFY_INT(python_io->log_stderr("", 0, &errstr), SUDO_RC_ERROR); + VERIFY_STR(errstr, "Something wrong in log_stderr"); + + errstr = NULL; + VERIFY_INT(python_io->log_ttyin("", 0, &errstr), SUDO_RC_ERROR); + VERIFY_STR(errstr, "Something wrong in log_ttyin"); + + errstr = NULL; + VERIFY_INT(python_io->log_ttyout("", 0, &errstr), SUDO_RC_ERROR); + VERIFY_STR(errstr, "Something wrong in log_ttyout"); + + errstr = NULL; + VERIFY_INT(python_io->log_suspend(SIGTSTP, &errstr), SUDO_RC_ERROR); + VERIFY_STR(errstr, "Something wrong in log_suspend"); + + errstr = NULL; + VERIFY_INT(python_io->change_winsize(200, 100, &errstr), SUDO_RC_ERROR); + VERIFY_STR(errstr, "Something wrong in change_winsize"); + + python_io->close(0, 0); + + VERIFY_STR(data.stderr_str, ""); + VERIFY_STR(data.stdout_str, ""); + return true; +} + +int +check_example_group_plugin(void) +{ + create_plugin_options("example_group_plugin", "SudoGroupPlugin", NULL); + + VERIFY_INT(group_plugin->init(GROUP_API_VERSION, fake_printf, data.plugin_options), SUDO_RC_OK); + + VERIFY_INT(group_plugin->query("test", "mygroup", NULL), SUDO_RC_OK); + VERIFY_INT(group_plugin->query("testuser2", "testgroup", NULL), SUDO_RC_OK); + VERIFY_INT(group_plugin->query("testuser2", "mygroup", NULL), SUDO_RC_REJECT); + VERIFY_INT(group_plugin->query("test", "testgroup", NULL), SUDO_RC_REJECT); + + group_plugin->cleanup(); + VERIFY_STR(data.stderr_str, ""); + VERIFY_STR(data.stdout_str, ""); + return true; +} + +const char * +create_debug_config(const char *debug_spec) +{ + char *result = NULL; + + static char config_path[PATH_MAX] = "/"; + snprintf(config_path, sizeof(config_path), "%s/sudo.conf", data.tmp_dir); + + char *content = NULL; + if (asprintf(&content, "Set developer_mode true\n" + "Debug %s %s/debug.log %s\n", + "python_plugin.so", data.tmp_dir, debug_spec) < 0) + { + printf("Failed to allocate string\n"); + goto cleanup; + } + + if (fwriteall(config_path, content) != true) { + printf("Failed to write '%s'\n", config_path); + goto cleanup; + } + + result = config_path; + +cleanup: + free(content); + + return result; +} + +int +check_example_group_plugin_is_able_to_debug(void) +{ + const char *config_path = create_debug_config("py_calls@diag"); + VERIFY_NOT_NULL(config_path); + VERIFY_INT(sudo_conf_read(config_path, SUDO_CONF_ALL), true); + + create_plugin_options("example_group_plugin", "SudoGroupPlugin", NULL); + + group_plugin->init(GROUP_API_VERSION, fake_printf, data.plugin_options); + + group_plugin->query("user", "group", &example_pwd); + + group_plugin->cleanup(); + + VERIFY_STR(data.stderr_str, ""); + VERIFY_STR(data.stdout_str, ""); + + VERIFY_LOG_LINES(expected_path("check_example_group_plugin_is_able_to_debug.log")); + + return true; +} + +int +check_plugin_unload(void) +{ + // You can call this test to avoid having a lot of subinterpreters + // (each plugin->open starts one, and only plugin unlink closes) + // It only verifies that python was shut down correctly. + VERIFY_TRUE(Py_IsInitialized()); + VERIFY_TRUE(_unlink_symbols()); + VERIFY_FALSE(Py_IsInitialized()); // python interpreter could be stopped + return true; +} + +int +check_example_debugging(const char *debug_spec) +{ + const char *errstr = NULL; + const char *config_path = create_debug_config(debug_spec); + VERIFY_NOT_NULL(config_path); + VERIFY_INT(sudo_conf_read(config_path, SUDO_CONF_ALL), true); + + create_debugging_plugin_options(); + + str_array_free(&data.settings); + char *debug_flags_setting = NULL; + VERIFY_TRUE(asprintf(&debug_flags_setting, "debug_flags=%s/debug.log %s", data.tmp_dir, debug_spec) >= 0); + + data.settings = create_str_array(3, debug_flags_setting, "plugin_path=python_plugin.so", NULL); + + VERIFY_INT(python_io->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, + data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + python_io->close(0, 0); + + VERIFY_STR(data.stderr_str, ""); + VERIFY_STR(data.stdout_str, ""); + + VERIFY_LOG_LINES(expected_path("check_example_debugging_%s.log", debug_spec)); + + free(debug_flags_setting); + return true; +} + +int +check_loading_fails(const char *name) +{ + const char *errstr = NULL; + + VERIFY_INT(python_io->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, + data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, + data.user_env, data.plugin_options, &errstr), SUDO_RC_ERROR); + VERIFY_PTR(errstr, NULL); + python_io->close(0, 0); + + VERIFY_STDOUT(expected_path("check_loading_fails_%s.stdout", name)); + VERIFY_STDERR(expected_path("check_loading_fails_%s.stderr", name)); + + return true; +} + +int +check_loading_fails_with_missing_path(void) +{ + str_array_free(&data.plugin_options); + data.plugin_options = create_str_array(2, "ClassName=DebugDemoPlugin", NULL); + return check_loading_fails("missing_path"); +} + +int +check_loading_succeeds_with_missing_classname(void) +{ + str_array_free(&data.plugin_options); + data.plugin_options = create_str_array(2, "ModulePath=" SRC_DIR "/example_debugging.py", NULL); + + const char *errstr = NULL; + + VERIFY_INT(python_io->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, + data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + VERIFY_INT(python_io->show_version(1), SUDO_RC_OK); + python_io->close(0, 0); + + VERIFY_STDOUT(expected_path("check_loading_succeeds_with_missing_classname.stdout")); + VERIFY_STR(data.stderr_str, ""); + + return true; +} + +int +check_loading_fails_with_missing_classname(void) +{ + str_array_free(&data.plugin_options); + data.plugin_options = create_str_array(2, "ModulePath=" SRC_DIR "/regress/plugin_errorstr.py", NULL); + return check_loading_fails("missing_classname"); +} + +int +check_loading_fails_with_wrong_classname(void) +{ + create_plugin_options("example_debugging", "MispelledPluginName", NULL); + return check_loading_fails("wrong_classname"); +} + +int +check_loading_fails_with_wrong_path(void) +{ + str_array_free(&data.plugin_options); + data.plugin_options = create_str_array(3, "ModulePath=/wrong_path.py", "ClassName=PluginName", NULL); + return check_loading_fails("wrong_path"); +} + +int +check_loading_fails_plugin_is_not_owned_by_root(void) +{ + sudo_conf_clear_paths(); + VERIFY_INT(sudo_conf_read(sudo_conf_normal_mode, SUDO_CONF_ALL), true); + + create_debugging_plugin_options(); + return check_loading_fails("not_owned_by_root"); +} + +int +check_example_conversation_plugin_reason_log(int simulate_suspend, const char *description) +{ + const char *errstr = NULL; + + create_conversation_plugin_options(); + + str_array_free(&data.plugin_argv); // have a command run + data.plugin_argc = 1; + data.plugin_argv = create_str_array(2, "/bin/whoami", NULL); + + data.conv_replies[0] = "my fake reason"; + data.conv_replies[1] = "my real secret reason"; + + sudo_conv_t conversation = simulate_suspend ? fake_conversation_with_suspend : fake_conversation; + + VERIFY_INT(python_io->open(SUDO_API_VERSION, conversation, fake_printf, data.settings, + data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + python_io->close(0, 0); + + VERIFY_STDOUT(expected_path("check_example_conversation_plugin_reason_log_%s.stdout", description)); + VERIFY_STDERR(expected_path("check_example_conversation_plugin_reason_log_%s.stderr", description)); + VERIFY_CONV(expected_path("check_example_conversation_plugin_reason_log_%s.conversation", description)); + VERIFY_FILE("sudo_reasons.txt", expected_path("check_example_conversation_plugin_reason_log_%s.stored", description)); + return true; +} + +int +check_example_conversation_plugin_user_interrupts(void) +{ + const char *errstr = NULL; + + create_conversation_plugin_options(); + + str_array_free(&data.plugin_argv); // have a command run + data.plugin_argc = 1; + data.plugin_argv = create_str_array(2, "/bin/whoami", NULL); + + data.conv_replies[0] = NULL; // this simulates user interrupt for the first question + + VERIFY_INT(python_io->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, + data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, + data.user_env, data.plugin_options, &errstr), SUDO_RC_REJECT); + VERIFY_PTR(errstr, NULL); + python_io->close(0, 0); + + VERIFY_STDOUT(expected_path("check_example_conversation_plugin_user_interrupts.stdout")); + VERIFY_STDERR(expected_path("check_example_conversation_plugin_user_interrupts.stderr")); + VERIFY_CONV(expected_path("check_example_conversation_plugin_user_interrupts.conversation")); + return true; +} + +int +check_example_policy_plugin_version_display(int is_verbose) +{ + const char *errstr = NULL; + + create_policy_plugin_options(); + + VERIFY_INT(python_policy->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, + data.user_info, data.user_env, data.plugin_options, &errstr), + SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + VERIFY_INT(python_policy->show_version(is_verbose), SUDO_RC_OK); + + python_policy->close(0, 0); // this should not call the python plugin close as there was no command run invocation + + if (is_verbose) { + // Note: the exact python version is environment dependent + VERIFY_STR_CONTAINS(data.stdout_str, "Python interpreter version:"); + *strstr(data.stdout_str, "Python interpreter version:") = '\0'; + VERIFY_STDOUT(expected_path("check_example_policy_plugin_version_display_full.stdout")); + } else { + VERIFY_STDOUT(expected_path("check_example_policy_plugin_version_display.stdout")); + } + + VERIFY_STDERR(expected_path("check_example_policy_plugin_version_display.stderr")); + + return true; +} + +int +check_example_policy_plugin_accepted_execution(void) +{ + const char *errstr = NULL; + + create_policy_plugin_options(); + + str_array_free(&data.plugin_argv); + data.plugin_argc = 2; + data.plugin_argv = create_str_array(3, "/bin/whoami", "--help", NULL); + + str_array_free(&data.user_env); + data.user_env = create_str_array(3, "USER_ENV1=VALUE1", "USER_ENV2=value2", NULL); + + VERIFY_INT(python_policy->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, + data.user_info, data.user_env, data.plugin_options, &errstr), + SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + char **env_add = create_str_array(3, "REQUESTED_ENV1=VALUE1", "REQUESTED_ENV2=value2", NULL); + + char **argv_out, **user_env_out, **command_info_out; // free to contain garbage + + VERIFY_INT(python_policy->check_policy(data.plugin_argc, data.plugin_argv, env_add, + &command_info_out, &argv_out, &user_env_out, &errstr), + SUDO_RC_ACCEPT); + VERIFY_PTR(errstr, NULL); + + VERIFY_STR_SET(command_info_out, 4, "command=/bin/whoami", "runas_uid=0", "runas_gid=0", NULL); + VERIFY_STR_SET(user_env_out, 5, "USER_ENV1=VALUE1", "USER_ENV2=value2", + "REQUESTED_ENV1=VALUE1", "REQUESTED_ENV2=value2", NULL); + VERIFY_STR_SET(argv_out, 3, "/bin/whoami", "--help", NULL); + + VERIFY_INT(python_policy->init_session(&example_pwd, &user_env_out, &errstr), SUDO_RC_ACCEPT); + VERIFY_PTR(errstr, NULL); + + // init session is able to modify the user env: + VERIFY_STR_SET(user_env_out, 6, "USER_ENV1=VALUE1", "USER_ENV2=value2", + "REQUESTED_ENV1=VALUE1", "REQUESTED_ENV2=value2", "PLUGIN_EXAMPLE_ENV=1", NULL); + + python_policy->close(3, 0); // successful execution returned exit code 3 + + VERIFY_STDOUT(expected_path("check_example_policy_plugin_accepted_execution.stdout")); + VERIFY_STDERR(expected_path("check_example_policy_plugin_accepted_execution.stderr")); + + str_array_free(&env_add); + str_array_free(&user_env_out); + str_array_free(&command_info_out); + str_array_free(&argv_out); + return true; +} + +int +check_example_policy_plugin_failed_execution(void) +{ + const char *errstr = NULL; + + create_policy_plugin_options(); + + str_array_free(&data.plugin_argv); + data.plugin_argc = 2; + data.plugin_argv = create_str_array(3, "/bin/id", "--help", NULL); + + VERIFY_INT(python_policy->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, + data.user_info, data.user_env, data.plugin_options, &errstr), + SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + char **argv_out, **user_env_out, **command_info_out; // free to contain garbage + + VERIFY_INT(python_policy->check_policy(data.plugin_argc, data.plugin_argv, NULL, + &command_info_out, &argv_out, &user_env_out, &errstr), + SUDO_RC_ACCEPT); + VERIFY_PTR(errstr, NULL); + + // pwd is unset (user is not part of /etc/passwd) + VERIFY_INT(python_policy->init_session(NULL, &user_env_out, &errstr), SUDO_RC_ACCEPT); + VERIFY_PTR(errstr, NULL); + + python_policy->close(12345, ENOENT); // failed to execute + + VERIFY_STDOUT(expected_path("check_example_policy_plugin_failed_execution.stdout")); + VERIFY_STDERR(expected_path("check_example_policy_plugin_failed_execution.stderr")); + + str_array_free(&user_env_out); + str_array_free(&command_info_out); + str_array_free(&argv_out); + return true; +} + +int +check_example_policy_plugin_denied_execution(void) +{ + const char *errstr = NULL; + + create_policy_plugin_options(); + + str_array_free(&data.plugin_argv); + data.plugin_argc = 1; + data.plugin_argv = create_str_array(2, "/bin/passwd", NULL); + + VERIFY_INT(python_policy->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, + data.user_info, data.user_env, data.plugin_options, &errstr), + SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + char **argv_out, **user_env_out, **command_info_out; // free to contain garbage + + VERIFY_INT(python_policy->check_policy(data.plugin_argc, data.plugin_argv, NULL, + &command_info_out, &argv_out, &user_env_out, &errstr), + SUDO_RC_REJECT); + VERIFY_PTR(errstr, NULL); + + VERIFY_PTR(command_info_out, NULL); + VERIFY_PTR(argv_out, NULL); + VERIFY_PTR(user_env_out, NULL); + + python_policy->close(0, 0); // there was no execution + + VERIFY_STDOUT(expected_path("check_example_policy_plugin_denied_execution.stdout")); + VERIFY_STDERR(expected_path("check_example_policy_plugin_denied_execution.stderr")); + + return true; +} + +int +check_example_policy_plugin_list(void) +{ + const char *errstr = NULL; + + create_policy_plugin_options(); + + VERIFY_INT(python_policy->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, + data.user_info, data.user_env, data.plugin_options, &errstr), + SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + snprintf_append(data.stdout_str, MAX_OUTPUT, "-- minimal --\n"); + VERIFY_INT(python_policy->list(data.plugin_argc, data.plugin_argv, false, NULL, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + snprintf_append(data.stdout_str, MAX_OUTPUT, "\n-- minimal (verbose) --\n"); + VERIFY_INT(python_policy->list(data.plugin_argc, data.plugin_argv, true, NULL, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + snprintf_append(data.stdout_str, MAX_OUTPUT, "\n-- with user --\n"); + VERIFY_INT(python_policy->list(data.plugin_argc, data.plugin_argv, false, "testuser", &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + snprintf_append(data.stdout_str, MAX_OUTPUT, "\n-- with user (verbose) --\n"); + VERIFY_INT(python_policy->list(data.plugin_argc, data.plugin_argv, true, "testuser", &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + snprintf_append(data.stdout_str, MAX_OUTPUT, "\n-- with allowed program --\n"); + str_array_free(&data.plugin_argv); + data.plugin_argc = 3; + data.plugin_argv = create_str_array(4, "/bin/id", "some", "arguments", NULL); + VERIFY_INT(python_policy->list(data.plugin_argc, data.plugin_argv, false, NULL, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + snprintf_append(data.stdout_str, MAX_OUTPUT, "\n-- with allowed program (verbose) --\n"); + VERIFY_INT(python_policy->list(data.plugin_argc, data.plugin_argv, true, NULL, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + snprintf_append(data.stdout_str, MAX_OUTPUT, "\n-- with denied program --\n"); + str_array_free(&data.plugin_argv); + data.plugin_argc = 1; + data.plugin_argv = create_str_array(2, "/bin/passwd", NULL); + VERIFY_INT(python_policy->list(data.plugin_argc, data.plugin_argv, false, NULL, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + snprintf_append(data.stdout_str, MAX_OUTPUT, "\n-- with denied program (verbose) --\n"); + VERIFY_INT(python_policy->list(data.plugin_argc, data.plugin_argv, true, NULL, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + python_policy->close(0, 0); // there was no execution + + VERIFY_STDOUT(expected_path("check_example_policy_plugin_list.stdout")); + VERIFY_STDERR(expected_path("check_example_policy_plugin_list.stderr")); + + return true; +} + +int +check_example_policy_plugin_validate_invalidate(void) +{ + const char *errstr = NULL; + + // the plugin does not do any meaningful for these, so using log to validate instead + const char *config_path = create_debug_config("py_calls@diag"); + VERIFY_NOT_NULL(config_path); + VERIFY_INT(sudo_conf_read(config_path, SUDO_CONF_ALL), true); + + create_policy_plugin_options(); + + VERIFY_INT(python_policy->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, + data.user_info, data.user_env, data.plugin_options, &errstr), + SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + VERIFY_INT(python_policy->validate(&errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + python_policy->invalidate(true); + python_policy->invalidate(false); + + python_policy->close(0, 0); // no command execution + + VERIFY_LOG_LINES(expected_path("check_example_policy_plugin_validate_invalidate.log")); + VERIFY_STR(data.stderr_str, ""); + VERIFY_STR(data.stdout_str, ""); + return true; +} + +int +check_policy_plugin_callbacks_are_optional(void) +{ + const char *errstr = NULL; + + create_debugging_plugin_options(); + + VERIFY_INT(python_policy->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, + data.user_info, data.user_env, data.plugin_options, &errstr), + SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + VERIFY_PTR(python_policy->list, NULL); + VERIFY_PTR(python_policy->validate, NULL); + VERIFY_PTR(python_policy->invalidate, NULL); + VERIFY_PTR_NE(python_policy->check_policy, NULL); // (not optional) + VERIFY_PTR(python_policy->init_session, NULL); + + // show_version always displays the plugin, but it is optional in the python layer + VERIFY_PTR_NE(python_policy->show_version, NULL); + VERIFY_INT(python_policy->show_version(1), SUDO_RC_OK); + + python_policy->close(0, 0); + return true; +} + +int +check_policy_plugin_reports_error(void) +{ + const char *errstr = NULL; + str_array_free(&data.plugin_options); + data.plugin_options = create_str_array( + 3, + "ModulePath=" SRC_DIR "/regress/plugin_errorstr.py", + "ClassName=ConstructErrorPlugin", + NULL + ); + + VERIFY_INT(python_policy->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, + data.user_info, data.user_env, data.plugin_options, &errstr), SUDO_RC_ERROR); + VERIFY_STR(errstr, "Something wrong in plugin constructor"); + errstr = NULL; + + python_policy->close(0, 0); + + str_array_free(&data.plugin_options); + data.plugin_options = create_str_array( + 3, + "ModulePath=" SRC_DIR "/regress/plugin_errorstr.py", + "ClassName=ErrorMsgPlugin", + NULL + ); + + data.plugin_argc = 1; + str_array_free(&data.plugin_argv); + data.plugin_argv = create_str_array(2, "id", NULL); + + VERIFY_INT(python_policy->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, + data.user_info, data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + char **command_info_out = NULL; + char **argv_out = NULL; + char **user_env_out = NULL; + + VERIFY_INT(python_policy->list(data.plugin_argc, data.plugin_argv, true, NULL, &errstr), SUDO_RC_ERROR); + VERIFY_STR(errstr, "Something wrong in list"); + + errstr = NULL; + VERIFY_INT(python_policy->validate(&errstr), SUDO_RC_ERROR); + VERIFY_STR(errstr, "Something wrong in validate"); + + errstr = NULL; + VERIFY_INT(python_policy->check_policy(data.plugin_argc, data.plugin_argv, data.user_env, + &command_info_out, &argv_out, &user_env_out, &errstr), + SUDO_RC_ERROR); + VERIFY_STR(errstr, "Something wrong in check_policy"); + + errstr = NULL; + VERIFY_INT(python_policy->init_session(&example_pwd, &user_env_out, &errstr), SUDO_RC_ERROR); + VERIFY_STR(errstr, "Something wrong in init_session"); + + python_policy->close(0, 0); + + VERIFY_STR(data.stderr_str, ""); + VERIFY_STR(data.stdout_str, ""); + return true; +} + +int +check_io_plugin_callbacks_are_optional(void) +{ + const char *errstr = NULL; + + create_debugging_plugin_options(); + + VERIFY_INT(python_io->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, + data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + VERIFY_PTR(python_io->log_stdin, NULL); + VERIFY_PTR(python_io->log_stdout, NULL); + VERIFY_PTR(python_io->log_stderr, NULL); + VERIFY_PTR(python_io->log_ttyin, NULL); + VERIFY_PTR(python_io->log_ttyout, NULL); + VERIFY_PTR(python_io->change_winsize, NULL); + + // show_version always displays the plugin, but it is optional in the python layer + VERIFY_PTR_NE(python_io->show_version, NULL); + VERIFY_INT(python_io->show_version(1), SUDO_RC_OK); + + python_io->close(0, 0); + return true; +} + +int +check_python_plugins_do_not_affect_each_other(void) +{ + const char *errstr = NULL; + + // We test here that one plugin is not able to effect the environment of another + // This is important so they do not ruin or depend on each other's state. + create_plugin_options("regress/plugin_conflict", "ConflictPlugin", "Path=path_for_first_plugin"); + + VERIFY_INT(python_io->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, + data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + create_plugin_options("regress/plugin_conflict", "ConflictPlugin", "Path=path_for_second_plugin"); + VERIFY_INT(python_policy->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, + data.user_info, data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + python_io->close(0, 0); + python_policy->close(0, 0); + + VERIFY_STDOUT(expected_path("check_python_plugins_do_not_affect_each_other.stdout")); + VERIFY_STR(data.stderr_str, ""); + return true; +} + +int +check_example_audit_plugin_receives_accept(void) +{ + create_audit_plugin_options(""); + const char *errstr = NULL; + + str_array_free(&data.plugin_argv); + data.plugin_argv = create_str_array(6, "sudo", "-u", "user", "id", "--help", NULL); + + str_array_free(&data.user_env); + data.user_env = create_str_array(3, "KEY1=VALUE1", "KEY2=VALUE2", NULL); + + str_array_free(&data.user_info); + data.user_info = create_str_array(3, "user=testuser1", "uid=123", NULL); + + VERIFY_INT(python_audit->open(SUDO_API_VERSION, fake_conversation, fake_printf, + data.settings, data.user_info, 3, data.plugin_argv, + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + str_array_free(&data.command_info); + data.command_info = create_str_array(2, "command=/sbin/id", NULL); + + str_array_free(&data.plugin_argv); + data.plugin_argv = create_str_array(3, "id", "--help", NULL); + + VERIFY_INT(python_audit->accept("accepter plugin name", SUDO_POLICY_PLUGIN, + data.command_info, data.plugin_argv, + data.user_env, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + python_audit->close(SUDO_PLUGIN_WAIT_STATUS, W_EXITCODE(2, 0)); // process exited with 2 + + VERIFY_STDOUT(expected_path("check_example_audit_plugin_receives_accept.stdout")); + VERIFY_STR(data.stderr_str, ""); + + return true; +} + +int +check_example_audit_plugin_receives_reject(void) +{ + create_audit_plugin_options(NULL); + const char *errstr = NULL; + + str_array_free(&data.plugin_argv); + data.plugin_argv = create_str_array(3, "sudo", "passwd", NULL); + + str_array_free(&data.user_info); + data.user_info = create_str_array(3, "user=root", "uid=0", NULL); + + VERIFY_INT(python_audit->open(SUDO_API_VERSION, fake_conversation, fake_printf, + data.settings, data.user_info, 1, data.plugin_argv, + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + VERIFY_INT(python_audit->reject("rejecter plugin name", SUDO_IO_PLUGIN, + "Rejected just because!", data.command_info, + &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + python_audit->close(SUDO_PLUGIN_NO_STATUS, 0); // program was not run + + VERIFY_STDOUT(expected_path("check_example_audit_plugin_receives_reject.stdout")); + VERIFY_STR(data.stderr_str, ""); + + return true; +} + +int +check_example_audit_plugin_receives_error(void) +{ + create_audit_plugin_options(""); + const char *errstr = NULL; + + str_array_free(&data.plugin_argv); + data.plugin_argv = create_str_array(5, "sudo", "-u", "user", "id", NULL); + + VERIFY_INT(python_audit->open(SUDO_API_VERSION, fake_conversation, fake_printf, + data.settings, data.user_info, 3, data.plugin_argv, + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + str_array_free(&data.command_info); + data.command_info = create_str_array(2, "command=/sbin/id", NULL); + + VERIFY_INT(python_audit->error("errorer plugin name", SUDO_AUDIT_PLUGIN, + "Some error has happened", data.command_info, + &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + python_audit->close(SUDO_PLUGIN_SUDO_ERROR, 222); + + VERIFY_STDOUT(expected_path("check_example_audit_plugin_receives_error.stdout")); + VERIFY_STR(data.stderr_str, ""); + + return true; +} + +typedef struct audit_plugin * (audit_clone_func)(void); + +int +check_example_audit_plugin_workflow_multiple(void) +{ + // verify multiple python audit plugins are available + audit_clone_func *python_audit_clone = (audit_clone_func *)sudo_dso_findsym( + python_plugin_handle, "python_audit_clone"); + VERIFY_PTR_NE(python_audit_clone, NULL); + + struct audit_plugin *python_audit2 = NULL; + + for (int i = 0; i < 7; ++i) { + python_audit2 = (*python_audit_clone)(); + VERIFY_PTR_NE(python_audit2, NULL); + VERIFY_PTR_NE(python_audit2, python_audit); + } + + const char *errstr = NULL; + + str_array_free(&data.plugin_argv); + data.plugin_argv = create_str_array(6, "sudo", "-u", "user", "id", "--help", NULL); + + str_array_free(&data.user_env); + data.user_env = create_str_array(3, "KEY1=VALUE1", "KEY2=VALUE2", NULL); + + str_array_free(&data.user_info); + data.user_info = create_str_array(3, "user=default", "uid=1000", NULL); + + create_audit_plugin_options("Id=1"); + VERIFY_INT(python_audit->open(SUDO_API_VERSION, fake_conversation, fake_printf, + data.settings, data.user_info, 3, data.plugin_argv, + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + // For verifying the error message of no more plugin. It should be displayed only once. + VERIFY_PTR((*python_audit_clone)(), NULL); + VERIFY_PTR((*python_audit_clone)(), NULL); + + create_audit_plugin_options("Id=2"); + VERIFY_INT(python_audit2->open(SUDO_API_VERSION, fake_conversation, fake_printf, + data.settings, data.user_info, 3, data.plugin_argv, + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + str_array_free(&data.command_info); + data.command_info = create_str_array(2, "command=/sbin/id", NULL); + + str_array_free(&data.plugin_argv); + data.plugin_argv = create_str_array(3, "id", "--help", NULL); + + VERIFY_INT(python_audit->accept("accepter plugin name", SUDO_POLICY_PLUGIN, + data.command_info, data.plugin_argv, + data.user_env, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + VERIFY_INT(python_audit2->accept("accepter plugin name", SUDO_POLICY_PLUGIN, + data.command_info, data.plugin_argv, + data.user_env, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + python_audit->close(SUDO_PLUGIN_WAIT_STATUS, W_EXITCODE(0, 11)); // process got signal 11 + python_audit2->close(SUDO_PLUGIN_WAIT_STATUS, W_EXITCODE(0, 11)); + + VERIFY_STDOUT(expected_path("check_example_audit_plugin_workflow_multiple.stdout")); + VERIFY_STDERR(expected_path("check_example_audit_plugin_workflow_multiple.stderr")); + + return true; +} + +int +check_example_audit_plugin_version_display(void) +{ + create_audit_plugin_options(NULL); + const char *errstr = NULL; + + str_array_free(&data.user_info); + data.user_info = create_str_array(3, "user=root", "uid=0", NULL); + + str_array_free(&data.plugin_argv); + data.plugin_argv = create_str_array(3, "sudo", "-V", NULL); + + VERIFY_INT(python_audit->open(SUDO_API_VERSION, fake_conversation, fake_printf, + data.settings, data.user_info, 2, data.plugin_argv, + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + VERIFY_INT(python_audit->show_version(false), SUDO_RC_OK); + VERIFY_INT(python_audit->show_version(true), SUDO_RC_OK); + + python_audit->close(SUDO_PLUGIN_SUDO_ERROR, 222); + + VERIFY_STDOUT(expected_path("check_example_audit_plugin_version_display.stdout")); + VERIFY_STR(data.stderr_str, ""); + + return true; +} + +int +check_audit_plugin_callbacks_are_optional(void) +{ + const char *errstr = NULL; + + create_debugging_plugin_options(); + + VERIFY_INT(python_audit->open(SUDO_API_VERSION, fake_conversation, fake_printf, + data.settings, data.user_info, 2, data.plugin_argv, + data.user_env, data.plugin_options, &errstr), + SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + VERIFY_PTR(python_audit->accept, NULL); + VERIFY_PTR(python_audit->reject, NULL); + VERIFY_PTR(python_audit->error, NULL); + + // show_version always displays the plugin, but it is optional in the python layer + VERIFY_PTR_NE(python_audit->show_version, NULL); + VERIFY_INT(python_audit->show_version(1), SUDO_RC_OK); + + python_audit->close(SUDO_PLUGIN_NO_STATUS, 0); + return true; +} + +int +check_audit_plugin_reports_error(void) +{ + const char *errstr = NULL; + create_plugin_options("regress/plugin_errorstr", "ConstructErrorPlugin", NULL); + + VERIFY_INT(python_audit->open(SUDO_API_VERSION, fake_conversation, fake_printf, + data.settings, data.user_info, 0, data.plugin_argv, + data.user_env, data.plugin_options, &errstr), SUDO_RC_ERROR); + + VERIFY_STR(errstr, "Something wrong in plugin constructor"); + errstr = NULL; + + python_audit->close(SUDO_PLUGIN_NO_STATUS, 0); + + create_plugin_options("regress/plugin_errorstr", "ErrorMsgPlugin", NULL); + + VERIFY_INT(python_audit->open(SUDO_API_VERSION, fake_conversation, fake_printf, + data.settings, data.user_info, 0, data.plugin_argv, + data.user_env, data.plugin_options, &errstr), SUDO_RC_ERROR); + VERIFY_STR(errstr, "Something wrong in open"); + + errstr = NULL; + VERIFY_INT(python_audit->accept("plugin name", SUDO_POLICY_PLUGIN, + data.command_info, data.plugin_argv, + data.user_env, &errstr), SUDO_RC_ERROR); + VERIFY_STR(errstr, "Something wrong in accept"); + + errstr = NULL; + VERIFY_INT(python_audit->reject("plugin name", SUDO_POLICY_PLUGIN, + "audit message", data.command_info, + &errstr), SUDO_RC_ERROR); + VERIFY_STR(errstr, "Something wrong in reject"); + + errstr = NULL; + VERIFY_INT(python_audit->error("plugin name", SUDO_POLICY_PLUGIN, + "audit message", data.command_info, + &errstr), SUDO_RC_ERROR); + VERIFY_STR(errstr, "Something wrong in error"); + + python_audit->close(SUDO_PLUGIN_NO_STATUS, 0); + + VERIFY_STR(data.stderr_str, ""); + VERIFY_STR(data.stdout_str, ""); + return true; +} + +static int +check_example_approval_plugin(const char *date_str, const char *expected_error) +{ + const char *errstr = NULL; + + create_plugin_options("example_approval_plugin", "BusinessHoursApprovalPlugin", NULL); + + VERIFY_INT(python_approval->open(SUDO_API_VERSION, fake_conversation, fake_printf, + data.settings, data.user_info, 0, data.plugin_argv, + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); + + VERIFY_TRUE(mock_python_datetime_now("example_approval_plugin", date_str)); + + int expected_rc = (expected_error == NULL) ? SUDO_RC_ACCEPT : SUDO_RC_REJECT; + + VERIFY_INT(python_approval->check(data.command_info, data.plugin_argv, data.user_env, &errstr), + expected_rc); + + if (expected_error == NULL) { + VERIFY_PTR(errstr, NULL); + VERIFY_STR(data.stdout_str, ""); + } else { + VERIFY_STR(errstr, expected_error); + VERIFY_STR_CONTAINS(data.stdout_str, expected_error); // (ends with \n) + } + VERIFY_STR(data.stderr_str, ""); + + python_approval->close(); + + return true; +} + +typedef struct approval_plugin * (approval_clone_func)(void); + +static int +check_multiple_approval_plugin_and_arguments(void) +{ + // verify multiple python approval plugins are available + approval_clone_func *python_approval_clone = (approval_clone_func *)sudo_dso_findsym( + python_plugin_handle, "python_approval_clone"); + VERIFY_PTR_NE(python_approval_clone, NULL); + + struct approval_plugin *python_approval2 = NULL; + + for (int i = 0; i < 7; ++i) { + python_approval2 = (*python_approval_clone)(); + VERIFY_PTR_NE(python_approval2, NULL); + VERIFY_PTR_NE(python_approval2, python_approval); + } + + const char *errstr = NULL; + create_plugin_options("regress/plugin_approval_test", "ApprovalTestPlugin", "Id=1"); + + str_array_free(&data.plugin_argv); + data.plugin_argv = create_str_array(6, "sudo", "-u", "user", "whoami", "--help", NULL); + + str_array_free(&data.user_env); + data.user_env = create_str_array(3, "USER_ENV1=VALUE1", "USER_ENV2=value2", NULL); + + str_array_free(&data.user_info); + data.user_info = create_str_array(3, "INFO1=VALUE1", "info2=value2", NULL); + + str_array_free(&data.settings); + data.settings = create_str_array(3, "SETTING1=VALUE1", "setting2=value2", NULL); + + VERIFY_INT(python_approval->open(SUDO_API_VERSION, fake_conversation, fake_printf, + data.settings, data.user_info, 3, data.plugin_argv, + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + // For verifying the error message of no more plugin. It should be displayed only once. + VERIFY_PTR((*python_approval_clone)(), NULL); + VERIFY_PTR((*python_approval_clone)(), NULL); + + create_plugin_options("regress/plugin_approval_test", "ApprovalTestPlugin", "Id=2"); + VERIFY_INT(python_approval2->open(SUDO_API_VERSION, fake_conversation, fake_printf, + data.settings, data.user_info, 3, data.plugin_argv, + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + VERIFY_INT(python_approval->show_version(false), SUDO_RC_OK); + VERIFY_INT(python_approval2->show_version(true), SUDO_RC_OK); + + str_array_free(&data.command_info); + data.command_info = create_str_array(3, "CMDINFO1=value1", "CMDINFO2=VALUE2", NULL); + + str_array_free(&data.plugin_argv); + data.plugin_argv = create_str_array(3, "whoami", "--help", NULL); + + VERIFY_INT(python_approval->check(data.command_info, data.plugin_argv, data.user_env, &errstr), + SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + VERIFY_INT(python_approval2->check(data.command_info, data.plugin_argv, data.user_env, &errstr), + SUDO_RC_OK); + VERIFY_PTR(errstr, NULL); + + python_approval->close(); + python_approval2->close(); + + VERIFY_STDOUT(expected_path("check_multiple_approval_plugin_and_arguments.stdout")); + VERIFY_STDERR(expected_path("check_multiple_approval_plugin_and_arguments.stderr")); + + return true; +} + + +static int +_init_symbols(void) +{ + if (python_plugin_handle != NULL) { + // symbols are already loaded, we just restore + RESTORE_PYTHON_PLUGIN(python_io); + RESTORE_PYTHON_PLUGIN(python_policy); + RESTORE_PYTHON_PLUGIN(python_approval); + RESTORE_PYTHON_PLUGIN(python_audit); + RESTORE_PYTHON_PLUGIN(group_plugin); + return true; + } + + // we load the symbols + python_plugin_handle = sudo_dso_load(python_plugin_so_path, SUDO_DSO_LAZY|SUDO_DSO_GLOBAL); + VERIFY_PTR_NE(python_plugin_handle, NULL); + + python_io = sudo_dso_findsym(python_plugin_handle, "python_io"); + VERIFY_PTR_NE(python_io, NULL); + + group_plugin = sudo_dso_findsym(python_plugin_handle, "group_plugin"); + VERIFY_PTR_NE(group_plugin, NULL); + + python_policy = sudo_dso_findsym(python_plugin_handle, "python_policy"); + VERIFY_PTR_NE(python_policy, NULL); + + python_audit = sudo_dso_findsym(python_plugin_handle, "python_audit"); + VERIFY_PTR_NE(python_audit, NULL); + + python_approval = sudo_dso_findsym(python_plugin_handle, "python_approval"); + VERIFY_PTR_NE(python_approval, NULL); + + SAVE_PYTHON_PLUGIN(python_io); + SAVE_PYTHON_PLUGIN(python_policy); + SAVE_PYTHON_PLUGIN(python_approval); + SAVE_PYTHON_PLUGIN(python_audit); + SAVE_PYTHON_PLUGIN(group_plugin); + + return true; +} + +static int +_unlink_symbols(void) +{ + python_io = NULL; + group_plugin = NULL; + python_policy = NULL; + python_approval = NULL; + python_audit = NULL; + VERIFY_INT(sudo_dso_unload(python_plugin_handle), 0); + python_plugin_handle = NULL; + VERIFY_FALSE(Py_IsInitialized()); + return true; +} + +int +main(int argc, char *argv[]) +{ + int errors = 0; + + if (argc != 2) { + printf("Please specify the python_plugin.so as argument!\n"); + return EXIT_FAILURE; + } + python_plugin_so_path = argv[1]; + + RUN_TEST(check_example_io_plugin_version_display(true)); + RUN_TEST(check_example_io_plugin_version_display(false)); + RUN_TEST(check_example_io_plugin_command_log()); + RUN_TEST(check_example_io_plugin_command_log_multiple()); + RUN_TEST(check_example_io_plugin_failed_to_start_command()); + RUN_TEST(check_example_io_plugin_fails_with_python_backtrace()); + RUN_TEST(check_io_plugin_callbacks_are_optional()); + RUN_TEST(check_io_plugin_reports_error()); + RUN_TEST(check_plugin_unload()); + + RUN_TEST(check_example_group_plugin()); + RUN_TEST(check_example_group_plugin_is_able_to_debug()); + RUN_TEST(check_plugin_unload()); + + RUN_TEST(check_loading_fails_with_missing_path()); + RUN_TEST(check_loading_succeeds_with_missing_classname()); + RUN_TEST(check_loading_fails_with_missing_classname()); + RUN_TEST(check_loading_fails_with_wrong_classname()); + RUN_TEST(check_loading_fails_with_wrong_path()); + RUN_TEST(check_loading_fails_plugin_is_not_owned_by_root()); + RUN_TEST(check_plugin_unload()); + + RUN_TEST(check_example_conversation_plugin_reason_log(false, "without_suspend")); + RUN_TEST(check_example_conversation_plugin_reason_log(true, "with_suspend")); + RUN_TEST(check_example_conversation_plugin_user_interrupts()); + RUN_TEST(check_plugin_unload()); + + RUN_TEST(check_example_policy_plugin_version_display(true)); + RUN_TEST(check_example_policy_plugin_version_display(false)); + RUN_TEST(check_example_policy_plugin_accepted_execution()); + RUN_TEST(check_example_policy_plugin_failed_execution()); + RUN_TEST(check_example_policy_plugin_denied_execution()); + RUN_TEST(check_example_policy_plugin_list()); + RUN_TEST(check_example_policy_plugin_validate_invalidate()); + RUN_TEST(check_policy_plugin_callbacks_are_optional()); + RUN_TEST(check_policy_plugin_reports_error()); + RUN_TEST(check_plugin_unload()); + + RUN_TEST(check_example_audit_plugin_receives_accept()); + RUN_TEST(check_example_audit_plugin_receives_reject()); + RUN_TEST(check_example_audit_plugin_receives_error()); + RUN_TEST(check_example_audit_plugin_workflow_multiple()); + RUN_TEST(check_example_audit_plugin_version_display()); + RUN_TEST(check_audit_plugin_callbacks_are_optional()); + RUN_TEST(check_audit_plugin_reports_error()); + RUN_TEST(check_plugin_unload()); + + // Monday, too early + RUN_TEST(check_example_approval_plugin( + "2020-02-10T07:55:23", "That is not allowed outside the business hours!")); + // Monday, good time + RUN_TEST(check_example_approval_plugin("2020-02-10T08:05:23", NULL)); + // Friday, good time + RUN_TEST(check_example_approval_plugin("2020-02-14T17:59:23", NULL)); + // Friday, too late + RUN_TEST(check_example_approval_plugin( + "2020-02-10T18:05:23", "That is not allowed outside the business hours!")); + // Saturday + RUN_TEST(check_example_approval_plugin( + "2020-02-15T08:05:23", "That is not allowed on the weekend!")); + RUN_TEST(check_multiple_approval_plugin_and_arguments()); + + RUN_TEST(check_python_plugins_do_not_affect_each_other()); + RUN_TEST(check_plugin_unload()); + + RUN_TEST(check_example_debugging("plugin@err")); + RUN_TEST(check_example_debugging("plugin@info")); + RUN_TEST(check_example_debugging("load@diag")); + RUN_TEST(check_example_debugging("sudo_cb@info")); + RUN_TEST(check_example_debugging("c_calls@diag")); + RUN_TEST(check_example_debugging("c_calls@info")); + RUN_TEST(check_example_debugging("py_calls@diag")); + RUN_TEST(check_example_debugging("py_calls@info")); + RUN_TEST(check_example_debugging("plugin@err")); + RUN_TEST(check_plugin_unload()); + + return errors; +} diff -Nru sudo-1.8.31/plugins/python/regress/iohelpers.c sudo-1.9.0/plugins/python/regress/iohelpers.c --- sudo-1.8.31/plugins/python/regress/iohelpers.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/iohelpers.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,175 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2020 Robert Manner + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include "iohelpers.h" + +int +rmdir_recursive(const char *path) +{ + char *cmd = NULL; + int success = false; + + if (asprintf(&cmd, "rm -rf \"%s\"", path) < 0) + return false; + + if (system(cmd) == 0) + success = true; + + free(cmd); + + return success; +} + +int +fwriteall(const char *file_path, const char *string) +{ + int success = false; + + FILE *file = fopen(file_path, "w+"); + if (file == NULL) + goto cleanup; + + size_t size = strlen(string); + if (fwrite(string, 1, size, file) < size) { + goto cleanup; + } + + success = true; + +cleanup: + if (file) + fclose(file); + + return success; +} + +int +freadall(const char *file_path, char *output, size_t max_len) +{ + int rc = false; + FILE *file = fopen(file_path, "rb"); + if (file == NULL) { + printf("Failed to open file '%s'\n", file_path); + goto cleanup; + } + + size_t len = fread(output, 1, max_len - 1, file); + output[len] = '\0'; + + if (ferror(file) != 0) { + printf("Failed to read file '%s' (Error %d)\n", file_path, ferror(file)); + goto cleanup; + } + + if (!feof(file)) { + printf("File '%s' was bigger than allocated buffer %zu", file_path, max_len); + goto cleanup; + } + + rc = true; + +cleanup: + if (file) + fclose(file); + + return rc; +} + +int +vsnprintf_append(char *output, size_t max_output_len, const char *fmt, va_list args) +{ + va_list args2; + va_copy(args2, args); + + size_t output_len = strlen(output); + int rc = vsnprintf(output + output_len, max_output_len - output_len, fmt, args2); + + va_end(args2); + return rc; +} + +int +snprintf_append(char *output, size_t max_output_len, const char *fmt, ...) +{ + va_list args; + va_start(args, fmt); + int rc = vsnprintf_append(output, max_output_len, fmt, args); + va_end(args); + return rc; +} + +int +str_array_count(char **str_array) +{ + int result = 0; + for (; str_array[result] != NULL; ++result) {} + return result; +} + +void +str_array_snprint(char *out_str, size_t max_len, char **str_array, int array_len) +{ + if (array_len < 0) + array_len = str_array_count(str_array); + + for (int pos = 0; pos < array_len; ++pos) { + snprintf_append(out_str, max_len, "%s%s", pos > 0 ? ", " : "", str_array[pos]); + } +} + +char * +str_replaced(const char *source, size_t dest_len, const char *old, const char *new) +{ + char *result = calloc(1, dest_len); + char *dest = result; + char *pos = NULL; + size_t old_len = strlen(old); + + while ((pos = strstr(source, old)) != NULL) { + size_t len = snprintf(dest, dest_len, + "%.*s%s", (int)(pos - source), source, new); + if (len >= dest_len) + goto fail; + + dest_len -= len; + dest += len; + source = pos + old_len; + } + + if (strlcpy(dest, source, dest_len) >= dest_len) + goto fail; + + return result; + +fail: + free(result); + return strdup("str_replace_all failed, string too long"); +} + +void +str_replace_in_place(char *string, size_t max_length, const char *old, const char *new) +{ + char *replaced = str_replaced(string, max_length, old, new); + strlcpy(string, replaced, max_length); + free(replaced); +} diff -Nru sudo-1.8.31/plugins/python/regress/iohelpers.h sudo-1.9.0/plugins/python/regress/iohelpers.h --- sudo-1.8.31/plugins/python/regress/iohelpers.h 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/iohelpers.h 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,55 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2020 Robert Manner + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef PYTHON_IO_HELPERS +#define PYTHON_IO_HELPERS + +#include "config.h" +#include "sudo_compat.h" + +#include +#include +#include +#include +#include +#include +#include + +#include + +#define MAX_OUTPUT (2 << 16) + +int rmdir_recursive(const char *path); + +int fwriteall(const char *file_path, const char *string); +int freadall(const char *file_path, char *output, size_t max_len); + +// allocates new string with the content of 'string' but 'old' replaced to 'new' +// The allocated array will be dest_length size and null terminated correctly. +char *str_replaced(const char *string, size_t dest_length, const char *old, const char *new); + +// same, but "string" must be able to store 'max_length' number of characters including the null terminator +void str_replace_in_place(char *string, size_t max_length, const char *old, const char *new); + +int vsnprintf_append(char *output, size_t max_output_len, const char *fmt, va_list args); +int snprintf_append(char *output, size_t max_output_len, const char *fmt, ...); + +int str_array_count(char **str_array); +void str_array_snprint(char *out_str, size_t max_len, char **str_array, int array_len); + +#endif diff -Nru sudo-1.8.31/plugins/python/regress/plugin_approval_test.py sudo-1.9.0/plugins/python/regress/plugin_approval_test.py --- sudo-1.8.31/plugins/python/regress/plugin_approval_test.py 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/plugin_approval_test.py 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,22 @@ +import sudo +import json + + +class ApprovalTestPlugin(sudo.Plugin): + def __init__(self, plugin_options, **kwargs): + id = sudo.options_as_dict(plugin_options).get("Id", "") + super().__init__(plugin_options=plugin_options, **kwargs) + self._id = "(APPROVAL {})".format(id) + sudo.log_info("{} Constructed:".format(self._id)) + sudo.log_info(json.dumps(self.__dict__, indent=4, sort_keys=True)) + + def __del__(self): + sudo.log_info("{} Destructed successfully".format(self._id)) + + def check(self, *args): + sudo.log_info("{} Check was called with arguments: " + "{}".format(self._id, args)) + + def show_version(self, *args): + sudo.log_info("{} Show version was called with arguments: " + "{}".format(self._id, args)) diff -Nru sudo-1.8.31/plugins/python/regress/plugin_conflict.py sudo-1.9.0/plugins/python/regress/plugin_conflict.py --- sudo-1.8.31/plugins/python/regress/plugin_conflict.py 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/plugin_conflict.py 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,11 @@ +import sudo + +import sys + +sys.path = [] + +class ConflictPlugin(sudo.Plugin): + def __init__(self, plugin_options, **kwargs): + sudo.log_info("PATH before: {} (should be empty)".format(sys.path)) + sys.path = [sudo.options_as_dict(plugin_options).get("Path")] + sudo.log_info("PATH set: {}".format(sys.path)) diff -Nru sudo-1.8.31/plugins/python/regress/plugin_errorstr.py sudo-1.9.0/plugins/python/regress/plugin_errorstr.py --- sudo-1.8.31/plugins/python/regress/plugin_errorstr.py 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/plugin_errorstr.py 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,18 @@ +import sudo + + +# The purpose of this class is that all methods you call on its object +# raises a PluginError with a message containing the name of the called method. +# Eg. if you call "ErrorMsgPlugin().some_method()" it will raise +# "Something wrong in some_method" +class ErrorMsgPlugin(sudo.Plugin): + def __getattr__(self, name): + def raiser_func(*args): + raise sudo.PluginError("Something wrong in " + name) + + return raiser_func + + +class ConstructErrorPlugin(sudo.Plugin): + def __init__(self, **kwargs): + raise sudo.PluginError("Something wrong in plugin constructor") diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_audit_plugin_receives_accept.stdout sudo-1.9.0/plugins/python/regress/testdata/check_example_audit_plugin_receives_accept.stdout --- sudo-1.8.31/plugins/python/regress/testdata/check_example_audit_plugin_receives_accept.stdout 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_audit_plugin_receives_accept.stdout 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,7 @@ +(AUDIT) -- Started by user testuser1 (123) -- +(AUDIT) Requested command: id --help +(AUDIT) Accepted command: /sbin/id --help +(AUDIT) By the plugin: accepter plugin name (type=POLICY) +(AUDIT) Environment: KEY1=VALUE1 KEY2=VALUE2 +(AUDIT) Command returned with exit code 2 +(AUDIT) -- Finished -- diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_audit_plugin_receives_error.stdout sudo-1.9.0/plugins/python/regress/testdata/check_example_audit_plugin_receives_error.stdout --- sudo-1.8.31/plugins/python/regress/testdata/check_example_audit_plugin_receives_error.stdout 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_audit_plugin_receives_error.stdout 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,5 @@ +(AUDIT) -- Started by user ??? (???) -- +(AUDIT) Requested command: id +(AUDIT) Plugin errorer plugin name (type=AUDIT) got an error: Some error has happened +(AUDIT) Sudo has run into an error: 222 +(AUDIT) -- Finished -- diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_audit_plugin_receives_reject.stdout sudo-1.9.0/plugins/python/regress/testdata/check_example_audit_plugin_receives_reject.stdout --- sudo-1.8.31/plugins/python/regress/testdata/check_example_audit_plugin_receives_reject.stdout 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_audit_plugin_receives_reject.stdout 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,5 @@ +(AUDIT) -- Started by user root (0) -- +(AUDIT) Requested command: passwd +(AUDIT) Rejected by plugin rejecter plugin name (type=IO): Rejected just because! +(AUDIT) The command was not executed +(AUDIT) -- Finished -- diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_audit_plugin_version_display.stdout sudo-1.9.0/plugins/python/regress/testdata/check_example_audit_plugin_version_display.stdout --- sudo-1.8.31/plugins/python/regress/testdata/check_example_audit_plugin_version_display.stdout 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_audit_plugin_version_display.stdout 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,6 @@ +(AUDIT) -- Started by user root (0) -- +Python Example Audit Plugin +Python audit plugin (API 1.0): SudoAuditPlugin (loaded from 'SRC_DIR/example_audit_plugin.py') +Python Example Audit Plugin (version=1.0) +(AUDIT) Sudo has run into an error: 222 +(AUDIT) -- Finished -- diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_audit_plugin_workflow_multiple.stderr sudo-1.9.0/plugins/python/regress/testdata/check_example_audit_plugin_workflow_multiple.stderr --- sudo-1.8.31/plugins/python/regress/testdata/check_example_audit_plugin_workflow_multiple.stderr 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_audit_plugin_workflow_multiple.stderr 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1 @@ +sudo: loading more than 8 sudo python audit plugins is not supported diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_audit_plugin_workflow_multiple.stdout sudo-1.9.0/plugins/python/regress/testdata/check_example_audit_plugin_workflow_multiple.stdout --- sudo-1.8.31/plugins/python/regress/testdata/check_example_audit_plugin_workflow_multiple.stdout 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_audit_plugin_workflow_multiple.stdout 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,14 @@ +(AUDIT1) -- Started by user default (1000) -- +(AUDIT1) Requested command: id --help +(AUDIT2) -- Started by user default (1000) -- +(AUDIT2) Requested command: id --help +(AUDIT1) Accepted command: /sbin/id --help +(AUDIT1) By the plugin: accepter plugin name (type=POLICY) +(AUDIT1) Environment: KEY1=VALUE1 KEY2=VALUE2 +(AUDIT2) Accepted command: /sbin/id --help +(AUDIT2) By the plugin: accepter plugin name (type=POLICY) +(AUDIT2) Environment: KEY1=VALUE1 KEY2=VALUE2 +(AUDIT1) Command exited due to signal 11 +(AUDIT1) -- Finished -- +(AUDIT2) Command exited due to signal 11 +(AUDIT2) -- Finished -- diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_without_suspend.conversation sudo-1.9.0/plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_without_suspend.conversation --- sudo-1.8.31/plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_without_suspend.conversation 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_without_suspend.conversation 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,3 @@ +Question count: 2 +Question 0: <> (timeout: 120, msg_type=2) +Question 1: <> (timeout: 120, msg_type=5) diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_without_suspend.stdout sudo-1.9.0/plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_without_suspend.stdout --- sudo-1.8.31/plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_without_suspend.stdout 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_without_suspend.stdout 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1 @@ +Please provide your reason for executing ('/bin/whoami',) diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_without_suspend.stored sudo-1.9.0/plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_without_suspend.stored --- sudo-1.8.31/plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_without_suspend.stored 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_without_suspend.stored 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,3 @@ +Executed /bin/whoami +Reason: my fake reason +Hidden reason: my real secret reason diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_with_suspend.conversation sudo-1.9.0/plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_with_suspend.conversation --- sudo-1.8.31/plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_with_suspend.conversation 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_with_suspend.conversation 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,3 @@ +Question count: 2 +Question 0: <> (timeout: 120, msg_type=2) +Question 1: <> (timeout: 120, msg_type=5) diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_with_suspend.stdout sudo-1.9.0/plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_with_suspend.stdout --- sudo-1.8.31/plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_with_suspend.stdout 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_with_suspend.stdout 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,3 @@ +Please provide your reason for executing ('/bin/whoami',) +conversation suspend: signal SIGTSTP +conversation resume: signal was SIGCONT diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_with_suspend.stored sudo-1.9.0/plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_with_suspend.stored --- sudo-1.8.31/plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_with_suspend.stored 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_with_suspend.stored 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,3 @@ +Executed /bin/whoami +Reason: my fake reason +Hidden reason: my real secret reason diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_conversation_plugin_user_interrupts.conv sudo-1.9.0/plugins/python/regress/testdata/check_example_conversation_plugin_user_interrupts.conv --- sudo-1.8.31/plugins/python/regress/testdata/check_example_conversation_plugin_user_interrupts.conv 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_conversation_plugin_user_interrupts.conv 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,2 @@ +Question count: 2 +Question 0: <> (timeout: 120, msg_type=2) diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_conversation_plugin_user_interrupts.conversation sudo-1.9.0/plugins/python/regress/testdata/check_example_conversation_plugin_user_interrupts.conversation --- sudo-1.8.31/plugins/python/regress/testdata/check_example_conversation_plugin_user_interrupts.conversation 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_conversation_plugin_user_interrupts.conversation 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,2 @@ +Question count: 2 +Question 0: <> (timeout: 120, msg_type=2) diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_conversation_plugin_user_interrupts.stderr sudo-1.9.0/plugins/python/regress/testdata/check_example_conversation_plugin_user_interrupts.stderr --- sudo-1.8.31/plugins/python/regress/testdata/check_example_conversation_plugin_user_interrupts.stderr 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_conversation_plugin_user_interrupts.stderr 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1 @@ +You did not answer in time diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_conversation_plugin_user_interrupts.stdout sudo-1.9.0/plugins/python/regress/testdata/check_example_conversation_plugin_user_interrupts.stdout --- sudo-1.8.31/plugins/python/regress/testdata/check_example_conversation_plugin_user_interrupts.stdout 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_conversation_plugin_user_interrupts.stdout 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1 @@ +Please provide your reason for executing ('/bin/whoami',) diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_debugging_c_calls@diag.log sudo-1.9.0/plugins/python/regress/testdata/check_example_debugging_c_calls@diag.log --- sudo-1.8.31/plugins/python/regress/testdata/check_example_debugging_c_calls@diag.log 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_debugging_c_calls@diag.log 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,6 @@ +sudo.debug was called with arguments: (, 'My demo purpose plugin shows this ERROR level debug message') +sudo.debug was called with arguments: (, 'My demo purpose plugin shows this INFO level debug message') +LogHandler.emit was called with arguments: (<.*sudo.LogHandler.* +LogHandler.emit was called with arguments: (<.*sudo.LogHandler.* +sudo.options_as_dict was called with arguments: (('ModulePath=SRC_DIR/example_debugging.py', 'ClassName=DebugDemoPlugin'),) +sudo.options_as_dict returned result: \[('ClassName', 'DebugDemoPlugin'), ('ModulePath', 'SRC_DIR/example_debugging.py')\] diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_debugging_c_calls@info.log sudo-1.9.0/plugins/python/regress/testdata/check_example_debugging_c_calls@info.log --- sudo-1.8.31/plugins/python/regress/testdata/check_example_debugging_c_calls@info.log 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_debugging_c_calls@info.log 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,11 @@ +__init__ @ SRC_DIR/example_debugging.py:58 calls C function: +sudo.debug was called with arguments: (, 'My demo purpose plugin shows this ERROR level debug message') +__init__ @ SRC_DIR/example_debugging.py:63 calls C function: +sudo.debug was called with arguments: (, 'My demo purpose plugin shows this INFO level debug message') +handle @ .*/logging/__init__.py:[0-9]* calls C function: +LogHandler.emit was called with arguments: (<.*sudo.LogHandler.* +handle @ .*/logging/__init__.py:[0-9]* calls C function: +LogHandler.emit was called with arguments: (<.*sudo.LogHandler.* +__init__ @ SRC_DIR/example_debugging.py:85 calls C function: +sudo.options_as_dict was called with arguments: (('ModulePath=SRC_DIR/example_debugging.py', 'ClassName=DebugDemoPlugin'),) +sudo.options_as_dict returned result: \[('ClassName', 'DebugDemoPlugin'), ('ModulePath', 'SRC_DIR/example_debugging.py')\] diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_debugging_load@diag.log sudo-1.9.0/plugins/python/regress/testdata/check_example_debugging_load@diag.log --- sudo-1.8.31/plugins/python/regress/testdata/check_example_debugging_load@diag.log 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_debugging_load@diag.log 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,3 @@ +importing module: SRC_DIR/example_debugging.py +Extending python 'path' with 'SRC_DIR' +Deinit was called for a python plugin diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_debugging_plugin@err.log sudo-1.9.0/plugins/python/regress/testdata/check_example_debugging_plugin@err.log --- sudo-1.8.31/plugins/python/regress/testdata/check_example_debugging_plugin@err.log 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_debugging_plugin@err.log 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,2 @@ +My demo purpose plugin shows this ERROR level debug message +Python log system shows this ERROR level debug message diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_debugging_plugin@info.log sudo-1.9.0/plugins/python/regress/testdata/check_example_debugging_plugin@info.log --- sudo-1.8.31/plugins/python/regress/testdata/check_example_debugging_plugin@info.log 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_debugging_plugin@info.log 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,8 @@ +__init__ @ SRC_DIR/example_debugging.py:58 debugs: +My demo purpose plugin shows this ERROR level debug message +__init__ @ SRC_DIR/example_debugging.py:63 debugs: +My demo purpose plugin shows this INFO level debug message +handle @ .*/logging/__init__.py:[0-9]* debugs: +Python log system shows this ERROR level debug message +handle @ .*/logging/__init__.py:[0-9]* debugs: +Python log system shows this INFO level debug message diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_debugging_py_calls@diag.log sudo-1.9.0/plugins/python/regress/testdata/check_example_debugging_py_calls@diag.log --- sudo-1.8.31/plugins/python/regress/testdata/check_example_debugging_py_calls@diag.log 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_debugging_py_calls@diag.log 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,2 @@ +DebugDemoPlugin.__init__ was called with arguments: () \[('plugin_options', ('ModulePath=SRC_DIR/example_debugging.py', 'ClassName=DebugDemoPlugin')), ('settings', ('debug_flags=/tmp/sudo_check_python_exampleXXXXXX/debug.log py_calls@diag', 'plugin_path=python_plugin.so')), ('user_env', ()), ('user_info', ()), ('version', '1.0')\] +DebugDemoPlugin.__init__ returned result: diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_debugging_py_calls@info.log sudo-1.9.0/plugins/python/regress/testdata/check_example_debugging_py_calls@info.log --- sudo-1.8.31/plugins/python/regress/testdata/check_example_debugging_py_calls@info.log 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_debugging_py_calls@info.log 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,9 @@ +DebugDemoPlugin.__init__ was called with arguments: () \[('plugin_options', ('ModulePath=SRC_DIR/example_debugging.py', 'ClassName=DebugDemoPlugin')), ('settings', ('debug_flags=/tmp/sudo_check_python_exampleXXXXXX/debug.log py_calls@info', 'plugin_path=python_plugin.so')), ('user_env', ()), ('user_info', ()), ('version', '1.0')\] +DebugDemoPlugin.__init__ returned result: +DebugDemoPlugin function 'log_ttyin' is not implemented +DebugDemoPlugin function 'log_ttyout' is not implemented +DebugDemoPlugin function 'log_stdin' is not implemented +DebugDemoPlugin function 'log_stdout' is not implemented +DebugDemoPlugin function 'log_stderr' is not implemented +DebugDemoPlugin function 'change_winsize' is not implemented +DebugDemoPlugin function 'log_suspend' is not implemented diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_debugging_sudo_cb@info.log sudo-1.9.0/plugins/python/regress/testdata/check_example_debugging_sudo_cb@info.log --- sudo-1.8.31/plugins/python/regress/testdata/check_example_debugging_sudo_cb@info.log 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_debugging_sudo_cb@info.log 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1 @@ +Skipping close call, because there was no command run diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_group_plugin_is_able_to_debug.log sudo-1.9.0/plugins/python/regress/testdata/check_example_group_plugin_is_able_to_debug.log --- sudo-1.8.31/plugins/python/regress/testdata/check_example_group_plugin_is_able_to_debug.log 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_group_plugin_is_able_to_debug.log 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,4 @@ +.* +SudoGroupPlugin.__init__ returned result: +SudoGroupPlugin.query was called with arguments: ('user', 'group', ('pw_name', 'pw_passwd', 1001, 101, 'pw_gecos', 'pw_dir', 'pw_shell')) +SudoGroupPlugin.query returned result: RC.REJECT diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_io_plugin_command_log_multiple1.stored sudo-1.9.0/plugins/python/regress/testdata/check_example_io_plugin_command_log_multiple1.stored --- sudo-1.8.31/plugins/python/regress/testdata/check_example_io_plugin_command_log_multiple1.stored 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_io_plugin_command_log_multiple1.stored 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,16 @@ + -- Plugin STARTED -- +EXEC id --help +EXEC info \[ + "command=/bin/id", + "runas_uid=0" +\] +STD IN stdin for plugin 1 +STD OUT stdout for plugin 1 +STD ERR stderr for plugin 1 +SUSPEND SIGTSTP +SUSPEND SIGCONT +WINSIZE 20x10 +TTY IN tty input for plugin 1 +TTY OUT tty output for plugin 1 +CLOSE Command returned 1 + -- Plugin DESTROYED -- diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_io_plugin_command_log_multiple2.stored sudo-1.9.0/plugins/python/regress/testdata/check_example_io_plugin_command_log_multiple2.stored --- sudo-1.8.31/plugins/python/regress/testdata/check_example_io_plugin_command_log_multiple2.stored 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_io_plugin_command_log_multiple2.stored 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,16 @@ + -- Plugin STARTED -- +EXEC whoami +EXEC info \[ + "command=/bin/whoami", + "runas_uid=1" +\] +STD IN stdin for plugin 2 +STD OUT stdout for plugin 2 +STD ERR stderr for plugin 2 +SUSPEND SIGSTOP +SUSPEND SIGCONT +WINSIZE 30x40 +TTY IN tty input for plugin 2 +TTY OUT tty output for plugin 2 +CLOSE Command returned 2 + -- Plugin DESTROYED -- diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_io_plugin_command_log_multiple.stderr sudo-1.9.0/plugins/python/regress/testdata/check_example_io_plugin_command_log_multiple.stderr --- sudo-1.8.31/plugins/python/regress/testdata/check_example_io_plugin_command_log_multiple.stderr 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_io_plugin_command_log_multiple.stderr 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1 @@ +sudo: loading more than 8 sudo python IO plugins is not supported diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_io_plugin_command_log_multiple.stdout sudo-1.9.0/plugins/python/regress/testdata/check_example_io_plugin_command_log_multiple.stdout --- sudo-1.8.31/plugins/python/regress/testdata/check_example_io_plugin_command_log_multiple.stdout 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_io_plugin_command_log_multiple.stdout 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,2 @@ +Example sudo python plugin will log to /tmp/sudo_check_python_exampleXXXXXX/sudo.log +Example sudo python plugin will log to /tmp/sudo_check_python_exampleXXXXXX2/sudo.log diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_io_plugin_command_log.stdout sudo-1.9.0/plugins/python/regress/testdata/check_example_io_plugin_command_log.stdout --- sudo-1.8.31/plugins/python/regress/testdata/check_example_io_plugin_command_log.stdout 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_io_plugin_command_log.stdout 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1 @@ +Example sudo python plugin will log to /tmp/sudo_check_python_exampleXXXXXX/sudo.log diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_io_plugin_command_log.stored sudo-1.9.0/plugins/python/regress/testdata/check_example_io_plugin_command_log.stored --- sudo-1.8.31/plugins/python/regress/testdata/check_example_io_plugin_command_log.stored 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_io_plugin_command_log.stored 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,16 @@ + -- Plugin STARTED -- +EXEC id --help +EXEC info \[ + "command=/bin/id", + "runas_uid=0" +\] +STD IN some standard input +STD OUT some standard output +STD ERR some standard error +SUSPEND SIGTSTP +SUSPEND SIGCONT +WINSIZE 200x100 +TTY IN some tty input +TTY OUT some tty output +CLOSE Command returned 1 + -- Plugin DESTROYED -- diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_io_plugin_failed_to_start_command.stdout sudo-1.9.0/plugins/python/regress/testdata/check_example_io_plugin_failed_to_start_command.stdout --- sudo-1.8.31/plugins/python/regress/testdata/check_example_io_plugin_failed_to_start_command.stdout 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_io_plugin_failed_to_start_command.stdout 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1 @@ +Example sudo python plugin will log to /tmp/sudo_check_python_exampleXXXXXX/sudo.log diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_io_plugin_failed_to_start_command.stored sudo-1.9.0/plugins/python/regress/testdata/check_example_io_plugin_failed_to_start_command.stored --- sudo-1.8.31/plugins/python/regress/testdata/check_example_io_plugin_failed_to_start_command.stored 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_io_plugin_failed_to_start_command.stored 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,8 @@ + -- Plugin STARTED -- +EXEC cmd +EXEC info \[ + "command=/usr/share/cmd", + "runas_uid=0" +\] +CLOSE Failed to execute, execve returned 1 (EPERM) + -- Plugin DESTROYED -- diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_io_plugin_fails_with_python_backtrace.stderr sudo-1.9.0/plugins/python/regress/testdata/check_example_io_plugin_fails_with_python_backtrace.stderr --- sudo-1.8.31/plugins/python/regress/testdata/check_example_io_plugin_fails_with_python_backtrace.stderr 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_io_plugin_fails_with_python_backtrace.stderr 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1 @@ +Failed to construct plugin instance: (FileNotFoundError) \[Errno 2\] No such file or directory: '/some/not/writable/directory/sudo.log' diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_io_plugin_fails_with_python_backtrace.stdout sudo-1.9.0/plugins/python/regress/testdata/check_example_io_plugin_fails_with_python_backtrace.stdout --- sudo-1.8.31/plugins/python/regress/testdata/check_example_io_plugin_fails_with_python_backtrace.stdout 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_io_plugin_fails_with_python_backtrace.stdout 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,7 @@ +Example sudo python plugin will log to /some/not/writable/directory/sudo.log +Traceback: + File "SRC_DIR/example_io_plugin.py", line 64, in __init__ + self._open_log_file(path.join(log_path, "sudo.log")) + File "SRC_DIR/example_io_plugin.py", line 134, in _open_log_file + self._log_file = open(log_path, "a") + diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_io_plugin_version_display_full.stdout sudo-1.9.0/plugins/python/regress/testdata/check_example_io_plugin_version_display_full.stdout --- sudo-1.8.31/plugins/python/regress/testdata/check_example_io_plugin_version_display_full.stdout 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_io_plugin_version_display_full.stdout 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,3 @@ +Example sudo python plugin will log to /tmp/sudo_check_python_exampleXXXXXX/sudo.log +Python io plugin (API 1.0): SudoIOPlugin (loaded from 'SRC_DIR/example_io_plugin.py') +Python Example IO Plugin version: 1.0 diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_io_plugin_version_display.stdout sudo-1.9.0/plugins/python/regress/testdata/check_example_io_plugin_version_display.stdout --- sudo-1.8.31/plugins/python/regress/testdata/check_example_io_plugin_version_display.stdout 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_io_plugin_version_display.stdout 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,2 @@ +Example sudo python plugin will log to /tmp/sudo_check_python_exampleXXXXXX/sudo.log +Python Example IO Plugin version: 1.0 diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_io_plugin_version_display.stored sudo-1.9.0/plugins/python/regress/testdata/check_example_io_plugin_version_display.stored --- sudo-1.8.31/plugins/python/regress/testdata/check_example_io_plugin_version_display.stored 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_io_plugin_version_display.stored 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,2 @@ + -- Plugin STARTED -- + -- Plugin DESTROYED -- diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_policy_plugin_accepted_execution.stdout sudo-1.9.0/plugins/python/regress/testdata/check_example_policy_plugin_accepted_execution.stdout --- sudo-1.8.31/plugins/python/regress/testdata/check_example_policy_plugin_accepted_execution.stdout 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_policy_plugin_accepted_execution.stdout 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1 @@ +The command returned with exit_status 3 diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_policy_plugin_denied_execution.stderr sudo-1.9.0/plugins/python/regress/testdata/check_example_policy_plugin_denied_execution.stderr --- sudo-1.8.31/plugins/python/regress/testdata/check_example_policy_plugin_denied_execution.stderr 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_policy_plugin_denied_execution.stderr 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1 @@ +You are not allowed to run this command! diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_policy_plugin_failed_execution.stderr sudo-1.9.0/plugins/python/regress/testdata/check_example_policy_plugin_failed_execution.stderr --- sudo-1.8.31/plugins/python/regress/testdata/check_example_policy_plugin_failed_execution.stderr 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_policy_plugin_failed_execution.stderr 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1 @@ +Failed to execute command, execve syscall returned 2 (ENOENT) diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_policy_plugin_list.stdout sudo-1.9.0/plugins/python/regress/testdata/check_example_policy_plugin_list.stdout --- sudo-1.8.31/plugins/python/regress/testdata/check_example_policy_plugin_list.stdout 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_policy_plugin_list.stdout 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,25 @@ +-- minimal -- +Only the following commands are allowed: id, whoami + +-- minimal (verbose) -- +Only the following commands are allowed: id, whoami + +-- with user -- +Only the following commands are allowed: id, whoami as user 'testuser' + +-- with user (verbose) -- +Only the following commands are allowed: id, whoami as user 'testuser' + +-- with allowed program -- +You are allowed to execute command '/bin/id' + +-- with allowed program (verbose) -- +You are allowed to execute command '/bin/id' +Only the following commands are allowed: id, whoami + +-- with denied program -- +You are NOT allowed to execute command '/bin/passwd' + +-- with denied program (verbose) -- +You are NOT allowed to execute command '/bin/passwd' +Only the following commands are allowed: id, whoami diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_policy_plugin_validate_invalidate.log sudo-1.9.0/plugins/python/regress/testdata/check_example_policy_plugin_validate_invalidate.log --- sudo-1.8.31/plugins/python/regress/testdata/check_example_policy_plugin_validate_invalidate.log 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_policy_plugin_validate_invalidate.log 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,8 @@ +SudoPolicyPlugin.__init__ was called with arguments: () \[('plugin_options', ('ModulePath=SRC_DIR/example_policy_plugin.py', 'ClassName=SudoPolicyPlugin')), ('settings', ()), ('user_env', ()), ('user_info', ()), ('version', '1.0')\] +SudoPolicyPlugin.__init__ returned result: +SudoPolicyPlugin.validate was called with arguments: () +SudoPolicyPlugin.validate returned result: None +SudoPolicyPlugin.invalidate was called with arguments: (1,) +SudoPolicyPlugin.invalidate returned result: None +SudoPolicyPlugin.invalidate was called with arguments: (0,) +SudoPolicyPlugin.invalidate returned result: None diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_policy_plugin_version_display_full.stdout sudo-1.9.0/plugins/python/regress/testdata/check_example_policy_plugin_version_display_full.stdout --- sudo-1.8.31/plugins/python/regress/testdata/check_example_policy_plugin_version_display_full.stdout 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_policy_plugin_version_display_full.stdout 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,2 @@ +Python policy plugin (API 1.0): SudoPolicyPlugin (loaded from 'SRC_DIR/example_policy_plugin.py') +Python Example Policy Plugin version: 1.0 diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_example_policy_plugin_version_display.stdout sudo-1.9.0/plugins/python/regress/testdata/check_example_policy_plugin_version_display.stdout --- sudo-1.8.31/plugins/python/regress/testdata/check_example_policy_plugin_version_display.stdout 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_example_policy_plugin_version_display.stdout 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1 @@ +Python Example Policy Plugin version: 1.0 diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_loading_fails_missing_classname.stderr sudo-1.9.0/plugins/python/regress/testdata/check_loading_fails_missing_classname.stderr --- sudo-1.8.31/plugins/python/regress/testdata/check_loading_fails_missing_classname.stderr 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_loading_fails_missing_classname.stderr 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,3 @@ +No plugin class is specified for python module 'SRC_DIR/regress/plugin_errorstr.py'. Use 'ClassName' configuration option in 'sudo.conf' +Possible plugins: ConstructErrorPlugin, ErrorMsgPlugin +Failed during loading plugin class diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_loading_fails_missing_path.stderr sudo-1.9.0/plugins/python/regress/testdata/check_loading_fails_missing_path.stderr --- sudo-1.8.31/plugins/python/regress/testdata/check_loading_fails_missing_path.stderr 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_loading_fails_missing_path.stderr 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,2 @@ +No python module path is specified. Use 'ModulePath' plugin config option in 'sudo.conf' +Failed during loading plugin class diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_loading_fails_not_owned_by_root.stderr sudo-1.9.0/plugins/python/regress/testdata/check_loading_fails_not_owned_by_root.stderr --- sudo-1.8.31/plugins/python/regress/testdata/check_loading_fails_not_owned_by_root.stderr 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_loading_fails_not_owned_by_root.stderr 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1 @@ +Failed during loading plugin class: (ImportError) File 'SRC_DIR/example_debugging.py' must be owned by uid 0 diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_loading_fails_wrong_classname.stderr sudo-1.9.0/plugins/python/regress/testdata/check_loading_fails_wrong_classname.stderr --- sudo-1.8.31/plugins/python/regress/testdata/check_loading_fails_wrong_classname.stderr 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_loading_fails_wrong_classname.stderr 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,2 @@ +Failed to find plugin class 'MispelledPluginName' +Failed during loading plugin class: (AttributeError) .* has no attribute 'MispelledPluginName' diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_loading_fails_wrong_path.stderr sudo-1.9.0/plugins/python/regress/testdata/check_loading_fails_wrong_path.stderr --- sudo-1.8.31/plugins/python/regress/testdata/check_loading_fails_wrong_path.stderr 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_loading_fails_wrong_path.stderr 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1 @@ +Failed during loading plugin class: ([^)]*) No module named 'wrong_path' diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_loading_succeeds_with_missing_classname.stdout sudo-1.9.0/plugins/python/regress/testdata/check_loading_succeeds_with_missing_classname.stdout --- sudo-1.8.31/plugins/python/regress/testdata/check_loading_succeeds_with_missing_classname.stdout 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_loading_succeeds_with_missing_classname.stdout 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1 @@ +Python io plugin (API 1.0): DebugDemoPlugin (loaded from 'SRC_DIR/example_debugging.py') diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_multiple_approval_plugin_and_arguments.stderr sudo-1.9.0/plugins/python/regress/testdata/check_multiple_approval_plugin_and_arguments.stderr --- sudo-1.8.31/plugins/python/regress/testdata/check_multiple_approval_plugin_and_arguments.stderr 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_multiple_approval_plugin_and_arguments.stderr 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1 @@ +sudo: loading more than 8 sudo python approval plugins is not supported diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_multiple_approval_plugin_and_arguments.stdout sudo-1.9.0/plugins/python/regress/testdata/check_multiple_approval_plugin_and_arguments.stdout --- sudo-1.8.31/plugins/python/regress/testdata/check_multiple_approval_plugin_and_arguments.stdout 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_multiple_approval_plugin_and_arguments.stdout 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,67 @@ +(APPROVAL 1) Constructed: +{ + "_id": "(APPROVAL 1)", + "plugin_options": \[ + "ModulePath=SRC_DIR/regress/plugin_approval_test.py", + "ClassName=ApprovalTestPlugin", + "Id=1" + \], + "settings": \[ + "SETTING1=VALUE1", + "setting2=value2" + \], + "submit_argv": \[ + "sudo", + "-u", + "user", + "whoami", + "--help" + \], + "submit_optind": 3, + "user_env": \[ + "USER_ENV1=VALUE1", + "USER_ENV2=value2" + \], + "user_info": \[ + "INFO1=VALUE1", + "info2=value2" + \], + "version": "1.15" +} +(APPROVAL 2) Constructed: +{ + "_id": "(APPROVAL 2)", + "plugin_options": \[ + "ModulePath=SRC_DIR/regress/plugin_approval_test.py", + "ClassName=ApprovalTestPlugin", + "Id=2" + \], + "settings": \[ + "SETTING1=VALUE1", + "setting2=value2" + \], + "submit_argv": \[ + "sudo", + "-u", + "user", + "whoami", + "--help" + \], + "submit_optind": 3, + "user_env": \[ + "USER_ENV1=VALUE1", + "USER_ENV2=value2" + \], + "user_info": \[ + "INFO1=VALUE1", + "info2=value2" + \], + "version": "1.15" +} +(APPROVAL 1) Show version was called with arguments: (0,) +Python approval plugin (API 1.0): ApprovalTestPlugin (loaded from 'SRC_DIR/regress/plugin_approval_test.py') +(APPROVAL 2) Show version was called with arguments: (1,) +(APPROVAL 1) Check was called with arguments: (('CMDINFO1=value1', 'CMDINFO2=VALUE2'), ('whoami', '--help'), ('USER_ENV1=VALUE1', 'USER_ENV2=value2')) +(APPROVAL 2) Check was called with arguments: (('CMDINFO1=value1', 'CMDINFO2=VALUE2'), ('whoami', '--help'), ('USER_ENV1=VALUE1', 'USER_ENV2=value2')) +(APPROVAL 1) Destructed successfully +(APPROVAL 2) Destructed successfully diff -Nru sudo-1.8.31/plugins/python/regress/testdata/check_python_plugins_do_not_affect_each_other.stdout sudo-1.9.0/plugins/python/regress/testdata/check_python_plugins_do_not_affect_each_other.stdout --- sudo-1.8.31/plugins/python/regress/testdata/check_python_plugins_do_not_affect_each_other.stdout 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/check_python_plugins_do_not_affect_each_other.stdout 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,4 @@ +PATH before: \[\] (should be empty) +PATH set: \['path_for_first_plugin'\] +PATH before: \[\] (should be empty) +PATH set: \['path_for_second_plugin'\] diff -Nru sudo-1.8.31/plugins/python/regress/testdata/sudo.conf.developer_mode sudo-1.9.0/plugins/python/regress/testdata/sudo.conf.developer_mode --- sudo-1.8.31/plugins/python/regress/testdata/sudo.conf.developer_mode 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/sudo.conf.developer_mode 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1 @@ +Set developer_mode true diff -Nru sudo-1.8.31/plugins/python/regress/testdata/sudo.conf.normal_mode sudo-1.9.0/plugins/python/regress/testdata/sudo.conf.normal_mode --- sudo-1.8.31/plugins/python/regress/testdata/sudo.conf.normal_mode 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testdata/sudo.conf.normal_mode 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1 @@ +Set developer_mode false diff -Nru sudo-1.8.31/plugins/python/regress/testhelpers.c sudo-1.9.0/plugins/python/regress/testhelpers.c --- sudo-1.8.31/plugins/python/regress/testhelpers.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testhelpers.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,269 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2020 Robert Manner + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include "testhelpers.h" + +const char *sudo_conf_developer_mode = TESTDATA_DIR "sudo.conf.developer_mode"; +const char *sudo_conf_normal_mode = TESTDATA_DIR "sudo.conf.normal_mode"; + +struct TestData data; + +static void +clean_output(char *output) +{ + // we replace some output which otherwise would be test run dependent + str_replace_in_place(output, MAX_OUTPUT, data.tmp_dir, TEMP_PATH_TEMPLATE); + + if (data.tmp_dir2) + str_replace_in_place(output, MAX_OUTPUT, data.tmp_dir2, TEMP_PATH_TEMPLATE "2"); + + str_replace_in_place(output, MAX_OUTPUT, SRC_DIR, "SRC_DIR"); +} + +const char * +expected_path(const char *format, ...) +{ + static char expected_output_file[PATH_MAX]; + size_t dirlen = strlcpy(expected_output_file, TESTDATA_DIR, sizeof(expected_output_file)); + + va_list args; + va_start(args, format); + vsnprintf(expected_output_file + dirlen, PATH_MAX - dirlen, format, args); + va_end(args); + + return expected_output_file; +} + +char ** +create_str_array(size_t count, ...) +{ + va_list args; + + va_start(args, count); + + char ** result = calloc(count, sizeof(char *)); + for (size_t i = 0; i < count; ++i) { + const char *str = va_arg(args, char *); + result[i] = (str == NULL ? NULL : strdup(str)); + } + + va_end(args); + return result; +} + +int +is_update(void) +{ + static int result = -1; + if (result < 0) { + const char *update = getenv("UPDATE_TESTDATA"); + result = (update && strcmp(update, "1") == 0) ? 1 : 0; + } + return result; +} + +int +verify_content(char *actual_content, const char *reference_path) +{ + clean_output(actual_content); + + if (is_update()) { + VERIFY_TRUE(fwriteall(reference_path, actual_content)); + } else { + char expected_output[MAX_OUTPUT] = ""; + if (!freadall(reference_path, expected_output, sizeof(expected_output))) { + printf("Error: Missing test data at '%s'\n", reference_path); + return false; + } + VERIFY_STR(actual_content, expected_output); + } + + return true; +} + +int +verify_file(const char *actual_dir, const char *actual_file_name, const char *reference_path) +{ + char actual_path[PATH_MAX]; + snprintf(actual_path, sizeof(actual_path), "%s/%s", actual_dir, actual_file_name); + + char actual_str[MAX_OUTPUT]; + if (!freadall(actual_path, actual_str, sizeof(actual_str))) { + printf("Expected that file '%s' gets created, but it was not\n", actual_path); + return false; + } + + int rc = verify_content(actual_str, reference_path); + return rc; +} + +int +fake_conversation(int num_msgs, const struct sudo_conv_message msgs[], + struct sudo_conv_reply replies[], struct sudo_conv_callback *callback) +{ + (void) callback; + snprintf_append(data.conv_str, MAX_OUTPUT, "Question count: %d\n", num_msgs); + for (int i = 0; i < num_msgs; ++i) { + const struct sudo_conv_message *msg = &msgs[i]; + snprintf_append(data.conv_str, MAX_OUTPUT, "Question %d: <<%s>> (timeout: %d, msg_type=%d)\n", + i, msg->msg, msg->timeout, msg->msg_type); + + if (data.conv_replies[i] == NULL) + return 1; // simulates user interruption (conversation error) + + replies[i].reply = strdup(data.conv_replies[i]); + } + + return 0; // simulate user answered just fine +} + +int +fake_conversation_with_suspend(int num_msgs, const struct sudo_conv_message msgs[], + struct sudo_conv_reply replies[], struct sudo_conv_callback *callback) +{ + if (callback != NULL) { + callback->on_suspend(SIGTSTP, callback->closure); + callback->on_resume(SIGCONT, callback->closure); + } + + return fake_conversation(num_msgs, msgs, replies, callback); +} + +int +fake_printf(int msg_type, const char *fmt, ...) +{ + int rc = -1; + va_list args; + va_start(args, fmt); + + char *output = NULL; + switch(msg_type) { + case SUDO_CONV_INFO_MSG: + output = data.stdout_str; + break; + case SUDO_CONV_ERROR_MSG: + output = data.stderr_str; + break; + default: + break; + } + + if (output) + rc = vsnprintf_append(output, MAX_OUTPUT, fmt, args); + + va_end(args); + return rc; +} + +int +verify_log_lines(const char *reference_path) +{ + char stored_path[PATH_MAX]; + snprintf(stored_path, sizeof(stored_path), "%s/%s", data.tmp_dir, "debug.log"); + + FILE *file = fopen(stored_path, "rb"); + if (file == NULL) { + printf("Failed to open file '%s'\n", stored_path); + return false; + } + + char line[1024] = ""; + char stored_str[MAX_OUTPUT] = ""; + while(fgets(line, sizeof(line), file) != NULL) { + const char *line_data = strstr(line, "] "); // this skips the timestamp and pid at the beginning + VERIFY_NOT_NULL(line_data); // malformed log line + line_data += 2; + + char *line_end = strstr(line_data, " object at "); // this skips checking the pointer hex + if (line_end) + snprintf(line_end, sizeof(line) - (line_end - line), " object>\n"); + + VERIFY_TRUE(strlcat(stored_str, line_data, sizeof(stored_str)) < sizeof(stored_str)); // we have enough space in buffer + } + + clean_output(stored_str); + + VERIFY_TRUE(verify_content(stored_str, reference_path)); + return true; +} + +int +verify_str_set(char **actual_set, char **expected_set, const char *actual_variable_name) +{ + VERIFY_NOT_NULL(actual_set); + VERIFY_NOT_NULL(expected_set); + + int actual_len = str_array_count(actual_set); + int expected_len = str_array_count(expected_set); + + int matches = false; + if (actual_len == expected_len) { + int actual_pos = 0; + for (; actual_pos < actual_len; ++actual_pos) { + char *actual_item = actual_set[actual_pos]; + + int expected_pos = 0; + for (; expected_pos < expected_len; ++expected_pos) { + if (strcmp(actual_item, expected_set[expected_pos]) == 0) + break; + } + + if (expected_pos == expected_len) { + // matching item was not found + break; + } + } + + matches = (actual_pos == actual_len); + } + + if (!matches) { + char actual_set_str[MAX_OUTPUT] = ""; + char expected_set_str[MAX_OUTPUT] = ""; + str_array_snprint(actual_set_str, MAX_OUTPUT, actual_set, actual_len); + str_array_snprint(expected_set_str, MAX_OUTPUT, expected_set, expected_len); + + VERIFY_PRINT_MSG("%s", actual_variable_name, actual_set_str, "expected", + expected_set_str, "expected to contain the same elements as"); + return false; + } + + return true; +} + +int +mock_python_datetime_now(const char *plugin_name, const char *date_str) +{ + char *cmd = NULL; + asprintf(&cmd, "import %s\n" // the plugin has its own submodule + "from datetime import datetime\n" // store the real datetime + "import time\n" + "from unittest.mock import Mock\n" + "%s.datetime = Mock()\n" // replace plugin's datetime + "%s.datetime.now = lambda: datetime.strptime('%s', '%%Y-%%m-%%dT%%H:%%M:%%S')\n", + plugin_name, plugin_name, plugin_name, date_str); + VERIFY_PTR_NE(cmd, NULL); + VERIFY_INT(PyRun_SimpleString(cmd), 0); + free(cmd); + return true; +} diff -Nru sudo-1.8.31/plugins/python/regress/testhelpers.h sudo-1.9.0/plugins/python/regress/testhelpers.h --- sudo-1.8.31/plugins/python/regress/testhelpers.h 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/regress/testhelpers.h 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,191 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2020 Robert Manner + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef PYTHON_TESTHELPERS +#define PYTHON_TESTHELPERS + +#include "iohelpers.h" + +#include "../pyhelpers.h" + +#include "sudo_conf.h" + +// just for the IDE +#ifndef SRC_DIR +#define SRC_DIR "" +#endif +#define TESTDATA_DIR SRC_DIR "/regress/testdata/" + +extern const char *sudo_conf_developer_mode; +extern const char *sudo_conf_normal_mode; + +#define TEMP_PATH_TEMPLATE "/tmp/sudo_check_python_exampleXXXXXX" + +extern struct TestData { + char *tmp_dir; + char *tmp_dir2; + char stdout_str[MAX_OUTPUT]; + char stderr_str[MAX_OUTPUT]; + + char conv_str[MAX_OUTPUT]; + const char *conv_replies[8]; + + // some example test data used by multiple test cases: + char ** settings; + char ** user_info; + char ** command_info; + char ** plugin_argv; + int plugin_argc; + char ** user_env; + char ** plugin_options; +} data; + +const char * expected_path(const char *format, ...); + +char ** create_str_array(size_t count, ...); + +#define RUN_TEST(testcase) \ + do { \ + int success = 1; \ + printf("Running test " #testcase " ... \n"); \ + if (!init()) { \ + printf("FAILED: initialization of testcase %s at %s:%d\n", #testcase, __FILE__, __LINE__); \ + success = 0; \ + } else \ + if (!testcase) { \ + printf("FAILED: testcase %s at %s:%d\n", #testcase, __FILE__, __LINE__); \ + success = 0; \ + } \ + if (!cleanup(success)) { \ + printf("FAILED: deitialization of testcase %s at %s:%d\n", #testcase, __FILE__, __LINE__); \ + success = 0; \ + } \ + if (!success) \ + errors++; \ + } while(false) + +#define VERIFY_PRINT_MSG(fmt, actual_str, actual, expected_str, expected, expected_to_be_message) \ + printf("Expectation failed at %s:%d:\n actual is <<" fmt ">>: %s\n %s <<" fmt ">>: %s\n", \ + __FILE__, __LINE__, actual, actual_str, expected_to_be_message, expected, expected_str) + +#define VERIFY_CUSTOM(fmt, type, actual, expected, invert) \ + do { \ + type actual_value = (type)(actual); \ + int failed = (actual_value != expected); \ + if (invert) \ + failed = !failed; \ + if (failed) { \ + VERIFY_PRINT_MSG(fmt, #actual, actual_value, #expected, expected, invert ? "not expected to be" : "expected to be"); \ + return false; \ + } \ + } while(false) + +#define VERIFY_EQ(fmt, type, actual, expected) VERIFY_CUSTOM(fmt, type, actual, expected, false) +#define VERIFY_NE(fmt, type, actual, not_expected) VERIFY_CUSTOM(fmt, type, actual, not_expected, true) + +#define VERIFY_INT(actual, expected) VERIFY_EQ("%d", int, actual, expected) + +#define VERIFY_PTR(actual, expected) VERIFY_EQ("%p", const void *, (const void *)actual, (const void *)expected) +#define VERIFY_PTR_NE(actual, not_expected) VERIFY_NE("%p", const void *, (const void *)actual, (const void *)not_expected) + +#define VERIFY_TRUE(actual) VERIFY_NE("%d", int, actual, 0) +#define VERIFY_FALSE(actual) VERIFY_INT(actual, false) + +#define VERIFY_NOT_NULL(actual) VERIFY_NE("%p", const void *, actual, NULL) + +#define VERIFY_STR(actual, expected) \ + do { \ + const char *actual_str = actual; \ + regex_t regex; \ + int result = 0; \ + if (!actual_str) { \ + result = -1; \ + } else if (*expected == '\0') { \ + result = strcmp(actual_str, expected); \ + } else { \ + if ((result = regcomp(®ex, expected, REG_NOSUB)) != 0) { \ + char errbuf[1024]; \ + regerror(result, ®ex, errbuf, sizeof(errbuf)); \ + fprintf(stderr, "regcomp failed at %s:%d: %s\npattern: %s\n", \ + __FILE__, __LINE__, errbuf, expected); \ + } else { \ + result = regexec(®ex, actual_str, 0, NULL, 0); \ + regfree(®ex); \ + } \ + } \ + if (result != 0) { \ + VERIFY_PRINT_MSG("%s", #actual, actual_str ? actual_str : "(null)", #expected, expected, "expected to be"); \ + return false; \ + } \ + } while(false) + +#define VERIFY_STR_CONTAINS(actual, expected) \ + do { \ + const char *actual_str = actual; \ + if (!actual_str || strstr(actual_str, expected) == NULL) { \ + VERIFY_PRINT_MSG("%s", #actual, actual_str ? actual_str : "(null)", #expected, expected, "expected to contain the string"); \ + return false; \ + } \ + } while(false) + +int is_update(void); + +int verify_content(char *actual_content, const char *reference_path); + +#define VERIFY_CONTENT(actual_output, reference_path) \ + VERIFY_TRUE(verify_content(actual_output, reference_path)) + +#define VERIFY_STDOUT(reference_path) \ + VERIFY_CONTENT(data.stdout_str, reference_path) + +#define VERIFY_STDERR(reference_path) \ + VERIFY_CONTENT(data.stderr_str, reference_path) + +#define VERIFY_CONV(reference_name) \ + VERIFY_CONTENT(data.conv_str, reference_name) + +int verify_file(const char *actual_dir, const char *actual_file_name, const char *reference_path); + +#define VERIFY_FILE(actual_file_name, reference_path) \ + VERIFY_TRUE(verify_file(data.tmp_dir, actual_file_name, reference_path)) + +int fake_conversation(int num_msgs, const struct sudo_conv_message msgs[], + struct sudo_conv_reply replies[], struct sudo_conv_callback *callback); + +int fake_conversation_with_suspend(int num_msgs, const struct sudo_conv_message msgs[], + struct sudo_conv_reply replies[], struct sudo_conv_callback *callback); + +int fake_printf(int msg_type, const char *fmt, ...); + +int verify_log_lines(const char *reference_path); + +int mock_python_datetime_now(const char *plugin_name, const char *date_str); + +#define VERIFY_LOG_LINES(reference_path) \ + VERIFY_TRUE(verify_log_lines(reference_path)) + +int verify_str_set(char **actual_set, char **expected_set, const char *actual_variable_name); + +#define VERIFY_STR_SET(actual_set, ...) \ + do { \ + char **expected_set = create_str_array(__VA_ARGS__); \ + VERIFY_TRUE(verify_str_set(actual_set, expected_set, #actual_set)); \ + str_array_free(&expected_set); \ + } while(false) + +#endif // PYTHON_TESTHELPERS diff -Nru sudo-1.8.31/plugins/python/sudo_python_debug.c sudo-1.9.0/plugins/python/sudo_python_debug.c --- sudo-1.8.31/plugins/python/sudo_python_debug.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/sudo_python_debug.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,132 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#ifdef HAVE_STRING_H + # include +#endif + +#include +#include + +#include "sudo_gettext.h" +#include "sudo_compat.h" +#include "sudo_python_debug.h" +#include "sudo_queue.h" +#include "sudo_conf.h" +#include "sudo_fatal.h" + + +static int python_debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER; +static unsigned int python_debug_refcnt; + +static const char *const python_subsystem_names[] = { + "py_calls", // logs c -> py calls + "c_calls", // logs py -> c calls + "load", // logs python plugin loading / unloading + "sudo_cb", // logs sudo callback calls + "internal", // logs internal functions of the language wrapper plugin + "plugin", // logs whatever log the python module would like to log through sudo.debug API + NULL +}; + +#define NUM_SUBSYSTEMS sizeof(python_subsystem_names) / sizeof(*python_subsystem_names) - 1 + +/* Subsystem IDs assigned at registration time. */ +int python_subsystem_ids[NUM_SUBSYSTEMS]; + +/* + * Parse the "filename flags,..." debug_flags entry and insert a new + * sudo_debug_file struct into debug_files. + */ +bool +python_debug_parse_flags(struct sudo_conf_debug_file_list *debug_files, + const char *entry) +{ + /* Already initialized? */ + if (python_debug_instance != SUDO_DEBUG_INSTANCE_INITIALIZER) + return true; + + return sudo_debug_parse_flags(debug_files, entry) != -1; +} + +/* + * Register the specified debug files and program with the + * debug subsystem, freeing the debug list when done. + * Sets the active debug instance as a side effect. + */ +bool +python_debug_register(const char *program, + struct sudo_conf_debug_file_list *debug_files) +{ + int instance = python_debug_instance; + struct sudo_debug_file *debug_file, *debug_next; + + /* Setup debugging if indicated. */ + if (debug_files != NULL && !TAILQ_EMPTY(debug_files)) { + if (program != NULL) { + instance = sudo_debug_register(program, python_subsystem_names, + (unsigned int *)python_subsystem_ids, debug_files); + } + TAILQ_FOREACH_SAFE(debug_file, debug_files, entries, debug_next) { + TAILQ_REMOVE(debug_files, debug_file, entries); + free(debug_file->debug_file); + free(debug_file->debug_flags); + free(debug_file); + } + } + + switch (instance) { + case SUDO_DEBUG_INSTANCE_ERROR: + return false; + case SUDO_DEBUG_INSTANCE_INITIALIZER: + /* Nothing to do */ + break; + default: + /* New debug instance or additional reference on existing one. */ + python_debug_instance = instance; + sudo_debug_set_active_instance(python_debug_instance); + python_debug_refcnt++; + break; + } + + return true; +} + +/* + * Deregister python_debug_instance if it is registered. + */ +void +python_debug_deregister(void) +{ + debug_decl(python_debug_deregister, PYTHON_DEBUG_INTERNAL); + + if (python_debug_refcnt != 0) { + sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys); + if (--python_debug_refcnt == 0) { + if (sudo_debug_deregister(python_debug_instance) < 1) + python_debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER; + } + } +} diff -Nru sudo-1.8.31/plugins/python/sudo_python_debug.h sudo-1.9.0/plugins/python/sudo_python_debug.h --- sudo-1.8.31/plugins/python/sudo_python_debug.h 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/sudo_python_debug.h 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,47 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2014 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef SUDO_PYTHON_DEBUG_H +#define SUDO_PYTHON_DEBUG_H + +#include +#include "sudo_debug.h" + +/* + * Sudo python plugin debug subsystems. + * Note that python_subsystem_ids[] is filled in at debug registration time. + */ +extern int python_subsystem_ids[]; +#define PYTHON_DEBUG_PY_CALLS (python_subsystem_ids[0]) +#define PYTHON_DEBUG_C_CALLS (python_subsystem_ids[1]) +#define PYTHON_DEBUG_PLUGIN_LOAD (python_subsystem_ids[2]) +#define PYTHON_DEBUG_CALLBACKS (python_subsystem_ids[3]) +#define PYTHON_DEBUG_INTERNAL (python_subsystem_ids[4]) +#define PYTHON_DEBUG_PLUGIN (python_subsystem_ids[5]) + +bool python_debug_parse_flags(struct sudo_conf_debug_file_list *debug_files, const char *entry); +bool python_debug_register(const char *program, struct sudo_conf_debug_file_list *debug_files); +void python_debug_deregister(void); + +#define debug_return_ptr_pynone \ + do { \ + Py_INCREF(Py_None); \ + debug_return_ptr(Py_None); \ + } while(0) + +#endif /* SUDO_PYTHON_DEBUG_H */ diff -Nru sudo-1.8.31/plugins/python/sudo_python_module.c sudo-1.9.0/plugins/python/sudo_python_module.c --- sudo-1.8.31/plugins/python/sudo_python_module.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/sudo_python_module.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,608 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019 Robert Manner + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include "sudo_python_module.h" + +#define EXC_VAR(exception_name) sudo_exc_ ## exception_name +#define TYPE_VAR(type_name) &sudo_type_ ## type_name + +// exceptions: +PyObject *sudo_exc_SudoException; +PyObject *sudo_exc_PluginException; +PyObject *sudo_exc_PluginError; +PyObject *sudo_exc_PluginReject; +static PyObject *sudo_exc_ConversationInterrupted; + +// the methods exposed in the "sudo" python module +// "args" is a tuple (~= const list) containing all the unnamed arguments +// "kwargs" is a dict of the keyword arguments or NULL if there are none +static PyObject *python_sudo_log_info(PyObject *py_self, PyObject *py_args, PyObject *py_kwargs); +static PyObject *python_sudo_log_error(PyObject *py_self, PyObject *py_args, PyObject *py_kwargs); +static PyObject *python_sudo_conversation(PyObject *py_self, PyObject *py_args, PyObject *py_kwargs); +static PyObject *python_sudo_options_as_dict(PyObject *py_self, PyObject *py_args); +static PyObject *python_sudo_options_from_dict(PyObject *py_self, PyObject *py_args); + +static PyMethodDef sudo_methods[] = { + {"debug", (PyCFunction)python_sudo_debug, METH_VARARGS, "Debug messages which can be saved to file in sudo.conf."}, + {"log_info", (PyCFunction)python_sudo_log_info, METH_VARARGS | METH_KEYWORDS, "Display informational messages."}, + {"log_error", (PyCFunction)python_sudo_log_error, METH_VARARGS | METH_KEYWORDS, "Display error messages."}, + {"conv", (PyCFunction)python_sudo_conversation, METH_VARARGS | METH_KEYWORDS, "Interact with the user"}, + {"options_as_dict", python_sudo_options_as_dict, METH_VARARGS, "Convert a string tuple in key=value format to a dictionary."}, + {"options_from_dict", python_sudo_options_from_dict, METH_VARARGS, "Convert a dictionary to a tuple of strings in key=value format."}, + {NULL, NULL, 0, NULL} /* Sentinel */ +}; + +static struct PyModuleDef sudo_module = { + PyModuleDef_HEAD_INIT, + "sudo", /* name of module */ + NULL, /* module documentation, may be NULL */ + -1, /* size of per-interpreter state of the module, + or -1 if the module keeps state in global variables. */ + sudo_methods, + NULL, /* slots */ + NULL, /* traverse */ + NULL, /* clear */ + NULL /* free */ +}; + +CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION +static int +_parse_log_function_args(PyObject *py_args, PyObject *py_kwargs, char **args_joined, const char ** end) +{ + debug_decl(python_sudo_log, PYTHON_DEBUG_INTERNAL); + + int rc = SUDO_RC_ERROR; + PyObject *py_empty = NULL; + + const char *sep = NULL; + py_empty = PyTuple_New(0); + if (py_empty == NULL) + goto cleanup; + + static char *keywords[] = { "sep", "end", NULL }; + if (py_kwargs != NULL && !PyArg_ParseTupleAndKeywords(py_empty, py_kwargs, "|zz:sudo.log", keywords, &sep, end)) + goto cleanup; + + if (sep == NULL) + sep = " "; + + if (*end == NULL) + *end = "\n"; + + // this is to mimic the behaviour of python "print" / "log" + *args_joined = py_join_str_list(py_args, sep); + if (!PyErr_Occurred()) // == (*args_joined != NULL), but cpychecker does not understand that + rc = SUDO_RC_OK; + +cleanup: + Py_CLEAR(py_empty); + debug_return_int(rc); +} + +static PyObject * +python_sudo_log(int msg_type, PyObject *Py_UNUSED(py_self), PyObject *py_args, PyObject *py_kwargs) +{ + debug_decl(python_sudo_log, PYTHON_DEBUG_C_CALLS); + py_debug_python_call("sudo", "log", py_args, py_kwargs, PYTHON_DEBUG_C_CALLS); + + int rc = SUDO_RC_ERROR; + + char *args_joined = NULL; + const char *end = NULL; + if (_parse_log_function_args(py_args, py_kwargs, &args_joined, &end) != SUDO_RC_OK) + goto cleanup; + + rc = py_ctx.sudo_log(msg_type, "%s%s", args_joined, end); + if (rc < 0) { + PyErr_Format(sudo_exc_SudoException, "sudo.log: Error displaying message"); + goto cleanup; + } + +cleanup: + free(args_joined); + + PyObject *py_result = PyErr_Occurred() ? NULL : PyLong_FromLong(rc); + + py_debug_python_result("sudo", "log", py_result, PYTHON_DEBUG_C_CALLS); + debug_return_ptr(py_result); +} + +static PyObject * +python_sudo_options_as_dict(PyObject *py_self, PyObject *py_args) +{ + (void) py_self; + + debug_decl(python_sudo_options_as_dict, PYTHON_DEBUG_C_CALLS); + py_debug_python_call("sudo", "options_as_dict", py_args, NULL, PYTHON_DEBUG_C_CALLS); + + PyObject *py_config_tuple = NULL, + *py_result = NULL, + *py_config_tuple_iterator = NULL, + *py_config = NULL, + *py_splitted = NULL, + *py_separator = NULL; + + if (!PyArg_ParseTuple(py_args, "O:sudo.options_as_dict", &py_config_tuple)) + goto cleanup; + + py_config_tuple_iterator = PyObject_GetIter(py_config_tuple); + if (py_config_tuple_iterator == NULL) + goto cleanup; + + py_result = PyDict_New(); + if (py_result == NULL) + goto cleanup; + + py_separator = PyUnicode_FromString("="); + if (py_separator == NULL) + goto cleanup; + + while ((py_config = PyIter_Next(py_config_tuple_iterator)) != NULL) { + py_splitted = PyUnicode_Split(py_config, py_separator, 1); + if (py_splitted == NULL) + goto cleanup; + + PyObject *py_key = PyList_GetItem(py_splitted, 0); // borrowed ref + if (py_key == NULL) + goto cleanup; + + PyObject *py_value = PyList_GetItem(py_splitted, 1); + if (py_value == NULL) { // skip values without a key + Py_CLEAR(py_config); + Py_CLEAR(py_splitted); + PyErr_Clear(); + continue; + } + + if (PyDict_SetItem(py_result, py_key, py_value) != 0) { + goto cleanup; + } + + Py_CLEAR(py_config); + Py_CLEAR(py_splitted); + } + +cleanup: + Py_CLEAR(py_config_tuple_iterator); + Py_CLEAR(py_config); + Py_CLEAR(py_splitted); + Py_CLEAR(py_separator); + + if (PyErr_Occurred()) { + Py_CLEAR(py_result); + } + + py_debug_python_result("sudo", "options_as_dict", py_result, PYTHON_DEBUG_C_CALLS); + debug_return_ptr(py_result); +} + +static PyObject * +python_sudo_options_from_dict(PyObject *py_self, PyObject *py_args) +{ + (void) py_self; + debug_decl(python_sudo_options_from_dict, PYTHON_DEBUG_C_CALLS); + py_debug_python_call("sudo", "options_from_dict", py_args, NULL, PYTHON_DEBUG_C_CALLS); + + PyObject *py_config_dict = NULL, + *py_result = NULL; + + if (!PyArg_ParseTuple(py_args, "O!:sudo.options_from_dict", &PyDict_Type, &py_config_dict)) + goto cleanup; + + Py_ssize_t dict_size = PyDict_Size(py_config_dict); + py_result = PyTuple_New(dict_size); + if (py_result == NULL) + goto cleanup; + + PyObject *py_key = NULL, *py_value = NULL; // -> borrowed references + Py_ssize_t i, pos = 0; + for (i = 0; PyDict_Next(py_config_dict, &pos, &py_key, &py_value); i++) { + PyObject *py_config = PyUnicode_FromFormat("%S%s%S", py_key, "=", py_value); + if (py_config == NULL) + goto cleanup; + + /* Dictionaries are sparse so we cannot use pos as an index. */ + if (PyTuple_SetItem(py_result, i, py_config) != 0) { // this steals a reference, even on error + goto cleanup; + } + } + +cleanup: + if (PyErr_Occurred()) { + Py_CLEAR(py_result); + } + + py_debug_python_result("sudo", "options_from_dict", py_result, PYTHON_DEBUG_C_CALLS); + debug_return_ptr(py_result); +} + +static PyObject * +python_sudo_log_info(PyObject *py_self, PyObject *py_args, PyObject *py_kwargs) +{ + return python_sudo_log(SUDO_CONV_INFO_MSG, py_self, py_args, py_kwargs); +} + +static PyObject * +python_sudo_log_error(PyObject *py_self, PyObject *py_args, PyObject *py_kwargs) +{ + return python_sudo_log(SUDO_CONV_ERROR_MSG, py_self, py_args, py_kwargs); +} + +CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION +static int py_expect_arg_callable(PyObject *py_callable, + const char *func_name, const char *arg_name) +{ + debug_decl(py_expect_arg_callable, PYTHON_DEBUG_INTERNAL); + + if (!PyCallable_Check(py_callable)) { + PyErr_Format(PyExc_ValueError, "%s: %s argument must be python callable (got %s) ", + func_name, arg_name, Py_TYPENAME(py_callable)); + debug_return_int(-1); + } + + debug_return_int(0); +} + +struct py_conv_callback_closure +{ + PyObject *py_on_suspend; + PyObject *py_on_resume; +}; + +static int +_call_conversation_callback(PyObject *py_callback, int signo) +{ + debug_decl(_call_conversation_callback, PYTHON_DEBUG_INTERNAL); + + if (py_callback == NULL || py_callback == Py_None) + debug_return_int(0); // nothing to do + + PyObject *py_result = PyObject_CallFunction(py_callback, "(i)", signo); + + int rc = -1; + + // We treat sudo.RC_OK (1) and None (no exception occurred) as success as well to avoid confusion + if (py_result && (py_result == Py_None || PyLong_AsLong(py_result) >= 0)) + rc = 0; + + Py_CLEAR(py_result); + + if (rc != 0) + py_log_last_error("Error during conversation callback"); + + debug_return_int(rc); +} + +int +python_sudo_conversation_suspend_cb(int signo, struct py_conv_callback_closure *closure) +{ + return _call_conversation_callback(closure->py_on_suspend, signo); +} + +int +python_sudo_conversation_resume_cb(int signo, struct py_conv_callback_closure *closure) +{ + return _call_conversation_callback(closure->py_on_resume, signo); +} + +static PyObject * +python_sudo_conversation(PyObject *Py_UNUSED(self), PyObject *py_args, PyObject *py_kwargs) +{ + debug_decl(python_sudo_conversation, PYTHON_DEBUG_C_CALLS); + py_debug_python_call("sudo", "conv", py_args, py_kwargs, PYTHON_DEBUG_C_CALLS); + + PyObject *py_result = NULL, *py_empty = NULL; + Py_ssize_t num_msgs = 0; + struct sudo_conv_message *msgs = NULL; + struct sudo_conv_reply *replies = NULL; + + // Note, they are both borrowed references of py_kwargs + struct py_conv_callback_closure callback_closure = { NULL, NULL }; + + struct sudo_conv_callback callback = { + SUDO_CONV_CALLBACK_VERSION, + &callback_closure, + (sudo_conv_callback_fn_t)python_sudo_conversation_suspend_cb, + (sudo_conv_callback_fn_t)python_sudo_conversation_resume_cb + }; + + py_empty = PyTuple_New(0); + if (py_empty == NULL) + goto cleanup; + + static char *keywords[] = { "on_suspend", "on_resume", NULL }; + if (py_kwargs != NULL && !PyArg_ParseTupleAndKeywords(py_empty, py_kwargs, "|OO:sudo.conv", keywords, + &callback_closure.py_on_suspend, + &callback_closure.py_on_resume)) + goto cleanup; + + if (callback_closure.py_on_suspend != NULL && + py_expect_arg_callable(callback_closure.py_on_suspend, "sudo.conv", "on_suspend") < 0) { + goto cleanup; + } + + if (callback_closure.py_on_resume != NULL && + py_expect_arg_callable(callback_closure.py_on_resume, "sudo.conv", "on_resume") < 0) { + goto cleanup; + } + + if (sudo_module_ConvMessages_to_c(py_args, &num_msgs, &msgs) < 0) { + goto cleanup; + } + + replies = calloc(Py_SSIZE2SIZE(num_msgs), sizeof(struct sudo_conv_reply)); + py_result = PyTuple_New(num_msgs); + if (py_result == NULL) + goto cleanup; + + if (py_ctx.sudo_conv == NULL) { + PyErr_Format(sudo_exc_SudoException, "%s: conversation is unavailable", + __func__); + goto cleanup; + } + + int rc = py_sudo_conv((int)num_msgs, msgs, replies, &callback); + if (rc != 0) { + PyErr_Format(sudo_exc_ConversationInterrupted, + "%s: conversation was interrupted", __func__, rc); + goto cleanup; + } + + for (Py_ssize_t i = 0; i < num_msgs; ++i) { + char *reply = replies[i].reply; + if (reply != NULL) { + PyObject *py_reply = PyUnicode_FromString(reply); + if (py_reply == NULL) { + goto cleanup; + } + + if (PyTuple_SetItem(py_result, i, py_reply) != 0) { // this steals a reference even on error + PyErr_Format(sudo_exc_SudoException, "%s: failed to set tuple item", __func__); + goto cleanup; + } + + sudo_debug_printf(SUDO_DEBUG_DIAG, "user reply for conversation: '%s'\n", reply); + } + } + +cleanup: + Py_CLEAR(py_empty); + if (replies != NULL) { + for (int i = 0; i < num_msgs; ++i) + free(replies[i].reply); + } + free(msgs); + free(replies); + + if (PyErr_Occurred()) { + Py_CLEAR(py_result); // we return NULL + } + + py_debug_python_result("sudo", "conv", py_result, PYTHON_DEBUG_C_CALLS); + + debug_return_ptr(py_result); +} + +/* + * Create a python class. + * Class name must be a full name including module, eg. "sudo.MyFavouriteClass". + * The resulting class object can be added to a module using PyModule_AddObject. + */ +PyObject * +sudo_module_create_class(const char *class_name, PyMethodDef *class_methods, + PyObject *base_class) +{ + debug_decl(sudo_module_create_class, PYTHON_DEBUG_INTERNAL); + + PyObject *py_base_classes = NULL, *py_class = NULL, *py_member_dict = NULL; + + if (base_class == NULL) { + py_base_classes = PyTuple_New(0); + } else { + py_base_classes = Py_BuildValue("(O)", base_class); + } + + if (py_base_classes == NULL) + goto cleanup; + + py_member_dict = PyDict_New(); + if (py_member_dict == NULL) + goto cleanup; + + for (PyMethodDef *py_def = class_methods; py_def->ml_name != NULL; ++py_def) { + PyObject *py_func = PyCFunction_New(py_def, NULL); + if (py_func == NULL) { + goto cleanup; + } + + // this wrapping makes the function get the 'self' as argument + PyObject *py_method = PyInstanceMethod_New(py_func); + if (py_method == NULL) { + Py_DECREF(py_func); + goto cleanup; + } + + int rc = PyDict_SetItemString(py_member_dict, py_def->ml_name, py_method); + + Py_XDECREF(py_func); + Py_XDECREF(py_method); + + if (rc != 0) + goto cleanup; + } + + py_class = PyObject_CallFunction((PyObject *)&PyType_Type, "(sOO)", + class_name, + py_base_classes, + py_member_dict); + +cleanup: + Py_CLEAR(py_base_classes); + Py_CLEAR(py_member_dict); + + debug_return_ptr(py_class); +} + +CPYCHECKER_STEALS_REFERENCE_TO_ARG(3) +void +sudo_module_register_enum(PyObject *py_module, const char *enum_name, PyObject *py_constants_dict) +{ + // pseudo code: + // return enum.IntEnum('MyEnum', {'DEFINITION_NAME': DEFINITION_VALUE, ...}) + + debug_decl(sudo_module_register_enum, PYTHON_DEBUG_INTERNAL); + + if (py_constants_dict == NULL) + return; + + PyObject *py_enum_class = NULL; + { + PyObject *py_enum_module = PyImport_ImportModule("enum"); + if (py_enum_module == NULL) { + Py_CLEAR(py_constants_dict); + debug_return; + } + + py_enum_class = PyObject_CallMethod(py_enum_module, + "IntEnum", "sO", enum_name, + py_constants_dict); + + Py_CLEAR(py_constants_dict); + Py_CLEAR(py_enum_module); + } + + if (py_enum_class == NULL) { + debug_return; + } + + if (PyModule_AddObject(py_module, enum_name, py_enum_class) < 0) { + Py_CLEAR(py_enum_class); + debug_return; + } + + debug_return; +} + +PyMODINIT_FUNC +sudo_module_init(void) +{ + debug_decl(sudo_module_init, PYTHON_DEBUG_C_CALLS); + + PyObject *py_module = PyModule_Create(&sudo_module); + + if (py_module == NULL) + debug_return_ptr(NULL); + + // Note: "PyModule_AddObject()" decrements the refcount only on success + + // exceptions + #define MODULE_ADD_EXCEPTION(exception_name, base_exception) \ + do { \ + EXC_VAR(exception_name) = PyErr_NewException("sudo." # exception_name, base_exception, NULL); \ + if (EXC_VAR(exception_name) == NULL || PyModule_AddObject(py_module, # exception_name, EXC_VAR(exception_name)) < 0) { \ + Py_CLEAR(EXC_VAR(exception_name)); \ + goto cleanup; \ + } \ + Py_INCREF(EXC_VAR(exception_name)); \ + } while(0); + + MODULE_ADD_EXCEPTION(SudoException, NULL); + + MODULE_ADD_EXCEPTION(PluginException, NULL); + MODULE_ADD_EXCEPTION(PluginError, EXC_VAR(PluginException)); + MODULE_ADD_EXCEPTION(PluginReject, EXC_VAR(PluginException)); + + MODULE_ADD_EXCEPTION(ConversationInterrupted, EXC_VAR(SudoException)); + + #define MODULE_REGISTER_ENUM(name, key_values) \ + sudo_module_register_enum(py_module, name, py_dict_create_string_int(\ + sizeof(key_values) / sizeof(struct key_value_str_int), key_values)) + + // constants + struct key_value_str_int constants_rc[] = { + {"OK", SUDO_RC_OK}, + {"ACCEPT", SUDO_RC_ACCEPT}, + {"REJECT", SUDO_RC_REJECT}, + {"ERROR", SUDO_RC_ERROR}, + {"USAGE_ERROR", SUDO_RC_USAGE_ERROR} + }; + MODULE_REGISTER_ENUM("RC", constants_rc); + + struct key_value_str_int constants_conv[] = { + {"PROMPT_ECHO_OFF", SUDO_CONV_PROMPT_ECHO_OFF}, + {"PROMPT_ECHO_ON", SUDO_CONV_PROMPT_ECHO_ON}, + {"INFO_MSG", SUDO_CONV_INFO_MSG}, + {"PROMPT_MASK", SUDO_CONV_PROMPT_MASK}, + {"PROMPT_ECHO_OK", SUDO_CONV_PROMPT_ECHO_OK}, + {"PREFER_TTY", SUDO_CONV_PREFER_TTY} + }; + MODULE_REGISTER_ENUM("CONV", constants_conv); + + struct key_value_str_int constants_debug[] = { + {"CRIT", SUDO_DEBUG_CRIT}, + {"ERROR", SUDO_DEBUG_ERROR}, + {"WARN", SUDO_DEBUG_WARN}, + {"NOTICE", SUDO_DEBUG_NOTICE}, + {"DIAG", SUDO_DEBUG_DIAG}, + {"INFO", SUDO_DEBUG_INFO}, + {"TRACE", SUDO_DEBUG_TRACE}, + {"DEBUG", SUDO_DEBUG_DEBUG} + }; + MODULE_REGISTER_ENUM("DEBUG", constants_debug); + + struct key_value_str_int constants_exit_reason[] = { + {"NO_STATUS", SUDO_PLUGIN_NO_STATUS}, + {"WAIT_STATUS", SUDO_PLUGIN_WAIT_STATUS}, + {"EXEC_ERROR", SUDO_PLUGIN_EXEC_ERROR}, + {"SUDO_ERROR", SUDO_PLUGIN_SUDO_ERROR} + }; + MODULE_REGISTER_ENUM("EXIT_REASON", constants_exit_reason); + + struct key_value_str_int constants_plugin_types[] = { + {"POLICY", SUDO_POLICY_PLUGIN}, + {"AUDIT", SUDO_AUDIT_PLUGIN}, + {"IO", SUDO_IO_PLUGIN}, + {"APPROVAL", SUDO_APPROVAL_PLUGIN} + }; + MODULE_REGISTER_ENUM("PLUGIN_TYPE", constants_plugin_types); + + // classes + if (sudo_module_register_conv_message(py_module) != SUDO_RC_OK) + goto cleanup; + + if (sudo_module_register_baseplugin(py_module) != SUDO_RC_OK) + goto cleanup; + + if (sudo_module_register_loghandler(py_module) != SUDO_RC_OK) + goto cleanup; + +cleanup: + if (PyErr_Occurred()) { + Py_CLEAR(py_module); + Py_CLEAR(sudo_exc_SudoException); + Py_CLEAR(sudo_exc_PluginError); + Py_CLEAR(sudo_exc_ConversationInterrupted); + } + + debug_return_ptr(py_module); +} diff -Nru sudo-1.8.31/plugins/python/sudo_python_module.h sudo-1.9.0/plugins/python/sudo_python_module.h --- sudo-1.8.31/plugins/python/sudo_python_module.h 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/python/sudo_python_module.h 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,64 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019 Robert Manner + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef SUDO_PYTHON_MODULE_H +#define SUDO_PYTHON_MODULE_H + +#include "pyhelpers.h" + +extern PyObject *sudo_exc_SudoException; // Base exception for the sudo module problems + +// This is for the python plugins to report error messages for us +extern PyObject *sudo_exc_PluginException; // base exception of the following: +extern PyObject *sudo_exc_PluginReject; // a reject with message +extern PyObject *sudo_exc_PluginError; // an error with message + +extern PyTypeObject *sudo_type_Plugin; +extern PyTypeObject *sudo_type_ConvMessage; + +extern PyObject *sudo_type_LogHandler; + +PyObject *sudo_module_create_class(const char *class_name, PyMethodDef *class_methods, + PyObject *base_class); + +CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION +int sudo_module_register_importblocker(void); + +CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION +int sudo_module_register_conv_message(PyObject *py_module); + +CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION +int sudo_module_ConvMessage_to_c(PyObject *py_conv_message, struct sudo_conv_message *conv_message); + +CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION +int sudo_module_ConvMessages_to_c(PyObject *py_tuple, Py_ssize_t *num_msgs, struct sudo_conv_message **msgs); + +CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION +int sudo_module_register_baseplugin(PyObject *py_module); + +CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION +int sudo_module_register_loghandler(PyObject *py_module); + +CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION +int sudo_module_set_default_loghandler(void); + +PyObject *python_sudo_debug(PyObject *py_self, PyObject *py_args); + +PyMODINIT_FUNC sudo_module_init(void); + +#endif // SUDO_PYTHON_MODULE_H diff -Nru sudo-1.8.31/plugins/sample/Makefile.in sudo-1.9.0/plugins/sample/Makefile.in --- sudo-1.8.31/plugins/sample/Makefile.in 2019-12-10 13:11:38.000000000 +0000 +++ sudo-1.9.0/plugins/sample/Makefile.in 2020-05-11 16:28:23.000000000 +0000 @@ -21,9 +21,13 @@ #### Start of system configuration section. #### srcdir = @srcdir@ -devdir = @devdir@ -top_builddir = @top_builddir@ +abs_srcdir = @abs_srcdir@ top_srcdir = @top_srcdir@ +abs_top_srcdir = @abs_top_srcdir@ +top_builddir = @top_builddir@ +abs_top_builddir = @abs_top_builddir@ +devdir = @devdir@ +scriptdir = $(top_srcdir)/scripts incdir = $(top_srcdir)/include cross_compiling = @CROSS_COMPILING@ @@ -42,7 +46,7 @@ LIBS = $(top_builddir)/lib/util/libsudo_util.la # C preprocessor flags -CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(top_srcdir) @CPPFLAGS@ +CPPFLAGS = -I$(incdir) -I$(top_builddir) @CPPFLAGS@ # Usually -O and/or -g CFLAGS = @CFLAGS@ @@ -112,8 +116,8 @@ all: sample_plugin.la depend: - $(top_srcdir)/mkdep.pl --srcdir=$(top_srcdir) \ - --builddir=`pwd`/$(top_builddir) plugins/sample/Makefile.in + $(scriptdir)/mkdep.pl --srcdir=$(abs_top_srcdir) \ + --builddir=$(abs_top_builddir) plugins/sample/Makefile.in cd $(top_builddir) && ./config.status --file plugins/sample/Makefile Makefile: $(srcdir)/Makefile.in @@ -144,7 +148,7 @@ install: install-plugin install-dirs: - $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(plugindir) + $(SHELL) $(scriptdir)/mkinstalldirs $(DESTDIR)$(plugindir) install-binaries: @@ -163,10 +167,10 @@ rm -f $(DESTDIR)$(plugindir)/sample_plugin.so$(INSTALL_BACKUP) splint: - splint $(SPLINT_OPTS) -I$(incdir) -I$(top_builddir) -I$(top_srcdir) $(srcdir)/*.c + splint $(SPLINT_OPTS) -I$(incdir) -I$(top_builddir) $(srcdir)/*.c cppcheck: - cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) -I$(top_srcdir) $(srcdir)/*.c + cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) $(srcdir)/*.c pvs-log-files: $(POBJS) @@ -176,8 +180,8 @@ check: clean: - -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la *.a *.i *.plog \ - stamp-* core *.core core.* + -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la + -rm -f *.i *.plog stamp-* core *.core core.* mostlyclean: clean diff -Nru sudo-1.8.31/plugins/sample/sample_plugin.c sudo-1.9.0/plugins/sample/sample_plugin.c --- sudo-1.8.31/plugins/sample/sample_plugin.c 2019-10-28 12:27:45.000000000 +0000 +++ sudo-1.9.0/plugins/sample/sample_plugin.c 2020-05-11 16:28:23.000000000 +0000 @@ -59,12 +59,6 @@ * caching the validate and invalidate functions are NULL. */ -#ifdef __TANDEM -# define ROOT_UID 65535 -#else -# define ROOT_UID 0 -#endif - static struct plugin_state { char **envp; char * const *settings; diff -Nru sudo-1.8.31/plugins/sample_approval/Makefile.in sudo-1.9.0/plugins/sample_approval/Makefile.in --- sudo-1.8.31/plugins/sample_approval/Makefile.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/sample_approval/Makefile.in 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,220 @@ +# +# SPDX-License-Identifier: ISC +# +# Copyright (c) 2020 Todd C. Miller +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# +# @configure_input@ +# + +#### Start of system configuration section. #### + +srcdir = @srcdir@ +devdir = @devdir@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +scriptdir = $(top_srcdir)/scripts +incdir = $(top_srcdir)/include +cross_compiling = @CROSS_COMPILING@ + +# Compiler & tools to use +CC = @CC@ +LIBTOOL = @LIBTOOL@ +SED = @SED@ +AWK = @AWK@ + +# Our install program supports extra flags... +INSTALL = $(SHELL) $(top_srcdir)/install-sh -c +INSTALL_OWNER = -o $(install_uid) -g $(install_gid) +INSTALL_BACKUP = @INSTALL_BACKUP@ + +# Libraries +LT_LIBS = $(top_builddir)/lib/util/libsudo_util.la +LIBS = $(LT_LIBS) + +# C preprocessor flags +CPPFLAGS = -I$(incdir) -I$(top_builddir) @CPPFLAGS@ + +# Usually -O and/or -g +CFLAGS = @CFLAGS@ + +# Flags to pass to the link stage +LDFLAGS = @LDFLAGS@ +LT_LDFLAGS = @LT_LDFLAGS@ @LT_LDEXPORTS@ + +# Flags to pass to libtool +LTFLAGS = --tag=disable-static + +# Address sanitizer flags +ASAN_CFLAGS = @ASAN_CFLAGS@ +ASAN_LDFLAGS = @ASAN_LDFLAGS@ + +# PIE flags +PIE_CFLAGS = @PIE_CFLAGS@ +PIE_LDFLAGS = @PIE_LDFLAGS@ + +# Stack smashing protection flags +SSP_CFLAGS = @SSP_CFLAGS@ +SSP_LDFLAGS = @SSP_LDFLAGS@ + +# cppcheck options, usually set in the top-level Makefile +CPPCHECK_OPTS = -q --force --enable=warning,performance,portability --suppress=constStatement --error-exitcode=1 --inline-suppr -Dva_copy=va_copy -U__cplusplus -UQUAD_MAX -UQUAD_MIN -UUQUAD_MAX -U_POSIX_HOST_NAME_MAX -U_POSIX_PATH_MAX -U__NBBY -DNSIG=64 + +# splint options, usually set in the top-level Makefile +SPLINT_OPTS = -D__restrict= -checks + +# PVS-studio options +PVS_CFG = $(top_srcdir)/PVS-Studio.cfg +PVS_IGNORE = 'V707,V011,V002,V536' +PVS_LOG_OPTS = -a 'GA:1,2' -e -t errorfile -d $(PVS_IGNORE) + +# Where to install things... +prefix = @prefix@ +exec_prefix = @exec_prefix@ +bindir = @bindir@ +sbindir = @sbindir@ +sysconfdir = @sysconfdir@ +libexecdir = @libexecdir@ +datarootdir = @datarootdir@ +localstatedir = @localstatedir@ +plugindir = @plugindir@ + +# File mode and map file to use for shared libraries/objects +shlib_enable = @SHLIB_ENABLE@ +shlib_mode = @SHLIB_MODE@ +shlib_exp = $(srcdir)/sample_approval.exp +shlib_map = sample_approval.map +shlib_opt = sample_approval.opt + +# User and group ids the installed files should be "owned" by +install_uid = 0 +install_gid = 0 + +#### End of system configuration section. #### + +SHELL = @SHELL@ + +OBJS = sample_approval.lo + +IOBJS = $(OBJS:.lo=.i) + +POBJS = $(IOBJS:.i=.plog) + +LIBOBJDIR = $(top_builddir)/@ac_config_libobj_dir@/ + +VERSION = @PACKAGE_VERSION@ + +all: sample_approval.la + +depend: + $(scriptdir)/mkdep.pl --srcdir=$(top_srcdir) \ + --builddir=`pwd`/$(top_builddir) plugins/sample_approval/Makefile.in + cd $(top_builddir) && ./config.status --file plugins/sample_approval/Makefile + +Makefile: $(srcdir)/Makefile.in + cd $(top_builddir) && ./config.status --file plugins/sample_approval/Makefile + +.SUFFIXES: .c .h .i .lo .plog + +.c.lo: + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $< + +.c.i: + $(CC) -E -o $@ $(CPPFLAGS) $< + +.i.plog: + ifile=$<; rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $${ifile%i}c --i-file $< --output-file $@ + +$(shlib_map): $(shlib_exp) + @$(AWK) 'BEGIN { print "{\n\tglobal:" } { print "\t\t"$$0";" } END { print "\tlocal:\n\t\t*;\n};" }' $(shlib_exp) > $@ + +$(shlib_opt): $(shlib_exp) + @$(SED) 's/^/+e /' $(shlib_exp) > $@ + +sample_approval.la: $(OBJS) $(LT_LIBS) @LT_LDDEP@ + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) $(LDFLAGS) $(ASAN_LDFLAGS) $(SSP_LDFLAGS) $(LT_LDFLAGS) -o $@ $(OBJS) $(LIBS) -module -avoid-version -rpath $(plugindir) -shrext .so + +pre-install: + +install: install-plugin + +install-dirs: + $(SHELL) $(scriptdir)/mkinstalldirs $(DESTDIR)$(plugindir) + +install-binaries: + +install-includes: + +install-doc: + +install-plugin: install-dirs sample_approval.la + if [ X"$(shlib_enable)" = X"yes" ]; then \ + INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m $(shlib_mode) sample_approval.la $(DESTDIR)$(plugindir); \ + fi + +uninstall: + -$(LIBTOOL) $(LTFLAGS) --mode=uninstall rm -f $(DESTDIR)$(plugindir)/sample_approval.la + -test -z "$(INSTALL_BACKUP)" || \ + rm -f $(DESTDIR)$(plugindir)/sample_approval.so$(INSTALL_BACKUP) + +splint: + splint $(SPLINT_OPTS) -I$(incdir) -I$(top_builddir) $(srcdir)/*.c + +cppcheck: + cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) $(srcdir)/*.c + +pvs-log-files: $(POBJS) + +pvs-studio: $(POBJS) + plog-converter $(PVS_LOG_OPTS) $(POBJS) + +check: + +clean: + -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la *.a *.i *.plog \ + stamp-* core *.core core.* + +mostlyclean: clean + +distclean: clean + -rm -rf Makefile .libs $(shlib_map) $(shlib_opt) + +clobber: distclean + +realclean: distclean + rm -f TAGS tags + +cleandir: realclean + +# Autogenerated dependencies, do not modify +getgrent.lo: $(srcdir)/getgrent.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/getgrent.c +getgrent.i: $(srcdir)/getgrent.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +getgrent.plog: getgrent.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/getgrent.c --i-file $< --output-file $@ +sample_approval.lo: $(srcdir)/sample_approval.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_plugin.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/sample_approval.c +sample_approval.i: $(srcdir)/sample_approval.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_plugin.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +sample_approval.plog: sample_approval.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/sample_approval.c --i-file $< --output-file $@ diff -Nru sudo-1.8.31/plugins/sample_approval/sample_approval.c sudo-1.9.0/plugins/sample_approval/sample_approval.c --- sudo-1.8.31/plugins/sample_approval/sample_approval.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/sample_approval/sample_approval.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,178 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include + +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ +#ifdef HAVE_STRING_H +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#include +#include +#include + +#include "sudo_gettext.h" /* must be included before sudo_compat.h */ + +#include "sudo_compat.h" +#include "sudo_conf.h" +#include "sudo_debug.h" +#include "sudo_fatal.h" +#include "sudo_plugin.h" +#include "sudo_util.h" + +static int approval_debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER; +sudo_printf_t sudo_printf; + +static int +sample_approval_open(unsigned int version, sudo_conv_t conversation, + sudo_printf_t plugin_printf, char * const settings[], + char * const user_info[], int submit_optind, char * const submit_argv[], + char * const submit_envp[], char * const plugin_options[], + const char **errstr) +{ + struct sudo_conf_debug_file_list debug_files = + TAILQ_HEAD_INITIALIZER(debug_files); + struct sudo_debug_file *debug_file; + const char *cp, *plugin_path = NULL; + char * const *cur; + int ret = -1; + debug_decl_vars(sample_approval_open, SUDO_DEBUG_PLUGIN); + + sudo_printf = plugin_printf; + + /* Initialize the debug subsystem. */ + for (cur = settings; (cp = *cur) != NULL; cur++) { + if (strncmp(cp, "debug_flags=", sizeof("debug_flags=") - 1) == 0) { + cp += sizeof("debug_flags=") - 1; + if (sudo_debug_parse_flags(&debug_files, cp) == -1) + goto oom; + continue; + } + if (strncmp(cp, "plugin_path=", sizeof("plugin_path=") - 1) == 0) { + plugin_path = cp + sizeof("plugin_path=") - 1; + continue; + } + } + if (plugin_path != NULL && !TAILQ_EMPTY(&debug_files)) { + approval_debug_instance = + sudo_debug_register(plugin_path, NULL, NULL, &debug_files); + if (approval_debug_instance == SUDO_DEBUG_INSTANCE_ERROR) { + *errstr = U_("unable to initialize debugging"); + goto done; + } + sudo_debug_enter(__func__, __FILE__, __LINE__, sudo_debug_subsys); + } + + ret = 1; + goto done; + +oom: + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + *errstr = U_("unable to allocate memory"); + +done: + while ((debug_file = TAILQ_FIRST(&debug_files)) != NULL) { + TAILQ_REMOVE(&debug_files, debug_file, entries); + free(debug_file->debug_file); + free(debug_file->debug_flags); + free(debug_file); + } + + debug_return_int(ret); +} + +static void +sample_approval_close(void) +{ + debug_decl(sample_approval_close, SUDO_DEBUG_PLUGIN); + + /* Nothing here, we could store a NULL pointer instead. */ + + debug_return; +} + +static int +sample_approval_check(char * const command_info[], char * const run_argv[], + char * const run_envp[], const char **errstr) +{ + struct tm *tm; + time_t now; + int ret = 0; + debug_decl(sample_approval_check, SUDO_DEBUG_PLUGIN); + + /* + * Only approve requests that are within business hours, + * which are 9am - 5pm local time. Does not check holidays. + */ + if (time(&now) == -1 || (tm = localtime(&now)) == NULL) + goto done; + if (tm->tm_wday < 1 || tm->tm_wday > 5) { + /* bad weekday */ + goto done; + } + if (tm->tm_hour < 9 || tm->tm_hour > 17 || + (tm->tm_hour == 17 && tm->tm_min > 0)) { + /* bad hour */ + goto done; + } + ret = 1; + +done: + if (ret == 0) { + *errstr = U_("You are not allowed to use sudo outside business hours"); + sudo_printf(SUDO_CONV_ERROR_MSG, "%s\n", *errstr); + } + + debug_return_int(ret); +} + +static int +sample_approval_show_version(int verbose) +{ + debug_decl(approval_show_version, SUDO_DEBUG_PLUGIN); + + sudo_printf(SUDO_CONV_INFO_MSG, "sample approval plugin version %s\n", + PACKAGE_VERSION); + + debug_return_int(true); +} + +__dso_public struct approval_plugin sample_approval = { + SUDO_APPROVAL_PLUGIN, + SUDO_API_VERSION, + sample_approval_open, + sample_approval_close, + sample_approval_check, + sample_approval_show_version +}; diff -Nru sudo-1.8.31/plugins/sample_approval/sample_approval.exp sudo-1.9.0/plugins/sample_approval/sample_approval.exp --- sudo-1.8.31/plugins/sample_approval/sample_approval.exp 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/sample_approval/sample_approval.exp 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1 @@ +approval_plugin diff -Nru sudo-1.8.31/plugins/sudoers/alias.c sudo-1.9.0/plugins/sudoers/alias.c --- sudo-1.8.31/plugins/sudoers/alias.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/alias.c 2020-05-11 16:28:23.000000000 +0000 @@ -55,7 +55,7 @@ const struct alias *a1 = (const struct alias *)v1; const struct alias *a2 = (const struct alias *)v2; int res; - debug_decl(alias_compare, SUDOERS_DEBUG_ALIAS) + debug_decl(alias_compare, SUDOERS_DEBUG_ALIAS); if (a1 == NULL) res = -1; @@ -78,7 +78,7 @@ struct alias key; struct rbnode *node; struct alias *a = NULL; - debug_decl(alias_get, SUDOERS_DEBUG_ALIAS) + debug_decl(alias_get, SUDOERS_DEBUG_ALIAS); if (parse_tree->aliases == NULL) debug_return_ptr(NULL); @@ -109,7 +109,7 @@ void alias_put(struct alias *a) { - debug_decl(alias_put, SUDOERS_DEBUG_ALIAS) + debug_decl(alias_put, SUDOERS_DEBUG_ALIAS); a->used = false; debug_return; } @@ -125,7 +125,7 @@ { static char errbuf[512]; struct alias *a; - debug_decl(alias_add, SUDOERS_DEBUG_ALIAS) + debug_decl(alias_add, SUDOERS_DEBUG_ALIAS); if (parse_tree->aliases == NULL) { if ((parse_tree->aliases = alloc_aliases()) == NULL) { @@ -187,7 +187,7 @@ void *cookie) { struct alias_apply_closure closure; - debug_decl(alias_apply, SUDOERS_DEBUG_ALIAS) + debug_decl(alias_apply, SUDOERS_DEBUG_ALIAS); if (parse_tree->aliases != NULL) { closure.parse_tree = parse_tree; @@ -205,7 +205,7 @@ bool no_aliases(struct sudoers_parse_tree *parse_tree) { - debug_decl(no_aliases, SUDOERS_DEBUG_ALIAS) + debug_decl(no_aliases, SUDOERS_DEBUG_ALIAS); debug_return_bool(parse_tree->aliases == NULL || rbisempty(parse_tree->aliases)); } @@ -217,7 +217,7 @@ alias_free(void *v) { struct alias *a = (struct alias *)v; - debug_decl(alias_free, SUDOERS_DEBUG_ALIAS) + debug_decl(alias_free, SUDOERS_DEBUG_ALIAS); if (a != NULL) { free(a->name); @@ -237,7 +237,7 @@ { struct rbnode *node; struct alias key; - debug_decl(alias_remove, SUDOERS_DEBUG_ALIAS) + debug_decl(alias_remove, SUDOERS_DEBUG_ALIAS); if (parse_tree->aliases != NULL) { key.name = name; @@ -252,7 +252,7 @@ struct rbtree * alloc_aliases(void) { - debug_decl(alloc_aliases, SUDOERS_DEBUG_ALIAS) + debug_decl(alloc_aliases, SUDOERS_DEBUG_ALIAS); debug_return_ptr(rbcreate(alias_compare)); } @@ -260,7 +260,7 @@ void free_aliases(struct rbtree *aliases) { - debug_decl(free_aliases, SUDOERS_DEBUG_ALIAS) + debug_decl(free_aliases, SUDOERS_DEBUG_ALIAS); if (aliases != NULL) rbdestroy(aliases, alias_free); @@ -287,7 +287,7 @@ struct member *m; struct alias *a; bool ret = true; - debug_decl(alias_remove_recursive, SUDOERS_DEBUG_ALIAS) + debug_decl(alias_remove_recursive, SUDOERS_DEBUG_ALIAS); if ((a = alias_remove(parse_tree, name, type)) != NULL) { TAILQ_FOREACH(m, &a->members, entries) { @@ -308,7 +308,7 @@ { struct member *m; int errors = 0; - debug_decl(alias_find_used_members, SUDOERS_DEBUG_ALIAS) + debug_decl(alias_find_used_members, SUDOERS_DEBUG_ALIAS); if (members != NULL) { TAILQ_FOREACH(m, members, entries) { @@ -334,7 +334,7 @@ struct defaults *d; struct member *m; int errors = 0; - debug_decl(alias_find_used, SUDOERS_DEBUG_ALIAS) + debug_decl(alias_find_used, SUDOERS_DEBUG_ALIAS); /* Move referenced aliases to used_aliases. */ TAILQ_FOREACH(us, &parse_tree->userspecs, entries) { diff -Nru sudo-1.8.31/plugins/sudoers/audit.c sudo-1.9.0/plugins/sudoers/audit.c --- sudo-1.8.31/plugins/sudoers/audit.c 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/audit.c 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2009-2015 Todd C. Miller + * Copyright (c) 2009-2015, 2019-2020 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -26,6 +26,7 @@ #include #include #include +#include #include "sudoers.h" @@ -39,11 +40,13 @@ # include "solaris_audit.h" #endif +char *audit_msg = NULL; + int audit_success(int argc, char *argv[]) { int rc = 0; - debug_decl(audit_success, SUDOERS_DEBUG_AUDIT) + debug_decl(audit_success, SUDOERS_DEBUG_AUDIT); if (!def_log_allowed) debug_return_int(0); @@ -70,14 +73,22 @@ audit_failure(int argc, char *argv[], char const *const fmt, ...) { int rc = 0; - debug_decl(audit_success, SUDOERS_DEBUG_AUDIT) + va_list ap; + debug_decl(audit_success, SUDOERS_DEBUG_AUDIT); + + /* Set audit_msg for audit plugin. */ + free(audit_msg); + audit_msg = NULL; + va_start(ap, fmt); + if (vasprintf(&audit_msg, fmt, ap) == -1) + rc = -1; + va_end(ap); if (!def_log_denied) debug_return_int(0); #if defined(HAVE_BSM_AUDIT) || defined(HAVE_LINUX_AUDIT) if (argv != NULL) { - va_list ap; int oldlocale; /* Audit error messages should be in the sudoers locale. */ diff -Nru sudo-1.8.31/plugins/sudoers/auth/afs.c sudo-1.9.0/plugins/sudoers/auth/afs.c --- sudo-1.8.31/plugins/sudoers/auth/afs.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/auth/afs.c 2020-05-11 16:28:23.000000000 +0000 @@ -53,7 +53,7 @@ { struct ktc_encryptionKey afs_key; struct ktc_token afs_token; - debug_decl(sudo_afs_verify, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_afs_verify, SUDOERS_DEBUG_AUTH); /* Try to just check the password */ ka_StringToKey(pass, NULL, &afs_key); diff -Nru sudo-1.8.31/plugins/sudoers/auth/aix_auth.c sudo-1.9.0/plugins/sudoers/auth/aix_auth.c --- sudo-1.8.31/plugins/sudoers/auth/aix_auth.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/auth/aix_auth.c 2020-05-11 16:28:23.000000000 +0000 @@ -68,7 +68,7 @@ bool in_stanza = false; int authtype = AIX_AUTH_UNKNOWN; FILE *fp; - debug_decl(sudo_aix_authtype, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_aix_authtype, SUDOERS_DEBUG_AUTH); if ((fp = fopen("/etc/security/login.cfg", "r")) == NULL) debug_return_int(AIX_AUTH_UNKNOWN); @@ -136,7 +136,7 @@ int sudo_aix_init(struct passwd *pw, sudo_auth *auth) { - debug_decl(sudo_aix_init, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_aix_init, SUDOERS_DEBUG_AUTH); #ifdef HAVE_PAM /* Check auth_type in /etc/security/login.cfg. */ @@ -156,7 +156,7 @@ { const char *cp; const char badpass_msgid[] = "3004-300"; - debug_decl(sudo_aix_valid_message, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_aix_valid_message, SUDOERS_DEBUG_AUTH); if (message == NULL || message[0] == '\0') debug_return_bool(false); @@ -188,7 +188,7 @@ bool ret = false; sigset_t mask; int status; - debug_decl(sudo_aix_change_password, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_aix_change_password, SUDOERS_DEBUG_AUTH); /* Set SIGCHLD handler to default since we call waitpid() below. */ memset(&sa, 0, sizeof(sa)); @@ -239,7 +239,7 @@ char *pass, *message = NULL; int result = 1, reenter = 0; int ret = AUTH_SUCCESS; - debug_decl(sudo_aix_verify, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_aix_verify, SUDOERS_DEBUG_AUTH); do { pass = auth_getpass(prompt, SUDO_CONV_PROMPT_ECHO_OFF, callback); @@ -300,9 +300,9 @@ } int -sudo_aix_cleanup(struct passwd *pw, sudo_auth *auth) +sudo_aix_cleanup(struct passwd *pw, sudo_auth *auth, bool force) { - debug_decl(sudo_aix_cleanup, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_aix_cleanup, SUDOERS_DEBUG_AUTH); /* Unset AUTHSTATE as it may not be correct for the runas user. */ if (sudo_unsetenv("AUTHSTATE") == -1) diff -Nru sudo-1.8.31/plugins/sudoers/auth/API sudo-1.9.0/plugins/sudoers/auth/API --- sudo-1.8.31/plugins/sudoers/auth/API 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/auth/API 2020-05-11 16:28:23.000000000 +0000 @@ -16,7 +16,7 @@ int (*setup)(struct passwd *pw, char **prompt, sudo_auth *auth); int (*verify)(struct passwd *pw, char *p, sudo_auth *auth, struct sudo_conv_callback *callback); int (*approval)(struct passwd *pw, sudo_auth *auth); - int (*cleanup)(struct passwd *pw, sudo_auth *auth); + int (*cleanup)(struct passwd *pw, sudo_auth *auth, bool force); int (*begin_session)(struct passwd *pw, char **user_env[], struct sudo_auth *auth); int (*end_session)(struct passwd *pw, struct sudo_auth *auth); } sudo_auth; @@ -88,12 +88,13 @@ For PAM, this calls pam_acct_mgmt(). For BSD auth, it calls auth_approval(). - int cleanup(struct passwd *pw, sudo_auth *auth) + int cleanup(struct passwd *pw, sudo_auth *auth, bool force) Function to do per-auth method cleanup. This is only run at the end of the authentication process, after the user has completely failed or succeeded to authenticate. The ``auth->status'' variable contains the result of the last authentication attempt which may be interesting. + If the force flag is set, cleanup should happen immediately. int begin_session(struct passwd *pw, char **user_env[], struct sudo_auth *auth) Function to begin a user session. This is used for session handling diff -Nru sudo-1.8.31/plugins/sudoers/auth/bsdauth.c sudo-1.9.0/plugins/sudoers/auth/bsdauth.c --- sudo-1.8.31/plugins/sudoers/auth/bsdauth.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/auth/bsdauth.c 2020-05-11 16:28:23.000000000 +0000 @@ -63,7 +63,7 @@ bsdauth_init(struct passwd *pw, sudo_auth *auth) { static struct bsdauth_state state; - debug_decl(bsdauth_init, SUDOERS_DEBUG_AUTH) + debug_decl(bsdauth_init, SUDOERS_DEBUG_AUTH); /* Get login class based on auth user, which may not be invoking user. */ if (pw->pw_class && *pw->pw_class) @@ -113,7 +113,7 @@ int authok = 0; struct sigaction sa, osa; auth_session_t *as = ((struct bsdauth_state *) auth->data)->as; - debug_decl(bsdauth_verify, SUDOERS_DEBUG_AUTH) + debug_decl(bsdauth_verify, SUDOERS_DEBUG_AUTH); /* save old signal handler */ sigemptyset(&sa.sa_mask); @@ -178,7 +178,7 @@ bsdauth_approval(struct passwd *pw, sudo_auth *auth, bool exempt) { struct bsdauth_state *state = auth->data; - debug_decl(bsdauth_approval, SUDOERS_DEBUG_AUTH) + debug_decl(bsdauth_approval, SUDOERS_DEBUG_AUTH); if (auth_approval(state->as, state->lc, pw->pw_name, "auth-sudo") == 0) { if (auth_getstate(state->as) & AUTH_EXPIRED) @@ -191,10 +191,10 @@ } int -bsdauth_cleanup(struct passwd *pw, sudo_auth *auth) +bsdauth_cleanup(struct passwd *pw, sudo_auth *auth, bool force) { struct bsdauth_state *state = auth->data; - debug_decl(bsdauth_cleanup, SUDOERS_DEBUG_AUTH) + debug_decl(bsdauth_cleanup, SUDOERS_DEBUG_AUTH); if (state != NULL) { auth_close(state->as); diff -Nru sudo-1.8.31/plugins/sudoers/auth/dce.c sudo-1.9.0/plugins/sudoers/auth/dce.c --- sudo-1.8.31/plugins/sudoers/auth/dce.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/auth/dce.c 2020-05-11 16:28:23.000000000 +0000 @@ -71,7 +71,7 @@ boolean32 reset_passwd; sec_login_auth_src_t auth_src; error_status_t status; - debug_decl(sudo_dce_verify, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_dce_verify, SUDOERS_DEBUG_AUTH); /* * Create the local context of the DCE principal necessary @@ -186,7 +186,7 @@ { int error_stat; unsigned char error_string[dce_c_error_string_len]; - debug_decl(check_dce_status, SUDOERS_DEBUG_AUTH) + debug_decl(check_dce_status, SUDOERS_DEBUG_AUTH); if (input_status == rpc_s_ok) debug_return_int(0); diff -Nru sudo-1.8.31/plugins/sudoers/auth/fwtk.c sudo-1.9.0/plugins/sudoers/auth/fwtk.c --- sudo-1.8.31/plugins/sudoers/auth/fwtk.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/auth/fwtk.c 2020-05-11 16:28:23.000000000 +0000 @@ -53,7 +53,7 @@ { static Cfg *confp; /* Configuration entry struct */ char resp[128]; /* Response from the server */ - debug_decl(sudo_fwtk_init, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_fwtk_init, SUDOERS_DEBUG_AUTH); if ((confp = cfg_read("sudo")) == (Cfg *)-1) { sudo_warnx(U_("unable to read fwtk config")); @@ -85,7 +85,7 @@ char buf[SUDO_CONV_REPL_MAX + 12]; /* General prupose buffer */ char resp[128]; /* Response from the server */ int error; - debug_decl(sudo_fwtk_verify, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_fwtk_verify, SUDOERS_DEBUG_AUTH); /* Send username to authentication server. */ (void) snprintf(buf, sizeof(buf), "authorize %s 'sudo'", pw->pw_name); @@ -145,9 +145,9 @@ } int -sudo_fwtk_cleanup(struct passwd *pw, sudo_auth *auth) +sudo_fwtk_cleanup(struct passwd *pw, sudo_auth *auth, bool force) { - debug_decl(sudo_fwtk_cleanup, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_fwtk_cleanup, SUDOERS_DEBUG_AUTH); auth_close(); debug_return_int(AUTH_SUCCESS); diff -Nru sudo-1.8.31/plugins/sudoers/auth/kerb5.c sudo-1.9.0/plugins/sudoers/auth/kerb5.c --- sudo-1.8.31/plugins/sudoers/auth/kerb5.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/auth/kerb5.c 2020-05-11 16:28:23.000000000 +0000 @@ -95,7 +95,7 @@ sudo_krb5_setup(struct passwd *pw, char **promptp, sudo_auth *auth) { static char *krb5_prompt; - debug_decl(sudo_krb5_init, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_krb5_init, SUDOERS_DEBUG_AUTH); if (krb5_prompt == NULL) { krb5_context sudo_context; @@ -138,7 +138,7 @@ krb5_context sudo_context; krb5_error_code error; char cache_name[64], *pname = pw->pw_name; - debug_decl(sudo_krb5_init, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_krb5_init, SUDOERS_DEBUG_AUTH); auth->data = (void *) &sudo_krb5_data; /* Stash all our data here */ @@ -190,7 +190,7 @@ krb5_principal princ; krb5_ccache ccache; krb5_error_code error; - debug_decl(sudo_krb5_verify, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_krb5_verify, SUDOERS_DEBUG_AUTH); sudo_context = ((sudo_krb5_datap) auth->data)->sudo_context; princ = ((sudo_krb5_datap) auth->data)->princ; @@ -209,7 +209,7 @@ krb5_ccache ccache; krb5_error_code error; krb5_get_init_creds_opt *opts = NULL; - debug_decl(sudo_krb5_verify, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_krb5_verify, SUDOERS_DEBUG_AUTH); sudo_context = ((sudo_krb5_datap) auth->data)->sudo_context; princ = ((sudo_krb5_datap) auth->data)->princ; @@ -268,12 +268,12 @@ #endif int -sudo_krb5_cleanup(struct passwd *pw, sudo_auth *auth) +sudo_krb5_cleanup(struct passwd *pw, sudo_auth *auth, bool force) { krb5_context sudo_context; krb5_principal princ; krb5_ccache ccache; - debug_decl(sudo_krb5_cleanup, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_krb5_cleanup, SUDOERS_DEBUG_AUTH); sudo_context = ((sudo_krb5_datap) auth->data)->sudo_context; princ = ((sudo_krb5_datap) auth->data)->princ; @@ -305,7 +305,7 @@ krb5_error_code error; krb5_principal server; krb5_verify_init_creds_opt vopt; - debug_decl(verify_krb_v5_tgt, SUDOERS_DEBUG_AUTH) + debug_decl(verify_krb_v5_tgt, SUDOERS_DEBUG_AUTH); /* * Get the server principal for the local host. diff -Nru sudo-1.8.31/plugins/sudoers/auth/pam.c sudo-1.9.0/plugins/sudoers/auth/pam.c --- sudo-1.8.31/plugins/sudoers/auth/pam.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/auth/pam.c 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1999-2005, 2007-2019 Todd C. Miller + * Copyright (c) 1999-2005, 2007-2020 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -103,7 +103,7 @@ static void conv_filter_init(void) { - debug_decl(conv_filter_init, SUDOERS_DEBUG_AUTH) + debug_decl(conv_filter_init, SUDOERS_DEBUG_AUTH); #ifdef __hpux__ /* @@ -198,7 +198,7 @@ const char *tty = user_ttypath; const char *errstr, *pam_service; int rc; - debug_decl(sudo_pam_init, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_pam_init, SUDOERS_DEBUG_AUTH); /* Stash pointer to last pam status. */ auth->data = &pam_status; @@ -229,22 +229,25 @@ /* * Set PAM_RUSER to the invoking user (the "from" user). - * We set PAM_RHOST to avoid a bug in Solaris 7 and below. + * Solaris 7 and below require PAM_RHOST to be set if PAM_RUSER is. + * Note: PAM_RHOST may cause a DNS lookup on Linux in libaudit. */ - rc = pam_set_item(pamh, PAM_RUSER, user_name); - if (rc != PAM_SUCCESS) { - errstr = sudo_pam_strerror(pamh, rc); - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "pam_set_item(pamh, PAM_RUSER, %s): %s", user_name, errstr); + if (def_pam_ruser) { + rc = pam_set_item(pamh, PAM_RUSER, user_name); + if (rc != PAM_SUCCESS) { + errstr = sudo_pam_strerror(pamh, rc); + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "pam_set_item(pamh, PAM_RUSER, %s): %s", user_name, errstr); + } } -#ifdef __sun__ - rc = pam_set_item(pamh, PAM_RHOST, user_host); - if (rc != PAM_SUCCESS) { - errstr = sudo_pam_strerror(pamh, rc); - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "pam_set_item(pamh, PAM_RHOST, %s): %s", user_host, errstr); + if (def_pam_rhost) { + rc = pam_set_item(pamh, PAM_RHOST, user_host); + if (rc != PAM_SUCCESS) { + errstr = sudo_pam_strerror(pamh, rc); + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "pam_set_item(pamh, PAM_RHOST, %s): %s", user_host, errstr); + } } -#endif #if defined(__LINUX_PAM__) || defined(__sun__) /* @@ -292,7 +295,7 @@ { const char *s; int *pam_status = (int *) auth->data; - debug_decl(sudo_pam_verify, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_pam_verify, SUDOERS_DEBUG_AUTH); def_prompt = prompt; /* for converse */ getpass_error = false; /* set by converse if user presses ^C */ @@ -327,7 +330,7 @@ const char *s; int rc, status = AUTH_SUCCESS; int *pam_status = (int *) auth->data; - debug_decl(sudo_pam_approval, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_pam_approval, SUDOERS_DEBUG_AUTH); if (def_pam_acct_mgmt) { rc = pam_acct_mgmt(pamh, PAM_SILENT); @@ -391,13 +394,13 @@ } int -sudo_pam_cleanup(struct passwd *pw, sudo_auth *auth) +sudo_pam_cleanup(struct passwd *pw, sudo_auth *auth, bool force) { int *pam_status = (int *) auth->data; - debug_decl(sudo_pam_cleanup, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_pam_cleanup, SUDOERS_DEBUG_AUTH); /* If successful, we can't close the session until sudo_pam_end_session() */ - if (*pam_status != PAM_SUCCESS || auth->end_session == NULL) { + if (force || *pam_status != PAM_SUCCESS || auth->end_session == NULL) { *pam_status = pam_end(pamh, *pam_status | PAM_DATA_SILENT); pamh = NULL; } @@ -410,7 +413,7 @@ int rc, status = AUTH_SUCCESS; int *pam_status = (int *) auth->data; const char *errstr; - debug_decl(sudo_pam_begin_session, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_pam_begin_session, SUDOERS_DEBUG_AUTH); /* * If there is no valid user we cannot open a PAM session. @@ -455,6 +458,7 @@ errstr = sudo_pam_strerror(pamh, rc); sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "pam_setcred: %s", errstr); + def_pam_setcred = false; } } @@ -522,7 +526,7 @@ { int rc, status = AUTH_SUCCESS; const char *errstr; - debug_decl(sudo_pam_end_session, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_pam_end_session, SUDOERS_DEBUG_AUTH); if (pamh != NULL) { /* @@ -595,7 +599,7 @@ use_pam_prompt(const char *pam_prompt) { size_t user_len; - debug_decl(use_pam_prompt, SUDOERS_DEBUG_AUTH) + debug_decl(use_pam_prompt, SUDOERS_DEBUG_AUTH); /* Always use sudo prompt if passprompt_override is set. */ if (def_passprompt_override) @@ -656,7 +660,7 @@ char *pass; int n, type; int ret = PAM_SUCCESS; - debug_decl(converse, SUDOERS_DEBUG_AUTH) + debug_decl(converse, SUDOERS_DEBUG_AUTH); if (num_msg <= 0 || num_msg > PAM_MAX_NUM_MSG) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, diff -Nru sudo-1.8.31/plugins/sudoers/auth/passwd.c sudo-1.9.0/plugins/sudoers/auth/passwd.c --- sudo-1.8.31/plugins/sudoers/auth/passwd.c 2019-10-28 12:27:45.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/auth/passwd.c 2020-05-11 16:28:23.000000000 +0000 @@ -48,7 +48,7 @@ int sudo_passwd_init(struct passwd *pw, sudo_auth *auth) { - debug_decl(sudo_passwd_init, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_passwd_init, SUDOERS_DEBUG_AUTH); #ifdef HAVE_SKEYACCESS if (skeyaccess(pw, user_tty, NULL, NULL) == 0) @@ -67,7 +67,7 @@ char *pw_epasswd = auth->data; size_t pw_len; int matched = 0; - debug_decl(sudo_passwd_verify, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_passwd_verify, SUDOERS_DEBUG_AUTH); /* An empty plain-text password must match an empty encrypted password. */ if (pass[0] == '\0') @@ -100,12 +100,10 @@ } int -sudo_passwd_cleanup(pw, auth) - struct passwd *pw; - sudo_auth *auth; +sudo_passwd_cleanup(struct passwd *pw, sudo_auth *auth, bool force) { char *pw_epasswd = auth->data; - debug_decl(sudo_passwd_cleanup, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_passwd_cleanup, SUDOERS_DEBUG_AUTH); if (pw_epasswd != NULL) { memset_s(pw_epasswd, SUDO_CONV_REPL_MAX, 0, strlen(pw_epasswd)); diff -Nru sudo-1.8.31/plugins/sudoers/auth/rfc1938.c sudo-1.9.0/plugins/sudoers/auth/rfc1938.c --- sudo-1.8.31/plugins/sudoers/auth/rfc1938.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/auth/rfc1938.c 2020-05-11 16:28:23.000000000 +0000 @@ -69,7 +69,7 @@ static char *orig_prompt = NULL, *new_prompt = NULL; static size_t op_len, np_size; static struct RFC1938 rfc1938; - debug_decl(sudo_rfc1938_setup, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_rfc1938_setup, SUDOERS_DEBUG_AUTH); /* Stash a pointer to the rfc1938 struct if we have not initialized */ if (!auth->data) @@ -133,7 +133,7 @@ int sudo_rfc1938_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback) { - debug_decl(sudo_rfc1938_verify, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_rfc1938_verify, SUDOERS_DEBUG_AUTH); if (rfc1938verify((struct RFC1938 *) auth->data, pass) == 0) debug_return_int(AUTH_SUCCESS); diff -Nru sudo-1.8.31/plugins/sudoers/auth/secureware.c sudo-1.9.0/plugins/sudoers/auth/secureware.c --- sudo-1.8.31/plugins/sudoers/auth/secureware.c 2019-10-28 12:27:45.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/auth/secureware.c 2020-05-11 16:28:23.000000000 +0000 @@ -58,7 +58,7 @@ int sudo_secureware_init(struct passwd *pw, sudo_auth *auth) { - debug_decl(sudo_secureware_init, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_secureware_init, SUDOERS_DEBUG_AUTH); #ifdef __alpha if (crypt_type == INT_MAX) @@ -76,7 +76,7 @@ { char *pw_epasswd = auth->data; char *epass = NULL; - debug_decl(sudo_secureware_verify, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_secureware_verify, SUDOERS_DEBUG_AUTH); /* An empty plain-text password must match an empty encrypted password. */ if (pass[0] == '\0') @@ -101,12 +101,10 @@ } int -sudo_secureware_cleanup(pw, auth) - struct passwd *pw; - sudo_auth *auth; +sudo_secureware_cleanup(struct passwd *pw, sudo_auth *auth, bool force) { char *pw_epasswd = auth->data; - debug_decl(sudo_secureware_cleanup, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_secureware_cleanup, SUDOERS_DEBUG_AUTH); if (pw_epasswd != NULL) { memset_s(pw_epasswd, SUDO_CONV_REPL_MAX, 0, strlen(pw_epasswd)); diff -Nru sudo-1.8.31/plugins/sudoers/auth/securid5.c sudo-1.9.0/plugins/sudoers/auth/securid5.c --- sudo-1.8.31/plugins/sudoers/auth/securid5.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/auth/securid5.c 2020-05-11 16:28:23.000000000 +0000 @@ -66,7 +66,7 @@ sudo_securid_init(struct passwd *pw, sudo_auth *auth) { static SDI_HANDLE sd_dat; /* SecurID handle */ - debug_decl(sudo_securid_init, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_securid_init, SUDOERS_DEBUG_AUTH); auth->data = (void *) &sd_dat; /* For method-specific data */ @@ -96,7 +96,7 @@ { SDI_HANDLE *sd = (SDI_HANDLE *) auth->data; int retval; - debug_decl(sudo_securid_setup, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_securid_setup, SUDOERS_DEBUG_AUTH); /* Re-initialize SecurID every time. */ if (SD_Init(sd) != ACM_OK) { @@ -147,7 +147,7 @@ { SDI_HANDLE *sd = (SDI_HANDLE *) auth->data; int ret; - debug_decl(sudo_securid_verify, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_securid_verify, SUDOERS_DEBUG_AUTH); pass = auth_getpass("Enter your PASSCODE: ", SUDO_CONV_PROMPT_ECHO_OFF, callback); diff -Nru sudo-1.8.31/plugins/sudoers/auth/sia.c sudo-1.9.0/plugins/sudoers/auth/sia.c --- sudo-1.8.31/plugins/sudoers/auth/sia.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/auth/sia.c 2020-05-11 16:28:23.000000000 +0000 @@ -55,7 +55,7 @@ { SIAENTITY *siah; int i; - debug_decl(sudo_sia_setup, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_sia_setup, SUDOERS_DEBUG_AUTH); /* Rebuild argv for sia_ses_init() */ sudo_argc = NewArgc + 1; @@ -86,7 +86,7 @@ SIAENTITY *siah = auth->data; char *pass; int rc; - debug_decl(sudo_sia_verify, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_sia_verify, SUDOERS_DEBUG_AUTH); /* Get password, return AUTH_INTR if we got ^C */ pass = auth_getpass(prompt, SUDO_CONV_PROMPT_ECHO_OFF, callback); @@ -106,10 +106,10 @@ } int -sudo_sia_cleanup(struct passwd *pw, sudo_auth *auth) +sudo_sia_cleanup(struct passwd *pw, sudo_auth *auth, bool force) { SIAENTITY *siah = auth->data; - debug_decl(sudo_sia_cleanup, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_sia_cleanup, SUDOERS_DEBUG_AUTH); (void) sia_ses_release(&siah); auth->data = NULL; @@ -122,7 +122,7 @@ { SIAENTITY *siah; int status = AUTH_FATAL; - debug_decl(sudo_sia_begin_session, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_sia_begin_session, SUDOERS_DEBUG_AUTH); /* Re-init sia for the target user's session. */ if (sia_ses_init(&siah, NewArgc, NewArgv, NULL, pw->pw_name, user_ttypath, 0, NULL) != SIASUCCESS) { diff -Nru sudo-1.8.31/plugins/sudoers/auth/sudo_auth.c sudo-1.9.0/plugins/sudoers/auth/sudo_auth.c --- sudo-1.8.31/plugins/sudoers/auth/sudo_auth.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/auth/sudo_auth.c 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1999-2005, 2008-2018 Todd C. Miller + * Copyright (c) 1999-2005, 2008-2020 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -107,7 +107,7 @@ { sudo_auth *auth; int status = AUTH_SUCCESS; - debug_decl(sudo_auth_init, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_auth_init, SUDOERS_DEBUG_AUTH); if (auth_switch[0].name == NULL) debug_return_int(0); @@ -178,7 +178,7 @@ sudo_auth_approval(struct passwd *pw, int validated, bool exempt) { sudo_auth *auth; - debug_decl(sudo_auth_approval, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_auth_approval, SUDOERS_DEBUG_AUTH); /* Call approval routines. */ for (auth = auth_switch; auth->name; auth++) { @@ -199,15 +199,15 @@ * Returns 0 on success and -1 on error. */ int -sudo_auth_cleanup(struct passwd *pw) +sudo_auth_cleanup(struct passwd *pw, bool force) { sudo_auth *auth; - debug_decl(sudo_auth_cleanup, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_auth_cleanup, SUDOERS_DEBUG_AUTH); /* Call cleanup routines. */ for (auth = auth_switch; auth->name; auth++) { if (auth->cleanup && !IS_DISABLED(auth)) { - int status = (auth->cleanup)(pw, auth); + int status = (auth->cleanup)(pw, auth, force); if (status == AUTH_FATAL) { /* Assume error msg already printed. */ debug_return_int(-1); @@ -221,7 +221,7 @@ pass_warn(void) { const char *warning = def_badpass_message; - debug_decl(pass_warn, SUDOERS_DEBUG_AUTH) + debug_decl(pass_warn, SUDOERS_DEBUG_AUTH); #ifdef INSULT if (def_insults) @@ -254,7 +254,7 @@ sudo_auth *auth; sigset_t mask, omask; struct sigaction sa, saved_sigtstp; - debug_decl(verify_user, SUDOERS_DEBUG_AUTH) + debug_decl(verify_user, SUDOERS_DEBUG_AUTH); /* Make sure we have at least one auth method. */ if (auth_switch[0].name == NULL) { @@ -374,7 +374,7 @@ sudo_auth_begin_session(struct passwd *pw, char **user_env[]) { sudo_auth *auth; - debug_decl(sudo_auth_begin_session, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_auth_begin_session, SUDOERS_DEBUG_AUTH); for (auth = auth_switch; auth->name; auth++) { if (auth->begin_session && !IS_DISABLED(auth)) { @@ -393,7 +393,7 @@ { sudo_auth *auth; bool needed = false; - debug_decl(sudo_auth_needs_end_session, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_auth_needs_end_session, SUDOERS_DEBUG_AUTH); for (auth = auth_switch; auth->name; auth++) { if (auth->end_session && !IS_DISABLED(auth)) { @@ -413,7 +413,7 @@ { sudo_auth *auth; int status; - debug_decl(sudo_auth_end_session, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_auth_end_session, SUDOERS_DEBUG_AUTH); for (auth = auth_switch; auth->name; auth++) { if (auth->end_session && !IS_DISABLED(auth)) { @@ -438,7 +438,7 @@ struct sudo_conv_message msg; struct sudo_conv_reply repl; sigset_t mask, omask; - debug_decl(auth_getpass, SUDOERS_DEBUG_AUTH) + debug_decl(auth_getpass, SUDOERS_DEBUG_AUTH); /* Mask user input if pwfeedback set and echo is off. */ if (type == SUDO_CONV_PROMPT_ECHO_OFF && def_pwfeedback) @@ -474,7 +474,7 @@ dump_auth_methods(void) { sudo_auth *auth; - debug_decl(dump_auth_methods, SUDOERS_DEBUG_AUTH) + debug_decl(dump_auth_methods, SUDOERS_DEBUG_AUTH); sudo_printf(SUDO_CONV_INFO_MSG, _("Authentication methods:")); for (auth = auth_switch; auth->name; auth++) diff -Nru sudo-1.8.31/plugins/sudoers/auth/sudo_auth.h sudo-1.9.0/plugins/sudoers/auth/sudo_auth.h --- sudo-1.8.31/plugins/sudoers/auth/sudo_auth.h 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/auth/sudo_auth.h 2020-05-11 16:28:23.000000000 +0000 @@ -34,7 +34,7 @@ int (*setup)(struct passwd *pw, char **prompt, struct sudo_auth *auth); int (*verify)(struct passwd *pw, char *p, struct sudo_auth *auth, struct sudo_conv_callback *callback); int (*approval)(struct passwd *pw, struct sudo_auth *auth, bool exempt); - int (*cleanup)(struct passwd *pw, struct sudo_auth *auth); + int (*cleanup)(struct passwd *pw, struct sudo_auth *auth, bool force); int (*begin_session)(struct passwd *pw, char **user_env[], struct sudo_auth *auth); int (*end_session)(struct passwd *pw, struct sudo_auth *auth); } sudo_auth; @@ -59,18 +59,18 @@ int bsdauth_init(struct passwd *pw, sudo_auth *auth); int bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback); int bsdauth_approval(struct passwd *pw, sudo_auth *auth, bool exempt); -int bsdauth_cleanup(struct passwd *pw, sudo_auth *auth); +int bsdauth_cleanup(struct passwd *pw, sudo_auth *auth, bool force); int sudo_aix_init(struct passwd *pw, sudo_auth *auth); int sudo_aix_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); -int sudo_aix_cleanup(struct passwd *pw, sudo_auth *auth); +int sudo_aix_cleanup(struct passwd *pw, sudo_auth *auth, bool force); int sudo_fwtk_init(struct passwd *pw, sudo_auth *auth); int sudo_fwtk_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback); -int sudo_fwtk_cleanup(struct passwd *pw, sudo_auth *auth); +int sudo_fwtk_cleanup(struct passwd *pw, sudo_auth *auth, bool force); int sudo_pam_init(struct passwd *pw, sudo_auth *auth); int sudo_pam_init_quiet(struct passwd *pw, sudo_auth *auth); int sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback); int sudo_pam_approval(struct passwd *pw, sudo_auth *auth, bool exempt); -int sudo_pam_cleanup(struct passwd *pw, sudo_auth *auth); +int sudo_pam_cleanup(struct passwd *pw, sudo_auth *auth, bool force); int sudo_pam_begin_session(struct passwd *pw, char **user_env[], sudo_auth *auth); int sudo_pam_end_session(struct passwd *pw, sudo_auth *auth); int sudo_securid_init(struct passwd *pw, sudo_auth *auth); @@ -78,7 +78,7 @@ int sudo_securid_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); int sudo_sia_setup(struct passwd *pw, char **prompt, sudo_auth *auth); int sudo_sia_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback); -int sudo_sia_cleanup(struct passwd *pw, sudo_auth *auth); +int sudo_sia_cleanup(struct passwd *pw, sudo_auth *auth, bool force); int sudo_sia_begin_session(struct passwd *pw, char **user_env[], sudo_auth *auth); /* Prototypes for normal methods */ @@ -87,15 +87,15 @@ int sudo_krb5_init(struct passwd *pw, sudo_auth *auth); int sudo_krb5_setup(struct passwd *pw, char **prompt, sudo_auth *auth); int sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); -int sudo_krb5_cleanup(struct passwd *pw, sudo_auth *auth); +int sudo_krb5_cleanup(struct passwd *pw, sudo_auth *auth, bool force); int sudo_passwd_init(struct passwd *pw, sudo_auth *auth); int sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); -int sudo_passwd_cleanup(struct passwd *pw, sudo_auth *auth); +int sudo_passwd_cleanup(struct passwd *pw, sudo_auth *auth, bool force); int sudo_rfc1938_setup(struct passwd *pw, char **prompt, sudo_auth *auth); int sudo_rfc1938_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); int sudo_secureware_init(struct passwd *pw, sudo_auth *auth); int sudo_secureware_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); -int sudo_secureware_cleanup(struct passwd *pw, sudo_auth *auth); +int sudo_secureware_cleanup(struct passwd *pw, sudo_auth *auth, bool force); /* Fields: name, flags, init, setup, verify, approval, cleanup, begin_sess, end_sess */ #define AUTH_ENTRY(n, f, i, s, v, a, c, b, e) \ diff -Nru sudo-1.8.31/plugins/sudoers/base64.c sudo-1.9.0/plugins/sudoers/base64.c --- sudo-1.8.31/plugins/sudoers/base64.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/base64.c 2020-05-11 16:28:23.000000000 +0000 @@ -69,7 +69,7 @@ unsigned char *out_end = out + out_size; const unsigned char *out0 = out; unsigned int rem, v; - debug_decl(base64_decode, SUDOERS_DEBUG_MATCH) + debug_decl(base64_decode, SUDOERS_DEBUG_MATCH); for (v = 0, rem = 0; *in != '\0' && *in != '='; in++) { unsigned char ch = base64dec_tab[(unsigned char)*in]; @@ -100,7 +100,7 @@ { size_t ii, io; unsigned int rem, v; - debug_decl(base64_encode, SUDOERS_DEBUG_MATCH) + debug_decl(base64_encode, SUDOERS_DEBUG_MATCH); for (io = 0, ii = 0, v = 0, rem = 0; ii < in_len; ii++) { unsigned char ch = in[ii]; diff -Nru sudo-1.8.31/plugins/sudoers/boottime.c sudo-1.9.0/plugins/sudoers/boottime.c --- sudo-1.8.31/plugins/sudoers/boottime.c 2019-10-28 12:28:53.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/boottime.c 2020-05-11 16:28:23.000000000 +0000 @@ -69,7 +69,7 @@ long long llval; ssize_t len; FILE *fp; - debug_decl(get_boottime, SUDOERS_DEBUG_UTIL) + debug_decl(get_boottime, SUDOERS_DEBUG_UTIL); /* read btime from /proc/stat */ fp = fopen("/proc/stat", "r"); @@ -107,7 +107,7 @@ size_t size; int mib[2]; struct timeval tv; - debug_decl(get_boottime, SUDOERS_DEBUG_UTIL) + debug_decl(get_boottime, SUDOERS_DEBUG_UTIL); mib[0] = CTL_KERN; mib[1] = KERN_BOOTTIME; @@ -130,7 +130,7 @@ get_boottime(struct timespec *ts) { struct utmpx *ut, key; - debug_decl(get_boottime, SUDOERS_DEBUG_UTIL) + debug_decl(get_boottime, SUDOERS_DEBUG_UTIL); memset(&key, 0, sizeof(key)); key.ut_type = BOOT_TIME; @@ -151,7 +151,7 @@ get_boottime(struct timespec *ts) { struct utmp *ut, key; - debug_decl(get_boottime, SUDOERS_DEBUG_UTIL) + debug_decl(get_boottime, SUDOERS_DEBUG_UTIL); memset(&key, 0, sizeof(key)); key.ut_type = BOOT_TIME; @@ -171,7 +171,7 @@ bool get_boottime(struct timespec *ts) { - debug_decl(get_boottime, SUDOERS_DEBUG_UTIL) + debug_decl(get_boottime, SUDOERS_DEBUG_UTIL); debug_return_bool(false); } #endif diff -Nru sudo-1.8.31/plugins/sudoers/bsm_audit.c sudo-1.9.0/plugins/sudoers/bsm_audit.c --- sudo-1.8.31/plugins/sudoers/bsm_audit.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/bsm_audit.c 2020-05-11 16:28:23.000000000 +0000 @@ -64,7 +64,7 @@ auditinfo_addr_t ainfo_addr; struct au_mask *mask; int rc; - debug_decl(audit_sudo_selected, SUDOERS_DEBUG_AUDIT) + debug_decl(audit_sudo_selected, SUDOERS_DEBUG_AUDIT); if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) < 0) { #ifdef BSM_AUDIT_COMPAT @@ -114,7 +114,7 @@ long au_cond; int aufd, selected; pid_t pid; - debug_decl(bsm_audit_success, SUDOERS_DEBUG_AUDIT) + debug_decl(bsm_audit_success, SUDOERS_DEBUG_AUDIT); /* * If we are not auditing, don't cut an audit record; just return. @@ -206,7 +206,7 @@ au_id_t auid; pid_t pid; int aufd; - debug_decl(bsm_audit_success, SUDOERS_DEBUG_AUDIT) + debug_decl(bsm_audit_success, SUDOERS_DEBUG_AUDIT); /* * If we are not auditing, don't cut an audit record; just return. diff -Nru sudo-1.8.31/plugins/sudoers/check.c sudo-1.9.0/plugins/sudoers/check.c --- sudo-1.8.31/plugins/sudoers/check.c 2020-01-24 18:16:25.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/check.c 2020-05-11 16:28:23.000000000 +0000 @@ -96,7 +96,7 @@ int ret = -1; char *prompt; bool lectured; - debug_decl(check_user_interactive, SUDOERS_DEBUG_AUTH) + debug_decl(check_user_interactive, SUDOERS_DEBUG_AUTH); /* Open, lock and read time stamp file if we are using it. */ if (!ISSET(mode, MODE_IGNORE_TICKET)) { @@ -167,7 +167,7 @@ struct getpass_closure closure = { TS_ERROR }; int ret = -1; bool exempt = false; - debug_decl(check_user, SUDOERS_DEBUG_AUTH) + debug_decl(check_user, SUDOERS_DEBUG_AUTH); /* * Init authentication system regardless of whether we need a password. @@ -223,7 +223,7 @@ } } timestamp_close(closure.cookie); - sudo_auth_cleanup(closure.auth_pw); + sudo_auth_cleanup(closure.auth_pw, !ISSET(validated, VALIDATE_SUCCESS)); if (closure.auth_pw != NULL) sudo_pw_delref(closure.auth_pw); @@ -242,7 +242,7 @@ ssize_t nread; struct sudo_conv_message msg; struct sudo_conv_reply repl; - debug_decl(lecture, SUDOERS_DEBUG_AUTH) + debug_decl(lecture, SUDOERS_DEBUG_AUTH); if (def_lecture == never || (def_lecture == once && already_lectured(status))) @@ -279,7 +279,7 @@ user_is_exempt(void) { bool ret = false; - debug_decl(user_is_exempt, SUDOERS_DEBUG_AUTH) + debug_decl(user_is_exempt, SUDOERS_DEBUG_AUTH); if (def_exempt_group) ret = user_in_group(sudo_user.pw, def_exempt_group); @@ -295,7 +295,7 @@ get_authpw(int mode) { struct passwd *pw = NULL; - debug_decl(get_authpw, SUDOERS_DEBUG_AUTH) + debug_decl(get_authpw, SUDOERS_DEBUG_AUTH); if (ISSET(mode, (MODE_CHECK|MODE_LIST))) { /* In list mode we always prompt for the user's password. */ @@ -336,7 +336,7 @@ check_user_shell(const struct passwd *pw) { const char *shell; - debug_decl(check_user_shell, SUDOERS_DEBUG_AUTH) + debug_decl(check_user_shell, SUDOERS_DEBUG_AUTH); if (!def_runas_check_shell) debug_return_bool(true); diff -Nru sudo-1.8.31/plugins/sudoers/cvtsudoers.c sudo-1.9.0/plugins/sudoers/cvtsudoers.c --- sudo-1.8.31/plugins/sudoers/cvtsudoers.c 2019-11-06 16:36:20.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/cvtsudoers.c 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2018 Todd C. Miller + * Copyright (c) 2018-2020 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -110,7 +110,7 @@ const char *output_file = "-"; const char *conf_file = _PATH_CVTSUDOERS_CONF; const char *errstr; - debug_decl(main, SUDOERS_DEBUG_MAIN) + debug_decl(main, SUDOERS_DEBUG_MAIN); #if defined(SUDO_DEVEL) && defined(__OpenBSD__) { @@ -404,7 +404,7 @@ { struct cvtsudoers_conf_table *cur; const char *errstr; - debug_decl(sudo_ldap_parse_keyword, SUDOERS_DEBUG_UTIL) + debug_decl(sudo_ldap_parse_keyword, SUDOERS_DEBUG_UTIL); /* Look up keyword in config tables */ for (cur = table; cur->conf_str != NULL; cur++) { @@ -449,7 +449,7 @@ char *line = NULL; size_t linesize = 0; FILE *fp; - debug_decl(cvtsudoers_conf_read, SUDOERS_DEBUG_UTIL) + debug_decl(cvtsudoers_conf_read, SUDOERS_DEBUG_UTIL); if ((fp = fopen(conf_file, "r")) == NULL) debug_return_ptr(&cvtsudoers_config); @@ -488,7 +488,7 @@ static void cvtsudoers_conf_free(struct cvtsudoers_config *conf) { - debug_decl(cvtsudoers_conf_free, SUDOERS_DEBUG_UTIL) + debug_decl(cvtsudoers_conf_free, SUDOERS_DEBUG_UTIL); if (conf != NULL) { free(conf->sudoers_base); @@ -507,7 +507,7 @@ { char *last, *cp = expression; int flags = 0; - debug_decl(cvtsudoers_parse_defaults, SUDOERS_DEBUG_UTIL) + debug_decl(cvtsudoers_parse_defaults, SUDOERS_DEBUG_UTIL); for ((cp = strtok_r(cp, ",", &last)); cp != NULL; (cp = strtok_r(NULL, ",", &last))) { if (strcasecmp(cp, "all") == 0) { @@ -536,7 +536,7 @@ { char *last, *cp = expression; int flags = 0; - debug_decl(cvtsudoers_parse_suppression, SUDOERS_DEBUG_UTIL) + debug_decl(cvtsudoers_parse_suppression, SUDOERS_DEBUG_UTIL); for ((cp = strtok_r(cp, ",", &last)); cp != NULL; (cp = strtok_r(NULL, ",", &last))) { if (strcasecmp(cp, "defaults") == 0) { @@ -558,7 +558,7 @@ cvtsudoers_parse_filter(char *expression) { char *last, *cp = expression; - debug_decl(cvtsudoers_parse_filter, SUDOERS_DEBUG_UTIL) + debug_decl(cvtsudoers_parse_filter, SUDOERS_DEBUG_UTIL); if (filters == NULL) { if ((filters = malloc(sizeof(*filters))) == NULL) { @@ -614,7 +614,7 @@ struct cvtsudoers_config *conf) { FILE *fp = stdin; - debug_decl(parse_ldif, SUDOERS_DEBUG_UTIL) + debug_decl(parse_ldif, SUDOERS_DEBUG_UTIL); /* Open LDIF file and parse it. */ if (strcmp(input_file, "-") != 0) { @@ -629,7 +629,7 @@ static bool parse_sudoers(const char *input_file, struct cvtsudoers_config *conf) { - debug_decl(parse_sudoers, SUDOERS_DEBUG_UTIL) + debug_decl(parse_sudoers, SUDOERS_DEBUG_UTIL); /* Open sudoers file and parse it. */ if (strcmp(input_file, "-") == 0) { @@ -669,7 +669,7 @@ struct sudoers_string *s; struct member *m, *next; bool ret = false; - debug_decl(userlist_matches_filter, SUDOERS_DEBUG_UTIL) + debug_decl(userlist_matches_filter, SUDOERS_DEBUG_UTIL); if (filters == NULL || (STAILQ_EMPTY(&filters->users) && STAILQ_EMPTY(&filters->groups))) @@ -747,7 +747,7 @@ bool ret = false; char **shosts; int n = 0; - debug_decl(hostlist_matches_filter, SUDOERS_DEBUG_UTIL) + debug_decl(hostlist_matches_filter, SUDOERS_DEBUG_UTIL); if (filters == NULL || STAILQ_EMPTY(&filters->hosts)) debug_return_bool(true); @@ -827,7 +827,7 @@ struct sudo_lbuf *lbuf, bool expand_aliases) { struct defaults *def, *next; - debug_decl(print_defaults_sudoers, SUDOERS_DEBUG_UTIL) + debug_decl(print_defaults_sudoers, SUDOERS_DEBUG_UTIL); TAILQ_FOREACH_SAFE(def, &parse_tree->defaults, entries, next) { sudoers_format_default_line(lbuf, parse_tree, def, &next, @@ -843,7 +843,7 @@ { struct sudo_lbuf *lbuf = v; struct member *m; - debug_decl(print_alias_sudoers, SUDOERS_DEBUG_UTIL) + debug_decl(print_alias_sudoers, SUDOERS_DEBUG_UTIL); sudo_lbuf_append(lbuf, "%s %s = ", alias_type_to_string(a->type), a->name); @@ -864,7 +864,7 @@ print_aliases_sudoers(struct sudoers_parse_tree *parse_tree, struct sudo_lbuf *lbuf) { - debug_decl(print_aliases_sudoers, SUDOERS_DEBUG_UTIL) + debug_decl(print_aliases_sudoers, SUDOERS_DEBUG_UTIL); alias_apply(parse_tree, print_alias_sudoers, lbuf); @@ -888,7 +888,7 @@ { struct userspec *us, *next_us; struct privilege *priv, *next_priv; - debug_decl(filter_userspecs, SUDOERS_DEBUG_UTIL) + debug_decl(filter_userspecs, SUDOERS_DEBUG_UTIL); if (filters == NULL) debug_return; @@ -931,7 +931,7 @@ struct alias *a; struct member *m; bool ret = false; - debug_decl(alias_matches, SUDOERS_DEBUG_ALIAS) + debug_decl(alias_matches, SUDOERS_DEBUG_ALIAS); if (strcmp(name, alias_name) == 0) debug_return_bool(true); @@ -967,7 +967,7 @@ struct cmndspec *cs, *cs_next; struct member *m, *m_next; struct member *am, *am_next; - debug_decl(alias_used_by_userspecs, SUDOERS_DEBUG_ALIAS) + debug_decl(alias_used_by_userspecs, SUDOERS_DEBUG_ALIAS); /* Iterate over the policy, checking for aliases. */ TAILQ_FOREACH_SAFE(us, &parse_tree->userspecs, entries, us_next) { @@ -1038,6 +1038,27 @@ } /* + * For each alias listed in members, remove and free the alias. + * Frees the contents of members too. + */ +static void +free_aliases_by_members(struct sudoers_parse_tree *parse_tree, + struct member_list *members, int type) +{ + struct member *m; + struct alias *a; + debug_decl(free_aliases_by_members, SUDOERS_DEBUG_ALIAS); + + while ((m = TAILQ_FIRST(members)) != NULL) { + TAILQ_REMOVE(members, m, entries); + a = alias_remove(parse_tree, m->name, type); + alias_free(a); + free_member(m); + } + debug_return; +} + +/* * Apply filters to host/user-based Defaults, removing non-matching entries. */ static void @@ -1051,9 +1072,8 @@ struct member_list *prev_binding = NULL; struct defaults *def, *def_next; struct member *m, *m_next; - struct alias *a; int alias_type; - debug_decl(filter_defaults, SUDOERS_DEBUG_DEFAULTS) + debug_decl(filter_defaults, SUDOERS_DEBUG_DEFAULTS); if (filters == NULL && conf->defaults == CVT_DEFAULTS_ALL) debug_return; @@ -1138,29 +1158,13 @@ } } - /* Remove now-unreferenced aliases. */ + /* Determine unreferenced aliases and remove/free them. */ alias_used_by_userspecs(parse_tree, &user_aliases, &runas_aliases, &host_aliases, &cmnd_aliases); - TAILQ_FOREACH_SAFE(m, &user_aliases, entries, m_next) { - a = alias_remove(parse_tree, m->name, USERALIAS); - alias_free(a); - free_member(m); - } - TAILQ_FOREACH_SAFE(m, &runas_aliases, entries, m_next) { - a = alias_remove(parse_tree, m->name, RUNASALIAS); - alias_free(a); - free_member(m); - } - TAILQ_FOREACH_SAFE(m, &host_aliases, entries, m_next) { - a = alias_remove(parse_tree, m->name, HOSTALIAS); - alias_free(a); - free_member(m); - } - TAILQ_FOREACH_SAFE(m, &cmnd_aliases, entries, m_next) { - a = alias_remove(parse_tree, m->name, CMNDALIAS); - alias_free(a); - free_member(m); - } + free_aliases_by_members(parse_tree, &user_aliases, USERALIAS); + free_aliases_by_members(parse_tree, &runas_aliases, RUNASALIAS); + free_aliases_by_members(parse_tree, &host_aliases, HOSTALIAS); + free_aliases_by_members(parse_tree, &cmnd_aliases, CMNDALIAS); debug_return; } @@ -1172,7 +1176,7 @@ alias_remove_unused(struct sudoers_parse_tree *parse_tree) { struct rbtree *used_aliases; - debug_decl(alias_remove_unused, SUDOERS_DEBUG_ALIAS) + debug_decl(alias_remove_unused, SUDOERS_DEBUG_ALIAS); used_aliases = alloc_aliases(); if (used_aliases == NULL) @@ -1220,7 +1224,7 @@ alias_prune(struct sudoers_parse_tree *parse_tree, struct cvtsudoers_config *conf) { - debug_decl(alias_prune, SUDOERS_DEBUG_ALIAS) + debug_decl(alias_prune, SUDOERS_DEBUG_ALIAS); alias_apply(parse_tree, alias_prune_helper, conf); @@ -1236,7 +1240,7 @@ { bool ret = true; struct sudo_lbuf lbuf; - debug_decl(convert_sudoers_sudoers, SUDOERS_DEBUG_UTIL) + debug_decl(convert_sudoers_sudoers, SUDOERS_DEBUG_UTIL); if (strcmp(output_file, "-") == 0) { output_fp = stdout; @@ -1306,7 +1310,7 @@ "[-I increment] [-m filter] [-o output_file] [-O start_point] " "[-P padding] [-s sections] [input_file]\n", getprogname()); if (fatal) - exit(1); + exit(EXIT_FAILURE); } static void @@ -1331,5 +1335,5 @@ " -P, --padding=num base padding for sudoOrder increment\n" " -s, --suppress=sections suppress output of certain sections\n" " -V, --version display version information and exit")); - exit(0); + exit(EXIT_SUCCESS); } diff -Nru sudo-1.8.31/plugins/sudoers/cvtsudoers_json.c sudo-1.9.0/plugins/sudoers/cvtsudoers_json.c --- sudo-1.8.31/plugins/sudoers/cvtsudoers_json.c 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/cvtsudoers_json.c 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2013-2018 Todd C. Miller + * Copyright (c) 2013-2020 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -38,46 +38,18 @@ #include #include "sudoers.h" +#include "sudo_json.h" #include "cvtsudoers.h" #include /* - * JSON values may be of the following types. - */ -enum json_value_type { - JSON_STRING, - JSON_ID, - JSON_NUMBER, - JSON_OBJECT, - JSON_ARRAY, - JSON_BOOL, - JSON_NULL -}; - -/* - * JSON value suitable for printing. - * Note: this does not support object or array values. - */ -struct json_value { - enum json_value_type type; - union { - char *string; - int number; - id_t id; - bool boolean; - } u; -}; - -/* * Closure used to store state when iterating over all aliases. */ struct json_alias_closure { - FILE *fp; + struct json_container *json; const char *title; unsigned int count; int alias_type; - int indent; - bool need_comma; }; /* @@ -92,201 +64,56 @@ }; /* - * Print "indent" number of blank characters. - */ -static void -print_indent(FILE *fp, int indent) -{ - while (indent--) - putc(' ', fp); -} - -/* - * Print a JSON string, escaping special characters. - * Does not support unicode escapes. - */ -static void -print_string_json_unquoted(FILE *fp, const char *str) -{ - char ch; - - while ((ch = *str++) != '\0') { - switch (ch) { - case '"': - case '\\': - putc('\\', fp); - break; - case '\b': - ch = 'b'; - putc('\\', fp); - break; - case '\f': - ch = 'f'; - putc('\\', fp); - break; - case '\n': - ch = 'n'; - putc('\\', fp); - break; - case '\r': - ch = 'r'; - putc('\\', fp); - break; - case '\t': - ch = 't'; - putc('\\', fp); - break; - } - putc(ch, fp); - } -} - -/* - * Print a quoted JSON string, escaping special characters. - * Does not support unicode escapes. - */ -static void -print_string_json(FILE *fp, const char *str) -{ - putc('\"', fp); - print_string_json_unquoted(fp, str); - putc('\"', fp); -} - -/* - * Print a JSON name: value pair with proper quoting and escaping. - */ -static void -print_pair_json(FILE *fp, const char *pre, const char *name, - const struct json_value *value, const char *post, int indent) -{ - debug_decl(print_pair_json, SUDOERS_DEBUG_UTIL) - - print_indent(fp, indent); - - /* prefix */ - if (pre != NULL) - fputs(pre, fp); - - /* name */ - print_string_json(fp, name); - putc(':', fp); - putc(' ', fp); - - /* value */ - switch (value->type) { - case JSON_STRING: - print_string_json(fp, value->u.string); - break; - case JSON_ID: - fprintf(fp, "%u", (unsigned int)value->u.id); - break; - case JSON_NUMBER: - fprintf(fp, "%d", value->u.number); - break; - case JSON_NULL: - fputs("null", fp); - break; - case JSON_BOOL: - fputs(value->u.boolean ? "true" : "false", fp); - break; - case JSON_OBJECT: - sudo_fatalx("internal error: can't print JSON_OBJECT"); - break; - case JSON_ARRAY: - sudo_fatalx("internal error: can't print JSON_ARRAY"); - break; - } - - /* postfix */ - if (post != NULL) - fputs(post, fp); - - debug_return; -} - -/* - * Print a JSON string with optional prefix and postfix to fp. - * Strings are not quoted but are escaped as per the JSON spec. - */ -static void -printstr_json(FILE *fp, const char *pre, const char *str, const char *post, - int indent) -{ - debug_decl(printstr_json, SUDOERS_DEBUG_UTIL) - - print_indent(fp, indent); - if (pre != NULL) - fputs(pre, fp); - if (str != NULL) { - print_string_json_unquoted(fp, str); - } - if (post != NULL) - fputs(post, fp); - debug_return; -} - -/* - * Print sudo command member in JSON format, with specified indentation. - * If last_one is false, a comma will be printed before the newline - * that closes the object. + * Print sudo command member in JSON format, with correct indentation. */ static void -print_command_json(FILE *fp, const char *name, int type, bool negated, int indent, bool last_one) +print_command_json(struct json_container *json, const char *name, bool negated) { struct sudo_command *c = (struct sudo_command *)name; + struct command_digest *digest; struct json_value value; + char *cmnd = c->cmnd; const char *digest_name; - debug_decl(print_command_json, SUDOERS_DEBUG_UTIL) - - printstr_json(fp, "{", NULL, NULL, indent); - if (negated || c->digest != NULL) { - putc('\n', fp); - indent += 4; - } else { - putc(' ', fp); - indent = 0; - } + debug_decl(print_command_json, SUDOERS_DEBUG_UTIL); /* Print command with optional command line args. */ if (c->args != NULL) { - printstr_json(fp, "\"", "command", "\": ", indent); - printstr_json(fp, "\"", c->cmnd, " ", 0); - printstr_json(fp, NULL, c->args, "\"", 0); - } else { - value.type = JSON_STRING; - value.u.string = c->cmnd; - print_pair_json(fp, NULL, "command", &value, NULL, indent); - } - - /* Optional digest. */ - if (c->digest != NULL) { - fputs(",\n", fp); - digest_name = digest_type_to_name(c->digest->digest_type); - value.type = JSON_STRING; - value.u.string = c->digest->digest_str; - print_pair_json(fp, NULL, digest_name, &value, NULL, indent); + if (asprintf(&cmnd, "%s %s", c->cmnd, c->args) == -1) { + sudo_fatalx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); + } } + value.type = JSON_STRING; + value.u.string = cmnd ? cmnd : "ALL"; - /* Command may be negated. */ - if (negated) { - fputs(",\n", fp); - value.type = JSON_BOOL; - value.u.boolean = true; - print_pair_json(fp, NULL, "negated", &value, NULL, indent); - } - - if (indent != 0) { - indent -= 4; - putc('\n', fp); - print_indent(fp, indent); + if (!negated && TAILQ_EMPTY(&c->digests)) { + /* Print as { "command": "command and args" } */ + sudo_json_add_value_as_object(json, "command", &value); } else { - putc(' ', fp); + /* Print as multi-line object. */ + sudo_json_open_object(json, NULL); + sudo_json_add_value(json, "command", &value); + + /* Optional digest list. */ + TAILQ_FOREACH(digest, &c->digests, entries) { + digest_name = digest_type_to_name(digest->digest_type); + value.type = JSON_STRING; + value.u.string = digest->digest_str; + sudo_json_add_value(json, digest_name, &value); + } + + /* Command may be negated. */ + if (negated) { + value.type = JSON_BOOL; + value.u.boolean = true; + sudo_json_add_value(json, "negated", &value); + } + + sudo_json_close_object(json); } - putc('}', fp); - if (!last_one) - putc(',', fp); - putc('\n', fp); + + if (cmnd != c->cmnd) + free(cmnd); debug_return; } @@ -332,37 +159,38 @@ } /* - * Print struct member in JSON format, with specified indentation. - * If last_one is false, a comma will be printed before the newline - * that closes the object. + * Print struct member in JSON format, with correct indentation. */ static void -print_member_json_int(FILE *fp, struct sudoers_parse_tree *parse_tree, - char *name, int type, bool negated, enum word_type word_type, - bool last_one, int indent, bool expand_aliases) +print_member_json_int(struct json_container *json, + struct sudoers_parse_tree *parse_tree, char *name, int type, bool negated, + enum word_type word_type, bool expand_aliases) { struct json_value value; const char *typestr = NULL; const char *errstr; int alias_type = UNSPEC; id_t id; - debug_decl(print_member_json_int, SUDOERS_DEBUG_UTIL) + debug_decl(print_member_json_int, SUDOERS_DEBUG_UTIL); /* Most of the time we print a string. */ value.type = JSON_STRING; - if (name != NULL) { - value.u.string = name; - } else { - switch (type) { - case ALL: + switch (type) { + case ALL: + if (name == NULL) { value.u.string = "ALL"; - break; - case MYSELF: - value.u.string = ""; - break; - default: - sudo_fatalx("missing member name for type %d", type); + } else { + /* ALL used with digest, print as a command. */ + type = COMMAND; } + break; + case MYSELF: + value.u.string = ""; + break; + default: + if (name == NULL) + sudo_fatalx("missing member name for type %d", type); + value.u.string = name; } switch (type) { @@ -405,7 +233,7 @@ typestr = "networkaddr"; break; case COMMAND: - print_command_json(fp, name, type, negated, indent, last_one); + print_command_json(json, name, negated); debug_return; case ALL: case MYSELF: @@ -485,44 +313,35 @@ /* Print each member of the alias. */ if ((a = alias_get(parse_tree, value.u.string, alias_type)) != NULL) { TAILQ_FOREACH(m, &a->members, entries) { - print_member_json_int(fp, parse_tree, m->name, m->type, + print_member_json_int(json, parse_tree, m->name, m->type, negated ? !m->negated : m->negated, - alias_to_word_type(alias_type), - last_one && TAILQ_NEXT(m, entries) == NULL, indent, true); + alias_to_word_type(alias_type), true); } alias_put(a); } } else { if (negated) { - print_indent(fp, indent); - fputs("{\n", fp); - indent += 4; - print_pair_json(fp, NULL, typestr, &value, ",\n", indent); + sudo_json_open_object(json, NULL); + sudo_json_add_value(json, typestr, &value); value.type = JSON_BOOL; value.u.boolean = true; - print_pair_json(fp, NULL, "negated", &value, "\n", indent); - indent -= 4; - print_indent(fp, indent); - putc('}', fp); + sudo_json_add_value(json, "negated", &value); + sudo_json_close_object(json); } else { - print_pair_json(fp, "{ ", typestr, &value, " }", indent); + sudo_json_add_value_as_object(json, typestr, &value); } - - if (!last_one) - putc(',', fp); - putc('\n', fp); } debug_return; } static void -print_member_json(FILE *fp, struct sudoers_parse_tree *parse_tree, - struct member *m, enum word_type word_type, bool last_one, - int indent, bool expand_aliases) +print_member_json(struct json_container *json, + struct sudoers_parse_tree *parse_tree, struct member *m, + enum word_type word_type, bool expand_aliases) { - print_member_json_int(fp, parse_tree, m->name, m->type, m->negated, - word_type, last_one, indent, expand_aliases); + print_member_json_int(json, parse_tree, m->name, m->type, m->negated, + word_type, expand_aliases); } /* @@ -534,29 +353,23 @@ { struct json_alias_closure *closure = v; struct member *m; - debug_decl(print_alias_json, SUDOERS_DEBUG_UTIL) + debug_decl(print_alias_json, SUDOERS_DEBUG_UTIL); if (a->type != closure->alias_type) debug_return_int(0); /* Open the aliases object or close the last entry, then open new one. */ if (closure->count++ == 0) { - fprintf(closure->fp, "%s\n%*s\"%s\": {\n", - closure->need_comma ? "," : "", closure->indent, "", - closure->title); - closure->indent += 4; + sudo_json_open_object(closure->json, closure->title); } else { - fprintf(closure->fp, "%*s],\n", closure->indent, ""); + sudo_json_close_array(closure->json); } - printstr_json(closure->fp, "\"", a->name, "\": [\n", closure->indent); + sudo_json_open_array(closure->json, a->name); - closure->indent += 4; TAILQ_FOREACH(m, &a->members, entries) { - print_member_json(closure->fp, parse_tree, m, - alias_to_word_type(closure->alias_type), - TAILQ_NEXT(m, entries) == NULL, closure->indent, false); + print_member_json(closure->json, parse_tree, m, + alias_to_word_type(closure->alias_type), false); } - closure->indent -= 4; debug_return_int(0); } @@ -564,26 +377,23 @@ * Print the binding for a Defaults entry of the specified type. */ static void -print_binding_json(FILE *fp, struct sudoers_parse_tree *parse_tree, - struct member_list *binding, int type, int indent, bool expand_aliases) +print_binding_json(struct json_container *json, + struct sudoers_parse_tree *parse_tree, struct member_list *binding, + int type, bool expand_aliases) { struct member *m; - debug_decl(print_binding_json, SUDOERS_DEBUG_UTIL) + debug_decl(print_binding_json, SUDOERS_DEBUG_UTIL); if (TAILQ_EMPTY(binding)) debug_return; - fprintf(fp, "%*s\"Binding\": [\n", indent, ""); - indent += 4; - /* Print each member object in binding. */ + sudo_json_open_array(json, "Binding"); TAILQ_FOREACH(m, binding, entries) { - print_member_json(fp, parse_tree, m, defaults_to_word_type(type), - TAILQ_NEXT(m, entries) == NULL, indent, expand_aliases); + print_member_json(json, parse_tree, m, defaults_to_word_type(type), + expand_aliases); } - - indent -= 4; - fprintf(fp, "%*s],\n", indent, ""); + sudo_json_close_array(json); debug_return; } @@ -592,14 +402,13 @@ * Print a Defaults list JSON format. */ static void -print_defaults_list_json(FILE *fp, struct defaults *def, int indent) +print_defaults_list_json(struct json_container *json, struct defaults *def) { char savech, *start, *end = def->val; struct json_value value; - debug_decl(print_defaults_list_json, SUDOERS_DEBUG_UTIL) + debug_decl(print_defaults_list_json, SUDOERS_DEBUG_UTIL); - fprintf(fp, "%*s{\n", indent, ""); - indent += 4; + sudo_json_open_object(json, NULL); value.type = JSON_STRING; switch (def->op) { case '+': @@ -616,10 +425,8 @@ value.u.string = "unsupported"; break; } - print_pair_json(fp, NULL, "operation", &value, ",\n", indent); - printstr_json(fp, "\"", def->var, "\": [\n", indent); - indent += 4; - print_indent(fp, indent); + sudo_json_add_value(json, "operation", &value); + sudo_json_open_array(json, def->var); /* Split value into multiple space-separated words. */ do { /* Remove leading blanks, must have a non-empty string. */ @@ -633,16 +440,13 @@ continue; savech = *end; *end = '\0'; - print_string_json(fp, start); - if (savech != '\0') - putc(',', fp); + value.type = JSON_STRING; + value.u.string = start; + sudo_json_add_value(json, NULL, &value); *end = savech; } while (*end++ != '\0'); - putc('\n', fp); - indent -= 4; - fprintf(fp, "%*s]\n", indent, ""); - indent -= 4; - fprintf(fp, "%*s}", indent, ""); + sudo_json_close_array(json); + sudo_json_close_object(json); debug_return; } @@ -663,20 +467,19 @@ /* * Export all Defaults in JSON format. */ -static bool -print_defaults_json(FILE *fp, struct sudoers_parse_tree *parse_tree, - int indent, bool expand_aliases, bool need_comma) +static void +print_defaults_json(struct json_container *json, + struct sudoers_parse_tree *parse_tree, bool expand_aliases) { struct json_value value; struct defaults *def, *next; int type; - debug_decl(print_defaults_json, SUDOERS_DEBUG_UTIL) + debug_decl(print_defaults_json, SUDOERS_DEBUG_UTIL); if (TAILQ_EMPTY(&parse_tree->defaults)) - debug_return_bool(need_comma); + debug_return; - fprintf(fp, "%s\n%*s\"Defaults\": [\n", need_comma ? "," : "", indent, ""); - indent += 4; + sudo_json_open_array(json, "Defaults"); TAILQ_FOREACH_SAFE(def, &parse_tree->defaults, entries, next) { type = get_defaults_type(def); @@ -687,30 +490,28 @@ } /* Found it, print object container and binding (if any). */ - fprintf(fp, "%*s{\n", indent, ""); - indent += 4; - print_binding_json(fp, parse_tree, def->binding, def->type, - indent, expand_aliases); + sudo_json_open_object(json, NULL); + print_binding_json(json, parse_tree, def->binding, def->type, + expand_aliases); /* Validation checks. */ /* XXX - validate values in addition to names? */ /* Print options, merging ones with the same binding. */ - fprintf(fp, "%*s\"Options\": [\n", indent, ""); - indent += 4; + sudo_json_open_array(json, "Options"); for (;;) { next = TAILQ_NEXT(def, entries); /* XXX - need to update cur too */ if ((type & T_MASK) == T_FLAG || def->val == NULL) { value.type = JSON_BOOL; value.u.boolean = def->op; - print_pair_json(fp, "{ ", def->var, &value, " }", indent); + sudo_json_add_value_as_object(json, def->var, &value); } else if ((type & T_MASK) == T_LIST) { - print_defaults_list_json(fp, def, indent); + print_defaults_list_json(json, def); } else { value.type = JSON_STRING; value.u.string = def->val; - print_pair_json(fp, "{ ", def->var, &value, " }", indent); + sudo_json_add_value_as_object(json, def->var, &value); } if (next == NULL || def->binding != next->binding) break; @@ -721,137 +522,125 @@ /* XXX - just pass it through as a string anyway? */ break; } - fputs(",\n", fp); } - putc('\n', fp); - indent -= 4; - print_indent(fp, indent); - fputs("]\n", fp); - indent -= 4; - print_indent(fp, indent); - fprintf(fp, "}%s\n", next != NULL ? "," : ""); + sudo_json_close_array(json); + sudo_json_close_object(json); } /* Close Defaults array; comma (if any) & newline will be printer later. */ - indent -= 4; - print_indent(fp, indent); - fputs("]", fp); + sudo_json_close_array(json); - debug_return_bool(true); + debug_return; } /* * Export all aliases of the specified type in JSON format. * Iterates through the entire aliases tree. */ -static bool -print_aliases_by_type_json(FILE *fp, struct sudoers_parse_tree *parse_tree, - int alias_type, const char *title, int indent, bool need_comma) +static void +print_aliases_by_type_json(struct json_container *json, + struct sudoers_parse_tree *parse_tree, int alias_type, const char *title) { struct json_alias_closure closure; - debug_decl(print_aliases_by_type_json, SUDOERS_DEBUG_UTIL) + debug_decl(print_aliases_by_type_json, SUDOERS_DEBUG_UTIL); - closure.fp = fp; - closure.indent = indent; + closure.json = json; closure.count = 0; closure.alias_type = alias_type; closure.title = title; - closure.need_comma = need_comma; alias_apply(parse_tree, print_alias_json, &closure); if (closure.count != 0) { - print_indent(fp, closure.indent); - fputs("]\n", fp); - closure.indent -= 4; - print_indent(fp, closure.indent); - putc('}', fp); - need_comma = true; + sudo_json_close_array(json); + sudo_json_close_object(json); } - debug_return_bool(need_comma); + debug_return; } /* * Export all aliases in JSON format. */ -static bool -print_aliases_json(FILE *fp, struct sudoers_parse_tree *parse_tree, - int indent, bool need_comma) +static void +print_aliases_json(struct json_container *json, + struct sudoers_parse_tree *parse_tree) { - debug_decl(print_aliases_json, SUDOERS_DEBUG_UTIL) + debug_decl(print_aliases_json, SUDOERS_DEBUG_UTIL); + + print_aliases_by_type_json(json, parse_tree, USERALIAS, "User_Aliases"); + print_aliases_by_type_json(json, parse_tree, RUNASALIAS, "Runas_Aliases"); + print_aliases_by_type_json(json, parse_tree, HOSTALIAS, "Host_Aliases"); + print_aliases_by_type_json(json, parse_tree, CMNDALIAS, "Command_Aliases"); - need_comma = print_aliases_by_type_json(fp, parse_tree, USERALIAS, - "User_Aliases", indent, need_comma); - need_comma = print_aliases_by_type_json(fp, parse_tree, RUNASALIAS, - "Runas_Aliases", indent, need_comma); - need_comma = print_aliases_by_type_json(fp, parse_tree, HOSTALIAS, - "Host_Aliases", indent, need_comma); - need_comma = print_aliases_by_type_json(fp, parse_tree, CMNDALIAS, - "Command_Aliases", indent, need_comma); + debug_return; +} - debug_return_bool(need_comma); +/* Does the next entry differ only in the command itself? */ +static bool +cmndspec_continues(struct cmndspec *cs, struct cmndspec *next) +{ + bool ret = next != NULL && + !RUNAS_CHANGED(cs, next) && !TAGS_CHANGED(cs->tags, next->tags) +#ifdef HAVE_PRIV_SET + && cs->privs == next->privs && cs->limitprivs == next->limitprivs +#endif /* HAVE_PRIV_SET */ +#ifdef HAVE_SELINUX + && cs->role == next->role && cs->type == next->type +#endif /* HAVE_SELINUX */ + ; + return ret; } /* - * Print a Cmnd_Spec in JSON format at the specified indent level. + * Print a Cmnd_Spec in JSON format at the correct indent level. * A pointer to the next Cmnd_Spec is passed in to make it possible to * merge adjacent entries that are identical in all but the command. */ static void -print_cmndspec_json(FILE *fp, struct sudoers_parse_tree *parse_tree, - struct cmndspec *cs, struct cmndspec **nextp, - struct defaults_list *options, bool expand_aliases, int indent) +print_cmndspec_json(struct json_container *json, + struct sudoers_parse_tree *parse_tree, struct cmndspec *cs, + struct cmndspec **nextp, struct defaults_list *options, bool expand_aliases) { struct cmndspec *next = *nextp; struct json_value value; struct defaults *def; struct member *m; struct tm *tp; - bool last_one; char timebuf[sizeof("20120727121554Z")]; - debug_decl(print_cmndspec_json, SUDOERS_DEBUG_UTIL) + debug_decl(print_cmndspec_json, SUDOERS_DEBUG_UTIL); /* Open Cmnd_Spec object. */ - fprintf(fp, "%*s{\n", indent, ""); - indent += 4; + sudo_json_open_object(json, NULL); /* Print runasuserlist */ if (cs->runasuserlist != NULL) { - fprintf(fp, "%*s\"runasusers\": [\n", indent, ""); - indent += 4; + sudo_json_open_array(json, "runasusers"); TAILQ_FOREACH(m, cs->runasuserlist, entries) { - print_member_json(fp, parse_tree, m, TYPE_RUNASUSER, - TAILQ_NEXT(m, entries) == NULL, indent, expand_aliases); + print_member_json(json, parse_tree, m, TYPE_RUNASUSER, + expand_aliases); } - indent -= 4; - fprintf(fp, "%*s],\n", indent, ""); + sudo_json_close_array(json); } /* Print runasgrouplist */ if (cs->runasgrouplist != NULL) { - fprintf(fp, "%*s\"runasgroups\": [\n", indent, ""); - indent += 4; + sudo_json_open_array(json, "runasgroups"); TAILQ_FOREACH(m, cs->runasgrouplist, entries) { - print_member_json(fp, parse_tree, m, TYPE_RUNASGROUP, - TAILQ_NEXT(m, entries) == NULL, indent, expand_aliases); + print_member_json(json, parse_tree, m, TYPE_RUNASGROUP, + expand_aliases); } - indent -= 4; - fprintf(fp, "%*s],\n", indent, ""); + sudo_json_close_array(json); } /* Print options and tags */ if (cs->timeout > 0 || cs->notbefore != UNSPEC || cs->notafter != UNSPEC || TAGS_SET(cs->tags) || !TAILQ_EMPTY(options)) { struct cmndtag tag = cs->tags; - const char *prefix = "\n"; - fprintf(fp, "%*s\"Options\": [", indent, ""); - indent += 4; + sudo_json_open_array(json, "Options"); if (cs->timeout > 0) { value.type = JSON_NUMBER; value.u.number = cs->timeout; - fputs(prefix, fp); - print_pair_json(fp, "{ ", "command_timeout", &value, " }", indent); - prefix = ",\n"; + sudo_json_add_value_as_object(json, "command_timeout", &value); } if (cs->notbefore != UNSPEC) { if ((tp = gmtime(&cs->notbefore)) == NULL) { @@ -862,9 +651,7 @@ } else { value.type = JSON_STRING; value.u.string = timebuf; - fputs(prefix, fp); - print_pair_json(fp, "{ ", "notbefore", &value, " }", indent); - prefix = ",\n"; + sudo_json_add_value_as_object(json, "notbefore", &value); } } } @@ -877,60 +664,44 @@ } else { value.type = JSON_STRING; value.u.string = timebuf; - fputs(prefix, fp); - print_pair_json(fp, "{ ", "notafter", &value, " }", indent); - prefix = ",\n"; + sudo_json_add_value_as_object(json, "notafter", &value); } } } if (tag.nopasswd != UNSPEC) { value.type = JSON_BOOL; value.u.boolean = !tag.nopasswd; - fputs(prefix, fp); - print_pair_json(fp, "{ ", "authenticate", &value, " }", indent); - prefix = ",\n"; + sudo_json_add_value_as_object(json, "authenticate", &value); } if (tag.noexec != UNSPEC) { value.type = JSON_BOOL; value.u.boolean = tag.noexec; - fputs(prefix, fp); - print_pair_json(fp, "{ ", "noexec", &value, " }", indent); - prefix = ",\n"; + sudo_json_add_value_as_object(json, "noexec", &value); } if (tag.send_mail != UNSPEC) { value.type = JSON_BOOL; value.u.boolean = tag.send_mail; - fputs(prefix, fp); - print_pair_json(fp, "{ ", "send_mail", &value, " }", indent); - prefix = ",\n"; + sudo_json_add_value_as_object(json, "send_mail", &value); } if (tag.setenv != UNSPEC) { value.type = JSON_BOOL; value.u.boolean = tag.setenv; - fputs(prefix, fp); - print_pair_json(fp, "{ ", "setenv", &value, " }", indent); - prefix = ",\n"; + sudo_json_add_value_as_object(json, "setenv", &value); } if (tag.follow != UNSPEC) { value.type = JSON_BOOL; value.u.boolean = tag.follow; - fputs(prefix, fp); - print_pair_json(fp, "{ ", "sudoedit_follow", &value, " }", indent); - prefix = ",\n"; + sudo_json_add_value_as_object(json, "sudoedit_follow", &value); } if (tag.log_input != UNSPEC) { value.type = JSON_BOOL; value.u.boolean = tag.log_input; - fputs(prefix, fp); - print_pair_json(fp, "{ ", "log_input", &value, " }", indent); - prefix = ",\n"; + sudo_json_add_value_as_object(json, "log_input", &value); } if (tag.log_output != UNSPEC) { value.type = JSON_BOOL; value.u.boolean = tag.log_output; - fputs(prefix, fp); - print_pair_json(fp, "{ ", "log_output", &value, " }", indent); - prefix = ",\n"; + sudo_json_add_value_as_object(json, "log_output", &value); } TAILQ_FOREACH(def, options, entries) { int type = get_defaults_type(def); @@ -939,57 +710,48 @@ /* XXX - just pass it through as a string anyway? */ continue; } - fputs(prefix, fp); if ((type & T_MASK) == T_FLAG || def->val == NULL) { value.type = JSON_BOOL; value.u.boolean = def->op; - print_pair_json(fp, "{ ", def->var, &value, " }", indent); + sudo_json_add_value_as_object(json, def->var, &value); } else if ((type & T_MASK) == T_LIST) { - print_defaults_list_json(fp, def, indent); + print_defaults_list_json(json, def); } else { value.type = JSON_STRING; value.u.string = def->val; - print_pair_json(fp, "{ ", def->var, &value, " }", indent); + sudo_json_add_value_as_object(json, def->var, &value); } - prefix = ",\n"; } - putc('\n', fp); - indent -= 4; - fprintf(fp, "%*s],\n", indent, ""); + sudo_json_close_array(json); } #ifdef HAVE_SELINUX /* Print SELinux role/type */ if (cs->role != NULL && cs->type != NULL) { - fprintf(fp, "%*s\"SELinux_Spec\": [\n", indent, ""); - indent += 4; + sudo_json_open_array(json, "SELinux_Spec"); value.type = JSON_STRING; value.u.string = cs->role; - print_pair_json(fp, NULL, "role", &value, ",\n", indent); + sudo_json_add_value(json, "role", &value); value.u.string = cs->type; - print_pair_json(fp, NULL, "type", &value, "\n", indent); - indent -= 4; - fprintf(fp, "%*s],\n", indent, ""); + sudo_json_add_value(json, "type", &value); + sudo_json_close_array(json); } #endif /* HAVE_SELINUX */ #ifdef HAVE_PRIV_SET /* Print Solaris privs/limitprivs */ if (cs->privs != NULL || cs->limitprivs != NULL) { - fprintf(fp, "%*s\"Solaris_Priv_Spec\": [\n", indent, ""); - indent += 4; + sudo_json_open_array(json, "Solaris_Priv_Spec"); value.type = JSON_STRING; if (cs->privs != NULL) { value.u.string = cs->privs; - print_pair_json(fp, NULL, "privs", &value, - cs->limitprivs != NULL ? ",\n" : "\n", indent); + sudo_json_add_value(json, "privs", &value); } if (cs->limitprivs != NULL) { value.u.string = cs->limitprivs; - print_pair_json(fp, NULL, "limitprivs", &value, "\n", indent); + sudo_json_add_value(json, "limitprivs", &value); } - indent -= 4; - fprintf(fp, "%*s],\n", indent, ""); + sudo_json_close_array(json); } #endif /* HAVE_PRIV_SET */ @@ -997,34 +759,20 @@ * Merge adjacent commands with matching tags, runas, SELinux * role/type and Solaris priv settings. */ - fprintf(fp, "%*s\"Commands\": [\n", indent, ""); - indent += 4; + sudo_json_open_array(json, "Commands"); for (;;) { + print_member_json(json, parse_tree, cs->cmnd, TYPE_COMMAND, + expand_aliases); /* Does the next entry differ only in the command itself? */ - /* XXX - move into a function that returns bool */ - last_one = next == NULL || - RUNAS_CHANGED(cs, next) || TAGS_CHANGED(cs->tags, next->tags) -#ifdef HAVE_PRIV_SET - || cs->privs != next->privs || cs->limitprivs != next->limitprivs -#endif /* HAVE_PRIV_SET */ -#ifdef HAVE_SELINUX - || cs->role != next->role || cs->type != next->type -#endif /* HAVE_SELINUX */ - ; - - print_member_json(fp, parse_tree, cs->cmnd, TYPE_COMMAND, - last_one, indent, expand_aliases); - if (last_one) + if (!cmndspec_continues(cs, next)) break; cs = next; next = TAILQ_NEXT(cs, entries); } - indent -= 4; - fprintf(fp, "%*s]\n", indent, ""); + sudo_json_close_array(json); /* Close Cmnd_Spec object. */ - indent -= 4; - fprintf(fp, "%*s}%s\n", indent, "", TAILQ_NEXT(cs, entries) != NULL ? "," : ""); + sudo_json_close_object(json); *nextp = next; @@ -1032,16 +780,17 @@ } /* - * Print a User_Spec in JSON format at the specified indent level. + * Print a User_Spec in JSON format at the correct indent level. */ static void -print_userspec_json(FILE *fp, struct sudoers_parse_tree *parse_tree, - struct userspec *us, int indent, bool expand_aliases) +print_userspec_json(struct json_container *json, + struct sudoers_parse_tree *parse_tree, struct userspec *us, + bool expand_aliases) { struct privilege *priv; struct member *m; struct cmndspec *cs, *next; - debug_decl(print_userspec_json, SUDOERS_DEBUG_UTIL) + debug_decl(print_userspec_json, SUDOERS_DEBUG_UTIL); /* * Each userspec struct may contain multiple privileges for @@ -1050,67 +799,56 @@ */ TAILQ_FOREACH(priv, &us->privileges, entries) { /* Open User_Spec object. */ - fprintf(fp, "%*s{\n", indent, ""); - indent += 4; + sudo_json_open_object(json, NULL); /* Print users list. */ - fprintf(fp, "%*s\"User_List\": [\n", indent, ""); - indent += 4; + sudo_json_open_array(json, "User_List"); TAILQ_FOREACH(m, &us->users, entries) { - print_member_json(fp, parse_tree, m, TYPE_USERNAME, - TAILQ_NEXT(m, entries) == NULL, indent, expand_aliases); + print_member_json(json, parse_tree, m, TYPE_USERNAME, + expand_aliases); } - indent -= 4; - fprintf(fp, "%*s],\n", indent, ""); + sudo_json_close_array(json); /* Print hosts list. */ - fprintf(fp, "%*s\"Host_List\": [\n", indent, ""); - indent += 4; + sudo_json_open_array(json, "Host_List"); TAILQ_FOREACH(m, &priv->hostlist, entries) { - print_member_json(fp, parse_tree, m, TYPE_HOSTNAME, - TAILQ_NEXT(m, entries) == NULL, indent, expand_aliases); + print_member_json(json, parse_tree, m, TYPE_HOSTNAME, + expand_aliases); } - indent -= 4; - fprintf(fp, "%*s],\n", indent, ""); + sudo_json_close_array(json); /* Print commands. */ - fprintf(fp, "%*s\"Cmnd_Specs\": [\n", indent, ""); - indent += 4; + sudo_json_open_array(json, "Cmnd_Specs"); TAILQ_FOREACH_SAFE(cs, &priv->cmndlist, entries, next) { - print_cmndspec_json(fp, parse_tree, cs, &next, &priv->defaults, - expand_aliases, indent); + print_cmndspec_json(json, parse_tree, cs, &next, &priv->defaults, + expand_aliases); } - indent -= 4; - fprintf(fp, "%*s]\n", indent, ""); + sudo_json_close_array(json); /* Close User_Spec object. */ - indent -= 4; - fprintf(fp, "%*s}%s\n", indent, "", TAILQ_NEXT(priv, entries) != NULL || - TAILQ_NEXT(us, entries) != NULL ? "," : ""); + sudo_json_close_object(json); } debug_return; } -static bool -print_userspecs_json(FILE *fp, struct sudoers_parse_tree *parse_tree, - int indent, bool expand_aliases, bool need_comma) +static void +print_userspecs_json(struct json_container *json, + struct sudoers_parse_tree *parse_tree, bool expand_aliases) { struct userspec *us; - debug_decl(print_userspecs_json, SUDOERS_DEBUG_UTIL) + debug_decl(print_userspecs_json, SUDOERS_DEBUG_UTIL); if (TAILQ_EMPTY(&parse_tree->userspecs)) - debug_return_bool(need_comma); + debug_return; - fprintf(fp, "%s\n%*s\"User_Specs\": [\n", need_comma ? "," : "", indent, ""); - indent += 4; + sudo_json_open_array(json, "User_Specs"); TAILQ_FOREACH(us, &parse_tree->userspecs, entries) { - print_userspec_json(fp, parse_tree, us, indent, expand_aliases); + print_userspec_json(json, parse_tree, us, expand_aliases); } - indent -= 4; - fprintf(fp, "%*s]", indent, ""); + sudo_json_close_array(json); - debug_return_bool(true); + debug_return; } /* @@ -1120,42 +858,44 @@ convert_sudoers_json(struct sudoers_parse_tree *parse_tree, const char *output_file, struct cvtsudoers_config *conf) { - bool ret = true, need_comma = false; - const int indent = 4; + struct json_container json; + bool ret = true; FILE *output_fp = stdout; - debug_decl(convert_sudoers_json, SUDOERS_DEBUG_UTIL) + debug_decl(convert_sudoers_json, SUDOERS_DEBUG_UTIL); if (strcmp(output_file, "-") != 0) { if ((output_fp = fopen(output_file, "w")) == NULL) sudo_fatal(U_("unable to open %s"), output_file); } - /* Open JSON output. */ - putc('{', output_fp); + /* 4 space indent, non-compact, exit on memory allocation failure. */ + sudo_json_init(&json, 4, false, true); /* Dump Defaults in JSON format. */ if (!ISSET(conf->suppress, SUPPRESS_DEFAULTS)) { - need_comma = print_defaults_json(output_fp, parse_tree, indent, - conf->expand_aliases, need_comma); + print_defaults_json(&json, parse_tree, conf->expand_aliases); } /* Dump Aliases in JSON format. */ if (!conf->expand_aliases && !ISSET(conf->suppress, SUPPRESS_ALIASES)) { - need_comma = print_aliases_json(output_fp, parse_tree, indent, - need_comma); + print_aliases_json(&json, parse_tree); } /* Dump User_Specs in JSON format. */ if (!ISSET(conf->suppress, SUPPRESS_PRIVS)) { - print_userspecs_json(output_fp, parse_tree, indent, - conf->expand_aliases, need_comma); + print_userspecs_json(&json, parse_tree, conf->expand_aliases); } - /* Close JSON output. */ - fputs("\n}\n", output_fp); - (void)fflush(output_fp); - if (ferror(output_fp)) - ret = false; + /* Write JSON output. */ + if (sudo_json_get_len(&json) != 0) { + putc('{', output_fp); + fputs(sudo_json_get_buf(&json), output_fp); + fputs("\n}\n", output_fp); + (void)fflush(output_fp); + if (ferror(output_fp)) + ret = false; + } + sudo_json_free(&json); if (output_fp != stdout) fclose(output_fp); diff -Nru sudo-1.8.31/plugins/sudoers/cvtsudoers_ldif.c sudo-1.9.0/plugins/sudoers/cvtsudoers_ldif.c --- sudo-1.8.31/plugins/sudoers/cvtsudoers_ldif.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/cvtsudoers_ldif.c 2020-05-11 16:28:23.000000000 +0000 @@ -71,7 +71,7 @@ safe_string(const char *str) { unsigned int ch = *str++; - debug_decl(safe_string, SUDOERS_DEBUG_UTIL) + debug_decl(safe_string, SUDOERS_DEBUG_UTIL); /* Initial char must be <= 127 and not LF, CR, SPACE, ':', '<' */ switch (ch) { @@ -103,7 +103,7 @@ const unsigned char *uvalue = (unsigned char *)value; char *encoded = NULL; size_t esize; - debug_decl(print_attribute_ldif, SUDOERS_DEBUG_UTIL) + debug_decl(print_attribute_ldif, SUDOERS_DEBUG_UTIL); if (!safe_string(value)) { const size_t vlen = strlen(value); @@ -134,7 +134,7 @@ struct defaults *opt; char *attr_val; int len; - debug_decl(print_options_ldif, SUDOERS_DEBUG_UTIL) + debug_decl(print_options_ldif, SUDOERS_DEBUG_UTIL); TAILQ_FOREACH(opt, options, entries) { if (opt->type != DEFAULTS) @@ -171,7 +171,7 @@ struct sudo_lbuf lbuf; struct defaults *opt; char *dn; - debug_decl(print_global_defaults_ldif, SUDOERS_DEBUG_UTIL) + debug_decl(print_global_defaults_ldif, SUDOERS_DEBUG_UTIL); sudo_lbuf_init(&lbuf, NULL, 0, NULL, 80); @@ -210,6 +210,53 @@ } /* + * Format a sudo_command as a string. + * Returns the formatted, dynamically allocated string or dies on error. + */ +static char * +format_cmnd(struct sudo_command *c, bool negated) +{ + struct command_digest *digest; + char *buf, *cp, *cmnd; + size_t bufsiz; + int len; + debug_decl(format_cmnd, SUDOERS_DEBUG_UTIL); + + cmnd = c->cmnd ? c->cmnd : "ALL"; + bufsiz = negated + strlen(cmnd) + 1; + if (c->args != NULL) + bufsiz += 1 + strlen(c->args); + TAILQ_FOREACH(digest, &c->digests, entries) { + bufsiz += strlen(digest_type_to_name(digest->digest_type)) + 1 + + strlen(digest->digest_str) + 1; + if (TAILQ_NEXT(digest, entries) != NULL) + bufsiz += 2; + } + + if ((buf = malloc(bufsiz)) == NULL) { + sudo_fatalx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); + } + + cp = buf; + TAILQ_FOREACH(digest, &c->digests, entries) { + len = snprintf(cp, bufsiz - (cp - buf), "%s:%s%s ", + digest_type_to_name(digest->digest_type), digest->digest_str, + TAILQ_NEXT(digest, entries) ? "," : ""); + if (len < 0 || len >= (int)bufsiz - (cp - buf)) + sudo_fatalx(U_("internal error, %s overflow"), __func__); + cp += len; + } + + len = snprintf(cp, bufsiz - (cp - buf), "%s%s%s%s", negated ? "!" : "", + cmnd, c->args ? " " : "", c->args ? c->args : ""); + if (len < 0 || len >= (int)bufsiz - (cp - buf)) + sudo_fatalx(U_("internal error, %s overflow"), __func__); + + debug_return_str(buf); +} + +/* * Print struct member in LDIF format as the specified attribute. * See print_member_int() in parse.c. */ @@ -219,30 +266,23 @@ { struct alias *a; struct member *m; - struct sudo_command *c; char *attr_val; int len; - debug_decl(print_member_ldif, SUDOERS_DEBUG_UTIL) + debug_decl(print_member_ldif, SUDOERS_DEBUG_UTIL); switch (type) { - case ALL: - print_attribute_ldif(fp, attr_name, negated ? "!ALL" : "ALL"); - break; case MYSELF: /* Only valid for sudoRunasUser */ print_attribute_ldif(fp, attr_name, ""); break; - case COMMAND: - c = (struct sudo_command *)name; - len = asprintf(&attr_val, "%s%s%s%s%s%s%s%s", - c->digest ? digest_type_to_name(c->digest->digest_type) : "", - c->digest ? ":" : "", c->digest ? c->digest->digest_str : "", - c->digest ? " " : "", negated ? "!" : "", c->cmnd, - c->args ? " " : "", c->args ? c->args : ""); - if (len == -1) { - sudo_fatalx(U_("%s: %s"), __func__, - U_("unable to allocate memory")); + case ALL: + if (name == NULL) { + print_attribute_ldif(fp, attr_name, negated ? "!ALL" : "ALL"); + break; } + /* FALLTHROUGH */ + case COMMAND: + attr_val = format_cmnd((struct sudo_command *)name, negated); print_attribute_ldif(fp, attr_name, attr_val); free(attr_val); break; @@ -284,7 +324,7 @@ struct tm *tp; bool last_one; char timebuf[sizeof("20120727121554Z")]; - debug_decl(print_cmndspec_ldif, SUDOERS_DEBUG_UTIL) + debug_decl(print_cmndspec_ldif, SUDOERS_DEBUG_UTIL); /* Print runasuserlist as sudoRunAsUser attributes */ if (cs->runasuserlist != NULL) { @@ -471,7 +511,7 @@ const char *src; char *cn, *dst; size_t size; - debug_decl(user_to_cn, SUDOERS_DEBUG_UTIL) + debug_decl(user_to_cn, SUDOERS_DEBUG_UTIL); /* Allocate as much as we could possibly need. */ size = (2 * strlen(user)) + 64 + 1; @@ -547,7 +587,7 @@ struct privilege *priv; struct member *m; struct cmndspec *cs, *next; - debug_decl(print_userspec_ldif, SUDOERS_DEBUG_UTIL) + debug_decl(print_userspec_ldif, SUDOERS_DEBUG_UTIL); /* * Each userspec struct may contain multiple privileges for @@ -614,7 +654,7 @@ struct cvtsudoers_config *conf) { struct userspec *us; - debug_decl(print_userspecs_ldif, SUDOERS_DEBUG_UTIL) + debug_decl(print_userspecs_ldif, SUDOERS_DEBUG_UTIL); TAILQ_FOREACH(us, &parse_tree->userspecs, entries) { if (!print_userspec_ldif(fp, parse_tree, us, conf)) @@ -632,7 +672,7 @@ { bool ret = true; FILE *output_fp = stdout; - debug_decl(convert_sudoers_ldif, SUDOERS_DEBUG_UTIL) + debug_decl(convert_sudoers_ldif, SUDOERS_DEBUG_UTIL); if (conf->sudoers_base == NULL) { sudo_fatalx(U_("the SUDOERS_BASE environment variable is not set and the -b option was not specified.")); diff -Nru sudo-1.8.31/plugins/sudoers/cvtsudoers_pwutil.c sudo-1.9.0/plugins/sudoers/cvtsudoers_pwutil.c --- sudo-1.8.31/plugins/sudoers/cvtsudoers_pwutil.c 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/cvtsudoers_pwutil.c 2020-05-11 16:28:23.000000000 +0000 @@ -88,7 +88,7 @@ struct cache_item_pw *pwitem; struct passwd pw, *newpw; struct sudoers_string *s = NULL; - debug_decl(cvtsudoers_make_pwitem, SUDOERS_DEBUG_NSS) + debug_decl(cvtsudoers_make_pwitem, SUDOERS_DEBUG_NSS); /* Look up name or uid in filter list. */ if (name != NULL) { @@ -195,7 +195,7 @@ struct cache_item_gr *gritem; struct group gr, *newgr; struct sudoers_string *s = NULL; - debug_decl(cvtsudoers_make_gritem, SUDOERS_DEBUG_NSS) + debug_decl(cvtsudoers_make_gritem, SUDOERS_DEBUG_NSS); /* Look up name or gid in filter list. */ if (name != NULL) { @@ -307,7 +307,7 @@ struct gid_list *gidlist; GETGROUPS_T *gids = NULL; int i, ngids = 0; - debug_decl(cvtsudoers_make_gidlist_item, SUDOERS_DEBUG_NSS) + debug_decl(cvtsudoers_make_gidlist_item, SUDOERS_DEBUG_NSS); /* * There's only a single gid list. @@ -404,7 +404,7 @@ struct sudoers_string *s; struct group_list *grlist; int groupname_len; - debug_decl(cvtsudoers_make_grlist_item, SUDOERS_DEBUG_NSS) + debug_decl(cvtsudoers_make_grlist_item, SUDOERS_DEBUG_NSS); /* * There's only a single group list. diff -Nru sudo-1.8.31/plugins/sudoers/defaults.c sudo-1.9.0/plugins/sudoers/defaults.c --- sudo-1.8.31/plugins/sudoers/defaults.c 2019-12-10 13:07:53.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/defaults.c 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1999-2005, 2007-2018 + * Copyright (c) 1999-2005, 2007-2020 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -46,45 +46,6 @@ #include "sudoers.h" #include -/* - * For converting between syslog numbers and strings. - */ -struct strmap { - char *name; - int num; -}; - -static struct strmap facilities[] = { -#ifdef LOG_AUTHPRIV - { "authpriv", LOG_AUTHPRIV }, -#endif - { "auth", LOG_AUTH }, - { "daemon", LOG_DAEMON }, - { "user", LOG_USER }, - { "local0", LOG_LOCAL0 }, - { "local1", LOG_LOCAL1 }, - { "local2", LOG_LOCAL2 }, - { "local3", LOG_LOCAL3 }, - { "local4", LOG_LOCAL4 }, - { "local5", LOG_LOCAL5 }, - { "local6", LOG_LOCAL6 }, - { "local7", LOG_LOCAL7 }, - { NULL, -1 } -}; - -static struct strmap priorities[] = { - { "alert", LOG_ALERT }, - { "crit", LOG_CRIT }, - { "debug", LOG_DEBUG }, - { "emerg", LOG_EMERG }, - { "err", LOG_ERR }, - { "info", LOG_INFO }, - { "notice", LOG_NOTICE }, - { "warning", LOG_WARNING }, - { "none", -1 }, - { NULL, -1 } -}; - static struct early_default early_defaults[] = { { I_IGNORE_UNKNOWN_DEFAULTS }, #ifdef FQDN @@ -113,8 +74,6 @@ static bool store_uint(const char *str, union sudo_defs_val *sd_un); static bool store_timespec(const char *str, union sudo_defs_val *sd_un); static bool list_op(const char *str, size_t, union sudo_defs_val *sd_un, enum list_ops op); -static const char *logfac2str(int); -static const char *logpri2str(int); /* * Table describing compile-time and run-time options. @@ -131,7 +90,7 @@ struct list_member *item; struct def_values *def; char *desc; - debug_decl(dump_defaults, SUDOERS_DEBUG_DEFAULTS) + debug_decl(dump_defaults, SUDOERS_DEBUG_DEFAULTS); for (cur = sudo_defs_table; cur->name; cur++) { if (cur->desc) { @@ -150,14 +109,14 @@ case T_LOGFAC: if (cur->sd_un.ival) { sudo_printf(SUDO_CONV_INFO_MSG, desc, - logfac2str(cur->sd_un.ival)); + sudo_logfac2str(cur->sd_un.ival)); sudo_printf(SUDO_CONV_INFO_MSG, "\n"); } break; case T_LOGPRI: if (cur->sd_un.ival) { sudo_printf(SUDO_CONV_INFO_MSG, desc, - logpri2str(cur->sd_un.ival)); + sudo_logpri2str(cur->sd_un.ival)); sudo_printf(SUDO_CONV_INFO_MSG, "\n"); } break; @@ -220,7 +179,7 @@ find_default(const char *name, const char *file, int lineno, bool quiet) { int i; - debug_decl(find_default, SUDOERS_DEBUG_DEFAULTS) + debug_decl(find_default, SUDOERS_DEBUG_DEFAULTS); for (i = 0; sudo_defs_table[i].name != NULL; i++) { if (strcmp(name, sudo_defs_table[i].name) == 0) @@ -247,7 +206,7 @@ union sudo_defs_val *sd_un, const char *file, int lineno, bool quiet) { int rc; - debug_decl(parse_default_entry, SUDOERS_DEBUG_DEFAULTS) + debug_decl(parse_default_entry, SUDOERS_DEBUG_DEFAULTS); sudo_debug_printf(SUDO_DEBUG_INFO, "%s: %s:%d %s=%s op=%d", __func__, file, lineno, def->name, val ? val : "", op); @@ -379,7 +338,7 @@ is_early_default(const char *name) { struct early_default *early; - debug_decl(is_early_default, SUDOERS_DEBUG_DEFAULTS) + debug_decl(is_early_default, SUDOERS_DEBUG_DEFAULTS); for (early = early_defaults; early->idx != -1; early++) { if (strcmp(name, sudo_defs_table[early->idx].name) == 0) @@ -391,7 +350,7 @@ static bool run_callback(struct sudo_defs_types *def) { - debug_decl(run_callback, SUDOERS_DEBUG_DEFAULTS) + debug_decl(run_callback, SUDOERS_DEBUG_DEFAULTS); if (def->callback == NULL) debug_return_bool(true); @@ -407,7 +366,7 @@ int lineno, bool quiet) { int idx; - debug_decl(set_default, SUDOERS_DEBUG_DEFAULTS) + debug_decl(set_default, SUDOERS_DEBUG_DEFAULTS); idx = find_default(var, file, lineno, quiet); if (idx != -1) { @@ -428,7 +387,7 @@ int lineno, bool quiet, struct early_default *early) { int idx; - debug_decl(set_early_default, SUDOERS_DEBUG_DEFAULTS) + debug_decl(set_early_default, SUDOERS_DEBUG_DEFAULTS); idx = find_default(var, file, lineno, quiet); if (idx != -1) { @@ -450,7 +409,7 @@ { struct early_default *early; bool ret = true; - debug_decl(run_early_defaults, SUDOERS_DEBUG_DEFAULTS) + debug_decl(run_early_defaults, SUDOERS_DEBUG_DEFAULTS); for (early = early_defaults; early->idx != -1; early++) { if (early->run_callback) { @@ -485,7 +444,7 @@ { static int firsttime = 1; struct sudo_defs_types *def; - debug_decl(init_defaults, SUDOERS_DEBUG_DEFAULTS) + debug_decl(init_defaults, SUDOERS_DEBUG_DEFAULTS); /* Clear any old settings. */ if (!firsttime) { @@ -555,6 +514,10 @@ def_env_reset = ENV_RESET; def_set_logname = true; def_closefrom = STDERR_FILENO + 1; + def_pam_ruser = true; +#ifdef __sun__ + def_pam_rhost = true; +#endif if ((def_pam_service = strdup("sudo")) == NULL) goto oom; #ifdef HAVE_PAM_LOGIN @@ -604,6 +567,9 @@ #ifdef HAVE_ZLIB_H def_compress_io = true; #endif + def_log_server_timeout = 30; + def_log_server_verify = true; + def_log_server_keepalive = true; def_ignore_audit_errors = true; def_ignore_iolog_errors = false; def_ignore_logfile_errors = true; @@ -675,7 +641,7 @@ static bool default_type_matches(struct defaults *d, int what) { - debug_decl(default_type_matches, SUDOERS_DEBUG_DEFAULTS) + debug_decl(default_type_matches, SUDOERS_DEBUG_DEFAULTS); switch (d->type) { case DEFAULTS: @@ -710,7 +676,7 @@ default_binding_matches(struct sudoers_parse_tree *parse_tree, struct defaults *d, int what) { - debug_decl(default_binding_matches, SUDOERS_DEBUG_DEFAULTS) + debug_decl(default_binding_matches, SUDOERS_DEBUG_DEFAULTS); switch (d->type) { case DEFAULTS: @@ -746,7 +712,7 @@ { struct defaults *d; bool ret = true; - debug_decl(update_defaults, SUDOERS_DEBUG_DEFAULTS) + debug_decl(update_defaults, SUDOERS_DEBUG_DEFAULTS); sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "what: 0x%02x", what); @@ -806,7 +772,7 @@ struct defaults *d; bool ret = true; int idx; - debug_decl(check_defaults, SUDOERS_DEBUG_DEFAULTS) + debug_decl(check_defaults, SUDOERS_DEBUG_DEFAULTS); TAILQ_FOREACH(d, &parse_tree->defaults, entries) { idx = find_default(d->var, d->file, d->lineno, quiet); @@ -832,7 +798,7 @@ { const char *errstr; int i; - debug_decl(store_int, SUDOERS_DEBUG_DEFAULTS) + debug_decl(store_int, SUDOERS_DEBUG_DEFAULTS); if (str == NULL) { sd_un->ival = 0; @@ -853,7 +819,7 @@ { const char *errstr; unsigned int u; - debug_decl(store_uint, SUDOERS_DEBUG_DEFAULTS) + debug_decl(store_uint, SUDOERS_DEBUG_DEFAULTS); if (str == NULL) { sd_un->uival = 0; @@ -875,7 +841,7 @@ struct timespec ts; char sign = '+'; int i; - debug_decl(store_timespec, SUDOERS_DEBUG_DEFAULTS) + debug_decl(store_timespec, SUDOERS_DEBUG_DEFAULTS); sudo_timespecclear(&ts); if (str != NULL) { @@ -925,7 +891,7 @@ struct def_values *tuple_vals) { struct def_values *v; - debug_decl(store_tuple, SUDOERS_DEBUG_DEFAULTS) + debug_decl(store_tuple, SUDOERS_DEBUG_DEFAULTS); /* * Look up tuple value by name to find enum def_tuple value. @@ -950,7 +916,7 @@ static int store_str(const char *str, union sudo_defs_val *sd_un) { - debug_decl(store_str, SUDOERS_DEBUG_DEFAULTS) + debug_decl(store_str, SUDOERS_DEBUG_DEFAULTS); free(sd_un->str); if (str == NULL) { @@ -967,7 +933,7 @@ static bool store_list(const char *str, union sudo_defs_val *sd_un, int op) { - debug_decl(store_list, SUDOERS_DEBUG_DEFAULTS) + debug_decl(store_list, SUDOERS_DEBUG_DEFAULTS); /* Remove all old members. */ if (op == false || op == true) @@ -991,63 +957,25 @@ static bool store_syslogfac(const char *str, union sudo_defs_val *sd_un) { - struct strmap *fac; - debug_decl(store_syslogfac, SUDOERS_DEBUG_DEFAULTS) + debug_decl(store_syslogfac, SUDOERS_DEBUG_DEFAULTS); if (str == NULL) { sd_un->ival = false; debug_return_bool(true); } - for (fac = facilities; fac->name != NULL; fac++) { - if (strcmp(str, fac->name) == 0) { - sd_un->ival = fac->num; - debug_return_bool(true); - } - } - debug_return_bool(false); /* not found */ -} - -static const char * -logfac2str(int n) -{ - struct strmap *fac; - debug_decl(logfac2str, SUDOERS_DEBUG_DEFAULTS) - - for (fac = facilities; fac->name && fac->num != n; fac++) - continue; - debug_return_const_str(fac->name); + debug_return_bool(sudo_str2logfac(str, &sd_un->ival)); } static bool store_syslogpri(const char *str, union sudo_defs_val *sd_un) { - struct strmap *pri; - debug_decl(store_syslogpri, SUDOERS_DEBUG_DEFAULTS) + debug_decl(store_syslogpri, SUDOERS_DEBUG_DEFAULTS); if (str == NULL) { sd_un->ival = -1; debug_return_bool(true); } - for (pri = priorities; pri->name != NULL; pri++) { - if (strcmp(str, pri->name) == 0) { - sd_un->ival = pri->num; - debug_return_bool(true); - } - } - debug_return_bool(false); /* not found */ -} - -static const char * -logpri2str(int n) -{ - struct strmap *pri; - debug_decl(logpri2str, SUDOERS_DEBUG_DEFAULTS) - - for (pri = priorities; pri->name != NULL; pri++) { - if (pri->num == n) - debug_return_const_str(pri->name); - } - debug_return_const_str("unknown"); + debug_return_bool(sudo_str2logpri(str, &sd_un->ival)); } static bool @@ -1055,7 +983,7 @@ { mode_t mode; const char *errstr; - debug_decl(store_mode, SUDOERS_DEBUG_DEFAULTS) + debug_decl(store_mode, SUDOERS_DEBUG_DEFAULTS); if (str == NULL) { sd_un->mode = ACCESSPERMS; @@ -1074,7 +1002,7 @@ static bool store_timeout(const char *str, union sudo_defs_val *sd_un) { - debug_decl(store_mode, SUDOERS_DEBUG_DEFAULTS) + debug_decl(store_mode, SUDOERS_DEBUG_DEFAULTS); if (str == NULL) { sd_un->ival = 0; @@ -1095,7 +1023,7 @@ enum list_ops op) { struct list_member *cur, *prev = NULL; - debug_decl(list_op, SUDOERS_DEBUG_DEFAULTS) + debug_decl(list_op, SUDOERS_DEBUG_DEFAULTS); if (op == freeall) { while ((cur = SLIST_FIRST(&sd_un->list)) != NULL) { diff -Nru sudo-1.8.31/plugins/sudoers/def_data.c sudo-1.9.0/plugins/sudoers/def_data.c --- sudo-1.8.31/plugins/sudoers/def_data.c 2019-12-26 21:10:15.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/def_data.c 2020-05-11 16:29:00.000000000 +0000 @@ -402,8 +402,8 @@ N_("Perform PAM account validation management"), NULL, }, { - "maxseq", T_UINT, - N_("Maximum I/O log sequence number: %u"), + "maxseq", T_STR, + N_("Maximum I/O log sequence number: %s"), NULL, }, { "use_netgroups", T_FLAG, @@ -506,6 +506,34 @@ N_("Log when a command is denied by sudoers"), NULL, }, { + "log_servers", T_LIST|T_BOOL, + N_("Sudo log server(s) to connect to with optional port"), + NULL, + }, { + "log_server_timeout", T_TIMEOUT|T_BOOL, + N_("Sudo log server timeout in seconds: %u"), + NULL, + }, { + "log_server_keepalive", T_FLAG, + N_("Enable SO_KEEPALIVE socket option on the socket connected to the logserver"), + NULL, + }, { + "log_server_cabundle", T_STR|T_BOOL|T_PATH, + N_("Path to the audit server's CA bundle file: %s"), + NULL, + }, { + "log_server_peer_cert", T_STR|T_BOOL|T_PATH, + N_("Path to the sudoers certificate file: %s"), + NULL, + }, { + "log_server_peer_key", T_STR|T_BOOL|T_PATH, + N_("Path to the sudoers private key file: %s"), + NULL, + }, { + "log_server_verify", T_FLAG, + N_("Verify that the log server's certificate is valid"), + NULL, + }, { "runas_allow_unknown_id", T_FLAG, N_("Allow the use of unknown runas user and/or group ID"), NULL, @@ -514,6 +542,14 @@ N_("Only permit running commands as a user with a valid shell"), NULL, }, { + "pam_ruser", T_FLAG, + N_("Set the pam remote user to the user running sudo"), + NULL, + }, { + "pam_rhost", T_FLAG, + N_("Set the pam remote host to the local host name"), + NULL, + }, { NULL, 0, NULL } }; diff -Nru sudo-1.8.31/plugins/sudoers/def_data.h sudo-1.9.0/plugins/sudoers/def_data.h --- sudo-1.8.31/plugins/sudoers/def_data.h 2019-12-26 21:10:15.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/def_data.h 2020-05-11 16:29:00.000000000 +0000 @@ -181,7 +181,7 @@ #define I_PAM_ACCT_MGMT 90 #define def_pam_acct_mgmt (sudo_defs_table[I_PAM_ACCT_MGMT].sd_un.flag) #define I_MAXSEQ 91 -#define def_maxseq (sudo_defs_table[I_MAXSEQ].sd_un.uival) +#define def_maxseq (sudo_defs_table[I_MAXSEQ].sd_un.str) #define I_USE_NETGROUPS 92 #define def_use_netgroups (sudo_defs_table[I_USE_NETGROUPS].sd_un.flag) #define I_SUDOEDIT_CHECKDIR 93 @@ -232,10 +232,28 @@ #define def_log_allowed (sudo_defs_table[I_LOG_ALLOWED].sd_un.flag) #define I_LOG_DENIED 116 #define def_log_denied (sudo_defs_table[I_LOG_DENIED].sd_un.flag) -#define I_RUNAS_ALLOW_UNKNOWN_ID 117 +#define I_LOG_SERVERS 117 +#define def_log_servers (sudo_defs_table[I_LOG_SERVERS].sd_un.list) +#define I_LOG_SERVER_TIMEOUT 118 +#define def_log_server_timeout (sudo_defs_table[I_LOG_SERVER_TIMEOUT].sd_un.ival) +#define I_LOG_SERVER_KEEPALIVE 119 +#define def_log_server_keepalive (sudo_defs_table[I_LOG_SERVER_KEEPALIVE].sd_un.flag) +#define I_LOG_SERVER_CABUNDLE 120 +#define def_log_server_cabundle (sudo_defs_table[I_LOG_SERVER_CABUNDLE].sd_un.str) +#define I_LOG_SERVER_PEER_CERT 121 +#define def_log_server_peer_cert (sudo_defs_table[I_LOG_SERVER_PEER_CERT].sd_un.str) +#define I_LOG_SERVER_PEER_KEY 122 +#define def_log_server_peer_key (sudo_defs_table[I_LOG_SERVER_PEER_KEY].sd_un.str) +#define I_LOG_SERVER_VERIFY 123 +#define def_log_server_verify (sudo_defs_table[I_LOG_SERVER_VERIFY].sd_un.flag) +#define I_RUNAS_ALLOW_UNKNOWN_ID 124 #define def_runas_allow_unknown_id (sudo_defs_table[I_RUNAS_ALLOW_UNKNOWN_ID].sd_un.flag) -#define I_RUNAS_CHECK_SHELL 118 +#define I_RUNAS_CHECK_SHELL 125 #define def_runas_check_shell (sudo_defs_table[I_RUNAS_CHECK_SHELL].sd_un.flag) +#define I_PAM_RUSER 126 +#define def_pam_ruser (sudo_defs_table[I_PAM_RUSER].sd_un.flag) +#define I_PAM_RHOST 127 +#define def_pam_rhost (sudo_defs_table[I_PAM_RHOST].sd_un.flag) enum def_tuple { never, diff -Nru sudo-1.8.31/plugins/sudoers/def_data.in sudo-1.9.0/plugins/sudoers/def_data.in --- sudo-1.8.31/plugins/sudoers/def_data.in 2019-12-10 13:09:55.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/def_data.in 2020-05-11 16:28:23.000000000 +0000 @@ -287,8 +287,8 @@ T_FLAG "Perform PAM account validation management" maxseq - T_UINT - "Maximum I/O log sequence number: %u" + T_STR + "Maximum I/O log sequence number: %s" use_netgroups T_FLAG "Enable sudoers netgroup support" @@ -366,10 +366,36 @@ log_denied T_FLAG "Log when a command is denied by sudoers" +log_servers + T_LIST|T_BOOL + "Sudo log server(s) to connect to with optional port" +log_server_timeout + T_TIMEOUT|T_BOOL + "Sudo log server timeout in seconds: %u" +log_server_keepalive + T_FLAG + "Enable SO_KEEPALIVE socket option on the socket connected to the logserver" +log_server_cabundle + T_STR|T_BOOL|T_PATH + "Path to the audit server's CA bundle file: %s" +log_server_peer_cert + T_STR|T_BOOL|T_PATH + "Path to the sudoers certificate file: %s" +log_server_peer_key + T_STR|T_BOOL|T_PATH + "Path to the sudoers private key file: %s" +log_server_verify + T_FLAG + "Verify that the log server's certificate is valid" runas_allow_unknown_id T_FLAG "Allow the use of unknown runas user and/or group ID" runas_check_shell T_FLAG "Only permit running commands as a user with a valid shell" - +pam_ruser + T_FLAG + "Set the pam remote user to the user running sudo" +pam_rhost + T_FLAG + "Set the pam remote host to the local host name" diff -Nru sudo-1.8.31/plugins/sudoers/digestname.c sudo-1.9.0/plugins/sudoers/digestname.c --- sudo-1.8.31/plugins/sudoers/digestname.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/digestname.c 2020-05-11 16:28:23.000000000 +0000 @@ -35,7 +35,7 @@ digest_type_to_name(int digest_type) { const char *digest_name; - debug_decl(digest_type_to_name, SUDOERS_DEBUG_UTIL) + debug_decl(digest_type_to_name, SUDOERS_DEBUG_UTIL); switch (digest_type) { case SUDO_DIGEST_SHA224: diff -Nru sudo-1.8.31/plugins/sudoers/editor.c sudo-1.9.0/plugins/sudoers/editor.c --- sudo-1.8.31/plugins/sudoers/editor.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/editor.c 2020-05-11 16:28:23.000000000 +0000 @@ -57,7 +57,7 @@ const char *edend = ed + edlen; struct stat user_editor_sb; int nargc; - debug_decl(resolve_editor, SUDOERS_DEBUG_UTIL) + debug_decl(resolve_editor, SUDOERS_DEBUG_UTIL); /* * Split editor into an argument vector, including files to edit. @@ -134,7 +134,7 @@ { char *ev[3], *editor_path = NULL; unsigned int i; - debug_decl(find_editor, SUDOERS_DEBUG_UTIL) + debug_decl(find_editor, SUDOERS_DEBUG_UTIL); /* * If any of SUDO_EDITOR, VISUAL or EDITOR are set, choose the first one. diff -Nru sudo-1.8.31/plugins/sudoers/env.c sudo-1.9.0/plugins/sudoers/env.c --- sudo-1.8.31/plugins/sudoers/env.c 2019-11-06 16:56:20.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/env.c 2020-05-11 16:28:23.000000000 +0000 @@ -242,7 +242,7 @@ { char * const *ep; size_t len; - debug_decl(env_init, SUDOERS_DEBUG_ENV) + debug_decl(env_init, SUDOERS_DEBUG_ENV); if (envp == NULL) { /* Free the old envp we allocated, if any. */ @@ -400,7 +400,7 @@ sudo_putenv(char *str, bool dupcheck, bool overwrite) { int ret; - debug_decl(sudo_putenv, SUDOERS_DEBUG_ENV) + debug_decl(sudo_putenv, SUDOERS_DEBUG_ENV); sudo_debug_printf(SUDO_DEBUG_INFO, "sudo_putenv: %s", str); @@ -425,7 +425,7 @@ char *estring; size_t esize; int ret = -1; - debug_decl(sudo_setenv2, SUDOERS_DEBUG_ENV) + debug_decl(sudo_setenv2, SUDOERS_DEBUG_ENV); esize = strlen(var) + 1 + strlen(val) + 1; if ((estring = malloc(esize)) == NULL) { @@ -547,7 +547,7 @@ sudo_unsetenv(const char *name) { int ret; - debug_decl(sudo_unsetenv, SUDOERS_DEBUG_ENV) + debug_decl(sudo_unsetenv, SUDOERS_DEBUG_ENV); sudo_debug_printf(SUDO_DEBUG_INFO, "sudo_unsetenv: %s", name); @@ -587,7 +587,7 @@ sudo_getenv(const char *name) { char *val; - debug_decl(sudo_getenv, SUDOERS_DEBUG_ENV) + debug_decl(sudo_getenv, SUDOERS_DEBUG_ENV); sudo_debug_printf(SUDO_DEBUG_INFO, "sudo_getenv: %s", name); @@ -605,7 +605,7 @@ { struct list_member *cur; bool is_logname = false; - debug_decl(matches_env_list, SUDOERS_DEBUG_ENV) + debug_decl(matches_env_list, SUDOERS_DEBUG_ENV); switch (*var) { case 'L': @@ -652,7 +652,7 @@ matches_env_delete(const char *var) { bool full_match; /* unused */ - debug_decl(matches_env_delete, SUDOERS_DEBUG_ENV) + debug_decl(matches_env_delete, SUDOERS_DEBUG_ENV); /* Skip anything listed in env_delete. */ debug_return_bool(matches_env_list(var, &def_env_delete, &full_match)); @@ -667,7 +667,7 @@ { const char *cp; char lastch; - debug_decl(tz_is_sane, SUDOERS_DEBUG_ENV) + debug_decl(tz_is_sane, SUDOERS_DEBUG_ENV); /* tzcode treats a value beginning with a ':' as a path. */ if (tzval[0] == ':') @@ -715,7 +715,7 @@ matches_env_check(const char *var, bool *full_match) { int keepit = -1; - debug_decl(matches_env_check, SUDOERS_DEBUG_ENV) + debug_decl(matches_env_check, SUDOERS_DEBUG_ENV); /* Skip anything listed in env_check that includes '/' or '%'. */ if (matches_env_list(var, &def_env_check, full_match)) { @@ -739,7 +739,7 @@ matches_env_keep(const char *var, bool *full_match) { bool keepit = false; - debug_decl(matches_env_keep, SUDOERS_DEBUG_ENV) + debug_decl(matches_env_keep, SUDOERS_DEBUG_ENV); /* Preserve SHELL variable for "sudo -s". */ if (ISSET(sudo_mode, MODE_SHELL) && strncmp(var, "SHELL=", 6) == 0) { @@ -780,7 +780,7 @@ int keepit; bool full_match = false; const char *cp; - debug_decl(env_should_keep, SUDOERS_DEBUG_ENV) + debug_decl(env_should_keep, SUDOERS_DEBUG_ENV); keepit = matches_env_check(var, &full_match); if (keepit == -1) @@ -810,7 +810,7 @@ { char * const *ep; bool ret = true; - debug_decl(env_merge, SUDOERS_DEBUG_ENV) + debug_decl(env_merge, SUDOERS_DEBUG_ENV); for (ep = envp; *ep != NULL; ep++) { /* XXX - avoid checking value here, should only check name */ @@ -887,7 +887,7 @@ char idbuf[MAX_UID_T_LEN + 1]; unsigned int didvar; bool reset_home = false; - debug_decl(rebuild_env, SUDOERS_DEBUG_ENV) + debug_decl(rebuild_env, SUDOERS_DEBUG_ENV); /* * Either clean out the environment or reset to a safe default. @@ -1109,7 +1109,12 @@ /* Add the SUDO_COMMAND envariable (cmnd + args). */ if (user_args) { - if (asprintf(&cp, "SUDO_COMMAND=%s %s", user_cmnd, user_args) == -1) + /* + * We limit user_args to 4096 bytes to avoid an execve() failure + * for very long argument vectors. The command's environment also + * counts against the ARG_MAX limit. + */ + if (asprintf(&cp, "SUDO_COMMAND=%s %.*s", user_cmnd, 4096, user_args) == -1) goto bad; if (sudo_putenv(cp, true, true) == -1) { free(cp); @@ -1144,7 +1149,7 @@ { char * const *ep; bool ret = true; - debug_decl(insert_env_vars, SUDOERS_DEBUG_ENV) + debug_decl(insert_env_vars, SUDOERS_DEBUG_ENV); /* Add user-specified environment variables. */ if (envp != NULL) { @@ -1171,7 +1176,7 @@ char * const *ep; char *eq, errbuf[4096]; bool okvar, ret = true; - debug_decl(validate_env_vars, SUDOERS_DEBUG_ENV) + debug_decl(validate_env_vars, SUDOERS_DEBUG_ENV); if (env_vars == NULL) debug_return_bool(true); /* nothing to do */ @@ -1214,7 +1219,7 @@ env_file_open_local(const char *path) { struct env_file_local *efl; - debug_decl(env_file_open_local, SUDOERS_DEBUG_ENV) + debug_decl(env_file_open_local, SUDOERS_DEBUG_ENV); efl = calloc(1, sizeof(*efl)); if (efl != NULL) { @@ -1232,7 +1237,7 @@ env_file_close_local(void *cookie) { struct env_file_local *efl = cookie; - debug_decl(env_file_close_local, SUDOERS_DEBUG_ENV) + debug_decl(env_file_close_local, SUDOERS_DEBUG_ENV); if (efl != NULL) { if (efl->fp != NULL) @@ -1259,7 +1264,7 @@ struct env_file_local *efl = cookie; char *var, *val, *ret = NULL; size_t var_len, val_len; - debug_decl(env_file_next_local, SUDOERS_DEBUG_ENV) + debug_decl(env_file_next_local, SUDOERS_DEBUG_ENV); *errnum = 0; if (efl->fp == NULL) @@ -1344,7 +1349,7 @@ char *envstr; void *cookie; int errnum; - debug_decl(read_env_file, SUDOERS_DEBUG_ENV) + debug_decl(read_env_file, SUDOERS_DEBUG_ENV); /* * The environment file may be handled differently depending on @@ -1393,7 +1398,7 @@ { struct list_member *cur; const char **p; - debug_decl(init_envtables, SUDOERS_DEBUG_ENV) + debug_decl(init_envtables, SUDOERS_DEBUG_ENV); /* Fill in the "env_delete" list. */ for (p = initial_badenv_table; *p; p++) { diff -Nru sudo-1.8.31/plugins/sudoers/env_pattern.c sudo-1.9.0/plugins/sudoers/env_pattern.c --- sudo-1.8.31/plugins/sudoers/env_pattern.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/env_pattern.c 2020-05-11 16:28:23.000000000 +0000 @@ -43,7 +43,7 @@ bool iswild = false, match = false; bool saw_sep = false; const char *cp; - debug_decl(matches_env_pattern, SUDOERS_DEBUG_ENV) + debug_decl(matches_env_pattern, SUDOERS_DEBUG_ENV); /* Locate position of the '=' separator in var=value. */ sep_pos = strcspn(var, "="); diff -Nru sudo-1.8.31/plugins/sudoers/file.c sudo-1.9.0/plugins/sudoers/file.c --- sudo-1.8.31/plugins/sudoers/file.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/file.c 2020-05-11 16:28:23.000000000 +0000 @@ -51,7 +51,7 @@ static int sudo_file_close(struct sudo_nss *nss) { - debug_decl(sudo_file_close, SUDOERS_DEBUG_NSS) + debug_decl(sudo_file_close, SUDOERS_DEBUG_NSS); struct sudo_file_handle *handle = nss->handle; if (handle != NULL) { @@ -69,7 +69,7 @@ static int sudo_file_open(struct sudo_nss *nss) { - debug_decl(sudo_file_open, SUDOERS_DEBUG_NSS) + debug_decl(sudo_file_open, SUDOERS_DEBUG_NSS); struct sudo_file_handle *handle; if (def_ignore_local_sudoers) @@ -101,7 +101,7 @@ static struct sudoers_parse_tree * sudo_file_parse(struct sudo_nss *nss) { - debug_decl(sudo_file_close, SUDOERS_DEBUG_NSS) + debug_decl(sudo_file_close, SUDOERS_DEBUG_NSS); struct sudo_file_handle *handle = nss->handle; if (handle == NULL || handle->fp == NULL) { @@ -133,7 +133,7 @@ static int sudo_file_query(struct sudo_nss *nss, struct passwd *pw) { - debug_decl(sudo_file_query, SUDOERS_DEBUG_NSS) + debug_decl(sudo_file_query, SUDOERS_DEBUG_NSS); debug_return_int(0); } @@ -143,7 +143,7 @@ static int sudo_file_getdefs(struct sudo_nss *nss) { - debug_decl(sudo_file_getdefs, SUDOERS_DEBUG_NSS) + debug_decl(sudo_file_getdefs, SUDOERS_DEBUG_NSS); debug_return_int(0); } diff -Nru sudo-1.8.31/plugins/sudoers/filedigest.c sudo-1.9.0/plugins/sudoers/filedigest.c --- sudo-1.8.31/plugins/sudoers/filedigest.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/filedigest.c 2020-05-11 16:28:23.000000000 +0000 @@ -54,7 +54,7 @@ FILE *fp = NULL; size_t nread; int fd2; - debug_decl(sudo_filedigest, SUDOERS_DEBUG_UTIL) + debug_decl(sudo_filedigest, SUDOERS_DEBUG_UTIL); *digest_len = sudo_digest_getlen(digest_type); if (*digest_len == (size_t)-1) { diff -Nru sudo-1.8.31/plugins/sudoers/find_path.c sudo-1.9.0/plugins/sudoers/find_path.c --- sudo-1.8.31/plugins/sudoers/find_path.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/find_path.c 2020-05-11 16:28:23.000000000 +0000 @@ -54,7 +54,7 @@ { const char *cmnd_base; char * const *wl; - debug_decl(cmnd_allowed, SUDOERS_DEBUG_UTIL) + debug_decl(cmnd_allowed, SUDOERS_DEBUG_UTIL); if (!sudo_goodpath(cmnd, cmnd_sbp)) debug_return_bool(false); @@ -106,7 +106,7 @@ bool found = false; bool checkdot = false; int len; - debug_decl(find_path, SUDOERS_DEBUG_UTIL) + debug_decl(find_path, SUDOERS_DEBUG_UTIL); /* * If we were given a fully qualified or relative path diff -Nru sudo-1.8.31/plugins/sudoers/fmtsudoers.c sudo-1.9.0/plugins/sudoers/fmtsudoers.c --- sudo-1.8.31/plugins/sudoers/fmtsudoers.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/fmtsudoers.c 2020-05-11 16:28:23.000000000 +0000 @@ -51,26 +51,31 @@ struct alias *a; struct member *m; struct sudo_command *c; - debug_decl(sudoers_format_member_int, SUDOERS_DEBUG_UTIL) + struct command_digest *digest; + debug_decl(sudoers_format_member_int, SUDOERS_DEBUG_UTIL); switch (type) { - case ALL: - sudo_lbuf_append(lbuf, "%sALL", negated ? "!" : ""); - break; case MYSELF: sudo_lbuf_append(lbuf, "%s%s", negated ? "!" : "", user_name ? user_name : ""); break; + case ALL: + if (name == NULL) { + sudo_lbuf_append(lbuf, "%sALL", negated ? "!" : ""); + break; + } + /* FALLTHROUGH */ case COMMAND: c = (struct sudo_command *) name; - if (c->digest != NULL) { - sudo_lbuf_append(lbuf, "%s:%s ", - digest_type_to_name(c->digest->digest_type), - c->digest->digest_str); + TAILQ_FOREACH(digest, &c->digests, entries) { + sudo_lbuf_append(lbuf, "%s:%s%s ", + digest_type_to_name(digest->digest_type), + digest->digest_str, TAILQ_NEXT(digest, entries) ? "," : ""); } if (negated) sudo_lbuf_append(lbuf, "!"); - sudo_lbuf_append_quoted(lbuf, SUDOERS_QUOTED" \t", "%s", c->cmnd); + sudo_lbuf_append_quoted(lbuf, SUDOERS_QUOTED" \t", "%s", + c->cmnd ? c->cmnd : "ALL"); if (c->args) { sudo_lbuf_append(lbuf, " "); sudo_lbuf_append_quoted(lbuf, SUDOERS_QUOTED, "%s", c->args); @@ -140,7 +145,7 @@ struct cmndtag *tags) { bool ret = true; - debug_decl(sudoers_defaults_to_tags, SUDOERS_DEBUG_UTIL) + debug_decl(sudoers_defaults_to_tags, SUDOERS_DEBUG_UTIL); if (op == true || op == false) { if (strcmp(var, "authenticate") == 0) { @@ -176,7 +181,7 @@ { bool ret = true; struct defaults *d; - debug_decl(sudoers_defaults_list_to_tags, SUDOERS_DEBUG_UTIL) + debug_decl(sudoers_defaults_list_to_tags, SUDOERS_DEBUG_UTIL); TAGS_INIT(*tags); if (defs != NULL) { @@ -212,7 +217,7 @@ struct sudoers_parse_tree *parse_tree, struct cmndspec *cs, struct cmndspec *prev_cs, struct cmndtag tags, bool expand_aliases) { - debug_decl(sudoers_format_cmndspec, SUDOERS_DEBUG_UTIL) + debug_decl(sudoers_format_cmndspec, SUDOERS_DEBUG_UTIL); /* Merge privilege-level tags with cmndspec tags. */ TAGS_MERGE(tags, cs->tags); @@ -276,7 +281,7 @@ struct cmndspec *cs, *prev_cs; struct cmndtag tags; struct member *m; - debug_decl(sudoers_format_privilege, SUDOERS_DEBUG_UTIL) + debug_decl(sudoers_format_privilege, SUDOERS_DEBUG_UTIL); /* Convert per-privilege defaults to tags. */ sudoers_defaults_list_to_tags(&priv->defaults, &tags); @@ -339,7 +344,7 @@ struct privilege *priv; struct sudoers_comment *comment; struct member *m; - debug_decl(sudoers_format_userspec, SUDOERS_DEBUG_UTIL) + debug_decl(sudoers_format_userspec, SUDOERS_DEBUG_UTIL); /* Print comments (if any). */ STAILQ_FOREACH(comment, &us->comments, entries) { @@ -376,7 +381,7 @@ bool expand_aliases, bool flush) { struct userspec *us; - debug_decl(sudoers_format_userspecs, SUDOERS_DEBUG_UTIL) + debug_decl(sudoers_format_userspecs, SUDOERS_DEBUG_UTIL); TAILQ_FOREACH(us, &parse_tree->userspecs, entries) { if (separator != NULL && us != TAILQ_FIRST(&parse_tree->userspecs)) @@ -395,7 +400,7 @@ bool sudoers_format_default(struct sudo_lbuf *lbuf, struct defaults *d) { - debug_decl(sudoers_format_default, SUDOERS_DEBUG_UTIL) + debug_decl(sudoers_format_default, SUDOERS_DEBUG_UTIL); if (d->val != NULL) { sudo_lbuf_append(lbuf, "%s%s", d->var, @@ -425,7 +430,7 @@ { struct member *m; int alias_type; - debug_decl(sudoers_format_default_line, SUDOERS_DEBUG_UTIL) + debug_decl(sudoers_format_default_line, SUDOERS_DEBUG_UTIL); /* Print Defaults type and binding (if present) */ switch (d->type) { diff -Nru sudo-1.8.31/plugins/sudoers/gc.c sudo-1.9.0/plugins/sudoers/gc.c --- sudo-1.8.31/plugins/sudoers/gc.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/gc.c 2020-05-11 16:28:23.000000000 +0000 @@ -49,7 +49,7 @@ { #ifdef NO_LEAKS struct sudoers_gc_entry *gc; - debug_decl(sudoers_gc_add, SUDOERS_DEBUG_UTIL) + debug_decl(sudoers_gc_add, SUDOERS_DEBUG_UTIL); if (v == NULL) debug_return_bool(false); @@ -84,7 +84,7 @@ { #ifdef NO_LEAKS struct sudoers_gc_entry *gc, *prev = NULL; - debug_decl(sudoers_gc_remove, SUDOERS_DEBUG_UTIL) + debug_decl(sudoers_gc_remove, SUDOERS_DEBUG_UTIL); SLIST_FOREACH(gc, &sudoers_gc_list, entries) { switch (gc->type) { @@ -119,7 +119,7 @@ { struct sudoers_gc_entry *gc; char **cur; - debug_decl(sudoers_gc_run, SUDOERS_DEBUG_UTIL) + debug_decl(sudoers_gc_run, SUDOERS_DEBUG_UTIL); /* Collect garbage. */ while ((gc = SLIST_FIRST(&sudoers_gc_list))) { diff -Nru sudo-1.8.31/plugins/sudoers/gentime.c sudo-1.9.0/plugins/sudoers/gentime.c --- sudo-1.8.31/plugins/sudoers/gentime.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/gentime.c 2020-05-11 16:28:23.000000000 +0000 @@ -60,7 +60,7 @@ size_t len; int items, tzoff = 0; bool islocal = false; - debug_decl(parse_gentime, SUDOERS_DEBUG_PARSER) + debug_decl(parse_gentime, SUDOERS_DEBUG_PARSER); /* Make a copy of the time without time zone for easy parsing. */ len = strspn(timestr, "0123456789.,"); diff -Nru sudo-1.8.31/plugins/sudoers/getspwuid.c sudo-1.9.0/plugins/sudoers/getspwuid.c --- sudo-1.8.31/plugins/sudoers/getspwuid.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/getspwuid.c 2020-05-11 16:28:23.000000000 +0000 @@ -71,7 +71,7 @@ sudo_getepw(const struct passwd *pw) { char *epw = NULL; - debug_decl(sudo_getepw, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_getepw, SUDOERS_DEBUG_AUTH); /* If there is a function to check for shadow enabled, use it... */ #ifdef HAVE_ISCOMSEC @@ -118,7 +118,7 @@ void sudo_setspent(void) { - debug_decl(sudo_setspent, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_setspent, SUDOERS_DEBUG_AUTH); #ifdef HAVE_GETPRPWNAM setprpwent(); @@ -132,7 +132,7 @@ void sudo_endspent(void) { - debug_decl(sudo_endspent, SUDOERS_DEBUG_AUTH) + debug_decl(sudo_endspent, SUDOERS_DEBUG_AUTH); #ifdef HAVE_GETPRPWNAM endprpwent(); diff -Nru sudo-1.8.31/plugins/sudoers/goodpath.c sudo-1.9.0/plugins/sudoers/goodpath.c --- sudo-1.8.31/plugins/sudoers/goodpath.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/goodpath.c 2020-05-11 16:28:23.000000000 +0000 @@ -49,7 +49,7 @@ sudo_goodpath(const char *path, struct stat *sbp) { bool ret = false; - debug_decl(sudo_goodpath, SUDOERS_DEBUG_UTIL) + debug_decl(sudo_goodpath, SUDOERS_DEBUG_UTIL); if (path != NULL) { struct stat sb; diff -Nru sudo-1.8.31/plugins/sudoers/gram.c sudo-1.9.0/plugins/sudoers/gram.c --- sudo-1.8.31/plugins/sudoers/gram.c 2019-11-06 16:36:20.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/gram.c 2020-05-11 16:28:23.000000000 +0000 @@ -45,7 +45,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1996, 1998-2005, 2007-2013, 2014-2018 + * Copyright (c) 1996, 1998-2005, 2007-2013, 2014-2020 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -113,7 +113,7 @@ }; /* - * Local protoypes + * Local prototypes */ static void init_options(struct command_options *opts); static bool add_defaults(int, struct member *, struct defaults *); @@ -192,18 +192,18 @@ short sudoerslhs[] = #endif { -1, - 0, 0, 32, 32, 33, 33, 33, 33, 33, 33, - 33, 33, 33, 33, 33, 33, 4, 4, 3, 3, + 0, 0, 33, 33, 34, 34, 34, 34, 34, 34, + 34, 34, 34, 34, 34, 34, 4, 4, 3, 3, 3, 3, 3, 21, 21, 20, 11, 11, 9, 9, 9, 9, 9, 2, 2, 1, 31, 31, 31, 31, - 7, 7, 6, 6, 28, 29, 30, 24, 25, 26, - 27, 18, 18, 19, 19, 19, 19, 19, 23, 23, - 23, 23, 23, 23, 23, 23, 22, 22, 22, 22, + 32, 32, 7, 7, 6, 6, 28, 29, 30, 24, + 25, 26, 27, 18, 18, 19, 19, 19, 19, 19, + 23, 23, 23, 23, 23, 23, 23, 23, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, - 22, 5, 5, 5, 35, 35, 38, 10, 10, 36, - 36, 39, 8, 8, 37, 37, 40, 34, 34, 41, - 14, 14, 12, 12, 13, 13, 13, 13, 13, 17, - 17, 15, 15, 16, 16, 16, + 22, 22, 22, 5, 5, 5, 36, 36, 39, 10, + 10, 37, 37, 40, 8, 8, 38, 38, 41, 35, + 35, 42, 14, 14, 12, 12, 13, 13, 13, 13, + 13, 17, 17, 15, 15, 16, 16, 16, }; #if defined(__cplusplus) || defined(__STDC__) const short sudoerslen[] = @@ -215,14 +215,14 @@ 2, 2, 3, 3, 3, 3, 1, 3, 1, 2, 3, 3, 3, 1, 3, 3, 1, 2, 1, 1, 1, 1, 1, 1, 3, 4, 3, 3, 3, 3, - 1, 2, 1, 2, 3, 3, 3, 3, 3, 3, - 3, 0, 3, 0, 1, 3, 2, 1, 0, 2, - 2, 2, 2, 2, 2, 2, 0, 2, 2, 2, + 1, 3, 1, 2, 1, 2, 3, 3, 3, 3, + 3, 3, 3, 0, 3, 0, 1, 3, 2, 1, + 0, 2, 2, 2, 2, 2, 2, 2, 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 1, 1, 1, 1, 3, 3, 1, 3, 1, - 3, 3, 1, 3, 1, 3, 3, 1, 3, 3, - 1, 3, 1, 2, 1, 1, 1, 1, 1, 1, - 3, 1, 2, 1, 1, 1, + 2, 2, 2, 1, 1, 1, 1, 3, 3, 1, + 3, 1, 3, 3, 1, 3, 1, 3, 3, 1, + 3, 3, 1, 3, 1, 2, 1, 1, 1, 1, + 1, 1, 3, 1, 2, 1, 1, 1, }; #if defined(__cplusplus) || defined(__STDC__) const short sudoersdefred[] = @@ -230,25 +230,25 @@ short sudoersdefred[] = #endif { 0, - 0, 105, 107, 108, 109, 0, 0, 0, 0, 0, - 106, 5, 0, 0, 0, 0, 0, 0, 101, 103, + 0, 107, 109, 110, 111, 0, 0, 0, 0, 0, + 108, 5, 0, 0, 0, 0, 0, 0, 103, 105, 0, 0, 3, 6, 0, 0, 17, 0, 29, 32, - 31, 33, 30, 0, 27, 0, 88, 0, 0, 84, - 83, 82, 0, 0, 0, 0, 0, 43, 41, 93, - 0, 0, 0, 0, 85, 0, 0, 90, 0, 0, - 98, 0, 0, 95, 104, 0, 0, 24, 0, 4, - 0, 0, 0, 20, 0, 28, 0, 0, 0, 0, - 44, 0, 0, 0, 0, 0, 0, 42, 0, 0, - 0, 0, 0, 0, 0, 0, 102, 0, 0, 21, - 22, 23, 18, 89, 37, 38, 39, 40, 94, 0, - 86, 0, 91, 0, 99, 0, 96, 0, 34, 0, - 59, 25, 0, 0, 0, 0, 0, 114, 116, 115, - 0, 110, 112, 0, 0, 53, 35, 0, 0, 0, - 0, 0, 0, 0, 0, 63, 64, 65, 66, 62, - 60, 61, 113, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 68, 69, 70, 71, 72, 73, 74, 75, - 76, 77, 80, 81, 78, 79, 36, 111, 49, 48, - 50, 51, 45, 46, 47, + 31, 33, 30, 0, 27, 0, 90, 0, 0, 86, + 85, 84, 0, 0, 0, 0, 0, 45, 43, 95, + 0, 41, 0, 0, 0, 87, 0, 0, 92, 0, + 0, 100, 0, 0, 97, 106, 0, 0, 24, 0, + 4, 0, 0, 0, 20, 0, 28, 0, 0, 0, + 0, 46, 0, 0, 0, 0, 0, 0, 0, 44, + 0, 0, 0, 0, 0, 0, 0, 0, 104, 0, + 0, 21, 22, 23, 18, 91, 37, 38, 39, 40, + 96, 42, 0, 88, 0, 93, 0, 101, 0, 98, + 0, 34, 0, 61, 25, 0, 0, 0, 0, 0, + 116, 118, 117, 0, 112, 114, 0, 0, 55, 35, + 0, 0, 0, 0, 0, 0, 0, 0, 65, 66, + 67, 68, 64, 62, 63, 115, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 70, 71, 72, 73, 74, + 75, 76, 77, 78, 79, 82, 83, 80, 81, 36, + 113, 51, 50, 52, 53, 47, 48, 49, }; #if defined(__cplusplus) || defined(__STDC__) const short sudoersdgoto[] = @@ -256,11 +256,11 @@ short sudoersdgoto[] = #endif { 18, - 119, 120, 27, 28, 48, 49, 50, 51, 35, 67, - 37, 19, 20, 21, 132, 133, 134, 121, 125, 68, - 69, 145, 127, 146, 147, 148, 149, 150, 151, 152, - 52, 22, 23, 60, 54, 57, 63, 55, 58, 64, - 61, + 122, 123, 27, 28, 48, 49, 50, 51, 35, 68, + 37, 19, 20, 21, 135, 136, 137, 124, 128, 69, + 70, 148, 130, 149, 150, 151, 152, 153, 154, 155, + 52, 53, 22, 23, 61, 55, 58, 64, 56, 59, + 65, 62, }; #if defined(__cplusplus) || defined(__STDC__) const short sudoerssindex[] = @@ -269,60 +269,60 @@ #endif { 512, -272, 0, 0, 0, 0, -23, 227, -19, -19, -5, - 0, 0, -239, -236, -234, -232, -231, 0, 0, 0, - -33, 512, 0, 0, -3, -220, 0, 3, 0, 0, - 0, 0, 0, -225, 0, -28, 0, -24, -24, 0, - 0, 0, -240, -15, -8, 2, 4, 0, 0, 0, - -21, -12, -9, 6, 0, 7, 12, 0, 10, 14, - 0, 13, 25, 0, 0, -19, -36, 0, 26, 0, - -208, -202, -198, 0, -23, 0, 227, 3, 3, 3, - 0, -179, -178, -174, -173, -5, 3, 0, 227, -239, - -5, -236, -19, -234, -19, -232, 0, 52, 227, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 50, - 0, 51, 0, 54, 0, 54, 0, -29, 0, 55, - 0, 0, 289, -7, 59, 52, -216, 0, 0, 0, - -217, 0, 0, 57, 289, 0, 0, 32, 41, 42, - 43, 44, 45, 47, 450, 0, 0, 0, 0, 0, - 0, 0, 0, 289, 57, -154, -153, -150, -149, -148, - -147, -146, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, -239, -234, -231, -227, -225, 0, 0, 0, + -33, 512, 0, 0, -4, -224, 0, -2, 0, 0, + 0, 0, 0, -208, 0, -28, 0, -24, -24, 0, + 0, 0, -240, -11, 2, 3, 8, 0, 0, 0, + -21, 0, -12, -15, 9, 0, -7, 16, 0, -3, + 17, 0, 18, 20, 0, 0, -19, -18, 0, 22, + 0, -223, -207, -182, 0, -23, 0, 227, -2, -2, + -2, 0, -181, -180, -179, -178, -5, -2, -230, 0, + 227, -239, -5, -234, -19, -231, -19, -227, 0, 47, + 227, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 44, 0, 48, 0, 50, 0, 50, 0, + -29, 0, 51, 0, 0, 289, -36, 52, 47, -193, + 0, 0, 0, -233, 0, 0, 61, 289, 0, 0, + 45, 53, 55, 56, 57, 58, 59, 450, 0, 0, + 0, 0, 0, 0, 0, 0, 289, 61, -155, -154, + -153, -151, -150, -141, -140, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0,}; + 0, 0, 0, 0, 0, 0, 0, 0,}; #if defined(__cplusplus) || defined(__STDC__) const short sudoersrindex[] = #else short sudoersrindex[] = #endif - { 118, + { 124, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 119, 0, 0, 1, 0, 0, 145, 0, 0, + 0, 125, 0, 0, 1, 0, 0, 145, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 159, 0, 0, 193, 0, 0, 207, - 0, 0, 241, 0, 0, 0, 0, 0, 275, 0, - 0, 0, 0, 0, 0, 0, 0, 309, 323, 357, - 0, 0, 0, 0, 0, 0, 371, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 404, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 15, - 0, 49, 0, 63, 0, 97, 0, 79, 0, 111, - 0, 0, 81, 82, 0, 404, 483, 0, 0, 0, - 0, 0, 0, 83, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 159, 0, 0, 193, 0, 0, + 207, 0, 0, 241, 0, 0, 0, 0, 0, 275, + 0, 0, 0, 0, 0, 0, 0, 0, 309, 323, + 357, 0, 0, 0, 0, 0, 0, 371, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 404, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 84, 0, 0, 0, 0, 0, + 0, 0, 15, 0, 49, 0, 63, 0, 97, 0, + 85, 0, 111, 0, 0, 86, 87, 0, 404, 483, + 0, 0, 0, 0, 0, 0, 88, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 90, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0,}; + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0,}; #if defined(__cplusplus) || defined(__STDC__) const short sudoersgindex[] = #else short sudoersgindex[] = #endif { 0, - 5, 0, 53, 18, 86, 74, -79, 36, 98, -1, - 56, 68, 120, -6, -18, 8, 11, 0, 0, 39, + 4, 0, 60, 26, 89, 81, -80, 42, 103, -1, + 62, 71, 122, -6, -16, 12, 5, 0, 0, 41, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 113, 0, 0, 0, 0, 58, 48, 46, - 60, + 64, 0, 0, 126, 0, 0, 0, 0, 65, 66, + 54, 67, }; #define YYTABLESIZE 801 #if defined(__cplusplus) || defined(__STDC__) @@ -331,23 +331,23 @@ short sudoerstable[] = #endif { 34, - 19, 38, 39, 17, 26, 36, 109, 77, 26, 26, - 66, 26, 24, 17, 87, 77, 40, 41, 53, 66, - 43, 56, 86, 59, 98, 62, 2, 43, 123, 3, - 4, 5, 29, 19, 30, 31, 66, 32, 74, 72, - 128, 73, 82, 42, 19, 129, 75, 87, 92, 83, - 135, 89, 11, 78, 100, 79, 80, 71, 33, 84, - 101, 85, 100, 90, 102, 177, 130, 91, 87, 92, - 93, 94, 87, 95, 138, 139, 140, 141, 142, 143, - 144, 92, 96, 99, 105, 106, 114, 110, 116, 107, - 108, 118, 156, 77, 86, 100, 97, 66, 126, 136, - 154, 157, 158, 159, 160, 161, 92, 162, 179, 180, - 26, 124, 181, 182, 183, 184, 185, 1, 2, 54, - 100, 58, 55, 57, 56, 88, 112, 103, 81, 97, - 137, 76, 104, 97, 70, 178, 65, 122, 153, 113, - 0, 117, 0, 26, 12, 155, 0, 111, 0, 0, - 0, 0, 0, 115, 97, 0, 0, 0, 9, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 26, 0, + 19, 38, 39, 17, 26, 36, 111, 67, 26, 26, + 67, 26, 24, 17, 89, 78, 40, 41, 54, 67, + 43, 138, 87, 57, 131, 78, 60, 43, 126, 132, + 63, 89, 2, 19, 75, 3, 4, 5, 73, 102, + 74, 76, 100, 42, 19, 91, 83, 89, 94, 29, + 133, 30, 31, 93, 32, 103, 72, 95, 11, 84, + 85, 79, 102, 80, 81, 86, 92, 180, 44, 45, + 46, 47, 89, 94, 96, 33, 88, 98, 97, 101, + 104, 94, 107, 108, 109, 110, 121, 78, 117, 113, + 119, 87, 139, 67, 129, 102, 99, 141, 142, 143, + 144, 145, 146, 147, 157, 159, 94, 182, 183, 184, + 26, 185, 186, 160, 127, 161, 162, 163, 164, 165, + 102, 187, 188, 1, 2, 56, 60, 57, 59, 99, + 58, 82, 140, 90, 115, 105, 77, 99, 66, 106, + 181, 125, 158, 26, 12, 156, 0, 71, 0, 0, + 0, 120, 112, 0, 99, 0, 114, 0, 9, 116, + 0, 0, 118, 0, 0, 0, 0, 0, 26, 0, 0, 0, 0, 0, 0, 0, 0, 12, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 0, 0, 0, @@ -358,23 +358,23 @@ 11, 3, 4, 5, 40, 41, 0, 0, 0, 0, 33, 40, 41, 0, 11, 0, 19, 0, 19, 34, 0, 19, 19, 19, 11, 19, 19, 19, 19, 19, - 87, 42, 87, 11, 7, 87, 87, 87, 42, 87, - 87, 87, 87, 87, 19, 19, 19, 19, 19, 19, - 0, 0, 0, 44, 45, 46, 47, 0, 87, 87, - 87, 87, 87, 87, 92, 0, 92, 7, 15, 92, - 92, 92, 0, 92, 92, 92, 92, 92, 100, 0, - 100, 131, 13, 100, 100, 100, 0, 100, 100, 100, - 100, 100, 92, 92, 92, 92, 92, 92, 0, 0, - 0, 15, 0, 0, 0, 0, 100, 100, 100, 100, - 100, 100, 97, 0, 97, 13, 14, 97, 97, 97, - 0, 97, 97, 97, 97, 97, 26, 0, 26, 0, + 89, 42, 89, 11, 7, 89, 89, 89, 42, 89, + 89, 89, 89, 89, 19, 19, 19, 19, 19, 19, + 0, 0, 0, 44, 45, 46, 47, 0, 89, 89, + 89, 89, 89, 89, 94, 0, 94, 7, 15, 94, + 94, 94, 0, 94, 94, 94, 94, 94, 102, 0, + 102, 134, 13, 102, 102, 102, 0, 102, 102, 102, + 102, 102, 94, 94, 94, 94, 94, 94, 0, 0, + 0, 15, 0, 0, 0, 0, 102, 102, 102, 102, + 102, 102, 99, 0, 99, 13, 14, 99, 99, 99, + 0, 99, 99, 99, 99, 99, 26, 0, 26, 0, 16, 26, 26, 26, 0, 26, 26, 26, 26, 26, - 97, 97, 97, 97, 97, 97, 0, 0, 0, 14, + 99, 99, 99, 99, 99, 99, 0, 0, 0, 14, 0, 0, 0, 0, 26, 26, 26, 26, 26, 26, 12, 0, 12, 16, 0, 12, 12, 12, 0, 12, 12, 12, 12, 12, 9, 0, 9, 0, 0, 9, 9, 9, 0, 9, 9, 9, 9, 9, 12, 12, - 12, 12, 12, 12, 0, 0, 52, 0, 0, 0, + 12, 12, 12, 12, 0, 0, 54, 0, 0, 0, 0, 0, 9, 9, 9, 9, 9, 9, 10, 0, 10, 0, 0, 10, 10, 10, 0, 10, 10, 10, 10, 10, 8, 0, 8, 0, 0, 8, 8, 8, @@ -382,13 +382,13 @@ 10, 10, 43, 0, 29, 0, 30, 31, 0, 32, 8, 8, 8, 8, 8, 8, 11, 0, 11, 0, 0, 11, 11, 11, 0, 11, 11, 11, 11, 11, - 33, 0, 0, 0, 0, 67, 0, 0, 0, 0, + 33, 0, 0, 0, 0, 69, 0, 0, 0, 0, 0, 0, 0, 0, 11, 11, 11, 11, 11, 11, 7, 0, 7, 0, 0, 7, 7, 7, 0, 7, - 7, 7, 7, 7, 17, 0, 128, 0, 0, 0, - 0, 129, 0, 0, 0, 0, 0, 0, 7, 7, + 7, 7, 7, 7, 17, 0, 131, 0, 0, 0, + 0, 132, 0, 0, 0, 0, 0, 0, 7, 7, 7, 7, 7, 7, 15, 0, 15, 0, 0, 15, - 15, 15, 130, 15, 15, 15, 15, 15, 13, 0, + 15, 15, 133, 15, 15, 15, 15, 15, 13, 0, 13, 0, 0, 13, 13, 13, 0, 13, 13, 13, 13, 13, 15, 15, 15, 15, 15, 15, 0, 0, 0, 0, 0, 0, 0, 0, 13, 13, 13, 13, @@ -397,19 +397,19 @@ 0, 16, 16, 16, 0, 16, 16, 16, 16, 16, 14, 14, 14, 14, 14, 14, 0, 0, 0, 0, 0, 0, 0, 0, 16, 16, 16, 16, 16, 16, - 52, 52, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 52, 52, 52, 52, 52, 52, 52, - 52, 52, 52, 52, 52, 52, 52, 52, 0, 0, - 0, 0, 0, 0, 52, 52, 52, 52, 52, 52, - 52, 0, 52, 52, 52, 52, 40, 41, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 163, - 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, - 174, 175, 176, 42, 0, 0, 0, 0, 0, 67, - 67, 0, 0, 0, 0, 0, 0, 0, 44, 45, - 46, 47, 67, 67, 67, 67, 67, 67, 67, 67, - 67, 67, 67, 67, 67, 67, 67, 1, 0, 2, + 54, 54, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 54, 54, 54, 54, 54, 54, 54, + 54, 54, 54, 54, 54, 54, 54, 54, 0, 0, + 0, 0, 0, 0, 54, 54, 54, 54, 54, 54, + 54, 0, 54, 54, 54, 54, 40, 41, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 166, + 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, + 177, 178, 179, 42, 0, 0, 0, 0, 0, 69, + 69, 0, 0, 0, 0, 0, 0, 0, 44, 45, + 46, 47, 69, 69, 69, 69, 69, 69, 69, 69, + 69, 69, 69, 69, 69, 69, 69, 1, 0, 2, 0, 0, 3, 4, 5, 0, 6, 7, 8, 9, - 10, 67, 67, 67, 67, 0, 0, 0, 0, 0, + 10, 69, 69, 69, 69, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 11, 12, 13, 14, 15, 16, }; @@ -419,23 +419,23 @@ short sudoerscheck[] = #endif { 33, - 0, 8, 9, 33, 33, 7, 86, 44, 33, 33, + 0, 8, 9, 33, 33, 7, 87, 44, 33, 33, 44, 33, 285, 33, 0, 44, 257, 258, 258, 44, - 33, 258, 44, 258, 61, 258, 258, 33, 58, 261, - 262, 263, 258, 33, 260, 261, 44, 263, 259, 43, - 258, 45, 58, 284, 44, 263, 44, 33, 0, 58, - 58, 61, 284, 36, 263, 38, 39, 61, 284, 58, - 263, 58, 0, 58, 263, 145, 284, 61, 51, 58, - 61, 58, 58, 61, 291, 292, 293, 294, 295, 296, - 297, 33, 58, 58, 264, 264, 93, 89, 95, 264, - 264, 40, 61, 44, 44, 33, 0, 44, 44, 41, - 44, 61, 61, 61, 61, 61, 58, 61, 263, 263, - 0, 118, 263, 263, 263, 263, 263, 0, 0, 41, - 58, 41, 41, 41, 41, 52, 91, 75, 43, 33, - 126, 34, 77, 66, 22, 154, 17, 99, 131, 92, - -1, 96, -1, 33, 0, 135, -1, 90, -1, -1, - -1, -1, -1, 94, 58, -1, -1, -1, 0, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 58, -1, + 33, 58, 44, 258, 258, 44, 258, 33, 58, 263, + 258, 44, 258, 33, 259, 261, 262, 263, 43, 263, + 45, 44, 61, 284, 44, 61, 58, 33, 0, 258, + 284, 260, 261, 61, 263, 263, 61, 61, 284, 58, + 58, 36, 0, 38, 39, 58, 58, 148, 299, 300, + 301, 302, 58, 58, 58, 284, 51, 58, 61, 58, + 263, 33, 264, 264, 264, 264, 40, 44, 95, 91, + 97, 44, 41, 44, 44, 33, 0, 291, 292, 293, + 294, 295, 296, 297, 44, 61, 58, 263, 263, 263, + 0, 263, 263, 61, 121, 61, 61, 61, 61, 61, + 58, 263, 263, 0, 0, 41, 41, 41, 41, 33, + 41, 43, 129, 53, 93, 76, 34, 67, 17, 78, + 157, 101, 138, 33, 0, 134, -1, 22, -1, -1, + -1, 98, 89, -1, 58, -1, 92, -1, 0, 94, + -1, -1, 96, -1, -1, -1, -1, -1, 58, -1, -1, -1, -1, -1, -1, -1, -1, 33, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 33, 0, -1, -1, -1, -1, -1, -1, -1, @@ -570,12 +570,14 @@ "cmndspeclist : cmndspec", "cmndspeclist : cmndspeclist ',' cmndspec", "cmndspec : runasspec options cmndtag digcmnd", -"digest : SHA224_TOK ':' DIGEST", -"digest : SHA256_TOK ':' DIGEST", -"digest : SHA384_TOK ':' DIGEST", -"digest : SHA512_TOK ':' DIGEST", +"digestspec : SHA224_TOK ':' DIGEST", +"digestspec : SHA256_TOK ':' DIGEST", +"digestspec : SHA384_TOK ':' DIGEST", +"digestspec : SHA512_TOK ':' DIGEST", +"digestlist : digestspec", +"digestlist : digestlist ',' digestspec", "digcmnd : opcmnd", -"digcmnd : digest opcmnd", +"digcmnd : digestlist opcmnd", "opcmnd : cmnd", "opcmnd : '!' cmnd", "timeoutspec : CMND_TIMEOUT '=' WORD", @@ -678,11 +680,11 @@ YYSTYPE *yyvs; unsigned int yystacksize; int yyparse(void); -#line 911 "gram.y" +#line 928 "gram.y" void sudoerserror(const char *s) { - debug_decl(sudoerserror, SUDOERS_DEBUG_PARSER) + debug_decl(sudoerserror, SUDOERS_DEBUG_PARSER); /* Save the line the first error occurred on. */ if (errorlineno == -1) { @@ -712,7 +714,7 @@ new_default(char *var, char *val, short op) { struct defaults *d; - debug_decl(new_default, SUDOERS_DEBUG_PARSER) + debug_decl(new_default, SUDOERS_DEBUG_PARSER); if ((d = calloc(1, sizeof(struct defaults))) == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, @@ -736,7 +738,7 @@ new_member(char *name, int type) { struct member *m; - debug_decl(new_member, SUDOERS_DEBUG_PARSER) + debug_decl(new_member, SUDOERS_DEBUG_PARSER); if ((m = calloc(1, sizeof(struct member))) == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, @@ -750,12 +752,30 @@ debug_return_ptr(m); } +static struct sudo_command * +new_command(char *cmnd, char *args) +{ + struct sudo_command *c; + debug_decl(new_command, SUDOERS_DEBUG_PARSER); + + if ((c = calloc(1, sizeof(*c))) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to allocate memory"); + debug_return_ptr(NULL); + } + + c->cmnd = cmnd; + c->args = args; + TAILQ_INIT(&c->digests); + + debug_return_ptr(c); +} static struct command_digest * new_digest(int digest_type, char *digest_str) { struct command_digest *digest; - debug_decl(new_digest, SUDOERS_DEBUG_PARSER) + debug_decl(new_digest, SUDOERS_DEBUG_PARSER); if ((digest = malloc(sizeof(*digest))) == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, @@ -763,6 +783,7 @@ debug_return_ptr(NULL); } + HLTQ_INIT(digest, entries); digest->digest_type = digest_type; digest->digest_str = digest_str; if (digest->digest_str == NULL) { @@ -786,7 +807,7 @@ struct defaults *d, *next; struct member_list *binding; bool ret = true; - debug_decl(add_defaults, SUDOERS_DEBUG_PARSER) + debug_decl(add_defaults, SUDOERS_DEBUG_PARSER); if (defs != NULL) { /* @@ -825,7 +846,7 @@ add_userspec(struct member *members, struct privilege *privs) { struct userspec *u; - debug_decl(add_userspec, SUDOERS_DEBUG_PARSER) + debug_decl(add_userspec, SUDOERS_DEBUG_PARSER); if ((u = calloc(1, sizeof(*u))) == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, @@ -848,16 +869,18 @@ void free_member(struct member *m) { - debug_decl(free_member, SUDOERS_DEBUG_PARSER) + debug_decl(free_member, SUDOERS_DEBUG_PARSER); - if (m->type == COMMAND) { - struct sudo_command *c = (struct sudo_command *)m->name; - free(c->cmnd); - free(c->args); - if (c->digest != NULL) { - free(c->digest->digest_str); - free(c->digest); - } + if (m->type == COMMAND || (m->type == ALL && m->name != NULL)) { + struct command_digest *digest; + struct sudo_command *c = (struct sudo_command *)m->name; + free(c->cmnd); + free(c->args); + while ((digest = TAILQ_FIRST(&c->digests)) != NULL) { + TAILQ_REMOVE(&c->digests, digest, entries); + free(digest->digest_str); + free(digest); + } } free(m->name); free(m); @@ -872,7 +895,7 @@ free_members(struct member_list *members) { struct member *m; - debug_decl(free_members, SUDOERS_DEBUG_PARSER) + debug_decl(free_members, SUDOERS_DEBUG_PARSER); while ((m = TAILQ_FIRST(members)) != NULL) { TAILQ_REMOVE(members, m, entries); @@ -887,7 +910,7 @@ { struct member_list *prev_binding = NULL; struct defaults *def; - debug_decl(free_defaults, SUDOERS_DEBUG_PARSER) + debug_decl(free_defaults, SUDOERS_DEBUG_PARSER); while ((def = TAILQ_FIRST(defs)) != NULL) { TAILQ_REMOVE(defs, def, entries); @@ -900,7 +923,7 @@ void free_default(struct defaults *def, struct member_list **binding) { - debug_decl(free_default, SUDOERS_DEBUG_PARSER) + debug_decl(free_default, SUDOERS_DEBUG_PARSER); if (def->binding != *binding) { *binding = def->binding; @@ -930,7 +953,7 @@ #ifdef HAVE_PRIV_SET char *privs = NULL, *limitprivs = NULL; #endif /* HAVE_PRIV_SET */ - debug_decl(free_privilege, SUDOERS_DEBUG_PARSER) + debug_decl(free_privilege, SUDOERS_DEBUG_PARSER); free(priv->ldap_role); free_members(&priv->hostlist); @@ -985,7 +1008,7 @@ free_userspecs(struct userspec_list *usl) { struct userspec *us; - debug_decl(free_userspecs, SUDOERS_DEBUG_PARSER) + debug_decl(free_userspecs, SUDOERS_DEBUG_PARSER); while ((us = TAILQ_FIRST(usl)) != NULL) { TAILQ_REMOVE(usl, us, entries); @@ -1000,7 +1023,7 @@ { struct privilege *priv; struct sudoers_comment *comment; - debug_decl(free_userspec, SUDOERS_DEBUG_PARSER) + debug_decl(free_userspec, SUDOERS_DEBUG_PARSER); free_members(&us->users); while ((priv = TAILQ_FIRST(&us->privileges)) != NULL) { @@ -1064,7 +1087,7 @@ init_parser(const char *path, bool quiet, bool strict) { bool ret = true; - debug_decl(init_parser, SUDOERS_DEBUG_PARSER) + debug_decl(init_parser, SUDOERS_DEBUG_PARSER); free_parse_tree(&parsed_policy); init_lexer(); @@ -1107,7 +1130,7 @@ opts->limitprivs = NULL; #endif } -#line 1053 "gram.c" +#line 1076 "gram.c" /* allocate initial stack or double stack size, up to YYMAXDEPTH */ #if defined(__cplusplus) || defined(__STDC__) static int yygrowstack(void) @@ -1316,23 +1339,23 @@ switch (yyn) { case 1: -#line 181 "gram.y" +#line 182 "gram.y" { ; } break; case 5: -#line 189 "gram.y" +#line 190 "gram.y" { ; } break; case 6: -#line 192 "gram.y" +#line 193 "gram.y" { yyerrok; } break; case 7: -#line 195 "gram.y" +#line 196 "gram.y" { if (!add_userspec(yyvsp[-1].member, yyvsp[0].privilege)) { sudoerserror(N_("unable to allocate memory")); @@ -1341,73 +1364,73 @@ } break; case 8: -#line 201 "gram.y" +#line 202 "gram.y" { ; } break; case 9: -#line 204 "gram.y" +#line 205 "gram.y" { ; } break; case 10: -#line 207 "gram.y" +#line 208 "gram.y" { ; } break; case 11: -#line 210 "gram.y" +#line 211 "gram.y" { ; } break; case 12: -#line 213 "gram.y" +#line 214 "gram.y" { if (!add_defaults(DEFAULTS, NULL, yyvsp[0].defaults)) YYERROR; } break; case 13: -#line 217 "gram.y" +#line 218 "gram.y" { if (!add_defaults(DEFAULTS_USER, yyvsp[-1].member, yyvsp[0].defaults)) YYERROR; } break; case 14: -#line 221 "gram.y" +#line 222 "gram.y" { if (!add_defaults(DEFAULTS_RUNAS, yyvsp[-1].member, yyvsp[0].defaults)) YYERROR; } break; case 15: -#line 225 "gram.y" +#line 226 "gram.y" { if (!add_defaults(DEFAULTS_HOST, yyvsp[-1].member, yyvsp[0].defaults)) YYERROR; } break; case 16: -#line 229 "gram.y" +#line 230 "gram.y" { if (!add_defaults(DEFAULTS_CMND, yyvsp[-1].member, yyvsp[0].defaults)) YYERROR; } break; case 18: -#line 236 "gram.y" +#line 237 "gram.y" { HLTQ_CONCAT(yyvsp[-2].defaults, yyvsp[0].defaults, entries); yyval.defaults = yyvsp[-2].defaults; } break; case 19: -#line 242 "gram.y" +#line 243 "gram.y" { yyval.defaults = new_default(yyvsp[0].string, NULL, true); if (yyval.defaults == NULL) { @@ -1417,7 +1440,7 @@ } break; case 20: -#line 249 "gram.y" +#line 250 "gram.y" { yyval.defaults = new_default(yyvsp[0].string, NULL, false); if (yyval.defaults == NULL) { @@ -1427,7 +1450,7 @@ } break; case 21: -#line 256 "gram.y" +#line 257 "gram.y" { yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, true); if (yyval.defaults == NULL) { @@ -1437,7 +1460,7 @@ } break; case 22: -#line 263 "gram.y" +#line 264 "gram.y" { yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '+'); if (yyval.defaults == NULL) { @@ -1447,7 +1470,7 @@ } break; case 23: -#line 270 "gram.y" +#line 271 "gram.y" { yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '-'); if (yyval.defaults == NULL) { @@ -1457,14 +1480,14 @@ } break; case 25: -#line 280 "gram.y" +#line 281 "gram.y" { HLTQ_CONCAT(yyvsp[-2].privilege, yyvsp[0].privilege, entries); yyval.privilege = yyvsp[-2].privilege; } break; case 26: -#line 286 "gram.y" +#line 287 "gram.y" { struct privilege *p = calloc(1, sizeof(*p)); if (p == NULL) { @@ -1479,21 +1502,21 @@ } break; case 27: -#line 300 "gram.y" +#line 301 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; case 28: -#line 304 "gram.y" +#line 305 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; case 29: -#line 310 "gram.y" +#line 311 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); if (yyval.member == NULL) { @@ -1503,7 +1526,7 @@ } break; case 30: -#line 317 "gram.y" +#line 318 "gram.y" { yyval.member = new_member(NULL, ALL); if (yyval.member == NULL) { @@ -1513,7 +1536,7 @@ } break; case 31: -#line 324 "gram.y" +#line 325 "gram.y" { yyval.member = new_member(yyvsp[0].string, NETGROUP); if (yyval.member == NULL) { @@ -1523,7 +1546,7 @@ } break; case 32: -#line 331 "gram.y" +#line 332 "gram.y" { yyval.member = new_member(yyvsp[0].string, NTWKADDR); if (yyval.member == NULL) { @@ -1533,7 +1556,7 @@ } break; case 33: -#line 338 "gram.y" +#line 339 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); if (yyval.member == NULL) { @@ -1543,7 +1566,7 @@ } break; case 35: -#line 348 "gram.y" +#line 349 "gram.y" { struct cmndspec *prev; prev = HLTQ_LAST(yyvsp[-2].cmndspec, cmndspec, entries); @@ -1597,7 +1620,7 @@ } break; case 36: -#line 401 "gram.y" +#line 402 "gram.y" { struct cmndspec *cs = calloc(1, sizeof(*cs)); if (cs == NULL) { @@ -1651,7 +1674,7 @@ } break; case 37: -#line 454 "gram.y" +#line 455 "gram.y" { yyval.digest = new_digest(SUDO_DIGEST_SHA224, yyvsp[0].string); if (yyval.digest == NULL) { @@ -1661,7 +1684,7 @@ } break; case 38: -#line 461 "gram.y" +#line 462 "gram.y" { yyval.digest = new_digest(SUDO_DIGEST_SHA256, yyvsp[0].string); if (yyval.digest == NULL) { @@ -1671,7 +1694,7 @@ } break; case 39: -#line 468 "gram.y" +#line 469 "gram.y" { yyval.digest = new_digest(SUDO_DIGEST_SHA384, yyvsp[0].string); if (yyval.digest == NULL) { @@ -1681,7 +1704,7 @@ } break; case 40: -#line 475 "gram.y" +#line 476 "gram.y" { yyval.digest = new_digest(SUDO_DIGEST_SHA512, yyvsp[0].string); if (yyval.digest == NULL) { @@ -1690,94 +1713,111 @@ } } break; -case 41: -#line 484 "gram.y" +case 42: +#line 486 "gram.y" +{ + HLTQ_CONCAT(yyvsp[-2].digest, yyvsp[0].digest, entries); + yyval.digest = yyvsp[-2].digest; + } +break; +case 43: +#line 492 "gram.y" { yyval.member = yyvsp[0].member; } break; -case 42: -#line 487 "gram.y" +case 44: +#line 495 "gram.y" { - if (yyvsp[0].member->type != COMMAND) { + struct sudo_command *c = + (struct sudo_command *) yyvsp[0].member->name; + + if (yyvsp[0].member->type != COMMAND && yyvsp[0].member->type != ALL) { sudoerserror(N_("a digest requires a path name")); YYERROR; } - /* XXX - yuck */ - ((struct sudo_command *) yyvsp[0].member->name)->digest = yyvsp[-1].digest; + if (c == NULL) { + /* lazy-allocate sudo_command for ALL */ + if ((c = new_command(NULL, NULL)) == NULL) { + sudoerserror(N_("unable to allocate memory")); + YYERROR; + } + yyvsp[0].member->name = (char *)c; + } + HLTQ_TO_TAILQ(&c->digests, yyvsp[-1].digest, entries); yyval.member = yyvsp[0].member; } break; -case 43: -#line 498 "gram.y" +case 45: +#line 516 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; -case 44: -#line 502 "gram.y" +case 46: +#line 520 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; -case 45: -#line 508 "gram.y" +case 47: +#line 526 "gram.y" { yyval.string = yyvsp[0].string; } break; -case 46: -#line 513 "gram.y" +case 48: +#line 531 "gram.y" { yyval.string = yyvsp[0].string; } break; -case 47: -#line 517 "gram.y" +case 49: +#line 535 "gram.y" { yyval.string = yyvsp[0].string; } break; -case 48: -#line 522 "gram.y" +case 50: +#line 540 "gram.y" { yyval.string = yyvsp[0].string; } break; -case 49: -#line 527 "gram.y" +case 51: +#line 545 "gram.y" { yyval.string = yyvsp[0].string; } break; -case 50: -#line 532 "gram.y" +case 52: +#line 550 "gram.y" { yyval.string = yyvsp[0].string; } break; -case 51: -#line 536 "gram.y" +case 53: +#line 554 "gram.y" { yyval.string = yyvsp[0].string; } break; -case 52: -#line 541 "gram.y" +case 54: +#line 559 "gram.y" { yyval.runas = NULL; } break; -case 53: -#line 544 "gram.y" +case 55: +#line 562 "gram.y" { yyval.runas = yyvsp[-1].runas; } break; -case 54: -#line 549 "gram.y" +case 56: +#line 567 "gram.y" { yyval.runas = calloc(1, sizeof(struct runascontainer)); if (yyval.runas != NULL) { @@ -1794,8 +1834,8 @@ } } break; -case 55: -#line 564 "gram.y" +case 57: +#line 582 "gram.y" { yyval.runas = calloc(1, sizeof(struct runascontainer)); if (yyval.runas == NULL) { @@ -1806,8 +1846,8 @@ /* $$->runasgroups = NULL; */ } break; -case 56: -#line 573 "gram.y" +case 58: +#line 591 "gram.y" { yyval.runas = calloc(1, sizeof(struct runascontainer)); if (yyval.runas == NULL) { @@ -1818,8 +1858,8 @@ yyval.runas->runasgroups = yyvsp[0].member; } break; -case 57: -#line 582 "gram.y" +case 59: +#line 600 "gram.y" { yyval.runas = calloc(1, sizeof(struct runascontainer)); if (yyval.runas == NULL) { @@ -1830,8 +1870,8 @@ yyval.runas->runasgroups = yyvsp[0].member; } break; -case 58: -#line 591 "gram.y" +case 60: +#line 609 "gram.y" { yyval.runas = calloc(1, sizeof(struct runascontainer)); if (yyval.runas != NULL) { @@ -1848,14 +1888,14 @@ } } break; -case 59: -#line 608 "gram.y" +case 61: +#line 626 "gram.y" { init_options(&yyval.options); } break; -case 60: -#line 611 "gram.y" +case 62: +#line 629 "gram.y" { yyval.options.notbefore = parse_gentime(yyvsp[0].string); free(yyvsp[0].string); @@ -1865,8 +1905,8 @@ } } break; -case 61: -#line 619 "gram.y" +case 63: +#line 637 "gram.y" { yyval.options.notafter = parse_gentime(yyvsp[0].string); free(yyvsp[0].string); @@ -1876,8 +1916,8 @@ } } break; -case 62: -#line 627 "gram.y" +case 64: +#line 645 "gram.y" { yyval.options.timeout = parse_timeout(yyvsp[0].string); free(yyvsp[0].string); @@ -1890,8 +1930,8 @@ } } break; -case 63: -#line 638 "gram.y" +case 65: +#line 656 "gram.y" { #ifdef HAVE_SELINUX free(yyval.options.role); @@ -1899,8 +1939,8 @@ #endif } break; -case 64: -#line 644 "gram.y" +case 66: +#line 662 "gram.y" { #ifdef HAVE_SELINUX free(yyval.options.type); @@ -1908,8 +1948,8 @@ #endif } break; -case 65: -#line 650 "gram.y" +case 67: +#line 668 "gram.y" { #ifdef HAVE_PRIV_SET free(yyval.options.privs); @@ -1917,8 +1957,8 @@ #endif } break; -case 66: -#line 656 "gram.y" +case 68: +#line 674 "gram.y" { #ifdef HAVE_PRIV_SET free(yyval.options.limitprivs); @@ -1926,98 +1966,98 @@ #endif } break; -case 67: -#line 664 "gram.y" +case 69: +#line 682 "gram.y" { TAGS_INIT(yyval.tag); } break; -case 68: -#line 667 "gram.y" +case 70: +#line 685 "gram.y" { yyval.tag.nopasswd = true; } break; -case 69: -#line 670 "gram.y" +case 71: +#line 688 "gram.y" { yyval.tag.nopasswd = false; } break; -case 70: -#line 673 "gram.y" +case 72: +#line 691 "gram.y" { yyval.tag.noexec = true; } break; -case 71: -#line 676 "gram.y" +case 73: +#line 694 "gram.y" { yyval.tag.noexec = false; } break; -case 72: -#line 679 "gram.y" +case 74: +#line 697 "gram.y" { yyval.tag.setenv = true; } break; -case 73: -#line 682 "gram.y" +case 75: +#line 700 "gram.y" { yyval.tag.setenv = false; } break; -case 74: -#line 685 "gram.y" +case 76: +#line 703 "gram.y" { yyval.tag.log_input = true; } break; -case 75: -#line 688 "gram.y" +case 77: +#line 706 "gram.y" { yyval.tag.log_input = false; } break; -case 76: -#line 691 "gram.y" +case 78: +#line 709 "gram.y" { yyval.tag.log_output = true; } break; -case 77: -#line 694 "gram.y" +case 79: +#line 712 "gram.y" { yyval.tag.log_output = false; } break; -case 78: -#line 697 "gram.y" +case 80: +#line 715 "gram.y" { yyval.tag.follow = true; } break; -case 79: -#line 700 "gram.y" +case 81: +#line 718 "gram.y" { yyval.tag.follow = false; } break; -case 80: -#line 703 "gram.y" +case 82: +#line 721 "gram.y" { yyval.tag.send_mail = true; } break; -case 81: -#line 706 "gram.y" +case 83: +#line 724 "gram.y" { yyval.tag.send_mail = false; } break; -case 82: -#line 711 "gram.y" +case 84: +#line 729 "gram.y" { yyval.member = new_member(NULL, ALL); if (yyval.member == NULL) { @@ -2026,8 +2066,8 @@ } } break; -case 83: -#line 718 "gram.y" +case 85: +#line 736 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); if (yyval.member == NULL) { @@ -2036,16 +2076,15 @@ } } break; -case 84: -#line 725 "gram.y" +case 86: +#line 743 "gram.y" { - struct sudo_command *c = calloc(1, sizeof(*c)); - if (c == NULL) { + struct sudo_command *c; + + if ((c = new_command(yyvsp[0].command.cmnd, yyvsp[0].command.args)) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } - c->cmnd = yyvsp[0].command.cmnd; - c->args = yyvsp[0].command.args; yyval.member = new_member((char *)c, COMMAND); if (yyval.member == NULL) { free(c); @@ -2054,8 +2093,8 @@ } } break; -case 87: -#line 746 "gram.y" +case 89: +#line 763 "gram.y" { const char *s; s = alias_add(&parsed_policy, yyvsp[-2].string, HOSTALIAS, @@ -2066,15 +2105,15 @@ } } break; -case 89: -#line 758 "gram.y" +case 91: +#line 775 "gram.y" { HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); yyval.member = yyvsp[-2].member; } break; -case 92: -#line 768 "gram.y" +case 94: +#line 785 "gram.y" { const char *s; s = alias_add(&parsed_policy, yyvsp[-2].string, CMNDALIAS, @@ -2085,15 +2124,15 @@ } } break; -case 94: -#line 780 "gram.y" +case 96: +#line 797 "gram.y" { HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); yyval.member = yyvsp[-2].member; } break; -case 97: -#line 790 "gram.y" +case 99: +#line 807 "gram.y" { const char *s; s = alias_add(&parsed_policy, yyvsp[-2].string, RUNASALIAS, @@ -2104,8 +2143,8 @@ } } break; -case 100: -#line 805 "gram.y" +case 102: +#line 822 "gram.y" { const char *s; s = alias_add(&parsed_policy, yyvsp[-2].string, USERALIAS, @@ -2116,29 +2155,29 @@ } } break; -case 102: -#line 817 "gram.y" +case 104: +#line 834 "gram.y" { HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); yyval.member = yyvsp[-2].member; } break; -case 103: -#line 823 "gram.y" +case 105: +#line 840 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; -case 104: -#line 827 "gram.y" +case 106: +#line 844 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; -case 105: -#line 833 "gram.y" +case 107: +#line 850 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); if (yyval.member == NULL) { @@ -2147,8 +2186,8 @@ } } break; -case 106: -#line 840 "gram.y" +case 108: +#line 857 "gram.y" { yyval.member = new_member(NULL, ALL); if (yyval.member == NULL) { @@ -2157,8 +2196,8 @@ } } break; -case 107: -#line 847 "gram.y" +case 109: +#line 864 "gram.y" { yyval.member = new_member(yyvsp[0].string, NETGROUP); if (yyval.member == NULL) { @@ -2167,8 +2206,8 @@ } } break; -case 108: -#line 854 "gram.y" +case 110: +#line 871 "gram.y" { yyval.member = new_member(yyvsp[0].string, USERGROUP); if (yyval.member == NULL) { @@ -2177,8 +2216,8 @@ } } break; -case 109: -#line 861 "gram.y" +case 111: +#line 878 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); if (yyval.member == NULL) { @@ -2187,29 +2226,29 @@ } } break; -case 111: -#line 871 "gram.y" +case 113: +#line 888 "gram.y" { HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); yyval.member = yyvsp[-2].member; } break; -case 112: -#line 877 "gram.y" +case 114: +#line 894 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; -case 113: -#line 881 "gram.y" +case 115: +#line 898 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; -case 114: -#line 887 "gram.y" +case 116: +#line 904 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); if (yyval.member == NULL) { @@ -2218,8 +2257,8 @@ } } break; -case 115: -#line 894 "gram.y" +case 117: +#line 911 "gram.y" { yyval.member = new_member(NULL, ALL); if (yyval.member == NULL) { @@ -2228,8 +2267,8 @@ } } break; -case 116: -#line 901 "gram.y" +case 118: +#line 918 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); if (yyval.member == NULL) { @@ -2238,7 +2277,7 @@ } } break; -#line 2184 "gram.c" +#line 2223 "gram.c" } yyssp -= yym; yystate = *yyssp; diff -Nru sudo-1.8.31/plugins/sudoers/gram.y sudo-1.9.0/plugins/sudoers/gram.y --- sudo-1.8.31/plugins/sudoers/gram.y 2019-11-06 16:36:20.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/gram.y 2020-05-11 16:28:23.000000000 +0000 @@ -2,7 +2,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1996, 1998-2005, 2007-2013, 2014-2018 + * Copyright (c) 1996, 1998-2005, 2007-2013, 2014-2020 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -70,7 +70,7 @@ }; /* - * Local protoypes + * Local prototypes */ static void init_options(struct command_options *opts); static bool add_defaults(int, struct member *, struct defaults *); @@ -174,7 +174,8 @@ %type timeoutspec %type notbeforespec %type notafterspec -%type digest +%type digestspec +%type digestlist %% @@ -451,7 +452,7 @@ } ; -digest : SHA224_TOK ':' DIGEST { +digestspec : SHA224_TOK ':' DIGEST { $$ = new_digest(SUDO_DIGEST_SHA224, $3); if ($$ == NULL) { sudoerserror(N_("unable to allocate memory")); @@ -481,16 +482,33 @@ } ; +digestlist : digestspec + | digestlist ',' digestspec { + HLTQ_CONCAT($1, $3, entries); + $$ = $1; + } + ; + digcmnd : opcmnd { $$ = $1; } - | digest opcmnd { - if ($2->type != COMMAND) { + | digestlist opcmnd { + struct sudo_command *c = + (struct sudo_command *) $2->name; + + if ($2->type != COMMAND && $2->type != ALL) { sudoerserror(N_("a digest requires a path name")); YYERROR; } - /* XXX - yuck */ - ((struct sudo_command *) $2->name)->digest = $1; + if (c == NULL) { + /* lazy-allocate sudo_command for ALL */ + if ((c = new_command(NULL, NULL)) == NULL) { + sudoerserror(N_("unable to allocate memory")); + YYERROR; + } + $2->name = (char *)c; + } + HLTQ_TO_TAILQ(&c->digests, $1, entries); $$ = $2; } ; @@ -723,13 +741,12 @@ } } | COMMAND { - struct sudo_command *c = calloc(1, sizeof(*c)); - if (c == NULL) { + struct sudo_command *c; + + if ((c = new_command($1.cmnd, $1.args)) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } - c->cmnd = $1.cmnd; - c->args = $1.args; $$ = new_member((char *)c, COMMAND); if ($$ == NULL) { free(c); @@ -911,7 +928,7 @@ void sudoerserror(const char *s) { - debug_decl(sudoerserror, SUDOERS_DEBUG_PARSER) + debug_decl(sudoerserror, SUDOERS_DEBUG_PARSER); /* Save the line the first error occurred on. */ if (errorlineno == -1) { @@ -941,7 +958,7 @@ new_default(char *var, char *val, short op) { struct defaults *d; - debug_decl(new_default, SUDOERS_DEBUG_PARSER) + debug_decl(new_default, SUDOERS_DEBUG_PARSER); if ((d = calloc(1, sizeof(struct defaults))) == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, @@ -965,7 +982,7 @@ new_member(char *name, int type) { struct member *m; - debug_decl(new_member, SUDOERS_DEBUG_PARSER) + debug_decl(new_member, SUDOERS_DEBUG_PARSER); if ((m = calloc(1, sizeof(struct member))) == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, @@ -979,12 +996,30 @@ debug_return_ptr(m); } +static struct sudo_command * +new_command(char *cmnd, char *args) +{ + struct sudo_command *c; + debug_decl(new_command, SUDOERS_DEBUG_PARSER); + + if ((c = calloc(1, sizeof(*c))) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to allocate memory"); + debug_return_ptr(NULL); + } + + c->cmnd = cmnd; + c->args = args; + TAILQ_INIT(&c->digests); + + debug_return_ptr(c); +} static struct command_digest * new_digest(int digest_type, char *digest_str) { struct command_digest *digest; - debug_decl(new_digest, SUDOERS_DEBUG_PARSER) + debug_decl(new_digest, SUDOERS_DEBUG_PARSER); if ((digest = malloc(sizeof(*digest))) == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, @@ -992,6 +1027,7 @@ debug_return_ptr(NULL); } + HLTQ_INIT(digest, entries); digest->digest_type = digest_type; digest->digest_str = digest_str; if (digest->digest_str == NULL) { @@ -1015,7 +1051,7 @@ struct defaults *d, *next; struct member_list *binding; bool ret = true; - debug_decl(add_defaults, SUDOERS_DEBUG_PARSER) + debug_decl(add_defaults, SUDOERS_DEBUG_PARSER); if (defs != NULL) { /* @@ -1054,7 +1090,7 @@ add_userspec(struct member *members, struct privilege *privs) { struct userspec *u; - debug_decl(add_userspec, SUDOERS_DEBUG_PARSER) + debug_decl(add_userspec, SUDOERS_DEBUG_PARSER); if ((u = calloc(1, sizeof(*u))) == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, @@ -1077,16 +1113,18 @@ void free_member(struct member *m) { - debug_decl(free_member, SUDOERS_DEBUG_PARSER) + debug_decl(free_member, SUDOERS_DEBUG_PARSER); - if (m->type == COMMAND) { - struct sudo_command *c = (struct sudo_command *)m->name; - free(c->cmnd); - free(c->args); - if (c->digest != NULL) { - free(c->digest->digest_str); - free(c->digest); - } + if (m->type == COMMAND || (m->type == ALL && m->name != NULL)) { + struct command_digest *digest; + struct sudo_command *c = (struct sudo_command *)m->name; + free(c->cmnd); + free(c->args); + while ((digest = TAILQ_FIRST(&c->digests)) != NULL) { + TAILQ_REMOVE(&c->digests, digest, entries); + free(digest->digest_str); + free(digest); + } } free(m->name); free(m); @@ -1101,7 +1139,7 @@ free_members(struct member_list *members) { struct member *m; - debug_decl(free_members, SUDOERS_DEBUG_PARSER) + debug_decl(free_members, SUDOERS_DEBUG_PARSER); while ((m = TAILQ_FIRST(members)) != NULL) { TAILQ_REMOVE(members, m, entries); @@ -1116,7 +1154,7 @@ { struct member_list *prev_binding = NULL; struct defaults *def; - debug_decl(free_defaults, SUDOERS_DEBUG_PARSER) + debug_decl(free_defaults, SUDOERS_DEBUG_PARSER); while ((def = TAILQ_FIRST(defs)) != NULL) { TAILQ_REMOVE(defs, def, entries); @@ -1129,7 +1167,7 @@ void free_default(struct defaults *def, struct member_list **binding) { - debug_decl(free_default, SUDOERS_DEBUG_PARSER) + debug_decl(free_default, SUDOERS_DEBUG_PARSER); if (def->binding != *binding) { *binding = def->binding; @@ -1159,7 +1197,7 @@ #ifdef HAVE_PRIV_SET char *privs = NULL, *limitprivs = NULL; #endif /* HAVE_PRIV_SET */ - debug_decl(free_privilege, SUDOERS_DEBUG_PARSER) + debug_decl(free_privilege, SUDOERS_DEBUG_PARSER); free(priv->ldap_role); free_members(&priv->hostlist); @@ -1214,7 +1252,7 @@ free_userspecs(struct userspec_list *usl) { struct userspec *us; - debug_decl(free_userspecs, SUDOERS_DEBUG_PARSER) + debug_decl(free_userspecs, SUDOERS_DEBUG_PARSER); while ((us = TAILQ_FIRST(usl)) != NULL) { TAILQ_REMOVE(usl, us, entries); @@ -1229,7 +1267,7 @@ { struct privilege *priv; struct sudoers_comment *comment; - debug_decl(free_userspec, SUDOERS_DEBUG_PARSER) + debug_decl(free_userspec, SUDOERS_DEBUG_PARSER); free_members(&us->users); while ((priv = TAILQ_FIRST(&us->privileges)) != NULL) { @@ -1293,7 +1331,7 @@ init_parser(const char *path, bool quiet, bool strict) { bool ret = true; - debug_decl(init_parser, SUDOERS_DEBUG_PARSER) + debug_decl(init_parser, SUDOERS_DEBUG_PARSER); free_parse_tree(&parsed_policy); init_lexer(); diff -Nru sudo-1.8.31/plugins/sudoers/group_plugin.c sudo-1.9.0/plugins/sudoers/group_plugin.c --- sudo-1.8.31/plugins/sudoers/group_plugin.c 2019-11-19 18:07:15.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/group_plugin.c 2020-05-11 16:28:23.000000000 +0000 @@ -60,7 +60,7 @@ char *args, path[PATH_MAX]; char **argv = NULL; int len, rc = -1; - debug_decl(group_plugin_load, SUDOERS_DEBUG_UTIL) + debug_decl(group_plugin_load, SUDOERS_DEBUG_UTIL); /* * Fill in .so path and split out args (if any). @@ -86,13 +86,15 @@ sudo_warn("%s", path); goto done; } - if (sb.st_uid != ROOT_UID) { - sudo_warnx(U_("%s must be owned by uid %d"), path, ROOT_UID); - goto done; - } - if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { - sudo_warnx(U_("%s must only be writable by owner"), path); - goto done; + if (!sudo_conf_developer_mode()) { + if (sb.st_uid != ROOT_UID) { + sudo_warnx(U_("%s must be owned by uid %d"), path, ROOT_UID); + goto done; + } + if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { + sudo_warnx(U_("%s must only be writable by owner"), path); + goto done; + } } /* Open plugin and map in symbol. */ @@ -168,7 +170,7 @@ void group_plugin_unload(void) { - debug_decl(group_plugin_unload, SUDOERS_DEBUG_UTIL) + debug_decl(group_plugin_unload, SUDOERS_DEBUG_UTIL); if (group_plugin != NULL) { (group_plugin->cleanup)(); @@ -185,7 +187,7 @@ group_plugin_query(const char *user, const char *group, const struct passwd *pwd) { - debug_decl(group_plugin_query, SUDOERS_DEBUG_UTIL) + debug_decl(group_plugin_query, SUDOERS_DEBUG_UTIL); if (group_plugin == NULL) debug_return_int(false); @@ -201,14 +203,14 @@ int group_plugin_load(char *plugin_info) { - debug_decl(group_plugin_load, SUDOERS_DEBUG_UTIL) + debug_decl(group_plugin_load, SUDOERS_DEBUG_UTIL); debug_return_int(false); } void group_plugin_unload(void) { - debug_decl(group_plugin_unload, SUDOERS_DEBUG_UTIL) + debug_decl(group_plugin_unload, SUDOERS_DEBUG_UTIL); debug_return; } @@ -216,7 +218,7 @@ group_plugin_query(const char *user, const char *group, const struct passwd *pwd) { - debug_decl(group_plugin_query, SUDOERS_DEBUG_UTIL) + debug_decl(group_plugin_query, SUDOERS_DEBUG_UTIL); debug_return_int(false); } @@ -229,7 +231,7 @@ cb_group_plugin(const union sudo_defs_val *sd_un) { bool rc = true; - debug_decl(cb_group_plugin, SUDOERS_DEBUG_PLUGIN) + debug_decl(cb_group_plugin, SUDOERS_DEBUG_PLUGIN); /* Unload any existing group plugin before loading a new one. */ group_plugin_unload(); diff -Nru sudo-1.8.31/plugins/sudoers/hexchar.c sudo-1.9.0/plugins/sudoers/hexchar.c --- sudo-1.8.31/plugins/sudoers/hexchar.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/hexchar.c 2020-05-11 16:28:23.000000000 +0000 @@ -37,7 +37,7 @@ { unsigned char result[2]; int i; - debug_decl(hexchar, SUDOERS_DEBUG_UTIL) + debug_decl(hexchar, SUDOERS_DEBUG_UTIL); for (i = 0; i < 2; i++) { switch (s[i]) { diff -Nru sudo-1.8.31/plugins/sudoers/interfaces.c sudo-1.9.0/plugins/sudoers/interfaces.c --- sudo-1.8.31/plugins/sudoers/interfaces.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/interfaces.c 2020-05-11 16:28:23.000000000 +0000 @@ -63,7 +63,7 @@ char *addrinfo, *addr, *mask, *last; struct interface *ifp; bool ret = false; - debug_decl(set_interfaces, SUDOERS_DEBUG_NETIF) + debug_decl(set_interfaces, SUDOERS_DEBUG_NETIF); if ((addrinfo = strdup(ai)) == NULL) debug_return_bool(false); @@ -130,7 +130,7 @@ { const char *cp, *ep; const char *ai_end = ai + strlen(ai); - debug_decl(set_interfaces, SUDOERS_DEBUG_NETIF) + debug_decl(set_interfaces, SUDOERS_DEBUG_NETIF); sudo_printf(SUDO_CONV_INFO_MSG, _("Local IP address and netmask pairs:\n")); diff -Nru sudo-1.8.31/plugins/sudoers/iolog.c sudo-1.9.0/plugins/sudoers/iolog.c --- sudo-1.8.31/plugins/sudoers/iolog.c 2019-10-28 12:28:53.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/iolog.c 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2009-2019 Todd C. Miller + * Copyright (c) 2009-2020 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -24,6 +24,7 @@ #include #include +#include #include #include #include @@ -40,227 +41,65 @@ #include #include #include +#include +#include #include "sudoers.h" -#include "iolog.h" -#include "iolog_files.h" +#include "sudo_iolog.h" +#include "iolog_plugin.h" -/* XXX - separate sudoers.h and iolog.h? */ -#undef runas_pw -#undef runas_gr - -struct iolog_details { - const char *cwd; - const char *tty; - const char *user; - const char *command; - const char *iolog_path; - struct passwd *runas_pw; - struct group *runas_gr; - int lines; - int cols; - bool ignore_iolog_errors; +static struct iolog_file iolog_files[] = { + { false }, /* IOFD_STDIN */ + { false }, /* IOFD_STDOUT */ + { false }, /* IOFD_STDERR */ + { false }, /* IOFD_TTYIN */ + { false }, /* IOFD_TTYOUT */ + { true, }, /* IOFD_TIMING */ }; +static struct sudoers_io_operations { + int (*open)(struct timespec *now); + void (*close)(int exit_status, int error, const char **errstr); + int (*log)(int event, const char *buf, unsigned int len, + struct timespec *delay, const char **errstr); + int (*change_winsize)(unsigned int lines, unsigned int cols, + struct timespec *delay, const char **errstr); + int (*suspend)(const char *signame, struct timespec *delay, + const char **errstr); +} io_operations; + +#ifdef SUDOERS_IOLOG_CLIENT +static struct client_closure *client_closure; +#endif static struct iolog_details iolog_details; -static bool iolog_compress = false; static bool warned = false; static struct timespec last_time; -static unsigned int sessid_max = SESSID_MAX; -static mode_t iolog_filemode = S_IRUSR|S_IWUSR; -static mode_t iolog_dirmode = S_IRWXU; -static bool iolog_gid_set; - -/* shared with set_perms.c */ -uid_t iolog_uid = ROOT_UID; -gid_t iolog_gid = ROOT_GID; +static void sudoers_io_setops(void); /* sudoers_io is declared at the end of this file. */ extern __dso_public struct io_plugin sudoers_io; /* - * Create directory and any parent directories as needed. - */ -static bool -io_mkdirs(char *path) -{ - struct stat sb; - bool ok, uid_changed = false; - debug_decl(io_mkdirs, SUDOERS_DEBUG_UTIL) - - ok = stat(path, &sb) == 0; - if (!ok && errno == EACCES) { - /* Try again as the I/O log owner (for NFS). */ - if (set_perms(PERM_IOLOG)) { - ok = stat(path, &sb) == 0; - if (!restore_perms()) - ok = false; - } - } - if (ok) { - if (S_ISDIR(sb.st_mode)) { - if (sb.st_uid != iolog_uid || sb.st_gid != iolog_gid) { - if (chown(path, iolog_uid, iolog_gid) != 0) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to chown %d:%d %s", __func__, - (int)iolog_uid, (int)iolog_gid, path); - } - } - if ((sb.st_mode & ALLPERMS) != iolog_dirmode) { - if (chmod(path, iolog_dirmode) != 0) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to chmod 0%o %s", __func__, - (int)iolog_dirmode, path); - } - } - } else { - sudo_warnx(U_("%s exists but is not a directory (0%o)"), - path, (unsigned int) sb.st_mode); - ok = false; - } - goto done; - } - - ok = sudo_mkdir_parents(path, iolog_uid, iolog_gid, iolog_dirmode, true); - if (!ok && errno == EACCES) { - /* Try again as the I/O log owner (for NFS). */ - uid_changed = set_perms(PERM_IOLOG); - ok = sudo_mkdir_parents(path, -1, -1, iolog_dirmode, false); - } - if (ok) { - /* Create final path component. */ - sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, - "mkdir %s, mode 0%o", path, (unsigned int) iolog_dirmode); - ok = mkdir(path, iolog_dirmode) == 0 || errno == EEXIST; - if (!ok) { - if (errno == EACCES && !uid_changed) { - /* Try again as the I/O log owner (for NFS). */ - uid_changed = set_perms(PERM_IOLOG); - ok = mkdir(path, iolog_dirmode) == 0 || errno == EEXIST; - } - if (!ok) - sudo_warn(U_("unable to mkdir %s"), path); - } else { - if (chown(path, iolog_uid, iolog_gid) != 0) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to chown %d:%d %s", __func__, - (int)iolog_uid, (int)iolog_gid, path); - } - } - } - if (uid_changed) { - if (!restore_perms()) - ok = false; - } -done: - debug_return_bool(ok); -} - -/* - * Create temporary directory and any parent directories as needed. - */ -static bool -io_mkdtemp(char *path) -{ - bool ok, uid_changed = false; - debug_decl(io_mkdtemp, SUDOERS_DEBUG_UTIL) - - ok = sudo_mkdir_parents(path, iolog_uid, iolog_gid, iolog_dirmode, true); - if (!ok && errno == EACCES) { - /* Try again as the I/O log owner (for NFS). */ - uid_changed = set_perms(PERM_IOLOG); - ok = sudo_mkdir_parents(path, -1, -1, iolog_dirmode, false); - } - if (ok) { - /* Create final path component. */ - sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, - "mkdtemp %s", path); - /* We cannot retry mkdtemp() so always use PERM_IOLOG */ - if (!uid_changed) - uid_changed = set_perms(PERM_IOLOG); - if (mkdtemp(path) == NULL) { - sudo_warn(U_("unable to mkdir %s"), path); - ok = false; - } else { - if (chmod(path, iolog_dirmode) != 0) { - sudo_warn(U_("unable to change mode of %s to 0%o"), - path, (unsigned int)iolog_dirmode); - } - } - } - - if (uid_changed) { - if (!restore_perms()) - ok = false; - } - debug_return_bool(ok); -} - -/* - * Set max session ID (aka sequence number) - */ -static bool -io_set_max_sessid(const char *maxval) -{ - const char *errstr; - unsigned int value; - debug_decl(io_set_max_sessid, SUDOERS_DEBUG_UTIL) - - value = sudo_strtonum(maxval, 0, SESSID_MAX, &errstr); - if (errstr != NULL) { - if (errno != ERANGE) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "bad maxseq: %s: %s", maxval, errstr); - debug_return_bool(false); - } - /* Out of range, clamp to SESSID_MAX as documented. */ - value = SESSID_MAX; - } - sessid_max = value; - debug_return_bool(true); -} - -/* * Sudoers callback for maxseq Defaults setting. */ bool cb_maxseq(const union sudo_defs_val *sd_un) { - debug_decl(cb_maxseq, SUDOERS_DEBUG_UTIL) - - /* Clamp value to SESSID_MAX as documented. */ - sessid_max = sd_un->uival < SESSID_MAX ? sd_un->uival : SESSID_MAX; - debug_return_bool(true); -} - -/* - * Look up I/O log user-ID from user name. Sets iolog_uid. - * Also sets iolog_gid if iolog_group not specified. - */ -static bool -iolog_set_user(const char *name) -{ - struct passwd *pw; - debug_decl(iolog_set_user, SUDOERS_DEBUG_UTIL) + const char *errstr; + unsigned int value; + debug_decl(cb_maxseq, SUDOERS_DEBUG_UTIL); - if (name != NULL) { - pw = sudo_getpwnam(name); - if (pw != NULL) { - iolog_uid = pw->pw_uid; - if (!iolog_gid_set) - iolog_gid = pw->pw_gid; - sudo_pw_delref(pw); - } else { - log_warningx(SLOG_SEND_MAIL, - N_("unknown user: %s"), name); - } - } else { - /* Reset to default. */ - iolog_uid = ROOT_UID; - if (!iolog_gid_set) - iolog_gid = ROOT_GID; + value = sudo_strtonum(sd_un->str, 0, SESSID_MAX, &errstr); + if (errstr != NULL) { + if (errno != ERANGE) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "bad maxseq: %s: %s", sd_un->str, errstr); + debug_return_bool(false); + } + /* Out of range, clamp to SESSID_MAX as documented. */ + value = SESSID_MAX; } - + iolog_set_maxseq(value); debug_return_bool(true); } @@ -270,33 +109,20 @@ bool cb_iolog_user(const union sudo_defs_val *sd_un) { - return iolog_set_user(sd_un->str); -} - -/* - * Look up I/O log group-ID from group name. - * Sets iolog_gid. - */ -static bool -iolog_set_group(const char *name) -{ - struct group *gr; - debug_decl(iolog_set_group, SUDOERS_DEBUG_UTIL) + const char *name = sd_un->str; + struct passwd *pw; + debug_decl(cb_iolog_user, SUDOERS_DEBUG_UTIL); - if (name != NULL) { - gr = sudo_getgrnam(name); - if (gr != NULL) { - iolog_gid = gr->gr_gid; - iolog_gid_set = true; - sudo_gr_delref(gr); - } else { - log_warningx(SLOG_SEND_MAIL, - N_("unknown group: %s"), name); - } + /* NULL name means reset to default. */ + if (name == NULL) { + iolog_set_owner(ROOT_UID, ROOT_GID); } else { - /* Reset to default. */ - iolog_gid = ROOT_GID; - iolog_gid_set = false; + if ((pw = sudo_getpwnam(name)) == NULL) { + log_warningx(SLOG_SEND_MAIL, N_("unknown user: %s"), name); + debug_return_bool(false); + } + iolog_set_owner(pw->pw_uid, pw->pw_gid); + sudo_pw_delref(pw); } debug_return_bool(true); @@ -308,29 +134,21 @@ bool cb_iolog_group(const union sudo_defs_val *sd_un) { - return iolog_set_group(sd_un->str); -} - -/* - * Set iolog_filemode and iolog_dirmode. - */ -static bool -iolog_set_mode(mode_t mode) -{ - debug_decl(iolog_set_mode, SUDOERS_DEBUG_UTIL) - - /* I/O log files must be readable and writable by owner. */ - iolog_filemode = S_IRUSR|S_IWUSR; + const char *name = sd_un->str; + struct group *gr; + debug_decl(cb_iolog_group, SUDOERS_DEBUG_UTIL); - /* Add in group and other read/write if specified. */ - iolog_filemode |= mode & (S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH); - - /* For directory mode, add execute bits as needed. */ - iolog_dirmode = iolog_filemode | S_IXUSR; - if (iolog_dirmode & (S_IRGRP|S_IWGRP)) - iolog_dirmode |= S_IXGRP; - if (iolog_dirmode & (S_IROTH|S_IWOTH)) - iolog_dirmode |= S_IXOTH; + /* NULL name means reset to default. */ + if (name == NULL) { + iolog_set_gid(ROOT_GID); + } else { + if ((gr = sudo_getgrnam(name)) == NULL) { + log_warningx(SLOG_SEND_MAIL, N_("unknown group: %s"), name); + debug_return_bool(false); + } + iolog_set_gid(gr->gr_gid); + sudo_gr_delref(gr); + } debug_return_bool(true); } @@ -341,256 +159,52 @@ bool cb_iolog_mode(const union sudo_defs_val *sd_un) { - return iolog_set_mode(sd_un->mode); + iolog_set_mode(sd_un->mode); + return true; } /* - * Wrapper for open(2) that retries with PERM_IOLOG if open(2) - * returns EACCES. + * Convert a comma-separated list to a string list. */ -static int -io_open(const char *path, int flags, mode_t perm) +static struct sudoers_str_list * +deserialize_stringlist(const char *s) { - int fd; - debug_decl(io_open, SUDOERS_DEBUG_UTIL) - - fd = open(path, flags, perm); - if (fd == -1 && errno == EACCES) { - /* Try again as the I/O log owner (for NFS). */ - if (set_perms(PERM_IOLOG)) { - fd = open(path, flags, perm); - if (!restore_perms()) { - /* restore_perms() warns on error. */ - if (fd != -1) { - close(fd); - fd = -1; - } - } - } - } - debug_return_int(fd); -} - -/* - * Read the on-disk sequence number, set sessid to the next - * number, and update the on-disk copy. - * Uses file locking to avoid sequence number collisions. - */ -bool -io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7]) -{ - struct stat sb; - char buf[32], *ep; - int i, len, fd = -1; - unsigned long id = 0; - mode_t omask; - ssize_t nread; - bool ret = false; - char pathbuf[PATH_MAX]; - static const char b36char[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; - debug_decl(io_nextid, SUDOERS_DEBUG_UTIL) - - /* umask must not be more restrictive than the file modes. */ - omask = umask(ACCESSPERMS & ~(iolog_filemode|iolog_dirmode)); - - /* - * Create I/O log directory if it doesn't already exist. - */ - if (!io_mkdirs(iolog_dir)) - goto done; - - /* - * Open sequence file - */ - len = snprintf(pathbuf, sizeof(pathbuf), "%s/seq", iolog_dir); - if (len < 0 || len >= ssizeof(pathbuf)) { - errno = ENAMETOOLONG; - log_warning(SLOG_SEND_MAIL, "%s/seq", pathbuf); - goto done; - } - fd = io_open(pathbuf, O_RDWR|O_CREAT, iolog_filemode); - if (fd == -1) { - log_warning(SLOG_SEND_MAIL, N_("unable to open %s"), pathbuf); - goto done; - } - sudo_lock_file(fd, SUDO_LOCK); - if (fchown(fd, iolog_uid, iolog_gid) != 0) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to fchown %d:%d %s", __func__, - (int)iolog_uid, (int)iolog_gid, pathbuf); - } - - /* - * If there is no seq file in iolog_dir and a fallback dir was - * specified, look for seq in the fallback dir. This is to work - * around a bug in sudo 1.8.5 and older where iolog_dir was not - * expanded before the sequence number was updated. - */ - if (iolog_dir_fallback != NULL && fstat(fd, &sb) == 0 && sb.st_size == 0) { - char fallback[PATH_MAX]; - - len = snprintf(fallback, sizeof(fallback), "%s/seq", - iolog_dir_fallback); - if (len > 0 && len < ssizeof(fallback)) { - int fd2 = io_open(fallback, O_RDWR|O_CREAT, iolog_filemode); - if (fd2 != -1) { - if (fchown(fd2, iolog_uid, iolog_gid) != 0) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to fchown %d:%d %s", __func__, - (int)iolog_uid, (int)iolog_gid, fallback); - } - nread = read(fd2, buf, sizeof(buf) - 1); - if (nread > 0) { - if (buf[nread - 1] == '\n') - nread--; - buf[nread] = '\0'; - id = strtoul(buf, &ep, 36); - if (ep == buf || *ep != '\0' || id >= sessid_max) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "%s: bad sequence number: %s", fallback, buf); - id = 0; - } - } - close(fd2); - } - } - } - - /* Read current seq number (base 36). */ - if (id == 0) { - nread = read(fd, buf, sizeof(buf) - 1); - if (nread != 0) { - if (nread == -1) { - log_warning(SLOG_SEND_MAIL, N_("unable to read %s"), pathbuf); - goto done; - } - if (buf[nread - 1] == '\n') - nread--; - buf[nread] = '\0'; - id = strtoul(buf, &ep, 36); - if (ep == buf || *ep != '\0' || id >= sessid_max) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "%s: bad sequence number: %s", pathbuf, buf); - id = 0; - } + struct sudoers_str_list *strlist; + struct sudoers_string *str; + const char *s_end = s + strlen(s); + const char *cp, *ep; + debug_decl(deserialize_stringlist, SUDOERS_DEBUG_UTIL); + + if ((strlist = str_list_alloc()) == NULL) + debug_return_ptr(NULL); + + for (cp = sudo_strsplit(s, s_end, ",", &ep); cp != NULL; + cp = sudo_strsplit(NULL, s_end, ",", &ep)) { + if (cp == ep) + continue; + if ((str = malloc(sizeof(*str))) == NULL) + goto bad; + if ((str->str = strndup(cp, (ep - cp))) == NULL) { + free(str); + goto bad; } + STAILQ_INSERT_TAIL(strlist, str, entries); } - id++; - - /* - * Convert id to a string and stash in sessid. - * Note that that least significant digits go at the end of the string. - */ - for (i = 5; i >= 0; i--) { - buf[i] = b36char[id % 36]; - id /= 36; - } - buf[6] = '\n'; - - /* Stash id for logging purposes. */ - memcpy(sessid, buf, 6); - sessid[6] = '\0'; - - /* Rewind and overwrite old seq file, including the NUL byte. */ -#ifdef HAVE_PWRITE - if (pwrite(fd, buf, 7, 0) != 7) { -#else - if (lseek(fd, 0, SEEK_SET) == -1 || write(fd, buf, 7) != 7) { -#endif - log_warning(SLOG_SEND_MAIL, N_("unable to write to %s"), pathbuf); - warned = true; - goto done; - } - ret = true; - -done: - umask(omask); - if (fd != -1) - close(fd); - debug_return_bool(ret); -} - -/* - * Copy iolog_path to pathbuf and create the directory and any intermediate - * directories. If iolog_path ends in 'XXXXXX', use mkdtemp(). - * Returns SIZE_MAX on error. - */ -static size_t -mkdir_iopath(const char *iolog_path, char *pathbuf, size_t pathsize) -{ - size_t len; - bool ok; - debug_decl(mkdir_iopath, SUDOERS_DEBUG_UTIL) - - len = strlcpy(pathbuf, iolog_path, pathsize); - if (len >= pathsize) { - errno = ENAMETOOLONG; - log_warning(SLOG_SEND_MAIL, "%s", iolog_path); - debug_return_size_t((size_t)-1); - } - - /* - * Create path and intermediate subdirs as needed. - * If path ends in at least 6 Xs (ala POSIX mktemp), use mkdtemp(). - * Sets iolog_gid (if it is not already set) as a side effect. - */ - if (len >= 6 && strcmp(&pathbuf[len - 6], "XXXXXX") == 0) - ok = io_mkdtemp(pathbuf); - else - ok = io_mkdirs(pathbuf); + if (STAILQ_EMPTY(strlist)) + goto bad; - debug_return_size_t(ok ? len : (size_t)-1); -} + debug_return_ptr(strlist); -/* - * Append suffix to pathbuf after len chars and open the resulting file. - * Note that the size of pathbuf is assumed to be PATH_MAX. - * Uses zlib if docompress is true. - * Stores the open file handle which has the close-on-exec flag set. - */ -static bool -open_io_fd(char *pathbuf, size_t len, struct io_log_file *iol, bool docompress) -{ - debug_decl(open_io_fd, SUDOERS_DEBUG_UTIL) - - pathbuf[len] = '\0'; - strlcat(pathbuf, iol->suffix, PATH_MAX); - if (iol->enabled) { - int fd = io_open(pathbuf, O_CREAT|O_TRUNC|O_WRONLY, iolog_filemode); - if (fd != -1) { - if (fchown(fd, iolog_uid, iolog_gid) != 0) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to fchown %d:%d %s", __func__, - (int)iolog_uid, (int)iolog_gid, pathbuf); - } - (void)fcntl(fd, F_SETFD, FD_CLOEXEC); -#ifdef HAVE_ZLIB_H - if (docompress) - iol->fd.g = gzdopen(fd, "w"); - else -#endif - iol->fd.f = fdopen(fd, "w"); - if (iol->fd.v == NULL) { - close(fd); - fd = -1; - } - } - if (fd == -1) { - log_warning(SLOG_SEND_MAIL, N_("unable to create %s"), pathbuf); - debug_return_bool(false); - } - } else { - /* Remove old log file if we recycled sequence numbers. */ - unlink(pathbuf); - } - debug_return_bool(true); +bad: + str_list_free(strlist); + debug_return_ptr(NULL); } /* * Pull out I/O log related data from user_info and command_info arrays. - * Returns true if I/O logging is enabled, else false. + * Returns true if I/O logging is enabled, false if not and -1 on error. */ -static bool +static int iolog_deserialize_info(struct iolog_details *details, char * const user_info[], char * const command_info[]) { @@ -602,7 +216,7 @@ id_t id; uid_t runas_uid = 0; gid_t runas_gid = 0; - debug_decl(iolog_deserialize_info, SUDOERS_DEBUG_UTIL) + debug_decl(iolog_deserialize_info, SUDOERS_DEBUG_UTIL); details->lines = 24; details->cols = 80; @@ -622,6 +236,12 @@ continue; } break; + case 'h': + if (strncmp(*cur, "host=", sizeof("host=") - 1) == 0) { + details->host = *cur + sizeof("host=") - 1; + continue; + } + break; case 'l': if (strncmp(*cur, "lines=", sizeof("lines=") - 1) == 0) { int n = sudo_strtonum(*cur + sizeof("lines=") - 1, 1, INT_MAX, @@ -666,52 +286,138 @@ } if (strncmp(*cur, "iolog_stdin=", sizeof("iolog_stdin=") - 1) == 0) { if (sudo_strtobool(*cur + sizeof("iolog_stdin=") - 1) == true) - io_log_files[IOFD_STDIN].enabled = true; + iolog_files[IOFD_STDIN].enabled = true; continue; } if (strncmp(*cur, "iolog_stdout=", sizeof("iolog_stdout=") - 1) == 0) { if (sudo_strtobool(*cur + sizeof("iolog_stdout=") - 1) == true) - io_log_files[IOFD_STDOUT].enabled = true; + iolog_files[IOFD_STDOUT].enabled = true; continue; } if (strncmp(*cur, "iolog_stderr=", sizeof("iolog_stderr=") - 1) == 0) { if (sudo_strtobool(*cur + sizeof("iolog_stderr=") - 1) == true) - io_log_files[IOFD_STDERR].enabled = true; + iolog_files[IOFD_STDERR].enabled = true; continue; } if (strncmp(*cur, "iolog_ttyin=", sizeof("iolog_ttyin=") - 1) == 0) { if (sudo_strtobool(*cur + sizeof("iolog_ttyin=") - 1) == true) - io_log_files[IOFD_TTYIN].enabled = true; + iolog_files[IOFD_TTYIN].enabled = true; continue; } if (strncmp(*cur, "iolog_ttyout=", sizeof("iolog_ttyout=") - 1) == 0) { if (sudo_strtobool(*cur + sizeof("iolog_ttyout=") - 1) == true) - io_log_files[IOFD_TTYOUT].enabled = true; + iolog_files[IOFD_TTYOUT].enabled = true; continue; } if (strncmp(*cur, "iolog_compress=", sizeof("iolog_compress=") - 1) == 0) { - if (sudo_strtobool(*cur + sizeof("iolog_compress=") - 1) == true) - iolog_compress = true; /* must be global */ + int val = sudo_strtobool(*cur + sizeof("iolog_compress=") - 1); + if (val != -1) { + iolog_set_compress(val); + } else { + sudo_debug_printf(SUDO_DEBUG_WARN, + "%s: unable to parse %s", __func__, *cur); + } + continue; + } + if (strncmp(*cur, "iolog_flush=", sizeof("iolog_flush=") - 1) == 0) { + int val = sudo_strtobool(*cur + sizeof("iolog_flush=") - 1); + if (val != -1) { + iolog_set_flush(val); + } else { + sudo_debug_printf(SUDO_DEBUG_WARN, + "%s: unable to parse %s", __func__, *cur); + } continue; } if (strncmp(*cur, "iolog_mode=", sizeof("iolog_mode=") - 1) == 0) { mode_t mode = sudo_strtomode(*cur + sizeof("iolog_mode=") - 1, &errstr); - if (errstr == NULL) + if (errstr == NULL) { iolog_set_mode(mode); + } else { + sudo_debug_printf(SUDO_DEBUG_WARN, + "%s: unable to parse %s", __func__, *cur); + } continue; } if (strncmp(*cur, "iolog_group=", sizeof("iolog_group=") - 1) == 0) { - iolog_set_group(*cur + sizeof("iolog_group=") - 1); + struct group *gr = + sudo_getgrnam(*cur + sizeof("iolog_group=") - 1); + if (gr == NULL) { + sudo_debug_printf(SUDO_DEBUG_WARN, "%s: unknown group %s", + __func__, *cur + sizeof("iolog_group=") - 1); + } else { + iolog_set_gid(gr->gr_gid); + sudo_gr_delref(gr); + } continue; } if (strncmp(*cur, "iolog_user=", sizeof("iolog_user=") - 1) == 0) { - iolog_set_user(*cur + sizeof("iolog_user=") - 1); + struct passwd *pw = + sudo_getpwnam(*cur + sizeof("iolog_user=") - 1); + if (pw == NULL) { + sudo_debug_printf(SUDO_DEBUG_WARN, "%s: unknown user %s", + __func__, *cur + sizeof("iolog_user=") - 1); + } else { + iolog_set_owner(pw->pw_uid, pw->pw_gid); + sudo_pw_delref(pw); + } continue; } break; + case 'l': + if (strncmp(*cur, "log_servers=", sizeof("log_servers=") - 1) == 0) { + details->log_servers = + deserialize_stringlist(*cur + sizeof("log_servers=") - 1); + if (!details->log_servers) + goto oom; + continue; + } + if (strncmp(*cur, "log_server_timeout=", sizeof("log_server_timeout=") - 1) == 0) { + details->server_timeout.tv_sec = + sudo_strtonum(*cur + sizeof("log_server_timeout=") - 1, 1, + TIME_T_MAX, NULL); + continue; + } + if (strncmp(*cur, "log_server_keepalive=", sizeof("log_server_keepalive=") - 1) == 0) { + int val = sudo_strtobool(*cur + sizeof("log_server_keepalive=") - 1); + if (val != -1) { + details->keepalive = val; + } else { + sudo_debug_printf(SUDO_DEBUG_WARN, + "%s: unable to parse %s", __func__, *cur); + } + continue; + } +#if defined(HAVE_OPENSSL) + if (strncmp(*cur, "log_server_cabundle=", sizeof("log_server_cabundle=") - 1) == 0) { + details->ca_bundle = *cur + sizeof("log_server_cabundle=") - 1; + continue; + } + if (strncmp(*cur, "log_server_peer_cert=", sizeof("log_server_peer_cert=") - 1) == 0) { + details->cert_file = *cur + sizeof("log_server_peer_cert=") - 1; + continue; + } + if (strncmp(*cur, "log_server_peer_key=", sizeof("log_server_peer_key=") - 1) == 0) { + details->key_file = *cur + sizeof("log_server_peer_key=") - 1; + continue; + } + if (strncmp(*cur, "log_server_verify=", sizeof("log_server_verify=") - 1) == 0) { + int val = sudo_strtobool(*cur + sizeof("log_server_verify=") - 1); + if (val != -1) { + details->keepalive = val; + } else { + sudo_debug_printf(SUDO_DEBUG_WARN, + "%s: unable to parse %s", __func__, *cur); + } + continue; + } +#endif /* HAVE_OPENSSL */ + break; case 'm': if (strncmp(*cur, "maxseq=", sizeof("maxseq=") - 1) == 0) { - io_set_max_sessid(*cur + sizeof("maxseq=") - 1); + union sudo_defs_val sd_un; + sd_un.str = *cur + sizeof("maxseq=") - 1; + cb_maxseq(&sd_un); continue; } break; @@ -773,136 +479,194 @@ details->runas_gr = sudo_fakegrnam(idbuf); } } - debug_return_bool( - io_log_files[IOFD_STDIN].enabled || io_log_files[IOFD_STDOUT].enabled || - io_log_files[IOFD_STDERR].enabled || io_log_files[IOFD_TTYIN].enabled || - io_log_files[IOFD_TTYOUT].enabled); + debug_return_int( + iolog_files[IOFD_STDIN].enabled || iolog_files[IOFD_STDOUT].enabled || + iolog_files[IOFD_STDERR].enabled || iolog_files[IOFD_TTYIN].enabled || + iolog_files[IOFD_TTYOUT].enabled); +oom: + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + str_list_free(details->log_servers); + debug_return_int(-1); } /* - * Write the "/log" file that contains the user and command info. + * Write the "log" file that contains the user and command info. * This file is not compressed. */ static bool -write_info_log(char *pathbuf, size_t len, struct iolog_details *details, - char * const argv[]) +write_info_log(int dfd, char *iolog_dir, struct iolog_details *details) { - time_t now; - char * const *av; - FILE *fp; - int fd; - bool ret = true; - debug_decl(write_info_log, SUDOERS_DEBUG_UTIL) - - pathbuf[len] = '\0'; - strlcat(pathbuf, "/log", PATH_MAX); - fd = io_open(pathbuf, O_CREAT|O_TRUNC|O_WRONLY, iolog_filemode); - if (fd == -1 || (fp = fdopen(fd, "w")) == NULL) { - log_warning(SLOG_SEND_MAIL, N_("unable to create %s"), pathbuf); - debug_return_bool(false); - } - if (fchown(fd, iolog_uid, iolog_gid) != 0) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to fchown %d:%d %s", __func__, - (int)iolog_uid, (int)iolog_gid, pathbuf); - } + struct iolog_info iolog_info; + debug_decl(write_info_log, SUDOERS_DEBUG_UTIL); - fprintf(fp, "%lld:%s:%s:%s:%s:%d:%d\n%s\n%s", (long long)time(&now), - details->user ? details->user : "unknown", details->runas_pw->pw_name, - details->runas_gr ? details->runas_gr->gr_name : "", - details->tty ? details->tty : "unknown", details->lines, details->cols, - details->cwd ? details->cwd : "unknown", - details->command ? details->command : "unknown"); - for (av = argv + 1; *av != NULL; av++) { - fputc(' ', fp); - fputs(*av, fp); - } - fputc('\n', fp); - fflush(fp); - if (ferror(fp)) { - log_warning(SLOG_SEND_MAIL, + /* XXX - just use iolog_info in the first place? */ + memset(&iolog_info, 0, sizeof(iolog_info)); + iolog_info.cwd = (char *)details->cwd; + iolog_info.user = (char *)details->user; + iolog_info.runas_user = details->runas_pw->pw_name; + iolog_info.runas_group = details->runas_gr ? details->runas_gr->gr_name: NULL; + iolog_info.tty = (char *)details->tty; + iolog_info.cmd = (char *)details->command; + iolog_info.host = (char *)details->host; + sudo_gettime_real(&iolog_info.tstamp); + iolog_info.lines = details->lines; + iolog_info.cols = details->cols; + iolog_info.runas_uid = details->runas_pw->pw_uid; + iolog_info.runas_gid = details->runas_gr ? details->runas_gr->gr_gid: (gid_t)-1; + iolog_info.argv = (char **)details->argv; + iolog_info.envp = (char **)details->user_env; + + if (!iolog_write_info_file(dfd, iolog_dir, &iolog_info)) { + log_warningx(SLOG_SEND_MAIL, N_("unable to write to I/O log file: %s"), strerror(errno)); warned = true; - ret = false; + debug_return_bool(false); } - fclose(fp); - debug_return_bool(ret); + debug_return_bool(true); } -#ifdef HAVE_ZLIB_H -static const char * -gzstrerror(gzFile file) +/* + * Make a shallow copy of a NULL-terminated argument or environment vector. + * Only the outer array is allocated, the pointers inside are copied. + * The caller is responsible for freeing the returned copy. + */ +static char ** +copy_vector_shallow(char * const *vec) { - int errnum; + char **copy; + size_t len; + debug_decl(copy_vector, SUDOERS_DEBUG_UTIL); + + for (len = 0; vec[len] != NULL; len++) + continue; - return gzerror(file, &errnum); + if ((copy = reallocarray(NULL, len + 1, sizeof(char *))) != NULL) { + for (len = 0; vec[len] != NULL; len++) + copy[len] = vec[len]; + copy[len] = NULL; + } + + debug_return_ptr(copy); } -#endif /* HAVE_ZLIB_H */ -/* - * Write to an I/O log, compressing if iolog_compress is enabled. - * If def_iolog_flush is true, flush the buffer immediately. - */ -static const char * -iolog_write(union io_fd ifd, const void *buf, unsigned int len) +static int +sudoers_io_open_local(struct timespec *now) { - const char *errstr = NULL; - debug_decl(iolog_write, SUDOERS_DEBUG_PLUGIN) + char iolog_path[PATH_MAX], sessid[7]; + size_t len; + int iolog_dir_fd = -1; + int i, ret = -1; + debug_decl(sudoers_io_open_local, SUDOERS_DEBUG_PLUGIN); -#ifdef HAVE_ZLIB_H - if (iolog_compress) { - if (gzwrite(ifd.g, (const voidp)buf, len) != (int)len) { - errstr = gzstrerror(ifd.g); + /* If no I/O log path defined we need to figure it out ourselves. */ + if (iolog_details.iolog_path == NULL) { + /* Get next session ID and convert it into a path. */ + len = strlcpy(iolog_path, _PATH_SUDO_IO_LOGDIR, sizeof(iolog_path)); + if (len + strlen("/00/00/00") >= sizeof(iolog_path)) { + sudo_warnx(U_("internal error, %s overflow"), __func__); + ret = false; goto done; } - if (def_iolog_flush) { - if (gzflush(ifd.g, Z_SYNC_FLUSH) != Z_OK) { - errstr = gzstrerror(ifd.g); - goto done; - } + if (!iolog_nextid(iolog_path, sessid)) { + log_warning(SLOG_SEND_MAIL, N_("unable to update sequence file")); + ret = false; + goto done; } - } else -#endif - { - if (fwrite(buf, 1, len, ifd.f) != len) { - errstr = strerror(errno); + (void)snprintf(iolog_path + sizeof(_PATH_SUDO_IO_LOGDIR), + sizeof(iolog_path) - sizeof(_PATH_SUDO_IO_LOGDIR), + "/%c%c/%c%c/%c%c", sessid[0], sessid[1], sessid[2], + sessid[3], sessid[4], sessid[5]); + } else { + len = strlcpy(iolog_path, iolog_details.iolog_path, sizeof(iolog_path)); + if (len >= sizeof(iolog_path)) { + sudo_warnx(U_("internal error, %s overflow"), __func__); + ret = false; goto done; } - if (def_iolog_flush) { - if (fflush(ifd.f) != 0) { - errstr = strerror(errno); - goto done; - } + } + + /* + * Create I/O log path along with any * intermediate subdirs. + * Calls mkdtemp() if iolog_path ends in XXXXXX. + */ + if (!iolog_mkpath(iolog_path)) { + log_warning(SLOG_SEND_MAIL, "%s", iolog_path); + goto done; + } + + iolog_dir_fd = iolog_openat(AT_FDCWD, iolog_path, O_RDONLY); + if (iolog_dir_fd == -1) { + log_warning(SLOG_SEND_MAIL, "%s", iolog_path); + goto done; + } + + /* Write log file with user and command details. */ + if (!write_info_log(iolog_dir_fd, iolog_path, &iolog_details)) + goto done; + + /* Create the timing and I/O log files. */ + for (i = 0; i < IOFD_MAX; i++) { + if (!iolog_open(&iolog_files[i], iolog_dir_fd, i, "w")) { + log_warning(SLOG_SEND_MAIL, N_("unable to create %s/%s"), + iolog_path, iolog_fd_to_name(i)); + goto done; } } + ret = true; + +done: + if (iolog_dir_fd != -1) + close(iolog_dir_fd); + + debug_return_int(ret); +} + +#ifdef SUDOERS_IOLOG_CLIENT +static int +sudoers_io_open_remote(struct timespec *now) +{ + int ret = -1; + debug_decl(sudoers_io_open_remote, SUDOERS_DEBUG_PLUGIN); + + client_closure = client_closure_alloc(&iolog_details, &sudoers_io, now); + if (client_closure == NULL) + goto done; + + /* Connect to log server. */ + if (!log_server_connect(client_closure)) { + /* TODO: support offline logs if server unreachable */ + sudo_warnx(U_("unable to connect to log server")); + goto done; + } + + /* Read ServerHello synchronously or fail. */ + if (read_server_hello(client_closure)) + ret = 1; + done: - debug_return_const_str(errstr); + if (ret != 1) + client_closure_free(client_closure); + debug_return_int(ret); } +#endif /* SUDOERS_IOLOG_CLIENT */ static int sudoers_io_open(unsigned int version, sudo_conv_t conversation, sudo_printf_t plugin_printf, char * const settings[], char * const user_info[], char * const command_info[], - int argc, char * const argv[], char * const user_env[], char * const args[]) + int argc, char * const argv[], char * const user_env[], char * const args[], + const char **errstr) { struct sudo_conf_debug_file_list debug_files = TAILQ_HEAD_INITIALIZER(debug_files); - char pathbuf[PATH_MAX], sessid[7]; - char *tofree = NULL; char * const *cur; const char *cp, *plugin_path = NULL; - size_t len; - mode_t omask; - int i, ret = -1; - debug_decl(sudoers_io_open, SUDOERS_DEBUG_PLUGIN) + int ret = -1; + debug_decl(sudoers_io_open, SUDOERS_DEBUG_PLUGIN); sudo_conv = conversation; sudo_printf = plugin_printf; - /* If we have no command (because -V was specified) just return. */ - if (argc == 0) - debug_return_int(true); - bindtextdomain("sudoers", LOCALEDIR); /* Initialize the debug subsystem. */ @@ -919,90 +683,69 @@ } } - /* umask must not be more restrictive than the file modes. */ - omask = umask(ACCESSPERMS & ~(iolog_filemode|iolog_dirmode)); - if (!sudoers_debug_register(plugin_path, &debug_files)) { ret = -1; goto done; } + /* If we have no command (because -V was specified) just return. */ + if (argc == 0) + debug_return_int(true); + /* * Pull iolog settings out of command_info. */ - if (!iolog_deserialize_info(&iolog_details, user_info, command_info)) { - ret = false; + ret = iolog_deserialize_info(&iolog_details, user_info, command_info); + if (ret != true) goto done; - } + iolog_details.argv = argv; + iolog_details.argc = argc; - /* If no I/O log path defined we need to figure it out ourselves. */ - if (iolog_details.iolog_path == NULL) { - /* Get next session ID and convert it into a path. */ - tofree = malloc(sizeof(_PATH_SUDO_IO_LOGDIR) + sizeof(sessid) + 2); - if (tofree == NULL) { - sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - goto done; - } - memcpy(tofree, _PATH_SUDO_IO_LOGDIR, sizeof(_PATH_SUDO_IO_LOGDIR)); - if (!io_nextid(tofree, NULL, sessid)) { - ret = false; + /* + * Copy user_env, it may be reallocated during policy session init. + */ + if (user_env != NULL) { + iolog_details.user_env = copy_vector_shallow(user_env); + if (iolog_details.user_env == NULL) { + ret = -1; goto done; } - (void)snprintf(tofree + sizeof(_PATH_SUDO_IO_LOGDIR), - sizeof(sessid) + 2, "%c%c/%c%c/%c%c", sessid[0], sessid[1], - sessid[2], sessid[3], sessid[4], sessid[5]); - iolog_details.iolog_path = tofree; } - /* - * Make local copy of I/O log path and create it, along with any - * intermediate subdirs. Calls mkdtemp() if iolog_path ends in XXXXXX. - */ - len = mkdir_iopath(iolog_details.iolog_path, pathbuf, sizeof(pathbuf)); - if (len >= sizeof(pathbuf)) - goto done; + /* Initialize io_operations. */ + sudoers_io_setops(); - /* Write log file with user and command details. */ - if (!write_info_log(pathbuf, len, &iolog_details, argv)) + if (sudo_gettime_awake(&last_time) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to get time of day", __func__); goto done; - - /* Create the timing and I/O log files. */ - for (i = 0; i < IOFD_MAX; i++) { - if (!open_io_fd(pathbuf, len, &io_log_files[i], iolog_compress)) - goto done; } /* + * Create local I/O log file or connect to remote log server. + */ + if ((ret = io_operations.open(&last_time)) != true) + goto done; + + /* * Clear I/O log function pointers for disabled log functions. */ - if (!io_log_files[IOFD_STDIN].enabled) + if (!iolog_files[IOFD_STDIN].enabled) sudoers_io.log_stdin = NULL; - if (!io_log_files[IOFD_STDOUT].enabled) + if (!iolog_files[IOFD_STDOUT].enabled) sudoers_io.log_stdout = NULL; - if (!io_log_files[IOFD_STDERR].enabled) + if (!iolog_files[IOFD_STDERR].enabled) sudoers_io.log_stderr = NULL; - if (!io_log_files[IOFD_TTYIN].enabled) + if (!iolog_files[IOFD_TTYIN].enabled) sudoers_io.log_ttyin = NULL; - if (!io_log_files[IOFD_TTYOUT].enabled) + if (!iolog_files[IOFD_TTYOUT].enabled) sudoers_io.log_ttyout = NULL; - if (sudo_gettime_awake(&last_time) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to get time of day", __func__); - goto done; - } - - ret = true; - done: - umask(omask); - free(tofree); - if (iolog_details.runas_pw) - sudo_pw_delref(iolog_details.runas_pw); - if (iolog_details.runas_gr) - sudo_gr_delref(iolog_details.runas_gr); - sudo_freepwcache(); - sudo_freegrcache(); + if (ret != true) { + sudo_freepwcache(); + sudo_freegrcache(); + } /* Ignore errors if they occur if the policy says so. */ if (ret == -1 && iolog_details.ignore_iolog_errors) @@ -1012,43 +755,59 @@ } static void -sudoers_io_close(int exit_status, int error) +sudoers_io_close_local(int exit_status, int error, const char **errstr) { - const char *errstr = NULL; int i; - debug_decl(sudoers_io_close, SUDOERS_DEBUG_PLUGIN) + debug_decl(sudoers_io_close_local, SUDOERS_DEBUG_PLUGIN); for (i = 0; i < IOFD_MAX; i++) { - if (io_log_files[i].fd.v == NULL) + if (iolog_files[i].fd.v == NULL) continue; -#ifdef HAVE_ZLIB_H - if (iolog_compress) { - int errnum; - - if (gzclose(io_log_files[i].fd.g) != Z_OK) - errstr = gzerror(io_log_files[i].fd.g, &errnum); - } else -#endif - if (fclose(io_log_files[i].fd.f) != 0) - errstr = strerror(errno); + iolog_close(&iolog_files[i], errstr); } + debug_return; +} + +#ifdef SUDOERS_IOLOG_CLIENT +static void +sudoers_io_close_remote(int exit_status, int error, const char **errstr) +{ + debug_decl(sudoers_io_close_remote, SUDOERS_DEBUG_PLUGIN); + + client_close(client_closure, exit_status, error); + + debug_return; +} +#endif + +static void +sudoers_io_close(int exit_status, int error) +{ + const char *errstr = NULL; + debug_decl(sudoers_io_close, SUDOERS_DEBUG_PLUGIN); + + if (io_operations.close != NULL) + io_operations.close(exit_status, error, &errstr); + if (errstr != NULL && !warned) { /* Only warn about I/O log file errors once. */ - log_warning(SLOG_SEND_MAIL, + log_warningx(SLOG_SEND_MAIL, N_("unable to write to I/O log file: %s"), errstr); warned = true; } - sudoers_debug_deregister(); + sudo_freepwcache(); + sudo_freegrcache(); - return; + /* sudoers_debug_deregister() calls sudo_debug_exit() for us. */ + sudoers_debug_deregister(); } static int sudoers_io_version(int verbose) { - debug_decl(sudoers_io_version, SUDOERS_DEBUG_PLUGIN) + debug_decl(sudoers_io_version, SUDOERS_DEBUG_PLUGIN); sudo_printf(SUDO_CONV_INFO_MSG, "Sudoers I/O plugin version %s\n", PACKAGE_VERSION); @@ -1057,63 +816,145 @@ } /* - * Generic I/O logging function. Called by the I/O logging entry points. + * Write an I/O log entry to the local file system. * Returns 1 on success and -1 on error. + * Fills in errstr on error. */ static int -sudoers_io_log(union io_fd ifd, const char *buf, unsigned int len, int event) +sudoers_io_log_local(int event, const char *buf, unsigned int len, + struct timespec *delay, const char **errstr) { - struct timespec now, delay; + struct iolog_file *iol; char tbuf[1024]; - const char *errstr = NULL; int ret = -1; - debug_decl(sudoers_io_log, SUDOERS_DEBUG_PLUGIN) + debug_decl(sudoers_io_log_local, SUDOERS_DEBUG_PLUGIN); - if (ifd.v == NULL) { + if (event < 0 || event >= IOFD_MAX) { + *errstr = NULL; + sudo_warnx(U_("unexpected I/O event %d"), event); + debug_return_int(-1); + } + iol = &iolog_files[event]; + if (!iol->enabled) { + *errstr = NULL; sudo_warnx(U_("%s: internal error, I/O log file for event %d not open"), __func__, event); debug_return_int(-1); } - if (sudo_gettime_awake(&now) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to get time of day", __func__); - errstr = strerror(errno); - goto bad; - } - /* Write I/O log file entry. */ - errstr = iolog_write(ifd, buf, len); - if (errstr != NULL) + if (iolog_write(iol, buf, len, errstr) == -1) goto done; /* Write timing file entry. */ - sudo_timespecsub(&now, &last_time, &delay); len = (unsigned int)snprintf(tbuf, sizeof(tbuf), "%d %lld.%09ld %u\n", - event, (long long)delay.tv_sec, delay.tv_nsec, len); + event, (long long)delay->tv_sec, delay->tv_nsec, len); if (len >= sizeof(tbuf)) { /* Not actually possible due to the size of tbuf[]. */ - errstr = strerror(EOVERFLOW); + *errstr = strerror(EOVERFLOW); goto done; } - errstr = iolog_write(io_log_files[IOFD_TIMING].fd, tbuf, len); - if (errstr != NULL) + if (iolog_write(&iolog_files[IOFD_TIMING], tbuf, len, errstr) == -1) goto done; /* Success. */ ret = 1; done: + debug_return_int(ret); +} + +#ifdef SUDOERS_IOLOG_CLIENT +/* + * Schedule an I/O log entry to be written to the log server. + * Returns 1 on success and -1 on error. + * Fills in errstr on error. + */ +static int +sudoers_io_log_remote(int event, const char *buf, unsigned int len, + struct timespec *delay, const char **errstr) +{ + int type, ret = -1; + debug_decl(sudoers_io_log_remote, SUDOERS_DEBUG_PLUGIN); + + if (client_closure->disabled) + debug_return_int(1); + + /* Track elapsed time for comparison with commit points. */ + sudo_timespecadd(delay, &client_closure->elapsed, &client_closure->elapsed); + + switch (event) { + case IO_EVENT_STDIN: + type = CLIENT_MESSAGE__TYPE_STDIN_BUF; + break; + case IO_EVENT_STDOUT: + type = CLIENT_MESSAGE__TYPE_STDOUT_BUF; + break; + case IO_EVENT_STDERR: + type = CLIENT_MESSAGE__TYPE_STDERR_BUF; + break; + case IO_EVENT_TTYIN: + type = CLIENT_MESSAGE__TYPE_TTYIN_BUF; + break; + case IO_EVENT_TTYOUT: + type = CLIENT_MESSAGE__TYPE_TTYOUT_BUF; + break; + default: + sudo_warnx(U_("unexpected I/O event %d"), event); + goto done; + } + if (fmt_io_buf(client_closure, type, buf, len, delay)) { + ret = client_closure->write_ev->add(client_closure->write_ev, + &iolog_details.server_timeout); + if (ret == -1) + sudo_warn(U_("unable to add event to queue")); + } + +done: + debug_return_int(ret); +} +#endif /* SUDOERS_IOLOG_CLIENT */ + +/* + * Generic I/O logging function. Called by the I/O logging entry points. + * Returns 1 on success and -1 on error. + */ +static int +sudoers_io_log(const char *buf, unsigned int len, int event, const char **errstr) +{ + struct timespec now, delay; + const char *ioerror = NULL; + int ret = -1; + debug_decl(sudoers_io_log, SUDOERS_DEBUG_PLUGIN); + + if (sudo_gettime_awake(&now) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to get time of day", __func__); + ioerror = N_("unable to read the clock"); + goto bad; + } + sudo_timespecsub(&now, &last_time, &delay); + + ret = io_operations.log(event, buf, len, &delay, &ioerror); + last_time.tv_sec = now.tv_sec; last_time.tv_nsec = now.tv_nsec; bad: if (ret == -1) { - if (errstr != NULL && !warned) { - /* Only warn about I/O log file errors once. */ - log_warning(SLOG_SEND_MAIL, - N_("unable to write to I/O log file: %s"), errstr); - warned = true; + if (ioerror != NULL) { + char *cp; + + if (asprintf(&cp, N_("unable to write to I/O log file: %s"), + ioerror) != -1) { + *errstr = cp; + } + if (!warned) { + /* Only warn about I/O log file errors once. */ + log_warningx(SLOG_SEND_MAIL, + N_("unable to write to I/O log file: %s"), ioerror); + warned = true; + } } /* Ignore errors if they occur if the policy says so. */ @@ -1125,89 +966,123 @@ } static int -sudoers_io_log_stdin(const char *buf, unsigned int len) +sudoers_io_log_stdin(const char *buf, unsigned int len, const char **errstr) { - const union io_fd ifd = io_log_files[IOFD_STDIN].fd; - - return sudoers_io_log(ifd, buf, len, IO_EVENT_STDIN); + return sudoers_io_log(buf, len, IO_EVENT_STDIN, errstr); } static int -sudoers_io_log_stdout(const char *buf, unsigned int len) +sudoers_io_log_stdout(const char *buf, unsigned int len, const char **errstr) { - const union io_fd ifd = io_log_files[IOFD_STDOUT].fd; + return sudoers_io_log(buf, len, IO_EVENT_STDOUT, errstr); +} - return sudoers_io_log(ifd, buf, len, IO_EVENT_STDOUT); +static int +sudoers_io_log_stderr(const char *buf, unsigned int len, const char **errstr) +{ + return sudoers_io_log(buf, len, IO_EVENT_STDERR, errstr); } static int -sudoers_io_log_stderr(const char *buf, unsigned int len) +sudoers_io_log_ttyin(const char *buf, unsigned int len, const char **errstr) { - const union io_fd ifd = io_log_files[IOFD_STDERR].fd; + return sudoers_io_log(buf, len, IO_EVENT_TTYIN, errstr); +} - return sudoers_io_log(ifd, buf, len, IO_EVENT_STDERR); +static int +sudoers_io_log_ttyout(const char *buf, unsigned int len, const char **errstr) +{ + return sudoers_io_log(buf, len, IO_EVENT_TTYOUT, errstr); } static int -sudoers_io_log_ttyin(const char *buf, unsigned int len) +sudoers_io_change_winsize_local(unsigned int lines, unsigned int cols, + struct timespec *delay, const char **errstr) { - const union io_fd ifd = io_log_files[IOFD_TTYIN].fd; + char tbuf[1024]; + int len, ret = -1; + debug_decl(sudoers_io_change_winsize_local, SUDOERS_DEBUG_PLUGIN); + + /* Write window change event to the timing file. */ + len = snprintf(tbuf, sizeof(tbuf), "%d %lld.%09ld %u %u\n", + IO_EVENT_WINSIZE, (long long)delay->tv_sec, delay->tv_nsec, + lines, cols); + if (len < 0 || len >= ssizeof(tbuf)) { + /* Not actually possible due to the size of tbuf[]. */ + *errstr = strerror(EOVERFLOW); + goto done; + } + if (iolog_write(&iolog_files[IOFD_TIMING], tbuf, len, errstr) == -1) + goto done; + + /* Success. */ + ret = 1; - return sudoers_io_log(ifd, buf, len, IO_EVENT_TTYIN); +done: + debug_return_int(ret); } +#ifdef SUDOERS_IOLOG_CLIENT static int -sudoers_io_log_ttyout(const char *buf, unsigned int len) +sudoers_io_change_winsize_remote(unsigned int lines, unsigned int cols, + struct timespec *delay, const char **errstr) { - const union io_fd ifd = io_log_files[IOFD_TTYOUT].fd; + int ret = -1; + debug_decl(sudoers_io_change_winsize_remote, SUDOERS_DEBUG_PLUGIN); + + if (client_closure->disabled) + debug_return_int(1); - return sudoers_io_log(ifd, buf, len, IO_EVENT_TTYOUT); + /* Track elapsed time for comparison with commit points. */ + sudo_timespecadd(delay, &client_closure->elapsed, &client_closure->elapsed); + + if (fmt_winsize(client_closure, lines, cols, delay)) { + ret = client_closure->write_ev->add(client_closure->write_ev, + &iolog_details.server_timeout); + if (ret == -1) + sudo_warn(U_("unable to add event to queue")); + } + + debug_return_int(ret); } +#endif /* SUDOERS_IOLOG_CLIENT */ static int -sudoers_io_change_winsize(unsigned int lines, unsigned int cols) +sudoers_io_change_winsize(unsigned int lines, unsigned int cols, const char **errstr) { struct timespec now, delay; - unsigned int len; - char tbuf[1024]; - const char *errstr = NULL; + const char *ioerror = NULL; int ret = -1; - debug_decl(sudoers_io_change_winsize, SUDOERS_DEBUG_PLUGIN) + debug_decl(sudoers_io_change_winsize, SUDOERS_DEBUG_PLUGIN); if (sudo_gettime_awake(&now) == -1) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, "%s: unable to get time of day", __func__); - errstr = strerror(errno); + ioerror = N_("unable to read the clock"); goto bad; } - - /* Write window change event to the timing file. */ sudo_timespecsub(&now, &last_time, &delay); - len = (unsigned int)snprintf(tbuf, sizeof(tbuf), "%d %lld.%09ld %u %u\n", - IO_EVENT_WINSIZE, (long long)delay.tv_sec, delay.tv_nsec, lines, cols); - if (len >= sizeof(tbuf)) { - /* Not actually possible due to the size of tbuf[]. */ - errstr = strerror(EOVERFLOW); - goto done; - } - errstr = iolog_write(io_log_files[IOFD_TIMING].fd, tbuf, len); - if (errstr != NULL) - goto done; - /* Success. */ - ret = 1; + ret = io_operations.change_winsize(lines, cols, &delay, &ioerror); -done: last_time.tv_sec = now.tv_sec; last_time.tv_nsec = now.tv_nsec; bad: if (ret == -1) { - if (errstr != NULL && !warned) { - /* Only warn about I/O log file errors once. */ - log_warning(SLOG_SEND_MAIL, - N_("unable to write to I/O log file: %s"), errstr); - warned = true; + if (ioerror != NULL && !warned) { + char *cp; + + if (asprintf(&cp, N_("unable to write to I/O log file: %s"), + ioerror) != -1) { + *errstr = cp; + } + if (!warned) { + /* Only warn about I/O log file errors once. */ + log_warningx(SLOG_SEND_MAIL, + N_("unable to write to I/O log file: %s"), ioerror); + warned = true; + } } /* Ignore errors if they occur if the policy says so. */ @@ -1219,15 +1094,65 @@ } static int -sudoers_io_suspend(int signo) +sudoers_io_suspend_local(const char *signame, struct timespec *delay, + const char **errstr) { - struct timespec now, delay; unsigned int len; - char signame[SIG2STR_MAX]; char tbuf[1024]; - const char *errstr = NULL; int ret = -1; - debug_decl(sudoers_io_suspend, SUDOERS_DEBUG_PLUGIN) + debug_decl(sudoers_io_suspend_local, SUDOERS_DEBUG_PLUGIN); + + /* Write suspend event to the timing file. */ + len = (unsigned int)snprintf(tbuf, sizeof(tbuf), "%d %lld.%09ld %s\n", + IO_EVENT_SUSPEND, (long long)delay->tv_sec, delay->tv_nsec, signame); + if (len >= sizeof(tbuf)) { + /* Not actually possible due to the size of tbuf[]. */ + *errstr = strerror(EOVERFLOW); + goto done; + } + if (iolog_write(&iolog_files[IOFD_TIMING], tbuf, len, errstr) == -1) + goto done; + + /* Success. */ + ret = 1; + +done: + debug_return_int(ret); +} + +#ifdef SUDOERS_IOLOG_CLIENT +static int +sudoers_io_suspend_remote(const char *signame, struct timespec *delay, + const char **errstr) +{ + int ret = -1; + debug_decl(sudoers_io_suspend_remote, SUDOERS_DEBUG_PLUGIN); + + if (client_closure->disabled) + debug_return_int(1); + + /* Track elapsed time for comparison with commit points. */ + sudo_timespecadd(delay, &client_closure->elapsed, &client_closure->elapsed); + + if (fmt_suspend(client_closure, signame, delay)) { + ret = client_closure->write_ev->add(client_closure->write_ev, + &iolog_details.server_timeout); + if (ret == -1) + sudo_warn(U_("unable to add event to queue")); + } + + debug_return_int(ret); +} +#endif /* SUDOERS_IOLOG_CLIENT */ + +static int +sudoers_io_suspend(int signo, const char **errstr) +{ + struct timespec now, delay; + char signame[SIG2STR_MAX]; + const char *ioerror = NULL; + int ret = -1; + debug_decl(sudoers_io_suspend, SUDOERS_DEBUG_PLUGIN); if (signo <= 0 || sig2str(signo, signame) == -1) { sudo_warnx(U_("%s: internal error, invalid signal %d"), @@ -1238,37 +1163,32 @@ if (sudo_gettime_awake(&now) == -1) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, "%s: unable to get time of day", __func__); - errstr = strerror(errno); + ioerror = N_("unable to read the clock"); goto bad; } - - /* Write suspend event to the timing file. */ sudo_timespecsub(&now, &last_time, &delay); - len = (unsigned int)snprintf(tbuf, sizeof(tbuf), "%d %lld.%09ld %s\n", - IO_EVENT_SUSPEND, (long long)delay.tv_sec, delay.tv_nsec, signame); - if (len >= sizeof(tbuf)) { - /* Not actually possible due to the size of tbuf[]. */ - errstr = strerror(EOVERFLOW); - goto done; - } - errstr = iolog_write(io_log_files[IOFD_TIMING].fd, tbuf, len); - if (errstr != NULL) - goto done; - /* Success. */ - ret = 1; + /* Write suspend event to the timing file. */ + ret = io_operations.suspend(signame, &delay, &ioerror); -done: last_time.tv_sec = now.tv_sec; last_time.tv_nsec = now.tv_nsec; bad: if (ret == -1) { - if (errstr != NULL && !warned) { - /* Only warn about I/O log file errors once. */ - log_warning(SLOG_SEND_MAIL, - N_("unable to write to I/O log file: %s"), errstr); - warned = true; + if (ioerror != NULL && !warned) { + char *cp; + + if (asprintf(&cp, N_("unable to write to I/O log file: %s"), + ioerror) != -1) { + *errstr = cp; + } + if (!warned) { + /* Only warn about I/O log file errors once. */ + log_warningx(SLOG_SEND_MAIL, + N_("unable to write to I/O log file: %s"), ioerror); + warned = true; + } } /* Ignore errors if they occur if the policy says so. */ @@ -1279,6 +1199,34 @@ debug_return_int(ret); } +/* + * Fill in the contents of io_operations, either local or remote. + */ +static void +sudoers_io_setops(void) +{ + debug_decl(sudoers_io_setops, SUDOERS_DEBUG_PLUGIN); + +#ifdef SUDOERS_IOLOG_CLIENT + if (sudoers_io.event_alloc != NULL && iolog_details.log_servers != NULL) { + io_operations.open = sudoers_io_open_remote; + io_operations.close = sudoers_io_close_remote; + io_operations.log = sudoers_io_log_remote; + io_operations.change_winsize = sudoers_io_change_winsize_remote; + io_operations.suspend = sudoers_io_suspend_remote; + } else +#endif /* SUDOERS_IOLOG_CLIENT */ + { + io_operations.open = sudoers_io_open_local; + io_operations.close = sudoers_io_close_local; + io_operations.log = sudoers_io_log_local; + io_operations.change_winsize = sudoers_io_change_winsize_local; + io_operations.suspend = sudoers_io_suspend_local; + } + + debug_return; +} + __dso_public struct io_plugin sudoers_io = { SUDO_IO_PLUGIN, SUDO_API_VERSION, @@ -1293,5 +1241,6 @@ NULL, /* register_hooks */ NULL, /* deregister_hooks */ sudoers_io_change_winsize, - sudoers_io_suspend + sudoers_io_suspend, + NULL /* event_alloc() filled in by sudo */ }; diff -Nru sudo-1.8.31/plugins/sudoers/iolog_client.c sudo-1.9.0/plugins/sudoers/iolog_client.c --- sudo-1.8.31/plugins/sudoers/iolog_client.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/iolog_client.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,1793 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019-2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "config.h" + +#ifdef SUDOERS_IOLOG_CLIENT + +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif +#include +#include +#include +#include +#include +#include +#include + +#if defined(HAVE_OPENSSL) +# include +# include +# include +#endif /* HAVE_OPENSSL */ + +#define NEED_INET_NTOP /* to expose sudo_inet_ntop in sudo_compat.h */ + +#include "sudoers.h" +#include "sudo_event.h" +#include "sudo_iolog.h" +#include "iolog_plugin.h" +#include "hostcheck.h" + +#ifndef HAVE_GETADDRINFO +# include "compat/getaddrinfo.h" +#endif + +/* Server callback may redirect to client callback for TLS. */ +static void client_msg_cb(int fd, int what, void *v); +static void server_msg_cb(int fd, int what, void *v); + +static void +connect_cb(int sock, int what, void *v) +{ + int optval, ret, *errnump = v; + socklen_t optlen = sizeof(optval); + debug_decl(connect_cb, SUDOERS_DEBUG_UTIL); + + if (what == SUDO_PLUGIN_EV_TIMEOUT) { + *errnump = ETIMEDOUT; + } else { + ret = getsockopt(sock, SOL_SOCKET, SO_ERROR, &optval, &optlen); + *errnump = ret == 0 ? optval : errno; + } + + debug_return; +} + +/* + * Like connect(2) but with a timeout. + */ +static int +timed_connect(int sock, const struct sockaddr *addr, socklen_t addrlen, + const struct timespec *timo) +{ + struct sudo_event_base *evbase = NULL; + struct sudo_event *connect_event = NULL; + int ret, errnum = 0; + debug_decl(timed_connect, SUDOERS_DEBUG_UTIL); + + ret = connect(sock, addr, addrlen); + if (ret == -1 && errno == EINPROGRESS) { + evbase = sudo_ev_base_alloc(); + connect_event = sudo_ev_alloc(sock, SUDO_PLUGIN_EV_WRITE, connect_cb, + &errnum); + if (evbase == NULL || connect_event == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + goto done; + } + if (sudo_ev_add(evbase, connect_event, timo, false) == -1) { + sudo_warnx(U_("unable to add event to queue")); + goto done; + } + if (sudo_ev_dispatch(evbase) == -1) { + sudo_warn(U_("error in event loop")); + goto done; + } + if (errnum == 0) + ret = 0; + else + errno = errnum; + } + +done: + sudo_ev_base_free(evbase); + sudo_ev_free(connect_event); + + debug_return_int(ret); +} + +#if defined(HAVE_OPENSSL) +static int +verify_peer_identity(int preverify_ok, X509_STORE_CTX *ctx) +{ + HostnameValidationResult result; + struct client_closure *closure; + SSL *ssl; + X509 *current_cert; + X509 *peer_cert; + debug_decl(verify_peer_identity, SUDOERS_DEBUG_UTIL); + + /* if pre-verification of the cert failed, just propagate that result back */ + if (preverify_ok != 1) { + debug_return_int(0); + } + + /* since this callback is called for each cert in the chain, + * check that current cert is the peer's certificate + */ + current_cert = X509_STORE_CTX_get_current_cert(ctx); + peer_cert = X509_STORE_CTX_get0_cert(ctx); + + if (current_cert != peer_cert) { + debug_return_int(1); + } + + /* read out the attached object (closure) from the ssl connection object */ + ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); + closure = SSL_get_ex_data(ssl, 1); + + result = validate_hostname(peer_cert, closure->server_name, + closure->server_ip, 0); + + switch(result) + { + case MatchFound: + debug_return_int(1); + default: + debug_return_int(0); + } +} + +static bool +tls_init(struct client_closure *closure) +{ + static bool initialized; + const char *errstr; + debug_decl(tls_init, SUDOERS_DEBUG_PLUGIN); + + /* Only attempt to initialize TLS once, the parameters don't change. */ + if (initialized) { + if (closure->ssl == NULL) + debug_return_bool(false); + SSL_clear(closure->ssl); + debug_return_bool(true); + } + + initialized = true; + SSL_library_init(); + OpenSSL_add_all_algorithms(); + SSL_load_error_strings(); + + /* Create the ssl context and enforce TLS 1.2 or higher. */ + if ((closure->ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("Creation of new SSL_CTX object failed: %s"), errstr); + goto bad; + } +#ifdef HAVE_SSL_CTX_SET_MIN_PROTO_VERSION + if (!SSL_CTX_set_min_proto_version(closure->ssl_ctx, TLS1_2_VERSION)) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to restrict min. protocol version: %s", errstr); + goto bad; + } +#else + SSL_CTX_set_options(closure->ssl_ctx, + SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1); +#endif + + /* Enable server cert verification if log_server_verify is set in sudoers */ + if (closure->log_details->verify_server) { + if (closure->log_details->ca_bundle != NULL) { + if (SSL_CTX_load_verify_locations(closure->ssl_ctx, + closure->log_details->ca_bundle, NULL) <= 0) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("%s: %s"), closure->log_details->ca_bundle, + errstr); + sudo_warnx(U_("unable to load certificate authority bundle %s"), + closure->log_details->ca_bundle); + goto bad; + } + } else { + if (!SSL_CTX_set_default_verify_paths(closure->ssl_ctx)) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx("SSL_CTX_set_default_verify_paths: %s", errstr); + goto bad; + } + } + SSL_CTX_set_verify(closure->ssl_ctx, SSL_VERIFY_PEER, verify_peer_identity); + } + + /* Load the client certificate file if it is set in sudoers. */ + if (closure->log_details->cert_file != NULL) { + if (!SSL_CTX_use_certificate_chain_file(closure->ssl_ctx, + closure->log_details->cert_file)) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("%s: %s"), closure->log_details->cert_file, errstr); + sudo_warnx(U_("unable to load certificate %s"), + closure->log_details->cert_file); + goto bad; + } + if (closure->log_details->key_file == NULL) { + /* No explicit key file set, try to use the cert file. */ + closure->log_details->key_file = closure->log_details->cert_file; + } + if (!SSL_CTX_use_PrivateKey_file(closure->ssl_ctx, + closure->log_details->key_file, SSL_FILETYPE_PEM) || + !SSL_CTX_check_private_key(closure->ssl_ctx)) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("%s: %s"), closure->log_details->key_file, errstr); + sudo_warnx(U_("unable to load private key %s"), + closure->log_details->key_file); + goto bad; + } + } + + /* Create the SSL object and attach the closure. */ + if ((closure->ssl = SSL_new(closure->ssl_ctx)) == NULL) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("Unable to allocate ssl object: %s"), errstr); + goto bad; + } + if (SSL_set_ex_data(closure->ssl, 1, closure) <= 0) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("Unable to attach user data to the ssl object: %s"), + errstr); + goto bad; + } + + debug_return_bool(true); + +bad: + SSL_free(closure->ssl); + closure->ssl = NULL; + SSL_CTX_free(closure->ssl_ctx); + closure->ssl_ctx = NULL; + debug_return_bool(false); +} + +struct tls_connect_closure { + bool tls_conn_status; + SSL *ssl; + const char *host; + const char *port; + struct sudo_event_base *evbase; + struct sudo_event *tls_connect_ev; +}; + +static void +tls_connect_cb(int sock, int what, void *v) +{ + struct tls_connect_closure *closure = v; + struct timespec timeo = { 10, 0 }; + int tls_con; + debug_decl(tls_connect_cb, SUDOERS_DEBUG_UTIL); + + if (what == SUDO_PLUGIN_EV_TIMEOUT) { + sudo_warnx(U_("TLS handshake timeout occurred")); + goto bad; + } + + tls_con = SSL_connect(closure->ssl); + + if (tls_con == 1) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "TLS version: %s, negotiated cipher suite: %s", + SSL_get_version(closure->ssl), SSL_get_cipher(closure->ssl)); + closure->tls_conn_status = true; + } else { + const char *errstr; + + switch (SSL_get_error(closure->ssl, tls_con)) { + /* TLS handshake is not finished, reschedule event */ + case SSL_ERROR_WANT_READ: + sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO, + "SSL_connect returns SSL_ERROR_WANT_READ"); + if (what != SUDO_EV_READ) { + if (sudo_ev_set(closure->tls_connect_ev, sock, + SUDO_EV_READ, tls_connect_cb, closure) == -1) { + sudo_warnx(U_("unable to set event")); + goto bad; + } + } + if (sudo_ev_add(closure->evbase, closure->tls_connect_ev, + &timeo, false) == -1) { + sudo_warnx(U_("unable to add event to queue")); + goto bad; + } + break; + case SSL_ERROR_WANT_WRITE: + sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO, + "SSL_connect returns SSL_ERROR_WANT_WRITE"); + if (what != SUDO_EV_WRITE) { + if (sudo_ev_set(closure->tls_connect_ev, sock, + SUDO_EV_WRITE, tls_connect_cb, closure) == -1) { + sudo_warnx(U_("unable to set event")); + goto bad; + } + } + if (sudo_ev_add(closure->evbase, closure->tls_connect_ev, + &timeo, false) == -1) { + sudo_warnx(U_("unable to add event to queue")); + goto bad; + } + break; + case SSL_ERROR_SYSCALL: + sudo_warnx(U_("TLS connection to %s:%s failed: %s"), + closure->host, closure->port, strerror(errno)); + goto bad; + default: + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("TLS connection to %s:%s failed: %s"), + closure->host, closure->port, errstr); + goto bad; + } + } + + debug_return; + +bad: + /* Break out of tls connect event loop with an error. */ + sudo_ev_loopbreak(closure->evbase); + + debug_return; +} + +static bool +tls_timed_connect(SSL *ssl, const char *host, const char *port, + const struct timespec *timo) +{ + struct tls_connect_closure closure; + debug_decl(tls_timed_connect, SUDOERS_DEBUG_UTIL); + + memset(&closure, 0, sizeof(closure)); + closure.ssl = ssl; + closure.host = host; + closure.port = port; + closure.evbase = sudo_ev_base_alloc(); + closure.tls_connect_ev = sudo_ev_alloc(SSL_get_fd(ssl), + SUDO_PLUGIN_EV_WRITE, tls_connect_cb, &closure); + + if (closure.evbase == NULL || closure.tls_connect_ev == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + goto done; + } + + if (sudo_ev_add(closure.evbase, closure.tls_connect_ev, timo, false) == -1) { + sudo_warnx(U_("unable to add event to queue")); + goto done; + } + + if (sudo_ev_dispatch(closure.evbase) == -1) { + sudo_warnx(U_("error in event loop")); + goto done; + } + +done: + if (closure.tls_connect_ev != NULL) + sudo_ev_free(closure.tls_connect_ev); + sudo_ev_base_free(closure.evbase); + + debug_return_bool(closure.tls_conn_status); +} +#endif /* HAVE_OPENSSL */ + +/* + * Connect to specified host:port + * If host has multiple addresses, the first one that connects is used. + * Returns open socket or -1 on error. + */ +static int +connect_server(const char *host, const char *port, bool tls, + struct client_closure *closure, const char **reason) +{ + const struct timespec *timo = &closure->log_details->server_timeout; + struct addrinfo hints, *res, *res0; + const char *cause = NULL; + int error, sock = -1; + debug_decl(connect_server, SUDOERS_DEBUG_UTIL); + +#if !defined(HAVE_OPENSSL) + if (tls) { + errno = EPROTONOSUPPORT; + sudo_warn("%s:%s(tls)", host, port); + debug_return_int(-1); + } +#endif + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + error = getaddrinfo(host, port, &hints, &res0); + if (error != 0) { + sudo_warnx(U_("unable to look up %s:%s: %s"), host, port, + gai_strerror(error)); + debug_return_int(-1); + } + + for (res = res0; res; res = res->ai_next) { + int flags, save_errno; + + sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol); + if (sock == -1) { + cause = "socket"; + continue; + } + flags = fcntl(sock, F_GETFL, 0); + if (flags == -1 || fcntl(sock, F_SETFL, flags | O_NONBLOCK) == -1) { + cause = "fcntl(O_NONBLOCK)"; + save_errno = errno; + close(sock); + errno = save_errno; + sock = -1; + continue; + } + if (fcntl(sock, F_SETFD, FD_CLOEXEC) == -1) { + cause = "fcntl(FD_CLOEXEC)"; + save_errno = errno; + close(sock); + errno = save_errno; + sock = -1; + continue; + } + if (closure->log_details->keepalive) { + flags = 1; + if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &flags, + sizeof(flags)) == -1) { + cause = "setsockopt(SO_KEEPALIVE)"; + save_errno = errno; + close(sock); + errno = save_errno; + sock = -1; + continue; + } + } + if (timed_connect(sock, res->ai_addr, res->ai_addrlen, timo) == -1) { + cause = "connect"; + save_errno = errno; + close(sock); + errno = save_errno; + sock = -1; + continue; + } + if (inet_ntop(res->ai_family, res->ai_addr, closure->server_ip, + sizeof(closure->server_ip)) == NULL) { + cause = "inet_ntop"; + save_errno = errno; + close(sock); + errno = save_errno; + sock = -1; + continue; + } + +#if defined(HAVE_OPENSSL) + if (tls) { + if (!tls_init(closure) || !SSL_set_fd(closure->ssl, sock)) { + cause = U_("TLS initialization was unsuccessful"); + save_errno = errno; + close(sock); + errno = save_errno; + sock = -1; + continue; + } + /* Perform TLS handshake. */ + if (!tls_timed_connect(closure->ssl, host, port, timo)) { + cause = U_("TLS handshake was unsuccessful"); + save_errno = errno; + close(sock); + errno = save_errno; + sock = -1; + continue; + } + } else { + /* No TLS for this connection, make sure it is not initialized. */ + SSL_free(closure->ssl); + closure->ssl = NULL; + SSL_CTX_free(closure->ssl_ctx); + closure->ssl_ctx = NULL; + } +#endif /* HAVE_OPENSSL */ + break; /* success */ + } + freeaddrinfo(res0); + + if (sock == -1) + *reason = cause; + + debug_return_int(sock); +} + +/* + * Connect to the first server in the list. + * Stores socket in closure with O_NONBLOCK and close-on-exec flags set. + * Returns true on success, else false. + */ +bool +log_server_connect(struct client_closure *closure) +{ + struct sudoers_string *server; + char *host, *port, *copy = NULL; + const char *cause = NULL; + int sock; + bool tls, ret = false; + debug_decl(restore_nproc, SUDOERS_DEBUG_UTIL); + + STAILQ_FOREACH(server, closure->log_details->log_servers, entries) { + free(copy); + copy = strdup(server->str); + if (!iolog_parse_host_port(copy, &host, &port, &tls, DEFAULT_PORT, + DEFAULT_PORT_TLS)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to parse %s", copy); + continue; + } + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "connecting to %s port %s%s", host, port, tls ? " (tls)" : ""); + sock = connect_server(host, port, tls, closure, &cause); + if (sock != -1) { + if ((closure->server_name = strdup(host)) == NULL) { + cause = U_("unable to allocate memory"); + close(sock); + break; + } + + if (closure->read_ev->set(closure->read_ev, sock, + SUDO_PLUGIN_EV_READ|SUDO_PLUGIN_EV_PERSIST, + server_msg_cb, closure) == -1) { + cause = (U_("unable to add event to queue")); + break; + } + + if (closure->write_ev->set(closure->write_ev, sock, + SUDO_PLUGIN_EV_WRITE|SUDO_PLUGIN_EV_PERSIST, + client_msg_cb, closure) == -1) { + cause = (U_("unable to add event to queue")); + break; + } + + /* success */ + closure->sock = sock; + ret = true; + break; + } + } + free(copy); + + if (!ret && cause != NULL) + sudo_warn("%s", cause); + + debug_return_bool(ret); +} + +/* + * Free client closure and contents, including log details. + */ +void +client_closure_free(struct client_closure *closure) +{ + struct connection_buffer *buf; + debug_decl(client_closure_free, SUDOERS_DEBUG_UTIL); + + if (closure == NULL) + debug_return; + +#if defined(HAVE_OPENSSL) + /* Shut down the TLS connection cleanly and free SSL data. */ + if (closure->ssl != NULL) { + SSL_shutdown(closure->ssl); + SSL_free(closure->ssl); + } + SSL_CTX_free(closure->ssl_ctx); +#endif + + if (closure->sock != -1) + close(closure->sock); + free(closure->server_name); + while ((buf = TAILQ_FIRST(&closure->write_bufs)) != NULL) { + TAILQ_REMOVE(&closure->write_bufs, buf, entries); + free(buf->data); + free(buf); + } + while ((buf = TAILQ_FIRST(&closure->free_bufs)) != NULL) { + TAILQ_REMOVE(&closure->free_bufs, buf, entries); + free(buf->data); + free(buf); + } + if (closure->read_ev != NULL) + closure->read_ev->free(closure->read_ev); + if (closure->write_ev != NULL) + closure->write_ev->free(closure->write_ev); + free(closure->read_buf.data); + free(closure->iolog_id); + + /* Most of log_details is const. */ + if (closure->log_details != NULL) { + free(closure->log_details->user_env); + closure->log_details->user_env = NULL; + if (closure->log_details->runas_pw) + sudo_pw_delref(closure->log_details->runas_pw); + if (closure->log_details->runas_gr) + sudo_gr_delref(closure->log_details->runas_gr); + } + + free(closure); + + debug_return; +} + +static struct connection_buffer * +get_free_buf(struct client_closure *closure) +{ + struct connection_buffer *buf; + debug_decl(get_free_buf, SUDOERS_DEBUG_UTIL); + + buf = TAILQ_FIRST(&closure->free_bufs); + if (buf != NULL) + TAILQ_REMOVE(&closure->free_bufs, buf, entries); + else + buf = calloc(1, sizeof(*buf)); + + debug_return_ptr(buf); +} + +/* + * Format a ClientMessage. + * Appends the wire format message to the closure's write queue. + * Returns true on success, false on failure. + */ +bool +fmt_client_message(struct client_closure *closure, ClientMessage *msg) +{ + struct connection_buffer *buf; + uint32_t msg_len; + bool ret = false; + size_t len; + debug_decl(fmt_client_message, SUDOERS_DEBUG_UTIL); + + if ((buf = get_free_buf(closure)) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + goto done; + } + + len = client_message__get_packed_size(msg); + if (len > MESSAGE_SIZE_MAX) { + sudo_warnx(U_("client message too large: %zu"), len); + goto done; + } + /* Wire message size is used for length encoding, precedes message. */ + msg_len = htonl((uint32_t)len); + len += sizeof(msg_len); + + /* Resize buffer as needed. */ + if (len > buf->size) { + free(buf->data); + buf->size = sudo_pow2_roundup(len); + if ((buf->data = malloc(buf->size)) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + buf->size = 0; + goto done; + } + } + + memcpy(buf->data, &msg_len, sizeof(msg_len)); + client_message__pack(msg, buf->data + sizeof(msg_len)); + buf->len = len; + TAILQ_INSERT_TAIL(&closure->write_bufs, buf, entries); + buf = NULL; + + ret = true; + +done: + if (buf != NULL) { + free(buf->data); + free(buf); + } + debug_return_bool(ret); +} + +/* + * Build and format a ClientHello wrapped in a ClientMessage. + * Appends the wire format message to the closure's write queue. + * Returns true on success, false on failure. + */ +bool +fmt_client_hello(struct client_closure *closure) +{ + ClientMessage client_msg = CLIENT_MESSAGE__INIT; + ClientHello hello_msg = CLIENT_HELLO__INIT; + bool ret = false; + debug_decl(fmt_client_hello, SUDOERS_DEBUG_UTIL); + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: sending ClientHello", __func__); + + /* Client name + version */ + hello_msg.client_id = "sudoers " PACKAGE_VERSION; + + /* Schedule ClientMessage */ + client_msg.hello_msg = &hello_msg; + client_msg.type_case = CLIENT_MESSAGE__TYPE_HELLO_MSG; + ret = fmt_client_message(closure, &client_msg); + + debug_return_bool(ret); +} + +/* + * Build and format an AcceptMessage wrapped in a ClientMessage. + * Appends the wire format message to the closure's write queue. + * Returns true on success, false on failure. + */ +bool +fmt_accept_message(struct client_closure *closure) +{ + ClientMessage client_msg = CLIENT_MESSAGE__INIT; + AcceptMessage accept_msg = ACCEPT_MESSAGE__INIT; + TimeSpec ts = TIME_SPEC__INIT; + InfoMessage__StringList runargv = INFO_MESSAGE__STRING_LIST__INIT; + InfoMessage__StringList runenv = INFO_MESSAGE__STRING_LIST__INIT; + struct iolog_details *details = closure->log_details; + size_t info_msgs_size, n; + struct timespec now; + bool ret = false; + debug_decl(fmt_accept_message, SUDOERS_DEBUG_UTIL); + + /* + * Fill in AcceptMessage and add it to ClientMessage. + */ + if (sudo_gettime_real(&now)) { + sudo_warn("%s", U_("unable to get time of day")); + debug_return_bool(false); + } + ts.tv_sec = now.tv_sec; + ts.tv_nsec = now.tv_nsec; + accept_msg.submit_time = &ts; + + /* Client will send IoBuffer messages. */ + accept_msg.expect_iobufs = true; + + /* Convert NULL-terminated vectors to StringList. */ + runargv.strings = (char **)details->argv; + runargv.n_strings = details->argc; + runenv.strings = (char **)details->user_env; + while (runenv.strings[runenv.n_strings] != NULL) + runenv.n_strings++; + + /* XXX - realloc as needed instead of preallocating */ + info_msgs_size = 22; + accept_msg.info_msgs = calloc(info_msgs_size, sizeof(InfoMessage *)); + if (accept_msg.info_msgs == NULL) { + info_msgs_size = 0; + goto done; + } + for (n = 0; n < info_msgs_size; n++) { + accept_msg.info_msgs[n] = malloc(sizeof(InfoMessage)); + if (accept_msg.info_msgs[n] == NULL) { + info_msgs_size = n; + goto done; + } + info_message__init(accept_msg.info_msgs[n]); + } + + /* Fill in info_msgs */ + n = 0; + + /* TODO: clientargv (not currently supported by API) */ + /* TODO: clientpid */ + /* TODO: clientppid */ + /* TODO: clientsid */ + + accept_msg.info_msgs[n]->key = "columns"; + accept_msg.info_msgs[n]->numval = details->cols; + accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_NUMVAL; + n++; + + accept_msg.info_msgs[n]->key = "command"; + accept_msg.info_msgs[n]->strval = (char *)details->command; + accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; + n++; + + accept_msg.info_msgs[n]->key = "lines"; + accept_msg.info_msgs[n]->numval = details->lines; + accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_NUMVAL; + n++; + + accept_msg.info_msgs[n]->key = "runargv"; + accept_msg.info_msgs[n]->strlistval = &runargv; + accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRLISTVAL; + n++; + + accept_msg.info_msgs[n]->key = "runenv"; + accept_msg.info_msgs[n]->strlistval = &runenv; + accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRLISTVAL; + n++; + + if (details->runas_gr!= NULL) { + accept_msg.info_msgs[n]->key = "rungid"; + accept_msg.info_msgs[n]->numval = details->runas_gr->gr_gid; + accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_NUMVAL; + n++; + + accept_msg.info_msgs[n]->key = "rungroup"; + accept_msg.info_msgs[n]->strval = details->runas_gr->gr_name; + accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; + n++; + } + + /* TODO - rungids */ + /* TODO - rungroups */ + + accept_msg.info_msgs[n]->key = "runuid"; + accept_msg.info_msgs[n]->numval = details->runas_pw->pw_uid; + accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_NUMVAL; + n++; + + accept_msg.info_msgs[n]->key = "runuser"; + accept_msg.info_msgs[n]->strval = details->runas_pw->pw_name; + accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; + n++; + + if (details->cwd != NULL) { + accept_msg.info_msgs[n]->key = "submitcwd"; + accept_msg.info_msgs[n]->strval = (char *)details->cwd; + accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; + n++; + } + + /* TODO - submitenv */ + /* TODO - submitgid */ + /* TODO - submitgids */ + /* TODO - submitgroup */ + /* TODO - submitgroups */ + + accept_msg.info_msgs[n]->key = "submithost"; + accept_msg.info_msgs[n]->strval = (char *)details->host; + accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; + n++; + + /* TODO - submituid */ + + accept_msg.info_msgs[n]->key = "submituser"; + accept_msg.info_msgs[n]->strval = (char *)details->user; + accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; + n++; + + if (details->tty != NULL) { + accept_msg.info_msgs[n]->key = "ttyname"; + accept_msg.info_msgs[n]->strval = (char *)details->tty; + accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; + n++; + } + + /* Update n_info_msgs. */ + accept_msg.n_info_msgs = n; + + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: sending AcceptMessage, array length %zu", __func__, n); + + /* Schedule ClientMessage */ + client_msg.accept_msg = &accept_msg; + client_msg.type_case = CLIENT_MESSAGE__TYPE_ACCEPT_MSG; + ret = fmt_client_message(closure, &client_msg); + +done: + for (n = 0; n < info_msgs_size; n++) + free(accept_msg.info_msgs[n]); + free(accept_msg.info_msgs); + + debug_return_bool(ret); +} + +#ifdef notyet +/* + * Build and format a RestartMessage wrapped in a ClientMessage. + * Appends the wire format message to the closure's write queue. + * Returns true on success, false on failure. + */ +bool +fmt_restart_message(struct client_closure *closure) +{ + ClientMessage client_msg = CLIENT_MESSAGE__INIT; + RestartMessage restart_msg = RESTART_MESSAGE__INIT; + TimeSpec tv = TIME_SPEC__INIT; + bool ret = false; + debug_decl(fmt_restart_message, SUDOERS_DEBUG_UTIL); + + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: sending RestartMessage, [%lld, %ld]", __func__, + (long long)closure->restart->tv_sec, closure->restart->tv_nsec); + + tv.tv_sec = closure->restart->tv_sec; + tv.tv_nsec = closure->restart->tv_nsec; + restart_msg.resume_point = &tv; + restart_msg.log_id = (char *)closure->iolog_id; + + /* Schedule ClientMessage */ + client_msg.restart_msg = &restart_msg; + client_msg.type_case = CLIENT_MESSAGE__TYPE_RESTART_MSG; + ret = fmt_client_message(closure, &client_msg); + + debug_return_bool(ret); +} +#endif + +/* + * Build and format an ExitMessage wrapped in a ClientMessage. + * Appends the wire format message to the closure's write queue. + * Returns true on success, false on failure. + */ +bool +fmt_exit_message(struct client_closure *closure, int exit_status, int error) +{ + ClientMessage client_msg = CLIENT_MESSAGE__INIT; + ExitMessage exit_msg = EXIT_MESSAGE__INIT; + TimeSpec ts = TIME_SPEC__INIT; + char signame[SIG2STR_MAX]; + bool ret = false; + struct timespec run_time; + debug_decl(fmt_exit_message, SUDOERS_DEBUG_UTIL); + + if (sudo_gettime_awake(&run_time) == -1) { + sudo_warn("%s", U_("unable to get time of day")); + goto done; + } + sudo_timespecsub(&run_time, &closure->start_time, &run_time); + + ts.tv_sec = run_time.tv_sec; + ts.tv_nsec = run_time.tv_nsec; + exit_msg.run_time = &ts; + + if (error != 0) { + /* Error executing the command. */ + exit_msg.error = strerror(error); + } else { + if (WIFEXITED(exit_status)) { + exit_msg.exit_value = WEXITSTATUS(exit_status); + } else if (WIFSIGNALED(exit_status)) { + int signo = WTERMSIG(exit_status); + if (signo <= 0 || sig2str(signo, signame) == -1) { + sudo_warnx(U_("%s: internal error, invalid signal %d"), + __func__, signo); + goto done; + } + exit_msg.signal = signame; + if (WCOREDUMP(exit_status)) + exit_msg.dumped_core = true; + exit_msg.exit_value = WTERMSIG(exit_status) | 128; + } else { + sudo_warnx(U_("%s: internal error, invalid exit status %d"), + __func__, exit_status); + goto done; + } + } + + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: sending ExitMessage, exitval %d, error %s, signal %s, coredump %s", + __func__, exit_msg.exit_value, exit_msg.error ? exit_msg.error : "", + exit_msg.signal ? exit_msg.signal : "", + exit_msg.dumped_core ? "yes" : "no"); + + /* Send ClientMessage */ + client_msg.exit_msg = &exit_msg; + client_msg.type_case = CLIENT_MESSAGE__TYPE_EXIT_MSG; + if (!fmt_client_message(closure, &client_msg)) + goto done; + + closure->state = SEND_EXIT; + ret = true; + +done: + debug_return_bool(ret); +} + +/* + * Build and format an IoBuffer wrapped in a ClientMessage. + * Appends the wire format message to the closure's write queue. + * Returns true on success, false on failure. + */ +bool +fmt_io_buf(struct client_closure *closure, int type, const char *buf, + unsigned int len, struct timespec *delay) +{ + ClientMessage client_msg = CLIENT_MESSAGE__INIT; + IoBuffer iobuf_msg = IO_BUFFER__INIT; + TimeSpec ts = TIME_SPEC__INIT; + bool ret = false; + debug_decl(fmt_io_buf, SUDOERS_DEBUG_UTIL); + + /* Fill in IoBuffer. */ + ts.tv_sec = delay->tv_sec; + ts.tv_nsec = delay->tv_nsec; + iobuf_msg.delay = &ts; + iobuf_msg.data.data = (void *)buf; + iobuf_msg.data.len = len; + + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: sending IoBuffer length %zu, type %d, size %zu", __func__, + iobuf_msg.data.len, type, io_buffer__get_packed_size(&iobuf_msg)); + + /* Schedule ClientMessage, it doesn't matter which IoBuffer we set. */ + client_msg.ttyout_buf = &iobuf_msg; + client_msg.type_case = type; + if (!fmt_client_message(closure, &client_msg)) + goto done; + + ret = true; + +done: + debug_return_bool(ret); +} + +/* + * Build and format a ChangeWindowSize message wrapped in a ClientMessage. + * Appends the wire format message to the closure's write queue. + * Returns true on success, false on failure. + */ +bool +fmt_winsize(struct client_closure *closure, unsigned int lines, + unsigned int cols, struct timespec *delay) +{ + ClientMessage client_msg = CLIENT_MESSAGE__INIT; + ChangeWindowSize winsize_msg = CHANGE_WINDOW_SIZE__INIT; + TimeSpec ts = TIME_SPEC__INIT; + bool ret = false; + debug_decl(fmt_winsize, SUDOERS_DEBUG_UTIL); + + /* Fill in ChangeWindowSize message. */ + ts.tv_sec = delay->tv_sec; + ts.tv_nsec = delay->tv_nsec; + winsize_msg.delay = &ts; + winsize_msg.rows = lines; + winsize_msg.cols = cols; + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: sending ChangeWindowSize, %dx%d", + __func__, winsize_msg.rows, winsize_msg.cols); + + /* Send ClientMessage */ + client_msg.winsize_event = &winsize_msg; + client_msg.type_case = CLIENT_MESSAGE__TYPE_WINSIZE_EVENT; + if (!fmt_client_message(closure, &client_msg)) + goto done; + + ret = true; + +done: + debug_return_bool(ret); +} + +/* + * Build and format a CommandSuspend message wrapped in a ClientMessage. + * Appends the wire format message to the closure's write queue. + * Returns true on success, false on failure. + */ +bool +fmt_suspend(struct client_closure *closure, const char *signame, struct timespec *delay) +{ + ClientMessage client_msg = CLIENT_MESSAGE__INIT; + CommandSuspend suspend_msg = COMMAND_SUSPEND__INIT; + TimeSpec ts = TIME_SPEC__INIT; + bool ret = false; + debug_decl(fmt_suspend, SUDOERS_DEBUG_UTIL); + + /* Fill in CommandSuspend message. */ + ts.tv_sec = delay->tv_sec; + ts.tv_nsec = delay->tv_nsec; + suspend_msg.delay = &ts; + suspend_msg.signal = (char *)signame; + + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: sending CommandSuspend, SIG%s", __func__, suspend_msg.signal); + + /* Send ClientMessage */ + client_msg.suspend_event = &suspend_msg; + client_msg.type_case = CLIENT_MESSAGE__TYPE_SUSPEND_EVENT; + if (!fmt_client_message(closure, &client_msg)) + goto done; + + ret = true; + +done: + debug_return_bool(ret); +} + +/* + * Additional work to do after a ClientMessage was sent to the server. + * Advances state and formats the next ClientMessage (if any). + * XXX - better name + */ +static bool +client_message_completion(struct client_closure *closure) +{ + debug_decl(client_message_completion, SUDOERS_DEBUG_UTIL); + + switch (closure->state) { + case RECV_HELLO: + /* Waiting for ServerHello, nothing else to do. */ + break; + case SEND_ACCEPT: + case SEND_RESTART: + closure->state = SEND_IO; + break; + case SEND_IO: + /* Arbitrary number of I/O log buffers, no state change. */ + break; + case SEND_EXIT: + /* Done writing, just waiting for final commit point. */ + closure->write_ev->del(closure->write_ev); + closure->state = CLOSING; + + /* Enable timeout while waiting for final commit point. */ + if (closure->read_ev->add(closure->read_ev, + &closure->log_details->server_timeout) == -1) { + sudo_warn(U_("unable to add event to queue")); + debug_return_bool(false); + } + break; + default: + sudo_warnx(U_("%s: unexpected state %d"), __func__, closure->state); + debug_return_bool(false); + } + debug_return_bool(true); +} + +/* + * Read the ServerHello message from the log server. + * We do this synchronously, since we don't want the command to run + * before the log server connection is completely established. + */ +bool +read_server_hello(struct client_closure *closure) +{ + struct sudo_event_base *evbase = NULL; + bool ret = false; + debug_decl(read_server_hello, SUDOERS_DEBUG_UTIL); + + /* Get new event base so we can read ServerHello synchronously. */ + evbase = sudo_ev_base_alloc(); + if (evbase == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + goto done; + } + + /* Write ClientHello. */ + if (!fmt_client_hello(closure)) + goto done; + closure->write_ev->setbase(closure->write_ev, evbase); + if (closure->write_ev->add(closure->write_ev, + &closure->log_details->server_timeout) == -1) { + sudo_warnx(U_("unable to add event to queue")); + goto done; + } + + /* Read ServerHello synchronously. */ + closure->read_ev->setbase(closure->read_ev, evbase); + if (closure->read_ev->add(closure->read_ev, + &closure->log_details->server_timeout) == -1) { + sudo_warnx(U_("unable to add event to queue")); + goto done; + } + + /* Read/write hello messages synchronously. */ + if (sudo_ev_dispatch(evbase) == -1) { + sudo_warnx(U_("error in event loop")); + goto done; + } + + if (!sudo_ev_got_break(evbase)) + ret = true; + + /* Note: handle_server_hello() reset the event back to sudo's event loop. */ + +done: + sudo_ev_base_free(evbase); + debug_return_bool(ret); +} + +/* + * Respond to a ServerHello message from the server. + * Returns true on success, false on error. + */ +static bool +handle_server_hello(ServerHello *msg, struct client_closure *closure) +{ + size_t n; + debug_decl(handle_server_hello, SUDOERS_DEBUG_UTIL); + + if (closure->state != RECV_HELLO) { + sudo_warnx(U_("%s: unexpected state %d"), __func__, closure->state); + debug_return_bool(false); + } + + /* Sanity check ServerHello message. */ + if (msg->server_id == NULL || msg->server_id[0] == '\0') { + sudo_warnx("%s", U_("invalid ServerHello")); + debug_return_bool(false); + } + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: server ID: %s", + __func__, msg->server_id); + /* TODO: handle redirect */ + if (msg->redirect != NULL && msg->redirect[0] != '\0') { + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: redirect: %s", + __func__, msg->redirect); + } + for (n = 0; n < msg->n_servers; n++) { + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: server %zu: %s", + __func__, n + 1, msg->servers[n]); + } + + /* + * Move read/write events back to main sudo event loop. + * Server messages may occur at any time, so no timeout. + * Write event will be re-enabled later. + */ + closure->read_ev->setbase(closure->read_ev, NULL); + if (closure->read_ev->add(closure->read_ev, NULL) == -1) { + sudo_warn(U_("unable to add event to queue")); + debug_return_bool(false); + } + closure->write_ev->setbase(closure->write_ev, NULL); + + debug_return_bool(true); +} + +/* + * Respond to a CommitPoint message from the server. + * Returns true on success, false on error. + */ +static bool +handle_commit_point(TimeSpec *commit_point, struct client_closure *closure) +{ + debug_decl(handle_commit_point, SUDOERS_DEBUG_UTIL); + + /* Only valid after we have sent an IO buffer. */ + if (closure->state < SEND_IO) { + sudo_warnx(U_("%s: unexpected state %d"), __func__, closure->state); + debug_return_bool(false); + } + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: commit point: [%lld, %d]", + __func__, (long long)commit_point->tv_sec, commit_point->tv_nsec); + closure->committed.tv_sec = commit_point->tv_sec; + closure->committed.tv_nsec = commit_point->tv_nsec; + + if (closure->state == CLOSING) { + if (sudo_timespeccmp(&closure->elapsed, &closure->committed, ==)) { + /* Last commit point received, exit event loop. */ + closure->state = FINISHED; + closure->read_ev->del(closure->read_ev); + } + } + + debug_return_bool(true); +} + +/* + * Respond to a LogId message from the server. + * Always returns true. + */ +static bool +handle_log_id(char *id, struct client_closure *closure) +{ + debug_decl(handle_log_id, SUDOERS_DEBUG_UTIL); + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: remote log ID: %s", __func__, id); + if ((closure->iolog_id = strdup(id)) == NULL) + sudo_fatal(NULL); + debug_return_bool(true); +} + +/* + * Respond to a ServerError message from the server. + * Always returns false. + */ +static bool +handle_server_error(char *errmsg, struct client_closure *closure) +{ + debug_decl(handle_server_error, SUDOERS_DEBUG_UTIL); + + sudo_warnx(U_("error message received from server: %s"), errmsg); + debug_return_bool(false); +} + +/* + * Respond to a ServerAbort message from the server. + * Always returns false. + */ +static bool +handle_server_abort(char *errmsg, struct client_closure *closure) +{ + debug_decl(handle_server_abort, SUDOERS_DEBUG_UTIL); + + sudo_warnx(U_("abort message received from server: %s"), errmsg); + debug_return_bool(false); +} + +/* + * Respond to a ServerMessage from the server. + * Returns true on success, false on error. + */ +static bool +handle_server_message(uint8_t *buf, size_t len, + struct client_closure *closure) +{ + ServerMessage *msg; + bool ret = false; + debug_decl(handle_server_message, SUDOERS_DEBUG_UTIL); + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: unpacking ServerMessage", __func__); + msg = server_message__unpack(NULL, len, buf); + if (msg == NULL) { + sudo_warnx("%s", U_("unable to unpack ServerMessage")); + debug_return_bool(false); + } + + switch (msg->type_case) { + case SERVER_MESSAGE__TYPE_HELLO: + if (handle_server_hello(msg->hello, closure)) { + /* Format and schedule accept message. */ + closure->state = SEND_ACCEPT; + if ((ret = fmt_accept_message(closure))) { + if (closure->write_ev->add(closure->write_ev, + &closure->log_details->server_timeout) == -1) { + sudo_warn(U_("unable to add event to queue")); + ret = false; + } + } + } + break; + case SERVER_MESSAGE__TYPE_COMMIT_POINT: + ret = handle_commit_point(msg->commit_point, closure); + break; + case SERVER_MESSAGE__TYPE_LOG_ID: + ret = handle_log_id(msg->log_id, closure); + break; + case SERVER_MESSAGE__TYPE_ERROR: + ret = handle_server_error(msg->error, closure); + closure->state = ERROR; + break; + case SERVER_MESSAGE__TYPE_ABORT: + ret = handle_server_abort(msg->abort, closure); + closure->state = ERROR; + break; + default: + sudo_warnx(U_("%s: unexpected type_case value %d"), + __func__, msg->type_case); + break; + } + + server_message__free_unpacked(msg, NULL); + debug_return_bool(ret); +} + +/* + * Expand buf as needed or just reset it. + * XXX - share with logsrvd/sendlog + */ +static bool +expand_buf(struct connection_buffer *buf, unsigned int needed) +{ + void *newdata; + debug_decl(expand_buf, SUDOERS_DEBUG_UTIL); + + if (buf->size < needed) { + /* Expand buffer. */ + needed = sudo_pow2_roundup(needed); + if ((newdata = malloc(needed)) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + debug_return_bool(false); + } + if (buf->off > 0) + memcpy(newdata, buf->data + buf->off, buf->len - buf->off); + free(buf->data); + buf->data = newdata; + buf->size = needed; + } else { + /* Just reset existing buffer. */ + if (buf->off > 0) { + memmove(buf->data, buf->data + buf->off, + buf->len - buf->off); + } + } + buf->len -= buf->off; + buf->off = 0; + + debug_return_bool(true); +} + +/* + * Read and unpack a ServerMessage (read callback). + */ +static void +server_msg_cb(int fd, int what, void *v) +{ + struct client_closure *closure = v; + struct connection_buffer *buf = &closure->read_buf; + ssize_t nread; + uint32_t msg_len; + debug_decl(server_msg_cb, SUDOERS_DEBUG_UTIL); + + /* For TLS we may need to read as part of SSL_write(). */ + if (closure->write_instead_of_read) { + closure->write_instead_of_read = false; + client_msg_cb(fd, what, v); + debug_return; + } + + if (what == SUDO_PLUGIN_EV_TIMEOUT) { + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: timed out reading from server", + __func__); + goto bad; + } + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: reading ServerMessage", __func__); +#if defined(HAVE_OPENSSL) + if (closure->ssl != NULL) { + nread = SSL_read(closure->ssl, buf->data + buf->len, buf->size - buf->len); + if (nread <= 0) { + const char *errstr; + int err; + + switch (SSL_get_error(closure->ssl, nread)) { + case SSL_ERROR_ZERO_RETURN: + /* ssl connection shutdown cleanly */ + nread = 0; + break; + case SSL_ERROR_WANT_READ: + /* ssl wants to read more, read event is always active */ + sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO, + "SSL_read returns SSL_ERROR_WANT_READ"); + debug_return; + case SSL_ERROR_WANT_WRITE: + /* ssl wants to write, so schedule the write handler */ + sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO, + "SSL_read returns SSL_ERROR_WANT_WRITE"); + if (!closure->write_ev->pending(closure->write_ev, + SUDO_PLUGIN_EV_WRITE, NULL)) { + /* Enable a temporary write event. */ + if (closure->write_ev->add(closure->write_ev, NULL) == -1) { + sudo_warn(U_("unable to add event to queue")); + goto bad; + } + closure->temporary_write_event = true; + } + closure->write_instead_of_read = true; + debug_return; + case SSL_ERROR_SSL: + /* + * For TLS 1.3, if the cert verify function on the server + * returns an error, OpenSSL will send an internal error + * alert when we read ServerHello. Convert to a more useful + * message and hope that no actual internal error occurs. + */ + err = ERR_get_error(); + if (closure->state == RECV_HELLO && + ERR_GET_REASON(err) == SSL_R_TLSV1_ALERT_INTERNAL_ERROR) { + errstr = "host name does not match certificate"; + } else { + errstr = ERR_reason_error_string(err); + } + sudo_warnx("%s", errstr); + goto bad; + case SSL_ERROR_SYSCALL: + sudo_warn("recv"); + goto bad; + default: + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx("recv: %s", errstr); + goto bad; + } + } + } else +#endif /* HAVE_OPENSSL */ + { + nread = recv(fd, buf->data + buf->len, buf->size - buf->len, 0); + } + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received %zd bytes from server", + __func__, nread); + switch (nread) { + case -1: + if (errno == EAGAIN) + debug_return; + sudo_warn("recv"); + goto bad; + case 0: + sudo_warnx("%s", U_("lost connection to log server")); + goto bad; + default: + break; + } + buf->len += nread; + + while (buf->len - buf->off >= sizeof(msg_len)) { + /* Read wire message size (uint32_t in network byte order). */ + memcpy(&msg_len, buf->data + buf->off, sizeof(msg_len)); + msg_len = ntohl(msg_len); + + if (msg_len > MESSAGE_SIZE_MAX) { + sudo_warnx(U_("server message too large: %u"), msg_len); + goto bad; + } + + if (msg_len + sizeof(msg_len) > buf->len - buf->off) { + /* Incomplete message, we'll read the rest next time. */ + if (!expand_buf(buf, msg_len + sizeof(msg_len))) + goto bad; + debug_return; + } + + /* Parse ServerMessage, could be zero bytes. */ + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: parsing ServerMessage, size %u", __func__, msg_len); + buf->off += sizeof(msg_len); + if (!handle_server_message(buf->data + buf->off, msg_len, closure)) + goto bad; + buf->off += msg_len; + } + buf->len -= buf->off; + buf->off = 0; + debug_return; +bad: + if (closure->log_details->ignore_iolog_errors) { + /* Disable plugin, the command continues. */ + closure->disabled = true; + closure->read_ev->del(closure->read_ev); + } else { + /* Break out of sudo event loop and kill the command. */ + closure->read_ev->loopbreak(closure->read_ev); + } + debug_return; +} + +/* + * Send a ClientMessage to the server (write callback). + */ +static void +client_msg_cb(int fd, int what, void *v) +{ + struct client_closure *closure = v; + struct connection_buffer *buf; + ssize_t nwritten; + debug_decl(client_msg_cb, SUDOERS_DEBUG_UTIL); + + /* For TLS we may need to write as part of SSL_read(). */ + if (closure->read_instead_of_write) { + closure->read_instead_of_write = false; + /* Delete write event if it was only due to SSL_read(). */ + if (closure->temporary_write_event) { + closure->temporary_write_event = false; + closure->write_ev->del(closure->write_ev); + } + server_msg_cb(fd, what, v); + debug_return; + } + + if (what == SUDO_PLUGIN_EV_TIMEOUT) { + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: timed out writing to server", + __func__); + goto bad; + } + + if ((buf = TAILQ_FIRST(&closure->write_bufs)) == NULL) { + sudo_warn("%s", U_("missing write buffer")); + goto bad; + } + + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: sending %u bytes to server", __func__, buf->len - buf->off); + +#if defined(HAVE_OPENSSL) + if (closure->ssl != NULL) { + nwritten = SSL_write(closure->ssl, buf->data + buf->off, buf->len - buf->off); + if (nwritten <= 0) { + const char *errstr; + + switch (SSL_get_error(closure->ssl, nwritten)) { + case SSL_ERROR_ZERO_RETURN: + /* ssl connection shutdown */ + goto bad; + case SSL_ERROR_WANT_READ: + /* ssl wants to read, read event always active */ + sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO, + "SSL_write returns SSL_ERROR_WANT_READ"); + closure->write_instead_of_read = true; + debug_return; + case SSL_ERROR_WANT_WRITE: + /* ssl wants to write more, write event remains active */ + sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO, + "SSL_write returns SSL_ERROR_WANT_WRITE"); + debug_return; + case SSL_ERROR_SSL: + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx("%s", errstr); + goto bad; + case SSL_ERROR_SYSCALL: + sudo_warn("send"); + goto bad; + default: + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx("send: %s", errstr); + goto bad; + } + } + } else +#endif /* HAVE_OPENSSL */ + { + nwritten = send(fd, buf->data + buf->off, buf->len - buf->off, 0); + } + + if (nwritten == -1) { + sudo_warn("send"); + goto bad; + } + buf->off += nwritten; + + if (buf->off == buf->len) { + /* sent entire message, move buf to free list */ + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: finished sending %u bytes to server", __func__, buf->len); + buf->off = 0; + buf->len = 0; + TAILQ_REMOVE(&closure->write_bufs, buf, entries); + TAILQ_INSERT_TAIL(&closure->free_bufs, buf, entries); + if (TAILQ_EMPTY(&closure->write_bufs)) { + /* Write queue empty, check for state change. */ + closure->write_ev->del(closure->write_ev); + if (!client_message_completion(closure)) + goto bad; + } + } else { + /* not done yet */ + TAILQ_INSERT_HEAD(&closure->write_bufs, buf, entries); + } + debug_return; + +bad: + if (closure->log_details->ignore_iolog_errors) { + /* Disable plugin, the command continues. */ + closure->disabled = true; + closure->write_ev->del(closure->read_ev); + closure->write_ev->del(closure->write_ev); + } else { + /* Break out of sudo event loop and kill the command. */ + closure->write_ev->loopbreak(closure->write_ev); + } + debug_return; +} + +/* + * Allocate and initialize a new client closure + */ +struct client_closure * +client_closure_alloc(struct iolog_details *details, + struct io_plugin *sudoers_io, struct timespec *now) +{ + struct client_closure *closure; + debug_decl(client_closure_alloc, SUDOERS_DEBUG_UTIL); + + if ((closure = calloc(1, sizeof(*closure))) == NULL) + goto oom; + + closure->sock = -1; + closure->state = RECV_HELLO; + + closure->start_time.tv_sec = now->tv_sec; + closure->start_time.tv_nsec = now->tv_nsec; + + closure->read_buf.size = 64 * 1024; + closure->read_buf.data = malloc(closure->read_buf.size); + if (closure->read_buf.data == NULL) + goto oom; + + TAILQ_INIT(&closure->write_bufs); + TAILQ_INIT(&closure->free_bufs); + + if ((closure->read_ev = sudoers_io->event_alloc()) == NULL) + goto oom; + + if ((closure->write_ev = sudoers_io->event_alloc()) == NULL) + goto oom; + + closure->log_details = details; + + debug_return_ptr(closure); +oom: + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + client_closure_free(closure); + closure = NULL; + debug_return_ptr(NULL); +} + +/* + * Send ExitMessage, wait for final commit message and free closure. + */ +bool +client_close(struct client_closure *closure, int exit_status, int error) +{ + struct sudo_event_base *evbase = NULL; + bool ret = false; + debug_decl(client_close, SUDOERS_DEBUG_UTIL); + + if (closure->disabled) + goto done; + + /* Format and append an ExitMessage to the write queue. */ + if (!fmt_exit_message(closure, exit_status, error)) + goto done; + + /* + * Create private event base and reparent the read/write events. + * We cannot use the main sudo event loop as it has already exited. + */ + if ((evbase = sudo_ev_base_alloc()) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + goto done; + } + + /* Enable read event to receive server messages. */ + closure->read_ev->setbase(closure->read_ev, evbase); + if (closure->read_ev->add(closure->read_ev, + &closure->log_details->server_timeout) == -1) { + sudo_warn(U_("unable to add event to queue")); + goto done; + } + + /* Enable the write event to write the ExitMessage. */ + closure->write_ev->setbase(closure->write_ev, evbase); + if (closure->write_ev->add(closure->write_ev, + &closure->log_details->server_timeout) == -1) { + sudo_warn(U_("unable to add event to queue")); + goto done; + } + + /* Loop until queues are flushed and final commit point received. */ + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "flushing buffers and waiting for final commit point"); + if (sudo_ev_dispatch(evbase) == -1 || sudo_ev_got_break(evbase)) { + sudo_warnx(U_("error in event loop")); + goto done; + } + + ret = true; + +done: + sudo_ev_base_free(evbase); + client_closure_free(closure); + closure = NULL; + debug_return_bool(ret); +} + +#endif /* SUDOERS_IOLOG_CLIENT */ diff -Nru sudo-1.8.31/plugins/sudoers/iolog_files.h sudo-1.9.0/plugins/sudoers/iolog_files.h --- sudo-1.8.31/plugins/sudoers/iolog_files.h 2019-10-28 12:27:45.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/iolog_files.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,49 +0,0 @@ -/* - * SPDX-License-Identifier: ISC - * - * Copyright (c) 2013 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef SUDOERS_IOLOG_FILES_H -#define SUDOERS_IOLOG_FILES_H - -/* - * Indexes into io_log_files[] - */ -#define IOFD_STDIN 0 -#define IOFD_STDOUT 1 -#define IOFD_STDERR 2 -#define IOFD_TTYIN 3 -#define IOFD_TTYOUT 4 -#define IOFD_TIMING 5 -#define IOFD_MAX 6 - -struct io_log_file { - bool enabled; - const char *suffix; - union io_fd fd; -}; - -static struct io_log_file io_log_files[] = { - { false, "/stdin" }, /* IOFD_STDIN */ - { false, "/stdout" }, /* IOFD_STDOUT */ - { false, "/stderr" }, /* IOFD_STDERR */ - { false, "/ttyin" }, /* IOFD_TTYIN */ - { false, "/ttyout" }, /* IOFD_TTYOUT */ - { true, "/timing" }, /* IOFD_TIMING */ - { false, NULL } /* IOFD_MAX */ -}; - -#endif /* SUDOERS_IOLOG_H */ diff -Nru sudo-1.8.31/plugins/sudoers/iolog.h sudo-1.9.0/plugins/sudoers/iolog.h --- sudo-1.8.31/plugins/sudoers/iolog.h 2019-10-28 12:27:45.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/iolog.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,88 +0,0 @@ -/* - * SPDX-License-Identifier: ISC - * - * Copyright (c) 2009-2018 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef SUDOERS_IOLOG_H -#define SUDOERS_IOLOG_H - -#ifdef HAVE_ZLIB_H -# include /* for gzFile */ -#endif - -/* - * I/O log event types as stored as the first field in the timing file. - * Changing existing values will result in incompatible I/O log files. - */ -#define IO_EVENT_STDIN 0 -#define IO_EVENT_STDOUT 1 -#define IO_EVENT_STDERR 2 -#define IO_EVENT_TTYIN 3 -#define IO_EVENT_TTYOUT 4 -#define IO_EVENT_WINSIZE 5 -#define IO_EVENT_TTYOUT_1_8_7 6 -#define IO_EVENT_SUSPEND 7 -#define IO_EVENT_COUNT 8 - -/* Default maximum session ID */ -#define SESSID_MAX 2176782336U - -union io_fd { - FILE *f; -#ifdef HAVE_ZLIB_H - gzFile g; -#endif - void *v; -}; - -/* - * Info present in the I/O log file - */ -struct log_info { - char *cwd; - char *user; - char *runas_user; - char *runas_group; - char *tty; - char *cmd; - time_t tstamp; - int rows; - int cols; -}; - -struct timing_closure { - const char *decimal; - struct timespec *max_delay; - union io_fd fd; - int event; - union { - struct { - int rows; - int cols; - } winsize; - size_t nbytes; // XXX - int signo; - } u; -}; - -/* iolog_util.c */ -bool parse_timing(const char *buf, struct timespec *delay, struct timing_closure *timing); -char *parse_delay(const char *cp, struct timespec *delay, const char *decimal_point); -struct log_info *parse_logfile(const char *logfile); -void free_log_info(struct log_info *li); -void adjust_delay(struct timespec *delay, struct timespec *max_delay, double scale_factor); - -#endif /* SUDOERS_IOLOG_H */ diff -Nru sudo-1.8.31/plugins/sudoers/iolog_path.c sudo-1.9.0/plugins/sudoers/iolog_path.c --- sudo-1.8.31/plugins/sudoers/iolog_path.c 2019-10-28 12:27:45.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/iolog_path.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,289 +0,0 @@ -/* - * SPDX-License-Identifier: ISC - * - * Copyright (c) 2011-2015 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * This is an open source non-commercial project. Dear PVS-Studio, please check it. - * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com - */ - -#include - -#include -#include -#include -#ifdef HAVE_STRING_H -# include -#endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -# include -#endif /* HAVE_STRINGS_H */ -#include -#include -#include - -#include "sudoers.h" - -struct path_escape { - const char *name; - size_t (*copy_fn)(char *, size_t, char *); -}; - -static size_t -fill_seq(char *str, size_t strsize, char *logdir) -{ -#ifdef SUDOERS_NO_SEQ - debug_decl(fill_seq, SUDOERS_DEBUG_UTIL) - debug_return_size_t(strlcpy(str, "%{seq}", strsize)); -#else - static char sessid[7]; - int len; - debug_decl(fill_seq, SUDOERS_DEBUG_UTIL) - - if (sessid[0] == '\0') { - if (!io_nextid(logdir, def_iolog_dir, sessid)) - debug_return_size_t((size_t)-1); - } - - /* Path is of the form /var/log/sudo-io/00/00/01. */ - len = snprintf(str, strsize, "%c%c/%c%c/%c%c", sessid[0], - sessid[1], sessid[2], sessid[3], sessid[4], sessid[5]); - if (len < 0) - debug_return_size_t(strsize); /* handle non-standard snprintf() */ - debug_return_size_t(len); -#endif /* SUDOERS_NO_SEQ */ -} - -static size_t -fill_user(char *str, size_t strsize, char *unused) -{ - debug_decl(fill_user, SUDOERS_DEBUG_UTIL) - debug_return_size_t(strlcpy(str, user_name, strsize)); -} - -static size_t -fill_group(char *str, size_t strsize, char *unused) -{ - struct group *grp; - size_t len; - debug_decl(fill_group, SUDOERS_DEBUG_UTIL) - - if ((grp = sudo_getgrgid(user_gid)) != NULL) { - len = strlcpy(str, grp->gr_name, strsize); - sudo_gr_delref(grp); - } else { - len = strlen(str); - len = snprintf(str + len, strsize - len, "#%u", - (unsigned int) user_gid); - } - debug_return_size_t(len); -} - -static size_t -fill_runas_user(char *str, size_t strsize, char *unused) -{ - debug_decl(fill_runas_user, SUDOERS_DEBUG_UTIL) - debug_return_size_t(strlcpy(str, runas_pw->pw_name, strsize)); -} - -static size_t -fill_runas_group(char *str, size_t strsize, char *unused) -{ - struct group *grp; - size_t len; - debug_decl(fill_runas_group, SUDOERS_DEBUG_UTIL) - - if (runas_gr != NULL) { - len = strlcpy(str, runas_gr->gr_name, strsize); - } else { - if ((grp = sudo_getgrgid(runas_pw->pw_gid)) != NULL) { - len = strlcpy(str, grp->gr_name, strsize); - sudo_gr_delref(grp); - } else { - len = strlen(str); - len = snprintf(str + len, strsize - len, "#%u", - (unsigned int) runas_pw->pw_gid); - } - } - debug_return_size_t(len); -} - -static size_t -fill_hostname(char *str, size_t strsize, char *unused) -{ - debug_decl(fill_hostname, SUDOERS_DEBUG_UTIL) - debug_return_size_t(strlcpy(str, user_shost, strsize)); -} - -static size_t -fill_command(char *str, size_t strsize, char *unused) -{ - debug_decl(fill_command, SUDOERS_DEBUG_UTIL) - debug_return_size_t(strlcpy(str, user_base, strsize)); -} - -/* Note: "seq" must be first in the list. */ -static struct path_escape io_path_escapes[] = { - { "seq", fill_seq }, - { "user", fill_user }, - { "group", fill_group }, - { "runas_user", fill_runas_user }, - { "runas_group", fill_runas_group }, - { "hostname", fill_hostname }, - { "command", fill_command }, - { NULL, NULL } -}; - -/* - * Concatenate dir + file, expanding any escape sequences. - * Returns the concatenated path and sets slashp point to - * the path separator between the expanded dir and file. - */ -char * -expand_iolog_path(const char *prefix, const char *dir, const char *file, - char **slashp) -{ - size_t len, prelen = 0; - char *dst, *dst0, *path, *pathend, tmpbuf[PATH_MAX]; - char *slash = NULL; - const char *endbrace, *src = dir; - struct path_escape *escapes = NULL; - int pass, oldlocale; - bool strfit; - debug_decl(expand_iolog_path, SUDOERS_DEBUG_UTIL) - - /* Expanded path must be <= PATH_MAX */ - if (prefix != NULL) - prelen = strlen(prefix); - path = malloc(prelen + PATH_MAX); - if (path == NULL) { - sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - goto bad; - } - *path = '\0'; - pathend = path + prelen + PATH_MAX; - dst = path; - - /* Copy prefix, if present. */ - if (prefix != NULL) { - memcpy(path, prefix, prelen); - dst += prelen; - *dst = '\0'; - } - - /* Trim leading slashes from file component. */ - while (*file == '/') - file++; - - for (pass = 0; pass < 3; pass++) { - strfit = false; - switch (pass) { - case 0: - src = dir; - escapes = io_path_escapes + 1; /* skip "%{seq}" */ - break; - case 1: - /* Trim trailing slashes from dir component. */ - while (dst > path + prelen + 1 && dst[-1] == '/') - dst--; - /* The NUL will be replaced with a '/' at the end. */ - if (dst + 1 >= pathend) - goto bad; - slash = dst++; - continue; - case 2: - src = file; - escapes = io_path_escapes; - break; - } - dst0 = dst; - for (; *src != '\0'; src++) { - if (src[0] == '%') { - if (src[1] == '{') { - endbrace = strchr(src + 2, '}'); - if (endbrace != NULL) { - struct path_escape *esc; - len = (size_t)(endbrace - src - 2); - for (esc = escapes; esc->name != NULL; esc++) { - if (strncmp(src + 2, esc->name, len) == 0 && - esc->name[len] == '\0') - break; - } - if (esc->name != NULL) { - len = esc->copy_fn(dst, (size_t)(pathend - dst), - path + prelen); - if (len >= (size_t)(pathend - dst)) - goto bad; - dst += len; - src = endbrace; - continue; - } - } - } else if (src[1] == '%') { - /* Collapse %% -> % */ - src++; - } else { - /* May need strftime() */ - strfit = 1; - } - } - /* Need at least 2 chars, including the NUL terminator. */ - if (dst + 1 >= pathend) - goto bad; - *dst++ = *src; - } - *dst = '\0'; - - /* Expand strftime escapes as needed. */ - if (strfit) { - time_t now; - struct tm *timeptr; - - time(&now); - if ((timeptr = localtime(&now)) == NULL) - goto bad; - - /* Use sudoers locale for strftime() */ - sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); - - /* We only call strftime() on the current part of the buffer. */ - tmpbuf[sizeof(tmpbuf) - 1] = '\0'; - len = strftime(tmpbuf, sizeof(tmpbuf), dst0, timeptr); - - /* Restore old locale. */ - sudoers_setlocale(oldlocale, NULL); - - if (len == 0 || tmpbuf[sizeof(tmpbuf) - 1] != '\0') - goto bad; /* strftime() failed, buf too small? */ - - if (len >= (size_t)(pathend - dst0)) - goto bad; /* expanded buffer too big to fit. */ - memcpy(dst0, tmpbuf, len); - dst = dst0 + len; - *dst = '\0'; - } - } - if (slash != NULL) - *slash = '/'; - if (slashp != NULL) - *slashp = slash; - - debug_return_str(path); -bad: - free(path); - debug_return_str(NULL); -} diff -Nru sudo-1.8.31/plugins/sudoers/iolog_path_escapes.c sudo-1.9.0/plugins/sudoers/iolog_path_escapes.c --- sudo-1.8.31/plugins/sudoers/iolog_path_escapes.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/iolog_path_escapes.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,149 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2011-2015 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#ifdef HAVE_STRING_H +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#include +#include +#include +#include +#include + +#include "sudoers.h" +#include "sudo_iolog.h" + +static size_t +fill_seq(char *str, size_t strsize, void *v) +{ +#ifdef SUDOERS_NO_SEQ + debug_decl(fill_seq, SUDOERS_DEBUG_UTIL); + debug_return_size_t(strlcpy(str, "%{seq}", strsize)); +#else + char *logdir = v; + static char sessid[7]; + int len; + debug_decl(fill_seq, SUDOERS_DEBUG_UTIL); + + if (sessid[0] == '\0') { + if (!iolog_nextid(logdir, sessid)) + debug_return_size_t((size_t)-1); + } + + /* Path is of the form /var/log/sudo-io/00/00/01. */ + len = snprintf(str, strsize, "%c%c/%c%c/%c%c", sessid[0], + sessid[1], sessid[2], sessid[3], sessid[4], sessid[5]); + if (len < 0) + debug_return_size_t(strsize); /* handle non-standard snprintf() */ + debug_return_size_t(len); +#endif /* SUDOERS_NO_SEQ */ +} + +static size_t +fill_user(char *str, size_t strsize, void *unused) +{ + debug_decl(fill_user, SUDOERS_DEBUG_UTIL); + debug_return_size_t(strlcpy(str, user_name, strsize)); +} + +static size_t +fill_group(char *str, size_t strsize, void *unused) +{ + struct group *grp; + size_t len; + debug_decl(fill_group, SUDOERS_DEBUG_UTIL); + + if ((grp = sudo_getgrgid(user_gid)) != NULL) { + len = strlcpy(str, grp->gr_name, strsize); + sudo_gr_delref(grp); + } else { + len = strlen(str); + len = snprintf(str + len, strsize - len, "#%u", + (unsigned int) user_gid); + } + debug_return_size_t(len); +} + +static size_t +fill_runas_user(char *str, size_t strsize, void *unused) +{ + debug_decl(fill_runas_user, SUDOERS_DEBUG_UTIL); + debug_return_size_t(strlcpy(str, runas_pw->pw_name, strsize)); +} + +static size_t +fill_runas_group(char *str, size_t strsize, void *unused) +{ + struct group *grp; + size_t len; + debug_decl(fill_runas_group, SUDOERS_DEBUG_UTIL); + + if (runas_gr != NULL) { + len = strlcpy(str, runas_gr->gr_name, strsize); + } else { + if ((grp = sudo_getgrgid(runas_pw->pw_gid)) != NULL) { + len = strlcpy(str, grp->gr_name, strsize); + sudo_gr_delref(grp); + } else { + len = strlen(str); + len = snprintf(str + len, strsize - len, "#%u", + (unsigned int) runas_pw->pw_gid); + } + } + debug_return_size_t(len); +} + +static size_t +fill_hostname(char *str, size_t strsize, void *unused) +{ + debug_decl(fill_hostname, SUDOERS_DEBUG_UTIL); + debug_return_size_t(strlcpy(str, user_shost, strsize)); +} + +static size_t +fill_command(char *str, size_t strsize, void *unused) +{ + debug_decl(fill_command, SUDOERS_DEBUG_UTIL); + debug_return_size_t(strlcpy(str, user_base, strsize)); +} + +/* Note: "seq" must be first in the list. */ +static const struct iolog_path_escape path_escapes[] = { + { "seq", fill_seq }, + { "user", fill_user }, + { "group", fill_group }, + { "runas_user", fill_runas_user }, + { "runas_group", fill_runas_group }, + { "hostname", fill_hostname }, + { "command", fill_command }, + { NULL, NULL } +}; +const struct iolog_path_escape *sudoers_iolog_path_escapes = path_escapes; diff -Nru sudo-1.8.31/plugins/sudoers/iolog_plugin.h sudo-1.9.0/plugins/sudoers/iolog_plugin.h --- sudo-1.8.31/plugins/sudoers/iolog_plugin.h 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/iolog_plugin.h 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,134 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019-2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef SUDOERS_IOLOG_CLIENT_H +#define SUDOERS_IOLOG_CLIENT_H + +#if defined(HAVE_OPENSSL) +# include +#endif /* HAVE_OPENSSL */ + +#include "log_server.pb-c.h" +#include "strlist.h" + +#if PROTOBUF_C_VERSION_NUMBER < 1003000 +# error protobuf-c version 1.30 or higher required +#endif + +/* Default ports to listen on */ +#define DEFAULT_PORT "30343" +#define DEFAULT_PORT_TLS "30344" + +/* Maximum message size (2Mb) */ +#define MESSAGE_SIZE_MAX (2 * 1024 * 1024) + +/* TODO - share with logsrvd/sendlog */ +struct connection_buffer { + TAILQ_ENTRY(connection_buffer) entries; + uint8_t *data; + unsigned int size; + unsigned int len; + unsigned int off; +}; +TAILQ_HEAD(connection_buffer_list, connection_buffer); + +/* XXX - remove dependency on sudoers.h? */ +#undef runas_pw +#undef runas_gr + +struct iolog_details { + const char *cwd; + const char *host; + const char *tty; + const char *user; + const char *command; + const char *iolog_path; + struct passwd *runas_pw; + struct group *runas_gr; + char * const *argv; + char **user_env; + struct sudoers_str_list *log_servers; + struct timespec server_timeout; +#if defined(HAVE_OPENSSL) + char *ca_bundle; + char *cert_file; + char *key_file; +#endif /* HAVE_OPENSSL */ + int argc; + int lines; + int cols; + bool keepalive; + bool verify_server; + bool ignore_iolog_errors; +}; + +enum client_state { + ERROR, + RECV_HELLO, + SEND_RESTART, /* TODO: currently unimplemented */ + SEND_ACCEPT, + SEND_IO, + SEND_EXIT, + CLOSING, + FINISHED +}; + +/* Remote connection closure, non-zero fields must come first. */ +struct client_closure { + int sock; + bool read_instead_of_write; + bool write_instead_of_read; + bool temporary_write_event; + char *server_name; +#if defined(HAVE_STRUCT_IN6_ADDR) + char server_ip[INET6_ADDRSTRLEN]; +#else + char server_ip[INET_ADDRSTRLEN]; +#endif +#if defined(HAVE_OPENSSL) + SSL_CTX *ssl_ctx; + SSL *ssl; +#endif /* HAVE_OPENSSL */ + enum client_state state; + bool disabled; + struct connection_buffer_list write_bufs; + struct connection_buffer_list free_bufs; + struct connection_buffer read_buf; + struct sudo_plugin_event *read_ev; + struct sudo_plugin_event *write_ev; + struct iolog_details *log_details; + struct timespec start_time; + struct timespec elapsed; + struct timespec committed; + char *iolog_id; +}; + +/* iolog_client.c */ +struct client_closure *client_closure_alloc(struct iolog_details *details, struct io_plugin *sudoers_io, struct timespec *now); +bool client_close(struct client_closure *closure, int exit_status, int error); +bool fmt_accept_message(struct client_closure *closure); +bool fmt_client_message(struct client_closure *closure, ClientMessage *msg); +bool fmt_exit_message(struct client_closure *closure, int exit_status, int error); +bool fmt_io_buf(struct client_closure *closure, int type, const char *buf, unsigned int len, struct timespec *delay); +bool fmt_suspend(struct client_closure *closure, const char *signame, struct timespec *delay); +bool fmt_winsize(struct client_closure *closure, unsigned int lines, unsigned int cols, struct timespec *delay); +bool log_server_connect(struct client_closure *closure); +void client_closure_free(struct client_closure *closure); +bool read_server_hello(struct client_closure *closure); + +#endif /* SUDOERS_IOLOG_CLIENT_H */ diff -Nru sudo-1.8.31/plugins/sudoers/iolog_util.c sudo-1.9.0/plugins/sudoers/iolog_util.c --- sudo-1.8.31/plugins/sudoers/iolog_util.c 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/iolog_util.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,388 +0,0 @@ -/* - * SPDX-License-Identifier: ISC - * - * Copyright (c) 2009-2018 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * This is an open source non-commercial project. Dear PVS-Studio, please check it. - * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com - */ - -#include - -#include -#include -#include -#if defined(HAVE_STDINT_H) -# include -#elif defined(HAVE_INTTYPES_H) -# include -#endif -#ifdef HAVE_STRING_H -# include -#endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -# include -#endif /* HAVE_STRINGS_H */ -#include -#include -#include -#include -#include -#include -#include -#ifdef HAVE_STDBOOL_H -# include -#else -# include "compat/stdbool.h" -#endif /* HAVE_STDBOOL_H */ - -#include "sudo_gettext.h" /* must be included before sudo_compat.h */ - -#include "sudo_compat.h" -#include "sudo_fatal.h" -#include "sudo_debug.h" -#include "sudo_util.h" -#include "iolog.h" - -static int timing_event_adj; - -struct log_info * -parse_logfile(const char *logfile) -{ - FILE *fp; - char *buf = NULL, *cp, *ep; - const char *errstr; - size_t bufsize = 0, cwdsize = 0, cmdsize = 0; - struct log_info *li = NULL; - debug_decl(parse_logfile, SUDO_DEBUG_UTIL) - - fp = fopen(logfile, "r"); - if (fp == NULL) { - sudo_warn(U_("unable to open %s"), logfile); - goto bad; - } - - /* - * ID file has three lines: - * 1) a log info line - * 2) cwd - * 3) command with args - */ - if ((li = calloc(1, sizeof(*li))) == NULL) - sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - if (getdelim(&buf, &bufsize, '\n', fp) == -1 || - getdelim(&li->cwd, &cwdsize, '\n', fp) == -1 || - getdelim(&li->cmd, &cmdsize, '\n', fp) == -1) { - sudo_warn(U_("%s: invalid log file"), logfile); - goto bad; - } - - /* Strip the newline from the cwd and command. */ - li->cwd[strcspn(li->cwd, "\n")] = '\0'; - li->cmd[strcspn(li->cmd, "\n")] = '\0'; - - /* - * Crack the log line (rows and cols not present in old versions). - * timestamp:user:runas_user:runas_group:tty:rows:cols - * XXX - probably better to use strtok and switch on the state. - */ - buf[strcspn(buf, "\n")] = '\0'; - cp = buf; - - /* timestamp */ - if ((ep = strchr(cp, ':')) == NULL) { - sudo_warn(U_("%s: time stamp field is missing"), logfile); - goto bad; - } - *ep = '\0'; - li->tstamp = sudo_strtonum(cp, 0, TIME_T_MAX, &errstr); - if (errstr != NULL) { - sudo_warn(U_("%s: time stamp %s: %s"), logfile, cp, errstr); - goto bad; - } - - /* user */ - cp = ep + 1; - if ((ep = strchr(cp, ':')) == NULL) { - sudo_warn(U_("%s: user field is missing"), logfile); - goto bad; - } - if ((li->user = strndup(cp, (size_t)(ep - cp))) == NULL) - sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - - /* runas user */ - cp = ep + 1; - if ((ep = strchr(cp, ':')) == NULL) { - sudo_warn(U_("%s: runas user field is missing"), logfile); - goto bad; - } - if ((li->runas_user = strndup(cp, (size_t)(ep - cp))) == NULL) - sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - - /* runas group */ - cp = ep + 1; - if ((ep = strchr(cp, ':')) == NULL) { - sudo_warn(U_("%s: runas group field is missing"), logfile); - goto bad; - } - if (cp != ep) { - if ((li->runas_group = strndup(cp, (size_t)(ep - cp))) == NULL) - sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - } - - /* tty, followed by optional rows + columns */ - cp = ep + 1; - if ((ep = strchr(cp, ':')) == NULL) { - /* just the tty */ - if ((li->tty = strdup(cp)) == NULL) - sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - } else { - /* tty followed by rows + columns */ - if ((li->tty = strndup(cp, (size_t)(ep - cp))) == NULL) - sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - cp = ep + 1; - /* need to NULL out separator to use sudo_strtonum() */ - /* XXX - use sudo_strtonumx */ - if ((ep = strchr(cp, ':')) != NULL) { - *ep = '\0'; - } - li->rows = sudo_strtonum(cp, 1, INT_MAX, &errstr); - if (errstr != NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "%s: tty rows %s: %s", logfile, cp, errstr); - } - if (ep != NULL) { - cp = ep + 1; - li->cols = sudo_strtonum(cp, 1, INT_MAX, &errstr); - if (errstr != NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "%s: tty cols %s: %s", logfile, cp, errstr); - } - } - } - fclose(fp); - free(buf); - debug_return_ptr(li); - -bad: - if (fp != NULL) - fclose(fp); - free(buf); - free_log_info(li); - debug_return_ptr(NULL); -} - -void -adjust_delay(struct timespec *delay, struct timespec *max_delay, - double scale_factor) -{ - double seconds; - debug_decl(adjust_delay, SUDO_DEBUG_UTIL) - - if (scale_factor != 1.0) { - /* Order is important: we don't want to double the remainder. */ - seconds = (double)delay->tv_sec / scale_factor; - delay->tv_sec = (time_t)seconds; - delay->tv_nsec /= scale_factor; - delay->tv_nsec += (seconds - delay->tv_sec) * 1000000000; - while (delay->tv_nsec >= 1000000000) { - delay->tv_sec++; - delay->tv_nsec -= 1000000000; - } - } - - /* Clamp to max delay. */ - if (max_delay != NULL) { - if (sudo_timespeccmp(delay, max_delay, >)) { - delay->tv_sec = max_delay->tv_sec; - delay->tv_nsec = max_delay->tv_nsec; - } - } - - debug_return; -} - -/* - * Parse the delay as seconds and nanoseconds: %lld.%09ld - * Sudo used to write this as a double, but since timing data is logged - * in the C locale this may not match the current locale. - */ -char * -parse_delay(const char *cp, struct timespec *delay, const char *decimal_point) -{ - char numbuf[(((sizeof(long long) * 8) + 2) / 3) + 2]; - const char *errstr, *ep; - long long llval; - size_t len; - debug_decl(parse_delay, SUDO_DEBUG_UTIL) - - /* Parse seconds (whole number portion). */ - for (ep = cp; isdigit((unsigned char)*ep); ep++) - continue; - len = (size_t)(ep - cp); - if (len >= sizeof(numbuf)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "%s: number of seconds is too large", cp); - debug_return_ptr(NULL); - } - memcpy(numbuf, cp, len); - numbuf[len] = '\0'; - delay->tv_sec = sudo_strtonum(numbuf, 0, TIME_T_MAX, &errstr); - if (errstr != NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "%s: number of seconds is %s", numbuf, errstr); - debug_return_ptr(NULL); - } - - /* Radix may be in user's locale for sudo < 1.7.4 so accept that too. */ - if (*ep != '.' && *ep != *decimal_point) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "invalid characters after seconds: %s", ep); - debug_return_ptr(NULL); - } - cp = ep + 1; - - /* Parse fractional part, we may read more precision than we can store. */ - for (ep = cp; isdigit((unsigned char)*ep); ep++) - continue; - len = (size_t)(ep - cp); - if (len >= sizeof(numbuf)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "%s: number of nanoseconds is too large", cp); - debug_return_ptr(NULL); - } - memcpy(numbuf, cp, len); - numbuf[len] = '\0'; - llval = sudo_strtonum(numbuf, 0, LLONG_MAX, &errstr); - if (errstr != NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "%s: number of nanoseconds is %s", numbuf, errstr); - debug_return_ptr(NULL); - } - - /* Adjust fractional part to nanosecond precision. */ - if (len < 9) { - /* Convert to nanosecond precision. */ - do { - llval *= 10; - } while (++len < 9); - } else if (len > 9) { - /* Clamp to nanoseconds. */ - do { - llval /= 10; - } while (--len > 9); - } - delay->tv_nsec = (long)llval; - - /* Advance to the next field. */ - while (isspace((unsigned char)*ep)) - ep++; - - debug_return_str((char *)ep); -} - -/* - * Parse a timing line, which is formatted as: - * IO_EVENT_TTYOUT sleep_time num_bytes - * IO_EVENT_WINSIZE sleep_time rows cols - * IO_EVENT_SUSPEND sleep_time signo - * Where type is IO_EVENT_*, sleep_time is the number of seconds to sleep - * before writing the data and num_bytes is the number of bytes to output. - * Returns true on success and false on failure. - */ -bool -parse_timing(const char *buf, struct timespec *delay, - struct timing_closure *timing) -{ - unsigned long ulval; - char *cp, *ep; - debug_decl(parse_timing, SUDO_DEBUG_UTIL) - - /* Clear fd. */ - timing->fd.v = NULL; - - /* Parse event type. */ - ulval = strtoul(buf, &ep, 10); - if (ep == buf || !isspace((unsigned char) *ep)) - goto bad; - if (ulval >= IO_EVENT_COUNT) - goto bad; - if (ulval == IO_EVENT_TTYOUT_1_8_7) { - /* work around a bug in timing files generated by sudo 1.8.7 */ - timing_event_adj = 2; - } - timing->event = (int)ulval - timing_event_adj; - for (cp = ep + 1; isspace((unsigned char) *cp); cp++) - continue; - - /* Parse delay, returns the next field or NULL on error. */ - if ((cp = parse_delay(cp, delay, timing->decimal)) == NULL) - goto bad; - - switch (timing->event) { - case IO_EVENT_SUSPEND: - /* Signal name (no leading SIG prefix) or number. */ - if (str2sig(cp, &timing->u.signo) == -1) - goto bad; - break; - case IO_EVENT_WINSIZE: - ulval = strtoul(cp, &ep, 10); - if (ep == cp || !isspace((unsigned char) *ep)) - goto bad; - if (ulval > INT_MAX) - goto bad; - timing->u.winsize.rows = (int)ulval; - for (cp = ep + 1; isspace((unsigned char) *cp); cp++) - continue; - - ulval = strtoul(cp, &ep, 10); - if (ep == cp || *ep != '\0') - goto bad; - if (ulval > INT_MAX) - goto bad; - timing->u.winsize.cols = (int)ulval; - break; - default: - errno = 0; - ulval = strtoul(cp, &ep, 10); - if (ep == cp || *ep != '\0') - goto bad; - /* Note: assumes SIZE_MAX == ULONG_MAX */ - if (errno == ERANGE && ulval == ULONG_MAX) - goto bad; - timing->u.nbytes = (size_t)ulval; - break; - } - - debug_return_bool(true); -bad: - debug_return_bool(false); -} - -void -free_log_info(struct log_info *li) -{ - if (li != NULL) { - free(li->cwd); - free(li->user); - free(li->runas_user); - free(li->runas_group); - free(li->tty); - free(li->cmd); - free(li); - } -} diff -Nru sudo-1.8.31/plugins/sudoers/ldap.c sudo-1.9.0/plugins/sudoers/ldap.c --- sudo-1.8.31/plugins/sudoers/ldap.c 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/ldap.c 2020-05-11 16:28:23.000000000 +0000 @@ -170,7 +170,7 @@ struct ldap_config_str *uri; size_t len = 0; char *buf = NULL; - debug_decl(sudo_ldap_join_uri, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_join_uri, SUDOERS_DEBUG_LDAP); STAILQ_FOREACH(uri, uri_list, entries) { if (ldap_conf.ssl_mode == SUDO_LDAP_STARTTLS) { @@ -206,7 +206,7 @@ { LDAP *ld; int ret = LDAP_CONNECT_ERROR; - debug_decl(sudo_ldap_init, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_init, SUDOERS_DEBUG_LDAP); #ifdef HAVE_LDAPSSL_INIT if (ldap_conf.ssl_mode != SUDO_LDAP_CLEAR) { @@ -324,7 +324,7 @@ bool ret = false; char *val; int rc; - debug_decl(sudo_ldap_check_non_unix_group, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_check_non_unix_group, SUDOERS_DEBUG_LDAP); if (!entry) debug_return_bool(ret); @@ -368,7 +368,7 @@ #ifdef HAVE_LDAP_STR2DN char *dn, *rdn = NULL; LDAPDN tmpDN; - debug_decl(sudo_ldap_get_first_rdn, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_get_first_rdn, SUDOERS_DEBUG_LDAP); if ((dn = ldap_get_dn(ld, entry)) == NULL) debug_return_str(NULL); @@ -380,7 +380,7 @@ debug_return_str(rdn); #else char *dn, **edn; - debug_decl(sudo_ldap_get_first_rdn, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_get_first_rdn, SUDOERS_DEBUG_LDAP); if ((dn = ldap_get_dn(ld, entry)) == NULL) debug_return_str(NULL); @@ -401,7 +401,7 @@ char *cn, *cp, *source = NULL; bool ret = false; int rc; - debug_decl(sudo_ldap_parse_options, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_parse_options, SUDOERS_DEBUG_LDAP); bv = sudo_ldap_get_values_len(ld, entry, "sudoOption", &rc); if (bv == NULL) { @@ -474,7 +474,7 @@ time_t now; char timebuffer[sizeof("20120727121554.0Z")]; int len = -1; - debug_decl(sudo_ldap_timefilter, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_timefilter, SUDOERS_DEBUG_LDAP); /* Make sure we have a formatted timestamp for __now__. */ time(&now); @@ -509,7 +509,7 @@ sudo_ldap_build_default_filter(void) { char *filt; - debug_decl(sudo_ldap_build_default_filter, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_build_default_filter, SUDOERS_DEBUG_LDAP); if (!ldap_conf.search_filter) debug_return_str(strdup("cn=defaults")); @@ -910,7 +910,7 @@ struct group *grp; size_t sz = 0; int i; - debug_decl(sudo_ldap_build_pass1, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_build_pass1, SUDOERS_DEBUG_LDAP); STAILQ_INIT(&netgroups); @@ -1084,7 +1084,7 @@ char *filt, timebuffer[TIMEFILTER_LENGTH + 1]; bool query_netgroups = def_use_netgroups; int len; - debug_decl(sudo_ldap_build_pass2, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_build_pass2, SUDOERS_DEBUG_LDAP); /* No need to query netgroups if using netgroup_base. */ if (!STAILQ_EMPTY(&ldap_conf.netgroup_base)) @@ -1141,7 +1141,7 @@ struct member *m; unsigned int i; int rc; - debug_decl(ldap_to_sudoers, SUDOERS_DEBUG_LDAP) + debug_decl(ldap_to_sudoers, SUDOERS_DEBUG_LDAP); /* We only have a single userspec */ if ((us = calloc(1, sizeof(*us))) == NULL) @@ -1253,7 +1253,7 @@ int ret = 0; unsigned int junk; static bool initialized; - debug_decl(sudo_set_krb5_ccache_name, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_set_krb5_ccache_name, SUDOERS_DEBUG_LDAP); if (!initialized) { sudo_gss_krb5_ccache_name = (sudo_gss_krb5_ccache_name_t) @@ -1296,7 +1296,7 @@ ssize_t nread, nwritten = -1; static char new_ccname[sizeof(_PATH_TMP) + sizeof("sudocc_XXXXXXXX") - 1]; char buf[10240], *ret = NULL; - debug_decl(sudo_krb5_copy_cc_file, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_krb5_copy_cc_file, SUDOERS_DEBUG_LDAP); old_ccname = sudo_krb5_ccname_path(old_ccname); if (old_ccname != NULL) { @@ -1358,7 +1358,7 @@ char *auth_id = (char *)_auth_id; sasl_interact_t *interact = (sasl_interact_t *)_interact; int ret = LDAP_SUCCESS; - debug_decl(sudo_ldap_sasl_interact, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_sasl_interact, SUDOERS_DEBUG_LDAP); for (; interact->id != SASL_CB_LIST_END; interact++) { if (interact->id != SASL_CB_USER) { @@ -1397,7 +1397,7 @@ sudo_ldap_result_alloc(void) { struct ldap_result *result; - debug_decl(sudo_ldap_result_alloc, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_result_alloc, SUDOERS_DEBUG_LDAP); result = calloc(1, sizeof(*result)); if (result != NULL) @@ -1413,7 +1413,7 @@ sudo_ldap_result_free(struct ldap_result *lres) { struct ldap_search_result *s; - debug_decl(sudo_ldap_result_free, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_result_free, SUDOERS_DEBUG_LDAP); if (lres != NULL) { if (lres->nentries) { @@ -1438,7 +1438,7 @@ LDAPMessage *searchresult) { struct ldap_search_result *news; - debug_decl(sudo_ldap_result_add_search, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_result_add_search, SUDOERS_DEBUG_LDAP); /* Create new entry and add it to the end of the chain. */ news = calloc(1, sizeof(*news)); @@ -1459,7 +1459,7 @@ sudo_ldap_bind_s(LDAP *ld) { int ret; - debug_decl(sudo_ldap_bind_s, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_bind_s, SUDOERS_DEBUG_LDAP); #ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S if (ldap_conf.rootuse_sasl == true || @@ -1553,7 +1553,7 @@ sudo_ldap_close(struct sudo_nss *nss) { struct sudo_ldap_handle *handle = nss->handle; - debug_decl(sudo_ldap_close, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_close, SUDOERS_DEBUG_LDAP); if (handle != NULL) { /* Unbind and close the LDAP connection. */ @@ -1583,7 +1583,7 @@ int rc = -1; bool ldapnoinit = false; struct sudo_ldap_handle *handle; - debug_decl(sudo_ldap_open, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_open, SUDOERS_DEBUG_LDAP); if (nss->handle != NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR, @@ -1688,7 +1688,7 @@ char *filt = NULL; int rc, ret = -1; static bool cached; - debug_decl(sudo_ldap_getdefs, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_getdefs, SUDOERS_DEBUG_LDAP); if (handle == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR, @@ -1746,7 +1746,7 @@ { const struct ldap_entry_wrapper *aw = a; const struct ldap_entry_wrapper *bw = b; - debug_decl(ldap_entry_compare, SUDOERS_DEBUG_LDAP) + debug_decl(ldap_entry_compare, SUDOERS_DEBUG_LDAP); debug_return_int(aw->order < bw->order ? -1 : (aw->order > bw->order ? 1 : 0)); @@ -1759,7 +1759,7 @@ static struct ldap_search_result * sudo_ldap_result_last_search(struct ldap_result *lres) { - debug_decl(sudo_ldap_result_last_search, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_result_last_search, SUDOERS_DEBUG_LDAP); debug_return_ptr(STAILQ_LAST(&lres->searches, ldap_search_result, entries)); } @@ -1775,7 +1775,7 @@ double order = 0.0; char *ep; int rc; - debug_decl(sudo_ldap_result_add_entry, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_result_add_entry, SUDOERS_DEBUG_LDAP); /* Determine whether the entry has the sudoOrder attribute. */ last = sudo_ldap_result_last_search(lres); @@ -1836,7 +1836,7 @@ LDAP *ld = handle->ld; char *filt = NULL; int pass, rc; - debug_decl(sudo_ldap_result_get, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_result_get, SUDOERS_DEBUG_LDAP); /* * Okay - time to search for anything that matches this user @@ -1934,7 +1934,7 @@ struct sudo_ldap_handle *handle = nss->handle; struct ldap_result *lres = NULL; int ret = -1; - debug_decl(sudo_ldap_query, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_query, SUDOERS_DEBUG_LDAP); if (handle == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR, @@ -1986,7 +1986,7 @@ sudo_ldap_parse(struct sudo_nss *nss) { struct sudo_ldap_handle *handle = nss->handle; - debug_decl(sudo_ldap_parse, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_parse, SUDOERS_DEBUG_LDAP); if (handle == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR, diff -Nru sudo-1.8.31/plugins/sudoers/ldap_conf.c sudo-1.9.0/plugins/sudoers/ldap_conf.c --- sudo-1.8.31/plugins/sudoers/ldap_conf.c 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/ldap_conf.c 2020-05-11 16:28:23.000000000 +0000 @@ -197,7 +197,7 @@ char *host, *last, *port, defport[13]; char hostbuf[LINE_MAX * 2]; int len; - debug_decl(sudo_ldap_conf_add_ports, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_conf_add_ports, SUDOERS_DEBUG_LDAP); hostbuf[0] = '\0'; len = snprintf(defport, sizeof(defport), ":%d", ldap_conf.port); @@ -243,7 +243,7 @@ char *buf, hostbuf[LINE_MAX]; int nldap = 0, nldaps = 0; int ret = -1; - debug_decl(sudo_ldap_parse_uri, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_parse_uri, SUDOERS_DEBUG_LDAP); hostbuf[0] = '\0'; STAILQ_FOREACH(entry, uri_list, entries) { @@ -328,7 +328,7 @@ { unsigned char *result = NULL; size_t len, reslen; - debug_decl(sudo_ldap_decode_secret, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_decode_secret, SUDOERS_DEBUG_LDAP); if (strncasecmp(secret, "base64:", sizeof("base64:") - 1) == 0) { /* @@ -360,7 +360,7 @@ char *line = NULL; size_t linesize = 0; ssize_t len; - debug_decl(sudo_ldap_read_secret, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_read_secret, SUDOERS_DEBUG_LDAP); if ((fp = fopen(path_ldap_secret, "r")) != NULL) { len = getdelim(&line, &linesize, '\n', fp); @@ -396,7 +396,7 @@ { struct ldap_config_table *cur; const char *errstr; - debug_decl(sudo_ldap_parse_keyword, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_parse_keyword, SUDOERS_DEBUG_LDAP); /* Look up keyword in config tables */ for (cur = table; cur->conf_str != NULL; cur++) { @@ -478,7 +478,7 @@ sudo_krb5_ccname_path(const char *old_ccname) { const char *ccname = old_ccname; - debug_decl(sudo_krb5_ccname_path, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_krb5_ccname_path, SUDOERS_DEBUG_LDAP); /* Strip off leading FILE: or WRFILE: prefix. */ switch (ccname[0]) { @@ -505,7 +505,7 @@ { int fd = -1; const char *ccname_path; - debug_decl(sudo_check_krb5_ccname, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_check_krb5_ccname, SUDOERS_DEBUG_LDAP); /* Strip off prefix to get path name. */ ccname_path = sudo_krb5_ccname_path(ccname); @@ -535,7 +535,7 @@ struct ldap_config_str *conf_str; size_t linesize = 0; FILE *fp; - debug_decl(sudo_ldap_read_config, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_read_config, SUDOERS_DEBUG_LDAP); /* defaults */ ldap_conf.version = 3; @@ -815,7 +815,7 @@ struct ldap_config_table *cur; int ival, rc, errors = 0; char *sval; - debug_decl(sudo_ldap_set_options_table, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_set_options_table, SUDOERS_DEBUG_LDAP); for (cur = table; cur->conf_str != NULL; cur++) { if (cur->opt_val == -1) @@ -860,7 +860,7 @@ sudo_ldap_set_options_global(void) { int ret; - debug_decl(sudo_ldap_set_options_global, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_set_options_global, SUDOERS_DEBUG_LDAP); /* Set ber options */ #ifdef LBER_OPT_DEBUG_LEVEL @@ -881,7 +881,7 @@ sudo_ldap_set_options_conn(LDAP *ld) { int rc; - debug_decl(sudo_ldap_set_options_conn, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_set_options_conn, SUDOERS_DEBUG_LDAP); /* Parse per-connection LDAP options table. */ rc = sudo_ldap_set_options_table(ld, ldap_conf_conn); diff -Nru sudo-1.8.31/plugins/sudoers/ldap_util.c sudo-1.9.0/plugins/sudoers/ldap_util.c --- sudo-1.8.31/plugins/sudoers/ldap_util.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/ldap_util.c 2020-05-11 16:28:23.000000000 +0000 @@ -56,7 +56,7 @@ { char *val = *valp; bool ret = false; - debug_decl(sudo_ldap_is_negated, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_is_negated, SUDOERS_DEBUG_LDAP); while (*val == '!') { ret = !ret; @@ -78,7 +78,7 @@ char *cp, *val = NULL; char *var = optstr; int op; - debug_decl(sudo_ldap_parse_option, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_parse_option, SUDOERS_DEBUG_LDAP); /* check for equals sign past first char */ cp = strchr(var, '='); @@ -130,7 +130,7 @@ struct member_list *members; struct member *m; char *val; - debug_decl(bv_to_member_list, SUDOERS_DEBUG_LDAP) + debug_decl(bv_to_member_list, SUDOERS_DEBUG_LDAP); if ((members = calloc(1, sizeof(*members))) == NULL) return NULL; @@ -148,19 +148,9 @@ break; case '+': m->type = NETGROUP; - m->name = strdup(val); - if (m->name == NULL) { - free(m); - goto bad; - } break; case '%': m->type = USERGROUP; - m->name = strdup(val); - if (m->name == NULL) { - free(m); - goto bad; - } break; case 'A': if (strcmp(val, "ALL") == 0) { @@ -170,12 +160,13 @@ /* FALLTHROUGH */ default: m->type = WORD; - m->name = strdup(val); - if (m->name == NULL) { + break; + } + if (m->type != ALL && m->type != MYSELF) { + if ((m->name = strdup(val)) == NULL) { free(m); goto bad; } - break; } if (m->negated) TAILQ_INSERT_TAIL(&negated_members, m, entries); @@ -199,7 +190,7 @@ union sudo_in_addr_un addr; bool ret = false; char *slash; - debug_decl(is_address, SUDOERS_DEBUG_LDAP) + debug_decl(is_address, SUDOERS_DEBUG_LDAP); /* Check for mask, not currently parsed. */ if ((slash = strchr(host, '/')) != NULL) @@ -222,14 +213,11 @@ host_to_member(char *host) { struct member *m; - debug_decl(host_to_member, SUDOERS_DEBUG_LDAP) + debug_decl(host_to_member, SUDOERS_DEBUG_LDAP); if ((m = calloc(1, sizeof(*m))) == NULL) goto oom; m->negated = sudo_ldap_is_negated(&host); - m->name = strdup(host); - if (m->name == NULL) - goto oom; switch (*host) { case '+': m->type = NETGROUP; @@ -248,6 +236,10 @@ } break; } + if (m->type != ALL) { + if ((m->name = strdup(host)) == NULL) + goto oom; + } debug_return_ptr(m); oom: @@ -260,7 +252,7 @@ char *source, struct defaults_list *defs) { struct defaults *def; - debug_decl(sudo_ldap_add_default, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_add_default, SUDOERS_DEBUG_LDAP); if ((def = calloc(1, sizeof(*def))) == NULL) goto oom; @@ -289,6 +281,110 @@ } /* + * If a digest prefix is present, add it to struct command_digest_list + * and update cmnd to point to the command after the digest. + * Returns 1 if a digest was parsed, 0 if not and -1 on error. + */ +static int +sudo_ldap_extract_digest(char **cmnd, struct command_digest_list *digests) +{ + char *ep, *cp = *cmnd; + struct command_digest *digest; + int digest_type = SUDO_DIGEST_INVALID; + debug_decl(sudo_ldap_extract_digest, SUDOERS_DEBUG_LDAP); + + /* + * Check for and extract a digest prefix, e.g. + * sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1 /bin/ls + */ + if (cp[0] == 's' && cp[1] == 'h' && cp[2] == 'a') { + switch (cp[3]) { + case '2': + if (cp[4] == '2' && cp[5] == '4') + digest_type = SUDO_DIGEST_SHA224; + else if (cp[4] == '5' && cp[5] == '6') + digest_type = SUDO_DIGEST_SHA256; + break; + case '3': + if (cp[4] == '8' && cp[5] == '4') + digest_type = SUDO_DIGEST_SHA384; + break; + case '5': + if (cp[4] == '1' && cp[5] == '2') + digest_type = SUDO_DIGEST_SHA512; + break; + } + if (digest_type != SUDO_DIGEST_INVALID) { + cp += 6; + while (isblank((unsigned char)*cp)) + cp++; + if (*cp == ':') { + cp++; + while (isblank((unsigned char)*cp)) + cp++; + ep = cp; + while (*ep != '\0' && !isblank((unsigned char)*ep) && *ep != ',') + ep++; + if (isblank((unsigned char)*ep) || *ep == ',') { + if ((digest = malloc(sizeof(*digest))) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); + debug_return_int(-1); + } + digest->digest_type = digest_type; + digest->digest_str = strndup(cp, (size_t)(ep - cp)); + if (digest->digest_str == NULL) { + sudo_warnx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); + free(digest); + debug_return_int(-1); + } + while (isblank((unsigned char)*ep)) + ep++; + *cmnd = ep; + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s digest %s for %s", + digest_type_to_name(digest_type), + digest->digest_str, cp); + TAILQ_INSERT_TAIL(digests, digest, entries); + debug_return_int(1); + } + } + } + } + debug_return_int(0); +} + +/* + * If a digest list is present, fill in struct command_digest_list + * and update cmnd to point to the command after the digest. + * Returns false on error, else true. + */ +static bool +sudo_ldap_extract_digests(char **cmnd, struct command_digest_list *digests) +{ + char *cp = *cmnd; + int rc; + debug_decl(sudo_ldap_extract_digests, SUDOERS_DEBUG_LDAP); + + for (;;) { + rc = sudo_ldap_extract_digest(&cp, digests); + if (rc != 1) + break; + + /* Check for additional digestspecs, separated by a comma. */ + if (*cp != ',') + break; + do { + cp++; + } while (isblank((unsigned char)*cp)); + } + *cmnd = cp; + + debug_return_bool(rc != -1); +} + +/* * Convert an LDAP sudoRole to a sudoers privilege. * Pass in struct berval ** for LDAP or char *** for SSSD. */ @@ -304,7 +400,7 @@ struct privilege *priv; struct member *m; char *cmnd; - debug_decl(sudo_ldap_role_to_priv, SUDOERS_DEBUG_LDAP) + debug_decl(sudo_ldap_role_to_priv, SUDOERS_DEBUG_LDAP); if ((priv = calloc(1, sizeof(*priv))) == NULL) goto oom; @@ -358,6 +454,7 @@ goto oom; } m->name = (char *)c; + TAILQ_INIT(&c->digests); } /* Negated commands have precedence so insert them at the end. */ @@ -481,17 +578,13 @@ if (cmndspec->tags.setenv == UNSPEC) cmndspec->tags.setenv = IMPLIED; } else { - struct command_digest digest; char *args; m->type = COMMAND; - /* Fill in command with optional digest. */ - if (sudo_ldap_extract_digest(&cmnd, &digest) != NULL) { - if ((c->digest = malloc(sizeof(*c->digest))) == NULL) - goto oom; - *c->digest = digest; - } + /* Fill in command with optional digests. */ + if (!sudo_ldap_extract_digests(&cmnd, &c->digests)) + goto oom; if ((args = strpbrk(cmnd, " \t")) != NULL) { *args++ = '\0'; if ((c->args = strdup(args)) == NULL) @@ -515,70 +608,3 @@ } debug_return_ptr(NULL); } - -/* - * If a digest prefix is present, fills in struct command_digest - * and returns a pointer to it, updating cmnd to point to the - * command after the digest. - */ -struct command_digest * -sudo_ldap_extract_digest(char **cmnd, struct command_digest *digest) -{ - char *ep, *cp = *cmnd; - int digest_type = SUDO_DIGEST_INVALID; - debug_decl(sudo_ldap_check_command, SUDOERS_DEBUG_LDAP) - - /* - * Check for and extract a digest prefix, e.g. - * sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1 /bin/ls - */ - if (cp[0] == 's' && cp[1] == 'h' && cp[2] == 'a') { - switch (cp[3]) { - case '2': - if (cp[4] == '2' && cp[5] == '4') - digest_type = SUDO_DIGEST_SHA224; - else if (cp[4] == '5' && cp[5] == '6') - digest_type = SUDO_DIGEST_SHA256; - break; - case '3': - if (cp[4] == '8' && cp[5] == '4') - digest_type = SUDO_DIGEST_SHA384; - break; - case '5': - if (cp[4] == '1' && cp[5] == '2') - digest_type = SUDO_DIGEST_SHA512; - break; - } - if (digest_type != SUDO_DIGEST_INVALID) { - cp += 6; - while (isblank((unsigned char)*cp)) - cp++; - if (*cp == ':') { - cp++; - while (isblank((unsigned char)*cp)) - cp++; - ep = cp; - while (*ep != '\0' && !isblank((unsigned char)*ep)) - ep++; - if (*ep != '\0') { - digest->digest_type = digest_type; - digest->digest_str = strndup(cp, (size_t)(ep - cp)); - if (digest->digest_str == NULL) { - sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - debug_return_ptr(NULL); - } - cp = ep + 1; - while (isblank((unsigned char)*cp)) - cp++; - *cmnd = cp; - sudo_debug_printf(SUDO_DEBUG_INFO, - "%s digest %s for %s", - digest_type_to_name(digest_type), - digest->digest_str, cp); - debug_return_ptr(digest); - } - } - } - } - debug_return_ptr(NULL); -} diff -Nru sudo-1.8.31/plugins/sudoers/linux_audit.c sudo-1.9.0/plugins/sudoers/linux_audit.c --- sudo-1.8.31/plugins/sudoers/linux_audit.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/linux_audit.c 2020-05-11 16:28:23.000000000 +0000 @@ -46,7 +46,7 @@ linux_audit_open(void) { static int au_fd = -1; - debug_decl(linux_audit_open, SUDOERS_DEBUG_AUDIT) + debug_decl(linux_audit_open, SUDOERS_DEBUG_AUDIT); if (au_fd != -1) debug_return_int(au_fd); @@ -69,7 +69,7 @@ int au_fd, rc = -1; char *command, *cp, **av; size_t size, n; - debug_decl(linux_audit_command, SUDOERS_DEBUG_AUDIT) + debug_decl(linux_audit_command, SUDOERS_DEBUG_AUDIT); /* Don't return an error if auditing is not configured. */ if ((au_fd = linux_audit_open()) < 0) diff -Nru sudo-1.8.31/plugins/sudoers/locale.c sudo-1.9.0/plugins/sudoers/locale.c --- sudo-1.8.31/plugins/sudoers/locale.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/locale.c 2020-05-11 16:28:23.000000000 +0000 @@ -54,14 +54,14 @@ int sudoers_getlocale(void) { - debug_decl(sudoers_getlocale, SUDOERS_DEBUG_UTIL) + debug_decl(sudoers_getlocale, SUDOERS_DEBUG_UTIL); debug_return_int(current_locale); } bool sudoers_initlocale(const char *ulocale, const char *slocale) { - debug_decl(sudoers_initlocale, SUDOERS_DEBUG_UTIL) + debug_decl(sudoers_initlocale, SUDOERS_DEBUG_UTIL); if (ulocale != NULL) { free(user_locale); @@ -88,7 +88,7 @@ sudoers_setlocale(int newlocale, int *prevlocale) { char *res = NULL; - debug_decl(sudoers_setlocale, SUDOERS_DEBUG_UTIL) + debug_decl(sudoers_setlocale, SUDOERS_DEBUG_UTIL); switch (newlocale) { case SUDOERS_LOCALE_USER: @@ -135,7 +135,7 @@ bool sudoers_warn_setlocale(bool restore, int *cookie) { - debug_decl(sudoers_warn_setlocale, SUDOERS_DEBUG_UTIL) + debug_decl(sudoers_warn_setlocale, SUDOERS_DEBUG_UTIL); if (restore) debug_return_bool(sudoers_setlocale(*cookie, NULL)); @@ -148,7 +148,7 @@ bool sudoers_locale_callback(const union sudo_defs_val *sd_un) { - debug_decl(sudoers_locale_callback, SUDOERS_DEBUG_UTIL) + debug_decl(sudoers_locale_callback, SUDOERS_DEBUG_UTIL); if (sudoers_initlocale(NULL, sd_un->str)) { if (setlocale(LC_ALL, sd_un->str) != NULL) diff -Nru sudo-1.8.31/plugins/sudoers/logging.c sudo-1.9.0/plugins/sudoers/logging.c --- sudo-1.8.31/plugins/sudoers/logging.c 2019-12-25 19:19:10.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/logging.c 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1994-1996, 1998-2019 Todd C. Miller + * Copyright (c) 1994-1996, 1998-2020 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -73,8 +73,6 @@ static void mysyslog(int, const char *, ...); static char *new_logline(const char *, const char *); -#define MAXSYSLOGTRIES 16 /* num of retries for broken syslogs */ - /* * We do an openlog(3)/closelog(3) for each message because some * authentication methods (notably PAM) use syslog(3) for their @@ -85,7 +83,7 @@ { const int flags = def_syslog_pid ? LOG_PID : 0; va_list ap; - debug_decl(mysyslog, SUDOERS_DEBUG_LOGGING) + debug_decl(mysyslog, SUDOERS_DEBUG_LOGGING); openlog("sudo", flags, def_syslog); va_start(ap, fmt); @@ -106,7 +104,7 @@ char *p, *tmp, save; const char *fmt; int oldlocale; - debug_decl(do_syslog, SUDOERS_DEBUG_LOGGING) + debug_decl(do_syslog, SUDOERS_DEBUG_LOGGING); /* A priority of -1 corresponds to "none". */ if (pri == -1) @@ -164,7 +162,7 @@ char *full_line; mode_t oldmask; FILE *fp; - debug_decl(do_logfile, SUDOERS_DEBUG_LOGGING) + debug_decl(do_logfile, SUDOERS_DEBUG_LOGGING); sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); @@ -241,30 +239,27 @@ int oldlocale; bool uid_changed, ret = true; bool mailit; - debug_decl(log_denial, SUDOERS_DEBUG_LOGGING) - - /* Handle auditing first (audit_failure() handles the locale itself). */ - if (ISSET(status, FLAG_NO_USER | FLAG_NO_HOST)) - audit_failure(NewArgc, NewArgv, N_("No user or host")); - else - audit_failure(NewArgc, NewArgv, N_("validation failure")); + debug_decl(log_denial, SUDOERS_DEBUG_LOGGING); /* Send mail based on status. */ mailit = should_mail(status); + /* Set error message. */ + if (ISSET(status, FLAG_NO_USER)) + message = N_("user NOT in sudoers"); + else if (ISSET(status, FLAG_NO_HOST)) + message = N_("user NOT authorized on host"); + else + message = N_("command not allowed"); + + /* Do auditing first (audit_failure() handles the locale itself). */ + audit_failure(NewArgc, NewArgv, "%s", message); + if (def_log_denied || mailit) { /* Log and mail messages should be in the sudoers locale. */ sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); - /* Set error message. */ - if (ISSET(status, FLAG_NO_USER)) - message = _("user NOT in sudoers"); - else if (ISSET(status, FLAG_NO_HOST)) - message = _("user NOT authorized on host"); - else - message = _("command not allowed"); - - logline = new_logline(message, NULL); + logline = new_logline(_(message), NULL); if (logline == NULL) debug_return_bool(false); @@ -328,7 +323,7 @@ log_failure(int status, int flags) { bool ret, inform_user = true; - debug_decl(log_failure, SUDOERS_DEBUG_LOGGING) + debug_decl(log_failure, SUDOERS_DEBUG_LOGGING); /* The user doesn't always get to see the log message (path info). */ if (!ISSET(status, FLAG_NO_USER | FLAG_NO_HOST) && def_path_info && @@ -361,10 +356,10 @@ { int flags = 0; bool ret = true; - debug_decl(log_auth_failure, SUDOERS_DEBUG_LOGGING) + debug_decl(log_auth_failure, SUDOERS_DEBUG_LOGGING); - /* Handle auditing first. */ - audit_failure(NewArgc, NewArgv, N_("authentication failure")); + /* Do auditing first (audit_failure() handles the locale itself). */ + audit_failure(NewArgc, NewArgv, "%s", N_("authentication failure")); /* * Do we need to send mail? @@ -405,7 +400,7 @@ int oldlocale; bool uid_changed, ret = true; bool mailit; - debug_decl(log_allowed, SUDOERS_DEBUG_LOGGING) + debug_decl(log_allowed, SUDOERS_DEBUG_LOGGING); /* Send mail based on status. */ mailit = should_mail(status); @@ -457,7 +452,7 @@ char *src, *dst0, *dst, *dst_end; size_t size; int len; - debug_decl(fmt_authfail_message, SUDOERS_DEBUG_LOGGING) + debug_decl(fmt_authfail_message, SUDOERS_DEBUG_LOGGING); if (def_authfail_message == NULL) { debug_return_int(asprintf(str, ngettext("%u incorrect password attempt", @@ -514,7 +509,7 @@ bool uid_changed, ret = true; va_list ap2; int len; - debug_decl(vlog_warning, SUDOERS_DEBUG_LOGGING) + debug_decl(vlog_warning, SUDOERS_DEBUG_LOGGING); /* Need extra copy of ap for sudo_vwarn()/sudo_vwarnx() below. */ va_copy(ap2, ap); @@ -625,7 +620,7 @@ { va_list ap; bool ret; - debug_decl(log_warning, SUDOERS_DEBUG_LOGGING) + debug_decl(log_warning, SUDOERS_DEBUG_LOGGING); /* Log the error. */ va_start(ap, fmt); @@ -640,7 +635,7 @@ { va_list ap; bool ret; - debug_decl(log_warningx, SUDOERS_DEBUG_LOGGING) + debug_decl(log_warningx, SUDOERS_DEBUG_LOGGING); /* Log the error. */ va_start(ap, fmt); @@ -655,7 +650,7 @@ { va_list ap; bool ret; - debug_decl(gai_log_warning, SUDOERS_DEBUG_LOGGING) + debug_decl(gai_log_warning, SUDOERS_DEBUG_LOGGING); /* Log the error. */ va_start(ap, fmt); @@ -670,7 +665,7 @@ { unsigned char *debug_fds; int fd, startfd; - debug_decl(closefrom_nodebug, SUDOERS_DEBUG_LOGGING) + debug_decl(closefrom_nodebug, SUDOERS_DEBUG_LOGGING); startfd = sudo_debug_get_fds(&debug_fds) + 1; if (lowfd > startfd) @@ -720,14 +715,10 @@ NULL }; #endif /* NO_ROOT_MAILER */ - debug_decl(exec_mailer, SUDOERS_DEBUG_LOGGING) + debug_decl(exec_mailer, SUDOERS_DEBUG_LOGGING); - /* Set stdin to read side of the pipe or clear FD_CLOEXEC */ - if (pipein == STDIN_FILENO) - i = fcntl(pipein, F_SETFD, 0); - else - i = dup2(pipein, STDIN_FILENO); - if (i == -1) { + /* Set stdin to read side of the pipe. */ + if (dup3(pipein, STDIN_FILENO, 0) == -1) { mysyslog(LOG_ERR, _("unable to dup stdin: %m")); sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to dup stdin: %s", strerror(errno)); @@ -784,7 +775,7 @@ pid_t pid, rv; struct stat sb; va_list ap; - debug_decl(send_mail, SUDOERS_DEBUG_LOGGING) + debug_decl(send_mail, SUDOERS_DEBUG_LOGGING); /* If mailer is disabled just return. */ if (!def_mailerpath || !def_mailto) @@ -810,14 +801,14 @@ sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to fork: %s", strerror(errno)); sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys); - _exit(1); + _exit(EXIT_FAILURE); case 0: /* Grandchild continues below. */ sudo_debug_enter(__func__, __FILE__, __LINE__, sudo_debug_subsys); break; default: /* Parent will wait for us. */ - _exit(0); + _exit(EXIT_SUCCESS); } break; default: @@ -856,7 +847,7 @@ sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to open pipe: %s", strerror(errno)); sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys); - _exit(1); + _exit(EXIT_FAILURE); } switch (pid = sudo_debug_fork()) { @@ -866,7 +857,7 @@ sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to fork: %s", strerror(errno)); sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys); - _exit(1); + _exit(EXIT_FAILURE); break; case 0: /* Child. */ @@ -922,7 +913,7 @@ sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "child (%d) exit value %d", (int)rv, status); sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys); - _exit(0); + _exit(EXIT_SUCCESS); } /* @@ -931,7 +922,7 @@ static bool should_mail(int status) { - debug_decl(should_mail, SUDOERS_DEBUG_LOGGING) + debug_decl(should_mail, SUDOERS_DEBUG_LOGGING); debug_return_bool(def_mail_always || ISSET(status, VALIDATE_ERROR) || (def_mail_all_cmnds && ISSET(sudo_mode, (MODE_RUN|MODE_EDIT))) || @@ -968,7 +959,7 @@ #endif const char *tsid = NULL; size_t len = 0; - debug_decl(new_logline, SUDOERS_DEBUG_LOGGING) + debug_decl(new_logline, SUDOERS_DEBUG_LOGGING); #ifndef SUDOERS_NO_SEQ /* A TSID may be a sudoers-style session ID or a free-form string. */ diff -Nru sudo-1.8.31/plugins/sudoers/logging.h sudo-1.9.0/plugins/sudoers/logging.h --- sudo-1.8.31/plugins/sudoers/logging.h 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/logging.h 2020-05-11 16:28:23.000000000 +0000 @@ -63,6 +63,7 @@ /* XXX - needed for auditing */ extern int NewArgc; extern char **NewArgv; +extern char *audit_msg; union sudo_defs_val; diff -Nru sudo-1.8.31/plugins/sudoers/logwrap.c sudo-1.9.0/plugins/sudoers/logwrap.c --- sudo-1.8.31/plugins/sudoers/logwrap.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/logwrap.c 2020-05-11 16:28:23.000000000 +0000 @@ -42,7 +42,7 @@ char *beg = line; char *end; int len, outlen = 0; - debug_decl(writeln_wrap, SUDOERS_DEBUG_LOGGING) + debug_decl(writeln_wrap, SUDOERS_DEBUG_LOGGING); /* * Print out line with word wrap around maxlen characters. diff -Nru sudo-1.8.31/plugins/sudoers/Makefile.in sudo-1.9.0/plugins/sudoers/Makefile.in --- sudo-1.8.31/plugins/sudoers/Makefile.in 2019-12-25 19:21:05.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/Makefile.in 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ # # SPDX-License-Identifier: ISC # -# Copyright (c) 1996, 1998-2005, 2007-2018 +# Copyright (c) 1996, 1998-2005, 2007-2020 # Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any @@ -26,10 +26,14 @@ #### Start of system configuration section. #### srcdir = @srcdir@ +abs_srcdir = @abs_srcdir@ +top_srcdir = @top_srcdir@ +abs_top_srcdir = @abs_top_srcdir@ +top_builddir = @top_builddir@ +abs_top_builddir = @abs_top_builddir@ devdir = @devdir@ +scriptdir = $(top_srcdir)/scripts authdir = $(srcdir)/auth -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ incdir = $(top_srcdir)/include docdir = @docdir@ libdir = @libdir@ @@ -52,11 +56,13 @@ INSTALL_BACKUP = @INSTALL_BACKUP@ # Libraries -LT_LIBS = $(top_builddir)/lib/util/libsudo_util.la -LIBS = $(LT_LIBS) +LIBUTIL = $(top_builddir)/lib/util/libsudo_util.la +LIBIOLOG = $(top_builddir)/lib/iolog/libsudo_iolog.la +LIBLOGSRV = @LIBLOGSRV@ +LIBS = $(LIBUTIL) NET_LIBS = @NET_LIBS@ -SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@ -REPLAY_LIBS = @REPLAY_LIBS@ @ZLIB@ +SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ @LIBTLS@ $(NET_LIBS) $(LIBIOLOG) $(LIBLOGSRV) +REPLAY_LIBS = @REPLAY_LIBS@ $(LIBIOLOG) VISUDO_LIBS = $(NET_LIBS) CVTSUDOERS_LIBS = $(NET_LIBS) TESTSUDOERS_LIBS = $(NET_LIBS) @@ -70,7 +76,7 @@ # C preprocessor flags CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(devdir) -I$(srcdir) \ - -I$(top_srcdir) $(CPPDEFS) @CPPFLAGS@ + $(CPPDEFS) @CPPFLAGS@ # Usually -O and/or -g CFLAGS = @CFLAGS@ @@ -148,8 +154,8 @@ PROGS = sudoers.la visudo sudoreplay cvtsudoers testsudoers TEST_PROGS = check_addr check_base64 check_digest check_env_pattern check_fill \ - check_gentime check_hexchar check_iolog_path check_iolog_plugin \ - check_iolog_util check_wrap check_starttime @SUDOERS_TEST_PROGS@ + check_gentime check_hexchar check_iolog_plugin check_wrap \ + check_starttime @SUDOERS_TEST_PROGS@ AUTH_OBJS = sudo_auth.lo @AUTH_OBJS@ @@ -157,17 +163,17 @@ filedigest.lo gentime.lo gmtoff.lo gram.lo hexchar.lo \ match.lo match_addr.lo match_command.lo match_digest.lo \ pwutil.lo pwutil_impl.lo rcstr.lo redblack.lo \ - sudoers_debug.lo timeout.lo timestr.lo toke.lo \ - toke_util.lo + strlist.lo sudoers_debug.lo timeout.lo timestr.lo \ + toke.lo toke_util.lo LIBPARSESUDOERS_IOBJS = $(LIBPARSESUDOERS_OBJS:.lo=.i) passwd.i SUDOERS_OBJS = $(AUTH_OBJS) boottime.lo check.lo editor.lo env.lo \ env_pattern.lo file.lo find_path.lo fmtsudoers.lo gc.lo \ goodpath.lo group_plugin.lo interfaces.lo iolog.lo \ - iolog_path.lo locale.lo logging.lo logwrap.lo mkdir_parents.lo \ - parse.lo policy.lo prompt.lo set_perms.lo starttime.lo \ - sudo_nss.lo sudoers.lo timestamp.lo @SUDOERS_OBJS@ + iolog_path_escapes.lo locale.lo iolog_client.lo logging.lo \ + logwrap.lo parse.lo policy.lo prompt.lo set_perms.lo \ + starttime.lo sudo_nss.lo sudoers.lo timestamp.lo @SUDOERS_OBJS@ SUDOERS_IOBJS = $(SUDOERS_OBJS:.lo=.i) @@ -178,17 +184,17 @@ CVTSUDOERS_OBJS = cvtsudoers.o cvtsudoers_json.o cvtsudoers_ldif.o \ cvtsudoers_pwutil.o fmtsudoers.lo locale.lo parse_ldif.o \ - strlist.o stubs.o sudo_printf.o ldap_util.lo + stubs.o sudo_printf.o ldap_util.lo CVTSUDOERS_IOBJS = cvtsudoers.i cvtsudoers_json.i cvtsudoers_ldif.i \ - cvtsudoers_pwutil.i strlist.i + cvtsudoers_pwutil.i -REPLAY_OBJS = getdate.o sudoreplay.o iolog_util.o +REPLAY_OBJS = getdate.o sudoreplay.o REPLAY_IOBJS = $(REPLAY_OBJS:.o=.i) TEST_OBJS = fmtsudoers.lo group_plugin.lo interfaces.lo ldap_util.lo \ - locale.lo net_ifs.o parse_ldif.o strlist.o sudo_printf.o \ + locale.lo net_ifs.o parse_ldif.o sudo_printf.o \ testsudoers.o tsgetgrpw.o IOBJS = $(LIBPARSESUDOERS_IOBJS) $(SUDOERS_IOBJS) $(VISUDO_IOBJS) \ @@ -213,15 +219,9 @@ CHECK_HEXCHAR_OBJS = check_hexchar.o hexchar.lo sudoers_debug.lo -CHECK_IOLOG_PATH_OBJS = check_iolog_path.o iolog_path.lo locale.lo \ - pwutil.lo pwutil_impl.lo redblack.lo sudoers_debug.lo - -CHECK_IOLOG_PLUGIN_OBJS = check_iolog_plugin.o iolog.lo iolog_path.lo \ - iolog_util.o locale.lo mkdir_parents.lo pwutil.lo \ - pwutil_impl.lo redblack.lo sudoers_debug.lo - -CHECK_IOLOG_UTIL_OBJS = check_iolog_util.o iolog_util.o locale.lo \ - sudoers_debug.lo +CHECK_IOLOG_PLUGIN_OBJS = check_iolog_plugin.o iolog.lo iolog_client.lo \ + locale.lo pwutil.lo pwutil_impl.lo redblack.lo \ + strlist.lo sudoers_debug.lo CHECK_SYMBOLS_OBJS = check_symbols.o @@ -262,8 +262,8 @@ @true depend: - $(top_srcdir)/mkdep.pl --srcdir=$(top_srcdir) \ - --builddir=`pwd`/$(top_builddir) plugins/sudoers/Makefile.in + $(scriptdir)/mkdep.pl --srcdir=$(abs_top_srcdir) \ + --builddir=$(abs_top_builddir) plugins/sudoers/Makefile.in cd $(top_builddir) && ./config.status --file plugins/sudoers/Makefile Makefile: $(srcdir)/Makefile.in @@ -272,7 +272,7 @@ libparsesudoers.la: $(LIBPARSESUDOERS_OBJS) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(LIBPARSESUDOERS_OBJS) -no-install -sudoers.la: $(SUDOERS_OBJS) $(LT_LIBS) libparsesudoers.la @LT_LDDEP@ +sudoers.la: $(SUDOERS_OBJS) $(LIBUTIL) $(LIBIOLOG) $(LIBLOGSRV) libparsesudoers.la @LT_LDDEP@ case "$(LT_LDFLAGS)" in \ *-no-install*) \ $(LIBTOOL) $(LTFLAGS) @LT_STATIC@ --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) -o $@ $(SUDOERS_OBJS) libparsesudoers.la $(SUDOERS_LIBS) -module;; \ @@ -280,59 +280,53 @@ $(LIBTOOL) $(LTFLAGS) @LT_STATIC@ --mode=link $(CC) $(LDFLAGS) $(ASAN_LDFLAGS) $(SSP_LDFLAGS) $(LT_LDFLAGS) -o $@ $(SUDOERS_OBJS) libparsesudoers.la $(SUDOERS_LIBS) -module -avoid-version -rpath $(plugindir) -shrext .so;; \ esac -visudo: libparsesudoers.la $(VISUDO_OBJS) $(LT_LIBS) +visudo: libparsesudoers.la $(VISUDO_OBJS) $(LIBUTIL) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(VISUDO_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) libparsesudoers.la $(LIBS) $(VISUDO_LIBS) -cvtsudoers: libparsesudoers.la $(CVTSUDOERS_OBJS) $(LT_LIBS) +cvtsudoers: libparsesudoers.la $(CVTSUDOERS_OBJS) $(LIBUTIL) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CVTSUDOERS_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) libparsesudoers.la $(LIBS) $(CVTSUDOERS_LIBS) -sudoreplay: timestr.lo $(REPLAY_OBJS) $(LT_LIBS) - $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(REPLAY_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) timestr.lo $(LIBS) $(REPLAY_LIBS) +sudoreplay: timestr.lo $(REPLAY_OBJS) $(LIBUTIL) $(LIBIOLOG) + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(REPLAY_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) timestr.lo $(REPLAY_LIBS) -testsudoers: libparsesudoers.la $(TEST_OBJS) $(LT_LIBS) +testsudoers: libparsesudoers.la $(TEST_OBJS) $(LIBUTIL) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(TEST_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) libparsesudoers.la $(LIBS) $(TESTSUDOERS_LIBS) -tsdump: $(TSDUMP_OBJS) $(LT_LIBS) +tsdump: $(TSDUMP_OBJS) $(LIBUTIL) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(TSDUMP_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) -check_addr: $(CHECK_ADDR_OBJS) $(LT_LIBS) +check_addr: $(CHECK_ADDR_OBJS) $(LIBUTIL) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_ADDR_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) $(NET_LIBS) -check_base64: $(CHECK_BASE64_OBJS) $(LT_LIBS) +check_base64: $(CHECK_BASE64_OBJS) $(LIBUTIL) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_BASE64_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) -check_digest: $(CHECK_DIGEST_OBJS) $(LT_LIBS) +check_digest: $(CHECK_DIGEST_OBJS) $(LIBUTIL) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_DIGEST_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) -check_env_pattern: $(CHECK_ENV_MATCH_OBJS) $(LT_LIBS) +check_env_pattern: $(CHECK_ENV_MATCH_OBJS) $(LIBUTIL) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_ENV_MATCH_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) -check_fill: $(CHECK_FILL_OBJS) $(LT_LIBS) +check_fill: $(CHECK_FILL_OBJS) $(LIBUTIL) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_FILL_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) -check_gentime: $(CHECK_GENTIME_OBJS) $(LT_LIBS) +check_gentime: $(CHECK_GENTIME_OBJS) $(LIBUTIL) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_GENTIME_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) -check_hexchar: $(CHECK_HEXCHAR_OBJS) $(LT_LIBS) +check_hexchar: $(CHECK_HEXCHAR_OBJS) $(LIBUTIL) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_HEXCHAR_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) -check_iolog_path: $(CHECK_IOLOG_PATH_OBJS) $(LT_LIBS) - $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_IOLOG_PATH_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) - -check_iolog_plugin: $(CHECK_IOLOG_PLUGIN_OBJS) $(LT_LIBS) - $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_IOLOG_PLUGIN_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @ZLIB@ - -check_iolog_util: $(CHECK_IOLOG_UTIL_OBJS) $(LT_LIBS) - $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_IOLOG_UTIL_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @ZLIB@ +check_iolog_plugin: $(CHECK_IOLOG_PLUGIN_OBJS) $(LIBUTIL) $(LIBIOLOG) $(LIBLOGSRV) + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_IOLOG_PLUGIN_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBIOLOG) $(LIBLOGSRV) @LIBTLS@ -check_starttime: $(CHECK_STARTTIME_OBJS) $(LT_LIBS) +check_starttime: $(CHECK_STARTTIME_OBJS) $(LIBUTIL) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_STARTTIME_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) # We need to link check_symbols with -lpthread on HP-UX since LDAP uses threads -check_symbols: $(CHECK_SYMBOLS_OBJS) $(LT_LIBS) +check_symbols: $(CHECK_SYMBOLS_OBJS) $(LIBUTIL) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_SYMBOLS_OBJS) $(CHECK_SYMBOLS_LDFLAGS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @SUDO_LIBS@ -check_wrap: $(CHECK_WRAP_OBJS) $(LT_LIBS) +check_wrap: $(CHECK_WRAP_OBJS) $(LIBUTIL) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_WRAP_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) GENERATED = gram.h gram.c toke.c def_data.c def_data.h getdate.c @@ -399,7 +393,7 @@ install: install-plugin install-binaries install-sudoers install-doc install-dirs: - $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(plugindir) \ + $(SHELL) $(scriptdir)/mkinstalldirs $(DESTDIR)$(plugindir) \ $(DESTDIR)$(sbindir) $(DESTDIR)$(bindir) \ $(DESTDIR)$(sudoersdir) $(DESTDIR)$(docdir) \ `echo $(DESTDIR)$(rundir)|$(SED) 's,/[^/]*$$,,'` \ @@ -446,10 +440,10 @@ -rm -f $(DESTDIR)$(sudoersdir)/sudoers.dist splint: - splint $(SPLINT_OPTS) -I$(incdir) -I$(top_builddir) -I$(devdir) -I$(srcdir) -I$(top_srcdir) $(srcdir)/*.c $(srcdir)/auth/*.c + splint $(SPLINT_OPTS) -I$(incdir) -I$(top_builddir) -I$(devdir) -I$(srcdir) $(srcdir)/*.c $(srcdir)/auth/*.c cppcheck: - cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) -I$(devdir) -I$(srcdir) -I$(top_srcdir) $(srcdir)/*.c $(srcdir)/auth/*.c + cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) -I$(devdir) -I$(srcdir) $(srcdir)/*.c $(srcdir)/auth/*.c pvs-log-files: $(POBJS) @@ -474,9 +468,8 @@ ./check_fill || rval=`expr $$rval + $$?`; \ ./check_gentime || rval=`expr $$rval + $$?`; \ ./check_hexchar || rval=`expr $$rval + $$?`; \ - ./check_iolog_path $(srcdir)/regress/iolog_path/data || rval=`expr $$rval + $$?`; \ - ./check_iolog_plugin $(srcdir)/regress/iolog_plugin/iolog || rval=`expr $$rval + $$?`; \ - ./check_iolog_util || rval=`expr $$rval + $$?`; \ + mkdir -p regress/iolog_plugin; \ + ./check_iolog_plugin regress/iolog_plugin/iolog || rval=`expr $$rval + $$?`; \ ./check_starttime || rval=`expr $$rval + $$?`; \ if test -f check_symbols; then \ ./check_symbols .libs/sudoers.so $(shlib_exp) || rval=`expr $$rval + $$?`; \ @@ -618,9 +611,11 @@ clean: -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f $(PROGS) $(TEST_PROGS) \ - *.lo *.o *.la *.a *.i *.plog stamp-* core *.core core.* \ - prologue regress/*/*.out regress/*/*.toke regress/*/*.err \ - regress/*/*.json regress/*/*.ldif regress/*/*.sudo + *.lo *.o *.la + -rm -f *.i *.plog stamp-* core *.core core.* prologue regress/*/*.out \ + regress/*/*.toke regress/*/*.err regress/*/*.json \ + regress/*/*.ldif regress/*/*.ldif2sudo regress/*/*.sudo + -rm -rf regress/iolog_plugin/iolog mostlyclean: clean @@ -639,25 +634,27 @@ cleandir: realclean # Autogenerated dependencies, do not modify -afs.lo: $(authdir)/afs.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h +afs.lo: $(authdir)/afs.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/afs.c -afs.i: $(authdir)/afs.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h +afs.i: $(authdir)/afs.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< afs.plog: afs.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(authdir)/afs.c --i-file $< --output-file $@ -aix_auth.lo: $(authdir)/aix_auth.c $(devdir)/def_data.h \ +aix_auth.lo: $(authdir)/aix_auth.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ @@ -667,7 +664,7 @@ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/aix_auth.c -aix_auth.i: $(authdir)/aix_auth.c $(devdir)/def_data.h \ +aix_auth.i: $(authdir)/aix_auth.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ @@ -761,7 +758,7 @@ $(CC) -E -o $@ $(CPPFLAGS) $< boottime.plog: boottime.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/boottime.c --i-file $< --output-file $@ -bsdauth.lo: $(authdir)/bsdauth.c $(devdir)/def_data.h \ +bsdauth.lo: $(authdir)/bsdauth.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ @@ -771,7 +768,7 @@ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/bsdauth.c -bsdauth.i: $(authdir)/bsdauth.c $(devdir)/def_data.h \ +bsdauth.i: $(authdir)/bsdauth.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ @@ -935,68 +932,32 @@ $(CC) -E -o $@ $(CPPFLAGS) $< check_hexchar.plog: check_hexchar.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/parser/check_hexchar.c --i-file $< --output-file $@ -check_iolog_path.o: $(srcdir)/regress/iolog_path/check_iolog_path.c \ - $(devdir)/def_data.c $(devdir)/def_data.h \ - $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h - $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/iolog_path/check_iolog_path.c -check_iolog_path.i: $(srcdir)/regress/iolog_path/check_iolog_path.c \ - $(devdir)/def_data.c $(devdir)/def_data.h \ - $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h - $(CC) -E -o $@ $(CPPFLAGS) $< -check_iolog_path.plog: check_iolog_path.i - rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/iolog_path/check_iolog_path.c --i-file $< --output-file $@ check_iolog_plugin.o: $(srcdir)/regress/iolog_plugin/check_iolog_plugin.c \ $(devdir)/def_data.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/iolog.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h \ + $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/iolog_plugin/check_iolog_plugin.c check_iolog_plugin.i: $(srcdir)/regress/iolog_plugin/check_iolog_plugin.c \ $(devdir)/def_data.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/iolog.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h \ + $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< check_iolog_plugin.plog: check_iolog_plugin.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/iolog_plugin/check_iolog_plugin.c --i-file $< --output-file $@ -check_iolog_util.o: $(srcdir)/regress/iolog_util/check_iolog_util.c \ - $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_util.h \ - $(srcdir)/iolog.h $(top_builddir)/config.h - $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/iolog_util/check_iolog_util.c -check_iolog_util.i: $(srcdir)/regress/iolog_util/check_iolog_util.c \ - $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_util.h \ - $(srcdir)/iolog.h $(top_builddir)/config.h - $(CC) -E -o $@ $(CPPFLAGS) $< -check_iolog_util.plog: check_iolog_util.i - rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/iolog_util/check_iolog_util.c --i-file $< --output-file $@ check_starttime.o: $(srcdir)/regress/starttime/check_starttime.c \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_util.h \ @@ -1065,25 +1026,25 @@ $(devdir)/gram.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/cvtsudoers.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/strlist.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(incdir)/sudo_gettext.h $(incdir)/sudo_json.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/cvtsudoers.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/strlist.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/cvtsudoers_json.c cvtsudoers_json.i: $(srcdir)/cvtsudoers_json.c $(devdir)/def_data.h \ $(devdir)/gram.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/cvtsudoers.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/strlist.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(incdir)/sudo_gettext.h $(incdir)/sudo_json.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/cvtsudoers.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/strlist.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< cvtsudoers_json.plog: cvtsudoers_json.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/cvtsudoers_json.c --i-file $< --output-file $@ @@ -1141,21 +1102,23 @@ $(CC) -E -o $@ $(CPPFLAGS) $< cvtsudoers_pwutil.plog: cvtsudoers_pwutil.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/cvtsudoers_pwutil.c --i-file $< --output-file $@ -dce.lo: $(authdir)/dce.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h +dce.lo: $(authdir)/dce.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/dce.c -dce.i: $(authdir)/dce.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h +dce.i: $(authdir)/dce.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< dce.plog: dce.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(authdir)/dce.c --i-file $< --output-file $@ @@ -1345,20 +1308,22 @@ $(CC) -E -o $@ $(CPPFLAGS) $< fmtsudoers.plog: fmtsudoers.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/fmtsudoers.c --i-file $< --output-file $@ -fwtk.lo: $(authdir)/fwtk.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ +fwtk.lo: $(authdir)/fwtk.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/fwtk.c -fwtk.i: $(authdir)/fwtk.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ +fwtk.i: $(authdir)/fwtk.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< fwtk.plog: fwtk.i @@ -1546,75 +1511,99 @@ interfaces.plog: interfaces.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/interfaces.c --i-file $< --output-file $@ iolog.lo: $(srcdir)/iolog.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ + $(incdir)/log_server.pb-c.h $(incdir)/protobuf-c/protobuf-c.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/iolog.h $(srcdir)/iolog_files.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/iolog_plugin.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/strlist.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog.c iolog.i: $(srcdir)/iolog.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ + $(incdir)/log_server.pb-c.h $(incdir)/protobuf-c/protobuf-c.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/iolog.h $(srcdir)/iolog_files.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/iolog_plugin.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/strlist.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< iolog.plog: iolog.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog.c --i-file $< --output-file $@ -iolog_path.lo: $(srcdir)/iolog_path.c $(devdir)/def_data.h \ - $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h - $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_path.c -iolog_path.i: $(srcdir)/iolog_path.c $(devdir)/def_data.h \ - $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h - $(CC) -E -o $@ $(CPPFLAGS) $< -iolog_path.plog: iolog_path.i - rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_path.c --i-file $< --output-file $@ -iolog_util.o: $(srcdir)/iolog_util.c $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/iolog.h \ - $(top_builddir)/config.h - $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_util.c -iolog_util.i: $(srcdir)/iolog_util.c $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/iolog.h \ - $(top_builddir)/config.h +iolog_client.lo: $(srcdir)/iolog_client.c $(devdir)/def_data.h \ + $(incdir)/compat/getaddrinfo.h $(incdir)/compat/stdbool.h \ + $(incdir)/hostcheck.h $(incdir)/log_server.pb-c.h \ + $(incdir)/protobuf-c/protobuf-c.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/iolog_plugin.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/strlist.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_client.c +iolog_client.i: $(srcdir)/iolog_client.c $(devdir)/def_data.h \ + $(incdir)/compat/getaddrinfo.h $(incdir)/compat/stdbool.h \ + $(incdir)/hostcheck.h $(incdir)/log_server.pb-c.h \ + $(incdir)/protobuf-c/protobuf-c.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/iolog_plugin.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/strlist.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< -iolog_util.plog: iolog_util.i - rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_util.c --i-file $< --output-file $@ -kerb5.lo: $(authdir)/kerb5.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ +iolog_client.plog: iolog_client.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_client.c --i-file $< --output-file $@ +iolog_path_escapes.lo: $(srcdir)/iolog_path_escapes.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h \ + $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_path_escapes.c +iolog_path_escapes.i: $(srcdir)/iolog_path_escapes.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h \ + $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +iolog_path_escapes.plog: iolog_path_escapes.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_path_escapes.c --i-file $< --output-file $@ +kerb5.lo: $(authdir)/kerb5.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/kerb5.c -kerb5.i: $(authdir)/kerb5.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ +kerb5.i: $(authdir)/kerb5.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< kerb5.plog: kerb5.i @@ -1848,49 +1837,27 @@ match_digest.lo: $(srcdir)/match_digest.c $(devdir)/def_data.h \ $(devdir)/gram.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(incdir)/sudo_debug.h $(incdir)/sudo_digest.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/match_digest.c match_digest.i: $(srcdir)/match_digest.c $(devdir)/def_data.h \ $(devdir)/gram.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(incdir)/sudo_debug.h $(incdir)/sudo_digest.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< match_digest.plog: match_digest.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/match_digest.c --i-file $< --output-file $@ -mkdir_parents.lo: $(srcdir)/mkdir_parents.c $(devdir)/def_data.h \ - $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h - $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/mkdir_parents.c -mkdir_parents.i: $(srcdir)/mkdir_parents.c $(devdir)/def_data.h \ - $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h - $(CC) -E -o $@ $(CPPFLAGS) $< -mkdir_parents.plog: mkdir_parents.i - rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/mkdir_parents.c --i-file $< --output-file $@ net_ifs.o: $(top_srcdir)/src/net_ifs.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ @@ -1905,21 +1872,23 @@ $(CC) -E -o $@ $(CPPFLAGS) $< net_ifs.plog: net_ifs.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(top_srcdir)/src/net_ifs.c --i-file $< --output-file $@ -pam.lo: $(authdir)/pam.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h +pam.lo: $(authdir)/pam.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/pam.c -pam.i: $(authdir)/pam.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h +pam.i: $(authdir)/pam.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< pam.plog: pam.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(authdir)/pam.c --i-file $< --output-file $@ @@ -1967,18 +1936,18 @@ $(CC) -E -o $@ $(CPPFLAGS) $< parse_ldif.plog: parse_ldif.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/parse_ldif.c --i-file $< --output-file $@ -passwd.lo: $(authdir)/passwd.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ +passwd.lo: $(authdir)/passwd.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/passwd.c -passwd.i: $(authdir)/passwd.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ +passwd.i: $(authdir)/passwd.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ @@ -2113,7 +2082,7 @@ $(CC) -E -o $@ $(CPPFLAGS) $< redblack.plog: redblack.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/redblack.c --i-file $< --output-file $@ -rfc1938.lo: $(authdir)/rfc1938.c $(devdir)/def_data.h \ +rfc1938.lo: $(authdir)/rfc1938.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ @@ -2123,7 +2092,7 @@ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/rfc1938.c -rfc1938.i: $(authdir)/rfc1938.c $(devdir)/def_data.h \ +rfc1938.i: $(authdir)/rfc1938.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ @@ -2135,29 +2104,31 @@ $(CC) -E -o $@ $(CPPFLAGS) $< rfc1938.plog: rfc1938.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(authdir)/rfc1938.c --i-file $< --output-file $@ -secureware.lo: $(authdir)/secureware.c $(devdir)/def_data.h \ - $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ +secureware.lo: $(authdir)/secureware.c $(authdir)/sudo_auth.h \ + $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/secureware.c -secureware.i: $(authdir)/secureware.c $(devdir)/def_data.h \ - $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ +secureware.i: $(authdir)/secureware.c $(authdir)/sudo_auth.h \ + $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< secureware.plog: secureware.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(authdir)/secureware.c --i-file $< --output-file $@ -securid5.lo: $(authdir)/securid5.c $(devdir)/def_data.h \ +securid5.lo: $(authdir)/securid5.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ @@ -2167,7 +2138,7 @@ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/securid5.c -securid5.i: $(authdir)/securid5.c $(devdir)/def_data.h \ +securid5.i: $(authdir)/securid5.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ @@ -2201,21 +2172,23 @@ $(CC) -E -o $@ $(CPPFLAGS) $< set_perms.plog: set_perms.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/set_perms.c --i-file $< --output-file $@ -sia.lo: $(authdir)/sia.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h +sia.lo: $(authdir)/sia.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/sia.c -sia.i: $(authdir)/sia.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h +sia.i: $(authdir)/sia.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< sia.plog: sia.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(authdir)/sia.c --i-file $< --output-file $@ @@ -2287,15 +2260,15 @@ $(CC) -E -o $@ $(CPPFLAGS) $< starttime.plog: starttime.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/starttime.c --i-file $< --output-file $@ -strlist.o: $(srcdir)/strlist.c $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/strlist.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h - $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/strlist.c +strlist.lo: $(srcdir)/strlist.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/strlist.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/strlist.c strlist.i: $(srcdir)/strlist.c $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/strlist.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/strlist.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h $(CC) -E -o $@ $(CPPFLAGS) $< strlist.plog: strlist.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/strlist.c --i-file $< --output-file $@ @@ -2319,31 +2292,31 @@ $(CC) -E -o $@ $(CPPFLAGS) $< stubs.plog: stubs.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/stubs.c --i-file $< --output-file $@ -sudo_auth.lo: $(authdir)/sudo_auth.c $(devdir)/def_data.h \ - $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_rand.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/ins_2001.h $(srcdir)/ins_classic.h \ - $(srcdir)/ins_csops.h $(srcdir)/ins_goons.h \ - $(srcdir)/ins_python.h $(srcdir)/insults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h +sudo_auth.lo: $(authdir)/sudo_auth.c $(authdir)/sudo_auth.h \ + $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_rand.h \ + $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/ins_2001.h \ + $(srcdir)/ins_classic.h $(srcdir)/ins_csops.h \ + $(srcdir)/ins_goons.h $(srcdir)/ins_python.h $(srcdir)/insults.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/sudo_auth.c -sudo_auth.i: $(authdir)/sudo_auth.c $(devdir)/def_data.h \ - $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_rand.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/ins_2001.h $(srcdir)/ins_classic.h \ - $(srcdir)/ins_csops.h $(srcdir)/ins_goons.h \ - $(srcdir)/ins_python.h $(srcdir)/insults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h +sudo_auth.i: $(authdir)/sudo_auth.c $(authdir)/sudo_auth.h \ + $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_rand.h \ + $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/ins_2001.h \ + $(srcdir)/ins_classic.h $(srcdir)/ins_csops.h \ + $(srcdir)/ins_goons.h $(srcdir)/ins_python.h $(srcdir)/insults.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< sudo_auth.plog: sudo_auth.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(authdir)/sudo_auth.c --i-file $< --output-file $@ @@ -2385,22 +2358,22 @@ $(incdir)/compat/getaddrinfo.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/auth/sudo_auth.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/sudoers.c sudoers.i: $(srcdir)/sudoers.c $(devdir)/def_data.h \ $(incdir)/compat/getaddrinfo.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/auth/sudo_auth.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< sudoers.plog: sudoers.i @@ -2431,18 +2404,18 @@ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/iolog.h \ - $(srcdir)/iolog_files.h $(srcdir)/logging.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/logging.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/sudoreplay.c sudoreplay.i: $(srcdir)/sudoreplay.c $(incdir)/compat/getopt.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/iolog.h \ - $(srcdir)/iolog_files.h $(srcdir)/logging.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/logging.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< sudoreplay.plog: sudoreplay.i diff -Nru sudo-1.8.31/plugins/sudoers/match_addr.c sudo-1.9.0/plugins/sudoers/match_addr.c --- sudo-1.8.31/plugins/sudoers/match_addr.c 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/match_addr.c 2020-05-11 16:28:23.000000000 +0000 @@ -58,7 +58,7 @@ unsigned int j; #endif unsigned int family; - debug_decl(addr_matches_if, SUDOERS_DEBUG_MATCH) + debug_decl(addr_matches_if, SUDOERS_DEBUG_MATCH); #ifdef HAVE_STRUCT_IN6_ADDR if (inet_pton(AF_INET6, n, &addr.ip6) == 1) { @@ -111,7 +111,7 @@ #endif unsigned int family; const char *errstr; - debug_decl(addr_matches_if, SUDOERS_DEBUG_MATCH) + debug_decl(addr_matches_if, SUDOERS_DEBUG_MATCH); #ifdef HAVE_STRUCT_IN6_ADDR if (inet_pton(AF_INET6, n, &addr.ip6) == 1) @@ -197,7 +197,7 @@ { char *m; bool rc; - debug_decl(addr_matches, SUDOERS_DEBUG_MATCH) + debug_decl(addr_matches, SUDOERS_DEBUG_MATCH); /* If there's an explicit netmask, use it. */ if ((m = strchr(n, '/'))) { diff -Nru sudo-1.8.31/plugins/sudoers/match.c sudo-1.9.0/plugins/sudoers/match.c --- sudo-1.8.31/plugins/sudoers/match.c 2019-12-04 19:41:47.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/match.c 2020-05-11 16:28:23.000000000 +0000 @@ -76,7 +76,7 @@ const char *shost = parse_tree->shost ? parse_tree->shost : user_srunhost; int matched = UNSPEC; struct alias *a; - debug_decl(user_matches, SUDOERS_DEBUG_MATCH) + debug_decl(user_matches, SUDOERS_DEBUG_MATCH); switch (m->type) { case ALL: @@ -120,7 +120,7 @@ { struct member *m; int matched = UNSPEC; - debug_decl(userlist_matches, SUDOERS_DEBUG_MATCH) + debug_decl(userlist_matches, SUDOERS_DEBUG_MATCH); TAILQ_FOREACH_REVERSE(m, list, member_list, entries) { if ((matched = user_matches(parse_tree, pw, m)) != UNSPEC) @@ -133,7 +133,7 @@ runas_getgroups(void) { const struct passwd *pw; - debug_decl(runas_getgroups, SUDOERS_DEBUG_MATCH) + debug_decl(runas_getgroups, SUDOERS_DEBUG_MATCH); if (def_preserve_groups) { sudo_gidlist_addref(user_gid_list); @@ -162,7 +162,7 @@ struct member *m; struct alias *a; int rc; - debug_decl(runaslist_matches, SUDOERS_DEBUG_MATCH) + debug_decl(runaslist_matches, SUDOERS_DEBUG_MATCH); if (ISSET(sudo_user.flags, RUNAS_USER_SPECIFIED) || !ISSET(sudo_user.flags, RUNAS_GROUP_SPECIFIED)) { /* If no runas user or runas group listed in sudoers, use default. */ @@ -295,7 +295,7 @@ { struct member *m; int matched = UNSPEC; - debug_decl(hostlist_matches, SUDOERS_DEBUG_MATCH) + debug_decl(hostlist_matches, SUDOERS_DEBUG_MATCH); TAILQ_FOREACH_REVERSE(m, list, member_list, entries) { matched = host_matches(parse_tree, pw, lhost, shost, m); @@ -329,7 +329,7 @@ { struct alias *a; int matched = UNSPEC; - debug_decl(host_matches, SUDOERS_DEBUG_MATCH) + debug_decl(host_matches, SUDOERS_DEBUG_MATCH); switch (m->type) { case ALL: @@ -374,7 +374,7 @@ { struct member *m; int matched = UNSPEC; - debug_decl(cmndlist_matches, SUDOERS_DEBUG_MATCH) + debug_decl(cmndlist_matches, SUDOERS_DEBUG_MATCH); TAILQ_FOREACH_REVERSE(m, list, member_list, entries) { matched = cmnd_matches(parse_tree, m); @@ -394,11 +394,19 @@ struct alias *a; struct sudo_command *c; int rc, matched = UNSPEC; - debug_decl(cmnd_matches, SUDOERS_DEBUG_MATCH) + debug_decl(cmnd_matches, SUDOERS_DEBUG_MATCH); switch (m->type) { case ALL: - matched = !m->negated; + if (m->name == NULL) { + matched = !m->negated; + break; + } + /* FALLTHROUGH */ + case COMMAND: + c = (struct sudo_command *)m->name; + if (command_matches(c->cmnd, c->args, &c->digests)) + matched = !m->negated; break; case ALIAS: a = alias_get(parse_tree, m->name, CMNDALIAS); @@ -409,11 +417,6 @@ alias_put(a); } break; - case COMMAND: - c = (struct sudo_command *)m->name; - if (command_matches(c->cmnd, c->args, c->digest)) - matched = !m->negated; - break; } debug_return_int(matched); } @@ -426,7 +429,7 @@ { const char *host; bool rc; - debug_decl(hostname_matches, SUDOERS_DEBUG_MATCH) + debug_decl(hostname_matches, SUDOERS_DEBUG_MATCH); host = strchr(pattern, '.') != NULL ? lhost : shost; if (has_meta(pattern)) { @@ -450,7 +453,7 @@ const char *errstr; uid_t uid; bool rc; - debug_decl(userpw_matches, SUDOERS_DEBUG_MATCH) + debug_decl(userpw_matches, SUDOERS_DEBUG_MATCH); if (pw != NULL && *sudoers_user == '#') { uid = (uid_t) sudo_strtoid(sudoers_user + 1, &errstr); @@ -480,7 +483,7 @@ const char *errstr; gid_t gid; bool rc; - debug_decl(group_matches, SUDOERS_DEBUG_MATCH) + debug_decl(group_matches, SUDOERS_DEBUG_MATCH); if (*sudoers_group == '#') { gid = (gid_t) sudo_strtoid(sudoers_group + 1, &errstr); @@ -509,7 +512,7 @@ { bool matched = false; struct passwd *pw0 = NULL; - debug_decl(usergr_matches, SUDOERS_DEBUG_MATCH) + debug_decl(usergr_matches, SUDOERS_DEBUG_MATCH); /* Make sure we have a valid usergroup, sudo style */ if (*group++ != '%') { @@ -566,7 +569,7 @@ valid_domain(const char *domain) { const char *cp; - debug_decl(valid_domain, SUDOERS_DEBUG_MATCH) + debug_decl(valid_domain, SUDOERS_DEBUG_MATCH); for (cp = domain; *cp != '\0'; cp++) { /* Check for illegal characters, Linux may use "(none)". */ @@ -586,7 +589,7 @@ { static char *domain; static bool initialized; - debug_decl(sudo_getdomainname, SUDOERS_DEBUG_MATCH) + debug_decl(sudo_getdomainname, SUDOERS_DEBUG_MATCH); if (!initialized) { size_t host_name_max; @@ -624,7 +627,7 @@ const char * sudo_getdomainname(void) { - debug_decl(sudo_getdomainname, SUDOERS_DEBUG_MATCH) + debug_decl(sudo_getdomainname, SUDOERS_DEBUG_MATCH); debug_return_ptr(NULL); } #endif /* HAVE_GETDOMAINNAME || SI_SRPC_DOMAIN */ @@ -641,7 +644,7 @@ const char *domain; #endif bool rc = false; - debug_decl(netgr_matches, SUDOERS_DEBUG_MATCH) + debug_decl(netgr_matches, SUDOERS_DEBUG_MATCH); if (!def_use_netgroups) { sudo_debug_printf(SUDO_DEBUG_INFO, "netgroups are disabled"); diff -Nru sudo-1.8.31/plugins/sudoers/match_command.c sudo-1.9.0/plugins/sudoers/match_command.c --- sudo-1.8.31/plugins/sudoers/match_command.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/match_command.c 2020-05-11 16:28:23.000000000 +0000 @@ -65,7 +65,7 @@ command_args_match(const char *sudoers_cmnd, const char *sudoers_args) { int flags = 0; - debug_decl(command_args_match, SUDOERS_DEBUG_MATCH) + debug_decl(command_args_match, SUDOERS_DEBUG_MATCH); /* * If no args specified in sudoers, any user args are allowed. @@ -93,7 +93,7 @@ static bool do_stat(int fd, const char *path, struct stat *sb) { - debug_decl(do_stat, SUDOERS_DEBUG_MATCH) + debug_decl(do_stat, SUDOERS_DEBUG_MATCH); if (fd != -1) debug_return_bool(fstat(fd, sb) == 0); @@ -108,7 +108,7 @@ { bool ret = false; char magic[2]; - debug_decl(is_script, SUDOERS_DEBUG_MATCH) + debug_decl(is_script, SUDOERS_DEBUG_MATCH); if (read(fd, magic, 2) == 2) { if (magic[0] == '#' && magic[1] == '!') @@ -126,18 +126,18 @@ * Returns false on error, else true. */ static bool -open_cmnd(const char *path, const struct command_digest *digest, int *fdp) +open_cmnd(const char *path, const struct command_digest_list *digests, int *fdp) { int fd = -1; - debug_decl(open_cmnd, SUDOERS_DEBUG_MATCH) + debug_decl(open_cmnd, SUDOERS_DEBUG_MATCH); /* Only open the file for fdexec or for digest matching. */ - if (def_fdexec != always && digest == NULL) + if (def_fdexec != always && TAILQ_EMPTY(digests)) debug_return_bool(true); fd = open(path, O_RDONLY|O_NONBLOCK); # ifdef O_EXEC - if (fd == -1 && errno == EACCES && digest == NULL) { + if (fd == -1 && errno == EACCES && TAILQ_EMPTY(digests)) { /* Try again with O_EXEC if no digest is specified. */ const int saved_errno = errno; if ((fd = open(path, O_EXEC)) == -1) @@ -155,7 +155,7 @@ static void set_cmnd_fd(int fd) { - debug_decl(set_cmnd_fd, SUDOERS_DEBUG_MATCH) + debug_decl(set_cmnd_fd, SUDOERS_DEBUG_MATCH); if (cmnd_fd != -1) close(cmnd_fd); @@ -197,14 +197,14 @@ */ static bool command_matches_dir(const char *sudoers_dir, size_t dlen, - const struct command_digest *digest) + const struct command_digest_list *digests) { struct stat sudoers_stat; struct dirent *dent; char buf[PATH_MAX]; int fd = -1; DIR *dirp; - debug_decl(command_matches_dir, SUDOERS_DEBUG_MATCH) + debug_decl(command_matches_dir, SUDOERS_DEBUG_MATCH); /* * Grot through directory entries, looking for user_base. @@ -233,7 +233,7 @@ continue; /* Open the file for fdexec or for digest matching. */ - if (!open_cmnd(buf, digest, &fd)) + if (!open_cmnd(buf, digests, &fd)) continue; if (!do_stat(fd, buf, &sudoers_stat)) continue; @@ -241,7 +241,7 @@ if (user_stat == NULL || (user_stat->st_dev == sudoers_stat.st_dev && user_stat->st_ino == sudoers_stat.st_ino)) { - if (digest != NULL && !digest_matches(fd, buf, digest)) + if (!digest_matches(fd, buf, digests)) continue; free(safe_cmnd); if ((safe_cmnd = strdup(buf)) == NULL) { @@ -264,12 +264,42 @@ } static bool +command_matches_all(const struct command_digest_list *digests) +{ + struct stat sb; /* XXX - unused */ + int fd = -1; + debug_decl(command_matches_all, SUDOERS_DEBUG_MATCH); + + if (user_cmnd[0] == '/') { + /* Open the file for fdexec or for digest matching. */ + if (!open_cmnd(user_cmnd, digests, &fd)) + goto bad; + if (!do_stat(fd, user_cmnd, &sb)) + goto bad; + } + + /* Check digest of user_cmnd since we have no sudoers_cmnd for ALL. */ + if (!digest_matches(fd, user_cmnd, digests)) + goto bad; + set_cmnd_fd(fd); + + /* No need to set safe_cmnd for ALL. */ + debug_return_bool(true); +bad: + if (fd != -1) { + close(fd); + fd = -1; + } + debug_return_bool(false); +} + +static bool command_matches_fnmatch(const char *sudoers_cmnd, const char *sudoers_args, - const struct command_digest *digest) + const struct command_digest_list *digests) { struct stat sb; /* XXX - unused */ int fd = -1; - debug_decl(command_matches_fnmatch, SUDOERS_DEBUG_MATCH) + debug_decl(command_matches_fnmatch, SUDOERS_DEBUG_MATCH); /* * Return true if fnmatch(3) succeeds AND @@ -282,12 +312,12 @@ debug_return_bool(false); if (command_args_match(sudoers_cmnd, sudoers_args)) { /* Open the file for fdexec or for digest matching. */ - if (!open_cmnd(user_cmnd, digest, &fd)) + if (!open_cmnd(user_cmnd, digests, &fd)) goto bad; if (!do_stat(fd, user_cmnd, &sb)) goto bad; /* Check digest of user_cmnd since sudoers_cmnd is a pattern. */ - if (digest != NULL && !digest_matches(fd, user_cmnd, digest)) + if (!digest_matches(fd, user_cmnd, digests)) goto bad; set_cmnd_fd(fd); @@ -305,7 +335,7 @@ static bool command_matches_glob(const char *sudoers_cmnd, const char *sudoers_args, - const struct command_digest *digest) + const struct command_digest_list *digests) { struct stat sudoers_stat; bool bad_digest = false; @@ -313,7 +343,7 @@ int fd = -1; size_t dlen; glob_t gl; - debug_decl(command_matches_glob, SUDOERS_DEBUG_MATCH) + debug_decl(command_matches_glob, SUDOERS_DEBUG_MATCH); /* * First check to see if we can avoid the call to glob(3). @@ -349,7 +379,7 @@ if (strcmp(cp, user_cmnd) != 0) continue; /* Open the file for fdexec or for digest matching. */ - if (!open_cmnd(cp, digest, &fd)) + if (!open_cmnd(cp, digests, &fd)) continue; if (!do_stat(fd, cp, &sudoers_stat)) continue; @@ -357,7 +387,7 @@ (user_stat->st_dev == sudoers_stat.st_dev && user_stat->st_ino == sudoers_stat.st_ino)) { /* There could be multiple matches, check digest early. */ - if (digest != NULL && !digest_matches(fd, cp, digest)) { + if (!digest_matches(fd, cp, digests)) { bad_digest = true; continue; } @@ -385,7 +415,7 @@ /* If it ends in '/' it is a directory spec. */ dlen = strlen(cp); if (cp[dlen - 1] == '/') { - if (command_matches_dir(cp, dlen, digest)) + if (command_matches_dir(cp, dlen, digests)) debug_return_bool(true); continue; } @@ -399,14 +429,14 @@ continue; /* Open the file for fdexec or for digest matching. */ - if (!open_cmnd(cp, digest, &fd)) + if (!open_cmnd(cp, digests, &fd)) continue; if (!do_stat(fd, cp, &sudoers_stat)) continue; if (user_stat == NULL || (user_stat->st_dev == sudoers_stat.st_dev && user_stat->st_ino == sudoers_stat.st_ino)) { - if (digest != NULL && !digest_matches(fd, cp, digest)) + if (!digest_matches(fd, cp, digests)) continue; free(safe_cmnd); if ((safe_cmnd = strdup(cp)) == NULL) { @@ -433,18 +463,18 @@ } static bool -command_matches_normal(const char *sudoers_cmnd, const char *sudoers_args, const struct command_digest *digest) +command_matches_normal(const char *sudoers_cmnd, const char *sudoers_args, const struct command_digest_list *digests) { struct stat sudoers_stat; const char *base; size_t dlen; int fd = -1; - debug_decl(command_matches_normal, SUDOERS_DEBUG_MATCH) + debug_decl(command_matches_normal, SUDOERS_DEBUG_MATCH); /* If it ends in '/' it is a directory spec. */ dlen = strlen(sudoers_cmnd); if (sudoers_cmnd[dlen - 1] == '/') - debug_return_bool(command_matches_dir(sudoers_cmnd, dlen, digest)); + debug_return_bool(command_matches_dir(sudoers_cmnd, dlen, digests)); /* Only proceed if user_base and basename(sudoers_cmnd) match */ if ((base = strrchr(sudoers_cmnd, '/')) == NULL) @@ -455,7 +485,7 @@ debug_return_bool(false); /* Open the file for fdexec or for digest matching. */ - if (!open_cmnd(sudoers_cmnd, digest, &fd)) + if (!open_cmnd(sudoers_cmnd, digests, &fd)) goto bad; /* @@ -476,7 +506,7 @@ } if (!command_args_match(sudoers_cmnd, sudoers_args)) goto bad; - if (digest != NULL && !digest_matches(fd, sudoers_cmnd, digest)) { + if (!digest_matches(fd, sudoers_cmnd, digests)) { /* XXX - log functions not available but we should log very loudly */ goto bad; } @@ -498,10 +528,15 @@ * otherwise, return true if user_cmnd names one of the inodes in path. */ bool -command_matches(const char *sudoers_cmnd, const char *sudoers_args, const struct command_digest *digest) +command_matches(const char *sudoers_cmnd, const char *sudoers_args, const struct command_digest_list *digests) { bool rc = false; - debug_decl(command_matches, SUDOERS_DEBUG_MATCH) + debug_decl(command_matches, SUDOERS_DEBUG_MATCH); + + if (sudoers_cmnd == NULL) { + rc = command_matches_all(digests); + goto done; + } /* Check for pseudo-commands */ if (sudoers_cmnd[0] != '/') { @@ -526,11 +561,11 @@ * use glob(3) and/or fnmatch(3) to do the matching. */ if (def_fast_glob) - rc = command_matches_fnmatch(sudoers_cmnd, sudoers_args, digest); + rc = command_matches_fnmatch(sudoers_cmnd, sudoers_args, digests); else - rc = command_matches_glob(sudoers_cmnd, sudoers_args, digest); + rc = command_matches_glob(sudoers_cmnd, sudoers_args, digests); } else { - rc = command_matches_normal(sudoers_cmnd, sudoers_args, digest); + rc = command_matches_normal(sudoers_cmnd, sudoers_args, digests); } done: sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, diff -Nru sudo-1.8.31/plugins/sudoers/match_digest.c sudo-1.9.0/plugins/sudoers/match_digest.c --- sudo-1.8.31/plugins/sudoers/match_digest.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/match_digest.c 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1996, 1998-2005, 2007-2019 + * Copyright (c) 1996, 1998-2005, 2007-2020 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -41,61 +41,81 @@ #include #include "sudoers.h" +#include "sudo_digest.h" #include bool -digest_matches(int fd, const char *file, const struct command_digest *digest) +digest_matches(int fd, const char *file, const struct command_digest_list *digests) { + unsigned int digest_type = SUDO_DIGEST_INVALID; unsigned char *file_digest = NULL; unsigned char *sudoers_digest = NULL; + struct command_digest *digest; + size_t digest_len = (size_t)-1; bool matched = false; - size_t digest_len; - debug_decl(digest_matches, SUDOERS_DEBUG_MATCH) + debug_decl(digest_matches, SUDOERS_DEBUG_MATCH); - if (fd == -1) - goto done; - - file_digest = sudo_filedigest(fd, file, digest->digest_type, &digest_len); - if (lseek(fd, (off_t)0, SEEK_SET) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO, - "unable to rewind digest fd"); - } - if (file_digest == NULL) { - /* Warning (if any) printed by sudo_filedigest() */ - goto done; + if (TAILQ_EMPTY(digests)) { + /* No digest, no problem. */ + debug_return_bool(true); } - /* Convert the command digest from ascii to binary. */ - if ((sudoers_digest = malloc(digest_len)) == NULL) { - sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + if (fd == -1) { + /* No file, no match. */ goto done; } - if (strlen(digest->digest_str) == digest_len * 2) { - /* Convert ascii hex to binary. */ - unsigned int i; - for (i = 0; i < digest_len; i++) { - const int h = hexchar(&digest->digest_str[i + i]); - if (h == -1) + + TAILQ_FOREACH(digest, digests, entries) { + /* Compute file digest if needed. */ + if (digest->digest_type != digest_type) { + free(file_digest); + file_digest = sudo_filedigest(fd, file, digest->digest_type, + &digest_len); + if (lseek(fd, (off_t)0, SEEK_SET) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO, + "unable to rewind digest fd"); + } + digest_type = digest->digest_type; + } + if (file_digest == NULL) { + /* Warning (if any) printed by sudo_filedigest() */ + goto done; + } + + /* Convert the command digest from ascii to binary. */ + if ((sudoers_digest = malloc(digest_len)) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + goto done; + } + if (strlen(digest->digest_str) == digest_len * 2) { + /* Convert ascii hex to binary. */ + unsigned int i; + for (i = 0; i < digest_len; i++) { + const int h = hexchar(&digest->digest_str[i + i]); + if (h == -1) + goto bad_format; + sudoers_digest[i] = (unsigned char)h; + } + } else { + /* Convert base64 to binary. */ + size_t len = base64_decode(digest->digest_str, sudoers_digest, digest_len); + if (len != digest_len) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "incorrect length for digest, expected %zu, got %zu", + digest_len, len); goto bad_format; - sudoers_digest[i] = (unsigned char)h; + } } - } else { - /* Convert base64 to binary. */ - size_t len = base64_decode(digest->digest_str, sudoers_digest, digest_len); - if (len != digest_len) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "incorrect length for digest, expected %zu, got %zu", - digest_len, len); - goto bad_format; + if (memcmp(file_digest, sudoers_digest, digest_len) == 0) { + matched = true; + break; } - } - if (memcmp(file_digest, sudoers_digest, digest_len) == 0) { - matched = true; - } else { sudo_debug_printf(SUDO_DEBUG_DIAG|SUDO_DEBUG_LINENO, "%s digest mismatch for %s, expecting %s", digest_type_to_name(digest->digest_type), file, digest->digest_str); + free(sudoers_digest); + sudoers_digest = NULL; } goto done; diff -Nru sudo-1.8.31/plugins/sudoers/mkdir_parents.c sudo-1.9.0/plugins/sudoers/mkdir_parents.c --- sudo-1.8.31/plugins/sudoers/mkdir_parents.c 2019-10-28 12:27:46.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/mkdir_parents.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,95 +0,0 @@ -/* - * SPDX-License-Identifier: ISC - * - * Copyright (c) 2009-2017 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * This is an open source non-commercial project. Dear PVS-Studio, please check it. - * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com - */ - -#include - -#include -#include -#include -#include -#ifdef HAVE_STRING_H -# include -#endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -# include -#endif /* HAVE_STRINGS_H */ -#include -#include -#include -#include - -#include "sudoers.h" - -/* - * Create any parent directories needed by path (but not path itself). - * Note that path is modified but is restored before it returns. - */ -bool -sudo_mkdir_parents(char *path, uid_t uid, gid_t gid, mode_t mode, bool quiet) -{ - struct stat sb; - char *slash = path; - debug_decl(sudo_mkdir_parents, SUDOERS_DEBUG_UTIL) - - /* cppcheck-suppress nullPointerRedundantCheck */ - while ((slash = strchr(slash + 1, '/')) != NULL) { - *slash = '\0'; - sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, - "mkdir %s, mode 0%o, uid %d, gid %d", path, (unsigned int)mode, - (int)uid, (int)gid); - if (mkdir(path, mode) == 0) { - if (uid != (uid_t)-1 && gid != (gid_t)-1) { - if (chown(path, uid, gid) != 0) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to chown %d:%d %s", __func__, - (int)uid, (int)gid, path); - } - } - } else { - if (errno != EEXIST) { - if (!quiet) - sudo_warn(U_("unable to mkdir %s"), path); - goto bad; - } - /* Already exists, make sure it is a directory. */ - if (stat(path, &sb) != 0) { - if (!quiet) - sudo_warn(U_("unable to stat %s"), path); - goto bad; - } - if (!S_ISDIR(sb.st_mode)) { - if (!quiet) - sudo_warnx(U_("%s exists but is not a directory (0%o)"), - path, (unsigned int) sb.st_mode); - goto bad; - } - } - *slash = '/'; - } - - debug_return_bool(true); -bad: - /* We must restore the path before we return. */ - *slash = '/'; - debug_return_bool(false); -} diff -Nru sudo-1.8.31/plugins/sudoers/parse.c sudo-1.9.0/plugins/sudoers/parse.c --- sudo-1.8.31/plugins/sudoers/parse.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/parse.c 2020-05-11 16:28:23.000000000 +0000 @@ -59,7 +59,7 @@ struct defaults *def; int nopass; enum def_tuple pwcheck; - debug_decl(sudoers_lookup_pseudo, SUDOERS_DEBUG_PARSER) + debug_decl(sudoers_lookup_pseudo, SUDOERS_DEBUG_PARSER); pwcheck = (pwflag == -1) ? never : sudo_defs_table[pwflag].sd_un.tuple; nopass = (pwcheck == never || pwcheck == all) ? true : false; @@ -128,7 +128,7 @@ struct privilege *priv; struct userspec *us; struct member *matching_user; - debug_decl(sudoers_lookup_check, SUDOERS_DEBUG_PARSER) + debug_decl(sudoers_lookup_check, SUDOERS_DEBUG_PARSER); TAILQ_FOREACH_REVERSE(us, &nss->parse_tree->userspecs, userspec_list, entries) { if (userlist_matches(nss->parse_tree, pw, &us->users) != ALLOW) @@ -187,7 +187,7 @@ static bool apply_cmndspec(struct cmndspec *cs) { - debug_decl(apply_cmndspec, SUDOERS_DEBUG_PARSER) + debug_decl(apply_cmndspec, SUDOERS_DEBUG_PARSER); if (cs != NULL) { #ifdef HAVE_SELINUX @@ -286,7 +286,7 @@ struct sudo_nss *nss; int m, match = UNSPEC; time_t now; - debug_decl(sudoers_lookup, SUDOERS_DEBUG_PARSER) + debug_decl(sudoers_lookup, SUDOERS_DEBUG_PARSER); /* * Special case checking the "validate", "list" and "kill" pseudo-commands. @@ -337,7 +337,7 @@ { struct privilege *priv; int nfound = 0; - debug_decl(display_priv_short, SUDOERS_DEBUG_PARSER) + debug_decl(display_priv_short, SUDOERS_DEBUG_PARSER); TAILQ_FOREACH(priv, &us->privileges, entries) { struct cmndspec *cs, *prev_cs = NULL; @@ -397,7 +397,7 @@ static bool new_long_entry(struct cmndspec *cs, struct cmndspec *prev_cs) { - debug_decl(new_long_entry, SUDOERS_DEBUG_PARSER) + debug_decl(new_long_entry, SUDOERS_DEBUG_PARSER); if (prev_cs == NULL) debug_return_bool(true); @@ -430,7 +430,7 @@ { struct privilege *priv; int nfound = 0; - debug_decl(display_priv_long, SUDOERS_DEBUG_PARSER) + debug_decl(display_priv_long, SUDOERS_DEBUG_PARSER); TAILQ_FOREACH(priv, &us->privileges, entries) { struct cmndspec *cs, *prev_cs; @@ -545,7 +545,7 @@ { struct userspec *us; int nfound = 0; - debug_decl(sudo_display_userspecs, SUDOERS_DEBUG_PARSER) + debug_decl(sudo_display_userspecs, SUDOERS_DEBUG_PARSER); TAILQ_FOREACH(us, &parse_tree->userspecs, entries) { if (userlist_matches(parse_tree, pw, &us->users) != ALLOW) @@ -571,7 +571,7 @@ struct defaults *d; char *prefix; int nfound = 0; - debug_decl(display_defaults, SUDOERS_DEBUG_PARSER) + debug_decl(display_defaults, SUDOERS_DEBUG_PARSER); if (lbuf->len == 0 || isspace((unsigned char)lbuf->buf[lbuf->len - 1])) prefix = " "; @@ -614,7 +614,7 @@ struct member *m; char *dsep; int atype, nfound = 0; - debug_decl(display_bound_defaults_by_type, SUDOERS_DEBUG_PARSER) + debug_decl(display_bound_defaults_by_type, SUDOERS_DEBUG_PARSER); switch (deftype) { case DEFAULTS_HOST: @@ -670,7 +670,7 @@ struct passwd *pw, struct sudo_lbuf *lbuf) { int nfound = 0; - debug_decl(display_bound_defaults, SUDOERS_DEBUG_PARSER) + debug_decl(display_bound_defaults, SUDOERS_DEBUG_PARSER); /* XXX - should only print ones that match what the user can do. */ nfound += display_bound_defaults_by_type(parse_tree, DEFAULTS_RUNAS, lbuf); @@ -686,7 +686,7 @@ { struct sudo_conv_message msg; struct sudo_conv_reply repl; - debug_decl(output, SUDOERS_DEBUG_NSS) + debug_decl(output, SUDOERS_DEBUG_NSS); /* Call conversation function */ memset(&msg, 0, sizeof(msg)); @@ -709,7 +709,7 @@ struct sudo_lbuf def_buf, priv_buf; struct stat sb; int cols, count, olen, n; - debug_decl(display_privs, SUDOERS_DEBUG_PARSER) + debug_decl(display_privs, SUDOERS_DEBUG_PARSER); cols = sudo_user.cols; if (fstat(STDOUT_FILENO, &sb) == 0 && S_ISFIFO(sb.st_mode)) @@ -796,7 +796,7 @@ struct cmndspec *cs; struct privilege *priv; struct userspec *us; - debug_decl(display_cmnd_check, SUDOERS_DEBUG_PARSER) + debug_decl(display_cmnd_check, SUDOERS_DEBUG_PARSER); TAILQ_FOREACH_REVERSE(us, &parse_tree->userspecs, userspec_list, entries) { if (userlist_matches(parse_tree, pw, &us->users) != ALLOW) @@ -839,7 +839,7 @@ int m, match = UNSPEC; int ret = false; time_t now; - debug_decl(display_cmnd, SUDOERS_DEBUG_PARSER) + debug_decl(display_cmnd, SUDOERS_DEBUG_PARSER); /* Iterate over each source, checking for the command. */ time(&now); diff -Nru sudo-1.8.31/plugins/sudoers/parse.h sudo-1.9.0/plugins/sudoers/parse.h --- sudo-1.8.31/plugins/sudoers/parse.h 2019-12-04 19:41:47.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/parse.h 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1996, 1998-2000, 2004, 2007-2018 + * Copyright (c) 1996, 1998-2000, 2004, 2007-2020 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -105,21 +105,12 @@ (cs1)->runasgrouplist != (cs2)->runasgrouplist) struct command_digest { + TAILQ_ENTRY(command_digest) entries; unsigned int digest_type; char *digest_str; }; /* - * A command with option args and digest. - * XXX - merge into struct member - */ -struct sudo_command { - char *cmnd; - char *args; - struct command_digest *digest; -}; - -/* * Tags associated with a command. * Possible values: true, false, IMPLIED, UNSPEC. */ @@ -156,7 +147,7 @@ * the data structure used is a doubly-linked tail queue. While sudoers * is being parsed, a headless tail queue is used where the first entry * acts as the head and the prev pointer does double duty as the tail pointer. - * This makes it possible to trivally append sub-lists. In addition, the prev + * This makes it possible to trivially append sub-lists. In addition, the prev * pointer is always valid (even if it points to itself). Unlike a circle * queue, the next pointer of the last entry is NULL and does not point back * to the head. When the tail queue is finalized, it is converted to a @@ -164,13 +155,14 @@ */ /* - * Tail queue list head structure. + * Tail queue list head structures. */ TAILQ_HEAD(defaults_list, defaults); TAILQ_HEAD(userspec_list, userspec); TAILQ_HEAD(member_list, member); TAILQ_HEAD(privilege_list, privilege); TAILQ_HEAD(cmndspec_list, cmndspec); +TAILQ_HEAD(command_digest_list, command_digest); STAILQ_HEAD(comment_list, sudoers_comment); /* @@ -197,8 +189,18 @@ }; /* + * A command with option args and digest. + * XXX - merge into struct member + */ +struct sudo_command { + char *cmnd; + char *args; + struct command_digest_list digests; +}; + +/* * Structure describing a linked list of Cmnd_Specs. - * XXX - include struct command_options instad of its contents inline + * XXX - include struct command_options instead of its contents inline */ struct cmndspec { TAILQ_ENTRY(cmndspec) entries; @@ -306,10 +308,10 @@ bool addr_matches(char *n); /* match_command.c */ -bool command_matches(const char *sudoers_cmnd, const char *sudoers_args, const struct command_digest *digest); +bool command_matches(const char *sudoers_cmnd, const char *sudoers_args, const struct command_digest_list *digests); /* match_digest.c */ -bool digest_matches(int fd, const char *file, const struct command_digest *digest); +bool digest_matches(int fd, const char *file, const struct command_digest_list *digests); /* match.c */ struct group; diff -Nru sudo-1.8.31/plugins/sudoers/parse_ldif.c sudo-1.9.0/plugins/sudoers/parse_ldif.c --- sudo-1.8.31/plugins/sudoers/parse_ldif.c 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/parse_ldif.c 2020-05-11 16:28:23.000000000 +0000 @@ -58,7 +58,7 @@ static void sudo_role_free(struct sudo_role *role) { - debug_decl(sudo_role_free, SUDOERS_DEBUG_UTIL) + debug_decl(sudo_role_free, SUDOERS_DEBUG_UTIL); if (role != NULL) { free(role->cn); @@ -80,7 +80,7 @@ sudo_role_alloc(void) { struct sudo_role *role; - debug_decl(sudo_role_alloc, SUDOERS_DEBUG_UTIL) + debug_decl(sudo_role_alloc, SUDOERS_DEBUG_UTIL); role = calloc(1, sizeof(*role)); if (role != NULL) { @@ -112,7 +112,7 @@ bool encoded = false; char *attr, *cp, *ep, *colon; size_t len; - debug_decl(ldif_parse_attribute, SUDOERS_DEBUG_UTIL) + debug_decl(ldif_parse_attribute, SUDOERS_DEBUG_UTIL); /* Parse attribute name: [a-zA-Z][a-zA-Z0-9-]*: */ if (!isalpha((unsigned char)*line)) @@ -180,7 +180,7 @@ ldif_store_string(const char *str, struct sudoers_str_list *strlist, bool sorted) { struct sudoers_string *ls; - debug_decl(ldif_store_string, SUDOERS_DEBUG_UTIL) + debug_decl(ldif_store_string, SUDOERS_DEBUG_UTIL); if ((ls = sudoers_string_alloc(str)) == NULL) { sudo_fatalx(U_("%s: %s"), __func__, @@ -231,7 +231,7 @@ { const struct sudo_role *a = *(const struct sudo_role **)va; const struct sudo_role *b = *(const struct sudo_role **)vb; - debug_decl(role_order_cmp, SUDOERS_DEBUG_LDAP) + debug_decl(role_order_cmp, SUDOERS_DEBUG_LDAP); debug_return_int(a->order < b->order ? -1 : (a->order > b->order ? 1 : 0)); @@ -247,7 +247,7 @@ struct defaults *d; struct sudoers_string *ls; char *var, *val; - debug_decl(ldif_store_options, SUDOERS_DEBUG_UTIL) + debug_decl(ldif_store_options, SUDOERS_DEBUG_UTIL); STAILQ_FOREACH(ls, options, entries) { if ((d = calloc(1, sizeof(*d))) == NULL || @@ -297,7 +297,7 @@ struct sudoers_str_list *strlist = *strlistp; struct rbnode *node; int ret; - debug_decl(str_list_cache, SUDOERS_DEBUG_UTIL) + debug_decl(str_list_cache, SUDOERS_DEBUG_UTIL); ret = rbinsert(cache, strlist, &node); switch (ret) { @@ -328,7 +328,7 @@ struct sudoers_string *ls; struct userspec *us; struct member *m; - debug_decl(role_to_sudoers, SUDOERS_DEBUG_UTIL) + debug_decl(role_to_sudoers, SUDOERS_DEBUG_UTIL); /* * TODO: use cn to create a UserAlias if multiple users in it? @@ -355,19 +355,32 @@ U_("unable to allocate memory")); } m->negated = sudo_ldap_is_negated(&user); - m->name = strdup(user); - if (m->name == NULL) { - sudo_fatalx(U_("%s: %s"), __func__, - U_("unable to allocate memory")); - } - if (strcmp(user, "ALL") == 0) { - m->type = ALL; - } else if (*user == '+') { + switch (*user) { + case '\0': + /* Empty RunAsUser means run as the invoking user. */ + m->type = MYSELF; + break; + case '+': m->type = NETGROUP; - } else if (*user == '%') { + break; + case '%': m->type = USERGROUP; - } else { + break; + case 'A': + if (strcmp(user, "ALL") == 0) { + m->type = ALL; + break; + } + /* FALLTHROUGH */ + default: m->type = WORD; + break; + } + if (m->type != ALL && m->type != MYSELF) { + if ((m->name = strdup(user)) == NULL) { + sudo_fatalx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); + } } TAILQ_INSERT_TAIL(&us->users, m, entries); } @@ -465,7 +478,7 @@ { struct sudo_role **role_array, *role = NULL; unsigned int n; - debug_decl(ldif_to_sudoers, SUDOERS_DEBUG_UTIL) + debug_decl(ldif_to_sudoers, SUDOERS_DEBUG_UTIL); /* Convert from list of roles to array and sort by order. */ role_array = reallocarray(NULL, numroles + 1, sizeof(*role_array)); @@ -531,7 +544,7 @@ { char *dst, *new_cn; size_t len; - debug_decl(unquote_cn, SUDOERS_DEBUG_UTIL) + debug_decl(unquote_cn, SUDOERS_DEBUG_UTIL); len = strlen(src); if ((new_cn = malloc(len + 1)) == NULL) @@ -566,7 +579,7 @@ ssize_t savedlen = 0; bool mismatch = false; int errors = 0; - debug_decl(sudoers_parse_ldif, SUDOERS_DEBUG_UTIL) + debug_decl(sudoers_parse_ldif, SUDOERS_DEBUG_UTIL); /* Free old contents of the parse tree (if any). */ free_parse_tree(parse_tree); Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/plugins/sudoers/po/ca.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/plugins/sudoers/po/ca.mo differ diff -Nru sudo-1.8.31/plugins/sudoers/po/ca.po sudo-1.9.0/plugins/sudoers/po/ca.po --- sudo-1.8.31/plugins/sudoers/po/ca.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/po/ca.po 2020-05-11 16:28:23.000000000 +0000 @@ -1,6 +1,6 @@ # Portable object template file for the sudoers plugin # This file is put in the public domain. -# Walter Garcia-Fontes , 2016. +# Walter Garcia-Fontes , 2020. # # Glossari # @@ -8,10 +8,10 @@ # tty - el terminal, això prové de l'acrònim en anglès per a teletip (tty) i ara s'usa per a un terminal obert on es pot entrar informació msgid "" msgstr "" -"Project-Id-Version: sudoers 1.8.19b2\n" +"Project-Id-Version: sudoers 1.8.29rc1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2016-12-03 19:24-0700\n" -"PO-Revision-Date: 2016-12-29 17:28+0100\n" +"POT-Creation-Date: 2019-10-21 19:55-0600\n" +"PO-Revision-Date: 2020-03-03 12:42+0100\n" "Last-Translator: Walter Garcia-Fontes \n" "Language-Team: Catalan \n" "Language: ca\n" @@ -45,188 +45,267 @@ msgid "Sorry, try again." msgstr "Ho sentim, proveu un altre cop." -#: gram.y:186 gram.y:234 gram.y:241 gram.y:248 gram.y:255 gram.y:262 -#: gram.y:278 gram.y:301 gram.y:308 gram.y:315 gram.y:322 gram.y:329 -#: gram.y:384 gram.y:392 gram.y:402 gram.y:432 gram.y:439 gram.y:446 -#: gram.y:453 gram.y:565 gram.y:572 gram.y:581 gram.y:590 gram.y:607 -#: gram.y:663 gram.y:670 gram.y:677 gram.y:685 gram.y:781 gram.y:788 -#: gram.y:795 gram.y:802 gram.y:809 gram.y:835 gram.y:842 gram.y:849 -#: gram.y:972 gram.y:1148 gram.y:1155 plugins/sudoers/alias.c:124 -#: plugins/sudoers/alias.c:139 plugins/sudoers/auth/bsdauth.c:141 -#: plugins/sudoers/auth/kerb5.c:119 plugins/sudoers/auth/kerb5.c:145 -#: plugins/sudoers/auth/pam.c:443 plugins/sudoers/auth/rfc1938.c:109 -#: plugins/sudoers/auth/sia.c:59 plugins/sudoers/defaults.c:618 -#: plugins/sudoers/defaults.c:873 plugins/sudoers/defaults.c:1025 -#: plugins/sudoers/editor.c:64 plugins/sudoers/editor.c:82 -#: plugins/sudoers/editor.c:93 plugins/sudoers/env.c:234 -#: plugins/sudoers/gc.c:52 plugins/sudoers/group_plugin.c:134 -#: plugins/sudoers/interfaces.c:71 plugins/sudoers/iolog.c:805 -#: plugins/sudoers/iolog_path.c:167 plugins/sudoers/ldap.c:447 -#: plugins/sudoers/ldap.c:478 plugins/sudoers/ldap.c:530 -#: plugins/sudoers/ldap.c:563 plugins/sudoers/ldap.c:961 -#: plugins/sudoers/ldap.c:1157 plugins/sudoers/ldap.c:1168 -#: plugins/sudoers/ldap.c:1184 plugins/sudoers/ldap.c:1471 -#: plugins/sudoers/ldap.c:1631 plugins/sudoers/ldap.c:1713 -#: plugins/sudoers/ldap.c:1853 plugins/sudoers/ldap.c:1877 -#: plugins/sudoers/ldap.c:1966 plugins/sudoers/ldap.c:1981 -#: plugins/sudoers/ldap.c:2077 plugins/sudoers/ldap.c:2110 -#: plugins/sudoers/ldap.c:2263 plugins/sudoers/ldap.c:2360 -#: plugins/sudoers/ldap.c:3178 plugins/sudoers/ldap.c:3210 -#: plugins/sudoers/ldap.c:3519 plugins/sudoers/ldap.c:3547 -#: plugins/sudoers/ldap.c:3563 plugins/sudoers/ldap.c:3653 -#: plugins/sudoers/ldap.c:3669 plugins/sudoers/linux_audit.c:76 -#: plugins/sudoers/logging.c:188 plugins/sudoers/logging.c:450 -#: plugins/sudoers/logging.c:471 plugins/sudoers/logging.c:683 -#: plugins/sudoers/logging.c:941 plugins/sudoers/match.c:501 -#: plugins/sudoers/match.c:535 plugins/sudoers/match.c:572 -#: plugins/sudoers/match.c:770 plugins/sudoers/match.c:828 -#: plugins/sudoers/parse.c:236 plugins/sudoers/parse.c:248 -#: plugins/sudoers/parse.c:263 plugins/sudoers/parse.c:275 -#: plugins/sudoers/policy.c:405 plugins/sudoers/policy.c:632 -#: plugins/sudoers/prompt.c:93 plugins/sudoers/pwutil.c:139 -#: plugins/sudoers/pwutil.c:210 plugins/sudoers/pwutil.c:286 -#: plugins/sudoers/pwutil.c:457 plugins/sudoers/pwutil.c:522 -#: plugins/sudoers/pwutil.c:591 plugins/sudoers/pwutil.c:749 -#: plugins/sudoers/pwutil.c:806 plugins/sudoers/pwutil.c:851 -#: plugins/sudoers/pwutil.c:908 plugins/sudoers/sssd.c:162 -#: plugins/sudoers/sssd.c:194 plugins/sudoers/sssd.c:237 -#: plugins/sudoers/sssd.c:244 plugins/sudoers/sssd.c:280 -#: plugins/sudoers/sssd.c:390 plugins/sudoers/sssd.c:462 -#: plugins/sudoers/sssd.c:1053 plugins/sudoers/sssd.c:1234 -#: plugins/sudoers/sssd.c:1248 plugins/sudoers/sssd.c:1264 -#: plugins/sudoers/sudoers.c:261 plugins/sudoers/sudoers.c:271 -#: plugins/sudoers/sudoers.c:279 plugins/sudoers/sudoers.c:363 -#: plugins/sudoers/sudoers.c:660 plugins/sudoers/sudoers.c:775 -#: plugins/sudoers/sudoers.c:819 plugins/sudoers/sudoers_debug.c:107 -#: plugins/sudoers/sudoreplay.c:517 plugins/sudoers/sudoreplay.c:716 -#: plugins/sudoers/sudoreplay.c:828 plugins/sudoers/sudoreplay.c:868 -#: plugins/sudoers/sudoreplay.c:877 plugins/sudoers/sudoreplay.c:887 -#: plugins/sudoers/sudoreplay.c:895 plugins/sudoers/sudoreplay.c:899 -#: plugins/sudoers/sudoreplay.c:1055 plugins/sudoers/sudoreplay.c:1059 -#: plugins/sudoers/testsudoers.c:130 plugins/sudoers/testsudoers.c:216 -#: plugins/sudoers/testsudoers.c:233 plugins/sudoers/timestamp.c:374 -#: plugins/sudoers/timestamp.c:418 plugins/sudoers/timestamp.c:834 -#: plugins/sudoers/toke_util.c:56 plugins/sudoers/toke_util.c:109 -#: plugins/sudoers/toke_util.c:146 plugins/sudoers/visudo.c:152 -#: plugins/sudoers/visudo.c:309 plugins/sudoers/visudo.c:315 -#: plugins/sudoers/visudo.c:446 plugins/sudoers/visudo.c:624 -#: plugins/sudoers/visudo.c:964 plugins/sudoers/visudo.c:1030 -#: plugins/sudoers/visudo.c:1074 plugins/sudoers/visudo.c:1171 -#: plugins/sudoers/visudo_json.c:1035 toke.l:832 toke.l:932 toke.l:1090 +#: gram.y:196 gram.y:244 gram.y:251 gram.y:258 gram.y:265 gram.y:272 +#: gram.y:288 gram.y:312 gram.y:319 gram.y:326 gram.y:333 gram.y:340 +#: gram.y:403 gram.y:412 gram.y:423 gram.y:456 gram.y:463 gram.y:470 +#: gram.y:477 gram.y:559 gram.y:566 gram.y:575 gram.y:584 gram.y:601 +#: gram.y:713 gram.y:720 gram.y:727 gram.y:735 gram.y:835 gram.y:842 +#: gram.y:849 gram.y:856 gram.y:863 gram.y:889 gram.y:896 gram.y:903 +#: gram.y:1026 gram.y:1303 plugins/sudoers/alias.c:132 +#: plugins/sudoers/alias.c:139 plugins/sudoers/alias.c:155 +#: plugins/sudoers/auth/bsdauth.c:148 plugins/sudoers/auth/kerb5.c:123 +#: plugins/sudoers/auth/kerb5.c:149 plugins/sudoers/auth/pam.c:670 +#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/auth/sia.c:64 +#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:165 +#: plugins/sudoers/cvtsudoers.c:182 plugins/sudoers/cvtsudoers.c:193 +#: plugins/sudoers/cvtsudoers.c:305 plugins/sudoers/cvtsudoers.c:433 +#: plugins/sudoers/cvtsudoers.c:566 plugins/sudoers/cvtsudoers.c:583 +#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 +#: plugins/sudoers/cvtsudoers.c:769 plugins/sudoers/cvtsudoers.c:1179 +#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1285 +#: plugins/sudoers/cvtsudoers_ldif.c:154 plugins/sudoers/cvtsudoers_ldif.c:197 +#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:263 +#: plugins/sudoers/cvtsudoers_ldif.c:334 plugins/sudoers/cvtsudoers_ldif.c:389 +#: plugins/sudoers/cvtsudoers_ldif.c:397 plugins/sudoers/cvtsudoers_ldif.c:414 +#: plugins/sudoers/cvtsudoers_ldif.c:423 plugins/sudoers/cvtsudoers_ldif.c:570 +#: plugins/sudoers/defaults.c:666 plugins/sudoers/defaults.c:959 +#: plugins/sudoers/defaults.c:1130 plugins/sudoers/editor.c:72 +#: plugins/sudoers/editor.c:90 plugins/sudoers/editor.c:101 +#: plugins/sudoers/env.c:268 plugins/sudoers/filedigest.c:66 +#: plugins/sudoers/filedigest.c:82 plugins/sudoers/gc.c:59 +#: plugins/sudoers/group_plugin.c:138 plugins/sudoers/interfaces.c:78 +#: plugins/sudoers/iolog.c:943 plugins/sudoers/iolog_path.c:174 +#: plugins/sudoers/iolog_util.c:86 plugins/sudoers/iolog_util.c:125 +#: plugins/sudoers/iolog_util.c:134 plugins/sudoers/iolog_util.c:144 +#: plugins/sudoers/iolog_util.c:152 plugins/sudoers/iolog_util.c:156 +#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416 +#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432 +#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887 +#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668 +#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786 +#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022 +#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223 +#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306 +#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446 +#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558 +#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:683 +#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:510 +#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/linux_audit.c:83 +#: plugins/sudoers/logging.c:202 plugins/sudoers/logging.c:532 +#: plugins/sudoers/logging.c:558 plugins/sudoers/logging.c:599 +#: plugins/sudoers/logging.c:740 plugins/sudoers/logging.c:1100 +#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:367 +#: plugins/sudoers/match_command.c:414 plugins/sudoers/match_command.c:485 +#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:200 +#: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:227 +#: plugins/sudoers/parse.c:239 plugins/sudoers/parse_ldif.c:156 +#: plugins/sudoers/parse_ldif.c:187 plugins/sudoers/parse_ldif.c:256 +#: plugins/sudoers/parse_ldif.c:263 plugins/sudoers/parse_ldif.c:268 +#: plugins/sudoers/parse_ldif.c:344 plugins/sudoers/parse_ldif.c:355 +#: plugins/sudoers/parse_ldif.c:361 plugins/sudoers/parse_ldif.c:386 +#: plugins/sudoers/parse_ldif.c:398 plugins/sudoers/parse_ldif.c:402 +#: plugins/sudoers/parse_ldif.c:416 plugins/sudoers/parse_ldif.c:584 +#: plugins/sudoers/parse_ldif.c:614 plugins/sudoers/parse_ldif.c:639 +#: plugins/sudoers/parse_ldif.c:697 plugins/sudoers/parse_ldif.c:714 +#: plugins/sudoers/parse_ldif.c:742 plugins/sudoers/parse_ldif.c:749 +#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:750 +#: plugins/sudoers/prompt.c:100 plugins/sudoers/pwutil.c:199 +#: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 +#: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:586 +#: plugins/sudoers/pwutil.c:657 plugins/sudoers/pwutil.c:816 +#: plugins/sudoers/pwutil.c:873 plugins/sudoers/pwutil.c:917 +#: plugins/sudoers/pwutil.c:975 plugins/sudoers/sssd.c:154 +#: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 +#: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 +#: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 +#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 +#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 +#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 +#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:114 +#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 +#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 +#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 +#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 +#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 +#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 +#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 +#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 +#: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 +#: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 +#: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 +#: plugins/sudoers/visudo.c:1029 plugins/sudoers/visudo.c:1118 toke.l:846 +#: toke.l:947 toke.l:1104 msgid "unable to allocate memory" msgstr "no es pot assignar memòria" -#: gram.y:464 +#: gram.y:488 msgid "a digest requires a path name" msgstr "au un resum li cal un nom de camí" -#: gram.y:1148 gram.y:1155 plugins/sudoers/auth/pam.c:320 -#: plugins/sudoers/auth/pam.c:443 plugins/sudoers/auth/rfc1938.c:109 -#: plugins/sudoers/defaults.c:618 plugins/sudoers/defaults.c:873 -#: plugins/sudoers/defaults.c:1025 plugins/sudoers/editor.c:64 -#: plugins/sudoers/editor.c:82 plugins/sudoers/editor.c:93 -#: plugins/sudoers/env.c:234 plugins/sudoers/gc.c:52 -#: plugins/sudoers/group_plugin.c:134 plugins/sudoers/interfaces.c:71 -#: plugins/sudoers/iolog.c:805 plugins/sudoers/iolog_path.c:167 -#: plugins/sudoers/ldap.c:447 plugins/sudoers/ldap.c:478 -#: plugins/sudoers/ldap.c:530 plugins/sudoers/ldap.c:563 -#: plugins/sudoers/ldap.c:961 plugins/sudoers/ldap.c:1157 -#: plugins/sudoers/ldap.c:1168 plugins/sudoers/ldap.c:1184 -#: plugins/sudoers/ldap.c:1471 plugins/sudoers/ldap.c:1631 -#: plugins/sudoers/ldap.c:1713 plugins/sudoers/ldap.c:1853 -#: plugins/sudoers/ldap.c:1877 plugins/sudoers/ldap.c:1966 -#: plugins/sudoers/ldap.c:1981 plugins/sudoers/ldap.c:2077 -#: plugins/sudoers/ldap.c:2110 plugins/sudoers/ldap.c:2263 -#: plugins/sudoers/ldap.c:2360 plugins/sudoers/ldap.c:3178 -#: plugins/sudoers/ldap.c:3210 plugins/sudoers/ldap.c:3519 -#: plugins/sudoers/ldap.c:3546 plugins/sudoers/ldap.c:3562 -#: plugins/sudoers/ldap.c:3653 plugins/sudoers/ldap.c:3669 -#: plugins/sudoers/linux_audit.c:76 plugins/sudoers/logging.c:188 -#: plugins/sudoers/logging.c:450 plugins/sudoers/logging.c:471 -#: plugins/sudoers/logging.c:941 plugins/sudoers/match.c:500 -#: plugins/sudoers/match.c:534 plugins/sudoers/match.c:572 -#: plugins/sudoers/match.c:770 plugins/sudoers/match.c:827 -#: plugins/sudoers/parse.c:236 plugins/sudoers/parse.c:248 -#: plugins/sudoers/parse.c:263 plugins/sudoers/parse.c:275 -#: plugins/sudoers/policy.c:97 plugins/sudoers/policy.c:106 -#: plugins/sudoers/policy.c:115 plugins/sudoers/policy.c:139 -#: plugins/sudoers/policy.c:250 plugins/sudoers/policy.c:278 -#: plugins/sudoers/policy.c:287 plugins/sudoers/policy.c:326 -#: plugins/sudoers/policy.c:336 plugins/sudoers/policy.c:345 -#: plugins/sudoers/policy.c:354 plugins/sudoers/policy.c:405 -#: plugins/sudoers/policy.c:632 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:139 plugins/sudoers/pwutil.c:210 -#: plugins/sudoers/pwutil.c:286 plugins/sudoers/pwutil.c:457 -#: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:591 -#: plugins/sudoers/pwutil.c:749 plugins/sudoers/pwutil.c:806 -#: plugins/sudoers/pwutil.c:851 plugins/sudoers/pwutil.c:908 -#: plugins/sudoers/set_perms.c:356 plugins/sudoers/set_perms.c:695 -#: plugins/sudoers/set_perms.c:1054 plugins/sudoers/set_perms.c:1350 -#: plugins/sudoers/set_perms.c:1514 plugins/sudoers/sssd.c:162 -#: plugins/sudoers/sssd.c:194 plugins/sudoers/sssd.c:237 -#: plugins/sudoers/sssd.c:244 plugins/sudoers/sssd.c:280 -#: plugins/sudoers/sssd.c:390 plugins/sudoers/sssd.c:462 -#: plugins/sudoers/sssd.c:1053 plugins/sudoers/sssd.c:1233 -#: plugins/sudoers/sssd.c:1248 plugins/sudoers/sssd.c:1264 -#: plugins/sudoers/sudoers.c:261 plugins/sudoers/sudoers.c:271 -#: plugins/sudoers/sudoers.c:279 plugins/sudoers/sudoers.c:363 -#: plugins/sudoers/sudoers.c:660 plugins/sudoers/sudoers.c:775 -#: plugins/sudoers/sudoers.c:819 plugins/sudoers/sudoers_debug.c:106 -#: plugins/sudoers/sudoreplay.c:517 plugins/sudoers/sudoreplay.c:716 -#: plugins/sudoers/sudoreplay.c:828 plugins/sudoers/sudoreplay.c:868 -#: plugins/sudoers/sudoreplay.c:877 plugins/sudoers/sudoreplay.c:887 -#: plugins/sudoers/sudoreplay.c:895 plugins/sudoers/sudoreplay.c:899 -#: plugins/sudoers/sudoreplay.c:1055 plugins/sudoers/sudoreplay.c:1059 -#: plugins/sudoers/testsudoers.c:130 plugins/sudoers/testsudoers.c:216 -#: plugins/sudoers/testsudoers.c:233 plugins/sudoers/timestamp.c:374 -#: plugins/sudoers/timestamp.c:418 plugins/sudoers/timestamp.c:834 -#: plugins/sudoers/toke_util.c:56 plugins/sudoers/toke_util.c:109 -#: plugins/sudoers/toke_util.c:146 plugins/sudoers/visudo.c:152 -#: plugins/sudoers/visudo.c:309 plugins/sudoers/visudo.c:315 -#: plugins/sudoers/visudo.c:446 plugins/sudoers/visudo.c:624 -#: plugins/sudoers/visudo.c:964 plugins/sudoers/visudo.c:1030 -#: plugins/sudoers/visudo.c:1074 plugins/sudoers/visudo.c:1171 -#: plugins/sudoers/visudo_json.c:1035 toke.l:832 toke.l:932 toke.l:1090 +#: gram.y:614 +msgid "invalid notbefore value" +msgstr "valor notbefore no vàlid" + +#: gram.y:622 +msgid "invalid notafter value" +msgstr "valor invàlid de notafter" + +#: gram.y:631 plugins/sudoers/policy.c:320 +msgid "timeout value too large" +msgstr "valor massa llarg de temps d'espera" + +#: gram.y:633 plugins/sudoers/policy.c:322 +msgid "invalid timeout value" +msgstr "valor no vàlid de temps d'espera" + +#: gram.y:1303 plugins/sudoers/auth/pam.c:483 plugins/sudoers/auth/pam.c:670 +#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/cvtsudoers.c:124 +#: plugins/sudoers/cvtsudoers.c:164 plugins/sudoers/cvtsudoers.c:181 +#: plugins/sudoers/cvtsudoers.c:192 plugins/sudoers/cvtsudoers.c:304 +#: plugins/sudoers/cvtsudoers.c:432 plugins/sudoers/cvtsudoers.c:565 +#: plugins/sudoers/cvtsudoers.c:582 plugins/sudoers/cvtsudoers.c:646 +#: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:768 +#: plugins/sudoers/cvtsudoers.c:1179 plugins/sudoers/cvtsudoers.c:1183 +#: plugins/sudoers/cvtsudoers.c:1285 plugins/sudoers/cvtsudoers_ldif.c:153 +#: plugins/sudoers/cvtsudoers_ldif.c:196 plugins/sudoers/cvtsudoers_ldif.c:243 +#: plugins/sudoers/cvtsudoers_ldif.c:262 plugins/sudoers/cvtsudoers_ldif.c:333 +#: plugins/sudoers/cvtsudoers_ldif.c:388 plugins/sudoers/cvtsudoers_ldif.c:396 +#: plugins/sudoers/cvtsudoers_ldif.c:413 plugins/sudoers/cvtsudoers_ldif.c:422 +#: plugins/sudoers/cvtsudoers_ldif.c:569 plugins/sudoers/defaults.c:666 +#: plugins/sudoers/defaults.c:959 plugins/sudoers/defaults.c:1130 +#: plugins/sudoers/editor.c:72 plugins/sudoers/editor.c:90 +#: plugins/sudoers/editor.c:101 plugins/sudoers/env.c:268 +#: plugins/sudoers/filedigest.c:66 plugins/sudoers/filedigest.c:82 +#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:138 +#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:943 +#: plugins/sudoers/iolog_path.c:174 plugins/sudoers/iolog_util.c:86 +#: plugins/sudoers/iolog_util.c:125 plugins/sudoers/iolog_util.c:134 +#: plugins/sudoers/iolog_util.c:144 plugins/sudoers/iolog_util.c:152 +#: plugins/sudoers/iolog_util.c:156 plugins/sudoers/ldap.c:185 +#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723 +#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241 +#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705 +#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921 +#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038 +#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254 +#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342 +#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461 +#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591 +#: plugins/sudoers/ldap_conf.c:682 plugins/sudoers/ldap_conf.c:765 +#: plugins/sudoers/ldap_util.c:510 plugins/sudoers/ldap_util.c:567 +#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:202 +#: plugins/sudoers/logging.c:532 plugins/sudoers/logging.c:558 +#: plugins/sudoers/logging.c:598 plugins/sudoers/logging.c:1100 +#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:366 +#: plugins/sudoers/match_command.c:413 plugins/sudoers/match_command.c:485 +#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:199 +#: plugins/sudoers/parse.c:211 plugins/sudoers/parse.c:226 +#: plugins/sudoers/parse.c:238 plugins/sudoers/parse_ldif.c:155 +#: plugins/sudoers/parse_ldif.c:186 plugins/sudoers/parse_ldif.c:255 +#: plugins/sudoers/parse_ldif.c:262 plugins/sudoers/parse_ldif.c:267 +#: plugins/sudoers/parse_ldif.c:343 plugins/sudoers/parse_ldif.c:354 +#: plugins/sudoers/parse_ldif.c:360 plugins/sudoers/parse_ldif.c:385 +#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:401 +#: plugins/sudoers/parse_ldif.c:415 plugins/sudoers/parse_ldif.c:584 +#: plugins/sudoers/parse_ldif.c:613 plugins/sudoers/parse_ldif.c:638 +#: plugins/sudoers/parse_ldif.c:696 plugins/sudoers/parse_ldif.c:713 +#: plugins/sudoers/parse_ldif.c:741 plugins/sudoers/parse_ldif.c:748 +#: plugins/sudoers/policy.c:134 plugins/sudoers/policy.c:143 +#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:178 +#: plugins/sudoers/policy.c:305 plugins/sudoers/policy.c:320 +#: plugins/sudoers/policy.c:322 plugins/sudoers/policy.c:348 +#: plugins/sudoers/policy.c:358 plugins/sudoers/policy.c:402 +#: plugins/sudoers/policy.c:412 plugins/sudoers/policy.c:421 +#: plugins/sudoers/policy.c:430 plugins/sudoers/policy.c:504 +#: plugins/sudoers/policy.c:750 plugins/sudoers/prompt.c:100 +#: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 +#: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 +#: plugins/sudoers/pwutil.c:586 plugins/sudoers/pwutil.c:657 +#: plugins/sudoers/pwutil.c:816 plugins/sudoers/pwutil.c:873 +#: plugins/sudoers/pwutil.c:917 plugins/sudoers/pwutil.c:975 +#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 +#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 +#: plugins/sudoers/set_perms.c:1659 plugins/sudoers/sssd.c:153 +#: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 +#: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 +#: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 +#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 +#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 +#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 +#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:113 +#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 +#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 +#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 +#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 +#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 +#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 +#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 +#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 +#: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 +#: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 +#: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 +#: plugins/sudoers/visudo.c:1029 plugins/sudoers/visudo.c:1118 toke.l:846 +#: toke.l:947 toke.l:1104 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: plugins/sudoers/alias.c:135 +#: plugins/sudoers/alias.c:151 #, c-format msgid "Alias \"%s\" already defined" msgstr "L'àlies «%s» ja està definit" -#: plugins/sudoers/auth/bsdauth.c:68 +#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:801 +msgid "unable to fork" +msgstr "no es pot bifurcar" + +#: plugins/sudoers/auth/aix_auth.c:283 +#, c-format +msgid "unable to change password for %s" +msgstr "no s'ha pogut canviar la contrasenya per a %s" + +#: plugins/sudoers/auth/bsdauth.c:75 #, c-format msgid "unable to get login class for user %s" msgstr "no s'ha pogut obtenir la classe d'inici de sessió per a l'usuari %s" -#: plugins/sudoers/auth/bsdauth.c:73 +#: plugins/sudoers/auth/bsdauth.c:80 msgid "unable to begin bsd authentication" msgstr "no s'ha pogut iniciar l'autenticació bsd" -#: plugins/sudoers/auth/bsdauth.c:81 +#: plugins/sudoers/auth/bsdauth.c:88 msgid "invalid authentication type" msgstr "tipus no vàlida d'autenticació" -#: plugins/sudoers/auth/bsdauth.c:90 +#: plugins/sudoers/auth/bsdauth.c:97 msgid "unable to initialize BSD authentication" msgstr "no s'ha pogut inicialitzar l'autenticació BSD" -#: plugins/sudoers/auth/fwtk.c:52 +#: plugins/sudoers/auth/bsdauth.c:185 +msgid "your account has expired" +msgstr "el vostre compte ha caducat" + +#: plugins/sudoers/auth/bsdauth.c:187 +msgid "approval failed" +msgstr "ha fallat l'aprovació" + +#: plugins/sudoers/auth/fwtk.c:59 msgid "unable to read fwtk config" msgstr "no s'ha pogut llegir la configuració fwtk" -#: plugins/sudoers/auth/fwtk.c:57 +#: plugins/sudoers/auth/fwtk.c:64 msgid "unable to connect to authentication server" msgstr "no s'ha pogut connectar al servidor d'autenticació" -#: plugins/sudoers/auth/fwtk.c:63 plugins/sudoers/auth/fwtk.c:87 -#: plugins/sudoers/auth/fwtk.c:121 +#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:126 msgid "lost connection to authentication server" msgstr "s'ha perdut la connexió al servidor d'autenticació" -#: plugins/sudoers/auth/fwtk.c:67 +#: plugins/sudoers/auth/fwtk.c:74 #, c-format msgid "" "authentication server error:\n" @@ -235,155 +314,161 @@ "error de servidor d'autenticació:\n" "%s" -#: plugins/sudoers/auth/kerb5.c:111 +#: plugins/sudoers/auth/kerb5.c:115 #, c-format msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "%s: no s'ha pogut convertir el principal a la cadena de caràcters ('%s'): %s" -#: plugins/sudoers/auth/kerb5.c:161 +#: plugins/sudoers/auth/kerb5.c:165 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: no s'ha pogut analitzar '%s': %s" -#: plugins/sudoers/auth/kerb5.c:170 +#: plugins/sudoers/auth/kerb5.c:174 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "%s: no s'ha pogut resoldre el cau de credencials : %s" -#: plugins/sudoers/auth/kerb5.c:217 +#: plugins/sudoers/auth/kerb5.c:221 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: no s'han pogut assignar les opcions: %s" -#: plugins/sudoers/auth/kerb5.c:232 +#: plugins/sudoers/auth/kerb5.c:236 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: no s'ha pogut obtenir les credencials: %s" -#: plugins/sudoers/auth/kerb5.c:245 +#: plugins/sudoers/auth/kerb5.c:249 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s: no s'ha pogut inicialitzar el cau de credencials: %s" -#: plugins/sudoers/auth/kerb5.c:248 +#: plugins/sudoers/auth/kerb5.c:252 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s: no s'ha pogut emmagatzemar la credencial al cau: %s" -#: plugins/sudoers/auth/kerb5.c:312 +#: plugins/sudoers/auth/kerb5.c:316 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: no s'ha pogut obtenir el principal de l'amfitrió: %s" -#: plugins/sudoers/auth/kerb5.c:326 +#: plugins/sudoers/auth/kerb5.c:330 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: No s'ha pogut verificar TGT! Possible atac!: %s" -#: plugins/sudoers/auth/pam.c:108 -msgid "unable to initialize PAM" -msgstr "No s'ha pogut inicialitzar PAM" +#: plugins/sudoers/auth/pam.c:223 +#, c-format +msgid "unable to initialize PAM: %s" +msgstr "no s'ha pogut inicialitzar PAM: %s" -#: plugins/sudoers/auth/pam.c:194 +#: plugins/sudoers/auth/pam.c:319 +#, c-format +msgid "PAM authentication error: %s" +msgstr "Error d'autenticació PAM: %s" + +#: plugins/sudoers/auth/pam.c:338 msgid "account validation failure, is your account locked?" msgstr "fallada de validació de compte, està bloquejat el vostre compte?" -#: plugins/sudoers/auth/pam.c:198 +#: plugins/sudoers/auth/pam.c:349 msgid "Account or password is expired, reset your password and try again" msgstr "Ha expirat el compte o la contrasenya, restabliu la vostra contrasenya i proveu un altre cop" -#: plugins/sudoers/auth/pam.c:206 +#: plugins/sudoers/auth/pam.c:355 #, c-format msgid "unable to change expired password: %s" msgstr "no s'ha pogut canviar la contrasenya expirada: %s" -#: plugins/sudoers/auth/pam.c:211 +#: plugins/sudoers/auth/pam.c:366 msgid "Password expired, contact your system administrator" msgstr "Ha expirat la contrasenya, contacteu el vostre administrador de sistema" -#: plugins/sudoers/auth/pam.c:215 +#: plugins/sudoers/auth/pam.c:371 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Ha expirat el compte o la configuració PAM no té una secció \"compte\" per a sudo, contacteu el vostre administrador de sistema" -#: plugins/sudoers/auth/pam.c:229 +#: plugins/sudoers/auth/pam.c:379 plugins/sudoers/auth/pam.c:384 #, c-format -msgid "PAM authentication error: %s" -msgstr "Error d'autenticació PAM: %s" +msgid "PAM account management error: %s" +msgstr "Error de gestió de compte PAM: %s" -#: plugins/sudoers/auth/rfc1938.c:97 plugins/sudoers/visudo.c:226 +#: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:248 #, c-format msgid "you do not exist in the %s database" msgstr "no existiu a la base de dades %s" -#: plugins/sudoers/auth/securid5.c:73 +#: plugins/sudoers/auth/securid5.c:77 msgid "failed to initialise the ACE API library" msgstr "ha fallat la inicialització de la biblioteca ACE API" -#: plugins/sudoers/auth/securid5.c:99 +#: plugins/sudoers/auth/securid5.c:103 msgid "unable to contact the SecurID server" msgstr "no s'ha pogut contactar el servidor SecurID" -#: plugins/sudoers/auth/securid5.c:108 +#: plugins/sudoers/auth/securid5.c:112 msgid "User ID locked for SecurID Authentication" msgstr "L'ID de l'usuari esta bloquejat per a Autenticació SecurID" -#: plugins/sudoers/auth/securid5.c:112 plugins/sudoers/auth/securid5.c:163 +#: plugins/sudoers/auth/securid5.c:116 plugins/sudoers/auth/securid5.c:167 msgid "invalid username length for SecurID" msgstr "nom d'usuari no vàlid per a SecurID" -#: plugins/sudoers/auth/securid5.c:116 plugins/sudoers/auth/securid5.c:168 +#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:172 msgid "invalid Authentication Handle for SecurID" msgstr "Mànec d'Autenticació no vàlid per a SecurID" -#: plugins/sudoers/auth/securid5.c:120 +#: plugins/sudoers/auth/securid5.c:124 msgid "SecurID communication failed" msgstr "Ha fallat la comunicació SecurID" -#: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:213 +#: plugins/sudoers/auth/securid5.c:128 plugins/sudoers/auth/securid5.c:217 msgid "unknown SecurID error" msgstr "error desconegut de SecurID" -#: plugins/sudoers/auth/securid5.c:158 +#: plugins/sudoers/auth/securid5.c:162 msgid "invalid passcode length for SecurID" msgstr "longitud no vàlida de contrasenya per a SecurID" -#: plugins/sudoers/auth/sia.c:69 plugins/sudoers/auth/sia.c:125 +#: plugins/sudoers/auth/sia.c:74 plugins/sudoers/auth/sia.c:129 msgid "unable to initialize SIA session" msgstr "no s'ha pogut inicialitzar la sessió SIA" -#: plugins/sudoers/auth/sudo_auth.c:126 +#: plugins/sudoers/auth/sudo_auth.c:138 msgid "invalid authentication methods" msgstr "mètodes no vàlids d'autenticació" -#: plugins/sudoers/auth/sudo_auth.c:128 +#: plugins/sudoers/auth/sudo_auth.c:140 msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication." msgstr "Mètodes no vàlids d'autenticació compilats dins del sudo! No podeu barrejar l'autenticació independent i no independent." -#: plugins/sudoers/auth/sudo_auth.c:224 plugins/sudoers/auth/sudo_auth.c:274 +#: plugins/sudoers/auth/sudo_auth.c:261 plugins/sudoers/auth/sudo_auth.c:311 msgid "no authentication methods" msgstr "no hi ha mètodes d'autenticació" -#: plugins/sudoers/auth/sudo_auth.c:226 +#: plugins/sudoers/auth/sudo_auth.c:263 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "No hi ha mètodes d'autenticació compilats dins del sudo! Si voleu deshabilitar l'autenticació, useu l'opció de configuració --disable-authentication" -#: plugins/sudoers/auth/sudo_auth.c:276 +#: plugins/sudoers/auth/sudo_auth.c:313 msgid "Unable to initialize authentication methods." msgstr "No s'han pogut inicialitzar els mètodes d'autenticació." -#: plugins/sudoers/auth/sudo_auth.c:441 +#: plugins/sudoers/auth/sudo_auth.c:479 msgid "Authentication methods:" msgstr "Mètodes d'autenticació:" -#: plugins/sudoers/bsm_audit.c:111 plugins/sudoers/bsm_audit.c:200 +#: plugins/sudoers/bsm_audit.c:125 plugins/sudoers/bsm_audit.c:217 msgid "Could not determine audit condition" msgstr "No s'ha pogut determinar la condició d'auditoria" -#: plugins/sudoers/bsm_audit.c:172 plugins/sudoers/bsm_audit.c:260 +#: plugins/sudoers/bsm_audit.c:190 plugins/sudoers/bsm_audit.c:281 msgid "unable to commit audit record" msgstr "no s'ha pogut validar el registre d'auditoria" -#: plugins/sudoers/check.c:252 +#: plugins/sudoers/check.c:269 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -403,811 +488,1072 @@ " #3) Tenir molt de poder està associat amb tenir molta responsabilitat.\n" "\n" -#: plugins/sudoers/check.c:295 plugins/sudoers/check.c:305 -#: plugins/sudoers/sudoers.c:696 plugins/sudoers/sudoers.c:738 +#: plugins/sudoers/check.c:312 plugins/sudoers/check.c:322 +#: plugins/sudoers/sudoers.c:700 plugins/sudoers/sudoers.c:748 +#: plugins/sudoers/tsdump.c:126 #, c-format msgid "unknown uid: %u" msgstr "uid desconegut: %u" -#: plugins/sudoers/check.c:300 plugins/sudoers/iolog.c:235 -#: plugins/sudoers/policy.c:805 plugins/sudoers/sudoers.c:1127 -#: plugins/sudoers/testsudoers.c:207 plugins/sudoers/testsudoers.c:365 +#: plugins/sudoers/check.c:317 plugins/sudoers/iolog.c:255 +#: plugins/sudoers/policy.c:921 plugins/sudoers/sudoers.c:1163 +#: plugins/sudoers/testsudoers.c:227 plugins/sudoers/testsudoers.c:400 #, c-format msgid "unknown user: %s" msgstr "usuari desconegut: %s" -#: plugins/sudoers/def_data.c:27 +#: plugins/sudoers/cvtsudoers.c:199 +#, c-format +msgid "order increment: %s: %s" +msgstr "increment d'ordre: %s: %s" + +#: plugins/sudoers/cvtsudoers.c:215 +#, c-format +msgid "starting order: %s: %s" +msgstr "ordre d'inici: %s: %s" + +#: plugins/sudoers/cvtsudoers.c:225 +#, c-format +msgid "order padding: %s: %s" +msgstr "ordre de farciment: %s: %s" + +#: plugins/sudoers/cvtsudoers.c:233 plugins/sudoers/sudoreplay.c:289 +#: plugins/sudoers/visudo.c:184 +#, c-format +msgid "%s version %s\n" +msgstr "%s versió %s\n" + +#: plugins/sudoers/cvtsudoers.c:235 plugins/sudoers/visudo.c:186 +#, c-format +msgid "%s grammar version %d\n" +msgstr "%s versió de la gramàtica %d\n" + +#: plugins/sudoers/cvtsudoers.c:252 plugins/sudoers/testsudoers.c:175 +#, c-format +msgid "unsupported input format %s" +msgstr "format d'entrada %s no suportat" + +#: plugins/sudoers/cvtsudoers.c:267 +#, c-format +msgid "unsupported output format %s" +msgstr "format de sortida %s no suportat" + +#: plugins/sudoers/cvtsudoers.c:319 +#, c-format +msgid "%s: input and output files must be different" +msgstr "%s: els fitxers d'entrada i de sortida han de ser diferents" + +#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:176 +#: plugins/sudoers/testsudoers.c:266 plugins/sudoers/visudo.c:254 +#: plugins/sudoers/visudo.c:610 plugins/sudoers/visudo.c:933 +msgid "unable to initialize sudoers default values" +msgstr "no s'han pogut inicialitzar el valors predeterminats dels sudoers" + +#: plugins/sudoers/cvtsudoers.c:421 plugins/sudoers/ldap_conf.c:436 +#, c-format +msgid "%s: %s: %s: %s" +msgstr "%s: %s: %s: %s" + +#: plugins/sudoers/cvtsudoers.c:480 +#, c-format +msgid "%s: unknown key word: %s" +msgstr "%s: paraula clau desconeguda: %s" + +#: plugins/sudoers/cvtsudoers.c:526 +#, c-format +msgid "invalid defaults type: %s" +msgstr "tipus no vàlid de valors predeterminats: %s" + +#: plugins/sudoers/cvtsudoers.c:549 +#, c-format +msgid "invalid suppression type: %s" +msgstr "opció no vàlida de supressió: %s" + +#: plugins/sudoers/cvtsudoers.c:589 plugins/sudoers/cvtsudoers.c:603 +#, c-format +msgid "invalid filter: %s" +msgstr "filtre no vàlid: %s" + +#: plugins/sudoers/cvtsudoers.c:622 plugins/sudoers/cvtsudoers.c:639 +#: plugins/sudoers/cvtsudoers.c:1245 plugins/sudoers/cvtsudoers_json.c:1130 +#: plugins/sudoers/cvtsudoers_ldif.c:643 plugins/sudoers/iolog.c:413 +#: plugins/sudoers/iolog_util.c:75 plugins/sudoers/sudoers.c:914 +#: plugins/sudoers/sudoreplay.c:338 plugins/sudoers/sudoreplay.c:1431 +#: plugins/sudoers/timestamp.c:448 plugins/sudoers/tsdump.c:135 +#: plugins/sudoers/visudo.c:929 +#, c-format +msgid "unable to open %s" +msgstr "no s'ha pogut obrir %s" + +#: plugins/sudoers/cvtsudoers.c:642 plugins/sudoers/visudo.c:938 +#, c-format +msgid "failed to parse %s file, unknown error" +msgstr "no s'ha pogut analitzar el fitxer %s, error desconegut" + +#: plugins/sudoers/cvtsudoers.c:650 plugins/sudoers/visudo.c:955 +#, c-format +msgid "parse error in %s near line %d\n" +msgstr "error d'anàlisi a %s a prop de la línia %d\n" + +#: plugins/sudoers/cvtsudoers.c:653 plugins/sudoers/visudo.c:958 +#, c-format +msgid "parse error in %s\n" +msgstr "error d'anàlisi a %s\n" + +#: plugins/sudoers/cvtsudoers.c:1292 plugins/sudoers/iolog.c:500 +#: plugins/sudoers/sudoreplay.c:1135 plugins/sudoers/timestamp.c:332 +#: plugins/sudoers/timestamp.c:335 +#, c-format +msgid "unable to write to %s" +msgstr "no s'ha pogut escriure a %s" + +#: plugins/sudoers/cvtsudoers.c:1315 +#, c-format +msgid "" +"%s - convert between sudoers file formats\n" +"\n" +msgstr "" +"%s - converteix entre formats de fitxer de sudoers\n" +"\n" + +#: plugins/sudoers/cvtsudoers.c:1317 +msgid "" +"\n" +"Options:\n" +" -b, --base=dn the base DN for sudo LDAP queries\n" +" -c, --config=conf_file the path to the configuration file\n" +" -d, --defaults=deftypes only convert Defaults of the specified types\n" +" -e, --expand-aliases expand aliases when converting\n" +" -f, --output-format=format set output format: JSON, LDIF or sudoers\n" +" -i, --input-format=format set input format: LDIF or sudoers\n" +" -I, --increment=num amount to increase each sudoOrder by\n" +" -h, --help display help message and exit\n" +" -m, --match=filter only convert entries that match the filter\n" +" -M, --match-local match filter uses passwd and group databases\n" +" -o, --output=output_file write converted sudoers to output_file\n" +" -O, --order-start=num starting point for first sudoOrder\n" +" -p, --prune-matches prune non-matching users, groups and hosts\n" +" -P, --padding=num base padding for sudoOrder increment\n" +" -s, --suppress=sections suppress output of certain sections\n" +" -V, --version display version information and exit" +msgstr "" +"\n" +"Options:\n" +" -b, --base=dn el DN de base per a demandes LDAP de sudo\n" +" -c, --config=conf_file el camí al fitxer de configuració\n" +" -d, --defaults=deftypes convertieix únicament valors predeterminats dels tipus especificats\n" +" -e, --expand-aliases expandeix els alias a les conversions\n" +" -f, --output-format=format estableix el format de sortida: JSON, LDIF o sudoers\n" +" -i, --input-format=format estableix el format d'entrada: LDIF o sudoers\n" +" -I, --increment=num quantitat a incrementar cada sudoOrder per\n" +" -h, --help mostra el missatge d'ajuda i surt\n" +" -m, --match=filter converteix sols les entrades que concorden amb el filtre\n" +" -M, --match-local el filtre de concordar usa passwd i bases de dades de grup\n" +" -o, --output=output_file escriu el sudoers convertit a output_file\n" +" -O, --order-start=num punt d'inici del primer sudoOrder\n" +" -p, --prune-matches neteja els usuaris, grups i amfitrions no concordats\n" +" -P, --padding=num farciment de base per a l'increment de sudoOrder\n" +" -s, --suppress=sections suprimeix la sortida de certes seccions\n" +" -V, --version mostra la informació de versió i surt" + +#: plugins/sudoers/cvtsudoers_json.c:684 plugins/sudoers/cvtsudoers_json.c:720 +#: plugins/sudoers/cvtsudoers_json.c:938 +#, c-format +msgid "unknown defaults entry \"%s\"" +msgstr "entrada «%s» desconeguda de paràmetres predeterminats" + +#: plugins/sudoers/cvtsudoers_json.c:858 plugins/sudoers/cvtsudoers_json.c:873 +#: plugins/sudoers/cvtsudoers_ldif.c:308 plugins/sudoers/cvtsudoers_ldif.c:319 +#: plugins/sudoers/ldap.c:482 +msgid "unable to get GMT time" +msgstr "no s'ha pogut obtenir l'hora GMT" + +#: plugins/sudoers/cvtsudoers_json.c:861 plugins/sudoers/cvtsudoers_json.c:876 +#: plugins/sudoers/cvtsudoers_ldif.c:311 plugins/sudoers/cvtsudoers_ldif.c:322 +#: plugins/sudoers/ldap.c:488 +msgid "unable to format timestamp" +msgstr "no s'ha pogut donar format a la marca horària" + +#: plugins/sudoers/cvtsudoers_ldif.c:526 plugins/sudoers/env.c:330 +#: plugins/sudoers/env.c:337 plugins/sudoers/env.c:442 +#: plugins/sudoers/ldap.c:496 plugins/sudoers/ldap.c:727 +#: plugins/sudoers/ldap.c:1060 plugins/sudoers/ldap_conf.c:227 +#: plugins/sudoers/ldap_conf.c:317 plugins/sudoers/linux_audit.c:89 +#: plugins/sudoers/logging.c:1105 plugins/sudoers/policy.c:625 +#: plugins/sudoers/policy.c:635 plugins/sudoers/prompt.c:168 +#: plugins/sudoers/sudoers.c:852 plugins/sudoers/testsudoers.c:257 +#: plugins/sudoers/toke_util.c:161 +#, c-format +msgid "internal error, %s overflow" +msgstr "error intern, desbordament de %s" + +#: plugins/sudoers/cvtsudoers_ldif.c:595 +#, c-format +msgid "too many sudoers entries, maximum %u" +msgstr "massa entrades sudoers, el màxim és %u" + +#: plugins/sudoers/cvtsudoers_ldif.c:638 +msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." +msgstr "la variable d'entorn SUDOERS_BASE no està establerta i no s'ha especificat l'opció -b" + +#: plugins/sudoers/def_data.c:42 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" msgstr "Eina syslog si s'està usant syslog per als registres: %s" -#: plugins/sudoers/def_data.c:31 +#: plugins/sudoers/def_data.c:46 #, c-format msgid "Syslog priority to use when user authenticates successfully: %s" msgstr "Prioritat de syslog a usar quan l'usuari s'autentica amb èxit: %s" -#: plugins/sudoers/def_data.c:35 +#: plugins/sudoers/def_data.c:50 #, c-format msgid "Syslog priority to use when user authenticates unsuccessfully: %s" msgstr "Prioritat de syslog a usar quan l'usuari no té èxit a autenticar- %s" -#: plugins/sudoers/def_data.c:39 +#: plugins/sudoers/def_data.c:54 msgid "Put OTP prompt on its own line" msgstr "Poseu la pregunta OTP a la seva pròpia línia" -#: plugins/sudoers/def_data.c:43 +#: plugins/sudoers/def_data.c:58 msgid "Ignore '.' in $PATH" msgstr "Ignoreu '.' al $PATH" -#: plugins/sudoers/def_data.c:47 +#: plugins/sudoers/def_data.c:62 msgid "Always send mail when sudo is run" msgstr "Envia sempre correu electrònic quan s'executi sudo" -#: plugins/sudoers/def_data.c:51 +#: plugins/sudoers/def_data.c:66 msgid "Send mail if user authentication fails" msgstr "Envia correu electrònic si falla l'autenticació de l'usuari" -#: plugins/sudoers/def_data.c:55 +#: plugins/sudoers/def_data.c:70 msgid "Send mail if the user is not in sudoers" msgstr "Envia correu electrònic si l'usuari no està als sudoers" -#: plugins/sudoers/def_data.c:59 +#: plugins/sudoers/def_data.c:74 msgid "Send mail if the user is not in sudoers for this host" msgstr "Envia el correu electrònic si l'usuari no està als sudoers per a aquesta amfitrió" -#: plugins/sudoers/def_data.c:63 +#: plugins/sudoers/def_data.c:78 msgid "Send mail if the user is not allowed to run a command" msgstr "Envia correu electrònic si l'usuari no té permís per executar aquesta ordre" -#: plugins/sudoers/def_data.c:67 +#: plugins/sudoers/def_data.c:82 msgid "Send mail if the user tries to run a command" msgstr "Envia correu electrònic si l'usuari intenta executar una ordre" -#: plugins/sudoers/def_data.c:71 +#: plugins/sudoers/def_data.c:86 msgid "Use a separate timestamp for each user/tty combo" msgstr "Usa una marca horària separada per a cada combinació usuari/terminal" -#: plugins/sudoers/def_data.c:75 +#: plugins/sudoers/def_data.c:90 msgid "Lecture user the first time they run sudo" msgstr "Dóna una llissó a l'usuari cada cop que executi sudo" -#: plugins/sudoers/def_data.c:79 +#: plugins/sudoers/def_data.c:94 #, c-format msgid "File containing the sudo lecture: %s" msgstr "Fitxer que conté la llissó de sudo: %s" -#: plugins/sudoers/def_data.c:83 +#: plugins/sudoers/def_data.c:98 msgid "Require users to authenticate by default" msgstr "Requereix de forma predeterminada que els usuaris s'autentiquin" -#: plugins/sudoers/def_data.c:87 +#: plugins/sudoers/def_data.c:102 msgid "Root may run sudo" msgstr "L'usuari primari pot executar sudo" -#: plugins/sudoers/def_data.c:91 +#: plugins/sudoers/def_data.c:106 msgid "Log the hostname in the (non-syslog) log file" msgstr "Registra el nom del sistema amfitrió al fitxer de registre (que no és syslog)" -#: plugins/sudoers/def_data.c:95 +#: plugins/sudoers/def_data.c:110 msgid "Log the year in the (non-syslog) log file" msgstr "Registra l'any al fitxer de registre (que no és syslog)" -#: plugins/sudoers/def_data.c:99 +#: plugins/sudoers/def_data.c:114 msgid "If sudo is invoked with no arguments, start a shell" msgstr "Si sudo s'invoca sense arguments, inicia un intèrpret d'ordres" -#: plugins/sudoers/def_data.c:103 +#: plugins/sudoers/def_data.c:118 msgid "Set $HOME to the target user when starting a shell with -s" msgstr "Estableix $HOME per a l'usuari destí quan s'inicia un d'ordres amb -s" -#: plugins/sudoers/def_data.c:107 +#: plugins/sudoers/def_data.c:122 msgid "Always set $HOME to the target user's home directory" msgstr "Estableix sempre $HOME al directori de l'usuari destí" -#: plugins/sudoers/def_data.c:111 +#: plugins/sudoers/def_data.c:126 msgid "Allow some information gathering to give useful error messages" msgstr "Permet recollir alguna informació per donar missatges d'error útils" -#: plugins/sudoers/def_data.c:115 +#: plugins/sudoers/def_data.c:130 msgid "Require fully-qualified hostnames in the sudoers file" msgstr "Requereix noms de sistema amfitrió qualificats completament al sudoers" -#: plugins/sudoers/def_data.c:119 +#: plugins/sudoers/def_data.c:134 msgid "Insult the user when they enter an incorrect password" msgstr "Insulta a l'usuari quen entri una contrasenya incorrecta" -#: plugins/sudoers/def_data.c:123 +#: plugins/sudoers/def_data.c:138 msgid "Only allow the user to run sudo if they have a tty" msgstr "Permet a l'usuari executar sudo únicament si té un terminal" -#: plugins/sudoers/def_data.c:127 +#: plugins/sudoers/def_data.c:142 msgid "Visudo will honor the EDITOR environment variable" msgstr "Visudo tindrà en compte la variable d'entorn EDITOR" -#: plugins/sudoers/def_data.c:131 +#: plugins/sudoers/def_data.c:146 msgid "Prompt for root's password, not the users's" msgstr "Pregunta per la contrasenya de l'usuari primari, no la de l'usuari normal" -#: plugins/sudoers/def_data.c:135 +#: plugins/sudoers/def_data.c:150 msgid "Prompt for the runas_default user's password, not the users's" msgstr "Pregunta per la contrasenya de l'usuari runas_default, no la de l'usuari normal" -#: plugins/sudoers/def_data.c:139 +#: plugins/sudoers/def_data.c:154 msgid "Prompt for the target user's password, not the users's" msgstr "Pregunta per la contrasenya de l'usuari destí, no la de l'usuari normal" -#: plugins/sudoers/def_data.c:143 +#: plugins/sudoers/def_data.c:158 msgid "Apply defaults in the target user's login class if there is one" msgstr "Aplica els paràmetres predeterminats a la classe d'inici de sessió de l'usuari destí si hi ha una" -#: plugins/sudoers/def_data.c:147 +#: plugins/sudoers/def_data.c:162 msgid "Set the LOGNAME and USER environment variables" msgstr "Estableix les variables d'entorn LOGNAME i USER" -#: plugins/sudoers/def_data.c:151 +#: plugins/sudoers/def_data.c:166 msgid "Only set the effective uid to the target user, not the real uid" msgstr "Estableix únicament l'uid efectiu de l'usuari destí, no l'uid real" -#: plugins/sudoers/def_data.c:155 +#: plugins/sudoers/def_data.c:170 msgid "Don't initialize the group vector to that of the target user" msgstr "No inicialitzis el vector de grup perquè coincideixi amb el de l'usuari destí" -#: plugins/sudoers/def_data.c:159 +#: plugins/sudoers/def_data.c:174 #, c-format msgid "Length at which to wrap log file lines (0 for no wrap): %u" msgstr "longitud a la qual ajustar les línies del fitxer de registres (0 per a no ajustar): %u" -#: plugins/sudoers/def_data.c:163 +#: plugins/sudoers/def_data.c:178 #, c-format msgid "Authentication timestamp timeout: %.1f minutes" msgstr "Temps màxim d'espera per a la marca horària de l'autenticació: %.1f minuts" -#: plugins/sudoers/def_data.c:167 +#: plugins/sudoers/def_data.c:182 #, c-format msgid "Password prompt timeout: %.1f minutes" msgstr "Temps màxim d'espera per a la pregunta de la contrasenya: %.1f minuts" -#: plugins/sudoers/def_data.c:171 +#: plugins/sudoers/def_data.c:186 #, c-format msgid "Number of tries to enter a password: %u" msgstr "Nombre de intents per entrar una contrasenya: %u" -#: plugins/sudoers/def_data.c:175 +#: plugins/sudoers/def_data.c:190 #, c-format msgid "Umask to use or 0777 to use user's: 0%o" msgstr "Umask a usar o 0777 per usar la de l'usuari: 0%o" -#: plugins/sudoers/def_data.c:179 +#: plugins/sudoers/def_data.c:194 #, c-format msgid "Path to log file: %s" msgstr "Camí al fitxer de registre: %s" -#: plugins/sudoers/def_data.c:183 +#: plugins/sudoers/def_data.c:198 #, c-format msgid "Path to mail program: %s" msgstr "Camí al programa de correu electrònic: %s" -#: plugins/sudoers/def_data.c:187 +#: plugins/sudoers/def_data.c:202 #, c-format msgid "Flags for mail program: %s" msgstr "Indicadors per al programa de correu electrònic: %s" -#: plugins/sudoers/def_data.c:191 +#: plugins/sudoers/def_data.c:206 #, c-format msgid "Address to send mail to: %s" msgstr "Adreça per enviar correu electrònic: %s" -#: plugins/sudoers/def_data.c:195 +#: plugins/sudoers/def_data.c:210 #, c-format msgid "Address to send mail from: %s" msgstr "Adreça per enviar correu electrònic des de: %s" -#: plugins/sudoers/def_data.c:199 +#: plugins/sudoers/def_data.c:214 #, c-format msgid "Subject line for mail messages: %s" msgstr "Línia d'assumpte per als missatges de correu electrònic: %s" -#: plugins/sudoers/def_data.c:203 +#: plugins/sudoers/def_data.c:218 #, c-format msgid "Incorrect password message: %s" msgstr "Missatge de contrasenya incorrecta: %s" -#: plugins/sudoers/def_data.c:207 +#: plugins/sudoers/def_data.c:222 #, c-format msgid "Path to lecture status dir: %s" msgstr "Camí al directori d'estat de la llissó: %s" -#: plugins/sudoers/def_data.c:211 +#: plugins/sudoers/def_data.c:226 #, c-format msgid "Path to authentication timestamp dir: %s" msgstr "Camí del directori de marques horàries d'autenticació: %s" -#: plugins/sudoers/def_data.c:215 +#: plugins/sudoers/def_data.c:230 #, c-format msgid "Owner of the authentication timestamp dir: %s" msgstr "Propietari del directori de marques horàries d'autenticació: %s" -#: plugins/sudoers/def_data.c:219 +#: plugins/sudoers/def_data.c:234 #, c-format msgid "Users in this group are exempt from password and PATH requirements: %s" msgstr "Els usuaris d'aquest grup estan exempts dels requeriments contrasenya i PATH: %s" -#: plugins/sudoers/def_data.c:223 +#: plugins/sudoers/def_data.c:238 #, c-format msgid "Default password prompt: %s" msgstr "Pregunta predeterminada de contrasenya: %s" -#: plugins/sudoers/def_data.c:227 +#: plugins/sudoers/def_data.c:242 msgid "If set, passprompt will override system prompt in all cases." msgstr "Si està establert, la pregunta de contrasenya primarà sobre la pregunta del sistema en tots els casos." -#: plugins/sudoers/def_data.c:231 +#: plugins/sudoers/def_data.c:246 #, c-format msgid "Default user to run commands as: %s" msgstr "Usuari predeterminat per executar ordres com a: %s" -#: plugins/sudoers/def_data.c:235 +#: plugins/sudoers/def_data.c:250 #, c-format msgid "Value to override user's $PATH with: %s" msgstr "Valor per anul·lar el $PATH de l'usuari amb: %s" -#: plugins/sudoers/def_data.c:239 +#: plugins/sudoers/def_data.c:254 #, c-format msgid "Path to the editor for use by visudo: %s" msgstr "Camí a l'editor a usar per visudo: %s" -#: plugins/sudoers/def_data.c:243 +#: plugins/sudoers/def_data.c:258 #, c-format msgid "When to require a password for 'list' pseudocommand: %s" msgstr "Quan requerir una contrasenya per a la pseudo-ordre 'list': %s" -#: plugins/sudoers/def_data.c:247 +#: plugins/sudoers/def_data.c:262 #, c-format msgid "When to require a password for 'verify' pseudocommand: %s" msgstr "Quan requerir una contrasenya per a la pseudo-ordre 'verify': %s" -#: plugins/sudoers/def_data.c:251 +#: plugins/sudoers/def_data.c:266 msgid "Preload the dummy exec functions contained in the sudo_noexec library" msgstr "Pre-carrega les funcions dummy exex contingudes a la biblioteca sudo_noexec" -#: plugins/sudoers/def_data.c:255 +#: plugins/sudoers/def_data.c:270 msgid "If LDAP directory is up, do we ignore local sudoers file" msgstr "Si el directori LDAP està actiu, ignorem el fitxer local sudoers?" -#: plugins/sudoers/def_data.c:259 +#: plugins/sudoers/def_data.c:274 #, c-format msgid "File descriptors >= %d will be closed before executing a command" msgstr "Els descriptors de fitxer >= %d es tancaran abans d'executar una ordre" -#: plugins/sudoers/def_data.c:263 +#: plugins/sudoers/def_data.c:278 msgid "If set, users may override the value of `closefrom' with the -C option" msgstr "Si està establert, els usuaris podran anul·lar el valor de `closeform' amb l'opció -C" -#: plugins/sudoers/def_data.c:267 +#: plugins/sudoers/def_data.c:282 msgid "Allow users to set arbitrary environment variables" msgstr "Permet als usuaris fixar variables arbitràries d'entorn" -#: plugins/sudoers/def_data.c:271 +#: plugins/sudoers/def_data.c:286 msgid "Reset the environment to a default set of variables" msgstr "Restableix l'entorn a un conjunt predeterminat de variables" -#: plugins/sudoers/def_data.c:275 +#: plugins/sudoers/def_data.c:290 msgid "Environment variables to check for sanity:" msgstr "Les variables d'entorn per comprovar la validesa:" -#: plugins/sudoers/def_data.c:279 +#: plugins/sudoers/def_data.c:294 msgid "Environment variables to remove:" msgstr "Variables d'entorn a suprimir:" -#: plugins/sudoers/def_data.c:283 +#: plugins/sudoers/def_data.c:298 msgid "Environment variables to preserve:" msgstr "Variables d'entorn a preservar:" -#: plugins/sudoers/def_data.c:287 +#: plugins/sudoers/def_data.c:302 #, c-format msgid "SELinux role to use in the new security context: %s" msgstr "Rol SELinux a usar al nou context de seguretat: %s" -#: plugins/sudoers/def_data.c:291 +#: plugins/sudoers/def_data.c:306 #, c-format msgid "SELinux type to use in the new security context: %s" msgstr "Tipus SELinux a usar al nou context de seguretat: %s" -#: plugins/sudoers/def_data.c:295 +#: plugins/sudoers/def_data.c:310 #, c-format msgid "Path to the sudo-specific environment file: %s" msgstr "Camí al fitxer d'entorn sudo-específic: %s" -#: plugins/sudoers/def_data.c:299 +#: plugins/sudoers/def_data.c:314 +#, c-format +msgid "Path to the restricted sudo-specific environment file: %s" +msgstr "Camí al fitxer restringit d'entorn especific de sudo: %s" + +#: plugins/sudoers/def_data.c:318 #, c-format msgid "Locale to use while parsing sudoers: %s" msgstr "Configuració local a usar quan s'estan analitzant els sudoers: %s" -#: plugins/sudoers/def_data.c:303 +#: plugins/sudoers/def_data.c:322 msgid "Allow sudo to prompt for a password even if it would be visible" msgstr "Permet a sudo preguntar per una contrasenya tot i que pugui ser visible" -#: plugins/sudoers/def_data.c:307 +#: plugins/sudoers/def_data.c:326 msgid "Provide visual feedback at the password prompt when there is user input" msgstr "Proveeix retroalimentació a la pregunta de contrasenya quan hi ha una entrada per l'usuari" -#: plugins/sudoers/def_data.c:311 +#: plugins/sudoers/def_data.c:330 msgid "Use faster globbing that is less accurate but does not access the filesystem" msgstr "Usa una expansió que és menys precisa però no accedeix el sistema de fitxers" -#: plugins/sudoers/def_data.c:315 +#: plugins/sudoers/def_data.c:334 msgid "The umask specified in sudoers will override the user's, even if it is more permissive" msgstr "Els permisos umask als sudoers anul·larà els permisos de l'usuari, tot i que siguin més permissius" -#: plugins/sudoers/def_data.c:319 +#: plugins/sudoers/def_data.c:338 msgid "Log user's input for the command being run" msgstr "Registra l'entrada feta per l'usuari per a l'ordre que s'està executant" -#: plugins/sudoers/def_data.c:323 +#: plugins/sudoers/def_data.c:342 msgid "Log the output of the command being run" msgstr "Registra la sortida de l'ordre que s'està executant" -#: plugins/sudoers/def_data.c:327 +#: plugins/sudoers/def_data.c:346 msgid "Compress I/O logs using zlib" msgstr "Comprimeix els registres d'entrada/sortida usant zlib" -#: plugins/sudoers/def_data.c:331 +#: plugins/sudoers/def_data.c:350 msgid "Always run commands in a pseudo-tty" msgstr "Executa sempre les ordres en un pseudo-terminal" -#: plugins/sudoers/def_data.c:335 +#: plugins/sudoers/def_data.c:354 #, c-format msgid "Plugin for non-Unix group support: %s" msgstr "Connector per a suport de grup no Unix: %s" -#: plugins/sudoers/def_data.c:339 +#: plugins/sudoers/def_data.c:358 #, c-format msgid "Directory in which to store input/output logs: %s" msgstr "Directori on arxivar els registres entrada/sortida: %s" -#: plugins/sudoers/def_data.c:343 +#: plugins/sudoers/def_data.c:362 #, c-format msgid "File in which to store the input/output log: %s" msgstr "Fitxer on arxivar el registre entrada/sortida: %s" -#: plugins/sudoers/def_data.c:347 +#: plugins/sudoers/def_data.c:366 msgid "Add an entry to the utmp/utmpx file when allocating a pty" msgstr "Afegeix una entrada al fitxer utmp/utmpx quan s'estigui assignant un pty" -#: plugins/sudoers/def_data.c:351 +#: plugins/sudoers/def_data.c:370 msgid "Set the user in utmp to the runas user, not the invoking user" msgstr "Estableix l'usuari a utmp perquè sigui l'usuari runas, no l'usuari invocant" -#: plugins/sudoers/def_data.c:355 -msgid "Set of permitted privileges" -msgstr "Conjunt de privilegis permesos" - -#: plugins/sudoers/def_data.c:359 -msgid "Set of limit privileges" -msgstr "Conjunt de privilegis límit" +#: plugins/sudoers/def_data.c:374 +#, c-format +msgid "Set of permitted privileges: %s" +msgstr "Conjunt de privilegis permesos: %s" -#: plugins/sudoers/def_data.c:363 +#: plugins/sudoers/def_data.c:378 +#, c-format +msgid "Set of limit privileges: %s" +msgstr "Conjunt de privilegis límit: %s" + +#: plugins/sudoers/def_data.c:382 msgid "Run commands on a pty in the background" msgstr "Executa les ordres a un pseudo-terminal (pty) al fons" -#: plugins/sudoers/def_data.c:367 -msgid "PAM service name to use" -msgstr "Nom del servei PAM a usar" - -#: plugins/sudoers/def_data.c:371 -msgid "PAM service name to use for login shells" -msgstr "Nom del servei PAM a usar per a intèrprets d'ordres d'inici de sessió" +#: plugins/sudoers/def_data.c:386 +#, c-format +msgid "PAM service name to use: %s" +msgstr "Nom del servei PAM a usar: %s" -#: plugins/sudoers/def_data.c:375 +#: plugins/sudoers/def_data.c:390 +#, c-format +msgid "PAM service name to use for login shells: %s" +msgstr "Nom del servei PAM a usar per a intèrprets d'ordres d'inici de sessió: %s" + +#: plugins/sudoers/def_data.c:394 msgid "Attempt to establish PAM credentials for the target user" msgstr "Intent d'establir credencials PAM per a l'usuari destí" -#: plugins/sudoers/def_data.c:379 +#: plugins/sudoers/def_data.c:398 msgid "Create a new PAM session for the command to run in" msgstr "Crea una nova sessió PAM on s'executi l'ordre" -#: plugins/sudoers/def_data.c:383 +#: plugins/sudoers/def_data.c:402 +msgid "Perform PAM account validation management" +msgstr "Realitza la gestió de validació del compte PAM" + +#: plugins/sudoers/def_data.c:406 #, c-format msgid "Maximum I/O log sequence number: %u" msgstr "Número màxim de seqüència de registre d'entrada/sortida: %u" -#: plugins/sudoers/def_data.c:387 +#: plugins/sudoers/def_data.c:410 msgid "Enable sudoers netgroup support" msgstr "Habilita el suport de netgroup dels sudoers" -#: plugins/sudoers/def_data.c:391 +#: plugins/sudoers/def_data.c:414 msgid "Check parent directories for writability when editing files with sudoedit" msgstr "Comprova que el directori pare tingui permisos d'escriptura quan s'estiguin editant fitxers amb sudoedit" -#: plugins/sudoers/def_data.c:395 +#: plugins/sudoers/def_data.c:418 msgid "Follow symbolic links when editing files with sudoedit" msgstr "Segueix els enllaços simbòlics quan s'estiguin editant fitxers amb sudoedit" -#: plugins/sudoers/def_data.c:399 +#: plugins/sudoers/def_data.c:422 msgid "Query the group plugin for unknown system groups" msgstr "Consulta al connector de grups per grups desconeguts de sistema" -#: plugins/sudoers/def_data.c:403 +#: plugins/sudoers/def_data.c:426 msgid "Match netgroups based on the entire tuple: user, host and domain" msgstr "Fes concordar els grups de xarxa en base al conjunt sencer: usuari, amfitrió i domini" -#: plugins/sudoers/def_data.c:407 +#: plugins/sudoers/def_data.c:430 msgid "Allow commands to be run even if sudo cannot write to the audit log" msgstr "Permet que s'executin les ordres tot i que sudo no pot escriure al registre d'auditoria" -#: plugins/sudoers/def_data.c:411 +#: plugins/sudoers/def_data.c:434 msgid "Allow commands to be run even if sudo cannot write to the I/O log" msgstr "Permet que s'executin les ordres tot i que sudo no pot escriure al registre d'entrada/sortida" -#: plugins/sudoers/def_data.c:415 +#: plugins/sudoers/def_data.c:438 msgid "Allow commands to be run even if sudo cannot write to the log file" msgstr "Permet que s'executin les ordres tot i que sudo no pot escriure al fitxer de registre" -#: plugins/sudoers/def_data.c:419 +#: plugins/sudoers/def_data.c:442 msgid "Resolve groups in sudoers and match on the group ID, not the name" msgstr "Resol els grups a sudoers i fes concordar amb l'identificador de grup, no el nom" -#: plugins/sudoers/def_data.c:423 -msgid "Log entries larger than this value will be split into multiple syslog messages" -msgstr "Les entrades de registre més grans que aquest valor es dividiran en múltiples missatges de syslog" +#: plugins/sudoers/def_data.c:446 +#, c-format +msgid "Log entries larger than this value will be split into multiple syslog messages: %u" +msgstr "Les entrades de registre més grans que aquest valor es dividiran en múltiples missatges de syslog: %u" -#: plugins/sudoers/def_data.c:427 +#: plugins/sudoers/def_data.c:450 #, c-format msgid "User that will own the I/O log files: %s" msgstr "L'usuari que serà el propietari dels fitxers d'entrada/sortida: %s" -#: plugins/sudoers/def_data.c:431 +#: plugins/sudoers/def_data.c:454 #, c-format msgid "Group that will own the I/O log files: %s" msgstr "El grup que serà el propietari dels fitxers de registre d'entrada/sortida: %s" -#: plugins/sudoers/def_data.c:435 +#: plugins/sudoers/def_data.c:458 #, c-format msgid "File mode to use for the I/O log files: 0%o" msgstr "Mode de fitxer a usar per als fitxers de registre d'entrada/sortida: 0%o" -#: plugins/sudoers/defaults.c:211 +#: plugins/sudoers/def_data.c:462 +#, c-format +msgid "Execute commands by file descriptor instead of by path: %s" +msgstr "Executa les ordres pel descriptor de fitxer en comptes de pel camí: %s" + +#: plugins/sudoers/def_data.c:466 +msgid "Ignore unknown Defaults entries in sudoers instead of producing a warning" +msgstr "Ignora les entrades desconegudes de valores predeterminats al sudoers en comptes de produir un advertiment" + +#: plugins/sudoers/def_data.c:470 +#, c-format +msgid "Time in seconds after which the command will be terminated: %u" +msgstr "Temps en segons després del qual es finalitzarà l'ordre: %u" + +#: plugins/sudoers/def_data.c:474 +msgid "Allow the user to specify a timeout on the command line" +msgstr "Permet a l'usuari especificar un temps d'espera a la línia d'ordres" + +#: plugins/sudoers/def_data.c:478 +msgid "Flush I/O log data to disk immediately instead of buffering it" +msgstr "Purga les dades de registre I/O a disc immediatament en comptes de posar-les a la memòria intermèdia" + +#: plugins/sudoers/def_data.c:482 +msgid "Include the process ID when logging via syslog" +msgstr "Inclou l'ID de procés quan escriguis registres mitjançant syslog" + +#: plugins/sudoers/def_data.c:486 +#, c-format +msgid "Type of authentication timestamp record: %s" +msgstr "Tipus de registre de marca de temps d'autenticació: %s" + +#: plugins/sudoers/def_data.c:490 +#, c-format +msgid "Authentication failure message: %s" +msgstr "Missatge de fallada d'autenticació: %s" + +#: plugins/sudoers/def_data.c:494 +msgid "Ignore case when matching user names" +msgstr "Ignora majúscules i minúscules quan concordis noms d'usuaris" + +#: plugins/sudoers/def_data.c:498 +msgid "Ignore case when matching group names" +msgstr "Ignora majúscules i minúscules quan concordis noms de grups" + +#: plugins/sudoers/def_data.c:502 +msgid "Log when a command is allowed by sudoers" +msgstr "Escriure un registre quan s'autoritza un ordre per sudoers" + +#: plugins/sudoers/def_data.c:506 +msgid "Log when a command is denied by sudoers" +msgstr "Escriu un registre quan es denega un ordre per sudoers" + +#: plugins/sudoers/defaults.c:231 #, c-format msgid "%s:%d unknown defaults entry \"%s\"" msgstr "%s:%d entrada «%s» desconeguda de paràmetres predeterminats" -#: plugins/sudoers/defaults.c:214 +#: plugins/sudoers/defaults.c:234 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "%s: entrada «%s» desconeguda de paràmetres predeterminats" -#: plugins/sudoers/defaults.c:237 +#: plugins/sudoers/defaults.c:277 #, c-format msgid "%s:%d no value specified for \"%s\"" msgstr "%s:%d no s'ha especificat un valor per a «%s»" -#: plugins/sudoers/defaults.c:240 +#: plugins/sudoers/defaults.c:280 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "%s: no s'ha especificat un valor per a «%s»" -#: plugins/sudoers/defaults.c:259 +#: plugins/sudoers/defaults.c:300 #, c-format msgid "%s:%d values for \"%s\" must start with a '/'" msgstr "%s:%d els valors per a «%s» han de començar amb un «/»" -#: plugins/sudoers/defaults.c:262 +#: plugins/sudoers/defaults.c:303 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s: els valors per a «%s» han de començar amb un «/»" -#: plugins/sudoers/defaults.c:287 +#: plugins/sudoers/defaults.c:325 #, c-format msgid "%s:%d option \"%s\" does not take a value" msgstr "%s:%d l'opció «%s» no pren un valor" -#: plugins/sudoers/defaults.c:290 +#: plugins/sudoers/defaults.c:328 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s: l'opció «%s» no pren un valor" -#: plugins/sudoers/defaults.c:309 +#: plugins/sudoers/defaults.c:353 #, c-format msgid "%s:%d invalid Defaults type 0x%x for option \"%s\"" msgstr "%s:%d tipus de paràmetres predeterminats 0x%x per a l'opció «%s»" -#: plugins/sudoers/defaults.c:312 +#: plugins/sudoers/defaults.c:356 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s: tipus 0x%x no vàlid de paràmetres predeterminats per a l'opció «%s»" -#: plugins/sudoers/defaults.c:322 +#: plugins/sudoers/defaults.c:366 #, c-format msgid "%s:%d value \"%s\" is invalid for option \"%s\"" msgstr "%s:%d el valor «%s» no és vàlid per a l'opció «%s»" -#: plugins/sudoers/defaults.c:325 +#: plugins/sudoers/defaults.c:369 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s: el valor «%s» no és vàlid per a l'opció «%s»" -#: plugins/sudoers/env.c:296 plugins/sudoers/env.c:303 -#: plugins/sudoers/env.c:408 plugins/sudoers/ldap.c:451 -#: plugins/sudoers/ldap.c:541 plugins/sudoers/ldap.c:1253 -#: plugins/sudoers/ldap.c:1475 plugins/sudoers/ldap.c:1801 -#: plugins/sudoers/linux_audit.c:82 plugins/sudoers/logging.c:946 -#: plugins/sudoers/policy.c:523 plugins/sudoers/policy.c:533 -#: plugins/sudoers/prompt.c:161 plugins/sudoers/sudoers.c:841 -#: plugins/sudoers/testsudoers.c:237 plugins/sudoers/toke_util.c:158 -#, c-format -msgid "internal error, %s overflow" -msgstr "error intern, desbordament de %s" - -#: plugins/sudoers/env.c:377 +#: plugins/sudoers/env.c:411 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: envp corrupte, discordança de longitud" -#: plugins/sudoers/env.c:1082 +#: plugins/sudoers/env.c:1132 msgid "unable to rebuild the environment" msgstr "no s'ha pogut reconstruir l'entorn" -#: plugins/sudoers/env.c:1156 +#: plugins/sudoers/env.c:1206 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "ho sentim, no teniu permís d'establir les següents variables d'entorn: %s" -#: plugins/sudoers/group_plugin.c:86 +#: plugins/sudoers/file.c:116 +#, c-format +msgid "parse error in %s near line %d" +msgstr "error d'anàlisi a %s a prop de la línia %d" + +#: plugins/sudoers/file.c:119 +#, c-format +msgid "parse error in %s" +msgstr "error d'anàlisi a la línia %s" + +#: plugins/sudoers/filedigest.c:61 +#, c-format +msgid "unsupported digest type %d for %s" +msgstr "tipus de resum no suportat %d per a %s" + +#: plugins/sudoers/filedigest.c:90 +#, c-format +msgid "%s: read error" +msgstr "%s: error de lectura" + +#: plugins/sudoers/group_plugin.c:90 #, c-format msgid "%s must be owned by uid %d" msgstr "%s ha de ser propietat de l'uid %d" -#: plugins/sudoers/group_plugin.c:90 +#: plugins/sudoers/group_plugin.c:94 #, c-format msgid "%s must only be writable by owner" msgstr "%s ha de ser modificable sols pel seu propietari" -#: plugins/sudoers/group_plugin.c:98 plugins/sudoers/sssd.c:398 +#: plugins/sudoers/group_plugin.c:102 plugins/sudoers/sssd.c:562 #, c-format msgid "unable to load %s: %s" msgstr "no s'ha pogut carregar %s: %s" -#: plugins/sudoers/group_plugin.c:104 +#: plugins/sudoers/group_plugin.c:108 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "no s'ha pogut trobar el símbol \"group_plugin\" a %s" -#: plugins/sudoers/group_plugin.c:109 +#: plugins/sudoers/group_plugin.c:113 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: connector incompatible de group versió principal %d, s'esperava %d" -#: plugins/sudoers/interfaces.c:79 plugins/sudoers/interfaces.c:96 +#: plugins/sudoers/interfaces.c:86 plugins/sudoers/interfaces.c:103 #, c-format msgid "unable to parse IP address \"%s\"" msgstr "no s'ha pogut analitzar l'adreça IP «%s»" -#: plugins/sudoers/interfaces.c:84 plugins/sudoers/interfaces.c:101 +#: plugins/sudoers/interfaces.c:91 plugins/sudoers/interfaces.c:108 #, c-format msgid "unable to parse netmask \"%s\"" msgstr "no s'ha pogut analitzar la màscara de xarxa «%s»" -#: plugins/sudoers/interfaces.c:129 +#: plugins/sudoers/interfaces.c:136 msgid "Local IP address and netmask pairs:\n" msgstr "Adreça local IP i parelles netmask:\n" -#: plugins/sudoers/iolog.c:99 plugins/sudoers/mkdir_parents.c:78 +#: plugins/sudoers/iolog.c:117 plugins/sudoers/mkdir_parents.c:82 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s existeix però no és un directori (0%o)" -#: plugins/sudoers/iolog.c:126 plugins/sudoers/iolog.c:170 -#: plugins/sudoers/mkdir_parents.c:65 plugins/sudoers/timestamp.c:167 +#: plugins/sudoers/iolog.c:142 plugins/sudoers/iolog.c:182 +#: plugins/sudoers/mkdir_parents.c:71 plugins/sudoers/timestamp.c:212 #, c-format msgid "unable to mkdir %s" msgstr "no s'ha pogut mkdir %s" -#: plugins/sudoers/iolog.c:269 plugins/sudoers/sudoers.c:1158 -#: plugins/sudoers/testsudoers.c:389 +#: plugins/sudoers/iolog.c:186 plugins/sudoers/visudo.c:739 +#: plugins/sudoers/visudo.c:750 #, c-format -msgid "unknown group: %s" -msgstr "grup desconegut: %s" +msgid "unable to change mode of %s to 0%o" +msgstr "no s'ha pogut canviar el mode de %s a 0%o" -#: plugins/sudoers/iolog.c:356 plugins/sudoers/sudoers.c:897 -#: plugins/sudoers/sudoreplay.c:304 plugins/sudoers/sudoreplay.c:817 -#: plugins/sudoers/sudoreplay.c:1021 plugins/sudoers/timestamp.c:383 -#: plugins/sudoers/visudo.c:951 plugins/sudoers/visudo_json.c:1011 -#: plugins/sudoers/visudo_json.c:1024 +#: plugins/sudoers/iolog.c:294 plugins/sudoers/sudoers.c:1194 +#: plugins/sudoers/testsudoers.c:424 #, c-format -msgid "unable to open %s" -msgstr "no s'ha pogut obrir %s" +msgid "unknown group: %s" +msgstr "grup desconegut: %s" -#: plugins/sudoers/iolog.c:399 plugins/sudoers/sudoers.c:901 -#: plugins/sudoers/sudoreplay.c:1132 +#: plugins/sudoers/iolog.c:464 plugins/sudoers/sudoers.c:918 +#: plugins/sudoers/sudoreplay.c:846 plugins/sudoers/sudoreplay.c:1542 +#: plugins/sudoers/tsdump.c:145 #, c-format msgid "unable to read %s" msgstr "no s'ha pogut llegir %s" -#: plugins/sudoers/iolog.c:435 plugins/sudoers/sudoreplay.c:598 -#: plugins/sudoers/timestamp.c:282 plugins/sudoers/timestamp.c:285 -#, c-format -msgid "unable to write to %s" -msgstr "no s'ha pogut escriure a %s" - -#: plugins/sudoers/iolog.c:509 plugins/sudoers/iolog.c:727 +#: plugins/sudoers/iolog.c:579 plugins/sudoers/iolog.c:801 #, c-format msgid "unable to create %s" msgstr "no s'ha pogut crear %s" -#: plugins/sudoers/iolog.c:895 plugins/sudoers/iolog.c:976 +#: plugins/sudoers/iolog.c:824 plugins/sudoers/iolog.c:1039 +#: plugins/sudoers/iolog.c:1115 plugins/sudoers/iolog.c:1209 +#: plugins/sudoers/iolog.c:1270 #, c-format msgid "unable to write to I/O log file: %s" msgstr "no s'ha pogut escriure al fitxer de registre d'entrada/sortida: %s" -#: plugins/sudoers/iolog.c:927 +#: plugins/sudoers/iolog.c:1073 #, c-format -msgid "%s: internal error, file index %d not open" -msgstr "%s: error intern, l'índex %d de fitxers no està obert" +msgid "%s: internal error, I/O log file for event %d not open" +msgstr "%s: error intern, no està obert el fitxer de registre I/O per a l'event %d" -#: plugins/sudoers/ldap.c:429 -msgid "sudo_ldap_conf_add_ports: port too large" -msgstr "sudo_ldap_conf_add_ports: el port és massa gran" - -#: plugins/sudoers/ldap.c:489 +#: plugins/sudoers/iolog.c:1233 #, c-format -msgid "unsupported LDAP uri type: %s" -msgstr "tipus d'uri LDAP no suportat: %s" - -#: plugins/sudoers/ldap.c:516 -msgid "unable to mix ldap and ldaps URIs" -msgstr "no s'han pogut barrejar el ldap i els ldaps URIs " - -#: plugins/sudoers/ldap.c:520 plugins/sudoers/ldap.c:556 -msgid "starttls not supported when using ldaps" -msgstr "starttls no suportat quan s'està usant ldaps" +msgid "%s: internal error, invalid signal %d" +msgstr "%s: error intern, senyal %d no vàlid" -#: plugins/sudoers/ldap.c:627 +#: plugins/sudoers/iolog_util.c:90 #, c-format -msgid "unable to initialize SSL cert and key db: %s" -msgstr "no s'ha pogut inicialitzar el certificat SSL i la clau db: %s" +msgid "%s: invalid log file" +msgstr "%s: fitxer no vàlid de registre" -#: plugins/sudoers/ldap.c:630 +#: plugins/sudoers/iolog_util.c:108 #, c-format -msgid "you must set TLS_CERT in %s to use SSL" -msgstr "heu d'establir TLS_CERT a %s per usar SSL" - -#: plugins/sudoers/ldap.c:1239 -msgid "unable to get GMT time" -msgstr "no s'ha pogut obtenir l'hora GMT" +msgid "%s: time stamp field is missing" +msgstr "%s: no hi ha el camp de marca horària " -#: plugins/sudoers/ldap.c:1245 -msgid "unable to format timestamp" -msgstr "no s'ha pogut donar format a la marca horària" +#: plugins/sudoers/iolog_util.c:114 +#, c-format +msgid "%s: time stamp %s: %s" +msgstr "%s: marca horària %s: %s" -#: plugins/sudoers/ldap.c:1956 +#: plugins/sudoers/iolog_util.c:121 #, c-format -msgid "%s: %s: %s: %s" -msgstr "%s: %s: %s: %s" +msgid "%s: user field is missing" +msgstr "%s: no hi ha el camp d'usuari runas" -#: plugins/sudoers/ldap.c:2504 +#: plugins/sudoers/iolog_util.c:130 #, c-format -msgid "" -"\n" -"LDAP Role: %s\n" -msgstr "" -"\n" -"Rol LDAP: %s\n" +msgid "%s: runas user field is missing" +msgstr "%s: no hi ha el camp del grup runas" -#: plugins/sudoers/ldap.c:2506 +#: plugins/sudoers/iolog_util.c:139 #, c-format -msgid "" -"\n" -"LDAP Role: UNKNOWN\n" -msgstr "" -"\n" -"Rol LDAP: DESCONEGUT\n" +msgid "%s: runas group field is missing" +msgstr "%s: no es troba el camp del grup runas" + +#: plugins/sudoers/ldap.c:178 plugins/sudoers/ldap_conf.c:296 +msgid "starttls not supported when using ldaps" +msgstr "starttls no suportat quan s'està usant ldaps" -#: plugins/sudoers/ldap.c:2562 +#: plugins/sudoers/ldap.c:249 #, c-format -msgid " Order: %s\n" -msgstr " Ordre: %s\n" +msgid "unable to initialize SSL cert and key db: %s" +msgstr "no s'ha pogut inicialitzar el certificat SSL i la clau db: %s" -#: plugins/sudoers/ldap.c:2570 plugins/sudoers/parse.c:556 -#: plugins/sudoers/sssd.c:1626 +#: plugins/sudoers/ldap.c:252 #, c-format -msgid " Commands:\n" -msgstr " Ordres:\n" +msgid "you must set TLS_CERT in %s to use SSL" +msgstr "heu d'establir TLS_CERT a %s per usar SSL" -#: plugins/sudoers/ldap.c:3130 +#: plugins/sudoers/ldap.c:1620 #, c-format msgid "unable to initialize LDAP: %s" msgstr "no s'ha pogut inicialitzar LDAP: %s" -#: plugins/sudoers/ldap.c:3166 +#: plugins/sudoers/ldap.c:1656 msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "s'ha especificat start_tls però les biblioteques LDAP no donen suport a ldap_start_tls_s() o ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:3415 +#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:734 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "atribut sudoOrder no vàlid: %s" -#: plugins/sudoers/linux_audit.c:52 +#: plugins/sudoers/ldap_conf.c:205 +msgid "sudo_ldap_conf_add_ports: port too large" +msgstr "sudo_ldap_conf_add_ports: el port és massa gran" + +#: plugins/sudoers/ldap_conf.c:265 +#, c-format +msgid "unsupported LDAP uri type: %s" +msgstr "tipus d'uri LDAP no suportat: %s" + +#: plugins/sudoers/ldap_conf.c:292 +msgid "unable to mix ldap and ldaps URIs" +msgstr "no s'han pogut barrejar el ldap i els ldaps URIs " + +#: plugins/sudoers/ldap_util.c:456 plugins/sudoers/ldap_util.c:458 +#, c-format +msgid "unable to convert sudoOption: %s%s%s" +msgstr "no s'ha pogut convertir l'opció de sudo: %s%s%s" + +#: plugins/sudoers/linux_audit.c:59 msgid "unable to open audit system" msgstr "no s'ha pogut obrir el sistema d'auditoria" -#: plugins/sudoers/linux_audit.c:93 +#: plugins/sudoers/linux_audit.c:100 msgid "unable to send audit message" msgstr "no s'ha pogut enviar el missatge d'auditoria" -#: plugins/sudoers/logging.c:106 +#: plugins/sudoers/logging.c:120 #, c-format msgid "%8s : %s" msgstr "%8s : %s" -#: plugins/sudoers/logging.c:134 +#: plugins/sudoers/logging.c:148 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s : (ordre continuada) %s" -#: plugins/sudoers/logging.c:163 +#: plugins/sudoers/logging.c:177 #, c-format msgid "unable to open log file: %s" msgstr "no s'ha pogut obrir el fitxer de registre: %s" -#: plugins/sudoers/logging.c:171 +#: plugins/sudoers/logging.c:185 #, c-format msgid "unable to lock log file: %s" msgstr "no s'ha pogut bloquejar el fitxer de registre: %s" -#: plugins/sudoers/logging.c:204 +#: plugins/sudoers/logging.c:218 #, c-format msgid "unable to write log file: %s" msgstr "no s'ha pogut escriure el fitxer de registre: %s" -#: plugins/sudoers/logging.c:233 +#: plugins/sudoers/logging.c:248 msgid "No user or host" msgstr "No hi ha usuari o amfitrió" -#: plugins/sudoers/logging.c:235 +#: plugins/sudoers/logging.c:250 msgid "validation failure" msgstr "ha fallat la validació" -#: plugins/sudoers/logging.c:242 +#: plugins/sudoers/logging.c:261 msgid "user NOT in sudoers" msgstr "l'usuari NO ESTÀ als sudoers" -#: plugins/sudoers/logging.c:244 +#: plugins/sudoers/logging.c:263 msgid "user NOT authorized on host" msgstr "l'usuari NO està autoritzat a l'amfitrió" -#: plugins/sudoers/logging.c:246 +#: plugins/sudoers/logging.c:265 msgid "command not allowed" msgstr "ordre no permesa" -#: plugins/sudoers/logging.c:281 +#: plugins/sudoers/logging.c:301 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s no està al fitxer sudoers. S'informarà d'aquest incident.\n" -#: plugins/sudoers/logging.c:284 +#: plugins/sudoers/logging.c:304 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s no té permís per executar sudo a %s. S'informarà d'aquest incident.\n" -#: plugins/sudoers/logging.c:288 +#: plugins/sudoers/logging.c:308 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Ho sentim, l'usuari %s no pot executar sudo a %s.\n" -#: plugins/sudoers/logging.c:291 +#: plugins/sudoers/logging.c:311 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Ho sentim, l'usuari %s no pot executar '%s%s%s' com a %s%s%s a %s.\n" -#: plugins/sudoers/logging.c:328 plugins/sudoers/sudoers.c:468 -#: plugins/sudoers/sudoers.c:470 plugins/sudoers/sudoers.c:472 -#: plugins/sudoers/sudoers.c:474 plugins/sudoers/sudoers.c:1247 -#: plugins/sudoers/sudoers.c:1249 +#: plugins/sudoers/logging.c:348 plugins/sudoers/sudoers.c:442 +#: plugins/sudoers/sudoers.c:444 plugins/sudoers/sudoers.c:446 +#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:603 +#: plugins/sudoers/sudoers.c:605 #, c-format msgid "%s: command not found" -msgstr "%s: no s'ha trobar l'ordre" +msgstr "%s: no s'ha trobat l'ordre" -#: plugins/sudoers/logging.c:330 plugins/sudoers/sudoers.c:464 +#: plugins/sudoers/logging.c:350 plugins/sudoers/sudoers.c:438 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -1216,77 +1562,62 @@ "s'ignorarà «%s» trobat a «.»\n" "Useu «sudo ./%s» si aquest és el «%s» que voleu executar." -#: plugins/sudoers/logging.c:347 +#: plugins/sudoers/logging.c:367 msgid "authentication failure" msgstr "ha fallat l'autenticació" -#: plugins/sudoers/logging.c:373 +#: plugins/sudoers/logging.c:393 msgid "a password is required" msgstr "es requereix una contrasenya" -#: plugins/sudoers/logging.c:444 plugins/sudoers/logging.c:510 +#: plugins/sudoers/logging.c:463 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u intent incorrecte de contrasenya" msgstr[1] "%u intents incorrectes de contrasenya" -#: plugins/sudoers/logging.c:597 -msgid "unable to fork" -msgstr "no es pot bifurcar" - -#: plugins/sudoers/logging.c:605 plugins/sudoers/logging.c:657 -#, c-format -msgid "unable to fork: %m" -msgstr "no est pot bifurcar: %m" - -#: plugins/sudoers/logging.c:647 -#, c-format -msgid "unable to open pipe: %m" -msgstr "no es pot obrir la canonada: %m" - -#: plugins/sudoers/logging.c:672 +#: plugins/sudoers/logging.c:728 #, c-format msgid "unable to dup stdin: %m" msgstr "no es pot duplicar l'entrada estàndard: %m" -#: plugins/sudoers/logging.c:710 +#: plugins/sudoers/logging.c:768 #, c-format msgid "unable to execute %s: %m" msgstr "no es pot executar %s: %m" -#: plugins/sudoers/match.c:644 +#: plugins/sudoers/logging.c:809 plugins/sudoers/logging.c:865 #, c-format -msgid "unsupported digest type %d for %s" -msgstr "tipus de resum no suportat %d per a %s" +msgid "unable to fork: %m" +msgstr "no est pot bifurcar: %m" -#: plugins/sudoers/match.c:685 +#: plugins/sudoers/logging.c:855 #, c-format -msgid "%s: read error" -msgstr "%s: error de lectura" +msgid "unable to open pipe: %m" +msgstr "no es pot obrir la canonada: %m" -#: plugins/sudoers/match.c:720 +#: plugins/sudoers/match_digest.c:103 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "digest per a %s (%s) no està en forma %s" -#: plugins/sudoers/mkdir_parents.c:72 plugins/sudoers/sudoers.c:912 -#: plugins/sudoers/visudo.c:439 plugins/sudoers/visudo.c:715 +#: plugins/sudoers/mkdir_parents.c:77 plugins/sudoers/sudoers.c:943 +#: plugins/sudoers/visudo.c:437 plugins/sudoers/visudo.c:733 #, c-format msgid "unable to stat %s" msgstr "no s'ha pogut accedir %s" -#: plugins/sudoers/parse.c:114 +#: plugins/sudoers/parse.c:449 #, c-format -msgid "parse error in %s near line %d" -msgstr "error d'anàlisi a %s a prop de la línia %d" - -#: plugins/sudoers/parse.c:117 -#, c-format -msgid "parse error in %s" -msgstr "error d'anàlisi a la línia %s" +msgid "" +"\n" +"LDAP Role: %s\n" +msgstr "" +"\n" +"Rol LDAP: %s\n" -#: plugins/sudoers/parse.c:503 +#: plugins/sudoers/parse.c:452 #, c-format msgid "" "\n" @@ -1295,41 +1626,98 @@ "\n" "Entrada de sudoers:\n" -#: plugins/sudoers/parse.c:504 +#: plugins/sudoers/parse.c:454 #, c-format msgid " RunAsUsers: " msgstr " RunAsUsers: " -#: plugins/sudoers/parse.c:518 +#: plugins/sudoers/parse.c:469 #, c-format msgid " RunAsGroups: " msgstr " RunAsGroups: " -#: plugins/sudoers/parse.c:527 +#: plugins/sudoers/parse.c:479 #, c-format msgid " Options: " msgstr " Opcions: " -#: plugins/sudoers/policy.c:240 plugins/sudoers/testsudoers.c:260 +#: plugins/sudoers/parse.c:529 +#, c-format +msgid " Commands:\n" +msgstr " Ordres:\n" + +#: plugins/sudoers/parse.c:720 +#, c-format +msgid "Matching Defaults entries for %s on %s:\n" +msgstr "Entrades predeterminades concordants per a %s a %s:\n" + +#: plugins/sudoers/parse.c:738 +#, c-format +msgid "Runas and Command-specific defaults for %s:\n" +msgstr "Runas i valors predeterminats específics d'ordres per a %s:\n" + +#: plugins/sudoers/parse.c:756 +#, c-format +msgid "User %s may run the following commands on %s:\n" +msgstr "L'usuari %s pot executar les ordres següents a %s:\n" + +#: plugins/sudoers/parse.c:771 +#, c-format +msgid "User %s is not allowed to run sudo on %s.\n" +msgstr "L'usuari %s no té permisos per executar sudo a %s.\n" + +#: plugins/sudoers/parse_ldif.c:604 +#, c-format +msgid "ignoring incomplete sudoRole: cn: %s" +msgstr "ignora completament a sudoRole: cn: %s" + +#: plugins/sudoers/parse_ldif.c:664 +#, c-format +msgid "invalid LDIF attribute: %s" +msgstr "atribut LDIF no vàlid: %s" + +#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:116 +#, c-format +msgid "invalid %.*s set by sudo front-end" +msgstr "%.*s establert pel frontal de sudo" + +#: plugins/sudoers/policy.c:295 plugins/sudoers/testsudoers.c:280 msgid "unable to parse network address list" msgstr "no s'ha pogut analitzar la llista d'adreces de xarxa" -#: plugins/sudoers/policy.c:690 plugins/sudoers/visudo.c:889 +#: plugins/sudoers/policy.c:439 +msgid "user name not set by sudo front-end" +msgstr "nom d'usuari no establert pel frontal de sudo" + +#: plugins/sudoers/policy.c:443 +msgid "user-ID not set by sudo front-end" +msgstr "ID d'usuari no establers pel frontal de sudo" + +#: plugins/sudoers/policy.c:447 +msgid "group-ID not set by sudo front-end" +msgstr "ID de grup no establert pel frontal de sudo" + +#: plugins/sudoers/policy.c:451 +msgid "host name not set by sudo front-end" +msgstr "nom d'amfitrió no establert pel frontal de sudo" + +#: plugins/sudoers/policy.c:808 plugins/sudoers/visudo.c:236 +#: plugins/sudoers/visudo.c:867 #, c-format msgid "unable to execute %s" msgstr "no s'ha pogut executar %s" -#: plugins/sudoers/policy.c:823 +#: plugins/sudoers/policy.c:939 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Versió del connector de política de sudoers %s\n" -#: plugins/sudoers/policy.c:825 +#: plugins/sudoers/policy.c:941 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Versió de gramàtica del fitxer sudoers %d\n" -#: plugins/sudoers/policy.c:829 +#: plugins/sudoers/policy.c:945 #, c-format msgid "" "\n" @@ -1338,425 +1726,367 @@ "\n" "Camí del sudoers: %s\n" -#: plugins/sudoers/policy.c:832 +#: plugins/sudoers/policy.c:948 #, c-format msgid "nsswitch path: %s\n" msgstr "camí del nsswitch: %s\n" -#: plugins/sudoers/policy.c:834 +#: plugins/sudoers/policy.c:950 #, c-format msgid "ldap.conf path: %s\n" msgstr "camí de ldap.conf: %s\n" -#: plugins/sudoers/policy.c:835 +#: plugins/sudoers/policy.c:951 #, c-format msgid "ldap.secret path: %s\n" msgstr "camí del ldap.secret: %s\n" -#: plugins/sudoers/policy.c:868 +#: plugins/sudoers/policy.c:984 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "no s'ha pogut registrar el lligam de tipus %d (versió %d.%d)" -#: plugins/sudoers/pwutil.c:162 plugins/sudoers/pwutil.c:180 +#: plugins/sudoers/pwutil.c:222 plugins/sudoers/pwutil.c:240 #, c-format -msgid "unable to cache uid %u, out of memory" -msgstr "no s'ha pogut posar al cau l'uid %u, s'ha exhaurit la memòria" +msgid "unable to cache uid %u" +msgstr "no s'ha pogut posar al cau l'uid %u" -#: plugins/sudoers/pwutil.c:174 +#: plugins/sudoers/pwutil.c:234 #, c-format msgid "unable to cache uid %u, already exists" msgstr "no s'ha pogut posar l'uid %u al cau, ja existeix" -#: plugins/sudoers/pwutil.c:234 plugins/sudoers/pwutil.c:251 -#: plugins/sudoers/pwutil.c:313 plugins/sudoers/pwutil.c:358 +#: plugins/sudoers/pwutil.c:294 plugins/sudoers/pwutil.c:312 +#: plugins/sudoers/pwutil.c:375 plugins/sudoers/pwutil.c:420 #, c-format -msgid "unable to cache user %s, out of memory" -msgstr "no s'ha pogut posar l'usuari %s, s'ha exhaurit la memòria" +msgid "unable to cache user %s" +msgstr "no s'ha pogut posar al cau l'usuari %s" -#: plugins/sudoers/pwutil.c:246 +#: plugins/sudoers/pwutil.c:307 #, c-format msgid "unable to cache user %s, already exists" msgstr "no s'ha pogut posar l'usuari %s al cau, ja existeix" -#: plugins/sudoers/pwutil.c:474 plugins/sudoers/pwutil.c:492 +#: plugins/sudoers/pwutil.c:539 plugins/sudoers/pwutil.c:557 #, c-format -msgid "unable to cache gid %u, out of memory" -msgstr "no s'ha pogut posar el gid %u al cau, s'ha exhaurit la memòria" +msgid "unable to cache gid %u" +msgstr "no s'ha pogut posar el gid %u al cau" -#: plugins/sudoers/pwutil.c:486 +#: plugins/sudoers/pwutil.c:551 #, c-format msgid "unable to cache gid %u, already exists" msgstr "no s'ha pogut posar el gid %u al cau, ja existeix" -#: plugins/sudoers/pwutil.c:540 plugins/sudoers/pwutil.c:557 -#: plugins/sudoers/pwutil.c:604 plugins/sudoers/pwutil.c:646 +#: plugins/sudoers/pwutil.c:604 plugins/sudoers/pwutil.c:622 +#: plugins/sudoers/pwutil.c:670 plugins/sudoers/pwutil.c:712 #, c-format -msgid "unable to cache group %s, out of memory" -msgstr "no s'ha pogut posar el grup %s al cau, s'ha exhaurit" +msgid "unable to cache group %s" +msgstr "no s'ha pogut posar al cau al grup %s" -#: plugins/sudoers/pwutil.c:552 +#: plugins/sudoers/pwutil.c:617 #, c-format msgid "unable to cache group %s, already exists" msgstr "no s'ha pogut posar el grup %s al cau, ja existeix" -#: plugins/sudoers/pwutil.c:772 plugins/sudoers/pwutil.c:824 -#: plugins/sudoers/pwutil.c:874 plugins/sudoers/pwutil.c:926 +#: plugins/sudoers/pwutil.c:839 plugins/sudoers/pwutil.c:891 +#: plugins/sudoers/pwutil.c:941 plugins/sudoers/pwutil.c:994 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "no s'ha pogut la llista de grups al cau per a %s, ja existeix" -#: plugins/sudoers/pwutil.c:778 plugins/sudoers/pwutil.c:829 -#: plugins/sudoers/pwutil.c:880 plugins/sudoers/pwutil.c:931 +#: plugins/sudoers/pwutil.c:845 plugins/sudoers/pwutil.c:896 +#: plugins/sudoers/pwutil.c:947 plugins/sudoers/pwutil.c:999 #, c-format -msgid "unable to cache group list for %s, out of memory" -msgstr "no s'ha pogut la llista de grups al cau per a %s, s'ha exhaurit la memòria" +msgid "unable to cache group list for %s" +msgstr "no s'ha pogut posar al cau a la llista de grup %s" -#: plugins/sudoers/pwutil.c:818 +#: plugins/sudoers/pwutil.c:885 #, c-format msgid "unable to parse groups for %s" msgstr "no s'han pogut analitzar els grups per a %s" -#: plugins/sudoers/pwutil.c:920 +#: plugins/sudoers/pwutil.c:988 #, c-format msgid "unable to parse gids for %s" msgstr "no s'han pogut analitzar els identificadors de grups per a %s" -#: plugins/sudoers/set_perms.c:113 plugins/sudoers/set_perms.c:438 -#: plugins/sudoers/set_perms.c:841 plugins/sudoers/set_perms.c:1138 -#: plugins/sudoers/set_perms.c:1430 +#: plugins/sudoers/set_perms.c:120 plugins/sudoers/set_perms.c:478 +#: plugins/sudoers/set_perms.c:921 plugins/sudoers/set_perms.c:1254 +#: plugins/sudoers/set_perms.c:1573 msgid "perm stack overflow" msgstr "desbordament de la pila de permisos" -#: plugins/sudoers/set_perms.c:121 plugins/sudoers/set_perms.c:369 -#: plugins/sudoers/set_perms.c:446 plugins/sudoers/set_perms.c:708 -#: plugins/sudoers/set_perms.c:849 plugins/sudoers/set_perms.c:1067 -#: plugins/sudoers/set_perms.c:1146 plugins/sudoers/set_perms.c:1363 -#: plugins/sudoers/set_perms.c:1438 plugins/sudoers/set_perms.c:1527 +#: plugins/sudoers/set_perms.c:128 plugins/sudoers/set_perms.c:409 +#: plugins/sudoers/set_perms.c:486 plugins/sudoers/set_perms.c:788 +#: plugins/sudoers/set_perms.c:929 plugins/sudoers/set_perms.c:1178 +#: plugins/sudoers/set_perms.c:1262 plugins/sudoers/set_perms.c:1506 +#: plugins/sudoers/set_perms.c:1581 plugins/sudoers/set_perms.c:1672 msgid "perm stack underflow" msgstr "subdesbordament de la pila de permisos" -#: plugins/sudoers/set_perms.c:180 plugins/sudoers/set_perms.c:492 -#: plugins/sudoers/set_perms.c:1197 plugins/sudoers/set_perms.c:1470 +#: plugins/sudoers/set_perms.c:187 plugins/sudoers/set_perms.c:532 +#: plugins/sudoers/set_perms.c:1315 plugins/sudoers/set_perms.c:1614 msgid "unable to change to root gid" msgstr "no s'ha pogut canvir el gid de l'usuari primari" -#: plugins/sudoers/set_perms.c:269 plugins/sudoers/set_perms.c:589 -#: plugins/sudoers/set_perms.c:978 plugins/sudoers/set_perms.c:1274 +#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:629 +#: plugins/sudoers/set_perms.c:1060 plugins/sudoers/set_perms.c:1392 msgid "unable to change to runas gid" msgstr "no s'ha pogut canviar el gid runas" -#: plugins/sudoers/set_perms.c:274 plugins/sudoers/set_perms.c:594 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1279 +#: plugins/sudoers/set_perms.c:283 plugins/sudoers/set_perms.c:634 +#: plugins/sudoers/set_perms.c:1065 plugins/sudoers/set_perms.c:1397 msgid "unable to set runas group vector" msgstr "no s'ha pogut configurar el vector de grup runas" -#: plugins/sudoers/set_perms.c:285 plugins/sudoers/set_perms.c:605 -#: plugins/sudoers/set_perms.c:992 plugins/sudoers/set_perms.c:1288 +#: plugins/sudoers/set_perms.c:294 plugins/sudoers/set_perms.c:645 +#: plugins/sudoers/set_perms.c:1074 plugins/sudoers/set_perms.c:1406 msgid "unable to change to runas uid" msgstr "no s'ha pogut canviar l'uid runas" -#: plugins/sudoers/set_perms.c:303 plugins/sudoers/set_perms.c:623 -#: plugins/sudoers/set_perms.c:1008 plugins/sudoers/set_perms.c:1304 +#: plugins/sudoers/set_perms.c:312 plugins/sudoers/set_perms.c:663 +#: plugins/sudoers/set_perms.c:1090 plugins/sudoers/set_perms.c:1422 msgid "unable to change to sudoers gid" msgstr "no s'ha pogut canvir el gid del sudoers" -#: plugins/sudoers/set_perms.c:356 plugins/sudoers/set_perms.c:695 -#: plugins/sudoers/set_perms.c:1054 plugins/sudoers/set_perms.c:1350 -#: plugins/sudoers/set_perms.c:1514 +#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 +#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 +#: plugins/sudoers/set_perms.c:1659 msgid "too many processes" msgstr "massa processos" -#: plugins/sudoers/solaris_audit.c:51 +#: plugins/sudoers/solaris_audit.c:58 msgid "unable to get current working directory" msgstr "no s'ha pogut obtenir el directori actual de treball" -#: plugins/sudoers/solaris_audit.c:59 +#: plugins/sudoers/solaris_audit.c:66 #, c-format msgid "truncated audit path user_cmnd: %s" msgstr "camí truncat d'auditoria use_cmd: %s" -#: plugins/sudoers/solaris_audit.c:66 +#: plugins/sudoers/solaris_audit.c:73 #, c-format msgid "truncated audit path argv[0]: %s" msgstr "camí truncat d'auditoria argv[0]: %s" -#: plugins/sudoers/solaris_audit.c:115 +#: plugins/sudoers/solaris_audit.c:122 msgid "audit_failure message too long" msgstr "missatge audit_failure massa llarg" -#: plugins/sudoers/sssd.c:400 +#: plugins/sudoers/sssd.c:564 msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "no s'ha pogut inicialitzar la font del SSS. Està el SSSD instal·lat al vostre sistema?" -#: plugins/sudoers/sssd.c:408 plugins/sudoers/sssd.c:417 -#: plugins/sudoers/sssd.c:426 plugins/sudoers/sssd.c:435 -#: plugins/sudoers/sssd.c:444 +#: plugins/sudoers/sssd.c:572 plugins/sudoers/sssd.c:581 +#: plugins/sudoers/sssd.c:590 plugins/sudoers/sssd.c:599 +#: plugins/sudoers/sssd.c:608 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "no s'ha pogut trobar el símbol \"%s\" a %s" -#: plugins/sudoers/sssd.c:1541 -#, c-format -msgid "" -"\n" -"SSSD Role: %s\n" -msgstr "" -"\n" -"Rol SSDD: %s\n" - -#: plugins/sudoers/sssd.c:1546 -#, c-format -msgid "" -"\n" -"SSSD Role: UNKNOWN\n" -msgstr "" -"\n" -"Rol SSSD: DESCONEGUT\n" - -#: plugins/sudoers/sudo_nss.c:290 -#, c-format -msgid "Matching Defaults entries for %s on %s:\n" -msgstr "Entrades predeterminades concordants per a %s a %s:\n" - -#: plugins/sudoers/sudo_nss.c:308 -#, c-format -msgid "Runas and Command-specific defaults for %s:\n" -msgstr "Runas i valors predeterminats específics d'ordres per a %s:\n" - -#: plugins/sudoers/sudo_nss.c:326 -#, c-format -msgid "User %s may run the following commands on %s:\n" -msgstr "L'usuari %s pot executar les ordres següents a %s:\n" - -#: plugins/sudoers/sudo_nss.c:339 -#, c-format -msgid "User %s is not allowed to run sudo on %s.\n" -msgstr "L'usuari %s no té permisos per executar sudo a %s.\n" - -#: plugins/sudoers/sudoers.c:166 plugins/sudoers/testsudoers.c:246 -#: plugins/sudoers/visudo.c:232 plugins/sudoers/visudo.c:612 -#: plugins/sudoers/visudo.c:955 -msgid "unable to initialize sudoers default values" -msgstr "no s'han pogut inicialitzar el valors predeterminats dels sudoers" - -#: plugins/sudoers/sudoers.c:196 plugins/sudoers/sudoers.c:859 +#: plugins/sudoers/sudoers.c:212 plugins/sudoers/sudoers.c:871 msgid "problem with defaults entries" msgstr "hi ha un problema amb les entrades predeterminades" -#: plugins/sudoers/sudoers.c:203 +#: plugins/sudoers/sudoers.c:216 msgid "no valid sudoers sources found, quitting" msgstr "no s'han trobat fonts vàlides de sudoers, se sortirà" -#: plugins/sudoers/sudoers.c:242 +#: plugins/sudoers/sudoers.c:254 msgid "sudoers specifies that root is not allowed to sudo" msgstr "el fitxer sudoers especifica que l'usuari primar no pot executar sudo" -#: plugins/sudoers/sudoers.c:299 +#: plugins/sudoers/sudoers.c:312 msgid "you are not permitted to use the -C option" msgstr "no teniu permisos per usar l'opció -C" -#: plugins/sudoers/sudoers.c:387 +#: plugins/sudoers/sudoers.c:359 #, c-format msgid "timestamp owner (%s): No such user" msgstr "propietari de la marca horària (%s): No existeix aquest usuari" -#: plugins/sudoers/sudoers.c:401 +#: plugins/sudoers/sudoers.c:374 msgid "no tty" msgstr "no hi ha una terminal" -#: plugins/sudoers/sudoers.c:402 +#: plugins/sudoers/sudoers.c:375 msgid "sorry, you must have a tty to run sudo" msgstr "ho sentim, heu de tenir una terminal per executar sudo" -#: plugins/sudoers/sudoers.c:463 +#: plugins/sudoers/sudoers.c:437 msgid "command in current directory" msgstr "ordre al directori actual" -#: plugins/sudoers/sudoers.c:483 +#: plugins/sudoers/sudoers.c:456 +msgid "sorry, you are not allowed set a command timeout" +msgstr "ho sentim, no teniu permisos per posar un temps d'espera d'ordre" + +#: plugins/sudoers/sudoers.c:464 msgid "sorry, you are not allowed to preserve the environment" msgstr "ho sentim, no teniu permisos per preserver l'entorn" -#: plugins/sudoers/sudoers.c:804 +#: plugins/sudoers/sudoers.c:815 msgid "command too long" msgstr "ordre massa llarga" -#: plugins/sudoers/sudoers.c:916 +#: plugins/sudoers/sudoers.c:947 #, c-format msgid "%s is not a regular file" msgstr "%s no és un fitxer regular" -#: plugins/sudoers/sudoers.c:920 plugins/sudoers/timestamp.c:209 toke.l:952 +#: plugins/sudoers/sudoers.c:951 plugins/sudoers/timestamp.c:259 toke.l:967 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s és propietat de l'uid %u, hauria de ser %u" -#: plugins/sudoers/sudoers.c:924 toke.l:957 +#: plugins/sudoers/sudoers.c:955 toke.l:972 #, c-format msgid "%s is world writable" msgstr "%s te permís universal d'escriptura" -#: plugins/sudoers/sudoers.c:928 toke.l:960 +#: plugins/sudoers/sudoers.c:959 toke.l:975 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s és propietat del gid %u, hauria de ser %u" -#: plugins/sudoers/sudoers.c:961 +#: plugins/sudoers/sudoers.c:992 #, c-format msgid "only root can use \"-c %s\"" msgstr "sols l'usuari primari pot usar «-c %s»" -#: plugins/sudoers/sudoers.c:980 +#: plugins/sudoers/sudoers.c:1011 #, c-format msgid "unknown login class: %s" msgstr "classe desconeguda d'inici de sessió: %s" -#: plugins/sudoers/sudoers.c:1063 plugins/sudoers/sudoers.c:1091 +#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoers.c:1110 #, c-format msgid "unable to resolve host %s" msgstr "no s'ha pogut resoldre l'amfitrió %s" -#: plugins/sudoers/sudoreplay.c:236 +#: plugins/sudoers/sudoreplay.c:250 #, c-format msgid "invalid filter option: %s" msgstr "opció no vàlida de filtre: %s" -#: plugins/sudoers/sudoreplay.c:249 +#: plugins/sudoers/sudoreplay.c:263 #, c-format msgid "invalid max wait: %s" msgstr "espera màxima no vàlida: %s" -#: plugins/sudoers/sudoreplay.c:255 +#: plugins/sudoers/sudoreplay.c:286 #, c-format msgid "invalid speed factor: %s" msgstr "factor no vàlid de velocitat: %s" -#: plugins/sudoers/sudoreplay.c:258 plugins/sudoers/visudo.c:185 -#, c-format -msgid "%s version %s\n" -msgstr "%s versió %s\n" - -#: plugins/sudoers/sudoreplay.c:290 +#: plugins/sudoers/sudoreplay.c:321 #, c-format msgid "%s/%.2s/%.2s/%.2s/timing: %s" msgstr "%s/%.2s/%.2s/%.2s/sincronització: %s" -#: plugins/sudoers/sudoreplay.c:296 +#: plugins/sudoers/sudoreplay.c:326 #, c-format -msgid "%s/%s/timing: %s" -msgstr "%s/%s/sincronització: %s" +msgid "%s/timing: %s" +msgstr "%s/sincronització: %s" -#: plugins/sudoers/sudoreplay.c:312 +#: plugins/sudoers/sudoreplay.c:330 #, c-format -msgid "Replaying sudo session: %s\n" -msgstr "S'està tornant a reproduir la sessió sudo: %s\n" +msgid "%s/%s/timing: %s" +msgstr "%s/%s/temporització: %s" -#: plugins/sudoers/sudoreplay.c:318 +#: plugins/sudoers/sudoreplay.c:346 #, c-format +msgid "Replaying sudo session: %s" +msgstr "S'està reproduint la sessió sudo: %s" + +#: plugins/sudoers/sudoreplay.c:544 plugins/sudoers/sudoreplay.c:591 +#: plugins/sudoers/sudoreplay.c:789 plugins/sudoers/sudoreplay.c:898 +#: plugins/sudoers/sudoreplay.c:983 plugins/sudoers/sudoreplay.c:998 +#: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/sudoreplay.c:1012 +#: plugins/sudoers/sudoreplay.c:1019 plugins/sudoers/sudoreplay.c:1026 +#: plugins/sudoers/sudoreplay.c:1174 +msgid "unable to add event to queue" +msgstr "no s'ha pogut afegir l'esdeveniment a la cua" + +#: plugins/sudoers/sudoreplay.c:659 +msgid "unable to set tty to raw mode" +msgstr "no s'ha pogut configurar el terminal a mode de dades en brut" + +#: plugins/sudoers/sudoreplay.c:710 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Advertiment: el vostre terminal és massa petit per reproduir apropiadament el registre.\n" -#: plugins/sudoers/sudoreplay.c:319 +#: plugins/sudoers/sudoreplay.c:711 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "La geometria del registre és %d x %d, la geometria del vostre terminal és %d x %d." -#: plugins/sudoers/sudoreplay.c:410 -msgid "unable to set tty to raw mode" -msgstr "no s'ha pogut configurar el terminal a mode de dades en brut" +#: plugins/sudoers/sudoreplay.c:739 +msgid "Replay finished, press any key to restore the terminal." +msgstr "Reproducció acabada, premeu qualsevol tecla per restablir la terminal." -#: plugins/sudoers/sudoreplay.c:439 +#: plugins/sudoers/sudoreplay.c:772 #, c-format msgid "invalid timing file line: %s" msgstr "línia no vàlida de fitxer de sincronització: %s" -#: plugins/sudoers/sudoreplay.c:659 plugins/sudoers/sudoreplay.c:684 +#: plugins/sudoers/sudoreplay.c:1208 plugins/sudoers/sudoreplay.c:1233 #, c-format msgid "ambiguous expression \"%s\"" msgstr "expressió ambigua \"%s\"" -#: plugins/sudoers/sudoreplay.c:706 +#: plugins/sudoers/sudoreplay.c:1255 msgid "unmatched ')' in expression" msgstr "')' sense concordança a l'expressió" -#: plugins/sudoers/sudoreplay.c:710 +#: plugins/sudoers/sudoreplay.c:1259 #, c-format msgid "unknown search term \"%s\"" msgstr "terme desconegut de cerca \"%s\"" -#: plugins/sudoers/sudoreplay.c:725 +#: plugins/sudoers/sudoreplay.c:1274 #, c-format msgid "%s requires an argument" msgstr "%s requereix un argument" -#: plugins/sudoers/sudoreplay.c:728 plugins/sudoers/sudoreplay.c:1108 +#: plugins/sudoers/sudoreplay.c:1277 plugins/sudoers/sudoreplay.c:1518 #, c-format msgid "invalid regular expression: %s" msgstr "expressió regular no vàlida: %s" -#: plugins/sudoers/sudoreplay.c:732 +#: plugins/sudoers/sudoreplay.c:1281 #, c-format msgid "could not parse date \"%s\"" msgstr "no s'ha pogut analitzar la data \"%s\"" -#: plugins/sudoers/sudoreplay.c:741 +#: plugins/sudoers/sudoreplay.c:1290 msgid "unmatched '(' in expression" msgstr "'(' sense concordança a l'expressió" -#: plugins/sudoers/sudoreplay.c:743 +#: plugins/sudoers/sudoreplay.c:1292 msgid "illegal trailing \"or\"" msgstr "\"or\" final il·legal" -#: plugins/sudoers/sudoreplay.c:745 +#: plugins/sudoers/sudoreplay.c:1294 msgid "illegal trailing \"!\"" msgstr "\"!\" final il·legal" -#: plugins/sudoers/sudoreplay.c:794 +#: plugins/sudoers/sudoreplay.c:1344 #, c-format msgid "unknown search type %d" msgstr "tipus desconegut de cerca %d" -#: plugins/sudoers/sudoreplay.c:832 -#, c-format -msgid "%s: invalid log file" -msgstr "%s: fitxer no vàlid de registre" - -#: plugins/sudoers/sudoreplay.c:850 -#, c-format -msgid "%s: time stamp field is missing" -msgstr "%s: no hi ha el camp de marca horària " - -#: plugins/sudoers/sudoreplay.c:857 -#, c-format -msgid "%s: time stamp %s: %s" -msgstr "%s: marca horària %s: %s" - -#: plugins/sudoers/sudoreplay.c:864 +#: plugins/sudoers/sudoreplay.c:1611 #, c-format -msgid "%s: user field is missing" -msgstr "%s: no hi ha el camp d'usuari runas" +msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" +msgstr "ús: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" -#: plugins/sudoers/sudoreplay.c:873 -#, c-format -msgid "%s: runas user field is missing" -msgstr "%s: no hi ha el camp del grup runas" - -#: plugins/sudoers/sudoreplay.c:882 -#, c-format -msgid "%s: runas group field is missing" -msgstr "%s: no es troba el camp del grup runas" - -#: plugins/sudoers/sudoreplay.c:1245 -#, c-format -msgid "usage: %s [-h] [-d dir] [-m num] [-s num] ID\n" -msgstr "ús: %s [-h] [-d dir] [-m num] [-s num] ID\n" - -#: plugins/sudoers/sudoreplay.c:1248 +#: plugins/sudoers/sudoreplay.c:1614 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "usage: %s [-h] [-d dir] -l [cerca l'expressió]\n" -#: plugins/sudoers/sudoreplay.c:1257 +#: plugins/sudoers/sudoreplay.c:1623 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -1765,34 +2095,40 @@ "%s - reprodueix els registres de la sessió sudo\n" "\n" -#: plugins/sudoers/sudoreplay.c:1259 +#: plugins/sudoers/sudoreplay.c:1625 msgid "" "\n" "Options:\n" -" -d, --directory=dir specify directory for session logs\n" -" -f, --filter=filter specify which I/O type(s) to display\n" -" -h, --help display help message and exit\n" -" -l, --list list available session IDs, with optional expression\n" -" -m, --max-wait=num max number of seconds to wait between events\n" -" -s, --speed=num speed up or slow down output\n" -" -V, --version display version information and exit" +" -d, --directory=dir specify directory for session logs\n" +" -f, --filter=filter specify which I/O type(s) to display\n" +" -h, --help display help message and exit\n" +" -l, --list list available session IDs, with optional expression\n" +" -m, --max-wait=num max number of seconds to wait between events\n" +" -n, --non-interactive no prompts, session is sent to the standard output\n" +" -R, --no-resize do not attempt to re-size the terminal\n" +" -S, --suspend-wait wait while the command was suspended\n" +" -s, --speed=num speed up or slow down output\n" +" -V, --version display version information and exit" msgstr "" "\n" "Opcions:\n" -" -d, --directori=dir especifiqueu el directori per als registres de la sessió\n" -" -f, --filter=filtre especifiqueu quin(s) tipus d'entrada/sortida mostrar\n" -" -h, --help mostra el missatge d'ajuda i surt\n" -" -l, --list mostra una llista dels IDs de les sessions\n" -" disponibles, amb expressions opcionals\n" -" -m, --max-wait=num nombre màxim de segons a esperar entre esdeveniments\n" -" -s, --speed=num accelera o alenteix la sortida\n" -" -V, --version mostra la versió d'informació i surt" +" -d, --directori=dir especifiqueu el directori per als registres de la sessió\n" +" -f, --filter=filtre especifiqueu quin(s) tipus d'entrada/sortida mostrar\n" +" -h, --help mostra el missatge d'ajuda i surt\n" +" -l, --list mostra una llista dels IDs de les sessions\n" +" disponibles, amb expressions opcionals\n" +" -m, --max-wait=num nombre màxim de segons a esperar entre esdeveniments\n" +" -n, --non-interactive sense preguntes, la sessió s'envia a la sortida estàndard\n" +" -R, --no-resize no intentis redimensionar la terminal\n" +" -S, --suspend-wait espera mentre s'ha suspès l'ordre\n" +" -s, --speed=num accelera o alenteix la sortida\n" +" -V, --version mostra la versió d'informació i surt" -#: plugins/sudoers/testsudoers.c:328 +#: plugins/sudoers/testsudoers.c:362 msgid "\thost unmatched" msgstr "\tamfitrió sense concordança" -#: plugins/sudoers/testsudoers.c:331 +#: plugins/sudoers/testsudoers.c:365 msgid "" "\n" "Command allowed" @@ -1800,7 +2136,7 @@ "\n" "Ordre permesa" -#: plugins/sudoers/testsudoers.c:332 +#: plugins/sudoers/testsudoers.c:366 msgid "" "\n" "Command denied" @@ -1808,7 +2144,7 @@ "\n" "Ordre denegada" -#: plugins/sudoers/testsudoers.c:332 +#: plugins/sudoers/testsudoers.c:366 msgid "" "\n" "Command unmatched" @@ -1816,129 +2152,127 @@ "\n" "Ordre sense concordança" -#: plugins/sudoers/timestamp.c:217 +#: plugins/sudoers/timestamp.c:267 #, c-format msgid "%s is group writable" msgstr "%s és modificable pel grup" -#: plugins/sudoers/timestamp.c:293 +#: plugins/sudoers/timestamp.c:343 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "no s'ha pogut truncar el fitxer de marca horària a %lld bytes" -#: plugins/sudoers/timestamp.c:738 plugins/sudoers/timestamp.c:805 -#: plugins/sudoers/visudo.c:500 plugins/sudoers/visudo.c:506 +#: plugins/sudoers/timestamp.c:829 plugins/sudoers/timestamp.c:921 +#: plugins/sudoers/visudo.c:498 plugins/sudoers/visudo.c:504 msgid "unable to read the clock" msgstr "no s'ha pogut llegir el rellotge" -#: plugins/sudoers/timestamp.c:752 +#: plugins/sudoers/timestamp.c:840 msgid "ignoring time stamp from the future" msgstr "s'ignorarà la marca horària del futur" -#: plugins/sudoers/timestamp.c:764 +#: plugins/sudoers/timestamp.c:863 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "la marca horària està massa lluny en el futur: %20.20s" -#: plugins/sudoers/timestamp.c:859 +#: plugins/sudoers/timestamp.c:985 #, c-format msgid "unable to lock time stamp file %s" msgstr "no s'ha pogut bloquejar el fitxer de marca horària %s" -#: plugins/sudoers/timestamp.c:903 plugins/sudoers/timestamp.c:923 +#: plugins/sudoers/timestamp.c:1029 plugins/sudoers/timestamp.c:1049 #, c-format msgid "lecture status path too long: %s/%s" -msgstr "el camí de l'estat de la llissó és massa llarg: %s/%s" +msgstr "el camí de la lliçó es massa llarg: %s/%s" -#: plugins/sudoers/visudo.c:187 -#, c-format -msgid "%s grammar version %d\n" -msgstr "%s versió de la gramàtica %d\n" +#: plugins/sudoers/visudo.c:232 +msgid "the -x option will be removed in a future release" +msgstr "s'eliminarà l'opció -x en una versió futura" + +#: plugins/sudoers/visudo.c:233 +msgid "please consider using the cvtsudoers utility instead" +msgstr "si us plau considereu usar la utilitat cvtsudoers en canvi" -#: plugins/sudoers/visudo.c:265 plugins/sudoers/visudo.c:665 +#: plugins/sudoers/visudo.c:284 plugins/sudoers/visudo.c:666 #, c-format msgid "press return to edit %s: " msgstr "prem la tecla d'introducció per editar %s: " -#: plugins/sudoers/visudo.c:331 +#: plugins/sudoers/visudo.c:345 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "l'editor especificat (%s) no existeix" -#: plugins/sudoers/visudo.c:349 +#: plugins/sudoers/visudo.c:347 #, c-format msgid "no editor found (editor path = %s)" msgstr "no s'ha trobat un editor (el camí de l'editor = %s)" -#: plugins/sudoers/visudo.c:459 plugins/sudoers/visudo.c:467 +#: plugins/sudoers/visudo.c:457 plugins/sudoers/visudo.c:465 msgid "write error" msgstr "error d'escriptura" -#: plugins/sudoers/visudo.c:513 +#: plugins/sudoers/visudo.c:511 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "no s'ha pogut accedir al fitxer temporal (%s), no s'ha modificat %s" -#: plugins/sudoers/visudo.c:520 +#: plugins/sudoers/visudo.c:518 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "fitxer temporal amb longitud nul·la (%s), no s'ha modificat %s" -#: plugins/sudoers/visudo.c:526 +#: plugins/sudoers/visudo.c:524 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "l'editor (%s) ha fallat, no s'ha modificat %s" -#: plugins/sudoers/visudo.c:548 +#: plugins/sudoers/visudo.c:546 #, c-format msgid "%s unchanged" msgstr "no s'ha modificat %s" -#: plugins/sudoers/visudo.c:607 +#: plugins/sudoers/visudo.c:605 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "no s'ha pogut reobrir el fitxer temporal (%s), no s'ha modificat %s" -#: plugins/sudoers/visudo.c:619 +#: plugins/sudoers/visudo.c:617 #, c-format msgid "unabled to parse temporary file (%s), unknown error" msgstr "no s'ha pogut analitzar el fitxer temporal (%s), error desconegut" -#: plugins/sudoers/visudo.c:656 +#: plugins/sudoers/visudo.c:655 #, c-format msgid "internal error, unable to find %s in list!" msgstr "error intern, no s'ha pogut trobar %s a la llista!" -#: plugins/sudoers/visudo.c:717 plugins/sudoers/visudo.c:726 +#: plugins/sudoers/visudo.c:735 plugins/sudoers/visudo.c:744 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "no s'ha pogut establir (uid, gid) de %s a (%u, %u)" -#: plugins/sudoers/visudo.c:721 plugins/sudoers/visudo.c:731 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "no s'ha pogut canviar el mode de %s a 0%o" - -#: plugins/sudoers/visudo.c:748 +#: plugins/sudoers/visudo.c:767 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s i %s no estan al mateix sistema de fitxers, s'usarà mv per reanomenar" -#: plugins/sudoers/visudo.c:762 +#: plugins/sudoers/visudo.c:781 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "l'ordre ha fallat: '%s %s %s', no s'ha modificat %s" -#: plugins/sudoers/visudo.c:772 +#: plugins/sudoers/visudo.c:791 #, c-format msgid "error renaming %s, %s unchanged" msgstr "error quan s'estava reanomenant %s, no s'ha modificat %s" -#: plugins/sudoers/visudo.c:834 +#: plugins/sudoers/visudo.c:812 msgid "What now? " msgstr "Què fem ara? " -#: plugins/sudoers/visudo.c:848 +#: plugins/sudoers/visudo.c:826 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -1950,62 +2284,66 @@ " (x) surt sense desar els canvis al fitxer sudoers\n" " (Q) surt i desa el canvis el fitxer sudoers (PERILL!)\n" -#: plugins/sudoers/visudo.c:894 +#: plugins/sudoers/visudo.c:872 #, c-format msgid "unable to run %s" msgstr "no s'ha pogut executar %s" -#: plugins/sudoers/visudo.c:924 +#: plugins/sudoers/visudo.c:902 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: propietari incorrecte (uid, gid) hauria de ser (%uk, %u)\n" -#: plugins/sudoers/visudo.c:931 +#: plugins/sudoers/visudo.c:909 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: permisos dolents, hauria de ser mode 0%o\n" -#: plugins/sudoers/visudo.c:960 plugins/sudoers/visudo_json.c:1031 +#: plugins/sudoers/visudo.c:966 plugins/sudoers/visudo.c:973 #, c-format -msgid "failed to parse %s file, unknown error" -msgstr "no s'ha pogut analitzar el fitxer %s, error desconegut" +msgid "%s: parsed OK\n" +msgstr "%s: s'analitzat correctament\n" -#: plugins/sudoers/visudo.c:976 plugins/sudoers/visudo_json.c:1042 +#: plugins/sudoers/visudo.c:992 #, c-format -msgid "parse error in %s near line %d\n" -msgstr "error d'anàlisi a %s a prop de la línia %d\n" +msgid "%s busy, try again later" +msgstr "%s està ocupat, proveu un altre cop més tard" -#: plugins/sudoers/visudo.c:979 plugins/sudoers/visudo_json.c:1045 +#: plugins/sudoers/visudo.c:995 #, c-format -msgid "parse error in %s\n" -msgstr "error d'anàlisi a %s\n" +msgid "unable to lock %s" +msgstr "no s'ha pogut bloquejar %s" + +#: plugins/sudoers/visudo.c:996 +msgid "Edit anyway? [y/N]" +msgstr "Editar igualment? [y/N]" -#: plugins/sudoers/visudo.c:987 plugins/sudoers/visudo.c:994 +#: plugins/sudoers/visudo.c:1080 #, c-format -msgid "%s: parsed OK\n" -msgstr "%s: s'analitzat correctament\n" +msgid "Error: %s:%d cycle in %s \"%s\"" +msgstr "Error: %s:%d cicle a %s «%s»" -#: plugins/sudoers/visudo.c:1041 +#: plugins/sudoers/visudo.c:1081 #, c-format -msgid "%s busy, try again later" -msgstr "%s està ocupat, proveu un altre cop més tard" +msgid "Warning: %s:%d cycle in %s \"%s\"" +msgstr "Advertiment: %s:%d cicle a %s «%s»" -#: plugins/sudoers/visudo.c:1137 +#: plugins/sudoers/visudo.c:1085 #, c-format -msgid "%s:%d cycle in %s \"%s\"" -msgstr "%s:%d cicle a %s «%s»" +msgid "Error: %s:%d %s \"%s\" referenced but not defined" +msgstr "Error: %s:%d %s «%s» s'ha referenciat però no s'ha definit " -#: plugins/sudoers/visudo.c:1140 +#: plugins/sudoers/visudo.c:1086 #, c-format -msgid "%s:%d %s \"%s\" referenced but not defined" -msgstr "%s:%d %s «%s» s'ha referenciat però no s'ha definit " +msgid "Warning: %s:%d %s \"%s\" referenced but not defined" +msgstr "Advertiment: %s:%d %s «%s» s'ha referenciat però no s'ha definit " -#: plugins/sudoers/visudo.c:1292 +#: plugins/sudoers/visudo.c:1177 #, c-format -msgid "%s:%d unused %s \"%s\"" -msgstr "%s:%d sense usar %s «%s»" +msgid "Warning: %s:%d unused %s \"%s\"" +msgstr "Advertiment: %s:%d sense usar %s «%s»" -#: plugins/sudoers/visudo.c:1403 +#: plugins/sudoers/visudo.c:1292 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -2014,7 +2352,7 @@ "%s - edita amb seguretat el fitxer sudoers\n" "\n" -#: plugins/sudoers/visudo.c:1405 +#: plugins/sudoers/visudo.c:1294 msgid "" "\n" "Options:\n" @@ -2024,7 +2362,6 @@ " -q, --quiet less verbose (quiet) syntax error messages\n" " -s, --strict strict syntax checking\n" " -V, --version display version information and exit\n" -" -x, --export=output_file write sudoers in JSON format to output_file" msgstr "" "\n" "Opcions:\n" @@ -2034,22 +2371,44 @@ " -q, --quiet missatges d'error de sintaxi menys informatius (silenciós)\n" " -s, --strict verificació estricta de la sintaxi\n" " -V, --version mostra la informació de la versió i surt\n" -" -x, --export=output_file escriu el fitxer sudoers en format JSON a output_file" - -#: plugins/sudoers/visudo_json.c:632 plugins/sudoers/visudo_json.c:667 -#, c-format -msgid "unknown defaults entry \"%s\"" -msgstr "entrada «%s» desconeguda de paràmetres predeterminats" - -#: plugins/sudoers/visudo_json.c:1017 -#, c-format -msgid "%s: input and output files must be different" -msgstr "%s: els fitxers d'entrada i de sortida han de ser diferents" -#: toke.l:926 +#: toke.l:941 msgid "too many levels of includes" msgstr "massa nivells d'inclusions" +#~ msgid "" +#~ "\n" +#~ "LDAP Role: UNKNOWN\n" +#~ msgstr "" +#~ "\n" +#~ "Rol LDAP: DESCONEGUT\n" + +#~ msgid " Order: %s\n" +#~ msgstr " Ordre: %s\n" + +#~ msgid "unable to cache user %s, out of memory" +#~ msgstr "no s'ha pogut posar l'usuari %s, s'ha exhaurit la memòria" + +#~ msgid "unable to cache group %s, out of memory" +#~ msgstr "no s'ha pogut posar el grup %s al cau, s'ha exhaurit" + +#~ msgid "unable to cache group list for %s, out of memory" +#~ msgstr "no s'ha pogut la llista de grups al cau per a %s, s'ha exhaurit la memòria" + +#~ msgid "" +#~ "\n" +#~ "SSSD Role: %s\n" +#~ msgstr "" +#~ "\n" +#~ "Rol SSDD: %s\n" + +#~ msgid "" +#~ "\n" +#~ "SSSD Role: UNKNOWN\n" +#~ msgstr "" +#~ "\n" +#~ "Rol SSSD: DESCONEGUT\n" + #~ msgid "Warning: cycle in %s `%s'" #~ msgstr "Advertiment: cicle a %s `%s'" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/plugins/sudoers/po/cs.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/plugins/sudoers/po/cs.mo differ diff -Nru sudo-1.8.31/plugins/sudoers/po/cs.po sudo-1.9.0/plugins/sudoers/po/cs.po --- sudo-1.8.31/plugins/sudoers/po/cs.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/po/cs.po 2020-05-11 16:28:23.000000000 +0000 @@ -2,16 +2,17 @@ # This file is distributed under the same license as the sudo package. # Todd C. Miller , 2011-2013 # Petr Pisar , 2013, 2014, 2015, 2016, 2017, 2018, 2019. +# Petr Pisar , 2020. # # (AIX) registry → (AIXový) registr # timestamp → časové údaje # msgid "" msgstr "" -"Project-Id-Version: sudoers 1.8.29rc1\n" +"Project-Id-Version: sudoers 1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-10-28 22:32+01:00\n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-03-22 13:46+01:00\n" "Last-Translator: Petr Pisar \n" "Language-Team: Czech \n" "Language: cs\n" @@ -45,70 +46,75 @@ msgid "Sorry, try again." msgstr "Je nám líto, zkuste to znovu." -#: gram.y:196 gram.y:244 gram.y:251 gram.y:258 gram.y:265 gram.y:272 -#: gram.y:288 gram.y:312 gram.y:319 gram.y:326 gram.y:333 gram.y:340 -#: gram.y:403 gram.y:412 gram.y:423 gram.y:456 gram.y:463 gram.y:470 -#: gram.y:477 gram.y:559 gram.y:566 gram.y:575 gram.y:584 gram.y:601 -#: gram.y:713 gram.y:720 gram.y:727 gram.y:735 gram.y:835 gram.y:842 -#: gram.y:849 gram.y:856 gram.y:863 gram.y:889 gram.y:896 gram.y:903 -#: gram.y:1026 gram.y:1303 plugins/sudoers/alias.c:132 -#: plugins/sudoers/alias.c:139 plugins/sudoers/alias.c:155 -#: plugins/sudoers/auth/bsdauth.c:148 plugins/sudoers/auth/kerb5.c:123 -#: plugins/sudoers/auth/kerb5.c:149 plugins/sudoers/auth/pam.c:670 -#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/auth/sia.c:64 -#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:165 -#: plugins/sudoers/cvtsudoers.c:182 plugins/sudoers/cvtsudoers.c:193 -#: plugins/sudoers/cvtsudoers.c:305 plugins/sudoers/cvtsudoers.c:433 -#: plugins/sudoers/cvtsudoers.c:566 plugins/sudoers/cvtsudoers.c:583 -#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 -#: plugins/sudoers/cvtsudoers.c:769 plugins/sudoers/cvtsudoers.c:1179 -#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1285 +#: gram.y:198 gram.y:246 gram.y:253 gram.y:260 gram.y:267 gram.y:274 +#: gram.y:290 gram.y:314 gram.y:321 gram.y:328 gram.y:335 gram.y:342 +#: gram.y:405 gram.y:414 gram.y:425 gram.y:458 gram.y:465 gram.y:472 +#: gram.y:479 gram.y:506 gram.y:578 gram.y:585 gram.y:594 gram.y:603 +#: gram.y:620 gram.y:732 gram.y:739 gram.y:747 gram.y:753 gram.y:853 +#: gram.y:860 gram.y:867 gram.y:874 gram.y:881 gram.y:907 gram.y:914 +#: gram.y:921 gram.y:1063 gram.y:1342 lib/iolog/iolog_util.c:79 +#: lib/iolog/iolog_util.c:118 lib/iolog/iolog_util.c:127 +#: lib/iolog/iolog_util.c:137 lib/iolog/iolog_util.c:145 +#: lib/iolog/iolog_util.c:149 logsrvd/eventlog.c:223 logsrvd/sendlog.c:286 +#: plugins/sudoers/alias.c:132 plugins/sudoers/alias.c:139 +#: plugins/sudoers/alias.c:155 plugins/sudoers/auth/bsdauth.c:148 +#: plugins/sudoers/auth/kerb5.c:123 plugins/sudoers/auth/kerb5.c:149 +#: plugins/sudoers/auth/pam.c:673 plugins/sudoers/auth/rfc1938.c:116 +#: plugins/sudoers/auth/sia.c:64 plugins/sudoers/cvtsudoers.c:124 +#: plugins/sudoers/cvtsudoers.c:165 plugins/sudoers/cvtsudoers.c:182 +#: plugins/sudoers/cvtsudoers.c:193 plugins/sudoers/cvtsudoers.c:305 +#: plugins/sudoers/cvtsudoers.c:433 plugins/sudoers/cvtsudoers.c:566 +#: plugins/sudoers/cvtsudoers.c:583 plugins/sudoers/cvtsudoers.c:646 +#: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:769 +#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1187 +#: plugins/sudoers/cvtsudoers.c:1289 plugins/sudoers/cvtsudoers_json.c:83 #: plugins/sudoers/cvtsudoers_ldif.c:154 plugins/sudoers/cvtsudoers_ldif.c:197 -#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:263 -#: plugins/sudoers/cvtsudoers_ldif.c:334 plugins/sudoers/cvtsudoers_ldif.c:389 -#: plugins/sudoers/cvtsudoers_ldif.c:397 plugins/sudoers/cvtsudoers_ldif.c:414 -#: plugins/sudoers/cvtsudoers_ldif.c:423 plugins/sudoers/cvtsudoers_ldif.c:570 -#: plugins/sudoers/defaults.c:666 plugins/sudoers/defaults.c:959 -#: plugins/sudoers/defaults.c:1130 plugins/sudoers/editor.c:72 +#: plugins/sudoers/cvtsudoers_ldif.c:238 plugins/sudoers/cvtsudoers_ldif.c:303 +#: plugins/sudoers/cvtsudoers_ldif.c:374 plugins/sudoers/cvtsudoers_ldif.c:429 +#: plugins/sudoers/cvtsudoers_ldif.c:437 plugins/sudoers/cvtsudoers_ldif.c:454 +#: plugins/sudoers/cvtsudoers_ldif.c:463 plugins/sudoers/cvtsudoers_ldif.c:610 +#: plugins/sudoers/defaults.c:632 plugins/sudoers/defaults.c:925 +#: plugins/sudoers/defaults.c:1058 plugins/sudoers/editor.c:72 #: plugins/sudoers/editor.c:90 plugins/sudoers/editor.c:101 #: plugins/sudoers/env.c:268 plugins/sudoers/filedigest.c:66 #: plugins/sudoers/filedigest.c:82 plugins/sudoers/gc.c:59 -#: plugins/sudoers/group_plugin.c:138 plugins/sudoers/interfaces.c:78 -#: plugins/sudoers/iolog.c:943 plugins/sudoers/iolog_path.c:174 -#: plugins/sudoers/iolog_util.c:86 plugins/sudoers/iolog_util.c:125 -#: plugins/sudoers/iolog_util.c:134 plugins/sudoers/iolog_util.c:144 -#: plugins/sudoers/iolog_util.c:152 plugins/sudoers/iolog_util.c:156 -#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416 -#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887 -#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668 -#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786 -#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022 -#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223 -#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306 -#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446 -#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558 -#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:683 -#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:510 -#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/linux_audit.c:83 -#: plugins/sudoers/logging.c:202 plugins/sudoers/logging.c:532 -#: plugins/sudoers/logging.c:558 plugins/sudoers/logging.c:599 -#: plugins/sudoers/logging.c:740 plugins/sudoers/logging.c:1100 -#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:367 -#: plugins/sudoers/match_command.c:414 plugins/sudoers/match_command.c:485 -#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:200 +#: plugins/sudoers/group_plugin.c:141 plugins/sudoers/interfaces.c:78 +#: plugins/sudoers/iolog.c:476 plugins/sudoers/iolog_client.c:107 +#: plugins/sudoers/iolog_client.c:485 plugins/sudoers/iolog_client.c:593 +#: plugins/sudoers/iolog_client.c:611 plugins/sudoers/iolog_client.c:1053 +#: plugins/sudoers/iolog_client.c:1283 plugins/sudoers/iolog_client.c:1619 +#: plugins/sudoers/iolog_client.c:1647 plugins/sudoers/ldap.c:185 +#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723 +#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241 +#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705 +#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921 +#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038 +#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254 +#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342 +#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461 +#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591 +#: plugins/sudoers/ldap_conf.c:683 plugins/sudoers/ldap_conf.c:765 +#: plugins/sudoers/ldap_util.c:331 plugins/sudoers/ldap_util.c:338 +#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:83 +#: plugins/sudoers/logging.c:200 plugins/sudoers/logging.c:527 +#: plugins/sudoers/logging.c:553 plugins/sudoers/logging.c:594 +#: plugins/sudoers/logging.c:731 plugins/sudoers/logging.c:1091 +#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:397 +#: plugins/sudoers/match_command.c:444 plugins/sudoers/match_command.c:515 +#: plugins/sudoers/match_digest.c:87 plugins/sudoers/parse.c:200 #: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:227 #: plugins/sudoers/parse.c:239 plugins/sudoers/parse_ldif.c:156 #: plugins/sudoers/parse_ldif.c:187 plugins/sudoers/parse_ldif.c:256 #: plugins/sudoers/parse_ldif.c:263 plugins/sudoers/parse_ldif.c:268 #: plugins/sudoers/parse_ldif.c:344 plugins/sudoers/parse_ldif.c:355 -#: plugins/sudoers/parse_ldif.c:361 plugins/sudoers/parse_ldif.c:386 -#: plugins/sudoers/parse_ldif.c:398 plugins/sudoers/parse_ldif.c:402 -#: plugins/sudoers/parse_ldif.c:416 plugins/sudoers/parse_ldif.c:584 -#: plugins/sudoers/parse_ldif.c:614 plugins/sudoers/parse_ldif.c:639 -#: plugins/sudoers/parse_ldif.c:697 plugins/sudoers/parse_ldif.c:714 -#: plugins/sudoers/parse_ldif.c:742 plugins/sudoers/parse_ldif.c:749 -#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:750 +#: plugins/sudoers/parse_ldif.c:382 plugins/sudoers/parse_ldif.c:399 +#: plugins/sudoers/parse_ldif.c:411 plugins/sudoers/parse_ldif.c:415 +#: plugins/sudoers/parse_ldif.c:429 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:627 plugins/sudoers/parse_ldif.c:652 +#: plugins/sudoers/parse_ldif.c:710 plugins/sudoers/parse_ldif.c:727 +#: plugins/sudoers/parse_ldif.c:755 plugins/sudoers/parse_ldif.c:762 +#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:830 #: plugins/sudoers/prompt.c:100 plugins/sudoers/pwutil.c:199 #: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 #: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:586 @@ -118,19 +124,19 @@ #: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 #: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 #: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 -#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 -#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 -#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 -#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 -#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:114 -#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 -#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 -#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 -#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 -#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 -#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:331 plugins/sudoers/sudoers.c:341 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:735 +#: plugins/sudoers/sudoers.c:864 plugins/sudoers/sudoers.c:909 +#: plugins/sudoers/sudoers.c:1213 plugins/sudoers/sudoreplay.c:559 +#: plugins/sudoers/sudoreplay.c:562 plugins/sudoers/sudoreplay.c:1218 +#: plugins/sudoers/sudoreplay.c:1425 plugins/sudoers/sudoreplay.c:1429 +#: plugins/sudoers/testsudoers.c:136 plugins/sudoers/testsudoers.c:236 +#: plugins/sudoers/testsudoers.c:253 plugins/sudoers/testsudoers.c:587 +#: plugins/sudoers/timestamp.c:439 plugins/sudoers/timestamp.c:483 +#: plugins/sudoers/timestamp.c:993 plugins/sudoers/toke_util.c:59 +#: plugins/sudoers/toke_util.c:112 plugins/sudoers/toke_util.c:137 +#: plugins/sudoers/toke_util.c:165 plugins/sudoers/tsdump.c:130 #: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 #: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 #: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 @@ -139,111 +145,116 @@ msgid "unable to allocate memory" msgstr "nelze alokovat paměť" -#: gram.y:488 +#: gram.y:500 msgid "a digest requires a path name" msgstr "kontrolní součet vyžaduje název cesty" -#: gram.y:614 +#: gram.y:633 msgid "invalid notbefore value" msgstr "neplatná hodnota notbefore (začátek platnosti)" -#: gram.y:622 +#: gram.y:641 msgid "invalid notafter value" msgstr "neplatná hodnota notafter (konec platnosti)" -#: gram.y:631 plugins/sudoers/policy.c:320 +#: gram.y:650 plugins/sudoers/policy.c:319 msgid "timeout value too large" msgstr "hodnota časového limitu je příliš velká" -#: gram.y:633 plugins/sudoers/policy.c:322 +#: gram.y:652 plugins/sudoers/policy.c:321 msgid "invalid timeout value" msgstr "neplatná hodnota časového limitu" -#: gram.y:1303 plugins/sudoers/auth/pam.c:483 plugins/sudoers/auth/pam.c:670 -#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/cvtsudoers.c:124 -#: plugins/sudoers/cvtsudoers.c:164 plugins/sudoers/cvtsudoers.c:181 -#: plugins/sudoers/cvtsudoers.c:192 plugins/sudoers/cvtsudoers.c:304 -#: plugins/sudoers/cvtsudoers.c:432 plugins/sudoers/cvtsudoers.c:565 -#: plugins/sudoers/cvtsudoers.c:582 plugins/sudoers/cvtsudoers.c:646 -#: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:768 -#: plugins/sudoers/cvtsudoers.c:1179 plugins/sudoers/cvtsudoers.c:1183 -#: plugins/sudoers/cvtsudoers.c:1285 plugins/sudoers/cvtsudoers_ldif.c:153 -#: plugins/sudoers/cvtsudoers_ldif.c:196 plugins/sudoers/cvtsudoers_ldif.c:243 -#: plugins/sudoers/cvtsudoers_ldif.c:262 plugins/sudoers/cvtsudoers_ldif.c:333 -#: plugins/sudoers/cvtsudoers_ldif.c:388 plugins/sudoers/cvtsudoers_ldif.c:396 -#: plugins/sudoers/cvtsudoers_ldif.c:413 plugins/sudoers/cvtsudoers_ldif.c:422 -#: plugins/sudoers/cvtsudoers_ldif.c:569 plugins/sudoers/defaults.c:666 -#: plugins/sudoers/defaults.c:959 plugins/sudoers/defaults.c:1130 +#: gram.y:1342 lib/iolog/iolog_util.c:79 lib/iolog/iolog_util.c:118 +#: lib/iolog/iolog_util.c:127 lib/iolog/iolog_util.c:137 +#: lib/iolog/iolog_util.c:145 lib/iolog/iolog_util.c:149 +#: logsrvd/eventlog.c:223 plugins/sudoers/auth/pam.c:486 +#: plugins/sudoers/auth/pam.c:673 plugins/sudoers/auth/rfc1938.c:116 +#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:164 +#: plugins/sudoers/cvtsudoers.c:181 plugins/sudoers/cvtsudoers.c:192 +#: plugins/sudoers/cvtsudoers.c:304 plugins/sudoers/cvtsudoers.c:432 +#: plugins/sudoers/cvtsudoers.c:565 plugins/sudoers/cvtsudoers.c:582 +#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 +#: plugins/sudoers/cvtsudoers.c:768 plugins/sudoers/cvtsudoers.c:1183 +#: plugins/sudoers/cvtsudoers.c:1187 plugins/sudoers/cvtsudoers.c:1289 +#: plugins/sudoers/cvtsudoers_json.c:82 plugins/sudoers/cvtsudoers_ldif.c:153 +#: plugins/sudoers/cvtsudoers_ldif.c:196 plugins/sudoers/cvtsudoers_ldif.c:237 +#: plugins/sudoers/cvtsudoers_ldif.c:302 plugins/sudoers/cvtsudoers_ldif.c:373 +#: plugins/sudoers/cvtsudoers_ldif.c:428 plugins/sudoers/cvtsudoers_ldif.c:436 +#: plugins/sudoers/cvtsudoers_ldif.c:453 plugins/sudoers/cvtsudoers_ldif.c:462 +#: plugins/sudoers/cvtsudoers_ldif.c:609 plugins/sudoers/defaults.c:632 +#: plugins/sudoers/defaults.c:925 plugins/sudoers/defaults.c:1058 #: plugins/sudoers/editor.c:72 plugins/sudoers/editor.c:90 #: plugins/sudoers/editor.c:101 plugins/sudoers/env.c:268 #: plugins/sudoers/filedigest.c:66 plugins/sudoers/filedigest.c:82 -#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:138 -#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:943 -#: plugins/sudoers/iolog_path.c:174 plugins/sudoers/iolog_util.c:86 -#: plugins/sudoers/iolog_util.c:125 plugins/sudoers/iolog_util.c:134 -#: plugins/sudoers/iolog_util.c:144 plugins/sudoers/iolog_util.c:152 -#: plugins/sudoers/iolog_util.c:156 plugins/sudoers/ldap.c:185 -#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420 -#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723 -#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241 -#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705 -#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921 -#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038 -#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254 -#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342 -#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461 -#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591 -#: plugins/sudoers/ldap_conf.c:682 plugins/sudoers/ldap_conf.c:765 -#: plugins/sudoers/ldap_util.c:510 plugins/sudoers/ldap_util.c:567 -#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:202 -#: plugins/sudoers/logging.c:532 plugins/sudoers/logging.c:558 -#: plugins/sudoers/logging.c:598 plugins/sudoers/logging.c:1100 -#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:366 -#: plugins/sudoers/match_command.c:413 plugins/sudoers/match_command.c:485 -#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:199 +#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:140 +#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:476 +#: plugins/sudoers/iolog_client.c:107 plugins/sudoers/iolog_client.c:485 +#: plugins/sudoers/iolog_client.c:593 plugins/sudoers/iolog_client.c:611 +#: plugins/sudoers/iolog_client.c:1053 plugins/sudoers/iolog_client.c:1283 +#: plugins/sudoers/iolog_client.c:1619 plugins/sudoers/iolog_client.c:1647 +#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416 +#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432 +#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887 +#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668 +#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786 +#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022 +#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223 +#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306 +#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446 +#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558 +#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:682 +#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:330 +#: plugins/sudoers/ldap_util.c:337 plugins/sudoers/ldap_util.c:603 +#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:200 +#: plugins/sudoers/logging.c:527 plugins/sudoers/logging.c:553 +#: plugins/sudoers/logging.c:593 plugins/sudoers/logging.c:1091 +#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:396 +#: plugins/sudoers/match_command.c:443 plugins/sudoers/match_command.c:515 +#: plugins/sudoers/match_digest.c:87 plugins/sudoers/parse.c:199 #: plugins/sudoers/parse.c:211 plugins/sudoers/parse.c:226 #: plugins/sudoers/parse.c:238 plugins/sudoers/parse_ldif.c:155 #: plugins/sudoers/parse_ldif.c:186 plugins/sudoers/parse_ldif.c:255 #: plugins/sudoers/parse_ldif.c:262 plugins/sudoers/parse_ldif.c:267 #: plugins/sudoers/parse_ldif.c:343 plugins/sudoers/parse_ldif.c:354 -#: plugins/sudoers/parse_ldif.c:360 plugins/sudoers/parse_ldif.c:385 -#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:401 -#: plugins/sudoers/parse_ldif.c:415 plugins/sudoers/parse_ldif.c:584 -#: plugins/sudoers/parse_ldif.c:613 plugins/sudoers/parse_ldif.c:638 -#: plugins/sudoers/parse_ldif.c:696 plugins/sudoers/parse_ldif.c:713 -#: plugins/sudoers/parse_ldif.c:741 plugins/sudoers/parse_ldif.c:748 -#: plugins/sudoers/policy.c:134 plugins/sudoers/policy.c:143 -#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:178 -#: plugins/sudoers/policy.c:305 plugins/sudoers/policy.c:320 -#: plugins/sudoers/policy.c:322 plugins/sudoers/policy.c:348 -#: plugins/sudoers/policy.c:358 plugins/sudoers/policy.c:402 +#: plugins/sudoers/parse_ldif.c:381 plugins/sudoers/parse_ldif.c:398 +#: plugins/sudoers/parse_ldif.c:410 plugins/sudoers/parse_ldif.c:414 +#: plugins/sudoers/parse_ldif.c:428 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:133 plugins/sudoers/policy.c:142 +#: plugins/sudoers/policy.c:151 plugins/sudoers/policy.c:177 +#: plugins/sudoers/policy.c:304 plugins/sudoers/policy.c:319 +#: plugins/sudoers/policy.c:321 plugins/sudoers/policy.c:350 +#: plugins/sudoers/policy.c:359 plugins/sudoers/policy.c:402 #: plugins/sudoers/policy.c:412 plugins/sudoers/policy.c:421 #: plugins/sudoers/policy.c:430 plugins/sudoers/policy.c:504 -#: plugins/sudoers/policy.c:750 plugins/sudoers/prompt.c:100 +#: plugins/sudoers/policy.c:830 plugins/sudoers/prompt.c:100 #: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 #: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 #: plugins/sudoers/pwutil.c:586 plugins/sudoers/pwutil.c:657 #: plugins/sudoers/pwutil.c:816 plugins/sudoers/pwutil.c:873 #: plugins/sudoers/pwutil.c:917 plugins/sudoers/pwutil.c:975 -#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 -#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 -#: plugins/sudoers/set_perms.c:1659 plugins/sudoers/sssd.c:153 +#: plugins/sudoers/set_perms.c:365 plugins/sudoers/set_perms.c:704 +#: plugins/sudoers/set_perms.c:1067 plugins/sudoers/set_perms.c:1370 +#: plugins/sudoers/set_perms.c:1535 plugins/sudoers/sssd.c:153 #: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 #: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 #: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 -#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 -#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 -#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 -#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 -#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:113 -#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 -#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 -#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 -#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 -#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 -#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:331 plugins/sudoers/sudoers.c:341 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:735 +#: plugins/sudoers/sudoers.c:864 plugins/sudoers/sudoers.c:909 +#: plugins/sudoers/sudoers.c:1213 plugins/sudoers/sudoreplay.c:559 +#: plugins/sudoers/sudoreplay.c:562 plugins/sudoers/sudoreplay.c:1218 +#: plugins/sudoers/sudoreplay.c:1425 plugins/sudoers/sudoreplay.c:1429 +#: plugins/sudoers/testsudoers.c:136 plugins/sudoers/testsudoers.c:236 +#: plugins/sudoers/testsudoers.c:253 plugins/sudoers/testsudoers.c:587 +#: plugins/sudoers/timestamp.c:439 plugins/sudoers/timestamp.c:483 +#: plugins/sudoers/timestamp.c:993 plugins/sudoers/toke_util.c:59 +#: plugins/sudoers/toke_util.c:112 plugins/sudoers/toke_util.c:136 +#: plugins/sudoers/toke_util.c:165 plugins/sudoers/tsdump.c:130 #: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 #: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 #: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 @@ -253,12 +264,459 @@ msgid "%s: %s" msgstr "%s: %s" +#: lib/iolog/iolog_fileio.c:164 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s existuje, ale nejedná se o adresář (0%o)" + +#: lib/iolog/iolog_fileio.c:194 lib/iolog/iolog_fileio.c:240 +#: plugins/sudoers/timestamp.c:212 +#, c-format +msgid "unable to mkdir %s" +msgstr "nelze vytvořit adresář %s" + +#: lib/iolog/iolog_fileio.c:244 plugins/sudoers/visudo.c:739 +#: plugins/sudoers/visudo.c:750 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "nelze změnit práva %s na 0%o" + +#: lib/iolog/iolog_util.c:83 +#, c-format +msgid "%s: invalid log file" +msgstr "%s: neplatný soubor s protokolem" + +#: lib/iolog/iolog_util.c:101 +#, c-format +msgid "%s: time stamp field is missing" +msgstr "%s: chybí položka s časovým údajem" + +#: lib/iolog/iolog_util.c:107 +#, c-format +msgid "%s: time stamp %s: %s" +msgstr "%s: čas %s: %s" + +#: lib/iolog/iolog_util.c:114 +#, c-format +msgid "%s: user field is missing" +msgstr "%s: chybí položka s uživatelem" + +#: lib/iolog/iolog_util.c:123 +#, c-format +msgid "%s: runas user field is missing" +msgstr "%s: chybí položka s runas uživatelem" + +#: lib/iolog/iolog_util.c:132 +#, c-format +msgid "%s: runas group field is missing" +msgstr "%s chybí položka s runas skupinou" + +#: lib/iolog/iolog_util.c:382 +#, c-format +msgid "error reading timing file: %s" +msgstr "chyba při čtení časovacího souboru: %s" + +#: lib/iolog/iolog_util.c:389 +#, c-format +msgid "invalid timing file line: %s" +msgstr "neplatný řádek s časovacím souborem: %s" + +#: logsrvd/eventlog.c:228 plugins/sudoers/cvtsudoers_ldif.c:247 +#: plugins/sudoers/cvtsudoers_ldif.c:254 plugins/sudoers/cvtsudoers_ldif.c:566 +#: plugins/sudoers/env.c:330 plugins/sudoers/env.c:337 +#: plugins/sudoers/env.c:442 plugins/sudoers/iolog.c:550 +#: plugins/sudoers/iolog.c:566 plugins/sudoers/ldap.c:496 +#: plugins/sudoers/ldap.c:727 plugins/sudoers/ldap.c:1060 +#: plugins/sudoers/ldap_conf.c:227 plugins/sudoers/ldap_conf.c:317 +#: plugins/sudoers/linux_audit.c:89 plugins/sudoers/logging.c:1096 +#: plugins/sudoers/policy.c:534 plugins/sudoers/policy.c:679 +#: plugins/sudoers/policy.c:689 plugins/sudoers/prompt.c:168 +#: plugins/sudoers/sudoers.c:931 plugins/sudoers/testsudoers.c:257 +#: plugins/sudoers/toke_util.c:177 +#, c-format +msgid "internal error, %s overflow" +msgstr "vnitřní chyba, přetečení %s" + +#: logsrvd/eventlog.c:422 plugins/sudoers/logging.c:118 +#, c-format +msgid "%8s : %s" +msgstr "%8s : %s" + +#: logsrvd/eventlog.c:451 plugins/sudoers/logging.c:146 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "%8s : (příkaz pokračuje) %s" + +#: logsrvd/iolog_writer.c:886 +msgid "log is already complete, cannot be restarted" +msgstr "protokol byl již dokončen, nelze jej restartovat" + +#: logsrvd/iolog_writer.c:917 +msgid "unable to restart log" +msgstr "protokol nelze navázat" + +#: logsrvd/logsrv_util.c:96 logsrvd/logsrv_util.c:103 +#: plugins/sudoers/sudoreplay.c:355 plugins/sudoers/sudoreplay.c:361 +#: plugins/sudoers/sudoreplay.c:368 +#, c-format +msgid "unable to open %s/%s" +msgstr "nelze otevřít %s/%s" + +#: logsrvd/logsrv_util.c:130 +#, c-format +msgid "missing I/O log file %s/%s" +msgstr "chybí vstupně-výstupní soubor s protokolem %s/%s" + +#: logsrvd/logsrv_util.c:137 +#, c-format +msgid "%s/%s: unable to seek forward %zu" +msgstr "%s/%s: nelze skočit vpřed o %zu" + +#: logsrvd/logsrv_util.c:147 +#, c-format +msgid "unable to find resume point [%lld, %ld] in %s/%s" +msgstr "nelze nalézt bod obnovy [%lld, %ld] v %s/%s" + +#: logsrvd/logsrvd.c:231 logsrvd/logsrvd.c:299 logsrvd/logsrvd.c:343 +#: logsrvd/logsrvd.c:392 logsrvd/logsrvd.c:439 logsrvd/logsrvd.c:484 +#: logsrvd/logsrvd.c:510 +msgid "state machine error" +msgstr "chyba stavového automatu" + +#: logsrvd/logsrvd.c:240 +msgid "invalid AcceptMessage" +msgstr "neplatná zpráva AcceptMessage" + +#: logsrvd/logsrvd.c:251 +msgid "error parsing AcceptMessage" +msgstr "chyba při rozboru zprávy AcceptMessage" + +#: logsrvd/logsrvd.c:258 +msgid "error creating I/O log" +msgstr "chyba při vytváření vstupně-výstupního protokolu" + +#: logsrvd/logsrvd.c:265 +msgid "error logging accept event" +msgstr "chyba při protokolování události přijetí" + +#: logsrvd/logsrvd.c:308 +msgid "invalid RejectMessage" +msgstr "neplatná zpráva RejectMessage" + +#: logsrvd/logsrvd.c:319 +msgid "error parsing RejectMessage" +msgstr "chyba při rozboru zprávy RejectMessage" + +#: logsrvd/logsrvd.c:325 +msgid "error logging reject event" +msgstr "chyba při protokolování události zamítnutí" + +#: logsrvd/logsrvd.c:424 +msgid "error logging alert event" +msgstr "chyba při protokolování události upozornění" + +#: logsrvd/logsrvd.c:449 +msgid "error writing IoBuffer" +msgstr "chyba při zápisu IoBuffer" + +#: logsrvd/logsrvd.c:495 +msgid "error writing ChangeWindowSize" +msgstr "chyba při zápisu ChangeWindowSize" + +#: logsrvd/logsrvd.c:521 +msgid "error writing CommandSuspend" +msgstr "chyba při zápisu CommandSuspend" + +#: logsrvd/logsrvd.c:583 +msgid "unrecognized ClientMessage type" +msgstr "nerozpoznaný druh zprávy ClientMessage" + +#: logsrvd/logsrvd.c:835 +msgid "client message too large" +msgstr "zpráva od klienta je příliš velká" + +#: logsrvd/logsrvd.c:1295 logsrvd/logsrvd.c:1415 logsrvd/logsrvd.c:1539 +#: logsrvd/logsrvd.c:1631 logsrvd/sendlog.c:242 logsrvd/sendlog.c:257 +#: logsrvd/sendlog.c:290 logsrvd/sendlog.c:1264 plugins/sudoers/iolog.c:900 +#: plugins/sudoers/iolog.c:1033 plugins/sudoers/iolog.c:1131 +#: plugins/sudoers/iolog_client.c:111 plugins/sudoers/iolog_client.c:436 +#: plugins/sudoers/iolog_client.c:452 plugins/sudoers/iolog_client.c:490 +#: plugins/sudoers/iolog_client.c:1032 plugins/sudoers/iolog_client.c:1061 +#: plugins/sudoers/iolog_client.c:1133 plugins/sudoers/iolog_client.c:1239 +#: plugins/sudoers/iolog_client.c:1353 plugins/sudoers/iolog_client.c:1655 +#: plugins/sudoers/iolog_client.c:1663 plugins/sudoers/sudoreplay.c:519 +#: plugins/sudoers/sudoreplay.c:566 plugins/sudoers/sudoreplay.c:755 +#: plugins/sudoers/sudoreplay.c:867 plugins/sudoers/sudoreplay.c:957 +#: plugins/sudoers/sudoreplay.c:972 plugins/sudoers/sudoreplay.c:979 +#: plugins/sudoers/sudoreplay.c:986 plugins/sudoers/sudoreplay.c:993 +#: plugins/sudoers/sudoreplay.c:1000 plugins/sudoers/sudoreplay.c:1127 +msgid "unable to add event to queue" +msgstr "událost nelze přidat do fronty" + +#: logsrvd/logsrvd.c:1407 plugins/sudoers/iolog_client.c:378 +#, c-format +msgid "Unable to attach user data to the ssl object: %s" +msgstr "K objektu SSL nelze připojit uživatelská data: %s" + +#: logsrvd/logsrvd.c:1443 plugins/sudoers/iolog_client.c:1596 +#: plugins/sudoers/iolog_client.c:1604 +msgid "unable to get remote IP addr" +msgstr "nelze získat vzdálenou IP adresu" + +#: logsrvd/logsrvd.c:1692 logsrvd/sendlog.c:113 +#, c-format +msgid "" +"%s - send sudo I/O log to remote server\n" +"\n" +msgstr "" +"%s – odešle vstupně-výstupní protokol vzdálenému serveru\n" +"\n" + +#: logsrvd/logsrvd.c:1695 +msgid "" +"\n" +"Options:\n" +" -f, --file path to configuration file\n" +" -h --help display help message and exit\n" +" -n, --no-fork do not fork, run in the foreground\n" +" -R, --random-drop percent chance connections will drop\n" +" -V, --version display version information and exit\n" +msgstr "" +"\n" +"Přepínače:\n" +" -f, --file cesta ke konfiguračnímu souboru\n" +" -h, --help zobrazí nápovědu a skončí\n" +" -n, --no-fork zůstane běžet na popředí\n" +" -R, --random-drop procentuální pravděpodobnost, že se spojení ztratí\n" +" -V, --version zobrazí údaje o verzi a skončí\n" + +#: logsrvd/logsrvd.c:1747 logsrvd/sendlog.c:1513 +msgid "Protobuf-C version 1.3 or higher required" +msgstr "Je vyžadována knihovna Protobuf-C verze 1.3 nebo vyšší" + +#: logsrvd/logsrvd.c:1765 +#, c-format +msgid "invalid random drop value: %s" +msgstr "neplatná hodnota pravděpodobnosti ztráty: %s" + +#: logsrvd/logsrvd.c:1769 logsrvd/sendlog.c:1551 +#: plugins/sudoers/cvtsudoers.c:233 plugins/sudoers/sudoreplay.c:302 +#: plugins/sudoers/visudo.c:184 +#, c-format +msgid "%s version %s\n" +msgstr "%s verze %s\n" + +#: logsrvd/logsrvd_conf.c:688 +#, c-format +msgid "%s: not a fully qualified path" +msgstr "%s: cesta není plně kvalifikovaná" + +#: logsrvd/logsrvd_conf.c:802 +#, c-format +msgid "%s:%d unmatched '[': %s" +msgstr "%s:%d nepárová „[“: %s" + +#: logsrvd/logsrvd_conf.c:813 +#, c-format +msgid "%s:%d invalid config section: %s" +msgstr "%s:%d neplatný konfigurační oddíl: %s" + +#: logsrvd/logsrvd_conf.c:821 +#, c-format +msgid "%s:%d invalid configuration line: %s" +msgstr "%s:%d neplatný řádek s konfigurací: %s" + +#: logsrvd/logsrvd_conf.c:827 +#, c-format +msgid "%s:%d expected section name: %s" +msgstr "%s:%d očekávaný název oddílu: %s" + +#: logsrvd/logsrvd_conf.c:841 +#, c-format +msgid "invalid value for %s: %s" +msgstr "neplatná hodnota pro %s: %s" + +#: logsrvd/logsrvd_conf.c:849 +#, c-format +msgid "%s:%d unknown key: %s" +msgstr "%s:%d: neznámý klíč: %s" + +#: logsrvd/logsrvd_conf.c:977 +#, c-format +msgid "unknown syslog facility %s" +msgstr "neznámý obor systémového protokolu %s" + +#: logsrvd/logsrvd_conf.c:981 logsrvd/logsrvd_conf.c:985 +#: logsrvd/logsrvd_conf.c:989 +#, c-format +msgid "unknown syslog priority %s" +msgstr "neznámá priorita systémového protokolu: %s" + +#: logsrvd/sendlog.c:116 +msgid "" +"\n" +"Options:\n" +" --help display help message and exit\n" +" -h, --host host to send logs to\n" +" -i, --iolog_id remote ID of I/O log to be resumed\n" +" -p, --port port to use when connecting to host\n" +" -r, --restart restart previous I/O log transfer\n" +" -t, --test test audit server by sending selected I/O log n times in parallel\n" +" -b, --ca-bundle certificate bundle file to verify server's cert against\n" +" -c, --cert certificate file for TLS handshake\n" +" -k, --key private key file\n" +" -V, --version display version information and exit\n" +msgstr "" +"\n" +"Přepínače:\n" +" --help zobrazí nápovědu a skončí\n" +" -h, --host stroj, kam posílat protokol\n" +" -i, --iolog_id vzdálený identifikátor vstupně-výstupního protokolu,\n" +" na který se má navázat\n" +" -p, --port port, který se použije při připojování na stroj\n" +" -r, --restart restartovat předchozí přenos vstupně-výstupního\n" +" protokolu\n" +" -t, --test otestovat auditní server zasláním vybraných\n" +" vstupně-výstupních protokolů n-krát souběžně\n" +" -b, --ca-bundle soubor se svazkem certifikátů, proti kterému se\n" +" bude ověřovat certifikát serveru\n" +" -c, --cert soubor s certifikátem pro navázání spojení TLS\n" +" -k, --key soubor se soukromým klíčem\n" +" -V, --version zobrazí údaje o verzi a skončí\n" + +#: logsrvd/sendlog.c:216 plugins/sudoers/iolog_client.c:409 +msgid "TLS handshake timeout occurred" +msgstr "Při navazování spojení TLS vypršel časový limit" + +#: logsrvd/sendlog.c:237 logsrvd/sendlog.c:252 +#: plugins/sudoers/iolog_client.c:430 plugins/sudoers/iolog_client.c:446 +msgid "unable to set event" +msgstr "událost nelze nastavit" + +#: logsrvd/sendlog.c:262 +#, c-format +msgid "SSL_connect failed: ssl_error=%d, stack=%s\n" +msgstr "Funkce SSL_connect selhala: chyba_SSL=%d, zásobník=%s\n" + +#: logsrvd/sendlog.c:294 plugins/sudoers/iolog_client.c:115 +#: plugins/sudoers/iolog_client.c:495 plugins/sudoers/iolog_client.c:1065 +#: plugins/sudoers/iolog_client.c:1671 +msgid "error in event loop" +msgstr "chyba ve smyčce událostí" + +#: logsrvd/sendlog.c:311 +msgid "CA bundle file was not specified" +msgstr "Soubor se svazkem certifikátů autorit nebyl zadán" + +#: logsrvd/sendlog.c:315 +msgid "Client certificate was not specified" +msgstr "Certifikát klienta nebyl zadán" + +#: logsrvd/sendlog.c:319 +#, c-format +msgid "Unable to initialize ssl context: %s" +msgstr "Kontext SSL nelze inicializovat: %s" + +#: logsrvd/sendlog.c:324 +#, c-format +msgid "Unable to allocate ssl object: %s\n" +msgstr "Objekt SSL nelze alokovat: %s\n" + +#: logsrvd/sendlog.c:329 +#, c-format +msgid "Unable to attach socket to the ssl object: %s\n" +msgstr "K objektu SSL nelze připojit socket: %s\n" + +#: logsrvd/sendlog.c:367 plugins/sudoers/iolog_client.c:150 +#, c-format +msgid "unable to look up %s:%s: %s" +msgstr "%s:%s nelze vyhledat: %s" + +#: logsrvd/sendlog.c:522 plugins/sudoers/sudoreplay.c:815 +#, c-format +msgid "unable to read %s/%s: %s" +msgstr "%s/%s nelze přečíst: %s" + +#: logsrvd/sendlog.c:543 +#, c-format +msgid "client message too large: %zu\n" +msgstr "velikost zprávy od klienta je příliš velká: %zu\n" + +#: logsrvd/sendlog.c:941 +#, c-format +msgid "%s: write buffer already in use" +msgstr "%s: vyrovnávací paměť pro zápis se již používá" + +#: logsrvd/sendlog.c:993 plugins/sudoers/iolog.c:824 +#: plugins/sudoers/iolog.c:893 +#, c-format +msgid "unexpected I/O event %d" +msgstr "nečekaná I/O událost %d" + +#: logsrvd/sendlog.c:1025 logsrvd/sendlog.c:1042 logsrvd/sendlog.c:1092 +#: plugins/sudoers/iolog_client.c:1037 plugins/sudoers/iolog_client.c:1090 +#: plugins/sudoers/iolog_client.c:1151 +#, c-format +msgid "%s: unexpected state %d" +msgstr "%s: nečekaný stav %d" + +#: logsrvd/sendlog.c:1048 plugins/sudoers/iolog_client.c:1096 +msgid "invalid ServerHello" +msgstr "neplatná správa ServerHello" + +#: logsrvd/sendlog.c:1130 plugins/sudoers/iolog_client.c:1195 +#, c-format +msgid "error message received from server: %s" +msgstr "od serveru byla přijata chybová zpráva: %s" + +#: logsrvd/sendlog.c:1143 plugins/sudoers/iolog_client.c:1208 +#, c-format +msgid "abort message received from server: %s" +msgstr "od serveru byla přijata zpráva o zrušení: %s" + +#: logsrvd/sendlog.c:1162 plugins/sudoers/iolog_client.c:1227 +msgid "unable to unpack ServerMessage" +msgstr "zprávu ServerMessage nelze rozbalit" + +#: logsrvd/sendlog.c:1207 plugins/sudoers/iolog_client.c:1260 +#, c-format +msgid "%s: unexpected type_case value %d" +msgstr "%s: nečekaná hodnota type_case %d" + +#: logsrvd/sendlog.c:1291 +msgid "premature EOF" +msgstr "předčasný konec souboru" + +#: logsrvd/sendlog.c:1304 +#, c-format +msgid "server message too large: %u\n" +msgstr "zpráva od serveru je příliš veliká: %u\n" + +#: logsrvd/sendlog.c:1569 +msgid "both restart point and iolog ID must be specified" +msgstr "musí být zadán jak bod navázání, tak i identifikátor iolog" + +#: logsrvd/sendlog.c:1636 +#, c-format +msgid "exited prematurely with state %d" +msgstr "ukončeno předčasně ve stavu %d" + +#: logsrvd/sendlog.c:1637 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "uplynulý čas zaslaný serveru [%lld, %ld]" + +#: logsrvd/sendlog.c:1639 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "od server byl přijat bod zápisu [%lld, %ld]" + #: plugins/sudoers/alias.c:151 #, c-format msgid "Alias \"%s\" already defined" msgstr "Alias „%s“ je již definován" -#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:801 +#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:792 msgid "unable to fork" msgstr "nelze vytvořit proces" @@ -364,33 +822,33 @@ msgid "unable to initialize PAM: %s" msgstr "PAM nelze inicializovat: %s" -#: plugins/sudoers/auth/pam.c:319 +#: plugins/sudoers/auth/pam.c:322 #, c-format msgid "PAM authentication error: %s" msgstr "Chyba autentizace PAM: %s" -#: plugins/sudoers/auth/pam.c:338 +#: plugins/sudoers/auth/pam.c:341 msgid "account validation failure, is your account locked?" msgstr "ověření účtu selhalo, není váš účet zamknutý?" -#: plugins/sudoers/auth/pam.c:349 +#: plugins/sudoers/auth/pam.c:352 msgid "Account or password is expired, reset your password and try again" msgstr "Účtu nebo heslu vypršela platnost, nastavte si nové heslo a zkuste to znovu" -#: plugins/sudoers/auth/pam.c:355 +#: plugins/sudoers/auth/pam.c:358 #, c-format msgid "unable to change expired password: %s" msgstr "prošlé heslo nelze změnit: %s" -#: plugins/sudoers/auth/pam.c:366 +#: plugins/sudoers/auth/pam.c:369 msgid "Password expired, contact your system administrator" msgstr "Heslu vypršela platnost, kontaktujte správce svého systému" -#: plugins/sudoers/auth/pam.c:371 +#: plugins/sudoers/auth/pam.c:374 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Účtu vypršela platnost nebo v konfiguraci PAM pro sudo chybí sekce „account“. Kontaktujte správce svého systému" -#: plugins/sudoers/auth/pam.c:379 plugins/sudoers/auth/pam.c:384 +#: plugins/sudoers/auth/pam.c:382 plugins/sudoers/auth/pam.c:387 #, c-format msgid "PAM account management error: %s" msgstr "Chyba správy účtů PAM: %s" @@ -468,7 +926,7 @@ msgid "unable to commit audit record" msgstr "auditní zprávu nelze odeslat" -#: plugins/sudoers/check.c:269 +#: plugins/sudoers/check.c:264 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -488,15 +946,16 @@ " 3. S velkými právy přichází velká zodpovědnost.\n" "\n" -#: plugins/sudoers/check.c:312 plugins/sudoers/check.c:322 -#: plugins/sudoers/sudoers.c:700 plugins/sudoers/sudoers.c:748 +#: plugins/sudoers/check.c:307 plugins/sudoers/check.c:317 +#: plugins/sudoers/sudoers.c:778 plugins/sudoers/sudoers.c:826 #: plugins/sudoers/tsdump.c:126 #, c-format msgid "unknown uid: %u" msgstr "neznámé UID: %u" -#: plugins/sudoers/check.c:317 plugins/sudoers/iolog.c:255 -#: plugins/sudoers/policy.c:921 plugins/sudoers/sudoers.c:1163 +#: plugins/sudoers/check.c:312 plugins/sudoers/iolog.c:121 +#: plugins/sudoers/policy.c:1034 plugins/sudoers/sudoers.c:391 +#: plugins/sudoers/sudoers.c:393 plugins/sudoers/sudoers.c:1255 #: plugins/sudoers/testsudoers.c:227 plugins/sudoers/testsudoers.c:400 #, c-format msgid "unknown user: %s" @@ -517,12 +976,6 @@ msgid "order padding: %s: %s" msgstr "odsazení pořadí: %s: %s" -#: plugins/sudoers/cvtsudoers.c:233 plugins/sudoers/sudoreplay.c:289 -#: plugins/sudoers/visudo.c:184 -#, c-format -msgid "%s version %s\n" -msgstr "%s verze %s\n" - #: plugins/sudoers/cvtsudoers.c:235 plugins/sudoers/visudo.c:186 #, c-format msgid "%s grammar version %d\n" @@ -543,7 +996,7 @@ msgid "%s: input and output files must be different" msgstr "%s: vstupní a výstupní soubory se musí lišit" -#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:176 +#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:185 #: plugins/sudoers/testsudoers.c:266 plugins/sudoers/visudo.c:254 #: plugins/sudoers/visudo.c:610 plugins/sudoers/visudo.c:933 msgid "unable to initialize sudoers default values" @@ -575,12 +1028,10 @@ msgstr "neplatný filtr: %s" #: plugins/sudoers/cvtsudoers.c:622 plugins/sudoers/cvtsudoers.c:639 -#: plugins/sudoers/cvtsudoers.c:1245 plugins/sudoers/cvtsudoers_json.c:1130 -#: plugins/sudoers/cvtsudoers_ldif.c:643 plugins/sudoers/iolog.c:413 -#: plugins/sudoers/iolog_util.c:75 plugins/sudoers/sudoers.c:914 -#: plugins/sudoers/sudoreplay.c:338 plugins/sudoers/sudoreplay.c:1431 -#: plugins/sudoers/timestamp.c:448 plugins/sudoers/tsdump.c:135 -#: plugins/sudoers/visudo.c:929 +#: plugins/sudoers/cvtsudoers.c:1249 plugins/sudoers/cvtsudoers_json.c:868 +#: plugins/sudoers/cvtsudoers_ldif.c:683 plugins/sudoers/sudoers.c:1001 +#: plugins/sudoers/sudoreplay.c:1391 plugins/sudoers/timestamp.c:448 +#: plugins/sudoers/tsdump.c:135 plugins/sudoers/visudo.c:929 #, c-format msgid "unable to open %s" msgstr "nelze otevřít %s" @@ -600,14 +1051,13 @@ msgid "parse error in %s\n" msgstr "chyba při rozboru %s\n" -#: plugins/sudoers/cvtsudoers.c:1292 plugins/sudoers/iolog.c:500 -#: plugins/sudoers/sudoreplay.c:1135 plugins/sudoers/timestamp.c:332 -#: plugins/sudoers/timestamp.c:335 +#: plugins/sudoers/cvtsudoers.c:1296 plugins/sudoers/sudoreplay.c:1088 +#: plugins/sudoers/timestamp.c:332 plugins/sudoers/timestamp.c:335 #, c-format msgid "unable to write to %s" msgstr "do %s nelze zapsat" -#: plugins/sudoers/cvtsudoers.c:1315 +#: plugins/sudoers/cvtsudoers.c:1319 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -616,7 +1066,7 @@ "%s – převádí mezí formáty souboru sudoers\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1317 +#: plugins/sudoers/cvtsudoers.c:1321 msgid "" "\n" "Options:\n" @@ -658,43 +1108,30 @@ " -s, --suppress=oddíl potlačí výstup jistých oddílů\n" " -V, --version zobrazí údaje o verzi a skončí" -#: plugins/sudoers/cvtsudoers_json.c:684 plugins/sudoers/cvtsudoers_json.c:720 -#: plugins/sudoers/cvtsudoers_json.c:938 +#: plugins/sudoers/cvtsudoers_json.c:487 plugins/sudoers/cvtsudoers_json.c:521 +#: plugins/sudoers/cvtsudoers_json.c:709 #, c-format msgid "unknown defaults entry \"%s\"" msgstr "neznámá položka defaults „%s“" -#: plugins/sudoers/cvtsudoers_json.c:858 plugins/sudoers/cvtsudoers_json.c:873 -#: plugins/sudoers/cvtsudoers_ldif.c:308 plugins/sudoers/cvtsudoers_ldif.c:319 +#: plugins/sudoers/cvtsudoers_json.c:647 plugins/sudoers/cvtsudoers_json.c:660 +#: plugins/sudoers/cvtsudoers_ldif.c:348 plugins/sudoers/cvtsudoers_ldif.c:359 #: plugins/sudoers/ldap.c:482 msgid "unable to get GMT time" msgstr "nelze získat čas GMT" -#: plugins/sudoers/cvtsudoers_json.c:861 plugins/sudoers/cvtsudoers_json.c:876 -#: plugins/sudoers/cvtsudoers_ldif.c:311 plugins/sudoers/cvtsudoers_ldif.c:322 +#: plugins/sudoers/cvtsudoers_json.c:650 plugins/sudoers/cvtsudoers_json.c:663 +#: plugins/sudoers/cvtsudoers_ldif.c:351 plugins/sudoers/cvtsudoers_ldif.c:362 #: plugins/sudoers/ldap.c:488 msgid "unable to format timestamp" msgstr "nelze naformátovat časový údaj" -#: plugins/sudoers/cvtsudoers_ldif.c:526 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:337 plugins/sudoers/env.c:442 -#: plugins/sudoers/ldap.c:496 plugins/sudoers/ldap.c:727 -#: plugins/sudoers/ldap.c:1060 plugins/sudoers/ldap_conf.c:227 -#: plugins/sudoers/ldap_conf.c:317 plugins/sudoers/linux_audit.c:89 -#: plugins/sudoers/logging.c:1105 plugins/sudoers/policy.c:625 -#: plugins/sudoers/policy.c:635 plugins/sudoers/prompt.c:168 -#: plugins/sudoers/sudoers.c:852 plugins/sudoers/testsudoers.c:257 -#: plugins/sudoers/toke_util.c:161 -#, c-format -msgid "internal error, %s overflow" -msgstr "vnitřní chyba, přetečení %s" - -#: plugins/sudoers/cvtsudoers_ldif.c:595 +#: plugins/sudoers/cvtsudoers_ldif.c:635 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "příliš mnoho záznamů sudoers, maximum je %u" -#: plugins/sudoers/cvtsudoers_ldif.c:638 +#: plugins/sudoers/cvtsudoers_ldif.c:678 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "proměnná prostředí SUDOERS_BASE není nastavená a přepínač -b nebyl zadán." @@ -1103,8 +1540,8 @@ #: plugins/sudoers/def_data.c:406 #, c-format -msgid "Maximum I/O log sequence number: %u" -msgstr "Maximální pořadové číslo protokolu o vstupu/výstupu: %u" +msgid "Maximum I/O log sequence number: %s" +msgstr "Maximální pořadové číslo protokolu vstupu/výstupu: %s" #: plugins/sudoers/def_data.c:410 msgid "Enable sudoers netgroup support" @@ -1214,62 +1651,106 @@ msgid "Log when a command is denied by sudoers" msgstr "Zaznamenat do protokolu, když je příkaz zakázán v sudoers" -#: plugins/sudoers/defaults.c:231 +#: plugins/sudoers/def_data.c:510 +msgid "Sudo log server(s) to connect to with optional port" +msgstr "Protokolový server(y) suda, kam se připojit s volitelným portem" + +#: plugins/sudoers/def_data.c:514 +#, c-format +msgid "Sudo log server timeout in seconds: %u" +msgstr "Časový limit protokolového serveru suda v sekundách: %u" + +#: plugins/sudoers/def_data.c:518 +msgid "Enable SO_KEEPALIVE socket option on the socket connected to the logserver" +msgstr "Zapnout volbu socketu SO_KEEPALIVE na socketu připojeném k protokolovému serveru" + +#: plugins/sudoers/def_data.c:522 +#, c-format +msgid "Path to the audit server's CA bundle file: %s" +msgstr "Cesta k souboru se svazkem certifikátů autorit auditního serveru: %s" + +#: plugins/sudoers/def_data.c:526 +#, c-format +msgid "Path to the sudoers certificate file: %s" +msgstr "Cesta k souboru s certifikátem sudoers: %s" + +#: plugins/sudoers/def_data.c:530 +#, c-format +msgid "Path to the sudoers private key file: %s" +msgstr "Cesta k souboru se soukromým klíčem sudoers: %s" + +#: plugins/sudoers/def_data.c:534 +msgid "Allow the use of unknown runas user and/or group ID" +msgstr "Dovolit použití neznámých ID uživatelů a/nebo skupin u klíčového slova runas" + +#: plugins/sudoers/def_data.c:538 +msgid "Only permit running commands as a user with a valid shell" +msgstr "Pouze dovolit spuštění příkazů jako uživatel s platným shellem" + +#: plugins/sudoers/def_data.c:542 +msgid "Set the pam remote user to the user running sudo" +msgstr "Nastavit vzdáleného uživatele PAM na uživatele, který spustil sudo" + +#: plugins/sudoers/def_data.c:546 +msgid "Set the pam remote host to the local host name" +msgstr "Nastavit vzdálený stroj PAM na název tohoto stroje" + +#: plugins/sudoers/defaults.c:190 #, c-format msgid "%s:%d unknown defaults entry \"%s\"" msgstr "%s:%d neznámá položka defaults „%s“" -#: plugins/sudoers/defaults.c:234 +#: plugins/sudoers/defaults.c:193 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "%s: neznámá položka defaults „%s“" -#: plugins/sudoers/defaults.c:277 +#: plugins/sudoers/defaults.c:236 #, c-format msgid "%s:%d no value specified for \"%s\"" msgstr "%s:%d u „%s“ nebyla zadána žádná hodnota" -#: plugins/sudoers/defaults.c:280 +#: plugins/sudoers/defaults.c:239 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "%s: u „%s“ nebyla zadána žádná hodnota" -#: plugins/sudoers/defaults.c:300 +#: plugins/sudoers/defaults.c:259 #, c-format msgid "%s:%d values for \"%s\" must start with a '/'" msgstr "%s:%d hodnoty u „%s“ musí začínat na „/“" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:262 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s: hodnoty u „%s“ musí začínat na „/“" -#: plugins/sudoers/defaults.c:325 +#: plugins/sudoers/defaults.c:284 #, c-format msgid "%s:%d option \"%s\" does not take a value" msgstr "%s:%d volba „%s“ nebere hodnotu" -#: plugins/sudoers/defaults.c:328 +#: plugins/sudoers/defaults.c:287 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s: volba „%s“ nebere hodnotu" -#: plugins/sudoers/defaults.c:353 +#: plugins/sudoers/defaults.c:312 #, c-format msgid "%s:%d invalid Defaults type 0x%x for option \"%s\"" msgstr "%s:%d neplatný typ Defaults 0x%x u volby „%s“" -#: plugins/sudoers/defaults.c:356 +#: plugins/sudoers/defaults.c:315 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s: neplatný typ Defaults 0x%x u volby „%s“" -#: plugins/sudoers/defaults.c:366 +#: plugins/sudoers/defaults.c:325 #, c-format msgid "%s:%d value \"%s\" is invalid for option \"%s\"" msgstr "%s:%d hodnota „%s“ je pro volbu „%s“ neplatná" -#: plugins/sudoers/defaults.c:369 +#: plugins/sudoers/defaults.c:328 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s: hodnota „%s“ je pro volbu „%s“ neplatná" @@ -1278,11 +1759,11 @@ msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: poškozené pole envp, délka nesouhlasí" -#: plugins/sudoers/env.c:1132 +#: plugins/sudoers/env.c:1133 msgid "unable to rebuild the environment" msgstr "prostředí nelze znovu sestavit" -#: plugins/sudoers/env.c:1206 +#: plugins/sudoers/env.c:1207 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "je nám líto, ale nemáte dovoleno nastavovat následující proměnné prostředí: %s" @@ -1307,27 +1788,27 @@ msgid "%s: read error" msgstr "%s: chyba při čtení" -#: plugins/sudoers/group_plugin.c:90 +#: plugins/sudoers/group_plugin.c:91 #, c-format msgid "%s must be owned by uid %d" msgstr "%s musí být vlastněn UID %d" -#: plugins/sudoers/group_plugin.c:94 +#: plugins/sudoers/group_plugin.c:95 #, c-format msgid "%s must only be writable by owner" msgstr "%s smí být zapisovatelný jen pro vlastníka" -#: plugins/sudoers/group_plugin.c:102 plugins/sudoers/sssd.c:562 +#: plugins/sudoers/group_plugin.c:104 plugins/sudoers/sssd.c:562 #, c-format msgid "unable to load %s: %s" msgstr "nelze zavést %s: %s" -#: plugins/sudoers/group_plugin.c:108 +#: plugins/sudoers/group_plugin.c:110 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "v %s nelze nalézt symbol „group_plugin“" -#: plugins/sudoers/group_plugin.c:113 +#: plugins/sudoers/group_plugin.c:115 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: nekompatibilní hlavní verze modulu pro skupiny %d, očekávána %d" @@ -1346,87 +1827,143 @@ msgid "Local IP address and netmask pairs:\n" msgstr "Pár místní IP adresy a masky sítě:\n" -#: plugins/sudoers/iolog.c:117 plugins/sudoers/mkdir_parents.c:82 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s existuje, ale nejedná se o adresář (0%o)" - -#: plugins/sudoers/iolog.c:142 plugins/sudoers/iolog.c:182 -#: plugins/sudoers/mkdir_parents.c:71 plugins/sudoers/timestamp.c:212 -#, c-format -msgid "unable to mkdir %s" -msgstr "nelze vytvořit adresář %s" - -#: plugins/sudoers/iolog.c:186 plugins/sudoers/visudo.c:739 -#: plugins/sudoers/visudo.c:750 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "nelze změnit práva %s na 0%o" - -#: plugins/sudoers/iolog.c:294 plugins/sudoers/sudoers.c:1194 +#: plugins/sudoers/iolog.c:146 plugins/sudoers/sudoers.c:398 +#: plugins/sudoers/sudoers.c:400 plugins/sudoers/sudoers.c:1289 #: plugins/sudoers/testsudoers.c:424 #, c-format msgid "unknown group: %s" msgstr "neznámá skupina: %s" -#: plugins/sudoers/iolog.c:464 plugins/sudoers/sudoers.c:918 -#: plugins/sudoers/sudoreplay.c:846 plugins/sudoers/sudoreplay.c:1542 -#: plugins/sudoers/tsdump.c:145 +#: plugins/sudoers/iolog.c:505 plugins/sudoers/iolog.c:788 +#: plugins/sudoers/iolog.c:938 plugins/sudoers/iolog.c:945 +#: plugins/sudoers/iolog.c:1066 plugins/sudoers/iolog.c:1073 +#: plugins/sudoers/iolog.c:1172 plugins/sudoers/iolog.c:1179 #, c-format -msgid "unable to read %s" -msgstr "%s nelze číst" +msgid "unable to write to I/O log file: %s" +msgstr "nelze zapsat do souboru s I/O protokolem: %s" -#: plugins/sudoers/iolog.c:579 plugins/sudoers/iolog.c:801 -#, c-format -msgid "unable to create %s" -msgstr "%s nelze vytvořit" +#: plugins/sudoers/iolog.c:555 +msgid "unable to update sequence file" +msgstr "nelze aktualizovat soubor s pořadovým číslem" -#: plugins/sudoers/iolog.c:824 plugins/sudoers/iolog.c:1039 -#: plugins/sudoers/iolog.c:1115 plugins/sudoers/iolog.c:1209 -#: plugins/sudoers/iolog.c:1270 +#: plugins/sudoers/iolog.c:594 #, c-format -msgid "unable to write to I/O log file: %s" -msgstr "nelze zapsat do souboru s I/O protokolem: %s" +msgid "unable to create %s/%s" +msgstr "%s/%s nelze vytvořit" + +#: plugins/sudoers/iolog.c:622 +msgid "unable to connect to log server" +msgstr "k protokolovacímu serveru se nelze připojit" -#: plugins/sudoers/iolog.c:1073 +#: plugins/sudoers/iolog.c:830 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s: vnitřní chyba, soubor s I/O protokolem pro událost %d není otevřen" -#: plugins/sudoers/iolog.c:1233 +#: plugins/sudoers/iolog.c:923 plugins/sudoers/iolog.c:1051 +#: plugins/sudoers/iolog.c:1156 plugins/sudoers/timestamp.c:862 +#: plugins/sudoers/timestamp.c:954 plugins/sudoers/visudo.c:498 +#: plugins/sudoers/visudo.c:504 +msgid "unable to read the clock" +msgstr "nelze přečíst hodiny" + +#: plugins/sudoers/iolog.c:1148 plugins/sudoers/iolog_client.c:862 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "%s: vnitřní chyba, neplatný signál %d" -#: plugins/sudoers/iolog_util.c:90 +#: plugins/sudoers/iolog_client.c:297 #, c-format -msgid "%s: invalid log file" -msgstr "%s: neplatný soubor s protokolem" +msgid "Creation of new SSL_CTX object failed: %s" +msgstr "Vytvoření nového objektu SSL_CTX selhalo: %s" -#: plugins/sudoers/iolog_util.c:108 +#: plugins/sudoers/iolog_client.c:320 +msgid "CA bundle file is not set in sudoers" +msgstr "V sudoers není nastaven soubor se svazkem certifikátů autorit" + +#: plugins/sudoers/iolog_client.c:327 #, c-format -msgid "%s: time stamp field is missing" -msgstr "%s: chybí položka s časovým údajem" +msgid "Calling SSL_CTX_load_verify_locations() failed: %s" +msgstr "Volání SSL_CTX_load_verify_locations() selhalo: %s " -#: plugins/sudoers/iolog_util.c:114 +#: plugins/sudoers/iolog_client.c:339 +msgid "Signed certificate file is not set in sudoers" +msgstr "V sudoers není nastaven soubor s podepsaným certifikátem" + +#: plugins/sudoers/iolog_client.c:345 #, c-format -msgid "%s: time stamp %s: %s" -msgstr "%s: čas %s: %s" +msgid "Unable to load cert into the ssl context: %s" +msgstr "Do kontextu SSL nelze zavést certifikát: %s" -#: plugins/sudoers/iolog_util.c:121 +#: plugins/sudoers/iolog_client.c:356 #, c-format -msgid "%s: user field is missing" -msgstr "%s: chybí položka s uživatelem" +msgid "Unable to load private key into the ssl context: %s" +msgstr "Do kontextu SSL nelze zavést soukromý klíč: %s" -#: plugins/sudoers/iolog_util.c:130 +#: plugins/sudoers/iolog_client.c:363 #, c-format -msgid "%s: runas user field is missing" -msgstr "%s: chybí položka s runas uživatelem" +msgid "Unable to allocate ssl object: %s" +msgstr "Objekt SSL nelze alokovat: %s" -#: plugins/sudoers/iolog_util.c:139 +#: plugins/sudoers/iolog_client.c:369 #, c-format -msgid "%s: runas group field is missing" -msgstr "%s chybí položka s runas skupinou" +msgid "Unable to attach socket to the ssl object: %s" +msgstr "K objektu SSL nelze připojit socket: %s" + +#: plugins/sudoers/iolog_client.c:457 +#, c-format +msgid "SSL_connect failed: ssl_error=%d, stack=%s" +msgstr "Funkce SSL_connect selhala: chyba_SSL=%d, zásobník=%s" + +#: plugins/sudoers/iolog_client.c:599 +#, c-format +msgid "client message too large: %zu" +msgstr "zpráva od klienta je příliš velká: %zu" + +#: plugins/sudoers/iolog_client.c:656 plugins/sudoers/iolog_client.c:844 +msgid "unable to get time of day" +msgstr "nelze získat čas" + +#: plugins/sudoers/iolog_client.c:871 +#, c-format +msgid "%s: internal error, invalid exit status %d" +msgstr "%s: vnitřní chyba, neplatný návratový kód %d" + +#: plugins/sudoers/iolog_client.c:1104 +msgid "TLS initialization was unsuccessful" +msgstr "Inicializace TLS nebyla úspěšná" + +#: plugins/sudoers/iolog_client.c:1109 +msgid "TLS handshake was unsuccessful" +msgstr "Ustanovení spojení TLS nebylo úspěšné" + +#: plugins/sudoers/iolog_client.c:1361 +#, c-format +msgid "SSL_read failed: ssl_error=%d, stack=%s" +msgstr "Funkce SSL_read selhala: chyba_SSL=%d, zásobník=%s" + +#: plugins/sudoers/iolog_client.c:1384 +msgid "lost connection to log server" +msgstr "spojení k protokolovému serveru ztraceno" + +#: plugins/sudoers/iolog_client.c:1397 +#, c-format +msgid "server message too large: %u" +msgstr "správa od serveru je příliš velká: %u" + +#: plugins/sudoers/iolog_client.c:1461 +msgid "missing write buffer" +msgstr "chybí vyrovnávací paměť pro zápis" + +#: plugins/sudoers/iolog_client.c:1486 +#, c-format +msgid "SSL_write failed: ssl_error=%d, stack=%s" +msgstr "Funkce SSL_write selhala: chyba_SSL=%d, zásobník=%s" + +#: plugins/sudoers/iolog_client.c:1610 +#, c-format +msgid "unknown address family: %d" +msgstr "neznámá rodina síťových adres: %d" #: plugins/sudoers/ldap.c:178 plugins/sudoers/ldap_conf.c:296 msgid "starttls not supported when using ldaps" @@ -1451,7 +1988,7 @@ msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls uvedeno, ale knihovna LDAP nepodporuje ldap_start_tls_s_np() ani ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:734 +#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:747 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "neplatný atribut sudoOrder: %s" @@ -1469,7 +2006,7 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "nelze míchat URI ldap a ldaps" -#: plugins/sudoers/ldap_util.c:456 plugins/sudoers/ldap_util.c:458 +#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "nelze převést sudoOption: %s%s%s" @@ -1482,80 +2019,62 @@ msgid "unable to send audit message" msgstr "nelze odeslat auditní zprávu" -#: plugins/sudoers/logging.c:120 -#, c-format -msgid "%8s : %s" -msgstr "%8s : %s" - -#: plugins/sudoers/logging.c:148 -#, c-format -msgid "%8s : (command continued) %s" -msgstr "%8s : (příkaz pokračuje) %s" - -#: plugins/sudoers/logging.c:177 +#: plugins/sudoers/logging.c:175 #, c-format msgid "unable to open log file: %s" msgstr "nelze otevřít soubor protokolu: %s" -#: plugins/sudoers/logging.c:185 +#: plugins/sudoers/logging.c:183 #, c-format msgid "unable to lock log file: %s" msgstr "nelze zamknout soubor protokolu: %s" -#: plugins/sudoers/logging.c:218 +#: plugins/sudoers/logging.c:216 #, c-format msgid "unable to write log file: %s" msgstr "nelze zapsat soubor protokolu: %s" -#: plugins/sudoers/logging.c:248 -msgid "No user or host" -msgstr "Žádný uživatel nebo stroj" - -#: plugins/sudoers/logging.c:250 -msgid "validation failure" -msgstr "selhání ověření" - -#: plugins/sudoers/logging.c:261 +#: plugins/sudoers/logging.c:249 msgid "user NOT in sudoers" msgstr "uživatel NENÍ v sudoers" -#: plugins/sudoers/logging.c:263 +#: plugins/sudoers/logging.c:251 msgid "user NOT authorized on host" msgstr "uživatel NENÍ na stroji autorizován" -#: plugins/sudoers/logging.c:265 +#: plugins/sudoers/logging.c:253 msgid "command not allowed" msgstr "příkaz nedovolen" -#: plugins/sudoers/logging.c:301 +#: plugins/sudoers/logging.c:296 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s není v souboru sudoers. Tato událost bude ohlášena.\n" -#: plugins/sudoers/logging.c:304 +#: plugins/sudoers/logging.c:299 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s nemá dovoleno spouštět sudo na %s. Tato událost bude ohlášena.\n" -#: plugins/sudoers/logging.c:308 +#: plugins/sudoers/logging.c:303 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Je nám líto, uživatel %s nesmí spouštět sudo na %s.\n" -#: plugins/sudoers/logging.c:311 +#: plugins/sudoers/logging.c:306 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Je nám líto, uživatel %s nemá dovoleno spouštět „%s%s%s“ jako %s%s%s na %s.\n" -#: plugins/sudoers/logging.c:348 plugins/sudoers/sudoers.c:442 -#: plugins/sudoers/sudoers.c:444 plugins/sudoers/sudoers.c:446 -#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:603 -#: plugins/sudoers/sudoers.c:605 +#: plugins/sudoers/logging.c:343 plugins/sudoers/sudoers.c:518 +#: plugins/sudoers/sudoers.c:520 plugins/sudoers/sudoers.c:522 +#: plugins/sudoers/sudoers.c:524 plugins/sudoers/sudoers.c:675 +#: plugins/sudoers/sudoers.c:677 #, c-format msgid "%s: command not found" msgstr "%s: příkaz nenalezen" -#: plugins/sudoers/logging.c:350 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/logging.c:345 plugins/sudoers/sudoers.c:514 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -1564,15 +2083,15 @@ "ignoruje se „%s“ nalezený v „.“\n" "Použijte „sudo ./%s„, je-li toto „%s“', který chcete spustit." -#: plugins/sudoers/logging.c:367 +#: plugins/sudoers/logging.c:362 msgid "authentication failure" msgstr "selhání autentizace" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:388 msgid "a password is required" msgstr "je vyžadováno heslo" -#: plugins/sudoers/logging.c:463 +#: plugins/sudoers/logging.c:458 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" @@ -1580,37 +2099,31 @@ msgstr[1] "%u chybné pokusy zadat heslo" msgstr[2] "%u chybných pokusů zadat heslo" -#: plugins/sudoers/logging.c:728 +#: plugins/sudoers/logging.c:722 #, c-format msgid "unable to dup stdin: %m" msgstr "nelze zdvojit standardní vstup: %m" -#: plugins/sudoers/logging.c:768 +#: plugins/sudoers/logging.c:759 #, c-format msgid "unable to execute %s: %m" msgstr "nelze spustit %s: %m" -#: plugins/sudoers/logging.c:809 plugins/sudoers/logging.c:865 +#: plugins/sudoers/logging.c:800 plugins/sudoers/logging.c:856 #, c-format msgid "unable to fork: %m" msgstr "nelze vytvořit proces: %m" -#: plugins/sudoers/logging.c:855 +#: plugins/sudoers/logging.c:846 #, c-format msgid "unable to open pipe: %m" msgstr "nelze otevřít rouru: %m" -#: plugins/sudoers/match_digest.c:103 +#: plugins/sudoers/match_digest.c:123 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "součet pro %s (%s) nemá tvar %s" -#: plugins/sudoers/mkdir_parents.c:77 plugins/sudoers/sudoers.c:943 -#: plugins/sudoers/visudo.c:437 plugins/sudoers/visudo.c:733 -#, c-format -msgid "unable to stat %s" -msgstr "nelze zjistit údaje o %s" - #: plugins/sudoers/parse.c:449 #, c-format msgid "" @@ -1669,22 +2182,22 @@ msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Uživatel %s nemá dovoleno spustit sudo na %s.\n" -#: plugins/sudoers/parse_ldif.c:604 +#: plugins/sudoers/parse_ldif.c:617 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "neúplná definice sudoRole se ignoruje: cn: %s" -#: plugins/sudoers/parse_ldif.c:664 +#: plugins/sudoers/parse_ldif.c:677 #, c-format msgid "invalid LDIF attribute: %s" msgstr "neplatný atribut LDIF: %s" -#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:116 +#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:115 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "neplatné %.*s nenastaveno vnějším rozhraním sudo" -#: plugins/sudoers/policy.c:295 plugins/sudoers/testsudoers.c:280 +#: plugins/sudoers/policy.c:294 plugins/sudoers/testsudoers.c:280 msgid "unable to parse network address list" msgstr "nelze rozebrat seznam síťových adres" @@ -1704,23 +2217,23 @@ msgid "host name not set by sudo front-end" msgstr "název počítače nenastaven vnějším rozhraním sudo" -#: plugins/sudoers/policy.c:808 plugins/sudoers/visudo.c:236 +#: plugins/sudoers/policy.c:897 plugins/sudoers/visudo.c:236 #: plugins/sudoers/visudo.c:867 #, c-format msgid "unable to execute %s" msgstr "nelze vykonat %s" -#: plugins/sudoers/policy.c:939 +#: plugins/sudoers/policy.c:1055 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Verze modulu s politikami sudoers je %s\n" -#: plugins/sudoers/policy.c:941 +#: plugins/sudoers/policy.c:1057 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Verze gramatiky souboru sudoers je %d\n" -#: plugins/sudoers/policy.c:945 +#: plugins/sudoers/policy.c:1061 #, c-format msgid "" "\n" @@ -1729,22 +2242,22 @@ "\n" "Cesta sudoers: %s\n" -#: plugins/sudoers/policy.c:948 +#: plugins/sudoers/policy.c:1064 #, c-format msgid "nsswitch path: %s\n" msgstr "cesta k nsswitch: %s\n" -#: plugins/sudoers/policy.c:950 +#: plugins/sudoers/policy.c:1066 #, c-format msgid "ldap.conf path: %s\n" msgstr "cesta k ldap.conf: %s\n" -#: plugins/sudoers/policy.c:951 +#: plugins/sudoers/policy.c:1067 #, c-format msgid "ldap.secret path: %s\n" msgstr "cesta k ldap.secret: %s\n" -#: plugins/sudoers/policy.c:984 +#: plugins/sudoers/policy.c:1100 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "nelze zaregistrovat háček typu %d (verze %d.%d)" @@ -1813,48 +2326,48 @@ msgid "unable to parse gids for %s" msgstr "nelze rozebrat čísla GID pro %s" -#: plugins/sudoers/set_perms.c:120 plugins/sudoers/set_perms.c:478 -#: plugins/sudoers/set_perms.c:921 plugins/sudoers/set_perms.c:1254 -#: plugins/sudoers/set_perms.c:1573 +#: plugins/sudoers/set_perms.c:120 plugins/sudoers/set_perms.c:447 +#: plugins/sudoers/set_perms.c:850 plugins/sudoers/set_perms.c:1156 +#: plugins/sudoers/set_perms.c:1450 msgid "perm stack overflow" msgstr "přetečení zásobníku oprávnění" -#: plugins/sudoers/set_perms.c:128 plugins/sudoers/set_perms.c:409 -#: plugins/sudoers/set_perms.c:486 plugins/sudoers/set_perms.c:788 -#: plugins/sudoers/set_perms.c:929 plugins/sudoers/set_perms.c:1178 -#: plugins/sudoers/set_perms.c:1262 plugins/sudoers/set_perms.c:1506 -#: plugins/sudoers/set_perms.c:1581 plugins/sudoers/set_perms.c:1672 +#: plugins/sudoers/set_perms.c:128 plugins/sudoers/set_perms.c:378 +#: plugins/sudoers/set_perms.c:455 plugins/sudoers/set_perms.c:717 +#: plugins/sudoers/set_perms.c:858 plugins/sudoers/set_perms.c:1080 +#: plugins/sudoers/set_perms.c:1164 plugins/sudoers/set_perms.c:1383 +#: plugins/sudoers/set_perms.c:1458 plugins/sudoers/set_perms.c:1548 msgid "perm stack underflow" msgstr "podtečení zásobníku oprávnění" -#: plugins/sudoers/set_perms.c:187 plugins/sudoers/set_perms.c:532 -#: plugins/sudoers/set_perms.c:1315 plugins/sudoers/set_perms.c:1614 +#: plugins/sudoers/set_perms.c:187 plugins/sudoers/set_perms.c:501 +#: plugins/sudoers/set_perms.c:1217 plugins/sudoers/set_perms.c:1491 msgid "unable to change to root gid" msgstr "nelze přepnout GID na root" -#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:629 -#: plugins/sudoers/set_perms.c:1060 plugins/sudoers/set_perms.c:1392 +#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:598 +#: plugins/sudoers/set_perms.c:989 plugins/sudoers/set_perms.c:1294 msgid "unable to change to runas gid" msgstr "nelze přepnout na běhové GID" -#: plugins/sudoers/set_perms.c:283 plugins/sudoers/set_perms.c:634 -#: plugins/sudoers/set_perms.c:1065 plugins/sudoers/set_perms.c:1397 +#: plugins/sudoers/set_perms.c:283 plugins/sudoers/set_perms.c:603 +#: plugins/sudoers/set_perms.c:994 plugins/sudoers/set_perms.c:1299 msgid "unable to set runas group vector" msgstr "nelze nastavit vektor běhových skupin" -#: plugins/sudoers/set_perms.c:294 plugins/sudoers/set_perms.c:645 -#: plugins/sudoers/set_perms.c:1074 plugins/sudoers/set_perms.c:1406 +#: plugins/sudoers/set_perms.c:294 plugins/sudoers/set_perms.c:614 +#: plugins/sudoers/set_perms.c:1003 plugins/sudoers/set_perms.c:1308 msgid "unable to change to runas uid" msgstr "nelze přepnout na běhové UID" -#: plugins/sudoers/set_perms.c:312 plugins/sudoers/set_perms.c:663 -#: plugins/sudoers/set_perms.c:1090 plugins/sudoers/set_perms.c:1422 +#: plugins/sudoers/set_perms.c:312 plugins/sudoers/set_perms.c:632 +#: plugins/sudoers/set_perms.c:1019 plugins/sudoers/set_perms.c:1324 msgid "unable to change to sudoers gid" msgstr "nelze přepnout na GID sudoers" -#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 -#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 -#: plugins/sudoers/set_perms.c:1659 +#: plugins/sudoers/set_perms.c:365 plugins/sudoers/set_perms.c:704 +#: plugins/sudoers/set_perms.c:1067 plugins/sudoers/set_perms.c:1370 +#: plugins/sudoers/set_perms.c:1535 msgid "too many processes" msgstr "příliš mnoho procesů" @@ -1887,209 +2400,228 @@ msgid "unable to find symbol \"%s\" in %s" msgstr "nelze nalézt symbol „%s“ v %s" -#: plugins/sudoers/sudoers.c:212 plugins/sudoers/sudoers.c:871 +#: plugins/sudoers/sudoers.c:221 plugins/sudoers/sudoers.c:958 msgid "problem with defaults entries" msgstr "problém s položkami defaults" -#: plugins/sudoers/sudoers.c:216 +#: plugins/sudoers/sudoers.c:225 msgid "no valid sudoers sources found, quitting" msgstr "nenalezeny žádné platné zdroje sudoers, končí se" -#: plugins/sudoers/sudoers.c:254 +#: plugins/sudoers/sudoers.c:301 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers udává, že root nemá dovoleno použít sudo" -#: plugins/sudoers/sudoers.c:312 +#: plugins/sudoers/sudoers.c:361 +msgid "user not allowed to override closefrom limit" +msgstr "uživatel nemá dovoleno přebít omezení „closefrom“" + +#: plugins/sudoers/sudoers.c:362 msgid "you are not permitted to use the -C option" msgstr "nemáte dovoleno použít přepínač -C" -#: plugins/sudoers/sudoers.c:359 +#: plugins/sudoers/sudoers.c:426 #, c-format msgid "timestamp owner (%s): No such user" msgstr "vlastník časového údaje (%s): Takový uživatel neexistuje" -#: plugins/sudoers/sudoers.c:374 +#: plugins/sudoers/sudoers.c:441 msgid "no tty" msgstr "žádné TTY" -#: plugins/sudoers/sudoers.c:375 +#: plugins/sudoers/sudoers.c:442 msgid "sorry, you must have a tty to run sudo" msgstr "je nám líto, ale pro spuštění sudo musíte mít TTY" -#: plugins/sudoers/sudoers.c:437 +#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:450 +#, c-format +msgid "invalid shell for user %s: %s" +msgstr "neplatný shell pro uživatele %s: %s" + +#: plugins/sudoers/sudoers.c:513 msgid "command in current directory" msgstr "příkaz v aktuálním adresáři" -#: plugins/sudoers/sudoers.c:456 +#: plugins/sudoers/sudoers.c:532 +msgid "user not allowed to set a command timeout" +msgstr "uživatel nemá dovoleno nastavit časový limit příkazu" + +#: plugins/sudoers/sudoers.c:533 msgid "sorry, you are not allowed set a command timeout" msgstr "je nám líto, ale nastavit časový limit nemáte dovoleno" -#: plugins/sudoers/sudoers.c:464 +#: plugins/sudoers/sudoers.c:541 +msgid "user not allowed to set a preserve the environment" +msgstr "uživatel nemá dovoleno zachovat prostředí" + +#: plugins/sudoers/sudoers.c:542 msgid "sorry, you are not allowed to preserve the environment" msgstr "je nám líto, ale zachovat prostředí nemáte dovoleno" -#: plugins/sudoers/sudoers.c:815 +#: plugins/sudoers/sudoers.c:893 msgid "command too long" msgstr "příkaz je příliš dlouhý" -#: plugins/sudoers/sudoers.c:947 +#: plugins/sudoers/sudoers.c:951 +msgid "sudoedit doesn't need to be run via sudo" +msgstr "sudoedit není nutné spouštět přes sudo" + +#: plugins/sudoers/sudoers.c:1005 plugins/sudoers/sudoreplay.c:1502 +#: plugins/sudoers/tsdump.c:145 +#, c-format +msgid "unable to read %s" +msgstr "%s nelze číst" + +#: plugins/sudoers/sudoers.c:1030 plugins/sudoers/visudo.c:437 +#: plugins/sudoers/visudo.c:733 +#, c-format +msgid "unable to stat %s" +msgstr "nelze zjistit údaje o %s" + +#: plugins/sudoers/sudoers.c:1034 #, c-format msgid "%s is not a regular file" msgstr "%s není běžný soubor" -#: plugins/sudoers/sudoers.c:951 plugins/sudoers/timestamp.c:259 toke.l:967 +#: plugins/sudoers/sudoers.c:1038 plugins/sudoers/timestamp.c:259 toke.l:967 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s je vlastněn UID %u, měl by být vlastněn %u" -#: plugins/sudoers/sudoers.c:955 toke.l:972 +#: plugins/sudoers/sudoers.c:1042 toke.l:972 #, c-format msgid "%s is world writable" msgstr "%s je zapisovatelný pro všechny" -#: plugins/sudoers/sudoers.c:959 toke.l:975 +#: plugins/sudoers/sudoers.c:1046 toke.l:975 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s je vlastněn GID %u, mělo by být %u" -#: plugins/sudoers/sudoers.c:992 +#: plugins/sudoers/sudoers.c:1079 #, c-format msgid "only root can use \"-c %s\"" msgstr "pouze root může použít „-c %s“" -#: plugins/sudoers/sudoers.c:1011 +#: plugins/sudoers/sudoers.c:1098 #, c-format msgid "unknown login class: %s" msgstr "neznáma přihlašovací třída: %s" -#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoers.c:1110 +#: plugins/sudoers/sudoers.c:1183 plugins/sudoers/sudoers.c:1198 #, c-format msgid "unable to resolve host %s" msgstr "nelze přeložit název stroje %s" -#: plugins/sudoers/sudoreplay.c:250 +#: plugins/sudoers/sudoreplay.c:263 #, c-format msgid "invalid filter option: %s" msgstr "neplatná volba filtru: %s" -#: plugins/sudoers/sudoreplay.c:263 +#: plugins/sudoers/sudoreplay.c:276 #, c-format msgid "invalid max wait: %s" msgstr "neplatná maximální doba čekání: %s" -#: plugins/sudoers/sudoreplay.c:286 +#: plugins/sudoers/sudoreplay.c:299 #, c-format msgid "invalid speed factor: %s" msgstr "neplatný násobek rychlosti: %s" -#: plugins/sudoers/sudoreplay.c:321 +#: plugins/sudoers/sudoreplay.c:335 #, c-format -msgid "%s/%.2s/%.2s/%.2s/timing: %s" -msgstr "%s/%.2s/%.2s/%.2s/časování: %s" +msgid "%s/%.2s/%.2s/%.2s: %s" +msgstr "%s/%.2s/%.2s/%.2s: %s" -#: plugins/sudoers/sudoreplay.c:326 +#: plugins/sudoers/sudoreplay.c:340 #, c-format msgid "%s/timing: %s" msgstr "%s/časování: %s" -#: plugins/sudoers/sudoreplay.c:330 +#: plugins/sudoers/sudoreplay.c:344 #, c-format -msgid "%s/%s/timing: %s" -msgstr "%s/%s/časování: %s" +msgid "%s/%s: %s" +msgstr "%s/%s: %s" -#: plugins/sudoers/sudoreplay.c:346 +#: plugins/sudoers/sudoreplay.c:372 #, c-format msgid "Replaying sudo session: %s" msgstr "Přehrává se relace sudo: %s" -#: plugins/sudoers/sudoreplay.c:544 plugins/sudoers/sudoreplay.c:591 -#: plugins/sudoers/sudoreplay.c:789 plugins/sudoers/sudoreplay.c:898 -#: plugins/sudoers/sudoreplay.c:983 plugins/sudoers/sudoreplay.c:998 -#: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/sudoreplay.c:1012 -#: plugins/sudoers/sudoreplay.c:1019 plugins/sudoers/sudoreplay.c:1026 -#: plugins/sudoers/sudoreplay.c:1174 -msgid "unable to add event to queue" -msgstr "událost nelze přidat do fronty" - -#: plugins/sudoers/sudoreplay.c:659 +#: plugins/sudoers/sudoreplay.c:634 msgid "unable to set tty to raw mode" msgstr "TTY nelze nastavit do přímého režimu" -#: plugins/sudoers/sudoreplay.c:710 +#: plugins/sudoers/sudoreplay.c:685 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Pozor: váš terminál je příliš malý pro správné zobrazení záznamu.\n" -#: plugins/sudoers/sudoreplay.c:711 +#: plugins/sudoers/sudoreplay.c:686 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Rozměry záznamu jsou %d × %d, váš terminál má rozměry %d × %d." -#: plugins/sudoers/sudoreplay.c:739 +#: plugins/sudoers/sudoreplay.c:714 msgid "Replay finished, press any key to restore the terminal." msgstr "Přehrávání skončilo, pro obnovení terminálu stiskněte libovolnou klávesu." -#: plugins/sudoers/sudoreplay.c:772 -#, c-format -msgid "invalid timing file line: %s" -msgstr "neplatný řádek s časovacím souborem: %s" - -#: plugins/sudoers/sudoreplay.c:1208 plugins/sudoers/sudoreplay.c:1233 +#: plugins/sudoers/sudoreplay.c:1161 plugins/sudoers/sudoreplay.c:1186 #, c-format msgid "ambiguous expression \"%s\"" msgstr "nejednoznačný výraz „%s“" -#: plugins/sudoers/sudoreplay.c:1255 +#: plugins/sudoers/sudoreplay.c:1208 msgid "unmatched ')' in expression" msgstr "ve výrazu neodpovídá „)“" -#: plugins/sudoers/sudoreplay.c:1259 +#: plugins/sudoers/sudoreplay.c:1212 #, c-format msgid "unknown search term \"%s\"" msgstr "neznámý vyhledávací výraz „%s“" -#: plugins/sudoers/sudoreplay.c:1274 +#: plugins/sudoers/sudoreplay.c:1227 #, c-format msgid "%s requires an argument" msgstr "%s vyžaduje argument" -#: plugins/sudoers/sudoreplay.c:1277 plugins/sudoers/sudoreplay.c:1518 +#: plugins/sudoers/sudoreplay.c:1230 plugins/sudoers/sudoreplay.c:1478 #, c-format msgid "invalid regular expression: %s" msgstr "neplatný regulární výraz: %s" -#: plugins/sudoers/sudoreplay.c:1281 +#: plugins/sudoers/sudoreplay.c:1234 #, c-format msgid "could not parse date \"%s\"" msgstr "datum „%s“ se nepodařilo rozebrat" -#: plugins/sudoers/sudoreplay.c:1290 +#: plugins/sudoers/sudoreplay.c:1243 msgid "unmatched '(' in expression" msgstr "ve výrazu neodpovídá „(“" -#: plugins/sudoers/sudoreplay.c:1292 +#: plugins/sudoers/sudoreplay.c:1245 msgid "illegal trailing \"or\"" msgstr "zakázané zakončení „or“" -#: plugins/sudoers/sudoreplay.c:1294 +#: plugins/sudoers/sudoreplay.c:1247 msgid "illegal trailing \"!\"" msgstr "zakázané zakončení „!“" -#: plugins/sudoers/sudoreplay.c:1344 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "unknown search type %d" msgstr "neznámý vyhledávácí typ %d" -#: plugins/sudoers/sudoreplay.c:1611 +#: plugins/sudoers/sudoreplay.c:1569 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "použití: %s [-hnRS] [-d adresář] [-m číslo] [-s číslo] ID\n" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1572 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "použití: %s [-h] [-d adresář] -l [vyhledávací_výraz]\n" -#: plugins/sudoers/sudoreplay.c:1623 +#: plugins/sudoers/sudoreplay.c:1581 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2098,7 +2630,7 @@ "%s – přehraje záznam relace sudo\n" "\n" -#: plugins/sudoers/sudoreplay.c:1625 +#: plugins/sudoers/sudoreplay.c:1583 msgid "" "\n" "Options:\n" @@ -2162,36 +2694,35 @@ msgstr "%s je zapisovatelný pro skupinu" # TODO: pluralize -#: plugins/sudoers/timestamp.c:343 +#: plugins/sudoers/timestamp.c:343 plugins/sudoers/timestamp.c:687 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "nelze zkrátit soubor s časovými údaji na %lld bajtů" -#: plugins/sudoers/timestamp.c:829 plugins/sudoers/timestamp.c:921 -#: plugins/sudoers/visudo.c:498 plugins/sudoers/visudo.c:504 -msgid "unable to read the clock" -msgstr "nelze přečíst hodiny" - -#: plugins/sudoers/timestamp.c:840 +#: plugins/sudoers/timestamp.c:873 msgid "ignoring time stamp from the future" msgstr "časový údaj z budoucnosti se ignoruje" -#: plugins/sudoers/timestamp.c:863 +#: plugins/sudoers/timestamp.c:896 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "časový údaj ukazuje příliš do budoucna: %20.20s" # TODO: pluralize -#: plugins/sudoers/timestamp.c:985 +#: plugins/sudoers/timestamp.c:1018 #, c-format msgid "unable to lock time stamp file %s" msgstr "soubor s časovými údaji %s nelze zamknout" -#: plugins/sudoers/timestamp.c:1029 plugins/sudoers/timestamp.c:1049 +#: plugins/sudoers/timestamp.c:1062 plugins/sudoers/timestamp.c:1082 #, c-format msgid "lecture status path too long: %s/%s" msgstr "cesta ke stavům lekce je příliš dlouhý: %s/%s" +#: plugins/sudoers/toke_util.c:132 +msgid "sudoedit should not be specified with a path" +msgstr "sudoedit by neměl být uveden s cestou" + #: plugins/sudoers/visudo.c:232 msgid "the -x option will be removed in a future release" msgstr "přepínač -x bude v příštím vydání odstraněn" @@ -2384,6 +2915,15 @@ msgid "too many levels of includes" msgstr "příliš mnoho úrovní zanoření" +#~ msgid "No user or host" +#~ msgstr "Žádný uživatel nebo stroj" + +#~ msgid "validation failure" +#~ msgstr "selhání ověření" + +#~ msgid "%s/%s/timing: %s" +#~ msgstr "%s/%s/časování: %s" + #~ msgid "ignoring invalid attribute value: %s" #~ msgstr "neplatná hodnota hodnota atributu se ignoruje: %s" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/plugins/sudoers/po/de.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/plugins/sudoers/po/de.mo differ diff -Nru sudo-1.8.31/plugins/sudoers/po/de.po sudo-1.9.0/plugins/sudoers/po/de.po --- sudo-1.8.31/plugins/sudoers/po/de.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/po/de.po 2020-05-11 16:28:23.000000000 +0000 @@ -3,21 +3,22 @@ # Todd C. Miller , 2011-2013 # Hendrik Knackstedt , 2013 # Mario Blättermann , 2015. -# Jochen Hein , 2001-2019. +# Jochen Hein , 2001-2020. msgid "" msgstr "" -"Project-Id-Version: sudoers 1.8.29rc1\n" +"Project-Id-Version: sudoers 1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-11-22 20:06+0100\n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-03-17 19:58+0100\n" "Last-Translator: Jochen Hein \n" "Language-Team: German \n" -"Language: German\n" +"Language: de\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Poedit 2.3\n" #: confstr.sh:1 msgid "syntax error" @@ -43,70 +44,75 @@ msgid "Sorry, try again." msgstr "Das hat nicht funktioniert, bitte nochmal probieren." -#: gram.y:196 gram.y:244 gram.y:251 gram.y:258 gram.y:265 gram.y:272 -#: gram.y:288 gram.y:312 gram.y:319 gram.y:326 gram.y:333 gram.y:340 -#: gram.y:403 gram.y:412 gram.y:423 gram.y:456 gram.y:463 gram.y:470 -#: gram.y:477 gram.y:559 gram.y:566 gram.y:575 gram.y:584 gram.y:601 -#: gram.y:713 gram.y:720 gram.y:727 gram.y:735 gram.y:835 gram.y:842 -#: gram.y:849 gram.y:856 gram.y:863 gram.y:889 gram.y:896 gram.y:903 -#: gram.y:1026 gram.y:1303 plugins/sudoers/alias.c:132 -#: plugins/sudoers/alias.c:139 plugins/sudoers/alias.c:155 -#: plugins/sudoers/auth/bsdauth.c:148 plugins/sudoers/auth/kerb5.c:123 -#: plugins/sudoers/auth/kerb5.c:149 plugins/sudoers/auth/pam.c:670 -#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/auth/sia.c:64 -#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:165 -#: plugins/sudoers/cvtsudoers.c:182 plugins/sudoers/cvtsudoers.c:193 -#: plugins/sudoers/cvtsudoers.c:305 plugins/sudoers/cvtsudoers.c:433 -#: plugins/sudoers/cvtsudoers.c:566 plugins/sudoers/cvtsudoers.c:583 -#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 -#: plugins/sudoers/cvtsudoers.c:769 plugins/sudoers/cvtsudoers.c:1179 -#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1285 +#: gram.y:198 gram.y:246 gram.y:253 gram.y:260 gram.y:267 gram.y:274 +#: gram.y:290 gram.y:314 gram.y:321 gram.y:328 gram.y:335 gram.y:342 +#: gram.y:405 gram.y:414 gram.y:425 gram.y:458 gram.y:465 gram.y:472 +#: gram.y:479 gram.y:506 gram.y:578 gram.y:585 gram.y:594 gram.y:603 +#: gram.y:620 gram.y:732 gram.y:739 gram.y:747 gram.y:753 gram.y:853 +#: gram.y:860 gram.y:867 gram.y:874 gram.y:881 gram.y:907 gram.y:914 +#: gram.y:921 gram.y:1063 gram.y:1342 lib/iolog/iolog_util.c:79 +#: lib/iolog/iolog_util.c:118 lib/iolog/iolog_util.c:127 +#: lib/iolog/iolog_util.c:137 lib/iolog/iolog_util.c:145 +#: lib/iolog/iolog_util.c:149 logsrvd/eventlog.c:223 logsrvd/sendlog.c:286 +#: plugins/sudoers/alias.c:132 plugins/sudoers/alias.c:139 +#: plugins/sudoers/alias.c:155 plugins/sudoers/auth/bsdauth.c:148 +#: plugins/sudoers/auth/kerb5.c:123 plugins/sudoers/auth/kerb5.c:149 +#: plugins/sudoers/auth/pam.c:673 plugins/sudoers/auth/rfc1938.c:116 +#: plugins/sudoers/auth/sia.c:64 plugins/sudoers/cvtsudoers.c:124 +#: plugins/sudoers/cvtsudoers.c:165 plugins/sudoers/cvtsudoers.c:182 +#: plugins/sudoers/cvtsudoers.c:193 plugins/sudoers/cvtsudoers.c:305 +#: plugins/sudoers/cvtsudoers.c:433 plugins/sudoers/cvtsudoers.c:566 +#: plugins/sudoers/cvtsudoers.c:583 plugins/sudoers/cvtsudoers.c:646 +#: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:769 +#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1187 +#: plugins/sudoers/cvtsudoers.c:1289 plugins/sudoers/cvtsudoers_json.c:83 #: plugins/sudoers/cvtsudoers_ldif.c:154 plugins/sudoers/cvtsudoers_ldif.c:197 -#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:263 -#: plugins/sudoers/cvtsudoers_ldif.c:334 plugins/sudoers/cvtsudoers_ldif.c:389 -#: plugins/sudoers/cvtsudoers_ldif.c:397 plugins/sudoers/cvtsudoers_ldif.c:414 -#: plugins/sudoers/cvtsudoers_ldif.c:423 plugins/sudoers/cvtsudoers_ldif.c:570 -#: plugins/sudoers/defaults.c:666 plugins/sudoers/defaults.c:959 -#: plugins/sudoers/defaults.c:1130 plugins/sudoers/editor.c:72 +#: plugins/sudoers/cvtsudoers_ldif.c:238 plugins/sudoers/cvtsudoers_ldif.c:303 +#: plugins/sudoers/cvtsudoers_ldif.c:374 plugins/sudoers/cvtsudoers_ldif.c:429 +#: plugins/sudoers/cvtsudoers_ldif.c:437 plugins/sudoers/cvtsudoers_ldif.c:454 +#: plugins/sudoers/cvtsudoers_ldif.c:463 plugins/sudoers/cvtsudoers_ldif.c:610 +#: plugins/sudoers/defaults.c:632 plugins/sudoers/defaults.c:925 +#: plugins/sudoers/defaults.c:1058 plugins/sudoers/editor.c:72 #: plugins/sudoers/editor.c:90 plugins/sudoers/editor.c:101 #: plugins/sudoers/env.c:268 plugins/sudoers/filedigest.c:66 #: plugins/sudoers/filedigest.c:82 plugins/sudoers/gc.c:59 -#: plugins/sudoers/group_plugin.c:138 plugins/sudoers/interfaces.c:78 -#: plugins/sudoers/iolog.c:943 plugins/sudoers/iolog_path.c:174 -#: plugins/sudoers/iolog_util.c:86 plugins/sudoers/iolog_util.c:125 -#: plugins/sudoers/iolog_util.c:134 plugins/sudoers/iolog_util.c:144 -#: plugins/sudoers/iolog_util.c:152 plugins/sudoers/iolog_util.c:156 -#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416 -#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887 -#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668 -#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786 -#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022 -#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223 -#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306 -#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446 -#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558 -#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:683 -#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:510 -#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/linux_audit.c:83 -#: plugins/sudoers/logging.c:202 plugins/sudoers/logging.c:532 -#: plugins/sudoers/logging.c:558 plugins/sudoers/logging.c:599 -#: plugins/sudoers/logging.c:740 plugins/sudoers/logging.c:1100 -#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:367 -#: plugins/sudoers/match_command.c:414 plugins/sudoers/match_command.c:485 -#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:200 +#: plugins/sudoers/group_plugin.c:141 plugins/sudoers/interfaces.c:78 +#: plugins/sudoers/iolog.c:476 plugins/sudoers/iolog_client.c:107 +#: plugins/sudoers/iolog_client.c:485 plugins/sudoers/iolog_client.c:593 +#: plugins/sudoers/iolog_client.c:611 plugins/sudoers/iolog_client.c:1053 +#: plugins/sudoers/iolog_client.c:1283 plugins/sudoers/iolog_client.c:1619 +#: plugins/sudoers/iolog_client.c:1647 plugins/sudoers/ldap.c:185 +#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723 +#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241 +#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705 +#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921 +#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038 +#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254 +#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342 +#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461 +#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591 +#: plugins/sudoers/ldap_conf.c:683 plugins/sudoers/ldap_conf.c:765 +#: plugins/sudoers/ldap_util.c:331 plugins/sudoers/ldap_util.c:338 +#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:83 +#: plugins/sudoers/logging.c:200 plugins/sudoers/logging.c:527 +#: plugins/sudoers/logging.c:553 plugins/sudoers/logging.c:594 +#: plugins/sudoers/logging.c:731 plugins/sudoers/logging.c:1091 +#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:397 +#: plugins/sudoers/match_command.c:444 plugins/sudoers/match_command.c:515 +#: plugins/sudoers/match_digest.c:87 plugins/sudoers/parse.c:200 #: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:227 #: plugins/sudoers/parse.c:239 plugins/sudoers/parse_ldif.c:156 #: plugins/sudoers/parse_ldif.c:187 plugins/sudoers/parse_ldif.c:256 #: plugins/sudoers/parse_ldif.c:263 plugins/sudoers/parse_ldif.c:268 #: plugins/sudoers/parse_ldif.c:344 plugins/sudoers/parse_ldif.c:355 -#: plugins/sudoers/parse_ldif.c:361 plugins/sudoers/parse_ldif.c:386 -#: plugins/sudoers/parse_ldif.c:398 plugins/sudoers/parse_ldif.c:402 -#: plugins/sudoers/parse_ldif.c:416 plugins/sudoers/parse_ldif.c:584 -#: plugins/sudoers/parse_ldif.c:614 plugins/sudoers/parse_ldif.c:639 -#: plugins/sudoers/parse_ldif.c:697 plugins/sudoers/parse_ldif.c:714 -#: plugins/sudoers/parse_ldif.c:742 plugins/sudoers/parse_ldif.c:749 -#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:750 +#: plugins/sudoers/parse_ldif.c:382 plugins/sudoers/parse_ldif.c:399 +#: plugins/sudoers/parse_ldif.c:411 plugins/sudoers/parse_ldif.c:415 +#: plugins/sudoers/parse_ldif.c:429 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:627 plugins/sudoers/parse_ldif.c:652 +#: plugins/sudoers/parse_ldif.c:710 plugins/sudoers/parse_ldif.c:727 +#: plugins/sudoers/parse_ldif.c:755 plugins/sudoers/parse_ldif.c:762 +#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:830 #: plugins/sudoers/prompt.c:100 plugins/sudoers/pwutil.c:199 #: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 #: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:586 @@ -116,19 +122,19 @@ #: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 #: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 #: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 -#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 -#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 -#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 -#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 -#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:114 -#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 -#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 -#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 -#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 -#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 -#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:331 plugins/sudoers/sudoers.c:341 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:735 +#: plugins/sudoers/sudoers.c:864 plugins/sudoers/sudoers.c:909 +#: plugins/sudoers/sudoers.c:1213 plugins/sudoers/sudoreplay.c:559 +#: plugins/sudoers/sudoreplay.c:562 plugins/sudoers/sudoreplay.c:1218 +#: plugins/sudoers/sudoreplay.c:1425 plugins/sudoers/sudoreplay.c:1429 +#: plugins/sudoers/testsudoers.c:136 plugins/sudoers/testsudoers.c:236 +#: plugins/sudoers/testsudoers.c:253 plugins/sudoers/testsudoers.c:587 +#: plugins/sudoers/timestamp.c:439 plugins/sudoers/timestamp.c:483 +#: plugins/sudoers/timestamp.c:993 plugins/sudoers/toke_util.c:59 +#: plugins/sudoers/toke_util.c:112 plugins/sudoers/toke_util.c:137 +#: plugins/sudoers/toke_util.c:165 plugins/sudoers/tsdump.c:130 #: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 #: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 #: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 @@ -137,111 +143,116 @@ msgid "unable to allocate memory" msgstr "Es kann kein Speicher mehr alloziert werden" -#: gram.y:488 +#: gram.y:500 msgid "a digest requires a path name" msgstr "Eine Prüfsumme erfordert einen Pfadnamen" -#: gram.y:614 +#: gram.y:633 msgid "invalid notbefore value" msgstr "ungültiger Wert für »notbefore«" -#: gram.y:622 +#: gram.y:641 msgid "invalid notafter value" msgstr "ungültiger Wert für »notafter«" -#: gram.y:631 plugins/sudoers/policy.c:320 +#: gram.y:650 plugins/sudoers/policy.c:319 msgid "timeout value too large" msgstr "Wert für Timeout ist zu groß" -#: gram.y:633 plugins/sudoers/policy.c:322 +#: gram.y:652 plugins/sudoers/policy.c:321 msgid "invalid timeout value" msgstr "ungültiger Wert für Timeout" -#: gram.y:1303 plugins/sudoers/auth/pam.c:483 plugins/sudoers/auth/pam.c:670 -#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/cvtsudoers.c:124 -#: plugins/sudoers/cvtsudoers.c:164 plugins/sudoers/cvtsudoers.c:181 -#: plugins/sudoers/cvtsudoers.c:192 plugins/sudoers/cvtsudoers.c:304 -#: plugins/sudoers/cvtsudoers.c:432 plugins/sudoers/cvtsudoers.c:565 -#: plugins/sudoers/cvtsudoers.c:582 plugins/sudoers/cvtsudoers.c:646 -#: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:768 -#: plugins/sudoers/cvtsudoers.c:1179 plugins/sudoers/cvtsudoers.c:1183 -#: plugins/sudoers/cvtsudoers.c:1285 plugins/sudoers/cvtsudoers_ldif.c:153 -#: plugins/sudoers/cvtsudoers_ldif.c:196 plugins/sudoers/cvtsudoers_ldif.c:243 -#: plugins/sudoers/cvtsudoers_ldif.c:262 plugins/sudoers/cvtsudoers_ldif.c:333 -#: plugins/sudoers/cvtsudoers_ldif.c:388 plugins/sudoers/cvtsudoers_ldif.c:396 -#: plugins/sudoers/cvtsudoers_ldif.c:413 plugins/sudoers/cvtsudoers_ldif.c:422 -#: plugins/sudoers/cvtsudoers_ldif.c:569 plugins/sudoers/defaults.c:666 -#: plugins/sudoers/defaults.c:959 plugins/sudoers/defaults.c:1130 +#: gram.y:1342 lib/iolog/iolog_util.c:79 lib/iolog/iolog_util.c:118 +#: lib/iolog/iolog_util.c:127 lib/iolog/iolog_util.c:137 +#: lib/iolog/iolog_util.c:145 lib/iolog/iolog_util.c:149 +#: logsrvd/eventlog.c:223 plugins/sudoers/auth/pam.c:486 +#: plugins/sudoers/auth/pam.c:673 plugins/sudoers/auth/rfc1938.c:116 +#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:164 +#: plugins/sudoers/cvtsudoers.c:181 plugins/sudoers/cvtsudoers.c:192 +#: plugins/sudoers/cvtsudoers.c:304 plugins/sudoers/cvtsudoers.c:432 +#: plugins/sudoers/cvtsudoers.c:565 plugins/sudoers/cvtsudoers.c:582 +#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 +#: plugins/sudoers/cvtsudoers.c:768 plugins/sudoers/cvtsudoers.c:1183 +#: plugins/sudoers/cvtsudoers.c:1187 plugins/sudoers/cvtsudoers.c:1289 +#: plugins/sudoers/cvtsudoers_json.c:82 plugins/sudoers/cvtsudoers_ldif.c:153 +#: plugins/sudoers/cvtsudoers_ldif.c:196 plugins/sudoers/cvtsudoers_ldif.c:237 +#: plugins/sudoers/cvtsudoers_ldif.c:302 plugins/sudoers/cvtsudoers_ldif.c:373 +#: plugins/sudoers/cvtsudoers_ldif.c:428 plugins/sudoers/cvtsudoers_ldif.c:436 +#: plugins/sudoers/cvtsudoers_ldif.c:453 plugins/sudoers/cvtsudoers_ldif.c:462 +#: plugins/sudoers/cvtsudoers_ldif.c:609 plugins/sudoers/defaults.c:632 +#: plugins/sudoers/defaults.c:925 plugins/sudoers/defaults.c:1058 #: plugins/sudoers/editor.c:72 plugins/sudoers/editor.c:90 #: plugins/sudoers/editor.c:101 plugins/sudoers/env.c:268 #: plugins/sudoers/filedigest.c:66 plugins/sudoers/filedigest.c:82 -#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:138 -#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:943 -#: plugins/sudoers/iolog_path.c:174 plugins/sudoers/iolog_util.c:86 -#: plugins/sudoers/iolog_util.c:125 plugins/sudoers/iolog_util.c:134 -#: plugins/sudoers/iolog_util.c:144 plugins/sudoers/iolog_util.c:152 -#: plugins/sudoers/iolog_util.c:156 plugins/sudoers/ldap.c:185 -#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420 -#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723 -#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241 -#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705 -#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921 -#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038 -#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254 -#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342 -#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461 -#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591 -#: plugins/sudoers/ldap_conf.c:682 plugins/sudoers/ldap_conf.c:765 -#: plugins/sudoers/ldap_util.c:510 plugins/sudoers/ldap_util.c:567 -#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:202 -#: plugins/sudoers/logging.c:532 plugins/sudoers/logging.c:558 -#: plugins/sudoers/logging.c:598 plugins/sudoers/logging.c:1100 -#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:366 -#: plugins/sudoers/match_command.c:413 plugins/sudoers/match_command.c:485 -#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:199 +#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:140 +#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:476 +#: plugins/sudoers/iolog_client.c:107 plugins/sudoers/iolog_client.c:485 +#: plugins/sudoers/iolog_client.c:593 plugins/sudoers/iolog_client.c:611 +#: plugins/sudoers/iolog_client.c:1053 plugins/sudoers/iolog_client.c:1283 +#: plugins/sudoers/iolog_client.c:1619 plugins/sudoers/iolog_client.c:1647 +#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416 +#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432 +#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887 +#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668 +#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786 +#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022 +#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223 +#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306 +#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446 +#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558 +#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:682 +#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:330 +#: plugins/sudoers/ldap_util.c:337 plugins/sudoers/ldap_util.c:603 +#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:200 +#: plugins/sudoers/logging.c:527 plugins/sudoers/logging.c:553 +#: plugins/sudoers/logging.c:593 plugins/sudoers/logging.c:1091 +#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:396 +#: plugins/sudoers/match_command.c:443 plugins/sudoers/match_command.c:515 +#: plugins/sudoers/match_digest.c:87 plugins/sudoers/parse.c:199 #: plugins/sudoers/parse.c:211 plugins/sudoers/parse.c:226 #: plugins/sudoers/parse.c:238 plugins/sudoers/parse_ldif.c:155 #: plugins/sudoers/parse_ldif.c:186 plugins/sudoers/parse_ldif.c:255 #: plugins/sudoers/parse_ldif.c:262 plugins/sudoers/parse_ldif.c:267 #: plugins/sudoers/parse_ldif.c:343 plugins/sudoers/parse_ldif.c:354 -#: plugins/sudoers/parse_ldif.c:360 plugins/sudoers/parse_ldif.c:385 -#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:401 -#: plugins/sudoers/parse_ldif.c:415 plugins/sudoers/parse_ldif.c:584 -#: plugins/sudoers/parse_ldif.c:613 plugins/sudoers/parse_ldif.c:638 -#: plugins/sudoers/parse_ldif.c:696 plugins/sudoers/parse_ldif.c:713 -#: plugins/sudoers/parse_ldif.c:741 plugins/sudoers/parse_ldif.c:748 -#: plugins/sudoers/policy.c:134 plugins/sudoers/policy.c:143 -#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:178 -#: plugins/sudoers/policy.c:305 plugins/sudoers/policy.c:320 -#: plugins/sudoers/policy.c:322 plugins/sudoers/policy.c:348 -#: plugins/sudoers/policy.c:358 plugins/sudoers/policy.c:402 +#: plugins/sudoers/parse_ldif.c:381 plugins/sudoers/parse_ldif.c:398 +#: plugins/sudoers/parse_ldif.c:410 plugins/sudoers/parse_ldif.c:414 +#: plugins/sudoers/parse_ldif.c:428 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:133 plugins/sudoers/policy.c:142 +#: plugins/sudoers/policy.c:151 plugins/sudoers/policy.c:177 +#: plugins/sudoers/policy.c:304 plugins/sudoers/policy.c:319 +#: plugins/sudoers/policy.c:321 plugins/sudoers/policy.c:350 +#: plugins/sudoers/policy.c:359 plugins/sudoers/policy.c:402 #: plugins/sudoers/policy.c:412 plugins/sudoers/policy.c:421 #: plugins/sudoers/policy.c:430 plugins/sudoers/policy.c:504 -#: plugins/sudoers/policy.c:750 plugins/sudoers/prompt.c:100 +#: plugins/sudoers/policy.c:830 plugins/sudoers/prompt.c:100 #: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 #: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 #: plugins/sudoers/pwutil.c:586 plugins/sudoers/pwutil.c:657 #: plugins/sudoers/pwutil.c:816 plugins/sudoers/pwutil.c:873 #: plugins/sudoers/pwutil.c:917 plugins/sudoers/pwutil.c:975 -#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 -#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 -#: plugins/sudoers/set_perms.c:1659 plugins/sudoers/sssd.c:153 +#: plugins/sudoers/set_perms.c:365 plugins/sudoers/set_perms.c:704 +#: plugins/sudoers/set_perms.c:1067 plugins/sudoers/set_perms.c:1370 +#: plugins/sudoers/set_perms.c:1535 plugins/sudoers/sssd.c:153 #: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 #: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 #: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 -#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 -#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 -#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 -#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 -#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:113 -#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 -#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 -#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 -#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 -#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 -#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:331 plugins/sudoers/sudoers.c:341 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:735 +#: plugins/sudoers/sudoers.c:864 plugins/sudoers/sudoers.c:909 +#: plugins/sudoers/sudoers.c:1213 plugins/sudoers/sudoreplay.c:559 +#: plugins/sudoers/sudoreplay.c:562 plugins/sudoers/sudoreplay.c:1218 +#: plugins/sudoers/sudoreplay.c:1425 plugins/sudoers/sudoreplay.c:1429 +#: plugins/sudoers/testsudoers.c:136 plugins/sudoers/testsudoers.c:236 +#: plugins/sudoers/testsudoers.c:253 plugins/sudoers/testsudoers.c:587 +#: plugins/sudoers/timestamp.c:439 plugins/sudoers/timestamp.c:483 +#: plugins/sudoers/timestamp.c:993 plugins/sudoers/toke_util.c:59 +#: plugins/sudoers/toke_util.c:112 plugins/sudoers/toke_util.c:136 +#: plugins/sudoers/toke_util.c:165 plugins/sudoers/tsdump.c:130 #: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 #: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 #: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 @@ -251,12 +262,456 @@ msgid "%s: %s" msgstr "%s: %s" +#: lib/iolog/iolog_fileio.c:164 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s existiert, aber ist kein Verzeichnis (0%o)" + +#: lib/iolog/iolog_fileio.c:194 lib/iolog/iolog_fileio.c:240 +#: plugins/sudoers/timestamp.c:212 +#, c-format +msgid "unable to mkdir %s" +msgstr "Das Verzeichnis »%s« kann nicht erstellt werden" + +#: lib/iolog/iolog_fileio.c:244 plugins/sudoers/visudo.c:739 +#: plugins/sudoers/visudo.c:750 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "Ändern des Modus von %s auf 0%o gescheitert" + +#: lib/iolog/iolog_util.c:83 +#, c-format +msgid "%s: invalid log file" +msgstr "%s: ungültige Protokolldatei" + +#: lib/iolog/iolog_util.c:101 +#, c-format +msgid "%s: time stamp field is missing" +msgstr "%s: Das Feld für den Zeitstempel fehlt" + +#: lib/iolog/iolog_util.c:107 +#, c-format +msgid "%s: time stamp %s: %s" +msgstr "%s: Zeitstempel %s: %s" + +#: lib/iolog/iolog_util.c:114 +#, c-format +msgid "%s: user field is missing" +msgstr "%s: Das Benutzerfeld fehlt" + +#: lib/iolog/iolog_util.c:123 +#, c-format +msgid "%s: runas user field is missing" +msgstr "%s: Das Feld für den »runas«-Benutzer fehlt" + +#: lib/iolog/iolog_util.c:132 +#, c-format +msgid "%s: runas group field is missing" +msgstr "%s: Das Feld für die »runas«-Gruppe fehlt" + +#: lib/iolog/iolog_util.c:382 +#, c-format +msgid "error reading timing file: %s" +msgstr "Fehler beim Lesen der Zeitdateizeile: %s" + +#: lib/iolog/iolog_util.c:389 +#, c-format +msgid "invalid timing file line: %s" +msgstr "Ungültige Zeitdateizeile: %s" + +#: logsrvd/eventlog.c:228 plugins/sudoers/cvtsudoers_ldif.c:247 +#: plugins/sudoers/cvtsudoers_ldif.c:254 plugins/sudoers/cvtsudoers_ldif.c:566 +#: plugins/sudoers/env.c:330 plugins/sudoers/env.c:337 +#: plugins/sudoers/env.c:442 plugins/sudoers/iolog.c:550 +#: plugins/sudoers/iolog.c:566 plugins/sudoers/ldap.c:496 +#: plugins/sudoers/ldap.c:727 plugins/sudoers/ldap.c:1060 +#: plugins/sudoers/ldap_conf.c:227 plugins/sudoers/ldap_conf.c:317 +#: plugins/sudoers/linux_audit.c:89 plugins/sudoers/logging.c:1096 +#: plugins/sudoers/policy.c:534 plugins/sudoers/policy.c:679 +#: plugins/sudoers/policy.c:689 plugins/sudoers/prompt.c:168 +#: plugins/sudoers/sudoers.c:931 plugins/sudoers/testsudoers.c:257 +#: plugins/sudoers/toke_util.c:177 +#, c-format +msgid "internal error, %s overflow" +msgstr "Interner Fehler, %s-Überlauf" + +#: logsrvd/eventlog.c:422 plugins/sudoers/logging.c:118 +#, c-format +msgid "%8s : %s" +msgstr "%8s : %s" + +#: logsrvd/eventlog.c:451 plugins/sudoers/logging.c:146 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "%8s : (Befehl fortgesetzt) %s" + +#: logsrvd/iolog_writer.c:886 +msgid "log is already complete, cannot be restarted" +msgstr "Das Log ist bereits abgeschlossen, kann nicht neu gestartet werden" + +#: logsrvd/iolog_writer.c:917 +msgid "unable to restart log" +msgstr "Das Log konnte nicht wieder begonnen werden" + +#: logsrvd/logsrv_util.c:96 logsrvd/logsrv_util.c:103 +#: plugins/sudoers/sudoreplay.c:355 plugins/sudoers/sudoreplay.c:361 +#: plugins/sudoers/sudoreplay.c:368 +#, c-format +msgid "unable to open %s/%s" +msgstr "Die Datei »%s/%s« kann nicht geöffnet werden" + +#: logsrvd/logsrv_util.c:130 +#, c-format +msgid "missing I/O log file %s/%s" +msgstr "Die I/O Logdatei %s/%s fehlt" + +#: logsrvd/logsrv_util.c:137 +#, c-format +msgid "%s/%s: unable to seek forward %zu" +msgstr "%s/%s: kann nicht zur Position %zu springen" + +#: logsrvd/logsrv_util.c:147 +#, c-format +msgid "unable to find resume point [%lld, %ld] in %s/%s" +msgstr "Der Wiederaufsetz-Punkt [%lld, %ld] in %s/%s kann nicht gefunden werden" + +# XXX geht das besser? +#: logsrvd/logsrvd.c:231 logsrvd/logsrvd.c:299 logsrvd/logsrvd.c:343 +#: logsrvd/logsrvd.c:392 logsrvd/logsrvd.c:439 logsrvd/logsrvd.c:484 +#: logsrvd/logsrvd.c:510 +msgid "state machine error" +msgstr "Fehler der State Machine" + +#: logsrvd/logsrvd.c:240 +msgid "invalid AcceptMessage" +msgstr "ungültige AcceptMessage" + +#: logsrvd/logsrvd.c:251 +msgid "error parsing AcceptMessage" +msgstr "Fehler beim Parsen der AcceptMessage" + +#: logsrvd/logsrvd.c:258 +msgid "error creating I/O log" +msgstr "Fehler beim Erstellen des Ein-/Ausgabe-Protokolls" + +#: logsrvd/logsrvd.c:265 +msgid "error logging accept event" +msgstr "Fehler beim Protokolliereb des Accept-Events" + +#: logsrvd/logsrvd.c:308 +msgid "invalid RejectMessage" +msgstr "ungültige RejectMessage" + +#: logsrvd/logsrvd.c:319 +msgid "error parsing RejectMessage" +msgstr "Fehler beim Parsen der RejectMessage" + +#: logsrvd/logsrvd.c:325 +msgid "error logging reject event" +msgstr "Fehler beim Protokollieren des Reject-Events" + +#: logsrvd/logsrvd.c:424 +msgid "error logging alert event" +msgstr "Fehler beim Protokollieren des Alert-Events" + +#: logsrvd/logsrvd.c:449 +msgid "error writing IoBuffer" +msgstr "Fehler beim Schreiben des IoBuffer" + +#: logsrvd/logsrvd.c:495 +msgid "error writing ChangeWindowSize" +msgstr "Fehler beim Schreiben der ChangeWindowSize" + +#: logsrvd/logsrvd.c:521 +msgid "error writing CommandSuspend" +msgstr "Fehler beim Schreiben des CommandSusped" + +#: logsrvd/logsrvd.c:583 +msgid "unrecognized ClientMessage type" +msgstr "unbekannter ClientMessage-Typ" + +#: logsrvd/logsrvd.c:835 +msgid "client message too large" +msgstr "Client-Nachricht ist zu groß" + +#: logsrvd/logsrvd.c:1295 logsrvd/logsrvd.c:1415 logsrvd/logsrvd.c:1539 +#: logsrvd/logsrvd.c:1631 logsrvd/sendlog.c:242 logsrvd/sendlog.c:257 +#: logsrvd/sendlog.c:290 logsrvd/sendlog.c:1264 plugins/sudoers/iolog.c:900 +#: plugins/sudoers/iolog.c:1033 plugins/sudoers/iolog.c:1131 +#: plugins/sudoers/iolog_client.c:111 plugins/sudoers/iolog_client.c:436 +#: plugins/sudoers/iolog_client.c:452 plugins/sudoers/iolog_client.c:490 +#: plugins/sudoers/iolog_client.c:1032 plugins/sudoers/iolog_client.c:1061 +#: plugins/sudoers/iolog_client.c:1133 plugins/sudoers/iolog_client.c:1239 +#: plugins/sudoers/iolog_client.c:1353 plugins/sudoers/iolog_client.c:1655 +#: plugins/sudoers/iolog_client.c:1663 plugins/sudoers/sudoreplay.c:519 +#: plugins/sudoers/sudoreplay.c:566 plugins/sudoers/sudoreplay.c:755 +#: plugins/sudoers/sudoreplay.c:867 plugins/sudoers/sudoreplay.c:957 +#: plugins/sudoers/sudoreplay.c:972 plugins/sudoers/sudoreplay.c:979 +#: plugins/sudoers/sudoreplay.c:986 plugins/sudoers/sudoreplay.c:993 +#: plugins/sudoers/sudoreplay.c:1000 plugins/sudoers/sudoreplay.c:1127 +msgid "unable to add event to queue" +msgstr "Event kann nicht zur Warteschlange hinzugefügt werden" + +#: logsrvd/logsrvd.c:1407 plugins/sudoers/iolog_client.c:378 +#, c-format +msgid "Unable to attach user data to the ssl object: %s" +msgstr "Kann die User-Daten nicht an das SSL-Objekt anhängen: %s" + +#: logsrvd/logsrvd.c:1443 plugins/sudoers/iolog_client.c:1596 +#: plugins/sudoers/iolog_client.c:1604 +msgid "unable to get remote IP addr" +msgstr "Kann die entfernte IP-Adresse nicht finden" + +#: logsrvd/logsrvd.c:1692 logsrvd/sendlog.c:113 +#, c-format +msgid "" +"%s - send sudo I/O log to remote server\n" +"\n" +msgstr "" +"%s - sende sudo I/O-Log zu einem entfernten Server\n" +"\n" + +#: logsrvd/logsrvd.c:1695 +msgid "" +"\n" +"Options:\n" +" -f, --file path to configuration file\n" +" -h --help display help message and exit\n" +" -n, --no-fork do not fork, run in the foreground\n" +" -R, --random-drop percent chance connections will drop\n" +" -V, --version display version information and exit\n" +msgstr "" +"\n" +"Optionen:\n" +" -f, --file\t\t gibt den Namen der Konfigurationsdatei an\n" +" -h, --help diese Hilfe anzeigen und beenden\n" +" -n, --no-fork im Vordergrund laufen\n" +" -R, --random-drop prozentuale Change, dass die Verbindung abbricht\n" +" -V, --version Versionsinformation anzeigen und beenden\n" + +#: logsrvd/logsrvd.c:1747 logsrvd/sendlog.c:1513 +msgid "Protobuf-C version 1.3 or higher required" +msgstr "Protobuf-C Version 1.3 oder höher ist notwendig" + +#: logsrvd/logsrvd.c:1765 +#, c-format +msgid "invalid random drop value: %s" +msgstr "ungültiger Wert für »random drop«: %s" + +#: logsrvd/logsrvd.c:1769 logsrvd/sendlog.c:1551 +#: plugins/sudoers/cvtsudoers.c:233 plugins/sudoers/sudoreplay.c:302 +#: plugins/sudoers/visudo.c:184 +#, c-format +msgid "%s version %s\n" +msgstr "%s Version %s\n" + +#: logsrvd/logsrvd_conf.c:688 +#, c-format +msgid "%s: not a fully qualified path" +msgstr "%s: ist kein voll qualifizierter Pfad" + +#: logsrvd/logsrvd_conf.c:802 +#, c-format +msgid "%s:%d unmatched '[': %s" +msgstr "%s: %d »[« ohne schliessende Klammer »]«: %s" + +#: logsrvd/logsrvd_conf.c:813 +#, c-format +msgid "%s:%d invalid config section: %s" +msgstr "%s/%d Ungültiger Konfigurations-Abschnitt: %s" + +#: logsrvd/logsrvd_conf.c:821 +#, c-format +msgid "%s:%d invalid configuration line: %s" +msgstr "%s/%d Ungültige Konfigurationszeile: %s" + +#: logsrvd/logsrvd_conf.c:827 +#, c-format +msgid "%s:%d expected section name: %s" +msgstr "%s:%d erwartetder Section Name: %s" + +#: logsrvd/logsrvd_conf.c:841 +#, c-format +msgid "invalid value for %s: %s" +msgstr "Ungültiger Wert für %s: %s" + +#: logsrvd/logsrvd_conf.c:849 +#, c-format +msgid "%s:%d unknown key: %s" +msgstr "%s:%d unbekannter Schlüssel: %s" + +#: logsrvd/logsrvd_conf.c:977 +#, c-format +msgid "unknown syslog facility %s" +msgstr "Unbekannte Syslog-Facility %s" + +#: logsrvd/logsrvd_conf.c:981 logsrvd/logsrvd_conf.c:985 +#: logsrvd/logsrvd_conf.c:989 +#, c-format +msgid "unknown syslog priority %s" +msgstr "Unbekannte Syslog-Priorität %s" + +#: logsrvd/sendlog.c:116 +msgid "" +"\n" +"Options:\n" +" --help display help message and exit\n" +" -h, --host host to send logs to\n" +" -i, --iolog_id remote ID of I/O log to be resumed\n" +" -p, --port port to use when connecting to host\n" +" -r, --restart restart previous I/O log transfer\n" +" -t, --test test audit server by sending selected I/O log n times in parallel\n" +" -b, --ca-bundle certificate bundle file to verify server's cert against\n" +" -c, --cert certificate file for TLS handshake\n" +" -k, --key private key file\n" +" -V, --version display version information and exit\n" +msgstr "" +"\n" +"Optionen:\n" +" --help zeige diese Nachricht und beenden\n" +" -h, --host send Logs an diesen Server\n" +" -i, --iolog_id entfernte ID des I/O Logs zur Wiederaufnahme\n" +" -p, --port Port für die Verbindung zum Server\n" +" -r, --restart restarte vorhergegangene I/O Log Übertragung\n" +" -t, --test teste Audit Server mit dem Senden des ausgewählten I/O Logs mit Parallelität n\n" +" -b, --ca-bundle Zertificats-Bündel-Datei zum Prüfen des Server-Zertifikats\n" +" -c, --cert Zertifikatsdatei für TLS-Handshake\n" +" -k, --key Datei mit dem privaten Schlüssel\n" +" -V, --version zeige Versioninformationen und beende\n" + +#: logsrvd/sendlog.c:216 plugins/sudoers/iolog_client.c:409 +msgid "TLS handshake timeout occurred" +msgstr "Timeout beim TLS-Handshake erreicht" + +#: logsrvd/sendlog.c:237 logsrvd/sendlog.c:252 +#: plugins/sudoers/iolog_client.c:430 plugins/sudoers/iolog_client.c:446 +msgid "unable to set event" +msgstr "Konnte den Event nicht setzen" + +#: logsrvd/sendlog.c:262 +#, c-format +msgid "SSL_connect failed: ssl_error=%d, stack=%s\n" +msgstr "SSL_connect fehlgeschlagen: ssl_error=%d, stack=%s\n" + +#: logsrvd/sendlog.c:294 plugins/sudoers/iolog_client.c:115 +#: plugins/sudoers/iolog_client.c:495 plugins/sudoers/iolog_client.c:1065 +#: plugins/sudoers/iolog_client.c:1671 +msgid "error in event loop" +msgstr "Fehler in der Event-Schleife" + +#: logsrvd/sendlog.c:311 +msgid "CA bundle file was not specified" +msgstr "Die Datei für das CA-Zertifikats-Bündel wurde nicht angegeben" + +#: logsrvd/sendlog.c:315 +msgid "Client certificate was not specified" +msgstr "Client-Zertifikat nicht angegeben" + +#: logsrvd/sendlog.c:319 +#, c-format +msgid "Unable to initialize ssl context: %s" +msgstr "SSL-Kontext kann nicht initialisiert werden: %s" + +#: logsrvd/sendlog.c:324 +#, c-format +msgid "Unable to allocate ssl object: %s\n" +msgstr "Kann kein SSL-Objekt anlegen: %s\n" + +#: logsrvd/sendlog.c:329 +#, c-format +msgid "Unable to attach socket to the ssl object: %s\n" +msgstr "Kann den Socket nicht an das SSL-Objekt anhängen: %s\n" + +#: logsrvd/sendlog.c:367 plugins/sudoers/iolog_client.c:150 +#, c-format +msgid "unable to look up %s:%s: %s" +msgstr "Fehler beim Lookup %s:%s: %s" + +#: logsrvd/sendlog.c:522 plugins/sudoers/sudoreplay.c:815 +#, c-format +msgid "unable to read %s/%s: %s" +msgstr "Fehler beim Lesen %s/%s: %s" + +#: logsrvd/sendlog.c:543 +#, c-format +msgid "client message too large: %zu\n" +msgstr "Client-Nachricht ist zu groß: %zu\n" + +#: logsrvd/sendlog.c:941 +#, c-format +msgid "%s: write buffer already in use" +msgstr "%s: Schreib-Puffer wird bereits verwendet" + +#: logsrvd/sendlog.c:993 plugins/sudoers/iolog.c:824 +#: plugins/sudoers/iolog.c:893 +#, c-format +msgid "unexpected I/O event %d" +msgstr "unerwarteter I/O Event %d" + +#: logsrvd/sendlog.c:1025 logsrvd/sendlog.c:1042 logsrvd/sendlog.c:1092 +#: plugins/sudoers/iolog_client.c:1037 plugins/sudoers/iolog_client.c:1090 +#: plugins/sudoers/iolog_client.c:1151 +#, c-format +msgid "%s: unexpected state %d" +msgstr "%s: unerwarteter Status %d" + +#: logsrvd/sendlog.c:1048 plugins/sudoers/iolog_client.c:1096 +msgid "invalid ServerHello" +msgstr "ungültiges ServerHello" + +#: logsrvd/sendlog.c:1130 plugins/sudoers/iolog_client.c:1195 +#, c-format +msgid "error message received from server: %s" +msgstr "Fehler beim Empfangen der Nachricht vom Server: %s" + +#: logsrvd/sendlog.c:1143 plugins/sudoers/iolog_client.c:1208 +#, c-format +msgid "abort message received from server: %s" +msgstr "Abbruch-Nachricht vom Server empfangen: %s" + +#: logsrvd/sendlog.c:1162 plugins/sudoers/iolog_client.c:1227 +msgid "unable to unpack ServerMessage" +msgstr "Kann die ServerNessage nicht auspacken" + +#: logsrvd/sendlog.c:1207 plugins/sudoers/iolog_client.c:1260 +#, c-format +msgid "%s: unexpected type_case value %d" +msgstr "%s: unerwarteter type_case Wert %d" + +#: logsrvd/sendlog.c:1291 +msgid "premature EOF" +msgstr "unerwartetes Datei-Ende" + +#: logsrvd/sendlog.c:1304 +#, c-format +msgid "server message too large: %u\n" +msgstr "Server-Nachricht ist zu groß: %u\n" + +#: logsrvd/sendlog.c:1569 +msgid "both restart point and iolog ID must be specified" +msgstr "Sowohl Restart-Punkt als auch die I/O-Log ID sind notwendig" + +#: logsrvd/sendlog.c:1636 +#, c-format +msgid "exited prematurely with state %d" +msgstr "Vorzeitig beendet mit Status %d" + +#: logsrvd/sendlog.c:1637 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "Abgelaufene Zeit zum Server gesendet [%lld, %ld]" + +#: logsrvd/sendlog.c:1639 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "Commit Punkt vom Server empfangen [%lld, %ld]" + #: plugins/sudoers/alias.c:151 #, c-format msgid "Alias \"%s\" already defined" msgstr "Alias »%s« ist bereits definiert" -#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:801 +#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:792 msgid "unable to fork" msgstr "Fehler bei fork()" @@ -363,33 +818,33 @@ msgid "unable to initialize PAM: %s" msgstr "PAM kann nicht initialisiert werden: %s" -#: plugins/sudoers/auth/pam.c:319 +#: plugins/sudoers/auth/pam.c:322 #, c-format msgid "PAM authentication error: %s" msgstr "Fehler bei der PAM-Authentifizierung: %s" -#: plugins/sudoers/auth/pam.c:338 +#: plugins/sudoers/auth/pam.c:341 msgid "account validation failure, is your account locked?" msgstr "Fehler bei der Validierung des Kontos, ist das Konto gesperrt?" -#: plugins/sudoers/auth/pam.c:349 +#: plugins/sudoers/auth/pam.c:352 msgid "Account or password is expired, reset your password and try again" msgstr "Konto oder Passwort ist abgelaufen, bitte Passwort zurücksetzen und nochmal probieren" -#: plugins/sudoers/auth/pam.c:355 +#: plugins/sudoers/auth/pam.c:358 #, c-format msgid "unable to change expired password: %s" msgstr "Das abgelaufene Passwort kann nicht geändert werden: %s«" -#: plugins/sudoers/auth/pam.c:366 +#: plugins/sudoers/auth/pam.c:369 msgid "Password expired, contact your system administrator" msgstr "Das Passwort ist abgelaufen, bitte wenden Sie sich an den Systemadministrator" -#: plugins/sudoers/auth/pam.c:371 +#: plugins/sudoers/auth/pam.c:374 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Das Konto ist abgelaufen oder in der PAM-Konfiguration fehlt der »account«-Abschnitt für sudo. Bitte wenden Sie sich an den Systemadministrator" -#: plugins/sudoers/auth/pam.c:379 plugins/sudoers/auth/pam.c:384 +#: plugins/sudoers/auth/pam.c:382 plugins/sudoers/auth/pam.c:387 #, c-format msgid "PAM account management error: %s" msgstr "Fehler beim PAM-Account-Management: %s" @@ -467,7 +922,7 @@ msgid "unable to commit audit record" msgstr "Audit-Satz kann nicht auf Platte geschrieben werden" -#: plugins/sudoers/check.c:269 +#: plugins/sudoers/check.c:264 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -487,15 +942,16 @@ " #3) Mit großer Macht kommt große Verantwortung.\n" "\n" -#: plugins/sudoers/check.c:312 plugins/sudoers/check.c:322 -#: plugins/sudoers/sudoers.c:700 plugins/sudoers/sudoers.c:748 +#: plugins/sudoers/check.c:307 plugins/sudoers/check.c:317 +#: plugins/sudoers/sudoers.c:778 plugins/sudoers/sudoers.c:826 #: plugins/sudoers/tsdump.c:126 #, c-format msgid "unknown uid: %u" msgstr "Unbekannte Benutzer-ID: %u" -#: plugins/sudoers/check.c:317 plugins/sudoers/iolog.c:255 -#: plugins/sudoers/policy.c:921 plugins/sudoers/sudoers.c:1163 +#: plugins/sudoers/check.c:312 plugins/sudoers/iolog.c:121 +#: plugins/sudoers/policy.c:1034 plugins/sudoers/sudoers.c:391 +#: plugins/sudoers/sudoers.c:393 plugins/sudoers/sudoers.c:1255 #: plugins/sudoers/testsudoers.c:227 plugins/sudoers/testsudoers.c:400 #, c-format msgid "unknown user: %s" @@ -516,12 +972,6 @@ msgid "order padding: %s: %s" msgstr "Auffüllen der Folge: %s: %s" -#: plugins/sudoers/cvtsudoers.c:233 plugins/sudoers/sudoreplay.c:289 -#: plugins/sudoers/visudo.c:184 -#, c-format -msgid "%s version %s\n" -msgstr "%s Version %s\n" - #: plugins/sudoers/cvtsudoers.c:235 plugins/sudoers/visudo.c:186 #, c-format msgid "%s grammar version %d\n" @@ -542,7 +992,7 @@ msgid "%s: input and output files must be different" msgstr "%s: Eingabe- und Ausgabedatei müssen unterschiedlich sein" -#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:176 +#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:185 #: plugins/sudoers/testsudoers.c:266 plugins/sudoers/visudo.c:254 #: plugins/sudoers/visudo.c:610 plugins/sudoers/visudo.c:933 msgid "unable to initialize sudoers default values" @@ -574,12 +1024,10 @@ msgstr "Ungültiger Filter: %s" #: plugins/sudoers/cvtsudoers.c:622 plugins/sudoers/cvtsudoers.c:639 -#: plugins/sudoers/cvtsudoers.c:1245 plugins/sudoers/cvtsudoers_json.c:1130 -#: plugins/sudoers/cvtsudoers_ldif.c:643 plugins/sudoers/iolog.c:413 -#: plugins/sudoers/iolog_util.c:75 plugins/sudoers/sudoers.c:914 -#: plugins/sudoers/sudoreplay.c:338 plugins/sudoers/sudoreplay.c:1431 -#: plugins/sudoers/timestamp.c:448 plugins/sudoers/tsdump.c:135 -#: plugins/sudoers/visudo.c:929 +#: plugins/sudoers/cvtsudoers.c:1249 plugins/sudoers/cvtsudoers_json.c:868 +#: plugins/sudoers/cvtsudoers_ldif.c:683 plugins/sudoers/sudoers.c:1001 +#: plugins/sudoers/sudoreplay.c:1391 plugins/sudoers/timestamp.c:448 +#: plugins/sudoers/tsdump.c:135 plugins/sudoers/visudo.c:929 #, c-format msgid "unable to open %s" msgstr "Die Datei »%s« kann nicht geöffnet werden" @@ -599,14 +1047,13 @@ msgid "parse error in %s\n" msgstr "Analysefehler in %s\n" -#: plugins/sudoers/cvtsudoers.c:1292 plugins/sudoers/iolog.c:500 -#: plugins/sudoers/sudoreplay.c:1135 plugins/sudoers/timestamp.c:332 -#: plugins/sudoers/timestamp.c:335 +#: plugins/sudoers/cvtsudoers.c:1296 plugins/sudoers/sudoreplay.c:1088 +#: plugins/sudoers/timestamp.c:332 plugins/sudoers/timestamp.c:335 #, c-format msgid "unable to write to %s" msgstr "In die Datei »%s« kann nicht geschrieben werden" -#: plugins/sudoers/cvtsudoers.c:1315 +#: plugins/sudoers/cvtsudoers.c:1319 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -615,7 +1062,7 @@ "%s – zwischen sudoers Dateiformaten konvertieren\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1317 +#: plugins/sudoers/cvtsudoers.c:1321 msgid "" "\n" "Options:\n" @@ -654,43 +1101,30 @@ " -s, --suppress=sections Unterdrücke Ausgabe von bestimmten Abschnitten\n" " -V, --version Zeige Versionsinformationen an und Ende" -#: plugins/sudoers/cvtsudoers_json.c:684 plugins/sudoers/cvtsudoers_json.c:720 -#: plugins/sudoers/cvtsudoers_json.c:938 +#: plugins/sudoers/cvtsudoers_json.c:487 plugins/sudoers/cvtsudoers_json.c:521 +#: plugins/sudoers/cvtsudoers_json.c:709 #, c-format msgid "unknown defaults entry \"%s\"" msgstr "unbekannter defaults-Eintrag »%s«" -#: plugins/sudoers/cvtsudoers_json.c:858 plugins/sudoers/cvtsudoers_json.c:873 -#: plugins/sudoers/cvtsudoers_ldif.c:308 plugins/sudoers/cvtsudoers_ldif.c:319 +#: plugins/sudoers/cvtsudoers_json.c:647 plugins/sudoers/cvtsudoers_json.c:660 +#: plugins/sudoers/cvtsudoers_ldif.c:348 plugins/sudoers/cvtsudoers_ldif.c:359 #: plugins/sudoers/ldap.c:482 msgid "unable to get GMT time" msgstr "Die GMT-Zeit kann nicht bekommen werden" -#: plugins/sudoers/cvtsudoers_json.c:861 plugins/sudoers/cvtsudoers_json.c:876 -#: plugins/sudoers/cvtsudoers_ldif.c:311 plugins/sudoers/cvtsudoers_ldif.c:322 +#: plugins/sudoers/cvtsudoers_json.c:650 plugins/sudoers/cvtsudoers_json.c:663 +#: plugins/sudoers/cvtsudoers_ldif.c:351 plugins/sudoers/cvtsudoers_ldif.c:362 #: plugins/sudoers/ldap.c:488 msgid "unable to format timestamp" msgstr "Der Zeitstempel kann nicht formatiert werden" -#: plugins/sudoers/cvtsudoers_ldif.c:526 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:337 plugins/sudoers/env.c:442 -#: plugins/sudoers/ldap.c:496 plugins/sudoers/ldap.c:727 -#: plugins/sudoers/ldap.c:1060 plugins/sudoers/ldap_conf.c:227 -#: plugins/sudoers/ldap_conf.c:317 plugins/sudoers/linux_audit.c:89 -#: plugins/sudoers/logging.c:1105 plugins/sudoers/policy.c:625 -#: plugins/sudoers/policy.c:635 plugins/sudoers/prompt.c:168 -#: plugins/sudoers/sudoers.c:852 plugins/sudoers/testsudoers.c:257 -#: plugins/sudoers/toke_util.c:161 -#, c-format -msgid "internal error, %s overflow" -msgstr "Interner Fehler, %s-Überlauf" - -#: plugins/sudoers/cvtsudoers_ldif.c:595 +#: plugins/sudoers/cvtsudoers_ldif.c:635 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "Zu viele sudoers Einträge, Maximum ist %u" -#: plugins/sudoers/cvtsudoers_ldif.c:638 +#: plugins/sudoers/cvtsudoers_ldif.c:678 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "Die Umgebunsvariable SUDOERS_BASE ist nicht gesetzt und die Option -b ist nicht angegeben." @@ -950,7 +1384,7 @@ #: plugins/sudoers/def_data.c:270 msgid "If LDAP directory is up, do we ignore local sudoers file" -msgstr "Wenn das LDAP-Verzeichnis erreichbar ist, wird die lokale sudoers-Datei ignoriert?" +msgstr "Wenn das LDAP-Verzeichnis erreichbar ist, ignorieren wir die lokale sudoers-Datei" #: plugins/sudoers/def_data.c:274 #, c-format @@ -959,7 +1393,7 @@ #: plugins/sudoers/def_data.c:278 msgid "If set, users may override the value of `closefrom' with the -C option" -msgstr "Benutzer können den Wert für »closeform« mit der der Option -C überschreiben, wenn diese Option gesetzt ist." +msgstr "Benutzer können den Wert für »closefrom« mit der der Option -C überschreiben, wenn diese Option gesetzt ist" #: plugins/sudoers/def_data.c:282 msgid "Allow users to set arbitrary environment variables" @@ -1101,8 +1535,8 @@ #: plugins/sudoers/def_data.c:406 #, c-format -msgid "Maximum I/O log sequence number: %u" -msgstr "Maximale Sequenznummer des Ein-/Ausgabe-Protokolls: %u" +msgid "Maximum I/O log sequence number: %s" +msgstr "Maximale Sequenznummer des Ein-/Ausgabe-Protokolls: %s" #: plugins/sudoers/def_data.c:410 msgid "Enable sudoers netgroup support" @@ -1212,62 +1646,106 @@ msgid "Log when a command is denied by sudoers" msgstr "Protokolliere von sudo verweigerte Kommandos" -#: plugins/sudoers/defaults.c:231 +#: plugins/sudoers/def_data.c:510 +msgid "Sudo log server(s) to connect to with optional port" +msgstr "Sudo Log Server mit optionalem Port für die Verbindung" + +#: plugins/sudoers/def_data.c:514 +#, c-format +msgid "Sudo log server timeout in seconds: %u" +msgstr "Sudo Log-Server Timeout in Secunden: %u" + +#: plugins/sudoers/def_data.c:518 +msgid "Enable SO_KEEPALIVE socket option on the socket connected to the logserver" +msgstr "Verwende die SO_KEEPALIVE Socket Option für die Verbindung zum Logserver" + +#: plugins/sudoers/def_data.c:522 +#, c-format +msgid "Path to the audit server's CA bundle file: %s" +msgstr "Pfad zur Zertifikats-Bündel-Datei des Audit Servers: %s" + +#: plugins/sudoers/def_data.c:526 +#, c-format +msgid "Path to the sudoers certificate file: %s" +msgstr "Pfad zur sudoers Zertifikats-Datei: %s" + +#: plugins/sudoers/def_data.c:530 +#, c-format +msgid "Path to the sudoers private key file: %s" +msgstr "Pfad zur sudoers Datei mit dem privaten Schlüssel: %s" + +#: plugins/sudoers/def_data.c:534 +msgid "Allow the use of unknown runas user and/or group ID" +msgstr "Erlaube die Verwendung eines unbekannten »runas« Benutzers oder Gruppen-ID" + +#: plugins/sudoers/def_data.c:538 +msgid "Only permit running commands as a user with a valid shell" +msgstr "Nur die Ausführung von Kommandos erlauben für Benutzer mit einer gültigen Shell" + +#: plugins/sudoers/def_data.c:542 +msgid "Set the pam remote user to the user running sudo" +msgstr "Setze den PAM remote Benutzer auf den Benutzer, der sudo ausführt" + +#: plugins/sudoers/def_data.c:546 +msgid "Set the pam remote host to the local host name" +msgstr "Setze den PAM remote Rechner auf den lokalen Hostname" + +#: plugins/sudoers/defaults.c:190 #, c-format msgid "%s:%d unknown defaults entry \"%s\"" msgstr "%s:%d unbekannter defaults-Eintrag »%s«" -#: plugins/sudoers/defaults.c:234 +#: plugins/sudoers/defaults.c:193 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "%s: unbekannter defaults-Eintrag »%s«" -#: plugins/sudoers/defaults.c:277 +#: plugins/sudoers/defaults.c:236 #, c-format msgid "%s:%d no value specified for \"%s\"" msgstr "%s:%d Kein Wert für »%s« angegeben" -#: plugins/sudoers/defaults.c:280 +#: plugins/sudoers/defaults.c:239 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "%s: Kein Wert für »%s« angegeben" -#: plugins/sudoers/defaults.c:300 +#: plugins/sudoers/defaults.c:259 #, c-format msgid "%s:%d values for \"%s\" must start with a '/'" msgstr "%s:%d Werte für »%s« müssen mit einem »/« beginnen" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:262 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s: Werte für »%s« müssen mit einem »/« beginnen" -#: plugins/sudoers/defaults.c:325 +#: plugins/sudoers/defaults.c:284 #, c-format msgid "%s:%d option \"%s\" does not take a value" msgstr "%s:%d Die Option »%s« wird ohne Wert verwendet" -#: plugins/sudoers/defaults.c:328 +#: plugins/sudoers/defaults.c:287 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s: Die Option »%s« wird ohne Wert verwendet" -#: plugins/sudoers/defaults.c:353 +#: plugins/sudoers/defaults.c:312 #, c-format msgid "%s:%d invalid Defaults type 0x%x for option \"%s\"" msgstr "%s:%d Ungültiger »Defaults« Typ 0x%x für Option »%s«" -#: plugins/sudoers/defaults.c:356 +#: plugins/sudoers/defaults.c:315 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s: Ungültiger »Defaults« Typ 0x%x für Option »%s«" -#: plugins/sudoers/defaults.c:366 +#: plugins/sudoers/defaults.c:325 #, c-format msgid "%s:%d value \"%s\" is invalid for option \"%s\"" msgstr "%s:%d Der Wert »%s« ist für die Option »%s« ungültig" -#: plugins/sudoers/defaults.c:369 +#: plugins/sudoers/defaults.c:328 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s: Der Wert »%s« ist für die Option »%s« ungültig" @@ -1276,11 +1754,11 @@ msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: envp ist beschädigt, die Längen passen nicht" -#: plugins/sudoers/env.c:1132 +#: plugins/sudoers/env.c:1133 msgid "unable to rebuild the environment" msgstr "Das Environment kann nicht neu erstellt werden" -#: plugins/sudoers/env.c:1206 +#: plugins/sudoers/env.c:1207 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "Leider dürfen die folgenden Umgebungsvariablen nicht gesetzt werden: %s" @@ -1305,27 +1783,27 @@ msgid "%s: read error" msgstr "%s: Fehler beim Lesen" -#: plugins/sudoers/group_plugin.c:90 +#: plugins/sudoers/group_plugin.c:91 #, c-format msgid "%s must be owned by uid %d" msgstr "%s muss der uid %d gehören" -#: plugins/sudoers/group_plugin.c:94 +#: plugins/sudoers/group_plugin.c:95 #, c-format msgid "%s must only be writable by owner" msgstr "%s darf nur für den Eigentümer der Datei schreibbar sein" -#: plugins/sudoers/group_plugin.c:102 plugins/sudoers/sssd.c:562 +#: plugins/sudoers/group_plugin.c:104 plugins/sudoers/sssd.c:562 #, c-format msgid "unable to load %s: %s" msgstr "Laden von %s fehlgeschlagen: %s" -#: plugins/sudoers/group_plugin.c:108 +#: plugins/sudoers/group_plugin.c:110 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "Das Symbol »group_plugin« kann in %s nicht gefunden werden" -#: plugins/sudoers/group_plugin.c:113 +#: plugins/sudoers/group_plugin.c:115 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: Die Major-Version %d des Group-Plugins ist inkompatibel, erwartet wird %d" @@ -1344,87 +1822,143 @@ msgid "Local IP address and netmask pairs:\n" msgstr "Lokale IP-Adresse und Netzmaske:\n" -#: plugins/sudoers/iolog.c:117 plugins/sudoers/mkdir_parents.c:82 +#: plugins/sudoers/iolog.c:146 plugins/sudoers/sudoers.c:398 +#: plugins/sudoers/sudoers.c:400 plugins/sudoers/sudoers.c:1289 +#: plugins/sudoers/testsudoers.c:424 #, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s existiert, aber ist kein Verzeichnis (0%o)" +msgid "unknown group: %s" +msgstr "Unbekannte Gruppe: %s" -#: plugins/sudoers/iolog.c:142 plugins/sudoers/iolog.c:182 -#: plugins/sudoers/mkdir_parents.c:71 plugins/sudoers/timestamp.c:212 +#: plugins/sudoers/iolog.c:505 plugins/sudoers/iolog.c:788 +#: plugins/sudoers/iolog.c:938 plugins/sudoers/iolog.c:945 +#: plugins/sudoers/iolog.c:1066 plugins/sudoers/iolog.c:1073 +#: plugins/sudoers/iolog.c:1172 plugins/sudoers/iolog.c:1179 #, c-format -msgid "unable to mkdir %s" -msgstr "Das Verzeichnis »%s« kann nicht erstellt werden" +msgid "unable to write to I/O log file: %s" +msgstr "In die I/O Logdatei kann nicht geschrieben werden: %s" -#: plugins/sudoers/iolog.c:186 plugins/sudoers/visudo.c:739 -#: plugins/sudoers/visudo.c:750 +#: plugins/sudoers/iolog.c:555 +msgid "unable to update sequence file" +msgstr "Kann die Sequenz-Datei nicht aktualisieren" + +#: plugins/sudoers/iolog.c:594 #, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "Ändern des Modus von %s auf 0%o gescheitert" +msgid "unable to create %s/%s" +msgstr "Die Datei %s%s kann nicht erstellt werden" -#: plugins/sudoers/iolog.c:294 plugins/sudoers/sudoers.c:1194 -#: plugins/sudoers/testsudoers.c:424 +#: plugins/sudoers/iolog.c:622 +msgid "unable to connect to log server" +msgstr "Verbindung zum Logserver kann nicht aufgebaut werden" + +#: plugins/sudoers/iolog.c:830 #, c-format -msgid "unknown group: %s" -msgstr "Unbekannte Gruppe: %s" +msgid "%s: internal error, I/O log file for event %d not open" +msgstr "%s: Interner Fehler, Logdatei für Event %d nicht geöffnet" -#: plugins/sudoers/iolog.c:464 plugins/sudoers/sudoers.c:918 -#: plugins/sudoers/sudoreplay.c:846 plugins/sudoers/sudoreplay.c:1542 -#: plugins/sudoers/tsdump.c:145 +#: plugins/sudoers/iolog.c:923 plugins/sudoers/iolog.c:1051 +#: plugins/sudoers/iolog.c:1156 plugins/sudoers/timestamp.c:862 +#: plugins/sudoers/timestamp.c:954 plugins/sudoers/visudo.c:498 +#: plugins/sudoers/visudo.c:504 +msgid "unable to read the clock" +msgstr "Die Uhrzeit kann nicht ausgelesen werden" + +#: plugins/sudoers/iolog.c:1148 plugins/sudoers/iolog_client.c:862 #, c-format -msgid "unable to read %s" -msgstr "Die Datei »%s« kann nicht gelesen werden" +msgid "%s: internal error, invalid signal %d" +msgstr "%s: Interner Fehler, ungültiges Signal %d" -#: plugins/sudoers/iolog.c:579 plugins/sudoers/iolog.c:801 +#: plugins/sudoers/iolog_client.c:297 #, c-format -msgid "unable to create %s" -msgstr "Die Datei »%s« kann nicht erstellt werden" +msgid "Creation of new SSL_CTX object failed: %s" +msgstr "Erzeugen eines neuen SSL_CTX Objektes fehlgeschlagen: %s" + +#: plugins/sudoers/iolog_client.c:320 +msgid "CA bundle file is not set in sudoers" +msgstr "CA Bündel-Datei ist nicht in der sudoers-Datei angegeben" -#: plugins/sudoers/iolog.c:824 plugins/sudoers/iolog.c:1039 -#: plugins/sudoers/iolog.c:1115 plugins/sudoers/iolog.c:1209 -#: plugins/sudoers/iolog.c:1270 +#: plugins/sudoers/iolog_client.c:327 #, c-format -msgid "unable to write to I/O log file: %s" -msgstr "In die I/O Logdatei kann nicht geschrieben werden: %s" +msgid "Calling SSL_CTX_load_verify_locations() failed: %s" +msgstr "Aufruf von SSL_CTX_load_verify_locations() fehlgeschlagen: %s" + +#: plugins/sudoers/iolog_client.c:339 +msgid "Signed certificate file is not set in sudoers" +msgstr "Zertifikats-Datei ist nicht in der sudoers-Datei angegeben" -#: plugins/sudoers/iolog.c:1073 +#: plugins/sudoers/iolog_client.c:345 #, c-format -msgid "%s: internal error, I/O log file for event %d not open" -msgstr "%s: Interner Fehler, Logdatei für Event %d nicht geöffnet!" +msgid "Unable to load cert into the ssl context: %s" +msgstr "Kann das Zertifikat nicht in den SSL-Kontext laden: %s" -#: plugins/sudoers/iolog.c:1233 +#: plugins/sudoers/iolog_client.c:356 #, c-format -msgid "%s: internal error, invalid signal %d" -msgstr "%s: Interner Fehler, ungültiges Signal %d" +msgid "Unable to load private key into the ssl context: %s" +msgstr "Kann den privaten Schlüssel nicht in den SSL-Kontext laden: %s" -#: plugins/sudoers/iolog_util.c:90 +#: plugins/sudoers/iolog_client.c:363 #, c-format -msgid "%s: invalid log file" -msgstr "%s: ungültige Protokolldatei" +msgid "Unable to allocate ssl object: %s" +msgstr "Kann kein SSL-Objekt anlegen: %s" -#: plugins/sudoers/iolog_util.c:108 +#: plugins/sudoers/iolog_client.c:369 #, c-format -msgid "%s: time stamp field is missing" -msgstr "%s: Das Feld für den Zeitstempel fehlt" +msgid "Unable to attach socket to the ssl object: %s" +msgstr "Kann den Socket nicht an das SSL-Objekt anhängen: %s" -#: plugins/sudoers/iolog_util.c:114 +#: plugins/sudoers/iolog_client.c:457 #, c-format -msgid "%s: time stamp %s: %s" -msgstr "%s: Zeitstempel %s: %s" +msgid "SSL_connect failed: ssl_error=%d, stack=%s" +msgstr "SSL_connect fehlgeschlagen: ssl_error=%d, stack=%s" -#: plugins/sudoers/iolog_util.c:121 +#: plugins/sudoers/iolog_client.c:599 #, c-format -msgid "%s: user field is missing" -msgstr "%s: Das Benutzerfeld fehlt" +msgid "client message too large: %zu" +msgstr "Client-Nachricht ist zu groß: %zu" + +#: plugins/sudoers/iolog_client.c:656 plugins/sudoers/iolog_client.c:844 +msgid "unable to get time of day" +msgstr "Die aktuelle Zeit kann nicht ausgelesen werden" -#: plugins/sudoers/iolog_util.c:130 +#: plugins/sudoers/iolog_client.c:871 #, c-format -msgid "%s: runas user field is missing" -msgstr "%s: Das Feld für den »runas«-Benutzer fehlt" +msgid "%s: internal error, invalid exit status %d" +msgstr "%s: Interner Fehler, ungültiger Exit-Status %d" + +#: plugins/sudoers/iolog_client.c:1104 +msgid "TLS initialization was unsuccessful" +msgstr "TLS Initialisierung war nicht erfolgreich" -#: plugins/sudoers/iolog_util.c:139 +#: plugins/sudoers/iolog_client.c:1109 +msgid "TLS handshake was unsuccessful" +msgstr "TLS Handshake war nicht erfolgreich" + +#: plugins/sudoers/iolog_client.c:1361 #, c-format -msgid "%s: runas group field is missing" -msgstr "%s: Das Feld für die »runas«-Gruppe fehlt" +msgid "SSL_read failed: ssl_error=%d, stack=%s" +msgstr "SSL_read fehlgeschlagen: ssl_error=%d, stack=%s" + +#: plugins/sudoers/iolog_client.c:1384 +msgid "lost connection to log server" +msgstr "Verbindung zum Logserver verloren" + +#: plugins/sudoers/iolog_client.c:1397 +#, c-format +msgid "server message too large: %u" +msgstr "Server-Nachricht ist zu groß: %u" + +#: plugins/sudoers/iolog_client.c:1461 +msgid "missing write buffer" +msgstr "Schreib-Puffer fehlt" + +#: plugins/sudoers/iolog_client.c:1486 +#, c-format +msgid "SSL_write failed: ssl_error=%d, stack=%s" +msgstr "SSL_write fehlgeschlagen: ssl_error=%d, stack=%s" + +#: plugins/sudoers/iolog_client.c:1610 +#, c-format +msgid "unknown address family: %d" +msgstr "Unbekannter Adress-Familie: %d" #: plugins/sudoers/ldap.c:178 plugins/sudoers/ldap_conf.c:296 msgid "starttls not supported when using ldaps" @@ -1449,7 +1983,7 @@ msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls ist angegeben, aber die LDAP-Bibliotheken unterstützen ldap_start_tls_s() und ldap_start_tls_s_np() nicht" -#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:734 +#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:747 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "Ungültiges »sudoOrder« Attribut: %s" @@ -1467,7 +2001,7 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "ldap- und ldaps-Adressen können nicht zusammen verwendet werden" -#: plugins/sudoers/ldap_util.c:456 plugins/sudoers/ldap_util.c:458 +#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "sudoOption kann nicht konvertiert werden: %s%s%s" @@ -1480,80 +2014,62 @@ msgid "unable to send audit message" msgstr "Die Audit-Nachricht kann nicht gesendet werden" -#: plugins/sudoers/logging.c:120 -#, c-format -msgid "%8s : %s" -msgstr "%8s : %s" - -#: plugins/sudoers/logging.c:148 -#, c-format -msgid "%8s : (command continued) %s" -msgstr "%8s : (Befehl fortgesetzt) %s" - -#: plugins/sudoers/logging.c:177 +#: plugins/sudoers/logging.c:175 #, c-format msgid "unable to open log file: %s" msgstr "Die Protokolldatei kann nicht geöffnet werden: %s" -#: plugins/sudoers/logging.c:185 +#: plugins/sudoers/logging.c:183 #, c-format msgid "unable to lock log file: %s" msgstr "Die Sperrdatei kann nicht geöffnet werden: %s" -#: plugins/sudoers/logging.c:218 +#: plugins/sudoers/logging.c:216 #, c-format msgid "unable to write log file: %s" msgstr "In die Logdatei kann nicht geschrieben werden: %s" -#: plugins/sudoers/logging.c:248 -msgid "No user or host" -msgstr "Kein Benutzer oder Rechner angegeben" - -#: plugins/sudoers/logging.c:250 -msgid "validation failure" -msgstr "Fehler bei der Validierung" - -#: plugins/sudoers/logging.c:261 +#: plugins/sudoers/logging.c:249 msgid "user NOT in sudoers" msgstr "Der Benutzer ist NICHT in der sudoers-Datei enthalten" -#: plugins/sudoers/logging.c:263 +#: plugins/sudoers/logging.c:251 msgid "user NOT authorized on host" msgstr "Der Benutzer ist NICHT auf dem Rechner autorisiert" -#: plugins/sudoers/logging.c:265 +#: plugins/sudoers/logging.c:253 msgid "command not allowed" msgstr "Der Befehl ist nicht erlaubt" -#: plugins/sudoers/logging.c:301 +#: plugins/sudoers/logging.c:296 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s ist nicht in der sudoers-Datei. Dieser Vorfall wird gemeldet.\n" -#: plugins/sudoers/logging.c:304 +#: plugins/sudoers/logging.c:299 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s darf sudo für %s nicht verwenden. Dieser Vorfall wird gemeldet.\n" -#: plugins/sudoers/logging.c:308 +#: plugins/sudoers/logging.c:303 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Leider darf der Benutzer %s sudo für %s nicht verwenden.\n" -#: plugins/sudoers/logging.c:311 +#: plugins/sudoers/logging.c:306 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Leider darf der Benutzer %s »%s%s%s« als %s%s%s auf %s nicht ausführen.\n" -#: plugins/sudoers/logging.c:348 plugins/sudoers/sudoers.c:442 -#: plugins/sudoers/sudoers.c:444 plugins/sudoers/sudoers.c:446 -#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:603 -#: plugins/sudoers/sudoers.c:605 +#: plugins/sudoers/logging.c:343 plugins/sudoers/sudoers.c:518 +#: plugins/sudoers/sudoers.c:520 plugins/sudoers/sudoers.c:522 +#: plugins/sudoers/sudoers.c:524 plugins/sudoers/sudoers.c:675 +#: plugins/sudoers/sudoers.c:677 #, c-format msgid "%s: command not found" msgstr "%s: Befehl nicht gefunden" -#: plugins/sudoers/logging.c:350 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/logging.c:345 plugins/sudoers/sudoers.c:514 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -1562,52 +2078,46 @@ "Im aktuellen Verzeichnis ».« gefundenes »%s« wird ignoriert.\n" "Verwenden Sie »sudo ./%s«, wenn dies der gewünschte Befehl »%s« ist." -#: plugins/sudoers/logging.c:367 +#: plugins/sudoers/logging.c:362 msgid "authentication failure" msgstr "Fehler bei der Authentifizierung" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:388 msgid "a password is required" msgstr "Ein Passwort ist notwendig" -#: plugins/sudoers/logging.c:463 +#: plugins/sudoers/logging.c:458 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u Fehlversuch bei der Passwort-Eingabe" msgstr[1] "%u Fehlversuche bei der Passwort-Eingabe" -#: plugins/sudoers/logging.c:728 +#: plugins/sudoers/logging.c:722 #, c-format msgid "unable to dup stdin: %m" msgstr "Die Standardeingabe kann nicht dupliziert werden: %m" -#: plugins/sudoers/logging.c:768 +#: plugins/sudoers/logging.c:759 #, c-format msgid "unable to execute %s: %m" msgstr "%s kann nicht ausgeführt werden: %m" -#: plugins/sudoers/logging.c:809 plugins/sudoers/logging.c:865 +#: plugins/sudoers/logging.c:800 plugins/sudoers/logging.c:856 #, c-format msgid "unable to fork: %m" msgstr "Fehler bei fork(): %m" -#: plugins/sudoers/logging.c:855 +#: plugins/sudoers/logging.c:846 #, c-format msgid "unable to open pipe: %m" msgstr "Die Pipe kann nicht geöffnet werden: %m" -#: plugins/sudoers/match_digest.c:103 +#: plugins/sudoers/match_digest.c:123 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "Prüfsumme für %s (%s) ist nicht in der Form %s" -#: plugins/sudoers/mkdir_parents.c:77 plugins/sudoers/sudoers.c:943 -#: plugins/sudoers/visudo.c:437 plugins/sudoers/visudo.c:733 -#, c-format -msgid "unable to stat %s" -msgstr "stat konnte nicht auf %s angewendet werden" - #: plugins/sudoers/parse.c:449 #, c-format msgid "" @@ -1666,22 +2176,22 @@ msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Der Benutzer %s darf sudo auf dem Rechner %s nicht ausführen.\n" -#: plugins/sudoers/parse_ldif.c:604 +#: plugins/sudoers/parse_ldif.c:617 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "ignoriere die unvollständige sudoRole: cn: %s" -#: plugins/sudoers/parse_ldif.c:664 +#: plugins/sudoers/parse_ldif.c:677 #, c-format msgid "invalid LDIF attribute: %s" msgstr "Ungültiges LDIF-Attribut: %s" -#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:116 +#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:115 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "ungültige Option »%.*s« durch das sudo-Frontend angegeben" -#: plugins/sudoers/policy.c:295 plugins/sudoers/testsudoers.c:280 +#: plugins/sudoers/policy.c:294 plugins/sudoers/testsudoers.c:280 msgid "unable to parse network address list" msgstr "Die Netzwerkadressliste kann nicht eingelesen werden" @@ -1701,23 +2211,23 @@ msgid "host name not set by sudo front-end" msgstr "Hostname nicht durch das sudo-Frontend angegeben" -#: plugins/sudoers/policy.c:808 plugins/sudoers/visudo.c:236 +#: plugins/sudoers/policy.c:897 plugins/sudoers/visudo.c:236 #: plugins/sudoers/visudo.c:867 #, c-format msgid "unable to execute %s" msgstr "%s kann nicht ausgeführt werden" -#: plugins/sudoers/policy.c:939 +#: plugins/sudoers/policy.c:1055 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Sudoers-Policy-Plugin Version %s\n" -#: plugins/sudoers/policy.c:941 +#: plugins/sudoers/policy.c:1057 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Sudoers-Datei-Grammatik-Version %d\n" -#: plugins/sudoers/policy.c:945 +#: plugins/sudoers/policy.c:1061 #, c-format msgid "" "\n" @@ -1726,22 +2236,22 @@ "\n" "Sudoers-Pfad: %s\n" -#: plugins/sudoers/policy.c:948 +#: plugins/sudoers/policy.c:1064 #, c-format msgid "nsswitch path: %s\n" msgstr "nsswitch-Pfad: %s\n" -#: plugins/sudoers/policy.c:950 +#: plugins/sudoers/policy.c:1066 #, c-format msgid "ldap.conf path: %s\n" msgstr "ldap.conf-Pfad: %s\n" -#: plugins/sudoers/policy.c:951 +#: plugins/sudoers/policy.c:1067 #, c-format msgid "ldap.secret path: %s\n" msgstr "ldap.secret-Pfad: %s\n" -#: plugins/sudoers/policy.c:984 +#: plugins/sudoers/policy.c:1100 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "Der Hook vom Typ %d kann nicht registriert werden (Version %d.%d)" @@ -1810,48 +2320,48 @@ msgid "unable to parse gids for %s" msgstr "Die Gruppen für %s können nicht geparst werden" -#: plugins/sudoers/set_perms.c:120 plugins/sudoers/set_perms.c:478 -#: plugins/sudoers/set_perms.c:921 plugins/sudoers/set_perms.c:1254 -#: plugins/sudoers/set_perms.c:1573 +#: plugins/sudoers/set_perms.c:120 plugins/sudoers/set_perms.c:447 +#: plugins/sudoers/set_perms.c:850 plugins/sudoers/set_perms.c:1156 +#: plugins/sudoers/set_perms.c:1450 msgid "perm stack overflow" msgstr "Stack-Überlauf der Zugriffsrechte" -#: plugins/sudoers/set_perms.c:128 plugins/sudoers/set_perms.c:409 -#: plugins/sudoers/set_perms.c:486 plugins/sudoers/set_perms.c:788 -#: plugins/sudoers/set_perms.c:929 plugins/sudoers/set_perms.c:1178 -#: plugins/sudoers/set_perms.c:1262 plugins/sudoers/set_perms.c:1506 -#: plugins/sudoers/set_perms.c:1581 plugins/sudoers/set_perms.c:1672 +#: plugins/sudoers/set_perms.c:128 plugins/sudoers/set_perms.c:378 +#: plugins/sudoers/set_perms.c:455 plugins/sudoers/set_perms.c:717 +#: plugins/sudoers/set_perms.c:858 plugins/sudoers/set_perms.c:1080 +#: plugins/sudoers/set_perms.c:1164 plugins/sudoers/set_perms.c:1383 +#: plugins/sudoers/set_perms.c:1458 plugins/sudoers/set_perms.c:1548 msgid "perm stack underflow" msgstr "Stack-Bereichsunterschreitung der Zugriffsrechte" -#: plugins/sudoers/set_perms.c:187 plugins/sudoers/set_perms.c:532 -#: plugins/sudoers/set_perms.c:1315 plugins/sudoers/set_perms.c:1614 +#: plugins/sudoers/set_perms.c:187 plugins/sudoers/set_perms.c:501 +#: plugins/sudoers/set_perms.c:1217 plugins/sudoers/set_perms.c:1491 msgid "unable to change to root gid" msgstr "Wechsel zur root-GID ist nicht möglich" -#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:629 -#: plugins/sudoers/set_perms.c:1060 plugins/sudoers/set_perms.c:1392 +#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:598 +#: plugins/sudoers/set_perms.c:989 plugins/sudoers/set_perms.c:1294 msgid "unable to change to runas gid" msgstr "Wechsel zur runas-UID ist nicht möglich" -#: plugins/sudoers/set_perms.c:283 plugins/sudoers/set_perms.c:634 -#: plugins/sudoers/set_perms.c:1065 plugins/sudoers/set_perms.c:1397 +#: plugins/sudoers/set_perms.c:283 plugins/sudoers/set_perms.c:603 +#: plugins/sudoers/set_perms.c:994 plugins/sudoers/set_perms.c:1299 msgid "unable to set runas group vector" msgstr "Die runas-Gruppen können nicht gesetzt werden" -#: plugins/sudoers/set_perms.c:294 plugins/sudoers/set_perms.c:645 -#: plugins/sudoers/set_perms.c:1074 plugins/sudoers/set_perms.c:1406 +#: plugins/sudoers/set_perms.c:294 plugins/sudoers/set_perms.c:614 +#: plugins/sudoers/set_perms.c:1003 plugins/sudoers/set_perms.c:1308 msgid "unable to change to runas uid" msgstr "Wechsel zur runas-GID ist nicht möglich" -#: plugins/sudoers/set_perms.c:312 plugins/sudoers/set_perms.c:663 -#: plugins/sudoers/set_perms.c:1090 plugins/sudoers/set_perms.c:1422 +#: plugins/sudoers/set_perms.c:312 plugins/sudoers/set_perms.c:632 +#: plugins/sudoers/set_perms.c:1019 plugins/sudoers/set_perms.c:1324 msgid "unable to change to sudoers gid" msgstr "Wechsel zur sudoers-GID ist nicht möglich" -#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 -#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 -#: plugins/sudoers/set_perms.c:1659 +#: plugins/sudoers/set_perms.c:365 plugins/sudoers/set_perms.c:704 +#: plugins/sudoers/set_perms.c:1067 plugins/sudoers/set_perms.c:1370 +#: plugins/sudoers/set_perms.c:1535 msgid "too many processes" msgstr "Zu viele Prozesse" @@ -1884,211 +2394,230 @@ msgid "unable to find symbol \"%s\" in %s" msgstr "Das Symbol »%s« kann in %s nicht gefunden werden" -#: plugins/sudoers/sudoers.c:212 plugins/sudoers/sudoers.c:871 +#: plugins/sudoers/sudoers.c:221 plugins/sudoers/sudoers.c:958 msgid "problem with defaults entries" msgstr "Problem mit den Standard-Einträgen" -#: plugins/sudoers/sudoers.c:216 +#: plugins/sudoers/sudoers.c:225 msgid "no valid sudoers sources found, quitting" msgstr "Keine gültige sudoers-Quelle gefunden, Programmende" -#: plugins/sudoers/sudoers.c:254 +#: plugins/sudoers/sudoers.c:301 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers gibt an, dass root sudo nicht verwenden darf" -#: plugins/sudoers/sudoers.c:312 +#: plugins/sudoers/sudoers.c:361 +msgid "user not allowed to override closefrom limit" +msgstr "Der Benutzer darf das »closefrom«-Limit nicht überschreiben" + +#: plugins/sudoers/sudoers.c:362 msgid "you are not permitted to use the -C option" msgstr "Sie dürfen die Option -C nicht verwenden" -#: plugins/sudoers/sudoers.c:359 +#: plugins/sudoers/sudoers.c:426 #, c-format msgid "timestamp owner (%s): No such user" msgstr "Zeitstempelbesitzer (%s): Benutzer existiert nicht" -#: plugins/sudoers/sudoers.c:374 +#: plugins/sudoers/sudoers.c:441 msgid "no tty" msgstr "Kein tty" -#: plugins/sudoers/sudoers.c:375 +#: plugins/sudoers/sudoers.c:442 msgid "sorry, you must have a tty to run sudo" msgstr "Sie müssen ein TTY haben, um sudo zu verwenden" -#: plugins/sudoers/sudoers.c:437 +#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:450 +#, c-format +msgid "invalid shell for user %s: %s" +msgstr "Ungültiger Shell für den Benutzer %s: %s" + +#: plugins/sudoers/sudoers.c:513 msgid "command in current directory" msgstr "Befehl ist im aktuellen Verzeichnis" -#: plugins/sudoers/sudoers.c:456 +#: plugins/sudoers/sudoers.c:532 +msgid "user not allowed to set a command timeout" +msgstr "Der Benutzer darf keinen Kommand-Timeout angeben" + +#: plugins/sudoers/sudoers.c:533 msgid "sorry, you are not allowed set a command timeout" msgstr "Sie dürfen keinen Timeout angeben" -#: plugins/sudoers/sudoers.c:464 +#: plugins/sudoers/sudoers.c:541 +msgid "user not allowed to set a preserve the environment" +msgstr "Der Benutzer darf das Environment nicht erhalten" + +#: plugins/sudoers/sudoers.c:542 msgid "sorry, you are not allowed to preserve the environment" msgstr "Sie dürfen das Environment nicht erhalten" -#: plugins/sudoers/sudoers.c:815 +#: plugins/sudoers/sudoers.c:893 msgid "command too long" msgstr "Der Befehl ist zu lang" -#: plugins/sudoers/sudoers.c:947 +#: plugins/sudoers/sudoers.c:951 +msgid "sudoedit doesn't need to be run via sudo" +msgstr "»sudoedit« muss nicht mittels »sudo« aufgerufen werden" + +#: plugins/sudoers/sudoers.c:1005 plugins/sudoers/sudoreplay.c:1502 +#: plugins/sudoers/tsdump.c:145 +#, c-format +msgid "unable to read %s" +msgstr "Die Datei »%s« kann nicht gelesen werden" + +#: plugins/sudoers/sudoers.c:1030 plugins/sudoers/visudo.c:437 +#: plugins/sudoers/visudo.c:733 +#, c-format +msgid "unable to stat %s" +msgstr "stat konnte nicht auf %s angewendet werden" + +#: plugins/sudoers/sudoers.c:1034 #, c-format msgid "%s is not a regular file" msgstr "%s ist keine reguläre Datei" -#: plugins/sudoers/sudoers.c:951 plugins/sudoers/timestamp.c:259 toke.l:967 +#: plugins/sudoers/sudoers.c:1038 plugins/sudoers/timestamp.c:259 toke.l:967 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s gehört UID %u, sollte UID %u gehören" -#: plugins/sudoers/sudoers.c:955 toke.l:972 +#: plugins/sudoers/sudoers.c:1042 toke.l:972 #, c-format msgid "%s is world writable" msgstr "%s ist für alle beschreibbar (world writable)" -#: plugins/sudoers/sudoers.c:959 toke.l:975 +#: plugins/sudoers/sudoers.c:1046 toke.l:975 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s gehört GID %u, sollte allerdings %u gehören" -#: plugins/sudoers/sudoers.c:992 +#: plugins/sudoers/sudoers.c:1079 #, c-format msgid "only root can use \"-c %s\"" msgstr "Nur root kann »-c %s« verwenden" -#: plugins/sudoers/sudoers.c:1011 +#: plugins/sudoers/sudoers.c:1098 #, c-format msgid "unknown login class: %s" msgstr "Unbekannte Anmeldeklasse: %s" -#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoers.c:1110 +#: plugins/sudoers/sudoers.c:1183 plugins/sudoers/sudoers.c:1198 #, c-format msgid "unable to resolve host %s" msgstr "Hostname %s kann nicht aufgelöst werden" -#: plugins/sudoers/sudoreplay.c:250 +#: plugins/sudoers/sudoreplay.c:263 #, c-format msgid "invalid filter option: %s" msgstr "Ungültige Filteroption: %s" -#: plugins/sudoers/sudoreplay.c:263 +#: plugins/sudoers/sudoreplay.c:276 #, c-format msgid "invalid max wait: %s" msgstr "Ungültige maximale Wartezeit: %s" -#: plugins/sudoers/sudoreplay.c:286 +#: plugins/sudoers/sudoreplay.c:299 #, c-format msgid "invalid speed factor: %s" msgstr "Ungültiger Geschwindigkeitsfaktor: %s" -#: plugins/sudoers/sudoreplay.c:321 +#: plugins/sudoers/sudoreplay.c:335 #, c-format -msgid "%s/%.2s/%.2s/%.2s/timing: %s" -msgstr "%s/%.2s/%.2s/%.2s/Zeit: %s" +msgid "%s/%.2s/%.2s/%.2s: %s" +msgstr "%s/%.2s/%.2s/%.2s: %s" -#: plugins/sudoers/sudoreplay.c:326 +#: plugins/sudoers/sudoreplay.c:340 #, c-format msgid "%s/timing: %s" msgstr "%s/Zeit: %s" -#: plugins/sudoers/sudoreplay.c:330 +#: plugins/sudoers/sudoreplay.c:344 #, c-format -msgid "%s/%s/timing: %s" -msgstr "%s/%s/Zeit: %s" +msgid "%s/%s: %s" +msgstr "%s/%s: %s" -#: plugins/sudoers/sudoreplay.c:346 +#: plugins/sudoers/sudoreplay.c:372 #, c-format msgid "Replaying sudo session: %s" msgstr "Sudo-Sitzung wird abgespielt: %s" -#: plugins/sudoers/sudoreplay.c:544 plugins/sudoers/sudoreplay.c:591 -#: plugins/sudoers/sudoreplay.c:789 plugins/sudoers/sudoreplay.c:898 -#: plugins/sudoers/sudoreplay.c:983 plugins/sudoers/sudoreplay.c:998 -#: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/sudoreplay.c:1012 -#: plugins/sudoers/sudoreplay.c:1019 plugins/sudoers/sudoreplay.c:1026 -#: plugins/sudoers/sudoreplay.c:1174 -msgid "unable to add event to queue" -msgstr "Event kann nicht zur Warteschlange hinzugefügt werden" - -#: plugins/sudoers/sudoreplay.c:659 +#: plugins/sudoers/sudoreplay.c:634 msgid "unable to set tty to raw mode" msgstr "TTY konnte nicht in den Raw-Modus versetzt werden" -#: plugins/sudoers/sudoreplay.c:710 +#: plugins/sudoers/sudoreplay.c:685 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "" "Warnung: Ihr Terminal ist zu klein, um das Protokoll korrekt\n" "wiederzugeben.\n" -#: plugins/sudoers/sudoreplay.c:711 +#: plugins/sudoers/sudoreplay.c:686 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Protokollgeometrie ist %d x %d, die Geometrie Ihres Terminals ist %d x %d." -#: plugins/sudoers/sudoreplay.c:739 +#: plugins/sudoers/sudoreplay.c:714 msgid "Replay finished, press any key to restore the terminal." msgstr "Wiedergabe beendet, eine Taste drücken um das Terminal wiederherzustellen." -#: plugins/sudoers/sudoreplay.c:772 -#, c-format -msgid "invalid timing file line: %s" -msgstr "Ungültige Zeitdateizeile: %s" - -#: plugins/sudoers/sudoreplay.c:1208 plugins/sudoers/sudoreplay.c:1233 +#: plugins/sudoers/sudoreplay.c:1161 plugins/sudoers/sudoreplay.c:1186 #, c-format msgid "ambiguous expression \"%s\"" msgstr "Mehrdeutiger Ausdruck »%s«" -#: plugins/sudoers/sudoreplay.c:1255 +#: plugins/sudoers/sudoreplay.c:1208 msgid "unmatched ')' in expression" msgstr "»)« ohne öffnende Klammer im Ausdruck" -#: plugins/sudoers/sudoreplay.c:1259 +#: plugins/sudoers/sudoreplay.c:1212 #, c-format msgid "unknown search term \"%s\"" msgstr "Unbekannter Suchbegriff »%s«" -#: plugins/sudoers/sudoreplay.c:1274 +#: plugins/sudoers/sudoreplay.c:1227 #, c-format msgid "%s requires an argument" msgstr "%s erfordert ein Argument" -#: plugins/sudoers/sudoreplay.c:1277 plugins/sudoers/sudoreplay.c:1518 +#: plugins/sudoers/sudoreplay.c:1230 plugins/sudoers/sudoreplay.c:1478 #, c-format msgid "invalid regular expression: %s" msgstr "ungültiger regulärer Ausdruck: %s" -#: plugins/sudoers/sudoreplay.c:1281 +#: plugins/sudoers/sudoreplay.c:1234 #, c-format msgid "could not parse date \"%s\"" msgstr "Datum »%s« konnte nicht analysiert werden" -#: plugins/sudoers/sudoreplay.c:1290 +#: plugins/sudoers/sudoreplay.c:1243 msgid "unmatched '(' in expression" msgstr "»(« ohne schließende Klammer im Ausdruck" -#: plugins/sudoers/sudoreplay.c:1292 +#: plugins/sudoers/sudoreplay.c:1245 msgid "illegal trailing \"or\"" msgstr "Ungültiges nachgestelltes »or«" -#: plugins/sudoers/sudoreplay.c:1294 +#: plugins/sudoers/sudoreplay.c:1247 msgid "illegal trailing \"!\"" msgstr "Ungültiges nachgestelltes »!«" -#: plugins/sudoers/sudoreplay.c:1344 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "unknown search type %d" msgstr "Unbekannter Suchtyp %d" -#: plugins/sudoers/sudoreplay.c:1611 +#: plugins/sudoers/sudoreplay.c:1569 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "Aufruf: %s [-hnRS] [-d Verzeichnis] [-m Max_Wartezeit] [-s Geschwindigkeitsfaktor] ID\n" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1572 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "Aufruf: %s [-h] [-d Verzeichnis] -l [Suchausdruck]\n" -#: plugins/sudoers/sudoreplay.c:1623 +#: plugins/sudoers/sudoreplay.c:1581 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2097,7 +2626,7 @@ "%s – sudo-Sitzungsprotokolle abspielen\n" "\n" -#: plugins/sudoers/sudoreplay.c:1625 +#: plugins/sudoers/sudoreplay.c:1583 msgid "" "\n" "Options:\n" @@ -2163,35 +2692,34 @@ msgid "%s is group writable" msgstr "%s ist für die Gruppe beschreibbar" -#: plugins/sudoers/timestamp.c:343 +#: plugins/sudoers/timestamp.c:343 plugins/sudoers/timestamp.c:687 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "Die Zeitstempeldatei kann nicht auf %lld Bytes abgeschnitten werden" -#: plugins/sudoers/timestamp.c:829 plugins/sudoers/timestamp.c:921 -#: plugins/sudoers/visudo.c:498 plugins/sudoers/visudo.c:504 -msgid "unable to read the clock" -msgstr "Die Uhrzeit kann nicht ausgelesen werden" - -#: plugins/sudoers/timestamp.c:840 +#: plugins/sudoers/timestamp.c:873 msgid "ignoring time stamp from the future" msgstr "Zeitstempel aus der Zukunft wird ignoriert" -#: plugins/sudoers/timestamp.c:863 +#: plugins/sudoers/timestamp.c:896 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "Zeitstempel ist zu weit in der Zukunft: %20.20s" -#: plugins/sudoers/timestamp.c:985 +#: plugins/sudoers/timestamp.c:1018 #, c-format msgid "unable to lock time stamp file %s" msgstr "Die Zeitstempeldatei »%s« kann nicht gesperrt werden" -#: plugins/sudoers/timestamp.c:1029 plugins/sudoers/timestamp.c:1049 +#: plugins/sudoers/timestamp.c:1062 plugins/sudoers/timestamp.c:1082 #, c-format msgid "lecture status path too long: %s/%s" msgstr "Pfad zur Belehrung ist zu lang: %s/%s" +#: plugins/sudoers/toke_util.c:132 +msgid "sudoedit should not be specified with a path" +msgstr "»sudoedit« sollte nicht mit einem Pfad angegeben werden" + #: plugins/sudoers/visudo.c:232 msgid "the -x option will be removed in a future release" msgstr "Die Option »-x» wird in einer zukünftigen Version entfernt" @@ -2382,3 +2910,12 @@ #: toke.l:941 msgid "too many levels of includes" msgstr "Zu viele geschachtelte include-Einträge" + +#~ msgid "No user or host" +#~ msgstr "Kein Benutzer oder Rechner angegeben" + +#~ msgid "validation failure" +#~ msgstr "Fehler bei der Validierung" + +#~ msgid "%s/%s/timing: %s" +#~ msgstr "%s/%s/Zeit: %s" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/plugins/sudoers/po/fi.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/plugins/sudoers/po/fi.mo differ diff -Nru sudo-1.8.31/plugins/sudoers/po/fi.po sudo-1.9.0/plugins/sudoers/po/fi.po --- sudo-1.8.31/plugins/sudoers/po/fi.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/po/fi.po 2020-05-11 16:28:23.000000000 +0000 @@ -6,10 +6,10 @@ # msgid "" msgstr "" -"Project-Id-Version: sudoers 1.8.29rc1\n" +"Project-Id-Version: sudoers 1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-12-05 23:24+0200\n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-03-25 01:10+0200\n" "Last-Translator: Lauri Nurmi \n" "Language-Team: Finnish \n" "Language: fi\n" @@ -18,7 +18,7 @@ "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" -"X-Generator: Poedit 2.2.4\n" +"X-Generator: Poedit 2.3\n" #: confstr.sh:1 msgid "syntax error" @@ -44,70 +44,75 @@ msgid "Sorry, try again." msgstr "Yritä uudelleen." -#: gram.y:196 gram.y:244 gram.y:251 gram.y:258 gram.y:265 gram.y:272 -#: gram.y:288 gram.y:312 gram.y:319 gram.y:326 gram.y:333 gram.y:340 -#: gram.y:403 gram.y:412 gram.y:423 gram.y:456 gram.y:463 gram.y:470 -#: gram.y:477 gram.y:559 gram.y:566 gram.y:575 gram.y:584 gram.y:601 -#: gram.y:713 gram.y:720 gram.y:727 gram.y:735 gram.y:835 gram.y:842 -#: gram.y:849 gram.y:856 gram.y:863 gram.y:889 gram.y:896 gram.y:903 -#: gram.y:1026 gram.y:1303 plugins/sudoers/alias.c:132 -#: plugins/sudoers/alias.c:139 plugins/sudoers/alias.c:155 -#: plugins/sudoers/auth/bsdauth.c:148 plugins/sudoers/auth/kerb5.c:123 -#: plugins/sudoers/auth/kerb5.c:149 plugins/sudoers/auth/pam.c:670 -#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/auth/sia.c:64 -#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:165 -#: plugins/sudoers/cvtsudoers.c:182 plugins/sudoers/cvtsudoers.c:193 -#: plugins/sudoers/cvtsudoers.c:305 plugins/sudoers/cvtsudoers.c:433 -#: plugins/sudoers/cvtsudoers.c:566 plugins/sudoers/cvtsudoers.c:583 -#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 -#: plugins/sudoers/cvtsudoers.c:769 plugins/sudoers/cvtsudoers.c:1179 -#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1285 +#: gram.y:198 gram.y:246 gram.y:253 gram.y:260 gram.y:267 gram.y:274 +#: gram.y:290 gram.y:314 gram.y:321 gram.y:328 gram.y:335 gram.y:342 +#: gram.y:405 gram.y:414 gram.y:425 gram.y:458 gram.y:465 gram.y:472 +#: gram.y:479 gram.y:506 gram.y:578 gram.y:585 gram.y:594 gram.y:603 +#: gram.y:620 gram.y:732 gram.y:739 gram.y:747 gram.y:753 gram.y:853 +#: gram.y:860 gram.y:867 gram.y:874 gram.y:881 gram.y:907 gram.y:914 +#: gram.y:921 gram.y:1063 gram.y:1342 lib/iolog/iolog_util.c:79 +#: lib/iolog/iolog_util.c:118 lib/iolog/iolog_util.c:127 +#: lib/iolog/iolog_util.c:137 lib/iolog/iolog_util.c:145 +#: lib/iolog/iolog_util.c:149 logsrvd/eventlog.c:223 logsrvd/sendlog.c:286 +#: plugins/sudoers/alias.c:132 plugins/sudoers/alias.c:139 +#: plugins/sudoers/alias.c:155 plugins/sudoers/auth/bsdauth.c:148 +#: plugins/sudoers/auth/kerb5.c:123 plugins/sudoers/auth/kerb5.c:149 +#: plugins/sudoers/auth/pam.c:673 plugins/sudoers/auth/rfc1938.c:116 +#: plugins/sudoers/auth/sia.c:64 plugins/sudoers/cvtsudoers.c:124 +#: plugins/sudoers/cvtsudoers.c:165 plugins/sudoers/cvtsudoers.c:182 +#: plugins/sudoers/cvtsudoers.c:193 plugins/sudoers/cvtsudoers.c:305 +#: plugins/sudoers/cvtsudoers.c:433 plugins/sudoers/cvtsudoers.c:566 +#: plugins/sudoers/cvtsudoers.c:583 plugins/sudoers/cvtsudoers.c:646 +#: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:769 +#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1187 +#: plugins/sudoers/cvtsudoers.c:1289 plugins/sudoers/cvtsudoers_json.c:83 #: plugins/sudoers/cvtsudoers_ldif.c:154 plugins/sudoers/cvtsudoers_ldif.c:197 -#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:263 -#: plugins/sudoers/cvtsudoers_ldif.c:334 plugins/sudoers/cvtsudoers_ldif.c:389 -#: plugins/sudoers/cvtsudoers_ldif.c:397 plugins/sudoers/cvtsudoers_ldif.c:414 -#: plugins/sudoers/cvtsudoers_ldif.c:423 plugins/sudoers/cvtsudoers_ldif.c:570 -#: plugins/sudoers/defaults.c:666 plugins/sudoers/defaults.c:959 -#: plugins/sudoers/defaults.c:1130 plugins/sudoers/editor.c:72 +#: plugins/sudoers/cvtsudoers_ldif.c:238 plugins/sudoers/cvtsudoers_ldif.c:303 +#: plugins/sudoers/cvtsudoers_ldif.c:374 plugins/sudoers/cvtsudoers_ldif.c:429 +#: plugins/sudoers/cvtsudoers_ldif.c:437 plugins/sudoers/cvtsudoers_ldif.c:454 +#: plugins/sudoers/cvtsudoers_ldif.c:463 plugins/sudoers/cvtsudoers_ldif.c:610 +#: plugins/sudoers/defaults.c:632 plugins/sudoers/defaults.c:925 +#: plugins/sudoers/defaults.c:1058 plugins/sudoers/editor.c:72 #: plugins/sudoers/editor.c:90 plugins/sudoers/editor.c:101 #: plugins/sudoers/env.c:268 plugins/sudoers/filedigest.c:66 #: plugins/sudoers/filedigest.c:82 plugins/sudoers/gc.c:59 -#: plugins/sudoers/group_plugin.c:138 plugins/sudoers/interfaces.c:78 -#: plugins/sudoers/iolog.c:943 plugins/sudoers/iolog_path.c:174 -#: plugins/sudoers/iolog_util.c:86 plugins/sudoers/iolog_util.c:125 -#: plugins/sudoers/iolog_util.c:134 plugins/sudoers/iolog_util.c:144 -#: plugins/sudoers/iolog_util.c:152 plugins/sudoers/iolog_util.c:156 -#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416 -#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887 -#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668 -#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786 -#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022 -#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223 -#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306 -#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446 -#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558 -#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:683 -#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:510 -#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/linux_audit.c:83 -#: plugins/sudoers/logging.c:202 plugins/sudoers/logging.c:532 -#: plugins/sudoers/logging.c:558 plugins/sudoers/logging.c:599 -#: plugins/sudoers/logging.c:740 plugins/sudoers/logging.c:1100 -#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:367 -#: plugins/sudoers/match_command.c:414 plugins/sudoers/match_command.c:485 -#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:200 +#: plugins/sudoers/group_plugin.c:141 plugins/sudoers/interfaces.c:78 +#: plugins/sudoers/iolog.c:476 plugins/sudoers/iolog_client.c:107 +#: plugins/sudoers/iolog_client.c:485 plugins/sudoers/iolog_client.c:593 +#: plugins/sudoers/iolog_client.c:611 plugins/sudoers/iolog_client.c:1053 +#: plugins/sudoers/iolog_client.c:1283 plugins/sudoers/iolog_client.c:1619 +#: plugins/sudoers/iolog_client.c:1647 plugins/sudoers/ldap.c:185 +#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723 +#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241 +#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705 +#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921 +#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038 +#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254 +#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342 +#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461 +#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591 +#: plugins/sudoers/ldap_conf.c:683 plugins/sudoers/ldap_conf.c:765 +#: plugins/sudoers/ldap_util.c:331 plugins/sudoers/ldap_util.c:338 +#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:83 +#: plugins/sudoers/logging.c:200 plugins/sudoers/logging.c:527 +#: plugins/sudoers/logging.c:553 plugins/sudoers/logging.c:594 +#: plugins/sudoers/logging.c:731 plugins/sudoers/logging.c:1091 +#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:397 +#: plugins/sudoers/match_command.c:444 plugins/sudoers/match_command.c:515 +#: plugins/sudoers/match_digest.c:87 plugins/sudoers/parse.c:200 #: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:227 #: plugins/sudoers/parse.c:239 plugins/sudoers/parse_ldif.c:156 #: plugins/sudoers/parse_ldif.c:187 plugins/sudoers/parse_ldif.c:256 #: plugins/sudoers/parse_ldif.c:263 plugins/sudoers/parse_ldif.c:268 #: plugins/sudoers/parse_ldif.c:344 plugins/sudoers/parse_ldif.c:355 -#: plugins/sudoers/parse_ldif.c:361 plugins/sudoers/parse_ldif.c:386 -#: plugins/sudoers/parse_ldif.c:398 plugins/sudoers/parse_ldif.c:402 -#: plugins/sudoers/parse_ldif.c:416 plugins/sudoers/parse_ldif.c:584 -#: plugins/sudoers/parse_ldif.c:614 plugins/sudoers/parse_ldif.c:639 -#: plugins/sudoers/parse_ldif.c:697 plugins/sudoers/parse_ldif.c:714 -#: plugins/sudoers/parse_ldif.c:742 plugins/sudoers/parse_ldif.c:749 -#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:750 +#: plugins/sudoers/parse_ldif.c:382 plugins/sudoers/parse_ldif.c:399 +#: plugins/sudoers/parse_ldif.c:411 plugins/sudoers/parse_ldif.c:415 +#: plugins/sudoers/parse_ldif.c:429 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:627 plugins/sudoers/parse_ldif.c:652 +#: plugins/sudoers/parse_ldif.c:710 plugins/sudoers/parse_ldif.c:727 +#: plugins/sudoers/parse_ldif.c:755 plugins/sudoers/parse_ldif.c:762 +#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:830 #: plugins/sudoers/prompt.c:100 plugins/sudoers/pwutil.c:199 #: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 #: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:586 @@ -117,19 +122,19 @@ #: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 #: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 #: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 -#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 -#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 -#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 -#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 -#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:114 -#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 -#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 -#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 -#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 -#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 -#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:331 plugins/sudoers/sudoers.c:341 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:735 +#: plugins/sudoers/sudoers.c:864 plugins/sudoers/sudoers.c:909 +#: plugins/sudoers/sudoers.c:1213 plugins/sudoers/sudoreplay.c:559 +#: plugins/sudoers/sudoreplay.c:562 plugins/sudoers/sudoreplay.c:1218 +#: plugins/sudoers/sudoreplay.c:1425 plugins/sudoers/sudoreplay.c:1429 +#: plugins/sudoers/testsudoers.c:136 plugins/sudoers/testsudoers.c:236 +#: plugins/sudoers/testsudoers.c:253 plugins/sudoers/testsudoers.c:587 +#: plugins/sudoers/timestamp.c:439 plugins/sudoers/timestamp.c:483 +#: plugins/sudoers/timestamp.c:993 plugins/sudoers/toke_util.c:59 +#: plugins/sudoers/toke_util.c:112 plugins/sudoers/toke_util.c:137 +#: plugins/sudoers/toke_util.c:165 plugins/sudoers/tsdump.c:130 #: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 #: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 #: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 @@ -138,111 +143,116 @@ msgid "unable to allocate memory" msgstr "muistin varaaminen epäonnistui" -#: gram.y:488 +#: gram.y:500 msgid "a digest requires a path name" msgstr "tiiviste vaatii polkunimen" -#: gram.y:614 +#: gram.y:633 msgid "invalid notbefore value" msgstr "virheellinen notbefore-arvo" -#: gram.y:622 +#: gram.y:641 msgid "invalid notafter value" msgstr "virheellinen notafter-arvo" -#: gram.y:631 plugins/sudoers/policy.c:320 +#: gram.y:650 plugins/sudoers/policy.c:319 msgid "timeout value too large" msgstr "aikakatkaisuarvo on liian suuri" -#: gram.y:633 plugins/sudoers/policy.c:322 +#: gram.y:652 plugins/sudoers/policy.c:321 msgid "invalid timeout value" msgstr "virheellinen aikavalvonta-arvo" -#: gram.y:1303 plugins/sudoers/auth/pam.c:483 plugins/sudoers/auth/pam.c:670 -#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/cvtsudoers.c:124 -#: plugins/sudoers/cvtsudoers.c:164 plugins/sudoers/cvtsudoers.c:181 -#: plugins/sudoers/cvtsudoers.c:192 plugins/sudoers/cvtsudoers.c:304 -#: plugins/sudoers/cvtsudoers.c:432 plugins/sudoers/cvtsudoers.c:565 -#: plugins/sudoers/cvtsudoers.c:582 plugins/sudoers/cvtsudoers.c:646 -#: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:768 -#: plugins/sudoers/cvtsudoers.c:1179 plugins/sudoers/cvtsudoers.c:1183 -#: plugins/sudoers/cvtsudoers.c:1285 plugins/sudoers/cvtsudoers_ldif.c:153 -#: plugins/sudoers/cvtsudoers_ldif.c:196 plugins/sudoers/cvtsudoers_ldif.c:243 -#: plugins/sudoers/cvtsudoers_ldif.c:262 plugins/sudoers/cvtsudoers_ldif.c:333 -#: plugins/sudoers/cvtsudoers_ldif.c:388 plugins/sudoers/cvtsudoers_ldif.c:396 -#: plugins/sudoers/cvtsudoers_ldif.c:413 plugins/sudoers/cvtsudoers_ldif.c:422 -#: plugins/sudoers/cvtsudoers_ldif.c:569 plugins/sudoers/defaults.c:666 -#: plugins/sudoers/defaults.c:959 plugins/sudoers/defaults.c:1130 +#: gram.y:1342 lib/iolog/iolog_util.c:79 lib/iolog/iolog_util.c:118 +#: lib/iolog/iolog_util.c:127 lib/iolog/iolog_util.c:137 +#: lib/iolog/iolog_util.c:145 lib/iolog/iolog_util.c:149 +#: logsrvd/eventlog.c:223 plugins/sudoers/auth/pam.c:486 +#: plugins/sudoers/auth/pam.c:673 plugins/sudoers/auth/rfc1938.c:116 +#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:164 +#: plugins/sudoers/cvtsudoers.c:181 plugins/sudoers/cvtsudoers.c:192 +#: plugins/sudoers/cvtsudoers.c:304 plugins/sudoers/cvtsudoers.c:432 +#: plugins/sudoers/cvtsudoers.c:565 plugins/sudoers/cvtsudoers.c:582 +#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 +#: plugins/sudoers/cvtsudoers.c:768 plugins/sudoers/cvtsudoers.c:1183 +#: plugins/sudoers/cvtsudoers.c:1187 plugins/sudoers/cvtsudoers.c:1289 +#: plugins/sudoers/cvtsudoers_json.c:82 plugins/sudoers/cvtsudoers_ldif.c:153 +#: plugins/sudoers/cvtsudoers_ldif.c:196 plugins/sudoers/cvtsudoers_ldif.c:237 +#: plugins/sudoers/cvtsudoers_ldif.c:302 plugins/sudoers/cvtsudoers_ldif.c:373 +#: plugins/sudoers/cvtsudoers_ldif.c:428 plugins/sudoers/cvtsudoers_ldif.c:436 +#: plugins/sudoers/cvtsudoers_ldif.c:453 plugins/sudoers/cvtsudoers_ldif.c:462 +#: plugins/sudoers/cvtsudoers_ldif.c:609 plugins/sudoers/defaults.c:632 +#: plugins/sudoers/defaults.c:925 plugins/sudoers/defaults.c:1058 #: plugins/sudoers/editor.c:72 plugins/sudoers/editor.c:90 #: plugins/sudoers/editor.c:101 plugins/sudoers/env.c:268 #: plugins/sudoers/filedigest.c:66 plugins/sudoers/filedigest.c:82 -#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:138 -#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:943 -#: plugins/sudoers/iolog_path.c:174 plugins/sudoers/iolog_util.c:86 -#: plugins/sudoers/iolog_util.c:125 plugins/sudoers/iolog_util.c:134 -#: plugins/sudoers/iolog_util.c:144 plugins/sudoers/iolog_util.c:152 -#: plugins/sudoers/iolog_util.c:156 plugins/sudoers/ldap.c:185 -#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420 -#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723 -#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241 -#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705 -#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921 -#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038 -#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254 -#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342 -#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461 -#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591 -#: plugins/sudoers/ldap_conf.c:682 plugins/sudoers/ldap_conf.c:765 -#: plugins/sudoers/ldap_util.c:510 plugins/sudoers/ldap_util.c:567 -#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:202 -#: plugins/sudoers/logging.c:532 plugins/sudoers/logging.c:558 -#: plugins/sudoers/logging.c:598 plugins/sudoers/logging.c:1100 -#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:366 -#: plugins/sudoers/match_command.c:413 plugins/sudoers/match_command.c:485 -#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:199 +#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:140 +#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:476 +#: plugins/sudoers/iolog_client.c:107 plugins/sudoers/iolog_client.c:485 +#: plugins/sudoers/iolog_client.c:593 plugins/sudoers/iolog_client.c:611 +#: plugins/sudoers/iolog_client.c:1053 plugins/sudoers/iolog_client.c:1283 +#: plugins/sudoers/iolog_client.c:1619 plugins/sudoers/iolog_client.c:1647 +#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416 +#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432 +#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887 +#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668 +#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786 +#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022 +#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223 +#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306 +#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446 +#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558 +#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:682 +#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:330 +#: plugins/sudoers/ldap_util.c:337 plugins/sudoers/ldap_util.c:603 +#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:200 +#: plugins/sudoers/logging.c:527 plugins/sudoers/logging.c:553 +#: plugins/sudoers/logging.c:593 plugins/sudoers/logging.c:1091 +#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:396 +#: plugins/sudoers/match_command.c:443 plugins/sudoers/match_command.c:515 +#: plugins/sudoers/match_digest.c:87 plugins/sudoers/parse.c:199 #: plugins/sudoers/parse.c:211 plugins/sudoers/parse.c:226 #: plugins/sudoers/parse.c:238 plugins/sudoers/parse_ldif.c:155 #: plugins/sudoers/parse_ldif.c:186 plugins/sudoers/parse_ldif.c:255 #: plugins/sudoers/parse_ldif.c:262 plugins/sudoers/parse_ldif.c:267 #: plugins/sudoers/parse_ldif.c:343 plugins/sudoers/parse_ldif.c:354 -#: plugins/sudoers/parse_ldif.c:360 plugins/sudoers/parse_ldif.c:385 -#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:401 -#: plugins/sudoers/parse_ldif.c:415 plugins/sudoers/parse_ldif.c:584 -#: plugins/sudoers/parse_ldif.c:613 plugins/sudoers/parse_ldif.c:638 -#: plugins/sudoers/parse_ldif.c:696 plugins/sudoers/parse_ldif.c:713 -#: plugins/sudoers/parse_ldif.c:741 plugins/sudoers/parse_ldif.c:748 -#: plugins/sudoers/policy.c:134 plugins/sudoers/policy.c:143 -#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:178 -#: plugins/sudoers/policy.c:305 plugins/sudoers/policy.c:320 -#: plugins/sudoers/policy.c:322 plugins/sudoers/policy.c:348 -#: plugins/sudoers/policy.c:358 plugins/sudoers/policy.c:402 +#: plugins/sudoers/parse_ldif.c:381 plugins/sudoers/parse_ldif.c:398 +#: plugins/sudoers/parse_ldif.c:410 plugins/sudoers/parse_ldif.c:414 +#: plugins/sudoers/parse_ldif.c:428 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:133 plugins/sudoers/policy.c:142 +#: plugins/sudoers/policy.c:151 plugins/sudoers/policy.c:177 +#: plugins/sudoers/policy.c:304 plugins/sudoers/policy.c:319 +#: plugins/sudoers/policy.c:321 plugins/sudoers/policy.c:350 +#: plugins/sudoers/policy.c:359 plugins/sudoers/policy.c:402 #: plugins/sudoers/policy.c:412 plugins/sudoers/policy.c:421 #: plugins/sudoers/policy.c:430 plugins/sudoers/policy.c:504 -#: plugins/sudoers/policy.c:750 plugins/sudoers/prompt.c:100 +#: plugins/sudoers/policy.c:830 plugins/sudoers/prompt.c:100 #: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 #: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 #: plugins/sudoers/pwutil.c:586 plugins/sudoers/pwutil.c:657 #: plugins/sudoers/pwutil.c:816 plugins/sudoers/pwutil.c:873 #: plugins/sudoers/pwutil.c:917 plugins/sudoers/pwutil.c:975 -#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 -#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 -#: plugins/sudoers/set_perms.c:1659 plugins/sudoers/sssd.c:153 +#: plugins/sudoers/set_perms.c:365 plugins/sudoers/set_perms.c:704 +#: plugins/sudoers/set_perms.c:1067 plugins/sudoers/set_perms.c:1370 +#: plugins/sudoers/set_perms.c:1535 plugins/sudoers/sssd.c:153 #: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 #: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 #: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 -#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 -#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 -#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 -#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 -#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:113 -#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 -#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 -#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 -#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 -#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 -#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:331 plugins/sudoers/sudoers.c:341 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:735 +#: plugins/sudoers/sudoers.c:864 plugins/sudoers/sudoers.c:909 +#: plugins/sudoers/sudoers.c:1213 plugins/sudoers/sudoreplay.c:559 +#: plugins/sudoers/sudoreplay.c:562 plugins/sudoers/sudoreplay.c:1218 +#: plugins/sudoers/sudoreplay.c:1425 plugins/sudoers/sudoreplay.c:1429 +#: plugins/sudoers/testsudoers.c:136 plugins/sudoers/testsudoers.c:236 +#: plugins/sudoers/testsudoers.c:253 plugins/sudoers/testsudoers.c:587 +#: plugins/sudoers/timestamp.c:439 plugins/sudoers/timestamp.c:483 +#: plugins/sudoers/timestamp.c:993 plugins/sudoers/toke_util.c:59 +#: plugins/sudoers/toke_util.c:112 plugins/sudoers/toke_util.c:136 +#: plugins/sudoers/toke_util.c:165 plugins/sudoers/tsdump.c:130 #: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 #: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 #: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 @@ -252,20 +262,467 @@ msgid "%s: %s" msgstr "%s: %s" +#: lib/iolog/iolog_fileio.c:164 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s on olemassa, mutta ei ole hakemisto (0%o)" + +#: lib/iolog/iolog_fileio.c:194 lib/iolog/iolog_fileio.c:240 +#: plugins/sudoers/timestamp.c:212 +#, c-format +msgid "unable to mkdir %s" +msgstr "käskyn mkdir %s suorittaminen epäonnistui" + +#: lib/iolog/iolog_fileio.c:244 plugins/sudoers/visudo.c:739 +#: plugins/sudoers/visudo.c:750 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "tilan %s vaihtaminen arvoon 0%o epäonnistui" + +#: lib/iolog/iolog_util.c:83 +#, c-format +msgid "%s: invalid log file" +msgstr "%s: virheellinen lokitiedosto" + +#: lib/iolog/iolog_util.c:101 +#, c-format +msgid "%s: time stamp field is missing" +msgstr "%s: aikaleimakenttä puuttuu" + +#: lib/iolog/iolog_util.c:107 +#, c-format +msgid "%s: time stamp %s: %s" +msgstr "%s: aikaleima %s: %s" + +#: lib/iolog/iolog_util.c:114 +#, c-format +msgid "%s: user field is missing" +msgstr "%s: käyttäjäkenttä puuttuu" + +#: lib/iolog/iolog_util.c:123 +#, c-format +msgid "%s: runas user field is missing" +msgstr "%s: suorita käyttäjänä-kenttä puuttuu" + +#: lib/iolog/iolog_util.c:132 +#, c-format +msgid "%s: runas group field is missing" +msgstr "%s: suorita ryhmänä-kenttä puuttuu" + +#: lib/iolog/iolog_util.c:382 +#, c-format +msgid "error reading timing file: %s" +msgstr "virhe luettaessa ajoitustiedostoa: %s" + +#: lib/iolog/iolog_util.c:389 +#, c-format +msgid "invalid timing file line: %s" +msgstr "virheellinen ajoitustiedostorivi: %s" + +#: logsrvd/eventlog.c:228 plugins/sudoers/cvtsudoers_ldif.c:247 +#: plugins/sudoers/cvtsudoers_ldif.c:254 plugins/sudoers/cvtsudoers_ldif.c:566 +#: plugins/sudoers/env.c:330 plugins/sudoers/env.c:337 +#: plugins/sudoers/env.c:442 plugins/sudoers/iolog.c:550 +#: plugins/sudoers/iolog.c:566 plugins/sudoers/ldap.c:496 +#: plugins/sudoers/ldap.c:727 plugins/sudoers/ldap.c:1060 +#: plugins/sudoers/ldap_conf.c:227 plugins/sudoers/ldap_conf.c:317 +#: plugins/sudoers/linux_audit.c:89 plugins/sudoers/logging.c:1096 +#: plugins/sudoers/policy.c:534 plugins/sudoers/policy.c:679 +#: plugins/sudoers/policy.c:689 plugins/sudoers/prompt.c:168 +#: plugins/sudoers/sudoers.c:931 plugins/sudoers/testsudoers.c:257 +#: plugins/sudoers/toke_util.c:177 +#, c-format +msgid "internal error, %s overflow" +msgstr "sisäinen virhe, %s-ylivuoto" + +#: logsrvd/eventlog.c:422 plugins/sudoers/logging.c:118 +#, c-format +msgid "%8s : %s" +msgstr "%8s : %s" + +#: logsrvd/eventlog.c:451 plugins/sudoers/logging.c:146 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "%8s: (komento jatkui) %s" + +#: logsrvd/iolog_writer.c:886 +msgid "log is already complete, cannot be restarted" +msgstr "loki on jo valmis, ei voi aloittaa uudelleen" + +#: logsrvd/iolog_writer.c:917 +msgid "unable to restart log" +msgstr "lokia ei voi aloittaa uudelleen" + +# Avaamisen kohde voi olla timestamp file, sudoers file tai pathbuf +#: logsrvd/logsrv_util.c:96 logsrvd/logsrv_util.c:103 +#: plugins/sudoers/sudoreplay.c:355 plugins/sudoers/sudoreplay.c:361 +#: plugins/sudoers/sudoreplay.c:368 +#, c-format +msgid "unable to open %s/%s" +msgstr "ei voi avata tiedostoa %s/%s" + +#: logsrvd/logsrv_util.c:130 +#, c-format +msgid "missing I/O log file %s/%s" +msgstr "puuttuva siirräntälokitiedosto %s/%s" + +# Ensimmäinen parametri on auth name +#: logsrvd/logsrv_util.c:137 +#, fuzzy, c-format +#| msgid "%s: unable to parse '%s': %s" +msgid "%s/%s: unable to seek forward %zu" +msgstr "%s: todentamisnimen ’%s’ jäsentäminen epäonnistui: %s" + +# parametrina on path +#: logsrvd/logsrv_util.c:147 +#, fuzzy, c-format +#| msgid "unable to find symbol \"%s\" in %s" +msgid "unable to find resume point [%lld, %ld] in %s/%s" +msgstr "symbolin ”%s” löytäminen polusta %s epäonnistui" + +#: logsrvd/logsrvd.c:231 logsrvd/logsrvd.c:299 logsrvd/logsrvd.c:343 +#: logsrvd/logsrvd.c:392 logsrvd/logsrvd.c:439 logsrvd/logsrvd.c:484 +#: logsrvd/logsrvd.c:510 +msgid "state machine error" +msgstr "tilakoneen virhe" + +#: logsrvd/logsrvd.c:240 +msgid "invalid AcceptMessage" +msgstr "virheellinen AcceptMessage" + +#: logsrvd/logsrvd.c:251 +msgid "error parsing AcceptMessage" +msgstr "virhe jäsennettäessä AcceptMessagea" + +#: logsrvd/logsrvd.c:258 +msgid "error creating I/O log" +msgstr "virhe luotaessa siirräntälokia" + +#: logsrvd/logsrvd.c:265 +msgid "error logging accept event" +msgstr "virhe hyväksymistapahtuman lokiin kirjaamisessa" + +#: logsrvd/logsrvd.c:308 +msgid "invalid RejectMessage" +msgstr "virheellinen RejectMessage" + +#: logsrvd/logsrvd.c:319 +msgid "error parsing RejectMessage" +msgstr "virhe jäsennettäessä RejectMessagea" + +#: logsrvd/logsrvd.c:325 +msgid "error logging reject event" +msgstr "virhe hylkäystapahtuman lokiin kirjaamisessa" + +#: logsrvd/logsrvd.c:424 +msgid "error logging alert event" +msgstr "virhe hälytystapahtuman lokiin kirjaamisessa" + +#: logsrvd/logsrvd.c:449 +msgid "error writing IoBuffer" +msgstr "virhe kirjoitettaessa IoBufferia" + +#: logsrvd/logsrvd.c:495 +msgid "error writing ChangeWindowSize" +msgstr "virhe kirjoitettaessa ChangeWindowSizeä" + +#: logsrvd/logsrvd.c:521 +msgid "error writing CommandSuspend" +msgstr "virhe kirjoitettaessa CommandSuspendia" + +#: logsrvd/logsrvd.c:583 +msgid "unrecognized ClientMessage type" +msgstr "tunnistamaton ClientMessage-tyyppi" + +#: logsrvd/logsrvd.c:835 +msgid "client message too large" +msgstr "asiakassanoma on liian suuri" + +#: logsrvd/logsrvd.c:1295 logsrvd/logsrvd.c:1415 logsrvd/logsrvd.c:1539 +#: logsrvd/logsrvd.c:1631 logsrvd/sendlog.c:242 logsrvd/sendlog.c:257 +#: logsrvd/sendlog.c:290 logsrvd/sendlog.c:1264 plugins/sudoers/iolog.c:900 +#: plugins/sudoers/iolog.c:1033 plugins/sudoers/iolog.c:1131 +#: plugins/sudoers/iolog_client.c:111 plugins/sudoers/iolog_client.c:436 +#: plugins/sudoers/iolog_client.c:452 plugins/sudoers/iolog_client.c:490 +#: plugins/sudoers/iolog_client.c:1032 plugins/sudoers/iolog_client.c:1061 +#: plugins/sudoers/iolog_client.c:1133 plugins/sudoers/iolog_client.c:1239 +#: plugins/sudoers/iolog_client.c:1353 plugins/sudoers/iolog_client.c:1655 +#: plugins/sudoers/iolog_client.c:1663 plugins/sudoers/sudoreplay.c:519 +#: plugins/sudoers/sudoreplay.c:566 plugins/sudoers/sudoreplay.c:755 +#: plugins/sudoers/sudoreplay.c:867 plugins/sudoers/sudoreplay.c:957 +#: plugins/sudoers/sudoreplay.c:972 plugins/sudoers/sudoreplay.c:979 +#: plugins/sudoers/sudoreplay.c:986 plugins/sudoers/sudoreplay.c:993 +#: plugins/sudoers/sudoreplay.c:1000 plugins/sudoers/sudoreplay.c:1127 +msgid "unable to add event to queue" +msgstr "tapahtuman lisääminen jonoon epäonnistui" + +#: logsrvd/logsrvd.c:1407 plugins/sudoers/iolog_client.c:378 +#, c-format +msgid "Unable to attach user data to the ssl object: %s" +msgstr "" + +#: logsrvd/logsrvd.c:1443 plugins/sudoers/iolog_client.c:1596 +#: plugins/sudoers/iolog_client.c:1604 +#, fuzzy +#| msgid "unable to change to root gid" +msgid "unable to get remote IP addr" +msgstr "vaihtaminen root gid -tunnisteeksi epäonnistui" + +#: logsrvd/logsrvd.c:1692 logsrvd/sendlog.c:113 +#, c-format +msgid "" +"%s - send sudo I/O log to remote server\n" +"\n" +msgstr "" +"%s - lähetä sudon siirräntäloki etäpalvelimelle\n" +"\n" + +#: logsrvd/logsrvd.c:1695 +msgid "" +"\n" +"Options:\n" +" -f, --file path to configuration file\n" +" -h --help display help message and exit\n" +" -n, --no-fork do not fork, run in the foreground\n" +" -R, --random-drop percent chance connections will drop\n" +" -V, --version display version information and exit\n" +msgstr "" +"\n" +"Valitsimet:\n" +" -f, --file asetustiedoston polku\n" +" -h, --help näytä opaste ja poistu\n" +" -n, --no-fork älä haarauta, vaan suorita edustalla\n" +" -R, --random-drop yhteyden katkeamisen todennäköisyys-%\n" +" -V, --version näytä versiotiedot ja poistu\n" + +#: logsrvd/logsrvd.c:1747 logsrvd/sendlog.c:1513 +msgid "Protobuf-C version 1.3 or higher required" +msgstr "Protobuf-C:n versio 1.3 tai uudempi vaaditaan" + +#: logsrvd/logsrvd.c:1765 +#, c-format +msgid "invalid random drop value: %s" +msgstr "virheellinen satunnaispudotusarvo: %s" + +#: logsrvd/logsrvd.c:1769 logsrvd/sendlog.c:1551 +#: plugins/sudoers/cvtsudoers.c:233 plugins/sudoers/sudoreplay.c:302 +#: plugins/sudoers/visudo.c:184 +#, c-format +msgid "%s version %s\n" +msgstr "%s versio %s\n" + +#: logsrvd/logsrvd_conf.c:688 +#, c-format +msgid "%s: not a fully qualified path" +msgstr "%s: ei ole täydellinen polku" + +# Ensimmäinen parametri on auth name +#: logsrvd/logsrvd_conf.c:802 +#, c-format +msgid "%s:%d unmatched '[': %s" +msgstr "%s:%d täsmäämätön ”[”: %s" + +#: logsrvd/logsrvd_conf.c:813 +#, fuzzy, c-format +#| msgid "invalid filter option: %s" +msgid "%s:%d invalid config section: %s" +msgstr "virheellinen suodatinvalitsin: %s" + +#: logsrvd/logsrvd_conf.c:821 +#, fuzzy, c-format +#| msgid "invalid timing file line: %s" +msgid "%s:%d invalid configuration line: %s" +msgstr "virheellinen ajoitustiedostorivi: %s" + +#: logsrvd/logsrvd_conf.c:827 +#, c-format +msgid "%s:%d expected section name: %s" +msgstr "" + +#: logsrvd/logsrvd_conf.c:841 +#, c-format +msgid "invalid value for %s: %s" +msgstr "virheellinen %s-arvo: %s" + +#: logsrvd/logsrvd_conf.c:849 +#, c-format +msgid "%s:%d unknown key: %s" +msgstr "%s:%d tuntematon avain: %s" + +#: logsrvd/logsrvd_conf.c:977 +#, fuzzy, c-format +#| msgid "unknown login class: %s" +msgid "unknown syslog facility %s" +msgstr "tuntematon kirjautumisluokka: %s" + +#: logsrvd/logsrvd_conf.c:981 logsrvd/logsrvd_conf.c:985 +#: logsrvd/logsrvd_conf.c:989 +#, c-format +msgid "unknown syslog priority %s" +msgstr "tuntematon syslog-prioriteetti %s" + +#: logsrvd/sendlog.c:116 +msgid "" +"\n" +"Options:\n" +" --help display help message and exit\n" +" -h, --host host to send logs to\n" +" -i, --iolog_id remote ID of I/O log to be resumed\n" +" -p, --port port to use when connecting to host\n" +" -r, --restart restart previous I/O log transfer\n" +" -t, --test test audit server by sending selected I/O log n times in parallel\n" +" -b, --ca-bundle certificate bundle file to verify server's cert against\n" +" -c, --cert certificate file for TLS handshake\n" +" -k, --key private key file\n" +" -V, --version display version information and exit\n" +msgstr "" + +#: logsrvd/sendlog.c:216 plugins/sudoers/iolog_client.c:409 +msgid "TLS handshake timeout occurred" +msgstr "TLS-kättelyn aikakatkaisu tapahtui" + +#: logsrvd/sendlog.c:237 logsrvd/sendlog.c:252 +#: plugins/sudoers/iolog_client.c:430 plugins/sudoers/iolog_client.c:446 +#, fuzzy +#| msgid "unable to stat %s" +msgid "unable to set event" +msgstr "funktion stat %s kutsuminen epäonnistui" + +#: logsrvd/sendlog.c:262 +#, c-format +msgid "SSL_connect failed: ssl_error=%d, stack=%s\n" +msgstr "SSL_connect epäonnistui: ssl_error=%d, pino=%s\n" + +#: logsrvd/sendlog.c:294 plugins/sudoers/iolog_client.c:115 +#: plugins/sudoers/iolog_client.c:495 plugins/sudoers/iolog_client.c:1065 +#: plugins/sudoers/iolog_client.c:1671 +msgid "error in event loop" +msgstr "virhe tapahtumasilmukassa" + +#: logsrvd/sendlog.c:311 +msgid "CA bundle file was not specified" +msgstr "CA-pakettitiedostoa ei määritelty" + +#: logsrvd/sendlog.c:315 +msgid "Client certificate was not specified" +msgstr "Asiakassertifikaattia ei annettu" + +#: logsrvd/sendlog.c:319 +#, c-format +msgid "Unable to initialize ssl context: %s" +msgstr "Ssl-kontekstia ei voi alustaa: %s" + +#: logsrvd/sendlog.c:324 +#, c-format +msgid "Unable to allocate ssl object: %s\n" +msgstr "Ssl-objektia ei voi varata: %s\n" + +#: logsrvd/sendlog.c:329 +#, c-format +msgid "Unable to attach socket to the ssl object: %s\n" +msgstr "" + +#: logsrvd/sendlog.c:367 plugins/sudoers/iolog_client.c:150 +#, fuzzy, c-format +#| msgid "unable to load %s: %s" +msgid "unable to look up %s:%s: %s" +msgstr "kohteen %s lataaminen epäonnistui: %s" + +#: logsrvd/sendlog.c:522 plugins/sudoers/sudoreplay.c:815 +#, fuzzy, c-format +#| msgid "unable to load %s: %s" +msgid "unable to read %s/%s: %s" +msgstr "kohteen %s lataaminen epäonnistui: %s" + +#: logsrvd/sendlog.c:543 +#, c-format +msgid "client message too large: %zu\n" +msgstr "asiakassanoma on liian suuri: %zu\n" + +#: logsrvd/sendlog.c:941 +#, c-format +msgid "%s: write buffer already in use" +msgstr "%s: kirjoituspuskuri on jo käytössä" + +#: logsrvd/sendlog.c:993 plugins/sudoers/iolog.c:824 +#: plugins/sudoers/iolog.c:893 +#, c-format +msgid "unexpected I/O event %d" +msgstr "odottamaton siirräntätapahtuma %d" + +#: logsrvd/sendlog.c:1025 logsrvd/sendlog.c:1042 logsrvd/sendlog.c:1092 +#: plugins/sudoers/iolog_client.c:1037 plugins/sudoers/iolog_client.c:1090 +#: plugins/sudoers/iolog_client.c:1151 +#, c-format +msgid "%s: unexpected state %d" +msgstr "%s: odottamaton tila %d" + +#: logsrvd/sendlog.c:1048 plugins/sudoers/iolog_client.c:1096 +msgid "invalid ServerHello" +msgstr "virheellinen ServerHello" + +#: logsrvd/sendlog.c:1130 plugins/sudoers/iolog_client.c:1195 +#, c-format +msgid "error message received from server: %s" +msgstr "virhesanoma vastaanotettu palvelimelta: %s" + +#: logsrvd/sendlog.c:1143 plugins/sudoers/iolog_client.c:1208 +#, c-format +msgid "abort message received from server: %s" +msgstr "keskeytyssanoma vastaanotettu palvelimelta: %s" + +#: logsrvd/sendlog.c:1162 plugins/sudoers/iolog_client.c:1227 +#, fuzzy +#| msgid "unable to send audit message" +msgid "unable to unpack ServerMessage" +msgstr "audit-viestin lähettäminen epäonnistui" + +#: logsrvd/sendlog.c:1207 plugins/sudoers/iolog_client.c:1260 +#, c-format +msgid "%s: unexpected type_case value %d" +msgstr "%s: odottamaton type_case-arvo %d" + +#: logsrvd/sendlog.c:1291 +msgid "premature EOF" +msgstr "ennenaikainen tiedoston loppu" + +#: logsrvd/sendlog.c:1304 +#, c-format +msgid "server message too large: %u\n" +msgstr "palvelinsanoma on liian suuri: %u\n" + +#: logsrvd/sendlog.c:1569 +msgid "both restart point and iolog ID must be specified" +msgstr "sekä aloituspiste että iolog-tunnus on annettava" + +#: logsrvd/sendlog.c:1636 +#, c-format +msgid "exited prematurely with state %d" +msgstr "poistui ennenaikaisesti tilalla %d" + +#: logsrvd/sendlog.c:1637 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "kulunut aika lähetetty palvelimelle [%lld, %ld]" + +#: logsrvd/sendlog.c:1639 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "toimituspiste vastaanotettu palvelimelta [%lld, %ld]" + #: plugins/sudoers/alias.c:151 #, c-format msgid "Alias \"%s\" already defined" msgstr "Alias ”%s” on jo määritelty" -#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:801 +#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:792 msgid "unable to fork" msgstr "haarauttaminen epäonnistui" #: plugins/sudoers/auth/aix_auth.c:283 -#, fuzzy, c-format -#| msgid "unable to change expired password: %s" +#, c-format msgid "unable to change password for %s" -msgstr "vanhentuneen salasanan vaihtaminen epäonnistui: %s" +msgstr "%s-käyttäjän salasanan vaihtaminen epäonnistui" #: plugins/sudoers/auth/bsdauth.c:75 #, c-format @@ -289,10 +746,8 @@ msgstr "tilisi on vanhentunut" #: plugins/sudoers/auth/bsdauth.c:187 -#, fuzzy -#| msgid "au_open: failed" msgid "approval failed" -msgstr "au_open: epäonnistui" +msgstr "hyväksyntä epäonnistui" #: plugins/sudoers/auth/fwtk.c:59 msgid "unable to read fwtk config" @@ -367,33 +822,33 @@ msgid "unable to initialize PAM: %s" msgstr "PAMin alustaminen epäonnistui: %s" -#: plugins/sudoers/auth/pam.c:319 +#: plugins/sudoers/auth/pam.c:322 #, c-format msgid "PAM authentication error: %s" msgstr "PAM-todentamisvirhe: %s" -#: plugins/sudoers/auth/pam.c:338 +#: plugins/sudoers/auth/pam.c:341 msgid "account validation failure, is your account locked?" msgstr "tilikelpuutushäiriö, onko tilisi lukittu?" -#: plugins/sudoers/auth/pam.c:349 +#: plugins/sudoers/auth/pam.c:352 msgid "Account or password is expired, reset your password and try again" msgstr "Tili tai salasana on vanhentunut, nollaa salasanasi tai yritä uudelleen" -#: plugins/sudoers/auth/pam.c:355 +#: plugins/sudoers/auth/pam.c:358 #, c-format msgid "unable to change expired password: %s" msgstr "vanhentuneen salasanan vaihtaminen epäonnistui: %s" -#: plugins/sudoers/auth/pam.c:366 +#: plugins/sudoers/auth/pam.c:369 msgid "Password expired, contact your system administrator" msgstr "Salasana vanhentunut, ota yhteyttä järjestelmän ylläpitäjään" -#: plugins/sudoers/auth/pam.c:371 +#: plugins/sudoers/auth/pam.c:374 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Tili vanhentunut tai PAM-asetuksista puuttuu ”account”-lohko sudo-komennolle, ota yhteyttä järjestelmän ylläpitäjään" -#: plugins/sudoers/auth/pam.c:379 plugins/sudoers/auth/pam.c:384 +#: plugins/sudoers/auth/pam.c:382 plugins/sudoers/auth/pam.c:387 #, fuzzy, c-format #| msgid "PAM authentication error: %s" msgid "PAM account management error: %s" @@ -472,7 +927,7 @@ msgid "unable to commit audit record" msgstr "commit-toiminnon suorittaminen audit-tietueelle epäonnistui" -#: plugins/sudoers/check.c:269 +#: plugins/sudoers/check.c:264 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -492,15 +947,16 @@ " #3) Suuren voiman mukana tulee suuri vastuu.\n" "\n" -#: plugins/sudoers/check.c:312 plugins/sudoers/check.c:322 -#: plugins/sudoers/sudoers.c:700 plugins/sudoers/sudoers.c:748 +#: plugins/sudoers/check.c:307 plugins/sudoers/check.c:317 +#: plugins/sudoers/sudoers.c:778 plugins/sudoers/sudoers.c:826 #: plugins/sudoers/tsdump.c:126 #, c-format msgid "unknown uid: %u" msgstr "tuntematon uid-käyttäjätunniste: %u" -#: plugins/sudoers/check.c:317 plugins/sudoers/iolog.c:255 -#: plugins/sudoers/policy.c:921 plugins/sudoers/sudoers.c:1163 +#: plugins/sudoers/check.c:312 plugins/sudoers/iolog.c:121 +#: plugins/sudoers/policy.c:1034 plugins/sudoers/sudoers.c:391 +#: plugins/sudoers/sudoers.c:393 plugins/sudoers/sudoers.c:1255 #: plugins/sudoers/testsudoers.c:227 plugins/sudoers/testsudoers.c:400 #, c-format msgid "unknown user: %s" @@ -514,42 +970,34 @@ #: plugins/sudoers/cvtsudoers.c:215 #, c-format msgid "starting order: %s: %s" -msgstr "" +msgstr "aloitusjärjestys: %s: %s" #: plugins/sudoers/cvtsudoers.c:225 #, c-format msgid "order padding: %s: %s" msgstr "" -#: plugins/sudoers/cvtsudoers.c:233 plugins/sudoers/sudoreplay.c:289 -#: plugins/sudoers/visudo.c:184 -#, c-format -msgid "%s version %s\n" -msgstr "%s versio %s\n" - #: plugins/sudoers/cvtsudoers.c:235 plugins/sudoers/visudo.c:186 #, c-format msgid "%s grammar version %d\n" msgstr "%s kielioppiversio %d\n" #: plugins/sudoers/cvtsudoers.c:252 plugins/sudoers/testsudoers.c:175 -#, fuzzy, c-format -#| msgid "unsupported digest type %d for %s" +#, c-format msgid "unsupported input format %s" -msgstr "tukematon tiivistetyyppi %d kohteelle %s" +msgstr "syötemuotoa %s ei tueta" #: plugins/sudoers/cvtsudoers.c:267 -#, fuzzy, c-format -#| msgid "unsupported digest type %d for %s" +#, c-format msgid "unsupported output format %s" -msgstr "tukematon tiivistetyyppi %d kohteelle %s" +msgstr "tuotosmuotoa %s ei tueta" #: plugins/sudoers/cvtsudoers.c:319 #, c-format msgid "%s: input and output files must be different" msgstr "%s: syöte- ja tulostetiedostojen on oltava erilaiset" -#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:176 +#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:185 #: plugins/sudoers/testsudoers.c:266 plugins/sudoers/visudo.c:254 #: plugins/sudoers/visudo.c:610 plugins/sudoers/visudo.c:933 msgid "unable to initialize sudoers default values" @@ -561,22 +1009,19 @@ msgstr "%s: %s: %s: %s" #: plugins/sudoers/cvtsudoers.c:480 -#, fuzzy, c-format -#| msgid "unknown user: %s" +#, c-format msgid "%s: unknown key word: %s" -msgstr "tuntematon käyttäjä: %s" +msgstr "%s: tuntematon avainsana: %s" #: plugins/sudoers/cvtsudoers.c:526 -#, fuzzy, c-format -#| msgid "invalid filter option: %s" +#, c-format msgid "invalid defaults type: %s" -msgstr "virheellinen suodatinvalitsin: %s" +msgstr "virheellisten oletusarvojen tyyppi: %s" #: plugins/sudoers/cvtsudoers.c:549 -#, fuzzy, c-format -#| msgid "invalid regular expression: %s" +#, c-format msgid "invalid suppression type: %s" -msgstr "virheellinen säännöllinen lauseke: %s" +msgstr "virheellinen vaiennustyyppi: %s" #: plugins/sudoers/cvtsudoers.c:589 plugins/sudoers/cvtsudoers.c:603 #, c-format @@ -585,12 +1030,10 @@ # Avaamisen kohde voi olla timestamp file, sudoers file tai pathbuf #: plugins/sudoers/cvtsudoers.c:622 plugins/sudoers/cvtsudoers.c:639 -#: plugins/sudoers/cvtsudoers.c:1245 plugins/sudoers/cvtsudoers_json.c:1130 -#: plugins/sudoers/cvtsudoers_ldif.c:643 plugins/sudoers/iolog.c:413 -#: plugins/sudoers/iolog_util.c:75 plugins/sudoers/sudoers.c:914 -#: plugins/sudoers/sudoreplay.c:338 plugins/sudoers/sudoreplay.c:1431 -#: plugins/sudoers/timestamp.c:448 plugins/sudoers/tsdump.c:135 -#: plugins/sudoers/visudo.c:929 +#: plugins/sudoers/cvtsudoers.c:1249 plugins/sudoers/cvtsudoers_json.c:868 +#: plugins/sudoers/cvtsudoers_ldif.c:683 plugins/sudoers/sudoers.c:1001 +#: plugins/sudoers/sudoreplay.c:1391 plugins/sudoers/timestamp.c:448 +#: plugins/sudoers/tsdump.c:135 plugins/sudoers/visudo.c:929 #, c-format msgid "unable to open %s" msgstr "kohteen %s avaaminen epäonnistui" @@ -611,26 +1054,20 @@ msgstr "jäsentämisvirhe tiedostossa %s\n" # Kirjoittamisen kohde voi olla timestamp file tai pathbuf -#: plugins/sudoers/cvtsudoers.c:1292 plugins/sudoers/iolog.c:500 -#: plugins/sudoers/sudoreplay.c:1135 plugins/sudoers/timestamp.c:332 -#: plugins/sudoers/timestamp.c:335 +#: plugins/sudoers/cvtsudoers.c:1296 plugins/sudoers/sudoreplay.c:1088 +#: plugins/sudoers/timestamp.c:332 plugins/sudoers/timestamp.c:335 #, c-format msgid "unable to write to %s" msgstr "kohteeseen %s kirjoittaminen epäonnistui" -#: plugins/sudoers/cvtsudoers.c:1315 -#, fuzzy, c-format -#| msgid "" -#| "%s - safely edit the sudoers file\n" -#| "\n" +#: plugins/sudoers/cvtsudoers.c:1319 +#, c-format msgid "" "%s - convert between sudoers file formats\n" "\n" -msgstr "" -"%s - muokkaa sudoers-tiedostoa turvallisesti\n" -"\n" +msgstr "%s - muunna sudoers-tiedostomuotojen välillä\n" -#: plugins/sudoers/cvtsudoers.c:1317 +#: plugins/sudoers/cvtsudoers.c:1321 msgid "" "\n" "Options:\n" @@ -652,43 +1089,30 @@ " -V, --version display version information and exit" msgstr "" -#: plugins/sudoers/cvtsudoers_json.c:684 plugins/sudoers/cvtsudoers_json.c:720 -#: plugins/sudoers/cvtsudoers_json.c:938 +#: plugins/sudoers/cvtsudoers_json.c:487 plugins/sudoers/cvtsudoers_json.c:521 +#: plugins/sudoers/cvtsudoers_json.c:709 #, c-format msgid "unknown defaults entry \"%s\"" msgstr "tuntematon oletusrivi \"%s\"" -#: plugins/sudoers/cvtsudoers_json.c:858 plugins/sudoers/cvtsudoers_json.c:873 -#: plugins/sudoers/cvtsudoers_ldif.c:308 plugins/sudoers/cvtsudoers_ldif.c:319 +#: plugins/sudoers/cvtsudoers_json.c:647 plugins/sudoers/cvtsudoers_json.c:660 +#: plugins/sudoers/cvtsudoers_ldif.c:348 plugins/sudoers/cvtsudoers_ldif.c:359 #: plugins/sudoers/ldap.c:482 msgid "unable to get GMT time" msgstr "GMT-ajan noutaminen epäonnistui" -#: plugins/sudoers/cvtsudoers_json.c:861 plugins/sudoers/cvtsudoers_json.c:876 -#: plugins/sudoers/cvtsudoers_ldif.c:311 plugins/sudoers/cvtsudoers_ldif.c:322 +#: plugins/sudoers/cvtsudoers_json.c:650 plugins/sudoers/cvtsudoers_json.c:663 +#: plugins/sudoers/cvtsudoers_ldif.c:351 plugins/sudoers/cvtsudoers_ldif.c:362 #: plugins/sudoers/ldap.c:488 msgid "unable to format timestamp" msgstr "aikaleiman muotoileminen epäonnistui" -#: plugins/sudoers/cvtsudoers_ldif.c:526 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:337 plugins/sudoers/env.c:442 -#: plugins/sudoers/ldap.c:496 plugins/sudoers/ldap.c:727 -#: plugins/sudoers/ldap.c:1060 plugins/sudoers/ldap_conf.c:227 -#: plugins/sudoers/ldap_conf.c:317 plugins/sudoers/linux_audit.c:89 -#: plugins/sudoers/logging.c:1105 plugins/sudoers/policy.c:625 -#: plugins/sudoers/policy.c:635 plugins/sudoers/prompt.c:168 -#: plugins/sudoers/sudoers.c:852 plugins/sudoers/testsudoers.c:257 -#: plugins/sudoers/toke_util.c:161 -#, c-format -msgid "internal error, %s overflow" -msgstr "sisäinen virhe, %s-ylivuoto" - -#: plugins/sudoers/cvtsudoers_ldif.c:595 +#: plugins/sudoers/cvtsudoers_ldif.c:635 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "liian monta sudoers-merkintää, enimmäismäärä %u" -#: plugins/sudoers/cvtsudoers_ldif.c:638 +#: plugins/sudoers/cvtsudoers_ldif.c:678 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "SUDOERS_BASE-ympäristömuuttujaa ei ole määritelty eikä -b-valitsinta annettu." @@ -1097,8 +1521,9 @@ msgstr "" #: plugins/sudoers/def_data.c:406 -#, c-format -msgid "Maximum I/O log sequence number: %u" +#, fuzzy, c-format +#| msgid "Maximum I/O log sequence number: %u" +msgid "Maximum I/O log sequence number: %s" msgstr "Suurin siirräntälokin sarjanumero: %u" #: plugins/sudoers/def_data.c:410 @@ -1195,80 +1620,125 @@ #: plugins/sudoers/def_data.c:494 msgid "Ignore case when matching user names" -msgstr "" +msgstr "Älä huomioi kirjainkokoa käyttäjänimien täsmäyksessä" #: plugins/sudoers/def_data.c:498 msgid "Ignore case when matching group names" -msgstr "" +msgstr "Älä huomioi kirjainkokoa ryhmänimien täsmäyksessä" #: plugins/sudoers/def_data.c:502 msgid "Log when a command is allowed by sudoers" -msgstr "" +msgstr "Kirjaa lokiin, kun sudoers sallii komennon" #: plugins/sudoers/def_data.c:506 msgid "Log when a command is denied by sudoers" +msgstr "Kirjaa lokiin, kun sudoers kieltää komennon" + +#: plugins/sudoers/def_data.c:510 +msgid "Sudo log server(s) to connect to with optional port" +msgstr "" + +#: plugins/sudoers/def_data.c:514 +#, c-format +msgid "Sudo log server timeout in seconds: %u" +msgstr "" + +#: plugins/sudoers/def_data.c:518 +msgid "Enable SO_KEEPALIVE socket option on the socket connected to the logserver" +msgstr "Ota SO_KEEPALIVE-valinta käyttöön lokipalvelimeen yhdistetylle soketille" + +#: plugins/sudoers/def_data.c:522 +#, fuzzy, c-format +#| msgid "Path to the sudo-specific environment file: %s" +msgid "Path to the audit server's CA bundle file: %s" +msgstr "Polku sudo-kohtaiseen ympäristötiedostoon: %s" + +#: plugins/sudoers/def_data.c:526 +#, c-format +msgid "Path to the sudoers certificate file: %s" +msgstr "Sudoers-varmennetiedoston polku: %s" + +#: plugins/sudoers/def_data.c:530 +#, c-format +msgid "Path to the sudoers private key file: %s" +msgstr "Sudoersin yksityisen avaintiedoston polku: %s" + +#: plugins/sudoers/def_data.c:534 +msgid "Allow the use of unknown runas user and/or group ID" +msgstr "" + +#: plugins/sudoers/def_data.c:538 +msgid "Only permit running commands as a user with a valid shell" +msgstr "Salli komentojen suorittaminen vain käyttäjänä, jolla on kelvollinen kuori" + +#: plugins/sudoers/def_data.c:542 +msgid "Set the pam remote user to the user running sudo" msgstr "" -#: plugins/sudoers/defaults.c:231 +#: plugins/sudoers/def_data.c:546 +msgid "Set the pam remote host to the local host name" +msgstr "" + +#: plugins/sudoers/defaults.c:190 #, c-format msgid "%s:%d unknown defaults entry \"%s\"" msgstr "%s:%d tuntematon oletusrivi ”%s”" -#: plugins/sudoers/defaults.c:234 +#: plugins/sudoers/defaults.c:193 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "%s: tuntematon oletusrivi ”%s”" # parametrinä on variable -#: plugins/sudoers/defaults.c:277 +#: plugins/sudoers/defaults.c:236 #, c-format msgid "%s:%d no value specified for \"%s\"" msgstr "%s:%d arvoa ei ole määritelty muuttujalle ”%s”" # parametrinä on variable -#: plugins/sudoers/defaults.c:280 +#: plugins/sudoers/defaults.c:239 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "%s: arvoa ei ole määritelty muuttujalle ”%s”" # Parametri on muuttuja -#: plugins/sudoers/defaults.c:300 +#: plugins/sudoers/defaults.c:259 #, c-format msgid "%s:%d values for \"%s\" must start with a '/'" msgstr "%s:%d muuttujan ”%s” arvojen on alettava merkillä ’/’" # Parametri on muuttuja -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:262 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s: muuttujan ”%s” arvojen on alettava merkillä ’/’" -#: plugins/sudoers/defaults.c:325 +#: plugins/sudoers/defaults.c:284 #, c-format msgid "%s:%d option \"%s\" does not take a value" msgstr "%s:%d valitsin ”%s” ei ota arvoa" -#: plugins/sudoers/defaults.c:328 +#: plugins/sudoers/defaults.c:287 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s: valitsin ”%s” ei ota arvoa" -#: plugins/sudoers/defaults.c:353 +#: plugins/sudoers/defaults.c:312 #, c-format msgid "%s:%d invalid Defaults type 0x%x for option \"%s\"" msgstr "%s:%d virheellinen Defaults-tyyppi 0x%x valitsimelle ”%s”" -#: plugins/sudoers/defaults.c:356 +#: plugins/sudoers/defaults.c:315 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s: virheellinen Defaults-tyyppi 0x%x valitsimelle ”%s”" -#: plugins/sudoers/defaults.c:366 +#: plugins/sudoers/defaults.c:325 #, c-format msgid "%s:%d value \"%s\" is invalid for option \"%s\"" msgstr "%s:%d arvo ”%s” on virheellinen valitsimelle ”%s”" -#: plugins/sudoers/defaults.c:369 +#: plugins/sudoers/defaults.c:328 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s: arvo ”%s” on virheellinen valitsimelle ”%s”" @@ -1277,11 +1747,11 @@ msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: rikkoutunut envp, pituus ei täsmää" -#: plugins/sudoers/env.c:1132 +#: plugins/sudoers/env.c:1133 msgid "unable to rebuild the environment" msgstr "ympäristön rakentaminen uudelleen epäonnistui" -#: plugins/sudoers/env.c:1206 +#: plugins/sudoers/env.c:1207 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "seuraavia ympäristömuuttujia ei ole lupa asettaa: %s" @@ -1306,28 +1776,28 @@ msgid "%s: read error" msgstr "%s: kirjoitusvirhe" -#: plugins/sudoers/group_plugin.c:90 +#: plugins/sudoers/group_plugin.c:91 #, c-format msgid "%s must be owned by uid %d" msgstr "%s-omistajan on oltava uid %d" -#: plugins/sudoers/group_plugin.c:94 +#: plugins/sudoers/group_plugin.c:95 #, c-format msgid "%s must only be writable by owner" msgstr "%s on vain omistajan kirjoitettava" -#: plugins/sudoers/group_plugin.c:102 plugins/sudoers/sssd.c:562 +#: plugins/sudoers/group_plugin.c:104 plugins/sudoers/sssd.c:562 #, c-format msgid "unable to load %s: %s" msgstr "kohteen %s lataaminen epäonnistui: %s" # parametrina on path -#: plugins/sudoers/group_plugin.c:108 +#: plugins/sudoers/group_plugin.c:110 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "symbolin ”group_plugin” löytäminen polusta %s epäonnistui" -#: plugins/sudoers/group_plugin.c:113 +#: plugins/sudoers/group_plugin.c:115 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: yhteensopimaton ryhmälisäosan major-versio %d, odotettiin %d" @@ -1347,91 +1817,147 @@ msgid "Local IP address and netmask pairs:\n" msgstr "Paikallinen verkko-osoite ja verkkopeiteparit:\n" -#: plugins/sudoers/iolog.c:117 plugins/sudoers/mkdir_parents.c:82 +#: plugins/sudoers/iolog.c:146 plugins/sudoers/sudoers.c:398 +#: plugins/sudoers/sudoers.c:400 plugins/sudoers/sudoers.c:1289 +#: plugins/sudoers/testsudoers.c:424 #, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s on olemassa, mutta ei ole hakemisto (0%o)" +msgid "unknown group: %s" +msgstr "tuntematon ryhmä: %s" -#: plugins/sudoers/iolog.c:142 plugins/sudoers/iolog.c:182 -#: plugins/sudoers/mkdir_parents.c:71 plugins/sudoers/timestamp.c:212 +#: plugins/sudoers/iolog.c:505 plugins/sudoers/iolog.c:788 +#: plugins/sudoers/iolog.c:938 plugins/sudoers/iolog.c:945 +#: plugins/sudoers/iolog.c:1066 plugins/sudoers/iolog.c:1073 +#: plugins/sudoers/iolog.c:1172 plugins/sudoers/iolog.c:1179 #, c-format -msgid "unable to mkdir %s" -msgstr "käskyn mkdir %s suorittaminen epäonnistui" +msgid "unable to write to I/O log file: %s" +msgstr "siirtolokitiedostoon: %s kirjoittaminen epäonnistui" -#: plugins/sudoers/iolog.c:186 plugins/sudoers/visudo.c:739 -#: plugins/sudoers/visudo.c:750 +#: plugins/sudoers/iolog.c:555 +msgid "unable to update sequence file" +msgstr "sekvenssitiedostoa ei voi päivittää" + +# Parametrina on pathbuf +#: plugins/sudoers/iolog.c:594 +#, fuzzy, c-format +#| msgid "unable to create %s" +msgid "unable to create %s/%s" +msgstr "hakemistopolun %s luominen epäonnistui" + +#: plugins/sudoers/iolog.c:622 +msgid "unable to connect to log server" +msgstr "yhteyden muodostaminen lokipalvelimeen ei onnistu" + +#: plugins/sudoers/iolog.c:830 #, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "tilan %s vaihtaminen arvoon 0%o epäonnistui" +msgid "%s: internal error, I/O log file for event %d not open" +msgstr "%s: sisäinen virhe, tapahtuman %d siirräntälokitiedosto ei ole avoin" -#: plugins/sudoers/iolog.c:294 plugins/sudoers/sudoers.c:1194 -#: plugins/sudoers/testsudoers.c:424 +#: plugins/sudoers/iolog.c:923 plugins/sudoers/iolog.c:1051 +#: plugins/sudoers/iolog.c:1156 plugins/sudoers/timestamp.c:862 +#: plugins/sudoers/timestamp.c:954 plugins/sudoers/visudo.c:498 +#: plugins/sudoers/visudo.c:504 +msgid "unable to read the clock" +msgstr "kellon lukeminen epäonnistui" + +#: plugins/sudoers/iolog.c:1148 plugins/sudoers/iolog_client.c:862 #, c-format -msgid "unknown group: %s" -msgstr "tuntematon ryhmä: %s" +msgid "%s: internal error, invalid signal %d" +msgstr "%s: sisäinen virhe, virheellinen signaali %d" -# Parametrinä on sudoers-tiedosto tai pathbuf -#: plugins/sudoers/iolog.c:464 plugins/sudoers/sudoers.c:918 -#: plugins/sudoers/sudoreplay.c:846 plugins/sudoers/sudoreplay.c:1542 -#: plugins/sudoers/tsdump.c:145 +#: plugins/sudoers/iolog_client.c:297 #, c-format -msgid "unable to read %s" -msgstr "kohteen %s lukeminen epäonnistui" +msgid "Creation of new SSL_CTX object failed: %s" +msgstr "Uuden SSL_CTX-objektin luominen epäonnistui: %s" -# Parametrina on pathbuf -#: plugins/sudoers/iolog.c:579 plugins/sudoers/iolog.c:801 +#: plugins/sudoers/iolog_client.c:320 +#, fuzzy +#| msgid "Send mail if the user is not in sudoers" +msgid "CA bundle file is not set in sudoers" +msgstr "Lähetä sähköpostia, jos käyttäjä ei ole sudoers-määrittelyssä" + +#: plugins/sudoers/iolog_client.c:327 #, c-format -msgid "unable to create %s" -msgstr "hakemistopolun %s luominen epäonnistui" +msgid "Calling SSL_CTX_load_verify_locations() failed: %s" +msgstr "SSL_CTX_load_verify_locations() epäonnistui: %s" -#: plugins/sudoers/iolog.c:824 plugins/sudoers/iolog.c:1039 -#: plugins/sudoers/iolog.c:1115 plugins/sudoers/iolog.c:1209 -#: plugins/sudoers/iolog.c:1270 +#: plugins/sudoers/iolog_client.c:339 +msgid "Signed certificate file is not set in sudoers" +msgstr "Allekirjoitettua varmennetiedostoa ei ole määritelty sudoers-tiedostossa" + +#: plugins/sudoers/iolog_client.c:345 #, c-format -msgid "unable to write to I/O log file: %s" -msgstr "siirtolokitiedostoon: %s kirjoittaminen epäonnistui" +msgid "Unable to load cert into the ssl context: %s" +msgstr "Varmennetta ei voi ladata ssl-kontekstiin: %s" -#: plugins/sudoers/iolog.c:1073 -#, fuzzy, c-format -#| msgid "%s: internal error, file index %d not open" -msgid "%s: internal error, I/O log file for event %d not open" -msgstr "%s: sisäinen virhe, tiedostoindeksi %d ei ole avoin" +#: plugins/sudoers/iolog_client.c:356 +#, c-format +msgid "Unable to load private key into the ssl context: %s" +msgstr "Yksityistä avainta ei voi ladata ssl-kontekstiin: %s" -#: plugins/sudoers/iolog.c:1233 -#, fuzzy, c-format -#| msgid "%s: internal error, file index %d not open" -msgid "%s: internal error, invalid signal %d" -msgstr "%s: sisäinen virhe, tiedostoindeksi %d ei ole avoin" +#: plugins/sudoers/iolog_client.c:363 +#, c-format +msgid "Unable to allocate ssl object: %s" +msgstr "Ssl-objektia ei voi varata: %s" -#: plugins/sudoers/iolog_util.c:90 +#: plugins/sudoers/iolog_client.c:369 #, c-format -msgid "%s: invalid log file" -msgstr "%s: virheellinen lokitiedosto" +msgid "Unable to attach socket to the ssl object: %s" +msgstr "Sokettia ei voi liittää SSL-objektiin: %s" -#: plugins/sudoers/iolog_util.c:108 +#: plugins/sudoers/iolog_client.c:457 #, c-format -msgid "%s: time stamp field is missing" -msgstr "%s: aikaleimakenttä puuttuu" +msgid "SSL_connect failed: ssl_error=%d, stack=%s" +msgstr "SSL_connect epäonnistui: ssl_error=%d, pino=%s" -#: plugins/sudoers/iolog_util.c:114 +#: plugins/sudoers/iolog_client.c:599 #, c-format -msgid "%s: time stamp %s: %s" -msgstr "%s: aikaleima %s: %s" +msgid "client message too large: %zu" +msgstr "asiakassanoma on liian suuri: %zu" + +#: plugins/sudoers/iolog_client.c:656 plugins/sudoers/iolog_client.c:844 +msgid "unable to get time of day" +msgstr "kellonajan noutaminen epäonnistui" -#: plugins/sudoers/iolog_util.c:121 +#: plugins/sudoers/iolog_client.c:871 #, c-format -msgid "%s: user field is missing" -msgstr "%s: käyttäjäkenttä puuttuu" +msgid "%s: internal error, invalid exit status %d" +msgstr "%s: sisäinen virhe, virheellinen lopetustila %d" + +#: plugins/sudoers/iolog_client.c:1104 +msgid "TLS initialization was unsuccessful" +msgstr "TLS-alustus epäonnistui" + +#: plugins/sudoers/iolog_client.c:1109 +msgid "TLS handshake was unsuccessful" +msgstr "TLS-kättely epäonnistui" -#: plugins/sudoers/iolog_util.c:130 +#: plugins/sudoers/iolog_client.c:1361 #, c-format -msgid "%s: runas user field is missing" -msgstr "%s: suorita käyttäjänä-kenttä puuttuu" +msgid "SSL_read failed: ssl_error=%d, stack=%s" +msgstr "SSL_read epäonnistui: ssl_error=%d, pino=%s" -#: plugins/sudoers/iolog_util.c:139 +#: plugins/sudoers/iolog_client.c:1384 +msgid "lost connection to log server" +msgstr "yhteys lokipalvelimeen katkesi" + +#: plugins/sudoers/iolog_client.c:1397 #, c-format -msgid "%s: runas group field is missing" -msgstr "%s: suorita ryhmänä-kenttä puuttuu" +msgid "server message too large: %u" +msgstr "palvelinsanoma on liian suuri: %u" + +#: plugins/sudoers/iolog_client.c:1461 +msgid "missing write buffer" +msgstr "puuttuva kirjoituspuskuri" + +#: plugins/sudoers/iolog_client.c:1486 +#, c-format +msgid "SSL_write failed: ssl_error=%d, stack=%s" +msgstr "SSL_write epäonnistui: ssl_error=%d, pino=%s" + +#: plugins/sudoers/iolog_client.c:1610 +#, c-format +msgid "unknown address family: %d" +msgstr "tuntematon osoiteperhe: %d" #: plugins/sudoers/ldap.c:178 plugins/sudoers/ldap_conf.c:296 msgid "starttls not supported when using ldaps" @@ -1456,7 +1982,7 @@ msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls määritelty, mutta LDAP-kirjastot ei tue funktiota ldap_start_tls_s() tai funktiota ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:734 +#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:747 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "virheellinen sudoOrder-attribuutti: %s" @@ -1475,11 +2001,10 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "ldap:n ja ldap-verkkoresurssitunnuksien sekoittaminen epäonnistui" -#: plugins/sudoers/ldap_util.c:456 plugins/sudoers/ldap_util.c:458 -#, fuzzy, c-format -#| msgid "%s: unable to allocate options: %s" +#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 +#, c-format msgid "unable to convert sudoOption: %s%s%s" -msgstr "%s: muistin varaaminen valitsimille epäonnistui: %s" +msgstr "sudoOptionia ei voi muuntaa: %s%s%s" #: plugins/sudoers/linux_audit.c:59 msgid "unable to open audit system" @@ -1489,80 +2014,62 @@ msgid "unable to send audit message" msgstr "audit-viestin lähettäminen epäonnistui" -#: plugins/sudoers/logging.c:120 -#, c-format -msgid "%8s : %s" -msgstr "%8s : %s" - -#: plugins/sudoers/logging.c:148 -#, c-format -msgid "%8s : (command continued) %s" -msgstr "%8s: (komento jatkui) %s" - -#: plugins/sudoers/logging.c:177 +#: plugins/sudoers/logging.c:175 #, c-format msgid "unable to open log file: %s" msgstr "lokitiedoston avaaminen epäonnistui: %s" -#: plugins/sudoers/logging.c:185 +#: plugins/sudoers/logging.c:183 #, c-format msgid "unable to lock log file: %s" msgstr "lokitiedoston lukitseminen epäonnistui: %s" -#: plugins/sudoers/logging.c:218 +#: plugins/sudoers/logging.c:216 #, c-format msgid "unable to write log file: %s" msgstr "lokitiedostoon: %s kirjoittaminen epäonnistui" -#: plugins/sudoers/logging.c:248 -msgid "No user or host" -msgstr "Ei käyttäjä eikä tietokone" - -#: plugins/sudoers/logging.c:250 -msgid "validation failure" -msgstr "kelpuutushäiriö" - -#: plugins/sudoers/logging.c:261 +#: plugins/sudoers/logging.c:249 msgid "user NOT in sudoers" msgstr "käyttäjä EI ole sudoers-tiedostossa" -#: plugins/sudoers/logging.c:263 +#: plugins/sudoers/logging.c:251 msgid "user NOT authorized on host" msgstr "käyttäjä ei ole varmennettu tietokoneella" -#: plugins/sudoers/logging.c:265 +#: plugins/sudoers/logging.c:253 msgid "command not allowed" msgstr "komento ei ole sallittu" -#: plugins/sudoers/logging.c:301 +#: plugins/sudoers/logging.c:296 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "käyttäjä %s ei ole sudoers-tiedostossa. Tästä tapahtumasta ilmoitetaan.\n" -#: plugins/sudoers/logging.c:304 +#: plugins/sudoers/logging.c:299 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "käyttäjä %s ei saa suorittaa komentoa sudo tietokoneella %s. Tästä tapahtumasta ilmoitetaan.\n" -#: plugins/sudoers/logging.c:308 +#: plugins/sudoers/logging.c:303 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Käyttäjä %s ei voi suorittaa komentoa sudo tietokoneella %s.\n" -#: plugins/sudoers/logging.c:311 +#: plugins/sudoers/logging.c:306 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Käyttäjän %s ei sallita suorittaa ’%s%s%s’ käyttäjänä %s%s%s tietokoneella %s.\n" -#: plugins/sudoers/logging.c:348 plugins/sudoers/sudoers.c:442 -#: plugins/sudoers/sudoers.c:444 plugins/sudoers/sudoers.c:446 -#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:603 -#: plugins/sudoers/sudoers.c:605 +#: plugins/sudoers/logging.c:343 plugins/sudoers/sudoers.c:518 +#: plugins/sudoers/sudoers.c:520 plugins/sudoers/sudoers.c:522 +#: plugins/sudoers/sudoers.c:524 plugins/sudoers/sudoers.c:675 +#: plugins/sudoers/sudoers.c:677 #, c-format msgid "%s: command not found" msgstr "%s: komentoa ei löytynyt" -#: plugins/sudoers/logging.c:350 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/logging.c:345 plugins/sudoers/sudoers.c:514 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -1571,52 +2078,46 @@ "ohitetaan komento ”%s”, joka löytyi kohteesta ’.’\n" "Käytä ”sudo ./%s”, jos tämä on ”%s”-komento, joka halutaan suorittaa." -#: plugins/sudoers/logging.c:367 +#: plugins/sudoers/logging.c:362 msgid "authentication failure" msgstr "todentamishäiriö" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:388 msgid "a password is required" msgstr "vaaditaan salasana" -#: plugins/sudoers/logging.c:463 +#: plugins/sudoers/logging.c:458 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u väärä salasana yritetty" msgstr[1] "%u väärää salasanaa yritetty" -#: plugins/sudoers/logging.c:728 +#: plugins/sudoers/logging.c:722 #, c-format msgid "unable to dup stdin: %m" msgstr "funktion dup kutsuminen vakiosyötteellä epäonnistui: %m" -#: plugins/sudoers/logging.c:768 +#: plugins/sudoers/logging.c:759 #, c-format msgid "unable to execute %s: %m" msgstr "käskyn %s suorittaminen epäonnistui: %m" -#: plugins/sudoers/logging.c:809 plugins/sudoers/logging.c:865 +#: plugins/sudoers/logging.c:800 plugins/sudoers/logging.c:856 #, c-format msgid "unable to fork: %m" msgstr "fork-funktion kutsuminen epäonnistui: %m" -#: plugins/sudoers/logging.c:855 +#: plugins/sudoers/logging.c:846 #, c-format msgid "unable to open pipe: %m" msgstr "putken avaaminen epäonnistui: %m" -#: plugins/sudoers/match_digest.c:103 +#: plugins/sudoers/match_digest.c:123 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "tiiviste kohteelle %s (%s) ei ole %s-muodossa" -#: plugins/sudoers/mkdir_parents.c:77 plugins/sudoers/sudoers.c:943 -#: plugins/sudoers/visudo.c:437 plugins/sudoers/visudo.c:733 -#, c-format -msgid "unable to stat %s" -msgstr "funktion stat %s kutsuminen epäonnistui" - #: plugins/sudoers/parse.c:449 #, c-format msgid "" @@ -1675,60 +2176,59 @@ msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Käyttäjä %s ei saa suorittaa komentoa sudo tietokoneella %s.\n" -#: plugins/sudoers/parse_ldif.c:604 +#: plugins/sudoers/parse_ldif.c:617 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" -msgstr "" +msgstr "jätetään huomiotta epätäydellinen sudoRole: cn: %s" -#: plugins/sudoers/parse_ldif.c:664 -#, fuzzy, c-format -#| msgid "invalid sudoOrder attribute: %s" +#: plugins/sudoers/parse_ldif.c:677 +#, c-format msgid "invalid LDIF attribute: %s" -msgstr "virheellinen sudoOrder-attribuutti: %s" +msgstr "virheellinen LDIF-määrite: %s" -#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:116 +#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:115 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "" -#: plugins/sudoers/policy.c:295 plugins/sudoers/testsudoers.c:280 +#: plugins/sudoers/policy.c:294 plugins/sudoers/testsudoers.c:280 msgid "unable to parse network address list" msgstr "verkko-osoiteluettelon jäsentäminen epäonnistui" #: plugins/sudoers/policy.c:439 msgid "user name not set by sudo front-end" -msgstr "" +msgstr "sudo-edustaohjelma ei määritellyt käyttäjänimeä" #: plugins/sudoers/policy.c:443 msgid "user-ID not set by sudo front-end" -msgstr "" +msgstr "sudo-edustaohjelma ei määritellyt käyttäjä-ID:tä" #: plugins/sudoers/policy.c:447 msgid "group-ID not set by sudo front-end" -msgstr "" +msgstr "sudo-edustaohjelma ei määritellyt ryhmä-ID:tä" #: plugins/sudoers/policy.c:451 msgid "host name not set by sudo front-end" -msgstr "" +msgstr "sudo-edustaohjelma ei määritellyt konenimeä" # Parametri on path, mutta saattaa sisältää suoritettavan ohjelman -#: plugins/sudoers/policy.c:808 plugins/sudoers/visudo.c:236 +#: plugins/sudoers/policy.c:897 plugins/sudoers/visudo.c:236 #: plugins/sudoers/visudo.c:867 #, c-format msgid "unable to execute %s" msgstr "kohteen %s suorittaminen epäonnistui" -#: plugins/sudoers/policy.c:939 +#: plugins/sudoers/policy.c:1055 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Sudoers-menettelytapalisäosaversio %s\n" -#: plugins/sudoers/policy.c:941 +#: plugins/sudoers/policy.c:1057 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Sudoers-tiedostokielioppiversio %d\n" -#: plugins/sudoers/policy.c:945 +#: plugins/sudoers/policy.c:1061 #, c-format msgid "" "\n" @@ -1737,22 +2237,22 @@ "\n" "Sudoers-polku: %s\n" -#: plugins/sudoers/policy.c:948 +#: plugins/sudoers/policy.c:1064 #, c-format msgid "nsswitch path: %s\n" msgstr "nsswitch-polku: %s\n" -#: plugins/sudoers/policy.c:950 +#: plugins/sudoers/policy.c:1066 #, c-format msgid "ldap.conf path: %s\n" msgstr "ldap.conf-polku: %s\n" -#: plugins/sudoers/policy.c:951 +#: plugins/sudoers/policy.c:1067 #, c-format msgid "ldap.secret path: %s\n" msgstr "ldap.secret-polku: %s\n" -#: plugins/sudoers/policy.c:984 +#: plugins/sudoers/policy.c:1100 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "kytkentätyypin %d (version %d.%d) rekisteröiminen epäonnistui" @@ -1831,48 +2331,48 @@ msgid "unable to parse gids for %s" msgstr "ryhmätunnisteiden jäsentäminen tiedostolle %s epäonnistui" -#: plugins/sudoers/set_perms.c:120 plugins/sudoers/set_perms.c:478 -#: plugins/sudoers/set_perms.c:921 plugins/sudoers/set_perms.c:1254 -#: plugins/sudoers/set_perms.c:1573 +#: plugins/sudoers/set_perms.c:120 plugins/sudoers/set_perms.c:447 +#: plugins/sudoers/set_perms.c:850 plugins/sudoers/set_perms.c:1156 +#: plugins/sudoers/set_perms.c:1450 msgid "perm stack overflow" msgstr "käyttöoikeuspinoylivuoto" -#: plugins/sudoers/set_perms.c:128 plugins/sudoers/set_perms.c:409 -#: plugins/sudoers/set_perms.c:486 plugins/sudoers/set_perms.c:788 -#: plugins/sudoers/set_perms.c:929 plugins/sudoers/set_perms.c:1178 -#: plugins/sudoers/set_perms.c:1262 plugins/sudoers/set_perms.c:1506 -#: plugins/sudoers/set_perms.c:1581 plugins/sudoers/set_perms.c:1672 +#: plugins/sudoers/set_perms.c:128 plugins/sudoers/set_perms.c:378 +#: plugins/sudoers/set_perms.c:455 plugins/sudoers/set_perms.c:717 +#: plugins/sudoers/set_perms.c:858 plugins/sudoers/set_perms.c:1080 +#: plugins/sudoers/set_perms.c:1164 plugins/sudoers/set_perms.c:1383 +#: plugins/sudoers/set_perms.c:1458 plugins/sudoers/set_perms.c:1548 msgid "perm stack underflow" msgstr "käyttöoikeuspinovajaus" -#: plugins/sudoers/set_perms.c:187 plugins/sudoers/set_perms.c:532 -#: plugins/sudoers/set_perms.c:1315 plugins/sudoers/set_perms.c:1614 +#: plugins/sudoers/set_perms.c:187 plugins/sudoers/set_perms.c:501 +#: plugins/sudoers/set_perms.c:1217 plugins/sudoers/set_perms.c:1491 msgid "unable to change to root gid" msgstr "vaihtaminen root gid -tunnisteeksi epäonnistui" -#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:629 -#: plugins/sudoers/set_perms.c:1060 plugins/sudoers/set_perms.c:1392 +#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:598 +#: plugins/sudoers/set_perms.c:989 plugins/sudoers/set_perms.c:1294 msgid "unable to change to runas gid" msgstr "vaihtaminen runas gid -tunnisteeksi epäonnistui" -#: plugins/sudoers/set_perms.c:283 plugins/sudoers/set_perms.c:634 -#: plugins/sudoers/set_perms.c:1065 plugins/sudoers/set_perms.c:1397 +#: plugins/sudoers/set_perms.c:283 plugins/sudoers/set_perms.c:603 +#: plugins/sudoers/set_perms.c:994 plugins/sudoers/set_perms.c:1299 msgid "unable to set runas group vector" msgstr "runas-ryhmävektorin asettaminen epäonnistui" -#: plugins/sudoers/set_perms.c:294 plugins/sudoers/set_perms.c:645 -#: plugins/sudoers/set_perms.c:1074 plugins/sudoers/set_perms.c:1406 +#: plugins/sudoers/set_perms.c:294 plugins/sudoers/set_perms.c:614 +#: plugins/sudoers/set_perms.c:1003 plugins/sudoers/set_perms.c:1308 msgid "unable to change to runas uid" msgstr "vaihtaminen runas uid -tunnisteeksi epäonnistui" -#: plugins/sudoers/set_perms.c:312 plugins/sudoers/set_perms.c:663 -#: plugins/sudoers/set_perms.c:1090 plugins/sudoers/set_perms.c:1422 +#: plugins/sudoers/set_perms.c:312 plugins/sudoers/set_perms.c:632 +#: plugins/sudoers/set_perms.c:1019 plugins/sudoers/set_perms.c:1324 msgid "unable to change to sudoers gid" msgstr "vaihtaminen sudoers gid-tunnisteeksi epäonnistui" -#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 -#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 -#: plugins/sudoers/set_perms.c:1659 +#: plugins/sudoers/set_perms.c:365 plugins/sudoers/set_perms.c:704 +#: plugins/sudoers/set_perms.c:1067 plugins/sudoers/set_perms.c:1370 +#: plugins/sudoers/set_perms.c:1535 msgid "too many processes" msgstr "liian monta prosessia" @@ -1906,211 +2406,229 @@ msgid "unable to find symbol \"%s\" in %s" msgstr "symbolin ”%s” löytäminen polusta %s epäonnistui" -#: plugins/sudoers/sudoers.c:212 plugins/sudoers/sudoers.c:871 +#: plugins/sudoers/sudoers.c:221 plugins/sudoers/sudoers.c:958 msgid "problem with defaults entries" msgstr "oletusrivien pulma" -#: plugins/sudoers/sudoers.c:216 +#: plugins/sudoers/sudoers.c:225 msgid "no valid sudoers sources found, quitting" msgstr "ei löytynyt kelvollisia sudoers-lähteitä, poistutaan" -#: plugins/sudoers/sudoers.c:254 +#: plugins/sudoers/sudoers.c:301 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers määrittelee, että root ei saa suorittaa sudo-komentoa" -#: plugins/sudoers/sudoers.c:312 +#: plugins/sudoers/sudoers.c:361 +msgid "user not allowed to override closefrom limit" +msgstr "" + +#: plugins/sudoers/sudoers.c:362 msgid "you are not permitted to use the -C option" msgstr "ei käyttöoikeuksia valitsimelle -C" -#: plugins/sudoers/sudoers.c:359 +#: plugins/sudoers/sudoers.c:426 #, c-format msgid "timestamp owner (%s): No such user" msgstr "aikaleimaomistaja (%s): Tuntematon käyttäjä" -#: plugins/sudoers/sudoers.c:374 +#: plugins/sudoers/sudoers.c:441 msgid "no tty" msgstr "ei tty:tä" -#: plugins/sudoers/sudoers.c:375 +#: plugins/sudoers/sudoers.c:442 msgid "sorry, you must have a tty to run sudo" msgstr "sudo-komennon suorittamiseksi on oltava tty" -#: plugins/sudoers/sudoers.c:437 +#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:450 +#, c-format +msgid "invalid shell for user %s: %s" +msgstr "virheellinen kuori käyttäjälle %s: %s" + +#: plugins/sudoers/sudoers.c:513 msgid "command in current directory" msgstr "komento nykyisessä hakemistossa" -#: plugins/sudoers/sudoers.c:456 +#: plugins/sudoers/sudoers.c:532 +msgid "user not allowed to set a command timeout" +msgstr "käyttäjä ei saa asettaa komennon aikakatkaisua" + +#: plugins/sudoers/sudoers.c:533 msgid "sorry, you are not allowed set a command timeout" msgstr "komennon aikavalvonnan asettaminen ei ole sallittua" -#: plugins/sudoers/sudoers.c:464 +#: plugins/sudoers/sudoers.c:541 +msgid "user not allowed to set a preserve the environment" +msgstr "käyttäjä ei saa asettaa ympäristön säilyttämistä" + +#: plugins/sudoers/sudoers.c:542 msgid "sorry, you are not allowed to preserve the environment" msgstr "ympäristöä ei ole lupa säilyttää" -#: plugins/sudoers/sudoers.c:815 +#: plugins/sudoers/sudoers.c:893 msgid "command too long" msgstr "komento on liian pitkä" -#: plugins/sudoers/sudoers.c:947 +#: plugins/sudoers/sudoers.c:951 +msgid "sudoedit doesn't need to be run via sudo" +msgstr "sudoeditiä ei tarvitse ajaa sudon kautta" + +# Parametrinä on sudoers-tiedosto tai pathbuf +#: plugins/sudoers/sudoers.c:1005 plugins/sudoers/sudoreplay.c:1502 +#: plugins/sudoers/tsdump.c:145 +#, c-format +msgid "unable to read %s" +msgstr "kohteen %s lukeminen epäonnistui" + +#: plugins/sudoers/sudoers.c:1030 plugins/sudoers/visudo.c:437 +#: plugins/sudoers/visudo.c:733 +#, c-format +msgid "unable to stat %s" +msgstr "funktion stat %s kutsuminen epäonnistui" + +#: plugins/sudoers/sudoers.c:1034 #, c-format msgid "%s is not a regular file" msgstr "%s ei ole tavallinen tiedosto" -#: plugins/sudoers/sudoers.c:951 plugins/sudoers/timestamp.c:259 toke.l:967 +#: plugins/sudoers/sudoers.c:1038 plugins/sudoers/timestamp.c:259 toke.l:967 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s on uid %u -käyttäjän omistama, pitäisi olla %u" -#: plugins/sudoers/sudoers.c:955 toke.l:972 +#: plugins/sudoers/sudoers.c:1042 toke.l:972 #, c-format msgid "%s is world writable" msgstr "%s on yleiskirjoitettava" -#: plugins/sudoers/sudoers.c:959 toke.l:975 +#: plugins/sudoers/sudoers.c:1046 toke.l:975 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s on gid %u -ryhmän omistama, pitäisi olla %u" -#: plugins/sudoers/sudoers.c:992 +#: plugins/sudoers/sudoers.c:1079 #, c-format msgid "only root can use \"-c %s\"" msgstr "vain root-käyttäjä voi käyttää valitsinta ”-c %s”" -#: plugins/sudoers/sudoers.c:1011 +#: plugins/sudoers/sudoers.c:1098 #, c-format msgid "unknown login class: %s" msgstr "tuntematon kirjautumisluokka: %s" -#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoers.c:1110 +#: plugins/sudoers/sudoers.c:1183 plugins/sudoers/sudoers.c:1198 #, c-format msgid "unable to resolve host %s" msgstr "tietokoneen %s ratkaiseminen epäonnistui" -#: plugins/sudoers/sudoreplay.c:250 +#: plugins/sudoers/sudoreplay.c:263 #, c-format msgid "invalid filter option: %s" msgstr "virheellinen suodatinvalitsin: %s" -#: plugins/sudoers/sudoreplay.c:263 +#: plugins/sudoers/sudoreplay.c:276 #, c-format msgid "invalid max wait: %s" msgstr "virheellinen enimmäisodotusaika: %s" -#: plugins/sudoers/sudoreplay.c:286 +#: plugins/sudoers/sudoreplay.c:299 #, c-format msgid "invalid speed factor: %s" msgstr "virheellinen nopeustekijä: %s" -#: plugins/sudoers/sudoreplay.c:321 +#: plugins/sudoers/sudoreplay.c:335 #, c-format -msgid "%s/%.2s/%.2s/%.2s/timing: %s" -msgstr "%s/%.2s/%.2s/%.2s/ajoitus: %s" +msgid "%s/%.2s/%.2s/%.2s: %s" +msgstr "%s/%.2s/%.2s/%.2s: %s" -#: plugins/sudoers/sudoreplay.c:326 -#, fuzzy, c-format -#| msgid "%s/%s/timing: %s" +#: plugins/sudoers/sudoreplay.c:340 +#, c-format msgid "%s/timing: %s" -msgstr "%s/%s/ajoitus: %s" +msgstr "%s/ajoitus: %s" -#: plugins/sudoers/sudoreplay.c:330 +#: plugins/sudoers/sudoreplay.c:344 #, c-format -msgid "%s/%s/timing: %s" -msgstr "%s/%s/ajoitus: %s" +msgid "%s/%s: %s" +msgstr "%s/%s: %s" -#: plugins/sudoers/sudoreplay.c:346 +#: plugins/sudoers/sudoreplay.c:372 #, c-format msgid "Replaying sudo session: %s" msgstr "Toistetaan sudo-istunto: %s" -#: plugins/sudoers/sudoreplay.c:544 plugins/sudoers/sudoreplay.c:591 -#: plugins/sudoers/sudoreplay.c:789 plugins/sudoers/sudoreplay.c:898 -#: plugins/sudoers/sudoreplay.c:983 plugins/sudoers/sudoreplay.c:998 -#: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/sudoreplay.c:1012 -#: plugins/sudoers/sudoreplay.c:1019 plugins/sudoers/sudoreplay.c:1026 -#: plugins/sudoers/sudoreplay.c:1174 -msgid "unable to add event to queue" -msgstr "tapahtuman lisääminen jonoon epäonnistui" - -#: plugins/sudoers/sudoreplay.c:659 +#: plugins/sudoers/sudoreplay.c:634 msgid "unable to set tty to raw mode" msgstr "tty:n asettaminen raakatilaan epäonnistui" -#: plugins/sudoers/sudoreplay.c:710 +#: plugins/sudoers/sudoreplay.c:685 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Varoitus: pääteikkunasi on liian pieni tämän lokin toistamiseksi oikein.\n" -#: plugins/sudoers/sudoreplay.c:711 +#: plugins/sudoers/sudoreplay.c:686 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Lokigeometria on %d x %d, pääteikkunasi geometria on %d x %d." -#: plugins/sudoers/sudoreplay.c:739 +#: plugins/sudoers/sudoreplay.c:714 msgid "Replay finished, press any key to restore the terminal." msgstr "Toistaminen päättyi, palaa pääteikkunaan painamalla mitä tahansa näppäintä." -#: plugins/sudoers/sudoreplay.c:772 -#, c-format -msgid "invalid timing file line: %s" -msgstr "virheellinen ajoitustiedostorivi: %s" - -#: plugins/sudoers/sudoreplay.c:1208 plugins/sudoers/sudoreplay.c:1233 +#: plugins/sudoers/sudoreplay.c:1161 plugins/sudoers/sudoreplay.c:1186 #, c-format msgid "ambiguous expression \"%s\"" msgstr "monimerkityksellinen lauseke ”%s”" -#: plugins/sudoers/sudoreplay.c:1255 +#: plugins/sudoers/sudoreplay.c:1208 msgid "unmatched ')' in expression" msgstr "täsmäämätön ’)’ lausekkeessa" -#: plugins/sudoers/sudoreplay.c:1259 +#: plugins/sudoers/sudoreplay.c:1212 #, c-format msgid "unknown search term \"%s\"" msgstr "tuntematon hakutermi ”%s”" -#: plugins/sudoers/sudoreplay.c:1274 +#: plugins/sudoers/sudoreplay.c:1227 #, c-format msgid "%s requires an argument" msgstr "%s vaatii argumentin" -#: plugins/sudoers/sudoreplay.c:1277 plugins/sudoers/sudoreplay.c:1518 +#: plugins/sudoers/sudoreplay.c:1230 plugins/sudoers/sudoreplay.c:1478 #, c-format msgid "invalid regular expression: %s" msgstr "virheellinen säännöllinen lauseke: %s" -#: plugins/sudoers/sudoreplay.c:1281 +#: plugins/sudoers/sudoreplay.c:1234 #, c-format msgid "could not parse date \"%s\"" msgstr "päivämäärän ”%s” jäsentäminen epäonnistui" -#: plugins/sudoers/sudoreplay.c:1290 +#: plugins/sudoers/sudoreplay.c:1243 msgid "unmatched '(' in expression" msgstr "täsmäämätön ’(’ lausekkeessa" -#: plugins/sudoers/sudoreplay.c:1292 +#: plugins/sudoers/sudoreplay.c:1245 msgid "illegal trailing \"or\"" msgstr "virheellinen jäljessä oleva ”or”" -#: plugins/sudoers/sudoreplay.c:1294 +#: plugins/sudoers/sudoreplay.c:1247 msgid "illegal trailing \"!\"" msgstr "virheellinen jäljessä oleva ”!”" -#: plugins/sudoers/sudoreplay.c:1344 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "unknown search type %d" msgstr "tuntematon hakutyyppi %d" -#: plugins/sudoers/sudoreplay.c:1611 -#, fuzzy, c-format -#| msgid "usage: %s [-hnR] [-d dir] [-m num] [-s num] ID\n" +#: plugins/sudoers/sudoreplay.c:1569 +#, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" -msgstr "käyttö: %s [-hnR] [-d hakemisto] [-m numero] [-s numero] ID-tunniste\n" +msgstr "käyttö: %s [-hnRS] [-d hakemisto] [-m numero] [-s numero] tunniste\n" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1572 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "käyttö: %s [-h] [-d hakemisto] -l [hakulauseke]\n" -#: plugins/sudoers/sudoreplay.c:1623 +#: plugins/sudoers/sudoreplay.c:1581 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2119,18 +2637,7 @@ "%s - toista sudo-istuntolokit\n" "\n" -#: plugins/sudoers/sudoreplay.c:1625 -#, fuzzy -#| msgid "" -#| "\n" -#| "Options:\n" -#| " -d, --directory=dir specify directory for session logs\n" -#| " -f, --filter=filter specify which I/O type(s) to display\n" -#| " -h, --help display help message and exit\n" -#| " -l, --list list available session IDs, with optional expression\n" -#| " -m, --max-wait=num max number of seconds to wait between events\n" -#| " -s, --speed=num speed up or slow down output\n" -#| " -V, --version display version information and exit" +#: plugins/sudoers/sudoreplay.c:1583 msgid "" "\n" "Options:\n" @@ -2147,13 +2654,17 @@ msgstr "" "\n" "Valitsimet:\n" -" -d, --directory=hakemisto määrittele istuntolokien hakemisto\n" -" -f, --filter=suodatin määrittele, mitä siirräntätyyppiä näytetään\n" -" -h, --help näytä opasteviesti ja poistu\n" -" -l, --list [lauseke] luettele käytettävissä oleva istuntotunnisteet, jotka täsmäävät lausekkeeseen\n" -" -m, --max-wait=numero maksimisodotusaika tapahtumien välien enimmäisodotusaika sekunteina\n" -" -s, --speed=numero nopeustekijä nopeuta tai hidasta tulostusta\n" -" -V, --version näytä versiotiedot ja poistu" +" -d, --directory=hak määrittele istuntolokien hakemisto\n" +" -f, --filter=suodatin määrittele, mitkä siirräntätyyppit näytetään\n" +" -h, --help näytä opaste ja poistu\n" +" -l, --list [lauseke] luettele käytettävissä oleva istuntotunnisteet;\n" +" valinnainen täsmäyslauseke voidaan antaa\n" +" -m, --max-wait=määrä tapahtumien välinen enimmäisodotusaika sekunteina\n" +" -n, --non-interactive ei kehotteita, istunto lähetetään vakiotulosteeseen\n" +" -R, --no-resize älä yritä muuttaa päätteen kokoa\n" +" -S, --suspend-wait odota, kun komento on on pysäytetty\n" +" -s, --speed=luku nopeuta tai hidasta tulostusta\n" +" -V, --version näytä versiotiedot ja poistu" #: plugins/sudoers/testsudoers.c:362 msgid "\thost unmatched" @@ -2188,42 +2699,41 @@ msgid "%s is group writable" msgstr "%s on ryhmäkirjoitettava" -#: plugins/sudoers/timestamp.c:343 +#: plugins/sudoers/timestamp.c:343 plugins/sudoers/timestamp.c:687 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "aikaleimatiedoston typistäminen %lld-tavun kokoiseksi epäonnistui" -#: plugins/sudoers/timestamp.c:829 plugins/sudoers/timestamp.c:921 -#: plugins/sudoers/visudo.c:498 plugins/sudoers/visudo.c:504 -msgid "unable to read the clock" -msgstr "kellon lukeminen epäonnistui" - -#: plugins/sudoers/timestamp.c:840 +#: plugins/sudoers/timestamp.c:873 msgid "ignoring time stamp from the future" msgstr "ohitetaan aikaleima tulevaisuudesta" -#: plugins/sudoers/timestamp.c:863 +#: plugins/sudoers/timestamp.c:896 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "aikaleima liian kaukana tulevaisuudessa: %20.20s" -#: plugins/sudoers/timestamp.c:985 +#: plugins/sudoers/timestamp.c:1018 #, c-format msgid "unable to lock time stamp file %s" msgstr "aikaleimatiedoston %s lukitseminen epäonnistui" -#: plugins/sudoers/timestamp.c:1029 plugins/sudoers/timestamp.c:1049 +#: plugins/sudoers/timestamp.c:1062 plugins/sudoers/timestamp.c:1082 #, c-format msgid "lecture status path too long: %s/%s" msgstr "luentotilapolku on liian pitkä: %s/%s" +#: plugins/sudoers/toke_util.c:132 +msgid "sudoedit should not be specified with a path" +msgstr "sudoeditiä ei tule käynnistää polun kanssa" + #: plugins/sudoers/visudo.c:232 msgid "the -x option will be removed in a future release" msgstr "valitsin -x poistetaan jossakin tulevassa versiossa" #: plugins/sudoers/visudo.c:233 msgid "please consider using the cvtsudoers utility instead" -msgstr "" +msgstr "harkitse cvtsudoers-apuohjelman käyttöä" #: plugins/sudoers/visudo.c:284 plugins/sudoers/visudo.c:666 #, c-format @@ -2343,10 +2853,9 @@ # Avaamisen kohde voi olla timestamp file, sudoers file tai pathbuf #: plugins/sudoers/visudo.c:995 -#, fuzzy, c-format -#| msgid "unable to open %s" +#, c-format msgid "unable to lock %s" -msgstr "kohteen %s avaaminen epäonnistui" +msgstr "kohteen %s lukitseminen epäonnistui" #: plugins/sudoers/visudo.c:996 msgid "Edit anyway? [y/N]" @@ -2410,6 +2919,15 @@ msgid "too many levels of includes" msgstr "liian monta include-tasoa" +#~ msgid "No user or host" +#~ msgstr "Ei käyttäjä eikä tietokone" + +#~ msgid "validation failure" +#~ msgstr "kelpuutushäiriö" + +#~ msgid "%s/%s/timing: %s" +#~ msgstr "%s/%s/ajoitus: %s" + #~ msgid "" #~ "\n" #~ "LDAP Role: UNKNOWN\n" @@ -2510,9 +3028,6 @@ #~ " -s, --strict tiukka syntaksitarkistus\n" #~ " -V, --version näytä versiotiedot ja poistu -x, --export vie sudoers-tiedosto JSON-muodossa" -#~ msgid "invalid uri: %s" -#~ msgstr "virheellinen verkkoresurssin tunnus: %s" - #~ msgid "unable to mix ldaps and starttls" #~ msgstr "ldap- ja starttl-kohteiden sekoittaminen epäonnistui" @@ -2558,9 +3073,6 @@ #~ msgid "Unable to dlopen %s: %s" #~ msgstr "Funktion dlopen %s kutsuminen epäonnistui: %s" -#~ msgid "invalid regex: %s" -#~ msgstr "virheellinen säännöllinen lauseke: %s" - #~ msgid ">>> %s: %s near line %d <<<" #~ msgstr ">>> %s: %s lähellä riviä %d <<<" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/plugins/sudoers/po/fr.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/plugins/sudoers/po/fr.mo differ diff -Nru sudo-1.8.31/plugins/sudoers/po/fr.po sudo-1.9.0/plugins/sudoers/po/fr.po --- sudo-1.8.31/plugins/sudoers/po/fr.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/po/fr.po 2020-05-11 16:28:23.000000000 +0000 @@ -2,13 +2,13 @@ # This file is distributed under the same license as the sudo package. # # Frédéric Hantrais , 2014, 2015, 2016. -# Frédéric Marchal , 2019 +# Frédéric Marchal , 2020 msgid "" msgstr "" -"Project-Id-Version: sudoers 1.8.29rc1\n" +"Project-Id-Version: sudoers 1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-10-24 17:50+0200\n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-03-15 19:57+0100\n" "Last-Translator: Frédéric Marchal \n" "Language-Team: French \n" "Language: fr\n" @@ -42,70 +42,75 @@ msgid "Sorry, try again." msgstr "Désolé, essayez de nouveau." -#: gram.y:196 gram.y:244 gram.y:251 gram.y:258 gram.y:265 gram.y:272 -#: gram.y:288 gram.y:312 gram.y:319 gram.y:326 gram.y:333 gram.y:340 -#: gram.y:403 gram.y:412 gram.y:423 gram.y:456 gram.y:463 gram.y:470 -#: gram.y:477 gram.y:559 gram.y:566 gram.y:575 gram.y:584 gram.y:601 -#: gram.y:713 gram.y:720 gram.y:727 gram.y:735 gram.y:835 gram.y:842 -#: gram.y:849 gram.y:856 gram.y:863 gram.y:889 gram.y:896 gram.y:903 -#: gram.y:1026 gram.y:1303 plugins/sudoers/alias.c:132 -#: plugins/sudoers/alias.c:139 plugins/sudoers/alias.c:155 -#: plugins/sudoers/auth/bsdauth.c:148 plugins/sudoers/auth/kerb5.c:123 -#: plugins/sudoers/auth/kerb5.c:149 plugins/sudoers/auth/pam.c:670 -#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/auth/sia.c:64 -#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:165 -#: plugins/sudoers/cvtsudoers.c:182 plugins/sudoers/cvtsudoers.c:193 -#: plugins/sudoers/cvtsudoers.c:305 plugins/sudoers/cvtsudoers.c:433 -#: plugins/sudoers/cvtsudoers.c:566 plugins/sudoers/cvtsudoers.c:583 -#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 -#: plugins/sudoers/cvtsudoers.c:769 plugins/sudoers/cvtsudoers.c:1179 -#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1285 +#: gram.y:198 gram.y:246 gram.y:253 gram.y:260 gram.y:267 gram.y:274 +#: gram.y:290 gram.y:314 gram.y:321 gram.y:328 gram.y:335 gram.y:342 +#: gram.y:405 gram.y:414 gram.y:425 gram.y:458 gram.y:465 gram.y:472 +#: gram.y:479 gram.y:506 gram.y:578 gram.y:585 gram.y:594 gram.y:603 +#: gram.y:620 gram.y:732 gram.y:739 gram.y:747 gram.y:753 gram.y:853 +#: gram.y:860 gram.y:867 gram.y:874 gram.y:881 gram.y:907 gram.y:914 +#: gram.y:921 gram.y:1063 gram.y:1342 lib/iolog/iolog_util.c:79 +#: lib/iolog/iolog_util.c:118 lib/iolog/iolog_util.c:127 +#: lib/iolog/iolog_util.c:137 lib/iolog/iolog_util.c:145 +#: lib/iolog/iolog_util.c:149 logsrvd/eventlog.c:223 logsrvd/sendlog.c:286 +#: plugins/sudoers/alias.c:132 plugins/sudoers/alias.c:139 +#: plugins/sudoers/alias.c:155 plugins/sudoers/auth/bsdauth.c:148 +#: plugins/sudoers/auth/kerb5.c:123 plugins/sudoers/auth/kerb5.c:149 +#: plugins/sudoers/auth/pam.c:673 plugins/sudoers/auth/rfc1938.c:116 +#: plugins/sudoers/auth/sia.c:64 plugins/sudoers/cvtsudoers.c:124 +#: plugins/sudoers/cvtsudoers.c:165 plugins/sudoers/cvtsudoers.c:182 +#: plugins/sudoers/cvtsudoers.c:193 plugins/sudoers/cvtsudoers.c:305 +#: plugins/sudoers/cvtsudoers.c:433 plugins/sudoers/cvtsudoers.c:566 +#: plugins/sudoers/cvtsudoers.c:583 plugins/sudoers/cvtsudoers.c:646 +#: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:769 +#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1187 +#: plugins/sudoers/cvtsudoers.c:1289 plugins/sudoers/cvtsudoers_json.c:83 #: plugins/sudoers/cvtsudoers_ldif.c:154 plugins/sudoers/cvtsudoers_ldif.c:197 -#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:263 -#: plugins/sudoers/cvtsudoers_ldif.c:334 plugins/sudoers/cvtsudoers_ldif.c:389 -#: plugins/sudoers/cvtsudoers_ldif.c:397 plugins/sudoers/cvtsudoers_ldif.c:414 -#: plugins/sudoers/cvtsudoers_ldif.c:423 plugins/sudoers/cvtsudoers_ldif.c:570 -#: plugins/sudoers/defaults.c:666 plugins/sudoers/defaults.c:959 -#: plugins/sudoers/defaults.c:1130 plugins/sudoers/editor.c:72 +#: plugins/sudoers/cvtsudoers_ldif.c:238 plugins/sudoers/cvtsudoers_ldif.c:303 +#: plugins/sudoers/cvtsudoers_ldif.c:374 plugins/sudoers/cvtsudoers_ldif.c:429 +#: plugins/sudoers/cvtsudoers_ldif.c:437 plugins/sudoers/cvtsudoers_ldif.c:454 +#: plugins/sudoers/cvtsudoers_ldif.c:463 plugins/sudoers/cvtsudoers_ldif.c:610 +#: plugins/sudoers/defaults.c:632 plugins/sudoers/defaults.c:925 +#: plugins/sudoers/defaults.c:1058 plugins/sudoers/editor.c:72 #: plugins/sudoers/editor.c:90 plugins/sudoers/editor.c:101 #: plugins/sudoers/env.c:268 plugins/sudoers/filedigest.c:66 #: plugins/sudoers/filedigest.c:82 plugins/sudoers/gc.c:59 -#: plugins/sudoers/group_plugin.c:138 plugins/sudoers/interfaces.c:78 -#: plugins/sudoers/iolog.c:943 plugins/sudoers/iolog_path.c:174 -#: plugins/sudoers/iolog_util.c:86 plugins/sudoers/iolog_util.c:125 -#: plugins/sudoers/iolog_util.c:134 plugins/sudoers/iolog_util.c:144 -#: plugins/sudoers/iolog_util.c:152 plugins/sudoers/iolog_util.c:156 -#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416 -#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887 -#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668 -#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786 -#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022 -#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223 -#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306 -#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446 -#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558 -#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:683 -#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:510 -#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/linux_audit.c:83 -#: plugins/sudoers/logging.c:202 plugins/sudoers/logging.c:532 -#: plugins/sudoers/logging.c:558 plugins/sudoers/logging.c:599 -#: plugins/sudoers/logging.c:740 plugins/sudoers/logging.c:1100 -#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:367 -#: plugins/sudoers/match_command.c:414 plugins/sudoers/match_command.c:485 -#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:200 +#: plugins/sudoers/group_plugin.c:141 plugins/sudoers/interfaces.c:78 +#: plugins/sudoers/iolog.c:476 plugins/sudoers/iolog_client.c:107 +#: plugins/sudoers/iolog_client.c:485 plugins/sudoers/iolog_client.c:593 +#: plugins/sudoers/iolog_client.c:611 plugins/sudoers/iolog_client.c:1053 +#: plugins/sudoers/iolog_client.c:1283 plugins/sudoers/iolog_client.c:1619 +#: plugins/sudoers/iolog_client.c:1647 plugins/sudoers/ldap.c:185 +#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723 +#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241 +#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705 +#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921 +#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038 +#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254 +#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342 +#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461 +#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591 +#: plugins/sudoers/ldap_conf.c:683 plugins/sudoers/ldap_conf.c:765 +#: plugins/sudoers/ldap_util.c:331 plugins/sudoers/ldap_util.c:338 +#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:83 +#: plugins/sudoers/logging.c:200 plugins/sudoers/logging.c:527 +#: plugins/sudoers/logging.c:553 plugins/sudoers/logging.c:594 +#: plugins/sudoers/logging.c:731 plugins/sudoers/logging.c:1091 +#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:397 +#: plugins/sudoers/match_command.c:444 plugins/sudoers/match_command.c:515 +#: plugins/sudoers/match_digest.c:87 plugins/sudoers/parse.c:200 #: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:227 #: plugins/sudoers/parse.c:239 plugins/sudoers/parse_ldif.c:156 #: plugins/sudoers/parse_ldif.c:187 plugins/sudoers/parse_ldif.c:256 #: plugins/sudoers/parse_ldif.c:263 plugins/sudoers/parse_ldif.c:268 #: plugins/sudoers/parse_ldif.c:344 plugins/sudoers/parse_ldif.c:355 -#: plugins/sudoers/parse_ldif.c:361 plugins/sudoers/parse_ldif.c:386 -#: plugins/sudoers/parse_ldif.c:398 plugins/sudoers/parse_ldif.c:402 -#: plugins/sudoers/parse_ldif.c:416 plugins/sudoers/parse_ldif.c:584 -#: plugins/sudoers/parse_ldif.c:614 plugins/sudoers/parse_ldif.c:639 -#: plugins/sudoers/parse_ldif.c:697 plugins/sudoers/parse_ldif.c:714 -#: plugins/sudoers/parse_ldif.c:742 plugins/sudoers/parse_ldif.c:749 -#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:750 +#: plugins/sudoers/parse_ldif.c:382 plugins/sudoers/parse_ldif.c:399 +#: plugins/sudoers/parse_ldif.c:411 plugins/sudoers/parse_ldif.c:415 +#: plugins/sudoers/parse_ldif.c:429 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:627 plugins/sudoers/parse_ldif.c:652 +#: plugins/sudoers/parse_ldif.c:710 plugins/sudoers/parse_ldif.c:727 +#: plugins/sudoers/parse_ldif.c:755 plugins/sudoers/parse_ldif.c:762 +#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:830 #: plugins/sudoers/prompt.c:100 plugins/sudoers/pwutil.c:199 #: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 #: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:586 @@ -115,19 +120,19 @@ #: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 #: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 #: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 -#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 -#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 -#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 -#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 -#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:114 -#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 -#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 -#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 -#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 -#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 -#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:331 plugins/sudoers/sudoers.c:341 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:735 +#: plugins/sudoers/sudoers.c:864 plugins/sudoers/sudoers.c:909 +#: plugins/sudoers/sudoers.c:1213 plugins/sudoers/sudoreplay.c:559 +#: plugins/sudoers/sudoreplay.c:562 plugins/sudoers/sudoreplay.c:1218 +#: plugins/sudoers/sudoreplay.c:1425 plugins/sudoers/sudoreplay.c:1429 +#: plugins/sudoers/testsudoers.c:136 plugins/sudoers/testsudoers.c:236 +#: plugins/sudoers/testsudoers.c:253 plugins/sudoers/testsudoers.c:587 +#: plugins/sudoers/timestamp.c:439 plugins/sudoers/timestamp.c:483 +#: plugins/sudoers/timestamp.c:993 plugins/sudoers/toke_util.c:59 +#: plugins/sudoers/toke_util.c:112 plugins/sudoers/toke_util.c:137 +#: plugins/sudoers/toke_util.c:165 plugins/sudoers/tsdump.c:130 #: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 #: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 #: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 @@ -136,111 +141,116 @@ msgid "unable to allocate memory" msgstr "impossible d'allouer la mémoire" -#: gram.y:488 +#: gram.y:500 msgid "a digest requires a path name" msgstr "un résumé (digest) nécessite un chemin d'accès" -#: gram.y:614 +#: gram.y:633 msgid "invalid notbefore value" msgstr "valeur « notbefore » (pas avant) invalide" -#: gram.y:622 +#: gram.y:641 msgid "invalid notafter value" msgstr "valeur « notafter » (pas après) invalide" -#: gram.y:631 plugins/sudoers/policy.c:320 +#: gram.y:650 plugins/sudoers/policy.c:319 msgid "timeout value too large" msgstr "valeur trop grande pour le délai d'expiration" -#: gram.y:633 plugins/sudoers/policy.c:322 +#: gram.y:652 plugins/sudoers/policy.c:321 msgid "invalid timeout value" msgstr "valeur invalide pour le délai d'expiration" -#: gram.y:1303 plugins/sudoers/auth/pam.c:483 plugins/sudoers/auth/pam.c:670 -#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/cvtsudoers.c:124 -#: plugins/sudoers/cvtsudoers.c:164 plugins/sudoers/cvtsudoers.c:181 -#: plugins/sudoers/cvtsudoers.c:192 plugins/sudoers/cvtsudoers.c:304 -#: plugins/sudoers/cvtsudoers.c:432 plugins/sudoers/cvtsudoers.c:565 -#: plugins/sudoers/cvtsudoers.c:582 plugins/sudoers/cvtsudoers.c:646 -#: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:768 -#: plugins/sudoers/cvtsudoers.c:1179 plugins/sudoers/cvtsudoers.c:1183 -#: plugins/sudoers/cvtsudoers.c:1285 plugins/sudoers/cvtsudoers_ldif.c:153 -#: plugins/sudoers/cvtsudoers_ldif.c:196 plugins/sudoers/cvtsudoers_ldif.c:243 -#: plugins/sudoers/cvtsudoers_ldif.c:262 plugins/sudoers/cvtsudoers_ldif.c:333 -#: plugins/sudoers/cvtsudoers_ldif.c:388 plugins/sudoers/cvtsudoers_ldif.c:396 -#: plugins/sudoers/cvtsudoers_ldif.c:413 plugins/sudoers/cvtsudoers_ldif.c:422 -#: plugins/sudoers/cvtsudoers_ldif.c:569 plugins/sudoers/defaults.c:666 -#: plugins/sudoers/defaults.c:959 plugins/sudoers/defaults.c:1130 +#: gram.y:1342 lib/iolog/iolog_util.c:79 lib/iolog/iolog_util.c:118 +#: lib/iolog/iolog_util.c:127 lib/iolog/iolog_util.c:137 +#: lib/iolog/iolog_util.c:145 lib/iolog/iolog_util.c:149 +#: logsrvd/eventlog.c:223 plugins/sudoers/auth/pam.c:486 +#: plugins/sudoers/auth/pam.c:673 plugins/sudoers/auth/rfc1938.c:116 +#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:164 +#: plugins/sudoers/cvtsudoers.c:181 plugins/sudoers/cvtsudoers.c:192 +#: plugins/sudoers/cvtsudoers.c:304 plugins/sudoers/cvtsudoers.c:432 +#: plugins/sudoers/cvtsudoers.c:565 plugins/sudoers/cvtsudoers.c:582 +#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 +#: plugins/sudoers/cvtsudoers.c:768 plugins/sudoers/cvtsudoers.c:1183 +#: plugins/sudoers/cvtsudoers.c:1187 plugins/sudoers/cvtsudoers.c:1289 +#: plugins/sudoers/cvtsudoers_json.c:82 plugins/sudoers/cvtsudoers_ldif.c:153 +#: plugins/sudoers/cvtsudoers_ldif.c:196 plugins/sudoers/cvtsudoers_ldif.c:237 +#: plugins/sudoers/cvtsudoers_ldif.c:302 plugins/sudoers/cvtsudoers_ldif.c:373 +#: plugins/sudoers/cvtsudoers_ldif.c:428 plugins/sudoers/cvtsudoers_ldif.c:436 +#: plugins/sudoers/cvtsudoers_ldif.c:453 plugins/sudoers/cvtsudoers_ldif.c:462 +#: plugins/sudoers/cvtsudoers_ldif.c:609 plugins/sudoers/defaults.c:632 +#: plugins/sudoers/defaults.c:925 plugins/sudoers/defaults.c:1058 #: plugins/sudoers/editor.c:72 plugins/sudoers/editor.c:90 #: plugins/sudoers/editor.c:101 plugins/sudoers/env.c:268 #: plugins/sudoers/filedigest.c:66 plugins/sudoers/filedigest.c:82 -#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:138 -#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:943 -#: plugins/sudoers/iolog_path.c:174 plugins/sudoers/iolog_util.c:86 -#: plugins/sudoers/iolog_util.c:125 plugins/sudoers/iolog_util.c:134 -#: plugins/sudoers/iolog_util.c:144 plugins/sudoers/iolog_util.c:152 -#: plugins/sudoers/iolog_util.c:156 plugins/sudoers/ldap.c:185 -#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420 -#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723 -#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241 -#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705 -#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921 -#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038 -#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254 -#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342 -#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461 -#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591 -#: plugins/sudoers/ldap_conf.c:682 plugins/sudoers/ldap_conf.c:765 -#: plugins/sudoers/ldap_util.c:510 plugins/sudoers/ldap_util.c:567 -#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:202 -#: plugins/sudoers/logging.c:532 plugins/sudoers/logging.c:558 -#: plugins/sudoers/logging.c:598 plugins/sudoers/logging.c:1100 -#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:366 -#: plugins/sudoers/match_command.c:413 plugins/sudoers/match_command.c:485 -#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:199 +#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:140 +#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:476 +#: plugins/sudoers/iolog_client.c:107 plugins/sudoers/iolog_client.c:485 +#: plugins/sudoers/iolog_client.c:593 plugins/sudoers/iolog_client.c:611 +#: plugins/sudoers/iolog_client.c:1053 plugins/sudoers/iolog_client.c:1283 +#: plugins/sudoers/iolog_client.c:1619 plugins/sudoers/iolog_client.c:1647 +#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416 +#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432 +#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887 +#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668 +#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786 +#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022 +#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223 +#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306 +#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446 +#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558 +#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:682 +#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:330 +#: plugins/sudoers/ldap_util.c:337 plugins/sudoers/ldap_util.c:603 +#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:200 +#: plugins/sudoers/logging.c:527 plugins/sudoers/logging.c:553 +#: plugins/sudoers/logging.c:593 plugins/sudoers/logging.c:1091 +#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:396 +#: plugins/sudoers/match_command.c:443 plugins/sudoers/match_command.c:515 +#: plugins/sudoers/match_digest.c:87 plugins/sudoers/parse.c:199 #: plugins/sudoers/parse.c:211 plugins/sudoers/parse.c:226 #: plugins/sudoers/parse.c:238 plugins/sudoers/parse_ldif.c:155 #: plugins/sudoers/parse_ldif.c:186 plugins/sudoers/parse_ldif.c:255 #: plugins/sudoers/parse_ldif.c:262 plugins/sudoers/parse_ldif.c:267 #: plugins/sudoers/parse_ldif.c:343 plugins/sudoers/parse_ldif.c:354 -#: plugins/sudoers/parse_ldif.c:360 plugins/sudoers/parse_ldif.c:385 -#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:401 -#: plugins/sudoers/parse_ldif.c:415 plugins/sudoers/parse_ldif.c:584 -#: plugins/sudoers/parse_ldif.c:613 plugins/sudoers/parse_ldif.c:638 -#: plugins/sudoers/parse_ldif.c:696 plugins/sudoers/parse_ldif.c:713 -#: plugins/sudoers/parse_ldif.c:741 plugins/sudoers/parse_ldif.c:748 -#: plugins/sudoers/policy.c:134 plugins/sudoers/policy.c:143 -#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:178 -#: plugins/sudoers/policy.c:305 plugins/sudoers/policy.c:320 -#: plugins/sudoers/policy.c:322 plugins/sudoers/policy.c:348 -#: plugins/sudoers/policy.c:358 plugins/sudoers/policy.c:402 +#: plugins/sudoers/parse_ldif.c:381 plugins/sudoers/parse_ldif.c:398 +#: plugins/sudoers/parse_ldif.c:410 plugins/sudoers/parse_ldif.c:414 +#: plugins/sudoers/parse_ldif.c:428 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:133 plugins/sudoers/policy.c:142 +#: plugins/sudoers/policy.c:151 plugins/sudoers/policy.c:177 +#: plugins/sudoers/policy.c:304 plugins/sudoers/policy.c:319 +#: plugins/sudoers/policy.c:321 plugins/sudoers/policy.c:350 +#: plugins/sudoers/policy.c:359 plugins/sudoers/policy.c:402 #: plugins/sudoers/policy.c:412 plugins/sudoers/policy.c:421 #: plugins/sudoers/policy.c:430 plugins/sudoers/policy.c:504 -#: plugins/sudoers/policy.c:750 plugins/sudoers/prompt.c:100 +#: plugins/sudoers/policy.c:830 plugins/sudoers/prompt.c:100 #: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 #: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 #: plugins/sudoers/pwutil.c:586 plugins/sudoers/pwutil.c:657 #: plugins/sudoers/pwutil.c:816 plugins/sudoers/pwutil.c:873 #: plugins/sudoers/pwutil.c:917 plugins/sudoers/pwutil.c:975 -#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 -#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 -#: plugins/sudoers/set_perms.c:1659 plugins/sudoers/sssd.c:153 +#: plugins/sudoers/set_perms.c:365 plugins/sudoers/set_perms.c:704 +#: plugins/sudoers/set_perms.c:1067 plugins/sudoers/set_perms.c:1370 +#: plugins/sudoers/set_perms.c:1535 plugins/sudoers/sssd.c:153 #: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 #: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 #: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 -#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 -#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 -#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 -#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 -#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:113 -#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 -#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 -#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 -#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 -#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 -#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:331 plugins/sudoers/sudoers.c:341 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:735 +#: plugins/sudoers/sudoers.c:864 plugins/sudoers/sudoers.c:909 +#: plugins/sudoers/sudoers.c:1213 plugins/sudoers/sudoreplay.c:559 +#: plugins/sudoers/sudoreplay.c:562 plugins/sudoers/sudoreplay.c:1218 +#: plugins/sudoers/sudoreplay.c:1425 plugins/sudoers/sudoreplay.c:1429 +#: plugins/sudoers/testsudoers.c:136 plugins/sudoers/testsudoers.c:236 +#: plugins/sudoers/testsudoers.c:253 plugins/sudoers/testsudoers.c:587 +#: plugins/sudoers/timestamp.c:439 plugins/sudoers/timestamp.c:483 +#: plugins/sudoers/timestamp.c:993 plugins/sudoers/toke_util.c:59 +#: plugins/sudoers/toke_util.c:112 plugins/sudoers/toke_util.c:136 +#: plugins/sudoers/toke_util.c:165 plugins/sudoers/tsdump.c:130 #: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 #: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 #: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 @@ -250,12 +260,455 @@ msgid "%s: %s" msgstr "%s : %s" +#: lib/iolog/iolog_fileio.c:164 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s existe mais n'est pas un répertoire (0%o)" + +#: lib/iolog/iolog_fileio.c:194 lib/iolog/iolog_fileio.c:240 +#: plugins/sudoers/timestamp.c:212 +#, c-format +msgid "unable to mkdir %s" +msgstr "création du répertoire (mkdir) %s impossible" + +#: lib/iolog/iolog_fileio.c:244 plugins/sudoers/visudo.c:739 +#: plugins/sudoers/visudo.c:750 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "impossible de changer le mode de %s pour lui affecter 0%o" + +#: lib/iolog/iolog_util.c:83 +#, c-format +msgid "%s: invalid log file" +msgstr "%s: fichier de journalisation incorrect" + +#: lib/iolog/iolog_util.c:101 +#, c-format +msgid "%s: time stamp field is missing" +msgstr "%s: il manque le champ d'horodatage" + +#: lib/iolog/iolog_util.c:107 +#, c-format +msgid "%s: time stamp %s: %s" +msgstr "%s: horodatage %s : %s" + +#: lib/iolog/iolog_util.c:114 +#, c-format +msgid "%s: user field is missing" +msgstr "%s: il manque le champ utilisateur" + +#: lib/iolog/iolog_util.c:123 +#, c-format +msgid "%s: runas user field is missing" +msgstr "%s: il manque le champ précisant l'utilisateur effectif (runas)" + +#: lib/iolog/iolog_util.c:132 +#, c-format +msgid "%s: runas group field is missing" +msgstr "%s: il manque le champ précisant le groupe effectif (runas)" + +#: lib/iolog/iolog_util.c:382 +#, c-format +msgid "error reading timing file: %s" +msgstr "erreur de lecture dans le fichier de timing : %s" + +#: lib/iolog/iolog_util.c:389 +#, c-format +msgid "invalid timing file line: %s" +msgstr "ligne invalide dans le fichier de timing : %s" + +#: logsrvd/eventlog.c:228 plugins/sudoers/cvtsudoers_ldif.c:247 +#: plugins/sudoers/cvtsudoers_ldif.c:254 plugins/sudoers/cvtsudoers_ldif.c:566 +#: plugins/sudoers/env.c:330 plugins/sudoers/env.c:337 +#: plugins/sudoers/env.c:442 plugins/sudoers/iolog.c:550 +#: plugins/sudoers/iolog.c:566 plugins/sudoers/ldap.c:496 +#: plugins/sudoers/ldap.c:727 plugins/sudoers/ldap.c:1060 +#: plugins/sudoers/ldap_conf.c:227 plugins/sudoers/ldap_conf.c:317 +#: plugins/sudoers/linux_audit.c:89 plugins/sudoers/logging.c:1096 +#: plugins/sudoers/policy.c:534 plugins/sudoers/policy.c:679 +#: plugins/sudoers/policy.c:689 plugins/sudoers/prompt.c:168 +#: plugins/sudoers/sudoers.c:931 plugins/sudoers/testsudoers.c:257 +#: plugins/sudoers/toke_util.c:177 +#, c-format +msgid "internal error, %s overflow" +msgstr "erreur interne, dépassement de %s" + +#: logsrvd/eventlog.c:422 plugins/sudoers/logging.c:118 +#, c-format +msgid "%8s : %s" +msgstr "%8s : %s" + +#: logsrvd/eventlog.c:451 plugins/sudoers/logging.c:146 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "%8s : (suite de la commande) %s" + +#: logsrvd/iolog_writer.c:886 +msgid "log is already complete, cannot be restarted" +msgstr "l'enregistrement du journal est déjà terminé, impossible de redémarrer" + +#: logsrvd/iolog_writer.c:917 +msgid "unable to restart log" +msgstr "impossible de redémarrer l'enregistrement du journal" + +#: logsrvd/logsrv_util.c:96 logsrvd/logsrv_util.c:103 +#: plugins/sudoers/sudoreplay.c:355 plugins/sudoers/sudoreplay.c:361 +#: plugins/sudoers/sudoreplay.c:368 +#, c-format +msgid "unable to open %s/%s" +msgstr "ouverture de %si/%s impossible" + +#: logsrvd/logsrv_util.c:130 +#, c-format +msgid "missing I/O log file %s/%s" +msgstr "fichier du journal E/S %s/%s manquant" + +#: logsrvd/logsrv_util.c:137 +#, c-format +msgid "%s/%s: unable to seek forward %zu" +msgstr "%s/%s : impossible d'examiner vers l'avant de %zu" + +#: logsrvd/logsrv_util.c:147 +#, c-format +msgid "unable to find resume point [%lld, %ld] in %s/%s" +msgstr "impossible de trouver le point de redémarrage [%lld, %ld] dans %s/%s" + +#: logsrvd/logsrvd.c:231 logsrvd/logsrvd.c:299 logsrvd/logsrvd.c:343 +#: logsrvd/logsrvd.c:392 logsrvd/logsrvd.c:439 logsrvd/logsrvd.c:484 +#: logsrvd/logsrvd.c:510 +msgid "state machine error" +msgstr "erreur de la machine à états" + +#: logsrvd/logsrvd.c:240 +msgid "invalid AcceptMessage" +msgstr "AcceptMessage invalide" + +#: logsrvd/logsrvd.c:251 +msgid "error parsing AcceptMessage" +msgstr "erreur de l'analyse de AcceptMessage" + +#: logsrvd/logsrvd.c:258 +msgid "error creating I/O log" +msgstr "erreur lors de la création du journal des E/S" + +#: logsrvd/logsrvd.c:265 +msgid "error logging accept event" +msgstr "erreur en écrivant l'événement d'acceptation dans le journal" + +#: logsrvd/logsrvd.c:308 +msgid "invalid RejectMessage" +msgstr "RejectMessage invalide" + +#: logsrvd/logsrvd.c:319 +msgid "error parsing RejectMessage" +msgstr "erreur de l'analyse de RejectMessage" + +#: logsrvd/logsrvd.c:325 +msgid "error logging reject event" +msgstr "erreur en écrivant l'événement de rejet dans le journal" + +#: logsrvd/logsrvd.c:424 +msgid "error logging alert event" +msgstr "erreur lors de l'écriture de l'événement d'alerte dans le journal" + +#: logsrvd/logsrvd.c:449 +msgid "error writing IoBuffer" +msgstr "erreur d'écriture dans IoBuffer" + +#: logsrvd/logsrvd.c:495 +msgid "error writing ChangeWindowSize" +msgstr "erreur de l'écriture de ChangeWindowSize" + +#: logsrvd/logsrvd.c:521 +msgid "error writing CommandSuspend" +msgstr "erreur de l'écriture de CommandSuspend" + +#: logsrvd/logsrvd.c:583 +msgid "unrecognized ClientMessage type" +msgstr "type de ClientMessage non reconnu" + +#: logsrvd/logsrvd.c:835 +msgid "client message too large" +msgstr "message client trop grand" + +#: logsrvd/logsrvd.c:1295 logsrvd/logsrvd.c:1415 logsrvd/logsrvd.c:1539 +#: logsrvd/logsrvd.c:1631 logsrvd/sendlog.c:242 logsrvd/sendlog.c:257 +#: logsrvd/sendlog.c:290 logsrvd/sendlog.c:1264 plugins/sudoers/iolog.c:900 +#: plugins/sudoers/iolog.c:1033 plugins/sudoers/iolog.c:1131 +#: plugins/sudoers/iolog_client.c:111 plugins/sudoers/iolog_client.c:436 +#: plugins/sudoers/iolog_client.c:452 plugins/sudoers/iolog_client.c:490 +#: plugins/sudoers/iolog_client.c:1032 plugins/sudoers/iolog_client.c:1061 +#: plugins/sudoers/iolog_client.c:1133 plugins/sudoers/iolog_client.c:1239 +#: plugins/sudoers/iolog_client.c:1353 plugins/sudoers/iolog_client.c:1655 +#: plugins/sudoers/iolog_client.c:1663 plugins/sudoers/sudoreplay.c:519 +#: plugins/sudoers/sudoreplay.c:566 plugins/sudoers/sudoreplay.c:755 +#: plugins/sudoers/sudoreplay.c:867 plugins/sudoers/sudoreplay.c:957 +#: plugins/sudoers/sudoreplay.c:972 plugins/sudoers/sudoreplay.c:979 +#: plugins/sudoers/sudoreplay.c:986 plugins/sudoers/sudoreplay.c:993 +#: plugins/sudoers/sudoreplay.c:1000 plugins/sudoers/sudoreplay.c:1127 +msgid "unable to add event to queue" +msgstr "impossible d'ajouter l'événement à la queue" + +#: logsrvd/logsrvd.c:1407 plugins/sudoers/iolog_client.c:378 +#, c-format +msgid "Unable to attach user data to the ssl object: %s" +msgstr "Impossible d'attacher les données utilisateur à l'objet ssl : %s" + +#: logsrvd/logsrvd.c:1443 plugins/sudoers/iolog_client.c:1596 +#: plugins/sudoers/iolog_client.c:1604 +msgid "unable to get remote IP addr" +msgstr "impossible d'obtenir l'adresse IP distante" + +#: logsrvd/logsrvd.c:1692 logsrvd/sendlog.c:113 +#, c-format +msgid "" +"%s - send sudo I/O log to remote server\n" +"\n" +msgstr "" +"%s - envoyer le journal des E/S de sudo au serveur distant\n" +"\n" + +#: logsrvd/logsrvd.c:1695 +msgid "" +"\n" +"Options:\n" +" -f, --file path to configuration file\n" +" -h --help display help message and exit\n" +" -n, --no-fork do not fork, run in the foreground\n" +" -R, --random-drop percent chance connections will drop\n" +" -V, --version display version information and exit\n" +msgstr "" +"\n" +"Options :\n" +" -f, --file chemin vers le fichier de configuration\n" +" -h, --help affiche l'aide puis termine l'exécution\n" +" -n, --no-fork ne pas démarrer une branche, exécuter au premier plan\n" +" -R, --random-drop pourcentage de chances que la connexion soit abandonnée\n" +" -V, --version affiche la version, puis termine l'exécution\n" + +#: logsrvd/logsrvd.c:1747 logsrvd/sendlog.c:1513 +msgid "Protobuf-C version 1.3 or higher required" +msgstr "Version 1.3 ou supérieure de Protobuf-C requise" + +#: logsrvd/logsrvd.c:1765 +#, c-format +msgid "invalid random drop value: %s" +msgstr "valeur d'abandon aléatoire invalide : %s" + +#: logsrvd/logsrvd.c:1769 logsrvd/sendlog.c:1551 +#: plugins/sudoers/cvtsudoers.c:233 plugins/sudoers/sudoreplay.c:302 +#: plugins/sudoers/visudo.c:184 +#, c-format +msgid "%s version %s\n" +msgstr "%s version %s\n" + +#: logsrvd/logsrvd_conf.c:688 +#, c-format +msgid "%s: not a fully qualified path" +msgstr "%s  n'est pas un chemin totalement défini" + +#: logsrvd/logsrvd_conf.c:802 +#, c-format +msgid "%s:%d unmatched '[': %s" +msgstr "%s:%d « [ » sans correspondant : %s" + +#: logsrvd/logsrvd_conf.c:813 +#, c-format +msgid "%s:%d invalid config section: %s" +msgstr "%s:%d section de configuration invalide : %s" + +#: logsrvd/logsrvd_conf.c:821 +#, c-format +msgid "%s:%d invalid configuration line: %s" +msgstr "%s:%d ligne de configuration invalide : %s" + +#: logsrvd/logsrvd_conf.c:827 +#, c-format +msgid "%s:%d expected section name: %s" +msgstr "%s:%d nom de section attendu : %s" + +#: logsrvd/logsrvd_conf.c:841 +#, c-format +msgid "invalid value for %s: %s" +msgstr "valeur invalide pour %s : %s" + +#: logsrvd/logsrvd_conf.c:849 +#, c-format +msgid "%s:%d unknown key: %s" +msgstr "%s:%d clé inconnue : %s" + +#: logsrvd/logsrvd_conf.c:977 +#, c-format +msgid "unknown syslog facility %s" +msgstr "catégorie syslog %s inconnue" + +#: logsrvd/logsrvd_conf.c:981 logsrvd/logsrvd_conf.c:985 +#: logsrvd/logsrvd_conf.c:989 +#, c-format +msgid "unknown syslog priority %s" +msgstr "priorité syslog %s inconnue" + +#: logsrvd/sendlog.c:116 +msgid "" +"\n" +"Options:\n" +" --help display help message and exit\n" +" -h, --host host to send logs to\n" +" -i, --iolog_id remote ID of I/O log to be resumed\n" +" -p, --port port to use when connecting to host\n" +" -r, --restart restart previous I/O log transfer\n" +" -t, --test test audit server by sending selected I/O log n times in parallel\n" +" -b, --ca-bundle certificate bundle file to verify server's cert against\n" +" -c, --cert certificate file for TLS handshake\n" +" -k, --key private key file\n" +" -V, --version display version information and exit\n" +msgstr "" +"\n" +"Options :\n" +" --help afficher le message d'aide puis terminer\n" +" -h, --host hôte à qui envoyer le journal\n" +" -i, --iolog_id ID distant du journal des E/S à redémarrer\n" +" -p, --port port à utiliser lors de la connexion à l'hôte\n" +" -r, --restart redémarrer le transfert du journal des E/S précédent\n" +" -t, --test tester le serveur d'audit en envoyant le journal des E/S sélectionné n fois en parallèle\n" +" -b, --ca-bundle fichier du paquet de certificats avec lequel vérifier le certificat du serveur\n" +" -c, --cert fichier de certificat pour l'échange TLS\n" +" -k, --key fichier de la clé privée\n" +" -V, --version afficher les informations de version et terminer\n" + +#: logsrvd/sendlog.c:216 plugins/sudoers/iolog_client.c:409 +msgid "TLS handshake timeout occurred" +msgstr "le délai de la négociation TLS a expiré" + +#: logsrvd/sendlog.c:237 logsrvd/sendlog.c:252 +#: plugins/sudoers/iolog_client.c:430 plugins/sudoers/iolog_client.c:446 +msgid "unable to set event" +msgstr "impossible de définir l'événement" + +#: logsrvd/sendlog.c:262 +#, c-format +msgid "SSL_connect failed: ssl_error=%d, stack=%s\n" +msgstr "SSL_connect a échoué : ssl_error=%d, pile=%s\n" + +#: logsrvd/sendlog.c:294 plugins/sudoers/iolog_client.c:115 +#: plugins/sudoers/iolog_client.c:495 plugins/sudoers/iolog_client.c:1065 +#: plugins/sudoers/iolog_client.c:1671 +msgid "error in event loop" +msgstr "erreur dans la boucle des événements" + +#: logsrvd/sendlog.c:311 +msgid "CA bundle file was not specified" +msgstr "le fichier du paquet CA n'a pas été spécifié" + +#: logsrvd/sendlog.c:315 +msgid "Client certificate was not specified" +msgstr "Le certificat du client n'a pas été spécifié" + +#: logsrvd/sendlog.c:319 +#, c-format +msgid "Unable to initialize ssl context: %s" +msgstr "Impossible d'initialiser le contexte ssl : %s" + +#: logsrvd/sendlog.c:324 +#, c-format +msgid "Unable to allocate ssl object: %s\n" +msgstr "Impossible d'allouer l'objet ssl : %s\n" + +#: logsrvd/sendlog.c:329 +#, c-format +msgid "Unable to attach socket to the ssl object: %s\n" +msgstr "Impossible d'attacher le socket à l'objet ssl : %s\n" + +#: logsrvd/sendlog.c:367 plugins/sudoers/iolog_client.c:150 +#, c-format +msgid "unable to look up %s:%s: %s" +msgstr "impossible de rechercher %s:%s : %s" + +#: logsrvd/sendlog.c:522 plugins/sudoers/sudoreplay.c:815 +#, c-format +msgid "unable to read %s/%s: %s" +msgstr "impossible de lire %s/%s : %s" + +#: logsrvd/sendlog.c:543 +#, c-format +msgid "client message too large: %zu\n" +msgstr "message client trop grand : %zu\n" + +#: logsrvd/sendlog.c:941 +#, c-format +msgid "%s: write buffer already in use" +msgstr "%s: tampon d'écriture déjà en cours d'utilisation" + +#: logsrvd/sendlog.c:993 plugins/sudoers/iolog.c:824 +#: plugins/sudoers/iolog.c:893 +#, c-format +msgid "unexpected I/O event %d" +msgstr "événement d'E/S %d inattendu" + +#: logsrvd/sendlog.c:1025 logsrvd/sendlog.c:1042 logsrvd/sendlog.c:1092 +#: plugins/sudoers/iolog_client.c:1037 plugins/sudoers/iolog_client.c:1090 +#: plugins/sudoers/iolog_client.c:1151 +#, c-format +msgid "%s: unexpected state %d" +msgstr "%s: état %d inattendu" + +#: logsrvd/sendlog.c:1048 plugins/sudoers/iolog_client.c:1096 +msgid "invalid ServerHello" +msgstr "ServerHello invalide" + +#: logsrvd/sendlog.c:1130 plugins/sudoers/iolog_client.c:1195 +#, c-format +msgid "error message received from server: %s" +msgstr "message d'erreur reçu du serveur : %s" + +#: logsrvd/sendlog.c:1143 plugins/sudoers/iolog_client.c:1208 +#, c-format +msgid "abort message received from server: %s" +msgstr "message d'interruption reçu du serveur : %s" + +#: logsrvd/sendlog.c:1162 plugins/sudoers/iolog_client.c:1227 +msgid "unable to unpack ServerMessage" +msgstr "impossible de décompresser ServerMessage" + +#: logsrvd/sendlog.c:1207 plugins/sudoers/iolog_client.c:1260 +#, c-format +msgid "%s: unexpected type_case value %d" +msgstr "%s: valeur type_case %d inattendue" + +#: logsrvd/sendlog.c:1291 +msgid "premature EOF" +msgstr "fin de fichier prématurée" + +#: logsrvd/sendlog.c:1304 +#, c-format +msgid "server message too large: %u\n" +msgstr "message serveur trop long : %u\n" + +#: logsrvd/sendlog.c:1569 +msgid "both restart point and iolog ID must be specified" +msgstr "le point de redémarrage et le ID iolog doivent être spécifiés tous les deux" + +#: logsrvd/sendlog.c:1636 +#, c-format +msgid "exited prematurely with state %d" +msgstr "terminé prématurément avec l'état %d" + +#: logsrvd/sendlog.c:1637 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "temps écoulé envoyé au serveur [%lld, %ld]" + +#: logsrvd/sendlog.c:1639 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "point d'enregistrement reçu du serveur [%lld, %ld]" + #: plugins/sudoers/alias.c:151 #, c-format msgid "Alias \"%s\" already defined" msgstr "L'alias « %s » est déjà défini" -#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:801 +#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:792 msgid "unable to fork" msgstr "création du processus fils impossible" @@ -361,33 +814,33 @@ msgid "unable to initialize PAM: %s" msgstr "initialisation du module PAM impossible : %s" -#: plugins/sudoers/auth/pam.c:319 +#: plugins/sudoers/auth/pam.c:322 #, c-format msgid "PAM authentication error: %s" msgstr "Erreur du serveur d'authentification PAM : %s" -#: plugins/sudoers/auth/pam.c:338 +#: plugins/sudoers/auth/pam.c:341 msgid "account validation failure, is your account locked?" msgstr "la validation du compte a échoué, votre compte serait-il verrouillé ?" -#: plugins/sudoers/auth/pam.c:349 +#: plugins/sudoers/auth/pam.c:352 msgid "Account or password is expired, reset your password and try again" msgstr "Le compte ou le mot de passe a expiré, réinitialisez votre mot de passe puis réessayez de vous connecter" -#: plugins/sudoers/auth/pam.c:355 +#: plugins/sudoers/auth/pam.c:358 #, c-format msgid "unable to change expired password: %s" msgstr "changement du mot de passe expiré impossible : %s" -#: plugins/sudoers/auth/pam.c:366 +#: plugins/sudoers/auth/pam.c:369 msgid "Password expired, contact your system administrator" msgstr "Le mot de passe a expiré, contactez votre administrateur système" -#: plugins/sudoers/auth/pam.c:371 +#: plugins/sudoers/auth/pam.c:374 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Le compte a expiré, ou la section « account » du module PAM n'est pas renseignée pour sudo, contactez votre administrateur système" -#: plugins/sudoers/auth/pam.c:379 plugins/sudoers/auth/pam.c:384 +#: plugins/sudoers/auth/pam.c:382 plugins/sudoers/auth/pam.c:387 #, c-format msgid "PAM account management error: %s" msgstr "Erreur de gestion du compte PAM : %s" @@ -465,7 +918,7 @@ msgid "unable to commit audit record" msgstr "impossible d'enregistrer l'enregistrement d'audit" -#: plugins/sudoers/check.c:269 +#: plugins/sudoers/check.c:264 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -485,15 +938,16 @@ " #3) De grands pouvoirs confèrent de grandes responsabilités.\n" "\n" -#: plugins/sudoers/check.c:312 plugins/sudoers/check.c:322 -#: plugins/sudoers/sudoers.c:700 plugins/sudoers/sudoers.c:748 +#: plugins/sudoers/check.c:307 plugins/sudoers/check.c:317 +#: plugins/sudoers/sudoers.c:778 plugins/sudoers/sudoers.c:826 #: plugins/sudoers/tsdump.c:126 #, c-format msgid "unknown uid: %u" msgstr "identifiant utilisateur inconnu : %u" -#: plugins/sudoers/check.c:317 plugins/sudoers/iolog.c:255 -#: plugins/sudoers/policy.c:921 plugins/sudoers/sudoers.c:1163 +#: plugins/sudoers/check.c:312 plugins/sudoers/iolog.c:121 +#: plugins/sudoers/policy.c:1034 plugins/sudoers/sudoers.c:391 +#: plugins/sudoers/sudoers.c:393 plugins/sudoers/sudoers.c:1255 #: plugins/sudoers/testsudoers.c:227 plugins/sudoers/testsudoers.c:400 #, c-format msgid "unknown user: %s" @@ -514,12 +968,6 @@ msgid "order padding: %s: %s" msgstr "remplissage de l'ordre : %s : %s" -#: plugins/sudoers/cvtsudoers.c:233 plugins/sudoers/sudoreplay.c:289 -#: plugins/sudoers/visudo.c:184 -#, c-format -msgid "%s version %s\n" -msgstr "%s version %s\n" - #: plugins/sudoers/cvtsudoers.c:235 plugins/sudoers/visudo.c:186 #, c-format msgid "%s grammar version %d\n" @@ -540,7 +988,7 @@ msgid "%s: input and output files must be different" msgstr "%s : les fichiers d'entrée et de sortie doivent être différents" -#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:176 +#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:185 #: plugins/sudoers/testsudoers.c:266 plugins/sudoers/visudo.c:254 #: plugins/sudoers/visudo.c:610 plugins/sudoers/visudo.c:933 msgid "unable to initialize sudoers default values" @@ -572,12 +1020,10 @@ msgstr "filtre invalide : %s" #: plugins/sudoers/cvtsudoers.c:622 plugins/sudoers/cvtsudoers.c:639 -#: plugins/sudoers/cvtsudoers.c:1245 plugins/sudoers/cvtsudoers_json.c:1130 -#: plugins/sudoers/cvtsudoers_ldif.c:643 plugins/sudoers/iolog.c:413 -#: plugins/sudoers/iolog_util.c:75 plugins/sudoers/sudoers.c:914 -#: plugins/sudoers/sudoreplay.c:338 plugins/sudoers/sudoreplay.c:1431 -#: plugins/sudoers/timestamp.c:448 plugins/sudoers/tsdump.c:135 -#: plugins/sudoers/visudo.c:929 +#: plugins/sudoers/cvtsudoers.c:1249 plugins/sudoers/cvtsudoers_json.c:868 +#: plugins/sudoers/cvtsudoers_ldif.c:683 plugins/sudoers/sudoers.c:1001 +#: plugins/sudoers/sudoreplay.c:1391 plugins/sudoers/timestamp.c:448 +#: plugins/sudoers/tsdump.c:135 plugins/sudoers/visudo.c:929 #, c-format msgid "unable to open %s" msgstr "ouverture de %s impossible" @@ -597,14 +1043,13 @@ msgid "parse error in %s\n" msgstr "erreur lors de l'analyse grammaticale de %s\n" -#: plugins/sudoers/cvtsudoers.c:1292 plugins/sudoers/iolog.c:500 -#: plugins/sudoers/sudoreplay.c:1135 plugins/sudoers/timestamp.c:332 -#: plugins/sudoers/timestamp.c:335 +#: plugins/sudoers/cvtsudoers.c:1296 plugins/sudoers/sudoreplay.c:1088 +#: plugins/sudoers/timestamp.c:332 plugins/sudoers/timestamp.c:335 #, c-format msgid "unable to write to %s" msgstr "écriture impossible dans %s" -#: plugins/sudoers/cvtsudoers.c:1315 +#: plugins/sudoers/cvtsudoers.c:1319 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -613,7 +1058,7 @@ "%s - convertir entre des formats de fichiers sudoers\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1317 +#: plugins/sudoers/cvtsudoers.c:1321 msgid "" "\n" "Options:\n" @@ -655,43 +1100,30 @@ " -s, --suppress=sections supprimer la sortie de certaines sections\n" " -V, --version afficher la version et terminer" -#: plugins/sudoers/cvtsudoers_json.c:684 plugins/sudoers/cvtsudoers_json.c:720 -#: plugins/sudoers/cvtsudoers_json.c:938 +#: plugins/sudoers/cvtsudoers_json.c:487 plugins/sudoers/cvtsudoers_json.c:521 +#: plugins/sudoers/cvtsudoers_json.c:709 #, c-format msgid "unknown defaults entry \"%s\"" msgstr "entrée par défaut inconnue « %s »" -#: plugins/sudoers/cvtsudoers_json.c:858 plugins/sudoers/cvtsudoers_json.c:873 -#: plugins/sudoers/cvtsudoers_ldif.c:308 plugins/sudoers/cvtsudoers_ldif.c:319 +#: plugins/sudoers/cvtsudoers_json.c:647 plugins/sudoers/cvtsudoers_json.c:660 +#: plugins/sudoers/cvtsudoers_ldif.c:348 plugins/sudoers/cvtsudoers_ldif.c:359 #: plugins/sudoers/ldap.c:482 msgid "unable to get GMT time" msgstr "récupération de l'heure GMT impossible" -#: plugins/sudoers/cvtsudoers_json.c:861 plugins/sudoers/cvtsudoers_json.c:876 -#: plugins/sudoers/cvtsudoers_ldif.c:311 plugins/sudoers/cvtsudoers_ldif.c:322 +#: plugins/sudoers/cvtsudoers_json.c:650 plugins/sudoers/cvtsudoers_json.c:663 +#: plugins/sudoers/cvtsudoers_ldif.c:351 plugins/sudoers/cvtsudoers_ldif.c:362 #: plugins/sudoers/ldap.c:488 msgid "unable to format timestamp" msgstr "impossible de formater l'horodatage" -#: plugins/sudoers/cvtsudoers_ldif.c:526 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:337 plugins/sudoers/env.c:442 -#: plugins/sudoers/ldap.c:496 plugins/sudoers/ldap.c:727 -#: plugins/sudoers/ldap.c:1060 plugins/sudoers/ldap_conf.c:227 -#: plugins/sudoers/ldap_conf.c:317 plugins/sudoers/linux_audit.c:89 -#: plugins/sudoers/logging.c:1105 plugins/sudoers/policy.c:625 -#: plugins/sudoers/policy.c:635 plugins/sudoers/prompt.c:168 -#: plugins/sudoers/sudoers.c:852 plugins/sudoers/testsudoers.c:257 -#: plugins/sudoers/toke_util.c:161 -#, c-format -msgid "internal error, %s overflow" -msgstr "erreur interne, dépassement de %s" - -#: plugins/sudoers/cvtsudoers_ldif.c:595 +#: plugins/sudoers/cvtsudoers_ldif.c:635 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "trop d'entrées sudoers, maximum %u" -#: plugins/sudoers/cvtsudoers_ldif.c:638 +#: plugins/sudoers/cvtsudoers_ldif.c:678 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "la variable d'environnement SUDOERS_BASE n'est pas définie et l'option -b n'a pas été spécifiée." @@ -995,12 +1427,12 @@ #: plugins/sudoers/def_data.c:310 #, c-format msgid "Path to the sudo-specific environment file: %s" -msgstr "Emplacement du fichiers d'environnement propre à sudo : %s" +msgstr "Emplacement du fichier d'environnement propre à sudo : %s" #: plugins/sudoers/def_data.c:314 #, c-format msgid "Path to the restricted sudo-specific environment file: %s" -msgstr "Emplacement du fichiers d'environnement restreint propre à sudo : %s" +msgstr "Emplacement du fichier d'environnement restreint propre à sudo : %s" #: plugins/sudoers/def_data.c:318 #, c-format @@ -1100,8 +1532,8 @@ #: plugins/sudoers/def_data.c:406 #, c-format -msgid "Maximum I/O log sequence number: %u" -msgstr "Numéro de séquence maximum dans le journal E/S : %u" +msgid "Maximum I/O log sequence number: %s" +msgstr "Numéro de séquence maximum dans le journal E/S : %s" #: plugins/sudoers/def_data.c:410 msgid "Enable sudoers netgroup support" @@ -1211,62 +1643,106 @@ msgid "Log when a command is denied by sudoers" msgstr "Écrire dans le journal lorsqu'une commande est interdite par sudoers" -#: plugins/sudoers/defaults.c:231 +#: plugins/sudoers/def_data.c:510 +msgid "Sudo log server(s) to connect to with optional port" +msgstr "Serveur(s) des journaux sudo auquel se connecter avec un port facultatif" + +#: plugins/sudoers/def_data.c:514 +#, c-format +msgid "Sudo log server timeout in seconds: %u" +msgstr "Délai d'expiration du serveur des journaux sudo en seconde : %u" + +#: plugins/sudoers/def_data.c:518 +msgid "Enable SO_KEEPALIVE socket option on the socket connected to the logserver" +msgstr "Activer l'option SO_KEEPALIVE du socket sur le socket connecté au serveur de journal" + +#: plugins/sudoers/def_data.c:522 +#, c-format +msgid "Path to the audit server's CA bundle file: %s" +msgstr "Emplacement du fichier du paquet du CA d'audit du serveur : %s" + +#: plugins/sudoers/def_data.c:526 +#, c-format +msgid "Path to the sudoers certificate file: %s" +msgstr "Emplacement du fichier de certificat de sudoers : %s" + +#: plugins/sudoers/def_data.c:530 +#, c-format +msgid "Path to the sudoers private key file: %s" +msgstr "Emplacement du fichier de clé privée de sudoers : %s" + +#: plugins/sudoers/def_data.c:534 +msgid "Allow the use of unknown runas user and/or group ID" +msgstr "Autoriser l'utilisation d'ID d'utilisateurs ou de groupe inconnus dans runas" + +#: plugins/sudoers/def_data.c:538 +msgid "Only permit running commands as a user with a valid shell" +msgstr "Uniquement autoriser l'exécutions de commandes en tant qu'un utilisateur avec un interpréteur de commande valide" + +#: plugins/sudoers/def_data.c:542 +msgid "Set the pam remote user to the user running sudo" +msgstr "Définir l'utilisateur distant de pam à l'utilisateur qui exécute sudo" + +#: plugins/sudoers/def_data.c:546 +msgid "Set the pam remote host to the local host name" +msgstr "Définir l'hôte distant de pam au nom de l'hôte local" + +#: plugins/sudoers/defaults.c:190 #, c-format msgid "%s:%d unknown defaults entry \"%s\"" msgstr "%s:%d entrée par défaut inconnue « %s »" -#: plugins/sudoers/defaults.c:234 +#: plugins/sudoers/defaults.c:193 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "%s: entrée par défaut inconnue « %s »" -#: plugins/sudoers/defaults.c:277 +#: plugins/sudoers/defaults.c:236 #, c-format msgid "%s:%d no value specified for \"%s\"" msgstr "%s:%d pas de valeur précisée pour « %s »" -#: plugins/sudoers/defaults.c:280 +#: plugins/sudoers/defaults.c:239 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "%s: pas de valeur précisée pour « %s »" -#: plugins/sudoers/defaults.c:300 +#: plugins/sudoers/defaults.c:259 #, c-format msgid "%s:%d values for \"%s\" must start with a '/'" msgstr "%s:%d les valeurs de « %s » doivent commencer par « / »" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:262 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s: les valeurs de « %s » doivent commencer par « / »" -#: plugins/sudoers/defaults.c:325 +#: plugins/sudoers/defaults.c:284 #, c-format msgid "%s:%d option \"%s\" does not take a value" msgstr "%s:%d l'option « %s » ne prend pas de valeur" -#: plugins/sudoers/defaults.c:328 +#: plugins/sudoers/defaults.c:287 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s: l'option « %s » ne prend pas de valeur" -#: plugins/sudoers/defaults.c:353 +#: plugins/sudoers/defaults.c:312 #, c-format msgid "%s:%d invalid Defaults type 0x%x for option \"%s\"" msgstr "%s:%d type Defaults 0x%x invalide pour l'option « %s »" -#: plugins/sudoers/defaults.c:356 +#: plugins/sudoers/defaults.c:315 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s: type Defaults 0x%x invalide pour l'option «␣%s␣»" -#: plugins/sudoers/defaults.c:366 +#: plugins/sudoers/defaults.c:325 #, c-format msgid "%s:%d value \"%s\" is invalid for option \"%s\"" msgstr "%s:%d la valeur « %s » ne convient pas pour l'option « %s »" -#: plugins/sudoers/defaults.c:369 +#: plugins/sudoers/defaults.c:328 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s: la valeur « %s » ne convient pas pour l'option « %s »" @@ -1275,11 +1751,11 @@ msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv : envp est corrompu, longueur incorrecte" -#: plugins/sudoers/env.c:1132 +#: plugins/sudoers/env.c:1133 msgid "unable to rebuild the environment" msgstr "impossible de créer à nouveau l'environnement" -#: plugins/sudoers/env.c:1206 +#: plugins/sudoers/env.c:1207 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "désolé, vous n'êtes pas autorisé à définir ces variables d'environnement : %s" @@ -1304,27 +1780,27 @@ msgid "%s: read error" msgstr "%s : erreur en lecture" -#: plugins/sudoers/group_plugin.c:90 +#: plugins/sudoers/group_plugin.c:91 #, c-format msgid "%s must be owned by uid %d" msgstr "%s doit appartenir à l'utilisateur (uid) %d" -#: plugins/sudoers/group_plugin.c:94 +#: plugins/sudoers/group_plugin.c:95 #, c-format msgid "%s must only be writable by owner" msgstr "seul le propriétaire doit avoir le droit en écriture sur %s" -#: plugins/sudoers/group_plugin.c:102 plugins/sudoers/sssd.c:562 +#: plugins/sudoers/group_plugin.c:104 plugins/sudoers/sssd.c:562 #, c-format msgid "unable to load %s: %s" msgstr "chargement de %s impossible : %s" -#: plugins/sudoers/group_plugin.c:108 +#: plugins/sudoers/group_plugin.c:110 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "le symbole « group_plugin » est introuvable dans %s" -#: plugins/sudoers/group_plugin.c:113 +#: plugins/sudoers/group_plugin.c:115 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s : la version majeure %d du greffon group est incompatible, la version attendue est %d" @@ -1343,87 +1819,143 @@ msgid "Local IP address and netmask pairs:\n" msgstr "Couples adresse IP locale/masque de sous-réseau :\n" -#: plugins/sudoers/iolog.c:117 plugins/sudoers/mkdir_parents.c:82 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s existe mais n'est pas un répertoire (0%o)" - -#: plugins/sudoers/iolog.c:142 plugins/sudoers/iolog.c:182 -#: plugins/sudoers/mkdir_parents.c:71 plugins/sudoers/timestamp.c:212 -#, c-format -msgid "unable to mkdir %s" -msgstr "création du répertoire (mkdir) %s impossible" - -#: plugins/sudoers/iolog.c:186 plugins/sudoers/visudo.c:739 -#: plugins/sudoers/visudo.c:750 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "impossible de changer le mode de %s pour lui affecter 0%o" - -#: plugins/sudoers/iolog.c:294 plugins/sudoers/sudoers.c:1194 +#: plugins/sudoers/iolog.c:146 plugins/sudoers/sudoers.c:398 +#: plugins/sudoers/sudoers.c:400 plugins/sudoers/sudoers.c:1289 #: plugins/sudoers/testsudoers.c:424 #, c-format msgid "unknown group: %s" msgstr "groupe inconnu : %s" -#: plugins/sudoers/iolog.c:464 plugins/sudoers/sudoers.c:918 -#: plugins/sudoers/sudoreplay.c:846 plugins/sudoers/sudoreplay.c:1542 -#: plugins/sudoers/tsdump.c:145 +#: plugins/sudoers/iolog.c:505 plugins/sudoers/iolog.c:788 +#: plugins/sudoers/iolog.c:938 plugins/sudoers/iolog.c:945 +#: plugins/sudoers/iolog.c:1066 plugins/sudoers/iolog.c:1073 +#: plugins/sudoers/iolog.c:1172 plugins/sudoers/iolog.c:1179 #, c-format -msgid "unable to read %s" -msgstr "lecture de %s impossible" +msgid "unable to write to I/O log file: %s" +msgstr "impossible d'écrire dans le journal des E/S : %s" -#: plugins/sudoers/iolog.c:579 plugins/sudoers/iolog.c:801 -#, c-format -msgid "unable to create %s" -msgstr "création de %s impossible" +#: plugins/sudoers/iolog.c:555 +msgid "unable to update sequence file" +msgstr "mise à jour du fichier de séquence impossible" -#: plugins/sudoers/iolog.c:824 plugins/sudoers/iolog.c:1039 -#: plugins/sudoers/iolog.c:1115 plugins/sudoers/iolog.c:1209 -#: plugins/sudoers/iolog.c:1270 +#: plugins/sudoers/iolog.c:594 #, c-format -msgid "unable to write to I/O log file: %s" -msgstr "impossible d'écrire dans le journal des E/S : %s" +msgid "unable to create %s/%s" +msgstr "impossible de créer %s/%s" -#: plugins/sudoers/iolog.c:1073 +#: plugins/sudoers/iolog.c:622 +msgid "unable to connect to log server" +msgstr "impossible de se connecter au serveur de journal" + +#: plugins/sudoers/iolog.c:830 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s: erreur interne, le fichier journal des E/S pour l'événement %d n'est pas ouvert" -#: plugins/sudoers/iolog.c:1233 +#: plugins/sudoers/iolog.c:923 plugins/sudoers/iolog.c:1051 +#: plugins/sudoers/iolog.c:1156 plugins/sudoers/timestamp.c:862 +#: plugins/sudoers/timestamp.c:954 plugins/sudoers/visudo.c:498 +#: plugins/sudoers/visudo.c:504 +msgid "unable to read the clock" +msgstr "lecture de l'horloge impossible" + +#: plugins/sudoers/iolog.c:1148 plugins/sudoers/iolog_client.c:862 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "%s: erreur interne, signal %d invalide" -#: plugins/sudoers/iolog_util.c:90 +#: plugins/sudoers/iolog_client.c:297 #, c-format -msgid "%s: invalid log file" -msgstr "%s: fichier de journalisation incorrect" +msgid "Creation of new SSL_CTX object failed: %s" +msgstr "La création du nouvel objet SSL_CTX a échoué : %s" + +#: plugins/sudoers/iolog_client.c:320 +msgid "CA bundle file is not set in sudoers" +msgstr "Le fichier de paquet du CA n'est pas défini dans sudoers" -#: plugins/sudoers/iolog_util.c:108 +#: plugins/sudoers/iolog_client.c:327 #, c-format -msgid "%s: time stamp field is missing" -msgstr "%s: il manque le champ d'horodatage" +msgid "Calling SSL_CTX_load_verify_locations() failed: %s" +msgstr "L'appel de SSL_CTX_load_verify_locations() a échoué : %s" + +#: plugins/sudoers/iolog_client.c:339 +msgid "Signed certificate file is not set in sudoers" +msgstr "Le fichier de certificat signé n'est pas défini dans sudoers" -#: plugins/sudoers/iolog_util.c:114 +#: plugins/sudoers/iolog_client.c:345 #, c-format -msgid "%s: time stamp %s: %s" -msgstr "%s: horodatage %s : %s" +msgid "Unable to load cert into the ssl context: %s" +msgstr "Impossible de charger le certificat dans le contexte ssl : %s" -#: plugins/sudoers/iolog_util.c:121 +#: plugins/sudoers/iolog_client.c:356 #, c-format -msgid "%s: user field is missing" -msgstr "%s: il manque le champ utilisateur" +msgid "Unable to load private key into the ssl context: %s" +msgstr "Impossible de charger la clé privée dans le contexte ssl : %s" -#: plugins/sudoers/iolog_util.c:130 +#: plugins/sudoers/iolog_client.c:363 #, c-format -msgid "%s: runas user field is missing" -msgstr "%s: il manque le champ précisant l'utilisateur effectif (runas)" +msgid "Unable to allocate ssl object: %s" +msgstr "Impossible d'allouer l'objet ssl : %s" -#: plugins/sudoers/iolog_util.c:139 +#: plugins/sudoers/iolog_client.c:369 #, c-format -msgid "%s: runas group field is missing" -msgstr "%s: il manque le champ précisant le groupe effectif (runas)" +msgid "Unable to attach socket to the ssl object: %s" +msgstr "Impossible d'attacher le socket à l'objet ssl : %s" + +#: plugins/sudoers/iolog_client.c:457 +#, c-format +msgid "SSL_connect failed: ssl_error=%d, stack=%s" +msgstr "SSL_connect a échoué : ssl_error=%d, pile=%s" + +#: plugins/sudoers/iolog_client.c:599 +#, c-format +msgid "client message too large: %zu" +msgstr "message client trop grand : %zu" + +#: plugins/sudoers/iolog_client.c:656 plugins/sudoers/iolog_client.c:844 +msgid "unable to get time of day" +msgstr "récupération de l'heure du jour impossible" + +#: plugins/sudoers/iolog_client.c:871 +#, c-format +msgid "%s: internal error, invalid exit status %d" +msgstr "%s: erreur interne, statut de sortie %d invalide" + +#: plugins/sudoers/iolog_client.c:1104 +msgid "TLS initialization was unsuccessful" +msgstr "l'initialisation TLS n'a pas réussi" + +#: plugins/sudoers/iolog_client.c:1109 +msgid "TLS handshake was unsuccessful" +msgstr "la négociation TLS n'a pas réussi" + +#: plugins/sudoers/iolog_client.c:1361 +#, c-format +msgid "SSL_read failed: ssl_error=%d, stack=%s" +msgstr "SSL_read a échoué : ssl_error=%d, pile=%s" + +#: plugins/sudoers/iolog_client.c:1384 +msgid "lost connection to log server" +msgstr "perte de la connexion au serveur de journalisation" + +#: plugins/sudoers/iolog_client.c:1397 +#, c-format +msgid "server message too large: %u" +msgstr "message serveur trop grand : %u" + +#: plugins/sudoers/iolog_client.c:1461 +msgid "missing write buffer" +msgstr "tampon d'écriture manquant" + +#: plugins/sudoers/iolog_client.c:1486 +#, c-format +msgid "SSL_write failed: ssl_error=%d, stack=%s" +msgstr "SSL_write a échoué : ssl_error=%d, pile=%s" + +#: plugins/sudoers/iolog_client.c:1610 +#, c-format +msgid "unknown address family: %d" +msgstr "famille d'adresse inconnue : %d" #: plugins/sudoers/ldap.c:178 plugins/sudoers/ldap_conf.c:296 msgid "starttls not supported when using ldaps" @@ -1448,7 +1980,7 @@ msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls est spécifié mais les bibliothèques LDAP ne gèrent pas ldap_start_tls_s() ou ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:734 +#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:747 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "attribut sudoOrder invalide : %s" @@ -1466,7 +1998,7 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "fusion des URIs ldap et ldaps impossible" -#: plugins/sudoers/ldap_util.c:456 plugins/sudoers/ldap_util.c:458 +#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "impossible de convertir sudoOption: %s%s%s" @@ -1479,80 +2011,62 @@ msgid "unable to send audit message" msgstr "envoi du message d'audit impossible" -#: plugins/sudoers/logging.c:120 -#, c-format -msgid "%8s : %s" -msgstr "%8s : %s" - -#: plugins/sudoers/logging.c:148 -#, c-format -msgid "%8s : (command continued) %s" -msgstr "%8s : (suite de la commande) %s" - -#: plugins/sudoers/logging.c:177 +#: plugins/sudoers/logging.c:175 #, c-format msgid "unable to open log file: %s" msgstr "ouverture du fichier de journalisation impossible : %s" -#: plugins/sudoers/logging.c:185 +#: plugins/sudoers/logging.c:183 #, c-format msgid "unable to lock log file: %s" msgstr "verrouillage du fichier de journalisation impossible : %s" -#: plugins/sudoers/logging.c:218 +#: plugins/sudoers/logging.c:216 #, c-format msgid "unable to write log file: %s" msgstr "impossible d'écrire le fichier journal : %s" -#: plugins/sudoers/logging.c:248 -msgid "No user or host" -msgstr "Pas d'utilisateur ou d'hôte" - -#: plugins/sudoers/logging.c:250 -msgid "validation failure" -msgstr "échec de la validation" - -#: plugins/sudoers/logging.c:261 +#: plugins/sudoers/logging.c:249 msgid "user NOT in sudoers" msgstr "l'utilisateur n'apparaît PAS dans sudoers" -#: plugins/sudoers/logging.c:263 +#: plugins/sudoers/logging.c:251 msgid "user NOT authorized on host" msgstr "l'utilisateur n'est PAS autorisé sur cet hôte" -#: plugins/sudoers/logging.c:265 +#: plugins/sudoers/logging.c:253 msgid "command not allowed" msgstr "commande non autorisée" -#: plugins/sudoers/logging.c:301 +#: plugins/sudoers/logging.c:296 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s n'apparaît pas dans le fichier sudoers. Cet incident sera signalé.\n" -#: plugins/sudoers/logging.c:304 +#: plugins/sudoers/logging.c:299 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s n'est pas autorisé à exécuter sudo sur %s. Cet incident sera signalé.\n" -#: plugins/sudoers/logging.c:308 +#: plugins/sudoers/logging.c:303 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Désolé, l'utilisateur %s ne peut pas utiliser sudo sur %s.\n" -#: plugins/sudoers/logging.c:311 +#: plugins/sudoers/logging.c:306 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Désolé, l'utilisateur %s n'est pas autorisé à exécuter « %s%s%s » en tant que %s%s%s sur %s.\n" -#: plugins/sudoers/logging.c:348 plugins/sudoers/sudoers.c:442 -#: plugins/sudoers/sudoers.c:444 plugins/sudoers/sudoers.c:446 -#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:603 -#: plugins/sudoers/sudoers.c:605 +#: plugins/sudoers/logging.c:343 plugins/sudoers/sudoers.c:518 +#: plugins/sudoers/sudoers.c:520 plugins/sudoers/sudoers.c:522 +#: plugins/sudoers/sudoers.c:524 plugins/sudoers/sudoers.c:675 +#: plugins/sudoers/sudoers.c:677 #, c-format msgid "%s: command not found" msgstr "%s : commande introuvable" -#: plugins/sudoers/logging.c:350 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/logging.c:345 plugins/sudoers/sudoers.c:514 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -1561,52 +2075,46 @@ "« %s » trouvé dans « . » n'a pas été exécuté\n" "Utilisez « sudo ./%s » si c'est bien la version de « %s » que vous souhaitez exécuter." -#: plugins/sudoers/logging.c:367 +#: plugins/sudoers/logging.c:362 msgid "authentication failure" msgstr "échec de l'authentification" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:388 msgid "a password is required" msgstr "il est nécessaire de saisir un mot de passe" -#: plugins/sudoers/logging.c:463 +#: plugins/sudoers/logging.c:458 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u saisie de mot de passe incorrecte" msgstr[1] "%u saisies de mots de passe incorrectes" -#: plugins/sudoers/logging.c:728 +#: plugins/sudoers/logging.c:722 #, c-format msgid "unable to dup stdin: %m" msgstr "duplication (dup) de stdin impossible : %m" -#: plugins/sudoers/logging.c:768 +#: plugins/sudoers/logging.c:759 #, c-format msgid "unable to execute %s: %m" msgstr "exécution de %s impossible : %m" -#: plugins/sudoers/logging.c:809 plugins/sudoers/logging.c:865 +#: plugins/sudoers/logging.c:800 plugins/sudoers/logging.c:856 #, c-format msgid "unable to fork: %m" msgstr "création du processus fils impossible : %m" -#: plugins/sudoers/logging.c:855 +#: plugins/sudoers/logging.c:846 #, c-format msgid "unable to open pipe: %m" msgstr "ouverture du tube impossible : %m" -#: plugins/sudoers/match_digest.c:103 +#: plugins/sudoers/match_digest.c:123 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "le résume (digest) de %s (%s) n'est pas dans le forme %s" -#: plugins/sudoers/mkdir_parents.c:77 plugins/sudoers/sudoers.c:943 -#: plugins/sudoers/visudo.c:437 plugins/sudoers/visudo.c:733 -#, c-format -msgid "unable to stat %s" -msgstr "impossible d'appliquer la fonction stat à %s" - #: plugins/sudoers/parse.c:449 #, c-format msgid "" @@ -1665,22 +2173,22 @@ msgid "User %s is not allowed to run sudo on %s.\n" msgstr "L'utilisateur %s n'est pas autorisé à exécuter sudo sur %s.\n" -#: plugins/sudoers/parse_ldif.c:604 +#: plugins/sudoers/parse_ldif.c:617 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "le sudoRole incomplet est ignoré : cn : %s" -#: plugins/sudoers/parse_ldif.c:664 +#: plugins/sudoers/parse_ldif.c:677 #, c-format msgid "invalid LDIF attribute: %s" msgstr "attribut LDIF invalide : %s" -#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:116 +#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:115 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "%.*s invalide défini par l'interface utilisateur de sudo" -#: plugins/sudoers/policy.c:295 plugins/sudoers/testsudoers.c:280 +#: plugins/sudoers/policy.c:294 plugins/sudoers/testsudoers.c:280 msgid "unable to parse network address list" msgstr "impossible d'analyser la liste des adresses réseau" @@ -1700,23 +2208,23 @@ msgid "host name not set by sudo front-end" msgstr "nom d'hôte pas défini par l'interface utilisateur de sudo" -#: plugins/sudoers/policy.c:808 plugins/sudoers/visudo.c:236 +#: plugins/sudoers/policy.c:897 plugins/sudoers/visudo.c:236 #: plugins/sudoers/visudo.c:867 #, c-format msgid "unable to execute %s" msgstr "exécution de %s impossible" -#: plugins/sudoers/policy.c:939 +#: plugins/sudoers/policy.c:1055 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "La version du greffon de politique de sudoers est %s\n" -#: plugins/sudoers/policy.c:941 +#: plugins/sudoers/policy.c:1057 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "La version de la grammaire du fichier sudoers est %d\n" -#: plugins/sudoers/policy.c:945 +#: plugins/sudoers/policy.c:1061 #, c-format msgid "" "\n" @@ -1725,22 +2233,22 @@ "\n" "Chemin d'accès à sudoers : %s\n" -#: plugins/sudoers/policy.c:948 +#: plugins/sudoers/policy.c:1064 #, c-format msgid "nsswitch path: %s\n" msgstr "chemin d'accès à nsswitch : %s\n" -#: plugins/sudoers/policy.c:950 +#: plugins/sudoers/policy.c:1066 #, c-format msgid "ldap.conf path: %s\n" msgstr "chemin d'accès à ldap.conf : %s\n" -#: plugins/sudoers/policy.c:951 +#: plugins/sudoers/policy.c:1067 #, c-format msgid "ldap.secret path: %s\n" msgstr "chemin d'accès à ldap.secret : %s\n" -#: plugins/sudoers/policy.c:984 +#: plugins/sudoers/policy.c:1100 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "activation d'un point d'ancrage de type %d (version %d.%d) impossible" @@ -1809,48 +2317,48 @@ msgid "unable to parse gids for %s" msgstr "impossible d'analyser les gids pour %s" -#: plugins/sudoers/set_perms.c:120 plugins/sudoers/set_perms.c:478 -#: plugins/sudoers/set_perms.c:921 plugins/sudoers/set_perms.c:1254 -#: plugins/sudoers/set_perms.c:1573 +#: plugins/sudoers/set_perms.c:120 plugins/sudoers/set_perms.c:447 +#: plugins/sudoers/set_perms.c:850 plugins/sudoers/set_perms.c:1156 +#: plugins/sudoers/set_perms.c:1450 msgid "perm stack overflow" msgstr "débordement de la pile perm" -#: plugins/sudoers/set_perms.c:128 plugins/sudoers/set_perms.c:409 -#: plugins/sudoers/set_perms.c:486 plugins/sudoers/set_perms.c:788 -#: plugins/sudoers/set_perms.c:929 plugins/sudoers/set_perms.c:1178 -#: plugins/sudoers/set_perms.c:1262 plugins/sudoers/set_perms.c:1506 -#: plugins/sudoers/set_perms.c:1581 plugins/sudoers/set_perms.c:1672 +#: plugins/sudoers/set_perms.c:128 plugins/sudoers/set_perms.c:378 +#: plugins/sudoers/set_perms.c:455 plugins/sudoers/set_perms.c:717 +#: plugins/sudoers/set_perms.c:858 plugins/sudoers/set_perms.c:1080 +#: plugins/sudoers/set_perms.c:1164 plugins/sudoers/set_perms.c:1383 +#: plugins/sudoers/set_perms.c:1458 plugins/sudoers/set_perms.c:1548 msgid "perm stack underflow" msgstr "débordement inférieur de la pile perm" -#: plugins/sudoers/set_perms.c:187 plugins/sudoers/set_perms.c:532 -#: plugins/sudoers/set_perms.c:1315 plugins/sudoers/set_perms.c:1614 +#: plugins/sudoers/set_perms.c:187 plugins/sudoers/set_perms.c:501 +#: plugins/sudoers/set_perms.c:1217 plugins/sudoers/set_perms.c:1491 msgid "unable to change to root gid" msgstr "changement de l'identificateur de groupe (gid) de root impossible" -#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:629 -#: plugins/sudoers/set_perms.c:1060 plugins/sudoers/set_perms.c:1392 +#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:598 +#: plugins/sudoers/set_perms.c:989 plugins/sudoers/set_perms.c:1294 msgid "unable to change to runas gid" msgstr "changement du groupe effectif (runas) impossible" -#: plugins/sudoers/set_perms.c:283 plugins/sudoers/set_perms.c:634 -#: plugins/sudoers/set_perms.c:1065 plugins/sudoers/set_perms.c:1397 +#: plugins/sudoers/set_perms.c:283 plugins/sudoers/set_perms.c:603 +#: plugins/sudoers/set_perms.c:994 plugins/sudoers/set_perms.c:1299 msgid "unable to set runas group vector" msgstr "définition du vecteur du groupe effectif (runas) impossible" -#: plugins/sudoers/set_perms.c:294 plugins/sudoers/set_perms.c:645 -#: plugins/sudoers/set_perms.c:1074 plugins/sudoers/set_perms.c:1406 +#: plugins/sudoers/set_perms.c:294 plugins/sudoers/set_perms.c:614 +#: plugins/sudoers/set_perms.c:1003 plugins/sudoers/set_perms.c:1308 msgid "unable to change to runas uid" msgstr "changement de l'uid effectif (runas) impossible" -#: plugins/sudoers/set_perms.c:312 plugins/sudoers/set_perms.c:663 -#: plugins/sudoers/set_perms.c:1090 plugins/sudoers/set_perms.c:1422 +#: plugins/sudoers/set_perms.c:312 plugins/sudoers/set_perms.c:632 +#: plugins/sudoers/set_perms.c:1019 plugins/sudoers/set_perms.c:1324 msgid "unable to change to sudoers gid" msgstr "changement du groupe (gid) de sudoers impossible" -#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 -#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 -#: plugins/sudoers/set_perms.c:1659 +#: plugins/sudoers/set_perms.c:365 plugins/sudoers/set_perms.c:704 +#: plugins/sudoers/set_perms.c:1067 plugins/sudoers/set_perms.c:1370 +#: plugins/sudoers/set_perms.c:1535 msgid "too many processes" msgstr "trop de processus" @@ -1883,209 +2391,228 @@ msgid "unable to find symbol \"%s\" in %s" msgstr "Le symbole « %s » est introuvable dans %s" -#: plugins/sudoers/sudoers.c:212 plugins/sudoers/sudoers.c:871 +#: plugins/sudoers/sudoers.c:221 plugins/sudoers/sudoers.c:958 msgid "problem with defaults entries" msgstr "les entrées par défaut posent un problème" -#: plugins/sudoers/sudoers.c:216 +#: plugins/sudoers/sudoers.c:225 msgid "no valid sudoers sources found, quitting" msgstr "aucune source sudoers valide n'a été trouvée, fin d'exécution" -#: plugins/sudoers/sudoers.c:254 +#: plugins/sudoers/sudoers.c:301 msgid "sudoers specifies that root is not allowed to sudo" msgstr "il est précisé dans sudoers que root n'est pas autorisé à utiliser sudo" -#: plugins/sudoers/sudoers.c:312 +#: plugins/sudoers/sudoers.c:361 +msgid "user not allowed to override closefrom limit" +msgstr "l'utilisateur n'est pas autorisé à outrepasser la limite closeform" + +#: plugins/sudoers/sudoers.c:362 msgid "you are not permitted to use the -C option" msgstr "vous n'êtes pas autorisé à utiliser l'option -C" -#: plugins/sudoers/sudoers.c:359 +#: plugins/sudoers/sudoers.c:426 #, c-format msgid "timestamp owner (%s): No such user" msgstr "propriétaire du fichier d'horodatage (%s) : utilisateur inconnu" -#: plugins/sudoers/sudoers.c:374 +#: plugins/sudoers/sudoers.c:441 msgid "no tty" msgstr "pas de terminal tty" -#: plugins/sudoers/sudoers.c:375 +#: plugins/sudoers/sudoers.c:442 msgid "sorry, you must have a tty to run sudo" msgstr "désolé, vous devez avoir un terminal tty pour exécuter sudo" -#: plugins/sudoers/sudoers.c:437 +#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:450 +#, c-format +msgid "invalid shell for user %s: %s" +msgstr "interpréteur de commande invalide pour l'utilisateur %s : %s" + +#: plugins/sudoers/sudoers.c:513 msgid "command in current directory" msgstr "commande dans le répertoire courant" -#: plugins/sudoers/sudoers.c:456 +#: plugins/sudoers/sudoers.c:532 +msgid "user not allowed to set a command timeout" +msgstr "l'utilisateur n'est pas autorisé à définir un délai d'expiration de la commande" + +#: plugins/sudoers/sudoers.c:533 msgid "sorry, you are not allowed set a command timeout" msgstr "désolé, vous n'êtes pas autorisé à définir un délai d'expiration de la commande" -#: plugins/sudoers/sudoers.c:464 +#: plugins/sudoers/sudoers.c:541 +msgid "user not allowed to set a preserve the environment" +msgstr "l'utilisateur n'est pas autorisé à conserver l'environnement" + +#: plugins/sudoers/sudoers.c:542 msgid "sorry, you are not allowed to preserve the environment" msgstr "désolé, vous n'êtes pas autorisé à conserver l'environnement" -#: plugins/sudoers/sudoers.c:815 +#: plugins/sudoers/sudoers.c:893 msgid "command too long" msgstr "commande trop longue" -#: plugins/sudoers/sudoers.c:947 +#: plugins/sudoers/sudoers.c:951 +msgid "sudoedit doesn't need to be run via sudo" +msgstr "sudoedit n'a pas besoin d'être exécuté via sudo" + +#: plugins/sudoers/sudoers.c:1005 plugins/sudoers/sudoreplay.c:1502 +#: plugins/sudoers/tsdump.c:145 +#, c-format +msgid "unable to read %s" +msgstr "lecture de %s impossible" + +#: plugins/sudoers/sudoers.c:1030 plugins/sudoers/visudo.c:437 +#: plugins/sudoers/visudo.c:733 +#, c-format +msgid "unable to stat %s" +msgstr "impossible d'appliquer la fonction stat à %s" + +#: plugins/sudoers/sudoers.c:1034 #, c-format msgid "%s is not a regular file" msgstr "%s n'est pas un fichier ordinaire" -#: plugins/sudoers/sudoers.c:951 plugins/sudoers/timestamp.c:259 toke.l:967 +#: plugins/sudoers/sudoers.c:1038 plugins/sudoers/timestamp.c:259 toke.l:967 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "Le fichier %s est la propriété de l'utilisateur (uid) %u, alors qu'il devrait appartenir à %u" -#: plugins/sudoers/sudoers.c:955 toke.l:972 +#: plugins/sudoers/sudoers.c:1042 toke.l:972 #, c-format msgid "%s is world writable" msgstr "Le fichier %s est ouvert en écriture pour tous" -#: plugins/sudoers/sudoers.c:959 toke.l:975 +#: plugins/sudoers/sudoers.c:1046 toke.l:975 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "Le fichier %s a pour groupe (gid) %u, alors qu'il devrait appartenir au groupe %u" -#: plugins/sudoers/sudoers.c:992 +#: plugins/sudoers/sudoers.c:1079 #, c-format msgid "only root can use \"-c %s\"" msgstr "« -c %s » est réservé à l'utilisateur root" -#: plugins/sudoers/sudoers.c:1011 +#: plugins/sudoers/sudoers.c:1098 #, c-format msgid "unknown login class: %s" msgstr "classe de connexion inconnue : %s" -#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoers.c:1110 +#: plugins/sudoers/sudoers.c:1183 plugins/sudoers/sudoers.c:1198 #, c-format msgid "unable to resolve host %s" msgstr "impossible de résoudre l'hôte %s" -#: plugins/sudoers/sudoreplay.c:250 +#: plugins/sudoers/sudoreplay.c:263 #, c-format msgid "invalid filter option: %s" msgstr "option du filtre invalide : %s" -#: plugins/sudoers/sudoreplay.c:263 +#: plugins/sudoers/sudoreplay.c:276 #, c-format msgid "invalid max wait: %s" msgstr "attente maximum invalide : %s" -#: plugins/sudoers/sudoreplay.c:286 +#: plugins/sudoers/sudoreplay.c:299 #, c-format msgid "invalid speed factor: %s" msgstr "facteur de vitesse invalide : %s" -#: plugins/sudoers/sudoreplay.c:321 +#: plugins/sudoers/sudoreplay.c:335 #, c-format -msgid "%s/%.2s/%.2s/%.2s/timing: %s" -msgstr "%s/%.2s/%.2s/%.2s/timing : %s" +msgid "%s/%.2s/%.2s/%.2s: %s" +msgstr "%s/%.2s/%.2s/%.2s : %s" -#: plugins/sudoers/sudoreplay.c:326 +#: plugins/sudoers/sudoreplay.c:340 #, c-format msgid "%s/timing: %s" msgstr "%s/timing : %s" -#: plugins/sudoers/sudoreplay.c:330 +#: plugins/sudoers/sudoreplay.c:344 #, c-format -msgid "%s/%s/timing: %s" -msgstr "%s/%s/timing : %s" +msgid "%s/%s: %s" +msgstr "%s/%s : %s" -#: plugins/sudoers/sudoreplay.c:346 +#: plugins/sudoers/sudoreplay.c:372 #, c-format msgid "Replaying sudo session: %s" msgstr "Rejeu de la session sudo : %s" -#: plugins/sudoers/sudoreplay.c:544 plugins/sudoers/sudoreplay.c:591 -#: plugins/sudoers/sudoreplay.c:789 plugins/sudoers/sudoreplay.c:898 -#: plugins/sudoers/sudoreplay.c:983 plugins/sudoers/sudoreplay.c:998 -#: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/sudoreplay.c:1012 -#: plugins/sudoers/sudoreplay.c:1019 plugins/sudoers/sudoreplay.c:1026 -#: plugins/sudoers/sudoreplay.c:1174 -msgid "unable to add event to queue" -msgstr "impossible d'ajouter l'événement à la queue" - -#: plugins/sudoers/sudoreplay.c:659 +#: plugins/sudoers/sudoreplay.c:634 msgid "unable to set tty to raw mode" msgstr "impossible d'initialiser le terminal tty en mode direct" -#: plugins/sudoers/sudoreplay.c:710 +#: plugins/sudoers/sudoreplay.c:685 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Attention : la taille du terminal n'est pas suffisante pour pouvoir rejouer correctement la séquence.\n" -#: plugins/sudoers/sudoreplay.c:711 +#: plugins/sudoers/sudoreplay.c:686 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "La taille du journal est %d × %d, la taille de votre terminal est %d × %d." -#: plugins/sudoers/sudoreplay.c:739 +#: plugins/sudoers/sudoreplay.c:714 msgid "Replay finished, press any key to restore the terminal." msgstr "Rejeu terminé, appuyez sur n'importe quelle touche pour rétablir le terminal." -#: plugins/sudoers/sudoreplay.c:772 -#, c-format -msgid "invalid timing file line: %s" -msgstr "ligne invalide dans le fichier de timing : %s" - -#: plugins/sudoers/sudoreplay.c:1208 plugins/sudoers/sudoreplay.c:1233 +#: plugins/sudoers/sudoreplay.c:1161 plugins/sudoers/sudoreplay.c:1186 #, c-format msgid "ambiguous expression \"%s\"" msgstr "expression ambiguë « %s »" -#: plugins/sudoers/sudoreplay.c:1255 +#: plugins/sudoers/sudoreplay.c:1208 msgid "unmatched ')' in expression" msgstr "« ) » sans parenthèse ouvrante dans l'expression" -#: plugins/sudoers/sudoreplay.c:1259 +#: plugins/sudoers/sudoreplay.c:1212 #, c-format msgid "unknown search term \"%s\"" msgstr "terme de recherche « %s » inconnu" -#: plugins/sudoers/sudoreplay.c:1274 +#: plugins/sudoers/sudoreplay.c:1227 #, c-format msgid "%s requires an argument" msgstr "%s requiert un argument" -#: plugins/sudoers/sudoreplay.c:1277 plugins/sudoers/sudoreplay.c:1518 +#: plugins/sudoers/sudoreplay.c:1230 plugins/sudoers/sudoreplay.c:1478 #, c-format msgid "invalid regular expression: %s" msgstr "expression rationnelle invalide : %s" -#: plugins/sudoers/sudoreplay.c:1281 +#: plugins/sudoers/sudoreplay.c:1234 #, c-format msgid "could not parse date \"%s\"" msgstr "analyse de la date « %s » impossible" -#: plugins/sudoers/sudoreplay.c:1290 +#: plugins/sudoers/sudoreplay.c:1243 msgid "unmatched '(' in expression" msgstr "« ( » sans parenthèse fermante dans l'expression" -#: plugins/sudoers/sudoreplay.c:1292 +#: plugins/sudoers/sudoreplay.c:1245 msgid "illegal trailing \"or\"" msgstr "« or » n'est pas autorisé en fin d'expression" -#: plugins/sudoers/sudoreplay.c:1294 +#: plugins/sudoers/sudoreplay.c:1247 msgid "illegal trailing \"!\"" msgstr "« ! » n'est pas autorisé en fin d'expression" -#: plugins/sudoers/sudoreplay.c:1344 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "unknown search type %d" msgstr "type de recherche %d inconnu" -#: plugins/sudoers/sudoreplay.c:1611 +#: plugins/sudoers/sudoreplay.c:1569 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "utilisation : %s [-hnRS] [-d répertoire] [-m nombre] [-s nombre] ID\n" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1572 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "utilisation : %s [-h] [-d répertoire] -l [expression recherchée]\n" -#: plugins/sudoers/sudoreplay.c:1623 +#: plugins/sudoers/sudoreplay.c:1581 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2094,7 +2621,7 @@ "%s - rejeu du journal de la session sudo\n" "\n" -#: plugins/sudoers/sudoreplay.c:1625 +#: plugins/sudoers/sudoreplay.c:1583 msgid "" "\n" "Options:\n" @@ -2156,35 +2683,34 @@ msgid "%s is group writable" msgstr "%s est accessible en écriture pour les membres du groupe" -#: plugins/sudoers/timestamp.c:343 +#: plugins/sudoers/timestamp.c:343 plugins/sudoers/timestamp.c:687 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "impossible de tronquer le fichier d'horodatage à %lld octets" -#: plugins/sudoers/timestamp.c:829 plugins/sudoers/timestamp.c:921 -#: plugins/sudoers/visudo.c:498 plugins/sudoers/visudo.c:504 -msgid "unable to read the clock" -msgstr "lecture de l'horloge impossible" - -#: plugins/sudoers/timestamp.c:840 +#: plugins/sudoers/timestamp.c:873 msgid "ignoring time stamp from the future" msgstr "un horodatage dans le futur a été ignoré" -#: plugins/sudoers/timestamp.c:863 +#: plugins/sudoers/timestamp.c:896 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "l'horodatage est trop avancé dans le future : %20.20s" -#: plugins/sudoers/timestamp.c:985 +#: plugins/sudoers/timestamp.c:1018 #, c-format msgid "unable to lock time stamp file %s" msgstr "verrouillage du fichier d'horodatage %s impossible" -#: plugins/sudoers/timestamp.c:1029 plugins/sudoers/timestamp.c:1049 +#: plugins/sudoers/timestamp.c:1062 plugins/sudoers/timestamp.c:1082 #, c-format msgid "lecture status path too long: %s/%s" msgstr "le chemin d'accès au fichier d'état de la recommandation est trop long : %s/%s" +#: plugins/sudoers/toke_util.c:132 +msgid "sudoedit should not be specified with a path" +msgstr "sudoedit ne devrait pas être spécifié avec un chemin" + #: plugins/sudoers/visudo.c:232 msgid "the -x option will be removed in a future release" msgstr "l'option -x sera supprimée dans une version ultérieure" @@ -2375,6 +2901,15 @@ msgid "too many levels of includes" msgstr "nombre de niveaux d'inclusions trop élevé" +#~ msgid "No user or host" +#~ msgstr "Pas d'utilisateur ou d'hôte" + +#~ msgid "validation failure" +#~ msgstr "échec de la validation" + +#~ msgid "%s/%s/timing: %s" +#~ msgstr "%s/%s/timing : %s" + #~ msgid "ignoring invalid attribute value: %s" #~ msgstr "la valeur d'attribut invalide est ignorée : %s" @@ -2418,9 +2953,6 @@ #~ msgid "unable to setup authentication" #~ msgstr "configuration de l'authentification impossible" -#~ msgid "invalid uri: %s" -#~ msgstr "uri invalide : %s" - #~ msgid "unable to mix ldaps and starttls" #~ msgstr "fusion ldaps et starttls impossible" @@ -2514,6 +3046,3 @@ #~ msgid "nanosleep: tv_sec %ld, tv_nsec %ld" #~ msgstr "nanosleep : tv_sec %ld, tv_nsec %ld" - -#~ msgid "invalid regex: %s" -#~ msgstr "Expression régulière invalide : %s" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/plugins/sudoers/po/hr.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/plugins/sudoers/po/hr.mo differ diff -Nru sudo-1.8.31/plugins/sudoers/po/hr.po sudo-1.9.0/plugins/sudoers/po/hr.po --- sudo-1.8.31/plugins/sudoers/po/hr.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/po/hr.po 2020-05-11 16:28:23.000000000 +0000 @@ -1,13 +1,13 @@ # Translation of sudoers to Croatian. # This file is put in the public domain. # -# Božidar Putanec , 2016, 2017, 2018, 2019. +# Božidar Putanec , 2016, 2017, 2018, 2019, 2020. msgid "" msgstr "" -"Project-Id-Version: sudoers-1.8.29rc1\n" +"Project-Id-Version: sudoers-1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-10-24 12:58-0700\n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-03-14 18:10-0700\n" "Last-Translator: Božidar Putanec \n" "Language-Team: Croatian \n" "Language: hr\n" @@ -16,7 +16,7 @@ "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" -"X-Generator: Poedit 2.2.4\n" +"X-Generator: Lokalize 19.04.3\n" "X-Poedit-Basepath: ../packages/sudo-1.8.23b2\n" "X-Poedit-SearchPath-0: .\n" @@ -44,70 +44,75 @@ msgid "Sorry, try again." msgstr "Pokušajte ponovo." -#: gram.y:196 gram.y:244 gram.y:251 gram.y:258 gram.y:265 gram.y:272 -#: gram.y:288 gram.y:312 gram.y:319 gram.y:326 gram.y:333 gram.y:340 -#: gram.y:403 gram.y:412 gram.y:423 gram.y:456 gram.y:463 gram.y:470 -#: gram.y:477 gram.y:559 gram.y:566 gram.y:575 gram.y:584 gram.y:601 -#: gram.y:713 gram.y:720 gram.y:727 gram.y:735 gram.y:835 gram.y:842 -#: gram.y:849 gram.y:856 gram.y:863 gram.y:889 gram.y:896 gram.y:903 -#: gram.y:1026 gram.y:1303 plugins/sudoers/alias.c:132 -#: plugins/sudoers/alias.c:139 plugins/sudoers/alias.c:155 -#: plugins/sudoers/auth/bsdauth.c:148 plugins/sudoers/auth/kerb5.c:123 -#: plugins/sudoers/auth/kerb5.c:149 plugins/sudoers/auth/pam.c:670 -#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/auth/sia.c:64 -#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:165 -#: plugins/sudoers/cvtsudoers.c:182 plugins/sudoers/cvtsudoers.c:193 -#: plugins/sudoers/cvtsudoers.c:305 plugins/sudoers/cvtsudoers.c:433 -#: plugins/sudoers/cvtsudoers.c:566 plugins/sudoers/cvtsudoers.c:583 -#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 -#: plugins/sudoers/cvtsudoers.c:769 plugins/sudoers/cvtsudoers.c:1179 -#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1285 +#: gram.y:198 gram.y:246 gram.y:253 gram.y:260 gram.y:267 gram.y:274 +#: gram.y:290 gram.y:314 gram.y:321 gram.y:328 gram.y:335 gram.y:342 +#: gram.y:405 gram.y:414 gram.y:425 gram.y:458 gram.y:465 gram.y:472 +#: gram.y:479 gram.y:506 gram.y:578 gram.y:585 gram.y:594 gram.y:603 +#: gram.y:620 gram.y:732 gram.y:739 gram.y:747 gram.y:753 gram.y:853 +#: gram.y:860 gram.y:867 gram.y:874 gram.y:881 gram.y:907 gram.y:914 +#: gram.y:921 gram.y:1063 gram.y:1342 lib/iolog/iolog_util.c:79 +#: lib/iolog/iolog_util.c:118 lib/iolog/iolog_util.c:127 +#: lib/iolog/iolog_util.c:137 lib/iolog/iolog_util.c:145 +#: lib/iolog/iolog_util.c:149 logsrvd/eventlog.c:223 logsrvd/sendlog.c:286 +#: plugins/sudoers/alias.c:132 plugins/sudoers/alias.c:139 +#: plugins/sudoers/alias.c:155 plugins/sudoers/auth/bsdauth.c:148 +#: plugins/sudoers/auth/kerb5.c:123 plugins/sudoers/auth/kerb5.c:149 +#: plugins/sudoers/auth/pam.c:673 plugins/sudoers/auth/rfc1938.c:116 +#: plugins/sudoers/auth/sia.c:64 plugins/sudoers/cvtsudoers.c:124 +#: plugins/sudoers/cvtsudoers.c:165 plugins/sudoers/cvtsudoers.c:182 +#: plugins/sudoers/cvtsudoers.c:193 plugins/sudoers/cvtsudoers.c:305 +#: plugins/sudoers/cvtsudoers.c:433 plugins/sudoers/cvtsudoers.c:566 +#: plugins/sudoers/cvtsudoers.c:583 plugins/sudoers/cvtsudoers.c:646 +#: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:769 +#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1187 +#: plugins/sudoers/cvtsudoers.c:1289 plugins/sudoers/cvtsudoers_json.c:83 #: plugins/sudoers/cvtsudoers_ldif.c:154 plugins/sudoers/cvtsudoers_ldif.c:197 -#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:263 -#: plugins/sudoers/cvtsudoers_ldif.c:334 plugins/sudoers/cvtsudoers_ldif.c:389 -#: plugins/sudoers/cvtsudoers_ldif.c:397 plugins/sudoers/cvtsudoers_ldif.c:414 -#: plugins/sudoers/cvtsudoers_ldif.c:423 plugins/sudoers/cvtsudoers_ldif.c:570 -#: plugins/sudoers/defaults.c:666 plugins/sudoers/defaults.c:959 -#: plugins/sudoers/defaults.c:1130 plugins/sudoers/editor.c:72 +#: plugins/sudoers/cvtsudoers_ldif.c:238 plugins/sudoers/cvtsudoers_ldif.c:303 +#: plugins/sudoers/cvtsudoers_ldif.c:374 plugins/sudoers/cvtsudoers_ldif.c:429 +#: plugins/sudoers/cvtsudoers_ldif.c:437 plugins/sudoers/cvtsudoers_ldif.c:454 +#: plugins/sudoers/cvtsudoers_ldif.c:463 plugins/sudoers/cvtsudoers_ldif.c:610 +#: plugins/sudoers/defaults.c:632 plugins/sudoers/defaults.c:925 +#: plugins/sudoers/defaults.c:1058 plugins/sudoers/editor.c:72 #: plugins/sudoers/editor.c:90 plugins/sudoers/editor.c:101 #: plugins/sudoers/env.c:268 plugins/sudoers/filedigest.c:66 #: plugins/sudoers/filedigest.c:82 plugins/sudoers/gc.c:59 -#: plugins/sudoers/group_plugin.c:138 plugins/sudoers/interfaces.c:78 -#: plugins/sudoers/iolog.c:943 plugins/sudoers/iolog_path.c:174 -#: plugins/sudoers/iolog_util.c:86 plugins/sudoers/iolog_util.c:125 -#: plugins/sudoers/iolog_util.c:134 plugins/sudoers/iolog_util.c:144 -#: plugins/sudoers/iolog_util.c:152 plugins/sudoers/iolog_util.c:156 -#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416 -#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887 -#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668 -#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786 -#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022 -#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223 -#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306 -#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446 -#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558 -#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:683 -#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:510 -#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/linux_audit.c:83 -#: plugins/sudoers/logging.c:202 plugins/sudoers/logging.c:532 -#: plugins/sudoers/logging.c:558 plugins/sudoers/logging.c:599 -#: plugins/sudoers/logging.c:740 plugins/sudoers/logging.c:1100 -#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:367 -#: plugins/sudoers/match_command.c:414 plugins/sudoers/match_command.c:485 -#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:200 +#: plugins/sudoers/group_plugin.c:141 plugins/sudoers/interfaces.c:78 +#: plugins/sudoers/iolog.c:476 plugins/sudoers/iolog_client.c:107 +#: plugins/sudoers/iolog_client.c:485 plugins/sudoers/iolog_client.c:593 +#: plugins/sudoers/iolog_client.c:611 plugins/sudoers/iolog_client.c:1053 +#: plugins/sudoers/iolog_client.c:1283 plugins/sudoers/iolog_client.c:1619 +#: plugins/sudoers/iolog_client.c:1647 plugins/sudoers/ldap.c:185 +#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723 +#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241 +#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705 +#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921 +#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038 +#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254 +#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342 +#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461 +#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591 +#: plugins/sudoers/ldap_conf.c:683 plugins/sudoers/ldap_conf.c:765 +#: plugins/sudoers/ldap_util.c:331 plugins/sudoers/ldap_util.c:338 +#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:83 +#: plugins/sudoers/logging.c:200 plugins/sudoers/logging.c:527 +#: plugins/sudoers/logging.c:553 plugins/sudoers/logging.c:594 +#: plugins/sudoers/logging.c:731 plugins/sudoers/logging.c:1091 +#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:397 +#: plugins/sudoers/match_command.c:444 plugins/sudoers/match_command.c:515 +#: plugins/sudoers/match_digest.c:87 plugins/sudoers/parse.c:200 #: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:227 #: plugins/sudoers/parse.c:239 plugins/sudoers/parse_ldif.c:156 #: plugins/sudoers/parse_ldif.c:187 plugins/sudoers/parse_ldif.c:256 #: plugins/sudoers/parse_ldif.c:263 plugins/sudoers/parse_ldif.c:268 #: plugins/sudoers/parse_ldif.c:344 plugins/sudoers/parse_ldif.c:355 -#: plugins/sudoers/parse_ldif.c:361 plugins/sudoers/parse_ldif.c:386 -#: plugins/sudoers/parse_ldif.c:398 plugins/sudoers/parse_ldif.c:402 -#: plugins/sudoers/parse_ldif.c:416 plugins/sudoers/parse_ldif.c:584 -#: plugins/sudoers/parse_ldif.c:614 plugins/sudoers/parse_ldif.c:639 -#: plugins/sudoers/parse_ldif.c:697 plugins/sudoers/parse_ldif.c:714 -#: plugins/sudoers/parse_ldif.c:742 plugins/sudoers/parse_ldif.c:749 -#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:750 +#: plugins/sudoers/parse_ldif.c:382 plugins/sudoers/parse_ldif.c:399 +#: plugins/sudoers/parse_ldif.c:411 plugins/sudoers/parse_ldif.c:415 +#: plugins/sudoers/parse_ldif.c:429 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:627 plugins/sudoers/parse_ldif.c:652 +#: plugins/sudoers/parse_ldif.c:710 plugins/sudoers/parse_ldif.c:727 +#: plugins/sudoers/parse_ldif.c:755 plugins/sudoers/parse_ldif.c:762 +#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:830 #: plugins/sudoers/prompt.c:100 plugins/sudoers/pwutil.c:199 #: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 #: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:586 @@ -117,19 +122,19 @@ #: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 #: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 #: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 -#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 -#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 -#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 -#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 -#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:114 -#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 -#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 -#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 -#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 -#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 -#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:331 plugins/sudoers/sudoers.c:341 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:735 +#: plugins/sudoers/sudoers.c:864 plugins/sudoers/sudoers.c:909 +#: plugins/sudoers/sudoers.c:1213 plugins/sudoers/sudoreplay.c:559 +#: plugins/sudoers/sudoreplay.c:562 plugins/sudoers/sudoreplay.c:1218 +#: plugins/sudoers/sudoreplay.c:1425 plugins/sudoers/sudoreplay.c:1429 +#: plugins/sudoers/testsudoers.c:136 plugins/sudoers/testsudoers.c:236 +#: plugins/sudoers/testsudoers.c:253 plugins/sudoers/testsudoers.c:587 +#: plugins/sudoers/timestamp.c:439 plugins/sudoers/timestamp.c:483 +#: plugins/sudoers/timestamp.c:993 plugins/sudoers/toke_util.c:59 +#: plugins/sudoers/toke_util.c:112 plugins/sudoers/toke_util.c:137 +#: plugins/sudoers/toke_util.c:165 plugins/sudoers/tsdump.c:130 #: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 #: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 #: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 @@ -138,111 +143,116 @@ msgid "unable to allocate memory" msgstr "nije moguće dodijeliti memoriju" -#: gram.y:488 +#: gram.y:500 msgid "a digest requires a path name" msgstr "kontrolni zbroj zahtijeva ime staze" -#: gram.y:614 +#: gram.y:633 msgid "invalid notbefore value" -msgstr "nevaljana „notbefore“ vrijednost" +msgstr "nevaljana ‘notbefore’ vrijednost" -#: gram.y:622 +#: gram.y:641 msgid "invalid notafter value" -msgstr "nevaljana „notafter“ vrijednost" +msgstr "nevaljana ‘notafter’ vrijednost" -#: gram.y:631 plugins/sudoers/policy.c:320 +#: gram.y:650 plugins/sudoers/policy.c:319 msgid "timeout value too large" -msgstr "vrijednost za istek vremena je prevelika" +msgstr "vrijednost za tajmaut je prevelika" -#: gram.y:633 plugins/sudoers/policy.c:322 +#: gram.y:652 plugins/sudoers/policy.c:321 msgid "invalid timeout value" -msgstr "nevaljana vrijednost za istek vremena" +msgstr "nevaljana vrijednost za tajmaut" -#: gram.y:1303 plugins/sudoers/auth/pam.c:483 plugins/sudoers/auth/pam.c:670 -#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/cvtsudoers.c:124 -#: plugins/sudoers/cvtsudoers.c:164 plugins/sudoers/cvtsudoers.c:181 -#: plugins/sudoers/cvtsudoers.c:192 plugins/sudoers/cvtsudoers.c:304 -#: plugins/sudoers/cvtsudoers.c:432 plugins/sudoers/cvtsudoers.c:565 -#: plugins/sudoers/cvtsudoers.c:582 plugins/sudoers/cvtsudoers.c:646 -#: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:768 -#: plugins/sudoers/cvtsudoers.c:1179 plugins/sudoers/cvtsudoers.c:1183 -#: plugins/sudoers/cvtsudoers.c:1285 plugins/sudoers/cvtsudoers_ldif.c:153 -#: plugins/sudoers/cvtsudoers_ldif.c:196 plugins/sudoers/cvtsudoers_ldif.c:243 -#: plugins/sudoers/cvtsudoers_ldif.c:262 plugins/sudoers/cvtsudoers_ldif.c:333 -#: plugins/sudoers/cvtsudoers_ldif.c:388 plugins/sudoers/cvtsudoers_ldif.c:396 -#: plugins/sudoers/cvtsudoers_ldif.c:413 plugins/sudoers/cvtsudoers_ldif.c:422 -#: plugins/sudoers/cvtsudoers_ldif.c:569 plugins/sudoers/defaults.c:666 -#: plugins/sudoers/defaults.c:959 plugins/sudoers/defaults.c:1130 +#: gram.y:1342 lib/iolog/iolog_util.c:79 lib/iolog/iolog_util.c:118 +#: lib/iolog/iolog_util.c:127 lib/iolog/iolog_util.c:137 +#: lib/iolog/iolog_util.c:145 lib/iolog/iolog_util.c:149 +#: logsrvd/eventlog.c:223 plugins/sudoers/auth/pam.c:486 +#: plugins/sudoers/auth/pam.c:673 plugins/sudoers/auth/rfc1938.c:116 +#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:164 +#: plugins/sudoers/cvtsudoers.c:181 plugins/sudoers/cvtsudoers.c:192 +#: plugins/sudoers/cvtsudoers.c:304 plugins/sudoers/cvtsudoers.c:432 +#: plugins/sudoers/cvtsudoers.c:565 plugins/sudoers/cvtsudoers.c:582 +#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 +#: plugins/sudoers/cvtsudoers.c:768 plugins/sudoers/cvtsudoers.c:1183 +#: plugins/sudoers/cvtsudoers.c:1187 plugins/sudoers/cvtsudoers.c:1289 +#: plugins/sudoers/cvtsudoers_json.c:82 plugins/sudoers/cvtsudoers_ldif.c:153 +#: plugins/sudoers/cvtsudoers_ldif.c:196 plugins/sudoers/cvtsudoers_ldif.c:237 +#: plugins/sudoers/cvtsudoers_ldif.c:302 plugins/sudoers/cvtsudoers_ldif.c:373 +#: plugins/sudoers/cvtsudoers_ldif.c:428 plugins/sudoers/cvtsudoers_ldif.c:436 +#: plugins/sudoers/cvtsudoers_ldif.c:453 plugins/sudoers/cvtsudoers_ldif.c:462 +#: plugins/sudoers/cvtsudoers_ldif.c:609 plugins/sudoers/defaults.c:632 +#: plugins/sudoers/defaults.c:925 plugins/sudoers/defaults.c:1058 #: plugins/sudoers/editor.c:72 plugins/sudoers/editor.c:90 #: plugins/sudoers/editor.c:101 plugins/sudoers/env.c:268 #: plugins/sudoers/filedigest.c:66 plugins/sudoers/filedigest.c:82 -#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:138 -#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:943 -#: plugins/sudoers/iolog_path.c:174 plugins/sudoers/iolog_util.c:86 -#: plugins/sudoers/iolog_util.c:125 plugins/sudoers/iolog_util.c:134 -#: plugins/sudoers/iolog_util.c:144 plugins/sudoers/iolog_util.c:152 -#: plugins/sudoers/iolog_util.c:156 plugins/sudoers/ldap.c:185 -#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420 -#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723 -#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241 -#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705 -#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921 -#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038 -#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254 -#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342 -#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461 -#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591 -#: plugins/sudoers/ldap_conf.c:682 plugins/sudoers/ldap_conf.c:765 -#: plugins/sudoers/ldap_util.c:510 plugins/sudoers/ldap_util.c:567 -#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:202 -#: plugins/sudoers/logging.c:532 plugins/sudoers/logging.c:558 -#: plugins/sudoers/logging.c:598 plugins/sudoers/logging.c:1100 -#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:366 -#: plugins/sudoers/match_command.c:413 plugins/sudoers/match_command.c:485 -#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:199 +#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:140 +#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:476 +#: plugins/sudoers/iolog_client.c:107 plugins/sudoers/iolog_client.c:485 +#: plugins/sudoers/iolog_client.c:593 plugins/sudoers/iolog_client.c:611 +#: plugins/sudoers/iolog_client.c:1053 plugins/sudoers/iolog_client.c:1283 +#: plugins/sudoers/iolog_client.c:1619 plugins/sudoers/iolog_client.c:1647 +#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416 +#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432 +#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887 +#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668 +#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786 +#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022 +#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223 +#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306 +#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446 +#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558 +#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:682 +#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:330 +#: plugins/sudoers/ldap_util.c:337 plugins/sudoers/ldap_util.c:603 +#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:200 +#: plugins/sudoers/logging.c:527 plugins/sudoers/logging.c:553 +#: plugins/sudoers/logging.c:593 plugins/sudoers/logging.c:1091 +#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:396 +#: plugins/sudoers/match_command.c:443 plugins/sudoers/match_command.c:515 +#: plugins/sudoers/match_digest.c:87 plugins/sudoers/parse.c:199 #: plugins/sudoers/parse.c:211 plugins/sudoers/parse.c:226 #: plugins/sudoers/parse.c:238 plugins/sudoers/parse_ldif.c:155 #: plugins/sudoers/parse_ldif.c:186 plugins/sudoers/parse_ldif.c:255 #: plugins/sudoers/parse_ldif.c:262 plugins/sudoers/parse_ldif.c:267 #: plugins/sudoers/parse_ldif.c:343 plugins/sudoers/parse_ldif.c:354 -#: plugins/sudoers/parse_ldif.c:360 plugins/sudoers/parse_ldif.c:385 -#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:401 -#: plugins/sudoers/parse_ldif.c:415 plugins/sudoers/parse_ldif.c:584 -#: plugins/sudoers/parse_ldif.c:613 plugins/sudoers/parse_ldif.c:638 -#: plugins/sudoers/parse_ldif.c:696 plugins/sudoers/parse_ldif.c:713 -#: plugins/sudoers/parse_ldif.c:741 plugins/sudoers/parse_ldif.c:748 -#: plugins/sudoers/policy.c:134 plugins/sudoers/policy.c:143 -#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:178 -#: plugins/sudoers/policy.c:305 plugins/sudoers/policy.c:320 -#: plugins/sudoers/policy.c:322 plugins/sudoers/policy.c:348 -#: plugins/sudoers/policy.c:358 plugins/sudoers/policy.c:402 +#: plugins/sudoers/parse_ldif.c:381 plugins/sudoers/parse_ldif.c:398 +#: plugins/sudoers/parse_ldif.c:410 plugins/sudoers/parse_ldif.c:414 +#: plugins/sudoers/parse_ldif.c:428 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:133 plugins/sudoers/policy.c:142 +#: plugins/sudoers/policy.c:151 plugins/sudoers/policy.c:177 +#: plugins/sudoers/policy.c:304 plugins/sudoers/policy.c:319 +#: plugins/sudoers/policy.c:321 plugins/sudoers/policy.c:350 +#: plugins/sudoers/policy.c:359 plugins/sudoers/policy.c:402 #: plugins/sudoers/policy.c:412 plugins/sudoers/policy.c:421 #: plugins/sudoers/policy.c:430 plugins/sudoers/policy.c:504 -#: plugins/sudoers/policy.c:750 plugins/sudoers/prompt.c:100 +#: plugins/sudoers/policy.c:830 plugins/sudoers/prompt.c:100 #: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 #: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 #: plugins/sudoers/pwutil.c:586 plugins/sudoers/pwutil.c:657 #: plugins/sudoers/pwutil.c:816 plugins/sudoers/pwutil.c:873 #: plugins/sudoers/pwutil.c:917 plugins/sudoers/pwutil.c:975 -#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 -#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 -#: plugins/sudoers/set_perms.c:1659 plugins/sudoers/sssd.c:153 +#: plugins/sudoers/set_perms.c:365 plugins/sudoers/set_perms.c:704 +#: plugins/sudoers/set_perms.c:1067 plugins/sudoers/set_perms.c:1370 +#: plugins/sudoers/set_perms.c:1535 plugins/sudoers/sssd.c:153 #: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 #: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 #: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 -#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 -#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 -#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 -#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 -#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:113 -#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 -#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 -#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 -#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 -#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 -#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:331 plugins/sudoers/sudoers.c:341 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:735 +#: plugins/sudoers/sudoers.c:864 plugins/sudoers/sudoers.c:909 +#: plugins/sudoers/sudoers.c:1213 plugins/sudoers/sudoreplay.c:559 +#: plugins/sudoers/sudoreplay.c:562 plugins/sudoers/sudoreplay.c:1218 +#: plugins/sudoers/sudoreplay.c:1425 plugins/sudoers/sudoreplay.c:1429 +#: plugins/sudoers/testsudoers.c:136 plugins/sudoers/testsudoers.c:236 +#: plugins/sudoers/testsudoers.c:253 plugins/sudoers/testsudoers.c:587 +#: plugins/sudoers/timestamp.c:439 plugins/sudoers/timestamp.c:483 +#: plugins/sudoers/timestamp.c:993 plugins/sudoers/toke_util.c:59 +#: plugins/sudoers/toke_util.c:112 plugins/sudoers/toke_util.c:136 +#: plugins/sudoers/toke_util.c:165 plugins/sudoers/tsdump.c:130 #: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 #: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 #: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 @@ -252,12 +262,457 @@ msgid "%s: %s" msgstr "%s: %s" +#: lib/iolog/iolog_fileio.c:164 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s postoji, ali nije direktorij (0%o)" + +#: lib/iolog/iolog_fileio.c:194 lib/iolog/iolog_fileio.c:240 +#: plugins/sudoers/timestamp.c:212 +#, c-format +msgid "unable to mkdir %s" +msgstr "nije moguće napraviti direktorij %s" + +#: lib/iolog/iolog_fileio.c:244 plugins/sudoers/visudo.c:739 +#: plugins/sudoers/visudo.c:750 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "nije moguće promijeniti mȏd od %s na 0%o" + +#: lib/iolog/iolog_util.c:83 +#, c-format +msgid "%s: invalid log file" +msgstr "%s: nevaljana dnevnička datoteka" + +#: lib/iolog/iolog_util.c:101 +#, c-format +msgid "%s: time stamp field is missing" +msgstr "%s: nedostaje polje za vremensku oznaku" + +#: lib/iolog/iolog_util.c:107 +#, c-format +msgid "%s: time stamp %s: %s" +msgstr "%s: vremenska oznaka %s: %s" + +#: lib/iolog/iolog_util.c:114 +#, c-format +msgid "%s: user field is missing" +msgstr "%s: nedostaje polje za korisnika" + +#: lib/iolog/iolog_util.c:123 +#, c-format +msgid "%s: runas user field is missing" +msgstr "%s: nedostaje polje za runas-korisnika" + +#: lib/iolog/iolog_util.c:132 +#, c-format +msgid "%s: runas group field is missing" +msgstr "%s: nedostaje polje za runas-grupe" + +#: lib/iolog/iolog_util.c:382 +#, c-format +msgid "error reading timing file: %s" +msgstr "greška pri čitanju tajming datoteke: %s" + +#: lib/iolog/iolog_util.c:389 +#, c-format +msgid "invalid timing file line: %s" +msgstr "nevaljani redak u tajming datoteci: %s" + +#: logsrvd/eventlog.c:228 plugins/sudoers/cvtsudoers_ldif.c:247 +#: plugins/sudoers/cvtsudoers_ldif.c:254 plugins/sudoers/cvtsudoers_ldif.c:566 +#: plugins/sudoers/env.c:330 plugins/sudoers/env.c:337 +#: plugins/sudoers/env.c:442 plugins/sudoers/iolog.c:550 +#: plugins/sudoers/iolog.c:566 plugins/sudoers/ldap.c:496 +#: plugins/sudoers/ldap.c:727 plugins/sudoers/ldap.c:1060 +#: plugins/sudoers/ldap_conf.c:227 plugins/sudoers/ldap_conf.c:317 +#: plugins/sudoers/linux_audit.c:89 plugins/sudoers/logging.c:1096 +#: plugins/sudoers/policy.c:534 plugins/sudoers/policy.c:679 +#: plugins/sudoers/policy.c:689 plugins/sudoers/prompt.c:168 +#: plugins/sudoers/sudoers.c:931 plugins/sudoers/testsudoers.c:257 +#: plugins/sudoers/toke_util.c:177 +#, c-format +msgid "internal error, %s overflow" +msgstr "**interna greška**, %s prelijevanje" + +#: logsrvd/eventlog.c:422 plugins/sudoers/logging.c:118 +#, c-format +msgid "%8s : %s" +msgstr "%8s : %s" + +#: logsrvd/eventlog.c:451 plugins/sudoers/logging.c:146 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "%8s : (naredba se nastavlja) %s" + +#: logsrvd/iolog_writer.c:886 +msgid "log is already complete, cannot be restarted" +msgstr "dnevnik je već kompletiran -- ne može se ponovno pokrenuti" + +#: logsrvd/iolog_writer.c:917 +msgid "unable to restart log" +msgstr "nije moguće ponovno pokrenuti dnevničarenje (logging)" + +#: logsrvd/logsrv_util.c:96 logsrvd/logsrv_util.c:103 +#: plugins/sudoers/sudoreplay.c:355 plugins/sudoers/sudoreplay.c:361 +#: plugins/sudoers/sudoreplay.c:368 +#, c-format +msgid "unable to open %s/%s" +msgstr "nije moguće otvoriti %s/%s" + +#: logsrvd/logsrv_util.c:130 +#, c-format +msgid "missing I/O log file %s/%s" +msgstr "nema dnevničke datoteke U/I %s/%s" + +#: logsrvd/logsrv_util.c:137 +#, c-format +msgid "%s/%s: unable to seek forward %zu" +msgstr "%s/%s: nije moguće skočiti naprijed na %zu" + +#: logsrvd/logsrv_util.c:147 +#, c-format +msgid "unable to find resume point [%lld, %ld] in %s/%s" +msgstr "nije moguće naći točku [%lld, %ld] u %s/%s od koje treba nastaviti" + +#: logsrvd/logsrvd.c:231 logsrvd/logsrvd.c:299 logsrvd/logsrvd.c:343 +#: logsrvd/logsrvd.c:392 logsrvd/logsrvd.c:439 logsrvd/logsrvd.c:484 +#: logsrvd/logsrvd.c:510 +msgid "state machine error" +msgstr "greška automata (state machine)" + +#: logsrvd/logsrvd.c:240 +msgid "invalid AcceptMessage" +msgstr "nevaljana AcceptMessage" + +#: logsrvd/logsrvd.c:251 +msgid "error parsing AcceptMessage" +msgstr "greška pri raščlanivanju AcceptMessage" + +#: logsrvd/logsrvd.c:258 +msgid "error creating I/O log" +msgstr "greška pri stvaranju U/I dnevnika" + +#: logsrvd/logsrvd.c:265 +msgid "error logging accept event" +msgstr "greška pri upisivanju u dnevnik ‘accept’ događaja" + +#: logsrvd/logsrvd.c:308 +msgid "invalid RejectMessage" +msgstr "nevaljani RejectMessage" + +#: logsrvd/logsrvd.c:319 +msgid "error parsing RejectMessage" +msgstr "greška pri raščlanivanju RejectMessage-a" + +#: logsrvd/logsrvd.c:325 +msgid "error logging reject event" +msgstr "greška pri upisivanju u dnevnik ‘reject’ događaja" + +#: logsrvd/logsrvd.c:424 +msgid "error logging alert event" +msgstr "greška pri upisivanju u dnevnik ‘alert’ događaja" + +#: logsrvd/logsrvd.c:449 +msgid "error writing IoBuffer" +msgstr "greška pri pisanju IoBuffer-a" + +#: logsrvd/logsrvd.c:495 +msgid "error writing ChangeWindowSize" +msgstr "greška pri pisanju ChangeWindowSize-a" + +#: logsrvd/logsrvd.c:521 +msgid "error writing CommandSuspend" +msgstr "greška pri pisanju CommandSuspend-a" + +#: logsrvd/logsrvd.c:583 +msgid "unrecognized ClientMessage type" +msgstr "neprepoznata vrsta ClientMessage-a" + +#: logsrvd/logsrvd.c:835 +msgid "client message too large" +msgstr "poruka klijenta je preduga" + +#: logsrvd/logsrvd.c:1295 logsrvd/logsrvd.c:1415 logsrvd/logsrvd.c:1539 +#: logsrvd/logsrvd.c:1631 logsrvd/sendlog.c:242 logsrvd/sendlog.c:257 +#: logsrvd/sendlog.c:290 logsrvd/sendlog.c:1264 plugins/sudoers/iolog.c:900 +#: plugins/sudoers/iolog.c:1033 plugins/sudoers/iolog.c:1131 +#: plugins/sudoers/iolog_client.c:111 plugins/sudoers/iolog_client.c:436 +#: plugins/sudoers/iolog_client.c:452 plugins/sudoers/iolog_client.c:490 +#: plugins/sudoers/iolog_client.c:1032 plugins/sudoers/iolog_client.c:1061 +#: plugins/sudoers/iolog_client.c:1133 plugins/sudoers/iolog_client.c:1239 +#: plugins/sudoers/iolog_client.c:1353 plugins/sudoers/iolog_client.c:1655 +#: plugins/sudoers/iolog_client.c:1663 plugins/sudoers/sudoreplay.c:519 +#: plugins/sudoers/sudoreplay.c:566 plugins/sudoers/sudoreplay.c:755 +#: plugins/sudoers/sudoreplay.c:867 plugins/sudoers/sudoreplay.c:957 +#: plugins/sudoers/sudoreplay.c:972 plugins/sudoers/sudoreplay.c:979 +#: plugins/sudoers/sudoreplay.c:986 plugins/sudoers/sudoreplay.c:993 +#: plugins/sudoers/sudoreplay.c:1000 plugins/sudoers/sudoreplay.c:1127 +msgid "unable to add event to queue" +msgstr "nije moguće dodati događaj u red čekanja" + +#: logsrvd/logsrvd.c:1407 plugins/sudoers/iolog_client.c:378 +#, c-format +msgid "Unable to attach user data to the ssl object: %s" +msgstr "Nije moguće prikvačiti podatke korisnika na SSL objekt: %s" + +#: logsrvd/logsrvd.c:1443 plugins/sudoers/iolog_client.c:1596 +#: plugins/sudoers/iolog_client.c:1604 +msgid "unable to get remote IP addr" +msgstr "nije moguće dobiti udaljenu IP adresu" + +#: logsrvd/logsrvd.c:1692 logsrvd/sendlog.c:113 +#, c-format +msgid "" +"%s - send sudo I/O log to remote server\n" +"\n" +msgstr "" +"%s - šalje dnevnik U/I sudo-a na udaljeni server\n" +"\n" + +#: logsrvd/logsrvd.c:1695 +msgid "" +"\n" +"Options:\n" +" -f, --file path to configuration file\n" +" -h --help display help message and exit\n" +" -n, --no-fork do not fork, run in the foreground\n" +" -R, --random-drop percent chance connections will drop\n" +" -V, --version display version information and exit\n" +msgstr "" +"\n" +"Opcije:\n" +" -f, --file= staza do konfiguracijske datoteke\n" +" -h, --help pokaže ovu pomoć i iziđe\n" +" -n, --no-fork ne stvara novi proces, nego radi u prednjem planu\n" +" -R, --random-drop postotak šanse da izgubi vezu (drop connection)\n" +" -V, --version informira o inačici ovog programa i iziđe\n" + +#: logsrvd/logsrvd.c:1747 logsrvd/sendlog.c:1513 +msgid "Protobuf-C version 1.3 or higher required" +msgstr "Potrebna je Protobuf-C inačica 1.3 ili novija" + +#: logsrvd/logsrvd.c:1765 +#, c-format +msgid "invalid random drop value: %s" +msgstr "nevaljana ‘random drop’ vrijednost: %s" + +#: logsrvd/logsrvd.c:1769 logsrvd/sendlog.c:1551 +#: plugins/sudoers/cvtsudoers.c:233 plugins/sudoers/sudoreplay.c:302 +#: plugins/sudoers/visudo.c:184 +#, c-format +msgid "%s version %s\n" +msgstr "%s inačica %s\n" + +#: logsrvd/logsrvd_conf.c:688 +#, c-format +msgid "%s: not a fully qualified path" +msgstr "%s: to nije potpuno kvalificirana staza" + +#: logsrvd/logsrvd_conf.c:802 +#, c-format +msgid "%s:%d unmatched '[': %s" +msgstr "%s:%d ne podudara '[': %s" + +#: logsrvd/logsrvd_conf.c:813 +#, c-format +msgid "%s:%d invalid config section: %s" +msgstr "%s:%d nevaljana sekcija u konfiguraciji: %s" + +#: logsrvd/logsrvd_conf.c:821 +#, c-format +msgid "%s:%d invalid configuration line: %s" +msgstr "%s:%d nevaljani redak u konfiguraciji: %s" + +#: logsrvd/logsrvd_conf.c:827 +#, c-format +msgid "%s:%d expected section name: %s" +msgstr "%s:%d očekivano ime sekcije: %s" + +#: logsrvd/logsrvd_conf.c:841 +#, c-format +msgid "invalid value for %s: %s" +msgstr "nevaljana vrijednost za %s: %s" + +#: logsrvd/logsrvd_conf.c:849 +#, c-format +msgid "%s:%d unknown key: %s" +msgstr "%s: %d nepoznati ključ: %s" + +#: logsrvd/logsrvd_conf.c:977 +#, c-format +msgid "unknown syslog facility %s" +msgstr "nepoznati ustroj za syslog (Protokol dnevničarenja sustava): %s" + +#: logsrvd/logsrvd_conf.c:981 logsrvd/logsrvd_conf.c:985 +#: logsrvd/logsrvd_conf.c:989 +#, c-format +msgid "unknown syslog priority %s" +msgstr "nepoznati prioritet %s za protokol dnevnika sustava (syslog)" + +#: logsrvd/sendlog.c:116 +msgid "" +"\n" +"Options:\n" +" --help display help message and exit\n" +" -h, --host host to send logs to\n" +" -i, --iolog_id remote ID of I/O log to be resumed\n" +" -p, --port port to use when connecting to host\n" +" -r, --restart restart previous I/O log transfer\n" +" -t, --test test audit server by sending selected I/O log n times in parallel\n" +" -b, --ca-bundle certificate bundle file to verify server's cert against\n" +" -c, --cert certificate file for TLS handshake\n" +" -k, --key private key file\n" +" -V, --version display version information and exit\n" +msgstr "" +"\n" +"Options:\n" +" --help pokaže ovu pomoć i iziđe\n" +" -h, --host host (računalo) kojemu se šalje dnevnik\n" +" -i, --iolog_id udaljeni ID od U/I dnevnika koji treba nastaviti\n" +" -p, --port port koji će se koristiti za spajanje na hosta\n" +" -r, --restart ponovi prethodni prijenos U/I dnevnika\n" +" -t, --test testira revizijski server tako da paralelno\n" +" pošalje ‘n’ puta U/I dnevnik\n" +" -b, --ca-bundle datoteka s paketom certifikata (CA) za provjeru\n" +" certifikata servera\n" +" -c, --cert certificat datoteka za TLS rukovanje (handshake)\n" +" -k, --key datoteka s privatnim (tajnim) ključem (private key)\n" +" -V, --version informira o inačici ovog programa i iziđe\n" + +#: logsrvd/sendlog.c:216 plugins/sudoers/iolog_client.c:409 +msgid "TLS handshake timeout occurred" +msgstr "tajmaut za TLS rukovanje je istekao" + +#: logsrvd/sendlog.c:237 logsrvd/sendlog.c:252 +#: plugins/sudoers/iolog_client.c:430 plugins/sudoers/iolog_client.c:446 +msgid "unable to set event" +msgstr "nije moguće uspostaviti događaj" + +#: logsrvd/sendlog.c:262 +#, c-format +msgid "SSL_connect failed: ssl_error=%d, stack=%s\n" +msgstr "SSL_connect failed: ssl_error=%d, stack=%s\n" + +#: logsrvd/sendlog.c:294 plugins/sudoers/iolog_client.c:115 +#: plugins/sudoers/iolog_client.c:495 plugins/sudoers/iolog_client.c:1065 +#: plugins/sudoers/iolog_client.c:1671 +msgid "error in event loop" +msgstr "pogreška u petlji događaja" + +#: logsrvd/sendlog.c:311 +msgid "CA bundle file was not specified" +msgstr "Datoteka s paketom certifikata (CA) nije bila specificirana" + +#: logsrvd/sendlog.c:315 +msgid "Client certificate was not specified" +msgstr "Certifikat klijenta nije bio specificiran" + +#: logsrvd/sendlog.c:319 +#, c-format +msgid "Unable to initialize ssl context: %s" +msgstr "nije moguće inicijalizirati SSL kontekst: %s" + +#: logsrvd/sendlog.c:324 +#, c-format +msgid "Unable to allocate ssl object: %s\n" +msgstr "nije moguće dodijeliti SSL objekt: %s\n" + +#: logsrvd/sendlog.c:329 +#, c-format +msgid "Unable to attach socket to the ssl object: %s\n" +msgstr "Nije moguće prikvačiti utičnicu na SSL objekt: %s\n" + +#: logsrvd/sendlog.c:367 plugins/sudoers/iolog_client.c:150 +#, c-format +msgid "unable to look up %s:%s: %s" +msgstr "nije moguće potražiti %s:%s: %s" + +#: logsrvd/sendlog.c:522 plugins/sudoers/sudoreplay.c:815 +#, c-format +msgid "unable to read %s/%s: %s" +msgstr "nije moguće učitati %s/%s: %s" + +#: logsrvd/sendlog.c:543 +#, c-format +msgid "client message too large: %zu\n" +msgstr "poruka klijenta je preduga: %zu\n" + +#: logsrvd/sendlog.c:941 +#, c-format +msgid "%s: write buffer already in use" +msgstr "%s: međuspremnik za pisanje je zauzet" + +#: logsrvd/sendlog.c:993 plugins/sudoers/iolog.c:824 +#: plugins/sudoers/iolog.c:893 +#, c-format +msgid "unexpected I/O event %d" +msgstr "neočekivani U/I događaj %d" + +#: logsrvd/sendlog.c:1025 logsrvd/sendlog.c:1042 logsrvd/sendlog.c:1092 +#: plugins/sudoers/iolog_client.c:1037 plugins/sudoers/iolog_client.c:1090 +#: plugins/sudoers/iolog_client.c:1151 +#, c-format +msgid "%s: unexpected state %d" +msgstr "%s: neočekivano stanje %d" + +#: logsrvd/sendlog.c:1048 plugins/sudoers/iolog_client.c:1096 +msgid "invalid ServerHello" +msgstr "nevaljani ServerHello" + +#: logsrvd/sendlog.c:1130 plugins/sudoers/iolog_client.c:1195 +#, c-format +msgid "error message received from server: %s" +msgstr "primljena je poruka o greškama od servera: %s" + +#: logsrvd/sendlog.c:1143 plugins/sudoers/iolog_client.c:1208 +#, c-format +msgid "abort message received from server: %s" +msgstr "primljena je poruka za prekid (abort) od servera: %s" + +#: logsrvd/sendlog.c:1162 plugins/sudoers/iolog_client.c:1227 +msgid "unable to unpack ServerMessage" +msgstr "nije moguće raspakirati ServerMessage" + +#: logsrvd/sendlog.c:1207 plugins/sudoers/iolog_client.c:1260 +#, c-format +msgid "%s: unexpected type_case value %d" +msgstr "%s: neočekivana ‘type_case’ vrijednost za %d" + +#: logsrvd/sendlog.c:1291 +msgid "premature EOF" +msgstr "preuranjeni EOF (kraj datoteke)" + +#: logsrvd/sendlog.c:1304 +#, c-format +msgid "server message too large: %u\n" +msgstr "poruka servera je preduga: %u\n" + +#: logsrvd/sendlog.c:1569 +msgid "both restart point and iolog ID must be specified" +msgstr "i točka za ponovno pokretanje i iolog ID moraju biti specificirani" + +#: logsrvd/sendlog.c:1636 +#, c-format +msgid "exited prematurely with state %d" +msgstr "preuranjeni završetak (izlaz) sa stanjem %d" + +#: logsrvd/sendlog.c:1637 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "proteklo vrijeme poslano je na server [%lld, %ld]" + +#: logsrvd/sendlog.c:1639 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "potvrđena točka primljena je od servera [%lld, %ld]" + #: plugins/sudoers/alias.c:151 #, c-format msgid "Alias \"%s\" already defined" -msgstr "Alias „%s“ je već definirani" +msgstr "Alias ‘%s’ je već definirani" -#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:801 +#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:792 msgid "unable to fork" msgstr "nije moguće stvoriti novi proces (greška u fork())" @@ -297,12 +752,12 @@ #: plugins/sudoers/auth/fwtk.c:64 msgid "unable to connect to authentication server" -msgstr "nije moguće spojiti se na autentifikacijski poslužitelj" +msgstr "nije moguće spojiti se na server za autentifikaciju" #: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 #: plugins/sudoers/auth/fwtk.c:126 msgid "lost connection to authentication server" -msgstr "veza s autentifikacijskim poslužiteljem je prekinuta (izgubljena)" +msgstr "veza sa serverom za autentifikaciju je prekinuta (izgubljena)" #: plugins/sudoers/auth/fwtk.c:74 #, c-format @@ -310,18 +765,18 @@ "authentication server error:\n" "%s" msgstr "" -"greška autentifikacijskoga poslužitelja:\n" +"greška na serveru za autentifikaciju:\n" "%s" #: plugins/sudoers/auth/kerb5.c:115 #, c-format msgid "%s: unable to convert principal to string ('%s'): %s" -msgstr "%s: nije moguće pretvoriti principala u string („%s“): %s" +msgstr "%s: nije moguće pretvoriti principala u string (‘%s’): %s" #: plugins/sudoers/auth/kerb5.c:165 #, c-format msgid "%s: unable to parse '%s': %s" -msgstr "%s: nije moguće raščlaniti „%s“: %s" +msgstr "%s: nije moguće raščlaniti ‘%s’: %s" #: plugins/sudoers/auth/kerb5.c:174 #, c-format @@ -363,33 +818,33 @@ msgid "unable to initialize PAM: %s" msgstr "nije moguće inicijalizirati PAM: %s" -#: plugins/sudoers/auth/pam.c:319 +#: plugins/sudoers/auth/pam.c:322 #, c-format msgid "PAM authentication error: %s" msgstr "Greška PAM autentifikacije: %s" -#: plugins/sudoers/auth/pam.c:338 +#: plugins/sudoers/auth/pam.c:341 msgid "account validation failure, is your account locked?" msgstr "provjera valjanosti računa nije uspjela, je li vaš račun zaključan?" -#: plugins/sudoers/auth/pam.c:349 +#: plugins/sudoers/auth/pam.c:352 msgid "Account or password is expired, reset your password and try again" msgstr "Račun ili lozinka su istekli, postavite novu lozinku i pokušajte ponovo" -#: plugins/sudoers/auth/pam.c:355 +#: plugins/sudoers/auth/pam.c:358 #, c-format msgid "unable to change expired password: %s" msgstr "nije moguće promijeniti zastarjelu lozinku: %s" -#: plugins/sudoers/auth/pam.c:366 +#: plugins/sudoers/auth/pam.c:369 msgid "Password expired, contact your system administrator" msgstr "Lozinka je istekla, javite se vašem administratoru sustava" -#: plugins/sudoers/auth/pam.c:371 +#: plugins/sudoers/auth/pam.c:374 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" -msgstr "Račun je istekao ili PAM konfiguracija nema sekciju „account“ za sudo, javite se vašem administratoru sustava" +msgstr "Račun je istekao ili PAM konfiguracija nema sekciju ‘account’ za sudo, javite se vašem administratoru sustava" -#: plugins/sudoers/auth/pam.c:379 plugins/sudoers/auth/pam.c:384 +#: plugins/sudoers/auth/pam.c:382 plugins/sudoers/auth/pam.c:387 #, c-format msgid "PAM account management error: %s" msgstr "Pogreška u upravljanju PAM računom: %s" @@ -405,7 +860,7 @@ #: plugins/sudoers/auth/securid5.c:103 msgid "unable to contact the SecurID server" -msgstr "nije moguće uspostaviti vezu sa SecurID poslužiteljem" +msgstr "nije moguće uspostaviti vezu sa serverom za SecurID" #: plugins/sudoers/auth/securid5.c:112 msgid "User ID locked for SecurID Authentication" @@ -467,7 +922,7 @@ msgid "unable to commit audit record" msgstr "revizijski izvještaj nije bilo moguće zapisati na disk" -#: plugins/sudoers/check.c:269 +#: plugins/sudoers/check.c:264 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -487,15 +942,16 @@ " #3) S velikim moćima dolazi velika odgovornost.\n" "\n" -#: plugins/sudoers/check.c:312 plugins/sudoers/check.c:322 -#: plugins/sudoers/sudoers.c:700 plugins/sudoers/sudoers.c:748 +#: plugins/sudoers/check.c:307 plugins/sudoers/check.c:317 +#: plugins/sudoers/sudoers.c:778 plugins/sudoers/sudoers.c:826 #: plugins/sudoers/tsdump.c:126 #, c-format msgid "unknown uid: %u" msgstr "nepoznati UID: %u" -#: plugins/sudoers/check.c:317 plugins/sudoers/iolog.c:255 -#: plugins/sudoers/policy.c:921 plugins/sudoers/sudoers.c:1163 +#: plugins/sudoers/check.c:312 plugins/sudoers/iolog.c:121 +#: plugins/sudoers/policy.c:1034 plugins/sudoers/sudoers.c:391 +#: plugins/sudoers/sudoers.c:393 plugins/sudoers/sudoers.c:1255 #: plugins/sudoers/testsudoers.c:227 plugins/sudoers/testsudoers.c:400 #, c-format msgid "unknown user: %s" @@ -516,12 +972,6 @@ msgid "order padding: %s: %s" msgstr "popuna redoslijeda (order): %s: %s" -#: plugins/sudoers/cvtsudoers.c:233 plugins/sudoers/sudoreplay.c:289 -#: plugins/sudoers/visudo.c:184 -#, c-format -msgid "%s version %s\n" -msgstr "%s inačica %s\n" - #: plugins/sudoers/cvtsudoers.c:235 plugins/sudoers/visudo.c:186 #, c-format msgid "%s grammar version %d\n" @@ -542,7 +992,7 @@ msgid "%s: input and output files must be different" msgstr "%s: ulazna i izlazna datoteka moraju biti različite datoteke" -#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:176 +#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:185 #: plugins/sudoers/testsudoers.c:266 plugins/sudoers/visudo.c:254 #: plugins/sudoers/visudo.c:610 plugins/sudoers/visudo.c:933 msgid "unable to initialize sudoers default values" @@ -574,12 +1024,10 @@ msgstr "nevaljani filtar: %s" #: plugins/sudoers/cvtsudoers.c:622 plugins/sudoers/cvtsudoers.c:639 -#: plugins/sudoers/cvtsudoers.c:1245 plugins/sudoers/cvtsudoers_json.c:1130 -#: plugins/sudoers/cvtsudoers_ldif.c:643 plugins/sudoers/iolog.c:413 -#: plugins/sudoers/iolog_util.c:75 plugins/sudoers/sudoers.c:914 -#: plugins/sudoers/sudoreplay.c:338 plugins/sudoers/sudoreplay.c:1431 -#: plugins/sudoers/timestamp.c:448 plugins/sudoers/tsdump.c:135 -#: plugins/sudoers/visudo.c:929 +#: plugins/sudoers/cvtsudoers.c:1249 plugins/sudoers/cvtsudoers_json.c:868 +#: plugins/sudoers/cvtsudoers_ldif.c:683 plugins/sudoers/sudoers.c:1001 +#: plugins/sudoers/sudoreplay.c:1391 plugins/sudoers/timestamp.c:448 +#: plugins/sudoers/tsdump.c:135 plugins/sudoers/visudo.c:929 #, c-format msgid "unable to open %s" msgstr "nije moguće otvoriti %s" @@ -599,14 +1047,13 @@ msgid "parse error in %s\n" msgstr "greška u raščlambi u %s\n" -#: plugins/sudoers/cvtsudoers.c:1292 plugins/sudoers/iolog.c:500 -#: plugins/sudoers/sudoreplay.c:1135 plugins/sudoers/timestamp.c:332 -#: plugins/sudoers/timestamp.c:335 +#: plugins/sudoers/cvtsudoers.c:1296 plugins/sudoers/sudoreplay.c:1088 +#: plugins/sudoers/timestamp.c:332 plugins/sudoers/timestamp.c:335 #, c-format msgid "unable to write to %s" msgstr "nije moguće pisati u %s" -#: plugins/sudoers/cvtsudoers.c:1315 +#: plugins/sudoers/cvtsudoers.c:1319 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -615,7 +1062,7 @@ "%s - pretvara formate sudoers datoteka\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1317 +#: plugins/sudoers/cvtsudoers.c:1321 msgid "" "\n" "Options:\n" @@ -655,50 +1102,37 @@ " -s, --suppress=sections izostavi izlaz od sections sekcija\n" " -V, --version informira o inačici ovog programa i završi" -#: plugins/sudoers/cvtsudoers_json.c:684 plugins/sudoers/cvtsudoers_json.c:720 -#: plugins/sudoers/cvtsudoers_json.c:938 +#: plugins/sudoers/cvtsudoers_json.c:487 plugins/sudoers/cvtsudoers_json.c:521 +#: plugins/sudoers/cvtsudoers_json.c:709 #, c-format msgid "unknown defaults entry \"%s\"" msgstr "nepoznati unos defaults „%s“" -#: plugins/sudoers/cvtsudoers_json.c:858 plugins/sudoers/cvtsudoers_json.c:873 -#: plugins/sudoers/cvtsudoers_ldif.c:308 plugins/sudoers/cvtsudoers_ldif.c:319 +#: plugins/sudoers/cvtsudoers_json.c:647 plugins/sudoers/cvtsudoers_json.c:660 +#: plugins/sudoers/cvtsudoers_ldif.c:348 plugins/sudoers/cvtsudoers_ldif.c:359 #: plugins/sudoers/ldap.c:482 msgid "unable to get GMT time" msgstr "nije moguće dobiti GMT vrijeme" -#: plugins/sudoers/cvtsudoers_json.c:861 plugins/sudoers/cvtsudoers_json.c:876 -#: plugins/sudoers/cvtsudoers_ldif.c:311 plugins/sudoers/cvtsudoers_ldif.c:322 +#: plugins/sudoers/cvtsudoers_json.c:650 plugins/sudoers/cvtsudoers_json.c:663 +#: plugins/sudoers/cvtsudoers_ldif.c:351 plugins/sudoers/cvtsudoers_ldif.c:362 #: plugins/sudoers/ldap.c:488 msgid "unable to format timestamp" msgstr "nije moguće oblikovati vremensku oznaku" -#: plugins/sudoers/cvtsudoers_ldif.c:526 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:337 plugins/sudoers/env.c:442 -#: plugins/sudoers/ldap.c:496 plugins/sudoers/ldap.c:727 -#: plugins/sudoers/ldap.c:1060 plugins/sudoers/ldap_conf.c:227 -#: plugins/sudoers/ldap_conf.c:317 plugins/sudoers/linux_audit.c:89 -#: plugins/sudoers/logging.c:1105 plugins/sudoers/policy.c:625 -#: plugins/sudoers/policy.c:635 plugins/sudoers/prompt.c:168 -#: plugins/sudoers/sudoers.c:852 plugins/sudoers/testsudoers.c:257 -#: plugins/sudoers/toke_util.c:161 -#, c-format -msgid "internal error, %s overflow" -msgstr "**interna greška**, %s prelijevanje" - -#: plugins/sudoers/cvtsudoers_ldif.c:595 +#: plugins/sudoers/cvtsudoers_ldif.c:635 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "previše sudoers grešaka, maksimum je %u" -#: plugins/sudoers/cvtsudoers_ldif.c:638 +#: plugins/sudoers/cvtsudoers_ldif.c:678 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "varijabla okoline SUDOERS_BASE nije postavljena i -b opcija nije specificirana." #: plugins/sudoers/def_data.c:42 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" -msgstr "Alat za bilježenje ako se syslog koristi za pisanje dnevnika: %s" +msgstr "Ustroj syslog-a ako se syslog koristi za pisanje dnevnika: %s" #: plugins/sudoers/def_data.c:46 #, c-format @@ -716,7 +1150,7 @@ #: plugins/sudoers/def_data.c:58 msgid "Ignore '.' in $PATH" -msgstr "Ignorira se „.“ u $PATH" +msgstr "Ignorira se ‘.’ u $PATH" #: plugins/sudoers/def_data.c:62 msgid "Always send mail when sudo is run" @@ -839,12 +1273,12 @@ #: plugins/sudoers/def_data.c:178 #, c-format msgid "Authentication timestamp timeout: %.1f minutes" -msgstr "Istek vremena za vremensku oznaku autentifikacije: %.1f minuta" +msgstr "Tajmaut za vremensku oznaku autentifikacije: %.1f minuta" #: plugins/sudoers/def_data.c:182 #, c-format msgid "Password prompt timeout: %.1f minutes" -msgstr "Istek vremena za unos lozinke: %.1f minuta" +msgstr "Tajmaut za unos lozinke: %.1f minuta" #: plugins/sudoers/def_data.c:186 #, c-format @@ -972,7 +1406,7 @@ #: plugins/sudoers/def_data.c:290 msgid "Environment variables to check for sanity:" -msgstr "Varijable okoline čije „zdravlje“ treba ispitati:" +msgstr "Varijable okoline čije stanje (sanity) treba ispitati:" #: plugins/sudoers/def_data.c:294 msgid "Environment variables to remove:" @@ -980,7 +1414,7 @@ #: plugins/sudoers/def_data.c:298 msgid "Environment variables to preserve:" -msgstr "Varijable okoline koje treba sačuvati:" +msgstr "Varijable okoline koje treba zadržati:" #: plugins/sudoers/def_data.c:302 #, c-format @@ -1100,8 +1534,8 @@ #: plugins/sudoers/def_data.c:406 #, c-format -msgid "Maximum I/O log sequence number: %u" -msgstr "Maksimalni redni broj U/I dnevnika: %u" +msgid "Maximum I/O log sequence number: %s" +msgstr "Najveći broj redoslijeda dnevnika U/I: %s" #: plugins/sudoers/def_data.c:410 msgid "Enable sudoers netgroup support" @@ -1175,7 +1609,7 @@ #: plugins/sudoers/def_data.c:474 msgid "Allow the user to specify a timeout on the command line" -msgstr "Dopustite korisniku da specificira istek vremena na komandnom retku" +msgstr "Dopustite korisniku da specificira tajmaut na komandnom retku" #: plugins/sudoers/def_data.c:478 msgid "Flush I/O log data to disk immediately instead of buffering it" @@ -1211,62 +1645,106 @@ msgid "Log when a command is denied by sudoers" msgstr "Dnevniči (upiše u dnevnik) onda kad sudoers ne dopusti naredbu" -#: plugins/sudoers/defaults.c:231 +#: plugins/sudoers/def_data.c:510 +msgid "Sudo log server(s) to connect to with optional port" +msgstr "Server(i) sudo dnevnika za spajanje na opcionalni port" + +#: plugins/sudoers/def_data.c:514 +#, c-format +msgid "Sudo log server timeout in seconds: %u" +msgstr "Tajmaut servera sudo dnevnika u sekundama: %u" + +#: plugins/sudoers/def_data.c:518 +msgid "Enable SO_KEEPALIVE socket option on the socket connected to the logserver" +msgstr "Omogućite opciju utičnice SO_KEEPALIVE na utičnici spojenoj na server dnevnika" + +#: plugins/sudoers/def_data.c:522 +#, c-format +msgid "Path to the audit server's CA bundle file: %s" +msgstr "Staza do datoteke s paketom certifikata (CA) revizijskog servera: %s" + +#: plugins/sudoers/def_data.c:526 +#, c-format +msgid "Path to the sudoers certificate file: %s" +msgstr "Staza do datoteke sa sudoers certifikatima: %s" + +#: plugins/sudoers/def_data.c:530 +#, c-format +msgid "Path to the sudoers private key file: %s" +msgstr "Staza do datoteke sa sudoers privatnim (tajnim) ključem: %s" + +#: plugins/sudoers/def_data.c:534 +msgid "Allow the use of unknown runas user and/or group ID" +msgstr "Dopustite nepoznate vrijednosti za korisničko ime i/ili ID grupe za ‘runas’" + +#: plugins/sudoers/def_data.c:538 +msgid "Only permit running commands as a user with a valid shell" +msgstr "Dopustite izvršavanje naredbi samo korisniku s valjanom ljuskom" + +#: plugins/sudoers/def_data.c:542 +msgid "Set the pam remote user to the user running sudo" +msgstr "Postavite udaljenog korisnika PAM-a na korisnika koji izvršava sudo" + +#: plugins/sudoers/def_data.c:546 +msgid "Set the pam remote host to the local host name" +msgstr "Postavite PAM udaljenog hosta pam na ime lokalnog hosta (računala)" + +#: plugins/sudoers/defaults.c:190 #, c-format msgid "%s:%d unknown defaults entry \"%s\"" msgstr "%s:%d nepoznata stavka zadanih vrijednosti „%s“" -#: plugins/sudoers/defaults.c:234 +#: plugins/sudoers/defaults.c:193 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "%s: nepoznata stavka zadanih vrijednosti „%s“" -#: plugins/sudoers/defaults.c:277 +#: plugins/sudoers/defaults.c:236 #, c-format msgid "%s:%d no value specified for \"%s\"" msgstr "%s:%d nije navedena vrijednost za „%s“" -#: plugins/sudoers/defaults.c:280 +#: plugins/sudoers/defaults.c:239 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "%s: nije navedena vrijednost za „%s“" -#: plugins/sudoers/defaults.c:300 +#: plugins/sudoers/defaults.c:259 #, c-format msgid "%s:%d values for \"%s\" must start with a '/'" msgstr "%s:%d vrijednost za „%s“ mora početi s „/“" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:262 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s: vrijednost za „%s“ mora početi s „/“" -#: plugins/sudoers/defaults.c:325 +#: plugins/sudoers/defaults.c:284 #, c-format msgid "%s:%d option \"%s\" does not take a value" msgstr "%s:%d opcija „%s“ ne prihvaća vrijednost" -#: plugins/sudoers/defaults.c:328 +#: plugins/sudoers/defaults.c:287 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s: opcija „%s“ ne prihvaća vrijednost" -#: plugins/sudoers/defaults.c:353 +#: plugins/sudoers/defaults.c:312 #, c-format msgid "%s:%d invalid Defaults type 0x%x for option \"%s\"" msgstr "%s:%d nevaljana zadana vrsta 0x%x za opciju „%s“" -#: plugins/sudoers/defaults.c:356 +#: plugins/sudoers/defaults.c:315 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s: nevaljana Defaults vrsta 0x%x za opciju „%s“" -#: plugins/sudoers/defaults.c:366 +#: plugins/sudoers/defaults.c:325 #, c-format msgid "%s:%d value \"%s\" is invalid for option \"%s\"" msgstr "%s:%d vrijednost „%s“ nije ispravna za opciju „%s“" -#: plugins/sudoers/defaults.c:369 +#: plugins/sudoers/defaults.c:328 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s: vrijednost „%s“ nije ispravna za opciju „%s“" @@ -1275,11 +1753,11 @@ msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: oštećen envp, duljina ne odgovara" -#: plugins/sudoers/env.c:1132 +#: plugins/sudoers/env.c:1133 msgid "unable to rebuild the environment" msgstr "nije moguće obnoviti okolinu" -#: plugins/sudoers/env.c:1206 +#: plugins/sudoers/env.c:1207 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "nemate dopuštenje za postavljanje sljedećih varijabli okoline: %s" @@ -1304,27 +1782,27 @@ msgid "%s: read error" msgstr "%s: greška čitanja" -#: plugins/sudoers/group_plugin.c:90 +#: plugins/sudoers/group_plugin.c:91 #, c-format msgid "%s must be owned by uid %d" msgstr "vlasnik %s mora biti UID %d" -#: plugins/sudoers/group_plugin.c:94 +#: plugins/sudoers/group_plugin.c:95 #, c-format msgid "%s must only be writable by owner" msgstr "%s mora biti dostupan za pisanje samo vlasniku" -#: plugins/sudoers/group_plugin.c:102 plugins/sudoers/sssd.c:562 +#: plugins/sudoers/group_plugin.c:104 plugins/sudoers/sssd.c:562 #, c-format msgid "unable to load %s: %s" msgstr "nije moguće učitati %s: %s" -#: plugins/sudoers/group_plugin.c:108 +#: plugins/sudoers/group_plugin.c:110 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "nije moguće pronaći simbol „group_plugin“ u %s" -#: plugins/sudoers/group_plugin.c:113 +#: plugins/sudoers/group_plugin.c:115 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: nekompatibilna glavna inačica plugin grupe %d, očekivano je %d" @@ -1343,87 +1821,143 @@ msgid "Local IP address and netmask pairs:\n" msgstr "Parovi lokalnih IP adresa i mrežnih maski:\n" -#: plugins/sudoers/iolog.c:117 plugins/sudoers/mkdir_parents.c:82 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s postoji, ali nije direktorij (0%o)" - -#: plugins/sudoers/iolog.c:142 plugins/sudoers/iolog.c:182 -#: plugins/sudoers/mkdir_parents.c:71 plugins/sudoers/timestamp.c:212 -#, c-format -msgid "unable to mkdir %s" -msgstr "nije moguće napraviti direktorij %s" - -#: plugins/sudoers/iolog.c:186 plugins/sudoers/visudo.c:739 -#: plugins/sudoers/visudo.c:750 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "nije moguće promijeniti mȏd od %s na 0%o" - -#: plugins/sudoers/iolog.c:294 plugins/sudoers/sudoers.c:1194 +#: plugins/sudoers/iolog.c:146 plugins/sudoers/sudoers.c:398 +#: plugins/sudoers/sudoers.c:400 plugins/sudoers/sudoers.c:1289 #: plugins/sudoers/testsudoers.c:424 #, c-format msgid "unknown group: %s" msgstr "nepoznata grupa: %s" -#: plugins/sudoers/iolog.c:464 plugins/sudoers/sudoers.c:918 -#: plugins/sudoers/sudoreplay.c:846 plugins/sudoers/sudoreplay.c:1542 -#: plugins/sudoers/tsdump.c:145 +#: plugins/sudoers/iolog.c:505 plugins/sudoers/iolog.c:788 +#: plugins/sudoers/iolog.c:938 plugins/sudoers/iolog.c:945 +#: plugins/sudoers/iolog.c:1066 plugins/sudoers/iolog.c:1073 +#: plugins/sudoers/iolog.c:1172 plugins/sudoers/iolog.c:1179 #, c-format -msgid "unable to read %s" -msgstr "nije moguće pročitati %s" +msgid "unable to write to I/O log file: %s" +msgstr "nije moguće pisati u U/I dnevnik: %s" -#: plugins/sudoers/iolog.c:579 plugins/sudoers/iolog.c:801 -#, c-format -msgid "unable to create %s" -msgstr "nije moguće stvoriti %s" +#: plugins/sudoers/iolog.c:555 +msgid "unable to update sequence file" +msgstr "nije moguće ažurirati datoteku redoslijeda (sequence file)" -#: plugins/sudoers/iolog.c:824 plugins/sudoers/iolog.c:1039 -#: plugins/sudoers/iolog.c:1115 plugins/sudoers/iolog.c:1209 -#: plugins/sudoers/iolog.c:1270 +#: plugins/sudoers/iolog.c:594 #, c-format -msgid "unable to write to I/O log file: %s" -msgstr "nije moguće pisati u U/I dnevnik: %s" +msgid "unable to create %s/%s" +msgstr "nije moguće stvoriti %s/%s" + +#: plugins/sudoers/iolog.c:622 +msgid "unable to connect to log server" +msgstr "nije moguće spojiti se na dnevnički server" -#: plugins/sudoers/iolog.c:1073 +#: plugins/sudoers/iolog.c:830 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s: interna greška, U/I dnevnička datoteka za događaj %d nije otvorena" -#: plugins/sudoers/iolog.c:1233 +#: plugins/sudoers/iolog.c:923 plugins/sudoers/iolog.c:1051 +#: plugins/sudoers/iolog.c:1156 plugins/sudoers/timestamp.c:862 +#: plugins/sudoers/timestamp.c:954 plugins/sudoers/visudo.c:498 +#: plugins/sudoers/visudo.c:504 +msgid "unable to read the clock" +msgstr "nije moguće pročitati vrijeme (clock)" + +#: plugins/sudoers/iolog.c:1148 plugins/sudoers/iolog_client.c:862 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "%s: interna greška, nevaljani signal %d" -#: plugins/sudoers/iolog_util.c:90 +#: plugins/sudoers/iolog_client.c:297 #, c-format -msgid "%s: invalid log file" -msgstr "%s: nevaljana dnevnička datoteka" +msgid "Creation of new SSL_CTX object failed: %s" +msgstr "Nije uspjelo stvoriti novi ‘SSL_CTX’ objekt: %s" + +#: plugins/sudoers/iolog_client.c:320 +msgid "CA bundle file is not set in sudoers" +msgstr "U sudoers nije zadana datoteka s paketom certifikata (CA)" -#: plugins/sudoers/iolog_util.c:108 +#: plugins/sudoers/iolog_client.c:327 #, c-format -msgid "%s: time stamp field is missing" -msgstr "%s: nedostaje polje za vremensku oznaku" +msgid "Calling SSL_CTX_load_verify_locations() failed: %s" +msgstr "Nije uspjelo pozvati SSL_CTX_load_verify_locations(): %s" + +#: plugins/sudoers/iolog_client.c:339 +msgid "Signed certificate file is not set in sudoers" +msgstr "Potpisana datoteka certifikata nije postavljena u sudoers" -#: plugins/sudoers/iolog_util.c:114 +#: plugins/sudoers/iolog_client.c:345 #, c-format -msgid "%s: time stamp %s: %s" -msgstr "%s: vremenska oznaka %s: %s" +msgid "Unable to load cert into the ssl context: %s" +msgstr "Učitavanje certifikata u SSL kontekst nije uspjelo: %s" -#: plugins/sudoers/iolog_util.c:121 +#: plugins/sudoers/iolog_client.c:356 #, c-format -msgid "%s: user field is missing" -msgstr "%s: nedostaje polje za korisnika" +msgid "Unable to load private key into the ssl context: %s" +msgstr "Učitavanje privatnog (tajnog) ključa u SSL kontekst nije uspjelo: %s" -#: plugins/sudoers/iolog_util.c:130 +#: plugins/sudoers/iolog_client.c:363 #, c-format -msgid "%s: runas user field is missing" -msgstr "%s: nedostaje polje za runas-korisnika" +msgid "Unable to allocate ssl object: %s" +msgstr "Nije uspjelo dodijeliti memoriju za SSL objekt: %s" -#: plugins/sudoers/iolog_util.c:139 +#: plugins/sudoers/iolog_client.c:369 #, c-format -msgid "%s: runas group field is missing" -msgstr "%s: nedostaje polje za runas-grupe" +msgid "Unable to attach socket to the ssl object: %s" +msgstr "Nije uspjelo prikvačiti utičnicu na SSL objekt: %s" + +#: plugins/sudoers/iolog_client.c:457 +#, c-format +msgid "SSL_connect failed: ssl_error=%d, stack=%s" +msgstr "‘SSL_connect’ nije uspjela: ssl_error=%d, stack=%s" + +#: plugins/sudoers/iolog_client.c:599 +#, c-format +msgid "client message too large: %zu" +msgstr "poruka klijenta je preduga: %zu" + +#: plugins/sudoers/iolog_client.c:656 plugins/sudoers/iolog_client.c:844 +msgid "unable to get time of day" +msgstr "nije moguće dobiti doba dana (trenutačno vrijeme)" + +#: plugins/sudoers/iolog_client.c:871 +#, c-format +msgid "%s: internal error, invalid exit status %d" +msgstr "%s: **interna greška** -- nevaljani izlazni status %d" + +#: plugins/sudoers/iolog_client.c:1104 +msgid "TLS initialization was unsuccessful" +msgstr "TLS inicijalizacija nije bila uspješna" + +#: plugins/sudoers/iolog_client.c:1109 +msgid "TLS handshake was unsuccessful" +msgstr "TLS rukovanje (handshake) nije bila uspješno" + +#: plugins/sudoers/iolog_client.c:1361 +#, c-format +msgid "SSL_read failed: ssl_error=%d, stack=%s" +msgstr "‘SSL_read’ nije uspjela: ssl_error=%d, stack=%s" + +#: plugins/sudoers/iolog_client.c:1384 +msgid "lost connection to log server" +msgstr "veza sa serverom za autentifikaciju je prekinuta (izgubljena je)" + +#: plugins/sudoers/iolog_client.c:1397 +#, c-format +msgid "server message too large: %u" +msgstr "poruka servera je preduga: %u" + +#: plugins/sudoers/iolog_client.c:1461 +msgid "missing write buffer" +msgstr "nema međuspremnika za pisanje" + +#: plugins/sudoers/iolog_client.c:1486 +#, c-format +msgid "SSL_write failed: ssl_error=%d, stack=%s" +msgstr "‘SSL_write’ nije uspjela: ssl_error=%d, stack=%s" + +#: plugins/sudoers/iolog_client.c:1610 +#, c-format +msgid "unknown address family: %d" +msgstr "nepoznata familija adresa: %d" #: plugins/sudoers/ldap.c:178 plugins/sudoers/ldap_conf.c:296 msgid "starttls not supported when using ldaps" @@ -1448,14 +1982,14 @@ msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls je specificirani, ali LDAP biblioteke ne podržavaju ldap_start_tls_s() ili ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:734 +#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:747 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "nevaljani sudoOrder atribut: %s" #: plugins/sudoers/ldap_conf.c:205 msgid "sudo_ldap_conf_add_ports: port too large" -msgstr "sudo_ldap_conf_add_ports: port vrijednost je prevelika" +msgstr "‘sudo_ldap_conf_add_ports’: port vrijednost je prevelika" #: plugins/sudoers/ldap_conf.c:265 #, c-format @@ -1466,7 +2000,7 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "ne možete zajedno koristiti ldap i ldaps adrese" -#: plugins/sudoers/ldap_util.c:456 plugins/sudoers/ldap_util.c:458 +#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "nije moguće pretvoriti sudoOption: %s%s%s" @@ -1479,85 +2013,67 @@ msgid "unable to send audit message" msgstr "nije moguće poslati revizijsku poruku" -#: plugins/sudoers/logging.c:120 -#, c-format -msgid "%8s : %s" -msgstr "%8s : %s" - -#: plugins/sudoers/logging.c:148 -#, c-format -msgid "%8s : (command continued) %s" -msgstr "%8s : (naredba se nastavlja) %s" - -#: plugins/sudoers/logging.c:177 +#: plugins/sudoers/logging.c:175 #, c-format msgid "unable to open log file: %s" msgstr "nije moguće otvoriti dnevničku datoteku: %s" -#: plugins/sudoers/logging.c:185 +#: plugins/sudoers/logging.c:183 #, c-format msgid "unable to lock log file: %s" msgstr "nije moguće zaključati dnevničku datoteku: %s" -#: plugins/sudoers/logging.c:218 +#: plugins/sudoers/logging.c:216 #, c-format msgid "unable to write log file: %s" msgstr "nije moguće pisati u dnevničku datoteku: %s" -#: plugins/sudoers/logging.c:248 -msgid "No user or host" -msgstr "Nema korisnika ili računala" - -#: plugins/sudoers/logging.c:250 -msgid "validation failure" -msgstr "greška pri provjeri valjanosti" - -#: plugins/sudoers/logging.c:261 +#: plugins/sudoers/logging.c:249 msgid "user NOT in sudoers" msgstr "korisnik NIJE u sudoers" # Authentication is about who somebody is. # Authorisation is about what they're allowed to do. # https://en.wikipedia.org/wiki/AAA_(computer_security)#Authorization -#: plugins/sudoers/logging.c:263 +#: plugins/sudoers/logging.c:251 msgid "user NOT authorized on host" msgstr "korisnik NEMA ovlasti na računalu (nije autoriziran)" -#: plugins/sudoers/logging.c:265 +#: plugins/sudoers/logging.c:253 msgid "command not allowed" msgstr "naredba nije dopuštena" -#: plugins/sudoers/logging.c:301 +#: plugins/sudoers/logging.c:296 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s nije u sudoers datoteci. Ovaj će incident biti prijavljen.\n" -#: plugins/sudoers/logging.c:304 +#: plugins/sudoers/logging.c:299 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "" "%s nema dopuštenja pokrenuti sudo na %s. Ovaj će incident biti prijavljen.\n" "\n" -#: plugins/sudoers/logging.c:308 +#: plugins/sudoers/logging.c:303 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Nažalost, korisnik %s ne smije pokrenuti sudo na %s.\n" -#: plugins/sudoers/logging.c:311 +#: plugins/sudoers/logging.c:306 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Nažalost, korisniku %s nije dopušteno izvršiti „%s%s%s“ kao %s%s%s na %s.\n" -#: plugins/sudoers/logging.c:348 plugins/sudoers/sudoers.c:442 -#: plugins/sudoers/sudoers.c:444 plugins/sudoers/sudoers.c:446 -#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:603 -#: plugins/sudoers/sudoers.c:605 +#: plugins/sudoers/logging.c:343 plugins/sudoers/sudoers.c:518 +#: plugins/sudoers/sudoers.c:520 plugins/sudoers/sudoers.c:522 +#: plugins/sudoers/sudoers.c:524 plugins/sudoers/sudoers.c:675 +#: plugins/sudoers/sudoers.c:677 #, c-format msgid "%s: command not found" msgstr "%s: naredba nije pronađena" -#: plugins/sudoers/logging.c:350 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/logging.c:345 plugins/sudoers/sudoers.c:514 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -1566,15 +2082,15 @@ "zanemaruje se „%s“ pronađen u „.“\n" "Koristite „sudo ./%s“ ako je to „%s“ koji želite pokrenuti." -#: plugins/sudoers/logging.c:367 +#: plugins/sudoers/logging.c:362 msgid "authentication failure" msgstr "neuspješna autentifikacija" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:388 msgid "a password is required" msgstr "nužna je lozinka" -#: plugins/sudoers/logging.c:463 +#: plugins/sudoers/logging.c:458 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" @@ -1582,37 +2098,31 @@ msgstr[1] "%u netočna pokušaja unosa lozinke" msgstr[2] "%u netočnih pokušaja unosa lozinke" -#: plugins/sudoers/logging.c:728 +#: plugins/sudoers/logging.c:722 #, c-format msgid "unable to dup stdin: %m" msgstr "nije moguće duplicirati stdin: %m" -#: plugins/sudoers/logging.c:768 +#: plugins/sudoers/logging.c:759 #, c-format msgid "unable to execute %s: %m" msgstr "nije moguće izvršiti %s: %m" -#: plugins/sudoers/logging.c:809 plugins/sudoers/logging.c:865 +#: plugins/sudoers/logging.c:800 plugins/sudoers/logging.c:856 #, c-format msgid "unable to fork: %m" msgstr "nije moguće stvoriti novi proces (greška u fork()): %m" -#: plugins/sudoers/logging.c:855 +#: plugins/sudoers/logging.c:846 #, c-format msgid "unable to open pipe: %m" msgstr "nije moguće otvoriti cijev: %m" -#: plugins/sudoers/match_digest.c:103 +#: plugins/sudoers/match_digest.c:123 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "kontrolni zbroj za %s (%s) nije u %s obliku" -#: plugins/sudoers/mkdir_parents.c:77 plugins/sudoers/sudoers.c:943 -#: plugins/sudoers/visudo.c:437 plugins/sudoers/visudo.c:733 -#, c-format -msgid "unable to stat %s" -msgstr "nije moguće dobiti status od %s" - #: plugins/sudoers/parse.c:449 #, c-format msgid "" @@ -1671,22 +2181,22 @@ msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Korisniku %s nije dopušteno pokrenuti sudo na %s.\n" -#: plugins/sudoers/parse_ldif.c:604 +#: plugins/sudoers/parse_ldif.c:617 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "ignorira se nekompletni sudoRole: cn: %s" -#: plugins/sudoers/parse_ldif.c:664 +#: plugins/sudoers/parse_ldif.c:677 #, c-format msgid "invalid LDIF attribute: %s" msgstr "nevaljani LDIF atribut: %s" -#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:116 +#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:115 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "nevaljana opcija %.*s postavljena kroz sudo front-end" -#: plugins/sudoers/policy.c:295 plugins/sudoers/testsudoers.c:280 +#: plugins/sudoers/policy.c:294 plugins/sudoers/testsudoers.c:280 msgid "unable to parse network address list" msgstr "nije moguće pročitati popis mrežnih adresa (nemoguće ih je raščlaniti)" @@ -1706,23 +2216,23 @@ msgid "host name not set by sudo front-end" msgstr "ime računala (host name) nije postavio front-end sudo-a" -#: plugins/sudoers/policy.c:808 plugins/sudoers/visudo.c:236 +#: plugins/sudoers/policy.c:897 plugins/sudoers/visudo.c:236 #: plugins/sudoers/visudo.c:867 #, c-format msgid "unable to execute %s" msgstr "nije moguće izvršiti %s" -#: plugins/sudoers/policy.c:939 +#: plugins/sudoers/policy.c:1055 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Inačica sudoers plugina s pravilima %s\n" -#: plugins/sudoers/policy.c:941 +#: plugins/sudoers/policy.c:1057 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Inačica sudoers datotečne gramatike %d\n" -#: plugins/sudoers/policy.c:945 +#: plugins/sudoers/policy.c:1061 #, c-format msgid "" "\n" @@ -1731,23 +2241,23 @@ "\n" "Staza do sudoers: %s\n" -#: plugins/sudoers/policy.c:948 +#: plugins/sudoers/policy.c:1064 #, c-format msgid "nsswitch path: %s\n" msgstr "nsswitch staza: %s\n" -#: plugins/sudoers/policy.c:950 +#: plugins/sudoers/policy.c:1066 #, c-format msgid "ldap.conf path: %s\n" msgstr "ldap.conf staza: %s\n" -#: plugins/sudoers/policy.c:951 +#: plugins/sudoers/policy.c:1067 #, c-format msgid "ldap.secret path: %s\n" msgstr "ldap.secret staza: %s\n" # hook: A location in a routine or program in which the programmer can connect or insert other routines for the purpose of debugging or enhancing functionality. -#: plugins/sudoers/policy.c:984 +#: plugins/sudoers/policy.c:1100 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "nije moguće registrirati rutinu (hook) vrste %d (inačica %d.%d)" @@ -1816,48 +2326,48 @@ msgid "unable to parse gids for %s" msgstr "nije moguće razabrati GID-ove za %s" -#: plugins/sudoers/set_perms.c:120 plugins/sudoers/set_perms.c:478 -#: plugins/sudoers/set_perms.c:921 plugins/sudoers/set_perms.c:1254 -#: plugins/sudoers/set_perms.c:1573 +#: plugins/sudoers/set_perms.c:120 plugins/sudoers/set_perms.c:447 +#: plugins/sudoers/set_perms.c:850 plugins/sudoers/set_perms.c:1156 +#: plugins/sudoers/set_perms.c:1450 msgid "perm stack overflow" msgstr "prelijevanje snopa s pravima pristupa" -#: plugins/sudoers/set_perms.c:128 plugins/sudoers/set_perms.c:409 -#: plugins/sudoers/set_perms.c:486 plugins/sudoers/set_perms.c:788 -#: plugins/sudoers/set_perms.c:929 plugins/sudoers/set_perms.c:1178 -#: plugins/sudoers/set_perms.c:1262 plugins/sudoers/set_perms.c:1506 -#: plugins/sudoers/set_perms.c:1581 plugins/sudoers/set_perms.c:1672 +#: plugins/sudoers/set_perms.c:128 plugins/sudoers/set_perms.c:378 +#: plugins/sudoers/set_perms.c:455 plugins/sudoers/set_perms.c:717 +#: plugins/sudoers/set_perms.c:858 plugins/sudoers/set_perms.c:1080 +#: plugins/sudoers/set_perms.c:1164 plugins/sudoers/set_perms.c:1383 +#: plugins/sudoers/set_perms.c:1458 plugins/sudoers/set_perms.c:1548 msgid "perm stack underflow" msgstr "iscrpljenje snopa s pravima pristupa" -#: plugins/sudoers/set_perms.c:187 plugins/sudoers/set_perms.c:532 -#: plugins/sudoers/set_perms.c:1315 plugins/sudoers/set_perms.c:1614 +#: plugins/sudoers/set_perms.c:187 plugins/sudoers/set_perms.c:501 +#: plugins/sudoers/set_perms.c:1217 plugins/sudoers/set_perms.c:1491 msgid "unable to change to root gid" msgstr "nije moguće promijeniti na GID od root" -#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:629 -#: plugins/sudoers/set_perms.c:1060 plugins/sudoers/set_perms.c:1392 +#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:598 +#: plugins/sudoers/set_perms.c:989 plugins/sudoers/set_perms.c:1294 msgid "unable to change to runas gid" msgstr "nije moguće promijeniti na runas GID" -#: plugins/sudoers/set_perms.c:283 plugins/sudoers/set_perms.c:634 -#: plugins/sudoers/set_perms.c:1065 plugins/sudoers/set_perms.c:1397 +#: plugins/sudoers/set_perms.c:283 plugins/sudoers/set_perms.c:603 +#: plugins/sudoers/set_perms.c:994 plugins/sudoers/set_perms.c:1299 msgid "unable to set runas group vector" msgstr "nije moguće postaviti runas grupni vektor" -#: plugins/sudoers/set_perms.c:294 plugins/sudoers/set_perms.c:645 -#: plugins/sudoers/set_perms.c:1074 plugins/sudoers/set_perms.c:1406 +#: plugins/sudoers/set_perms.c:294 plugins/sudoers/set_perms.c:614 +#: plugins/sudoers/set_perms.c:1003 plugins/sudoers/set_perms.c:1308 msgid "unable to change to runas uid" msgstr "nije moguće promijeniti na runas UID" -#: plugins/sudoers/set_perms.c:312 plugins/sudoers/set_perms.c:663 -#: plugins/sudoers/set_perms.c:1090 plugins/sudoers/set_perms.c:1422 +#: plugins/sudoers/set_perms.c:312 plugins/sudoers/set_perms.c:632 +#: plugins/sudoers/set_perms.c:1019 plugins/sudoers/set_perms.c:1324 msgid "unable to change to sudoers gid" msgstr "nije moguće promijeniti na sudoers GID" -#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 -#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 -#: plugins/sudoers/set_perms.c:1659 +#: plugins/sudoers/set_perms.c:365 plugins/sudoers/set_perms.c:704 +#: plugins/sudoers/set_perms.c:1067 plugins/sudoers/set_perms.c:1370 +#: plugins/sudoers/set_perms.c:1535 msgid "too many processes" msgstr "previše procesa" @@ -1890,209 +2400,228 @@ msgid "unable to find symbol \"%s\" in %s" msgstr "nije moguće pronaći simbol „%s“ u %s" -#: plugins/sudoers/sudoers.c:212 plugins/sudoers/sudoers.c:871 +#: plugins/sudoers/sudoers.c:221 plugins/sudoers/sudoers.c:958 msgid "problem with defaults entries" msgstr "problem sa stavkama defaults" -#: plugins/sudoers/sudoers.c:216 +#: plugins/sudoers/sudoers.c:225 msgid "no valid sudoers sources found, quitting" msgstr "nisu pronađeni valjani sudoers izvori, kraj rada" -#: plugins/sudoers/sudoers.c:254 +#: plugins/sudoers/sudoers.c:301 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers specificira da root ne može koristiti sudo" -#: plugins/sudoers/sudoers.c:312 +#: plugins/sudoers/sudoers.c:361 +msgid "user not allowed to override closefrom limit" +msgstr "korisniku nije dopušteno promijeniti ograničenje od ‘closefrom’" + +#: plugins/sudoers/sudoers.c:362 msgid "you are not permitted to use the -C option" msgstr "vama nije dopušteno koristi opciju -C" -#: plugins/sudoers/sudoers.c:359 +#: plugins/sudoers/sudoers.c:426 #, c-format msgid "timestamp owner (%s): No such user" msgstr "vlasnik vremenske oznake (%s): Nema takvog korisnika" -#: plugins/sudoers/sudoers.c:374 +#: plugins/sudoers/sudoers.c:441 msgid "no tty" msgstr "nema TTY" -#: plugins/sudoers/sudoers.c:375 +#: plugins/sudoers/sudoers.c:442 msgid "sorry, you must have a tty to run sudo" msgstr "nažalost, da pokrenete sudo morate imati TTY" -#: plugins/sudoers/sudoers.c:437 +#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:450 +#, c-format +msgid "invalid shell for user %s: %s" +msgstr "nevaljana ljuska za korisnika %s: %s" + +#: plugins/sudoers/sudoers.c:513 msgid "command in current directory" msgstr "naredba u trenutačnom direktoriju" -#: plugins/sudoers/sudoers.c:456 +#: plugins/sudoers/sudoers.c:532 +msgid "user not allowed to set a command timeout" +msgstr "korisniku nije dopušteno postavljanje tajmaut naredbe" + +#: plugins/sudoers/sudoers.c:533 msgid "sorry, you are not allowed set a command timeout" -msgstr "nažalost, vama nije dopušteno postavljanje isteka vremena za naredbu" +msgstr "nažalost, vama nije dopušteno postavljanje tajmaut za naredbu" + +#: plugins/sudoers/sudoers.c:541 +msgid "user not allowed to set a preserve the environment" +msgstr "korisniku nije dopušteno zadržati okolinu" -#: plugins/sudoers/sudoers.c:464 +#: plugins/sudoers/sudoers.c:542 msgid "sorry, you are not allowed to preserve the environment" -msgstr "nažalost, vama nije dopušteno sačuvati okolinu" +msgstr "vama nije dopušteno zadržati okolinu" -#: plugins/sudoers/sudoers.c:815 +#: plugins/sudoers/sudoers.c:893 msgid "command too long" msgstr "naredba je preduga" -#: plugins/sudoers/sudoers.c:947 +#: plugins/sudoers/sudoers.c:951 +msgid "sudoedit doesn't need to be run via sudo" +msgstr "sudoedit se ne mora pokrenuti sa sudo" + +#: plugins/sudoers/sudoers.c:1005 plugins/sudoers/sudoreplay.c:1502 +#: plugins/sudoers/tsdump.c:145 +#, c-format +msgid "unable to read %s" +msgstr "nije moguće pročitati %s" + +#: plugins/sudoers/sudoers.c:1030 plugins/sudoers/visudo.c:437 +#: plugins/sudoers/visudo.c:733 +#, c-format +msgid "unable to stat %s" +msgstr "nije moguće dobiti status od %s" + +#: plugins/sudoers/sudoers.c:1034 #, c-format msgid "%s is not a regular file" msgstr "%s nije obična datoteka" -#: plugins/sudoers/sudoers.c:951 plugins/sudoers/timestamp.c:259 toke.l:967 +#: plugins/sudoers/sudoers.c:1038 plugins/sudoers/timestamp.c:259 toke.l:967 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "vlasnik %s je UID %u, a treba biti %u" -#: plugins/sudoers/sudoers.c:955 toke.l:972 +#: plugins/sudoers/sudoers.c:1042 toke.l:972 #, c-format msgid "%s is world writable" msgstr "%s smije svako mijenjati/pisati" -#: plugins/sudoers/sudoers.c:959 toke.l:975 +#: plugins/sudoers/sudoers.c:1046 toke.l:975 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "vlasnik %s je GID %u, a treba biti %u" -#: plugins/sudoers/sudoers.c:992 +#: plugins/sudoers/sudoers.c:1079 #, c-format msgid "only root can use \"-c %s\"" msgstr "samo root može koristiti „-c %s“" -#: plugins/sudoers/sudoers.c:1011 +#: plugins/sudoers/sudoers.c:1098 #, c-format msgid "unknown login class: %s" msgstr "nepoznata klasa prijave: %s" -#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoers.c:1110 +#: plugins/sudoers/sudoers.c:1183 plugins/sudoers/sudoers.c:1198 #, c-format msgid "unable to resolve host %s" msgstr "nije moguće pronaći računalo %s" -#: plugins/sudoers/sudoreplay.c:250 +#: plugins/sudoers/sudoreplay.c:263 #, c-format msgid "invalid filter option: %s" msgstr "nevaljana opcija filtra: %s" -#: plugins/sudoers/sudoreplay.c:263 +#: plugins/sudoers/sudoreplay.c:276 #, c-format msgid "invalid max wait: %s" msgstr "nevaljano maksimalno vrijeme čekanja: %s" -#: plugins/sudoers/sudoreplay.c:286 +#: plugins/sudoers/sudoreplay.c:299 #, c-format msgid "invalid speed factor: %s" msgstr "nevaljani faktor brzine: %s" -#: plugins/sudoers/sudoreplay.c:321 +#: plugins/sudoers/sudoreplay.c:335 #, c-format -msgid "%s/%.2s/%.2s/%.2s/timing: %s" -msgstr "%s/%.2s/%.2s/%.2s/vrijeme: %s" +msgid "%s/%.2s/%.2s/%.2s: %s" +msgstr "%s/%.2s/%.2s/%.2s: %s" -#: plugins/sudoers/sudoreplay.c:326 +#: plugins/sudoers/sudoreplay.c:340 #, c-format msgid "%s/timing: %s" -msgstr "%s/vrijeme: %s" +msgstr "%s/tajming: %s" -#: plugins/sudoers/sudoreplay.c:330 +#: plugins/sudoers/sudoreplay.c:344 #, c-format -msgid "%s/%s/timing: %s" -msgstr "%s/%s/vrijeme: %s" +msgid "%s/%s: %s" +msgstr "%s/%s: %s" -#: plugins/sudoers/sudoreplay.c:346 +#: plugins/sudoers/sudoreplay.c:372 #, c-format msgid "Replaying sudo session: %s" msgstr "Reproduciranje sudo sesije: %s" -#: plugins/sudoers/sudoreplay.c:544 plugins/sudoers/sudoreplay.c:591 -#: plugins/sudoers/sudoreplay.c:789 plugins/sudoers/sudoreplay.c:898 -#: plugins/sudoers/sudoreplay.c:983 plugins/sudoers/sudoreplay.c:998 -#: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/sudoreplay.c:1012 -#: plugins/sudoers/sudoreplay.c:1019 plugins/sudoers/sudoreplay.c:1026 -#: plugins/sudoers/sudoreplay.c:1174 -msgid "unable to add event to queue" -msgstr "nije moguće dodati događaj u red čekanja" - -#: plugins/sudoers/sudoreplay.c:659 +#: plugins/sudoers/sudoreplay.c:634 msgid "unable to set tty to raw mode" msgstr "nije moguće postaviti TTY u direktni mȏd (da ne interpretira posebne znakove)" -#: plugins/sudoers/sudoreplay.c:710 +#: plugins/sudoers/sudoreplay.c:685 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Upozorenje: vaš terminal je premaleni da pravilno reproducira dnevnik.\n" -#: plugins/sudoers/sudoreplay.c:711 +#: plugins/sudoers/sudoreplay.c:686 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Veličina dnevnika je %d x %d, a veličina vašeg terminala %d x %d." -#: plugins/sudoers/sudoreplay.c:739 +#: plugins/sudoers/sudoreplay.c:714 msgid "Replay finished, press any key to restore the terminal." msgstr "Reprodukcija je završena -- obnovite terminal pritiskom na bilo koju tipku." -#: plugins/sudoers/sudoreplay.c:772 -#, c-format -msgid "invalid timing file line: %s" -msgstr "nevaljani redak u timing datoteci: %s" - -#: plugins/sudoers/sudoreplay.c:1208 plugins/sudoers/sudoreplay.c:1233 +#: plugins/sudoers/sudoreplay.c:1161 plugins/sudoers/sudoreplay.c:1186 #, c-format msgid "ambiguous expression \"%s\"" msgstr "dvosmisleni izraz „%s“" -#: plugins/sudoers/sudoreplay.c:1255 +#: plugins/sudoers/sudoreplay.c:1208 msgid "unmatched ')' in expression" msgstr "nesparena „)“ u izrazu" -#: plugins/sudoers/sudoreplay.c:1259 +#: plugins/sudoers/sudoreplay.c:1212 #, c-format msgid "unknown search term \"%s\"" msgstr "nepoznati pojam za pretragu „%s“" -#: plugins/sudoers/sudoreplay.c:1274 +#: plugins/sudoers/sudoreplay.c:1227 #, c-format msgid "%s requires an argument" msgstr "%s zahtijeva argument" -#: plugins/sudoers/sudoreplay.c:1277 plugins/sudoers/sudoreplay.c:1518 +#: plugins/sudoers/sudoreplay.c:1230 plugins/sudoers/sudoreplay.c:1478 #, c-format msgid "invalid regular expression: %s" msgstr "nevaljani regularni izraz: %s" -#: plugins/sudoers/sudoreplay.c:1281 +#: plugins/sudoers/sudoreplay.c:1234 #, c-format msgid "could not parse date \"%s\"" msgstr "nije moguće raščlaniti datum „%s“" -#: plugins/sudoers/sudoreplay.c:1290 +#: plugins/sudoers/sudoreplay.c:1243 msgid "unmatched '(' in expression" msgstr "nesparena „(“ u izrazu" -#: plugins/sudoers/sudoreplay.c:1292 +#: plugins/sudoers/sudoreplay.c:1245 msgid "illegal trailing \"or\"" msgstr "nedopušteni zaostali „or“" -#: plugins/sudoers/sudoreplay.c:1294 +#: plugins/sudoers/sudoreplay.c:1247 msgid "illegal trailing \"!\"" msgstr "nedopušteni zaostali „!“" -#: plugins/sudoers/sudoreplay.c:1344 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "unknown search type %d" msgstr "nepoznata vrsta za pretragu %d" -#: plugins/sudoers/sudoreplay.c:1611 +#: plugins/sudoers/sudoreplay.c:1569 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "uporaba: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1572 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "uporaba: %s [-h] [-d direktorij] -l [izraz za pretragu]\n" -#: plugins/sudoers/sudoreplay.c:1623 +#: plugins/sudoers/sudoreplay.c:1581 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2101,7 +2630,7 @@ "%s - reproducira dnevnike sudo sesija\n" "\n" -#: plugins/sudoers/sudoreplay.c:1625 +#: plugins/sudoers/sudoreplay.c:1583 msgid "" "\n" "Options:\n" @@ -2163,35 +2692,34 @@ msgid "%s is group writable" msgstr "%s članovi grupe mogu mijenjati/pisati" -#: plugins/sudoers/timestamp.c:343 +#: plugins/sudoers/timestamp.c:343 plugins/sudoers/timestamp.c:687 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "nije moguće skratiti datoteku s vremenskim podacima na %lld bajtova" -#: plugins/sudoers/timestamp.c:829 plugins/sudoers/timestamp.c:921 -#: plugins/sudoers/visudo.c:498 plugins/sudoers/visudo.c:504 -msgid "unable to read the clock" -msgstr "nije moguće pročitati vrijeme (clock)" - -#: plugins/sudoers/timestamp.c:840 +#: plugins/sudoers/timestamp.c:873 msgid "ignoring time stamp from the future" msgstr "ignorira se vremenska oznaka iz budućnosti" -#: plugins/sudoers/timestamp.c:863 +#: plugins/sudoers/timestamp.c:896 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "vremenska oznaka je predaleko u budućnosti: %20.20s" -#: plugins/sudoers/timestamp.c:985 +#: plugins/sudoers/timestamp.c:1018 #, c-format msgid "unable to lock time stamp file %s" msgstr "nije moguće zaključati datoteku s vremenskim oznakama %s" -#: plugins/sudoers/timestamp.c:1029 plugins/sudoers/timestamp.c:1049 +#: plugins/sudoers/timestamp.c:1062 plugins/sudoers/timestamp.c:1082 #, c-format msgid "lecture status path too long: %s/%s" msgstr "staza do lekcije je preduga: %s/%s" +#: plugins/sudoers/toke_util.c:132 +msgid "sudoedit should not be specified with a path" +msgstr "sudoedit se ne smije specificirati sa stazom" + #: plugins/sudoers/visudo.c:232 msgid "the -x option will be removed in a future release" msgstr "opcija -x biti će uklonjena iz buduće inačice" @@ -2382,6 +2910,15 @@ msgid "too many levels of includes" msgstr "previše razina uključivanja" +#~ msgid "No user or host" +#~ msgstr "Nema korisnika ili računala" + +#~ msgid "validation failure" +#~ msgstr "greška pri provjeri valjanosti" + +#~ msgid "%s/%s/timing: %s" +#~ msgstr "%s/%s/vrijeme: %s" + #~ msgid "ignoring invalid attribute value: %s" #~ msgstr "ignorira se nevaljana vrijednost atributa: %s" @@ -2463,9 +3000,6 @@ #~ msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf" #~ msgstr "sudo_ldap_conf_add_ports: nema dovoljno prostora za proširenje međuspremnika računala" -#~ msgid "invalid uri: %s" -#~ msgstr "neispravan uri: %s" - #~ msgid "unable to mix ldaps and starttls" #~ msgstr "ne mogu miješati ldaps i starttls" @@ -2490,9 +3024,6 @@ #~ msgid "too many parenthesized expressions, max %d" #~ msgstr "previše izraza u zagradama, najviše %d" -#~ msgid "invalid regex: %s" -#~ msgstr "neispravni regularni izraz: %s" - #~ msgid "%s owned by uid %u, should be uid %u" #~ msgstr "vlasnik %s je uid %u, treba biti uid %u" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/plugins/sudoers/po/it.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/plugins/sudoers/po/it.mo differ diff -Nru sudo-1.8.31/plugins/sudoers/po/it.po sudo-1.9.0/plugins/sudoers/po/it.po --- sudo-1.8.31/plugins/sudoers/po/it.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/po/it.po 2020-05-11 16:28:23.000000000 +0000 @@ -1,13 +1,13 @@ # Italian translations for sudoers package # This file is put in the public domain. -# Milo Casagrande , 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019. +# Milo Casagrande , 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020. # msgid "" msgstr "" -"Project-Id-Version: sudoers-1.8.29rc1\n" +"Project-Id-Version: sudoers-1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-10-24 16:24+0200\n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-03-19 09:24+0100\n" "Last-Translator: Milo Casagrande \n" "Language-Team: Italian \n" "Language: it\n" @@ -16,7 +16,7 @@ "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" -"X-Generator: Poedit 2.2.3\n" +"X-Generator: Poedit 2.2.4\n" "X-Poedit-SourceCharset: UTF-8\n" #: confstr.sh:1 @@ -43,70 +43,75 @@ msgid "Sorry, try again." msgstr "Riprovare." -#: gram.y:196 gram.y:244 gram.y:251 gram.y:258 gram.y:265 gram.y:272 -#: gram.y:288 gram.y:312 gram.y:319 gram.y:326 gram.y:333 gram.y:340 -#: gram.y:403 gram.y:412 gram.y:423 gram.y:456 gram.y:463 gram.y:470 -#: gram.y:477 gram.y:559 gram.y:566 gram.y:575 gram.y:584 gram.y:601 -#: gram.y:713 gram.y:720 gram.y:727 gram.y:735 gram.y:835 gram.y:842 -#: gram.y:849 gram.y:856 gram.y:863 gram.y:889 gram.y:896 gram.y:903 -#: gram.y:1026 gram.y:1303 plugins/sudoers/alias.c:132 -#: plugins/sudoers/alias.c:139 plugins/sudoers/alias.c:155 -#: plugins/sudoers/auth/bsdauth.c:148 plugins/sudoers/auth/kerb5.c:123 -#: plugins/sudoers/auth/kerb5.c:149 plugins/sudoers/auth/pam.c:670 -#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/auth/sia.c:64 -#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:165 -#: plugins/sudoers/cvtsudoers.c:182 plugins/sudoers/cvtsudoers.c:193 -#: plugins/sudoers/cvtsudoers.c:305 plugins/sudoers/cvtsudoers.c:433 -#: plugins/sudoers/cvtsudoers.c:566 plugins/sudoers/cvtsudoers.c:583 -#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 -#: plugins/sudoers/cvtsudoers.c:769 plugins/sudoers/cvtsudoers.c:1179 -#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1285 +#: gram.y:198 gram.y:246 gram.y:253 gram.y:260 gram.y:267 gram.y:274 +#: gram.y:290 gram.y:314 gram.y:321 gram.y:328 gram.y:335 gram.y:342 +#: gram.y:405 gram.y:414 gram.y:425 gram.y:458 gram.y:465 gram.y:472 +#: gram.y:479 gram.y:506 gram.y:578 gram.y:585 gram.y:594 gram.y:603 +#: gram.y:620 gram.y:732 gram.y:739 gram.y:747 gram.y:753 gram.y:853 +#: gram.y:860 gram.y:867 gram.y:874 gram.y:881 gram.y:907 gram.y:914 +#: gram.y:921 gram.y:1063 gram.y:1342 lib/iolog/iolog_util.c:79 +#: lib/iolog/iolog_util.c:118 lib/iolog/iolog_util.c:127 +#: lib/iolog/iolog_util.c:137 lib/iolog/iolog_util.c:145 +#: lib/iolog/iolog_util.c:149 logsrvd/eventlog.c:223 logsrvd/sendlog.c:286 +#: plugins/sudoers/alias.c:132 plugins/sudoers/alias.c:139 +#: plugins/sudoers/alias.c:155 plugins/sudoers/auth/bsdauth.c:148 +#: plugins/sudoers/auth/kerb5.c:123 plugins/sudoers/auth/kerb5.c:149 +#: plugins/sudoers/auth/pam.c:673 plugins/sudoers/auth/rfc1938.c:116 +#: plugins/sudoers/auth/sia.c:64 plugins/sudoers/cvtsudoers.c:124 +#: plugins/sudoers/cvtsudoers.c:165 plugins/sudoers/cvtsudoers.c:182 +#: plugins/sudoers/cvtsudoers.c:193 plugins/sudoers/cvtsudoers.c:305 +#: plugins/sudoers/cvtsudoers.c:433 plugins/sudoers/cvtsudoers.c:566 +#: plugins/sudoers/cvtsudoers.c:583 plugins/sudoers/cvtsudoers.c:646 +#: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:769 +#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1187 +#: plugins/sudoers/cvtsudoers.c:1289 plugins/sudoers/cvtsudoers_json.c:83 #: plugins/sudoers/cvtsudoers_ldif.c:154 plugins/sudoers/cvtsudoers_ldif.c:197 -#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:263 -#: plugins/sudoers/cvtsudoers_ldif.c:334 plugins/sudoers/cvtsudoers_ldif.c:389 -#: plugins/sudoers/cvtsudoers_ldif.c:397 plugins/sudoers/cvtsudoers_ldif.c:414 -#: plugins/sudoers/cvtsudoers_ldif.c:423 plugins/sudoers/cvtsudoers_ldif.c:570 -#: plugins/sudoers/defaults.c:666 plugins/sudoers/defaults.c:959 -#: plugins/sudoers/defaults.c:1130 plugins/sudoers/editor.c:72 +#: plugins/sudoers/cvtsudoers_ldif.c:238 plugins/sudoers/cvtsudoers_ldif.c:303 +#: plugins/sudoers/cvtsudoers_ldif.c:374 plugins/sudoers/cvtsudoers_ldif.c:429 +#: plugins/sudoers/cvtsudoers_ldif.c:437 plugins/sudoers/cvtsudoers_ldif.c:454 +#: plugins/sudoers/cvtsudoers_ldif.c:463 plugins/sudoers/cvtsudoers_ldif.c:610 +#: plugins/sudoers/defaults.c:632 plugins/sudoers/defaults.c:925 +#: plugins/sudoers/defaults.c:1058 plugins/sudoers/editor.c:72 #: plugins/sudoers/editor.c:90 plugins/sudoers/editor.c:101 #: plugins/sudoers/env.c:268 plugins/sudoers/filedigest.c:66 #: plugins/sudoers/filedigest.c:82 plugins/sudoers/gc.c:59 -#: plugins/sudoers/group_plugin.c:138 plugins/sudoers/interfaces.c:78 -#: plugins/sudoers/iolog.c:943 plugins/sudoers/iolog_path.c:174 -#: plugins/sudoers/iolog_util.c:86 plugins/sudoers/iolog_util.c:125 -#: plugins/sudoers/iolog_util.c:134 plugins/sudoers/iolog_util.c:144 -#: plugins/sudoers/iolog_util.c:152 plugins/sudoers/iolog_util.c:156 -#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416 -#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887 -#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668 -#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786 -#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022 -#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223 -#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306 -#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446 -#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558 -#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:683 -#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:510 -#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/linux_audit.c:83 -#: plugins/sudoers/logging.c:202 plugins/sudoers/logging.c:532 -#: plugins/sudoers/logging.c:558 plugins/sudoers/logging.c:599 -#: plugins/sudoers/logging.c:740 plugins/sudoers/logging.c:1100 -#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:367 -#: plugins/sudoers/match_command.c:414 plugins/sudoers/match_command.c:485 -#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:200 +#: plugins/sudoers/group_plugin.c:141 plugins/sudoers/interfaces.c:78 +#: plugins/sudoers/iolog.c:476 plugins/sudoers/iolog_client.c:107 +#: plugins/sudoers/iolog_client.c:485 plugins/sudoers/iolog_client.c:593 +#: plugins/sudoers/iolog_client.c:611 plugins/sudoers/iolog_client.c:1053 +#: plugins/sudoers/iolog_client.c:1283 plugins/sudoers/iolog_client.c:1619 +#: plugins/sudoers/iolog_client.c:1647 plugins/sudoers/ldap.c:185 +#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723 +#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241 +#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705 +#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921 +#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038 +#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254 +#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342 +#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461 +#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591 +#: plugins/sudoers/ldap_conf.c:683 plugins/sudoers/ldap_conf.c:765 +#: plugins/sudoers/ldap_util.c:331 plugins/sudoers/ldap_util.c:338 +#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:83 +#: plugins/sudoers/logging.c:200 plugins/sudoers/logging.c:527 +#: plugins/sudoers/logging.c:553 plugins/sudoers/logging.c:594 +#: plugins/sudoers/logging.c:731 plugins/sudoers/logging.c:1091 +#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:397 +#: plugins/sudoers/match_command.c:444 plugins/sudoers/match_command.c:515 +#: plugins/sudoers/match_digest.c:87 plugins/sudoers/parse.c:200 #: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:227 #: plugins/sudoers/parse.c:239 plugins/sudoers/parse_ldif.c:156 #: plugins/sudoers/parse_ldif.c:187 plugins/sudoers/parse_ldif.c:256 #: plugins/sudoers/parse_ldif.c:263 plugins/sudoers/parse_ldif.c:268 #: plugins/sudoers/parse_ldif.c:344 plugins/sudoers/parse_ldif.c:355 -#: plugins/sudoers/parse_ldif.c:361 plugins/sudoers/parse_ldif.c:386 -#: plugins/sudoers/parse_ldif.c:398 plugins/sudoers/parse_ldif.c:402 -#: plugins/sudoers/parse_ldif.c:416 plugins/sudoers/parse_ldif.c:584 -#: plugins/sudoers/parse_ldif.c:614 plugins/sudoers/parse_ldif.c:639 -#: plugins/sudoers/parse_ldif.c:697 plugins/sudoers/parse_ldif.c:714 -#: plugins/sudoers/parse_ldif.c:742 plugins/sudoers/parse_ldif.c:749 -#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:750 +#: plugins/sudoers/parse_ldif.c:382 plugins/sudoers/parse_ldif.c:399 +#: plugins/sudoers/parse_ldif.c:411 plugins/sudoers/parse_ldif.c:415 +#: plugins/sudoers/parse_ldif.c:429 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:627 plugins/sudoers/parse_ldif.c:652 +#: plugins/sudoers/parse_ldif.c:710 plugins/sudoers/parse_ldif.c:727 +#: plugins/sudoers/parse_ldif.c:755 plugins/sudoers/parse_ldif.c:762 +#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:830 #: plugins/sudoers/prompt.c:100 plugins/sudoers/pwutil.c:199 #: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 #: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:586 @@ -116,19 +121,19 @@ #: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 #: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 #: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 -#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 -#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 -#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 -#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 -#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:114 -#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 -#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 -#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 -#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 -#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 -#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:331 plugins/sudoers/sudoers.c:341 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:735 +#: plugins/sudoers/sudoers.c:864 plugins/sudoers/sudoers.c:909 +#: plugins/sudoers/sudoers.c:1213 plugins/sudoers/sudoreplay.c:559 +#: plugins/sudoers/sudoreplay.c:562 plugins/sudoers/sudoreplay.c:1218 +#: plugins/sudoers/sudoreplay.c:1425 plugins/sudoers/sudoreplay.c:1429 +#: plugins/sudoers/testsudoers.c:136 plugins/sudoers/testsudoers.c:236 +#: plugins/sudoers/testsudoers.c:253 plugins/sudoers/testsudoers.c:587 +#: plugins/sudoers/timestamp.c:439 plugins/sudoers/timestamp.c:483 +#: plugins/sudoers/timestamp.c:993 plugins/sudoers/toke_util.c:59 +#: plugins/sudoers/toke_util.c:112 plugins/sudoers/toke_util.c:137 +#: plugins/sudoers/toke_util.c:165 plugins/sudoers/tsdump.c:130 #: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 #: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 #: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 @@ -137,111 +142,116 @@ msgid "unable to allocate memory" msgstr "impossibile allocare memoria" -#: gram.y:488 +#: gram.y:500 msgid "a digest requires a path name" msgstr "un digest richiede il nome di percorso" -#: gram.y:614 +#: gram.y:633 msgid "invalid notbefore value" msgstr "valore notbefore non valido" -#: gram.y:622 +#: gram.y:641 msgid "invalid notafter value" msgstr "valore notafter non valido" -#: gram.y:631 plugins/sudoers/policy.c:320 +#: gram.y:650 plugins/sudoers/policy.c:319 msgid "timeout value too large" msgstr "valore timeout troppo grande" -#: gram.y:633 plugins/sudoers/policy.c:322 +#: gram.y:652 plugins/sudoers/policy.c:321 msgid "invalid timeout value" msgstr "valore timeout non valido" -#: gram.y:1303 plugins/sudoers/auth/pam.c:483 plugins/sudoers/auth/pam.c:670 -#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/cvtsudoers.c:124 -#: plugins/sudoers/cvtsudoers.c:164 plugins/sudoers/cvtsudoers.c:181 -#: plugins/sudoers/cvtsudoers.c:192 plugins/sudoers/cvtsudoers.c:304 -#: plugins/sudoers/cvtsudoers.c:432 plugins/sudoers/cvtsudoers.c:565 -#: plugins/sudoers/cvtsudoers.c:582 plugins/sudoers/cvtsudoers.c:646 -#: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:768 -#: plugins/sudoers/cvtsudoers.c:1179 plugins/sudoers/cvtsudoers.c:1183 -#: plugins/sudoers/cvtsudoers.c:1285 plugins/sudoers/cvtsudoers_ldif.c:153 -#: plugins/sudoers/cvtsudoers_ldif.c:196 plugins/sudoers/cvtsudoers_ldif.c:243 -#: plugins/sudoers/cvtsudoers_ldif.c:262 plugins/sudoers/cvtsudoers_ldif.c:333 -#: plugins/sudoers/cvtsudoers_ldif.c:388 plugins/sudoers/cvtsudoers_ldif.c:396 -#: plugins/sudoers/cvtsudoers_ldif.c:413 plugins/sudoers/cvtsudoers_ldif.c:422 -#: plugins/sudoers/cvtsudoers_ldif.c:569 plugins/sudoers/defaults.c:666 -#: plugins/sudoers/defaults.c:959 plugins/sudoers/defaults.c:1130 +#: gram.y:1342 lib/iolog/iolog_util.c:79 lib/iolog/iolog_util.c:118 +#: lib/iolog/iolog_util.c:127 lib/iolog/iolog_util.c:137 +#: lib/iolog/iolog_util.c:145 lib/iolog/iolog_util.c:149 +#: logsrvd/eventlog.c:223 plugins/sudoers/auth/pam.c:486 +#: plugins/sudoers/auth/pam.c:673 plugins/sudoers/auth/rfc1938.c:116 +#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:164 +#: plugins/sudoers/cvtsudoers.c:181 plugins/sudoers/cvtsudoers.c:192 +#: plugins/sudoers/cvtsudoers.c:304 plugins/sudoers/cvtsudoers.c:432 +#: plugins/sudoers/cvtsudoers.c:565 plugins/sudoers/cvtsudoers.c:582 +#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 +#: plugins/sudoers/cvtsudoers.c:768 plugins/sudoers/cvtsudoers.c:1183 +#: plugins/sudoers/cvtsudoers.c:1187 plugins/sudoers/cvtsudoers.c:1289 +#: plugins/sudoers/cvtsudoers_json.c:82 plugins/sudoers/cvtsudoers_ldif.c:153 +#: plugins/sudoers/cvtsudoers_ldif.c:196 plugins/sudoers/cvtsudoers_ldif.c:237 +#: plugins/sudoers/cvtsudoers_ldif.c:302 plugins/sudoers/cvtsudoers_ldif.c:373 +#: plugins/sudoers/cvtsudoers_ldif.c:428 plugins/sudoers/cvtsudoers_ldif.c:436 +#: plugins/sudoers/cvtsudoers_ldif.c:453 plugins/sudoers/cvtsudoers_ldif.c:462 +#: plugins/sudoers/cvtsudoers_ldif.c:609 plugins/sudoers/defaults.c:632 +#: plugins/sudoers/defaults.c:925 plugins/sudoers/defaults.c:1058 #: plugins/sudoers/editor.c:72 plugins/sudoers/editor.c:90 #: plugins/sudoers/editor.c:101 plugins/sudoers/env.c:268 #: plugins/sudoers/filedigest.c:66 plugins/sudoers/filedigest.c:82 -#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:138 -#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:943 -#: plugins/sudoers/iolog_path.c:174 plugins/sudoers/iolog_util.c:86 -#: plugins/sudoers/iolog_util.c:125 plugins/sudoers/iolog_util.c:134 -#: plugins/sudoers/iolog_util.c:144 plugins/sudoers/iolog_util.c:152 -#: plugins/sudoers/iolog_util.c:156 plugins/sudoers/ldap.c:185 -#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420 -#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723 -#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241 -#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705 -#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921 -#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038 -#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254 -#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342 -#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461 -#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591 -#: plugins/sudoers/ldap_conf.c:682 plugins/sudoers/ldap_conf.c:765 -#: plugins/sudoers/ldap_util.c:510 plugins/sudoers/ldap_util.c:567 -#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:202 -#: plugins/sudoers/logging.c:532 plugins/sudoers/logging.c:558 -#: plugins/sudoers/logging.c:598 plugins/sudoers/logging.c:1100 -#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:366 -#: plugins/sudoers/match_command.c:413 plugins/sudoers/match_command.c:485 -#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:199 +#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:140 +#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:476 +#: plugins/sudoers/iolog_client.c:107 plugins/sudoers/iolog_client.c:485 +#: plugins/sudoers/iolog_client.c:593 plugins/sudoers/iolog_client.c:611 +#: plugins/sudoers/iolog_client.c:1053 plugins/sudoers/iolog_client.c:1283 +#: plugins/sudoers/iolog_client.c:1619 plugins/sudoers/iolog_client.c:1647 +#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416 +#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432 +#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887 +#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668 +#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786 +#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022 +#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223 +#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306 +#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446 +#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558 +#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:682 +#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:330 +#: plugins/sudoers/ldap_util.c:337 plugins/sudoers/ldap_util.c:603 +#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:200 +#: plugins/sudoers/logging.c:527 plugins/sudoers/logging.c:553 +#: plugins/sudoers/logging.c:593 plugins/sudoers/logging.c:1091 +#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:396 +#: plugins/sudoers/match_command.c:443 plugins/sudoers/match_command.c:515 +#: plugins/sudoers/match_digest.c:87 plugins/sudoers/parse.c:199 #: plugins/sudoers/parse.c:211 plugins/sudoers/parse.c:226 #: plugins/sudoers/parse.c:238 plugins/sudoers/parse_ldif.c:155 #: plugins/sudoers/parse_ldif.c:186 plugins/sudoers/parse_ldif.c:255 #: plugins/sudoers/parse_ldif.c:262 plugins/sudoers/parse_ldif.c:267 #: plugins/sudoers/parse_ldif.c:343 plugins/sudoers/parse_ldif.c:354 -#: plugins/sudoers/parse_ldif.c:360 plugins/sudoers/parse_ldif.c:385 -#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:401 -#: plugins/sudoers/parse_ldif.c:415 plugins/sudoers/parse_ldif.c:584 -#: plugins/sudoers/parse_ldif.c:613 plugins/sudoers/parse_ldif.c:638 -#: plugins/sudoers/parse_ldif.c:696 plugins/sudoers/parse_ldif.c:713 -#: plugins/sudoers/parse_ldif.c:741 plugins/sudoers/parse_ldif.c:748 -#: plugins/sudoers/policy.c:134 plugins/sudoers/policy.c:143 -#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:178 -#: plugins/sudoers/policy.c:305 plugins/sudoers/policy.c:320 -#: plugins/sudoers/policy.c:322 plugins/sudoers/policy.c:348 -#: plugins/sudoers/policy.c:358 plugins/sudoers/policy.c:402 +#: plugins/sudoers/parse_ldif.c:381 plugins/sudoers/parse_ldif.c:398 +#: plugins/sudoers/parse_ldif.c:410 plugins/sudoers/parse_ldif.c:414 +#: plugins/sudoers/parse_ldif.c:428 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:133 plugins/sudoers/policy.c:142 +#: plugins/sudoers/policy.c:151 plugins/sudoers/policy.c:177 +#: plugins/sudoers/policy.c:304 plugins/sudoers/policy.c:319 +#: plugins/sudoers/policy.c:321 plugins/sudoers/policy.c:350 +#: plugins/sudoers/policy.c:359 plugins/sudoers/policy.c:402 #: plugins/sudoers/policy.c:412 plugins/sudoers/policy.c:421 #: plugins/sudoers/policy.c:430 plugins/sudoers/policy.c:504 -#: plugins/sudoers/policy.c:750 plugins/sudoers/prompt.c:100 +#: plugins/sudoers/policy.c:830 plugins/sudoers/prompt.c:100 #: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 #: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 #: plugins/sudoers/pwutil.c:586 plugins/sudoers/pwutil.c:657 #: plugins/sudoers/pwutil.c:816 plugins/sudoers/pwutil.c:873 #: plugins/sudoers/pwutil.c:917 plugins/sudoers/pwutil.c:975 -#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 -#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 -#: plugins/sudoers/set_perms.c:1659 plugins/sudoers/sssd.c:153 +#: plugins/sudoers/set_perms.c:365 plugins/sudoers/set_perms.c:704 +#: plugins/sudoers/set_perms.c:1067 plugins/sudoers/set_perms.c:1370 +#: plugins/sudoers/set_perms.c:1535 plugins/sudoers/sssd.c:153 #: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 #: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 #: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 -#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 -#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 -#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 -#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 -#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:113 -#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 -#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 -#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 -#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 -#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 -#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:331 plugins/sudoers/sudoers.c:341 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:735 +#: plugins/sudoers/sudoers.c:864 plugins/sudoers/sudoers.c:909 +#: plugins/sudoers/sudoers.c:1213 plugins/sudoers/sudoreplay.c:559 +#: plugins/sudoers/sudoreplay.c:562 plugins/sudoers/sudoreplay.c:1218 +#: plugins/sudoers/sudoreplay.c:1425 plugins/sudoers/sudoreplay.c:1429 +#: plugins/sudoers/testsudoers.c:136 plugins/sudoers/testsudoers.c:236 +#: plugins/sudoers/testsudoers.c:253 plugins/sudoers/testsudoers.c:587 +#: plugins/sudoers/timestamp.c:439 plugins/sudoers/timestamp.c:483 +#: plugins/sudoers/timestamp.c:993 plugins/sudoers/toke_util.c:59 +#: plugins/sudoers/toke_util.c:112 plugins/sudoers/toke_util.c:136 +#: plugins/sudoers/toke_util.c:165 plugins/sudoers/tsdump.c:130 #: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 #: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 #: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 @@ -251,12 +261,456 @@ msgid "%s: %s" msgstr "%s: %s" +#: lib/iolog/iolog_fileio.c:164 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s esiste, ma non è una directory (0%o)" + +#: lib/iolog/iolog_fileio.c:194 lib/iolog/iolog_fileio.c:240 +#: plugins/sudoers/timestamp.c:212 +#, c-format +msgid "unable to mkdir %s" +msgstr "impossibile creare la directory %s" + +#: lib/iolog/iolog_fileio.c:244 plugins/sudoers/visudo.c:739 +#: plugins/sudoers/visudo.c:750 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "impossibile modificare la modalità di %s a 0%o" + +#: lib/iolog/iolog_util.c:83 +#, c-format +msgid "%s: invalid log file" +msgstr "%s: file di registro non valido" + +#: lib/iolog/iolog_util.c:101 +#, c-format +msgid "%s: time stamp field is missing" +msgstr "%s: manca il campo della marcatura temporale" + +#: lib/iolog/iolog_util.c:107 +#, c-format +msgid "%s: time stamp %s: %s" +msgstr "%s: marcatura temporale %s: %s" + +#: lib/iolog/iolog_util.c:114 +#, c-format +msgid "%s: user field is missing" +msgstr "%s: manca il campo utente" + +#: lib/iolog/iolog_util.c:123 +#, c-format +msgid "%s: runas user field is missing" +msgstr "%s: manca il campo utente di runas" + +#: lib/iolog/iolog_util.c:132 +#, c-format +msgid "%s: runas group field is missing" +msgstr "%s: manca il campo gruppo di runas" + +#: lib/iolog/iolog_util.c:382 +#, c-format +msgid "error reading timing file: %s" +msgstr "errore nel leggere il file di timing: %s" + +#: lib/iolog/iolog_util.c:389 +#, c-format +msgid "invalid timing file line: %s" +msgstr "riga di timing del file non valida: %s" + +#: logsrvd/eventlog.c:228 plugins/sudoers/cvtsudoers_ldif.c:247 +#: plugins/sudoers/cvtsudoers_ldif.c:254 plugins/sudoers/cvtsudoers_ldif.c:566 +#: plugins/sudoers/env.c:330 plugins/sudoers/env.c:337 +#: plugins/sudoers/env.c:442 plugins/sudoers/iolog.c:550 +#: plugins/sudoers/iolog.c:566 plugins/sudoers/ldap.c:496 +#: plugins/sudoers/ldap.c:727 plugins/sudoers/ldap.c:1060 +#: plugins/sudoers/ldap_conf.c:227 plugins/sudoers/ldap_conf.c:317 +#: plugins/sudoers/linux_audit.c:89 plugins/sudoers/logging.c:1096 +#: plugins/sudoers/policy.c:534 plugins/sudoers/policy.c:679 +#: plugins/sudoers/policy.c:689 plugins/sudoers/prompt.c:168 +#: plugins/sudoers/sudoers.c:931 plugins/sudoers/testsudoers.c:257 +#: plugins/sudoers/toke_util.c:177 +#, c-format +msgid "internal error, %s overflow" +msgstr "errore interno, overflow di %s" + +#: logsrvd/eventlog.c:422 plugins/sudoers/logging.c:118 +#, c-format +msgid "%8s : %s" +msgstr "%8s : %s" + +#: logsrvd/eventlog.c:451 plugins/sudoers/logging.c:146 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "%8s : (comando continuato) %s" + +#: logsrvd/iolog_writer.c:886 +msgid "log is already complete, cannot be restarted" +msgstr "il registro è già completo, non può essere riavviato" + +#: logsrvd/iolog_writer.c:917 +msgid "unable to restart log" +msgstr "impossibile riavviare il registro" + +#: logsrvd/logsrv_util.c:96 logsrvd/logsrv_util.c:103 +#: plugins/sudoers/sudoreplay.c:355 plugins/sudoers/sudoreplay.c:361 +#: plugins/sudoers/sudoreplay.c:368 +#, c-format +msgid "unable to open %s/%s" +msgstr "impossibile aprire %s/%s" + +#: logsrvd/logsrv_util.c:130 +#, c-format +msgid "missing I/O log file %s/%s" +msgstr "file di registro I/O mancante %s/%s" + +#: logsrvd/logsrv_util.c:137 +#, c-format +msgid "%s/%s: unable to seek forward %zu" +msgstr "%s/%s: impossibile spostarsi avanti %zu" + +#: logsrvd/logsrv_util.c:147 +#, c-format +msgid "unable to find resume point [%lld, %ld] in %s/%s" +msgstr "impossibile trovare il punto di ripristino [%lld, %ld] in %s/%s" + +#: logsrvd/logsrvd.c:231 logsrvd/logsrvd.c:299 logsrvd/logsrvd.c:343 +#: logsrvd/logsrvd.c:392 logsrvd/logsrvd.c:439 logsrvd/logsrvd.c:484 +#: logsrvd/logsrvd.c:510 +msgid "state machine error" +msgstr "errore della macchina di stato" + +#: logsrvd/logsrvd.c:240 +msgid "invalid AcceptMessage" +msgstr "AcceoptMessage non valido" + +#: logsrvd/logsrvd.c:251 +msgid "error parsing AcceptMessage" +msgstr "errore nell'analizzare AcceptMessage" + +#: logsrvd/logsrvd.c:258 +msgid "error creating I/O log" +msgstr "errore nel creare il registro I/O" + +#: logsrvd/logsrvd.c:265 +msgid "error logging accept event" +msgstr "errore nel registrare l'evento accept" + +#: logsrvd/logsrvd.c:308 +msgid "invalid RejectMessage" +msgstr "RejectMessage non valido" + +#: logsrvd/logsrvd.c:319 +msgid "error parsing RejectMessage" +msgstr "errore nell'analizzare RejectMessage" + +#: logsrvd/logsrvd.c:325 +msgid "error logging reject event" +msgstr "errore nel registrare l'evento reject" + +#: logsrvd/logsrvd.c:424 +msgid "error logging alert event" +msgstr "errore nel registrare l'evento alert" + +#: logsrvd/logsrvd.c:449 +msgid "error writing IoBuffer" +msgstr "errore nello scrivere IoBuffer" + +#: logsrvd/logsrvd.c:495 +msgid "error writing ChangeWindowSize" +msgstr "errore nello scrivere ChangeWindowSize" + +#: logsrvd/logsrvd.c:521 +msgid "error writing CommandSuspend" +msgstr "errore nello scrivere CommandSuspend" + +#: logsrvd/logsrvd.c:583 +msgid "unrecognized ClientMessage type" +msgstr "tipo di ClientMessage non riconosciuto" + +#: logsrvd/logsrvd.c:835 +msgid "client message too large" +msgstr "messaggio client troppo grande" + +#: logsrvd/logsrvd.c:1295 logsrvd/logsrvd.c:1415 logsrvd/logsrvd.c:1539 +#: logsrvd/logsrvd.c:1631 logsrvd/sendlog.c:242 logsrvd/sendlog.c:257 +#: logsrvd/sendlog.c:290 logsrvd/sendlog.c:1264 plugins/sudoers/iolog.c:900 +#: plugins/sudoers/iolog.c:1033 plugins/sudoers/iolog.c:1131 +#: plugins/sudoers/iolog_client.c:111 plugins/sudoers/iolog_client.c:436 +#: plugins/sudoers/iolog_client.c:452 plugins/sudoers/iolog_client.c:490 +#: plugins/sudoers/iolog_client.c:1032 plugins/sudoers/iolog_client.c:1061 +#: plugins/sudoers/iolog_client.c:1133 plugins/sudoers/iolog_client.c:1239 +#: plugins/sudoers/iolog_client.c:1353 plugins/sudoers/iolog_client.c:1655 +#: plugins/sudoers/iolog_client.c:1663 plugins/sudoers/sudoreplay.c:519 +#: plugins/sudoers/sudoreplay.c:566 plugins/sudoers/sudoreplay.c:755 +#: plugins/sudoers/sudoreplay.c:867 plugins/sudoers/sudoreplay.c:957 +#: plugins/sudoers/sudoreplay.c:972 plugins/sudoers/sudoreplay.c:979 +#: plugins/sudoers/sudoreplay.c:986 plugins/sudoers/sudoreplay.c:993 +#: plugins/sudoers/sudoreplay.c:1000 plugins/sudoers/sudoreplay.c:1127 +msgid "unable to add event to queue" +msgstr "impossibile aggiungere l'evento alla coda" + +#: logsrvd/logsrvd.c:1407 plugins/sudoers/iolog_client.c:378 +#, c-format +msgid "Unable to attach user data to the ssl object: %s" +msgstr "Impossibile allegare dati utenti all'oggetto ssl: %s" + +#: logsrvd/logsrvd.c:1443 plugins/sudoers/iolog_client.c:1596 +#: plugins/sudoers/iolog_client.c:1604 +msgid "unable to get remote IP addr" +msgstr "impossibile ottenere indirizzo IP remoto" + +#: logsrvd/logsrvd.c:1692 logsrvd/sendlog.c:113 +#, c-format +msgid "" +"%s - send sudo I/O log to remote server\n" +"\n" +msgstr "" +"%s - Invia registro I/O di sudo a un server remoto\n" +"\n" + +#: logsrvd/logsrvd.c:1695 +msgid "" +"\n" +"Options:\n" +" -f, --file path to configuration file\n" +" -h --help display help message and exit\n" +" -n, --no-fork do not fork, run in the foreground\n" +" -R, --random-drop percent chance connections will drop\n" +" -V, --version display version information and exit\n" +msgstr "" +"\n" +"Opzioni:\n" +" -f, --file Percorso al file di configurazione\n" +" -h, --help Visualizza il messaggio di aiuto ed esce\n" +" -n, --no-fork Non esegue una fork, resta in primo piano\n" +" -R, --random-drop Percentuale di connessioni chiuse\n" +" -V, --version Visualizza la versione ed esce\n" + +#: logsrvd/logsrvd.c:1747 logsrvd/sendlog.c:1513 +msgid "Protobuf-C version 1.3 or higher required" +msgstr "È richiesto Protobuf-C 1.3 o successivo" + +#: logsrvd/logsrvd.c:1765 +#, c-format +msgid "invalid random drop value: %s" +msgstr "valore drop casuale non valido: %s" + +#: logsrvd/logsrvd.c:1769 logsrvd/sendlog.c:1551 +#: plugins/sudoers/cvtsudoers.c:233 plugins/sudoers/sudoreplay.c:302 +#: plugins/sudoers/visudo.c:184 +#, c-format +msgid "%s version %s\n" +msgstr "%s versione %s\n" + +#: logsrvd/logsrvd_conf.c:688 +#, c-format +msgid "%s: not a fully qualified path" +msgstr "%s: non è un percorso completo" + +#: logsrvd/logsrvd_conf.c:802 +#, c-format +msgid "%s:%d unmatched '[': %s" +msgstr "%s:%d \"[\" non corrispondente: %s" + +#: logsrvd/logsrvd_conf.c:813 +#, c-format +msgid "%s:%d invalid config section: %s" +msgstr "%s:%d sezione configurazione non valida: %s" + +#: logsrvd/logsrvd_conf.c:821 +#, c-format +msgid "%s:%d invalid configuration line: %s" +msgstr "%s:%d riga di configurazione non valida: %s" + +#: logsrvd/logsrvd_conf.c:827 +#, c-format +msgid "%s:%d expected section name: %s" +msgstr "%s:%d atteso nome di sezione: %s" + +#: logsrvd/logsrvd_conf.c:841 +#, c-format +msgid "invalid value for %s: %s" +msgstr "valore non valido per \"%s\": %s" + +#: logsrvd/logsrvd_conf.c:849 +#, c-format +msgid "%s:%d unknown key: %s" +msgstr "%s:%d chiave sconosciuta: %s" + +#: logsrvd/logsrvd_conf.c:977 +#, c-format +msgid "unknown syslog facility %s" +msgstr "strumento syslog %s sconosciuto" + +#: logsrvd/logsrvd_conf.c:981 logsrvd/logsrvd_conf.c:985 +#: logsrvd/logsrvd_conf.c:989 +#, c-format +msgid "unknown syslog priority %s" +msgstr "priorità syslog %s sconosciuta" + +#: logsrvd/sendlog.c:116 +msgid "" +"\n" +"Options:\n" +" --help display help message and exit\n" +" -h, --host host to send logs to\n" +" -i, --iolog_id remote ID of I/O log to be resumed\n" +" -p, --port port to use when connecting to host\n" +" -r, --restart restart previous I/O log transfer\n" +" -t, --test test audit server by sending selected I/O log n times in parallel\n" +" -b, --ca-bundle certificate bundle file to verify server's cert against\n" +" -c, --cert certificate file for TLS handshake\n" +" -k, --key private key file\n" +" -V, --version display version information and exit\n" +msgstr "" +"\n" +"Options:\n" +" --help Visualizza questo messaggio ed esce\n" +" -h, --host Host a cui inviare i registri\n" +" -i, --iolog_id ID remoto del registro I/O da ripristinare\n" +" -p, --port Prta da usare nella connessione a un host\n" +" -r, --restart Riavvia il trasferimento precedente\n" +" -t, --test Prova del server di audit inviando il registro I/O\n" +" selezionato N volte in paralleo\n" +" -b, --ca-bundle File bundle del certificato per verificare il server\n" +" -c, --cert File certificato per handshake TLS\n" +" -k, --key File chiave privata\n" +" -V, --version Visualizza la versione ed esce\n" + +#: logsrvd/sendlog.c:216 plugins/sudoers/iolog_client.c:409 +msgid "TLS handshake timeout occurred" +msgstr "timeout handshake TLS" + +#: logsrvd/sendlog.c:237 logsrvd/sendlog.c:252 +#: plugins/sudoers/iolog_client.c:430 plugins/sudoers/iolog_client.c:446 +msgid "unable to set event" +msgstr "impossibile impostare evento" + +#: logsrvd/sendlog.c:262 +#, c-format +msgid "SSL_connect failed: ssl_error=%d, stack=%s\n" +msgstr "SSL_connect non riuscita: ssl_error=%d, stack=%s\n" + +#: logsrvd/sendlog.c:294 plugins/sudoers/iolog_client.c:115 +#: plugins/sudoers/iolog_client.c:495 plugins/sudoers/iolog_client.c:1065 +#: plugins/sudoers/iolog_client.c:1671 +msgid "error in event loop" +msgstr "errore nel ciclo dell'evento" + +#: logsrvd/sendlog.c:311 +msgid "CA bundle file was not specified" +msgstr "File bundle CA non specificato" + +#: logsrvd/sendlog.c:315 +msgid "Client certificate was not specified" +msgstr "Certificato client non specificato" + +#: logsrvd/sendlog.c:319 +#, c-format +msgid "Unable to initialize ssl context: %s" +msgstr "Impossibile inizializzare il conteso ssl: %s" + +#: logsrvd/sendlog.c:324 +#, c-format +msgid "Unable to allocate ssl object: %s\n" +msgstr "Impossibile allocare oggetto ssl: %s\n" + +#: logsrvd/sendlog.c:329 +#, c-format +msgid "Unable to attach socket to the ssl object: %s\n" +msgstr "Impossibile collegare il socket all'oggetto ssl: %s\n" + +#: logsrvd/sendlog.c:367 plugins/sudoers/iolog_client.c:150 +#, c-format +msgid "unable to look up %s:%s: %s" +msgstr "impossibile cercare %s:%s: %s" + +#: logsrvd/sendlog.c:522 plugins/sudoers/sudoreplay.c:815 +#, c-format +msgid "unable to read %s/%s: %s" +msgstr "impossibile leggere %s/%s: %s" + +#: logsrvd/sendlog.c:543 +#, c-format +msgid "client message too large: %zu\n" +msgstr "messaggio client troppo grande: %zu\n" + +#: logsrvd/sendlog.c:941 +#, c-format +msgid "%s: write buffer already in use" +msgstr "%s: buffer di scrittura già in uso" + +#: logsrvd/sendlog.c:993 plugins/sudoers/iolog.c:824 +#: plugins/sudoers/iolog.c:893 +#, c-format +msgid "unexpected I/O event %d" +msgstr "evento I/O %d non atteso" + +#: logsrvd/sendlog.c:1025 logsrvd/sendlog.c:1042 logsrvd/sendlog.c:1092 +#: plugins/sudoers/iolog_client.c:1037 plugins/sudoers/iolog_client.c:1090 +#: plugins/sudoers/iolog_client.c:1151 +#, c-format +msgid "%s: unexpected state %d" +msgstr "%s: stato %d non atteso" + +#: logsrvd/sendlog.c:1048 plugins/sudoers/iolog_client.c:1096 +msgid "invalid ServerHello" +msgstr "ServerHello non valido" + +#: logsrvd/sendlog.c:1130 plugins/sudoers/iolog_client.c:1195 +#, c-format +msgid "error message received from server: %s" +msgstr "messaggio di errore ricevuto dal server: %s" + +#: logsrvd/sendlog.c:1143 plugins/sudoers/iolog_client.c:1208 +#, c-format +msgid "abort message received from server: %s" +msgstr "messaggio di abort ricevuto dal server: %s" + +#: logsrvd/sendlog.c:1162 plugins/sudoers/iolog_client.c:1227 +msgid "unable to unpack ServerMessage" +msgstr "impossibile aprire ServerMessage" + +#: logsrvd/sendlog.c:1207 plugins/sudoers/iolog_client.c:1260 +#, c-format +msgid "%s: unexpected type_case value %d" +msgstr "%s: valore type_case %d non atteso" + +#: logsrvd/sendlog.c:1291 +msgid "premature EOF" +msgstr "EOF prematuro" + +#: logsrvd/sendlog.c:1304 +#, c-format +msgid "server message too large: %u\n" +msgstr "messaggio server troppo grande: %u\n" + +#: logsrvd/sendlog.c:1569 +msgid "both restart point and iolog ID must be specified" +msgstr "devono essere specificati sia il punto di inizio che l'ID di iolog" + +#: logsrvd/sendlog.c:1636 +#, c-format +msgid "exited prematurely with state %d" +msgstr "uscito inaspettatamente con stato %d" + +#: logsrvd/sendlog.c:1637 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "tempo trascorso inviato al server [%lld, %ld]" + +#: logsrvd/sendlog.c:1639 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "punto di commit ricevuto dal server [%lld, %ld]" + #: plugins/sudoers/alias.c:151 #, c-format msgid "Alias \"%s\" already defined" msgstr "Alias \"%s\" già definito" -#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:801 +#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:792 msgid "unable to fork" msgstr "impossibile eseguire fork" @@ -362,33 +816,33 @@ msgid "unable to initialize PAM: %s" msgstr "impossibile inizializzare PAM: %s" -#: plugins/sudoers/auth/pam.c:319 +#: plugins/sudoers/auth/pam.c:322 #, c-format msgid "PAM authentication error: %s" msgstr "Errore autenticazione PAM: %s" -#: plugins/sudoers/auth/pam.c:338 +#: plugins/sudoers/auth/pam.c:341 msgid "account validation failure, is your account locked?" msgstr "validazione dell'account non riuscita: forse è bloccato?" -#: plugins/sudoers/auth/pam.c:349 +#: plugins/sudoers/auth/pam.c:352 msgid "Account or password is expired, reset your password and try again" msgstr "Account o password scaduto: reimpostare la password e provare nuovamente" -#: plugins/sudoers/auth/pam.c:355 +#: plugins/sudoers/auth/pam.c:358 #, c-format msgid "unable to change expired password: %s" msgstr "impossibile modificare la password scaduta: %s" -#: plugins/sudoers/auth/pam.c:366 +#: plugins/sudoers/auth/pam.c:369 msgid "Password expired, contact your system administrator" msgstr "Password scaduta, contattare l'amministratore di sistema" -#: plugins/sudoers/auth/pam.c:371 +#: plugins/sudoers/auth/pam.c:374 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Account scaduto o alla configurazione PAM manca una sezione \"account\" per sudo: contattare l'amministratore di sistema" -#: plugins/sudoers/auth/pam.c:379 plugins/sudoers/auth/pam.c:384 +#: plugins/sudoers/auth/pam.c:382 plugins/sudoers/auth/pam.c:387 #, c-format msgid "PAM account management error: %s" msgstr "Errore gestione account PAM: %s" @@ -466,7 +920,7 @@ msgid "unable to commit audit record" msgstr "impossibile inviare il record di audit" -#: plugins/sudoers/check.c:269 +#: plugins/sudoers/check.c:264 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -486,15 +940,16 @@ " #3) Da grandi poteri derivano grandi responsabilità\n" "\n" -#: plugins/sudoers/check.c:312 plugins/sudoers/check.c:322 -#: plugins/sudoers/sudoers.c:700 plugins/sudoers/sudoers.c:748 +#: plugins/sudoers/check.c:307 plugins/sudoers/check.c:317 +#: plugins/sudoers/sudoers.c:778 plugins/sudoers/sudoers.c:826 #: plugins/sudoers/tsdump.c:126 #, c-format msgid "unknown uid: %u" msgstr "uid sconosciuto: %u" -#: plugins/sudoers/check.c:317 plugins/sudoers/iolog.c:255 -#: plugins/sudoers/policy.c:921 plugins/sudoers/sudoers.c:1163 +#: plugins/sudoers/check.c:312 plugins/sudoers/iolog.c:121 +#: plugins/sudoers/policy.c:1034 plugins/sudoers/sudoers.c:391 +#: plugins/sudoers/sudoers.c:393 plugins/sudoers/sudoers.c:1255 #: plugins/sudoers/testsudoers.c:227 plugins/sudoers/testsudoers.c:400 #, c-format msgid "unknown user: %s" @@ -515,12 +970,6 @@ msgid "order padding: %s: %s" msgstr "ordine di riempimento: %s: %s" -#: plugins/sudoers/cvtsudoers.c:233 plugins/sudoers/sudoreplay.c:289 -#: plugins/sudoers/visudo.c:184 -#, c-format -msgid "%s version %s\n" -msgstr "%s versione %s\n" - #: plugins/sudoers/cvtsudoers.c:235 plugins/sudoers/visudo.c:186 #, c-format msgid "%s grammar version %d\n" @@ -541,7 +990,7 @@ msgid "%s: input and output files must be different" msgstr "%s: i file di input e output devono essere diversi" -#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:176 +#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:185 #: plugins/sudoers/testsudoers.c:266 plugins/sudoers/visudo.c:254 #: plugins/sudoers/visudo.c:610 plugins/sudoers/visudo.c:933 msgid "unable to initialize sudoers default values" @@ -573,12 +1022,10 @@ msgstr "filtro non valido: %s" #: plugins/sudoers/cvtsudoers.c:622 plugins/sudoers/cvtsudoers.c:639 -#: plugins/sudoers/cvtsudoers.c:1245 plugins/sudoers/cvtsudoers_json.c:1130 -#: plugins/sudoers/cvtsudoers_ldif.c:643 plugins/sudoers/iolog.c:413 -#: plugins/sudoers/iolog_util.c:75 plugins/sudoers/sudoers.c:914 -#: plugins/sudoers/sudoreplay.c:338 plugins/sudoers/sudoreplay.c:1431 -#: plugins/sudoers/timestamp.c:448 plugins/sudoers/tsdump.c:135 -#: plugins/sudoers/visudo.c:929 +#: plugins/sudoers/cvtsudoers.c:1249 plugins/sudoers/cvtsudoers_json.c:868 +#: plugins/sudoers/cvtsudoers_ldif.c:683 plugins/sudoers/sudoers.c:1001 +#: plugins/sudoers/sudoreplay.c:1391 plugins/sudoers/timestamp.c:448 +#: plugins/sudoers/tsdump.c:135 plugins/sudoers/visudo.c:929 #, c-format msgid "unable to open %s" msgstr "impossibile aprire %s" @@ -598,14 +1045,13 @@ msgid "parse error in %s\n" msgstr "errore di analisi in %s\n" -#: plugins/sudoers/cvtsudoers.c:1292 plugins/sudoers/iolog.c:500 -#: plugins/sudoers/sudoreplay.c:1135 plugins/sudoers/timestamp.c:332 -#: plugins/sudoers/timestamp.c:335 +#: plugins/sudoers/cvtsudoers.c:1296 plugins/sudoers/sudoreplay.c:1088 +#: plugins/sudoers/timestamp.c:332 plugins/sudoers/timestamp.c:335 #, c-format msgid "unable to write to %s" msgstr "impossibile scrivere su %s" -#: plugins/sudoers/cvtsudoers.c:1315 +#: plugins/sudoers/cvtsudoers.c:1319 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -615,7 +1061,7 @@ "\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1317 +#: plugins/sudoers/cvtsudoers.c:1321 msgid "" "\n" "Options:\n" @@ -655,43 +1101,30 @@ " -s, --suppress=SEZIONI Disabilita l'output per alcune sezioni\n" " -V, --version Visualizza la versione ed esce" -#: plugins/sudoers/cvtsudoers_json.c:684 plugins/sudoers/cvtsudoers_json.c:720 -#: plugins/sudoers/cvtsudoers_json.c:938 +#: plugins/sudoers/cvtsudoers_json.c:487 plugins/sudoers/cvtsudoers_json.c:521 +#: plugins/sudoers/cvtsudoers_json.c:709 #, c-format msgid "unknown defaults entry \"%s\"" msgstr "voce Defaults \"%s\" sconosciuta" -#: plugins/sudoers/cvtsudoers_json.c:858 plugins/sudoers/cvtsudoers_json.c:873 -#: plugins/sudoers/cvtsudoers_ldif.c:308 plugins/sudoers/cvtsudoers_ldif.c:319 +#: plugins/sudoers/cvtsudoers_json.c:647 plugins/sudoers/cvtsudoers_json.c:660 +#: plugins/sudoers/cvtsudoers_ldif.c:348 plugins/sudoers/cvtsudoers_ldif.c:359 #: plugins/sudoers/ldap.c:482 msgid "unable to get GMT time" msgstr "impossibile ottenere l'ora GMT" -#: plugins/sudoers/cvtsudoers_json.c:861 plugins/sudoers/cvtsudoers_json.c:876 -#: plugins/sudoers/cvtsudoers_ldif.c:311 plugins/sudoers/cvtsudoers_ldif.c:322 +#: plugins/sudoers/cvtsudoers_json.c:650 plugins/sudoers/cvtsudoers_json.c:663 +#: plugins/sudoers/cvtsudoers_ldif.c:351 plugins/sudoers/cvtsudoers_ldif.c:362 #: plugins/sudoers/ldap.c:488 msgid "unable to format timestamp" msgstr "impossibile formattare la marcatura temporale" -#: plugins/sudoers/cvtsudoers_ldif.c:526 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:337 plugins/sudoers/env.c:442 -#: plugins/sudoers/ldap.c:496 plugins/sudoers/ldap.c:727 -#: plugins/sudoers/ldap.c:1060 plugins/sudoers/ldap_conf.c:227 -#: plugins/sudoers/ldap_conf.c:317 plugins/sudoers/linux_audit.c:89 -#: plugins/sudoers/logging.c:1105 plugins/sudoers/policy.c:625 -#: plugins/sudoers/policy.c:635 plugins/sudoers/prompt.c:168 -#: plugins/sudoers/sudoers.c:852 plugins/sudoers/testsudoers.c:257 -#: plugins/sudoers/toke_util.c:161 -#, c-format -msgid "internal error, %s overflow" -msgstr "errore interno, overflow di %s" - -#: plugins/sudoers/cvtsudoers_ldif.c:595 +#: plugins/sudoers/cvtsudoers_ldif.c:635 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "troppe voci sudoers, massimo %u" -#: plugins/sudoers/cvtsudoers_ldif.c:638 +#: plugins/sudoers/cvtsudoers_ldif.c:678 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "la variabile d'ambiente SUDOERS_BASE non è impostata e non è stata specificata l'opzione -b." @@ -1100,8 +1533,8 @@ #: plugins/sudoers/def_data.c:406 #, c-format -msgid "Maximum I/O log sequence number: %u" -msgstr "Numero massimo di sequenze I/O di registro: %u" +msgid "Maximum I/O log sequence number: %s" +msgstr "Numero massimo di sequenze I/O di registro: %s" #: plugins/sudoers/def_data.c:410 msgid "Enable sudoers netgroup support" @@ -1211,62 +1644,106 @@ msgid "Log when a command is denied by sudoers" msgstr "Registra quando un comando viene negato da sudoers" -#: plugins/sudoers/defaults.c:231 +#: plugins/sudoers/def_data.c:510 +msgid "Sudo log server(s) to connect to with optional port" +msgstr "Server di registro per sudo a cui connettersi, con la porta opzionale" + +#: plugins/sudoers/def_data.c:514 +#, c-format +msgid "Sudo log server timeout in seconds: %u" +msgstr "Timeout server di registro per sudo, in secondi: %u" + +#: plugins/sudoers/def_data.c:518 +msgid "Enable SO_KEEPALIVE socket option on the socket connected to the logserver" +msgstr "Abilita l'opzione SO_KEEPALIVE sul socket connesso al server di registro" + +#: plugins/sudoers/def_data.c:522 +#, c-format +msgid "Path to the audit server's CA bundle file: %s" +msgstr "Percorso al file bundle CA del server di audit: %s" + +#: plugins/sudoers/def_data.c:526 +#, c-format +msgid "Path to the sudoers certificate file: %s" +msgstr "Percorso al file certificato di sudoers: %s" + +#: plugins/sudoers/def_data.c:530 +#, c-format +msgid "Path to the sudoers private key file: %s" +msgstr "Percorso al file chiave privata di sudoers: %s" + +#: plugins/sudoers/def_data.c:534 +msgid "Allow the use of unknown runas user and/or group ID" +msgstr "Consente l'uso di ID utente o gruppo sconosciuto per runas" + +#: plugins/sudoers/def_data.c:538 +msgid "Only permit running commands as a user with a valid shell" +msgstr "Consente di eseguire i comandi a un utente con una shell valida" + +#: plugins/sudoers/def_data.c:542 +msgid "Set the pam remote user to the user running sudo" +msgstr "Imposta l'utente remoto pam all'utente che esegue sudo" + +#: plugins/sudoers/def_data.c:546 +msgid "Set the pam remote host to the local host name" +msgstr "Imposta l'host remoto pam al nome host locale" + +#: plugins/sudoers/defaults.c:190 #, c-format msgid "%s:%d unknown defaults entry \"%s\"" msgstr "%s:%d voce Defaults \"%s\" sconosciuta" -#: plugins/sudoers/defaults.c:234 +#: plugins/sudoers/defaults.c:193 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "%s: voce Defaults \"%s\" sconosciuta" -#: plugins/sudoers/defaults.c:277 +#: plugins/sudoers/defaults.c:236 #, c-format msgid "%s:%d no value specified for \"%s\"" msgstr "%s:%d nessun valore specificato per \"%s\"" -#: plugins/sudoers/defaults.c:280 +#: plugins/sudoers/defaults.c:239 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "%s: nessun valore specificato per \"%s\"" -#: plugins/sudoers/defaults.c:300 +#: plugins/sudoers/defaults.c:259 #, c-format msgid "%s:%d values for \"%s\" must start with a '/'" msgstr "%s:%d i valori per \"%s\" devono iniziare con un carattere \"/\"" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:262 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s: i valori per \"%s\" devono iniziare con un carattere \"/\"" -#: plugins/sudoers/defaults.c:325 +#: plugins/sudoers/defaults.c:284 #, c-format msgid "%s:%d option \"%s\" does not take a value" msgstr "%s:%d l'opzione \"%s\" non accetta un valore" -#: plugins/sudoers/defaults.c:328 +#: plugins/sudoers/defaults.c:287 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s: l'opzione \"%s\" non accetta un valore" -#: plugins/sudoers/defaults.c:353 +#: plugins/sudoers/defaults.c:312 #, c-format msgid "%s:%d invalid Defaults type 0x%x for option \"%s\"" msgstr "%s:%d tipo Defaults 0x%x non valido per l'opzione \"%s\"" -#: plugins/sudoers/defaults.c:356 +#: plugins/sudoers/defaults.c:315 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s: tipo Defaults 0x%x non valido per l'opzione \"%s\"" -#: plugins/sudoers/defaults.c:366 +#: plugins/sudoers/defaults.c:325 #, c-format msgid "%s:%d value \"%s\" is invalid for option \"%s\"" msgstr "%s:%d il valore \"%s\" non è valido per l'opzione \"%s\"" -#: plugins/sudoers/defaults.c:369 +#: plugins/sudoers/defaults.c:328 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s: il valore \"%s\" non è valido per l'opzione \"%s\"" @@ -1275,11 +1752,11 @@ msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: envp danneggiato, discordanza nella lunghezza" -#: plugins/sudoers/env.c:1132 +#: plugins/sudoers/env.c:1133 msgid "unable to rebuild the environment" msgstr "impossibile ricostruire l’ambiente" -#: plugins/sudoers/env.c:1206 +#: plugins/sudoers/env.c:1207 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "permessi non sufficienti per impostare le seguenti variabili d'ambiente: %s" @@ -1304,27 +1781,27 @@ msgid "%s: read error" msgstr "%s: errore di lettura" -#: plugins/sudoers/group_plugin.c:90 +#: plugins/sudoers/group_plugin.c:91 #, c-format msgid "%s must be owned by uid %d" msgstr "%s deve essere di proprietà dello uid %d" -#: plugins/sudoers/group_plugin.c:94 +#: plugins/sudoers/group_plugin.c:95 #, c-format msgid "%s must only be writable by owner" msgstr "%s deve essere scrivibile solo dal proprietario" -#: plugins/sudoers/group_plugin.c:102 plugins/sudoers/sssd.c:562 +#: plugins/sudoers/group_plugin.c:104 plugins/sudoers/sssd.c:562 #, c-format msgid "unable to load %s: %s" msgstr "impossibile caricare %s: %s" -#: plugins/sudoers/group_plugin.c:108 +#: plugins/sudoers/group_plugin.c:110 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "impossibile trovare il simbolo \"group_plugin\" in %s" -#: plugins/sudoers/group_plugin.c:113 +#: plugins/sudoers/group_plugin.c:115 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: version major %d del plugin per il gruppo non compatibile, atteso %d" @@ -1343,87 +1820,143 @@ msgid "Local IP address and netmask pairs:\n" msgstr "Coppia indirizzo IP locale e maschera di rete:\n" -#: plugins/sudoers/iolog.c:117 plugins/sudoers/mkdir_parents.c:82 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s esiste, ma non è una directory (0%o)" - -#: plugins/sudoers/iolog.c:142 plugins/sudoers/iolog.c:182 -#: plugins/sudoers/mkdir_parents.c:71 plugins/sudoers/timestamp.c:212 -#, c-format -msgid "unable to mkdir %s" -msgstr "impossibile creare la directory %s" - -#: plugins/sudoers/iolog.c:186 plugins/sudoers/visudo.c:739 -#: plugins/sudoers/visudo.c:750 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "impossibile modificare la modalità di %s a 0%o" - -#: plugins/sudoers/iolog.c:294 plugins/sudoers/sudoers.c:1194 +#: plugins/sudoers/iolog.c:146 plugins/sudoers/sudoers.c:398 +#: plugins/sudoers/sudoers.c:400 plugins/sudoers/sudoers.c:1289 #: plugins/sudoers/testsudoers.c:424 #, c-format msgid "unknown group: %s" msgstr "gruppo sconosciuto: %s" -#: plugins/sudoers/iolog.c:464 plugins/sudoers/sudoers.c:918 -#: plugins/sudoers/sudoreplay.c:846 plugins/sudoers/sudoreplay.c:1542 -#: plugins/sudoers/tsdump.c:145 +#: plugins/sudoers/iolog.c:505 plugins/sudoers/iolog.c:788 +#: plugins/sudoers/iolog.c:938 plugins/sudoers/iolog.c:945 +#: plugins/sudoers/iolog.c:1066 plugins/sudoers/iolog.c:1073 +#: plugins/sudoers/iolog.c:1172 plugins/sudoers/iolog.c:1179 #, c-format -msgid "unable to read %s" -msgstr "impossibile leggere %s" +msgid "unable to write to I/O log file: %s" +msgstr "impossibile scrivere sul file di registro di I/O: %s" -#: plugins/sudoers/iolog.c:579 plugins/sudoers/iolog.c:801 -#, c-format -msgid "unable to create %s" -msgstr "impossibile creare %s" +#: plugins/sudoers/iolog.c:555 +msgid "unable to update sequence file" +msgstr "impossibile aggiornare il file sequenza" -#: plugins/sudoers/iolog.c:824 plugins/sudoers/iolog.c:1039 -#: plugins/sudoers/iolog.c:1115 plugins/sudoers/iolog.c:1209 -#: plugins/sudoers/iolog.c:1270 +#: plugins/sudoers/iolog.c:594 #, c-format -msgid "unable to write to I/O log file: %s" -msgstr "impossibile scrivere sul file di registro di I/O: %s" +msgid "unable to create %s/%s" +msgstr "impossibile creare %s/%s" + +#: plugins/sudoers/iolog.c:622 +msgid "unable to connect to log server" +msgstr "impossibile connettersi al server del registro" -#: plugins/sudoers/iolog.c:1073 +#: plugins/sudoers/iolog.c:830 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s: errore interno, file registro IO per l'evento %d non aperto" -#: plugins/sudoers/iolog.c:1233 +#: plugins/sudoers/iolog.c:923 plugins/sudoers/iolog.c:1051 +#: plugins/sudoers/iolog.c:1156 plugins/sudoers/timestamp.c:862 +#: plugins/sudoers/timestamp.c:954 plugins/sudoers/visudo.c:498 +#: plugins/sudoers/visudo.c:504 +msgid "unable to read the clock" +msgstr "impossibile leggere l'orologio" + +#: plugins/sudoers/iolog.c:1148 plugins/sudoers/iolog_client.c:862 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "%s: errore interno, segnale %d non valido" -#: plugins/sudoers/iolog_util.c:90 +#: plugins/sudoers/iolog_client.c:297 #, c-format -msgid "%s: invalid log file" -msgstr "%s: file di registro non valido" +msgid "Creation of new SSL_CTX object failed: %s" +msgstr "Creazione di un nuovo oggetto SSL_CTX non riuscita: %s" + +#: plugins/sudoers/iolog_client.c:320 +msgid "CA bundle file is not set in sudoers" +msgstr "Il file bundle CA non è impostato in sudoers" -#: plugins/sudoers/iolog_util.c:108 +#: plugins/sudoers/iolog_client.c:327 #, c-format -msgid "%s: time stamp field is missing" -msgstr "%s: manca il campo della marcatura temporale" +msgid "Calling SSL_CTX_load_verify_locations() failed: %s" +msgstr "Chiamata SSL_CTX_load_verify_locations() non riuscita: %s" + +#: plugins/sudoers/iolog_client.c:339 +msgid "Signed certificate file is not set in sudoers" +msgstr "Il file certificato firmato non è impostato in sudoers" -#: plugins/sudoers/iolog_util.c:114 +#: plugins/sudoers/iolog_client.c:345 #, c-format -msgid "%s: time stamp %s: %s" -msgstr "%s: marcatura temporale %s: %s" +msgid "Unable to load cert into the ssl context: %s" +msgstr "Impossibile caricare il certificato nel contesto ssl: %s" -#: plugins/sudoers/iolog_util.c:121 +#: plugins/sudoers/iolog_client.c:356 #, c-format -msgid "%s: user field is missing" -msgstr "%s: manca il campo utente" +msgid "Unable to load private key into the ssl context: %s" +msgstr "Impossibile caricare la chiave privata nel contesto ssl: %s" -#: plugins/sudoers/iolog_util.c:130 +#: plugins/sudoers/iolog_client.c:363 #, c-format -msgid "%s: runas user field is missing" -msgstr "%s: manca il campo utente di runas" +msgid "Unable to allocate ssl object: %s" +msgstr "Impossibile allocare l'oggetto ssl: %s" -#: plugins/sudoers/iolog_util.c:139 +#: plugins/sudoers/iolog_client.c:369 #, c-format -msgid "%s: runas group field is missing" -msgstr "%s: manca il campo gruppo di runas" +msgid "Unable to attach socket to the ssl object: %s" +msgstr "Impossibile collegare il socket all'oggetto ssl: %s" + +#: plugins/sudoers/iolog_client.c:457 +#, c-format +msgid "SSL_connect failed: ssl_error=%d, stack=%s" +msgstr "SSL_connect non riuscita: ssl_error=%d, stack=%s" + +#: plugins/sudoers/iolog_client.c:599 +#, c-format +msgid "client message too large: %zu" +msgstr "messaggio client troppo grande: %zu" + +#: plugins/sudoers/iolog_client.c:656 plugins/sudoers/iolog_client.c:844 +msgid "unable to get time of day" +msgstr "impossibile ottenere l'ora" + +#: plugins/sudoers/iolog_client.c:871 +#, c-format +msgid "%s: internal error, invalid exit status %d" +msgstr "%s: errore interno, stato di uscita %d non valido" + +#: plugins/sudoers/iolog_client.c:1104 +msgid "TLS initialization was unsuccessful" +msgstr "inizializzazione TLS non riuscita" + +#: plugins/sudoers/iolog_client.c:1109 +msgid "TLS handshake was unsuccessful" +msgstr "handshake TLS non riuscito" + +#: plugins/sudoers/iolog_client.c:1361 +#, c-format +msgid "SSL_read failed: ssl_error=%d, stack=%s" +msgstr "SSL_read non riuscita: ssl_error=%d, stack=%s" + +#: plugins/sudoers/iolog_client.c:1384 +msgid "lost connection to log server" +msgstr "connessione al server del registro persa" + +#: plugins/sudoers/iolog_client.c:1397 +#, c-format +msgid "server message too large: %u" +msgstr "messaggio server troppo grande: %u" + +#: plugins/sudoers/iolog_client.c:1461 +msgid "missing write buffer" +msgstr "manca il buffer in scrittura" + +#: plugins/sudoers/iolog_client.c:1486 +#, c-format +msgid "SSL_write failed: ssl_error=%d, stack=%s" +msgstr "SSL_write non riuscita: ssl_error=%d, stack=%s" + +#: plugins/sudoers/iolog_client.c:1610 +#, c-format +msgid "unknown address family: %d" +msgstr "famiglia dell'indirizzo sconosciuta: %d" #: plugins/sudoers/ldap.c:178 plugins/sudoers/ldap_conf.c:296 msgid "starttls not supported when using ldaps" @@ -1448,7 +1981,7 @@ msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "specificato start_tls ma le librerie LDAP non supportano ldap_start_tls_s() o ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:734 +#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:747 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "attributo sudoOrder non valido: %s" @@ -1466,7 +1999,7 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "impossibile utilizzare URI ldap e ldaps assieme" -#: plugins/sudoers/ldap_util.c:456 plugins/sudoers/ldap_util.c:458 +#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "impossibile convertire sudoOption: %s%s%s" @@ -1479,80 +2012,62 @@ msgid "unable to send audit message" msgstr "impossibile inviare il messaggio di audit" -#: plugins/sudoers/logging.c:120 -#, c-format -msgid "%8s : %s" -msgstr "%8s : %s" - -#: plugins/sudoers/logging.c:148 -#, c-format -msgid "%8s : (command continued) %s" -msgstr "%8s : (comando continuato) %s" - -#: plugins/sudoers/logging.c:177 +#: plugins/sudoers/logging.c:175 #, c-format msgid "unable to open log file: %s" msgstr "impossibile aprire il file di registro: %s" -#: plugins/sudoers/logging.c:185 +#: plugins/sudoers/logging.c:183 #, c-format msgid "unable to lock log file: %s" msgstr "impossibile impostare il blocco sul file di registro: %s" -#: plugins/sudoers/logging.c:218 +#: plugins/sudoers/logging.c:216 #, c-format msgid "unable to write log file: %s" msgstr "impossibile scrivere sul file di registro: %s" -#: plugins/sudoers/logging.c:248 -msgid "No user or host" -msgstr "Nessun utente o host" - -#: plugins/sudoers/logging.c:250 -msgid "validation failure" -msgstr "validazione non riuscita" - -#: plugins/sudoers/logging.c:261 +#: plugins/sudoers/logging.c:249 msgid "user NOT in sudoers" msgstr "utente non tra i sudoers" -#: plugins/sudoers/logging.c:263 +#: plugins/sudoers/logging.c:251 msgid "user NOT authorized on host" msgstr "utente non autorizzato sull'host" -#: plugins/sudoers/logging.c:265 +#: plugins/sudoers/logging.c:253 msgid "command not allowed" msgstr "comando non consentito" -#: plugins/sudoers/logging.c:301 +#: plugins/sudoers/logging.c:296 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s non è nel file sudoers. Questo evento verrà segnalato.\n" -#: plugins/sudoers/logging.c:304 +#: plugins/sudoers/logging.c:299 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "A %s non è consentito eseguire sudo su %s. Questo evento verrà segnalato.\n" -#: plugins/sudoers/logging.c:308 +#: plugins/sudoers/logging.c:303 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "L'utente %s non può eseguire sudo su %s.\n" -#: plugins/sudoers/logging.c:311 +#: plugins/sudoers/logging.c:306 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "All'utente %s non è consentito eseguire \"%s%s%s\" come %s%s%s su %s.\n" -#: plugins/sudoers/logging.c:348 plugins/sudoers/sudoers.c:442 -#: plugins/sudoers/sudoers.c:444 plugins/sudoers/sudoers.c:446 -#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:603 -#: plugins/sudoers/sudoers.c:605 +#: plugins/sudoers/logging.c:343 plugins/sudoers/sudoers.c:518 +#: plugins/sudoers/sudoers.c:520 plugins/sudoers/sudoers.c:522 +#: plugins/sudoers/sudoers.c:524 plugins/sudoers/sudoers.c:675 +#: plugins/sudoers/sudoers.c:677 #, c-format msgid "%s: command not found" msgstr "%s: comando non trovato" -#: plugins/sudoers/logging.c:350 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/logging.c:345 plugins/sudoers/sudoers.c:514 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -1561,52 +2076,46 @@ "viene ignorato \"%s\" trovato in \".\"\n" "Usare \"sudo ./%s\" per eseguire \"%s\"." -#: plugins/sudoers/logging.c:367 +#: plugins/sudoers/logging.c:362 msgid "authentication failure" msgstr "autenticazione non riuscita" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:388 msgid "a password is required" msgstr "è necessaria una password" -#: plugins/sudoers/logging.c:463 +#: plugins/sudoers/logging.c:458 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u tentativo di immissione password non corretto" msgstr[1] "%u tentativi di immissione password non corretti" -#: plugins/sudoers/logging.c:728 +#: plugins/sudoers/logging.c:722 #, c-format msgid "unable to dup stdin: %m" msgstr "impossibile eseguire dup sullo stdin: %m" -#: plugins/sudoers/logging.c:768 +#: plugins/sudoers/logging.c:759 #, c-format msgid "unable to execute %s: %m" msgstr "impossibile eseguire %s: %m" -#: plugins/sudoers/logging.c:809 plugins/sudoers/logging.c:865 +#: plugins/sudoers/logging.c:800 plugins/sudoers/logging.c:856 #, c-format msgid "unable to fork: %m" msgstr "impossibile eseguire fork: %m" -#: plugins/sudoers/logging.c:855 +#: plugins/sudoers/logging.c:846 #, c-format msgid "unable to open pipe: %m" msgstr "impossibile aprire una pipe: %m" -#: plugins/sudoers/match_digest.c:103 +#: plugins/sudoers/match_digest.c:123 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "il digest per %s (%s) non è nella forma %s" -#: plugins/sudoers/mkdir_parents.c:77 plugins/sudoers/sudoers.c:943 -#: plugins/sudoers/visudo.c:437 plugins/sudoers/visudo.c:733 -#, c-format -msgid "unable to stat %s" -msgstr "impossibile eseguire stat su %s" - #: plugins/sudoers/parse.c:449 #, c-format msgid "" @@ -1665,22 +2174,22 @@ msgid "User %s is not allowed to run sudo on %s.\n" msgstr "L'utente %s non è abilitato all'esecuzione di sudo su %s.\n" -#: plugins/sudoers/parse_ldif.c:604 +#: plugins/sudoers/parse_ldif.c:617 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "ignorato sudoRole non completo: cn: %s" -#: plugins/sudoers/parse_ldif.c:664 +#: plugins/sudoers/parse_ldif.c:677 #, c-format msgid "invalid LDIF attribute: %s" msgstr "attributo LDIF non valido: %s" -#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:116 +#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:115 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "%.*s non valido impostato dal front-end sudo" -#: plugins/sudoers/policy.c:295 plugins/sudoers/testsudoers.c:280 +#: plugins/sudoers/policy.c:294 plugins/sudoers/testsudoers.c:280 msgid "unable to parse network address list" msgstr "impossibile analizzare l'elenco degli indirizzi di rete" @@ -1700,23 +2209,23 @@ msgid "host name not set by sudo front-end" msgstr "nome dell'host non impostato dal front-end sudo" -#: plugins/sudoers/policy.c:808 plugins/sudoers/visudo.c:236 +#: plugins/sudoers/policy.c:897 plugins/sudoers/visudo.c:236 #: plugins/sudoers/visudo.c:867 #, c-format msgid "unable to execute %s" msgstr "impossibile eseguire %s" -#: plugins/sudoers/policy.c:939 +#: plugins/sudoers/policy.c:1055 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Versione %s del plugin della politica sudoers\n" -#: plugins/sudoers/policy.c:941 +#: plugins/sudoers/policy.c:1057 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Versione %d della grammatica del file sudoers\n" -#: plugins/sudoers/policy.c:945 +#: plugins/sudoers/policy.c:1061 #, c-format msgid "" "\n" @@ -1725,22 +2234,22 @@ "\n" "Percorso sudoers: %s\n" -#: plugins/sudoers/policy.c:948 +#: plugins/sudoers/policy.c:1064 #, c-format msgid "nsswitch path: %s\n" msgstr "percorso nsswitch: %s\n" -#: plugins/sudoers/policy.c:950 +#: plugins/sudoers/policy.c:1066 #, c-format msgid "ldap.conf path: %s\n" msgstr "percorso ldap.conf: %s\n" -#: plugins/sudoers/policy.c:951 +#: plugins/sudoers/policy.c:1067 #, c-format msgid "ldap.secret path: %s\n" msgstr "percorso ldap.secret: %s\n" -#: plugins/sudoers/policy.c:984 +#: plugins/sudoers/policy.c:1100 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "impossibile registrare un hook di tipo %d (versione %d.%d)" @@ -1809,48 +2318,48 @@ msgid "unable to parse gids for %s" msgstr "impossibile analizzare i gid per %s" -#: plugins/sudoers/set_perms.c:120 plugins/sudoers/set_perms.c:478 -#: plugins/sudoers/set_perms.c:921 plugins/sudoers/set_perms.c:1254 -#: plugins/sudoers/set_perms.c:1573 +#: plugins/sudoers/set_perms.c:120 plugins/sudoers/set_perms.c:447 +#: plugins/sudoers/set_perms.c:850 plugins/sudoers/set_perms.c:1156 +#: plugins/sudoers/set_perms.c:1450 msgid "perm stack overflow" msgstr "overflow dello stack perm" -#: plugins/sudoers/set_perms.c:128 plugins/sudoers/set_perms.c:409 -#: plugins/sudoers/set_perms.c:486 plugins/sudoers/set_perms.c:788 -#: plugins/sudoers/set_perms.c:929 plugins/sudoers/set_perms.c:1178 -#: plugins/sudoers/set_perms.c:1262 plugins/sudoers/set_perms.c:1506 -#: plugins/sudoers/set_perms.c:1581 plugins/sudoers/set_perms.c:1672 +#: plugins/sudoers/set_perms.c:128 plugins/sudoers/set_perms.c:378 +#: plugins/sudoers/set_perms.c:455 plugins/sudoers/set_perms.c:717 +#: plugins/sudoers/set_perms.c:858 plugins/sudoers/set_perms.c:1080 +#: plugins/sudoers/set_perms.c:1164 plugins/sudoers/set_perms.c:1383 +#: plugins/sudoers/set_perms.c:1458 plugins/sudoers/set_perms.c:1548 msgid "perm stack underflow" msgstr "underflow dello stack perm" -#: plugins/sudoers/set_perms.c:187 plugins/sudoers/set_perms.c:532 -#: plugins/sudoers/set_perms.c:1315 plugins/sudoers/set_perms.c:1614 +#: plugins/sudoers/set_perms.c:187 plugins/sudoers/set_perms.c:501 +#: plugins/sudoers/set_perms.c:1217 plugins/sudoers/set_perms.c:1491 msgid "unable to change to root gid" msgstr "impossibile passare al gid root" -#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:629 -#: plugins/sudoers/set_perms.c:1060 plugins/sudoers/set_perms.c:1392 +#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:598 +#: plugins/sudoers/set_perms.c:989 plugins/sudoers/set_perms.c:1294 msgid "unable to change to runas gid" msgstr "impossibile passare al gid runas" -#: plugins/sudoers/set_perms.c:283 plugins/sudoers/set_perms.c:634 -#: plugins/sudoers/set_perms.c:1065 plugins/sudoers/set_perms.c:1397 +#: plugins/sudoers/set_perms.c:283 plugins/sudoers/set_perms.c:603 +#: plugins/sudoers/set_perms.c:994 plugins/sudoers/set_perms.c:1299 msgid "unable to set runas group vector" msgstr "impossibile impostare il vettore di gruppo per runas" -#: plugins/sudoers/set_perms.c:294 plugins/sudoers/set_perms.c:645 -#: plugins/sudoers/set_perms.c:1074 plugins/sudoers/set_perms.c:1406 +#: plugins/sudoers/set_perms.c:294 plugins/sudoers/set_perms.c:614 +#: plugins/sudoers/set_perms.c:1003 plugins/sudoers/set_perms.c:1308 msgid "unable to change to runas uid" msgstr "impossibile passare allo uid runas" -#: plugins/sudoers/set_perms.c:312 plugins/sudoers/set_perms.c:663 -#: plugins/sudoers/set_perms.c:1090 plugins/sudoers/set_perms.c:1422 +#: plugins/sudoers/set_perms.c:312 plugins/sudoers/set_perms.c:632 +#: plugins/sudoers/set_perms.c:1019 plugins/sudoers/set_perms.c:1324 msgid "unable to change to sudoers gid" msgstr "impossibile passare al gid sudoers" -#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 -#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 -#: plugins/sudoers/set_perms.c:1659 +#: plugins/sudoers/set_perms.c:365 plugins/sudoers/set_perms.c:704 +#: plugins/sudoers/set_perms.c:1067 plugins/sudoers/set_perms.c:1370 +#: plugins/sudoers/set_perms.c:1535 msgid "too many processes" msgstr "troppi processi" @@ -1883,209 +2392,228 @@ msgid "unable to find symbol \"%s\" in %s" msgstr "impossibile trovare il simbolo \"%s\" in %s" -#: plugins/sudoers/sudoers.c:212 plugins/sudoers/sudoers.c:871 +#: plugins/sudoers/sudoers.c:221 plugins/sudoers/sudoers.c:958 msgid "problem with defaults entries" msgstr "problema con le voci Defaults" -#: plugins/sudoers/sudoers.c:216 +#: plugins/sudoers/sudoers.c:225 msgid "no valid sudoers sources found, quitting" msgstr "nessuna sorgente valida di sudoers trovata, uscita" -#: plugins/sudoers/sudoers.c:254 +#: plugins/sudoers/sudoers.c:301 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers indica che a root non è consentito usare sudo" -#: plugins/sudoers/sudoers.c:312 +#: plugins/sudoers/sudoers.c:361 +msgid "user not allowed to override closefrom limit" +msgstr "l'utente non è autorizzato a scavalcare il limite closefrom" + +#: plugins/sudoers/sudoers.c:362 msgid "you are not permitted to use the -C option" msgstr "utente non abilitato all'uso dell'opzione -C" -#: plugins/sudoers/sudoers.c:359 +#: plugins/sudoers/sudoers.c:426 #, c-format msgid "timestamp owner (%s): No such user" msgstr "proprietario marcatura temporale (%s): utente inesistente" -#: plugins/sudoers/sudoers.c:374 +#: plugins/sudoers/sudoers.c:441 msgid "no tty" msgstr "nessun tty" -#: plugins/sudoers/sudoers.c:375 +#: plugins/sudoers/sudoers.c:442 msgid "sorry, you must have a tty to run sudo" msgstr "è necessario disporre di un tty per eseguire sudo" -#: plugins/sudoers/sudoers.c:437 +#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:450 +#, c-format +msgid "invalid shell for user %s: %s" +msgstr "shell utente %s non valida: %s" + +#: plugins/sudoers/sudoers.c:513 msgid "command in current directory" msgstr "comando nella directory corrente" -#: plugins/sudoers/sudoers.c:456 +#: plugins/sudoers/sudoers.c:532 +msgid "user not allowed to set a command timeout" +msgstr "l'utente non è autorizzato a impostare un timeout per i comandi" + +#: plugins/sudoers/sudoers.c:533 msgid "sorry, you are not allowed set a command timeout" msgstr "non è consentito impostare un timeout per i comandi" -#: plugins/sudoers/sudoers.c:464 +#: plugins/sudoers/sudoers.c:541 +msgid "user not allowed to set a preserve the environment" +msgstr "l'utente non è autorizzato a preservare l'ambiente" + +#: plugins/sudoers/sudoers.c:542 msgid "sorry, you are not allowed to preserve the environment" msgstr "non è consentito preservare l'ambiente" -#: plugins/sudoers/sudoers.c:815 +#: plugins/sudoers/sudoers.c:893 msgid "command too long" msgstr "comando troppo lungo" -#: plugins/sudoers/sudoers.c:947 +#: plugins/sudoers/sudoers.c:951 +msgid "sudoedit doesn't need to be run via sudo" +msgstr "non è necessario eseguire sudoedit via sudo" + +#: plugins/sudoers/sudoers.c:1005 plugins/sudoers/sudoreplay.c:1502 +#: plugins/sudoers/tsdump.c:145 +#, c-format +msgid "unable to read %s" +msgstr "impossibile leggere %s" + +#: plugins/sudoers/sudoers.c:1030 plugins/sudoers/visudo.c:437 +#: plugins/sudoers/visudo.c:733 +#, c-format +msgid "unable to stat %s" +msgstr "impossibile eseguire stat su %s" + +#: plugins/sudoers/sudoers.c:1034 #, c-format msgid "%s is not a regular file" msgstr "%s non è un file regolare" -#: plugins/sudoers/sudoers.c:951 plugins/sudoers/timestamp.c:259 toke.l:967 +#: plugins/sudoers/sudoers.c:1038 plugins/sudoers/timestamp.c:259 toke.l:967 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s è di proprietà dello uid %u, dovrebbe essere %u" -#: plugins/sudoers/sudoers.c:955 toke.l:972 +#: plugins/sudoers/sudoers.c:1042 toke.l:972 #, c-format msgid "%s is world writable" msgstr "%s è scrivibile da tutti" -#: plugins/sudoers/sudoers.c:959 toke.l:975 +#: plugins/sudoers/sudoers.c:1046 toke.l:975 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s è di proprietà del gid %u, dovrebbe essere %u" -#: plugins/sudoers/sudoers.c:992 +#: plugins/sudoers/sudoers.c:1079 #, c-format msgid "only root can use \"-c %s\"" msgstr "solo root può usare \"-c %s\"" -#: plugins/sudoers/sudoers.c:1011 +#: plugins/sudoers/sudoers.c:1098 #, c-format msgid "unknown login class: %s" msgstr "classe di login sconosciuta: %s" -#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoers.c:1110 +#: plugins/sudoers/sudoers.c:1183 plugins/sudoers/sudoers.c:1198 #, c-format msgid "unable to resolve host %s" msgstr "impossibile risolvere l'host %s" -#: plugins/sudoers/sudoreplay.c:250 +#: plugins/sudoers/sudoreplay.c:263 #, c-format msgid "invalid filter option: %s" msgstr "opzione di filtro non valida: %s" -#: plugins/sudoers/sudoreplay.c:263 +#: plugins/sudoers/sudoreplay.c:276 #, c-format msgid "invalid max wait: %s" msgstr "attesa massima non valida: %s" -#: plugins/sudoers/sudoreplay.c:286 +#: plugins/sudoers/sudoreplay.c:299 #, c-format msgid "invalid speed factor: %s" msgstr "fattore di velocità non valido: %s" -#: plugins/sudoers/sudoreplay.c:321 +#: plugins/sudoers/sudoreplay.c:335 #, c-format -msgid "%s/%.2s/%.2s/%.2s/timing: %s" -msgstr "%s/%.2s/%.2s/%.2s/timing: %s" +msgid "%s/%.2s/%.2s/%.2s: %s" +msgstr "%s/%.2s/%.2s/%.2s: %s" -#: plugins/sudoers/sudoreplay.c:326 +#: plugins/sudoers/sudoreplay.c:340 #, c-format msgid "%s/timing: %s" msgstr "%s/timing: %s" -#: plugins/sudoers/sudoreplay.c:330 +#: plugins/sudoers/sudoreplay.c:344 #, c-format -msgid "%s/%s/timing: %s" -msgstr "%s/%s/timing: %s" +msgid "%s/%s: %s" +msgstr "%s/%s: %s" -#: plugins/sudoers/sudoreplay.c:346 +#: plugins/sudoers/sudoreplay.c:372 #, c-format msgid "Replaying sudo session: %s" msgstr "Riproduzione della sessione sudo: %s" -#: plugins/sudoers/sudoreplay.c:544 plugins/sudoers/sudoreplay.c:591 -#: plugins/sudoers/sudoreplay.c:789 plugins/sudoers/sudoreplay.c:898 -#: plugins/sudoers/sudoreplay.c:983 plugins/sudoers/sudoreplay.c:998 -#: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/sudoreplay.c:1012 -#: plugins/sudoers/sudoreplay.c:1019 plugins/sudoers/sudoreplay.c:1026 -#: plugins/sudoers/sudoreplay.c:1174 -msgid "unable to add event to queue" -msgstr "impossibile aggiungere l'evento alla coda" - -#: plugins/sudoers/sudoreplay.c:659 +#: plugins/sudoers/sudoreplay.c:634 msgid "unable to set tty to raw mode" msgstr "impossibile impostare il terminale in modalità raw" -#: plugins/sudoers/sudoreplay.c:710 +#: plugins/sudoers/sudoreplay.c:685 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Attenzione: il terminale è troppo piccolo per riprodurre correttamente il registro.\n" -#: plugins/sudoers/sudoreplay.c:711 +#: plugins/sudoers/sudoreplay.c:686 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "La geometria del registro è %dx%d, quella del terminale è %dx%d." -#: plugins/sudoers/sudoreplay.c:739 +#: plugins/sudoers/sudoreplay.c:714 msgid "Replay finished, press any key to restore the terminal." msgstr "Riproduzione terminata. Premere un tasto per ripristinare il terminale." -#: plugins/sudoers/sudoreplay.c:772 -#, c-format -msgid "invalid timing file line: %s" -msgstr "riga di timing del file non valida: %s" - -#: plugins/sudoers/sudoreplay.c:1208 plugins/sudoers/sudoreplay.c:1233 +#: plugins/sudoers/sudoreplay.c:1161 plugins/sudoers/sudoreplay.c:1186 #, c-format msgid "ambiguous expression \"%s\"" msgstr "espressione \"%s\" ambigua" -#: plugins/sudoers/sudoreplay.c:1255 +#: plugins/sudoers/sudoreplay.c:1208 msgid "unmatched ')' in expression" msgstr "carattere \")\" nell'espressione non corrisposto" -#: plugins/sudoers/sudoreplay.c:1259 +#: plugins/sudoers/sudoreplay.c:1212 #, c-format msgid "unknown search term \"%s\"" msgstr "termine di ricerca \"%s\" sconosciuto" -#: plugins/sudoers/sudoreplay.c:1274 +#: plugins/sudoers/sudoreplay.c:1227 #, c-format msgid "%s requires an argument" msgstr "%s richiede un argomento" -#: plugins/sudoers/sudoreplay.c:1277 plugins/sudoers/sudoreplay.c:1518 +#: plugins/sudoers/sudoreplay.c:1230 plugins/sudoers/sudoreplay.c:1478 #, c-format msgid "invalid regular expression: %s" msgstr "espressione regolare non valida: %s" -#: plugins/sudoers/sudoreplay.c:1281 +#: plugins/sudoers/sudoreplay.c:1234 #, c-format msgid "could not parse date \"%s\"" msgstr "impossibile analizzare la data \"%s\"" -#: plugins/sudoers/sudoreplay.c:1290 +#: plugins/sudoers/sudoreplay.c:1243 msgid "unmatched '(' in expression" msgstr "carattere \"(\" nell'espressione non corrisposto" -#: plugins/sudoers/sudoreplay.c:1292 +#: plugins/sudoers/sudoreplay.c:1245 msgid "illegal trailing \"or\"" msgstr "\"or\" finale non consentito" -#: plugins/sudoers/sudoreplay.c:1294 +#: plugins/sudoers/sudoreplay.c:1247 msgid "illegal trailing \"!\"" msgstr "carattere \"!\" finale non consentito" -#: plugins/sudoers/sudoreplay.c:1344 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "unknown search type %d" msgstr "tipo di ricerca %d sconosciuto" -#: plugins/sudoers/sudoreplay.c:1611 +#: plugins/sudoers/sudoreplay.c:1569 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "uso: %s [-hnRS] [-d DIR] [-m NUM] [-s NUM] ID\n" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1572 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "uso: %s [-h] [-d DIR] -l [ESPRESSIONE DI RICERCA]\n" -#: plugins/sudoers/sudoreplay.c:1623 +#: plugins/sudoers/sudoreplay.c:1581 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2094,7 +2622,7 @@ "%s - Riproduce i registri di sessione di sudo\n" "\n" -#: plugins/sudoers/sudoreplay.c:1625 +#: plugins/sudoers/sudoreplay.c:1583 msgid "" "\n" "Options:\n" @@ -2155,35 +2683,34 @@ msgid "%s is group writable" msgstr "%s è scrivibile da tutti" -#: plugins/sudoers/timestamp.c:343 +#: plugins/sudoers/timestamp.c:343 plugins/sudoers/timestamp.c:687 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "impossibile troncare il file della marcatura temporale a %lld byte" -#: plugins/sudoers/timestamp.c:829 plugins/sudoers/timestamp.c:921 -#: plugins/sudoers/visudo.c:498 plugins/sudoers/visudo.c:504 -msgid "unable to read the clock" -msgstr "impossibile leggere l'orologio" - -#: plugins/sudoers/timestamp.c:840 +#: plugins/sudoers/timestamp.c:873 msgid "ignoring time stamp from the future" msgstr "marcatura temporale dal futuro ignorata" -#: plugins/sudoers/timestamp.c:863 +#: plugins/sudoers/timestamp.c:896 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "marcatura temporale troppo avanti nel tempo: %20.20s" -#: plugins/sudoers/timestamp.c:985 +#: plugins/sudoers/timestamp.c:1018 #, c-format msgid "unable to lock time stamp file %s" msgstr "impossibile bloccare il file della marcatura temporale %s" -#: plugins/sudoers/timestamp.c:1029 plugins/sudoers/timestamp.c:1049 +#: plugins/sudoers/timestamp.c:1062 plugins/sudoers/timestamp.c:1082 #, c-format msgid "lecture status path too long: %s/%s" msgstr "percorso marcatura temporale troppo lungo: %s %s" +#: plugins/sudoers/toke_util.c:132 +msgid "sudoedit should not be specified with a path" +msgstr "sudoedit non dovrebbe essere specificato con un percorso" + #: plugins/sudoers/visudo.c:232 msgid "the -x option will be removed in a future release" msgstr "l'opzione -x verrà rimossa in una prossima versione" @@ -2371,15 +2898,3 @@ #: toke.l:941 msgid "too many levels of includes" msgstr "troppi livelli di inclusioni" - -#~ msgid "ignoring invalid attribute value: %s" -#~ msgstr "valore attributo non valido ignorato: %s" - -#~ msgid "unable to cache user %s, out of memory" -#~ msgstr "impossibile memorizzare in cache l'utente %s, memoria esaurita" - -#~ msgid "unable to cache group %s, out of memory" -#~ msgstr "impossibile memorizzare in cache il gruppo %s, memoria esaurita" - -#~ msgid "unable to cache group list for %s, out of memory" -#~ msgstr "impossibile memorizzare in cache l'elenco di gruppo %s, memoria esaurita" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/plugins/sudoers/po/nb.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/plugins/sudoers/po/nb.mo differ diff -Nru sudo-1.8.31/plugins/sudoers/po/nb.po sudo-1.9.0/plugins/sudoers/po/nb.po --- sudo-1.8.31/plugins/sudoers/po/nb.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/po/nb.po 2020-05-11 16:28:23.000000000 +0000 @@ -2,14 +2,14 @@ # This file is distributed under the same license as the sudo package. # Copyright (C) 2017 Free Software Foundation, Inc. # Todd C. Miller , 2011-2013. -# Åka Sikrom , 2014-2019. +# Åka Sikrom , 2014-2020. # msgid "" msgstr "" "Project-Id-Version: sudoers-1.8.29rc1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" "POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-10-29 09:15+0100\n" +"PO-Revision-Date: 2020-02-02 21:12+0100\n" "Last-Translator: Åka Sikrom \n" "Language-Team: Norwegian Bokmaal \n" "Language: nb\n" @@ -1205,11 +1205,11 @@ #: plugins/sudoers/def_data.c:502 msgid "Log when a command is allowed by sudoers" -msgstr "" +msgstr "Loggfør kommandoer som er tillatt av sudoers" #: plugins/sudoers/def_data.c:506 msgid "Log when a command is denied by sudoers" -msgstr "" +msgstr "Loggfør kommandoer som er avvist av sudoers" #: plugins/sudoers/defaults.c:231 #, c-format Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/plugins/sudoers/po/pl.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/plugins/sudoers/po/pl.mo differ diff -Nru sudo-1.8.31/plugins/sudoers/po/pl.po sudo-1.9.0/plugins/sudoers/po/pl.po --- sudo-1.8.31/plugins/sudoers/po/pl.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/po/pl.po 2020-05-11 16:28:23.000000000 +0000 @@ -1,13 +1,13 @@ # Polish translation for sudo/sudoers. # This file is put in the public domain. -# Jakub Bogusz , 2011-2019. +# Jakub Bogusz , 2011-2020. # msgid "" msgstr "" -"Project-Id-Version: sudoers 1.8.29rc1\n" +"Project-Id-Version: sudoers 1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-10-25 20:32+0200\n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-03-13 21:58+0100\n" "Last-Translator: Jakub Bogusz \n" "Language-Team: Polish \n" "Language: pl\n" @@ -41,70 +41,75 @@ msgid "Sorry, try again." msgstr "Niestety, proszę spróbować ponownie." -#: gram.y:196 gram.y:244 gram.y:251 gram.y:258 gram.y:265 gram.y:272 -#: gram.y:288 gram.y:312 gram.y:319 gram.y:326 gram.y:333 gram.y:340 -#: gram.y:403 gram.y:412 gram.y:423 gram.y:456 gram.y:463 gram.y:470 -#: gram.y:477 gram.y:559 gram.y:566 gram.y:575 gram.y:584 gram.y:601 -#: gram.y:713 gram.y:720 gram.y:727 gram.y:735 gram.y:835 gram.y:842 -#: gram.y:849 gram.y:856 gram.y:863 gram.y:889 gram.y:896 gram.y:903 -#: gram.y:1026 gram.y:1303 plugins/sudoers/alias.c:132 -#: plugins/sudoers/alias.c:139 plugins/sudoers/alias.c:155 -#: plugins/sudoers/auth/bsdauth.c:148 plugins/sudoers/auth/kerb5.c:123 -#: plugins/sudoers/auth/kerb5.c:149 plugins/sudoers/auth/pam.c:670 -#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/auth/sia.c:64 -#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:165 -#: plugins/sudoers/cvtsudoers.c:182 plugins/sudoers/cvtsudoers.c:193 -#: plugins/sudoers/cvtsudoers.c:305 plugins/sudoers/cvtsudoers.c:433 -#: plugins/sudoers/cvtsudoers.c:566 plugins/sudoers/cvtsudoers.c:583 -#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 -#: plugins/sudoers/cvtsudoers.c:769 plugins/sudoers/cvtsudoers.c:1179 -#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1285 +#: gram.y:198 gram.y:246 gram.y:253 gram.y:260 gram.y:267 gram.y:274 +#: gram.y:290 gram.y:314 gram.y:321 gram.y:328 gram.y:335 gram.y:342 +#: gram.y:405 gram.y:414 gram.y:425 gram.y:458 gram.y:465 gram.y:472 +#: gram.y:479 gram.y:506 gram.y:578 gram.y:585 gram.y:594 gram.y:603 +#: gram.y:620 gram.y:732 gram.y:739 gram.y:747 gram.y:753 gram.y:853 +#: gram.y:860 gram.y:867 gram.y:874 gram.y:881 gram.y:907 gram.y:914 +#: gram.y:921 gram.y:1063 gram.y:1342 lib/iolog/iolog_util.c:79 +#: lib/iolog/iolog_util.c:118 lib/iolog/iolog_util.c:127 +#: lib/iolog/iolog_util.c:137 lib/iolog/iolog_util.c:145 +#: lib/iolog/iolog_util.c:149 logsrvd/eventlog.c:223 logsrvd/sendlog.c:286 +#: plugins/sudoers/alias.c:132 plugins/sudoers/alias.c:139 +#: plugins/sudoers/alias.c:155 plugins/sudoers/auth/bsdauth.c:148 +#: plugins/sudoers/auth/kerb5.c:123 plugins/sudoers/auth/kerb5.c:149 +#: plugins/sudoers/auth/pam.c:673 plugins/sudoers/auth/rfc1938.c:116 +#: plugins/sudoers/auth/sia.c:64 plugins/sudoers/cvtsudoers.c:124 +#: plugins/sudoers/cvtsudoers.c:165 plugins/sudoers/cvtsudoers.c:182 +#: plugins/sudoers/cvtsudoers.c:193 plugins/sudoers/cvtsudoers.c:305 +#: plugins/sudoers/cvtsudoers.c:433 plugins/sudoers/cvtsudoers.c:566 +#: plugins/sudoers/cvtsudoers.c:583 plugins/sudoers/cvtsudoers.c:646 +#: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:769 +#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1187 +#: plugins/sudoers/cvtsudoers.c:1289 plugins/sudoers/cvtsudoers_json.c:83 #: plugins/sudoers/cvtsudoers_ldif.c:154 plugins/sudoers/cvtsudoers_ldif.c:197 -#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:263 -#: plugins/sudoers/cvtsudoers_ldif.c:334 plugins/sudoers/cvtsudoers_ldif.c:389 -#: plugins/sudoers/cvtsudoers_ldif.c:397 plugins/sudoers/cvtsudoers_ldif.c:414 -#: plugins/sudoers/cvtsudoers_ldif.c:423 plugins/sudoers/cvtsudoers_ldif.c:570 -#: plugins/sudoers/defaults.c:666 plugins/sudoers/defaults.c:959 -#: plugins/sudoers/defaults.c:1130 plugins/sudoers/editor.c:72 +#: plugins/sudoers/cvtsudoers_ldif.c:238 plugins/sudoers/cvtsudoers_ldif.c:303 +#: plugins/sudoers/cvtsudoers_ldif.c:374 plugins/sudoers/cvtsudoers_ldif.c:429 +#: plugins/sudoers/cvtsudoers_ldif.c:437 plugins/sudoers/cvtsudoers_ldif.c:454 +#: plugins/sudoers/cvtsudoers_ldif.c:463 plugins/sudoers/cvtsudoers_ldif.c:610 +#: plugins/sudoers/defaults.c:632 plugins/sudoers/defaults.c:925 +#: plugins/sudoers/defaults.c:1058 plugins/sudoers/editor.c:72 #: plugins/sudoers/editor.c:90 plugins/sudoers/editor.c:101 #: plugins/sudoers/env.c:268 plugins/sudoers/filedigest.c:66 #: plugins/sudoers/filedigest.c:82 plugins/sudoers/gc.c:59 -#: plugins/sudoers/group_plugin.c:138 plugins/sudoers/interfaces.c:78 -#: plugins/sudoers/iolog.c:943 plugins/sudoers/iolog_path.c:174 -#: plugins/sudoers/iolog_util.c:86 plugins/sudoers/iolog_util.c:125 -#: plugins/sudoers/iolog_util.c:134 plugins/sudoers/iolog_util.c:144 -#: plugins/sudoers/iolog_util.c:152 plugins/sudoers/iolog_util.c:156 -#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416 -#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887 -#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668 -#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786 -#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022 -#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223 -#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306 -#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446 -#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558 -#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:683 -#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:510 -#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/linux_audit.c:83 -#: plugins/sudoers/logging.c:202 plugins/sudoers/logging.c:532 -#: plugins/sudoers/logging.c:558 plugins/sudoers/logging.c:599 -#: plugins/sudoers/logging.c:740 plugins/sudoers/logging.c:1100 -#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:367 -#: plugins/sudoers/match_command.c:414 plugins/sudoers/match_command.c:485 -#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:200 +#: plugins/sudoers/group_plugin.c:141 plugins/sudoers/interfaces.c:78 +#: plugins/sudoers/iolog.c:476 plugins/sudoers/iolog_client.c:107 +#: plugins/sudoers/iolog_client.c:485 plugins/sudoers/iolog_client.c:593 +#: plugins/sudoers/iolog_client.c:611 plugins/sudoers/iolog_client.c:1053 +#: plugins/sudoers/iolog_client.c:1283 plugins/sudoers/iolog_client.c:1619 +#: plugins/sudoers/iolog_client.c:1647 plugins/sudoers/ldap.c:185 +#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723 +#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241 +#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705 +#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921 +#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038 +#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254 +#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342 +#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461 +#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591 +#: plugins/sudoers/ldap_conf.c:683 plugins/sudoers/ldap_conf.c:765 +#: plugins/sudoers/ldap_util.c:331 plugins/sudoers/ldap_util.c:338 +#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:83 +#: plugins/sudoers/logging.c:200 plugins/sudoers/logging.c:527 +#: plugins/sudoers/logging.c:553 plugins/sudoers/logging.c:594 +#: plugins/sudoers/logging.c:731 plugins/sudoers/logging.c:1091 +#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:397 +#: plugins/sudoers/match_command.c:444 plugins/sudoers/match_command.c:515 +#: plugins/sudoers/match_digest.c:87 plugins/sudoers/parse.c:200 #: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:227 #: plugins/sudoers/parse.c:239 plugins/sudoers/parse_ldif.c:156 #: plugins/sudoers/parse_ldif.c:187 plugins/sudoers/parse_ldif.c:256 #: plugins/sudoers/parse_ldif.c:263 plugins/sudoers/parse_ldif.c:268 #: plugins/sudoers/parse_ldif.c:344 plugins/sudoers/parse_ldif.c:355 -#: plugins/sudoers/parse_ldif.c:361 plugins/sudoers/parse_ldif.c:386 -#: plugins/sudoers/parse_ldif.c:398 plugins/sudoers/parse_ldif.c:402 -#: plugins/sudoers/parse_ldif.c:416 plugins/sudoers/parse_ldif.c:584 -#: plugins/sudoers/parse_ldif.c:614 plugins/sudoers/parse_ldif.c:639 -#: plugins/sudoers/parse_ldif.c:697 plugins/sudoers/parse_ldif.c:714 -#: plugins/sudoers/parse_ldif.c:742 plugins/sudoers/parse_ldif.c:749 -#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:750 +#: plugins/sudoers/parse_ldif.c:382 plugins/sudoers/parse_ldif.c:399 +#: plugins/sudoers/parse_ldif.c:411 plugins/sudoers/parse_ldif.c:415 +#: plugins/sudoers/parse_ldif.c:429 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:627 plugins/sudoers/parse_ldif.c:652 +#: plugins/sudoers/parse_ldif.c:710 plugins/sudoers/parse_ldif.c:727 +#: plugins/sudoers/parse_ldif.c:755 plugins/sudoers/parse_ldif.c:762 +#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:830 #: plugins/sudoers/prompt.c:100 plugins/sudoers/pwutil.c:199 #: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 #: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:586 @@ -114,19 +119,19 @@ #: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 #: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 #: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 -#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 -#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 -#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 -#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 -#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:114 -#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 -#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 -#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 -#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 -#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 -#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:331 plugins/sudoers/sudoers.c:341 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:735 +#: plugins/sudoers/sudoers.c:864 plugins/sudoers/sudoers.c:909 +#: plugins/sudoers/sudoers.c:1213 plugins/sudoers/sudoreplay.c:559 +#: plugins/sudoers/sudoreplay.c:562 plugins/sudoers/sudoreplay.c:1218 +#: plugins/sudoers/sudoreplay.c:1425 plugins/sudoers/sudoreplay.c:1429 +#: plugins/sudoers/testsudoers.c:136 plugins/sudoers/testsudoers.c:236 +#: plugins/sudoers/testsudoers.c:253 plugins/sudoers/testsudoers.c:587 +#: plugins/sudoers/timestamp.c:439 plugins/sudoers/timestamp.c:483 +#: plugins/sudoers/timestamp.c:993 plugins/sudoers/toke_util.c:59 +#: plugins/sudoers/toke_util.c:112 plugins/sudoers/toke_util.c:137 +#: plugins/sudoers/toke_util.c:165 plugins/sudoers/tsdump.c:130 #: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 #: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 #: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 @@ -135,111 +140,116 @@ msgid "unable to allocate memory" msgstr "nie udało się przydzielić pamięci" -#: gram.y:488 +#: gram.y:500 msgid "a digest requires a path name" msgstr "skrót wymaga nazwy pliku" -#: gram.y:614 +#: gram.y:633 msgid "invalid notbefore value" msgstr "błędna wartość notbefore" -#: gram.y:622 +#: gram.y:641 msgid "invalid notafter value" msgstr "błędna wartość notafter" -#: gram.y:631 plugins/sudoers/policy.c:320 +#: gram.y:650 plugins/sudoers/policy.c:319 msgid "timeout value too large" msgstr "wartość limitu czasu zbyt duża" -#: gram.y:633 plugins/sudoers/policy.c:322 +#: gram.y:652 plugins/sudoers/policy.c:321 msgid "invalid timeout value" msgstr "błędna wartość limitu czasu" -#: gram.y:1303 plugins/sudoers/auth/pam.c:483 plugins/sudoers/auth/pam.c:670 -#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/cvtsudoers.c:124 -#: plugins/sudoers/cvtsudoers.c:164 plugins/sudoers/cvtsudoers.c:181 -#: plugins/sudoers/cvtsudoers.c:192 plugins/sudoers/cvtsudoers.c:304 -#: plugins/sudoers/cvtsudoers.c:432 plugins/sudoers/cvtsudoers.c:565 -#: plugins/sudoers/cvtsudoers.c:582 plugins/sudoers/cvtsudoers.c:646 -#: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:768 -#: plugins/sudoers/cvtsudoers.c:1179 plugins/sudoers/cvtsudoers.c:1183 -#: plugins/sudoers/cvtsudoers.c:1285 plugins/sudoers/cvtsudoers_ldif.c:153 -#: plugins/sudoers/cvtsudoers_ldif.c:196 plugins/sudoers/cvtsudoers_ldif.c:243 -#: plugins/sudoers/cvtsudoers_ldif.c:262 plugins/sudoers/cvtsudoers_ldif.c:333 -#: plugins/sudoers/cvtsudoers_ldif.c:388 plugins/sudoers/cvtsudoers_ldif.c:396 -#: plugins/sudoers/cvtsudoers_ldif.c:413 plugins/sudoers/cvtsudoers_ldif.c:422 -#: plugins/sudoers/cvtsudoers_ldif.c:569 plugins/sudoers/defaults.c:666 -#: plugins/sudoers/defaults.c:959 plugins/sudoers/defaults.c:1130 +#: gram.y:1342 lib/iolog/iolog_util.c:79 lib/iolog/iolog_util.c:118 +#: lib/iolog/iolog_util.c:127 lib/iolog/iolog_util.c:137 +#: lib/iolog/iolog_util.c:145 lib/iolog/iolog_util.c:149 +#: logsrvd/eventlog.c:223 plugins/sudoers/auth/pam.c:486 +#: plugins/sudoers/auth/pam.c:673 plugins/sudoers/auth/rfc1938.c:116 +#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:164 +#: plugins/sudoers/cvtsudoers.c:181 plugins/sudoers/cvtsudoers.c:192 +#: plugins/sudoers/cvtsudoers.c:304 plugins/sudoers/cvtsudoers.c:432 +#: plugins/sudoers/cvtsudoers.c:565 plugins/sudoers/cvtsudoers.c:582 +#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 +#: plugins/sudoers/cvtsudoers.c:768 plugins/sudoers/cvtsudoers.c:1183 +#: plugins/sudoers/cvtsudoers.c:1187 plugins/sudoers/cvtsudoers.c:1289 +#: plugins/sudoers/cvtsudoers_json.c:82 plugins/sudoers/cvtsudoers_ldif.c:153 +#: plugins/sudoers/cvtsudoers_ldif.c:196 plugins/sudoers/cvtsudoers_ldif.c:237 +#: plugins/sudoers/cvtsudoers_ldif.c:302 plugins/sudoers/cvtsudoers_ldif.c:373 +#: plugins/sudoers/cvtsudoers_ldif.c:428 plugins/sudoers/cvtsudoers_ldif.c:436 +#: plugins/sudoers/cvtsudoers_ldif.c:453 plugins/sudoers/cvtsudoers_ldif.c:462 +#: plugins/sudoers/cvtsudoers_ldif.c:609 plugins/sudoers/defaults.c:632 +#: plugins/sudoers/defaults.c:925 plugins/sudoers/defaults.c:1058 #: plugins/sudoers/editor.c:72 plugins/sudoers/editor.c:90 #: plugins/sudoers/editor.c:101 plugins/sudoers/env.c:268 #: plugins/sudoers/filedigest.c:66 plugins/sudoers/filedigest.c:82 -#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:138 -#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:943 -#: plugins/sudoers/iolog_path.c:174 plugins/sudoers/iolog_util.c:86 -#: plugins/sudoers/iolog_util.c:125 plugins/sudoers/iolog_util.c:134 -#: plugins/sudoers/iolog_util.c:144 plugins/sudoers/iolog_util.c:152 -#: plugins/sudoers/iolog_util.c:156 plugins/sudoers/ldap.c:185 -#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420 -#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723 -#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241 -#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705 -#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921 -#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038 -#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254 -#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342 -#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461 -#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591 -#: plugins/sudoers/ldap_conf.c:682 plugins/sudoers/ldap_conf.c:765 -#: plugins/sudoers/ldap_util.c:510 plugins/sudoers/ldap_util.c:567 -#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:202 -#: plugins/sudoers/logging.c:532 plugins/sudoers/logging.c:558 -#: plugins/sudoers/logging.c:598 plugins/sudoers/logging.c:1100 -#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:366 -#: plugins/sudoers/match_command.c:413 plugins/sudoers/match_command.c:485 -#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:199 +#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:140 +#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:476 +#: plugins/sudoers/iolog_client.c:107 plugins/sudoers/iolog_client.c:485 +#: plugins/sudoers/iolog_client.c:593 plugins/sudoers/iolog_client.c:611 +#: plugins/sudoers/iolog_client.c:1053 plugins/sudoers/iolog_client.c:1283 +#: plugins/sudoers/iolog_client.c:1619 plugins/sudoers/iolog_client.c:1647 +#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416 +#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432 +#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887 +#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668 +#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786 +#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022 +#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223 +#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306 +#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446 +#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558 +#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:682 +#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:330 +#: plugins/sudoers/ldap_util.c:337 plugins/sudoers/ldap_util.c:603 +#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:200 +#: plugins/sudoers/logging.c:527 plugins/sudoers/logging.c:553 +#: plugins/sudoers/logging.c:593 plugins/sudoers/logging.c:1091 +#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:396 +#: plugins/sudoers/match_command.c:443 plugins/sudoers/match_command.c:515 +#: plugins/sudoers/match_digest.c:87 plugins/sudoers/parse.c:199 #: plugins/sudoers/parse.c:211 plugins/sudoers/parse.c:226 #: plugins/sudoers/parse.c:238 plugins/sudoers/parse_ldif.c:155 #: plugins/sudoers/parse_ldif.c:186 plugins/sudoers/parse_ldif.c:255 #: plugins/sudoers/parse_ldif.c:262 plugins/sudoers/parse_ldif.c:267 #: plugins/sudoers/parse_ldif.c:343 plugins/sudoers/parse_ldif.c:354 -#: plugins/sudoers/parse_ldif.c:360 plugins/sudoers/parse_ldif.c:385 -#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:401 -#: plugins/sudoers/parse_ldif.c:415 plugins/sudoers/parse_ldif.c:584 -#: plugins/sudoers/parse_ldif.c:613 plugins/sudoers/parse_ldif.c:638 -#: plugins/sudoers/parse_ldif.c:696 plugins/sudoers/parse_ldif.c:713 -#: plugins/sudoers/parse_ldif.c:741 plugins/sudoers/parse_ldif.c:748 -#: plugins/sudoers/policy.c:134 plugins/sudoers/policy.c:143 -#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:178 -#: plugins/sudoers/policy.c:305 plugins/sudoers/policy.c:320 -#: plugins/sudoers/policy.c:322 plugins/sudoers/policy.c:348 -#: plugins/sudoers/policy.c:358 plugins/sudoers/policy.c:402 +#: plugins/sudoers/parse_ldif.c:381 plugins/sudoers/parse_ldif.c:398 +#: plugins/sudoers/parse_ldif.c:410 plugins/sudoers/parse_ldif.c:414 +#: plugins/sudoers/parse_ldif.c:428 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:133 plugins/sudoers/policy.c:142 +#: plugins/sudoers/policy.c:151 plugins/sudoers/policy.c:177 +#: plugins/sudoers/policy.c:304 plugins/sudoers/policy.c:319 +#: plugins/sudoers/policy.c:321 plugins/sudoers/policy.c:350 +#: plugins/sudoers/policy.c:359 plugins/sudoers/policy.c:402 #: plugins/sudoers/policy.c:412 plugins/sudoers/policy.c:421 #: plugins/sudoers/policy.c:430 plugins/sudoers/policy.c:504 -#: plugins/sudoers/policy.c:750 plugins/sudoers/prompt.c:100 +#: plugins/sudoers/policy.c:830 plugins/sudoers/prompt.c:100 #: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 #: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 #: plugins/sudoers/pwutil.c:586 plugins/sudoers/pwutil.c:657 #: plugins/sudoers/pwutil.c:816 plugins/sudoers/pwutil.c:873 #: plugins/sudoers/pwutil.c:917 plugins/sudoers/pwutil.c:975 -#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 -#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 -#: plugins/sudoers/set_perms.c:1659 plugins/sudoers/sssd.c:153 +#: plugins/sudoers/set_perms.c:365 plugins/sudoers/set_perms.c:704 +#: plugins/sudoers/set_perms.c:1067 plugins/sudoers/set_perms.c:1370 +#: plugins/sudoers/set_perms.c:1535 plugins/sudoers/sssd.c:153 #: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 #: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 #: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 -#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 -#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 -#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 -#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 -#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:113 -#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 -#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 -#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 -#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 -#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 -#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:331 plugins/sudoers/sudoers.c:341 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:735 +#: plugins/sudoers/sudoers.c:864 plugins/sudoers/sudoers.c:909 +#: plugins/sudoers/sudoers.c:1213 plugins/sudoers/sudoreplay.c:559 +#: plugins/sudoers/sudoreplay.c:562 plugins/sudoers/sudoreplay.c:1218 +#: plugins/sudoers/sudoreplay.c:1425 plugins/sudoers/sudoreplay.c:1429 +#: plugins/sudoers/testsudoers.c:136 plugins/sudoers/testsudoers.c:236 +#: plugins/sudoers/testsudoers.c:253 plugins/sudoers/testsudoers.c:587 +#: plugins/sudoers/timestamp.c:439 plugins/sudoers/timestamp.c:483 +#: plugins/sudoers/timestamp.c:993 plugins/sudoers/toke_util.c:59 +#: plugins/sudoers/toke_util.c:112 plugins/sudoers/toke_util.c:136 +#: plugins/sudoers/toke_util.c:165 plugins/sudoers/tsdump.c:130 #: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 #: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 #: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 @@ -249,12 +259,455 @@ msgid "%s: %s" msgstr "%s: %s" +#: lib/iolog/iolog_fileio.c:164 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s istnieje, ale nie jest katalogiem (0%o)" + +#: lib/iolog/iolog_fileio.c:194 lib/iolog/iolog_fileio.c:240 +#: plugins/sudoers/timestamp.c:212 +#, c-format +msgid "unable to mkdir %s" +msgstr "nie udało się wykonać mkdir %s" + +#: lib/iolog/iolog_fileio.c:244 plugins/sudoers/visudo.c:739 +#: plugins/sudoers/visudo.c:750 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "nie udało się zmienić uprawnień %s na 0%o" + +#: lib/iolog/iolog_util.c:83 +#, c-format +msgid "%s: invalid log file" +msgstr "%s: błędny plik logu" + +#: lib/iolog/iolog_util.c:101 +#, c-format +msgid "%s: time stamp field is missing" +msgstr "%s: brak pola znacznika czasu" + +#: lib/iolog/iolog_util.c:107 +#, c-format +msgid "%s: time stamp %s: %s" +msgstr "%s: znacznik czasu %s: %s" + +#: lib/iolog/iolog_util.c:114 +#, c-format +msgid "%s: user field is missing" +msgstr "%s: brak pola z użytkownikiem" + +#: lib/iolog/iolog_util.c:123 +#, c-format +msgid "%s: runas user field is missing" +msgstr "%s: brak pola z użytkownikiem runas" + +#: lib/iolog/iolog_util.c:132 +#, c-format +msgid "%s: runas group field is missing" +msgstr "%s: brak pola z grupą runas" + +#: lib/iolog/iolog_util.c:382 +#, c-format +msgid "error reading timing file: %s" +msgstr "błąd podczas czytania pliku czasu: %s" + +#: lib/iolog/iolog_util.c:389 +#, c-format +msgid "invalid timing file line: %s" +msgstr "błędna linia pliku czasu: %s" + +#: logsrvd/eventlog.c:228 plugins/sudoers/cvtsudoers_ldif.c:247 +#: plugins/sudoers/cvtsudoers_ldif.c:254 plugins/sudoers/cvtsudoers_ldif.c:566 +#: plugins/sudoers/env.c:330 plugins/sudoers/env.c:337 +#: plugins/sudoers/env.c:442 plugins/sudoers/iolog.c:550 +#: plugins/sudoers/iolog.c:566 plugins/sudoers/ldap.c:496 +#: plugins/sudoers/ldap.c:727 plugins/sudoers/ldap.c:1060 +#: plugins/sudoers/ldap_conf.c:227 plugins/sudoers/ldap_conf.c:317 +#: plugins/sudoers/linux_audit.c:89 plugins/sudoers/logging.c:1096 +#: plugins/sudoers/policy.c:534 plugins/sudoers/policy.c:679 +#: plugins/sudoers/policy.c:689 plugins/sudoers/prompt.c:168 +#: plugins/sudoers/sudoers.c:931 plugins/sudoers/testsudoers.c:257 +#: plugins/sudoers/toke_util.c:177 +#, c-format +msgid "internal error, %s overflow" +msgstr "błąd wewnętrzny, przepełnienie %s" + +#: logsrvd/eventlog.c:422 plugins/sudoers/logging.c:118 +#, c-format +msgid "%8s : %s" +msgstr "%8s : %s" + +#: logsrvd/eventlog.c:451 plugins/sudoers/logging.c:146 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "%8s : (kontynuacja polecenia) %s" + +#: logsrvd/iolog_writer.c:886 +msgid "log is already complete, cannot be restarted" +msgstr "log jest już kompletny, nie może być wznowiony" + +#: logsrvd/iolog_writer.c:917 +msgid "unable to restart log" +msgstr "nie udało się wznownić logu" + +#: logsrvd/logsrv_util.c:96 logsrvd/logsrv_util.c:103 +#: plugins/sudoers/sudoreplay.c:355 plugins/sudoers/sudoreplay.c:361 +#: plugins/sudoers/sudoreplay.c:368 +#, c-format +msgid "unable to open %s/%s" +msgstr "nie udało się otworzyć %s/%s" + +#: logsrvd/logsrv_util.c:130 +#, c-format +msgid "missing I/O log file %s/%s" +msgstr "brak pliku logu we/wy %s/%s" + +#: logsrvd/logsrv_util.c:137 +#, c-format +msgid "%s/%s: unable to seek forward %zu" +msgstr "%s/%s: nie udało przesunąć %zu w przód" + +#: logsrvd/logsrv_util.c:147 +#, c-format +msgid "unable to find resume point [%lld, %ld] in %s/%s" +msgstr "nie udało się odnaleźć punktu wznowienia [%lld, %ld] w %s/%s" + +#: logsrvd/logsrvd.c:231 logsrvd/logsrvd.c:299 logsrvd/logsrvd.c:343 +#: logsrvd/logsrvd.c:392 logsrvd/logsrvd.c:439 logsrvd/logsrvd.c:484 +#: logsrvd/logsrvd.c:510 +msgid "state machine error" +msgstr "błąd maszyny stanów" + +#: logsrvd/logsrvd.c:240 +msgid "invalid AcceptMessage" +msgstr "błędny AcceptMessage" + +#: logsrvd/logsrvd.c:251 +msgid "error parsing AcceptMessage" +msgstr "błąd analizy AcceptMessage" + +#: logsrvd/logsrvd.c:258 +msgid "error creating I/O log" +msgstr "błąd tworzenia logu we/wy" + +#: logsrvd/logsrvd.c:265 +msgid "error logging accept event" +msgstr "błąd logowania zdarzenia akceptacji" + +#: logsrvd/logsrvd.c:308 +msgid "invalid RejectMessage" +msgstr "błędny RejectMessage" + +#: logsrvd/logsrvd.c:319 +msgid "error parsing RejectMessage" +msgstr "błąd analizy RejectMessage" + +#: logsrvd/logsrvd.c:325 +msgid "error logging reject event" +msgstr "błąd logowania zdarzenia odrzucenia" + +#: logsrvd/logsrvd.c:424 +msgid "error logging alert event" +msgstr "błąd logowania zdarzenia alarmu" + +#: logsrvd/logsrvd.c:449 +msgid "error writing IoBuffer" +msgstr "błąd zapisu IoBuffer" + +#: logsrvd/logsrvd.c:495 +msgid "error writing ChangeWindowSize" +msgstr "błąd zapisu ChangeWindowSize" + +#: logsrvd/logsrvd.c:521 +msgid "error writing CommandSuspend" +msgstr "błąd zapisu CommandSuspend" + +#: logsrvd/logsrvd.c:583 +msgid "unrecognized ClientMessage type" +msgstr "nie rozpoznany typ ClientMessage" + +#: logsrvd/logsrvd.c:835 +msgid "client message too large" +msgstr "komunikat klienta zbyt duży" + +#: logsrvd/logsrvd.c:1295 logsrvd/logsrvd.c:1415 logsrvd/logsrvd.c:1539 +#: logsrvd/logsrvd.c:1631 logsrvd/sendlog.c:242 logsrvd/sendlog.c:257 +#: logsrvd/sendlog.c:290 logsrvd/sendlog.c:1264 plugins/sudoers/iolog.c:900 +#: plugins/sudoers/iolog.c:1033 plugins/sudoers/iolog.c:1131 +#: plugins/sudoers/iolog_client.c:111 plugins/sudoers/iolog_client.c:436 +#: plugins/sudoers/iolog_client.c:452 plugins/sudoers/iolog_client.c:490 +#: plugins/sudoers/iolog_client.c:1032 plugins/sudoers/iolog_client.c:1061 +#: plugins/sudoers/iolog_client.c:1133 plugins/sudoers/iolog_client.c:1239 +#: plugins/sudoers/iolog_client.c:1353 plugins/sudoers/iolog_client.c:1655 +#: plugins/sudoers/iolog_client.c:1663 plugins/sudoers/sudoreplay.c:519 +#: plugins/sudoers/sudoreplay.c:566 plugins/sudoers/sudoreplay.c:755 +#: plugins/sudoers/sudoreplay.c:867 plugins/sudoers/sudoreplay.c:957 +#: plugins/sudoers/sudoreplay.c:972 plugins/sudoers/sudoreplay.c:979 +#: plugins/sudoers/sudoreplay.c:986 plugins/sudoers/sudoreplay.c:993 +#: plugins/sudoers/sudoreplay.c:1000 plugins/sudoers/sudoreplay.c:1127 +msgid "unable to add event to queue" +msgstr "nie udało się dodać zdarzenia do kolejki" + +#: logsrvd/logsrvd.c:1407 plugins/sudoers/iolog_client.c:378 +#, c-format +msgid "Unable to attach user data to the ssl object: %s" +msgstr "Nie udało się dołączyć danych użytkownika do obiektu SSL: %s" + +#: logsrvd/logsrvd.c:1443 plugins/sudoers/iolog_client.c:1596 +#: plugins/sudoers/iolog_client.c:1604 +msgid "unable to get remote IP addr" +msgstr "nie udało się uzyskać zdalnego adresu IP" + +#: logsrvd/logsrvd.c:1692 logsrvd/sendlog.c:113 +#, c-format +msgid "" +"%s - send sudo I/O log to remote server\n" +"\n" +msgstr "" +"%s - wysłanie logu we/wy sudo na zdalny serwer\n" +"\n" + +#: logsrvd/logsrvd.c:1695 +msgid "" +"\n" +"Options:\n" +" -f, --file path to configuration file\n" +" -h --help display help message and exit\n" +" -n, --no-fork do not fork, run in the foreground\n" +" -R, --random-drop percent chance connections will drop\n" +" -V, --version display version information and exit\n" +msgstr "" +"\n" +"Opcje:\n" +" -f, --file ścieżka do pliku konfiguracyjnego\n" +" -h, --help wyświetlenie opisu i zakończenie\n" +" -n, --no-fork bez wykonywania fork, działanie pierwszoplanowe\n" +" -R, --random-drop procentowe prawdopodobieństwo gubienia połączeń\n" +" -V, --version wyświetlenie informacji o wersji i zakończenie\n" + +#: logsrvd/logsrvd.c:1747 logsrvd/sendlog.c:1513 +msgid "Protobuf-C version 1.3 or higher required" +msgstr "Wymagany Protobuf-C w wersji 1.3 lub wyższej" + +#: logsrvd/logsrvd.c:1765 +#, c-format +msgid "invalid random drop value: %s" +msgstr "błędna wartość losowego gubienia: %s" + +#: logsrvd/logsrvd.c:1769 logsrvd/sendlog.c:1551 +#: plugins/sudoers/cvtsudoers.c:233 plugins/sudoers/sudoreplay.c:302 +#: plugins/sudoers/visudo.c:184 +#, c-format +msgid "%s version %s\n" +msgstr "%s wersja %s\n" + +#: logsrvd/logsrvd_conf.c:688 +#, c-format +msgid "%s: not a fully qualified path" +msgstr "%s: nie jest pełną ścieżką" + +#: logsrvd/logsrvd_conf.c:802 +#, c-format +msgid "%s:%d unmatched '[': %s" +msgstr "%s:%d niedopasowany '[': %s" + +#: logsrvd/logsrvd_conf.c:813 +#, c-format +msgid "%s:%d invalid config section: %s" +msgstr "%s: %d błędna sekcja konfiguracji: %s" + +#: logsrvd/logsrvd_conf.c:821 +#, c-format +msgid "%s:%d invalid configuration line: %s" +msgstr "%s:%d błędna linia konfiguracji: %s" + +#: logsrvd/logsrvd_conf.c:827 +#, c-format +msgid "%s:%d expected section name: %s" +msgstr "%s:%d oczekiwano nazwy sekcji: %s" + +#: logsrvd/logsrvd_conf.c:841 +#, c-format +msgid "invalid value for %s: %s" +msgstr "błędna wartość %s: %s" + +#: logsrvd/logsrvd_conf.c:849 +#, c-format +msgid "%s:%d unknown key: %s" +msgstr "%s:%d nieznany klucz: %s" + +#: logsrvd/logsrvd_conf.c:977 +#, c-format +msgid "unknown syslog facility %s" +msgstr "nieznana wartość facility sysloga %s" + +#: logsrvd/logsrvd_conf.c:981 logsrvd/logsrvd_conf.c:985 +#: logsrvd/logsrvd_conf.c:989 +#, c-format +msgid "unknown syslog priority %s" +msgstr "nieznany priorytet sysloga %s" + +#: logsrvd/sendlog.c:116 +msgid "" +"\n" +"Options:\n" +" --help display help message and exit\n" +" -h, --host host to send logs to\n" +" -i, --iolog_id remote ID of I/O log to be resumed\n" +" -p, --port port to use when connecting to host\n" +" -r, --restart restart previous I/O log transfer\n" +" -t, --test test audit server by sending selected I/O log n times in parallel\n" +" -b, --ca-bundle certificate bundle file to verify server's cert against\n" +" -c, --cert certificate file for TLS handshake\n" +" -k, --key private key file\n" +" -V, --version display version information and exit\n" +msgstr "" +"\n" +"Opcje:\n" +" --help wyświetlenie opisu i zakończenie\n" +" -h, --host host do wysyłania logów\n" +" -i, --iolog_id zdalny ID logu we/wy do wznowienia\n" +" -p, --port port do użycia przy łączeniu z hostem\n" +" -r, --restart wznowienie poprzedniego transferu logu we/wy\n" +" -t, --test test serwera audytu przez wysłanie wybranego logu we/wy N razy równolegle\n" +" -b, --ca-bundle paczka certyfikatów do zweryfikowania certyfikatu serwera\n" +" -c, --cert plik certyfikatu do powitania TLS\n" +" -k, --key plik klucza prywatnego\n" +" -V, --version wyświetlenie informacji o wersji i zakończenie\n" + +#: logsrvd/sendlog.c:216 plugins/sudoers/iolog_client.c:409 +msgid "TLS handshake timeout occurred" +msgstr "przekroczony limit czasu powitania TLS" + +#: logsrvd/sendlog.c:237 logsrvd/sendlog.c:252 +#: plugins/sudoers/iolog_client.c:430 plugins/sudoers/iolog_client.c:446 +msgid "unable to set event" +msgstr "nie udało się ustawić zdarzenia" + +#: logsrvd/sendlog.c:262 +#, c-format +msgid "SSL_connect failed: ssl_error=%d, stack=%s\n" +msgstr "SSL_connect nie powiodło się: ssl_error=%d, stack=%s\n" + +#: logsrvd/sendlog.c:294 plugins/sudoers/iolog_client.c:115 +#: plugins/sudoers/iolog_client.c:495 plugins/sudoers/iolog_client.c:1065 +#: plugins/sudoers/iolog_client.c:1671 +msgid "error in event loop" +msgstr "błąd w pętli zdarzeń" + +#: logsrvd/sendlog.c:311 +msgid "CA bundle file was not specified" +msgstr "Nie podano pliku paczki CA" + +#: logsrvd/sendlog.c:315 +msgid "Client certificate was not specified" +msgstr "Nie podano certyfikatu klienta" + +#: logsrvd/sendlog.c:319 +#, c-format +msgid "Unable to initialize ssl context: %s" +msgstr "Nie udało się zainicjować kontekstu SSL: %s" + +#: logsrvd/sendlog.c:324 +#, c-format +msgid "Unable to allocate ssl object: %s\n" +msgstr "Nie udało się przydzielić obiektu SSL: %s\n" + +#: logsrvd/sendlog.c:329 +#, c-format +msgid "Unable to attach socket to the ssl object: %s\n" +msgstr "Nie udało się dołączyć gniazda do obiektu SSL: %s\n" + +#: logsrvd/sendlog.c:367 plugins/sudoers/iolog_client.c:150 +#, c-format +msgid "unable to look up %s:%s: %s" +msgstr "nie udało się wyszukać %s:%s: %s" + +#: logsrvd/sendlog.c:522 plugins/sudoers/sudoreplay.c:815 +#, c-format +msgid "unable to read %s/%s: %s" +msgstr "nie udało się odczytać %s/%s: %s" + +#: logsrvd/sendlog.c:543 +#, c-format +msgid "client message too large: %zu\n" +msgstr "komunikat klienta zbyt duży: %zu\n" + +#: logsrvd/sendlog.c:941 +#, c-format +msgid "%s: write buffer already in use" +msgstr "%s: bufor zapisu jest już w użyciu" + +#: logsrvd/sendlog.c:993 plugins/sudoers/iolog.c:824 +#: plugins/sudoers/iolog.c:893 +#, c-format +msgid "unexpected I/O event %d" +msgstr "nieoczekiwane zdarzenie we/wy %d" + +#: logsrvd/sendlog.c:1025 logsrvd/sendlog.c:1042 logsrvd/sendlog.c:1092 +#: plugins/sudoers/iolog_client.c:1037 plugins/sudoers/iolog_client.c:1090 +#: plugins/sudoers/iolog_client.c:1151 +#, c-format +msgid "%s: unexpected state %d" +msgstr "%s: nieoczekiwany stan %d" + +#: logsrvd/sendlog.c:1048 plugins/sudoers/iolog_client.c:1096 +msgid "invalid ServerHello" +msgstr "błędne ServerHello" + +#: logsrvd/sendlog.c:1130 plugins/sudoers/iolog_client.c:1195 +#, c-format +msgid "error message received from server: %s" +msgstr "odebrano od serwera komunikat błędu: %s" + +#: logsrvd/sendlog.c:1143 plugins/sudoers/iolog_client.c:1208 +#, c-format +msgid "abort message received from server: %s" +msgstr "odebrano od serwera komunikat zerwania: %s" + +#: logsrvd/sendlog.c:1162 plugins/sudoers/iolog_client.c:1227 +msgid "unable to unpack ServerMessage" +msgstr "nie udało się rozpakować ServerMessage" + +#: logsrvd/sendlog.c:1207 plugins/sudoers/iolog_client.c:1260 +#, c-format +msgid "%s: unexpected type_case value %d" +msgstr "%s: nieoczekiwana wartość type_case %d" + +#: logsrvd/sendlog.c:1291 +msgid "premature EOF" +msgstr "przedwczesny EOF" + +#: logsrvd/sendlog.c:1304 +#, c-format +msgid "server message too large: %u\n" +msgstr "komunikat serwera zbyt duży: %u\n" + +#: logsrvd/sendlog.c:1569 +msgid "both restart point and iolog ID must be specified" +msgstr "muszą być podane jednocześnie punkt wznowienia i ID iolog" + +#: logsrvd/sendlog.c:1636 +#, c-format +msgid "exited prematurely with state %d" +msgstr "zakończono przedwcześnie ze stanem %d" + +#: logsrvd/sendlog.c:1637 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "miniony czas wysłany do serwera [%lld, %ld]" + +#: logsrvd/sendlog.c:1639 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "odebrano od serwera punkt zatwierdzenia [%lld, %ld]" + #: plugins/sudoers/alias.c:151 #, c-format msgid "Alias \"%s\" already defined" msgstr "Alias \"%s\" jest już zdefiniowany" -#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:801 +#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:792 msgid "unable to fork" msgstr "nie udało się wykonać fork" @@ -360,33 +813,33 @@ msgid "unable to initialize PAM: %s" msgstr "nie udało się zainicjować PAM: %s" -#: plugins/sudoers/auth/pam.c:319 +#: plugins/sudoers/auth/pam.c:322 #, c-format msgid "PAM authentication error: %s" msgstr "Błąd uwierzytelniania PAM: %s" -#: plugins/sudoers/auth/pam.c:338 +#: plugins/sudoers/auth/pam.c:341 msgid "account validation failure, is your account locked?" msgstr "błąd kontroli poprawności konta - konto zablokowane?" -#: plugins/sudoers/auth/pam.c:349 +#: plugins/sudoers/auth/pam.c:352 msgid "Account or password is expired, reset your password and try again" msgstr "Konto lub hasło wygasło, należy ustawić ponownie hasło i spróbować jeszcze raz" -#: plugins/sudoers/auth/pam.c:355 +#: plugins/sudoers/auth/pam.c:358 #, c-format msgid "unable to change expired password: %s" msgstr "nie udało się zmienić przedawnionego hasła: %s" -#: plugins/sudoers/auth/pam.c:366 +#: plugins/sudoers/auth/pam.c:369 msgid "Password expired, contact your system administrator" msgstr "Hasło wygasło, proszę skontaktować się z administratorem systemu" -#: plugins/sudoers/auth/pam.c:371 +#: plugins/sudoers/auth/pam.c:374 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Konto wygasło lub w konfiguracji PAM brak sekcji \"account\" dla sudo, proszę skontaktować się z administratorem systemu" -#: plugins/sudoers/auth/pam.c:379 plugins/sudoers/auth/pam.c:384 +#: plugins/sudoers/auth/pam.c:382 plugins/sudoers/auth/pam.c:387 #, c-format msgid "PAM account management error: %s" msgstr "Błąd zarządzania kontem PAM: %s" @@ -464,7 +917,7 @@ msgid "unable to commit audit record" msgstr "nie udało się zatwierdzić rekordu audytowego" -#: plugins/sudoers/check.c:269 +#: plugins/sudoers/check.c:264 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -484,15 +937,16 @@ " 3) z dużą władzą wiąże się duża odpowiedzialność.\n" "\n" -#: plugins/sudoers/check.c:312 plugins/sudoers/check.c:322 -#: plugins/sudoers/sudoers.c:700 plugins/sudoers/sudoers.c:748 +#: plugins/sudoers/check.c:307 plugins/sudoers/check.c:317 +#: plugins/sudoers/sudoers.c:778 plugins/sudoers/sudoers.c:826 #: plugins/sudoers/tsdump.c:126 #, c-format msgid "unknown uid: %u" msgstr "nieznany uid: %u" -#: plugins/sudoers/check.c:317 plugins/sudoers/iolog.c:255 -#: plugins/sudoers/policy.c:921 plugins/sudoers/sudoers.c:1163 +#: plugins/sudoers/check.c:312 plugins/sudoers/iolog.c:121 +#: plugins/sudoers/policy.c:1034 plugins/sudoers/sudoers.c:391 +#: plugins/sudoers/sudoers.c:393 plugins/sudoers/sudoers.c:1255 #: plugins/sudoers/testsudoers.c:227 plugins/sudoers/testsudoers.c:400 #, c-format msgid "unknown user: %s" @@ -513,12 +967,6 @@ msgid "order padding: %s: %s" msgstr "wyrównanie rangi: %s: %s" -#: plugins/sudoers/cvtsudoers.c:233 plugins/sudoers/sudoreplay.c:289 -#: plugins/sudoers/visudo.c:184 -#, c-format -msgid "%s version %s\n" -msgstr "%s wersja %s\n" - #: plugins/sudoers/cvtsudoers.c:235 plugins/sudoers/visudo.c:186 #, c-format msgid "%s grammar version %d\n" @@ -539,7 +987,7 @@ msgid "%s: input and output files must be different" msgstr "%s: pliki wejściowy i wyjściowy muszą być różne" -#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:176 +#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:185 #: plugins/sudoers/testsudoers.c:266 plugins/sudoers/visudo.c:254 #: plugins/sudoers/visudo.c:610 plugins/sudoers/visudo.c:933 msgid "unable to initialize sudoers default values" @@ -571,12 +1019,10 @@ msgstr "błędny filtr: %s" #: plugins/sudoers/cvtsudoers.c:622 plugins/sudoers/cvtsudoers.c:639 -#: plugins/sudoers/cvtsudoers.c:1245 plugins/sudoers/cvtsudoers_json.c:1130 -#: plugins/sudoers/cvtsudoers_ldif.c:643 plugins/sudoers/iolog.c:413 -#: plugins/sudoers/iolog_util.c:75 plugins/sudoers/sudoers.c:914 -#: plugins/sudoers/sudoreplay.c:338 plugins/sudoers/sudoreplay.c:1431 -#: plugins/sudoers/timestamp.c:448 plugins/sudoers/tsdump.c:135 -#: plugins/sudoers/visudo.c:929 +#: plugins/sudoers/cvtsudoers.c:1249 plugins/sudoers/cvtsudoers_json.c:868 +#: plugins/sudoers/cvtsudoers_ldif.c:683 plugins/sudoers/sudoers.c:1001 +#: plugins/sudoers/sudoreplay.c:1391 plugins/sudoers/timestamp.c:448 +#: plugins/sudoers/tsdump.c:135 plugins/sudoers/visudo.c:929 #, c-format msgid "unable to open %s" msgstr "nie udało się otworzyć %s" @@ -596,14 +1042,13 @@ msgid "parse error in %s\n" msgstr "błąd składni w %s\n" -#: plugins/sudoers/cvtsudoers.c:1292 plugins/sudoers/iolog.c:500 -#: plugins/sudoers/sudoreplay.c:1135 plugins/sudoers/timestamp.c:332 -#: plugins/sudoers/timestamp.c:335 +#: plugins/sudoers/cvtsudoers.c:1296 plugins/sudoers/sudoreplay.c:1088 +#: plugins/sudoers/timestamp.c:332 plugins/sudoers/timestamp.c:335 #, c-format msgid "unable to write to %s" msgstr "nie udało się zapisać do %s" -#: plugins/sudoers/cvtsudoers.c:1315 +#: plugins/sudoers/cvtsudoers.c:1319 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -612,7 +1057,7 @@ "%s - konwersja między formatami pliku sudoers\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1317 +#: plugins/sudoers/cvtsudoers.c:1321 msgid "" "\n" "Options:\n" @@ -653,43 +1098,30 @@ " -s, --suppress=sekcje pominięcie wyjścia z podanych sekcji\n" " -V, --version wyświetlenie informacji o wersji i zakończenie" -#: plugins/sudoers/cvtsudoers_json.c:684 plugins/sudoers/cvtsudoers_json.c:720 -#: plugins/sudoers/cvtsudoers_json.c:938 +#: plugins/sudoers/cvtsudoers_json.c:487 plugins/sudoers/cvtsudoers_json.c:521 +#: plugins/sudoers/cvtsudoers_json.c:709 #, c-format msgid "unknown defaults entry \"%s\"" msgstr "nieznany wpis domyślny \"%s\"" -#: plugins/sudoers/cvtsudoers_json.c:858 plugins/sudoers/cvtsudoers_json.c:873 -#: plugins/sudoers/cvtsudoers_ldif.c:308 plugins/sudoers/cvtsudoers_ldif.c:319 +#: plugins/sudoers/cvtsudoers_json.c:647 plugins/sudoers/cvtsudoers_json.c:660 +#: plugins/sudoers/cvtsudoers_ldif.c:348 plugins/sudoers/cvtsudoers_ldif.c:359 #: plugins/sudoers/ldap.c:482 msgid "unable to get GMT time" msgstr "nie udało się pobrać czasu GMT" -#: plugins/sudoers/cvtsudoers_json.c:861 plugins/sudoers/cvtsudoers_json.c:876 -#: plugins/sudoers/cvtsudoers_ldif.c:311 plugins/sudoers/cvtsudoers_ldif.c:322 +#: plugins/sudoers/cvtsudoers_json.c:650 plugins/sudoers/cvtsudoers_json.c:663 +#: plugins/sudoers/cvtsudoers_ldif.c:351 plugins/sudoers/cvtsudoers_ldif.c:362 #: plugins/sudoers/ldap.c:488 msgid "unable to format timestamp" msgstr "nie udało się sformatować znacznika czasu" -#: plugins/sudoers/cvtsudoers_ldif.c:526 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:337 plugins/sudoers/env.c:442 -#: plugins/sudoers/ldap.c:496 plugins/sudoers/ldap.c:727 -#: plugins/sudoers/ldap.c:1060 plugins/sudoers/ldap_conf.c:227 -#: plugins/sudoers/ldap_conf.c:317 plugins/sudoers/linux_audit.c:89 -#: plugins/sudoers/logging.c:1105 plugins/sudoers/policy.c:625 -#: plugins/sudoers/policy.c:635 plugins/sudoers/prompt.c:168 -#: plugins/sudoers/sudoers.c:852 plugins/sudoers/testsudoers.c:257 -#: plugins/sudoers/toke_util.c:161 -#, c-format -msgid "internal error, %s overflow" -msgstr "błąd wewnętrzny, przepełnienie %s" - -#: plugins/sudoers/cvtsudoers_ldif.c:595 +#: plugins/sudoers/cvtsudoers_ldif.c:635 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "zbyt dużo wpisów sudoers, maksimum to %u" -#: plugins/sudoers/cvtsudoers_ldif.c:638 +#: plugins/sudoers/cvtsudoers_ldif.c:678 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "zmienna środowiskowa SUDOERS_BASE nie jest ustawiona i nie podano opcji -b." @@ -1098,8 +1530,8 @@ #: plugins/sudoers/def_data.c:406 #, c-format -msgid "Maximum I/O log sequence number: %u" -msgstr "Maksymalny numer sekwencji logu we/wy: %u" +msgid "Maximum I/O log sequence number: %s" +msgstr "Maksymalny numer sekwencji logu we/wy: %s" #: plugins/sudoers/def_data.c:410 msgid "Enable sudoers netgroup support" @@ -1209,62 +1641,106 @@ msgid "Log when a command is denied by sudoers" msgstr "Logowanie kiedy polecenie jest zabronione przez sudoers" -#: plugins/sudoers/defaults.c:231 +#: plugins/sudoers/def_data.c:510 +msgid "Sudo log server(s) to connect to with optional port" +msgstr "Serwer(y) logów sudo do połączenia, z opcjonalnym portem" + +#: plugins/sudoers/def_data.c:514 +#, c-format +msgid "Sudo log server timeout in seconds: %u" +msgstr "Limit czasu serwera logów sudo w sekundach: %u" + +#: plugins/sudoers/def_data.c:518 +msgid "Enable SO_KEEPALIVE socket option on the socket connected to the logserver" +msgstr "Włączenie opcji gniazda SO_KEEPALIVE na gnieździe połączonym z serwerem logów" + +#: plugins/sudoers/def_data.c:522 +#, c-format +msgid "Path to the audit server's CA bundle file: %s" +msgstr "Ścieżka do pliku paczki CA serwera audytu: %s" + +#: plugins/sudoers/def_data.c:526 +#, c-format +msgid "Path to the sudoers certificate file: %s" +msgstr "Ścieżka do pliku certyfikatu sudoers: %s" + +#: plugins/sudoers/def_data.c:530 +#, c-format +msgid "Path to the sudoers private key file: %s" +msgstr "Ścieżka do pliku klucza prywatnego sudoers: %s" + +#: plugins/sudoers/def_data.c:534 +msgid "Allow the use of unknown runas user and/or group ID" +msgstr "Zezwolenie na użycie nieznanego ID użytkownika i/lub grupy runas" + +#: plugins/sudoers/def_data.c:538 +msgid "Only permit running commands as a user with a valid shell" +msgstr "Zezwolenie na uruchamianie poleceń tylko jako użytkownik z prawidłową powłoką" + +#: plugins/sudoers/def_data.c:542 +msgid "Set the pam remote user to the user running sudo" +msgstr "Ustawienie użytkownika zdalnego PAM na użytkownika uruchamiającego sudo" + +#: plugins/sudoers/def_data.c:546 +msgid "Set the pam remote host to the local host name" +msgstr "Ustawienie hosta zdalnego PAM nazwę hosta lokalnego" + +#: plugins/sudoers/defaults.c:190 #, c-format msgid "%s:%d unknown defaults entry \"%s\"" msgstr "%s:%d: nieznany wpis domyślny \"%s\"" -#: plugins/sudoers/defaults.c:234 +#: plugins/sudoers/defaults.c:193 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "%s: nieznany wpis domyślny \"%s\"" -#: plugins/sudoers/defaults.c:277 +#: plugins/sudoers/defaults.c:236 #, c-format msgid "%s:%d no value specified for \"%s\"" msgstr "%s:%d: nie podano wartości dla \"%s\"" -#: plugins/sudoers/defaults.c:280 +#: plugins/sudoers/defaults.c:239 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "%s: nie podano wartości dla \"%s\"" -#: plugins/sudoers/defaults.c:300 +#: plugins/sudoers/defaults.c:259 #, c-format msgid "%s:%d values for \"%s\" must start with a '/'" msgstr "%s:%d: wartości \"%s\" muszą zaczynać się od '/'" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:262 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s: wartości \"%s\" muszą zaczynać się od '/'" -#: plugins/sudoers/defaults.c:325 +#: plugins/sudoers/defaults.c:284 #, c-format msgid "%s:%d option \"%s\" does not take a value" msgstr "%s:%d: opcja \"%s\" nie przyjmuje wartości" -#: plugins/sudoers/defaults.c:328 +#: plugins/sudoers/defaults.c:287 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s: opcja \"%s\" nie przyjmuje wartości" -#: plugins/sudoers/defaults.c:353 +#: plugins/sudoers/defaults.c:312 #, c-format msgid "%s:%d invalid Defaults type 0x%x for option \"%s\"" msgstr "%s:%d: błędny typ Defaults 0x%x dla opcji \"%s\"" -#: plugins/sudoers/defaults.c:356 +#: plugins/sudoers/defaults.c:315 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s: błędny typ Defaults 0x%x dla opcji \"%s\"" -#: plugins/sudoers/defaults.c:366 +#: plugins/sudoers/defaults.c:325 #, c-format msgid "%s:%d value \"%s\" is invalid for option \"%s\"" msgstr "%s:%d: błędna wartość \"%s\" dla opcji \"%s\"" -#: plugins/sudoers/defaults.c:369 +#: plugins/sudoers/defaults.c:328 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s: błędna wartość \"%s\" dla opcji \"%s\"" @@ -1273,11 +1749,11 @@ msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: uszkodzone envp, niezgodność długości" -#: plugins/sudoers/env.c:1132 +#: plugins/sudoers/env.c:1133 msgid "unable to rebuild the environment" msgstr "nie udało się przebudować środowiska" -#: plugins/sudoers/env.c:1206 +#: plugins/sudoers/env.c:1207 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "niestety nie jest dozwolone ustawianie następujących zmiennych środowiskowych: %s" @@ -1302,27 +1778,27 @@ msgid "%s: read error" msgstr "%s: błąd odczytu" -#: plugins/sudoers/group_plugin.c:90 +#: plugins/sudoers/group_plugin.c:91 #, c-format msgid "%s must be owned by uid %d" msgstr "właścicielem %s musi być uid %d" -#: plugins/sudoers/group_plugin.c:94 +#: plugins/sudoers/group_plugin.c:95 #, c-format msgid "%s must only be writable by owner" msgstr "prawo zapisu do %s może mieć tylko właściciel" -#: plugins/sudoers/group_plugin.c:102 plugins/sudoers/sssd.c:562 +#: plugins/sudoers/group_plugin.c:104 plugins/sudoers/sssd.c:562 #, c-format msgid "unable to load %s: %s" msgstr "nie udało się załadować %s: %s" -#: plugins/sudoers/group_plugin.c:108 +#: plugins/sudoers/group_plugin.c:110 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "nie udało się odnaleźć symbolu \"group_plugin\" w %s" -#: plugins/sudoers/group_plugin.c:113 +#: plugins/sudoers/group_plugin.c:115 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: niezgodna główna wersja wtyczki grup %d, oczekiwano %d" @@ -1341,87 +1817,143 @@ msgid "Local IP address and netmask pairs:\n" msgstr "Pary lokalnych adresów IP i masek:\n" -#: plugins/sudoers/iolog.c:117 plugins/sudoers/mkdir_parents.c:82 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s istnieje, ale nie jest katalogiem (0%o)" - -#: plugins/sudoers/iolog.c:142 plugins/sudoers/iolog.c:182 -#: plugins/sudoers/mkdir_parents.c:71 plugins/sudoers/timestamp.c:212 -#, c-format -msgid "unable to mkdir %s" -msgstr "nie udało się wykonać mkdir %s" - -#: plugins/sudoers/iolog.c:186 plugins/sudoers/visudo.c:739 -#: plugins/sudoers/visudo.c:750 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "nie udało się zmienić uprawnień %s na 0%o" - -#: plugins/sudoers/iolog.c:294 plugins/sudoers/sudoers.c:1194 +#: plugins/sudoers/iolog.c:146 plugins/sudoers/sudoers.c:398 +#: plugins/sudoers/sudoers.c:400 plugins/sudoers/sudoers.c:1289 #: plugins/sudoers/testsudoers.c:424 #, c-format msgid "unknown group: %s" msgstr "nieznana grupa: %s" -#: plugins/sudoers/iolog.c:464 plugins/sudoers/sudoers.c:918 -#: plugins/sudoers/sudoreplay.c:846 plugins/sudoers/sudoreplay.c:1542 -#: plugins/sudoers/tsdump.c:145 +#: plugins/sudoers/iolog.c:505 plugins/sudoers/iolog.c:788 +#: plugins/sudoers/iolog.c:938 plugins/sudoers/iolog.c:945 +#: plugins/sudoers/iolog.c:1066 plugins/sudoers/iolog.c:1073 +#: plugins/sudoers/iolog.c:1172 plugins/sudoers/iolog.c:1179 #, c-format -msgid "unable to read %s" -msgstr "nie udało się odczytać %s" +msgid "unable to write to I/O log file: %s" +msgstr "nie udało się zapisać do pliku logu we/wy: %s" -#: plugins/sudoers/iolog.c:579 plugins/sudoers/iolog.c:801 -#, c-format -msgid "unable to create %s" -msgstr "nie udało się utworzyć %s" +#: plugins/sudoers/iolog.c:555 +msgid "unable to update sequence file" +msgstr "nie udało się uaktualnić pliku sekwencji" -#: plugins/sudoers/iolog.c:824 plugins/sudoers/iolog.c:1039 -#: plugins/sudoers/iolog.c:1115 plugins/sudoers/iolog.c:1209 -#: plugins/sudoers/iolog.c:1270 +#: plugins/sudoers/iolog.c:594 #, c-format -msgid "unable to write to I/O log file: %s" -msgstr "nie udało się zapisać do pliku logu we/wy: %s" +msgid "unable to create %s/%s" +msgstr "nie udało się utworzyć %s/%s" + +#: plugins/sudoers/iolog.c:622 +msgid "unable to connect to log server" +msgstr "nie udało się połączyć z serwerem logów" -#: plugins/sudoers/iolog.c:1073 +#: plugins/sudoers/iolog.c:830 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s: błąd wewnętrzny, plik logu we/wy dla zdarzenia %d nie jest otwarty" -#: plugins/sudoers/iolog.c:1233 +#: plugins/sudoers/iolog.c:923 plugins/sudoers/iolog.c:1051 +#: plugins/sudoers/iolog.c:1156 plugins/sudoers/timestamp.c:862 +#: plugins/sudoers/timestamp.c:954 plugins/sudoers/visudo.c:498 +#: plugins/sudoers/visudo.c:504 +msgid "unable to read the clock" +msgstr "nie udało się odczytać zegara" + +#: plugins/sudoers/iolog.c:1148 plugins/sudoers/iolog_client.c:862 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "%s: błąd wewnętrzny, błędny sygnał %d" -#: plugins/sudoers/iolog_util.c:90 +#: plugins/sudoers/iolog_client.c:297 #, c-format -msgid "%s: invalid log file" -msgstr "%s: błędny plik logu" +msgid "Creation of new SSL_CTX object failed: %s" +msgstr "Utworzenie nowego obiektu SSL_CTX nie powiodło się: %s" + +#: plugins/sudoers/iolog_client.c:320 +msgid "CA bundle file is not set in sudoers" +msgstr "Nie ustawiono pliku paczki CA w sudoers" -#: plugins/sudoers/iolog_util.c:108 +#: plugins/sudoers/iolog_client.c:327 #, c-format -msgid "%s: time stamp field is missing" -msgstr "%s: brak pola znacznika czasu" +msgid "Calling SSL_CTX_load_verify_locations() failed: %s" +msgstr "Wywołanie SSL_CTX_load_verify_locations() nie powiodło się: %s" -#: plugins/sudoers/iolog_util.c:114 +#: plugins/sudoers/iolog_client.c:339 +msgid "Signed certificate file is not set in sudoers" +msgstr "Nie ustawiono pliku podpisanego certyfikatu w sudoers" + +#: plugins/sudoers/iolog_client.c:345 #, c-format -msgid "%s: time stamp %s: %s" -msgstr "%s: znacznik czasu %s: %s" +msgid "Unable to load cert into the ssl context: %s" +msgstr "Nie udało się załadować certyfikatu do kontekstu SSL: %s" -#: plugins/sudoers/iolog_util.c:121 +#: plugins/sudoers/iolog_client.c:356 #, c-format -msgid "%s: user field is missing" -msgstr "%s: brak pola z użytkownikiem" +msgid "Unable to load private key into the ssl context: %s" +msgstr "Nie udało się załadować klucza prywatnego do kontekstu SSL: %s" -#: plugins/sudoers/iolog_util.c:130 +#: plugins/sudoers/iolog_client.c:363 #, c-format -msgid "%s: runas user field is missing" -msgstr "%s: brak pola z użytkownikiem runas" +msgid "Unable to allocate ssl object: %s" +msgstr "Nie udało się przydzielić obiektu SSL: %s" -#: plugins/sudoers/iolog_util.c:139 +#: plugins/sudoers/iolog_client.c:369 #, c-format -msgid "%s: runas group field is missing" -msgstr "%s: brak pola z grupą runas" +msgid "Unable to attach socket to the ssl object: %s" +msgstr "Nie udało się dołączyć gniazda do obiektu SSL: %s" + +#: plugins/sudoers/iolog_client.c:457 +#, c-format +msgid "SSL_connect failed: ssl_error=%d, stack=%s" +msgstr "SSL_connect nie powiodło się: ssl_error=%d, stack=%s" + +#: plugins/sudoers/iolog_client.c:599 +#, c-format +msgid "client message too large: %zu" +msgstr "komunikat klienta zbyt duży %zu" + +#: plugins/sudoers/iolog_client.c:656 plugins/sudoers/iolog_client.c:844 +msgid "unable to get time of day" +msgstr "nie udało się pobrać aktualnego czasu" + +#: plugins/sudoers/iolog_client.c:871 +#, c-format +msgid "%s: internal error, invalid exit status %d" +msgstr "%s: błąd wewnętrzny, błędny kod wyjścia %d" + +#: plugins/sudoers/iolog_client.c:1104 +msgid "TLS initialization was unsuccessful" +msgstr "Inicjowanie TLS nie powiodło się" + +#: plugins/sudoers/iolog_client.c:1109 +msgid "TLS handshake was unsuccessful" +msgstr "Powitanie TLS nie powiodło się" + +#: plugins/sudoers/iolog_client.c:1361 +#, c-format +msgid "SSL_read failed: ssl_error=%d, stack=%s" +msgstr "SSL_read nie powiodło się: ssl_error=%d, stack=%s" + +#: plugins/sudoers/iolog_client.c:1384 +msgid "lost connection to log server" +msgstr "utracono połączenie z serwerem logów" + +#: plugins/sudoers/iolog_client.c:1397 +#, c-format +msgid "server message too large: %u" +msgstr "komunikat sewera zbyt duży: %u" + +#: plugins/sudoers/iolog_client.c:1461 +msgid "missing write buffer" +msgstr "brak bufora zapisu" + +#: plugins/sudoers/iolog_client.c:1486 +#, c-format +msgid "SSL_write failed: ssl_error=%d, stack=%s" +msgstr "SSL_write nie powiodło się: ssl_error=%d, stack=%s" + +#: plugins/sudoers/iolog_client.c:1610 +#, c-format +msgid "unknown address family: %d" +msgstr "nieznana rodzina adresu: %d" #: plugins/sudoers/ldap.c:178 plugins/sudoers/ldap_conf.c:296 msgid "starttls not supported when using ldaps" @@ -1446,7 +1978,7 @@ msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "wybrano start_tls, ale biblioteki LDAP nie obsługują ldap_start_tls_s() ani ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:734 +#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:747 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "błędny atrybut sudoOrder: %s" @@ -1464,7 +1996,7 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "nie można mieszać URI ldap i ldaps" -#: plugins/sudoers/ldap_util.c:456 plugins/sudoers/ldap_util.c:458 +#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "nie można skonwertować sudoOption: %s%s%s" @@ -1477,80 +2009,62 @@ msgid "unable to send audit message" msgstr "nie udało się wysłać komunikatu audytowego" -#: plugins/sudoers/logging.c:120 -#, c-format -msgid "%8s : %s" -msgstr "%8s : %s" - -#: plugins/sudoers/logging.c:148 -#, c-format -msgid "%8s : (command continued) %s" -msgstr "%8s : (kontynuacja polecenia) %s" - -#: plugins/sudoers/logging.c:177 +#: plugins/sudoers/logging.c:175 #, c-format msgid "unable to open log file: %s" msgstr "nie udało się otworzyć pliku logu: %s" -#: plugins/sudoers/logging.c:185 +#: plugins/sudoers/logging.c:183 #, c-format msgid "unable to lock log file: %s" msgstr "nie udało się zablokować pliku logu: %s" -#: plugins/sudoers/logging.c:218 +#: plugins/sudoers/logging.c:216 #, c-format msgid "unable to write log file: %s" msgstr "nie udało się zapisać pliku logu: %s" -#: plugins/sudoers/logging.c:248 -msgid "No user or host" -msgstr "Brak użytkownika lub hosta" - -#: plugins/sudoers/logging.c:250 -msgid "validation failure" -msgstr "błąd kontroli poprawności" - -#: plugins/sudoers/logging.c:261 +#: plugins/sudoers/logging.c:249 msgid "user NOT in sudoers" msgstr "użytkownik NIE występuje w sudoers" -#: plugins/sudoers/logging.c:263 +#: plugins/sudoers/logging.c:251 msgid "user NOT authorized on host" msgstr "użytkownik NIE jest autoryzowany na hoście" -#: plugins/sudoers/logging.c:265 +#: plugins/sudoers/logging.c:253 msgid "command not allowed" msgstr "polecenie niedozwolone" -#: plugins/sudoers/logging.c:301 +#: plugins/sudoers/logging.c:296 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s nie występuje w pliku sudoers. Ten incydent zostanie zgłoszony.\n" -#: plugins/sudoers/logging.c:304 +#: plugins/sudoers/logging.c:299 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s nie ma uprawnień do uruchamiania sudo na %s. Ten incydent zostanie zgłoszony.\n" -#: plugins/sudoers/logging.c:308 +#: plugins/sudoers/logging.c:303 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Niestety użytkownik %s nie może uruchamiać sudo na %s.\n" -#: plugins/sudoers/logging.c:311 +#: plugins/sudoers/logging.c:306 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Niestety użytkownik %s nie ma uprawnień do uruchamiania '%s%s%s' jako %s%s%s na %s.\n" -#: plugins/sudoers/logging.c:348 plugins/sudoers/sudoers.c:442 -#: plugins/sudoers/sudoers.c:444 plugins/sudoers/sudoers.c:446 -#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:603 -#: plugins/sudoers/sudoers.c:605 +#: plugins/sudoers/logging.c:343 plugins/sudoers/sudoers.c:518 +#: plugins/sudoers/sudoers.c:520 plugins/sudoers/sudoers.c:522 +#: plugins/sudoers/sudoers.c:524 plugins/sudoers/sudoers.c:675 +#: plugins/sudoers/sudoers.c:677 #, c-format msgid "%s: command not found" msgstr "%s: nie znaleziono polecenia" -#: plugins/sudoers/logging.c:350 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/logging.c:345 plugins/sudoers/sudoers.c:514 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -1559,15 +2073,15 @@ "zignorowano plik \"%s\" znaleziony w '.'\n" "Proszę użyć \"sudo ./%s\", jeśli to \"%s\" ma być uruchomiony." -#: plugins/sudoers/logging.c:367 +#: plugins/sudoers/logging.c:362 msgid "authentication failure" msgstr "błąd uwierzytelniania" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:388 msgid "a password is required" msgstr "wymagane jest hasło" -#: plugins/sudoers/logging.c:463 +#: plugins/sudoers/logging.c:458 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" @@ -1575,37 +2089,31 @@ msgstr[1] "%u błędne próby wprowadzenia hasła" msgstr[2] "%u błędnych prób wprowadzenia hasła" -#: plugins/sudoers/logging.c:728 +#: plugins/sudoers/logging.c:722 #, c-format msgid "unable to dup stdin: %m" msgstr "nie udało się wykonać dup na stdin: %m" -#: plugins/sudoers/logging.c:768 +#: plugins/sudoers/logging.c:759 #, c-format msgid "unable to execute %s: %m" msgstr "nie udało się wywołać %s: %m" -#: plugins/sudoers/logging.c:809 plugins/sudoers/logging.c:865 +#: plugins/sudoers/logging.c:800 plugins/sudoers/logging.c:856 #, c-format msgid "unable to fork: %m" msgstr "nie udało się wykonać fork: %m" -#: plugins/sudoers/logging.c:855 +#: plugins/sudoers/logging.c:846 #, c-format msgid "unable to open pipe: %m" msgstr "nie udało się otworzyć potoku: %m" -#: plugins/sudoers/match_digest.c:103 +#: plugins/sudoers/match_digest.c:123 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "skrót dla %s (%s) nie jest w postaci %s" -#: plugins/sudoers/mkdir_parents.c:77 plugins/sudoers/sudoers.c:943 -#: plugins/sudoers/visudo.c:437 plugins/sudoers/visudo.c:733 -#, c-format -msgid "unable to stat %s" -msgstr "nie udało się wykonać stat na %s" - #: plugins/sudoers/parse.c:449 #, c-format msgid "" @@ -1664,22 +2172,22 @@ msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Użytkownik %s nie ma uprawnień do uruchamiania sudo na %s.\n" -#: plugins/sudoers/parse_ldif.c:604 +#: plugins/sudoers/parse_ldif.c:617 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "zignorowano niekompletne sudoRole: cn: %s" -#: plugins/sudoers/parse_ldif.c:664 +#: plugins/sudoers/parse_ldif.c:677 #, c-format msgid "invalid LDIF attribute: %s" msgstr "błędny atrybut LDIF: %s" -#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:116 +#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:115 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "błędna wartość %.*s ustawiona przez frontend sudo" -#: plugins/sudoers/policy.c:295 plugins/sudoers/testsudoers.c:280 +#: plugins/sudoers/policy.c:294 plugins/sudoers/testsudoers.c:280 msgid "unable to parse network address list" msgstr "nie udało się przeanalizować listy adresów sieciowych" @@ -1699,23 +2207,23 @@ msgid "host name not set by sudo front-end" msgstr "nazwa hosta nie ustawiona przez frontend sudo" -#: plugins/sudoers/policy.c:808 plugins/sudoers/visudo.c:236 +#: plugins/sudoers/policy.c:897 plugins/sudoers/visudo.c:236 #: plugins/sudoers/visudo.c:867 #, c-format msgid "unable to execute %s" msgstr "nie udało się wywołać %s" -#: plugins/sudoers/policy.c:939 +#: plugins/sudoers/policy.c:1055 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Wersja wtyczki polityki sudoers %s\n" -#: plugins/sudoers/policy.c:941 +#: plugins/sudoers/policy.c:1057 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Wersja gramatyki pliku sudoers %d\n" -#: plugins/sudoers/policy.c:945 +#: plugins/sudoers/policy.c:1061 #, c-format msgid "" "\n" @@ -1724,22 +2232,22 @@ "\n" "Ścieżka do sudoers: %s\n" -#: plugins/sudoers/policy.c:948 +#: plugins/sudoers/policy.c:1064 #, c-format msgid "nsswitch path: %s\n" msgstr "ścieżka do nsswitch: %s\n" -#: plugins/sudoers/policy.c:950 +#: plugins/sudoers/policy.c:1066 #, c-format msgid "ldap.conf path: %s\n" msgstr "ścieżka do ldap.conf: %s\n" -#: plugins/sudoers/policy.c:951 +#: plugins/sudoers/policy.c:1067 #, c-format msgid "ldap.secret path: %s\n" msgstr "ścieżka do ldap.secret: %s\n" -#: plugins/sudoers/policy.c:984 +#: plugins/sudoers/policy.c:1100 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "nie udało się zarejestrować uchwytu typu %d (wersja %d.%d)" @@ -1808,48 +2316,48 @@ msgid "unable to parse gids for %s" msgstr "nie udało się przeanalizować gidów dla %s" -#: plugins/sudoers/set_perms.c:120 plugins/sudoers/set_perms.c:478 -#: plugins/sudoers/set_perms.c:921 plugins/sudoers/set_perms.c:1254 -#: plugins/sudoers/set_perms.c:1573 +#: plugins/sudoers/set_perms.c:120 plugins/sudoers/set_perms.c:447 +#: plugins/sudoers/set_perms.c:850 plugins/sudoers/set_perms.c:1156 +#: plugins/sudoers/set_perms.c:1450 msgid "perm stack overflow" msgstr "przepełnienie stosu uprawnień" -#: plugins/sudoers/set_perms.c:128 plugins/sudoers/set_perms.c:409 -#: plugins/sudoers/set_perms.c:486 plugins/sudoers/set_perms.c:788 -#: plugins/sudoers/set_perms.c:929 plugins/sudoers/set_perms.c:1178 -#: plugins/sudoers/set_perms.c:1262 plugins/sudoers/set_perms.c:1506 -#: plugins/sudoers/set_perms.c:1581 plugins/sudoers/set_perms.c:1672 +#: plugins/sudoers/set_perms.c:128 plugins/sudoers/set_perms.c:378 +#: plugins/sudoers/set_perms.c:455 plugins/sudoers/set_perms.c:717 +#: plugins/sudoers/set_perms.c:858 plugins/sudoers/set_perms.c:1080 +#: plugins/sudoers/set_perms.c:1164 plugins/sudoers/set_perms.c:1383 +#: plugins/sudoers/set_perms.c:1458 plugins/sudoers/set_perms.c:1548 msgid "perm stack underflow" msgstr "niedopełnienie stosu uprawnień" -#: plugins/sudoers/set_perms.c:187 plugins/sudoers/set_perms.c:532 -#: plugins/sudoers/set_perms.c:1315 plugins/sudoers/set_perms.c:1614 +#: plugins/sudoers/set_perms.c:187 plugins/sudoers/set_perms.c:501 +#: plugins/sudoers/set_perms.c:1217 plugins/sudoers/set_perms.c:1491 msgid "unable to change to root gid" msgstr "nie udało się zmienić na gid roota" -#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:629 -#: plugins/sudoers/set_perms.c:1060 plugins/sudoers/set_perms.c:1392 +#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:598 +#: plugins/sudoers/set_perms.c:989 plugins/sudoers/set_perms.c:1294 msgid "unable to change to runas gid" msgstr "nie udało się zmienić na docelowy gid" -#: plugins/sudoers/set_perms.c:283 plugins/sudoers/set_perms.c:634 -#: plugins/sudoers/set_perms.c:1065 plugins/sudoers/set_perms.c:1397 +#: plugins/sudoers/set_perms.c:283 plugins/sudoers/set_perms.c:603 +#: plugins/sudoers/set_perms.c:994 plugins/sudoers/set_perms.c:1299 msgid "unable to set runas group vector" msgstr "nie udało się ustawić wektora grup docelowych" -#: plugins/sudoers/set_perms.c:294 plugins/sudoers/set_perms.c:645 -#: plugins/sudoers/set_perms.c:1074 plugins/sudoers/set_perms.c:1406 +#: plugins/sudoers/set_perms.c:294 plugins/sudoers/set_perms.c:614 +#: plugins/sudoers/set_perms.c:1003 plugins/sudoers/set_perms.c:1308 msgid "unable to change to runas uid" msgstr "nie udało się zmienić na docelowy uid" -#: plugins/sudoers/set_perms.c:312 plugins/sudoers/set_perms.c:663 -#: plugins/sudoers/set_perms.c:1090 plugins/sudoers/set_perms.c:1422 +#: plugins/sudoers/set_perms.c:312 plugins/sudoers/set_perms.c:632 +#: plugins/sudoers/set_perms.c:1019 plugins/sudoers/set_perms.c:1324 msgid "unable to change to sudoers gid" msgstr "nie udało się zmienić na gid sudoers" -#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 -#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 -#: plugins/sudoers/set_perms.c:1659 +#: plugins/sudoers/set_perms.c:365 plugins/sudoers/set_perms.c:704 +#: plugins/sudoers/set_perms.c:1067 plugins/sudoers/set_perms.c:1370 +#: plugins/sudoers/set_perms.c:1535 msgid "too many processes" msgstr "zbyt dużo procesów" @@ -1882,209 +2390,228 @@ msgid "unable to find symbol \"%s\" in %s" msgstr "nie udało się odnaleźć symbolu \"%s\" w %s" -#: plugins/sudoers/sudoers.c:212 plugins/sudoers/sudoers.c:871 +#: plugins/sudoers/sudoers.c:221 plugins/sudoers/sudoers.c:958 msgid "problem with defaults entries" msgstr "problem z wpisami domyślnymi" -#: plugins/sudoers/sudoers.c:216 +#: plugins/sudoers/sudoers.c:225 msgid "no valid sudoers sources found, quitting" msgstr "nie znaleziono poprawnych źródeł sudoers, zakończenie" -#: plugins/sudoers/sudoers.c:254 +#: plugins/sudoers/sudoers.c:301 msgid "sudoers specifies that root is not allowed to sudo" msgstr "wg sudoers root nie ma prawa używać sudo" -#: plugins/sudoers/sudoers.c:312 +#: plugins/sudoers/sudoers.c:361 +msgid "user not allowed to override closefrom limit" +msgstr "użytkownik nie ma pozwolenia na zmianę limitu closefrom" + +#: plugins/sudoers/sudoers.c:362 msgid "you are not permitted to use the -C option" msgstr "brak uprawnień do używania opcji -C" -#: plugins/sudoers/sudoers.c:359 +#: plugins/sudoers/sudoers.c:426 #, c-format msgid "timestamp owner (%s): No such user" msgstr "właściciel znacznika czasu (%s): nie ma takiego użytkownika" -#: plugins/sudoers/sudoers.c:374 +#: plugins/sudoers/sudoers.c:441 msgid "no tty" msgstr "brak tty" -#: plugins/sudoers/sudoers.c:375 +#: plugins/sudoers/sudoers.c:442 msgid "sorry, you must have a tty to run sudo" msgstr "niestety do uruchomienia sudo konieczny jest tty" -#: plugins/sudoers/sudoers.c:437 +#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:450 +#, c-format +msgid "invalid shell for user %s: %s" +msgstr "błędna powłoka użytkownika %s: %s" + +#: plugins/sudoers/sudoers.c:513 msgid "command in current directory" msgstr "polecenie w bieżącym katalogu" -#: plugins/sudoers/sudoers.c:456 +#: plugins/sudoers/sudoers.c:532 +msgid "user not allowed to set a command timeout" +msgstr "użytkownik nie ma uprawnień do ustawienia limitu czasu polecenia" + +#: plugins/sudoers/sudoers.c:533 msgid "sorry, you are not allowed set a command timeout" msgstr "niestety brak uprawnień do ustawienia limitu czasu polecenia" -#: plugins/sudoers/sudoers.c:464 +#: plugins/sudoers/sudoers.c:541 +msgid "user not allowed to set a preserve the environment" +msgstr "użytkownik nie ma uprawnień do włączenia zachowania środowiska" + +#: plugins/sudoers/sudoers.c:542 msgid "sorry, you are not allowed to preserve the environment" msgstr "niestety brak uprawnień do zachowania środowiska" -#: plugins/sudoers/sudoers.c:815 +#: plugins/sudoers/sudoers.c:893 msgid "command too long" msgstr "polecenie zbyt długie" -#: plugins/sudoers/sudoers.c:947 +#: plugins/sudoers/sudoers.c:951 +msgid "sudoedit doesn't need to be run via sudo" +msgstr "sudoedit nie musi być uruchamiany przez sudo" + +#: plugins/sudoers/sudoers.c:1005 plugins/sudoers/sudoreplay.c:1502 +#: plugins/sudoers/tsdump.c:145 +#, c-format +msgid "unable to read %s" +msgstr "nie udało się odczytać %s" + +#: plugins/sudoers/sudoers.c:1030 plugins/sudoers/visudo.c:437 +#: plugins/sudoers/visudo.c:733 +#, c-format +msgid "unable to stat %s" +msgstr "nie udało się wykonać stat na %s" + +#: plugins/sudoers/sudoers.c:1034 #, c-format msgid "%s is not a regular file" msgstr "%s nie jest zwykłym plikiem" -#: plugins/sudoers/sudoers.c:951 plugins/sudoers/timestamp.c:259 toke.l:967 +#: plugins/sudoers/sudoers.c:1038 plugins/sudoers/timestamp.c:259 toke.l:967 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "właścicielem %s jest uid %u, powinien być %u" -#: plugins/sudoers/sudoers.c:955 toke.l:972 +#: plugins/sudoers/sudoers.c:1042 toke.l:972 #, c-format msgid "%s is world writable" msgstr "%s jest zapisywalny dla świata" -#: plugins/sudoers/sudoers.c:959 toke.l:975 +#: plugins/sudoers/sudoers.c:1046 toke.l:975 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "właścicielem %s jest gid %u, powinien być %u" -#: plugins/sudoers/sudoers.c:992 +#: plugins/sudoers/sudoers.c:1079 #, c-format msgid "only root can use \"-c %s\"" msgstr "tylko root może używać \"-c %s\"" -#: plugins/sudoers/sudoers.c:1011 +#: plugins/sudoers/sudoers.c:1098 #, c-format msgid "unknown login class: %s" msgstr "nieznana klasa logowania: %s" -#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoers.c:1110 +#: plugins/sudoers/sudoers.c:1183 plugins/sudoers/sudoers.c:1198 #, c-format msgid "unable to resolve host %s" msgstr "nie udało się rozwiązać nazwy hosta %s" -#: plugins/sudoers/sudoreplay.c:250 +#: plugins/sudoers/sudoreplay.c:263 #, c-format msgid "invalid filter option: %s" msgstr "błędna opcja filtra: %s" -#: plugins/sudoers/sudoreplay.c:263 +#: plugins/sudoers/sudoreplay.c:276 #, c-format msgid "invalid max wait: %s" msgstr "błędny maksymalny czas oczekiwania: %s" -#: plugins/sudoers/sudoreplay.c:286 +#: plugins/sudoers/sudoreplay.c:299 #, c-format msgid "invalid speed factor: %s" msgstr "błędny współczynnik szybkości: %s" -#: plugins/sudoers/sudoreplay.c:321 +#: plugins/sudoers/sudoreplay.c:335 #, c-format -msgid "%s/%.2s/%.2s/%.2s/timing: %s" -msgstr "%s/%.2s/%.2s/%.2s/czas: %s" +msgid "%s/%.2s/%.2s/%.2s: %s" +msgstr "%s/%.2s/%.2s/%.2s: %s" -#: plugins/sudoers/sudoreplay.c:326 +#: plugins/sudoers/sudoreplay.c:340 #, c-format msgid "%s/timing: %s" msgstr "%s/czas: %s" -#: plugins/sudoers/sudoreplay.c:330 +#: plugins/sudoers/sudoreplay.c:344 #, c-format -msgid "%s/%s/timing: %s" -msgstr "%s/%s/czas: %s" +msgid "%s/%s: %s" +msgstr "%s/%s: %s" -#: plugins/sudoers/sudoreplay.c:346 +#: plugins/sudoers/sudoreplay.c:372 #, c-format msgid "Replaying sudo session: %s" msgstr "Odtwarzanie sesji sudo: %s" -#: plugins/sudoers/sudoreplay.c:544 plugins/sudoers/sudoreplay.c:591 -#: plugins/sudoers/sudoreplay.c:789 plugins/sudoers/sudoreplay.c:898 -#: plugins/sudoers/sudoreplay.c:983 plugins/sudoers/sudoreplay.c:998 -#: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/sudoreplay.c:1012 -#: plugins/sudoers/sudoreplay.c:1019 plugins/sudoers/sudoreplay.c:1026 -#: plugins/sudoers/sudoreplay.c:1174 -msgid "unable to add event to queue" -msgstr "nie udało się dodać zdarzenia do kolejki" - -#: plugins/sudoers/sudoreplay.c:659 +#: plugins/sudoers/sudoreplay.c:634 msgid "unable to set tty to raw mode" msgstr "nie udało się przestawić tty w tryb surowy" -#: plugins/sudoers/sudoreplay.c:710 +#: plugins/sudoers/sudoreplay.c:685 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Uwaga: ten terminal jest za mały, aby właściwie odtworzyć log.\n" -#: plugins/sudoers/sudoreplay.c:711 +#: plugins/sudoers/sudoreplay.c:686 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Geometria logu to %d x %d, geometria terminala to %d x %d." -#: plugins/sudoers/sudoreplay.c:739 +#: plugins/sudoers/sudoreplay.c:714 msgid "Replay finished, press any key to restore the terminal." msgstr "Odtwarzanie zakończone, proszę nacisnąć dowolny klawisz, aby odzyskać terminal." -#: plugins/sudoers/sudoreplay.c:772 -#, c-format -msgid "invalid timing file line: %s" -msgstr "błędna linia pliku czasu: %s" - -#: plugins/sudoers/sudoreplay.c:1208 plugins/sudoers/sudoreplay.c:1233 +#: plugins/sudoers/sudoreplay.c:1161 plugins/sudoers/sudoreplay.c:1186 #, c-format msgid "ambiguous expression \"%s\"" msgstr "niejednoznaczne wyrażenie \"%s\"" -#: plugins/sudoers/sudoreplay.c:1255 +#: plugins/sudoers/sudoreplay.c:1208 msgid "unmatched ')' in expression" msgstr "niesparowany ')' w wyrażeniu" -#: plugins/sudoers/sudoreplay.c:1259 +#: plugins/sudoers/sudoreplay.c:1212 #, c-format msgid "unknown search term \"%s\"" msgstr "nieznany warunek wyszukiwania \"%s\"" -#: plugins/sudoers/sudoreplay.c:1274 +#: plugins/sudoers/sudoreplay.c:1227 #, c-format msgid "%s requires an argument" msgstr "%s wymaga argumentu" -#: plugins/sudoers/sudoreplay.c:1277 plugins/sudoers/sudoreplay.c:1518 +#: plugins/sudoers/sudoreplay.c:1230 plugins/sudoers/sudoreplay.c:1478 #, c-format msgid "invalid regular expression: %s" msgstr "błędne wyrażenie regularne: %s" -#: plugins/sudoers/sudoreplay.c:1281 +#: plugins/sudoers/sudoreplay.c:1234 #, c-format msgid "could not parse date \"%s\"" msgstr "nie udało się przeanalizować daty \"%s\"" -#: plugins/sudoers/sudoreplay.c:1290 +#: plugins/sudoers/sudoreplay.c:1243 msgid "unmatched '(' in expression" msgstr "niesparowany '(' w wyrażeniu" -#: plugins/sudoers/sudoreplay.c:1292 +#: plugins/sudoers/sudoreplay.c:1245 msgid "illegal trailing \"or\"" msgstr "niedozwolone kończące \"or\"" -#: plugins/sudoers/sudoreplay.c:1294 +#: plugins/sudoers/sudoreplay.c:1247 msgid "illegal trailing \"!\"" msgstr "niedozwolony kończący \"!\"" -#: plugins/sudoers/sudoreplay.c:1344 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "unknown search type %d" msgstr "nieznany typ wyszukiwania %d" -#: plugins/sudoers/sudoreplay.c:1611 +#: plugins/sudoers/sudoreplay.c:1569 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "Składnia: %s [-hnRS] [-d katalog] [-m liczba] [-s wsp_szybkości] ID\n" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1572 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "Składnia: %s [-h] [-d katalog] -l [wyrażenie wyszukiwania]\n" -#: plugins/sudoers/sudoreplay.c:1623 +#: plugins/sudoers/sudoreplay.c:1581 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2093,7 +2620,7 @@ "%s - odtwarzanie logów sesji sudo\n" "\n" -#: plugins/sudoers/sudoreplay.c:1625 +#: plugins/sudoers/sudoreplay.c:1583 msgid "" "\n" "Options:\n" @@ -2154,35 +2681,34 @@ msgid "%s is group writable" msgstr "%s jest zapisywalny dla groupy" -#: plugins/sudoers/timestamp.c:343 +#: plugins/sudoers/timestamp.c:343 plugins/sudoers/timestamp.c:687 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "nie udało się uciąć pliku znacznika czasu do długości %lld" -#: plugins/sudoers/timestamp.c:829 plugins/sudoers/timestamp.c:921 -#: plugins/sudoers/visudo.c:498 plugins/sudoers/visudo.c:504 -msgid "unable to read the clock" -msgstr "nie udało się odczytać zegara" - -#: plugins/sudoers/timestamp.c:840 +#: plugins/sudoers/timestamp.c:873 msgid "ignoring time stamp from the future" msgstr "znacznik czasu zbyt daleko w przyszłości" -#: plugins/sudoers/timestamp.c:863 +#: plugins/sudoers/timestamp.c:896 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "znacznik czasu zbyt daleko w przyszłości: %20.20s" -#: plugins/sudoers/timestamp.c:985 +#: plugins/sudoers/timestamp.c:1018 #, c-format msgid "unable to lock time stamp file %s" msgstr "nie udało się zablokować pliku znacznika czasu %s" -#: plugins/sudoers/timestamp.c:1029 plugins/sudoers/timestamp.c:1049 +#: plugins/sudoers/timestamp.c:1062 plugins/sudoers/timestamp.c:1082 #, c-format msgid "lecture status path too long: %s/%s" msgstr "ścieżka stanu instrukcji zbyt długa: %s/%s" +#: plugins/sudoers/toke_util.c:132 +msgid "sudoedit should not be specified with a path" +msgstr "sudoedit nie powinien być podawany ze ścieżką" + #: plugins/sudoers/visudo.c:232 msgid "the -x option will be removed in a future release" msgstr "opcja -x będzie usunięta w kolejnej wersji" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/plugins/sudoers/po/pt.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/plugins/sudoers/po/pt.mo differ diff -Nru sudo-1.8.31/plugins/sudoers/po/pt.po sudo-1.9.0/plugins/sudoers/po/pt.po --- sudo-1.8.31/plugins/sudoers/po/pt.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/po/pt.po 2020-05-11 16:28:23.000000000 +0000 @@ -2,15 +2,15 @@ # Copyright (C) 2018 Free Software Foundation, Inc. # This file is distributed under the same license as the sudo package. # Todd C. Miller , 2011-2018 -# Pedro Albuquerque , 2018, 2019. +# Pedro Albuquerque , 2018, 2019, 2020. # msgid "" msgstr "" -"Project-Id-Version: sudoers-1.8.29rc1\n" +"Project-Id-Version: sudoers-1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-10-25 06:30+0100\n" -"Last-Translator: Pedro Albuquerque \n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-03-14 08:09+0000\n" +"Last-Translator: Pedro Albuquerque \n" "Language-Team: Portuguese \n" "Language: pt\n" "MIME-Version: 1.0\n" @@ -44,70 +44,75 @@ msgid "Sorry, try again." msgstr "Enganou-se, tente de novo." -#: gram.y:196 gram.y:244 gram.y:251 gram.y:258 gram.y:265 gram.y:272 -#: gram.y:288 gram.y:312 gram.y:319 gram.y:326 gram.y:333 gram.y:340 -#: gram.y:403 gram.y:412 gram.y:423 gram.y:456 gram.y:463 gram.y:470 -#: gram.y:477 gram.y:559 gram.y:566 gram.y:575 gram.y:584 gram.y:601 -#: gram.y:713 gram.y:720 gram.y:727 gram.y:735 gram.y:835 gram.y:842 -#: gram.y:849 gram.y:856 gram.y:863 gram.y:889 gram.y:896 gram.y:903 -#: gram.y:1026 gram.y:1303 plugins/sudoers/alias.c:132 -#: plugins/sudoers/alias.c:139 plugins/sudoers/alias.c:155 -#: plugins/sudoers/auth/bsdauth.c:148 plugins/sudoers/auth/kerb5.c:123 -#: plugins/sudoers/auth/kerb5.c:149 plugins/sudoers/auth/pam.c:670 -#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/auth/sia.c:64 -#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:165 -#: plugins/sudoers/cvtsudoers.c:182 plugins/sudoers/cvtsudoers.c:193 -#: plugins/sudoers/cvtsudoers.c:305 plugins/sudoers/cvtsudoers.c:433 -#: plugins/sudoers/cvtsudoers.c:566 plugins/sudoers/cvtsudoers.c:583 -#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 -#: plugins/sudoers/cvtsudoers.c:769 plugins/sudoers/cvtsudoers.c:1179 -#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1285 +#: gram.y:198 gram.y:246 gram.y:253 gram.y:260 gram.y:267 gram.y:274 +#: gram.y:290 gram.y:314 gram.y:321 gram.y:328 gram.y:335 gram.y:342 +#: gram.y:405 gram.y:414 gram.y:425 gram.y:458 gram.y:465 gram.y:472 +#: gram.y:479 gram.y:506 gram.y:578 gram.y:585 gram.y:594 gram.y:603 +#: gram.y:620 gram.y:732 gram.y:739 gram.y:747 gram.y:753 gram.y:853 +#: gram.y:860 gram.y:867 gram.y:874 gram.y:881 gram.y:907 gram.y:914 +#: gram.y:921 gram.y:1063 gram.y:1342 lib/iolog/iolog_util.c:79 +#: lib/iolog/iolog_util.c:118 lib/iolog/iolog_util.c:127 +#: lib/iolog/iolog_util.c:137 lib/iolog/iolog_util.c:145 +#: lib/iolog/iolog_util.c:149 logsrvd/eventlog.c:223 logsrvd/sendlog.c:286 +#: plugins/sudoers/alias.c:132 plugins/sudoers/alias.c:139 +#: plugins/sudoers/alias.c:155 plugins/sudoers/auth/bsdauth.c:148 +#: plugins/sudoers/auth/kerb5.c:123 plugins/sudoers/auth/kerb5.c:149 +#: plugins/sudoers/auth/pam.c:673 plugins/sudoers/auth/rfc1938.c:116 +#: plugins/sudoers/auth/sia.c:64 plugins/sudoers/cvtsudoers.c:124 +#: plugins/sudoers/cvtsudoers.c:165 plugins/sudoers/cvtsudoers.c:182 +#: plugins/sudoers/cvtsudoers.c:193 plugins/sudoers/cvtsudoers.c:305 +#: plugins/sudoers/cvtsudoers.c:433 plugins/sudoers/cvtsudoers.c:566 +#: plugins/sudoers/cvtsudoers.c:583 plugins/sudoers/cvtsudoers.c:646 +#: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:769 +#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1187 +#: plugins/sudoers/cvtsudoers.c:1289 plugins/sudoers/cvtsudoers_json.c:83 #: plugins/sudoers/cvtsudoers_ldif.c:154 plugins/sudoers/cvtsudoers_ldif.c:197 -#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:263 -#: plugins/sudoers/cvtsudoers_ldif.c:334 plugins/sudoers/cvtsudoers_ldif.c:389 -#: plugins/sudoers/cvtsudoers_ldif.c:397 plugins/sudoers/cvtsudoers_ldif.c:414 -#: plugins/sudoers/cvtsudoers_ldif.c:423 plugins/sudoers/cvtsudoers_ldif.c:570 -#: plugins/sudoers/defaults.c:666 plugins/sudoers/defaults.c:959 -#: plugins/sudoers/defaults.c:1130 plugins/sudoers/editor.c:72 +#: plugins/sudoers/cvtsudoers_ldif.c:238 plugins/sudoers/cvtsudoers_ldif.c:303 +#: plugins/sudoers/cvtsudoers_ldif.c:374 plugins/sudoers/cvtsudoers_ldif.c:429 +#: plugins/sudoers/cvtsudoers_ldif.c:437 plugins/sudoers/cvtsudoers_ldif.c:454 +#: plugins/sudoers/cvtsudoers_ldif.c:463 plugins/sudoers/cvtsudoers_ldif.c:610 +#: plugins/sudoers/defaults.c:632 plugins/sudoers/defaults.c:925 +#: plugins/sudoers/defaults.c:1058 plugins/sudoers/editor.c:72 #: plugins/sudoers/editor.c:90 plugins/sudoers/editor.c:101 #: plugins/sudoers/env.c:268 plugins/sudoers/filedigest.c:66 #: plugins/sudoers/filedigest.c:82 plugins/sudoers/gc.c:59 -#: plugins/sudoers/group_plugin.c:138 plugins/sudoers/interfaces.c:78 -#: plugins/sudoers/iolog.c:943 plugins/sudoers/iolog_path.c:174 -#: plugins/sudoers/iolog_util.c:86 plugins/sudoers/iolog_util.c:125 -#: plugins/sudoers/iolog_util.c:134 plugins/sudoers/iolog_util.c:144 -#: plugins/sudoers/iolog_util.c:152 plugins/sudoers/iolog_util.c:156 -#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416 -#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887 -#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668 -#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786 -#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022 -#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223 -#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306 -#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446 -#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558 -#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:683 -#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:510 -#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/linux_audit.c:83 -#: plugins/sudoers/logging.c:202 plugins/sudoers/logging.c:532 -#: plugins/sudoers/logging.c:558 plugins/sudoers/logging.c:599 -#: plugins/sudoers/logging.c:740 plugins/sudoers/logging.c:1100 -#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:367 -#: plugins/sudoers/match_command.c:414 plugins/sudoers/match_command.c:485 -#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:200 +#: plugins/sudoers/group_plugin.c:141 plugins/sudoers/interfaces.c:78 +#: plugins/sudoers/iolog.c:476 plugins/sudoers/iolog_client.c:107 +#: plugins/sudoers/iolog_client.c:485 plugins/sudoers/iolog_client.c:593 +#: plugins/sudoers/iolog_client.c:611 plugins/sudoers/iolog_client.c:1053 +#: plugins/sudoers/iolog_client.c:1283 plugins/sudoers/iolog_client.c:1619 +#: plugins/sudoers/iolog_client.c:1647 plugins/sudoers/ldap.c:185 +#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723 +#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241 +#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705 +#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921 +#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038 +#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254 +#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342 +#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461 +#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591 +#: plugins/sudoers/ldap_conf.c:683 plugins/sudoers/ldap_conf.c:765 +#: plugins/sudoers/ldap_util.c:331 plugins/sudoers/ldap_util.c:338 +#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:83 +#: plugins/sudoers/logging.c:200 plugins/sudoers/logging.c:527 +#: plugins/sudoers/logging.c:553 plugins/sudoers/logging.c:594 +#: plugins/sudoers/logging.c:731 plugins/sudoers/logging.c:1091 +#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:397 +#: plugins/sudoers/match_command.c:444 plugins/sudoers/match_command.c:515 +#: plugins/sudoers/match_digest.c:87 plugins/sudoers/parse.c:200 #: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:227 #: plugins/sudoers/parse.c:239 plugins/sudoers/parse_ldif.c:156 #: plugins/sudoers/parse_ldif.c:187 plugins/sudoers/parse_ldif.c:256 #: plugins/sudoers/parse_ldif.c:263 plugins/sudoers/parse_ldif.c:268 #: plugins/sudoers/parse_ldif.c:344 plugins/sudoers/parse_ldif.c:355 -#: plugins/sudoers/parse_ldif.c:361 plugins/sudoers/parse_ldif.c:386 -#: plugins/sudoers/parse_ldif.c:398 plugins/sudoers/parse_ldif.c:402 -#: plugins/sudoers/parse_ldif.c:416 plugins/sudoers/parse_ldif.c:584 -#: plugins/sudoers/parse_ldif.c:614 plugins/sudoers/parse_ldif.c:639 -#: plugins/sudoers/parse_ldif.c:697 plugins/sudoers/parse_ldif.c:714 -#: plugins/sudoers/parse_ldif.c:742 plugins/sudoers/parse_ldif.c:749 -#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:750 +#: plugins/sudoers/parse_ldif.c:382 plugins/sudoers/parse_ldif.c:399 +#: plugins/sudoers/parse_ldif.c:411 plugins/sudoers/parse_ldif.c:415 +#: plugins/sudoers/parse_ldif.c:429 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:627 plugins/sudoers/parse_ldif.c:652 +#: plugins/sudoers/parse_ldif.c:710 plugins/sudoers/parse_ldif.c:727 +#: plugins/sudoers/parse_ldif.c:755 plugins/sudoers/parse_ldif.c:762 +#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:830 #: plugins/sudoers/prompt.c:100 plugins/sudoers/pwutil.c:199 #: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 #: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:586 @@ -117,19 +122,19 @@ #: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 #: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 #: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 -#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 -#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 -#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 -#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 -#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:114 -#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 -#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 -#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 -#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 -#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 -#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:331 plugins/sudoers/sudoers.c:341 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:735 +#: plugins/sudoers/sudoers.c:864 plugins/sudoers/sudoers.c:909 +#: plugins/sudoers/sudoers.c:1213 plugins/sudoers/sudoreplay.c:559 +#: plugins/sudoers/sudoreplay.c:562 plugins/sudoers/sudoreplay.c:1218 +#: plugins/sudoers/sudoreplay.c:1425 plugins/sudoers/sudoreplay.c:1429 +#: plugins/sudoers/testsudoers.c:136 plugins/sudoers/testsudoers.c:236 +#: plugins/sudoers/testsudoers.c:253 plugins/sudoers/testsudoers.c:587 +#: plugins/sudoers/timestamp.c:439 plugins/sudoers/timestamp.c:483 +#: plugins/sudoers/timestamp.c:993 plugins/sudoers/toke_util.c:59 +#: plugins/sudoers/toke_util.c:112 plugins/sudoers/toke_util.c:137 +#: plugins/sudoers/toke_util.c:165 plugins/sudoers/tsdump.c:130 #: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 #: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 #: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 @@ -138,111 +143,116 @@ msgid "unable to allocate memory" msgstr "impossível alocar memória" -#: gram.y:488 +#: gram.y:500 msgid "a digest requires a path name" msgstr "um resumo requer um nome de caminho" -#: gram.y:614 +#: gram.y:633 msgid "invalid notbefore value" msgstr "valor notbefore inválido" -#: gram.y:622 +#: gram.y:641 msgid "invalid notafter value" msgstr "valor notafter inválido" -#: gram.y:631 plugins/sudoers/policy.c:320 +#: gram.y:650 plugins/sudoers/policy.c:319 msgid "timeout value too large" msgstr "valor de inacção muito grande" -#: gram.y:633 plugins/sudoers/policy.c:322 +#: gram.y:652 plugins/sudoers/policy.c:321 msgid "invalid timeout value" msgstr "valor de inacção inválido" -#: gram.y:1303 plugins/sudoers/auth/pam.c:483 plugins/sudoers/auth/pam.c:670 -#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/cvtsudoers.c:124 -#: plugins/sudoers/cvtsudoers.c:164 plugins/sudoers/cvtsudoers.c:181 -#: plugins/sudoers/cvtsudoers.c:192 plugins/sudoers/cvtsudoers.c:304 -#: plugins/sudoers/cvtsudoers.c:432 plugins/sudoers/cvtsudoers.c:565 -#: plugins/sudoers/cvtsudoers.c:582 plugins/sudoers/cvtsudoers.c:646 -#: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:768 -#: plugins/sudoers/cvtsudoers.c:1179 plugins/sudoers/cvtsudoers.c:1183 -#: plugins/sudoers/cvtsudoers.c:1285 plugins/sudoers/cvtsudoers_ldif.c:153 -#: plugins/sudoers/cvtsudoers_ldif.c:196 plugins/sudoers/cvtsudoers_ldif.c:243 -#: plugins/sudoers/cvtsudoers_ldif.c:262 plugins/sudoers/cvtsudoers_ldif.c:333 -#: plugins/sudoers/cvtsudoers_ldif.c:388 plugins/sudoers/cvtsudoers_ldif.c:396 -#: plugins/sudoers/cvtsudoers_ldif.c:413 plugins/sudoers/cvtsudoers_ldif.c:422 -#: plugins/sudoers/cvtsudoers_ldif.c:569 plugins/sudoers/defaults.c:666 -#: plugins/sudoers/defaults.c:959 plugins/sudoers/defaults.c:1130 +#: gram.y:1342 lib/iolog/iolog_util.c:79 lib/iolog/iolog_util.c:118 +#: lib/iolog/iolog_util.c:127 lib/iolog/iolog_util.c:137 +#: lib/iolog/iolog_util.c:145 lib/iolog/iolog_util.c:149 +#: logsrvd/eventlog.c:223 plugins/sudoers/auth/pam.c:486 +#: plugins/sudoers/auth/pam.c:673 plugins/sudoers/auth/rfc1938.c:116 +#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:164 +#: plugins/sudoers/cvtsudoers.c:181 plugins/sudoers/cvtsudoers.c:192 +#: plugins/sudoers/cvtsudoers.c:304 plugins/sudoers/cvtsudoers.c:432 +#: plugins/sudoers/cvtsudoers.c:565 plugins/sudoers/cvtsudoers.c:582 +#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 +#: plugins/sudoers/cvtsudoers.c:768 plugins/sudoers/cvtsudoers.c:1183 +#: plugins/sudoers/cvtsudoers.c:1187 plugins/sudoers/cvtsudoers.c:1289 +#: plugins/sudoers/cvtsudoers_json.c:82 plugins/sudoers/cvtsudoers_ldif.c:153 +#: plugins/sudoers/cvtsudoers_ldif.c:196 plugins/sudoers/cvtsudoers_ldif.c:237 +#: plugins/sudoers/cvtsudoers_ldif.c:302 plugins/sudoers/cvtsudoers_ldif.c:373 +#: plugins/sudoers/cvtsudoers_ldif.c:428 plugins/sudoers/cvtsudoers_ldif.c:436 +#: plugins/sudoers/cvtsudoers_ldif.c:453 plugins/sudoers/cvtsudoers_ldif.c:462 +#: plugins/sudoers/cvtsudoers_ldif.c:609 plugins/sudoers/defaults.c:632 +#: plugins/sudoers/defaults.c:925 plugins/sudoers/defaults.c:1058 #: plugins/sudoers/editor.c:72 plugins/sudoers/editor.c:90 #: plugins/sudoers/editor.c:101 plugins/sudoers/env.c:268 #: plugins/sudoers/filedigest.c:66 plugins/sudoers/filedigest.c:82 -#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:138 -#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:943 -#: plugins/sudoers/iolog_path.c:174 plugins/sudoers/iolog_util.c:86 -#: plugins/sudoers/iolog_util.c:125 plugins/sudoers/iolog_util.c:134 -#: plugins/sudoers/iolog_util.c:144 plugins/sudoers/iolog_util.c:152 -#: plugins/sudoers/iolog_util.c:156 plugins/sudoers/ldap.c:185 -#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420 -#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723 -#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241 -#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705 -#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921 -#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038 -#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254 -#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342 -#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461 -#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591 -#: plugins/sudoers/ldap_conf.c:682 plugins/sudoers/ldap_conf.c:765 -#: plugins/sudoers/ldap_util.c:510 plugins/sudoers/ldap_util.c:567 -#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:202 -#: plugins/sudoers/logging.c:532 plugins/sudoers/logging.c:558 -#: plugins/sudoers/logging.c:598 plugins/sudoers/logging.c:1100 -#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:366 -#: plugins/sudoers/match_command.c:413 plugins/sudoers/match_command.c:485 -#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:199 +#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:140 +#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:476 +#: plugins/sudoers/iolog_client.c:107 plugins/sudoers/iolog_client.c:485 +#: plugins/sudoers/iolog_client.c:593 plugins/sudoers/iolog_client.c:611 +#: plugins/sudoers/iolog_client.c:1053 plugins/sudoers/iolog_client.c:1283 +#: plugins/sudoers/iolog_client.c:1619 plugins/sudoers/iolog_client.c:1647 +#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416 +#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432 +#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887 +#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668 +#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786 +#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022 +#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223 +#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306 +#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446 +#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558 +#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:682 +#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:330 +#: plugins/sudoers/ldap_util.c:337 plugins/sudoers/ldap_util.c:603 +#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:200 +#: plugins/sudoers/logging.c:527 plugins/sudoers/logging.c:553 +#: plugins/sudoers/logging.c:593 plugins/sudoers/logging.c:1091 +#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:396 +#: plugins/sudoers/match_command.c:443 plugins/sudoers/match_command.c:515 +#: plugins/sudoers/match_digest.c:87 plugins/sudoers/parse.c:199 #: plugins/sudoers/parse.c:211 plugins/sudoers/parse.c:226 #: plugins/sudoers/parse.c:238 plugins/sudoers/parse_ldif.c:155 #: plugins/sudoers/parse_ldif.c:186 plugins/sudoers/parse_ldif.c:255 #: plugins/sudoers/parse_ldif.c:262 plugins/sudoers/parse_ldif.c:267 #: plugins/sudoers/parse_ldif.c:343 plugins/sudoers/parse_ldif.c:354 -#: plugins/sudoers/parse_ldif.c:360 plugins/sudoers/parse_ldif.c:385 -#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:401 -#: plugins/sudoers/parse_ldif.c:415 plugins/sudoers/parse_ldif.c:584 -#: plugins/sudoers/parse_ldif.c:613 plugins/sudoers/parse_ldif.c:638 -#: plugins/sudoers/parse_ldif.c:696 plugins/sudoers/parse_ldif.c:713 -#: plugins/sudoers/parse_ldif.c:741 plugins/sudoers/parse_ldif.c:748 -#: plugins/sudoers/policy.c:134 plugins/sudoers/policy.c:143 -#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:178 -#: plugins/sudoers/policy.c:305 plugins/sudoers/policy.c:320 -#: plugins/sudoers/policy.c:322 plugins/sudoers/policy.c:348 -#: plugins/sudoers/policy.c:358 plugins/sudoers/policy.c:402 +#: plugins/sudoers/parse_ldif.c:381 plugins/sudoers/parse_ldif.c:398 +#: plugins/sudoers/parse_ldif.c:410 plugins/sudoers/parse_ldif.c:414 +#: plugins/sudoers/parse_ldif.c:428 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:133 plugins/sudoers/policy.c:142 +#: plugins/sudoers/policy.c:151 plugins/sudoers/policy.c:177 +#: plugins/sudoers/policy.c:304 plugins/sudoers/policy.c:319 +#: plugins/sudoers/policy.c:321 plugins/sudoers/policy.c:350 +#: plugins/sudoers/policy.c:359 plugins/sudoers/policy.c:402 #: plugins/sudoers/policy.c:412 plugins/sudoers/policy.c:421 #: plugins/sudoers/policy.c:430 plugins/sudoers/policy.c:504 -#: plugins/sudoers/policy.c:750 plugins/sudoers/prompt.c:100 +#: plugins/sudoers/policy.c:830 plugins/sudoers/prompt.c:100 #: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 #: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 #: plugins/sudoers/pwutil.c:586 plugins/sudoers/pwutil.c:657 #: plugins/sudoers/pwutil.c:816 plugins/sudoers/pwutil.c:873 #: plugins/sudoers/pwutil.c:917 plugins/sudoers/pwutil.c:975 -#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 -#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 -#: plugins/sudoers/set_perms.c:1659 plugins/sudoers/sssd.c:153 +#: plugins/sudoers/set_perms.c:365 plugins/sudoers/set_perms.c:704 +#: plugins/sudoers/set_perms.c:1067 plugins/sudoers/set_perms.c:1370 +#: plugins/sudoers/set_perms.c:1535 plugins/sudoers/sssd.c:153 #: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 #: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 #: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 -#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 -#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 -#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 -#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 -#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:113 -#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 -#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 -#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 -#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 -#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 -#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:331 plugins/sudoers/sudoers.c:341 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:735 +#: plugins/sudoers/sudoers.c:864 plugins/sudoers/sudoers.c:909 +#: plugins/sudoers/sudoers.c:1213 plugins/sudoers/sudoreplay.c:559 +#: plugins/sudoers/sudoreplay.c:562 plugins/sudoers/sudoreplay.c:1218 +#: plugins/sudoers/sudoreplay.c:1425 plugins/sudoers/sudoreplay.c:1429 +#: plugins/sudoers/testsudoers.c:136 plugins/sudoers/testsudoers.c:236 +#: plugins/sudoers/testsudoers.c:253 plugins/sudoers/testsudoers.c:587 +#: plugins/sudoers/timestamp.c:439 plugins/sudoers/timestamp.c:483 +#: plugins/sudoers/timestamp.c:993 plugins/sudoers/toke_util.c:59 +#: plugins/sudoers/toke_util.c:112 plugins/sudoers/toke_util.c:136 +#: plugins/sudoers/toke_util.c:165 plugins/sudoers/tsdump.c:130 #: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 #: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 #: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 @@ -252,12 +262,455 @@ msgid "%s: %s" msgstr "%s: %s" +#: lib/iolog/iolog_fileio.c:164 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s existe mas não é uma pasta (0%o)" + +#: lib/iolog/iolog_fileio.c:194 lib/iolog/iolog_fileio.c:240 +#: plugins/sudoers/timestamp.c:212 +#, c-format +msgid "unable to mkdir %s" +msgstr "impossível criar pasta %s" + +#: lib/iolog/iolog_fileio.c:244 plugins/sudoers/visudo.c:739 +#: plugins/sudoers/visudo.c:750 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "impossível alterar o modo de %s para 0%o" + +#: lib/iolog/iolog_util.c:83 +#, c-format +msgid "%s: invalid log file" +msgstr "%s: ficheiro de diário inválido" + +#: lib/iolog/iolog_util.c:101 +#, c-format +msgid "%s: time stamp field is missing" +msgstr "%s: campo de datação em falta" + +#: lib/iolog/iolog_util.c:107 +#, c-format +msgid "%s: time stamp %s: %s" +msgstr "%s: datação %s: %s" + +#: lib/iolog/iolog_util.c:114 +#, c-format +msgid "%s: user field is missing" +msgstr "%s: campo de utilizador em falta" + +#: lib/iolog/iolog_util.c:123 +#, c-format +msgid "%s: runas user field is missing" +msgstr "%s: campo de utilizador runas em falta" + +#: lib/iolog/iolog_util.c:132 +#, c-format +msgid "%s: runas group field is missing" +msgstr "%s: campo de grupo runas em falta" + +#: lib/iolog/iolog_util.c:382 +#, c-format +msgid "error reading timing file: %s" +msgstr "erro ao ler ficheiro de temporização: %s" + +#: lib/iolog/iolog_util.c:389 +#, c-format +msgid "invalid timing file line: %s" +msgstr "linha de ficheiro de temporização inválida : %s" + +#: logsrvd/eventlog.c:228 plugins/sudoers/cvtsudoers_ldif.c:247 +#: plugins/sudoers/cvtsudoers_ldif.c:254 plugins/sudoers/cvtsudoers_ldif.c:566 +#: plugins/sudoers/env.c:330 plugins/sudoers/env.c:337 +#: plugins/sudoers/env.c:442 plugins/sudoers/iolog.c:550 +#: plugins/sudoers/iolog.c:566 plugins/sudoers/ldap.c:496 +#: plugins/sudoers/ldap.c:727 plugins/sudoers/ldap.c:1060 +#: plugins/sudoers/ldap_conf.c:227 plugins/sudoers/ldap_conf.c:317 +#: plugins/sudoers/linux_audit.c:89 plugins/sudoers/logging.c:1096 +#: plugins/sudoers/policy.c:534 plugins/sudoers/policy.c:679 +#: plugins/sudoers/policy.c:689 plugins/sudoers/prompt.c:168 +#: plugins/sudoers/sudoers.c:931 plugins/sudoers/testsudoers.c:257 +#: plugins/sudoers/toke_util.c:177 +#, c-format +msgid "internal error, %s overflow" +msgstr "erro interno, transporte %s" + +#: logsrvd/eventlog.c:422 plugins/sudoers/logging.c:118 +#, c-format +msgid "%8s : %s" +msgstr "%8s : %s" + +#: logsrvd/eventlog.c:451 plugins/sudoers/logging.c:146 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "%8s : (comando continuado) %s" + +#: logsrvd/iolog_writer.c:886 +msgid "log is already complete, cannot be restarted" +msgstr "diário já concluído, impossível reiniciar" + +#: logsrvd/iolog_writer.c:917 +msgid "unable to restart log" +msgstr "impossível reiniciar o diário" + +#: logsrvd/logsrv_util.c:96 logsrvd/logsrv_util.c:103 +#: plugins/sudoers/sudoreplay.c:355 plugins/sudoers/sudoreplay.c:361 +#: plugins/sudoers/sudoreplay.c:368 +#, c-format +msgid "unable to open %s/%s" +msgstr "impossível abrir %s/%s" + +#: logsrvd/logsrv_util.c:130 +#, c-format +msgid "missing I/O log file %s/%s" +msgstr "ficheiro de diário E/S %s/%s em falta" + +#: logsrvd/logsrv_util.c:137 +#, c-format +msgid "%s/%s: unable to seek forward %zu" +msgstr "%s/%s: impossível procurar adiante %zu" + +#: logsrvd/logsrv_util.c:147 +#, c-format +msgid "unable to find resume point [%lld, %ld] in %s/%s" +msgstr "impossível localizar ponto de continuação [%lld, %ld] em %s/%s" + +#: logsrvd/logsrvd.c:231 logsrvd/logsrvd.c:299 logsrvd/logsrvd.c:343 +#: logsrvd/logsrvd.c:392 logsrvd/logsrvd.c:439 logsrvd/logsrvd.c:484 +#: logsrvd/logsrvd.c:510 +msgid "state machine error" +msgstr "erro da máquina de estado" + +#: logsrvd/logsrvd.c:240 +msgid "invalid AcceptMessage" +msgstr "AcceptMessage inválida" + +#: logsrvd/logsrvd.c:251 +msgid "error parsing AcceptMessage" +msgstr "erro ao analisar AcceptMessage" + +#: logsrvd/logsrvd.c:258 +msgid "error creating I/O log" +msgstr "erro ao criar diário de E/S" + +#: logsrvd/logsrvd.c:265 +msgid "error logging accept event" +msgstr "erro ao registar evento de aceitação" + +#: logsrvd/logsrvd.c:308 +msgid "invalid RejectMessage" +msgstr "RejectMessage inválida" + +#: logsrvd/logsrvd.c:319 +msgid "error parsing RejectMessage" +msgstr "erro ao analisar RejectMessage" + +#: logsrvd/logsrvd.c:325 +msgid "error logging reject event" +msgstr "erro ao registar evento de rejeição" + +#: logsrvd/logsrvd.c:424 +msgid "error logging alert event" +msgstr "erro ao registar evento de alerta" + +#: logsrvd/logsrvd.c:449 +msgid "error writing IoBuffer" +msgstr "erro ao escrever IObuffer" + +#: logsrvd/logsrvd.c:495 +msgid "error writing ChangeWindowSize" +msgstr "erro ao escrever ChangeWindowSize" + +#: logsrvd/logsrvd.c:521 +msgid "error writing CommandSuspend" +msgstr "erro ao escrever CommandSuspend" + +#: logsrvd/logsrvd.c:583 +msgid "unrecognized ClientMessage type" +msgstr "tipo de ClientMessage não reconhecido" + +#: logsrvd/logsrvd.c:835 +msgid "client message too large" +msgstr "mensagem do cliente muito grande" + +#: logsrvd/logsrvd.c:1295 logsrvd/logsrvd.c:1415 logsrvd/logsrvd.c:1539 +#: logsrvd/logsrvd.c:1631 logsrvd/sendlog.c:242 logsrvd/sendlog.c:257 +#: logsrvd/sendlog.c:290 logsrvd/sendlog.c:1264 plugins/sudoers/iolog.c:900 +#: plugins/sudoers/iolog.c:1033 plugins/sudoers/iolog.c:1131 +#: plugins/sudoers/iolog_client.c:111 plugins/sudoers/iolog_client.c:436 +#: plugins/sudoers/iolog_client.c:452 plugins/sudoers/iolog_client.c:490 +#: plugins/sudoers/iolog_client.c:1032 plugins/sudoers/iolog_client.c:1061 +#: plugins/sudoers/iolog_client.c:1133 plugins/sudoers/iolog_client.c:1239 +#: plugins/sudoers/iolog_client.c:1353 plugins/sudoers/iolog_client.c:1655 +#: plugins/sudoers/iolog_client.c:1663 plugins/sudoers/sudoreplay.c:519 +#: plugins/sudoers/sudoreplay.c:566 plugins/sudoers/sudoreplay.c:755 +#: plugins/sudoers/sudoreplay.c:867 plugins/sudoers/sudoreplay.c:957 +#: plugins/sudoers/sudoreplay.c:972 plugins/sudoers/sudoreplay.c:979 +#: plugins/sudoers/sudoreplay.c:986 plugins/sudoers/sudoreplay.c:993 +#: plugins/sudoers/sudoreplay.c:1000 plugins/sudoers/sudoreplay.c:1127 +msgid "unable to add event to queue" +msgstr "impossível adicionar evento à fila" + +#: logsrvd/logsrvd.c:1407 plugins/sudoers/iolog_client.c:378 +#, c-format +msgid "Unable to attach user data to the ssl object: %s" +msgstr "impossível anexar dados do utilizador ao objecto ssl: %s" + +#: logsrvd/logsrvd.c:1443 plugins/sudoers/iolog_client.c:1596 +#: plugins/sudoers/iolog_client.c:1604 +msgid "unable to get remote IP addr" +msgstr "impossível obter endereço IP remoto" + +#: logsrvd/logsrvd.c:1692 logsrvd/sendlog.c:113 +#, c-format +msgid "" +"%s - send sudo I/O log to remote server\n" +"\n" +msgstr "" +"%s - enviar diário sudo E/S para o servidor remoto\n" +"\n" + +#: logsrvd/logsrvd.c:1695 +msgid "" +"\n" +"Options:\n" +" -f, --file path to configuration file\n" +" -h --help display help message and exit\n" +" -n, --no-fork do not fork, run in the foreground\n" +" -R, --random-drop percent chance connections will drop\n" +" -V, --version display version information and exit\n" +msgstr "" +"\n" +"Opções:\n" +" -f, --file caminho para o ficheiro de configuração\n" +" -h --help mostrar a mensagem de ajuda e sair\n" +" -n, --no-fork não bifurcar, executar em 2º plano\n" +" -R, --random-drop percentagem de hipóteses das ligações caírem\n" +" -V, --version mostrar informação da versão e sair\n" + +#: logsrvd/logsrvd.c:1747 logsrvd/sendlog.c:1513 +msgid "Protobuf-C version 1.3 or higher required" +msgstr "Requerida a versão Protobuf-C 1.3 ou superior" + +#: logsrvd/logsrvd.c:1765 +#, c-format +msgid "invalid random drop value: %s" +msgstr "valor de queda aleatório inválido: %s" + +#: logsrvd/logsrvd.c:1769 logsrvd/sendlog.c:1551 +#: plugins/sudoers/cvtsudoers.c:233 plugins/sudoers/sudoreplay.c:302 +#: plugins/sudoers/visudo.c:184 +#, c-format +msgid "%s version %s\n" +msgstr "%s versão %s\n" + +#: logsrvd/logsrvd_conf.c:688 +#, c-format +msgid "%s: not a fully qualified path" +msgstr "%s: não é um caminho completamente qualificado" + +#: logsrvd/logsrvd_conf.c:802 +#, c-format +msgid "%s:%d unmatched '[': %s" +msgstr "%s:%d \"[\" sem par: %s" + +#: logsrvd/logsrvd_conf.c:813 +#, c-format +msgid "%s:%d invalid config section: %s" +msgstr "%s:%d secção de configuração inválida: %s" + +#: logsrvd/logsrvd_conf.c:821 +#, c-format +msgid "%s:%d invalid configuration line: %s" +msgstr "%s:%d linha de configuração inválida: %s" + +#: logsrvd/logsrvd_conf.c:827 +#, c-format +msgid "%s:%d expected section name: %s" +msgstr "%s:%d esperado um nome de secção: %s" + +#: logsrvd/logsrvd_conf.c:841 +#, c-format +msgid "invalid value for %s: %s" +msgstr "valor inválido para %s: %s" + +#: logsrvd/logsrvd_conf.c:849 +#, c-format +msgid "%s:%d unknown key: %s" +msgstr "%s:%d chave desconhecida: %s" + +#: logsrvd/logsrvd_conf.c:977 +#, c-format +msgid "unknown syslog facility %s" +msgstr "facilidade syslog desconhecida %s" + +#: logsrvd/logsrvd_conf.c:981 logsrvd/logsrvd_conf.c:985 +#: logsrvd/logsrvd_conf.c:989 +#, c-format +msgid "unknown syslog priority %s" +msgstr "prioridade syslog desconhecida %s" + +#: logsrvd/sendlog.c:116 +msgid "" +"\n" +"Options:\n" +" --help display help message and exit\n" +" -h, --host host to send logs to\n" +" -i, --iolog_id remote ID of I/O log to be resumed\n" +" -p, --port port to use when connecting to host\n" +" -r, --restart restart previous I/O log transfer\n" +" -t, --test test audit server by sending selected I/O log n times in parallel\n" +" -b, --ca-bundle certificate bundle file to verify server's cert against\n" +" -c, --cert certificate file for TLS handshake\n" +" -k, --key private key file\n" +" -V, --version display version information and exit\n" +msgstr "" +"\n" +"Opções:\n" +" --help mostrar a mensagem de ajuda e sair\n" +" -h, --host anfitrião a quem enviar os diários\n" +" -i, --iolog_id ID remota do diário de E/S a resumir\n" +" -p, --port porta a usar ao ligar ao anfitrião\n" +" -r, --restart reiniciar a transferência de diário de E/S prévia\n" +" -t, --test testar servidor de auditoria enviando o diário de E/S seleccionado n vezes em paralelo\n" +" -b, --ca-bundle ficheiro de pacote de certificados para comparar com o do servidor\n" +" -c, --cert ficheiro de certificado para o handshake TLS\n" +" -k, --key ficheiro de chave privada\n" +" -V, --version mostrar informação da versão e sair\n" + +#: logsrvd/sendlog.c:216 plugins/sudoers/iolog_client.c:409 +msgid "TLS handshake timeout occurred" +msgstr "handshake TLS expirou" + +#: logsrvd/sendlog.c:237 logsrvd/sendlog.c:252 +#: plugins/sudoers/iolog_client.c:430 plugins/sudoers/iolog_client.c:446 +msgid "unable to set event" +msgstr "impossível definir o evento" + +#: logsrvd/sendlog.c:262 +#, c-format +msgid "SSL_connect failed: ssl_error=%d, stack=%s\n" +msgstr "SSL_connect falhou: ssl_error=%d, stack=%s\n" + +#: logsrvd/sendlog.c:294 plugins/sudoers/iolog_client.c:115 +#: plugins/sudoers/iolog_client.c:495 plugins/sudoers/iolog_client.c:1065 +#: plugins/sudoers/iolog_client.c:1671 +msgid "error in event loop" +msgstr "erro no ciclo do evento" + +#: logsrvd/sendlog.c:311 +msgid "CA bundle file was not specified" +msgstr "ficheiro de pacote CA não especificado" + +#: logsrvd/sendlog.c:315 +msgid "Client certificate was not specified" +msgstr "Certificado do cliente não especificado" + +#: logsrvd/sendlog.c:319 +#, c-format +msgid "Unable to initialize ssl context: %s" +msgstr "impossível inicializar contexto ssl: %s" + +#: logsrvd/sendlog.c:324 +#, c-format +msgid "Unable to allocate ssl object: %s\n" +msgstr "Impossível alocar objecto ssl: %s\n" + +#: logsrvd/sendlog.c:329 +#, c-format +msgid "Unable to attach socket to the ssl object: %s\n" +msgstr "Impossível anexar socket ao objecto ssl: %s\n" + +#: logsrvd/sendlog.c:367 plugins/sudoers/iolog_client.c:150 +#, c-format +msgid "unable to look up %s:%s: %s" +msgstr "impossível procurar %s:%s: %s" + +#: logsrvd/sendlog.c:522 plugins/sudoers/sudoreplay.c:815 +#, c-format +msgid "unable to read %s/%s: %s" +msgstr "impossível ler %s/%s: %s" + +#: logsrvd/sendlog.c:543 +#, c-format +msgid "client message too large: %zu\n" +msgstr "mensagem do cliente muito grande: %zu\n" + +#: logsrvd/sendlog.c:941 +#, c-format +msgid "%s: write buffer already in use" +msgstr "%s: buffer de escrita já em uso" + +#: logsrvd/sendlog.c:993 plugins/sudoers/iolog.c:824 +#: plugins/sudoers/iolog.c:893 +#, c-format +msgid "unexpected I/O event %d" +msgstr "evento de E/S %d inesperado" + +#: logsrvd/sendlog.c:1025 logsrvd/sendlog.c:1042 logsrvd/sendlog.c:1092 +#: plugins/sudoers/iolog_client.c:1037 plugins/sudoers/iolog_client.c:1090 +#: plugins/sudoers/iolog_client.c:1151 +#, c-format +msgid "%s: unexpected state %d" +msgstr "%s: estado %d inesperado" + +#: logsrvd/sendlog.c:1048 plugins/sudoers/iolog_client.c:1096 +msgid "invalid ServerHello" +msgstr "ServerHello inválido" + +#: logsrvd/sendlog.c:1130 plugins/sudoers/iolog_client.c:1195 +#, c-format +msgid "error message received from server: %s" +msgstr "recebida mensagem de erro do servidos: %s" + +#: logsrvd/sendlog.c:1143 plugins/sudoers/iolog_client.c:1208 +#, c-format +msgid "abort message received from server: %s" +msgstr "recebida mensagem de aborto do servidos: %s" + +#: logsrvd/sendlog.c:1162 plugins/sudoers/iolog_client.c:1227 +msgid "unable to unpack ServerMessage" +msgstr "impossível desempacotar ServerMessage" + +#: logsrvd/sendlog.c:1207 plugins/sudoers/iolog_client.c:1260 +#, c-format +msgid "%s: unexpected type_case value %d" +msgstr "%s: valor type_case %d inesperado" + +#: logsrvd/sendlog.c:1291 +msgid "premature EOF" +msgstr "EOF prematuro" + +#: logsrvd/sendlog.c:1304 +#, c-format +msgid "server message too large: %u\n" +msgstr "mensagem do servidor muito grande: %u\n" + +#: logsrvd/sendlog.c:1569 +msgid "both restart point and iolog ID must be specified" +msgstr "tem de especificar o ponto de reinício e a ID iolog" + +#: logsrvd/sendlog.c:1636 +#, c-format +msgid "exited prematurely with state %d" +msgstr "saída prematura com o estado %d" + +#: logsrvd/sendlog.c:1637 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "tempo decorrido de envio para o servidor [%lld, %ld]" + +#: logsrvd/sendlog.c:1639 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "ponto de submissão recebido do servidor [%lld, %ld]" + #: plugins/sudoers/alias.c:151 #, c-format msgid "Alias \"%s\" already defined" msgstr "Aliás \"%s\" já definido" -#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:801 +#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:792 msgid "unable to fork" msgstr "impossível bifurcar" @@ -363,33 +816,33 @@ msgid "unable to initialize PAM: %s" msgstr "impossível inicializar PAM: %s" -#: plugins/sudoers/auth/pam.c:319 +#: plugins/sudoers/auth/pam.c:322 #, c-format msgid "PAM authentication error: %s" msgstr "erro de autenticação PAM: %s" -#: plugins/sudoers/auth/pam.c:338 +#: plugins/sudoers/auth/pam.c:341 msgid "account validation failure, is your account locked?" msgstr "falha na validação de conta, tem a conta trancada?" -#: plugins/sudoers/auth/pam.c:349 +#: plugins/sudoers/auth/pam.c:352 msgid "Account or password is expired, reset your password and try again" msgstr "Conta ou senha expiradas, reponha a sua senha e tente novamente" -#: plugins/sudoers/auth/pam.c:355 +#: plugins/sudoers/auth/pam.c:358 #, c-format msgid "unable to change expired password: %s" msgstr "impossível alterar senha expirada: %s" -#: plugins/sudoers/auth/pam.c:366 +#: plugins/sudoers/auth/pam.c:369 msgid "Password expired, contact your system administrator" msgstr "Senha expirada, contacte o administrador do sistema" -#: plugins/sudoers/auth/pam.c:371 +#: plugins/sudoers/auth/pam.c:374 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Conta expirada ou configuração PAM sem secção \"account\" para sudo, contacte o administrador do sistema" -#: plugins/sudoers/auth/pam.c:379 plugins/sudoers/auth/pam.c:384 +#: plugins/sudoers/auth/pam.c:382 plugins/sudoers/auth/pam.c:387 #, c-format msgid "PAM account management error: %s" msgstr "Erro de gestão de conta PAM: %s" @@ -467,7 +920,7 @@ msgid "unable to commit audit record" msgstr "impossível submeter registo de auditoria" -#: plugins/sudoers/check.c:269 +#: plugins/sudoers/check.c:264 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -487,15 +940,16 @@ " 3) lembre-se que com grande poder vem grande responsabilidade.\n" "\n" -#: plugins/sudoers/check.c:312 plugins/sudoers/check.c:322 -#: plugins/sudoers/sudoers.c:700 plugins/sudoers/sudoers.c:748 +#: plugins/sudoers/check.c:307 plugins/sudoers/check.c:317 +#: plugins/sudoers/sudoers.c:778 plugins/sudoers/sudoers.c:826 #: plugins/sudoers/tsdump.c:126 #, c-format msgid "unknown uid: %u" msgstr "uid desconhecida: %u" -#: plugins/sudoers/check.c:317 plugins/sudoers/iolog.c:255 -#: plugins/sudoers/policy.c:921 plugins/sudoers/sudoers.c:1163 +#: plugins/sudoers/check.c:312 plugins/sudoers/iolog.c:121 +#: plugins/sudoers/policy.c:1034 plugins/sudoers/sudoers.c:391 +#: plugins/sudoers/sudoers.c:393 plugins/sudoers/sudoers.c:1255 #: plugins/sudoers/testsudoers.c:227 plugins/sudoers/testsudoers.c:400 #, c-format msgid "unknown user: %s" @@ -516,12 +970,6 @@ msgid "order padding: %s: %s" msgstr "espaço de ordem: %s: %s" -#: plugins/sudoers/cvtsudoers.c:233 plugins/sudoers/sudoreplay.c:289 -#: plugins/sudoers/visudo.c:184 -#, c-format -msgid "%s version %s\n" -msgstr "%s versão %s\n" - #: plugins/sudoers/cvtsudoers.c:235 plugins/sudoers/visudo.c:186 #, c-format msgid "%s grammar version %d\n" @@ -542,7 +990,7 @@ msgid "%s: input and output files must be different" msgstr "%s: os ficheiros de entrada e saída têm de ser diferentes" -#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:176 +#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:185 #: plugins/sudoers/testsudoers.c:266 plugins/sudoers/visudo.c:254 #: plugins/sudoers/visudo.c:610 plugins/sudoers/visudo.c:933 msgid "unable to initialize sudoers default values" @@ -574,12 +1022,10 @@ msgstr "filtro inválido: %s" #: plugins/sudoers/cvtsudoers.c:622 plugins/sudoers/cvtsudoers.c:639 -#: plugins/sudoers/cvtsudoers.c:1245 plugins/sudoers/cvtsudoers_json.c:1130 -#: plugins/sudoers/cvtsudoers_ldif.c:643 plugins/sudoers/iolog.c:413 -#: plugins/sudoers/iolog_util.c:75 plugins/sudoers/sudoers.c:914 -#: plugins/sudoers/sudoreplay.c:338 plugins/sudoers/sudoreplay.c:1431 -#: plugins/sudoers/timestamp.c:448 plugins/sudoers/tsdump.c:135 -#: plugins/sudoers/visudo.c:929 +#: plugins/sudoers/cvtsudoers.c:1249 plugins/sudoers/cvtsudoers_json.c:868 +#: plugins/sudoers/cvtsudoers_ldif.c:683 plugins/sudoers/sudoers.c:1001 +#: plugins/sudoers/sudoreplay.c:1391 plugins/sudoers/timestamp.c:448 +#: plugins/sudoers/tsdump.c:135 plugins/sudoers/visudo.c:929 #, c-format msgid "unable to open %s" msgstr "impossível abrir %s" @@ -599,14 +1045,13 @@ msgid "parse error in %s\n" msgstr "erro de análise em %s\n" -#: plugins/sudoers/cvtsudoers.c:1292 plugins/sudoers/iolog.c:500 -#: plugins/sudoers/sudoreplay.c:1135 plugins/sudoers/timestamp.c:332 -#: plugins/sudoers/timestamp.c:335 +#: plugins/sudoers/cvtsudoers.c:1296 plugins/sudoers/sudoreplay.c:1088 +#: plugins/sudoers/timestamp.c:332 plugins/sudoers/timestamp.c:335 #, c-format msgid "unable to write to %s" msgstr "impossível escrever em %s" -#: plugins/sudoers/cvtsudoers.c:1315 +#: plugins/sudoers/cvtsudoers.c:1319 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -615,7 +1060,7 @@ "%s - converte entre formatos de ficheiros sudoers\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1317 +#: plugins/sudoers/cvtsudoers.c:1321 msgid "" "\n" "Options:\n" @@ -655,43 +1100,30 @@ " -s, --suppress=secções suprime saída de certas secções\n" " -V, --version mostra informação da versão e sai" -#: plugins/sudoers/cvtsudoers_json.c:684 plugins/sudoers/cvtsudoers_json.c:720 -#: plugins/sudoers/cvtsudoers_json.c:938 +#: plugins/sudoers/cvtsudoers_json.c:487 plugins/sudoers/cvtsudoers_json.c:521 +#: plugins/sudoers/cvtsudoers_json.c:709 #, c-format msgid "unknown defaults entry \"%s\"" msgstr "entrada de predefinições \"%s\" desconhecida" -#: plugins/sudoers/cvtsudoers_json.c:858 plugins/sudoers/cvtsudoers_json.c:873 -#: plugins/sudoers/cvtsudoers_ldif.c:308 plugins/sudoers/cvtsudoers_ldif.c:319 +#: plugins/sudoers/cvtsudoers_json.c:647 plugins/sudoers/cvtsudoers_json.c:660 +#: plugins/sudoers/cvtsudoers_ldif.c:348 plugins/sudoers/cvtsudoers_ldif.c:359 #: plugins/sudoers/ldap.c:482 msgid "unable to get GMT time" msgstr "impossível obter hora GMT" -#: plugins/sudoers/cvtsudoers_json.c:861 plugins/sudoers/cvtsudoers_json.c:876 -#: plugins/sudoers/cvtsudoers_ldif.c:311 plugins/sudoers/cvtsudoers_ldif.c:322 +#: plugins/sudoers/cvtsudoers_json.c:650 plugins/sudoers/cvtsudoers_json.c:663 +#: plugins/sudoers/cvtsudoers_ldif.c:351 plugins/sudoers/cvtsudoers_ldif.c:362 #: plugins/sudoers/ldap.c:488 msgid "unable to format timestamp" msgstr "impossível formatar datação" -#: plugins/sudoers/cvtsudoers_ldif.c:526 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:337 plugins/sudoers/env.c:442 -#: plugins/sudoers/ldap.c:496 plugins/sudoers/ldap.c:727 -#: plugins/sudoers/ldap.c:1060 plugins/sudoers/ldap_conf.c:227 -#: plugins/sudoers/ldap_conf.c:317 plugins/sudoers/linux_audit.c:89 -#: plugins/sudoers/logging.c:1105 plugins/sudoers/policy.c:625 -#: plugins/sudoers/policy.c:635 plugins/sudoers/prompt.c:168 -#: plugins/sudoers/sudoers.c:852 plugins/sudoers/testsudoers.c:257 -#: plugins/sudoers/toke_util.c:161 -#, c-format -msgid "internal error, %s overflow" -msgstr "erro interno, transporte %s" - -#: plugins/sudoers/cvtsudoers_ldif.c:595 +#: plugins/sudoers/cvtsudoers_ldif.c:635 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "demasiadas entradas sudoers, máximo %u" -#: plugins/sudoers/cvtsudoers_ldif.c:638 +#: plugins/sudoers/cvtsudoers_ldif.c:678 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "a variável de ambiente SUDOERS_BASE não está definida e a opção -b não foi especificada." @@ -1100,8 +1532,8 @@ #: plugins/sudoers/def_data.c:406 #, c-format -msgid "Maximum I/O log sequence number: %u" -msgstr "Número de sequência máximo do diário de E/S: %u" +msgid "Maximum I/O log sequence number: %s" +msgstr "Número de sequência máximo do diário de E/S: %s" #: plugins/sudoers/def_data.c:410 msgid "Enable sudoers netgroup support" @@ -1211,62 +1643,106 @@ msgid "Log when a command is denied by sudoers" msgstr "Registar um comando negado por sudoers" -#: plugins/sudoers/defaults.c:231 +#: plugins/sudoers/def_data.c:510 +msgid "Sudo log server(s) to connect to with optional port" +msgstr "Servidor(es) de diários sudo aos quais ligar com a porta opcional" + +#: plugins/sudoers/def_data.c:514 +#, c-format +msgid "Sudo log server timeout in seconds: %u" +msgstr "Expiração do servidor de diários sudo em segundos: %u" + +#: plugins/sudoers/def_data.c:518 +msgid "Enable SO_KEEPALIVE socket option on the socket connected to the logserver" +msgstr "Activar a opção de socket SO_KEEPALIVE no socket ligado ao servidor de diários" + +#: plugins/sudoers/def_data.c:522 +#, c-format +msgid "Path to the audit server's CA bundle file: %s" +msgstr "Caminho para o ficheiro de pacote de CA do servidor de auditoria: %s" + +#: plugins/sudoers/def_data.c:526 +#, c-format +msgid "Path to the sudoers certificate file: %s" +msgstr "Caminho para o ficheiro de certificado de sudoers: %s" + +#: plugins/sudoers/def_data.c:530 +#, c-format +msgid "Path to the sudoers private key file: %s" +msgstr "Caminho para o ficheiro de chave privada de sudoers: %s" + +#: plugins/sudoers/def_data.c:534 +msgid "Allow the use of unknown runas user and/or group ID" +msgstr "Permitir o uso de runas desconhecidas e/ou ID de grupo" + +#: plugins/sudoers/def_data.c:538 +msgid "Only permit running commands as a user with a valid shell" +msgstr "Permitir só executar comandos como utilizador com shell válida" + +#: plugins/sudoers/def_data.c:542 +msgid "Set the pam remote user to the user running sudo" +msgstr "Definir o utilizador remoto pam como o utilizador a executar sudo" + +#: plugins/sudoers/def_data.c:546 +msgid "Set the pam remote host to the local host name" +msgstr "Definir o anfitrião remoto pam como o nome do anfitrião local" + +#: plugins/sudoers/defaults.c:190 #, c-format msgid "%s:%d unknown defaults entry \"%s\"" msgstr "%s:%d entrada defaults desconhecida \"%s\"" -#: plugins/sudoers/defaults.c:234 +#: plugins/sudoers/defaults.c:193 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "%s entrada defaults desconhecida \"%s\"" -#: plugins/sudoers/defaults.c:277 +#: plugins/sudoers/defaults.c:236 #, c-format msgid "%s:%d no value specified for \"%s\"" msgstr "%s:%d sem valor especificado para \"%s\"" -#: plugins/sudoers/defaults.c:280 +#: plugins/sudoers/defaults.c:239 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "%s sem valor especificado para \"%s\"" -#: plugins/sudoers/defaults.c:300 +#: plugins/sudoers/defaults.c:259 #, c-format msgid "%s:%d values for \"%s\" must start with a '/'" msgstr "%s:%d valores para \"%s\" têm de começar com \"/\"" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:262 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s valores para \"%s\" têm de começar com \"/\"" -#: plugins/sudoers/defaults.c:325 +#: plugins/sudoers/defaults.c:284 #, c-format msgid "%s:%d option \"%s\" does not take a value" msgstr "%s:%d opção \"%s\" não recebe valores" -#: plugins/sudoers/defaults.c:328 +#: plugins/sudoers/defaults.c:287 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s opção \"%s\" não recebe valores" -#: plugins/sudoers/defaults.c:353 +#: plugins/sudoers/defaults.c:312 #, c-format msgid "%s:%d invalid Defaults type 0x%x for option \"%s\"" msgstr "%s:%d tipo Defaults 0x%x inválido para a opção \"%s\"" -#: plugins/sudoers/defaults.c:356 +#: plugins/sudoers/defaults.c:315 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s tipo Defaults 0x%x inválido para a opção \"%s\"" -#: plugins/sudoers/defaults.c:366 +#: plugins/sudoers/defaults.c:325 #, c-format msgid "%s:%d value \"%s\" is invalid for option \"%s\"" msgstr "%s:%d valor \"%s\" é inválido para a opção \"%s\"" -#: plugins/sudoers/defaults.c:369 +#: plugins/sudoers/defaults.c:328 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s valor \"%s\" é inválido para a opção \"%s\"" @@ -1275,11 +1751,11 @@ msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: envp corrompido, tamanho trocado" -#: plugins/sudoers/env.c:1132 +#: plugins/sudoers/env.c:1133 msgid "unable to rebuild the environment" msgstr "impossível reconstruir o ambiente" -#: plugins/sudoers/env.c:1206 +#: plugins/sudoers/env.c:1207 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "desculpe, não tem permissão para definir as seguintes variáveis de ambiente: %s" @@ -1304,27 +1780,27 @@ msgid "%s: read error" msgstr "%s: erro de leitura" -#: plugins/sudoers/group_plugin.c:90 +#: plugins/sudoers/group_plugin.c:91 #, c-format msgid "%s must be owned by uid %d" msgstr "%s tem de ser propriedade de uid %d" -#: plugins/sudoers/group_plugin.c:94 +#: plugins/sudoers/group_plugin.c:95 #, c-format msgid "%s must only be writable by owner" msgstr "%s só pode ter permissão de escrita para o dono" -#: plugins/sudoers/group_plugin.c:102 plugins/sudoers/sssd.c:562 +#: plugins/sudoers/group_plugin.c:104 plugins/sudoers/sssd.c:562 #, c-format msgid "unable to load %s: %s" msgstr "impossível carregar %s: %s" -#: plugins/sudoers/group_plugin.c:108 +#: plugins/sudoers/group_plugin.c:110 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "impossível encontrar o símbolo \"group_plugin\" em %s" -#: plugins/sudoers/group_plugin.c:113 +#: plugins/sudoers/group_plugin.c:115 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: versão principal de extensão de grupo %d incompatível, esperada %d" @@ -1343,87 +1819,143 @@ msgid "Local IP address and netmask pairs:\n" msgstr "Pares endereço IP local e netmask:\n" -#: plugins/sudoers/iolog.c:117 plugins/sudoers/mkdir_parents.c:82 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s existe mas não é uma pasta (0%o)" - -#: plugins/sudoers/iolog.c:142 plugins/sudoers/iolog.c:182 -#: plugins/sudoers/mkdir_parents.c:71 plugins/sudoers/timestamp.c:212 -#, c-format -msgid "unable to mkdir %s" -msgstr "impossível criar pasta %s" - -#: plugins/sudoers/iolog.c:186 plugins/sudoers/visudo.c:739 -#: plugins/sudoers/visudo.c:750 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "impossível alterar o modo de %s para 0%o" - -#: plugins/sudoers/iolog.c:294 plugins/sudoers/sudoers.c:1194 +#: plugins/sudoers/iolog.c:146 plugins/sudoers/sudoers.c:398 +#: plugins/sudoers/sudoers.c:400 plugins/sudoers/sudoers.c:1289 #: plugins/sudoers/testsudoers.c:424 #, c-format msgid "unknown group: %s" msgstr "grupo desconhecido: %s" -#: plugins/sudoers/iolog.c:464 plugins/sudoers/sudoers.c:918 -#: plugins/sudoers/sudoreplay.c:846 plugins/sudoers/sudoreplay.c:1542 -#: plugins/sudoers/tsdump.c:145 +#: plugins/sudoers/iolog.c:505 plugins/sudoers/iolog.c:788 +#: plugins/sudoers/iolog.c:938 plugins/sudoers/iolog.c:945 +#: plugins/sudoers/iolog.c:1066 plugins/sudoers/iolog.c:1073 +#: plugins/sudoers/iolog.c:1172 plugins/sudoers/iolog.c:1179 #, c-format -msgid "unable to read %s" -msgstr "impossível ler %s" +msgid "unable to write to I/O log file: %s" +msgstr "impossível escrever no ficheiro de E/S: %s" -#: plugins/sudoers/iolog.c:579 plugins/sudoers/iolog.c:801 -#, c-format -msgid "unable to create %s" -msgstr "impossível criar %s" +#: plugins/sudoers/iolog.c:555 +msgid "unable to update sequence file" +msgstr "impossível actualizar o ficheiro de sequência" -#: plugins/sudoers/iolog.c:824 plugins/sudoers/iolog.c:1039 -#: plugins/sudoers/iolog.c:1115 plugins/sudoers/iolog.c:1209 -#: plugins/sudoers/iolog.c:1270 +#: plugins/sudoers/iolog.c:594 #, c-format -msgid "unable to write to I/O log file: %s" -msgstr "impossível escrever no ficheiro de E/S: %s" +msgid "unable to create %s/%s" +msgstr "impossível criar %s/%s" + +#: plugins/sudoers/iolog.c:622 +msgid "unable to connect to log server" +msgstr "impossível ligar ao servidor de diários" -#: plugins/sudoers/iolog.c:1073 +#: plugins/sudoers/iolog.c:830 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s: erro interno, ficheiro de diário E/S do evento %d não aberto" -#: plugins/sudoers/iolog.c:1233 +#: plugins/sudoers/iolog.c:923 plugins/sudoers/iolog.c:1051 +#: plugins/sudoers/iolog.c:1156 plugins/sudoers/timestamp.c:862 +#: plugins/sudoers/timestamp.c:954 plugins/sudoers/visudo.c:498 +#: plugins/sudoers/visudo.c:504 +msgid "unable to read the clock" +msgstr "impossível ler o relógio" + +#: plugins/sudoers/iolog.c:1148 plugins/sudoers/iolog_client.c:862 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "%s: erro interno, sinal inválido %d" -#: plugins/sudoers/iolog_util.c:90 +#: plugins/sudoers/iolog_client.c:297 #, c-format -msgid "%s: invalid log file" -msgstr "%s: ficheiro de diário inválido" +msgid "Creation of new SSL_CTX object failed: %s" +msgstr "Falha ao criar o novo objecto SSL_CTX: %s" -#: plugins/sudoers/iolog_util.c:108 +#: plugins/sudoers/iolog_client.c:320 +msgid "CA bundle file is not set in sudoers" +msgstr "Ficheiro de pacote CA não definido em sudoers" + +#: plugins/sudoers/iolog_client.c:327 #, c-format -msgid "%s: time stamp field is missing" -msgstr "%s: campo de datação em falta" +msgid "Calling SSL_CTX_load_verify_locations() failed: %s" +msgstr "Falha ao chamar SSL_CTX_load_verify_locations(): %s" -#: plugins/sudoers/iolog_util.c:114 +#: plugins/sudoers/iolog_client.c:339 +msgid "Signed certificate file is not set in sudoers" +msgstr "Ficheiro de certificado assinado não definido em sudoers" + +#: plugins/sudoers/iolog_client.c:345 #, c-format -msgid "%s: time stamp %s: %s" -msgstr "%s: datação %s: %s" +msgid "Unable to load cert into the ssl context: %s" +msgstr "Impossível carregar certificado no contexto ssl: %s" -#: plugins/sudoers/iolog_util.c:121 +#: plugins/sudoers/iolog_client.c:356 #, c-format -msgid "%s: user field is missing" -msgstr "%s: campo de utilizador em falta" +msgid "Unable to load private key into the ssl context: %s" +msgstr "Impossível carregar chave privada no contexto ssl: %s" -#: plugins/sudoers/iolog_util.c:130 +#: plugins/sudoers/iolog_client.c:363 #, c-format -msgid "%s: runas user field is missing" -msgstr "%s: campo de utilizador runas em falta" +msgid "Unable to allocate ssl object: %s" +msgstr "Impossível alocar objecto ssl: %s" -#: plugins/sudoers/iolog_util.c:139 +#: plugins/sudoers/iolog_client.c:369 #, c-format -msgid "%s: runas group field is missing" -msgstr "%s: campo de grupo runas em falta" +msgid "Unable to attach socket to the ssl object: %s" +msgstr "Impossível anexar socket ao objecto ssl: %s" + +#: plugins/sudoers/iolog_client.c:457 +#, c-format +msgid "SSL_connect failed: ssl_error=%d, stack=%s" +msgstr "SSL_connect falhoud: ssl_error=%d, stack=%s" + +#: plugins/sudoers/iolog_client.c:599 +#, c-format +msgid "client message too large: %zu" +msgstr "mensagem do cliente muito grande: %zu" + +#: plugins/sudoers/iolog_client.c:656 plugins/sudoers/iolog_client.c:844 +msgid "unable to get time of day" +msgstr "impossível obter hora do dia" + +#: plugins/sudoers/iolog_client.c:871 +#, c-format +msgid "%s: internal error, invalid exit status %d" +msgstr "%s: erro interno, sinal de saída %d inválido" + +#: plugins/sudoers/iolog_client.c:1104 +msgid "TLS initialization was unsuccessful" +msgstr "Inicialização TLS sem sucesso" + +#: plugins/sudoers/iolog_client.c:1109 +msgid "TLS handshake was unsuccessful" +msgstr "handshake TLS sem sucesso" + +#: plugins/sudoers/iolog_client.c:1361 +#, c-format +msgid "SSL_read failed: ssl_error=%d, stack=%s" +msgstr "SSL_read falhou: ssl_error=%d, stack=%s" + +#: plugins/sudoers/iolog_client.c:1384 +msgid "lost connection to log server" +msgstr "ligação ao servidor de diários perdida" + +#: plugins/sudoers/iolog_client.c:1397 +#, c-format +msgid "server message too large: %u" +msgstr "mensagem do servidor muito grande: %u" + +#: plugins/sudoers/iolog_client.c:1461 +msgid "missing write buffer" +msgstr "buffer de escrita em falta" + +#: plugins/sudoers/iolog_client.c:1486 +#, c-format +msgid "SSL_write failed: ssl_error=%d, stack=%s" +msgstr "SSL_write falhou: ssl_error=%d, stack=%s" + +#: plugins/sudoers/iolog_client.c:1610 +#, c-format +msgid "unknown address family: %d" +msgstr "família de endereços desconhecida: %d" #: plugins/sudoers/ldap.c:178 plugins/sudoers/ldap_conf.c:296 msgid "starttls not supported when using ldaps" @@ -1448,7 +1980,7 @@ msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls especificado mas LDAP libs não suporta ldap_start_tls_s() ou ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:734 +#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:747 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "atributo sudoOrder inválido: %s" @@ -1466,7 +1998,7 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "impossível misturar URIs ldap e ldaps" -#: plugins/sudoers/ldap_util.c:456 plugins/sudoers/ldap_util.c:458 +#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "impossível converter sudoOption: %s%s%s" @@ -1479,80 +2011,62 @@ msgid "unable to send audit message" msgstr "impossível enviar mensagem de auditoria" -#: plugins/sudoers/logging.c:120 -#, c-format -msgid "%8s : %s" -msgstr "%8s : %s" - -#: plugins/sudoers/logging.c:148 -#, c-format -msgid "%8s : (command continued) %s" -msgstr "%8s : (comando continuado) %s" - -#: plugins/sudoers/logging.c:177 +#: plugins/sudoers/logging.c:175 #, c-format msgid "unable to open log file: %s" msgstr "impossível abrir o diário: %s" -#: plugins/sudoers/logging.c:185 +#: plugins/sudoers/logging.c:183 #, c-format msgid "unable to lock log file: %s" msgstr "impossível bloquear o diário: %s" -#: plugins/sudoers/logging.c:218 +#: plugins/sudoers/logging.c:216 #, c-format msgid "unable to write log file: %s" msgstr "impossível escrever o diário: %s" -#: plugins/sudoers/logging.c:248 -msgid "No user or host" -msgstr "Sem utilizador ou anfitrião" - -#: plugins/sudoers/logging.c:250 -msgid "validation failure" -msgstr "falha de validação" - -#: plugins/sudoers/logging.c:261 +#: plugins/sudoers/logging.c:249 msgid "user NOT in sudoers" msgstr "utilizador NÃO está no sudores" -#: plugins/sudoers/logging.c:263 +#: plugins/sudoers/logging.c:251 msgid "user NOT authorized on host" msgstr "utilizador NÃO autorizado no anfitrião" -#: plugins/sudoers/logging.c:265 +#: plugins/sudoers/logging.c:253 msgid "command not allowed" msgstr "comando não permitido" -#: plugins/sudoers/logging.c:301 +#: plugins/sudoers/logging.c:296 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s não está no ficheiro sudoers. O incidente será reportado.\n" -#: plugins/sudoers/logging.c:304 +#: plugins/sudoers/logging.c:299 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s não tem permissão para executar sudo em %s. O incidente será reportado.\n" -#: plugins/sudoers/logging.c:308 +#: plugins/sudoers/logging.c:303 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Desculpe, %s não pode executar sudo em %s.\n" -#: plugins/sudoers/logging.c:311 +#: plugins/sudoers/logging.c:306 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Desculpe, %s não tem permissão para executar \"%s%s%s\" como %s%s%s em %s.\n" -#: plugins/sudoers/logging.c:348 plugins/sudoers/sudoers.c:442 -#: plugins/sudoers/sudoers.c:444 plugins/sudoers/sudoers.c:446 -#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:603 -#: plugins/sudoers/sudoers.c:605 +#: plugins/sudoers/logging.c:343 plugins/sudoers/sudoers.c:518 +#: plugins/sudoers/sudoers.c:520 plugins/sudoers/sudoers.c:522 +#: plugins/sudoers/sudoers.c:524 plugins/sudoers/sudoers.c:675 +#: plugins/sudoers/sudoers.c:677 #, c-format msgid "%s: command not found" msgstr "%s: comando não encontrado" -#: plugins/sudoers/logging.c:350 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/logging.c:345 plugins/sudoers/sudoers.c:514 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -1561,52 +2075,46 @@ "a ignorar \"%s\" encontrado em \".\"\n" "Use \"sudo ./%s\" se este é o \"%s\" que deseja executar." -#: plugins/sudoers/logging.c:367 +#: plugins/sudoers/logging.c:362 msgid "authentication failure" msgstr "falha de autenticação" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:388 msgid "a password is required" msgstr "é necessária uma senha" -#: plugins/sudoers/logging.c:463 +#: plugins/sudoers/logging.c:458 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u tentativa incorrecta" msgstr[1] "%u tentativas incorrectas" -#: plugins/sudoers/logging.c:728 +#: plugins/sudoers/logging.c:722 #, c-format msgid "unable to dup stdin: %m" msgstr "impossível duplicar stdin: %m" -#: plugins/sudoers/logging.c:768 +#: plugins/sudoers/logging.c:759 #, c-format msgid "unable to execute %s: %m" msgstr "impossível executar %s: %m" -#: plugins/sudoers/logging.c:809 plugins/sudoers/logging.c:865 +#: plugins/sudoers/logging.c:800 plugins/sudoers/logging.c:856 #, c-format msgid "unable to fork: %m" msgstr "impossível bifurcar: %m" -#: plugins/sudoers/logging.c:855 +#: plugins/sudoers/logging.c:846 #, c-format msgid "unable to open pipe: %m" msgstr "impossível abrir túnel: %m" -#: plugins/sudoers/match_digest.c:103 +#: plugins/sudoers/match_digest.c:123 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "resumo para %s (%s) não está na forma %s" -#: plugins/sudoers/mkdir_parents.c:77 plugins/sudoers/sudoers.c:943 -#: plugins/sudoers/visudo.c:437 plugins/sudoers/visudo.c:733 -#, c-format -msgid "unable to stat %s" -msgstr "impossível obter informações de %s" - #: plugins/sudoers/parse.c:449 #, c-format msgid "" @@ -1665,22 +2173,22 @@ msgid "User %s is not allowed to run sudo on %s.\n" msgstr "O utilizador %s não tem permissão para executar sudo em %s.\n" -#: plugins/sudoers/parse_ldif.c:604 +#: plugins/sudoers/parse_ldif.c:617 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "a ignorar sudoRole incompleto: cn: %s" -#: plugins/sudoers/parse_ldif.c:664 +#: plugins/sudoers/parse_ldif.c:677 #, c-format msgid "invalid LDIF attribute: %s" msgstr "atributo LDIF inválido: %s" -#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:116 +#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:115 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "%.*s inválido definido pelo front-end do sudo" -#: plugins/sudoers/policy.c:295 plugins/sudoers/testsudoers.c:280 +#: plugins/sudoers/policy.c:294 plugins/sudoers/testsudoers.c:280 msgid "unable to parse network address list" msgstr "impossível analisar a lista de endereços da rede" @@ -1700,23 +2208,23 @@ msgid "host name not set by sudo front-end" msgstr "Nome de anfitrião não definido pelo front-end do sudo" -#: plugins/sudoers/policy.c:808 plugins/sudoers/visudo.c:236 +#: plugins/sudoers/policy.c:897 plugins/sudoers/visudo.c:236 #: plugins/sudoers/visudo.c:867 #, c-format msgid "unable to execute %s" msgstr "impossível executar %s" -#: plugins/sudoers/policy.c:939 +#: plugins/sudoers/policy.c:1055 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Extensão de política sudoers versão %s\n" -#: plugins/sudoers/policy.c:941 +#: plugins/sudoers/policy.c:1057 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Gramática do ficheiro sudoers versão %d\n" -#: plugins/sudoers/policy.c:945 +#: plugins/sudoers/policy.c:1061 #, c-format msgid "" "\n" @@ -1725,22 +2233,22 @@ "\n" "Caminho do sudoers: %s\n" -#: plugins/sudoers/policy.c:948 +#: plugins/sudoers/policy.c:1064 #, c-format msgid "nsswitch path: %s\n" msgstr "caminho nsswitch: %s\n" -#: plugins/sudoers/policy.c:950 +#: plugins/sudoers/policy.c:1066 #, c-format msgid "ldap.conf path: %s\n" msgstr "caminho do ldap.conf: %s\n" -#: plugins/sudoers/policy.c:951 +#: plugins/sudoers/policy.c:1067 #, c-format msgid "ldap.secret path: %s\n" msgstr "caminho do ldap.secret: %s\n" -#: plugins/sudoers/policy.c:984 +#: plugins/sudoers/policy.c:1100 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "impossível registar hook do tipo %d (versão %d.%d)" @@ -1809,48 +2317,48 @@ msgid "unable to parse gids for %s" msgstr "impossível analisar gids para %s" -#: plugins/sudoers/set_perms.c:120 plugins/sudoers/set_perms.c:478 -#: plugins/sudoers/set_perms.c:921 plugins/sudoers/set_perms.c:1254 -#: plugins/sudoers/set_perms.c:1573 +#: plugins/sudoers/set_perms.c:120 plugins/sudoers/set_perms.c:447 +#: plugins/sudoers/set_perms.c:850 plugins/sudoers/set_perms.c:1156 +#: plugins/sudoers/set_perms.c:1450 msgid "perm stack overflow" msgstr "transporte de pilha perm" -#: plugins/sudoers/set_perms.c:128 plugins/sudoers/set_perms.c:409 -#: plugins/sudoers/set_perms.c:486 plugins/sudoers/set_perms.c:788 -#: plugins/sudoers/set_perms.c:929 plugins/sudoers/set_perms.c:1178 -#: plugins/sudoers/set_perms.c:1262 plugins/sudoers/set_perms.c:1506 -#: plugins/sudoers/set_perms.c:1581 plugins/sudoers/set_perms.c:1672 +#: plugins/sudoers/set_perms.c:128 plugins/sudoers/set_perms.c:378 +#: plugins/sudoers/set_perms.c:455 plugins/sudoers/set_perms.c:717 +#: plugins/sudoers/set_perms.c:858 plugins/sudoers/set_perms.c:1080 +#: plugins/sudoers/set_perms.c:1164 plugins/sudoers/set_perms.c:1383 +#: plugins/sudoers/set_perms.c:1458 plugins/sudoers/set_perms.c:1548 msgid "perm stack underflow" msgstr "importe de pilha perm" -#: plugins/sudoers/set_perms.c:187 plugins/sudoers/set_perms.c:532 -#: plugins/sudoers/set_perms.c:1315 plugins/sudoers/set_perms.c:1614 +#: plugins/sudoers/set_perms.c:187 plugins/sudoers/set_perms.c:501 +#: plugins/sudoers/set_perms.c:1217 plugins/sudoers/set_perms.c:1491 msgid "unable to change to root gid" msgstr "impossível mudar para gid root" -#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:629 -#: plugins/sudoers/set_perms.c:1060 plugins/sudoers/set_perms.c:1392 +#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:598 +#: plugins/sudoers/set_perms.c:989 plugins/sudoers/set_perms.c:1294 msgid "unable to change to runas gid" msgstr "impossível mudar para gid runas" -#: plugins/sudoers/set_perms.c:283 plugins/sudoers/set_perms.c:634 -#: plugins/sudoers/set_perms.c:1065 plugins/sudoers/set_perms.c:1397 +#: plugins/sudoers/set_perms.c:283 plugins/sudoers/set_perms.c:603 +#: plugins/sudoers/set_perms.c:994 plugins/sudoers/set_perms.c:1299 msgid "unable to set runas group vector" msgstr "impossível definir vector de grupo runas" -#: plugins/sudoers/set_perms.c:294 plugins/sudoers/set_perms.c:645 -#: plugins/sudoers/set_perms.c:1074 plugins/sudoers/set_perms.c:1406 +#: plugins/sudoers/set_perms.c:294 plugins/sudoers/set_perms.c:614 +#: plugins/sudoers/set_perms.c:1003 plugins/sudoers/set_perms.c:1308 msgid "unable to change to runas uid" msgstr "impossível mudar para uid runas" -#: plugins/sudoers/set_perms.c:312 plugins/sudoers/set_perms.c:663 -#: plugins/sudoers/set_perms.c:1090 plugins/sudoers/set_perms.c:1422 +#: plugins/sudoers/set_perms.c:312 plugins/sudoers/set_perms.c:632 +#: plugins/sudoers/set_perms.c:1019 plugins/sudoers/set_perms.c:1324 msgid "unable to change to sudoers gid" msgstr "impossível mudar para gid sudoers" -#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 -#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 -#: plugins/sudoers/set_perms.c:1659 +#: plugins/sudoers/set_perms.c:365 plugins/sudoers/set_perms.c:704 +#: plugins/sudoers/set_perms.c:1067 plugins/sudoers/set_perms.c:1370 +#: plugins/sudoers/set_perms.c:1535 msgid "too many processes" msgstr "demasiados processos" @@ -1883,209 +2391,228 @@ msgid "unable to find symbol \"%s\" in %s" msgstr "impossível encontrar símbolo \"%s\" em %s" -#: plugins/sudoers/sudoers.c:212 plugins/sudoers/sudoers.c:871 +#: plugins/sudoers/sudoers.c:221 plugins/sudoers/sudoers.c:958 msgid "problem with defaults entries" msgstr "problema com entradas defaults" -#: plugins/sudoers/sudoers.c:216 +#: plugins/sudoers/sudoers.c:225 msgid "no valid sudoers sources found, quitting" msgstr "sme fontes sudoers válidas, a sair" -#: plugins/sudoers/sudoers.c:254 +#: plugins/sudoers/sudoers.c:301 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers especifica que root não tem permissão para sudo" -#: plugins/sudoers/sudoers.c:312 +#: plugins/sudoers/sudoers.c:361 +msgid "user not allowed to override closefrom limit" +msgstr "utilizador não autorizado a sobrepor o limite closefrom" + +#: plugins/sudoers/sudoers.c:362 msgid "you are not permitted to use the -C option" msgstr "não tem permissão para usar a opção -C" -#: plugins/sudoers/sudoers.c:359 +#: plugins/sudoers/sudoers.c:426 #, c-format msgid "timestamp owner (%s): No such user" msgstr "dono da datação (%s): utilizador inexistente" -#: plugins/sudoers/sudoers.c:374 +#: plugins/sudoers/sudoers.c:441 msgid "no tty" msgstr "sem tty" -#: plugins/sudoers/sudoers.c:375 +#: plugins/sudoers/sudoers.c:442 msgid "sorry, you must have a tty to run sudo" msgstr "desculpe, tem de ter um tty para executar sudo" -#: plugins/sudoers/sudoers.c:437 +#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:450 +#, c-format +msgid "invalid shell for user %s: %s" +msgstr "shell inválida para o utilizador %s: %s" + +#: plugins/sudoers/sudoers.c:513 msgid "command in current directory" msgstr "comando na pasta actual" -#: plugins/sudoers/sudoers.c:456 +#: plugins/sudoers/sudoers.c:532 +msgid "user not allowed to set a command timeout" +msgstr "utilizador sem permissão para definir um tempo de expiração" + +#: plugins/sudoers/sudoers.c:533 msgid "sorry, you are not allowed set a command timeout" msgstr "desculpe, não tem permissão para definir um tempo de inacção" -#: plugins/sudoers/sudoers.c:464 +#: plugins/sudoers/sudoers.c:541 +msgid "user not allowed to set a preserve the environment" +msgstr "utilizador sem permissão para definir preservar o ambiente" + +#: plugins/sudoers/sudoers.c:542 msgid "sorry, you are not allowed to preserve the environment" msgstr "desculpe, não tem permissão para preservar o ambiente" -#: plugins/sudoers/sudoers.c:815 +#: plugins/sudoers/sudoers.c:893 msgid "command too long" msgstr "comando muito longo" -#: plugins/sudoers/sudoers.c:947 +#: plugins/sudoers/sudoers.c:951 +msgid "sudoedit doesn't need to be run via sudo" +msgstr "sudoedit não precisa de ser executado via sudo" + +#: plugins/sudoers/sudoers.c:1005 plugins/sudoers/sudoreplay.c:1502 +#: plugins/sudoers/tsdump.c:145 +#, c-format +msgid "unable to read %s" +msgstr "impossível ler %s" + +#: plugins/sudoers/sudoers.c:1030 plugins/sudoers/visudo.c:437 +#: plugins/sudoers/visudo.c:733 +#, c-format +msgid "unable to stat %s" +msgstr "impossível obter informações de %s" + +#: plugins/sudoers/sudoers.c:1034 #, c-format msgid "%s is not a regular file" msgstr "%s não é um ficheiro normal" -#: plugins/sudoers/sudoers.c:951 plugins/sudoers/timestamp.c:259 toke.l:967 +#: plugins/sudoers/sudoers.c:1038 plugins/sudoers/timestamp.c:259 toke.l:967 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s é propriedade de uid %u, deveria ser %u" -#: plugins/sudoers/sudoers.c:955 toke.l:972 +#: plugins/sudoers/sudoers.c:1042 toke.l:972 #, c-format msgid "%s is world writable" msgstr "%s é escrito universalmente" -#: plugins/sudoers/sudoers.c:959 toke.l:975 +#: plugins/sudoers/sudoers.c:1046 toke.l:975 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s é propriedade de gid %u, deveria ser %u" -#: plugins/sudoers/sudoers.c:992 +#: plugins/sudoers/sudoers.c:1079 #, c-format msgid "only root can use \"-c %s\"" msgstr "só root pode usar \"-c %s\"" -#: plugins/sudoers/sudoers.c:1011 +#: plugins/sudoers/sudoers.c:1098 #, c-format msgid "unknown login class: %s" msgstr "classe de sessão desconhecida: %s" -#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoers.c:1110 +#: plugins/sudoers/sudoers.c:1183 plugins/sudoers/sudoers.c:1198 #, c-format msgid "unable to resolve host %s" msgstr "impossível resolver o anfitrião %s" -#: plugins/sudoers/sudoreplay.c:250 +#: plugins/sudoers/sudoreplay.c:263 #, c-format msgid "invalid filter option: %s" msgstr "opção de filtro inválida: %s" -#: plugins/sudoers/sudoreplay.c:263 +#: plugins/sudoers/sudoreplay.c:276 #, c-format msgid "invalid max wait: %s" msgstr "espera máxima inválida: %s" -#: plugins/sudoers/sudoreplay.c:286 +#: plugins/sudoers/sudoreplay.c:299 #, c-format msgid "invalid speed factor: %s" msgstr "factor de velocidade inválido: %s" -#: plugins/sudoers/sudoreplay.c:321 +#: plugins/sudoers/sudoreplay.c:335 #, c-format -msgid "%s/%.2s/%.2s/%.2s/timing: %s" -msgstr "%s/%.2s/%.2s/%.2s/temporização: %s" +msgid "%s/%.2s/%.2s/%.2s: %s" +msgstr "%s/%.2s/%.2s/%.2s: %s" -#: plugins/sudoers/sudoreplay.c:326 +#: plugins/sudoers/sudoreplay.c:340 #, c-format msgid "%s/timing: %s" msgstr "%s/temporização: %s" -#: plugins/sudoers/sudoreplay.c:330 +#: plugins/sudoers/sudoreplay.c:344 #, c-format -msgid "%s/%s/timing: %s" -msgstr "%s/%s/temporização: %s" +msgid "%s/%s: %s" +msgstr "%s/%s: %s" -#: plugins/sudoers/sudoreplay.c:346 +#: plugins/sudoers/sudoreplay.c:372 #, c-format msgid "Replaying sudo session: %s" msgstr "A reproduzir sessão sudo: %s" -#: plugins/sudoers/sudoreplay.c:544 plugins/sudoers/sudoreplay.c:591 -#: plugins/sudoers/sudoreplay.c:789 plugins/sudoers/sudoreplay.c:898 -#: plugins/sudoers/sudoreplay.c:983 plugins/sudoers/sudoreplay.c:998 -#: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/sudoreplay.c:1012 -#: plugins/sudoers/sudoreplay.c:1019 plugins/sudoers/sudoreplay.c:1026 -#: plugins/sudoers/sudoreplay.c:1174 -msgid "unable to add event to queue" -msgstr "impossível adicionar evento à fila" - -#: plugins/sudoers/sudoreplay.c:659 +#: plugins/sudoers/sudoreplay.c:634 msgid "unable to set tty to raw mode" msgstr "impossível definir tty para modo raw" -#: plugins/sudoers/sudoreplay.c:710 +#: plugins/sudoers/sudoreplay.c:685 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Aviso: o seu terminal é muito pequeno para reproduzir correctamente o diário.\n" -#: plugins/sudoers/sudoreplay.c:711 +#: plugins/sudoers/sudoreplay.c:686 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "A geometria do diário é %d x %d, o seu terminal é %d x %d." -#: plugins/sudoers/sudoreplay.c:739 +#: plugins/sudoers/sudoreplay.c:714 msgid "Replay finished, press any key to restore the terminal." msgstr "Reprodução terminada, prima qualquer tecla para restaurar o terminal." -#: plugins/sudoers/sudoreplay.c:772 -#, c-format -msgid "invalid timing file line: %s" -msgstr "linha de ficheiro de temporização inválida : %s" - -#: plugins/sudoers/sudoreplay.c:1208 plugins/sudoers/sudoreplay.c:1233 +#: plugins/sudoers/sudoreplay.c:1161 plugins/sudoers/sudoreplay.c:1186 #, c-format msgid "ambiguous expression \"%s\"" msgstr "expressão ambígua \"%s\"" -#: plugins/sudoers/sudoreplay.c:1255 +#: plugins/sudoers/sudoreplay.c:1208 msgid "unmatched ')' in expression" msgstr "\")\" sem par em expressão" -#: plugins/sudoers/sudoreplay.c:1259 +#: plugins/sudoers/sudoreplay.c:1212 #, c-format msgid "unknown search term \"%s\"" msgstr "termo de procura \"%s\" desconhecido" -#: plugins/sudoers/sudoreplay.c:1274 +#: plugins/sudoers/sudoreplay.c:1227 #, c-format msgid "%s requires an argument" msgstr "%s requer um argumento" -#: plugins/sudoers/sudoreplay.c:1277 plugins/sudoers/sudoreplay.c:1518 +#: plugins/sudoers/sudoreplay.c:1230 plugins/sudoers/sudoreplay.c:1478 #, c-format msgid "invalid regular expression: %s" msgstr "expressão regular inválida: %s" -#: plugins/sudoers/sudoreplay.c:1281 +#: plugins/sudoers/sudoreplay.c:1234 #, c-format msgid "could not parse date \"%s\"" msgstr "impossível analisar a data \"%s\"" -#: plugins/sudoers/sudoreplay.c:1290 +#: plugins/sudoers/sudoreplay.c:1243 msgid "unmatched '(' in expression" msgstr "\"(\" sem par em expressão" -#: plugins/sudoers/sudoreplay.c:1292 +#: plugins/sudoers/sudoreplay.c:1245 msgid "illegal trailing \"or\"" msgstr "\"or\" final ilegal" -#: plugins/sudoers/sudoreplay.c:1294 +#: plugins/sudoers/sudoreplay.c:1247 msgid "illegal trailing \"!\"" msgstr "\"!\" final ilegal" -#: plugins/sudoers/sudoreplay.c:1344 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "unknown search type %d" msgstr "tipo de procura %d desconhecido" -#: plugins/sudoers/sudoreplay.c:1611 +#: plugins/sudoers/sudoreplay.c:1569 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "uso: %s [-hnRS] [-d pasta] [-m núm] [-s núm] ID\n" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1572 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "uso: %s [-h] [-d pasta] -l [expressão de procura]\n" -#: plugins/sudoers/sudoreplay.c:1623 +#: plugins/sudoers/sudoreplay.c:1581 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2094,7 +2621,7 @@ "%s - reproduz os diários de sessão sudo\n" "\n" -#: plugins/sudoers/sudoreplay.c:1625 +#: plugins/sudoers/sudoreplay.c:1583 msgid "" "\n" "Options:\n" @@ -2155,35 +2682,34 @@ msgid "%s is group writable" msgstr "%s é escrito pelo grupo" -#: plugins/sudoers/timestamp.c:343 +#: plugins/sudoers/timestamp.c:343 plugins/sudoers/timestamp.c:687 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "impossível truncar o ficheiro de datação para %lld bytes" -#: plugins/sudoers/timestamp.c:829 plugins/sudoers/timestamp.c:921 -#: plugins/sudoers/visudo.c:498 plugins/sudoers/visudo.c:504 -msgid "unable to read the clock" -msgstr "impossível ler o relógio" - -#: plugins/sudoers/timestamp.c:840 +#: plugins/sudoers/timestamp.c:873 msgid "ignoring time stamp from the future" msgstr "a ignorar datação do futuro" -#: plugins/sudoers/timestamp.c:863 +#: plugins/sudoers/timestamp.c:896 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "datação demasiado no futuro: %20.20s" -#: plugins/sudoers/timestamp.c:985 +#: plugins/sudoers/timestamp.c:1018 #, c-format msgid "unable to lock time stamp file %s" msgstr "impossível bloquear ficheiro de datação %s" -#: plugins/sudoers/timestamp.c:1029 plugins/sudoers/timestamp.c:1049 +#: plugins/sudoers/timestamp.c:1062 plugins/sudoers/timestamp.c:1082 #, c-format msgid "lecture status path too long: %s/%s" msgstr "caminho do estado da lição de moral muito longo: %s/%s" +#: plugins/sudoers/toke_util.c:132 +msgid "sudoedit should not be specified with a path" +msgstr "sudoedit não deve ser especificado com um caminho" + #: plugins/sudoers/visudo.c:232 msgid "the -x option will be removed in a future release" msgstr "a opção -x será removida numa futura versão" @@ -2374,6 +2900,15 @@ msgid "too many levels of includes" msgstr "demasiados níveis de includes" +#~ msgid "No user or host" +#~ msgstr "Sem utilizador ou anfitrião" + +#~ msgid "validation failure" +#~ msgstr "falha de validação" + +#~ msgid "%s/%s/timing: %s" +#~ msgstr "%s/%s/temporização: %s" + #~ msgid "ignoring invalid attribute value: %s" #~ msgstr "a ignorar valor de atributo inválido: %s" diff -Nru sudo-1.8.31/plugins/sudoers/po/sudoers.pot sudo-1.9.0/plugins/sudoers/po/sudoers.pot --- sudo-1.8.31/plugins/sudoers/po/sudoers.pot 2019-12-31 13:13:03.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/po/sudoers.pot 2020-05-11 16:28:23.000000000 +0000 @@ -5,9 +5,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.29\n" +"Project-Id-Version: sudo 1.9.0\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" +"POT-Creation-Date: 2020-05-07 12:22-0600\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -41,38 +41,45 @@ msgid "Sorry, try again." msgstr "" -#: gram.y:196 gram.y:244 gram.y:251 gram.y:258 gram.y:265 gram.y:272 gram.y:288 -#: gram.y:312 gram.y:319 gram.y:326 gram.y:333 gram.y:340 gram.y:403 gram.y:412 -#: gram.y:423 gram.y:456 gram.y:463 gram.y:470 gram.y:477 gram.y:559 gram.y:566 -#: gram.y:575 gram.y:584 gram.y:601 gram.y:713 gram.y:720 gram.y:727 gram.y:735 -#: gram.y:835 gram.y:842 gram.y:849 gram.y:856 gram.y:863 gram.y:889 gram.y:896 -#: gram.y:903 gram.y:1026 gram.y:1303 plugins/sudoers/alias.c:132 -#: plugins/sudoers/alias.c:139 plugins/sudoers/alias.c:155 -#: plugins/sudoers/auth/bsdauth.c:148 plugins/sudoers/auth/kerb5.c:123 -#: plugins/sudoers/auth/kerb5.c:149 plugins/sudoers/auth/pam.c:670 -#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/auth/sia.c:64 -#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:165 -#: plugins/sudoers/cvtsudoers.c:182 plugins/sudoers/cvtsudoers.c:193 -#: plugins/sudoers/cvtsudoers.c:305 plugins/sudoers/cvtsudoers.c:433 -#: plugins/sudoers/cvtsudoers.c:566 plugins/sudoers/cvtsudoers.c:583 -#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 -#: plugins/sudoers/cvtsudoers.c:769 plugins/sudoers/cvtsudoers.c:1179 -#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1285 +#: gram.y:198 gram.y:246 gram.y:253 gram.y:260 gram.y:267 gram.y:274 gram.y:290 +#: gram.y:314 gram.y:321 gram.y:328 gram.y:335 gram.y:342 gram.y:405 gram.y:414 +#: gram.y:425 gram.y:458 gram.y:465 gram.y:472 gram.y:479 gram.y:506 gram.y:578 +#: gram.y:585 gram.y:594 gram.y:603 gram.y:620 gram.y:732 gram.y:739 gram.y:747 +#: gram.y:753 gram.y:853 gram.y:860 gram.y:867 gram.y:874 gram.y:881 gram.y:907 +#: gram.y:914 gram.y:921 gram.y:1063 gram.y:1342 lib/iolog/iolog_fileio.c:1084 +#: lib/iolog/iolog_json.c:127 lib/iolog/iolog_json.c:290 +#: lib/iolog/iolog_json.c:320 lib/iolog/iolog_json.c:442 +#: lib/iolog/iolog_util.c:112 lib/iolog/iolog_util.c:121 +#: lib/iolog/iolog_util.c:131 lib/iolog/iolog_util.c:139 +#: lib/iolog/iolog_util.c:143 lib/iolog/iolog_util.c:202 logsrvd/eventlog.c:223 +#: plugins/sudoers/alias.c:132 plugins/sudoers/alias.c:139 +#: plugins/sudoers/alias.c:155 plugins/sudoers/auth/bsdauth.c:148 +#: plugins/sudoers/auth/kerb5.c:123 plugins/sudoers/auth/kerb5.c:149 +#: plugins/sudoers/auth/pam.c:674 plugins/sudoers/auth/rfc1938.c:116 +#: plugins/sudoers/auth/sia.c:64 plugins/sudoers/cvtsudoers.c:124 +#: plugins/sudoers/cvtsudoers.c:165 plugins/sudoers/cvtsudoers.c:182 +#: plugins/sudoers/cvtsudoers.c:193 plugins/sudoers/cvtsudoers.c:305 +#: plugins/sudoers/cvtsudoers.c:433 plugins/sudoers/cvtsudoers.c:566 +#: plugins/sudoers/cvtsudoers.c:583 plugins/sudoers/cvtsudoers.c:646 +#: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:769 +#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1187 +#: plugins/sudoers/cvtsudoers.c:1289 plugins/sudoers/cvtsudoers_json.c:83 #: plugins/sudoers/cvtsudoers_ldif.c:154 plugins/sudoers/cvtsudoers_ldif.c:197 -#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:263 -#: plugins/sudoers/cvtsudoers_ldif.c:334 plugins/sudoers/cvtsudoers_ldif.c:389 -#: plugins/sudoers/cvtsudoers_ldif.c:397 plugins/sudoers/cvtsudoers_ldif.c:414 -#: plugins/sudoers/cvtsudoers_ldif.c:423 plugins/sudoers/cvtsudoers_ldif.c:570 -#: plugins/sudoers/defaults.c:666 plugins/sudoers/defaults.c:959 -#: plugins/sudoers/defaults.c:1130 plugins/sudoers/editor.c:72 +#: plugins/sudoers/cvtsudoers_ldif.c:238 plugins/sudoers/cvtsudoers_ldif.c:303 +#: plugins/sudoers/cvtsudoers_ldif.c:374 plugins/sudoers/cvtsudoers_ldif.c:429 +#: plugins/sudoers/cvtsudoers_ldif.c:437 plugins/sudoers/cvtsudoers_ldif.c:454 +#: plugins/sudoers/cvtsudoers_ldif.c:463 plugins/sudoers/cvtsudoers_ldif.c:610 +#: plugins/sudoers/defaults.c:633 plugins/sudoers/defaults.c:926 +#: plugins/sudoers/defaults.c:1059 plugins/sudoers/editor.c:72 #: plugins/sudoers/editor.c:90 plugins/sudoers/editor.c:101 #: plugins/sudoers/env.c:268 plugins/sudoers/filedigest.c:66 #: plugins/sudoers/filedigest.c:82 plugins/sudoers/gc.c:59 -#: plugins/sudoers/group_plugin.c:138 plugins/sudoers/interfaces.c:78 -#: plugins/sudoers/iolog.c:943 plugins/sudoers/iolog_path.c:174 -#: plugins/sudoers/iolog_util.c:86 plugins/sudoers/iolog_util.c:125 -#: plugins/sudoers/iolog_util.c:134 plugins/sudoers/iolog_util.c:144 -#: plugins/sudoers/iolog_util.c:152 plugins/sudoers/iolog_util.c:156 +#: plugins/sudoers/group_plugin.c:141 plugins/sudoers/interfaces.c:78 +#: plugins/sudoers/iolog.c:487 plugins/sudoers/iolog_client.c:109 +#: plugins/sudoers/iolog_client.c:380 plugins/sudoers/iolog_client.c:557 +#: plugins/sudoers/iolog_client.c:676 plugins/sudoers/iolog_client.c:694 +#: plugins/sudoers/iolog_client.c:1174 plugins/sudoers/iolog_client.c:1403 +#: plugins/sudoers/iolog_client.c:1721 plugins/sudoers/iolog_client.c:1749 #: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416 #: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432 #: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887 @@ -84,161 +91,172 @@ #: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446 #: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558 #: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:683 -#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:510 -#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/linux_audit.c:83 -#: plugins/sudoers/logging.c:202 plugins/sudoers/logging.c:532 -#: plugins/sudoers/logging.c:558 plugins/sudoers/logging.c:599 -#: plugins/sudoers/logging.c:740 plugins/sudoers/logging.c:1100 -#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:367 -#: plugins/sudoers/match_command.c:414 plugins/sudoers/match_command.c:485 -#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:200 -#: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:227 -#: plugins/sudoers/parse.c:239 plugins/sudoers/parse_ldif.c:156 -#: plugins/sudoers/parse_ldif.c:187 plugins/sudoers/parse_ldif.c:256 -#: plugins/sudoers/parse_ldif.c:263 plugins/sudoers/parse_ldif.c:268 -#: plugins/sudoers/parse_ldif.c:344 plugins/sudoers/parse_ldif.c:355 -#: plugins/sudoers/parse_ldif.c:361 plugins/sudoers/parse_ldif.c:386 -#: plugins/sudoers/parse_ldif.c:398 plugins/sudoers/parse_ldif.c:402 -#: plugins/sudoers/parse_ldif.c:416 plugins/sudoers/parse_ldif.c:584 -#: plugins/sudoers/parse_ldif.c:614 plugins/sudoers/parse_ldif.c:639 -#: plugins/sudoers/parse_ldif.c:697 plugins/sudoers/parse_ldif.c:714 -#: plugins/sudoers/parse_ldif.c:742 plugins/sudoers/parse_ldif.c:749 -#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:750 -#: plugins/sudoers/prompt.c:100 plugins/sudoers/pwutil.c:199 -#: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 -#: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:586 -#: plugins/sudoers/pwutil.c:657 plugins/sudoers/pwutil.c:816 -#: plugins/sudoers/pwutil.c:873 plugins/sudoers/pwutil.c:917 -#: plugins/sudoers/pwutil.c:975 plugins/sudoers/sssd.c:154 -#: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 -#: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 -#: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 -#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 -#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 -#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 -#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 -#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:114 -#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 -#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 +#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:331 +#: plugins/sudoers/ldap_util.c:338 plugins/sudoers/ldap_util.c:603 +#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:200 +#: plugins/sudoers/logging.c:527 plugins/sudoers/logging.c:553 +#: plugins/sudoers/logging.c:594 plugins/sudoers/logging.c:731 +#: plugins/sudoers/logging.c:1091 plugins/sudoers/match_command.c:249 +#: plugins/sudoers/match_command.c:397 plugins/sudoers/match_command.c:444 +#: plugins/sudoers/match_command.c:515 plugins/sudoers/match_digest.c:87 +#: plugins/sudoers/parse.c:200 plugins/sudoers/parse.c:212 +#: plugins/sudoers/parse.c:227 plugins/sudoers/parse.c:239 +#: plugins/sudoers/parse_ldif.c:156 plugins/sudoers/parse_ldif.c:187 +#: plugins/sudoers/parse_ldif.c:256 plugins/sudoers/parse_ldif.c:263 +#: plugins/sudoers/parse_ldif.c:268 plugins/sudoers/parse_ldif.c:344 +#: plugins/sudoers/parse_ldif.c:355 plugins/sudoers/parse_ldif.c:382 +#: plugins/sudoers/parse_ldif.c:399 plugins/sudoers/parse_ldif.c:411 +#: plugins/sudoers/parse_ldif.c:415 plugins/sudoers/parse_ldif.c:429 +#: plugins/sudoers/parse_ldif.c:597 plugins/sudoers/parse_ldif.c:627 +#: plugins/sudoers/parse_ldif.c:652 plugins/sudoers/parse_ldif.c:710 +#: plugins/sudoers/parse_ldif.c:727 plugins/sudoers/parse_ldif.c:755 +#: plugins/sudoers/parse_ldif.c:762 plugins/sudoers/policy.c:504 +#: plugins/sudoers/policy.c:836 plugins/sudoers/prompt.c:100 +#: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 +#: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 +#: plugins/sudoers/pwutil.c:586 plugins/sudoers/pwutil.c:657 +#: plugins/sudoers/pwutil.c:816 plugins/sudoers/pwutil.c:873 +#: plugins/sudoers/pwutil.c:917 plugins/sudoers/pwutil.c:975 +#: plugins/sudoers/sssd.c:154 plugins/sudoers/sssd.c:400 +#: plugins/sudoers/sssd.c:463 plugins/sudoers/sssd.c:507 +#: plugins/sudoers/sssd.c:554 plugins/sudoers/sssd.c:746 +#: plugins/sudoers/stubs.c:103 plugins/sudoers/stubs.c:111 +#: plugins/sudoers/sudoers.c:320 plugins/sudoers/sudoers.c:331 +#: plugins/sudoers/sudoers.c:341 plugins/sudoers/sudoers.c:384 +#: plugins/sudoers/sudoers.c:735 plugins/sudoers/sudoers.c:864 +#: plugins/sudoers/sudoers.c:909 plugins/sudoers/sudoers.c:1213 +#: plugins/sudoers/sudoreplay.c:555 plugins/sudoers/sudoreplay.c:558 +#: plugins/sudoers/sudoreplay.c:1219 plugins/sudoers/sudoreplay.c:1429 +#: plugins/sudoers/sudoreplay.c:1433 plugins/sudoers/testsudoers.c:136 #: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 #: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 -#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 +#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:993 #: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 -#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 -#: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 -#: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 -#: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 -#: plugins/sudoers/visudo.c:1029 plugins/sudoers/visudo.c:1118 toke.l:846 -#: toke.l:947 toke.l:1104 +#: plugins/sudoers/toke_util.c:137 plugins/sudoers/toke_util.c:165 +#: plugins/sudoers/tsdump.c:130 plugins/sudoers/visudo.c:152 +#: plugins/sudoers/visudo.c:328 plugins/sudoers/visudo.c:334 +#: plugins/sudoers/visudo.c:444 plugins/sudoers/visudo.c:622 +#: plugins/sudoers/visudo.c:942 plugins/sudoers/visudo.c:1029 +#: plugins/sudoers/visudo.c:1118 toke.l:846 toke.l:947 toke.l:1104 msgid "unable to allocate memory" msgstr "" -#: gram.y:488 +#: gram.y:500 msgid "a digest requires a path name" msgstr "" -#: gram.y:614 +#: gram.y:633 msgid "invalid notbefore value" msgstr "" -#: gram.y:622 +#: gram.y:641 msgid "invalid notafter value" msgstr "" -#: gram.y:631 plugins/sudoers/policy.c:320 +#: gram.y:650 plugins/sudoers/policy.c:319 msgid "timeout value too large" msgstr "" -#: gram.y:633 plugins/sudoers/policy.c:322 +#: gram.y:652 plugins/sudoers/policy.c:321 msgid "invalid timeout value" msgstr "" -#: gram.y:1303 plugins/sudoers/auth/pam.c:483 plugins/sudoers/auth/pam.c:670 +#: gram.y:1342 lib/iolog/iolog_fileio.c:1084 lib/iolog/iolog_json.c:127 +#: lib/iolog/iolog_json.c:289 lib/iolog/iolog_json.c:320 +#: lib/iolog/iolog_json.c:442 lib/iolog/iolog_json.c:720 +#: lib/iolog/iolog_util.c:112 lib/iolog/iolog_util.c:121 +#: lib/iolog/iolog_util.c:131 lib/iolog/iolog_util.c:139 +#: lib/iolog/iolog_util.c:143 lib/iolog/iolog_util.c:202 logsrvd/eventlog.c:223 +#: logsrvd/logsrvd.c:1174 logsrvd/logsrvd.c:1187 logsrvd/logsrvd.c:1226 +#: logsrvd/sendlog.c:1178 logsrvd/sendlog.c:1185 logsrvd/sendlog.c:1591 +#: plugins/sudoers/auth/pam.c:487 plugins/sudoers/auth/pam.c:674 #: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/cvtsudoers.c:124 #: plugins/sudoers/cvtsudoers.c:164 plugins/sudoers/cvtsudoers.c:181 #: plugins/sudoers/cvtsudoers.c:192 plugins/sudoers/cvtsudoers.c:304 #: plugins/sudoers/cvtsudoers.c:432 plugins/sudoers/cvtsudoers.c:565 #: plugins/sudoers/cvtsudoers.c:582 plugins/sudoers/cvtsudoers.c:646 #: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:768 -#: plugins/sudoers/cvtsudoers.c:1179 plugins/sudoers/cvtsudoers.c:1183 -#: plugins/sudoers/cvtsudoers.c:1285 plugins/sudoers/cvtsudoers_ldif.c:153 -#: plugins/sudoers/cvtsudoers_ldif.c:196 plugins/sudoers/cvtsudoers_ldif.c:243 -#: plugins/sudoers/cvtsudoers_ldif.c:262 plugins/sudoers/cvtsudoers_ldif.c:333 -#: plugins/sudoers/cvtsudoers_ldif.c:388 plugins/sudoers/cvtsudoers_ldif.c:396 -#: plugins/sudoers/cvtsudoers_ldif.c:413 plugins/sudoers/cvtsudoers_ldif.c:422 -#: plugins/sudoers/cvtsudoers_ldif.c:569 plugins/sudoers/defaults.c:666 -#: plugins/sudoers/defaults.c:959 plugins/sudoers/defaults.c:1130 -#: plugins/sudoers/editor.c:72 plugins/sudoers/editor.c:90 -#: plugins/sudoers/editor.c:101 plugins/sudoers/env.c:268 -#: plugins/sudoers/filedigest.c:66 plugins/sudoers/filedigest.c:82 -#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:138 -#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:943 -#: plugins/sudoers/iolog_path.c:174 plugins/sudoers/iolog_util.c:86 -#: plugins/sudoers/iolog_util.c:125 plugins/sudoers/iolog_util.c:134 -#: plugins/sudoers/iolog_util.c:144 plugins/sudoers/iolog_util.c:152 -#: plugins/sudoers/iolog_util.c:156 plugins/sudoers/ldap.c:185 -#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420 -#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723 -#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241 -#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705 -#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921 -#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038 -#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254 -#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342 -#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461 -#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591 -#: plugins/sudoers/ldap_conf.c:682 plugins/sudoers/ldap_conf.c:765 -#: plugins/sudoers/ldap_util.c:510 plugins/sudoers/ldap_util.c:567 -#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:202 -#: plugins/sudoers/logging.c:532 plugins/sudoers/logging.c:558 -#: plugins/sudoers/logging.c:598 plugins/sudoers/logging.c:1100 -#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:366 -#: plugins/sudoers/match_command.c:413 plugins/sudoers/match_command.c:485 -#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:199 +#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1187 +#: plugins/sudoers/cvtsudoers.c:1289 plugins/sudoers/cvtsudoers_json.c:82 +#: plugins/sudoers/cvtsudoers_ldif.c:153 plugins/sudoers/cvtsudoers_ldif.c:196 +#: plugins/sudoers/cvtsudoers_ldif.c:237 plugins/sudoers/cvtsudoers_ldif.c:302 +#: plugins/sudoers/cvtsudoers_ldif.c:373 plugins/sudoers/cvtsudoers_ldif.c:428 +#: plugins/sudoers/cvtsudoers_ldif.c:436 plugins/sudoers/cvtsudoers_ldif.c:453 +#: plugins/sudoers/cvtsudoers_ldif.c:462 plugins/sudoers/cvtsudoers_ldif.c:609 +#: plugins/sudoers/defaults.c:633 plugins/sudoers/defaults.c:926 +#: plugins/sudoers/defaults.c:1059 plugins/sudoers/editor.c:72 +#: plugins/sudoers/editor.c:90 plugins/sudoers/editor.c:101 +#: plugins/sudoers/env.c:268 plugins/sudoers/filedigest.c:66 +#: plugins/sudoers/filedigest.c:82 plugins/sudoers/gc.c:59 +#: plugins/sudoers/group_plugin.c:140 plugins/sudoers/interfaces.c:78 +#: plugins/sudoers/iolog.c:487 plugins/sudoers/iolog_client.c:109 +#: plugins/sudoers/iolog_client.c:219 plugins/sudoers/iolog_client.c:234 +#: plugins/sudoers/iolog_client.c:247 plugins/sudoers/iolog_client.c:380 +#: plugins/sudoers/iolog_client.c:676 plugins/sudoers/iolog_client.c:694 +#: plugins/sudoers/iolog_client.c:1174 plugins/sudoers/iolog_client.c:1403 +#: plugins/sudoers/iolog_client.c:1721 plugins/sudoers/iolog_client.c:1749 +#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416 +#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432 +#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887 +#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668 +#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786 +#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022 +#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223 +#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306 +#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446 +#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558 +#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:682 +#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:330 +#: plugins/sudoers/ldap_util.c:337 plugins/sudoers/ldap_util.c:603 +#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:200 +#: plugins/sudoers/logging.c:527 plugins/sudoers/logging.c:553 +#: plugins/sudoers/logging.c:593 plugins/sudoers/logging.c:1091 +#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:396 +#: plugins/sudoers/match_command.c:443 plugins/sudoers/match_command.c:515 +#: plugins/sudoers/match_digest.c:87 plugins/sudoers/parse.c:199 #: plugins/sudoers/parse.c:211 plugins/sudoers/parse.c:226 #: plugins/sudoers/parse.c:238 plugins/sudoers/parse_ldif.c:155 #: plugins/sudoers/parse_ldif.c:186 plugins/sudoers/parse_ldif.c:255 #: plugins/sudoers/parse_ldif.c:262 plugins/sudoers/parse_ldif.c:267 #: plugins/sudoers/parse_ldif.c:343 plugins/sudoers/parse_ldif.c:354 -#: plugins/sudoers/parse_ldif.c:360 plugins/sudoers/parse_ldif.c:385 -#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:401 -#: plugins/sudoers/parse_ldif.c:415 plugins/sudoers/parse_ldif.c:584 -#: plugins/sudoers/parse_ldif.c:613 plugins/sudoers/parse_ldif.c:638 -#: plugins/sudoers/parse_ldif.c:696 plugins/sudoers/parse_ldif.c:713 -#: plugins/sudoers/parse_ldif.c:741 plugins/sudoers/parse_ldif.c:748 -#: plugins/sudoers/policy.c:134 plugins/sudoers/policy.c:143 -#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:178 -#: plugins/sudoers/policy.c:305 plugins/sudoers/policy.c:320 -#: plugins/sudoers/policy.c:322 plugins/sudoers/policy.c:348 -#: plugins/sudoers/policy.c:358 plugins/sudoers/policy.c:402 +#: plugins/sudoers/parse_ldif.c:381 plugins/sudoers/parse_ldif.c:398 +#: plugins/sudoers/parse_ldif.c:410 plugins/sudoers/parse_ldif.c:414 +#: plugins/sudoers/parse_ldif.c:428 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:133 plugins/sudoers/policy.c:142 +#: plugins/sudoers/policy.c:151 plugins/sudoers/policy.c:177 +#: plugins/sudoers/policy.c:304 plugins/sudoers/policy.c:319 +#: plugins/sudoers/policy.c:321 plugins/sudoers/policy.c:350 +#: plugins/sudoers/policy.c:359 plugins/sudoers/policy.c:402 #: plugins/sudoers/policy.c:412 plugins/sudoers/policy.c:421 #: plugins/sudoers/policy.c:430 plugins/sudoers/policy.c:504 -#: plugins/sudoers/policy.c:750 plugins/sudoers/prompt.c:100 +#: plugins/sudoers/policy.c:836 plugins/sudoers/prompt.c:100 #: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 #: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 #: plugins/sudoers/pwutil.c:586 plugins/sudoers/pwutil.c:657 #: plugins/sudoers/pwutil.c:816 plugins/sudoers/pwutil.c:873 #: plugins/sudoers/pwutil.c:917 plugins/sudoers/pwutil.c:975 -#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 -#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 -#: plugins/sudoers/set_perms.c:1659 plugins/sudoers/sssd.c:153 +#: plugins/sudoers/set_perms.c:365 plugins/sudoers/set_perms.c:704 +#: plugins/sudoers/set_perms.c:1067 plugins/sudoers/set_perms.c:1370 +#: plugins/sudoers/set_perms.c:1535 plugins/sudoers/sssd.c:153 #: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 #: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 #: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 -#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 -#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 -#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 -#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 -#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:113 -#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 -#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 -#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 -#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 -#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 -#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:331 plugins/sudoers/sudoers.c:341 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:735 +#: plugins/sudoers/sudoers.c:864 plugins/sudoers/sudoers.c:909 +#: plugins/sudoers/sudoers.c:1213 plugins/sudoers/sudoreplay.c:555 +#: plugins/sudoers/sudoreplay.c:558 plugins/sudoers/sudoreplay.c:1219 +#: plugins/sudoers/sudoreplay.c:1429 plugins/sudoers/sudoreplay.c:1433 +#: plugins/sudoers/testsudoers.c:136 plugins/sudoers/testsudoers.c:236 +#: plugins/sudoers/testsudoers.c:253 plugins/sudoers/testsudoers.c:587 +#: plugins/sudoers/timestamp.c:439 plugins/sudoers/timestamp.c:483 +#: plugins/sudoers/timestamp.c:993 plugins/sudoers/toke_util.c:59 +#: plugins/sudoers/toke_util.c:112 plugins/sudoers/toke_util.c:136 +#: plugins/sudoers/toke_util.c:165 plugins/sudoers/tsdump.c:130 #: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 #: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 #: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 @@ -248,12 +266,541 @@ msgid "%s: %s" msgstr "" +#: lib/iolog/iolog_fileio.c:165 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "" + +#: lib/iolog/iolog_fileio.c:195 lib/iolog/iolog_fileio.c:241 +#: plugins/sudoers/timestamp.c:212 +#, c-format +msgid "unable to mkdir %s" +msgstr "" + +#: lib/iolog/iolog_fileio.c:245 plugins/sudoers/visudo.c:739 +#: plugins/sudoers/visudo.c:750 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "" + +#: lib/iolog/iolog_json.c:121 +#, c-format +msgid "expected JSON_STRING, got %d" +msgstr "" + +#: lib/iolog/iolog_json.c:312 +msgid "missing double quote in name" +msgstr "" + +#: lib/iolog/iolog_json.c:399 +#, c-format +msgid "expected JSON_OBJECT, got %d" +msgstr "" + +#: lib/iolog/iolog_json.c:448 lib/iolog/iolog_json.c:451 +#: lib/iolog/iolog_json.c:453 lib/iolog/iolog_json.c:545 logsrvd/eventlog.c:228 +#: plugins/sudoers/cvtsudoers_ldif.c:247 plugins/sudoers/cvtsudoers_ldif.c:254 +#: plugins/sudoers/cvtsudoers_ldif.c:566 plugins/sudoers/env.c:330 +#: plugins/sudoers/env.c:337 plugins/sudoers/env.c:442 +#: plugins/sudoers/iolog.c:566 plugins/sudoers/iolog.c:582 +#: plugins/sudoers/ldap.c:496 plugins/sudoers/ldap.c:727 +#: plugins/sudoers/ldap.c:1060 plugins/sudoers/ldap_conf.c:227 +#: plugins/sudoers/ldap_conf.c:317 plugins/sudoers/linux_audit.c:89 +#: plugins/sudoers/logging.c:1096 plugins/sudoers/policy.c:534 +#: plugins/sudoers/policy.c:681 plugins/sudoers/policy.c:691 +#: plugins/sudoers/prompt.c:168 plugins/sudoers/sudoers.c:931 +#: plugins/sudoers/testsudoers.c:257 plugins/sudoers/toke_util.c:177 +#, c-format +msgid "internal error, %s overflow" +msgstr "" + +#: lib/iolog/iolog_json.c:614 lib/iolog/iolog_json.c:738 +msgid "unmatched close brace" +msgstr "" + +#: lib/iolog/iolog_json.c:623 +msgid "unexpected array" +msgstr "" + +#: lib/iolog/iolog_json.c:636 lib/iolog/iolog_json.c:740 +msgid "unmatched close bracket" +msgstr "" + +#: lib/iolog/iolog_json.c:644 +msgid "unexpected string" +msgstr "" + +#: lib/iolog/iolog_json.c:654 +msgid "missing colon after name" +msgstr "" + +#: lib/iolog/iolog_json.c:665 lib/iolog/iolog_json.c:680 +#: lib/iolog/iolog_json.c:695 +msgid "unexpected boolean" +msgstr "" + +#: lib/iolog/iolog_json.c:711 +msgid "unexpected number" +msgstr "" + +#: lib/iolog/iolog_json.c:748 +#, c-format +msgid "%s:%u unable to parse \"%s\"" +msgstr "" + +#: lib/iolog/iolog_util.c:77 +#, c-format +msgid "%s: invalid log file" +msgstr "" + +#: lib/iolog/iolog_util.c:95 +#, c-format +msgid "%s: time stamp field is missing" +msgstr "" + +#: lib/iolog/iolog_util.c:101 +#, c-format +msgid "%s: time stamp %s: %s" +msgstr "" + +#: lib/iolog/iolog_util.c:108 +#, c-format +msgid "%s: user field is missing" +msgstr "" + +#: lib/iolog/iolog_util.c:117 +#, c-format +msgid "%s: runas user field is missing" +msgstr "" + +#: lib/iolog/iolog_util.c:126 +#, c-format +msgid "%s: runas group field is missing" +msgstr "" + +#: lib/iolog/iolog_util.c:425 +#, c-format +msgid "error reading timing file: %s" +msgstr "" + +#: lib/iolog/iolog_util.c:432 +#, c-format +msgid "invalid timing file line: %s" +msgstr "" + +#: logsrvd/eventlog.c:423 plugins/sudoers/logging.c:118 +#, c-format +msgid "%8s : %s" +msgstr "" + +#: logsrvd/eventlog.c:452 plugins/sudoers/logging.c:146 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "" + +#: logsrvd/iolog_writer.c:936 +msgid "log is already complete, cannot be restarted" +msgstr "" + +#: logsrvd/iolog_writer.c:967 +msgid "unable to restart log" +msgstr "" + +#: logsrvd/logsrv_util.c:98 logsrvd/logsrv_util.c:105 +#: plugins/sudoers/sudoreplay.c:355 plugins/sudoers/sudoreplay.c:361 +#, c-format +msgid "unable to open %s/%s" +msgstr "" + +#: logsrvd/logsrv_util.c:132 +#, c-format +msgid "missing I/O log file %s/%s" +msgstr "" + +#: logsrvd/logsrv_util.c:139 +#, c-format +msgid "%s/%s: unable to seek forward %zu" +msgstr "" + +#: logsrvd/logsrv_util.c:149 +#, c-format +msgid "unable to find resume point [%lld, %ld] in %s/%s" +msgstr "" + +#: logsrvd/logsrvd.c:230 logsrvd/logsrvd.c:298 logsrvd/logsrvd.c:342 +#: logsrvd/logsrvd.c:391 logsrvd/logsrvd.c:438 logsrvd/logsrvd.c:483 +#: logsrvd/logsrvd.c:509 logsrvd/logsrvd.c:535 +msgid "state machine error" +msgstr "" + +#: logsrvd/logsrvd.c:239 +msgid "invalid AcceptMessage" +msgstr "" + +#: logsrvd/logsrvd.c:250 +msgid "error parsing AcceptMessage" +msgstr "" + +#: logsrvd/logsrvd.c:257 +msgid "error creating I/O log" +msgstr "" + +#: logsrvd/logsrvd.c:264 +msgid "error logging accept event" +msgstr "" + +#: logsrvd/logsrvd.c:307 +msgid "invalid RejectMessage" +msgstr "" + +#: logsrvd/logsrvd.c:318 +msgid "error parsing RejectMessage" +msgstr "" + +#: logsrvd/logsrvd.c:324 +msgid "error logging reject event" +msgstr "" + +#: logsrvd/logsrvd.c:423 +msgid "error logging alert event" +msgstr "" + +#: logsrvd/logsrvd.c:448 +msgid "error writing IoBuffer" +msgstr "" + +#: logsrvd/logsrvd.c:494 +msgid "error writing ChangeWindowSize" +msgstr "" + +#: logsrvd/logsrvd.c:520 +msgid "error writing CommandSuspend" +msgstr "" + +#: logsrvd/logsrvd.c:605 +msgid "unrecognized ClientMessage type" +msgstr "" + +#: logsrvd/logsrvd.c:865 +msgid "client message too large" +msgstr "" + +#: logsrvd/logsrvd.c:1091 logsrvd/logsrvd.c:1099 +#, c-format +msgid "unable to set TLS 1.2 ciphersuite to %s: %s" +msgstr "" + +#: logsrvd/logsrvd.c:1119 logsrvd/logsrvd.c:1127 +#, c-format +msgid "unable to set TLS 1.3 ciphersuite to %s: %s" +msgstr "" + +#: logsrvd/logsrvd.c:1163 +#, c-format +msgid "unable to get TLS server method: %s" +msgstr "" + +#: logsrvd/logsrvd.c:1168 +#, c-format +msgid "unable to create TLS context: %s" +msgstr "" + +#: logsrvd/logsrvd.c:1175 plugins/sudoers/iolog_client.c:235 +#, c-format +msgid "unable to load certificate %s" +msgstr "" + +#: logsrvd/logsrvd.c:1188 plugins/sudoers/iolog_client.c:221 +#, c-format +msgid "unable to load certificate authority bundle %s" +msgstr "" + +#: logsrvd/logsrvd.c:1227 plugins/sudoers/iolog_client.c:248 +#, c-format +msgid "unable to load private key %s" +msgstr "" + +#: logsrvd/logsrvd.c:1244 logsrvd/logsrvd.c:1253 +#, c-format +msgid "unable to set diffie-hellman parameters: %s" +msgstr "" + +#: logsrvd/logsrvd.c:1266 +#, c-format +msgid "unable to set minimum protocol version to TLS 1.2: %s" +msgstr "" + +#: logsrvd/logsrvd.c:1451 +msgid "unable to get remote IP addr" +msgstr "" + +#: logsrvd/logsrvd.c:1479 plugins/sudoers/iolog_client.c:262 +#, c-format +msgid "Unable to attach user data to the ssl object: %s" +msgstr "" + +#: logsrvd/logsrvd.c:1487 logsrvd/logsrvd.c:1609 logsrvd/logsrvd.c:1709 +#: logsrvd/sendlog.c:983 logsrvd/sendlog.c:1338 logsrvd/sendlog.c:1353 +#: logsrvd/sendlog.c:1411 plugins/sudoers/iolog.c:910 +#: plugins/sudoers/iolog.c:1043 plugins/sudoers/iolog.c:1141 +#: plugins/sudoers/iolog_client.c:113 plugins/sudoers/iolog_client.c:323 +#: plugins/sudoers/iolog_client.c:339 plugins/sudoers/iolog_client.c:385 +#: plugins/sudoers/iolog_client.c:565 plugins/sudoers/iolog_client.c:572 +#: plugins/sudoers/iolog_client.c:1148 plugins/sudoers/iolog_client.c:1184 +#: plugins/sudoers/iolog_client.c:1192 plugins/sudoers/iolog_client.c:1252 +#: plugins/sudoers/iolog_client.c:1359 plugins/sudoers/iolog_client.c:1475 +#: plugins/sudoers/iolog_client.c:1757 plugins/sudoers/iolog_client.c:1765 +#: plugins/sudoers/sudoreplay.c:515 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:751 plugins/sudoers/sudoreplay.c:863 +#: plugins/sudoers/sudoreplay.c:953 plugins/sudoers/sudoreplay.c:968 +#: plugins/sudoers/sudoreplay.c:975 plugins/sudoers/sudoreplay.c:982 +#: plugins/sudoers/sudoreplay.c:989 plugins/sudoers/sudoreplay.c:996 +#: plugins/sudoers/sudoreplay.c:1123 +msgid "unable to add event to queue" +msgstr "" + +#: logsrvd/logsrvd.c:1663 logsrvd/logsrvd.c:1897 +msgid "unable setup listen socket" +msgstr "" + +#: logsrvd/logsrvd.c:1803 logsrvd/sendlog.c:122 +#, c-format +msgid "" +"%s - send sudo I/O log to remote server\n" +"\n" +msgstr "" + +#: logsrvd/logsrvd.c:1806 +msgid "" +"\n" +"Options:\n" +" -f, --file path to configuration file\n" +" -h --help display help message and exit\n" +" -n, --no-fork do not fork, run in the foreground\n" +" -R, --random-drop percent chance connections will drop\n" +" -V, --version display version information and exit\n" +msgstr "" + +#: logsrvd/logsrvd.c:1858 logsrvd/sendlog.c:1570 +msgid "Protobuf-C version 1.3 or higher required" +msgstr "" + +#: logsrvd/logsrvd.c:1876 +#, c-format +msgid "invalid random drop value: %s" +msgstr "" + +#: logsrvd/logsrvd.c:1880 logsrvd/sendlog.c:1614 +#: plugins/sudoers/cvtsudoers.c:233 plugins/sudoers/sudoreplay.c:302 +#: plugins/sudoers/visudo.c:184 +#, c-format +msgid "%s version %s\n" +msgstr "" + +#: logsrvd/logsrvd_conf.c:393 +msgid "TLS not supported" +msgstr "" + +#: logsrvd/logsrvd_conf.c:405 +#, c-format +msgid "%s:%s" +msgstr "" + +#: logsrvd/logsrvd_conf.c:471 logsrvd/logsrvd_conf.c:715 +#, c-format +msgid "%s: not a fully qualified path" +msgstr "" + +#: logsrvd/logsrvd_conf.c:829 +#, c-format +msgid "%s:%d unmatched '[': %s" +msgstr "" + +#: logsrvd/logsrvd_conf.c:840 +#, c-format +msgid "%s:%d invalid config section: %s" +msgstr "" + +#: logsrvd/logsrvd_conf.c:848 +#, c-format +msgid "%s:%d invalid configuration line: %s" +msgstr "" + +#: logsrvd/logsrvd_conf.c:854 +#, c-format +msgid "%s:%d expected section name: %s" +msgstr "" + +#: logsrvd/logsrvd_conf.c:868 +#, c-format +msgid "invalid value for %s: %s" +msgstr "" + +#: logsrvd/logsrvd_conf.c:876 +#, c-format +msgid "%s:%d unknown key: %s" +msgstr "" + +#: logsrvd/logsrvd_conf.c:1024 +#, c-format +msgid "unknown syslog facility %s" +msgstr "" + +#: logsrvd/logsrvd_conf.c:1028 logsrvd/logsrvd_conf.c:1032 +#: logsrvd/logsrvd_conf.c:1036 +#, c-format +msgid "unknown syslog priority %s" +msgstr "" + +#: logsrvd/sendlog.c:125 +msgid "" +"\n" +"Options:\n" +" --help display help message and exit\n" +" -h, --host host to send logs to\n" +" -i, --iolog_id remote ID of I/O log to be resumed\n" +" -p, --port port to use when connecting to host\n" +" -r, --restart restart previous I/O log transfer\n" +" -t, --test test audit server by sending selected I/O log n " +"times in parallel\n" +" -b, --ca-bundle certificate bundle file to verify server's cert " +"against\n" +" -c, --cert certificate file for TLS handshake\n" +" -k, --key private key file\n" +" -V, --version display version information and exit\n" +msgstr "" + +#: logsrvd/sendlog.c:159 plugins/sudoers/iolog_client.c:431 +#, c-format +msgid "unable to look up %s:%s: %s" +msgstr "" + +#: logsrvd/sendlog.c:182 +msgid "unable to get server IP addr" +msgstr "" + +#: logsrvd/sendlog.c:236 plugins/sudoers/sudoreplay.c:811 +#, c-format +msgid "unable to read %s/%s: %s" +msgstr "" + +#: logsrvd/sendlog.c:257 plugins/sudoers/iolog_client.c:682 +#, c-format +msgid "client message too large: %zu" +msgstr "" + +#: logsrvd/sendlog.c:681 +#, c-format +msgid "%s: write buffer already in use" +msgstr "" + +#: logsrvd/sendlog.c:733 plugins/sudoers/iolog.c:834 +#: plugins/sudoers/iolog.c:903 +#, c-format +msgid "unexpected I/O event %d" +msgstr "" + +#: logsrvd/sendlog.c:769 logsrvd/sendlog.c:786 logsrvd/sendlog.c:820 +#: plugins/sudoers/iolog_client.c:1153 plugins/sudoers/iolog_client.c:1223 +#: plugins/sudoers/iolog_client.c:1271 +#, c-format +msgid "%s: unexpected state %d" +msgstr "" + +#: logsrvd/sendlog.c:792 plugins/sudoers/iolog_client.c:1229 +msgid "invalid ServerHello" +msgstr "" + +#: logsrvd/sendlog.c:856 plugins/sudoers/iolog_client.c:1315 +#, c-format +msgid "error message received from server: %s" +msgstr "" + +#: logsrvd/sendlog.c:869 plugins/sudoers/iolog_client.c:1328 +#, c-format +msgid "abort message received from server: %s" +msgstr "" + +#: logsrvd/sendlog.c:888 plugins/sudoers/iolog_client.c:1347 +msgid "unable to unpack ServerMessage" +msgstr "" + +#: logsrvd/sendlog.c:925 plugins/sudoers/iolog_client.c:1380 +#, c-format +msgid "%s: unexpected type_case value %d" +msgstr "" + +#: logsrvd/sendlog.c:954 +msgid "timeout reading from server" +msgstr "" + +#: logsrvd/sendlog.c:1031 +msgid "premature EOF" +msgstr "" + +#: logsrvd/sendlog.c:1044 plugins/sudoers/iolog_client.c:1534 +#, c-format +msgid "server message too large: %u" +msgstr "" + +#: logsrvd/sendlog.c:1095 +msgid "timeout writing to server" +msgstr "" + +#: logsrvd/sendlog.c:1314 plugins/sudoers/iolog_client.c:295 +msgid "TLS handshake timeout occurred" +msgstr "" + +#: logsrvd/sendlog.c:1333 logsrvd/sendlog.c:1348 +#: plugins/sudoers/iolog_client.c:317 plugins/sudoers/iolog_client.c:333 +msgid "unable to set event" +msgstr "" + +#: logsrvd/sendlog.c:1358 logsrvd/sendlog.c:1362 +#, c-format +msgid "TLS connection failed: %s" +msgstr "" + +#: logsrvd/sendlog.c:1395 +#, c-format +msgid "Unable to initialize ssl context: %s" +msgstr "" + +#: logsrvd/sendlog.c:1400 plugins/sudoers/iolog_client.c:257 +#, c-format +msgid "Unable to allocate ssl object: %s" +msgstr "" + +#: logsrvd/sendlog.c:1405 +#, c-format +msgid "Unable to attach socket to the ssl object: %s" +msgstr "" + +#: logsrvd/sendlog.c:1637 +msgid "both restart point and iolog ID must be specified" +msgstr "" + +#: logsrvd/sendlog.c:1712 +#, c-format +msgid "exited prematurely with state %d" +msgstr "" + +#: logsrvd/sendlog.c:1713 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "" + +#: logsrvd/sendlog.c:1715 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "" + #: plugins/sudoers/alias.c:151 #, c-format msgid "Alias \"%s\" already defined" msgstr "" -#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:801 +#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:792 msgid "unable to fork" msgstr "" @@ -357,35 +904,35 @@ msgid "unable to initialize PAM: %s" msgstr "" -#: plugins/sudoers/auth/pam.c:319 +#: plugins/sudoers/auth/pam.c:322 #, c-format msgid "PAM authentication error: %s" msgstr "" -#: plugins/sudoers/auth/pam.c:338 +#: plugins/sudoers/auth/pam.c:341 msgid "account validation failure, is your account locked?" msgstr "" -#: plugins/sudoers/auth/pam.c:349 +#: plugins/sudoers/auth/pam.c:352 msgid "Account or password is expired, reset your password and try again" msgstr "" -#: plugins/sudoers/auth/pam.c:355 +#: plugins/sudoers/auth/pam.c:358 #, c-format msgid "unable to change expired password: %s" msgstr "" -#: plugins/sudoers/auth/pam.c:366 +#: plugins/sudoers/auth/pam.c:369 msgid "Password expired, contact your system administrator" msgstr "" -#: plugins/sudoers/auth/pam.c:371 +#: plugins/sudoers/auth/pam.c:374 msgid "" "Account expired or PAM config lacks an \"account\" section for sudo, contact " "your system administrator" msgstr "" -#: plugins/sudoers/auth/pam.c:379 plugins/sudoers/auth/pam.c:384 +#: plugins/sudoers/auth/pam.c:382 plugins/sudoers/auth/pam.c:387 #, c-format msgid "PAM account management error: %s" msgstr "" @@ -467,7 +1014,7 @@ msgid "unable to commit audit record" msgstr "" -#: plugins/sudoers/check.c:269 +#: plugins/sudoers/check.c:264 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -479,15 +1026,16 @@ "\n" msgstr "" -#: plugins/sudoers/check.c:312 plugins/sudoers/check.c:322 -#: plugins/sudoers/sudoers.c:700 plugins/sudoers/sudoers.c:748 +#: plugins/sudoers/check.c:307 plugins/sudoers/check.c:317 +#: plugins/sudoers/sudoers.c:778 plugins/sudoers/sudoers.c:826 #: plugins/sudoers/tsdump.c:126 #, c-format msgid "unknown uid: %u" msgstr "" -#: plugins/sudoers/check.c:317 plugins/sudoers/iolog.c:255 -#: plugins/sudoers/policy.c:921 plugins/sudoers/sudoers.c:1163 +#: plugins/sudoers/check.c:312 plugins/sudoers/iolog.c:121 +#: plugins/sudoers/policy.c:1047 plugins/sudoers/sudoers.c:391 +#: plugins/sudoers/sudoers.c:393 plugins/sudoers/sudoers.c:1255 #: plugins/sudoers/testsudoers.c:227 plugins/sudoers/testsudoers.c:400 #, c-format msgid "unknown user: %s" @@ -508,12 +1056,6 @@ msgid "order padding: %s: %s" msgstr "" -#: plugins/sudoers/cvtsudoers.c:233 plugins/sudoers/sudoreplay.c:289 -#: plugins/sudoers/visudo.c:184 -#, c-format -msgid "%s version %s\n" -msgstr "" - #: plugins/sudoers/cvtsudoers.c:235 plugins/sudoers/visudo.c:186 #, c-format msgid "%s grammar version %d\n" @@ -534,7 +1076,7 @@ msgid "%s: input and output files must be different" msgstr "" -#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:176 +#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:185 #: plugins/sudoers/testsudoers.c:266 plugins/sudoers/visudo.c:254 #: plugins/sudoers/visudo.c:610 plugins/sudoers/visudo.c:933 msgid "unable to initialize sudoers default values" @@ -566,12 +1108,10 @@ msgstr "" #: plugins/sudoers/cvtsudoers.c:622 plugins/sudoers/cvtsudoers.c:639 -#: plugins/sudoers/cvtsudoers.c:1245 plugins/sudoers/cvtsudoers_json.c:1130 -#: plugins/sudoers/cvtsudoers_ldif.c:643 plugins/sudoers/iolog.c:413 -#: plugins/sudoers/iolog_util.c:75 plugins/sudoers/sudoers.c:914 -#: plugins/sudoers/sudoreplay.c:338 plugins/sudoers/sudoreplay.c:1431 -#: plugins/sudoers/timestamp.c:448 plugins/sudoers/tsdump.c:135 -#: plugins/sudoers/visudo.c:929 +#: plugins/sudoers/cvtsudoers.c:1249 plugins/sudoers/cvtsudoers_json.c:868 +#: plugins/sudoers/cvtsudoers_ldif.c:683 plugins/sudoers/sudoers.c:1001 +#: plugins/sudoers/sudoreplay.c:1395 plugins/sudoers/timestamp.c:448 +#: plugins/sudoers/tsdump.c:135 plugins/sudoers/visudo.c:929 #, c-format msgid "unable to open %s" msgstr "" @@ -591,21 +1131,20 @@ msgid "parse error in %s\n" msgstr "" -#: plugins/sudoers/cvtsudoers.c:1292 plugins/sudoers/iolog.c:500 -#: plugins/sudoers/sudoreplay.c:1135 plugins/sudoers/timestamp.c:332 -#: plugins/sudoers/timestamp.c:335 +#: plugins/sudoers/cvtsudoers.c:1296 plugins/sudoers/sudoreplay.c:1084 +#: plugins/sudoers/timestamp.c:332 plugins/sudoers/timestamp.c:335 #, c-format msgid "unable to write to %s" msgstr "" -#: plugins/sudoers/cvtsudoers.c:1315 +#: plugins/sudoers/cvtsudoers.c:1319 #, c-format msgid "" "%s - convert between sudoers file formats\n" "\n" msgstr "" -#: plugins/sudoers/cvtsudoers.c:1317 +#: plugins/sudoers/cvtsudoers.c:1321 msgid "" "\n" "Options:\n" @@ -627,43 +1166,30 @@ " -V, --version display version information and exit" msgstr "" -#: plugins/sudoers/cvtsudoers_json.c:684 plugins/sudoers/cvtsudoers_json.c:720 -#: plugins/sudoers/cvtsudoers_json.c:938 +#: plugins/sudoers/cvtsudoers_json.c:487 plugins/sudoers/cvtsudoers_json.c:521 +#: plugins/sudoers/cvtsudoers_json.c:709 #, c-format msgid "unknown defaults entry \"%s\"" msgstr "" -#: plugins/sudoers/cvtsudoers_json.c:858 plugins/sudoers/cvtsudoers_json.c:873 -#: plugins/sudoers/cvtsudoers_ldif.c:308 plugins/sudoers/cvtsudoers_ldif.c:319 +#: plugins/sudoers/cvtsudoers_json.c:647 plugins/sudoers/cvtsudoers_json.c:660 +#: plugins/sudoers/cvtsudoers_ldif.c:348 plugins/sudoers/cvtsudoers_ldif.c:359 #: plugins/sudoers/ldap.c:482 msgid "unable to get GMT time" msgstr "" -#: plugins/sudoers/cvtsudoers_json.c:861 plugins/sudoers/cvtsudoers_json.c:876 -#: plugins/sudoers/cvtsudoers_ldif.c:311 plugins/sudoers/cvtsudoers_ldif.c:322 +#: plugins/sudoers/cvtsudoers_json.c:650 plugins/sudoers/cvtsudoers_json.c:663 +#: plugins/sudoers/cvtsudoers_ldif.c:351 plugins/sudoers/cvtsudoers_ldif.c:362 #: plugins/sudoers/ldap.c:488 msgid "unable to format timestamp" msgstr "" -#: plugins/sudoers/cvtsudoers_ldif.c:526 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:337 plugins/sudoers/env.c:442 -#: plugins/sudoers/ldap.c:496 plugins/sudoers/ldap.c:727 -#: plugins/sudoers/ldap.c:1060 plugins/sudoers/ldap_conf.c:227 -#: plugins/sudoers/ldap_conf.c:317 plugins/sudoers/linux_audit.c:89 -#: plugins/sudoers/logging.c:1105 plugins/sudoers/policy.c:625 -#: plugins/sudoers/policy.c:635 plugins/sudoers/prompt.c:168 -#: plugins/sudoers/sudoers.c:852 plugins/sudoers/testsudoers.c:257 -#: plugins/sudoers/toke_util.c:161 -#, c-format -msgid "internal error, %s overflow" -msgstr "" - -#: plugins/sudoers/cvtsudoers_ldif.c:595 +#: plugins/sudoers/cvtsudoers_ldif.c:635 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "" -#: plugins/sudoers/cvtsudoers_ldif.c:638 +#: plugins/sudoers/cvtsudoers_ldif.c:678 msgid "" "the SUDOERS_BASE environment variable is not set and the -b option was not " "specified." @@ -1077,7 +1603,7 @@ #: plugins/sudoers/def_data.c:406 #, c-format -msgid "Maximum I/O log sequence number: %u" +msgid "Maximum I/O log sequence number: %s" msgstr "" #: plugins/sudoers/def_data.c:410 @@ -1192,62 +1718,111 @@ msgid "Log when a command is denied by sudoers" msgstr "" -#: plugins/sudoers/defaults.c:231 +#: plugins/sudoers/def_data.c:510 +msgid "Sudo log server(s) to connect to with optional port" +msgstr "" + +#: plugins/sudoers/def_data.c:514 +#, c-format +msgid "Sudo log server timeout in seconds: %u" +msgstr "" + +#: plugins/sudoers/def_data.c:518 +msgid "" +"Enable SO_KEEPALIVE socket option on the socket connected to the logserver" +msgstr "" + +#: plugins/sudoers/def_data.c:522 +#, c-format +msgid "Path to the audit server's CA bundle file: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:526 +#, c-format +msgid "Path to the sudoers certificate file: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:530 +#, c-format +msgid "Path to the sudoers private key file: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:534 +msgid "Verify that the log server's certificate is valid" +msgstr "" + +#: plugins/sudoers/def_data.c:538 +msgid "Allow the use of unknown runas user and/or group ID" +msgstr "" + +#: plugins/sudoers/def_data.c:542 +msgid "Only permit running commands as a user with a valid shell" +msgstr "" + +#: plugins/sudoers/def_data.c:546 +msgid "Set the pam remote user to the user running sudo" +msgstr "" + +#: plugins/sudoers/def_data.c:550 +msgid "Set the pam remote host to the local host name" +msgstr "" + +#: plugins/sudoers/defaults.c:190 #, c-format msgid "%s:%d unknown defaults entry \"%s\"" msgstr "" -#: plugins/sudoers/defaults.c:234 +#: plugins/sudoers/defaults.c:193 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "" -#: plugins/sudoers/defaults.c:277 +#: plugins/sudoers/defaults.c:236 #, c-format msgid "%s:%d no value specified for \"%s\"" msgstr "" -#: plugins/sudoers/defaults.c:280 +#: plugins/sudoers/defaults.c:239 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "" -#: plugins/sudoers/defaults.c:300 +#: plugins/sudoers/defaults.c:259 #, c-format msgid "%s:%d values for \"%s\" must start with a '/'" msgstr "" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:262 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "" -#: plugins/sudoers/defaults.c:325 +#: plugins/sudoers/defaults.c:284 #, c-format msgid "%s:%d option \"%s\" does not take a value" msgstr "" -#: plugins/sudoers/defaults.c:328 +#: plugins/sudoers/defaults.c:287 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "" -#: plugins/sudoers/defaults.c:353 +#: plugins/sudoers/defaults.c:312 #, c-format msgid "%s:%d invalid Defaults type 0x%x for option \"%s\"" msgstr "" -#: plugins/sudoers/defaults.c:356 +#: plugins/sudoers/defaults.c:315 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "" -#: plugins/sudoers/defaults.c:366 +#: plugins/sudoers/defaults.c:325 #, c-format msgid "%s:%d value \"%s\" is invalid for option \"%s\"" msgstr "" -#: plugins/sudoers/defaults.c:369 +#: plugins/sudoers/defaults.c:328 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "" @@ -1256,11 +1831,11 @@ msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "" -#: plugins/sudoers/env.c:1132 +#: plugins/sudoers/env.c:1138 msgid "unable to rebuild the environment" msgstr "" -#: plugins/sudoers/env.c:1206 +#: plugins/sudoers/env.c:1212 #, c-format msgid "" "sorry, you are not allowed to set the following environment variables: %s" @@ -1286,27 +1861,27 @@ msgid "%s: read error" msgstr "" -#: plugins/sudoers/group_plugin.c:90 +#: plugins/sudoers/group_plugin.c:91 #, c-format msgid "%s must be owned by uid %d" msgstr "" -#: plugins/sudoers/group_plugin.c:94 +#: plugins/sudoers/group_plugin.c:95 #, c-format msgid "%s must only be writable by owner" msgstr "" -#: plugins/sudoers/group_plugin.c:102 plugins/sudoers/sssd.c:562 +#: plugins/sudoers/group_plugin.c:104 plugins/sudoers/sssd.c:562 #, c-format msgid "unable to load %s: %s" msgstr "" -#: plugins/sudoers/group_plugin.c:108 +#: plugins/sudoers/group_plugin.c:110 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "" -#: plugins/sudoers/group_plugin.c:113 +#: plugins/sudoers/group_plugin.c:115 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "" @@ -1325,86 +1900,89 @@ msgid "Local IP address and netmask pairs:\n" msgstr "" -#: plugins/sudoers/iolog.c:117 plugins/sudoers/mkdir_parents.c:82 +#: plugins/sudoers/iolog.c:146 plugins/sudoers/sudoers.c:398 +#: plugins/sudoers/sudoers.c:400 plugins/sudoers/sudoers.c:1289 +#: plugins/sudoers/testsudoers.c:424 #, c-format -msgid "%s exists but is not a directory (0%o)" +msgid "unknown group: %s" msgstr "" -#: plugins/sudoers/iolog.c:142 plugins/sudoers/iolog.c:182 -#: plugins/sudoers/mkdir_parents.c:71 plugins/sudoers/timestamp.c:212 +#: plugins/sudoers/iolog.c:521 plugins/sudoers/iolog.c:796 +#: plugins/sudoers/iolog.c:948 plugins/sudoers/iolog.c:955 +#: plugins/sudoers/iolog.c:1076 plugins/sudoers/iolog.c:1083 +#: plugins/sudoers/iolog.c:1182 plugins/sudoers/iolog.c:1189 #, c-format -msgid "unable to mkdir %s" +msgid "unable to write to I/O log file: %s" msgstr "" -#: plugins/sudoers/iolog.c:186 plugins/sudoers/visudo.c:739 -#: plugins/sudoers/visudo.c:750 -#, c-format -msgid "unable to change mode of %s to 0%o" +#: plugins/sudoers/iolog.c:571 +msgid "unable to update sequence file" msgstr "" -#: plugins/sudoers/iolog.c:294 plugins/sudoers/sudoers.c:1194 -#: plugins/sudoers/testsudoers.c:424 +#: plugins/sudoers/iolog.c:610 #, c-format -msgid "unknown group: %s" +msgid "unable to create %s/%s" msgstr "" -#: plugins/sudoers/iolog.c:464 plugins/sudoers/sudoers.c:918 -#: plugins/sudoers/sudoreplay.c:846 plugins/sudoers/sudoreplay.c:1542 -#: plugins/sudoers/tsdump.c:145 -#, c-format -msgid "unable to read %s" +#: plugins/sudoers/iolog.c:639 +msgid "unable to connect to log server" msgstr "" -#: plugins/sudoers/iolog.c:579 plugins/sudoers/iolog.c:801 +#: plugins/sudoers/iolog.c:840 #, c-format -msgid "unable to create %s" +msgid "%s: internal error, I/O log file for event %d not open" msgstr "" -#: plugins/sudoers/iolog.c:824 plugins/sudoers/iolog.c:1039 -#: plugins/sudoers/iolog.c:1115 plugins/sudoers/iolog.c:1209 -#: plugins/sudoers/iolog.c:1270 -#, c-format -msgid "unable to write to I/O log file: %s" +#: plugins/sudoers/iolog.c:933 plugins/sudoers/iolog.c:1061 +#: plugins/sudoers/iolog.c:1166 plugins/sudoers/timestamp.c:862 +#: plugins/sudoers/timestamp.c:954 plugins/sudoers/visudo.c:498 +#: plugins/sudoers/visudo.c:504 +msgid "unable to read the clock" msgstr "" -#: plugins/sudoers/iolog.c:1073 +#: plugins/sudoers/iolog.c:1158 plugins/sudoers/iolog_client.c:975 #, c-format -msgid "%s: internal error, I/O log file for event %d not open" +msgid "%s: internal error, invalid signal %d" msgstr "" -#: plugins/sudoers/iolog.c:1233 -#, c-format -msgid "%s: internal error, invalid signal %d" +#: plugins/sudoers/iolog_client.c:117 plugins/sudoers/iolog_client.c:390 +#: plugins/sudoers/iolog_client.c:1198 plugins/sudoers/iolog_client.c:1773 +msgid "error in event loop" msgstr "" -#: plugins/sudoers/iolog_util.c:90 +#: plugins/sudoers/iolog_client.c:198 #, c-format -msgid "%s: invalid log file" +msgid "Creation of new SSL_CTX object failed: %s" msgstr "" -#: plugins/sudoers/iolog_util.c:108 +#: plugins/sudoers/iolog_client.c:344 plugins/sudoers/iolog_client.c:349 #, c-format -msgid "%s: time stamp field is missing" +msgid "TLS connection to %s:%s failed: %s" msgstr "" -#: plugins/sudoers/iolog_util.c:114 -#, c-format -msgid "%s: time stamp %s: %s" +#: plugins/sudoers/iolog_client.c:494 +msgid "TLS initialization was unsuccessful" msgstr "" -#: plugins/sudoers/iolog_util.c:121 -#, c-format -msgid "%s: user field is missing" +#: plugins/sudoers/iolog_client.c:503 +msgid "TLS handshake was unsuccessful" msgstr "" -#: plugins/sudoers/iolog_util.c:130 -#, c-format -msgid "%s: runas user field is missing" +#: plugins/sudoers/iolog_client.c:765 plugins/sudoers/iolog_client.c:957 +msgid "unable to get time of day" msgstr "" -#: plugins/sudoers/iolog_util.c:139 +#: plugins/sudoers/iolog_client.c:984 #, c-format -msgid "%s: runas group field is missing" +msgid "%s: internal error, invalid exit status %d" +msgstr "" + +#: plugins/sudoers/iolog_client.c:1521 +msgid "lost connection to log server" +msgstr "" + +#: plugins/sudoers/iolog_client.c:1598 +msgid "missing write buffer" msgstr "" #: plugins/sudoers/ldap.c:178 plugins/sudoers/ldap_conf.c:296 @@ -1432,7 +2010,7 @@ "ldap_start_tls_s_np()" msgstr "" -#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:734 +#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:747 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "" @@ -1450,7 +2028,7 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "" -#: plugins/sudoers/ldap_util.c:456 plugins/sudoers/ldap_util.c:458 +#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "" @@ -1463,132 +2041,108 @@ msgid "unable to send audit message" msgstr "" -#: plugins/sudoers/logging.c:120 -#, c-format -msgid "%8s : %s" -msgstr "" - -#: plugins/sudoers/logging.c:148 -#, c-format -msgid "%8s : (command continued) %s" -msgstr "" - -#: plugins/sudoers/logging.c:177 +#: plugins/sudoers/logging.c:175 #, c-format msgid "unable to open log file: %s" msgstr "" -#: plugins/sudoers/logging.c:185 +#: plugins/sudoers/logging.c:183 #, c-format msgid "unable to lock log file: %s" msgstr "" -#: plugins/sudoers/logging.c:218 +#: plugins/sudoers/logging.c:216 #, c-format msgid "unable to write log file: %s" msgstr "" -#: plugins/sudoers/logging.c:248 -msgid "No user or host" -msgstr "" - -#: plugins/sudoers/logging.c:250 -msgid "validation failure" -msgstr "" - -#: plugins/sudoers/logging.c:261 +#: plugins/sudoers/logging.c:249 msgid "user NOT in sudoers" msgstr "" -#: plugins/sudoers/logging.c:263 +#: plugins/sudoers/logging.c:251 msgid "user NOT authorized on host" msgstr "" -#: plugins/sudoers/logging.c:265 +#: plugins/sudoers/logging.c:253 msgid "command not allowed" msgstr "" -#: plugins/sudoers/logging.c:301 +#: plugins/sudoers/logging.c:296 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "" -#: plugins/sudoers/logging.c:304 +#: plugins/sudoers/logging.c:299 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "" -#: plugins/sudoers/logging.c:308 +#: plugins/sudoers/logging.c:303 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "" -#: plugins/sudoers/logging.c:311 +#: plugins/sudoers/logging.c:306 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "" -#: plugins/sudoers/logging.c:348 plugins/sudoers/sudoers.c:442 -#: plugins/sudoers/sudoers.c:444 plugins/sudoers/sudoers.c:446 -#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:603 -#: plugins/sudoers/sudoers.c:605 +#: plugins/sudoers/logging.c:343 plugins/sudoers/sudoers.c:518 +#: plugins/sudoers/sudoers.c:520 plugins/sudoers/sudoers.c:522 +#: plugins/sudoers/sudoers.c:524 plugins/sudoers/sudoers.c:675 +#: plugins/sudoers/sudoers.c:677 #, c-format msgid "%s: command not found" msgstr "" -#: plugins/sudoers/logging.c:350 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/logging.c:345 plugins/sudoers/sudoers.c:514 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" "Use \"sudo ./%s\" if this is the \"%s\" you wish to run." msgstr "" -#: plugins/sudoers/logging.c:367 +#: plugins/sudoers/logging.c:362 msgid "authentication failure" msgstr "" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:388 msgid "a password is required" msgstr "" -#: plugins/sudoers/logging.c:463 +#: plugins/sudoers/logging.c:458 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "" msgstr[1] "" -#: plugins/sudoers/logging.c:728 +#: plugins/sudoers/logging.c:722 #, c-format msgid "unable to dup stdin: %m" msgstr "" -#: plugins/sudoers/logging.c:768 +#: plugins/sudoers/logging.c:759 #, c-format msgid "unable to execute %s: %m" msgstr "" -#: plugins/sudoers/logging.c:809 plugins/sudoers/logging.c:865 +#: plugins/sudoers/logging.c:800 plugins/sudoers/logging.c:856 #, c-format msgid "unable to fork: %m" msgstr "" -#: plugins/sudoers/logging.c:855 +#: plugins/sudoers/logging.c:846 #, c-format msgid "unable to open pipe: %m" msgstr "" -#: plugins/sudoers/match_digest.c:103 +#: plugins/sudoers/match_digest.c:123 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "" -#: plugins/sudoers/mkdir_parents.c:77 plugins/sudoers/sudoers.c:943 -#: plugins/sudoers/visudo.c:437 plugins/sudoers/visudo.c:733 -#, c-format -msgid "unable to stat %s" -msgstr "" - #: plugins/sudoers/parse.c:449 #, c-format msgid "" @@ -1643,22 +2197,22 @@ msgid "User %s is not allowed to run sudo on %s.\n" msgstr "" -#: plugins/sudoers/parse_ldif.c:604 +#: plugins/sudoers/parse_ldif.c:617 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "" -#: plugins/sudoers/parse_ldif.c:664 +#: plugins/sudoers/parse_ldif.c:677 #, c-format msgid "invalid LDIF attribute: %s" msgstr "" -#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:116 +#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:115 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "" -#: plugins/sudoers/policy.c:295 plugins/sudoers/testsudoers.c:280 +#: plugins/sudoers/policy.c:294 plugins/sudoers/testsudoers.c:280 msgid "unable to parse network address list" msgstr "" @@ -1678,45 +2232,45 @@ msgid "host name not set by sudo front-end" msgstr "" -#: plugins/sudoers/policy.c:808 plugins/sudoers/visudo.c:236 +#: plugins/sudoers/policy.c:905 plugins/sudoers/visudo.c:236 #: plugins/sudoers/visudo.c:867 #, c-format msgid "unable to execute %s" msgstr "" -#: plugins/sudoers/policy.c:939 +#: plugins/sudoers/policy.c:1070 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "" -#: plugins/sudoers/policy.c:941 +#: plugins/sudoers/policy.c:1072 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "" -#: plugins/sudoers/policy.c:945 +#: plugins/sudoers/policy.c:1076 #, c-format msgid "" "\n" "Sudoers path: %s\n" msgstr "" -#: plugins/sudoers/policy.c:948 +#: plugins/sudoers/policy.c:1079 #, c-format msgid "nsswitch path: %s\n" msgstr "" -#: plugins/sudoers/policy.c:950 +#: plugins/sudoers/policy.c:1081 #, c-format msgid "ldap.conf path: %s\n" msgstr "" -#: plugins/sudoers/policy.c:951 +#: plugins/sudoers/policy.c:1082 #, c-format msgid "ldap.secret path: %s\n" msgstr "" -#: plugins/sudoers/policy.c:984 +#: plugins/sudoers/policy.c:1115 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "" @@ -1785,48 +2339,48 @@ msgid "unable to parse gids for %s" msgstr "" -#: plugins/sudoers/set_perms.c:120 plugins/sudoers/set_perms.c:478 -#: plugins/sudoers/set_perms.c:921 plugins/sudoers/set_perms.c:1254 -#: plugins/sudoers/set_perms.c:1573 +#: plugins/sudoers/set_perms.c:120 plugins/sudoers/set_perms.c:447 +#: plugins/sudoers/set_perms.c:850 plugins/sudoers/set_perms.c:1156 +#: plugins/sudoers/set_perms.c:1450 msgid "perm stack overflow" msgstr "" -#: plugins/sudoers/set_perms.c:128 plugins/sudoers/set_perms.c:409 -#: plugins/sudoers/set_perms.c:486 plugins/sudoers/set_perms.c:788 -#: plugins/sudoers/set_perms.c:929 plugins/sudoers/set_perms.c:1178 -#: plugins/sudoers/set_perms.c:1262 plugins/sudoers/set_perms.c:1506 -#: plugins/sudoers/set_perms.c:1581 plugins/sudoers/set_perms.c:1672 +#: plugins/sudoers/set_perms.c:128 plugins/sudoers/set_perms.c:378 +#: plugins/sudoers/set_perms.c:455 plugins/sudoers/set_perms.c:717 +#: plugins/sudoers/set_perms.c:858 plugins/sudoers/set_perms.c:1080 +#: plugins/sudoers/set_perms.c:1164 plugins/sudoers/set_perms.c:1383 +#: plugins/sudoers/set_perms.c:1458 plugins/sudoers/set_perms.c:1548 msgid "perm stack underflow" msgstr "" -#: plugins/sudoers/set_perms.c:187 plugins/sudoers/set_perms.c:532 -#: plugins/sudoers/set_perms.c:1315 plugins/sudoers/set_perms.c:1614 +#: plugins/sudoers/set_perms.c:187 plugins/sudoers/set_perms.c:501 +#: plugins/sudoers/set_perms.c:1217 plugins/sudoers/set_perms.c:1491 msgid "unable to change to root gid" msgstr "" -#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:629 -#: plugins/sudoers/set_perms.c:1060 plugins/sudoers/set_perms.c:1392 +#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:598 +#: plugins/sudoers/set_perms.c:989 plugins/sudoers/set_perms.c:1294 msgid "unable to change to runas gid" msgstr "" -#: plugins/sudoers/set_perms.c:283 plugins/sudoers/set_perms.c:634 -#: plugins/sudoers/set_perms.c:1065 plugins/sudoers/set_perms.c:1397 +#: plugins/sudoers/set_perms.c:283 plugins/sudoers/set_perms.c:603 +#: plugins/sudoers/set_perms.c:994 plugins/sudoers/set_perms.c:1299 msgid "unable to set runas group vector" msgstr "" -#: plugins/sudoers/set_perms.c:294 plugins/sudoers/set_perms.c:645 -#: plugins/sudoers/set_perms.c:1074 plugins/sudoers/set_perms.c:1406 +#: plugins/sudoers/set_perms.c:294 plugins/sudoers/set_perms.c:614 +#: plugins/sudoers/set_perms.c:1003 plugins/sudoers/set_perms.c:1308 msgid "unable to change to runas uid" msgstr "" -#: plugins/sudoers/set_perms.c:312 plugins/sudoers/set_perms.c:663 -#: plugins/sudoers/set_perms.c:1090 plugins/sudoers/set_perms.c:1422 +#: plugins/sudoers/set_perms.c:312 plugins/sudoers/set_perms.c:632 +#: plugins/sudoers/set_perms.c:1019 plugins/sudoers/set_perms.c:1324 msgid "unable to change to sudoers gid" msgstr "" -#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 -#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 -#: plugins/sudoers/set_perms.c:1659 +#: plugins/sudoers/set_perms.c:365 plugins/sudoers/set_perms.c:704 +#: plugins/sudoers/set_perms.c:1067 plugins/sudoers/set_perms.c:1370 +#: plugins/sudoers/set_perms.c:1535 msgid "too many processes" msgstr "" @@ -1859,216 +2413,235 @@ msgid "unable to find symbol \"%s\" in %s" msgstr "" -#: plugins/sudoers/sudoers.c:212 plugins/sudoers/sudoers.c:871 +#: plugins/sudoers/sudoers.c:221 plugins/sudoers/sudoers.c:958 msgid "problem with defaults entries" msgstr "" -#: plugins/sudoers/sudoers.c:216 +#: plugins/sudoers/sudoers.c:225 msgid "no valid sudoers sources found, quitting" msgstr "" -#: plugins/sudoers/sudoers.c:254 +#: plugins/sudoers/sudoers.c:301 msgid "sudoers specifies that root is not allowed to sudo" msgstr "" -#: plugins/sudoers/sudoers.c:312 +#: plugins/sudoers/sudoers.c:361 +msgid "user not allowed to override closefrom limit" +msgstr "" + +#: plugins/sudoers/sudoers.c:362 msgid "you are not permitted to use the -C option" msgstr "" -#: plugins/sudoers/sudoers.c:359 +#: plugins/sudoers/sudoers.c:426 #, c-format msgid "timestamp owner (%s): No such user" msgstr "" -#: plugins/sudoers/sudoers.c:374 +#: plugins/sudoers/sudoers.c:441 msgid "no tty" msgstr "" -#: plugins/sudoers/sudoers.c:375 +#: plugins/sudoers/sudoers.c:442 msgid "sorry, you must have a tty to run sudo" msgstr "" -#: plugins/sudoers/sudoers.c:437 +#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:450 +#, c-format +msgid "invalid shell for user %s: %s" +msgstr "" + +#: plugins/sudoers/sudoers.c:513 msgid "command in current directory" msgstr "" -#: plugins/sudoers/sudoers.c:456 +#: plugins/sudoers/sudoers.c:532 +msgid "user not allowed to set a command timeout" +msgstr "" + +#: plugins/sudoers/sudoers.c:533 msgid "sorry, you are not allowed set a command timeout" msgstr "" -#: plugins/sudoers/sudoers.c:464 +#: plugins/sudoers/sudoers.c:541 +msgid "user not allowed to set a preserve the environment" +msgstr "" + +#: plugins/sudoers/sudoers.c:542 msgid "sorry, you are not allowed to preserve the environment" msgstr "" -#: plugins/sudoers/sudoers.c:815 +#: plugins/sudoers/sudoers.c:893 msgid "command too long" msgstr "" -#: plugins/sudoers/sudoers.c:947 +#: plugins/sudoers/sudoers.c:951 +msgid "sudoedit doesn't need to be run via sudo" +msgstr "" + +#: plugins/sudoers/sudoers.c:1005 plugins/sudoers/sudoreplay.c:1507 +#: plugins/sudoers/tsdump.c:145 +#, c-format +msgid "unable to read %s" +msgstr "" + +#: plugins/sudoers/sudoers.c:1030 plugins/sudoers/visudo.c:437 +#: plugins/sudoers/visudo.c:733 +#, c-format +msgid "unable to stat %s" +msgstr "" + +#: plugins/sudoers/sudoers.c:1034 #, c-format msgid "%s is not a regular file" msgstr "" -#: plugins/sudoers/sudoers.c:951 plugins/sudoers/timestamp.c:259 toke.l:967 +#: plugins/sudoers/sudoers.c:1038 plugins/sudoers/timestamp.c:259 toke.l:967 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "" -#: plugins/sudoers/sudoers.c:955 toke.l:972 +#: plugins/sudoers/sudoers.c:1042 toke.l:972 #, c-format msgid "%s is world writable" msgstr "" -#: plugins/sudoers/sudoers.c:959 toke.l:975 +#: plugins/sudoers/sudoers.c:1046 toke.l:975 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "" -#: plugins/sudoers/sudoers.c:992 +#: plugins/sudoers/sudoers.c:1079 #, c-format msgid "only root can use \"-c %s\"" msgstr "" -#: plugins/sudoers/sudoers.c:1011 +#: plugins/sudoers/sudoers.c:1098 #, c-format msgid "unknown login class: %s" msgstr "" -#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoers.c:1110 +#: plugins/sudoers/sudoers.c:1183 plugins/sudoers/sudoers.c:1198 #, c-format msgid "unable to resolve host %s" msgstr "" -#: plugins/sudoers/sudoreplay.c:250 +#: plugins/sudoers/sudoreplay.c:263 #, c-format msgid "invalid filter option: %s" msgstr "" -#: plugins/sudoers/sudoreplay.c:263 +#: plugins/sudoers/sudoreplay.c:276 #, c-format msgid "invalid max wait: %s" msgstr "" -#: plugins/sudoers/sudoreplay.c:286 +#: plugins/sudoers/sudoreplay.c:299 #, c-format msgid "invalid speed factor: %s" msgstr "" -#: plugins/sudoers/sudoreplay.c:321 +#: plugins/sudoers/sudoreplay.c:335 #, c-format -msgid "%s/%.2s/%.2s/%.2s/timing: %s" +msgid "%s/%.2s/%.2s/%.2s: %s" msgstr "" -#: plugins/sudoers/sudoreplay.c:326 +#: plugins/sudoers/sudoreplay.c:340 #, c-format msgid "%s/timing: %s" msgstr "" -#: plugins/sudoers/sudoreplay.c:330 +#: plugins/sudoers/sudoreplay.c:344 #, c-format -msgid "%s/%s/timing: %s" +msgid "%s/%s: %s" msgstr "" -#: plugins/sudoers/sudoreplay.c:346 +#: plugins/sudoers/sudoreplay.c:368 #, c-format msgid "Replaying sudo session: %s" msgstr "" -#: plugins/sudoers/sudoreplay.c:544 plugins/sudoers/sudoreplay.c:591 -#: plugins/sudoers/sudoreplay.c:789 plugins/sudoers/sudoreplay.c:898 -#: plugins/sudoers/sudoreplay.c:983 plugins/sudoers/sudoreplay.c:998 -#: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/sudoreplay.c:1012 -#: plugins/sudoers/sudoreplay.c:1019 plugins/sudoers/sudoreplay.c:1026 -#: plugins/sudoers/sudoreplay.c:1174 -msgid "unable to add event to queue" -msgstr "" - -#: plugins/sudoers/sudoreplay.c:659 +#: plugins/sudoers/sudoreplay.c:630 msgid "unable to set tty to raw mode" msgstr "" -#: plugins/sudoers/sudoreplay.c:710 +#: plugins/sudoers/sudoreplay.c:681 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "" -#: plugins/sudoers/sudoreplay.c:711 +#: plugins/sudoers/sudoreplay.c:682 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "" -#: plugins/sudoers/sudoreplay.c:739 +#: plugins/sudoers/sudoreplay.c:710 msgid "Replay finished, press any key to restore the terminal." msgstr "" -#: plugins/sudoers/sudoreplay.c:772 -#, c-format -msgid "invalid timing file line: %s" -msgstr "" - -#: plugins/sudoers/sudoreplay.c:1208 plugins/sudoers/sudoreplay.c:1233 +#: plugins/sudoers/sudoreplay.c:1157 plugins/sudoers/sudoreplay.c:1187 #, c-format msgid "ambiguous expression \"%s\"" msgstr "" -#: plugins/sudoers/sudoreplay.c:1255 +#: plugins/sudoers/sudoreplay.c:1209 msgid "unmatched ')' in expression" msgstr "" -#: plugins/sudoers/sudoreplay.c:1259 +#: plugins/sudoers/sudoreplay.c:1213 #, c-format msgid "unknown search term \"%s\"" msgstr "" -#: plugins/sudoers/sudoreplay.c:1274 +#: plugins/sudoers/sudoreplay.c:1228 #, c-format msgid "%s requires an argument" msgstr "" -#: plugins/sudoers/sudoreplay.c:1277 plugins/sudoers/sudoreplay.c:1518 +#: plugins/sudoers/sudoreplay.c:1231 plugins/sudoers/sudoreplay.c:1483 #, c-format msgid "invalid regular expression: %s" msgstr "" -#: plugins/sudoers/sudoreplay.c:1281 +#: plugins/sudoers/sudoreplay.c:1236 #, c-format msgid "could not parse date \"%s\"" msgstr "" -#: plugins/sudoers/sudoreplay.c:1290 +#: plugins/sudoers/sudoreplay.c:1245 msgid "unmatched '(' in expression" msgstr "" -#: plugins/sudoers/sudoreplay.c:1292 +#: plugins/sudoers/sudoreplay.c:1247 msgid "illegal trailing \"or\"" msgstr "" -#: plugins/sudoers/sudoreplay.c:1294 +#: plugins/sudoers/sudoreplay.c:1249 msgid "illegal trailing \"!\"" msgstr "" -#: plugins/sudoers/sudoreplay.c:1344 +#: plugins/sudoers/sudoreplay.c:1307 #, c-format msgid "unknown search type %d" msgstr "" -#: plugins/sudoers/sudoreplay.c:1611 +#: plugins/sudoers/sudoreplay.c:1574 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1577 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "" -#: plugins/sudoers/sudoreplay.c:1623 +#: plugins/sudoers/sudoreplay.c:1586 #, c-format msgid "" "%s - replay sudo session logs\n" "\n" msgstr "" -#: plugins/sudoers/sudoreplay.c:1625 +#: plugins/sudoers/sudoreplay.c:1588 msgid "" "\n" "Options:\n" @@ -2112,35 +2685,34 @@ msgid "%s is group writable" msgstr "" -#: plugins/sudoers/timestamp.c:343 +#: plugins/sudoers/timestamp.c:343 plugins/sudoers/timestamp.c:687 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "" -#: plugins/sudoers/timestamp.c:829 plugins/sudoers/timestamp.c:921 -#: plugins/sudoers/visudo.c:498 plugins/sudoers/visudo.c:504 -msgid "unable to read the clock" -msgstr "" - -#: plugins/sudoers/timestamp.c:840 +#: plugins/sudoers/timestamp.c:873 msgid "ignoring time stamp from the future" msgstr "" -#: plugins/sudoers/timestamp.c:863 +#: plugins/sudoers/timestamp.c:896 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "" -#: plugins/sudoers/timestamp.c:985 +#: plugins/sudoers/timestamp.c:1018 #, c-format msgid "unable to lock time stamp file %s" msgstr "" -#: plugins/sudoers/timestamp.c:1029 plugins/sudoers/timestamp.c:1049 +#: plugins/sudoers/timestamp.c:1062 plugins/sudoers/timestamp.c:1082 #, c-format msgid "lecture status path too long: %s/%s" msgstr "" +#: plugins/sudoers/toke_util.c:132 +msgid "sudoedit should not be specified with a path" +msgstr "" + #: plugins/sudoers/visudo.c:232 msgid "the -x option will be removed in a future release" msgstr "" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/plugins/sudoers/po/sv.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/plugins/sudoers/po/sv.mo differ diff -Nru sudo-1.8.31/plugins/sudoers/po/sv.po sudo-1.9.0/plugins/sudoers/po/sv.po --- sudo-1.8.31/plugins/sudoers/po/sv.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/po/sv.po 2020-05-11 16:28:23.000000000 +0000 @@ -1,15 +1,15 @@ # Swedish translation for sudoers. -# Copyright © 2012, 2016, 2017, 2018, 2019 Free Software Foundation, Inc. +# Copyright © 2012, 2016, 2017, 2018, 2019, 2020 Free Software Foundation, Inc. # This file is put in the public domain. # Daniel Nylander , 2012. -# Sebastian Rasmussen , 2016, 2017, 2018, 2019. +# Sebastian Rasmussen , 2016, 2017, 2018, 2019, 2020. # msgid "" msgstr "" -"Project-Id-Version: sudoers 1.8.29rc1\n" +"Project-Id-Version: sudoers 1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-10-24 15:02+0200\n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-04-28 21:57+0800\n" "Last-Translator: Sebastian Rasmussen \n" "Language-Team: Swedish \n" "Language: sv\n" @@ -18,7 +18,7 @@ "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" -"X-Generator: Poedit 2.2.3\n" +"X-Generator: Poedit 2.3\n" #: confstr.sh:1 msgid "syntax error" @@ -44,70 +44,75 @@ msgid "Sorry, try again." msgstr "Försök igen." -#: gram.y:196 gram.y:244 gram.y:251 gram.y:258 gram.y:265 gram.y:272 -#: gram.y:288 gram.y:312 gram.y:319 gram.y:326 gram.y:333 gram.y:340 -#: gram.y:403 gram.y:412 gram.y:423 gram.y:456 gram.y:463 gram.y:470 -#: gram.y:477 gram.y:559 gram.y:566 gram.y:575 gram.y:584 gram.y:601 -#: gram.y:713 gram.y:720 gram.y:727 gram.y:735 gram.y:835 gram.y:842 -#: gram.y:849 gram.y:856 gram.y:863 gram.y:889 gram.y:896 gram.y:903 -#: gram.y:1026 gram.y:1303 plugins/sudoers/alias.c:132 -#: plugins/sudoers/alias.c:139 plugins/sudoers/alias.c:155 -#: plugins/sudoers/auth/bsdauth.c:148 plugins/sudoers/auth/kerb5.c:123 -#: plugins/sudoers/auth/kerb5.c:149 plugins/sudoers/auth/pam.c:670 -#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/auth/sia.c:64 -#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:165 -#: plugins/sudoers/cvtsudoers.c:182 plugins/sudoers/cvtsudoers.c:193 -#: plugins/sudoers/cvtsudoers.c:305 plugins/sudoers/cvtsudoers.c:433 -#: plugins/sudoers/cvtsudoers.c:566 plugins/sudoers/cvtsudoers.c:583 -#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 -#: plugins/sudoers/cvtsudoers.c:769 plugins/sudoers/cvtsudoers.c:1179 -#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1285 +#: gram.y:198 gram.y:246 gram.y:253 gram.y:260 gram.y:267 gram.y:274 +#: gram.y:290 gram.y:314 gram.y:321 gram.y:328 gram.y:335 gram.y:342 +#: gram.y:405 gram.y:414 gram.y:425 gram.y:458 gram.y:465 gram.y:472 +#: gram.y:479 gram.y:506 gram.y:578 gram.y:585 gram.y:594 gram.y:603 +#: gram.y:620 gram.y:732 gram.y:739 gram.y:747 gram.y:753 gram.y:853 +#: gram.y:860 gram.y:867 gram.y:874 gram.y:881 gram.y:907 gram.y:914 +#: gram.y:921 gram.y:1063 gram.y:1342 lib/iolog/iolog_util.c:79 +#: lib/iolog/iolog_util.c:118 lib/iolog/iolog_util.c:127 +#: lib/iolog/iolog_util.c:137 lib/iolog/iolog_util.c:145 +#: lib/iolog/iolog_util.c:149 logsrvd/eventlog.c:223 logsrvd/sendlog.c:286 +#: plugins/sudoers/alias.c:132 plugins/sudoers/alias.c:139 +#: plugins/sudoers/alias.c:155 plugins/sudoers/auth/bsdauth.c:148 +#: plugins/sudoers/auth/kerb5.c:123 plugins/sudoers/auth/kerb5.c:149 +#: plugins/sudoers/auth/pam.c:673 plugins/sudoers/auth/rfc1938.c:116 +#: plugins/sudoers/auth/sia.c:64 plugins/sudoers/cvtsudoers.c:124 +#: plugins/sudoers/cvtsudoers.c:165 plugins/sudoers/cvtsudoers.c:182 +#: plugins/sudoers/cvtsudoers.c:193 plugins/sudoers/cvtsudoers.c:305 +#: plugins/sudoers/cvtsudoers.c:433 plugins/sudoers/cvtsudoers.c:566 +#: plugins/sudoers/cvtsudoers.c:583 plugins/sudoers/cvtsudoers.c:646 +#: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:769 +#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1187 +#: plugins/sudoers/cvtsudoers.c:1289 plugins/sudoers/cvtsudoers_json.c:83 #: plugins/sudoers/cvtsudoers_ldif.c:154 plugins/sudoers/cvtsudoers_ldif.c:197 -#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:263 -#: plugins/sudoers/cvtsudoers_ldif.c:334 plugins/sudoers/cvtsudoers_ldif.c:389 -#: plugins/sudoers/cvtsudoers_ldif.c:397 plugins/sudoers/cvtsudoers_ldif.c:414 -#: plugins/sudoers/cvtsudoers_ldif.c:423 plugins/sudoers/cvtsudoers_ldif.c:570 -#: plugins/sudoers/defaults.c:666 plugins/sudoers/defaults.c:959 -#: plugins/sudoers/defaults.c:1130 plugins/sudoers/editor.c:72 +#: plugins/sudoers/cvtsudoers_ldif.c:238 plugins/sudoers/cvtsudoers_ldif.c:303 +#: plugins/sudoers/cvtsudoers_ldif.c:374 plugins/sudoers/cvtsudoers_ldif.c:429 +#: plugins/sudoers/cvtsudoers_ldif.c:437 plugins/sudoers/cvtsudoers_ldif.c:454 +#: plugins/sudoers/cvtsudoers_ldif.c:463 plugins/sudoers/cvtsudoers_ldif.c:610 +#: plugins/sudoers/defaults.c:632 plugins/sudoers/defaults.c:925 +#: plugins/sudoers/defaults.c:1058 plugins/sudoers/editor.c:72 #: plugins/sudoers/editor.c:90 plugins/sudoers/editor.c:101 #: plugins/sudoers/env.c:268 plugins/sudoers/filedigest.c:66 #: plugins/sudoers/filedigest.c:82 plugins/sudoers/gc.c:59 -#: plugins/sudoers/group_plugin.c:138 plugins/sudoers/interfaces.c:78 -#: plugins/sudoers/iolog.c:943 plugins/sudoers/iolog_path.c:174 -#: plugins/sudoers/iolog_util.c:86 plugins/sudoers/iolog_util.c:125 -#: plugins/sudoers/iolog_util.c:134 plugins/sudoers/iolog_util.c:144 -#: plugins/sudoers/iolog_util.c:152 plugins/sudoers/iolog_util.c:156 -#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416 -#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887 -#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668 -#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786 -#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022 -#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223 -#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306 -#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446 -#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558 -#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:683 -#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:510 -#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/linux_audit.c:83 -#: plugins/sudoers/logging.c:202 plugins/sudoers/logging.c:532 -#: plugins/sudoers/logging.c:558 plugins/sudoers/logging.c:599 -#: plugins/sudoers/logging.c:740 plugins/sudoers/logging.c:1100 -#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:367 -#: plugins/sudoers/match_command.c:414 plugins/sudoers/match_command.c:485 -#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:200 +#: plugins/sudoers/group_plugin.c:141 plugins/sudoers/interfaces.c:78 +#: plugins/sudoers/iolog.c:476 plugins/sudoers/iolog_client.c:107 +#: plugins/sudoers/iolog_client.c:485 plugins/sudoers/iolog_client.c:593 +#: plugins/sudoers/iolog_client.c:611 plugins/sudoers/iolog_client.c:1053 +#: plugins/sudoers/iolog_client.c:1283 plugins/sudoers/iolog_client.c:1619 +#: plugins/sudoers/iolog_client.c:1647 plugins/sudoers/ldap.c:185 +#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723 +#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241 +#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705 +#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921 +#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038 +#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254 +#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342 +#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461 +#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591 +#: plugins/sudoers/ldap_conf.c:683 plugins/sudoers/ldap_conf.c:765 +#: plugins/sudoers/ldap_util.c:331 plugins/sudoers/ldap_util.c:338 +#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:83 +#: plugins/sudoers/logging.c:200 plugins/sudoers/logging.c:527 +#: plugins/sudoers/logging.c:553 plugins/sudoers/logging.c:594 +#: plugins/sudoers/logging.c:731 plugins/sudoers/logging.c:1091 +#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:397 +#: plugins/sudoers/match_command.c:444 plugins/sudoers/match_command.c:515 +#: plugins/sudoers/match_digest.c:87 plugins/sudoers/parse.c:200 #: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:227 #: plugins/sudoers/parse.c:239 plugins/sudoers/parse_ldif.c:156 #: plugins/sudoers/parse_ldif.c:187 plugins/sudoers/parse_ldif.c:256 #: plugins/sudoers/parse_ldif.c:263 plugins/sudoers/parse_ldif.c:268 #: plugins/sudoers/parse_ldif.c:344 plugins/sudoers/parse_ldif.c:355 -#: plugins/sudoers/parse_ldif.c:361 plugins/sudoers/parse_ldif.c:386 -#: plugins/sudoers/parse_ldif.c:398 plugins/sudoers/parse_ldif.c:402 -#: plugins/sudoers/parse_ldif.c:416 plugins/sudoers/parse_ldif.c:584 -#: plugins/sudoers/parse_ldif.c:614 plugins/sudoers/parse_ldif.c:639 -#: plugins/sudoers/parse_ldif.c:697 plugins/sudoers/parse_ldif.c:714 -#: plugins/sudoers/parse_ldif.c:742 plugins/sudoers/parse_ldif.c:749 -#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:750 +#: plugins/sudoers/parse_ldif.c:382 plugins/sudoers/parse_ldif.c:399 +#: plugins/sudoers/parse_ldif.c:411 plugins/sudoers/parse_ldif.c:415 +#: plugins/sudoers/parse_ldif.c:429 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:627 plugins/sudoers/parse_ldif.c:652 +#: plugins/sudoers/parse_ldif.c:710 plugins/sudoers/parse_ldif.c:727 +#: plugins/sudoers/parse_ldif.c:755 plugins/sudoers/parse_ldif.c:762 +#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:830 #: plugins/sudoers/prompt.c:100 plugins/sudoers/pwutil.c:199 #: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 #: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:586 @@ -117,19 +122,19 @@ #: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 #: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 #: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 -#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 -#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 -#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 -#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 -#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:114 -#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 -#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 -#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 -#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 -#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 -#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:331 plugins/sudoers/sudoers.c:341 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:735 +#: plugins/sudoers/sudoers.c:864 plugins/sudoers/sudoers.c:909 +#: plugins/sudoers/sudoers.c:1213 plugins/sudoers/sudoreplay.c:559 +#: plugins/sudoers/sudoreplay.c:562 plugins/sudoers/sudoreplay.c:1218 +#: plugins/sudoers/sudoreplay.c:1425 plugins/sudoers/sudoreplay.c:1429 +#: plugins/sudoers/testsudoers.c:136 plugins/sudoers/testsudoers.c:236 +#: plugins/sudoers/testsudoers.c:253 plugins/sudoers/testsudoers.c:587 +#: plugins/sudoers/timestamp.c:439 plugins/sudoers/timestamp.c:483 +#: plugins/sudoers/timestamp.c:993 plugins/sudoers/toke_util.c:59 +#: plugins/sudoers/toke_util.c:112 plugins/sudoers/toke_util.c:137 +#: plugins/sudoers/toke_util.c:165 plugins/sudoers/tsdump.c:130 #: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 #: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 #: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 @@ -138,111 +143,116 @@ msgid "unable to allocate memory" msgstr "kunde inte allokera minne" -#: gram.y:488 +#: gram.y:500 msgid "a digest requires a path name" msgstr "en kontrollsumma kräver ett sökvägsnamn" -#: gram.y:614 +#: gram.y:633 msgid "invalid notbefore value" msgstr "ogiltigt notbefore-värde" -#: gram.y:622 +#: gram.y:641 msgid "invalid notafter value" msgstr "ogiltigt notafter-värde" -#: gram.y:631 plugins/sudoers/policy.c:320 +#: gram.y:650 plugins/sudoers/policy.c:319 msgid "timeout value too large" msgstr "tidsgränsvärde för stort" -#: gram.y:633 plugins/sudoers/policy.c:322 +#: gram.y:652 plugins/sudoers/policy.c:321 msgid "invalid timeout value" msgstr "ogiltigt värde för tidsgräns" -#: gram.y:1303 plugins/sudoers/auth/pam.c:483 plugins/sudoers/auth/pam.c:670 -#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/cvtsudoers.c:124 -#: plugins/sudoers/cvtsudoers.c:164 plugins/sudoers/cvtsudoers.c:181 -#: plugins/sudoers/cvtsudoers.c:192 plugins/sudoers/cvtsudoers.c:304 -#: plugins/sudoers/cvtsudoers.c:432 plugins/sudoers/cvtsudoers.c:565 -#: plugins/sudoers/cvtsudoers.c:582 plugins/sudoers/cvtsudoers.c:646 -#: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:768 -#: plugins/sudoers/cvtsudoers.c:1179 plugins/sudoers/cvtsudoers.c:1183 -#: plugins/sudoers/cvtsudoers.c:1285 plugins/sudoers/cvtsudoers_ldif.c:153 -#: plugins/sudoers/cvtsudoers_ldif.c:196 plugins/sudoers/cvtsudoers_ldif.c:243 -#: plugins/sudoers/cvtsudoers_ldif.c:262 plugins/sudoers/cvtsudoers_ldif.c:333 -#: plugins/sudoers/cvtsudoers_ldif.c:388 plugins/sudoers/cvtsudoers_ldif.c:396 -#: plugins/sudoers/cvtsudoers_ldif.c:413 plugins/sudoers/cvtsudoers_ldif.c:422 -#: plugins/sudoers/cvtsudoers_ldif.c:569 plugins/sudoers/defaults.c:666 -#: plugins/sudoers/defaults.c:959 plugins/sudoers/defaults.c:1130 +#: gram.y:1342 lib/iolog/iolog_util.c:79 lib/iolog/iolog_util.c:118 +#: lib/iolog/iolog_util.c:127 lib/iolog/iolog_util.c:137 +#: lib/iolog/iolog_util.c:145 lib/iolog/iolog_util.c:149 +#: logsrvd/eventlog.c:223 plugins/sudoers/auth/pam.c:486 +#: plugins/sudoers/auth/pam.c:673 plugins/sudoers/auth/rfc1938.c:116 +#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:164 +#: plugins/sudoers/cvtsudoers.c:181 plugins/sudoers/cvtsudoers.c:192 +#: plugins/sudoers/cvtsudoers.c:304 plugins/sudoers/cvtsudoers.c:432 +#: plugins/sudoers/cvtsudoers.c:565 plugins/sudoers/cvtsudoers.c:582 +#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 +#: plugins/sudoers/cvtsudoers.c:768 plugins/sudoers/cvtsudoers.c:1183 +#: plugins/sudoers/cvtsudoers.c:1187 plugins/sudoers/cvtsudoers.c:1289 +#: plugins/sudoers/cvtsudoers_json.c:82 plugins/sudoers/cvtsudoers_ldif.c:153 +#: plugins/sudoers/cvtsudoers_ldif.c:196 plugins/sudoers/cvtsudoers_ldif.c:237 +#: plugins/sudoers/cvtsudoers_ldif.c:302 plugins/sudoers/cvtsudoers_ldif.c:373 +#: plugins/sudoers/cvtsudoers_ldif.c:428 plugins/sudoers/cvtsudoers_ldif.c:436 +#: plugins/sudoers/cvtsudoers_ldif.c:453 plugins/sudoers/cvtsudoers_ldif.c:462 +#: plugins/sudoers/cvtsudoers_ldif.c:609 plugins/sudoers/defaults.c:632 +#: plugins/sudoers/defaults.c:925 plugins/sudoers/defaults.c:1058 #: plugins/sudoers/editor.c:72 plugins/sudoers/editor.c:90 #: plugins/sudoers/editor.c:101 plugins/sudoers/env.c:268 #: plugins/sudoers/filedigest.c:66 plugins/sudoers/filedigest.c:82 -#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:138 -#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:943 -#: plugins/sudoers/iolog_path.c:174 plugins/sudoers/iolog_util.c:86 -#: plugins/sudoers/iolog_util.c:125 plugins/sudoers/iolog_util.c:134 -#: plugins/sudoers/iolog_util.c:144 plugins/sudoers/iolog_util.c:152 -#: plugins/sudoers/iolog_util.c:156 plugins/sudoers/ldap.c:185 -#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420 -#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723 -#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241 -#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705 -#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921 -#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038 -#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254 -#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342 -#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461 -#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591 -#: plugins/sudoers/ldap_conf.c:682 plugins/sudoers/ldap_conf.c:765 -#: plugins/sudoers/ldap_util.c:510 plugins/sudoers/ldap_util.c:567 -#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:202 -#: plugins/sudoers/logging.c:532 plugins/sudoers/logging.c:558 -#: plugins/sudoers/logging.c:598 plugins/sudoers/logging.c:1100 -#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:366 -#: plugins/sudoers/match_command.c:413 plugins/sudoers/match_command.c:485 -#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:199 +#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:140 +#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:476 +#: plugins/sudoers/iolog_client.c:107 plugins/sudoers/iolog_client.c:485 +#: plugins/sudoers/iolog_client.c:593 plugins/sudoers/iolog_client.c:611 +#: plugins/sudoers/iolog_client.c:1053 plugins/sudoers/iolog_client.c:1283 +#: plugins/sudoers/iolog_client.c:1619 plugins/sudoers/iolog_client.c:1647 +#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416 +#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432 +#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887 +#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668 +#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786 +#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022 +#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223 +#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306 +#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446 +#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558 +#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:682 +#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:330 +#: plugins/sudoers/ldap_util.c:337 plugins/sudoers/ldap_util.c:603 +#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:200 +#: plugins/sudoers/logging.c:527 plugins/sudoers/logging.c:553 +#: plugins/sudoers/logging.c:593 plugins/sudoers/logging.c:1091 +#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:396 +#: plugins/sudoers/match_command.c:443 plugins/sudoers/match_command.c:515 +#: plugins/sudoers/match_digest.c:87 plugins/sudoers/parse.c:199 #: plugins/sudoers/parse.c:211 plugins/sudoers/parse.c:226 #: plugins/sudoers/parse.c:238 plugins/sudoers/parse_ldif.c:155 #: plugins/sudoers/parse_ldif.c:186 plugins/sudoers/parse_ldif.c:255 #: plugins/sudoers/parse_ldif.c:262 plugins/sudoers/parse_ldif.c:267 #: plugins/sudoers/parse_ldif.c:343 plugins/sudoers/parse_ldif.c:354 -#: plugins/sudoers/parse_ldif.c:360 plugins/sudoers/parse_ldif.c:385 -#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:401 -#: plugins/sudoers/parse_ldif.c:415 plugins/sudoers/parse_ldif.c:584 -#: plugins/sudoers/parse_ldif.c:613 plugins/sudoers/parse_ldif.c:638 -#: plugins/sudoers/parse_ldif.c:696 plugins/sudoers/parse_ldif.c:713 -#: plugins/sudoers/parse_ldif.c:741 plugins/sudoers/parse_ldif.c:748 -#: plugins/sudoers/policy.c:134 plugins/sudoers/policy.c:143 -#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:178 -#: plugins/sudoers/policy.c:305 plugins/sudoers/policy.c:320 -#: plugins/sudoers/policy.c:322 plugins/sudoers/policy.c:348 -#: plugins/sudoers/policy.c:358 plugins/sudoers/policy.c:402 +#: plugins/sudoers/parse_ldif.c:381 plugins/sudoers/parse_ldif.c:398 +#: plugins/sudoers/parse_ldif.c:410 plugins/sudoers/parse_ldif.c:414 +#: plugins/sudoers/parse_ldif.c:428 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:133 plugins/sudoers/policy.c:142 +#: plugins/sudoers/policy.c:151 plugins/sudoers/policy.c:177 +#: plugins/sudoers/policy.c:304 plugins/sudoers/policy.c:319 +#: plugins/sudoers/policy.c:321 plugins/sudoers/policy.c:350 +#: plugins/sudoers/policy.c:359 plugins/sudoers/policy.c:402 #: plugins/sudoers/policy.c:412 plugins/sudoers/policy.c:421 #: plugins/sudoers/policy.c:430 plugins/sudoers/policy.c:504 -#: plugins/sudoers/policy.c:750 plugins/sudoers/prompt.c:100 +#: plugins/sudoers/policy.c:830 plugins/sudoers/prompt.c:100 #: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 #: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 #: plugins/sudoers/pwutil.c:586 plugins/sudoers/pwutil.c:657 #: plugins/sudoers/pwutil.c:816 plugins/sudoers/pwutil.c:873 #: plugins/sudoers/pwutil.c:917 plugins/sudoers/pwutil.c:975 -#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 -#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 -#: plugins/sudoers/set_perms.c:1659 plugins/sudoers/sssd.c:153 +#: plugins/sudoers/set_perms.c:365 plugins/sudoers/set_perms.c:704 +#: plugins/sudoers/set_perms.c:1067 plugins/sudoers/set_perms.c:1370 +#: plugins/sudoers/set_perms.c:1535 plugins/sudoers/sssd.c:153 #: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 #: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 #: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 -#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 -#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 -#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 -#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 -#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:113 -#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 -#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 -#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 -#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 -#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 -#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:331 plugins/sudoers/sudoers.c:341 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:735 +#: plugins/sudoers/sudoers.c:864 plugins/sudoers/sudoers.c:909 +#: plugins/sudoers/sudoers.c:1213 plugins/sudoers/sudoreplay.c:559 +#: plugins/sudoers/sudoreplay.c:562 plugins/sudoers/sudoreplay.c:1218 +#: plugins/sudoers/sudoreplay.c:1425 plugins/sudoers/sudoreplay.c:1429 +#: plugins/sudoers/testsudoers.c:136 plugins/sudoers/testsudoers.c:236 +#: plugins/sudoers/testsudoers.c:253 plugins/sudoers/testsudoers.c:587 +#: plugins/sudoers/timestamp.c:439 plugins/sudoers/timestamp.c:483 +#: plugins/sudoers/timestamp.c:993 plugins/sudoers/toke_util.c:59 +#: plugins/sudoers/toke_util.c:112 plugins/sudoers/toke_util.c:136 +#: plugins/sudoers/toke_util.c:165 plugins/sudoers/tsdump.c:130 #: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 #: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 #: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 @@ -252,12 +262,455 @@ msgid "%s: %s" msgstr "%s: %s" +#: lib/iolog/iolog_fileio.c:164 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s finns men är inte en katalog (0%o)" + +#: lib/iolog/iolog_fileio.c:194 lib/iolog/iolog_fileio.c:240 +#: plugins/sudoers/timestamp.c:212 +#, c-format +msgid "unable to mkdir %s" +msgstr "kunde inte skapa katalogen %s" + +#: lib/iolog/iolog_fileio.c:244 plugins/sudoers/visudo.c:739 +#: plugins/sudoers/visudo.c:750 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "kan inte ändra läge för %s till 0%o" + +#: lib/iolog/iolog_util.c:83 +#, c-format +msgid "%s: invalid log file" +msgstr "%s: ogiltig loggfil" + +#: lib/iolog/iolog_util.c:101 +#, c-format +msgid "%s: time stamp field is missing" +msgstr "%s: tidsstämpelfält saknas" + +#: lib/iolog/iolog_util.c:107 +#, c-format +msgid "%s: time stamp %s: %s" +msgstr "%s: tidsstämpel %s: %s" + +#: lib/iolog/iolog_util.c:114 +#, c-format +msgid "%s: user field is missing" +msgstr "%s: användarfältet saknas" + +#: lib/iolog/iolog_util.c:123 +#, c-format +msgid "%s: runas user field is missing" +msgstr "%s: runas-användarfältet saknas" + +#: lib/iolog/iolog_util.c:132 +#, c-format +msgid "%s: runas group field is missing" +msgstr "%s: runas-gruppfältet saknas" + +#: lib/iolog/iolog_util.c:382 +#, c-format +msgid "error reading timing file: %s" +msgstr "fel vid inläsning av tidsmätningsfil: %s" + +#: lib/iolog/iolog_util.c:389 +#, c-format +msgid "invalid timing file line: %s" +msgstr "ogiltig rad i tidsmätningsfil: %s" + +#: logsrvd/eventlog.c:228 plugins/sudoers/cvtsudoers_ldif.c:247 +#: plugins/sudoers/cvtsudoers_ldif.c:254 plugins/sudoers/cvtsudoers_ldif.c:566 +#: plugins/sudoers/env.c:330 plugins/sudoers/env.c:337 +#: plugins/sudoers/env.c:442 plugins/sudoers/iolog.c:550 +#: plugins/sudoers/iolog.c:566 plugins/sudoers/ldap.c:496 +#: plugins/sudoers/ldap.c:727 plugins/sudoers/ldap.c:1060 +#: plugins/sudoers/ldap_conf.c:227 plugins/sudoers/ldap_conf.c:317 +#: plugins/sudoers/linux_audit.c:89 plugins/sudoers/logging.c:1096 +#: plugins/sudoers/policy.c:534 plugins/sudoers/policy.c:679 +#: plugins/sudoers/policy.c:689 plugins/sudoers/prompt.c:168 +#: plugins/sudoers/sudoers.c:931 plugins/sudoers/testsudoers.c:257 +#: plugins/sudoers/toke_util.c:177 +#, c-format +msgid "internal error, %s overflow" +msgstr "internt fel, %s spill" + +#: logsrvd/eventlog.c:422 plugins/sudoers/logging.c:118 +#, c-format +msgid "%8s : %s" +msgstr "%8s : %s" + +#: logsrvd/eventlog.c:451 plugins/sudoers/logging.c:146 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "%8s : (kommando fortsätter) %s" + +#: logsrvd/iolog_writer.c:886 +msgid "log is already complete, cannot be restarted" +msgstr "logg är redan komplett, kan inte startas om" + +#: logsrvd/iolog_writer.c:917 +msgid "unable to restart log" +msgstr "kan inte starta om logg" + +#: logsrvd/logsrv_util.c:96 logsrvd/logsrv_util.c:103 +#: plugins/sudoers/sudoreplay.c:355 plugins/sudoers/sudoreplay.c:361 +#: plugins/sudoers/sudoreplay.c:368 +#, c-format +msgid "unable to open %s/%s" +msgstr "kan inte öppna %s/%s" + +#: logsrvd/logsrv_util.c:130 +#, c-format +msgid "missing I/O log file %s/%s" +msgstr "saknar I/O-loggfil %s/%s" + +#: logsrvd/logsrv_util.c:137 +#, c-format +msgid "%s/%s: unable to seek forward %zu" +msgstr "%s/%s: kan inte söka framåt %zu" + +#: logsrvd/logsrv_util.c:147 +#, c-format +msgid "unable to find resume point [%lld, %ld] in %s/%s" +msgstr "kan inte hitta omstartspunkt [%lld, %ld] i %s/%s" + +#: logsrvd/logsrvd.c:231 logsrvd/logsrvd.c:299 logsrvd/logsrvd.c:343 +#: logsrvd/logsrvd.c:392 logsrvd/logsrvd.c:439 logsrvd/logsrvd.c:484 +#: logsrvd/logsrvd.c:510 +msgid "state machine error" +msgstr "fel i tillståndsmaskin" + +#: logsrvd/logsrvd.c:240 +msgid "invalid AcceptMessage" +msgstr "ogiltigt AcceptMessage" + +#: logsrvd/logsrvd.c:251 +msgid "error parsing AcceptMessage" +msgstr "fel vid tolkning av AcceptMessage" + +#: logsrvd/logsrvd.c:258 +msgid "error creating I/O log" +msgstr "fel vid skapande av I/O-logg" + +#: logsrvd/logsrvd.c:265 +msgid "error logging accept event" +msgstr "fel vid loggning av acceptanshändelse" + +#: logsrvd/logsrvd.c:308 +msgid "invalid RejectMessage" +msgstr "ogiltigt RejectMessage" + +#: logsrvd/logsrvd.c:319 +msgid "error parsing RejectMessage" +msgstr "fel vid tolkning av RejectMEssage" + +#: logsrvd/logsrvd.c:325 +msgid "error logging reject event" +msgstr "fel vid loggning av avböjninshändelse" + +#: logsrvd/logsrvd.c:424 +msgid "error logging alert event" +msgstr "fel vid loggning av alarmhändelse" + +#: logsrvd/logsrvd.c:449 +msgid "error writing IoBuffer" +msgstr "fel vid skrivning av IoBuffer" + +#: logsrvd/logsrvd.c:495 +msgid "error writing ChangeWindowSize" +msgstr "fel vid skrivning av ChangeWindowSize" + +#: logsrvd/logsrvd.c:521 +msgid "error writing CommandSuspend" +msgstr "fel vid skrivning av CommandSuspend" + +#: logsrvd/logsrvd.c:583 +msgid "unrecognized ClientMessage type" +msgstr "okänd ClientMessage-typ" + +#: logsrvd/logsrvd.c:835 +msgid "client message too large" +msgstr "klientmeddelande för stort" + +#: logsrvd/logsrvd.c:1295 logsrvd/logsrvd.c:1415 logsrvd/logsrvd.c:1539 +#: logsrvd/logsrvd.c:1631 logsrvd/sendlog.c:242 logsrvd/sendlog.c:257 +#: logsrvd/sendlog.c:290 logsrvd/sendlog.c:1264 plugins/sudoers/iolog.c:900 +#: plugins/sudoers/iolog.c:1033 plugins/sudoers/iolog.c:1131 +#: plugins/sudoers/iolog_client.c:111 plugins/sudoers/iolog_client.c:436 +#: plugins/sudoers/iolog_client.c:452 plugins/sudoers/iolog_client.c:490 +#: plugins/sudoers/iolog_client.c:1032 plugins/sudoers/iolog_client.c:1061 +#: plugins/sudoers/iolog_client.c:1133 plugins/sudoers/iolog_client.c:1239 +#: plugins/sudoers/iolog_client.c:1353 plugins/sudoers/iolog_client.c:1655 +#: plugins/sudoers/iolog_client.c:1663 plugins/sudoers/sudoreplay.c:519 +#: plugins/sudoers/sudoreplay.c:566 plugins/sudoers/sudoreplay.c:755 +#: plugins/sudoers/sudoreplay.c:867 plugins/sudoers/sudoreplay.c:957 +#: plugins/sudoers/sudoreplay.c:972 plugins/sudoers/sudoreplay.c:979 +#: plugins/sudoers/sudoreplay.c:986 plugins/sudoers/sudoreplay.c:993 +#: plugins/sudoers/sudoreplay.c:1000 plugins/sudoers/sudoreplay.c:1127 +msgid "unable to add event to queue" +msgstr "kan inte lägga till händelse till kö" + +#: logsrvd/logsrvd.c:1407 plugins/sudoers/iolog_client.c:378 +#, c-format +msgid "Unable to attach user data to the ssl object: %s" +msgstr "Kan inte fästa användardata på ssl-objektet: %s" + +#: logsrvd/logsrvd.c:1443 plugins/sudoers/iolog_client.c:1596 +#: plugins/sudoers/iolog_client.c:1604 +msgid "unable to get remote IP addr" +msgstr "kan inte hämta fjärr-IP-adress" + +#: logsrvd/logsrvd.c:1692 logsrvd/sendlog.c:113 +#, c-format +msgid "" +"%s - send sudo I/O log to remote server\n" +"\n" +msgstr "" +"%s - skicka sudo I/O-logg till fjärrserver\n" +"\n" + +#: logsrvd/logsrvd.c:1695 +msgid "" +"\n" +"Options:\n" +" -f, --file path to configuration file\n" +" -h --help display help message and exit\n" +" -n, --no-fork do not fork, run in the foreground\n" +" -R, --random-drop percent chance connections will drop\n" +" -V, --version display version information and exit\n" +msgstr "" +"\n" +"Flaggor:\n" +" -f, --file sökväg till konfigurationsfil\n" +" -h --help visa hjälptext och avslutan\n" +" -n, --no-fork grena inte, kör i förgrunden\n" +" -R, --random-drop antal procents chans att anslutningar bryts\n" +" -V, --version visa versionsinformation och avsluta\n" + +#: logsrvd/logsrvd.c:1747 logsrvd/sendlog.c:1513 +msgid "Protobuf-C version 1.3 or higher required" +msgstr "Protobuf-C version 1.3 eller högre krävs" + +#: logsrvd/logsrvd.c:1765 +#, c-format +msgid "invalid random drop value: %s" +msgstr "ogiltig slumpmässigt avbrottsvärde: %s" + +#: logsrvd/logsrvd.c:1769 logsrvd/sendlog.c:1551 +#: plugins/sudoers/cvtsudoers.c:233 plugins/sudoers/sudoreplay.c:302 +#: plugins/sudoers/visudo.c:184 +#, c-format +msgid "%s version %s\n" +msgstr "%s version %s\n" + +#: logsrvd/logsrvd_conf.c:688 +#, c-format +msgid "%s: not a fully qualified path" +msgstr "%s: inte fullständigt kvalificerad sökväg" + +#: logsrvd/logsrvd_conf.c:802 +#, c-format +msgid "%s:%d unmatched '[': %s" +msgstr "%s:%d omatchad ”[”: %s" + +#: logsrvd/logsrvd_conf.c:813 +#, c-format +msgid "%s:%d invalid config section: %s" +msgstr "%s:%d ogiltigt konfigurationsavsnitt: %s" + +#: logsrvd/logsrvd_conf.c:821 +#, c-format +msgid "%s:%d invalid configuration line: %s" +msgstr "%s:%d ogiltig konfigurationsrad: %s" + +#: logsrvd/logsrvd_conf.c:827 +#, c-format +msgid "%s:%d expected section name: %s" +msgstr "%s:%d förväntat avsnittsnamn: %s" + +#: logsrvd/logsrvd_conf.c:841 +#, c-format +msgid "invalid value for %s: %s" +msgstr "ogiltigt värde för %s: %s" + +#: logsrvd/logsrvd_conf.c:849 +#, c-format +msgid "%s:%d unknown key: %s" +msgstr "%s:%d okänd nyckel: %s" + +#: logsrvd/logsrvd_conf.c:977 +#, c-format +msgid "unknown syslog facility %s" +msgstr "okänd syslog-funktionalitet: %s" + +#: logsrvd/logsrvd_conf.c:981 logsrvd/logsrvd_conf.c:985 +#: logsrvd/logsrvd_conf.c:989 +#, c-format +msgid "unknown syslog priority %s" +msgstr "okänd syslog-prioritet: %s" + +#: logsrvd/sendlog.c:116 +msgid "" +"\n" +"Options:\n" +" --help display help message and exit\n" +" -h, --host host to send logs to\n" +" -i, --iolog_id remote ID of I/O log to be resumed\n" +" -p, --port port to use when connecting to host\n" +" -r, --restart restart previous I/O log transfer\n" +" -t, --test test audit server by sending selected I/O log n times in parallel\n" +" -b, --ca-bundle certificate bundle file to verify server's cert against\n" +" -c, --cert certificate file for TLS handshake\n" +" -k, --key private key file\n" +" -V, --version display version information and exit\n" +msgstr "" +"\n" +"Flaggor:\n" +" --help visa hjälpmeddelande och avsluta\n" +" -h, --host värd att skicka loggar till\n" +" -i, --iolog_id fjärr-ID för I/O-logg som ska återupptas\n" +" -p, --port port att använda vid anslutning till värd\n" +" -r, --restart start om förgående överföring av I/O-logg\n" +" -t, --test testa granskningsserver genom att skicka valda I/O-loggmeddelanden parallellt n gånger\n" +" -b, --ca-bundle certifikatknippesfil att verifiera serverns certifikat mot\n" +" -c, --cert certifikatfil för TLS-handskakning\n" +" -k, --key privat nyckelfil\n" +" -V, --version visa versionsinformation och avsluta\n" + +#: logsrvd/sendlog.c:216 plugins/sudoers/iolog_client.c:409 +msgid "TLS handshake timeout occurred" +msgstr "Tidsgräns för TLS-handskakning uppnådd" + +#: logsrvd/sendlog.c:237 logsrvd/sendlog.c:252 +#: plugins/sudoers/iolog_client.c:430 plugins/sudoers/iolog_client.c:446 +msgid "unable to set event" +msgstr "kan inte ställa in händelse" + +#: logsrvd/sendlog.c:262 +#, c-format +msgid "SSL_connect failed: ssl_error=%d, stack=%s\n" +msgstr "SSL_connect misslyckades: ssl_error=%d, stack=%s\n" + +#: logsrvd/sendlog.c:294 plugins/sudoers/iolog_client.c:115 +#: plugins/sudoers/iolog_client.c:495 plugins/sudoers/iolog_client.c:1065 +#: plugins/sudoers/iolog_client.c:1671 +msgid "error in event loop" +msgstr "fel i händelseloop" + +#: logsrvd/sendlog.c:311 +msgid "CA bundle file was not specified" +msgstr "Fil för CA-knippe angavis inte" + +#: logsrvd/sendlog.c:315 +msgid "Client certificate was not specified" +msgstr "Klientcertifikat angavs inte" + +#: logsrvd/sendlog.c:319 +#, c-format +msgid "Unable to initialize ssl context: %s" +msgstr "Kan inte initiera ssl-kontext: %s" + +#: logsrvd/sendlog.c:324 +#, c-format +msgid "Unable to allocate ssl object: %s\n" +msgstr "Kan inte allokera ssl-objekt: %s\n" + +#: logsrvd/sendlog.c:329 +#, c-format +msgid "Unable to attach socket to the ssl object: %s\n" +msgstr "Kan inte fästa kontakt på ssl-objektet: %s\n" + +#: logsrvd/sendlog.c:367 plugins/sudoers/iolog_client.c:150 +#, c-format +msgid "unable to look up %s:%s: %s" +msgstr "kan inte slå upp %s:%s: %s" + +#: logsrvd/sendlog.c:522 plugins/sudoers/sudoreplay.c:815 +#, c-format +msgid "unable to read %s/%s: %s" +msgstr "kan inte läsa %s/%s: %s" + +#: logsrvd/sendlog.c:543 +#, c-format +msgid "client message too large: %zu\n" +msgstr "klientmeddelande för stort: %zu\n" + +#: logsrvd/sendlog.c:941 +#, c-format +msgid "%s: write buffer already in use" +msgstr "%s: skrivbuffert används redan" + +#: logsrvd/sendlog.c:993 plugins/sudoers/iolog.c:824 +#: plugins/sudoers/iolog.c:893 +#, c-format +msgid "unexpected I/O event %d" +msgstr "oväntad I/O-händelse %d" + +#: logsrvd/sendlog.c:1025 logsrvd/sendlog.c:1042 logsrvd/sendlog.c:1092 +#: plugins/sudoers/iolog_client.c:1037 plugins/sudoers/iolog_client.c:1090 +#: plugins/sudoers/iolog_client.c:1151 +#, c-format +msgid "%s: unexpected state %d" +msgstr "%s: oväntat tillstånd %d" + +#: logsrvd/sendlog.c:1048 plugins/sudoers/iolog_client.c:1096 +msgid "invalid ServerHello" +msgstr "ogiltigt ServerHello" + +#: logsrvd/sendlog.c:1130 plugins/sudoers/iolog_client.c:1195 +#, c-format +msgid "error message received from server: %s" +msgstr "felmeddelande mottaget från server: %s" + +#: logsrvd/sendlog.c:1143 plugins/sudoers/iolog_client.c:1208 +#, c-format +msgid "abort message received from server: %s" +msgstr "avbrottsmeddelande mottaget från server: %s" + +#: logsrvd/sendlog.c:1162 plugins/sudoers/iolog_client.c:1227 +msgid "unable to unpack ServerMessage" +msgstr "kan inte packa upp ServerMessage" + +#: logsrvd/sendlog.c:1207 plugins/sudoers/iolog_client.c:1260 +#, c-format +msgid "%s: unexpected type_case value %d" +msgstr "%s: oväntat type_case-värde %d" + +#: logsrvd/sendlog.c:1291 +msgid "premature EOF" +msgstr "oväntad EOF" + +#: logsrvd/sendlog.c:1304 +#, c-format +msgid "server message too large: %u\n" +msgstr "servermeddelande för långt: %u\n" + +#: logsrvd/sendlog.c:1569 +msgid "both restart point and iolog ID must be specified" +msgstr "både omstartspunkt och iolog-ID måste anges" + +#: logsrvd/sendlog.c:1636 +#, c-format +msgid "exited prematurely with state %d" +msgstr "avslutade oväntat i tillstånd %d" + +#: logsrvd/sendlog.c:1637 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "förfluten tid skickad till server[%lld, %ld]" + +#: logsrvd/sendlog.c:1639 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "incheckningspunkt mottagen från server [%lld, %ld]" + #: plugins/sudoers/alias.c:151 #, c-format msgid "Alias \"%s\" already defined" msgstr "Aliaset ”%s” är redan definierat" -#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:801 +#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:792 msgid "unable to fork" msgstr "kunde inte grena process" @@ -363,33 +816,33 @@ msgid "unable to initialize PAM: %s" msgstr "kunde inte initiera PAM: %s" -#: plugins/sudoers/auth/pam.c:319 +#: plugins/sudoers/auth/pam.c:322 #, c-format msgid "PAM authentication error: %s" msgstr "PAM-autentiseringsfel: %s" -#: plugins/sudoers/auth/pam.c:338 +#: plugins/sudoers/auth/pam.c:341 msgid "account validation failure, is your account locked?" msgstr "kontovalidering misslyckades. Är ditt konto låst?" -#: plugins/sudoers/auth/pam.c:349 +#: plugins/sudoers/auth/pam.c:352 msgid "Account or password is expired, reset your password and try again" msgstr "Kontot eller lösenordet har gått ut. Återställ ditt lösenord och försök igen" -#: plugins/sudoers/auth/pam.c:355 +#: plugins/sudoers/auth/pam.c:358 #, c-format msgid "unable to change expired password: %s" msgstr "kunde inte ändra utgånget lösenord: %s" -#: plugins/sudoers/auth/pam.c:366 +#: plugins/sudoers/auth/pam.c:369 msgid "Password expired, contact your system administrator" msgstr "Lösenordet har gått ut. Kontakta din systemadministratör" -#: plugins/sudoers/auth/pam.c:371 +#: plugins/sudoers/auth/pam.c:374 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Konto utgånget eller så saknar PAM-konfigurationen ett ”account”-avsnitt för sudo, kontakta din systemadministratör" -#: plugins/sudoers/auth/pam.c:379 plugins/sudoers/auth/pam.c:384 +#: plugins/sudoers/auth/pam.c:382 plugins/sudoers/auth/pam.c:387 #, c-format msgid "PAM account management error: %s" msgstr "Fel vid hantering av PAM-konto: %s" @@ -467,7 +920,7 @@ msgid "unable to commit audit record" msgstr "kunde inte bekräfta granskningsberättelse" -#: plugins/sudoers/check.c:269 +#: plugins/sudoers/check.c:264 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -487,15 +940,16 @@ " #3) Med stor makt kommer ett stort ansvar.\n" "\n" -#: plugins/sudoers/check.c:312 plugins/sudoers/check.c:322 -#: plugins/sudoers/sudoers.c:700 plugins/sudoers/sudoers.c:748 +#: plugins/sudoers/check.c:307 plugins/sudoers/check.c:317 +#: plugins/sudoers/sudoers.c:778 plugins/sudoers/sudoers.c:826 #: plugins/sudoers/tsdump.c:126 #, c-format msgid "unknown uid: %u" msgstr "okänt uid: %u" -#: plugins/sudoers/check.c:317 plugins/sudoers/iolog.c:255 -#: plugins/sudoers/policy.c:921 plugins/sudoers/sudoers.c:1163 +#: plugins/sudoers/check.c:312 plugins/sudoers/iolog.c:121 +#: plugins/sudoers/policy.c:1034 plugins/sudoers/sudoers.c:391 +#: plugins/sudoers/sudoers.c:393 plugins/sudoers/sudoers.c:1255 #: plugins/sudoers/testsudoers.c:227 plugins/sudoers/testsudoers.c:400 #, c-format msgid "unknown user: %s" @@ -516,12 +970,6 @@ msgid "order padding: %s: %s" msgstr "ordningsutfyllnad: %s: %s" -#: plugins/sudoers/cvtsudoers.c:233 plugins/sudoers/sudoreplay.c:289 -#: plugins/sudoers/visudo.c:184 -#, c-format -msgid "%s version %s\n" -msgstr "%s version %s\n" - #: plugins/sudoers/cvtsudoers.c:235 plugins/sudoers/visudo.c:186 #, c-format msgid "%s grammar version %d\n" @@ -542,7 +990,7 @@ msgid "%s: input and output files must be different" msgstr "%s: in- och utmatningsfiler måste vara olika" -#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:176 +#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:185 #: plugins/sudoers/testsudoers.c:266 plugins/sudoers/visudo.c:254 #: plugins/sudoers/visudo.c:610 plugins/sudoers/visudo.c:933 msgid "unable to initialize sudoers default values" @@ -574,12 +1022,10 @@ msgstr "ogiltigt filter: %s" #: plugins/sudoers/cvtsudoers.c:622 plugins/sudoers/cvtsudoers.c:639 -#: plugins/sudoers/cvtsudoers.c:1245 plugins/sudoers/cvtsudoers_json.c:1130 -#: plugins/sudoers/cvtsudoers_ldif.c:643 plugins/sudoers/iolog.c:413 -#: plugins/sudoers/iolog_util.c:75 plugins/sudoers/sudoers.c:914 -#: plugins/sudoers/sudoreplay.c:338 plugins/sudoers/sudoreplay.c:1431 -#: plugins/sudoers/timestamp.c:448 plugins/sudoers/tsdump.c:135 -#: plugins/sudoers/visudo.c:929 +#: plugins/sudoers/cvtsudoers.c:1249 plugins/sudoers/cvtsudoers_json.c:868 +#: plugins/sudoers/cvtsudoers_ldif.c:683 plugins/sudoers/sudoers.c:1001 +#: plugins/sudoers/sudoreplay.c:1391 plugins/sudoers/timestamp.c:448 +#: plugins/sudoers/tsdump.c:135 plugins/sudoers/visudo.c:929 #, c-format msgid "unable to open %s" msgstr "kunde inte öppna %s" @@ -599,14 +1045,13 @@ msgid "parse error in %s\n" msgstr "tolkningsfel i %s\n" -#: plugins/sudoers/cvtsudoers.c:1292 plugins/sudoers/iolog.c:500 -#: plugins/sudoers/sudoreplay.c:1135 plugins/sudoers/timestamp.c:332 -#: plugins/sudoers/timestamp.c:335 +#: plugins/sudoers/cvtsudoers.c:1296 plugins/sudoers/sudoreplay.c:1088 +#: plugins/sudoers/timestamp.c:332 plugins/sudoers/timestamp.c:335 #, c-format msgid "unable to write to %s" msgstr "kunde inte skriva till %s" -#: plugins/sudoers/cvtsudoers.c:1315 +#: plugins/sudoers/cvtsudoers.c:1319 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -615,7 +1060,7 @@ "%s - konvertera mellan sudoers filformat\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1317 +#: plugins/sudoers/cvtsudoers.c:1321 msgid "" "\n" "Options:\n" @@ -645,7 +1090,7 @@ " -f, --output-format=format ställ in utmatningsformat: JSON, LDIF eller sudoers\n" " -i, --input-format=format ställ in inmatningsformat: LDIF eller sudoers\n" " -I, --increment=ant antal att öka varje sudoOrder med\n" -" -h, --help visa hjälpmeddelande och avslut\n" +" -h, --help visa hjälpmeddelande och avsluta\n" " -m, --match=filter konvertera endast poster som matchar filtret\n" " -M, --match-local filtermatchning använder passwd och gruppdatabaser\n" " -o, --output=utmatningsfil skriv konverterad sudoers till utmatningsfil\n" @@ -655,43 +1100,30 @@ " -s, --suppress=avsnitt undertryck utmatning av vissa avsnitt\n" " -V, --version visa versionsinformation och avsluta" -#: plugins/sudoers/cvtsudoers_json.c:684 plugins/sudoers/cvtsudoers_json.c:720 -#: plugins/sudoers/cvtsudoers_json.c:938 +#: plugins/sudoers/cvtsudoers_json.c:487 plugins/sudoers/cvtsudoers_json.c:521 +#: plugins/sudoers/cvtsudoers_json.c:709 #, c-format msgid "unknown defaults entry \"%s\"" msgstr "okänd standardpost ”%s”" -#: plugins/sudoers/cvtsudoers_json.c:858 plugins/sudoers/cvtsudoers_json.c:873 -#: plugins/sudoers/cvtsudoers_ldif.c:308 plugins/sudoers/cvtsudoers_ldif.c:319 +#: plugins/sudoers/cvtsudoers_json.c:647 plugins/sudoers/cvtsudoers_json.c:660 +#: plugins/sudoers/cvtsudoers_ldif.c:348 plugins/sudoers/cvtsudoers_ldif.c:359 #: plugins/sudoers/ldap.c:482 msgid "unable to get GMT time" msgstr "kunde inte få GMT-tid" -#: plugins/sudoers/cvtsudoers_json.c:861 plugins/sudoers/cvtsudoers_json.c:876 -#: plugins/sudoers/cvtsudoers_ldif.c:311 plugins/sudoers/cvtsudoers_ldif.c:322 +#: plugins/sudoers/cvtsudoers_json.c:650 plugins/sudoers/cvtsudoers_json.c:663 +#: plugins/sudoers/cvtsudoers_ldif.c:351 plugins/sudoers/cvtsudoers_ldif.c:362 #: plugins/sudoers/ldap.c:488 msgid "unable to format timestamp" msgstr "kunde inte formatera tidsstämpel" -#: plugins/sudoers/cvtsudoers_ldif.c:526 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:337 plugins/sudoers/env.c:442 -#: plugins/sudoers/ldap.c:496 plugins/sudoers/ldap.c:727 -#: plugins/sudoers/ldap.c:1060 plugins/sudoers/ldap_conf.c:227 -#: plugins/sudoers/ldap_conf.c:317 plugins/sudoers/linux_audit.c:89 -#: plugins/sudoers/logging.c:1105 plugins/sudoers/policy.c:625 -#: plugins/sudoers/policy.c:635 plugins/sudoers/prompt.c:168 -#: plugins/sudoers/sudoers.c:852 plugins/sudoers/testsudoers.c:257 -#: plugins/sudoers/toke_util.c:161 -#, c-format -msgid "internal error, %s overflow" -msgstr "internt fel, %s spill" - -#: plugins/sudoers/cvtsudoers_ldif.c:595 +#: plugins/sudoers/cvtsudoers_ldif.c:635 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "för många sudoers-poster, maximalt %u" -#: plugins/sudoers/cvtsudoers_ldif.c:638 +#: plugins/sudoers/cvtsudoers_ldif.c:678 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "miljövariabeln SUDOERS_BASE är inte satt och flaggan -b angavs inte." @@ -1100,8 +1532,8 @@ #: plugins/sudoers/def_data.c:406 #, c-format -msgid "Maximum I/O log sequence number: %u" -msgstr "Största sekvensnummer i I/O-logg: %u" +msgid "Maximum I/O log sequence number: %s" +msgstr "Största sekvensnummer i I/O-logg: %s" #: plugins/sudoers/def_data.c:410 msgid "Enable sudoers netgroup support" @@ -1211,62 +1643,106 @@ msgid "Log when a command is denied by sudoers" msgstr "Logga när ett kommando nekas av sudoers" -#: plugins/sudoers/defaults.c:231 +#: plugins/sudoers/def_data.c:510 +msgid "Sudo log server(s) to connect to with optional port" +msgstr "Sudo log sevrar att ansluta till med valfri port" + +#: plugins/sudoers/def_data.c:514 +#, c-format +msgid "Sudo log server timeout in seconds: %u" +msgstr "Tidsgräns för sudo loggserver i sekunder: %u" + +#: plugins/sudoers/def_data.c:518 +msgid "Enable SO_KEEPALIVE socket option on the socket connected to the logserver" +msgstr "Aktivera SO_KEEPALIVE-kontaktalternativ på kontakten ansluten till loggservern" + +#: plugins/sudoers/def_data.c:522 +#, c-format +msgid "Path to the audit server's CA bundle file: %s" +msgstr "Sökväg till granskningsserverns CA-knippesfil: %s" + +#: plugins/sudoers/def_data.c:526 +#, c-format +msgid "Path to the sudoers certificate file: %s" +msgstr "Sökväg till sudoers certifikatfil: %s" + +#: plugins/sudoers/def_data.c:530 +#, c-format +msgid "Path to the sudoers private key file: %s" +msgstr "Sökväg till sudoers privata nyckelfil: %s" + +#: plugins/sudoers/def_data.c:534 +msgid "Allow the use of unknown runas user and/or group ID" +msgstr "Tillåt användningen av okänd runas-användare och/eller grupp-ID" + +#: plugins/sudoers/def_data.c:538 +msgid "Only permit running commands as a user with a valid shell" +msgstr "Tillåt endast körning av kommandon som en användare med ett giltigt skal" + +#: plugins/sudoers/def_data.c:542 +msgid "Set the pam remote user to the user running sudo" +msgstr "Ställ in pam-fjärranvändaren för användaren som kör sudo" + +#: plugins/sudoers/def_data.c:546 +msgid "Set the pam remote host to the local host name" +msgstr "Ställ in pam-fjärrvärden till det lokala värdnamnet" + +#: plugins/sudoers/defaults.c:190 #, c-format msgid "%s:%d unknown defaults entry \"%s\"" msgstr "%s:%d okänd standardpost ”%s”" -#: plugins/sudoers/defaults.c:234 +#: plugins/sudoers/defaults.c:193 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "%s: okänd standardpost ”%s”" -#: plugins/sudoers/defaults.c:277 +#: plugins/sudoers/defaults.c:236 #, c-format msgid "%s:%d no value specified for \"%s\"" msgstr "%s:%d inget värde angivet för ”%s”" -#: plugins/sudoers/defaults.c:280 +#: plugins/sudoers/defaults.c:239 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "%s: inget värde angivet för ”%s”" -#: plugins/sudoers/defaults.c:300 +#: plugins/sudoers/defaults.c:259 #, c-format msgid "%s:%d values for \"%s\" must start with a '/'" msgstr "%s:%d värden för ”%s” måste börja med ett ”/”" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:262 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s: värden för ”%s” måste börja med ett ”/”" -#: plugins/sudoers/defaults.c:325 +#: plugins/sudoers/defaults.c:284 #, c-format msgid "%s:%d option \"%s\" does not take a value" msgstr "%s:%d flaggan ”%s” tar inte emot något värde" -#: plugins/sudoers/defaults.c:328 +#: plugins/sudoers/defaults.c:287 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s: flaggan ”%s” tar inte emot något värde" -#: plugins/sudoers/defaults.c:353 +#: plugins/sudoers/defaults.c:312 #, c-format msgid "%s:%d invalid Defaults type 0x%x for option \"%s\"" msgstr "%s:%d ogiltig standardtyp 0x%x för flagga ”%s”" -#: plugins/sudoers/defaults.c:356 +#: plugins/sudoers/defaults.c:315 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s: ogiltig standardtyp 0x%x för flagga ”%s”" -#: plugins/sudoers/defaults.c:366 +#: plugins/sudoers/defaults.c:325 #, c-format msgid "%s:%d value \"%s\" is invalid for option \"%s\"" msgstr "%s:%d värdet ”%s” är ogiltigt för flaggan ”%s”" -#: plugins/sudoers/defaults.c:369 +#: plugins/sudoers/defaults.c:328 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s: värdet ”%s” är ogiltigt för flaggan ”%s”" @@ -1275,11 +1751,11 @@ msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: trasig envp, längd stämmer inte" -#: plugins/sudoers/env.c:1132 +#: plugins/sudoers/env.c:1133 msgid "unable to rebuild the environment" msgstr "kan inte återuppbygga miljön" -#: plugins/sudoers/env.c:1206 +#: plugins/sudoers/env.c:1207 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "du får inte lov att ställa in följande miljövariabler: %s" @@ -1304,27 +1780,27 @@ msgid "%s: read error" msgstr "%s: läsfel" -#: plugins/sudoers/group_plugin.c:90 +#: plugins/sudoers/group_plugin.c:91 #, c-format msgid "%s must be owned by uid %d" msgstr "%s måste ägas av uid %d" -#: plugins/sudoers/group_plugin.c:94 +#: plugins/sudoers/group_plugin.c:95 #, c-format msgid "%s must only be writable by owner" msgstr "%s får endast vara skrivbar av ägaren" -#: plugins/sudoers/group_plugin.c:102 plugins/sudoers/sssd.c:562 +#: plugins/sudoers/group_plugin.c:104 plugins/sudoers/sssd.c:562 #, c-format msgid "unable to load %s: %s" msgstr "kan inte läsa in %s: %s" -#: plugins/sudoers/group_plugin.c:108 +#: plugins/sudoers/group_plugin.c:110 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "kunde inte hitta symbolen ”group_plugin” i %s" -#: plugins/sudoers/group_plugin.c:113 +#: plugins/sudoers/group_plugin.c:115 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: inkompatibel gruppinsticksmodul huvudversion %d, förväntade %d" @@ -1343,87 +1819,143 @@ msgid "Local IP address and netmask pairs:\n" msgstr "Lokala IP-adress- och nätmaskpar:\n" -#: plugins/sudoers/iolog.c:117 plugins/sudoers/mkdir_parents.c:82 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s finns men är inte en katalog (0%o)" - -#: plugins/sudoers/iolog.c:142 plugins/sudoers/iolog.c:182 -#: plugins/sudoers/mkdir_parents.c:71 plugins/sudoers/timestamp.c:212 -#, c-format -msgid "unable to mkdir %s" -msgstr "kunde inte skapa katalogen %s" - -#: plugins/sudoers/iolog.c:186 plugins/sudoers/visudo.c:739 -#: plugins/sudoers/visudo.c:750 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "kan inte ändra läge för %s till 0%o" - -#: plugins/sudoers/iolog.c:294 plugins/sudoers/sudoers.c:1194 +#: plugins/sudoers/iolog.c:146 plugins/sudoers/sudoers.c:398 +#: plugins/sudoers/sudoers.c:400 plugins/sudoers/sudoers.c:1289 #: plugins/sudoers/testsudoers.c:424 #, c-format msgid "unknown group: %s" msgstr "okänd grupp: %s" -#: plugins/sudoers/iolog.c:464 plugins/sudoers/sudoers.c:918 -#: plugins/sudoers/sudoreplay.c:846 plugins/sudoers/sudoreplay.c:1542 -#: plugins/sudoers/tsdump.c:145 +#: plugins/sudoers/iolog.c:505 plugins/sudoers/iolog.c:788 +#: plugins/sudoers/iolog.c:938 plugins/sudoers/iolog.c:945 +#: plugins/sudoers/iolog.c:1066 plugins/sudoers/iolog.c:1073 +#: plugins/sudoers/iolog.c:1172 plugins/sudoers/iolog.c:1179 #, c-format -msgid "unable to read %s" -msgstr "kunde inte läsa %s" +msgid "unable to write to I/O log file: %s" +msgstr "kunde inte skriva till I/O-loggfil: %s" -#: plugins/sudoers/iolog.c:579 plugins/sudoers/iolog.c:801 -#, c-format -msgid "unable to create %s" -msgstr "kunde inte skapa %s" +#: plugins/sudoers/iolog.c:555 +msgid "unable to update sequence file" +msgstr "kan inte uppdatera sekvensfil" -#: plugins/sudoers/iolog.c:824 plugins/sudoers/iolog.c:1039 -#: plugins/sudoers/iolog.c:1115 plugins/sudoers/iolog.c:1209 -#: plugins/sudoers/iolog.c:1270 +#: plugins/sudoers/iolog.c:594 #, c-format -msgid "unable to write to I/O log file: %s" -msgstr "kunde inte skriva till I/O-loggfil: %s" +msgid "unable to create %s/%s" +msgstr "kan inte skapa %s/%s" -#: plugins/sudoers/iolog.c:1073 +#: plugins/sudoers/iolog.c:622 +msgid "unable to connect to log server" +msgstr "kan inte ansluta till loggserver" + +#: plugins/sudoers/iolog.c:830 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s: internt fel, I/O-loggfil för event %d inte öppen" -#: plugins/sudoers/iolog.c:1233 +#: plugins/sudoers/iolog.c:923 plugins/sudoers/iolog.c:1051 +#: plugins/sudoers/iolog.c:1156 plugins/sudoers/timestamp.c:862 +#: plugins/sudoers/timestamp.c:954 plugins/sudoers/visudo.c:498 +#: plugins/sudoers/visudo.c:504 +msgid "unable to read the clock" +msgstr "kunde inte läsa klockan" + +#: plugins/sudoers/iolog.c:1148 plugins/sudoers/iolog_client.c:862 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "%s: internt fel, ogiltig signal %d" -#: plugins/sudoers/iolog_util.c:90 +#: plugins/sudoers/iolog_client.c:297 #, c-format -msgid "%s: invalid log file" -msgstr "%s: ogiltig loggfil" +msgid "Creation of new SSL_CTX object failed: %s" +msgstr "Skapande av nytt SSL_CTX-objekt misslyckades: %s" + +#: plugins/sudoers/iolog_client.c:320 +msgid "CA bundle file is not set in sudoers" +msgstr "CA-knippesfil inte inställd i sudoers" -#: plugins/sudoers/iolog_util.c:108 +#: plugins/sudoers/iolog_client.c:327 #, c-format -msgid "%s: time stamp field is missing" -msgstr "%s: tidsstämpelfält saknas" +msgid "Calling SSL_CTX_load_verify_locations() failed: %s" +msgstr "Anrop av SSL_CTX_load_verify_locations() misslyckades: %s" + +#: plugins/sudoers/iolog_client.c:339 +msgid "Signed certificate file is not set in sudoers" +msgstr "Signerad certifikatfil inte inställd i sudoers" -#: plugins/sudoers/iolog_util.c:114 +#: plugins/sudoers/iolog_client.c:345 #, c-format -msgid "%s: time stamp %s: %s" -msgstr "%s: tidsstämpel %s: %s" +msgid "Unable to load cert into the ssl context: %s" +msgstr "Kan inte läsa in certifikat in i ssl-kontexten: %s" -#: plugins/sudoers/iolog_util.c:121 +#: plugins/sudoers/iolog_client.c:356 #, c-format -msgid "%s: user field is missing" -msgstr "%s: användarfältet saknas" +msgid "Unable to load private key into the ssl context: %s" +msgstr "Kan inte läsa in privatnyckel in i ssl-kontexten: %s" -#: plugins/sudoers/iolog_util.c:130 +#: plugins/sudoers/iolog_client.c:363 #, c-format -msgid "%s: runas user field is missing" -msgstr "%s: runas-användarfältet saknas" +msgid "Unable to allocate ssl object: %s" +msgstr "Kan inte allokera ssl-objekt: %s" -#: plugins/sudoers/iolog_util.c:139 +#: plugins/sudoers/iolog_client.c:369 #, c-format -msgid "%s: runas group field is missing" -msgstr "%s: runas-gruppfältet saknas" +msgid "Unable to attach socket to the ssl object: %s" +msgstr "Kan inte fästa kontakt på ssl-objektet: %s" + +#: plugins/sudoers/iolog_client.c:457 +#, c-format +msgid "SSL_connect failed: ssl_error=%d, stack=%s" +msgstr "SSL_connect misslyckades: ssl_error=%d, stack=%s" + +#: plugins/sudoers/iolog_client.c:599 +#, c-format +msgid "client message too large: %zu" +msgstr "klientmeddelande för stort: %zu" + +#: plugins/sudoers/iolog_client.c:656 plugins/sudoers/iolog_client.c:844 +msgid "unable to get time of day" +msgstr "kan inte hämta tid på dagen" + +#: plugins/sudoers/iolog_client.c:871 +#, c-format +msgid "%s: internal error, invalid exit status %d" +msgstr "%s: internt fel, ogiltig avslutningskod %d" + +#: plugins/sudoers/iolog_client.c:1104 +msgid "TLS initialization was unsuccessful" +msgstr "TLS-initiering misslyckades" + +#: plugins/sudoers/iolog_client.c:1109 +msgid "TLS handshake was unsuccessful" +msgstr "TLS-handskakning misslyckades" + +#: plugins/sudoers/iolog_client.c:1361 +#, c-format +msgid "SSL_read failed: ssl_error=%d, stack=%s" +msgstr "SSL_read misslyckades: ssl_error=%d, stack=%s" + +#: plugins/sudoers/iolog_client.c:1384 +msgid "lost connection to log server" +msgstr "förlorade kontakten med loggservern" + +#: plugins/sudoers/iolog_client.c:1397 +#, c-format +msgid "server message too large: %u" +msgstr "servermeddelande för långt: %u" + +#: plugins/sudoers/iolog_client.c:1461 +msgid "missing write buffer" +msgstr "saknar skrivbuffert" + +#: plugins/sudoers/iolog_client.c:1486 +#, c-format +msgid "SSL_write failed: ssl_error=%d, stack=%s" +msgstr "SSL_write misslyckades: ssl_error=%d, stack=%s" + +#: plugins/sudoers/iolog_client.c:1610 +#, c-format +msgid "unknown address family: %d" +msgstr "okänd adressfamilj: %d" #: plugins/sudoers/ldap.c:178 plugins/sudoers/ldap_conf.c:296 msgid "starttls not supported when using ldaps" @@ -1448,7 +1980,7 @@ msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls angivet men LDAP-bibliotek har inte stöd för ldap_start_tls_s() eller ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:734 +#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:747 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "ogiltigt sudoOrder-attribut: %s" @@ -1466,7 +1998,7 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "kan inte blanda ldap- och ldaps-URI:er" -#: plugins/sudoers/ldap_util.c:456 plugins/sudoers/ldap_util.c:458 +#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "kunde inte konvertera sudoOption: %s%s%s" @@ -1479,80 +2011,62 @@ msgid "unable to send audit message" msgstr "kan inte skicka granskningsmeddelande" -#: plugins/sudoers/logging.c:120 -#, c-format -msgid "%8s : %s" -msgstr "%8s : %s" - -#: plugins/sudoers/logging.c:148 -#, c-format -msgid "%8s : (command continued) %s" -msgstr "%8s : (kommando fortsätter) %s" - -#: plugins/sudoers/logging.c:177 +#: plugins/sudoers/logging.c:175 #, c-format msgid "unable to open log file: %s" msgstr "kunde inte öppna loggfil: %s" -#: plugins/sudoers/logging.c:185 +#: plugins/sudoers/logging.c:183 #, c-format msgid "unable to lock log file: %s" msgstr "kunde inte låsa loggfil: %s" -#: plugins/sudoers/logging.c:218 +#: plugins/sudoers/logging.c:216 #, c-format msgid "unable to write log file: %s" msgstr "kunde inte skriva till loggfil: %s" -#: plugins/sudoers/logging.c:248 -msgid "No user or host" -msgstr "Ingen användare eller värddator" - -#: plugins/sudoers/logging.c:250 -msgid "validation failure" -msgstr "valideringsfel" - -#: plugins/sudoers/logging.c:261 +#: plugins/sudoers/logging.c:249 msgid "user NOT in sudoers" msgstr "användare finns INTE i sudoers" -#: plugins/sudoers/logging.c:263 +#: plugins/sudoers/logging.c:251 msgid "user NOT authorized on host" msgstr "användaren är INTE auktoriserad på värddatorn" -#: plugins/sudoers/logging.c:265 +#: plugins/sudoers/logging.c:253 msgid "command not allowed" msgstr "kommandot tillåts inte" -#: plugins/sudoers/logging.c:301 +#: plugins/sudoers/logging.c:296 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s finns inte i filen sudoers. Denna incident kommer att rapporteras.\n" -#: plugins/sudoers/logging.c:304 +#: plugins/sudoers/logging.c:299 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s tillåts inte att köra sudo på %s. Denna incident kommer att rapporteras.\n" -#: plugins/sudoers/logging.c:308 +#: plugins/sudoers/logging.c:303 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Tyvärr, användaren %s får inte köra sudo på %s.\n" -#: plugins/sudoers/logging.c:311 +#: plugins/sudoers/logging.c:306 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Tyvärr, användaren %s tillåts inte att köra ”%s%s%s” som %s%s%s på %s.\n" -#: plugins/sudoers/logging.c:348 plugins/sudoers/sudoers.c:442 -#: plugins/sudoers/sudoers.c:444 plugins/sudoers/sudoers.c:446 -#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:603 -#: plugins/sudoers/sudoers.c:605 +#: plugins/sudoers/logging.c:343 plugins/sudoers/sudoers.c:518 +#: plugins/sudoers/sudoers.c:520 plugins/sudoers/sudoers.c:522 +#: plugins/sudoers/sudoers.c:524 plugins/sudoers/sudoers.c:675 +#: plugins/sudoers/sudoers.c:677 #, c-format msgid "%s: command not found" msgstr "%s: kommandot hittades inte" -#: plugins/sudoers/logging.c:350 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/logging.c:345 plugins/sudoers/sudoers.c:514 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -1561,52 +2075,46 @@ "ignorerar ”%s” som hittades i ”.”\n" "Använd ”sudo ./%s” om detta är den ”%s” som du vill köra." -#: plugins/sudoers/logging.c:367 +#: plugins/sudoers/logging.c:362 msgid "authentication failure" msgstr "autentiseringsfel" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:388 msgid "a password is required" msgstr "ett lösenord krävs" -#: plugins/sudoers/logging.c:463 +#: plugins/sudoers/logging.c:458 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u felaktigt lösenordsförsök" msgstr[1] "%u felaktiga lösenordsförsök" -#: plugins/sudoers/logging.c:728 +#: plugins/sudoers/logging.c:722 #, c-format msgid "unable to dup stdin: %m" msgstr "kan inte duplicera stdin: %m" -#: plugins/sudoers/logging.c:768 +#: plugins/sudoers/logging.c:759 #, c-format msgid "unable to execute %s: %m" msgstr "kunde inte köra %s: %m" -#: plugins/sudoers/logging.c:809 plugins/sudoers/logging.c:865 +#: plugins/sudoers/logging.c:800 plugins/sudoers/logging.c:856 #, c-format msgid "unable to fork: %m" msgstr "kunde inte grena process: %m" -#: plugins/sudoers/logging.c:855 +#: plugins/sudoers/logging.c:846 #, c-format msgid "unable to open pipe: %m" msgstr "kunde inte öppna rör: %m" -#: plugins/sudoers/match_digest.c:103 +#: plugins/sudoers/match_digest.c:123 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "kontrollsumma för %s (%s) är inte på %s-form" -#: plugins/sudoers/mkdir_parents.c:77 plugins/sudoers/sudoers.c:943 -#: plugins/sudoers/visudo.c:437 plugins/sudoers/visudo.c:733 -#, c-format -msgid "unable to stat %s" -msgstr "kunde inte ta status på %s" - #: plugins/sudoers/parse.c:449 #, c-format msgid "" @@ -1665,22 +2173,22 @@ msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Användaren %s tillåts inte att köra sudo på %s.\n" -#: plugins/sudoers/parse_ldif.c:604 +#: plugins/sudoers/parse_ldif.c:617 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "hoppar över ofullständig sudoRole: cn: %s" -#: plugins/sudoers/parse_ldif.c:664 +#: plugins/sudoers/parse_ldif.c:677 #, c-format msgid "invalid LDIF attribute: %s" msgstr "ogiltigt LDIF-attribut: %s" -#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:116 +#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:115 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "ogiltigt %.*s inställt av sudo-framände" -#: plugins/sudoers/policy.c:295 plugins/sudoers/testsudoers.c:280 +#: plugins/sudoers/policy.c:294 plugins/sudoers/testsudoers.c:280 msgid "unable to parse network address list" msgstr "kan inte tolka nätverksadresslista" @@ -1700,23 +2208,23 @@ msgid "host name not set by sudo front-end" msgstr "värdnamn inte inställt av sudo-framände" -#: plugins/sudoers/policy.c:808 plugins/sudoers/visudo.c:236 +#: plugins/sudoers/policy.c:897 plugins/sudoers/visudo.c:236 #: plugins/sudoers/visudo.c:867 #, c-format msgid "unable to execute %s" msgstr "kunde inte köra %s" -#: plugins/sudoers/policy.c:939 +#: plugins/sudoers/policy.c:1055 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Sudoers policyinsticksmodul version %s\n" -#: plugins/sudoers/policy.c:941 +#: plugins/sudoers/policy.c:1057 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Sudoers-filgrammatik version %d\n" -#: plugins/sudoers/policy.c:945 +#: plugins/sudoers/policy.c:1061 #, c-format msgid "" "\n" @@ -1725,22 +2233,22 @@ "\n" "Sökväg till sudoers: %s\n" -#: plugins/sudoers/policy.c:948 +#: plugins/sudoers/policy.c:1064 #, c-format msgid "nsswitch path: %s\n" msgstr "Sökväg till nsswitch: %s\n" -#: plugins/sudoers/policy.c:950 +#: plugins/sudoers/policy.c:1066 #, c-format msgid "ldap.conf path: %s\n" msgstr "Sökväg till ldap.conf: %s\n" -#: plugins/sudoers/policy.c:951 +#: plugins/sudoers/policy.c:1067 #, c-format msgid "ldap.secret path: %s\n" msgstr "Sökväg till ldap.secret: %s\n" -#: plugins/sudoers/policy.c:984 +#: plugins/sudoers/policy.c:1100 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "kan inte registrera krok av typ %d (version %d.%d)" @@ -1809,48 +2317,48 @@ msgid "unable to parse gids for %s" msgstr "kan inte tolka gids för %s" -#: plugins/sudoers/set_perms.c:120 plugins/sudoers/set_perms.c:478 -#: plugins/sudoers/set_perms.c:921 plugins/sudoers/set_perms.c:1254 -#: plugins/sudoers/set_perms.c:1573 +#: plugins/sudoers/set_perms.c:120 plugins/sudoers/set_perms.c:447 +#: plugins/sudoers/set_perms.c:850 plugins/sudoers/set_perms.c:1156 +#: plugins/sudoers/set_perms.c:1450 msgid "perm stack overflow" msgstr "perm-stackspill" -#: plugins/sudoers/set_perms.c:128 plugins/sudoers/set_perms.c:409 -#: plugins/sudoers/set_perms.c:486 plugins/sudoers/set_perms.c:788 -#: plugins/sudoers/set_perms.c:929 plugins/sudoers/set_perms.c:1178 -#: plugins/sudoers/set_perms.c:1262 plugins/sudoers/set_perms.c:1506 -#: plugins/sudoers/set_perms.c:1581 plugins/sudoers/set_perms.c:1672 +#: plugins/sudoers/set_perms.c:128 plugins/sudoers/set_perms.c:378 +#: plugins/sudoers/set_perms.c:455 plugins/sudoers/set_perms.c:717 +#: plugins/sudoers/set_perms.c:858 plugins/sudoers/set_perms.c:1080 +#: plugins/sudoers/set_perms.c:1164 plugins/sudoers/set_perms.c:1383 +#: plugins/sudoers/set_perms.c:1458 plugins/sudoers/set_perms.c:1548 msgid "perm stack underflow" msgstr "perm-stackunderspill" -#: plugins/sudoers/set_perms.c:187 plugins/sudoers/set_perms.c:532 -#: plugins/sudoers/set_perms.c:1315 plugins/sudoers/set_perms.c:1614 +#: plugins/sudoers/set_perms.c:187 plugins/sudoers/set_perms.c:501 +#: plugins/sudoers/set_perms.c:1217 plugins/sudoers/set_perms.c:1491 msgid "unable to change to root gid" msgstr "kan inte ändra till root-gid" -#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:629 -#: plugins/sudoers/set_perms.c:1060 plugins/sudoers/set_perms.c:1392 +#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:598 +#: plugins/sudoers/set_perms.c:989 plugins/sudoers/set_perms.c:1294 msgid "unable to change to runas gid" msgstr "kan inte ändra till runas-gid" -#: plugins/sudoers/set_perms.c:283 plugins/sudoers/set_perms.c:634 -#: plugins/sudoers/set_perms.c:1065 plugins/sudoers/set_perms.c:1397 +#: plugins/sudoers/set_perms.c:283 plugins/sudoers/set_perms.c:603 +#: plugins/sudoers/set_perms.c:994 plugins/sudoers/set_perms.c:1299 msgid "unable to set runas group vector" msgstr "kan inte ställa in gruppvektor för runas" -#: plugins/sudoers/set_perms.c:294 plugins/sudoers/set_perms.c:645 -#: plugins/sudoers/set_perms.c:1074 plugins/sudoers/set_perms.c:1406 +#: plugins/sudoers/set_perms.c:294 plugins/sudoers/set_perms.c:614 +#: plugins/sudoers/set_perms.c:1003 plugins/sudoers/set_perms.c:1308 msgid "unable to change to runas uid" msgstr "kan inte ändra till runas-uid" -#: plugins/sudoers/set_perms.c:312 plugins/sudoers/set_perms.c:663 -#: plugins/sudoers/set_perms.c:1090 plugins/sudoers/set_perms.c:1422 +#: plugins/sudoers/set_perms.c:312 plugins/sudoers/set_perms.c:632 +#: plugins/sudoers/set_perms.c:1019 plugins/sudoers/set_perms.c:1324 msgid "unable to change to sudoers gid" msgstr "kan inte ändra till sudoers-gid" -#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 -#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 -#: plugins/sudoers/set_perms.c:1659 +#: plugins/sudoers/set_perms.c:365 plugins/sudoers/set_perms.c:704 +#: plugins/sudoers/set_perms.c:1067 plugins/sudoers/set_perms.c:1370 +#: plugins/sudoers/set_perms.c:1535 msgid "too many processes" msgstr "för många processer" @@ -1883,209 +2391,228 @@ msgid "unable to find symbol \"%s\" in %s" msgstr "kan inte hitta symbol ”%s” i %s" -#: plugins/sudoers/sudoers.c:212 plugins/sudoers/sudoers.c:871 +#: plugins/sudoers/sudoers.c:221 plugins/sudoers/sudoers.c:958 msgid "problem with defaults entries" msgstr "problem med standardposter" -#: plugins/sudoers/sudoers.c:216 +#: plugins/sudoers/sudoers.c:225 msgid "no valid sudoers sources found, quitting" msgstr "inga giltiga sudoers-källor hittades, avslutar" -#: plugins/sudoers/sudoers.c:254 +#: plugins/sudoers/sudoers.c:301 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers anger att root inte tillåts att använda sudo" -#: plugins/sudoers/sudoers.c:312 +#: plugins/sudoers/sudoers.c:361 +msgid "user not allowed to override closefrom limit" +msgstr "användare inte tillåten att åsidosätta closefrom-begränsning" + +#: plugins/sudoers/sudoers.c:362 msgid "you are not permitted to use the -C option" msgstr "du tillåts inte att använda flaggan -C" -#: plugins/sudoers/sudoers.c:359 +#: plugins/sudoers/sudoers.c:426 #, c-format msgid "timestamp owner (%s): No such user" msgstr "tidsstämpelägare (%s): Det finns ingen sådan användare" -#: plugins/sudoers/sudoers.c:374 +#: plugins/sudoers/sudoers.c:441 msgid "no tty" msgstr "ingen tty" -#: plugins/sudoers/sudoers.c:375 +#: plugins/sudoers/sudoers.c:442 msgid "sorry, you must have a tty to run sudo" msgstr "tyvärr, du måste ha en tty för att köra sudo" -#: plugins/sudoers/sudoers.c:437 +#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:450 +#, c-format +msgid "invalid shell for user %s: %s" +msgstr "ogiltigt skal för användare %s: %s" + +#: plugins/sudoers/sudoers.c:513 msgid "command in current directory" msgstr "kommando i aktuell katalog" -#: plugins/sudoers/sudoers.c:456 +#: plugins/sudoers/sudoers.c:532 +msgid "user not allowed to set a command timeout" +msgstr "användare inte tillåten att ställa in en tidsgräns för kommandon" + +#: plugins/sudoers/sudoers.c:533 msgid "sorry, you are not allowed set a command timeout" msgstr "tyvärr, du tillåts inte att ställa in en tidsgräns för kommandon" -#: plugins/sudoers/sudoers.c:464 +#: plugins/sudoers/sudoers.c:541 +msgid "user not allowed to set a preserve the environment" +msgstr "användare inte tillåten att ställa in att behålla miljön" + +#: plugins/sudoers/sudoers.c:542 msgid "sorry, you are not allowed to preserve the environment" msgstr "tyvärr, du tillåts inte att behålla miljövariabler" -#: plugins/sudoers/sudoers.c:815 +#: plugins/sudoers/sudoers.c:893 msgid "command too long" msgstr "kommandot för långt" -#: plugins/sudoers/sudoers.c:947 +#: plugins/sudoers/sudoers.c:951 +msgid "sudoedit doesn't need to be run via sudo" +msgstr "sudoedit behöver inte köras via sudo" + +#: plugins/sudoers/sudoers.c:1005 plugins/sudoers/sudoreplay.c:1502 +#: plugins/sudoers/tsdump.c:145 +#, c-format +msgid "unable to read %s" +msgstr "kunde inte läsa %s" + +#: plugins/sudoers/sudoers.c:1030 plugins/sudoers/visudo.c:437 +#: plugins/sudoers/visudo.c:733 +#, c-format +msgid "unable to stat %s" +msgstr "kunde inte ta status på %s" + +#: plugins/sudoers/sudoers.c:1034 #, c-format msgid "%s is not a regular file" msgstr "%s är inte en vanlig fil" -#: plugins/sudoers/sudoers.c:951 plugins/sudoers/timestamp.c:259 toke.l:967 +#: plugins/sudoers/sudoers.c:1038 plugins/sudoers/timestamp.c:259 toke.l:967 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s ägs av uid %u, ska vara %u" -#: plugins/sudoers/sudoers.c:955 toke.l:972 +#: plugins/sudoers/sudoers.c:1042 toke.l:972 #, c-format msgid "%s is world writable" msgstr "%s är skrivbar för alla" -#: plugins/sudoers/sudoers.c:959 toke.l:975 +#: plugins/sudoers/sudoers.c:1046 toke.l:975 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s ägs av gid %u, ska vara %u" -#: plugins/sudoers/sudoers.c:992 +#: plugins/sudoers/sudoers.c:1079 #, c-format msgid "only root can use \"-c %s\"" msgstr "endast root kan använda ”-c %s”" -#: plugins/sudoers/sudoers.c:1011 +#: plugins/sudoers/sudoers.c:1098 #, c-format msgid "unknown login class: %s" msgstr "okänd inloggningsklass: %s" -#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoers.c:1110 +#: plugins/sudoers/sudoers.c:1183 plugins/sudoers/sudoers.c:1198 #, c-format msgid "unable to resolve host %s" msgstr "kunde inte slå upp värddatorn %s" -#: plugins/sudoers/sudoreplay.c:250 +#: plugins/sudoers/sudoreplay.c:263 #, c-format msgid "invalid filter option: %s" msgstr "ogiltig filterflagga: %s" -#: plugins/sudoers/sudoreplay.c:263 +#: plugins/sudoers/sudoreplay.c:276 #, c-format msgid "invalid max wait: %s" msgstr "ogiltig största väntan: %s" -#: plugins/sudoers/sudoreplay.c:286 +#: plugins/sudoers/sudoreplay.c:299 #, c-format msgid "invalid speed factor: %s" msgstr "ogiltig hastighetsfaktor: %s" -#: plugins/sudoers/sudoreplay.c:321 +#: plugins/sudoers/sudoreplay.c:335 #, c-format -msgid "%s/%.2s/%.2s/%.2s/timing: %s" -msgstr "%s/%.2s/%.2s/%.2s/tidsmätning: %s" +msgid "%s/%.2s/%.2s/%.2s: %s" +msgstr "%s/%.2s/%.2s/%.2s: %s" -#: plugins/sudoers/sudoreplay.c:326 +#: plugins/sudoers/sudoreplay.c:340 #, c-format msgid "%s/timing: %s" msgstr "%s/tidsmätning: %s" -#: plugins/sudoers/sudoreplay.c:330 +#: plugins/sudoers/sudoreplay.c:344 #, c-format -msgid "%s/%s/timing: %s" -msgstr "%s/%s/tidsmätning: %s" +msgid "%s/%s: %s" +msgstr "%s/%s: %s" -#: plugins/sudoers/sudoreplay.c:346 +#: plugins/sudoers/sudoreplay.c:372 #, c-format msgid "Replaying sudo session: %s" msgstr "Spelar upp sudo-session: %s" -#: plugins/sudoers/sudoreplay.c:544 plugins/sudoers/sudoreplay.c:591 -#: plugins/sudoers/sudoreplay.c:789 plugins/sudoers/sudoreplay.c:898 -#: plugins/sudoers/sudoreplay.c:983 plugins/sudoers/sudoreplay.c:998 -#: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/sudoreplay.c:1012 -#: plugins/sudoers/sudoreplay.c:1019 plugins/sudoers/sudoreplay.c:1026 -#: plugins/sudoers/sudoreplay.c:1174 -msgid "unable to add event to queue" -msgstr "kan inte lägga till händelse till kö" - -#: plugins/sudoers/sudoreplay.c:659 +#: plugins/sudoers/sudoreplay.c:634 msgid "unable to set tty to raw mode" msgstr "kan inte ställa in tty i råläge" -#: plugins/sudoers/sudoreplay.c:710 +#: plugins/sudoers/sudoreplay.c:685 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Varning: din terminal är för liten för att korrekt spela upp loggen.\n" -#: plugins/sudoers/sudoreplay.c:711 +#: plugins/sudoers/sudoreplay.c:686 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Logg-geometri är %d x %d, din terminals geometri är %d x %d." -#: plugins/sudoers/sudoreplay.c:739 +#: plugins/sudoers/sudoreplay.c:714 msgid "Replay finished, press any key to restore the terminal." msgstr "Uppspelning avslutad, tryck på en tangent för att återställa terminalen." -#: plugins/sudoers/sudoreplay.c:772 -#, c-format -msgid "invalid timing file line: %s" -msgstr "ogiltig rad i tidsmätningsfil: %s" - -#: plugins/sudoers/sudoreplay.c:1208 plugins/sudoers/sudoreplay.c:1233 +#: plugins/sudoers/sudoreplay.c:1161 plugins/sudoers/sudoreplay.c:1186 #, c-format msgid "ambiguous expression \"%s\"" msgstr "tvetydigt uttryck ”%s”" -#: plugins/sudoers/sudoreplay.c:1255 +#: plugins/sudoers/sudoreplay.c:1208 msgid "unmatched ')' in expression" msgstr "omatchat ”)” i uttryck" -#: plugins/sudoers/sudoreplay.c:1259 +#: plugins/sudoers/sudoreplay.c:1212 #, c-format msgid "unknown search term \"%s\"" msgstr "okänt sökvillkor ”%s”" -#: plugins/sudoers/sudoreplay.c:1274 +#: plugins/sudoers/sudoreplay.c:1227 #, c-format msgid "%s requires an argument" msgstr "%s kräver ett argument" -#: plugins/sudoers/sudoreplay.c:1277 plugins/sudoers/sudoreplay.c:1518 +#: plugins/sudoers/sudoreplay.c:1230 plugins/sudoers/sudoreplay.c:1478 #, c-format msgid "invalid regular expression: %s" msgstr "ogiltigt reguljärt uttryck: %s" -#: plugins/sudoers/sudoreplay.c:1281 +#: plugins/sudoers/sudoreplay.c:1234 #, c-format msgid "could not parse date \"%s\"" msgstr "kunde inte tolka datumet ”%s”" -#: plugins/sudoers/sudoreplay.c:1290 +#: plugins/sudoers/sudoreplay.c:1243 msgid "unmatched '(' in expression" msgstr "omatchat ”(” i uttryck" -#: plugins/sudoers/sudoreplay.c:1292 +#: plugins/sudoers/sudoreplay.c:1245 msgid "illegal trailing \"or\"" msgstr "ogiltigt avslutande ”or”" -#: plugins/sudoers/sudoreplay.c:1294 +#: plugins/sudoers/sudoreplay.c:1247 msgid "illegal trailing \"!\"" msgstr "ogiltigt efterföljande ”!”" -#: plugins/sudoers/sudoreplay.c:1344 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "unknown search type %d" msgstr "okänd söktyp %d" -#: plugins/sudoers/sudoreplay.c:1611 +#: plugins/sudoers/sudoreplay.c:1569 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "användning: %s [-hnRS] [-d kat] [-m num] [-s num] ID\n" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1572 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "användning: %s [-h] [-d kat] -l [sökuttryck]\n" -#: plugins/sudoers/sudoreplay.c:1623 +#: plugins/sudoers/sudoreplay.c:1581 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2094,7 +2621,7 @@ "%s - spela upp loggar från sudo-session\n" "\n" -#: plugins/sudoers/sudoreplay.c:1625 +#: plugins/sudoers/sudoreplay.c:1583 msgid "" "\n" "Options:\n" @@ -2155,35 +2682,34 @@ msgid "%s is group writable" msgstr "%s är skrivbar för gruppen" -#: plugins/sudoers/timestamp.c:343 +#: plugins/sudoers/timestamp.c:343 plugins/sudoers/timestamp.c:687 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "kunde inte trunkera tidsstämpelfil till %lld byte" -#: plugins/sudoers/timestamp.c:829 plugins/sudoers/timestamp.c:921 -#: plugins/sudoers/visudo.c:498 plugins/sudoers/visudo.c:504 -msgid "unable to read the clock" -msgstr "kunde inte läsa klockan" - -#: plugins/sudoers/timestamp.c:840 +#: plugins/sudoers/timestamp.c:873 msgid "ignoring time stamp from the future" msgstr "ignorerar tidsstämpel från framtiden" -#: plugins/sudoers/timestamp.c:863 +#: plugins/sudoers/timestamp.c:896 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "tidsstämpel är för långt in i framtiden: %20.20s" -#: plugins/sudoers/timestamp.c:985 +#: plugins/sudoers/timestamp.c:1018 #, c-format msgid "unable to lock time stamp file %s" msgstr "kunde inte låsa tidsstämpelfil %s" -#: plugins/sudoers/timestamp.c:1029 plugins/sudoers/timestamp.c:1049 +#: plugins/sudoers/timestamp.c:1062 plugins/sudoers/timestamp.c:1082 #, c-format msgid "lecture status path too long: %s/%s" msgstr "sökväg för lektionsstatus för lång: %s/%s" +#: plugins/sudoers/toke_util.c:132 +msgid "sudoedit should not be specified with a path" +msgstr "sudoedit ska inte anges med en sökväg" + #: plugins/sudoers/visudo.c:232 msgid "the -x option will be removed in a future release" msgstr "flaggan -x kommer att tas bort i en framtida version" @@ -2375,6 +2901,15 @@ msgid "too many levels of includes" msgstr "för många nivåer av inkluderingar" +#~ msgid "No user or host" +#~ msgstr "Ingen användare eller värddator" + +#~ msgid "validation failure" +#~ msgstr "valideringsfel" + +#~ msgid "%s/%s/timing: %s" +#~ msgstr "%s/%s/tidsmätning: %s" + #~ msgid "ignoring invalid attribute value: %s" #~ msgstr "ignorerar ogiltigt attributvärde: %s" @@ -2459,9 +2994,6 @@ #~ msgid "unable to set locale to \"%s\", using \"C\"" #~ msgstr "kunde inte ställa in lokalanpassning till \"%s\", använder \"C\"" -#~ msgid "invalid uri: %s" -#~ msgstr "ogiltig uri: %s" - #~ msgid "unable to mix ldaps and starttls" #~ msgstr "kunde inte blanda ldaps och starttls" @@ -2496,9 +3028,6 @@ #~ msgid "writing to standard output" #~ msgstr "skriver till standard ut" -#~ msgid "invalid regex: %s" -#~ msgstr "ogiltigt reguljärt uttryck: %s" - #~ msgid "internal error, init_vars() overflow" #~ msgstr "internt fel, stackspill i init_vars()" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/plugins/sudoers/po/uk.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/plugins/sudoers/po/uk.mo differ diff -Nru sudo-1.8.31/plugins/sudoers/po/uk.po sudo-1.9.0/plugins/sudoers/po/uk.po --- sudo-1.8.31/plugins/sudoers/po/uk.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/po/uk.po 2020-05-11 16:28:23.000000000 +0000 @@ -1,13 +1,13 @@ # Ukrainian translation for sudoers. # This file is put in the public domain. # -# Yuri Chornoivan , 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019. +# Yuri Chornoivan , 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020. msgid "" msgstr "" -"Project-Id-Version: sudoers 1.8.29rc1\n" +"Project-Id-Version: sudoers 1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-10-24 14:01+0300\n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-03-13 12:50+0200\n" "Last-Translator: Yuri Chornoivan \n" "Language-Team: Ukrainian \n" "Language: uk\n" @@ -16,7 +16,7 @@ "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=4; plural=n==1 ? 3 : n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" -"X-Generator: Lokalize 19.04.0\n" +"X-Generator: Lokalize 20.03.70\n" #: confstr.sh:1 msgid "syntax error" @@ -42,70 +42,75 @@ msgid "Sorry, try again." msgstr "Вибачте, повторіть спробу." -#: gram.y:196 gram.y:244 gram.y:251 gram.y:258 gram.y:265 gram.y:272 -#: gram.y:288 gram.y:312 gram.y:319 gram.y:326 gram.y:333 gram.y:340 -#: gram.y:403 gram.y:412 gram.y:423 gram.y:456 gram.y:463 gram.y:470 -#: gram.y:477 gram.y:559 gram.y:566 gram.y:575 gram.y:584 gram.y:601 -#: gram.y:713 gram.y:720 gram.y:727 gram.y:735 gram.y:835 gram.y:842 -#: gram.y:849 gram.y:856 gram.y:863 gram.y:889 gram.y:896 gram.y:903 -#: gram.y:1026 gram.y:1303 plugins/sudoers/alias.c:132 -#: plugins/sudoers/alias.c:139 plugins/sudoers/alias.c:155 -#: plugins/sudoers/auth/bsdauth.c:148 plugins/sudoers/auth/kerb5.c:123 -#: plugins/sudoers/auth/kerb5.c:149 plugins/sudoers/auth/pam.c:670 -#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/auth/sia.c:64 -#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:165 -#: plugins/sudoers/cvtsudoers.c:182 plugins/sudoers/cvtsudoers.c:193 -#: plugins/sudoers/cvtsudoers.c:305 plugins/sudoers/cvtsudoers.c:433 -#: plugins/sudoers/cvtsudoers.c:566 plugins/sudoers/cvtsudoers.c:583 -#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 -#: plugins/sudoers/cvtsudoers.c:769 plugins/sudoers/cvtsudoers.c:1179 -#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1285 +#: gram.y:198 gram.y:246 gram.y:253 gram.y:260 gram.y:267 gram.y:274 +#: gram.y:290 gram.y:314 gram.y:321 gram.y:328 gram.y:335 gram.y:342 +#: gram.y:405 gram.y:414 gram.y:425 gram.y:458 gram.y:465 gram.y:472 +#: gram.y:479 gram.y:506 gram.y:578 gram.y:585 gram.y:594 gram.y:603 +#: gram.y:620 gram.y:732 gram.y:739 gram.y:747 gram.y:753 gram.y:853 +#: gram.y:860 gram.y:867 gram.y:874 gram.y:881 gram.y:907 gram.y:914 +#: gram.y:921 gram.y:1063 gram.y:1342 lib/iolog/iolog_util.c:79 +#: lib/iolog/iolog_util.c:118 lib/iolog/iolog_util.c:127 +#: lib/iolog/iolog_util.c:137 lib/iolog/iolog_util.c:145 +#: lib/iolog/iolog_util.c:149 logsrvd/eventlog.c:223 logsrvd/sendlog.c:286 +#: plugins/sudoers/alias.c:132 plugins/sudoers/alias.c:139 +#: plugins/sudoers/alias.c:155 plugins/sudoers/auth/bsdauth.c:148 +#: plugins/sudoers/auth/kerb5.c:123 plugins/sudoers/auth/kerb5.c:149 +#: plugins/sudoers/auth/pam.c:673 plugins/sudoers/auth/rfc1938.c:116 +#: plugins/sudoers/auth/sia.c:64 plugins/sudoers/cvtsudoers.c:124 +#: plugins/sudoers/cvtsudoers.c:165 plugins/sudoers/cvtsudoers.c:182 +#: plugins/sudoers/cvtsudoers.c:193 plugins/sudoers/cvtsudoers.c:305 +#: plugins/sudoers/cvtsudoers.c:433 plugins/sudoers/cvtsudoers.c:566 +#: plugins/sudoers/cvtsudoers.c:583 plugins/sudoers/cvtsudoers.c:646 +#: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:769 +#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1187 +#: plugins/sudoers/cvtsudoers.c:1289 plugins/sudoers/cvtsudoers_json.c:83 #: plugins/sudoers/cvtsudoers_ldif.c:154 plugins/sudoers/cvtsudoers_ldif.c:197 -#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:263 -#: plugins/sudoers/cvtsudoers_ldif.c:334 plugins/sudoers/cvtsudoers_ldif.c:389 -#: plugins/sudoers/cvtsudoers_ldif.c:397 plugins/sudoers/cvtsudoers_ldif.c:414 -#: plugins/sudoers/cvtsudoers_ldif.c:423 plugins/sudoers/cvtsudoers_ldif.c:570 -#: plugins/sudoers/defaults.c:666 plugins/sudoers/defaults.c:959 -#: plugins/sudoers/defaults.c:1130 plugins/sudoers/editor.c:72 +#: plugins/sudoers/cvtsudoers_ldif.c:238 plugins/sudoers/cvtsudoers_ldif.c:303 +#: plugins/sudoers/cvtsudoers_ldif.c:374 plugins/sudoers/cvtsudoers_ldif.c:429 +#: plugins/sudoers/cvtsudoers_ldif.c:437 plugins/sudoers/cvtsudoers_ldif.c:454 +#: plugins/sudoers/cvtsudoers_ldif.c:463 plugins/sudoers/cvtsudoers_ldif.c:610 +#: plugins/sudoers/defaults.c:632 plugins/sudoers/defaults.c:925 +#: plugins/sudoers/defaults.c:1058 plugins/sudoers/editor.c:72 #: plugins/sudoers/editor.c:90 plugins/sudoers/editor.c:101 #: plugins/sudoers/env.c:268 plugins/sudoers/filedigest.c:66 #: plugins/sudoers/filedigest.c:82 plugins/sudoers/gc.c:59 -#: plugins/sudoers/group_plugin.c:138 plugins/sudoers/interfaces.c:78 -#: plugins/sudoers/iolog.c:943 plugins/sudoers/iolog_path.c:174 -#: plugins/sudoers/iolog_util.c:86 plugins/sudoers/iolog_util.c:125 -#: plugins/sudoers/iolog_util.c:134 plugins/sudoers/iolog_util.c:144 -#: plugins/sudoers/iolog_util.c:152 plugins/sudoers/iolog_util.c:156 -#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416 -#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887 -#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668 -#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786 -#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022 -#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223 -#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306 -#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446 -#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558 -#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:683 -#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:510 -#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/linux_audit.c:83 -#: plugins/sudoers/logging.c:202 plugins/sudoers/logging.c:532 -#: plugins/sudoers/logging.c:558 plugins/sudoers/logging.c:599 -#: plugins/sudoers/logging.c:740 plugins/sudoers/logging.c:1100 -#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:367 -#: plugins/sudoers/match_command.c:414 plugins/sudoers/match_command.c:485 -#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:200 +#: plugins/sudoers/group_plugin.c:141 plugins/sudoers/interfaces.c:78 +#: plugins/sudoers/iolog.c:476 plugins/sudoers/iolog_client.c:107 +#: plugins/sudoers/iolog_client.c:485 plugins/sudoers/iolog_client.c:593 +#: plugins/sudoers/iolog_client.c:611 plugins/sudoers/iolog_client.c:1053 +#: plugins/sudoers/iolog_client.c:1283 plugins/sudoers/iolog_client.c:1619 +#: plugins/sudoers/iolog_client.c:1647 plugins/sudoers/ldap.c:185 +#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723 +#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241 +#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705 +#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921 +#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038 +#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254 +#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342 +#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461 +#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591 +#: plugins/sudoers/ldap_conf.c:683 plugins/sudoers/ldap_conf.c:765 +#: plugins/sudoers/ldap_util.c:331 plugins/sudoers/ldap_util.c:338 +#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:83 +#: plugins/sudoers/logging.c:200 plugins/sudoers/logging.c:527 +#: plugins/sudoers/logging.c:553 plugins/sudoers/logging.c:594 +#: plugins/sudoers/logging.c:731 plugins/sudoers/logging.c:1091 +#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:397 +#: plugins/sudoers/match_command.c:444 plugins/sudoers/match_command.c:515 +#: plugins/sudoers/match_digest.c:87 plugins/sudoers/parse.c:200 #: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:227 #: plugins/sudoers/parse.c:239 plugins/sudoers/parse_ldif.c:156 #: plugins/sudoers/parse_ldif.c:187 plugins/sudoers/parse_ldif.c:256 #: plugins/sudoers/parse_ldif.c:263 plugins/sudoers/parse_ldif.c:268 #: plugins/sudoers/parse_ldif.c:344 plugins/sudoers/parse_ldif.c:355 -#: plugins/sudoers/parse_ldif.c:361 plugins/sudoers/parse_ldif.c:386 -#: plugins/sudoers/parse_ldif.c:398 plugins/sudoers/parse_ldif.c:402 -#: plugins/sudoers/parse_ldif.c:416 plugins/sudoers/parse_ldif.c:584 -#: plugins/sudoers/parse_ldif.c:614 plugins/sudoers/parse_ldif.c:639 -#: plugins/sudoers/parse_ldif.c:697 plugins/sudoers/parse_ldif.c:714 -#: plugins/sudoers/parse_ldif.c:742 plugins/sudoers/parse_ldif.c:749 -#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:750 +#: plugins/sudoers/parse_ldif.c:382 plugins/sudoers/parse_ldif.c:399 +#: plugins/sudoers/parse_ldif.c:411 plugins/sudoers/parse_ldif.c:415 +#: plugins/sudoers/parse_ldif.c:429 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:627 plugins/sudoers/parse_ldif.c:652 +#: plugins/sudoers/parse_ldif.c:710 plugins/sudoers/parse_ldif.c:727 +#: plugins/sudoers/parse_ldif.c:755 plugins/sudoers/parse_ldif.c:762 +#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:830 #: plugins/sudoers/prompt.c:100 plugins/sudoers/pwutil.c:199 #: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 #: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:586 @@ -115,19 +120,19 @@ #: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 #: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 #: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 -#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 -#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 -#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 -#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 -#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:114 -#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 -#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 -#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 -#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 -#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 -#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:331 plugins/sudoers/sudoers.c:341 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:735 +#: plugins/sudoers/sudoers.c:864 plugins/sudoers/sudoers.c:909 +#: plugins/sudoers/sudoers.c:1213 plugins/sudoers/sudoreplay.c:559 +#: plugins/sudoers/sudoreplay.c:562 plugins/sudoers/sudoreplay.c:1218 +#: plugins/sudoers/sudoreplay.c:1425 plugins/sudoers/sudoreplay.c:1429 +#: plugins/sudoers/testsudoers.c:136 plugins/sudoers/testsudoers.c:236 +#: plugins/sudoers/testsudoers.c:253 plugins/sudoers/testsudoers.c:587 +#: plugins/sudoers/timestamp.c:439 plugins/sudoers/timestamp.c:483 +#: plugins/sudoers/timestamp.c:993 plugins/sudoers/toke_util.c:59 +#: plugins/sudoers/toke_util.c:112 plugins/sudoers/toke_util.c:137 +#: plugins/sudoers/toke_util.c:165 plugins/sudoers/tsdump.c:130 #: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 #: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 #: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 @@ -136,111 +141,116 @@ msgid "unable to allocate memory" msgstr "не вдалося отримати потрібний об’єм пам’яті" -#: gram.y:488 +#: gram.y:500 msgid "a digest requires a path name" msgstr "для контрольної суми слід вказати шлях" -#: gram.y:614 +#: gram.y:633 msgid "invalid notbefore value" msgstr "некоректне значення notbefore" -#: gram.y:622 +#: gram.y:641 msgid "invalid notafter value" msgstr "некоректне значення notafter" -#: gram.y:631 plugins/sudoers/policy.c:320 +#: gram.y:650 plugins/sudoers/policy.c:319 msgid "timeout value too large" msgstr "значення часу очікування є надто великим" -#: gram.y:633 plugins/sudoers/policy.c:322 +#: gram.y:652 plugins/sudoers/policy.c:321 msgid "invalid timeout value" msgstr "некоректне значення часу очікування" -#: gram.y:1303 plugins/sudoers/auth/pam.c:483 plugins/sudoers/auth/pam.c:670 -#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/cvtsudoers.c:124 -#: plugins/sudoers/cvtsudoers.c:164 plugins/sudoers/cvtsudoers.c:181 -#: plugins/sudoers/cvtsudoers.c:192 plugins/sudoers/cvtsudoers.c:304 -#: plugins/sudoers/cvtsudoers.c:432 plugins/sudoers/cvtsudoers.c:565 -#: plugins/sudoers/cvtsudoers.c:582 plugins/sudoers/cvtsudoers.c:646 -#: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:768 -#: plugins/sudoers/cvtsudoers.c:1179 plugins/sudoers/cvtsudoers.c:1183 -#: plugins/sudoers/cvtsudoers.c:1285 plugins/sudoers/cvtsudoers_ldif.c:153 -#: plugins/sudoers/cvtsudoers_ldif.c:196 plugins/sudoers/cvtsudoers_ldif.c:243 -#: plugins/sudoers/cvtsudoers_ldif.c:262 plugins/sudoers/cvtsudoers_ldif.c:333 -#: plugins/sudoers/cvtsudoers_ldif.c:388 plugins/sudoers/cvtsudoers_ldif.c:396 -#: plugins/sudoers/cvtsudoers_ldif.c:413 plugins/sudoers/cvtsudoers_ldif.c:422 -#: plugins/sudoers/cvtsudoers_ldif.c:569 plugins/sudoers/defaults.c:666 -#: plugins/sudoers/defaults.c:959 plugins/sudoers/defaults.c:1130 +#: gram.y:1342 lib/iolog/iolog_util.c:79 lib/iolog/iolog_util.c:118 +#: lib/iolog/iolog_util.c:127 lib/iolog/iolog_util.c:137 +#: lib/iolog/iolog_util.c:145 lib/iolog/iolog_util.c:149 +#: logsrvd/eventlog.c:223 plugins/sudoers/auth/pam.c:486 +#: plugins/sudoers/auth/pam.c:673 plugins/sudoers/auth/rfc1938.c:116 +#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:164 +#: plugins/sudoers/cvtsudoers.c:181 plugins/sudoers/cvtsudoers.c:192 +#: plugins/sudoers/cvtsudoers.c:304 plugins/sudoers/cvtsudoers.c:432 +#: plugins/sudoers/cvtsudoers.c:565 plugins/sudoers/cvtsudoers.c:582 +#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 +#: plugins/sudoers/cvtsudoers.c:768 plugins/sudoers/cvtsudoers.c:1183 +#: plugins/sudoers/cvtsudoers.c:1187 plugins/sudoers/cvtsudoers.c:1289 +#: plugins/sudoers/cvtsudoers_json.c:82 plugins/sudoers/cvtsudoers_ldif.c:153 +#: plugins/sudoers/cvtsudoers_ldif.c:196 plugins/sudoers/cvtsudoers_ldif.c:237 +#: plugins/sudoers/cvtsudoers_ldif.c:302 plugins/sudoers/cvtsudoers_ldif.c:373 +#: plugins/sudoers/cvtsudoers_ldif.c:428 plugins/sudoers/cvtsudoers_ldif.c:436 +#: plugins/sudoers/cvtsudoers_ldif.c:453 plugins/sudoers/cvtsudoers_ldif.c:462 +#: plugins/sudoers/cvtsudoers_ldif.c:609 plugins/sudoers/defaults.c:632 +#: plugins/sudoers/defaults.c:925 plugins/sudoers/defaults.c:1058 #: plugins/sudoers/editor.c:72 plugins/sudoers/editor.c:90 #: plugins/sudoers/editor.c:101 plugins/sudoers/env.c:268 #: plugins/sudoers/filedigest.c:66 plugins/sudoers/filedigest.c:82 -#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:138 -#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:943 -#: plugins/sudoers/iolog_path.c:174 plugins/sudoers/iolog_util.c:86 -#: plugins/sudoers/iolog_util.c:125 plugins/sudoers/iolog_util.c:134 -#: plugins/sudoers/iolog_util.c:144 plugins/sudoers/iolog_util.c:152 -#: plugins/sudoers/iolog_util.c:156 plugins/sudoers/ldap.c:185 -#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420 -#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723 -#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241 -#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705 -#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921 -#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038 -#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254 -#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342 -#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461 -#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591 -#: plugins/sudoers/ldap_conf.c:682 plugins/sudoers/ldap_conf.c:765 -#: plugins/sudoers/ldap_util.c:510 plugins/sudoers/ldap_util.c:567 -#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:202 -#: plugins/sudoers/logging.c:532 plugins/sudoers/logging.c:558 -#: plugins/sudoers/logging.c:598 plugins/sudoers/logging.c:1100 -#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:366 -#: plugins/sudoers/match_command.c:413 plugins/sudoers/match_command.c:485 -#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:199 +#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:140 +#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:476 +#: plugins/sudoers/iolog_client.c:107 plugins/sudoers/iolog_client.c:485 +#: plugins/sudoers/iolog_client.c:593 plugins/sudoers/iolog_client.c:611 +#: plugins/sudoers/iolog_client.c:1053 plugins/sudoers/iolog_client.c:1283 +#: plugins/sudoers/iolog_client.c:1619 plugins/sudoers/iolog_client.c:1647 +#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416 +#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432 +#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887 +#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668 +#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786 +#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022 +#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223 +#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306 +#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446 +#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558 +#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:682 +#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:330 +#: plugins/sudoers/ldap_util.c:337 plugins/sudoers/ldap_util.c:603 +#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:200 +#: plugins/sudoers/logging.c:527 plugins/sudoers/logging.c:553 +#: plugins/sudoers/logging.c:593 plugins/sudoers/logging.c:1091 +#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:396 +#: plugins/sudoers/match_command.c:443 plugins/sudoers/match_command.c:515 +#: plugins/sudoers/match_digest.c:87 plugins/sudoers/parse.c:199 #: plugins/sudoers/parse.c:211 plugins/sudoers/parse.c:226 #: plugins/sudoers/parse.c:238 plugins/sudoers/parse_ldif.c:155 #: plugins/sudoers/parse_ldif.c:186 plugins/sudoers/parse_ldif.c:255 #: plugins/sudoers/parse_ldif.c:262 plugins/sudoers/parse_ldif.c:267 #: plugins/sudoers/parse_ldif.c:343 plugins/sudoers/parse_ldif.c:354 -#: plugins/sudoers/parse_ldif.c:360 plugins/sudoers/parse_ldif.c:385 -#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:401 -#: plugins/sudoers/parse_ldif.c:415 plugins/sudoers/parse_ldif.c:584 -#: plugins/sudoers/parse_ldif.c:613 plugins/sudoers/parse_ldif.c:638 -#: plugins/sudoers/parse_ldif.c:696 plugins/sudoers/parse_ldif.c:713 -#: plugins/sudoers/parse_ldif.c:741 plugins/sudoers/parse_ldif.c:748 -#: plugins/sudoers/policy.c:134 plugins/sudoers/policy.c:143 -#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:178 -#: plugins/sudoers/policy.c:305 plugins/sudoers/policy.c:320 -#: plugins/sudoers/policy.c:322 plugins/sudoers/policy.c:348 -#: plugins/sudoers/policy.c:358 plugins/sudoers/policy.c:402 +#: plugins/sudoers/parse_ldif.c:381 plugins/sudoers/parse_ldif.c:398 +#: plugins/sudoers/parse_ldif.c:410 plugins/sudoers/parse_ldif.c:414 +#: plugins/sudoers/parse_ldif.c:428 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:133 plugins/sudoers/policy.c:142 +#: plugins/sudoers/policy.c:151 plugins/sudoers/policy.c:177 +#: plugins/sudoers/policy.c:304 plugins/sudoers/policy.c:319 +#: plugins/sudoers/policy.c:321 plugins/sudoers/policy.c:350 +#: plugins/sudoers/policy.c:359 plugins/sudoers/policy.c:402 #: plugins/sudoers/policy.c:412 plugins/sudoers/policy.c:421 #: plugins/sudoers/policy.c:430 plugins/sudoers/policy.c:504 -#: plugins/sudoers/policy.c:750 plugins/sudoers/prompt.c:100 +#: plugins/sudoers/policy.c:830 plugins/sudoers/prompt.c:100 #: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 #: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 #: plugins/sudoers/pwutil.c:586 plugins/sudoers/pwutil.c:657 #: plugins/sudoers/pwutil.c:816 plugins/sudoers/pwutil.c:873 #: plugins/sudoers/pwutil.c:917 plugins/sudoers/pwutil.c:975 -#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 -#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 -#: plugins/sudoers/set_perms.c:1659 plugins/sudoers/sssd.c:153 +#: plugins/sudoers/set_perms.c:365 plugins/sudoers/set_perms.c:704 +#: plugins/sudoers/set_perms.c:1067 plugins/sudoers/set_perms.c:1370 +#: plugins/sudoers/set_perms.c:1535 plugins/sudoers/sssd.c:153 #: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 #: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 #: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 -#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 -#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 -#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 -#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 -#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:113 -#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 -#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 -#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 -#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 -#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 -#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:331 plugins/sudoers/sudoers.c:341 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:735 +#: plugins/sudoers/sudoers.c:864 plugins/sudoers/sudoers.c:909 +#: plugins/sudoers/sudoers.c:1213 plugins/sudoers/sudoreplay.c:559 +#: plugins/sudoers/sudoreplay.c:562 plugins/sudoers/sudoreplay.c:1218 +#: plugins/sudoers/sudoreplay.c:1425 plugins/sudoers/sudoreplay.c:1429 +#: plugins/sudoers/testsudoers.c:136 plugins/sudoers/testsudoers.c:236 +#: plugins/sudoers/testsudoers.c:253 plugins/sudoers/testsudoers.c:587 +#: plugins/sudoers/timestamp.c:439 plugins/sudoers/timestamp.c:483 +#: plugins/sudoers/timestamp.c:993 plugins/sudoers/toke_util.c:59 +#: plugins/sudoers/toke_util.c:112 plugins/sudoers/toke_util.c:136 +#: plugins/sudoers/toke_util.c:165 plugins/sudoers/tsdump.c:130 #: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 #: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 #: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 @@ -250,12 +260,456 @@ msgid "%s: %s" msgstr "%s: %s" +#: lib/iolog/iolog_fileio.c:164 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s існує, але не є каталогом (0%o)" + +#: lib/iolog/iolog_fileio.c:194 lib/iolog/iolog_fileio.c:240 +#: plugins/sudoers/timestamp.c:212 +#, c-format +msgid "unable to mkdir %s" +msgstr "не вдалося створити каталог %s" + +#: lib/iolog/iolog_fileio.c:244 plugins/sudoers/visudo.c:739 +#: plugins/sudoers/visudo.c:750 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "не вдалося змінити режим доступу до %s на значення 0%o" + +#: lib/iolog/iolog_util.c:83 +#, c-format +msgid "%s: invalid log file" +msgstr "%s: некоректний файл журналу" + +#: lib/iolog/iolog_util.c:101 +#, c-format +msgid "%s: time stamp field is missing" +msgstr "%s: не вказано даних щодо часової позначки" + +#: lib/iolog/iolog_util.c:107 +#, c-format +msgid "%s: time stamp %s: %s" +msgstr "%s: часова позначка %s: %s" + +#: lib/iolog/iolog_util.c:114 +#, c-format +msgid "%s: user field is missing" +msgstr "%s: не вказано даних щодо користувача" + +#: lib/iolog/iolog_util.c:123 +#, c-format +msgid "%s: runas user field is missing" +msgstr "%s: не вказано даних щодо користувача, від імені якого відбуватиметься виконання" + +#: lib/iolog/iolog_util.c:132 +#, c-format +msgid "%s: runas group field is missing" +msgstr "%s: не вказано даних щодо групи, від імені якої відбуватиметься виконання" + +#: lib/iolog/iolog_util.c:382 +#, c-format +msgid "error reading timing file: %s" +msgstr "помилка під час спроби читання файла часових позначок: %s" + +#: lib/iolog/iolog_util.c:389 +#, c-format +msgid "invalid timing file line: %s" +msgstr "некоректний рядок у файлі timing: %s" + +#: logsrvd/eventlog.c:228 plugins/sudoers/cvtsudoers_ldif.c:247 +#: plugins/sudoers/cvtsudoers_ldif.c:254 plugins/sudoers/cvtsudoers_ldif.c:566 +#: plugins/sudoers/env.c:330 plugins/sudoers/env.c:337 +#: plugins/sudoers/env.c:442 plugins/sudoers/iolog.c:550 +#: plugins/sudoers/iolog.c:566 plugins/sudoers/ldap.c:496 +#: plugins/sudoers/ldap.c:727 plugins/sudoers/ldap.c:1060 +#: plugins/sudoers/ldap_conf.c:227 plugins/sudoers/ldap_conf.c:317 +#: plugins/sudoers/linux_audit.c:89 plugins/sudoers/logging.c:1096 +#: plugins/sudoers/policy.c:534 plugins/sudoers/policy.c:679 +#: plugins/sudoers/policy.c:689 plugins/sudoers/prompt.c:168 +#: plugins/sudoers/sudoers.c:931 plugins/sudoers/testsudoers.c:257 +#: plugins/sudoers/toke_util.c:177 +#, c-format +msgid "internal error, %s overflow" +msgstr "внутрішня помилка, переповнення %s" + +#: logsrvd/eventlog.c:422 plugins/sudoers/logging.c:118 +#, c-format +msgid "%8s : %s" +msgstr "%8s : %s" + +#: logsrvd/eventlog.c:451 plugins/sudoers/logging.c:146 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "%8s : (команда продовжується) %s" + +#: logsrvd/iolog_writer.c:886 +msgid "log is already complete, cannot be restarted" +msgstr "журнал вже завершено — його не можна перезапустити" + +#: logsrvd/iolog_writer.c:917 +msgid "unable to restart log" +msgstr "не вдалося перезапустити журнал" + +#: logsrvd/logsrv_util.c:96 logsrvd/logsrv_util.c:103 +#: plugins/sudoers/sudoreplay.c:355 plugins/sudoers/sudoreplay.c:361 +#: plugins/sudoers/sudoreplay.c:368 +#, c-format +msgid "unable to open %s/%s" +msgstr "не вдалося відкрити %s/%s" + +#: logsrvd/logsrv_util.c:130 +#, c-format +msgid "missing I/O log file %s/%s" +msgstr "не вистачає файла журналу введення-виведення, %s/%s" + +#: logsrvd/logsrv_util.c:137 +#, c-format +msgid "%s/%s: unable to seek forward %zu" +msgstr "%s/%s: неможливо виконати позиціювання вперед на %zu" + +#: logsrvd/logsrv_util.c:147 +#, c-format +msgid "unable to find resume point [%lld, %ld] in %s/%s" +msgstr "не вдалося знайти точку відновлення [%lld, %ld] у %s/%s" + +#: logsrvd/logsrvd.c:231 logsrvd/logsrvd.c:299 logsrvd/logsrvd.c:343 +#: logsrvd/logsrvd.c:392 logsrvd/logsrvd.c:439 logsrvd/logsrvd.c:484 +#: logsrvd/logsrvd.c:510 +msgid "state machine error" +msgstr "помилка скінченного автомата" + +#: logsrvd/logsrvd.c:240 +msgid "invalid AcceptMessage" +msgstr "некоректне AcceptMessage" + +#: logsrvd/logsrvd.c:251 +msgid "error parsing AcceptMessage" +msgstr "помилка під час спроби обробити AcceptMessage" + +#: logsrvd/logsrvd.c:258 +msgid "error creating I/O log" +msgstr "помилка під час створення журналу введення-виведення" + +#: logsrvd/logsrvd.c:265 +msgid "error logging accept event" +msgstr "помилка під час обробки події підтвердження дії журналу" + +#: logsrvd/logsrvd.c:308 +msgid "invalid RejectMessage" +msgstr "некоректне RejectMessage" + +#: logsrvd/logsrvd.c:319 +msgid "error parsing RejectMessage" +msgstr "помилка під час проби обробити RejectMessage" + +#: logsrvd/logsrvd.c:325 +msgid "error logging reject event" +msgstr "помилка під час обробки події відмови у записі до журналу" + +#: logsrvd/logsrvd.c:424 +msgid "error logging alert event" +msgstr "помилка під час обробки події критичного повідомлення журналу" + +#: logsrvd/logsrvd.c:449 +msgid "error writing IoBuffer" +msgstr "помилка під час спроби записати IoBuffer" + +#: logsrvd/logsrvd.c:495 +msgid "error writing ChangeWindowSize" +msgstr "помилка під час спроби записати ChangeWindowSize" + +#: logsrvd/logsrvd.c:521 +msgid "error writing CommandSuspend" +msgstr "помилка під час спроби записати CommandSuspend" + +#: logsrvd/logsrvd.c:583 +msgid "unrecognized ClientMessage type" +msgstr "нерозпізнаний тип ClientMessage" + +#: logsrvd/logsrvd.c:835 +msgid "client message too large" +msgstr "повідомлення клієнта є надто великим" + +#: logsrvd/logsrvd.c:1295 logsrvd/logsrvd.c:1415 logsrvd/logsrvd.c:1539 +#: logsrvd/logsrvd.c:1631 logsrvd/sendlog.c:242 logsrvd/sendlog.c:257 +#: logsrvd/sendlog.c:290 logsrvd/sendlog.c:1264 plugins/sudoers/iolog.c:900 +#: plugins/sudoers/iolog.c:1033 plugins/sudoers/iolog.c:1131 +#: plugins/sudoers/iolog_client.c:111 plugins/sudoers/iolog_client.c:436 +#: plugins/sudoers/iolog_client.c:452 plugins/sudoers/iolog_client.c:490 +#: plugins/sudoers/iolog_client.c:1032 plugins/sudoers/iolog_client.c:1061 +#: plugins/sudoers/iolog_client.c:1133 plugins/sudoers/iolog_client.c:1239 +#: plugins/sudoers/iolog_client.c:1353 plugins/sudoers/iolog_client.c:1655 +#: plugins/sudoers/iolog_client.c:1663 plugins/sudoers/sudoreplay.c:519 +#: plugins/sudoers/sudoreplay.c:566 plugins/sudoers/sudoreplay.c:755 +#: plugins/sudoers/sudoreplay.c:867 plugins/sudoers/sudoreplay.c:957 +#: plugins/sudoers/sudoreplay.c:972 plugins/sudoers/sudoreplay.c:979 +#: plugins/sudoers/sudoreplay.c:986 plugins/sudoers/sudoreplay.c:993 +#: plugins/sudoers/sudoreplay.c:1000 plugins/sudoers/sudoreplay.c:1127 +msgid "unable to add event to queue" +msgstr "не вдалося додати подію до черги обробки" + +#: logsrvd/logsrvd.c:1407 plugins/sudoers/iolog_client.c:378 +#, c-format +msgid "Unable to attach user data to the ssl object: %s" +msgstr "Не вдалося долучити дані користувача до об'єкта SSL: %s" + +#: logsrvd/logsrvd.c:1443 plugins/sudoers/iolog_client.c:1596 +#: plugins/sudoers/iolog_client.c:1604 +msgid "unable to get remote IP addr" +msgstr "не вдалося отримати віддалену IP-адресу" + +#: logsrvd/logsrvd.c:1692 logsrvd/sendlog.c:113 +#, c-format +msgid "" +"%s - send sudo I/O log to remote server\n" +"\n" +msgstr "" +"%s — надсилання журналу введення-виведення sudo на віддалений сервер\n" +"\n" + +#: logsrvd/logsrvd.c:1695 +msgid "" +"\n" +"Options:\n" +" -f, --file path to configuration file\n" +" -h --help display help message and exit\n" +" -n, --no-fork do not fork, run in the foreground\n" +" -R, --random-drop percent chance connections will drop\n" +" -V, --version display version information and exit\n" +msgstr "" +"\n" +"Параметри:\n" +" -f, --file шлях до файла налаштувань\n" +" -h --help показати довідкове повідомлення і вийти\n" +" -n, --no-fork не відгалужувати, запустити на передньому плані\n" +" -R, --random-drop ймовірність скидання з'єднань у відсотках\n" +" -V, --version вивести дані щодо версії і завершити роботу\n" + +#: logsrvd/logsrvd.c:1747 logsrvd/sendlog.c:1513 +msgid "Protobuf-C version 1.3 or higher required" +msgstr "Потрібна версія Protobuf-C 1.3 або новіша" + +#: logsrvd/logsrvd.c:1765 +#, c-format +msgid "invalid random drop value: %s" +msgstr "некоректне значення ймовірності скидання: %s" + +#: logsrvd/logsrvd.c:1769 logsrvd/sendlog.c:1551 +#: plugins/sudoers/cvtsudoers.c:233 plugins/sudoers/sudoreplay.c:302 +#: plugins/sudoers/visudo.c:184 +#, c-format +msgid "%s version %s\n" +msgstr "%s, версія %s\n" + +#: logsrvd/logsrvd_conf.c:688 +#, c-format +msgid "%s: not a fully qualified path" +msgstr "%s: не є повноцінним записом шляхуnot a fully qualified path" + +#: logsrvd/logsrvd_conf.c:802 +#, c-format +msgid "%s:%d unmatched '[': %s" +msgstr "%s:%d «[» без пари: %s" + +#: logsrvd/logsrvd_conf.c:813 +#, c-format +msgid "%s:%d invalid config section: %s" +msgstr "%s:%d некоректний розділ налаштувань: %s" + +#: logsrvd/logsrvd_conf.c:821 +#, c-format +msgid "%s:%d invalid configuration line: %s" +msgstr "%s:%d некоректний рядок налаштувань: %s" + +#: logsrvd/logsrvd_conf.c:827 +#, c-format +msgid "%s:%d expected section name: %s" +msgstr "%s:%d мало бути вказано назву розділу: %s" + +#: logsrvd/logsrvd_conf.c:841 +#, c-format +msgid "invalid value for %s: %s" +msgstr "некоректне значення %s: %s" + +#: logsrvd/logsrvd_conf.c:849 +#, c-format +msgid "%s:%d unknown key: %s" +msgstr "%s:%d невідомий ключ: %s" + +#: logsrvd/logsrvd_conf.c:977 +#, c-format +msgid "unknown syslog facility %s" +msgstr "невідома можливість syslog %s" + +#: logsrvd/logsrvd_conf.c:981 logsrvd/logsrvd_conf.c:985 +#: logsrvd/logsrvd_conf.c:989 +#, c-format +msgid "unknown syslog priority %s" +msgstr "невідома пріоритетність syslog %s" + +#: logsrvd/sendlog.c:116 +msgid "" +"\n" +"Options:\n" +" --help display help message and exit\n" +" -h, --host host to send logs to\n" +" -i, --iolog_id remote ID of I/O log to be resumed\n" +" -p, --port port to use when connecting to host\n" +" -r, --restart restart previous I/O log transfer\n" +" -t, --test test audit server by sending selected I/O log n times in parallel\n" +" -b, --ca-bundle certificate bundle file to verify server's cert against\n" +" -c, --cert certificate file for TLS handshake\n" +" -k, --key private key file\n" +" -V, --version display version information and exit\n" +msgstr "" +"\n" +"Параметри:\n" +" --help вивести довідкове повідомлення і завершити роботу\n" +" -h, --host вказати вузол для надсилання журналів\n" +" -i, --iolog_id вказати ідентифікатор журналу введення-виведення, яки слід відновити\n" +" -p, --port вказати порт, яким слід скористатися для з'єднання з вузлом\n" +" -r, --restart перезапустити попереднє передавання журналу введення-виведення\n" +" -t, --test перевірити сервер аудиту надсиланням вибраного журналу введення-виведення\n" +" паралельно n разів\n" +" -b, --ca-bundle вказати файла пакета сертифікатів для перевірки сертифіката сервера\n" +" -c, --cert вказати файл сертифіката для узгодження зв'язку TLS\n" +" -k, --key вказати файл закритого ключа\n" +" -V, --version вивести дані щодо версії і завершити роботу\n" + +#: logsrvd/sendlog.c:216 plugins/sudoers/iolog_client.c:409 +msgid "TLS handshake timeout occurred" +msgstr "сталося перевищення часу очікування на узгодження зв'язку TLS" + +#: logsrvd/sendlog.c:237 logsrvd/sendlog.c:252 +#: plugins/sudoers/iolog_client.c:430 plugins/sudoers/iolog_client.c:446 +msgid "unable to set event" +msgstr "не вдалося встановити подію" + +#: logsrvd/sendlog.c:262 +#, c-format +msgid "SSL_connect failed: ssl_error=%d, stack=%s\n" +msgstr "помилка SSL_connect: ssl_error=%d, стек=%s\n" + +#: logsrvd/sendlog.c:294 plugins/sudoers/iolog_client.c:115 +#: plugins/sudoers/iolog_client.c:495 plugins/sudoers/iolog_client.c:1065 +#: plugins/sudoers/iolog_client.c:1671 +msgid "error in event loop" +msgstr "помилка у циклі обробки подій" + +#: logsrvd/sendlog.c:311 +msgid "CA bundle file was not specified" +msgstr "не вказано файл пакета служб сертифікації (CA)" + +#: logsrvd/sendlog.c:315 +msgid "Client certificate was not specified" +msgstr "Не вказано сертифікат клієнта" + +#: logsrvd/sendlog.c:319 +#, c-format +msgid "Unable to initialize ssl context: %s" +msgstr "Не вдалося ініціалізувати контекст SSL: %s" + +#: logsrvd/sendlog.c:324 +#, c-format +msgid "Unable to allocate ssl object: %s\n" +msgstr "Не вдалося розмістити об'єкт SSL у пам'яті: %s\n" + +#: logsrvd/sendlog.c:329 +#, c-format +msgid "Unable to attach socket to the ssl object: %s\n" +msgstr "Не вдалося долучити сокет до об'єкта SSL: %s\n" + +#: logsrvd/sendlog.c:367 plugins/sudoers/iolog_client.c:150 +#, c-format +msgid "unable to look up %s:%s: %s" +msgstr "не вдалося виконати пошук %s:%s: %s" + +#: logsrvd/sendlog.c:522 plugins/sudoers/sudoreplay.c:815 +#, c-format +msgid "unable to read %s/%s: %s" +msgstr "не вдалося прочитати %s/%s: %s" + +#: logsrvd/sendlog.c:543 +#, c-format +msgid "client message too large: %zu\n" +msgstr "повідомлення клієнта є надто довгим: %zu\n" + +#: logsrvd/sendlog.c:941 +#, c-format +msgid "%s: write buffer already in use" +msgstr "%s: буфер запису вже використовується" + +#: logsrvd/sendlog.c:993 plugins/sudoers/iolog.c:824 +#: plugins/sudoers/iolog.c:893 +#, c-format +msgid "unexpected I/O event %d" +msgstr "неочікувана подія введення-виведення — %d" + +#: logsrvd/sendlog.c:1025 logsrvd/sendlog.c:1042 logsrvd/sendlog.c:1092 +#: plugins/sudoers/iolog_client.c:1037 plugins/sudoers/iolog_client.c:1090 +#: plugins/sudoers/iolog_client.c:1151 +#, c-format +msgid "%s: unexpected state %d" +msgstr "%s: неочікуваний стан — %d" + +#: logsrvd/sendlog.c:1048 plugins/sudoers/iolog_client.c:1096 +msgid "invalid ServerHello" +msgstr "некоректне ServerHello" + +#: logsrvd/sendlog.c:1130 plugins/sudoers/iolog_client.c:1195 +#, c-format +msgid "error message received from server: %s" +msgstr "отримано повідомлення про помилку від сервера: %s" + +#: logsrvd/sendlog.c:1143 plugins/sudoers/iolog_client.c:1208 +#, c-format +msgid "abort message received from server: %s" +msgstr "отримано повідомлення про переривання від сервера: %s" + +#: logsrvd/sendlog.c:1162 plugins/sudoers/iolog_client.c:1227 +msgid "unable to unpack ServerMessage" +msgstr "не вдалося розпакувати ServerMessage" + +#: logsrvd/sendlog.c:1207 plugins/sudoers/iolog_client.c:1260 +#, c-format +msgid "%s: unexpected type_case value %d" +msgstr "%s: неочікуване значення type_case — %d" + +#: logsrvd/sendlog.c:1291 +msgid "premature EOF" +msgstr "передчасне завершення файла" + +#: logsrvd/sendlog.c:1304 +#, c-format +msgid "server message too large: %u\n" +msgstr "повідомлення сервера є надто великим: %u\n" + +#: logsrvd/sendlog.c:1569 +msgid "both restart point and iolog ID must be specified" +msgstr "слід вказати одночасно точку перезапуску та ідентифікатор журналу введення-виведення" + +#: logsrvd/sendlog.c:1636 +#, c-format +msgid "exited prematurely with state %d" +msgstr "передчасний вихід зі станом %d" + +#: logsrvd/sendlog.c:1637 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "на сервер надіслано дані щодо часу, який лишився [%lld, %ld]" + +#: logsrvd/sendlog.c:1639 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "отримано точку внеску від сервера [%lld, %ld]" + #: plugins/sudoers/alias.c:151 #, c-format msgid "Alias \"%s\" already defined" msgstr "Замінник «%s» вже визначено" -#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:801 +#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:792 msgid "unable to fork" msgstr "не вдалося створити відгалуження" @@ -361,33 +815,33 @@ msgid "unable to initialize PAM: %s" msgstr "не вдалося ініціалізувати PAM: %s" -#: plugins/sudoers/auth/pam.c:319 +#: plugins/sudoers/auth/pam.c:322 #, c-format msgid "PAM authentication error: %s" msgstr "Помилка розпізнавання PAM: %s" -#: plugins/sudoers/auth/pam.c:338 +#: plugins/sudoers/auth/pam.c:341 msgid "account validation failure, is your account locked?" msgstr "помилка під час спроби перевірки облікового запису. Ваш обліковий запис заблоковано?" -#: plugins/sudoers/auth/pam.c:349 +#: plugins/sudoers/auth/pam.c:352 msgid "Account or password is expired, reset your password and try again" msgstr "Строк дії облікового запису або пароля збіг, визначте новий пароль і повторіть спробу" -#: plugins/sudoers/auth/pam.c:355 +#: plugins/sudoers/auth/pam.c:358 #, c-format msgid "unable to change expired password: %s" msgstr "не вдалося змінити пароль, строк дії якого завершився: %s" -#: plugins/sudoers/auth/pam.c:366 +#: plugins/sudoers/auth/pam.c:369 msgid "Password expired, contact your system administrator" msgstr "Строк дії пароля збіг, зверніться до адміністратора вашої системи щодо поновлення пароля" -#: plugins/sudoers/auth/pam.c:371 +#: plugins/sudoers/auth/pam.c:374 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Строк дії облікового запису збіг або у файлі налаштувань PAM немає розділу \"account\" для sudo. Повідомте про це адміністратора вашої системи." -#: plugins/sudoers/auth/pam.c:379 plugins/sudoers/auth/pam.c:384 +#: plugins/sudoers/auth/pam.c:382 plugins/sudoers/auth/pam.c:387 #, c-format msgid "PAM account management error: %s" msgstr "Помилка керування обліковими записами PAM: %s" @@ -465,7 +919,7 @@ msgid "unable to commit audit record" msgstr "не вдалося надіслати запис аудита" -#: plugins/sudoers/check.c:269 +#: plugins/sudoers/check.c:264 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -485,15 +939,16 @@ " #3) Користування широкими правами розширює сферу відповідальності.\n" "\n" -#: plugins/sudoers/check.c:312 plugins/sudoers/check.c:322 -#: plugins/sudoers/sudoers.c:700 plugins/sudoers/sudoers.c:748 +#: plugins/sudoers/check.c:307 plugins/sudoers/check.c:317 +#: plugins/sudoers/sudoers.c:778 plugins/sudoers/sudoers.c:826 #: plugins/sudoers/tsdump.c:126 #, c-format msgid "unknown uid: %u" msgstr "невідоме значення uid: %u" -#: plugins/sudoers/check.c:317 plugins/sudoers/iolog.c:255 -#: plugins/sudoers/policy.c:921 plugins/sudoers/sudoers.c:1163 +#: plugins/sudoers/check.c:312 plugins/sudoers/iolog.c:121 +#: plugins/sudoers/policy.c:1034 plugins/sudoers/sudoers.c:391 +#: plugins/sudoers/sudoers.c:393 plugins/sudoers/sudoers.c:1255 #: plugins/sudoers/testsudoers.c:227 plugins/sudoers/testsudoers.c:400 #, c-format msgid "unknown user: %s" @@ -514,12 +969,6 @@ msgid "order padding: %s: %s" msgstr "доповнення порядку: %s: %s" -#: plugins/sudoers/cvtsudoers.c:233 plugins/sudoers/sudoreplay.c:289 -#: plugins/sudoers/visudo.c:184 -#, c-format -msgid "%s version %s\n" -msgstr "%s, версія %s\n" - #: plugins/sudoers/cvtsudoers.c:235 plugins/sudoers/visudo.c:186 #, c-format msgid "%s grammar version %d\n" @@ -540,7 +989,7 @@ msgid "%s: input and output files must be different" msgstr "%s: файли вхідних і вихідних даних мають бути різними файлами" -#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:176 +#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:185 #: plugins/sudoers/testsudoers.c:266 plugins/sudoers/visudo.c:254 #: plugins/sudoers/visudo.c:610 plugins/sudoers/visudo.c:933 msgid "unable to initialize sudoers default values" @@ -572,12 +1021,10 @@ msgstr "некоректний фільтр: %s" #: plugins/sudoers/cvtsudoers.c:622 plugins/sudoers/cvtsudoers.c:639 -#: plugins/sudoers/cvtsudoers.c:1245 plugins/sudoers/cvtsudoers_json.c:1130 -#: plugins/sudoers/cvtsudoers_ldif.c:643 plugins/sudoers/iolog.c:413 -#: plugins/sudoers/iolog_util.c:75 plugins/sudoers/sudoers.c:914 -#: plugins/sudoers/sudoreplay.c:338 plugins/sudoers/sudoreplay.c:1431 -#: plugins/sudoers/timestamp.c:448 plugins/sudoers/tsdump.c:135 -#: plugins/sudoers/visudo.c:929 +#: plugins/sudoers/cvtsudoers.c:1249 plugins/sudoers/cvtsudoers_json.c:868 +#: plugins/sudoers/cvtsudoers_ldif.c:683 plugins/sudoers/sudoers.c:1001 +#: plugins/sudoers/sudoreplay.c:1391 plugins/sudoers/timestamp.c:448 +#: plugins/sudoers/tsdump.c:135 plugins/sudoers/visudo.c:929 #, c-format msgid "unable to open %s" msgstr "не вдалося відкрити %s" @@ -597,14 +1044,13 @@ msgid "parse error in %s\n" msgstr "помилка обробки у %s\n" -#: plugins/sudoers/cvtsudoers.c:1292 plugins/sudoers/iolog.c:500 -#: plugins/sudoers/sudoreplay.c:1135 plugins/sudoers/timestamp.c:332 -#: plugins/sudoers/timestamp.c:335 +#: plugins/sudoers/cvtsudoers.c:1296 plugins/sudoers/sudoreplay.c:1088 +#: plugins/sudoers/timestamp.c:332 plugins/sudoers/timestamp.c:335 #, c-format msgid "unable to write to %s" msgstr "не вдалося виконати запис до %s" -#: plugins/sudoers/cvtsudoers.c:1315 +#: plugins/sudoers/cvtsudoers.c:1319 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -613,7 +1059,7 @@ "%s — перетворення форматів файлів sudoers\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1317 +#: plugins/sudoers/cvtsudoers.c:1321 msgid "" "\n" "Options:\n" @@ -653,43 +1099,30 @@ " -s, --suppress=розділи придушити виведення певних розділів\n" " -V, --version вивести дані щодо версії і завершити роботу" -#: plugins/sudoers/cvtsudoers_json.c:684 plugins/sudoers/cvtsudoers_json.c:720 -#: plugins/sudoers/cvtsudoers_json.c:938 +#: plugins/sudoers/cvtsudoers_json.c:487 plugins/sudoers/cvtsudoers_json.c:521 +#: plugins/sudoers/cvtsudoers_json.c:709 #, c-format msgid "unknown defaults entry \"%s\"" msgstr "невідомий запис типових параметрів «%s»" -#: plugins/sudoers/cvtsudoers_json.c:858 plugins/sudoers/cvtsudoers_json.c:873 -#: plugins/sudoers/cvtsudoers_ldif.c:308 plugins/sudoers/cvtsudoers_ldif.c:319 +#: plugins/sudoers/cvtsudoers_json.c:647 plugins/sudoers/cvtsudoers_json.c:660 +#: plugins/sudoers/cvtsudoers_ldif.c:348 plugins/sudoers/cvtsudoers_ldif.c:359 #: plugins/sudoers/ldap.c:482 msgid "unable to get GMT time" msgstr "не вдалося отримати гринвіцький час" -#: plugins/sudoers/cvtsudoers_json.c:861 plugins/sudoers/cvtsudoers_json.c:876 -#: plugins/sudoers/cvtsudoers_ldif.c:311 plugins/sudoers/cvtsudoers_ldif.c:322 +#: plugins/sudoers/cvtsudoers_json.c:650 plugins/sudoers/cvtsudoers_json.c:663 +#: plugins/sudoers/cvtsudoers_ldif.c:351 plugins/sudoers/cvtsudoers_ldif.c:362 #: plugins/sudoers/ldap.c:488 msgid "unable to format timestamp" msgstr "не вдалося виконати форматування часового штампа" -#: plugins/sudoers/cvtsudoers_ldif.c:526 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:337 plugins/sudoers/env.c:442 -#: plugins/sudoers/ldap.c:496 plugins/sudoers/ldap.c:727 -#: plugins/sudoers/ldap.c:1060 plugins/sudoers/ldap_conf.c:227 -#: plugins/sudoers/ldap_conf.c:317 plugins/sudoers/linux_audit.c:89 -#: plugins/sudoers/logging.c:1105 plugins/sudoers/policy.c:625 -#: plugins/sudoers/policy.c:635 plugins/sudoers/prompt.c:168 -#: plugins/sudoers/sudoers.c:852 plugins/sudoers/testsudoers.c:257 -#: plugins/sudoers/toke_util.c:161 -#, c-format -msgid "internal error, %s overflow" -msgstr "внутрішня помилка, переповнення %s" - -#: plugins/sudoers/cvtsudoers_ldif.c:595 +#: plugins/sudoers/cvtsudoers_ldif.c:635 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "забагато записів sudoers, максимальна кількість — %u" -#: plugins/sudoers/cvtsudoers_ldif.c:638 +#: plugins/sudoers/cvtsudoers_ldif.c:678 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "не встановлено значення змінної середовища SUDOERS_BASE і не вказано параметра -b." @@ -1098,8 +1531,8 @@ #: plugins/sudoers/def_data.c:406 #, c-format -msgid "Maximum I/O log sequence number: %u" -msgstr "Максимальний номер у послідовності журналу введення-виведення: %u" +msgid "Maximum I/O log sequence number: %s" +msgstr "Максимальний номер у послідовності журналу введення-виведення: %s" #: plugins/sudoers/def_data.c:410 msgid "Enable sudoers netgroup support" @@ -1209,62 +1642,106 @@ msgid "Log when a command is denied by sudoers" msgstr "Записувати до журналу дані, коли виконання команди заборонене sudoers" -#: plugins/sudoers/defaults.c:231 +#: plugins/sudoers/def_data.c:510 +msgid "Sudo log server(s) to connect to with optional port" +msgstr "Сервер або сервери журналу sudo, з якими слід встановити з'єднання, з необов'язковим зазначенням порту" + +#: plugins/sudoers/def_data.c:514 +#, c-format +msgid "Sudo log server timeout in seconds: %u" +msgstr "Час очікування на дії сервера журналу sudo у секундах: %u" + +#: plugins/sudoers/def_data.c:518 +msgid "Enable SO_KEEPALIVE socket option on the socket connected to the logserver" +msgstr "Увімкнути параметр сокета SO_KEEPALIVE на сокеті, який з'єднано із сервером журналу" + +#: plugins/sudoers/def_data.c:522 +#, c-format +msgid "Path to the audit server's CA bundle file: %s" +msgstr "Шлях до файла пакета CA сервера аудиту: %s" + +#: plugins/sudoers/def_data.c:526 +#, c-format +msgid "Path to the sudoers certificate file: %s" +msgstr "Шлях до файла сертифікатів sudoers: %s" + +#: plugins/sudoers/def_data.c:530 +#, c-format +msgid "Path to the sudoers private key file: %s" +msgstr "Шлях до файла закритого ключа sudoers: %s" + +#: plugins/sudoers/def_data.c:534 +msgid "Allow the use of unknown runas user and/or group ID" +msgstr "Дозволити використання невідомих значень імені користувача і/або ідентифікатора групи для runas" + +#: plugins/sudoers/def_data.c:538 +msgid "Only permit running commands as a user with a valid shell" +msgstr "Дозволяти виконання команд лише від імені користувачів із коректним записом командної оболонки" + +#: plugins/sudoers/def_data.c:542 +msgid "Set the pam remote user to the user running sudo" +msgstr "Встановити для віддаленого користувача PAM те саме ім'я, що і для користувача, від імені якого запущено sudo" + +#: plugins/sudoers/def_data.c:546 +msgid "Set the pam remote host to the local host name" +msgstr "Встановити для віддаленого вузла PAM назву локального вузла" + +#: plugins/sudoers/defaults.c:190 #, c-format msgid "%s:%d unknown defaults entry \"%s\"" msgstr "%s:%d невідомий запис типових параметрів, «%s»" -#: plugins/sudoers/defaults.c:234 +#: plugins/sudoers/defaults.c:193 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "%s: невідомий запис типових параметрів, «%s»" -#: plugins/sudoers/defaults.c:277 +#: plugins/sudoers/defaults.c:236 #, c-format msgid "%s:%d no value specified for \"%s\"" msgstr "%s:%d не вказано значення для «%s»" -#: plugins/sudoers/defaults.c:280 +#: plugins/sudoers/defaults.c:239 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "%s: не вказано значення для «%s»" -#: plugins/sudoers/defaults.c:300 +#: plugins/sudoers/defaults.c:259 #, c-format msgid "%s:%d values for \"%s\" must start with a '/'" msgstr "%s:%d значення для «%s» має починатися з «/»" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:262 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s: значення для «%s» має починатися з «/»" -#: plugins/sudoers/defaults.c:325 +#: plugins/sudoers/defaults.c:284 #, c-format msgid "%s:%d option \"%s\" does not take a value" msgstr "%s:%d параметру «%s» не потрібно передавати значення" -#: plugins/sudoers/defaults.c:328 +#: plugins/sudoers/defaults.c:287 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s: параметру «%s» не потрібно передавати значення" -#: plugins/sudoers/defaults.c:353 +#: plugins/sudoers/defaults.c:312 #, c-format msgid "%s:%d invalid Defaults type 0x%x for option \"%s\"" msgstr "%s:%d некоректний тип Defaults, 0x%x, для параметра «%s»" -#: plugins/sudoers/defaults.c:356 +#: plugins/sudoers/defaults.c:315 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s: некоректний тип Defaults, 0x%x, для параметра «%s»" -#: plugins/sudoers/defaults.c:366 +#: plugins/sudoers/defaults.c:325 #, c-format msgid "%s:%d value \"%s\" is invalid for option \"%s\"" msgstr "%s:%d значення «%s» є некоректним для параметра «%s»" -#: plugins/sudoers/defaults.c:369 +#: plugins/sudoers/defaults.c:328 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s: значення «%s» є некоректним для параметра «%s»" @@ -1273,11 +1750,11 @@ msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: помилкове значення envp, невідповідність довжин" -#: plugins/sudoers/env.c:1132 +#: plugins/sudoers/env.c:1133 msgid "unable to rebuild the environment" msgstr "не вдалося перебудувати середовище" -#: plugins/sudoers/env.c:1206 +#: plugins/sudoers/env.c:1207 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "вибачте, вам не дозволено встановлювати такі змінні середовища: %s" @@ -1302,27 +1779,27 @@ msgid "%s: read error" msgstr "%s: помилка читання" -#: plugins/sudoers/group_plugin.c:90 +#: plugins/sudoers/group_plugin.c:91 #, c-format msgid "%s must be owned by uid %d" msgstr "%s має належати користувачеві з uid %d" -#: plugins/sudoers/group_plugin.c:94 +#: plugins/sudoers/group_plugin.c:95 #, c-format msgid "%s must only be writable by owner" msgstr "%s має бути доступним до запису лише для власника" -#: plugins/sudoers/group_plugin.c:102 plugins/sudoers/sssd.c:562 +#: plugins/sudoers/group_plugin.c:104 plugins/sudoers/sssd.c:562 #, c-format msgid "unable to load %s: %s" msgstr "не вдалося завантажити %s: %s" -#: plugins/sudoers/group_plugin.c:108 +#: plugins/sudoers/group_plugin.c:110 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "не вдалося знайти символ «group_plugin» у %s" -#: plugins/sudoers/group_plugin.c:113 +#: plugins/sudoers/group_plugin.c:115 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: несумісна основна версія додатка обробки груп %d, мало бути — %d" @@ -1341,87 +1818,143 @@ msgid "Local IP address and netmask pairs:\n" msgstr "Пари локальних IP-адрес і масок мережі:\n" -#: plugins/sudoers/iolog.c:117 plugins/sudoers/mkdir_parents.c:82 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s існує, але не є каталогом (0%o)" - -#: plugins/sudoers/iolog.c:142 plugins/sudoers/iolog.c:182 -#: plugins/sudoers/mkdir_parents.c:71 plugins/sudoers/timestamp.c:212 -#, c-format -msgid "unable to mkdir %s" -msgstr "не вдалося створити каталог %s" - -#: plugins/sudoers/iolog.c:186 plugins/sudoers/visudo.c:739 -#: plugins/sudoers/visudo.c:750 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "не вдалося змінити режим доступу до %s на значення 0%o" - -#: plugins/sudoers/iolog.c:294 plugins/sudoers/sudoers.c:1194 +#: plugins/sudoers/iolog.c:146 plugins/sudoers/sudoers.c:398 +#: plugins/sudoers/sudoers.c:400 plugins/sudoers/sudoers.c:1289 #: plugins/sudoers/testsudoers.c:424 #, c-format msgid "unknown group: %s" msgstr "невідома група: %s" -#: plugins/sudoers/iolog.c:464 plugins/sudoers/sudoers.c:918 -#: plugins/sudoers/sudoreplay.c:846 plugins/sudoers/sudoreplay.c:1542 -#: plugins/sudoers/tsdump.c:145 +#: plugins/sudoers/iolog.c:505 plugins/sudoers/iolog.c:788 +#: plugins/sudoers/iolog.c:938 plugins/sudoers/iolog.c:945 +#: plugins/sudoers/iolog.c:1066 plugins/sudoers/iolog.c:1073 +#: plugins/sudoers/iolog.c:1172 plugins/sudoers/iolog.c:1179 #, c-format -msgid "unable to read %s" -msgstr "не вдалося прочитати %s" +msgid "unable to write to I/O log file: %s" +msgstr "не вдалося здійснити запис до файла журналу введення-виведення: %s" -#: plugins/sudoers/iolog.c:579 plugins/sudoers/iolog.c:801 -#, c-format -msgid "unable to create %s" -msgstr "не вдалося створити %s" +#: plugins/sudoers/iolog.c:555 +msgid "unable to update sequence file" +msgstr "не вдалося оновити файл послідовності" -#: plugins/sudoers/iolog.c:824 plugins/sudoers/iolog.c:1039 -#: plugins/sudoers/iolog.c:1115 plugins/sudoers/iolog.c:1209 -#: plugins/sudoers/iolog.c:1270 +#: plugins/sudoers/iolog.c:594 #, c-format -msgid "unable to write to I/O log file: %s" -msgstr "не вдалося здійснити запис до файла журналу введення-виведення: %s" +msgid "unable to create %s/%s" +msgstr "не вдалося створити %s/%s" + +#: plugins/sudoers/iolog.c:622 +msgid "unable to connect to log server" +msgstr "не вдалося встановити з'єднання із сервером журналу" -#: plugins/sudoers/iolog.c:1073 +#: plugins/sudoers/iolog.c:830 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s: внутрішня помилка, файл журналу введення-виведення для події %d не відкрито" -#: plugins/sudoers/iolog.c:1233 +#: plugins/sudoers/iolog.c:923 plugins/sudoers/iolog.c:1051 +#: plugins/sudoers/iolog.c:1156 plugins/sudoers/timestamp.c:862 +#: plugins/sudoers/timestamp.c:954 plugins/sudoers/visudo.c:498 +#: plugins/sudoers/visudo.c:504 +msgid "unable to read the clock" +msgstr "не вдалося прочитати час на годиннику" + +#: plugins/sudoers/iolog.c:1148 plugins/sudoers/iolog_client.c:862 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "%s: внутрішня помилка, некоректний сигнал %d" -#: plugins/sudoers/iolog_util.c:90 +#: plugins/sudoers/iolog_client.c:297 #, c-format -msgid "%s: invalid log file" -msgstr "%s: некоректний файл журналу" +msgid "Creation of new SSL_CTX object failed: %s" +msgstr "Не вдалося створити об'єкт SSL_CTX: %s" -#: plugins/sudoers/iolog_util.c:108 +#: plugins/sudoers/iolog_client.c:320 +msgid "CA bundle file is not set in sudoers" +msgstr "У sudoers не вказано файла пакета сертифікатів (CA)" + +#: plugins/sudoers/iolog_client.c:327 #, c-format -msgid "%s: time stamp field is missing" -msgstr "%s: не вказано даних щодо часової позначки" +msgid "Calling SSL_CTX_load_verify_locations() failed: %s" +msgstr "Невдалий виклик SSL_CTX_load_verify_locations(): %s" -#: plugins/sudoers/iolog_util.c:114 +#: plugins/sudoers/iolog_client.c:339 +msgid "Signed certificate file is not set in sudoers" +msgstr "У sudoers не вказано підписаного файла сертифіката" + +#: plugins/sudoers/iolog_client.c:345 #, c-format -msgid "%s: time stamp %s: %s" -msgstr "%s: часова позначка %s: %s" +msgid "Unable to load cert into the ssl context: %s" +msgstr "Не вдалося завантажити сертифікат до контексту SSL: %s" -#: plugins/sudoers/iolog_util.c:121 +#: plugins/sudoers/iolog_client.c:356 #, c-format -msgid "%s: user field is missing" -msgstr "%s: не вказано даних щодо користувача" +msgid "Unable to load private key into the ssl context: %s" +msgstr "Не вдалося завантажити закритий ключ до контексту SSL: %s" -#: plugins/sudoers/iolog_util.c:130 +#: plugins/sudoers/iolog_client.c:363 #, c-format -msgid "%s: runas user field is missing" -msgstr "%s: не вказано даних щодо користувача, від імені якого відбуватиметься виконання" +msgid "Unable to allocate ssl object: %s" +msgstr "Не вдалося розмістити об'єкт SSL у пам'яті: %s" -#: plugins/sudoers/iolog_util.c:139 +#: plugins/sudoers/iolog_client.c:369 #, c-format -msgid "%s: runas group field is missing" -msgstr "%s: не вказано даних щодо групи, від імені якої відбуватиметься виконання" +msgid "Unable to attach socket to the ssl object: %s" +msgstr "Не вдалося долучити сокет до об'єкта SSL: %s" + +#: plugins/sudoers/iolog_client.c:457 +#, c-format +msgid "SSL_connect failed: ssl_error=%d, stack=%s" +msgstr "помилка SSL_connect: ssl_error=%d, стек=%s" + +#: plugins/sudoers/iolog_client.c:599 +#, c-format +msgid "client message too large: %zu" +msgstr "повідомлення клієнта є надто довгим: %zu" + +#: plugins/sudoers/iolog_client.c:656 plugins/sudoers/iolog_client.c:844 +msgid "unable to get time of day" +msgstr "не вдалося отримати дані щодо пори доби" + +#: plugins/sudoers/iolog_client.c:871 +#, c-format +msgid "%s: internal error, invalid exit status %d" +msgstr "%s: внутрішня помилка, некоректний стан виходу %d" + +#: plugins/sudoers/iolog_client.c:1104 +msgid "TLS initialization was unsuccessful" +msgstr "Спроба ініціалізувати TLS завершилася невдало" + +#: plugins/sudoers/iolog_client.c:1109 +msgid "TLS handshake was unsuccessful" +msgstr "Спроба узгодити зв'язок TLS завершилася невдало" + +#: plugins/sudoers/iolog_client.c:1361 +#, c-format +msgid "SSL_read failed: ssl_error=%d, stack=%s" +msgstr "помилка SSL_read: ssl_error=%d, стек=%s" + +#: plugins/sudoers/iolog_client.c:1384 +msgid "lost connection to log server" +msgstr "втрачено зв’язок з сервером журналу" + +#: plugins/sudoers/iolog_client.c:1397 +#, c-format +msgid "server message too large: %u" +msgstr "повідомлення сервера є надто великим: %u" + +#: plugins/sudoers/iolog_client.c:1461 +msgid "missing write buffer" +msgstr "не вказано буфер запису" + +#: plugins/sudoers/iolog_client.c:1486 +#, c-format +msgid "SSL_write failed: ssl_error=%d, stack=%s" +msgstr "помилка SSL_write: ssl_error=%d, стек=%s" + +#: plugins/sudoers/iolog_client.c:1610 +#, c-format +msgid "unknown address family: %d" +msgstr "невідоме сімейство адрес: %d" #: plugins/sudoers/ldap.c:178 plugins/sudoers/ldap_conf.c:296 msgid "starttls not supported when using ldaps" @@ -1446,7 +1979,7 @@ msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls вказано, але у бібліотеках LDAP не передбачено підтримки ldap_start_tls_s() або ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:734 +#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:747 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "некоректний атрибут sudoOrder: %s" @@ -1464,7 +1997,7 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "не можна використовувати суміш з адрес ldap і ldaps" -#: plugins/sudoers/ldap_util.c:456 plugins/sudoers/ldap_util.c:458 +#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "не вдалося перетворити запис sudoOption: %s%s%s" @@ -1477,80 +2010,62 @@ msgid "unable to send audit message" msgstr "не вдалося надіслати повідомлення аудита" -#: plugins/sudoers/logging.c:120 -#, c-format -msgid "%8s : %s" -msgstr "%8s : %s" - -#: plugins/sudoers/logging.c:148 -#, c-format -msgid "%8s : (command continued) %s" -msgstr "%8s : (команда продовжується) %s" - -#: plugins/sudoers/logging.c:177 +#: plugins/sudoers/logging.c:175 #, c-format msgid "unable to open log file: %s" msgstr "не вдалося відкрити файл журналу: %s" -#: plugins/sudoers/logging.c:185 +#: plugins/sudoers/logging.c:183 #, c-format msgid "unable to lock log file: %s" msgstr "не вдалося заблокувати файл журналу: %s" -#: plugins/sudoers/logging.c:218 +#: plugins/sudoers/logging.c:216 #, c-format msgid "unable to write log file: %s" msgstr "не вдалося виконати запис до файла журналу: %s" -#: plugins/sudoers/logging.c:248 -msgid "No user or host" -msgstr "Немає користувача або вузла" - -#: plugins/sudoers/logging.c:250 -msgid "validation failure" -msgstr "помилка під час спроби перевірки" - -#: plugins/sudoers/logging.c:261 +#: plugins/sudoers/logging.c:249 msgid "user NOT in sudoers" msgstr "користувача немає у списку sudoers" -#: plugins/sudoers/logging.c:263 +#: plugins/sudoers/logging.c:251 msgid "user NOT authorized on host" msgstr "користувача не уповноважено на дії на вузлі" -#: plugins/sudoers/logging.c:265 +#: plugins/sudoers/logging.c:253 msgid "command not allowed" msgstr "виконання команди заборонено" -#: plugins/sudoers/logging.c:301 +#: plugins/sudoers/logging.c:296 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s немає у файлі sudoers. Запис про подію додано до звіту.\n" -#: plugins/sudoers/logging.c:304 +#: plugins/sudoers/logging.c:299 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s заборонено виконувати sudo на %s. Запис про подію додано до звіту.\n" -#: plugins/sudoers/logging.c:308 +#: plugins/sudoers/logging.c:303 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Вибачте, користувач %s не має права виконувати sudo на %s.\n" -#: plugins/sudoers/logging.c:311 +#: plugins/sudoers/logging.c:306 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Вибачте, користувач %s не має права виконувати «%s%s%s» від імені %s%s%s на %s.\n" -#: plugins/sudoers/logging.c:348 plugins/sudoers/sudoers.c:442 -#: plugins/sudoers/sudoers.c:444 plugins/sudoers/sudoers.c:446 -#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:603 -#: plugins/sudoers/sudoers.c:605 +#: plugins/sudoers/logging.c:343 plugins/sudoers/sudoers.c:518 +#: plugins/sudoers/sudoers.c:520 plugins/sudoers/sudoers.c:522 +#: plugins/sudoers/sudoers.c:524 plugins/sudoers/sudoers.c:675 +#: plugins/sudoers/sudoers.c:677 #, c-format msgid "%s: command not found" msgstr "%s: команду не знайдено" -#: plugins/sudoers/logging.c:350 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/logging.c:345 plugins/sudoers/sudoers.c:514 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -1559,15 +2074,15 @@ "пропущено «%s» знайдений у «.»\n" "Скористайтеся командою «sudo ./%s», якщо вам потрібно виконати саме «%s»." -#: plugins/sudoers/logging.c:367 +#: plugins/sudoers/logging.c:362 msgid "authentication failure" msgstr "помилка під час спроби розпізнавання" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:388 msgid "a password is required" msgstr "слід вказати пароль" -#: plugins/sudoers/logging.c:463 +#: plugins/sudoers/logging.c:458 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" @@ -1576,37 +2091,31 @@ msgstr[2] "%u невдалих спроб введення пароля" msgstr[3] "одна невдала спроба введення пароля" -#: plugins/sudoers/logging.c:728 +#: plugins/sudoers/logging.c:722 #, c-format msgid "unable to dup stdin: %m" msgstr "не вдалося здублювати stdin: %m" -#: plugins/sudoers/logging.c:768 +#: plugins/sudoers/logging.c:759 #, c-format msgid "unable to execute %s: %m" msgstr "не вдалося виконати %s: %m" -#: plugins/sudoers/logging.c:809 plugins/sudoers/logging.c:865 +#: plugins/sudoers/logging.c:800 plugins/sudoers/logging.c:856 #, c-format msgid "unable to fork: %m" msgstr "не вдалося створити відгалуження: %m" -#: plugins/sudoers/logging.c:855 +#: plugins/sudoers/logging.c:846 #, c-format msgid "unable to open pipe: %m" msgstr "не вдалося відкрити канал: %m" -#: plugins/sudoers/match_digest.c:103 +#: plugins/sudoers/match_digest.c:123 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "контрольну суму для %s (%s) подано не у формі %s" -#: plugins/sudoers/mkdir_parents.c:77 plugins/sudoers/sudoers.c:943 -#: plugins/sudoers/visudo.c:437 plugins/sudoers/visudo.c:733 -#, c-format -msgid "unable to stat %s" -msgstr "не вдалося виконати stat для %s" - #: plugins/sudoers/parse.c:449 #, c-format msgid "" @@ -1665,22 +2174,22 @@ msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Користувач %s не має права виконувати sudo на %s.\n" -#: plugins/sudoers/parse_ldif.c:604 +#: plugins/sudoers/parse_ldif.c:617 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "ігноруємо неповний запис sudoRole: cn: %s" -#: plugins/sudoers/parse_ldif.c:664 +#: plugins/sudoers/parse_ldif.c:677 #, c-format msgid "invalid LDIF attribute: %s" msgstr "некоректний атрибут LDIF: %s" -#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:116 +#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:115 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "оболонкою sudo встановлено некоректне значення параметра %.*s" -#: plugins/sudoers/policy.c:295 plugins/sudoers/testsudoers.c:280 +#: plugins/sudoers/policy.c:294 plugins/sudoers/testsudoers.c:280 msgid "unable to parse network address list" msgstr "не вдалося обробити список мережевих адрес" @@ -1700,23 +2209,23 @@ msgid "host name not set by sudo front-end" msgstr "назву вузла не встановлено за допомогою оболонки sudo" -#: plugins/sudoers/policy.c:808 plugins/sudoers/visudo.c:236 +#: plugins/sudoers/policy.c:897 plugins/sudoers/visudo.c:236 #: plugins/sudoers/visudo.c:867 #, c-format msgid "unable to execute %s" msgstr "не вдалося виконати %s" -#: plugins/sudoers/policy.c:939 +#: plugins/sudoers/policy.c:1055 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Додаток правил sudoers версії %s\n" -#: plugins/sudoers/policy.c:941 +#: plugins/sudoers/policy.c:1057 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Граматична перевірка файла sudoers версії %d\n" -#: plugins/sudoers/policy.c:945 +#: plugins/sudoers/policy.c:1061 #, c-format msgid "" "\n" @@ -1725,22 +2234,22 @@ "\n" "Шлях до sudoers: %s\n" -#: plugins/sudoers/policy.c:948 +#: plugins/sudoers/policy.c:1064 #, c-format msgid "nsswitch path: %s\n" msgstr "Шлях до nsswitch: %s\n" -#: plugins/sudoers/policy.c:950 +#: plugins/sudoers/policy.c:1066 #, c-format msgid "ldap.conf path: %s\n" msgstr "Шлях до ldap.conf: %s\n" -#: plugins/sudoers/policy.c:951 +#: plugins/sudoers/policy.c:1067 #, c-format msgid "ldap.secret path: %s\n" msgstr "Шлях до ldap.secret: %s\n" -#: plugins/sudoers/policy.c:984 +#: plugins/sudoers/policy.c:1100 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "неможливо зареєструвати процедуру перехоплення типу %d (версія %d.%d)" @@ -1809,48 +2318,48 @@ msgid "unable to parse gids for %s" msgstr "не вдалося обробити записи ідентифікаторів груп %s" -#: plugins/sudoers/set_perms.c:120 plugins/sudoers/set_perms.c:478 -#: plugins/sudoers/set_perms.c:921 plugins/sudoers/set_perms.c:1254 -#: plugins/sudoers/set_perms.c:1573 +#: plugins/sudoers/set_perms.c:120 plugins/sudoers/set_perms.c:447 +#: plugins/sudoers/set_perms.c:850 plugins/sudoers/set_perms.c:1156 +#: plugins/sudoers/set_perms.c:1450 msgid "perm stack overflow" msgstr "переповнення стека доступу" -#: plugins/sudoers/set_perms.c:128 plugins/sudoers/set_perms.c:409 -#: plugins/sudoers/set_perms.c:486 plugins/sudoers/set_perms.c:788 -#: plugins/sudoers/set_perms.c:929 plugins/sudoers/set_perms.c:1178 -#: plugins/sudoers/set_perms.c:1262 plugins/sudoers/set_perms.c:1506 -#: plugins/sudoers/set_perms.c:1581 plugins/sudoers/set_perms.c:1672 +#: plugins/sudoers/set_perms.c:128 plugins/sudoers/set_perms.c:378 +#: plugins/sudoers/set_perms.c:455 plugins/sudoers/set_perms.c:717 +#: plugins/sudoers/set_perms.c:858 plugins/sudoers/set_perms.c:1080 +#: plugins/sudoers/set_perms.c:1164 plugins/sudoers/set_perms.c:1383 +#: plugins/sudoers/set_perms.c:1458 plugins/sudoers/set_perms.c:1548 msgid "perm stack underflow" msgstr "вичерпання стека доступу" -#: plugins/sudoers/set_perms.c:187 plugins/sudoers/set_perms.c:532 -#: plugins/sudoers/set_perms.c:1315 plugins/sudoers/set_perms.c:1614 +#: plugins/sudoers/set_perms.c:187 plugins/sudoers/set_perms.c:501 +#: plugins/sudoers/set_perms.c:1217 plugins/sudoers/set_perms.c:1491 msgid "unable to change to root gid" msgstr "не вдалося змінити ідентифікатор групи (gid) root" -#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:629 -#: plugins/sudoers/set_perms.c:1060 plugins/sudoers/set_perms.c:1392 +#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:598 +#: plugins/sudoers/set_perms.c:989 plugins/sudoers/set_perms.c:1294 msgid "unable to change to runas gid" msgstr "не вдалося змінити gid на runas" -#: plugins/sudoers/set_perms.c:283 plugins/sudoers/set_perms.c:634 -#: plugins/sudoers/set_perms.c:1065 plugins/sudoers/set_perms.c:1397 +#: plugins/sudoers/set_perms.c:283 plugins/sudoers/set_perms.c:603 +#: plugins/sudoers/set_perms.c:994 plugins/sudoers/set_perms.c:1299 msgid "unable to set runas group vector" msgstr "не вдалося встановити вектор групи виконання" -#: plugins/sudoers/set_perms.c:294 plugins/sudoers/set_perms.c:645 -#: plugins/sudoers/set_perms.c:1074 plugins/sudoers/set_perms.c:1406 +#: plugins/sudoers/set_perms.c:294 plugins/sudoers/set_perms.c:614 +#: plugins/sudoers/set_perms.c:1003 plugins/sudoers/set_perms.c:1308 msgid "unable to change to runas uid" msgstr "не вдалося змінити uid на runas" -#: plugins/sudoers/set_perms.c:312 plugins/sudoers/set_perms.c:663 -#: plugins/sudoers/set_perms.c:1090 plugins/sudoers/set_perms.c:1422 +#: plugins/sudoers/set_perms.c:312 plugins/sudoers/set_perms.c:632 +#: plugins/sudoers/set_perms.c:1019 plugins/sudoers/set_perms.c:1324 msgid "unable to change to sudoers gid" msgstr "не вдалося змінити gid на sudoers" -#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 -#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 -#: plugins/sudoers/set_perms.c:1659 +#: plugins/sudoers/set_perms.c:365 plugins/sudoers/set_perms.c:704 +#: plugins/sudoers/set_perms.c:1067 plugins/sudoers/set_perms.c:1370 +#: plugins/sudoers/set_perms.c:1535 msgid "too many processes" msgstr "забагато процесів" @@ -1883,209 +2392,228 @@ msgid "unable to find symbol \"%s\" in %s" msgstr "не вдалося знайти символ «%s» у %s" -#: plugins/sudoers/sudoers.c:212 plugins/sudoers/sudoers.c:871 +#: plugins/sudoers/sudoers.c:221 plugins/sudoers/sudoers.c:958 msgid "problem with defaults entries" msgstr "проблема з типовими записами" -#: plugins/sudoers/sudoers.c:216 +#: plugins/sudoers/sudoers.c:225 msgid "no valid sudoers sources found, quitting" msgstr "не знайдено коректних джерел даних sudoers, завершення роботи" -#: plugins/sudoers/sudoers.c:254 +#: plugins/sudoers/sudoers.c:301 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers вказує, що sudo не можна користуватися для виконання команд від root" -#: plugins/sudoers/sudoers.c:312 +#: plugins/sudoers/sudoers.c:361 +msgid "user not allowed to override closefrom limit" +msgstr "користувачеві заборонено перевизначати обмеження closefrom" + +#: plugins/sudoers/sudoers.c:362 msgid "you are not permitted to use the -C option" msgstr "вам не дозволено використовувати параметр -C" -#: plugins/sudoers/sudoers.c:359 +#: plugins/sudoers/sudoers.c:426 #, c-format msgid "timestamp owner (%s): No such user" msgstr "власник часового штампа (%s): не знайдено користувача з таким іменем" -#: plugins/sudoers/sudoers.c:374 +#: plugins/sudoers/sudoers.c:441 msgid "no tty" msgstr "немає tty" -#: plugins/sudoers/sudoers.c:375 +#: plugins/sudoers/sudoers.c:442 msgid "sorry, you must have a tty to run sudo" msgstr "вибачте, для виконання sudo вашому користувачеві потрібен tty" -#: plugins/sudoers/sudoers.c:437 +#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:450 +#, c-format +msgid "invalid shell for user %s: %s" +msgstr "некоректний запис оболонки для користувача %s: %s" + +#: plugins/sudoers/sudoers.c:513 msgid "command in current directory" msgstr "команда у поточному каталозі" -#: plugins/sudoers/sudoers.c:456 +#: plugins/sudoers/sudoers.c:532 +msgid "user not allowed to set a command timeout" +msgstr "користувачеві заборонено встановлювати час очікування на виконання команди" + +#: plugins/sudoers/sudoers.c:533 msgid "sorry, you are not allowed set a command timeout" msgstr "вибачте, вам не дозволено встановлювати час очікування на виконання команди" -#: plugins/sudoers/sudoers.c:464 +#: plugins/sudoers/sudoers.c:541 +msgid "user not allowed to set a preserve the environment" +msgstr "користувачеві заборонено встановлювати збереження середовища" + +#: plugins/sudoers/sudoers.c:542 msgid "sorry, you are not allowed to preserve the environment" msgstr "вибачте, вам не дозволено зберігати середовище" -#: plugins/sudoers/sudoers.c:815 +#: plugins/sudoers/sudoers.c:893 msgid "command too long" msgstr "надто довга команда" -#: plugins/sudoers/sudoers.c:947 +#: plugins/sudoers/sudoers.c:951 +msgid "sudoedit doesn't need to be run via sudo" +msgstr "Немає потреби у запуску sudoedit за допомогою sudo" + +#: plugins/sudoers/sudoers.c:1005 plugins/sudoers/sudoreplay.c:1502 +#: plugins/sudoers/tsdump.c:145 +#, c-format +msgid "unable to read %s" +msgstr "не вдалося прочитати %s" + +#: plugins/sudoers/sudoers.c:1030 plugins/sudoers/visudo.c:437 +#: plugins/sudoers/visudo.c:733 +#, c-format +msgid "unable to stat %s" +msgstr "не вдалося виконати stat для %s" + +#: plugins/sudoers/sudoers.c:1034 #, c-format msgid "%s is not a regular file" msgstr "%s не є звичайним файлом" -#: plugins/sudoers/sudoers.c:951 plugins/sudoers/timestamp.c:259 toke.l:967 +#: plugins/sudoers/sudoers.c:1038 plugins/sudoers/timestamp.c:259 toke.l:967 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s належить uid %u, має належати %u" -#: plugins/sudoers/sudoers.c:955 toke.l:972 +#: plugins/sudoers/sudoers.c:1042 toke.l:972 #, c-format msgid "%s is world writable" msgstr "Запис до «%s» можливий для довільного користувача" -#: plugins/sudoers/sudoers.c:959 toke.l:975 +#: plugins/sudoers/sudoers.c:1046 toke.l:975 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s належить gid %u, має належати %u" -#: plugins/sudoers/sudoers.c:992 +#: plugins/sudoers/sudoers.c:1079 #, c-format msgid "only root can use \"-c %s\"" msgstr "використовувати «-c %s» може лише root" -#: plugins/sudoers/sudoers.c:1011 +#: plugins/sudoers/sudoers.c:1098 #, c-format msgid "unknown login class: %s" msgstr "невідомий клас входу: %s" -#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoers.c:1110 +#: plugins/sudoers/sudoers.c:1183 plugins/sudoers/sudoers.c:1198 #, c-format msgid "unable to resolve host %s" msgstr "не вдалося визначити адресу вузла %s" -#: plugins/sudoers/sudoreplay.c:250 +#: plugins/sudoers/sudoreplay.c:263 #, c-format msgid "invalid filter option: %s" msgstr "некоректний параметр фільтрування: %s" -#: plugins/sudoers/sudoreplay.c:263 +#: plugins/sudoers/sudoreplay.c:276 #, c-format msgid "invalid max wait: %s" msgstr "некоректне значення макс. очікування: %s" -#: plugins/sudoers/sudoreplay.c:286 +#: plugins/sudoers/sudoreplay.c:299 #, c-format msgid "invalid speed factor: %s" msgstr "некоректний коефіцієнт швидкості: %s" -#: plugins/sudoers/sudoreplay.c:321 +#: plugins/sudoers/sudoreplay.c:335 #, c-format -msgid "%s/%.2s/%.2s/%.2s/timing: %s" -msgstr "%s/%.2s/%.2s/%.2s/timing: %s" +msgid "%s/%.2s/%.2s/%.2s: %s" +msgstr "%s/%.2s/%.2s/%.2s: %s" -#: plugins/sudoers/sudoreplay.c:326 +#: plugins/sudoers/sudoreplay.c:340 #, c-format msgid "%s/timing: %s" msgstr "%s/розклад за часом: %s" -#: plugins/sudoers/sudoreplay.c:330 +#: plugins/sudoers/sudoreplay.c:344 #, c-format -msgid "%s/%s/timing: %s" -msgstr "%s/%s/timing: %s" +msgid "%s/%s: %s" +msgstr "%s/%s: %s" -#: plugins/sudoers/sudoreplay.c:346 +#: plugins/sudoers/sudoreplay.c:372 #, c-format msgid "Replaying sudo session: %s" msgstr "Відтворення сеансу sudo: %s" -#: plugins/sudoers/sudoreplay.c:544 plugins/sudoers/sudoreplay.c:591 -#: plugins/sudoers/sudoreplay.c:789 plugins/sudoers/sudoreplay.c:898 -#: plugins/sudoers/sudoreplay.c:983 plugins/sudoers/sudoreplay.c:998 -#: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/sudoreplay.c:1012 -#: plugins/sudoers/sudoreplay.c:1019 plugins/sudoers/sudoreplay.c:1026 -#: plugins/sudoers/sudoreplay.c:1174 -msgid "unable to add event to queue" -msgstr "не вдалося додати подію до черги обробки" - -#: plugins/sudoers/sudoreplay.c:659 +#: plugins/sudoers/sudoreplay.c:634 msgid "unable to set tty to raw mode" msgstr "не вдалося перевести tty у режим без обробки даних" -#: plugins/sudoers/sudoreplay.c:710 +#: plugins/sudoers/sudoreplay.c:685 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Попередження: розміри вашого термінала є замалими для належного показу журналу.\n" -#: plugins/sudoers/sudoreplay.c:711 +#: plugins/sudoers/sudoreplay.c:686 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Встановлено формат журналу %d x %d, тоді як формат термінала — %d x %d." -#: plugins/sudoers/sudoreplay.c:739 +#: plugins/sudoers/sudoreplay.c:714 msgid "Replay finished, press any key to restore the terminal." msgstr "Відтворення завершено, натисніть будь-яку клавішу, щоб повернутися до термінала." -#: plugins/sudoers/sudoreplay.c:772 -#, c-format -msgid "invalid timing file line: %s" -msgstr "некоректний рядок у файлі timing: %s" - -#: plugins/sudoers/sudoreplay.c:1208 plugins/sudoers/sudoreplay.c:1233 +#: plugins/sudoers/sudoreplay.c:1161 plugins/sudoers/sudoreplay.c:1186 #, c-format msgid "ambiguous expression \"%s\"" msgstr "неоднозначний вираз «%s»" -#: plugins/sudoers/sudoreplay.c:1255 +#: plugins/sudoers/sudoreplay.c:1208 msgid "unmatched ')' in expression" msgstr "зайва дужка, «)», у виразі" -#: plugins/sudoers/sudoreplay.c:1259 +#: plugins/sudoers/sudoreplay.c:1212 #, c-format msgid "unknown search term \"%s\"" msgstr "невідомий ключ пошуку «%s»" -#: plugins/sudoers/sudoreplay.c:1274 +#: plugins/sudoers/sudoreplay.c:1227 #, c-format msgid "%s requires an argument" msgstr "%s потребує визначення аргументу" -#: plugins/sudoers/sudoreplay.c:1277 plugins/sudoers/sudoreplay.c:1518 +#: plugins/sudoers/sudoreplay.c:1230 plugins/sudoers/sudoreplay.c:1478 #, c-format msgid "invalid regular expression: %s" msgstr "некоректний формальний вираз: %s" -#: plugins/sudoers/sudoreplay.c:1281 +#: plugins/sudoers/sudoreplay.c:1234 #, c-format msgid "could not parse date \"%s\"" msgstr "не вдалося обробити дату «%s»" -#: plugins/sudoers/sudoreplay.c:1290 +#: plugins/sudoers/sudoreplay.c:1243 msgid "unmatched '(' in expression" msgstr "зайва дужка, «(», у виразі" -#: plugins/sudoers/sudoreplay.c:1292 +#: plugins/sudoers/sudoreplay.c:1245 msgid "illegal trailing \"or\"" msgstr "помилкове завершальне «or»" -#: plugins/sudoers/sudoreplay.c:1294 +#: plugins/sudoers/sudoreplay.c:1247 msgid "illegal trailing \"!\"" msgstr "помилкове завершальне «!»" -#: plugins/sudoers/sudoreplay.c:1344 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "unknown search type %d" msgstr "невідомий тип пошуку %d" -#: plugins/sudoers/sudoreplay.c:1611 +#: plugins/sudoers/sudoreplay.c:1569 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "користування: %s [-hnRS] [-d каталог] [-m число] [-s число] ідентифікатор\n" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1572 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "використання: %s [-h] [-d каталог] -l [вираз для пошуку]\n" -#: plugins/sudoers/sudoreplay.c:1623 +#: plugins/sudoers/sudoreplay.c:1581 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2094,7 +2622,7 @@ "%s — відтворення журналів сеансів sudo\n" "\n" -#: plugins/sudoers/sudoreplay.c:1625 +#: plugins/sudoers/sudoreplay.c:1583 msgid "" "\n" "Options:\n" @@ -2155,35 +2683,34 @@ msgid "%s is group writable" msgstr "%s доступний до запису учасниками групи" -#: plugins/sudoers/timestamp.c:343 +#: plugins/sudoers/timestamp.c:343 plugins/sudoers/timestamp.c:687 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "не вдалося обрізати файл часової позначки до %lld байтів" -#: plugins/sudoers/timestamp.c:829 plugins/sudoers/timestamp.c:921 -#: plugins/sudoers/visudo.c:498 plugins/sudoers/visudo.c:504 -msgid "unable to read the clock" -msgstr "не вдалося прочитати час на годиннику" - -#: plugins/sudoers/timestamp.c:840 +#: plugins/sudoers/timestamp.c:873 msgid "ignoring time stamp from the future" msgstr "ігноруємо часову позначку з майбутнього" -#: plugins/sudoers/timestamp.c:863 +#: plugins/sudoers/timestamp.c:896 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "занадто далека часова позначка у майбутньому: %20.20s" -#: plugins/sudoers/timestamp.c:985 +#: plugins/sudoers/timestamp.c:1018 #, c-format msgid "unable to lock time stamp file %s" msgstr "не вдалося заблокувати файл часової позначки %s" -#: plugins/sudoers/timestamp.c:1029 plugins/sudoers/timestamp.c:1049 +#: plugins/sudoers/timestamp.c:1062 plugins/sudoers/timestamp.c:1082 #, c-format msgid "lecture status path too long: %s/%s" msgstr "шлях до даних щодо стану отримання настанов є занадто довгим: %s/%s" +#: plugins/sudoers/toke_util.c:132 +msgid "sudoedit should not be specified with a path" +msgstr "sudoedit не слід вказувати разом із шляхом" + #: plugins/sudoers/visudo.c:232 msgid "the -x option will be removed in a future release" msgstr "параметр -x буде вилучено у наступному випуску" @@ -2374,6 +2901,15 @@ msgid "too many levels of includes" msgstr "занадто високий рівень вкладеності" +#~ msgid "No user or host" +#~ msgstr "Немає користувача або вузла" + +#~ msgid "validation failure" +#~ msgstr "помилка під час спроби перевірки" + +#~ msgid "%s/%s/timing: %s" +#~ msgstr "%s/%s/timing: %s" + #~ msgid "ignoring invalid attribute value: %s" #~ msgstr "ігноруємо некоректне значення атрибута: %s" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/plugins/sudoers/po/zh_TW.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/plugins/sudoers/po/zh_TW.mo differ diff -Nru sudo-1.8.31/plugins/sudoers/po/zh_TW.po sudo-1.9.0/plugins/sudoers/po/zh_TW.po --- sudo-1.8.31/plugins/sudoers/po/zh_TW.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/po/zh_TW.po 2020-05-11 16:28:23.000000000 +0000 @@ -3,14 +3,14 @@ # # Todd C. Miller , 2011-2018. # Hugwalk , 2019. -# pan93412 , 2019. +# Yi-Jyun Pan , 2019, 2020. msgid "" msgstr "" -"Project-Id-Version: sudoers 1.8.29rc1\n" +"Project-Id-Version: sudoers 1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-12-23 23:07+0800\n" -"Last-Translator: pan93412 \n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-03-13 19:59+0800\n" +"Last-Translator: Yi-Jyun Pan \n" "Language-Team: Chinese (traditional) \n" "Language: zh_TW\n" "MIME-Version: 1.0\n" @@ -18,7 +18,7 @@ "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=1; plural=0;\n" -"X-Generator: Lokalize 19.08.2\n" +"X-Generator: Poedit 2.3\n" #: confstr.sh:1 msgid "syntax error" @@ -44,70 +44,75 @@ msgid "Sorry, try again." msgstr "抱歉,請重試。" -#: gram.y:196 gram.y:244 gram.y:251 gram.y:258 gram.y:265 gram.y:272 -#: gram.y:288 gram.y:312 gram.y:319 gram.y:326 gram.y:333 gram.y:340 -#: gram.y:403 gram.y:412 gram.y:423 gram.y:456 gram.y:463 gram.y:470 -#: gram.y:477 gram.y:559 gram.y:566 gram.y:575 gram.y:584 gram.y:601 -#: gram.y:713 gram.y:720 gram.y:727 gram.y:735 gram.y:835 gram.y:842 -#: gram.y:849 gram.y:856 gram.y:863 gram.y:889 gram.y:896 gram.y:903 -#: gram.y:1026 gram.y:1303 plugins/sudoers/alias.c:132 -#: plugins/sudoers/alias.c:139 plugins/sudoers/alias.c:155 -#: plugins/sudoers/auth/bsdauth.c:148 plugins/sudoers/auth/kerb5.c:123 -#: plugins/sudoers/auth/kerb5.c:149 plugins/sudoers/auth/pam.c:670 -#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/auth/sia.c:64 -#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:165 -#: plugins/sudoers/cvtsudoers.c:182 plugins/sudoers/cvtsudoers.c:193 -#: plugins/sudoers/cvtsudoers.c:305 plugins/sudoers/cvtsudoers.c:433 -#: plugins/sudoers/cvtsudoers.c:566 plugins/sudoers/cvtsudoers.c:583 -#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 -#: plugins/sudoers/cvtsudoers.c:769 plugins/sudoers/cvtsudoers.c:1179 -#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1285 +#: gram.y:198 gram.y:246 gram.y:253 gram.y:260 gram.y:267 gram.y:274 +#: gram.y:290 gram.y:314 gram.y:321 gram.y:328 gram.y:335 gram.y:342 +#: gram.y:405 gram.y:414 gram.y:425 gram.y:458 gram.y:465 gram.y:472 +#: gram.y:479 gram.y:506 gram.y:578 gram.y:585 gram.y:594 gram.y:603 +#: gram.y:620 gram.y:732 gram.y:739 gram.y:747 gram.y:753 gram.y:853 +#: gram.y:860 gram.y:867 gram.y:874 gram.y:881 gram.y:907 gram.y:914 +#: gram.y:921 gram.y:1063 gram.y:1342 lib/iolog/iolog_util.c:79 +#: lib/iolog/iolog_util.c:118 lib/iolog/iolog_util.c:127 +#: lib/iolog/iolog_util.c:137 lib/iolog/iolog_util.c:145 +#: lib/iolog/iolog_util.c:149 logsrvd/eventlog.c:223 logsrvd/sendlog.c:286 +#: plugins/sudoers/alias.c:132 plugins/sudoers/alias.c:139 +#: plugins/sudoers/alias.c:155 plugins/sudoers/auth/bsdauth.c:148 +#: plugins/sudoers/auth/kerb5.c:123 plugins/sudoers/auth/kerb5.c:149 +#: plugins/sudoers/auth/pam.c:673 plugins/sudoers/auth/rfc1938.c:116 +#: plugins/sudoers/auth/sia.c:64 plugins/sudoers/cvtsudoers.c:124 +#: plugins/sudoers/cvtsudoers.c:165 plugins/sudoers/cvtsudoers.c:182 +#: plugins/sudoers/cvtsudoers.c:193 plugins/sudoers/cvtsudoers.c:305 +#: plugins/sudoers/cvtsudoers.c:433 plugins/sudoers/cvtsudoers.c:566 +#: plugins/sudoers/cvtsudoers.c:583 plugins/sudoers/cvtsudoers.c:646 +#: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:769 +#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1187 +#: plugins/sudoers/cvtsudoers.c:1289 plugins/sudoers/cvtsudoers_json.c:83 #: plugins/sudoers/cvtsudoers_ldif.c:154 plugins/sudoers/cvtsudoers_ldif.c:197 -#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:263 -#: plugins/sudoers/cvtsudoers_ldif.c:334 plugins/sudoers/cvtsudoers_ldif.c:389 -#: plugins/sudoers/cvtsudoers_ldif.c:397 plugins/sudoers/cvtsudoers_ldif.c:414 -#: plugins/sudoers/cvtsudoers_ldif.c:423 plugins/sudoers/cvtsudoers_ldif.c:570 -#: plugins/sudoers/defaults.c:666 plugins/sudoers/defaults.c:959 -#: plugins/sudoers/defaults.c:1130 plugins/sudoers/editor.c:72 +#: plugins/sudoers/cvtsudoers_ldif.c:238 plugins/sudoers/cvtsudoers_ldif.c:303 +#: plugins/sudoers/cvtsudoers_ldif.c:374 plugins/sudoers/cvtsudoers_ldif.c:429 +#: plugins/sudoers/cvtsudoers_ldif.c:437 plugins/sudoers/cvtsudoers_ldif.c:454 +#: plugins/sudoers/cvtsudoers_ldif.c:463 plugins/sudoers/cvtsudoers_ldif.c:610 +#: plugins/sudoers/defaults.c:632 plugins/sudoers/defaults.c:925 +#: plugins/sudoers/defaults.c:1058 plugins/sudoers/editor.c:72 #: plugins/sudoers/editor.c:90 plugins/sudoers/editor.c:101 #: plugins/sudoers/env.c:268 plugins/sudoers/filedigest.c:66 #: plugins/sudoers/filedigest.c:82 plugins/sudoers/gc.c:59 -#: plugins/sudoers/group_plugin.c:138 plugins/sudoers/interfaces.c:78 -#: plugins/sudoers/iolog.c:943 plugins/sudoers/iolog_path.c:174 -#: plugins/sudoers/iolog_util.c:86 plugins/sudoers/iolog_util.c:125 -#: plugins/sudoers/iolog_util.c:134 plugins/sudoers/iolog_util.c:144 -#: plugins/sudoers/iolog_util.c:152 plugins/sudoers/iolog_util.c:156 -#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416 -#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887 -#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668 -#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786 -#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022 -#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223 -#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306 -#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446 -#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558 -#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:683 -#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:510 -#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/linux_audit.c:83 -#: plugins/sudoers/logging.c:202 plugins/sudoers/logging.c:532 -#: plugins/sudoers/logging.c:558 plugins/sudoers/logging.c:599 -#: plugins/sudoers/logging.c:740 plugins/sudoers/logging.c:1100 -#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:367 -#: plugins/sudoers/match_command.c:414 plugins/sudoers/match_command.c:485 -#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:200 +#: plugins/sudoers/group_plugin.c:141 plugins/sudoers/interfaces.c:78 +#: plugins/sudoers/iolog.c:476 plugins/sudoers/iolog_client.c:107 +#: plugins/sudoers/iolog_client.c:485 plugins/sudoers/iolog_client.c:593 +#: plugins/sudoers/iolog_client.c:611 plugins/sudoers/iolog_client.c:1053 +#: plugins/sudoers/iolog_client.c:1283 plugins/sudoers/iolog_client.c:1619 +#: plugins/sudoers/iolog_client.c:1647 plugins/sudoers/ldap.c:185 +#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723 +#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241 +#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705 +#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921 +#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038 +#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254 +#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342 +#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461 +#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591 +#: plugins/sudoers/ldap_conf.c:683 plugins/sudoers/ldap_conf.c:765 +#: plugins/sudoers/ldap_util.c:331 plugins/sudoers/ldap_util.c:338 +#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:83 +#: plugins/sudoers/logging.c:200 plugins/sudoers/logging.c:527 +#: plugins/sudoers/logging.c:553 plugins/sudoers/logging.c:594 +#: plugins/sudoers/logging.c:731 plugins/sudoers/logging.c:1091 +#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:397 +#: plugins/sudoers/match_command.c:444 plugins/sudoers/match_command.c:515 +#: plugins/sudoers/match_digest.c:87 plugins/sudoers/parse.c:200 #: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:227 #: plugins/sudoers/parse.c:239 plugins/sudoers/parse_ldif.c:156 #: plugins/sudoers/parse_ldif.c:187 plugins/sudoers/parse_ldif.c:256 #: plugins/sudoers/parse_ldif.c:263 plugins/sudoers/parse_ldif.c:268 #: plugins/sudoers/parse_ldif.c:344 plugins/sudoers/parse_ldif.c:355 -#: plugins/sudoers/parse_ldif.c:361 plugins/sudoers/parse_ldif.c:386 -#: plugins/sudoers/parse_ldif.c:398 plugins/sudoers/parse_ldif.c:402 -#: plugins/sudoers/parse_ldif.c:416 plugins/sudoers/parse_ldif.c:584 -#: plugins/sudoers/parse_ldif.c:614 plugins/sudoers/parse_ldif.c:639 -#: plugins/sudoers/parse_ldif.c:697 plugins/sudoers/parse_ldif.c:714 -#: plugins/sudoers/parse_ldif.c:742 plugins/sudoers/parse_ldif.c:749 -#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:750 +#: plugins/sudoers/parse_ldif.c:382 plugins/sudoers/parse_ldif.c:399 +#: plugins/sudoers/parse_ldif.c:411 plugins/sudoers/parse_ldif.c:415 +#: plugins/sudoers/parse_ldif.c:429 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:627 plugins/sudoers/parse_ldif.c:652 +#: plugins/sudoers/parse_ldif.c:710 plugins/sudoers/parse_ldif.c:727 +#: plugins/sudoers/parse_ldif.c:755 plugins/sudoers/parse_ldif.c:762 +#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:830 #: plugins/sudoers/prompt.c:100 plugins/sudoers/pwutil.c:199 #: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 #: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:586 @@ -117,19 +122,19 @@ #: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 #: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 #: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 -#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 -#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 -#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 -#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 -#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:114 -#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 -#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 -#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 -#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 -#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 -#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:331 plugins/sudoers/sudoers.c:341 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:735 +#: plugins/sudoers/sudoers.c:864 plugins/sudoers/sudoers.c:909 +#: plugins/sudoers/sudoers.c:1213 plugins/sudoers/sudoreplay.c:559 +#: plugins/sudoers/sudoreplay.c:562 plugins/sudoers/sudoreplay.c:1218 +#: plugins/sudoers/sudoreplay.c:1425 plugins/sudoers/sudoreplay.c:1429 +#: plugins/sudoers/testsudoers.c:136 plugins/sudoers/testsudoers.c:236 +#: plugins/sudoers/testsudoers.c:253 plugins/sudoers/testsudoers.c:587 +#: plugins/sudoers/timestamp.c:439 plugins/sudoers/timestamp.c:483 +#: plugins/sudoers/timestamp.c:993 plugins/sudoers/toke_util.c:59 +#: plugins/sudoers/toke_util.c:112 plugins/sudoers/toke_util.c:137 +#: plugins/sudoers/toke_util.c:165 plugins/sudoers/tsdump.c:130 #: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 #: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 #: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 @@ -138,111 +143,116 @@ msgid "unable to allocate memory" msgstr "無法分配記憶體" -#: gram.y:488 +#: gram.y:500 msgid "a digest requires a path name" msgstr "摘要需要路徑名稱" -#: gram.y:614 +#: gram.y:633 msgid "invalid notbefore value" msgstr "notbefore 的值無效" -#: gram.y:622 +#: gram.y:641 msgid "invalid notafter value" msgstr "notafter 的值無效" -#: gram.y:631 plugins/sudoers/policy.c:320 +#: gram.y:650 plugins/sudoers/policy.c:319 msgid "timeout value too large" msgstr "timeout 值過長" -#: gram.y:633 plugins/sudoers/policy.c:322 +#: gram.y:652 plugins/sudoers/policy.c:321 msgid "invalid timeout value" msgstr "timeout 值無效" -#: gram.y:1303 plugins/sudoers/auth/pam.c:483 plugins/sudoers/auth/pam.c:670 -#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/cvtsudoers.c:124 -#: plugins/sudoers/cvtsudoers.c:164 plugins/sudoers/cvtsudoers.c:181 -#: plugins/sudoers/cvtsudoers.c:192 plugins/sudoers/cvtsudoers.c:304 -#: plugins/sudoers/cvtsudoers.c:432 plugins/sudoers/cvtsudoers.c:565 -#: plugins/sudoers/cvtsudoers.c:582 plugins/sudoers/cvtsudoers.c:646 -#: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:768 -#: plugins/sudoers/cvtsudoers.c:1179 plugins/sudoers/cvtsudoers.c:1183 -#: plugins/sudoers/cvtsudoers.c:1285 plugins/sudoers/cvtsudoers_ldif.c:153 -#: plugins/sudoers/cvtsudoers_ldif.c:196 plugins/sudoers/cvtsudoers_ldif.c:243 -#: plugins/sudoers/cvtsudoers_ldif.c:262 plugins/sudoers/cvtsudoers_ldif.c:333 -#: plugins/sudoers/cvtsudoers_ldif.c:388 plugins/sudoers/cvtsudoers_ldif.c:396 -#: plugins/sudoers/cvtsudoers_ldif.c:413 plugins/sudoers/cvtsudoers_ldif.c:422 -#: plugins/sudoers/cvtsudoers_ldif.c:569 plugins/sudoers/defaults.c:666 -#: plugins/sudoers/defaults.c:959 plugins/sudoers/defaults.c:1130 +#: gram.y:1342 lib/iolog/iolog_util.c:79 lib/iolog/iolog_util.c:118 +#: lib/iolog/iolog_util.c:127 lib/iolog/iolog_util.c:137 +#: lib/iolog/iolog_util.c:145 lib/iolog/iolog_util.c:149 +#: logsrvd/eventlog.c:223 plugins/sudoers/auth/pam.c:486 +#: plugins/sudoers/auth/pam.c:673 plugins/sudoers/auth/rfc1938.c:116 +#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:164 +#: plugins/sudoers/cvtsudoers.c:181 plugins/sudoers/cvtsudoers.c:192 +#: plugins/sudoers/cvtsudoers.c:304 plugins/sudoers/cvtsudoers.c:432 +#: plugins/sudoers/cvtsudoers.c:565 plugins/sudoers/cvtsudoers.c:582 +#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 +#: plugins/sudoers/cvtsudoers.c:768 plugins/sudoers/cvtsudoers.c:1183 +#: plugins/sudoers/cvtsudoers.c:1187 plugins/sudoers/cvtsudoers.c:1289 +#: plugins/sudoers/cvtsudoers_json.c:82 plugins/sudoers/cvtsudoers_ldif.c:153 +#: plugins/sudoers/cvtsudoers_ldif.c:196 plugins/sudoers/cvtsudoers_ldif.c:237 +#: plugins/sudoers/cvtsudoers_ldif.c:302 plugins/sudoers/cvtsudoers_ldif.c:373 +#: plugins/sudoers/cvtsudoers_ldif.c:428 plugins/sudoers/cvtsudoers_ldif.c:436 +#: plugins/sudoers/cvtsudoers_ldif.c:453 plugins/sudoers/cvtsudoers_ldif.c:462 +#: plugins/sudoers/cvtsudoers_ldif.c:609 plugins/sudoers/defaults.c:632 +#: plugins/sudoers/defaults.c:925 plugins/sudoers/defaults.c:1058 #: plugins/sudoers/editor.c:72 plugins/sudoers/editor.c:90 #: plugins/sudoers/editor.c:101 plugins/sudoers/env.c:268 #: plugins/sudoers/filedigest.c:66 plugins/sudoers/filedigest.c:82 -#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:138 -#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:943 -#: plugins/sudoers/iolog_path.c:174 plugins/sudoers/iolog_util.c:86 -#: plugins/sudoers/iolog_util.c:125 plugins/sudoers/iolog_util.c:134 -#: plugins/sudoers/iolog_util.c:144 plugins/sudoers/iolog_util.c:152 -#: plugins/sudoers/iolog_util.c:156 plugins/sudoers/ldap.c:185 -#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420 -#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723 -#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241 -#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705 -#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921 -#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038 -#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254 -#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342 -#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461 -#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591 -#: plugins/sudoers/ldap_conf.c:682 plugins/sudoers/ldap_conf.c:765 -#: plugins/sudoers/ldap_util.c:510 plugins/sudoers/ldap_util.c:567 -#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:202 -#: plugins/sudoers/logging.c:532 plugins/sudoers/logging.c:558 -#: plugins/sudoers/logging.c:598 plugins/sudoers/logging.c:1100 -#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:366 -#: plugins/sudoers/match_command.c:413 plugins/sudoers/match_command.c:485 -#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:199 +#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:140 +#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:476 +#: plugins/sudoers/iolog_client.c:107 plugins/sudoers/iolog_client.c:485 +#: plugins/sudoers/iolog_client.c:593 plugins/sudoers/iolog_client.c:611 +#: plugins/sudoers/iolog_client.c:1053 plugins/sudoers/iolog_client.c:1283 +#: plugins/sudoers/iolog_client.c:1619 plugins/sudoers/iolog_client.c:1647 +#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416 +#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432 +#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887 +#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668 +#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786 +#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022 +#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223 +#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306 +#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446 +#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558 +#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:682 +#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:330 +#: plugins/sudoers/ldap_util.c:337 plugins/sudoers/ldap_util.c:603 +#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:200 +#: plugins/sudoers/logging.c:527 plugins/sudoers/logging.c:553 +#: plugins/sudoers/logging.c:593 plugins/sudoers/logging.c:1091 +#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:396 +#: plugins/sudoers/match_command.c:443 plugins/sudoers/match_command.c:515 +#: plugins/sudoers/match_digest.c:87 plugins/sudoers/parse.c:199 #: plugins/sudoers/parse.c:211 plugins/sudoers/parse.c:226 #: plugins/sudoers/parse.c:238 plugins/sudoers/parse_ldif.c:155 #: plugins/sudoers/parse_ldif.c:186 plugins/sudoers/parse_ldif.c:255 #: plugins/sudoers/parse_ldif.c:262 plugins/sudoers/parse_ldif.c:267 #: plugins/sudoers/parse_ldif.c:343 plugins/sudoers/parse_ldif.c:354 -#: plugins/sudoers/parse_ldif.c:360 plugins/sudoers/parse_ldif.c:385 -#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:401 -#: plugins/sudoers/parse_ldif.c:415 plugins/sudoers/parse_ldif.c:584 -#: plugins/sudoers/parse_ldif.c:613 plugins/sudoers/parse_ldif.c:638 -#: plugins/sudoers/parse_ldif.c:696 plugins/sudoers/parse_ldif.c:713 -#: plugins/sudoers/parse_ldif.c:741 plugins/sudoers/parse_ldif.c:748 -#: plugins/sudoers/policy.c:134 plugins/sudoers/policy.c:143 -#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:178 -#: plugins/sudoers/policy.c:305 plugins/sudoers/policy.c:320 -#: plugins/sudoers/policy.c:322 plugins/sudoers/policy.c:348 -#: plugins/sudoers/policy.c:358 plugins/sudoers/policy.c:402 +#: plugins/sudoers/parse_ldif.c:381 plugins/sudoers/parse_ldif.c:398 +#: plugins/sudoers/parse_ldif.c:410 plugins/sudoers/parse_ldif.c:414 +#: plugins/sudoers/parse_ldif.c:428 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:133 plugins/sudoers/policy.c:142 +#: plugins/sudoers/policy.c:151 plugins/sudoers/policy.c:177 +#: plugins/sudoers/policy.c:304 plugins/sudoers/policy.c:319 +#: plugins/sudoers/policy.c:321 plugins/sudoers/policy.c:350 +#: plugins/sudoers/policy.c:359 plugins/sudoers/policy.c:402 #: plugins/sudoers/policy.c:412 plugins/sudoers/policy.c:421 #: plugins/sudoers/policy.c:430 plugins/sudoers/policy.c:504 -#: plugins/sudoers/policy.c:750 plugins/sudoers/prompt.c:100 +#: plugins/sudoers/policy.c:830 plugins/sudoers/prompt.c:100 #: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 #: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 #: plugins/sudoers/pwutil.c:586 plugins/sudoers/pwutil.c:657 #: plugins/sudoers/pwutil.c:816 plugins/sudoers/pwutil.c:873 #: plugins/sudoers/pwutil.c:917 plugins/sudoers/pwutil.c:975 -#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 -#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 -#: plugins/sudoers/set_perms.c:1659 plugins/sudoers/sssd.c:153 +#: plugins/sudoers/set_perms.c:365 plugins/sudoers/set_perms.c:704 +#: plugins/sudoers/set_perms.c:1067 plugins/sudoers/set_perms.c:1370 +#: plugins/sudoers/set_perms.c:1535 plugins/sudoers/sssd.c:153 #: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 #: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 #: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 -#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 -#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 -#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 -#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 -#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:113 -#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 -#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 -#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 -#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 -#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 -#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:331 plugins/sudoers/sudoers.c:341 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:735 +#: plugins/sudoers/sudoers.c:864 plugins/sudoers/sudoers.c:909 +#: plugins/sudoers/sudoers.c:1213 plugins/sudoers/sudoreplay.c:559 +#: plugins/sudoers/sudoreplay.c:562 plugins/sudoers/sudoreplay.c:1218 +#: plugins/sudoers/sudoreplay.c:1425 plugins/sudoers/sudoreplay.c:1429 +#: plugins/sudoers/testsudoers.c:136 plugins/sudoers/testsudoers.c:236 +#: plugins/sudoers/testsudoers.c:253 plugins/sudoers/testsudoers.c:587 +#: plugins/sudoers/timestamp.c:439 plugins/sudoers/timestamp.c:483 +#: plugins/sudoers/timestamp.c:993 plugins/sudoers/toke_util.c:59 +#: plugins/sudoers/toke_util.c:112 plugins/sudoers/toke_util.c:136 +#: plugins/sudoers/toke_util.c:165 plugins/sudoers/tsdump.c:130 #: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 #: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 #: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 @@ -252,12 +262,457 @@ msgid "%s: %s" msgstr "%s:%s" +#: lib/iolog/iolog_fileio.c:164 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s 存在,但非目錄 (0%o)" + +#: lib/iolog/iolog_fileio.c:194 lib/iolog/iolog_fileio.c:240 +#: plugins/sudoers/timestamp.c:212 +#, c-format +msgid "unable to mkdir %s" +msgstr "無法建立目錄 %s" + +#: lib/iolog/iolog_fileio.c:244 plugins/sudoers/visudo.c:739 +#: plugins/sudoers/visudo.c:750 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "無法將 %s 的模式變更為 0%o" + +#: lib/iolog/iolog_util.c:83 +#, c-format +msgid "%s: invalid log file" +msgstr "%s:無效的記錄檔案" + +#: lib/iolog/iolog_util.c:101 +#, c-format +msgid "%s: time stamp field is missing" +msgstr "%s:缺少 時間戳 欄位" + +#: lib/iolog/iolog_util.c:107 +#, c-format +msgid "%s: time stamp %s: %s" +msgstr "%s:時間戳 %s:%s" + +#: lib/iolog/iolog_util.c:114 +#, c-format +msgid "%s: user field is missing" +msgstr "%s:缺少 使用者 欄位" + +#: lib/iolog/iolog_util.c:123 +#, c-format +msgid "%s: runas user field is missing" +msgstr "%s:缺少 runas 使用者 欄位" + +#: lib/iolog/iolog_util.c:132 +#, c-format +msgid "%s: runas group field is missing" +msgstr "%s:缺少 runas 群組 欄位" + +#: lib/iolog/iolog_util.c:382 +#, c-format +msgid "error reading timing file: %s" +msgstr "讀取計時檔案時發生錯誤:%s" + +#: lib/iolog/iolog_util.c:389 +#, c-format +msgid "invalid timing file line: %s" +msgstr "無效的計時檔案行號:%s" + +#: logsrvd/eventlog.c:228 plugins/sudoers/cvtsudoers_ldif.c:247 +#: plugins/sudoers/cvtsudoers_ldif.c:254 plugins/sudoers/cvtsudoers_ldif.c:566 +#: plugins/sudoers/env.c:330 plugins/sudoers/env.c:337 +#: plugins/sudoers/env.c:442 plugins/sudoers/iolog.c:550 +#: plugins/sudoers/iolog.c:566 plugins/sudoers/ldap.c:496 +#: plugins/sudoers/ldap.c:727 plugins/sudoers/ldap.c:1060 +#: plugins/sudoers/ldap_conf.c:227 plugins/sudoers/ldap_conf.c:317 +#: plugins/sudoers/linux_audit.c:89 plugins/sudoers/logging.c:1096 +#: plugins/sudoers/policy.c:534 plugins/sudoers/policy.c:679 +#: plugins/sudoers/policy.c:689 plugins/sudoers/prompt.c:168 +#: plugins/sudoers/sudoers.c:931 plugins/sudoers/testsudoers.c:257 +#: plugins/sudoers/toke_util.c:177 +#, c-format +msgid "internal error, %s overflow" +msgstr "內部錯誤,%s 溢出" + +#: logsrvd/eventlog.c:422 plugins/sudoers/logging.c:118 +#, c-format +msgid "%8s : %s" +msgstr "%8s : %s" + +#: logsrvd/eventlog.c:451 plugins/sudoers/logging.c:146 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "%8s : (指令繼續執行) %s" + +#: logsrvd/iolog_writer.c:886 +msgid "log is already complete, cannot be restarted" +msgstr "記錄已完成,無法重新開始" + +#: logsrvd/iolog_writer.c:917 +msgid "unable to restart log" +msgstr "無法重新啟動記錄" + +#: logsrvd/logsrv_util.c:96 logsrvd/logsrv_util.c:103 +#: plugins/sudoers/sudoreplay.c:355 plugins/sudoers/sudoreplay.c:361 +#: plugins/sudoers/sudoreplay.c:368 +#, c-format +msgid "unable to open %s/%s" +msgstr "無法開啟 %s/%s" + +#: logsrvd/logsrv_util.c:130 +#, c-format +msgid "missing I/O log file %s/%s" +msgstr "缺少 I/O 記錄檔 %s/%s" + +#: logsrvd/logsrv_util.c:137 +#, c-format +msgid "%s/%s: unable to seek forward %zu" +msgstr "%s/%s:無法往前搜尋 %zu" + +#: logsrvd/logsrv_util.c:147 +#, c-format +msgid "unable to find resume point [%lld, %ld] in %s/%s" +msgstr "%3$s/%4$s 中找不到繼續點 [%1$lld, %2$ld]" + +#: logsrvd/logsrvd.c:231 logsrvd/logsrvd.c:299 logsrvd/logsrvd.c:343 +#: logsrvd/logsrvd.c:392 logsrvd/logsrvd.c:439 logsrvd/logsrvd.c:484 +#: logsrvd/logsrvd.c:510 +msgid "state machine error" +msgstr "狀態機器發生錯誤" + +#: logsrvd/logsrvd.c:240 +msgid "invalid AcceptMessage" +msgstr "無效的 AcceptMessage" + +#: logsrvd/logsrvd.c:251 +msgid "error parsing AcceptMessage" +msgstr "解析 AcceptMessage 時發生錯誤" + +#: logsrvd/logsrvd.c:258 +msgid "error creating I/O log" +msgstr "建立 I/O 日誌時發生錯誤" + +#: logsrvd/logsrvd.c:265 +msgid "error logging accept event" +msgstr "記錄接受事件時發生錯誤" + +#: logsrvd/logsrvd.c:308 +msgid "invalid RejectMessage" +msgstr "無效的 RejectMessage" + +#: logsrvd/logsrvd.c:319 +msgid "error parsing RejectMessage" +msgstr "解析 RejectMessage 時發生錯誤" + +#: logsrvd/logsrvd.c:325 +msgid "error logging reject event" +msgstr "記錄拒絕事件時發生錯誤" + +#: logsrvd/logsrvd.c:424 +msgid "error logging alert event" +msgstr "記錄提醒事件時發生錯誤" + +#: logsrvd/logsrvd.c:449 +msgid "error writing IoBuffer" +msgstr "寫入 IoBuffer 時發生錯誤" + +#: logsrvd/logsrvd.c:495 +msgid "error writing ChangeWindowSize" +msgstr "寫入 ChangeWindowSize 時發生錯誤" + +#: logsrvd/logsrvd.c:521 +msgid "error writing CommandSuspend" +msgstr "寫入 CommandSuspend 時發生錯誤" + +#: logsrvd/logsrvd.c:583 +msgid "unrecognized ClientMessage type" +msgstr "無法識別的 ClientMessage 類型" + +#: logsrvd/logsrvd.c:835 +msgid "client message too large" +msgstr "用戶端訊息過長" + +#: logsrvd/logsrvd.c:1295 logsrvd/logsrvd.c:1415 logsrvd/logsrvd.c:1539 +#: logsrvd/logsrvd.c:1631 logsrvd/sendlog.c:242 logsrvd/sendlog.c:257 +#: logsrvd/sendlog.c:290 logsrvd/sendlog.c:1264 plugins/sudoers/iolog.c:900 +#: plugins/sudoers/iolog.c:1033 plugins/sudoers/iolog.c:1131 +#: plugins/sudoers/iolog_client.c:111 plugins/sudoers/iolog_client.c:436 +#: plugins/sudoers/iolog_client.c:452 plugins/sudoers/iolog_client.c:490 +#: plugins/sudoers/iolog_client.c:1032 plugins/sudoers/iolog_client.c:1061 +#: plugins/sudoers/iolog_client.c:1133 plugins/sudoers/iolog_client.c:1239 +#: plugins/sudoers/iolog_client.c:1353 plugins/sudoers/iolog_client.c:1655 +#: plugins/sudoers/iolog_client.c:1663 plugins/sudoers/sudoreplay.c:519 +#: plugins/sudoers/sudoreplay.c:566 plugins/sudoers/sudoreplay.c:755 +#: plugins/sudoers/sudoreplay.c:867 plugins/sudoers/sudoreplay.c:957 +#: plugins/sudoers/sudoreplay.c:972 plugins/sudoers/sudoreplay.c:979 +#: plugins/sudoers/sudoreplay.c:986 plugins/sudoers/sudoreplay.c:993 +#: plugins/sudoers/sudoreplay.c:1000 plugins/sudoers/sudoreplay.c:1127 +msgid "unable to add event to queue" +msgstr "無法將事件附加到佇列" + +#: logsrvd/logsrvd.c:1407 plugins/sudoers/iolog_client.c:378 +#, c-format +msgid "Unable to attach user data to the ssl object: %s" +msgstr "無法將使用者資料連結至 SSL 物件:%s" + +#: logsrvd/logsrvd.c:1443 plugins/sudoers/iolog_client.c:1596 +#: plugins/sudoers/iolog_client.c:1604 +msgid "unable to get remote IP addr" +msgstr "無法取得遠端 IP 地址" + +#: logsrvd/logsrvd.c:1692 logsrvd/sendlog.c:113 +#, c-format +msgid "" +"%s - send sudo I/O log to remote server\n" +"\n" +msgstr "" +"%s - 傳送 sudo I/O 記錄至遠端伺服器\n" +"\n" + +#: logsrvd/logsrvd.c:1695 +#, fuzzy +msgid "" +"\n" +"Options:\n" +" -f, --file path to configuration file\n" +" -h --help display help message and exit\n" +" -n, --no-fork do not fork, run in the foreground\n" +" -R, --random-drop percent chance connections will drop\n" +" -V, --version display version information and exit\n" +msgstr "" +"\n" +"選項:\n" +" -f, --file 設定檔路徑\n" +" -h, --help 顯示說明訊息並退出\n" +" -n, --no-fork 不要 fork,在前景執行\n" +" -R, --random-drop percent chance connections will drop\n" +" -V, --version 顯示版本資訊後離開\n" + +#: logsrvd/logsrvd.c:1747 logsrvd/sendlog.c:1513 +msgid "Protobuf-C version 1.3 or higher required" +msgstr "需要 Protobuf-C 版本 1.3 或更高版本" + +#: logsrvd/logsrvd.c:1765 +#, c-format +msgid "invalid random drop value: %s" +msgstr "隨機丟棄值無效:%s" + +#: logsrvd/logsrvd.c:1769 logsrvd/sendlog.c:1551 +#: plugins/sudoers/cvtsudoers.c:233 plugins/sudoers/sudoreplay.c:302 +#: plugins/sudoers/visudo.c:184 +#, c-format +msgid "%s version %s\n" +msgstr "%s 版本 %s\n" + +#: logsrvd/logsrvd_conf.c:688 +#, c-format +msgid "%s: not a fully qualified path" +msgstr "%s:路徑不完全合法" + +#: logsrvd/logsrvd_conf.c:802 +#, c-format +msgid "%s:%d unmatched '[': %s" +msgstr "%s:%d 不對稱的 '[': %s" + +#: logsrvd/logsrvd_conf.c:813 +#, c-format +msgid "%s:%d invalid config section: %s" +msgstr "%s:%d 無效的設定檔區段:%s" + +#: logsrvd/logsrvd_conf.c:821 +#, c-format +msgid "%s:%d invalid configuration line: %s" +msgstr "%s:%d 無效的設定檔行:%s" + +#: logsrvd/logsrvd_conf.c:827 +#, c-format +msgid "%s:%d expected section name: %s" +msgstr "%s:%d 應有區段名稱:%s" + +#: logsrvd/logsrvd_conf.c:841 +#, c-format +msgid "invalid value for %s: %s" +msgstr "%s 的值無效:%s" + +#: logsrvd/logsrvd_conf.c:849 +#, c-format +msgid "%s:%d unknown key: %s" +msgstr "%s:%d 未知鍵:%s" + +#: logsrvd/logsrvd_conf.c:977 +#, c-format +msgid "unknown syslog facility %s" +msgstr "" + +#: logsrvd/logsrvd_conf.c:981 logsrvd/logsrvd_conf.c:985 +#: logsrvd/logsrvd_conf.c:989 +#, c-format +msgid "unknown syslog priority %s" +msgstr "未知 syslog 優先級 %s" + +#: logsrvd/sendlog.c:116 +#, fuzzy +msgid "" +"\n" +"Options:\n" +" --help display help message and exit\n" +" -h, --host host to send logs to\n" +" -i, --iolog_id remote ID of I/O log to be resumed\n" +" -p, --port port to use when connecting to host\n" +" -r, --restart restart previous I/O log transfer\n" +" -t, --test test audit server by sending selected I/O log n times in parallel\n" +" -b, --ca-bundle certificate bundle file to verify server's cert against\n" +" -c, --cert certificate file for TLS handshake\n" +" -k, --key private key file\n" +" -V, --version display version information and exit\n" +msgstr "" +"\n" +"選項:\n" +" --help 顯示說明訊息後離開\n" +" -h, --host 要傳送記錄至的目標主機\n" +" -i, --iolog_id 要繼續的 I/O 記錄的遠端 ID\n" +" -p, --port 連線到主機時要使用的連線埠\n" +" -r, --restart 重新啟動上次的 I/O 記錄傳輸\n" +" -t, --test 透過並行傳送選取的 I/O 記錄 n 次來測試稽核伺服器\n" +" -b, --ca-bundle certificate bundle file to verify server's cert against\n" +" -c, --cert 用於 TLS 交握的憑證檔案\n" +" -k, --key 私鑰檔案\n" +" -V, --version 顯示版本資訊後離開\n" + +#: logsrvd/sendlog.c:216 plugins/sudoers/iolog_client.c:409 +msgid "TLS handshake timeout occurred" +msgstr "遇到 TLS 交握逾時" + +#: logsrvd/sendlog.c:237 logsrvd/sendlog.c:252 +#: plugins/sudoers/iolog_client.c:430 plugins/sudoers/iolog_client.c:446 +msgid "unable to set event" +msgstr "無法設定事件" + +#: logsrvd/sendlog.c:262 +#, c-format +msgid "SSL_connect failed: ssl_error=%d, stack=%s\n" +msgstr "SSL_connect 失敗:ssl_error=%d, stack=%s\n" + +#: logsrvd/sendlog.c:294 plugins/sudoers/iolog_client.c:115 +#: plugins/sudoers/iolog_client.c:495 plugins/sudoers/iolog_client.c:1065 +#: plugins/sudoers/iolog_client.c:1671 +msgid "error in event loop" +msgstr "事件循環中發生錯誤" + +#: logsrvd/sendlog.c:311 +msgid "CA bundle file was not specified" +msgstr "未指定 CA bundle 檔案" + +#: logsrvd/sendlog.c:315 +msgid "Client certificate was not specified" +msgstr "未指定用戶端憑證" + +#: logsrvd/sendlog.c:319 +#, c-format +msgid "Unable to initialize ssl context: %s" +msgstr "無法初始化 SSL 上下文:%s" + +#: logsrvd/sendlog.c:324 +#, c-format +msgid "Unable to allocate ssl object: %s\n" +msgstr "無法配置 SSL 物件:%s\n" + +#: logsrvd/sendlog.c:329 +#, c-format +msgid "Unable to attach socket to the ssl object: %s\n" +msgstr "無法將 socket 通訊端連結到 SSL 物件:%s\v\n" + +#: logsrvd/sendlog.c:367 plugins/sudoers/iolog_client.c:150 +#, c-format +msgid "unable to look up %s:%s: %s" +msgstr "無法查看 %s:%s: %s" + +#: logsrvd/sendlog.c:522 plugins/sudoers/sudoreplay.c:815 +#, c-format +msgid "unable to read %s/%s: %s" +msgstr "無法讀取 %s/%s: %s" + +#: logsrvd/sendlog.c:543 +#, c-format +msgid "client message too large: %zu\n" +msgstr "用戶端訊息過長:%zu\n" + +#: logsrvd/sendlog.c:941 +#, c-format +msgid "%s: write buffer already in use" +msgstr "%s:寫入緩衝區正被使用" + +#: logsrvd/sendlog.c:993 plugins/sudoers/iolog.c:824 +#: plugins/sudoers/iolog.c:893 +#, c-format +msgid "unexpected I/O event %d" +msgstr "不應有的 I/O 事件 %d" + +#: logsrvd/sendlog.c:1025 logsrvd/sendlog.c:1042 logsrvd/sendlog.c:1092 +#: plugins/sudoers/iolog_client.c:1037 plugins/sudoers/iolog_client.c:1090 +#: plugins/sudoers/iolog_client.c:1151 +#, c-format +msgid "%s: unexpected state %d" +msgstr "%s:不應有的狀態 %d" + +#: logsrvd/sendlog.c:1048 plugins/sudoers/iolog_client.c:1096 +msgid "invalid ServerHello" +msgstr "無效的 ServerHello" + +#: logsrvd/sendlog.c:1130 plugins/sudoers/iolog_client.c:1195 +#, c-format +msgid "error message received from server: %s" +msgstr "自伺服器接收到錯誤訊息:%s" + +#: logsrvd/sendlog.c:1143 plugins/sudoers/iolog_client.c:1208 +#, c-format +msgid "abort message received from server: %s" +msgstr "自伺服器接收到中止訊息:%s" + +#: logsrvd/sendlog.c:1162 plugins/sudoers/iolog_client.c:1227 +msgid "unable to unpack ServerMessage" +msgstr "無法解開 ServerMessage" + +#: logsrvd/sendlog.c:1207 plugins/sudoers/iolog_client.c:1260 +#, c-format +msgid "%s: unexpected type_case value %d" +msgstr "%s:不應有的 type_case 值 %d" + +#: logsrvd/sendlog.c:1291 +msgid "premature EOF" +msgstr "檔案過早結束" + +#: logsrvd/sendlog.c:1304 +#, c-format +msgid "server message too large: %u\n" +msgstr "伺服器訊息過長:%u\n" + +#: logsrvd/sendlog.c:1569 +msgid "both restart point and iolog ID must be specified" +msgstr "必須指定重新啟動點 (restart point) 和 iolog ID" + +#: logsrvd/sendlog.c:1636 +#, c-format +msgid "exited prematurely with state %d" +msgstr "過早結束,狀態碼 %d" + +#: logsrvd/sendlog.c:1637 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "已傳送耗用時間至伺服器 [%lld, %ld]" + +#: logsrvd/sendlog.c:1639 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "自伺服器接收到提交點 (commit point) [%lld, %ld]" + #: plugins/sudoers/alias.c:151 #, c-format msgid "Alias \"%s\" already defined" msgstr "別名「%s」已定義過" -#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:801 +#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:792 msgid "unable to fork" msgstr "無法執行 fork" @@ -363,33 +818,33 @@ msgid "unable to initialize PAM: %s" msgstr "無法初始化 PAM:%s" -#: plugins/sudoers/auth/pam.c:319 +#: plugins/sudoers/auth/pam.c:322 #, c-format msgid "PAM authentication error: %s" msgstr "PAM 認證發生錯誤:%s" -#: plugins/sudoers/auth/pam.c:338 +#: plugins/sudoers/auth/pam.c:341 msgid "account validation failure, is your account locked?" msgstr "檢查帳號有效性失敗,請檢查您的帳號是否被鎖定。" -#: plugins/sudoers/auth/pam.c:349 +#: plugins/sudoers/auth/pam.c:352 msgid "Account or password is expired, reset your password and try again" msgstr "帳號或密碼已標為過期,請重設密碼後重試" -#: plugins/sudoers/auth/pam.c:355 +#: plugins/sudoers/auth/pam.c:358 #, c-format msgid "unable to change expired password: %s" msgstr "無法變更已過期密碼:%s" -#: plugins/sudoers/auth/pam.c:366 +#: plugins/sudoers/auth/pam.c:369 msgid "Password expired, contact your system administrator" msgstr "密碼已標為過期,請聯絡您的系統管理員" -#: plugins/sudoers/auth/pam.c:371 +#: plugins/sudoers/auth/pam.c:374 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "帳號已過期或是 PAM 組態設定缺少 sudo 的 \"account\" 部份,請聯絡您的系統管理員" -#: plugins/sudoers/auth/pam.c:379 plugins/sudoers/auth/pam.c:384 +#: plugins/sudoers/auth/pam.c:382 plugins/sudoers/auth/pam.c:387 #, c-format msgid "PAM account management error: %s" msgstr "PAM 帳號管理發生錯誤:%s" @@ -467,7 +922,7 @@ msgid "unable to commit audit record" msgstr "無法提交稽核記錄" -#: plugins/sudoers/check.c:269 +#: plugins/sudoers/check.c:264 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -487,15 +942,16 @@ " #3) 權力越大則責任越大。\n" "\n" -#: plugins/sudoers/check.c:312 plugins/sudoers/check.c:322 -#: plugins/sudoers/sudoers.c:700 plugins/sudoers/sudoers.c:748 +#: plugins/sudoers/check.c:307 plugins/sudoers/check.c:317 +#: plugins/sudoers/sudoers.c:778 plugins/sudoers/sudoers.c:826 #: plugins/sudoers/tsdump.c:126 #, c-format msgid "unknown uid: %u" msgstr "未知 UID:%u" -#: plugins/sudoers/check.c:317 plugins/sudoers/iolog.c:255 -#: plugins/sudoers/policy.c:921 plugins/sudoers/sudoers.c:1163 +#: plugins/sudoers/check.c:312 plugins/sudoers/iolog.c:121 +#: plugins/sudoers/policy.c:1034 plugins/sudoers/sudoers.c:391 +#: plugins/sudoers/sudoers.c:393 plugins/sudoers/sudoers.c:1255 #: plugins/sudoers/testsudoers.c:227 plugins/sudoers/testsudoers.c:400 #, c-format msgid "unknown user: %s" @@ -516,12 +972,6 @@ msgid "order padding: %s: %s" msgstr "順序間距:%s:%s" -#: plugins/sudoers/cvtsudoers.c:233 plugins/sudoers/sudoreplay.c:289 -#: plugins/sudoers/visudo.c:184 -#, c-format -msgid "%s version %s\n" -msgstr "%s 版本 %s\n" - #: plugins/sudoers/cvtsudoers.c:235 plugins/sudoers/visudo.c:186 #, c-format msgid "%s grammar version %d\n" @@ -542,7 +992,7 @@ msgid "%s: input and output files must be different" msgstr "%s:輸入及輸出檔案必須不一致" -#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:176 +#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:185 #: plugins/sudoers/testsudoers.c:266 plugins/sudoers/visudo.c:254 #: plugins/sudoers/visudo.c:610 plugins/sudoers/visudo.c:933 msgid "unable to initialize sudoers default values" @@ -574,12 +1024,10 @@ msgstr "篩選器無效:%s" #: plugins/sudoers/cvtsudoers.c:622 plugins/sudoers/cvtsudoers.c:639 -#: plugins/sudoers/cvtsudoers.c:1245 plugins/sudoers/cvtsudoers_json.c:1130 -#: plugins/sudoers/cvtsudoers_ldif.c:643 plugins/sudoers/iolog.c:413 -#: plugins/sudoers/iolog_util.c:75 plugins/sudoers/sudoers.c:914 -#: plugins/sudoers/sudoreplay.c:338 plugins/sudoers/sudoreplay.c:1431 -#: plugins/sudoers/timestamp.c:448 plugins/sudoers/tsdump.c:135 -#: plugins/sudoers/visudo.c:929 +#: plugins/sudoers/cvtsudoers.c:1249 plugins/sudoers/cvtsudoers_json.c:868 +#: plugins/sudoers/cvtsudoers_ldif.c:683 plugins/sudoers/sudoers.c:1001 +#: plugins/sudoers/sudoreplay.c:1391 plugins/sudoers/timestamp.c:448 +#: plugins/sudoers/tsdump.c:135 plugins/sudoers/visudo.c:929 #, c-format msgid "unable to open %s" msgstr "無法開啟 %s" @@ -599,14 +1047,13 @@ msgid "parse error in %s\n" msgstr "因 %s 導致解析錯誤\n" -#: plugins/sudoers/cvtsudoers.c:1292 plugins/sudoers/iolog.c:500 -#: plugins/sudoers/sudoreplay.c:1135 plugins/sudoers/timestamp.c:332 -#: plugins/sudoers/timestamp.c:335 +#: plugins/sudoers/cvtsudoers.c:1296 plugins/sudoers/sudoreplay.c:1088 +#: plugins/sudoers/timestamp.c:332 plugins/sudoers/timestamp.c:335 #, c-format msgid "unable to write to %s" msgstr "無法寫入 %s" -#: plugins/sudoers/cvtsudoers.c:1315 +#: plugins/sudoers/cvtsudoers.c:1319 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -615,7 +1062,7 @@ "%s - 轉換 sudoers 檔案之間的格式\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1317 +#: plugins/sudoers/cvtsudoers.c:1321 msgid "" "\n" "Options:\n" @@ -655,43 +1102,30 @@ " -s, --suppress=部份 隱藏某些部分的輸出\n" " -V, --version 顯示版本訊息後退出" -#: plugins/sudoers/cvtsudoers_json.c:684 plugins/sudoers/cvtsudoers_json.c:720 -#: plugins/sudoers/cvtsudoers_json.c:938 +#: plugins/sudoers/cvtsudoers_json.c:487 plugins/sudoers/cvtsudoers_json.c:521 +#: plugins/sudoers/cvtsudoers_json.c:709 #, c-format msgid "unknown defaults entry \"%s\"" msgstr "預設項目「%s」未知" -#: plugins/sudoers/cvtsudoers_json.c:858 plugins/sudoers/cvtsudoers_json.c:873 -#: plugins/sudoers/cvtsudoers_ldif.c:308 plugins/sudoers/cvtsudoers_ldif.c:319 +#: plugins/sudoers/cvtsudoers_json.c:647 plugins/sudoers/cvtsudoers_json.c:660 +#: plugins/sudoers/cvtsudoers_ldif.c:348 plugins/sudoers/cvtsudoers_ldif.c:359 #: plugins/sudoers/ldap.c:482 msgid "unable to get GMT time" msgstr "無法取得 GMT 時間" -#: plugins/sudoers/cvtsudoers_json.c:861 plugins/sudoers/cvtsudoers_json.c:876 -#: plugins/sudoers/cvtsudoers_ldif.c:311 plugins/sudoers/cvtsudoers_ldif.c:322 +#: plugins/sudoers/cvtsudoers_json.c:650 plugins/sudoers/cvtsudoers_json.c:663 +#: plugins/sudoers/cvtsudoers_ldif.c:351 plugins/sudoers/cvtsudoers_ldif.c:362 #: plugins/sudoers/ldap.c:488 msgid "unable to format timestamp" msgstr "無法格式化時間戳" -#: plugins/sudoers/cvtsudoers_ldif.c:526 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:337 plugins/sudoers/env.c:442 -#: plugins/sudoers/ldap.c:496 plugins/sudoers/ldap.c:727 -#: plugins/sudoers/ldap.c:1060 plugins/sudoers/ldap_conf.c:227 -#: plugins/sudoers/ldap_conf.c:317 plugins/sudoers/linux_audit.c:89 -#: plugins/sudoers/logging.c:1105 plugins/sudoers/policy.c:625 -#: plugins/sudoers/policy.c:635 plugins/sudoers/prompt.c:168 -#: plugins/sudoers/sudoers.c:852 plugins/sudoers/testsudoers.c:257 -#: plugins/sudoers/toke_util.c:161 -#, c-format -msgid "internal error, %s overflow" -msgstr "內部錯誤,%s 溢出" - -#: plugins/sudoers/cvtsudoers_ldif.c:595 +#: plugins/sudoers/cvtsudoers_ldif.c:635 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "過多 sudoers 項,最大值為 %u" -#: plugins/sudoers/cvtsudoers_ldif.c:638 +#: plugins/sudoers/cvtsudoers_ldif.c:678 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "未設定 SUDOERS_BASE 環境變數,且亦未指定 -b 選項。" @@ -1100,8 +1534,8 @@ #: plugins/sudoers/def_data.c:406 #, c-format -msgid "Maximum I/O log sequence number: %u" -msgstr "最大 I/O 記錄序號:%u" +msgid "Maximum I/O log sequence number: %s" +msgstr "最大 I/O 記錄序號:%s" #: plugins/sudoers/def_data.c:410 msgid "Enable sudoers netgroup support" @@ -1211,62 +1645,106 @@ msgid "Log when a command is denied by sudoers" msgstr "當指令被 sudoers 拒絕通行時記錄" -#: plugins/sudoers/defaults.c:231 +#: plugins/sudoers/def_data.c:510 +msgid "Sudo log server(s) to connect to with optional port" +msgstr "" + +#: plugins/sudoers/def_data.c:514 +#, c-format +msgid "Sudo log server timeout in seconds: %u" +msgstr "Sudo 記錄伺服器逾時 (秒):%u" + +#: plugins/sudoers/def_data.c:518 +msgid "Enable SO_KEEPALIVE socket option on the socket connected to the logserver" +msgstr "請在已連線至記錄伺服器的 socket 通訊端啟用 SO_KEEPALIVE socket 選項" + +#: plugins/sudoers/def_data.c:522 +#, c-format +msgid "Path to the audit server's CA bundle file: %s" +msgstr "稽核伺服器的 CA bundle 檔案路徑:%s" + +#: plugins/sudoers/def_data.c:526 +#, c-format +msgid "Path to the sudoers certificate file: %s" +msgstr "sudoers 憑證檔案的路徑:%s" + +#: plugins/sudoers/def_data.c:530 +#, c-format +msgid "Path to the sudoers private key file: %s" +msgstr "sudoers 私鑰檔案的路徑:%s" + +#: plugins/sudoers/def_data.c:534 +msgid "Allow the use of unknown runas user and/or group ID" +msgstr "允許使用未知 runas 使用者及 (或) 群組 ID" + +#: plugins/sudoers/def_data.c:538 +msgid "Only permit running commands as a user with a valid shell" +msgstr "只允許以使用有效 Shell 的使用者執行命令" + +#: plugins/sudoers/def_data.c:542 +msgid "Set the pam remote user to the user running sudo" +msgstr "設定 pam 遠端使用者為執行 sudo 的使用者" + +#: plugins/sudoers/def_data.c:546 +msgid "Set the pam remote host to the local host name" +msgstr "設定 pam 遠端主機至本機主機名稱" + +#: plugins/sudoers/defaults.c:190 #, c-format msgid "%s:%d unknown defaults entry \"%s\"" msgstr "%s:%d 未知的預設條目「%s」" -#: plugins/sudoers/defaults.c:234 +#: plugins/sudoers/defaults.c:193 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "%s:未知的預設條目「%s」" -#: plugins/sudoers/defaults.c:277 +#: plugins/sudoers/defaults.c:236 #, c-format msgid "%s:%d no value specified for \"%s\"" msgstr "%s:%d 沒有給「%s」指定值" -#: plugins/sudoers/defaults.c:280 +#: plugins/sudoers/defaults.c:239 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "%s:沒有給「%s」指定值" -#: plugins/sudoers/defaults.c:300 +#: plugins/sudoers/defaults.c:259 #, c-format msgid "%s:%d values for \"%s\" must start with a '/'" msgstr "%s:%d 「%s」的值必須以「/」開頭" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:262 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s:「%s」的值必須以「/」開頭" -#: plugins/sudoers/defaults.c:325 +#: plugins/sudoers/defaults.c:284 #, c-format msgid "%s:%d option \"%s\" does not take a value" msgstr "%s:%d 「%s」選項不帶值" -#: plugins/sudoers/defaults.c:328 +#: plugins/sudoers/defaults.c:287 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s:「%s」選項不帶值" -#: plugins/sudoers/defaults.c:353 +#: plugins/sudoers/defaults.c:312 #, c-format msgid "%s:%d invalid Defaults type 0x%x for option \"%s\"" msgstr "%1$s:%2$d 選項「%4$s」的預設類型 0x%3$x 無效" -#: plugins/sudoers/defaults.c:356 +#: plugins/sudoers/defaults.c:315 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%1$s:選項「%3$s」的預設類型 0x%2$x 無效" -#: plugins/sudoers/defaults.c:366 +#: plugins/sudoers/defaults.c:325 #, c-format msgid "%s:%d value \"%s\" is invalid for option \"%s\"" msgstr "%1$s:%2$d 值「%3$s」對選項「%4$s」無效" -#: plugins/sudoers/defaults.c:369 +#: plugins/sudoers/defaults.c:328 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s:值「%s」對選項「%s」無效" @@ -1275,11 +1753,11 @@ msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv:envp 損壞,長度不符" -#: plugins/sudoers/env.c:1132 +#: plugins/sudoers/env.c:1133 msgid "unable to rebuild the environment" msgstr "無法重建環境" -#: plugins/sudoers/env.c:1206 +#: plugins/sudoers/env.c:1207 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "對不起,您沒有權限設定以下環境變數:%s" @@ -1304,27 +1782,27 @@ msgid "%s: read error" msgstr "%s:讀取錯誤" -#: plugins/sudoers/group_plugin.c:90 +#: plugins/sudoers/group_plugin.c:91 #, c-format msgid "%s must be owned by uid %d" msgstr "%s 必須由使用者 ID %d 所有" -#: plugins/sudoers/group_plugin.c:94 +#: plugins/sudoers/group_plugin.c:95 #, c-format msgid "%s must only be writable by owner" msgstr "%s 必須只允許所有者可寫" -#: plugins/sudoers/group_plugin.c:102 plugins/sudoers/sssd.c:562 +#: plugins/sudoers/group_plugin.c:104 plugins/sudoers/sssd.c:562 #, c-format msgid "unable to load %s: %s" msgstr "無法載入 %s:%s" -#: plugins/sudoers/group_plugin.c:108 +#: plugins/sudoers/group_plugin.c:110 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "無法在 %s 中找到符號「group_plugin」" -#: plugins/sudoers/group_plugin.c:113 +#: plugins/sudoers/group_plugin.c:115 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s:不相容的群組外掛程式主要版本號碼 %d,版本應該為 %d" @@ -1343,87 +1821,143 @@ msgid "Local IP address and netmask pairs:\n" msgstr "本機 IP 位址和網路遮罩配對:\n" -#: plugins/sudoers/iolog.c:117 plugins/sudoers/mkdir_parents.c:82 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s 存在,但非目錄 (0%o)" - -#: plugins/sudoers/iolog.c:142 plugins/sudoers/iolog.c:182 -#: plugins/sudoers/mkdir_parents.c:71 plugins/sudoers/timestamp.c:212 -#, c-format -msgid "unable to mkdir %s" -msgstr "無法建立目錄 %s" - -#: plugins/sudoers/iolog.c:186 plugins/sudoers/visudo.c:739 -#: plugins/sudoers/visudo.c:750 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "無法將 %s 的模式變更為 0%o" - -#: plugins/sudoers/iolog.c:294 plugins/sudoers/sudoers.c:1194 +#: plugins/sudoers/iolog.c:146 plugins/sudoers/sudoers.c:398 +#: plugins/sudoers/sudoers.c:400 plugins/sudoers/sudoers.c:1289 #: plugins/sudoers/testsudoers.c:424 #, c-format msgid "unknown group: %s" msgstr "未知群組:%s" -#: plugins/sudoers/iolog.c:464 plugins/sudoers/sudoers.c:918 -#: plugins/sudoers/sudoreplay.c:846 plugins/sudoers/sudoreplay.c:1542 -#: plugins/sudoers/tsdump.c:145 +#: plugins/sudoers/iolog.c:505 plugins/sudoers/iolog.c:788 +#: plugins/sudoers/iolog.c:938 plugins/sudoers/iolog.c:945 +#: plugins/sudoers/iolog.c:1066 plugins/sudoers/iolog.c:1073 +#: plugins/sudoers/iolog.c:1172 plugins/sudoers/iolog.c:1179 #, c-format -msgid "unable to read %s" -msgstr "無法讀取 %s" +msgid "unable to write to I/O log file: %s" +msgstr "無法寫入 I/O 記錄檔案:%s" -#: plugins/sudoers/iolog.c:579 plugins/sudoers/iolog.c:801 -#, c-format -msgid "unable to create %s" -msgstr "無法建立 %s" +#: plugins/sudoers/iolog.c:555 +msgid "unable to update sequence file" +msgstr "無法更新序列檔" -#: plugins/sudoers/iolog.c:824 plugins/sudoers/iolog.c:1039 -#: plugins/sudoers/iolog.c:1115 plugins/sudoers/iolog.c:1209 -#: plugins/sudoers/iolog.c:1270 +#: plugins/sudoers/iolog.c:594 #, c-format -msgid "unable to write to I/O log file: %s" -msgstr "無法寫入 I/O 記錄檔案:%s" +msgid "unable to create %s/%s" +msgstr "無法建立 %s/%s" -#: plugins/sudoers/iolog.c:1073 +#: plugins/sudoers/iolog.c:622 +msgid "unable to connect to log server" +msgstr "無法連線到記錄伺服器" + +#: plugins/sudoers/iolog.c:830 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s:內部錯誤,未開啟事件 %d 的 I/O 記錄檔案" -#: plugins/sudoers/iolog.c:1233 +#: plugins/sudoers/iolog.c:923 plugins/sudoers/iolog.c:1051 +#: plugins/sudoers/iolog.c:1156 plugins/sudoers/timestamp.c:862 +#: plugins/sudoers/timestamp.c:954 plugins/sudoers/visudo.c:498 +#: plugins/sudoers/visudo.c:504 +msgid "unable to read the clock" +msgstr "無法讀取時鐘" + +#: plugins/sudoers/iolog.c:1148 plugins/sudoers/iolog_client.c:862 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "%s:內部錯誤,訊號 %d 無效" -#: plugins/sudoers/iolog_util.c:90 +#: plugins/sudoers/iolog_client.c:297 #, c-format -msgid "%s: invalid log file" -msgstr "%s:無效的記錄檔案" +msgid "Creation of new SSL_CTX object failed: %s" +msgstr "建立新 SSL_CTX 物件失敗:%s" -#: plugins/sudoers/iolog_util.c:108 +#: plugins/sudoers/iolog_client.c:320 +msgid "CA bundle file is not set in sudoers" +msgstr "sudoers 中未設定 CA bundle 檔案" + +#: plugins/sudoers/iolog_client.c:327 #, c-format -msgid "%s: time stamp field is missing" -msgstr "%s:缺少 時間戳 欄位" +msgid "Calling SSL_CTX_load_verify_locations() failed: %s" +msgstr "呼叫 SSL_CTX_load_verify_locations() 失敗:%s" -#: plugins/sudoers/iolog_util.c:114 +#: plugins/sudoers/iolog_client.c:339 +msgid "Signed certificate file is not set in sudoers" +msgstr "sudoers 中未設定已簽名的憑證檔案" + +#: plugins/sudoers/iolog_client.c:345 #, c-format -msgid "%s: time stamp %s: %s" -msgstr "%s:時間戳 %s:%s" +msgid "Unable to load cert into the ssl context: %s" +msgstr "無法將憑證載入進 SSL 上下文:%s" -#: plugins/sudoers/iolog_util.c:121 +#: plugins/sudoers/iolog_client.c:356 #, c-format -msgid "%s: user field is missing" -msgstr "%s:缺少 使用者 欄位" +msgid "Unable to load private key into the ssl context: %s" +msgstr "無法載入私鑰進 SSL 上下文:%s" -#: plugins/sudoers/iolog_util.c:130 +#: plugins/sudoers/iolog_client.c:363 #, c-format -msgid "%s: runas user field is missing" -msgstr "%s:缺少 runas 使用者 欄位" +msgid "Unable to allocate ssl object: %s" +msgstr "無法配置 SSL 物件:%s" -#: plugins/sudoers/iolog_util.c:139 +#: plugins/sudoers/iolog_client.c:369 #, c-format -msgid "%s: runas group field is missing" -msgstr "%s:缺少 runas 群組 欄位" +msgid "Unable to attach socket to the ssl object: %s" +msgstr "無法將 socket 通訊端連結至 SSL 物件:%s" + +#: plugins/sudoers/iolog_client.c:457 +#, c-format +msgid "SSL_connect failed: ssl_error=%d, stack=%s" +msgstr "SSL_connect 失敗:ssl_error=%d, stack=%s" + +#: plugins/sudoers/iolog_client.c:599 +#, c-format +msgid "client message too large: %zu" +msgstr "用戶端訊息過長:%zu" + +#: plugins/sudoers/iolog_client.c:656 plugins/sudoers/iolog_client.c:844 +msgid "unable to get time of day" +msgstr "無法取得一日時間" + +#: plugins/sudoers/iolog_client.c:871 +#, c-format +msgid "%s: internal error, invalid exit status %d" +msgstr "%s:內部錯誤,退出狀態碼 %d 無效" + +#: plugins/sudoers/iolog_client.c:1104 +msgid "TLS initialization was unsuccessful" +msgstr "TLS 初始化失敗" + +#: plugins/sudoers/iolog_client.c:1109 +msgid "TLS handshake was unsuccessful" +msgstr "TLS 交握失敗" + +#: plugins/sudoers/iolog_client.c:1361 +#, c-format +msgid "SSL_read failed: ssl_error=%d, stack=%s" +msgstr "SSL_read 失敗:ssl_error=%d, stack=%s" + +#: plugins/sudoers/iolog_client.c:1384 +msgid "lost connection to log server" +msgstr "失去對記錄伺服器的連線" + +#: plugins/sudoers/iolog_client.c:1397 +#, c-format +msgid "server message too large: %u" +msgstr "伺服器訊息過長:%u" + +#: plugins/sudoers/iolog_client.c:1461 +msgid "missing write buffer" +msgstr "缺少寫入緩衝區" + +#: plugins/sudoers/iolog_client.c:1486 +#, c-format +msgid "SSL_write failed: ssl_error=%d, stack=%s" +msgstr "SSL_write 失敗:ssl_error=%d, stack=%s" + +#: plugins/sudoers/iolog_client.c:1610 +#, c-format +msgid "unknown address family: %d" +msgstr "未知的位址家族:%d" #: plugins/sudoers/ldap.c:178 plugins/sudoers/ldap_conf.c:296 msgid "starttls not supported when using ldaps" @@ -1448,7 +1982,7 @@ msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "指定了 start_tls,但 LDAP 函式庫不支援 ldap_start_tls_s() 或 ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:734 +#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:747 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "無效的 sudoOrder 屬性:%s" @@ -1466,7 +2000,7 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "無法混合 ldap 和 ldaps URI" -#: plugins/sudoers/ldap_util.c:456 plugins/sudoers/ldap_util.c:458 +#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "無法轉換 sudoOption: %s%s%s" @@ -1479,80 +2013,62 @@ msgid "unable to send audit message" msgstr "無法傳送稽核訊息" -#: plugins/sudoers/logging.c:120 -#, c-format -msgid "%8s : %s" -msgstr "%8s : %s" - -#: plugins/sudoers/logging.c:148 -#, c-format -msgid "%8s : (command continued) %s" -msgstr "%8s : (指令繼續執行) %s" - -#: plugins/sudoers/logging.c:177 +#: plugins/sudoers/logging.c:175 #, c-format msgid "unable to open log file: %s" msgstr "無法開啟記錄檔案:%s" -#: plugins/sudoers/logging.c:185 +#: plugins/sudoers/logging.c:183 #, c-format msgid "unable to lock log file: %s" msgstr "無法鎖定記錄檔案:%s" -#: plugins/sudoers/logging.c:218 +#: plugins/sudoers/logging.c:216 #, c-format msgid "unable to write log file: %s" msgstr "無法寫入記錄檔案:%s" -#: plugins/sudoers/logging.c:248 -msgid "No user or host" -msgstr "找不到使用者或主機" - -#: plugins/sudoers/logging.c:250 -msgid "validation failure" -msgstr "檢查有效性失敗" - -#: plugins/sudoers/logging.c:261 +#: plugins/sudoers/logging.c:249 msgid "user NOT in sudoers" msgstr "使用者不在 sudoers 中" -#: plugins/sudoers/logging.c:263 +#: plugins/sudoers/logging.c:251 msgid "user NOT authorized on host" msgstr "使用者未取得此主機上的授權" -#: plugins/sudoers/logging.c:265 +#: plugins/sudoers/logging.c:253 msgid "command not allowed" msgstr "不允許使用指令" -#: plugins/sudoers/logging.c:301 +#: plugins/sudoers/logging.c:296 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s 不在 sudoers 檔案中。此事件將會回報。\n" -#: plugins/sudoers/logging.c:304 +#: plugins/sudoers/logging.c:299 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s 沒有權限在 %s 上執行 sudo。此事件將會回報。\n" -#: plugins/sudoers/logging.c:308 +#: plugins/sudoers/logging.c:303 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "對不起,使用者 %s 不能在 %s 上執行 sudo。\n" -#: plugins/sudoers/logging.c:311 +#: plugins/sudoers/logging.c:306 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "對不起,使用者 %1$s 不允許以 %8$s 上的 %5$s%6$s%7$s 身份執行「%2$s%3$s%4$s」\n" -#: plugins/sudoers/logging.c:348 plugins/sudoers/sudoers.c:442 -#: plugins/sudoers/sudoers.c:444 plugins/sudoers/sudoers.c:446 -#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:603 -#: plugins/sudoers/sudoers.c:605 +#: plugins/sudoers/logging.c:343 plugins/sudoers/sudoers.c:518 +#: plugins/sudoers/sudoers.c:520 plugins/sudoers/sudoers.c:522 +#: plugins/sudoers/sudoers.c:524 plugins/sudoers/sudoers.c:675 +#: plugins/sudoers/sudoers.c:677 #, c-format msgid "%s: command not found" msgstr "%s:找不到指令" -#: plugins/sudoers/logging.c:350 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/logging.c:345 plugins/sudoers/sudoers.c:514 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -1561,51 +2077,45 @@ "忽略在「.」中找到的「%s」\n" "請使用「sudo ./%s」,若這是您想執行的「%s」。" -#: plugins/sudoers/logging.c:367 +#: plugins/sudoers/logging.c:362 msgid "authentication failure" msgstr "認證失敗" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:388 msgid "a password is required" msgstr "需要密碼" -#: plugins/sudoers/logging.c:463 +#: plugins/sudoers/logging.c:458 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u 次密碼錯誤嘗試" -#: plugins/sudoers/logging.c:728 +#: plugins/sudoers/logging.c:722 #, c-format msgid "unable to dup stdin: %m" msgstr "無法 dup stdin:%m" -#: plugins/sudoers/logging.c:768 +#: plugins/sudoers/logging.c:759 #, c-format msgid "unable to execute %s: %m" msgstr "無法執行 %s:%m" -#: plugins/sudoers/logging.c:809 plugins/sudoers/logging.c:865 +#: plugins/sudoers/logging.c:800 plugins/sudoers/logging.c:856 #, c-format msgid "unable to fork: %m" msgstr "無法執行 fork:%m" -#: plugins/sudoers/logging.c:855 +#: plugins/sudoers/logging.c:846 #, c-format msgid "unable to open pipe: %m" msgstr "無法開啟管線:%m" -#: plugins/sudoers/match_digest.c:103 +#: plugins/sudoers/match_digest.c:123 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "%s(%s) 的摘要的形式不是 %s" -#: plugins/sudoers/mkdir_parents.c:77 plugins/sudoers/sudoers.c:943 -#: plugins/sudoers/visudo.c:437 plugins/sudoers/visudo.c:733 -#, c-format -msgid "unable to stat %s" -msgstr "無法 stat %s" - #: plugins/sudoers/parse.c:449 #, c-format msgid "" @@ -1664,22 +2174,22 @@ msgid "User %s is not allowed to run sudo on %s.\n" msgstr "使用者 %s 沒有權限在 %s 上執行 sudo。\n" -#: plugins/sudoers/parse_ldif.c:604 +#: plugins/sudoers/parse_ldif.c:617 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "將忽略不完整的 sudoRole:cn:%s" -#: plugins/sudoers/parse_ldif.c:664 +#: plugins/sudoers/parse_ldif.c:677 #, c-format msgid "invalid LDIF attribute: %s" msgstr "LDIF 屬性無效:%s" -#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:116 +#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:115 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "sudo 前端設定的 %.*s 無效" -#: plugins/sudoers/policy.c:295 plugins/sudoers/testsudoers.c:280 +#: plugins/sudoers/policy.c:294 plugins/sudoers/testsudoers.c:280 msgid "unable to parse network address list" msgstr "無法解析網路位址列表" @@ -1699,23 +2209,23 @@ msgid "host name not set by sudo front-end" msgstr "sudo 前端未設定主機名稱" -#: plugins/sudoers/policy.c:808 plugins/sudoers/visudo.c:236 +#: plugins/sudoers/policy.c:897 plugins/sudoers/visudo.c:236 #: plugins/sudoers/visudo.c:867 #, c-format msgid "unable to execute %s" msgstr "無法執行 %s" -#: plugins/sudoers/policy.c:939 +#: plugins/sudoers/policy.c:1055 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Sudoers 策略外掛程式版本 %s\n" -#: plugins/sudoers/policy.c:941 +#: plugins/sudoers/policy.c:1057 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Sudoers 檔案文法版本 %d\n" -#: plugins/sudoers/policy.c:945 +#: plugins/sudoers/policy.c:1061 #, c-format msgid "" "\n" @@ -1724,22 +2234,22 @@ "\n" "Sudoers 路徑:%s\n" -#: plugins/sudoers/policy.c:948 +#: plugins/sudoers/policy.c:1064 #, c-format msgid "nsswitch path: %s\n" msgstr "nsswitch 路徑:%s\n" -#: plugins/sudoers/policy.c:950 +#: plugins/sudoers/policy.c:1066 #, c-format msgid "ldap.conf path: %s\n" msgstr "ldap.conf 路徑:%s\n" -#: plugins/sudoers/policy.c:951 +#: plugins/sudoers/policy.c:1067 #, c-format msgid "ldap.secret path: %s\n" msgstr "ldap.secret 路徑:%s\n" -#: plugins/sudoers/policy.c:984 +#: plugins/sudoers/policy.c:1100 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "無法註冊類型為 %d 的觸發器 (版本 %d.%d)" @@ -1808,48 +2318,48 @@ msgid "unable to parse gids for %s" msgstr "無法解析 %s 的群組 ID" -#: plugins/sudoers/set_perms.c:120 plugins/sudoers/set_perms.c:478 -#: plugins/sudoers/set_perms.c:921 plugins/sudoers/set_perms.c:1254 -#: plugins/sudoers/set_perms.c:1573 +#: plugins/sudoers/set_perms.c:120 plugins/sudoers/set_perms.c:447 +#: plugins/sudoers/set_perms.c:850 plugins/sudoers/set_perms.c:1156 +#: plugins/sudoers/set_perms.c:1450 msgid "perm stack overflow" msgstr "權限堆疊溢位" -#: plugins/sudoers/set_perms.c:128 plugins/sudoers/set_perms.c:409 -#: plugins/sudoers/set_perms.c:486 plugins/sudoers/set_perms.c:788 -#: plugins/sudoers/set_perms.c:929 plugins/sudoers/set_perms.c:1178 -#: plugins/sudoers/set_perms.c:1262 plugins/sudoers/set_perms.c:1506 -#: plugins/sudoers/set_perms.c:1581 plugins/sudoers/set_perms.c:1672 +#: plugins/sudoers/set_perms.c:128 plugins/sudoers/set_perms.c:378 +#: plugins/sudoers/set_perms.c:455 plugins/sudoers/set_perms.c:717 +#: plugins/sudoers/set_perms.c:858 plugins/sudoers/set_perms.c:1080 +#: plugins/sudoers/set_perms.c:1164 plugins/sudoers/set_perms.c:1383 +#: plugins/sudoers/set_perms.c:1458 plugins/sudoers/set_perms.c:1548 msgid "perm stack underflow" msgstr "權限堆疊反向溢位" -#: plugins/sudoers/set_perms.c:187 plugins/sudoers/set_perms.c:532 -#: plugins/sudoers/set_perms.c:1315 plugins/sudoers/set_perms.c:1614 +#: plugins/sudoers/set_perms.c:187 plugins/sudoers/set_perms.c:501 +#: plugins/sudoers/set_perms.c:1217 plugins/sudoers/set_perms.c:1491 msgid "unable to change to root gid" msgstr "無法切換為 root 群組 ID" -#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:629 -#: plugins/sudoers/set_perms.c:1060 plugins/sudoers/set_perms.c:1392 +#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:598 +#: plugins/sudoers/set_perms.c:989 plugins/sudoers/set_perms.c:1294 msgid "unable to change to runas gid" msgstr "無法切換為 runas 群組 ID" -#: plugins/sudoers/set_perms.c:283 plugins/sudoers/set_perms.c:634 -#: plugins/sudoers/set_perms.c:1065 plugins/sudoers/set_perms.c:1397 +#: plugins/sudoers/set_perms.c:283 plugins/sudoers/set_perms.c:603 +#: plugins/sudoers/set_perms.c:994 plugins/sudoers/set_perms.c:1299 msgid "unable to set runas group vector" msgstr "無法設定 runas 群組集合" -#: plugins/sudoers/set_perms.c:294 plugins/sudoers/set_perms.c:645 -#: plugins/sudoers/set_perms.c:1074 plugins/sudoers/set_perms.c:1406 +#: plugins/sudoers/set_perms.c:294 plugins/sudoers/set_perms.c:614 +#: plugins/sudoers/set_perms.c:1003 plugins/sudoers/set_perms.c:1308 msgid "unable to change to runas uid" msgstr "無法切換成 runas 使用者 ID" -#: plugins/sudoers/set_perms.c:312 plugins/sudoers/set_perms.c:663 -#: plugins/sudoers/set_perms.c:1090 plugins/sudoers/set_perms.c:1422 +#: plugins/sudoers/set_perms.c:312 plugins/sudoers/set_perms.c:632 +#: plugins/sudoers/set_perms.c:1019 plugins/sudoers/set_perms.c:1324 msgid "unable to change to sudoers gid" msgstr "無法切換為 sudoers 群組 ID" -#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 -#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 -#: plugins/sudoers/set_perms.c:1659 +#: plugins/sudoers/set_perms.c:365 plugins/sudoers/set_perms.c:704 +#: plugins/sudoers/set_perms.c:1067 plugins/sudoers/set_perms.c:1370 +#: plugins/sudoers/set_perms.c:1535 msgid "too many processes" msgstr "行程過多" @@ -1882,209 +2392,228 @@ msgid "unable to find symbol \"%s\" in %s" msgstr "無法在 %2$s 中找到符號「%1$s」" -#: plugins/sudoers/sudoers.c:212 plugins/sudoers/sudoers.c:871 +#: plugins/sudoers/sudoers.c:221 plugins/sudoers/sudoers.c:958 msgid "problem with defaults entries" msgstr "預設條目有問題" -#: plugins/sudoers/sudoers.c:216 +#: plugins/sudoers/sudoers.c:225 msgid "no valid sudoers sources found, quitting" msgstr "未找到有效的 sudoers 來源,退出" -#: plugins/sudoers/sudoers.c:254 +#: plugins/sudoers/sudoers.c:301 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers 指定 root 不允許執行 sudo" -#: plugins/sudoers/sudoers.c:312 +#: plugins/sudoers/sudoers.c:361 +msgid "user not allowed to override closefrom limit" +msgstr "使用者不允許覆蓋 closefrom 限制" + +#: plugins/sudoers/sudoers.c:362 msgid "you are not permitted to use the -C option" msgstr "您沒有權限使用 -C 選項" -#: plugins/sudoers/sudoers.c:359 +#: plugins/sudoers/sudoers.c:426 #, c-format msgid "timestamp owner (%s): No such user" msgstr "時間戳所有者 (%s):無此使用者" -#: plugins/sudoers/sudoers.c:374 +#: plugins/sudoers/sudoers.c:441 msgid "no tty" msgstr "找不到終端" -#: plugins/sudoers/sudoers.c:375 +#: plugins/sudoers/sudoers.c:442 msgid "sorry, you must have a tty to run sudo" msgstr "抱歉,您必須先要有終端才能執行 sudo" -#: plugins/sudoers/sudoers.c:437 +#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:450 +#, c-format +msgid "invalid shell for user %s: %s" +msgstr "%s 使用者的 Shell 無效:%s" + +#: plugins/sudoers/sudoers.c:513 msgid "command in current directory" msgstr "目前目錄中的指令" -#: plugins/sudoers/sudoers.c:456 +#: plugins/sudoers/sudoers.c:532 +msgid "user not allowed to set a command timeout" +msgstr "使用者不允許設定命令逾時" + +#: plugins/sudoers/sudoers.c:533 msgid "sorry, you are not allowed set a command timeout" msgstr "抱歉,您沒有權限設定逾時時間" -#: plugins/sudoers/sudoers.c:464 +#: plugins/sudoers/sudoers.c:541 +msgid "user not allowed to set a preserve the environment" +msgstr "使用者不允許設定保留環境" + +#: plugins/sudoers/sudoers.c:542 msgid "sorry, you are not allowed to preserve the environment" msgstr "抱歉,您沒有權限保留環境" -#: plugins/sudoers/sudoers.c:815 +#: plugins/sudoers/sudoers.c:893 msgid "command too long" msgstr "指令過長" -#: plugins/sudoers/sudoers.c:947 +#: plugins/sudoers/sudoers.c:951 +msgid "sudoedit doesn't need to be run via sudo" +msgstr "sudoedit 不用以 sudo 執行" + +#: plugins/sudoers/sudoers.c:1005 plugins/sudoers/sudoreplay.c:1502 +#: plugins/sudoers/tsdump.c:145 +#, c-format +msgid "unable to read %s" +msgstr "無法讀取 %s" + +#: plugins/sudoers/sudoers.c:1030 plugins/sudoers/visudo.c:437 +#: plugins/sudoers/visudo.c:733 +#, c-format +msgid "unable to stat %s" +msgstr "無法 stat %s" + +#: plugins/sudoers/sudoers.c:1034 #, c-format msgid "%s is not a regular file" msgstr "%s 不是一般檔案" -#: plugins/sudoers/sudoers.c:951 plugins/sudoers/timestamp.c:259 toke.l:967 +#: plugins/sudoers/sudoers.c:1038 plugins/sudoers/timestamp.c:259 toke.l:967 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s 由使用者 ID %u 所有,應為 %u" -#: plugins/sudoers/sudoers.c:955 toke.l:972 +#: plugins/sudoers/sudoers.c:1042 toke.l:972 #, c-format msgid "%s is world writable" msgstr "%s 允許任何人寫入" -#: plugins/sudoers/sudoers.c:959 toke.l:975 +#: plugins/sudoers/sudoers.c:1046 toke.l:975 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s 屬於群組 ID %u,應為 %u" -#: plugins/sudoers/sudoers.c:992 +#: plugins/sudoers/sudoers.c:1079 #, c-format msgid "only root can use \"-c %s\"" msgstr "只有 root 才能使用「-c %s」" -#: plugins/sudoers/sudoers.c:1011 +#: plugins/sudoers/sudoers.c:1098 #, c-format msgid "unknown login class: %s" msgstr "未知的登入類別:%s" -#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoers.c:1110 +#: plugins/sudoers/sudoers.c:1183 plugins/sudoers/sudoers.c:1198 #, c-format msgid "unable to resolve host %s" msgstr "無法解析主機:%s" -#: plugins/sudoers/sudoreplay.c:250 +#: plugins/sudoers/sudoreplay.c:263 #, c-format msgid "invalid filter option: %s" msgstr "無效的過濾器選項:%s" -#: plugins/sudoers/sudoreplay.c:263 +#: plugins/sudoers/sudoreplay.c:276 #, c-format msgid "invalid max wait: %s" msgstr "無效的最大等待時間:%s" -#: plugins/sudoers/sudoreplay.c:286 +#: plugins/sudoers/sudoreplay.c:299 #, c-format msgid "invalid speed factor: %s" msgstr "無效的速度因數:%s" -#: plugins/sudoers/sudoreplay.c:321 +#: plugins/sudoers/sudoreplay.c:335 #, c-format -msgid "%s/%.2s/%.2s/%.2s/timing: %s" -msgstr "%s/%.2s/%.2s/%.2s/計時:%s" +msgid "%s/%.2s/%.2s/%.2s: %s" +msgstr "%s/%.2s/%.2s/%.2s: %s" -#: plugins/sudoers/sudoreplay.c:326 +#: plugins/sudoers/sudoreplay.c:340 #, c-format msgid "%s/timing: %s" msgstr "%s/計時:%s" -#: plugins/sudoers/sudoreplay.c:330 +#: plugins/sudoers/sudoreplay.c:344 #, c-format -msgid "%s/%s/timing: %s" -msgstr "%s/%s/計時:%s" +msgid "%s/%s: %s" +msgstr "%s/%s: %s" -#: plugins/sudoers/sudoreplay.c:346 +#: plugins/sudoers/sudoreplay.c:372 #, c-format msgid "Replaying sudo session: %s" msgstr "重播 sudo 工作階段:%s" -#: plugins/sudoers/sudoreplay.c:544 plugins/sudoers/sudoreplay.c:591 -#: plugins/sudoers/sudoreplay.c:789 plugins/sudoers/sudoreplay.c:898 -#: plugins/sudoers/sudoreplay.c:983 plugins/sudoers/sudoreplay.c:998 -#: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/sudoreplay.c:1012 -#: plugins/sudoers/sudoreplay.c:1019 plugins/sudoers/sudoreplay.c:1026 -#: plugins/sudoers/sudoreplay.c:1174 -msgid "unable to add event to queue" -msgstr "無法將事件附加到佇列" - -#: plugins/sudoers/sudoreplay.c:659 +#: plugins/sudoers/sudoreplay.c:634 msgid "unable to set tty to raw mode" msgstr "無法將終端設為原始 (RAW) 模式" -#: plugins/sudoers/sudoreplay.c:710 +#: plugins/sudoers/sudoreplay.c:685 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "警告:您的終端尺寸太小,不能正常地重播記錄。\n" -#: plugins/sudoers/sudoreplay.c:711 +#: plugins/sudoers/sudoreplay.c:686 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "記錄的幾何尺寸為 %dx%d,但您終端的幾何尺寸為 %dx%d。" -#: plugins/sudoers/sudoreplay.c:739 +#: plugins/sudoers/sudoreplay.c:714 msgid "Replay finished, press any key to restore the terminal." msgstr "重播完成,請按任意鍵返回終端。" -#: plugins/sudoers/sudoreplay.c:772 -#, c-format -msgid "invalid timing file line: %s" -msgstr "無效的計時檔案行號:%s" - -#: plugins/sudoers/sudoreplay.c:1208 plugins/sudoers/sudoreplay.c:1233 +#: plugins/sudoers/sudoreplay.c:1161 plugins/sudoers/sudoreplay.c:1186 #, c-format msgid "ambiguous expression \"%s\"" msgstr "不明確的表達式「%s」" -#: plugins/sudoers/sudoreplay.c:1255 +#: plugins/sudoers/sudoreplay.c:1208 msgid "unmatched ')' in expression" msgstr "表達式中的「)」不對稱" -#: plugins/sudoers/sudoreplay.c:1259 +#: plugins/sudoers/sudoreplay.c:1212 #, c-format msgid "unknown search term \"%s\"" msgstr "未知的搜尋詞彙「%s」" -#: plugins/sudoers/sudoreplay.c:1274 +#: plugins/sudoers/sudoreplay.c:1227 #, c-format msgid "%s requires an argument" msgstr "%s 需要參數" -#: plugins/sudoers/sudoreplay.c:1277 plugins/sudoers/sudoreplay.c:1518 +#: plugins/sudoers/sudoreplay.c:1230 plugins/sudoers/sudoreplay.c:1478 #, c-format msgid "invalid regular expression: %s" msgstr "無效的正規表示式:%s" -#: plugins/sudoers/sudoreplay.c:1281 +#: plugins/sudoers/sudoreplay.c:1234 #, c-format msgid "could not parse date \"%s\"" msgstr "無法解析日期「%s」" -#: plugins/sudoers/sudoreplay.c:1290 +#: plugins/sudoers/sudoreplay.c:1243 msgid "unmatched '(' in expression" msgstr "表達式中的「(」不對稱" -#: plugins/sudoers/sudoreplay.c:1292 +#: plugins/sudoers/sudoreplay.c:1245 msgid "illegal trailing \"or\"" msgstr "無效的結尾字元「or」" -#: plugins/sudoers/sudoreplay.c:1294 +#: plugins/sudoers/sudoreplay.c:1247 msgid "illegal trailing \"!\"" msgstr "無效的結尾字元「!」" -#: plugins/sudoers/sudoreplay.c:1344 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "unknown search type %d" msgstr "未知的搜尋類型 %d" -#: plugins/sudoers/sudoreplay.c:1611 +#: plugins/sudoers/sudoreplay.c:1569 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "用法:%s [-hnRS] [-d 目錄] [-m 數值] [-s 數值] ID\n" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1572 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "用法:%s [-h] [-d 目錄] -l [搜尋表達式]\n" -#: plugins/sudoers/sudoreplay.c:1623 +#: plugins/sudoers/sudoreplay.c:1581 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2093,7 +2622,7 @@ "%s - 重播 sudo 工作階段記錄\n" "\n" -#: plugins/sudoers/sudoreplay.c:1625 +#: plugins/sudoers/sudoreplay.c:1583 msgid "" "\n" "Options:\n" @@ -2154,35 +2683,34 @@ msgid "%s is group writable" msgstr "%s 允許群組寫入" -#: plugins/sudoers/timestamp.c:343 +#: plugins/sudoers/timestamp.c:343 plugins/sudoers/timestamp.c:687 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "無法將時間戳檔案截短為 %lld 位元組" -#: plugins/sudoers/timestamp.c:829 plugins/sudoers/timestamp.c:921 -#: plugins/sudoers/visudo.c:498 plugins/sudoers/visudo.c:504 -msgid "unable to read the clock" -msgstr "無法讀取時鐘" - -#: plugins/sudoers/timestamp.c:840 +#: plugins/sudoers/timestamp.c:873 msgid "ignoring time stamp from the future" msgstr "將忽略未來時間的時間戳" -#: plugins/sudoers/timestamp.c:863 +#: plugins/sudoers/timestamp.c:896 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "時間戳超前目前時間過多:%20.20s" -#: plugins/sudoers/timestamp.c:985 +#: plugins/sudoers/timestamp.c:1018 #, c-format msgid "unable to lock time stamp file %s" msgstr "無法鎖定時間戳檔案 %s" -#: plugins/sudoers/timestamp.c:1029 plugins/sudoers/timestamp.c:1049 +#: plugins/sudoers/timestamp.c:1062 plugins/sudoers/timestamp.c:1082 #, c-format msgid "lecture status path too long: %s/%s" msgstr "指引狀態路徑過長:%s/%s" +#: plugins/sudoers/toke_util.c:132 +msgid "sudoedit should not be specified with a path" +msgstr "sudoedit 不應用路徑指定" + #: plugins/sudoers/visudo.c:232 msgid "the -x option will be removed in a future release" msgstr "未來版本會移除 -x 選項" @@ -2373,6 +2901,15 @@ msgid "too many levels of includes" msgstr "include 嵌套層數過多" +#~ msgid "No user or host" +#~ msgstr "找不到使用者或主機" + +#~ msgid "validation failure" +#~ msgstr "檢查有效性失敗" + +#~ msgid "%s/%s/timing: %s" +#~ msgstr "%s/%s/計時:%s" + #~ msgid "ignoring invalid attribute value: %s" #~ msgstr "將忽略無效的屬性值:%s" diff -Nru sudo-1.8.31/plugins/sudoers/policy.c sudo-1.9.0/plugins/sudoers/policy.c --- sudo-1.8.31/plugins/sudoers/policy.c 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/policy.c 2020-05-11 16:28:23.000000000 +0000 @@ -77,7 +77,7 @@ static int parse_bool(const char *line, int varlen, int *flags, int fval) { - debug_decl(parse_bool, SUDOERS_DEBUG_PLUGIN) + debug_decl(parse_bool, SUDOERS_DEBUG_PLUGIN); switch (sudo_strtobool(line + varlen + 1)) { case true: @@ -105,7 +105,7 @@ const char *p, *errstr, *groups = NULL; const char *remhost = NULL; int flags = 0; - debug_decl(sudoers_policy_deserialize_info, SUDOERS_DEBUG_PLUGIN) + debug_decl(sudoers_policy_deserialize_info, SUDOERS_DEBUG_PLUGIN); #define MATCHES(s, v) \ (strncmp((s), (v), sizeof(v) - 1) == 0) @@ -507,28 +507,72 @@ } /* + * Convert struct list_members to a comma-separated string with + * the given variable name. + */ +static char * +serialize_list(const char *varname, struct list_members *members) +{ + struct list_member *lm, *next; + size_t len, result_size; + char *result; + debug_decl(serialize_list, SUDOERS_DEBUG_PLUGIN); + + result_size = strlen(varname) + 1; + SLIST_FOREACH(lm, members, entries) { + result_size += strlen(lm->value) + 1; + } + if ((result = malloc(result_size)) == NULL) + goto bad; + /* No need to check len for overflow here. */ + len = strlcpy(result, varname, result_size); + result[len++] = '='; + result[len] = '\0'; + SLIST_FOREACH_SAFE(lm, members, entries, next) { + len = strlcat(result, lm->value, result_size); + if (len + (next != NULL) >= result_size) { + sudo_warnx(U_("internal error, %s overflow"), __func__); + goto bad; + } + if (next != NULL) { + result[len++] = ','; + result[len] = '\0'; + } + } + debug_return_str(result); +bad: + free(result); + debug_return_str(NULL); +} + +/* * Setup the execution environment. * Builds up the command_info list and sets argv and envp. * Consumes iolog_path if not NULL. * Returns 1 on success and -1 on error. */ -int +bool sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask, char *iolog_path, void *v) { struct sudoers_exec_args *exec_args = v; char **command_info; int info_len = 0; - debug_decl(sudoers_policy_exec_setup, SUDOERS_DEBUG_PLUGIN) + debug_decl(sudoers_policy_exec_setup, SUDOERS_DEBUG_PLUGIN); + + if (exec_args == NULL) + debug_return_bool(true); /* nothing to do */ /* Increase the length of command_info as needed, it is *not* checked. */ - command_info = calloc(48, sizeof(char *)); + command_info = calloc(54, sizeof(char *)); if (command_info == NULL) goto oom; - command_info[info_len] = sudo_new_key_val("command", safe_cmnd); - if (command_info[info_len++] == NULL) - goto oom; + if (safe_cmnd != NULL) { + command_info[info_len] = sudo_new_key_val("command", safe_cmnd); + if (command_info[info_len++] == NULL) + goto oom; + } if (def_log_input || def_log_output) { if (iolog_path) command_info[info_len++] = iolog_path; /* now owned */ @@ -550,8 +594,12 @@ if ((command_info[info_len++] = strdup("iolog_compress=true")) == NULL) goto oom; } - if (def_maxseq) { - if (asprintf(&command_info[info_len++], "maxseq=%u", def_maxseq) == -1) + if (def_iolog_flush) { + if ((command_info[info_len++] = strdup("iolog_flush=true")) == NULL) + goto oom; + } + if (def_maxseq != NULL) { + if (asprintf(&command_info[info_len++], "maxseq=%s", def_maxseq) == -1) goto oom; } } @@ -571,6 +619,14 @@ /* Set cwd to run user's homedir. */ if ((command_info[info_len++] = sudo_new_key_val("cwd", runas_pw->pw_dir)) == NULL) goto oom; + if ((command_info[info_len++] = strdup("cwd_optional=true")) == NULL) + goto oom; + } + if ((command_info[info_len++] = sudo_new_key_val("runas_user", runas_pw->pw_name)) == NULL) + goto oom; + if (runas_gr != NULL) { + if ((command_info[info_len++] = sudo_new_key_val("runas_group", runas_gr->gr_name)) == NULL) + goto oom; } if (def_stay_setuid) { if (asprintf(&command_info[info_len++], "runas_uid=%u", @@ -682,6 +738,37 @@ if ((command_info[info_len++] = sudo_new_key_val("iolog_group", def_iolog_group)) == NULL) goto oom; } + if (!SLIST_EMPTY(&def_log_servers)) { + char *log_servers = serialize_list("log_servers", &def_log_servers); + if (log_servers == NULL) + goto oom; + command_info[info_len++] = log_servers; + + if (asprintf(&command_info[info_len++], "log_server_timeout=%u", def_log_server_timeout) == -1) + goto oom; + } + + if ((command_info[info_len++] = sudo_new_key_val("log_server_keepalive", + def_log_server_keepalive ? "true" : "false")) == NULL) + goto oom; + + if ((command_info[info_len++] = sudo_new_key_val("log_server_verify", + def_log_server_verify ? "true" : "false")) == NULL) + goto oom; + + if (def_log_server_cabundle != NULL) { + if ((command_info[info_len++] = sudo_new_key_val("log_server_cabundle", def_log_server_cabundle)) == NULL) + goto oom; + } + if (def_log_server_peer_cert != NULL) { + if ((command_info[info_len++] = sudo_new_key_val("log_server_peer_cert", def_log_server_peer_cert)) == NULL) + goto oom; + } + if (def_log_server_peer_key != NULL) { + if ((command_info[info_len++] = sudo_new_key_val("log_server_peer_key", def_log_server_peer_key)) == NULL) + goto oom; + } + if (def_command_timeout > 0 || user_timeout > 0) { int timeout = user_timeout; if (timeout == 0 || def_command_timeout < timeout) @@ -735,7 +822,6 @@ #endif /* HAVE_SELINUX */ /* Free on exit; they are not available in the close function. */ - sudoers_gc_add(GC_VECTOR, argv); sudoers_gc_add(GC_VECTOR, envp); sudoers_gc_add(GC_VECTOR, command_info); @@ -744,27 +830,31 @@ *(exec_args->envp) = envp; *(exec_args->info) = command_info; - debug_return_int(true); + debug_return_bool(true); oom: sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); bad: + free(audit_msg); + audit_msg = NULL; while (info_len--) free(command_info[info_len]); free(command_info); - debug_return_int(-1); + debug_return_bool(false); } static int sudoers_policy_open(unsigned int version, sudo_conv_t conversation, sudo_printf_t plugin_printf, char * const settings[], - char * const user_info[], char * const envp[], char * const args[]) + char * const user_info[], char * const envp[], char * const args[], + const char **errstr) { struct sudo_conf_debug_file_list debug_files = TAILQ_HEAD_INITIALIZER(debug_files); struct sudoers_policy_open_info info; const char *cp, *plugin_path = NULL; char * const *cur; - debug_decl(sudoers_policy_open, SUDOERS_DEBUG_PLUGIN) + int ret; + debug_decl(sudoers_policy_open, SUDOERS_DEBUG_PLUGIN); sudo_version = version; sudo_conv = conversation; @@ -794,13 +884,20 @@ info.settings = settings; info.user_info = user_info; info.plugin_args = args; - debug_return_int(sudoers_policy_init(&info, envp)); + ret = sudoers_policy_init(&info, envp); + + /* The audit functions set audit_msg on failure. */ + if (ret != 1 && audit_msg != NULL) { + if (sudo_version >= SUDO_API_MKVERSION(1, 15)) + *errstr = audit_msg; + } + debug_return_int(ret); } static void sudoers_policy_close(int exit_status, int error_code) { - debug_decl(sudoers_policy_close, SUDOERS_DEBUG_PLUGIN) + debug_decl(sudoers_policy_close, SUDOERS_DEBUG_PLUGIN); /* We do not currently log the exit status. */ if (error_code) { @@ -817,10 +914,14 @@ /* Free remaining references to password and group entries. */ /* XXX - move cleanup to function in sudoers.c */ - sudo_pw_delref(sudo_user.pw); - sudo_user.pw = NULL; - sudo_pw_delref(runas_pw); - runas_pw = NULL; + if (sudo_user.pw != NULL) { + sudo_pw_delref(sudo_user.pw); + sudo_user.pw = NULL; + } + if (runas_pw != NULL) { + sudo_pw_delref(runas_pw); + runas_pw = NULL; + } if (runas_gr != NULL) { sudo_gr_delref(runas_gr); runas_gr = NULL; @@ -831,10 +932,11 @@ } free(user_gids); user_gids = NULL; + free(audit_msg); + audit_msg = NULL; + /* sudoers_debug_deregister() calls sudo_debug_exit() for us. */ sudoers_debug_deregister(); - - return; } /* @@ -843,24 +945,34 @@ * Returns 1 on success, 0 on failure and -1 on error. */ static int -sudoers_policy_init_session(struct passwd *pwd, char **user_env[]) +sudoers_policy_init_session(struct passwd *pwd, char **user_env[], + const char **errstr) { - debug_decl(sudoers_policy_init_session, SUDOERS_DEBUG_PLUGIN) + int ret; + debug_decl(sudoers_policy_init_session, SUDOERS_DEBUG_PLUGIN); /* user_env is only specified for API version 1.2 and higher. */ if (sudo_version < SUDO_API_MKVERSION(1, 2)) user_env = NULL; - debug_return_int(sudo_auth_begin_session(pwd, user_env)); + ret = sudo_auth_begin_session(pwd, user_env); + + /* The audit functions set audit_msg on failure. */ + if (ret != 1 && audit_msg != NULL) { + if (sudo_version >= SUDO_API_MKVERSION(1, 15)) + *errstr = audit_msg; + } + debug_return_int(ret); } static int sudoers_policy_check(int argc, char * const argv[], char *env_add[], - char **command_infop[], char **argv_out[], char **user_env_out[]) + char **command_infop[], char **argv_out[], char **user_env_out[], + const char **errstr) { struct sudoers_exec_args exec_args; int ret; - debug_decl(sudoers_policy_check, SUDOERS_DEBUG_PLUGIN) + debug_decl(sudoers_policy_check, SUDOERS_DEBUG_PLUGIN); if (!ISSET(sudo_mode, MODE_EDIT)) SET(sudo_mode, MODE_RUN); @@ -876,24 +988,38 @@ !sudo_auth_needs_end_session()) sudoers_policy.close = NULL; } + + /* The audit functions set audit_msg on failure. */ + if (ret != 1 && audit_msg != NULL) { + if (sudo_version >= SUDO_API_MKVERSION(1, 15)) + *errstr = audit_msg; + } debug_return_int(ret); } static int -sudoers_policy_validate(void) +sudoers_policy_validate(const char **errstr) { - debug_decl(sudoers_policy_validate, SUDOERS_DEBUG_PLUGIN) + int ret; + debug_decl(sudoers_policy_validate, SUDOERS_DEBUG_PLUGIN); user_cmnd = "validate"; SET(sudo_mode, MODE_VALIDATE); - debug_return_int(sudoers_policy_main(0, NULL, I_VERIFYPW, NULL, false, NULL)); + ret = sudoers_policy_main(0, NULL, I_VERIFYPW, NULL, false, NULL); + + /* The audit functions set audit_msg on failure. */ + if (ret != 1 && audit_msg != NULL) { + if (sudo_version >= SUDO_API_MKVERSION(1, 15)) + *errstr = audit_msg; + } + debug_return_int(ret); } static void sudoers_policy_invalidate(int remove) { - debug_decl(sudoers_policy_invalidate, SUDOERS_DEBUG_PLUGIN) + debug_decl(sudoers_policy_invalidate, SUDOERS_DEBUG_PLUGIN); user_cmnd = "kill"; /* XXX - plugin API should support a return value for fatal errors. */ @@ -905,10 +1031,10 @@ static int sudoers_policy_list(int argc, char * const argv[], int verbose, - const char *list_user) + const char *list_user, const char **errstr) { int ret; - debug_decl(sudoers_policy_list, SUDOERS_DEBUG_PLUGIN) + debug_decl(sudoers_policy_list, SUDOERS_DEBUG_PLUGIN); user_cmnd = "list"; if (argc) @@ -928,13 +1054,18 @@ list_pw = NULL; } + /* The audit functions set audit_msg on failure. */ + if (ret != 1 && audit_msg != NULL) { + if (sudo_version >= SUDO_API_MKVERSION(1, 15)) + *errstr = audit_msg; + } debug_return_int(ret); } static int sudoers_policy_version(int verbose) { - debug_decl(sudoers_policy_version, SUDOERS_DEBUG_PLUGIN) + debug_decl(sudoers_policy_version, SUDOERS_DEBUG_PLUGIN); sudo_printf(SUDO_CONV_INFO_MSG, _("Sudoers policy plugin version %s\n"), PACKAGE_VERSION); @@ -999,5 +1130,6 @@ sudoers_policy_validate, sudoers_policy_invalidate, sudoers_policy_init_session, - sudoers_policy_register_hooks + sudoers_policy_register_hooks, + NULL /* event_alloc() filled in by sudo */ }; diff -Nru sudo-1.8.31/plugins/sudoers/prompt.c sudo-1.9.0/plugins/sudoers/prompt.c --- sudo-1.8.31/plugins/sudoers/prompt.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/prompt.c 2020-05-11 16:28:23.000000000 +0000 @@ -53,7 +53,7 @@ int subst; const char *p; char *np, *new_prompt, *endp; - debug_decl(expand_prompt, SUDOERS_DEBUG_AUTH) + debug_decl(expand_prompt, SUDOERS_DEBUG_AUTH); /* How much space do we need to malloc for the prompt? */ subst = 0; diff -Nru sudo-1.8.31/plugins/sudoers/pwutil.c sudo-1.9.0/plugins/sudoers/pwutil.c --- sudo-1.8.31/plugins/sudoers/pwutil.c 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/pwutil.c 2020-05-11 16:28:23.000000000 +0000 @@ -92,7 +92,7 @@ sudo_pwutil_set_backend(sudo_make_pwitem_t pwitem, sudo_make_gritem_t gritem, sudo_make_gidlist_item_t gidlist_item, sudo_make_grlist_item_t grlist_item) { - debug_decl(sudo_pwutil_set_backend, SUDOERS_DEBUG_NSS) + debug_decl(sudo_pwutil_set_backend, SUDOERS_DEBUG_NSS); make_pwitem = pwitem; make_gritem = gritem; @@ -158,7 +158,7 @@ void sudo_pw_addref(struct passwd *pw) { - debug_decl(sudo_pw_addref, SUDOERS_DEBUG_NSS) + debug_decl(sudo_pw_addref, SUDOERS_DEBUG_NSS); ptr_to_item(pw)->refcnt++; debug_return; } @@ -167,7 +167,7 @@ sudo_pw_delref_item(void *v) { struct cache_item *item = v; - debug_decl(sudo_pw_delref_item, SUDOERS_DEBUG_NSS) + debug_decl(sudo_pw_delref_item, SUDOERS_DEBUG_NSS); if (--item->refcnt == 0) free(item); @@ -178,7 +178,7 @@ void sudo_pw_delref(struct passwd *pw) { - debug_decl(sudo_pw_delref, SUDOERS_DEBUG_NSS) + debug_decl(sudo_pw_delref, SUDOERS_DEBUG_NSS); sudo_pw_delref_item(ptr_to_item(pw)); debug_return; } @@ -191,7 +191,7 @@ { struct cache_item key, *item; struct rbnode *node; - debug_decl(sudo_getpwuid, SUDOERS_DEBUG_NSS) + debug_decl(sudo_getpwuid, SUDOERS_DEBUG_NSS); if (pwcache_byuid == NULL) { pwcache_byuid = rbcreate(cmp_pwuid); @@ -262,7 +262,7 @@ { struct cache_item key, *item; struct rbnode *node; - debug_decl(sudo_getpwnam, SUDOERS_DEBUG_NSS) + debug_decl(sudo_getpwnam, SUDOERS_DEBUG_NSS); if (pwcache_byname == NULL) { pwcache_byname = rbcreate(cmp_pwnam); @@ -338,7 +338,7 @@ struct passwd *pw; size_t len, name_len, home_len, shell_len; int i; - debug_decl(sudo_mkpwent, SUDOERS_DEBUG_NSS) + debug_decl(sudo_mkpwent, SUDOERS_DEBUG_NSS); if (pwcache_byuid == NULL) pwcache_byuid = rbcreate(cmp_pwuid); @@ -434,7 +434,7 @@ { const char *errstr; uid_t uid; - debug_decl(sudo_fakepwnam, SUDOERS_DEBUG_NSS) + debug_decl(sudo_fakepwnam, SUDOERS_DEBUG_NSS); uid = (uid_t) sudo_strtoid(user + 1, &errstr); if (errstr != NULL) { @@ -448,7 +448,7 @@ void sudo_freepwcache(void) { - debug_decl(sudo_freepwcache, SUDOERS_DEBUG_NSS) + debug_decl(sudo_freepwcache, SUDOERS_DEBUG_NSS); if (pwcache_byuid != NULL) { rbdestroy(pwcache_byuid, sudo_pw_delref_item); @@ -481,7 +481,7 @@ void sudo_gr_addref(struct group *gr) { - debug_decl(sudo_gr_addref, SUDOERS_DEBUG_NSS) + debug_decl(sudo_gr_addref, SUDOERS_DEBUG_NSS); ptr_to_item(gr)->refcnt++; debug_return; } @@ -490,7 +490,7 @@ sudo_gr_delref_item(void *v) { struct cache_item *item = v; - debug_decl(sudo_gr_delref_item, SUDOERS_DEBUG_NSS) + debug_decl(sudo_gr_delref_item, SUDOERS_DEBUG_NSS); if (--item->refcnt == 0) free(item); @@ -501,7 +501,7 @@ void sudo_gr_delref(struct group *gr) { - debug_decl(sudo_gr_delref, SUDOERS_DEBUG_NSS) + debug_decl(sudo_gr_delref, SUDOERS_DEBUG_NSS); sudo_gr_delref_item(ptr_to_item(gr)); debug_return; } @@ -514,7 +514,7 @@ { struct cache_item key, *item; struct rbnode *node; - debug_decl(sudo_getgrgid, SUDOERS_DEBUG_NSS) + debug_decl(sudo_getgrgid, SUDOERS_DEBUG_NSS); if (grcache_bygid == NULL) { grcache_bygid = rbcreate(cmp_grgid); @@ -578,7 +578,7 @@ { struct cache_item key, *item; struct rbnode *node; - debug_decl(sudo_getgrnam, SUDOERS_DEBUG_NSS) + debug_decl(sudo_getgrnam, SUDOERS_DEBUG_NSS); if (grcache_byname == NULL) { grcache_byname = rbcreate(cmp_grnam); @@ -647,7 +647,7 @@ struct group *gr; size_t len, name_len; int i; - debug_decl(sudo_fakegrnam, SUDOERS_DEBUG_NSS) + debug_decl(sudo_fakegrnam, SUDOERS_DEBUG_NSS); if (grcache_bygid == NULL) grcache_bygid = rbcreate(cmp_grgid); @@ -722,7 +722,7 @@ void sudo_gidlist_addref(struct gid_list *gidlist) { - debug_decl(sudo_gidlist_addref, SUDOERS_DEBUG_NSS) + debug_decl(sudo_gidlist_addref, SUDOERS_DEBUG_NSS); ptr_to_item(gidlist)->refcnt++; debug_return; } @@ -731,7 +731,7 @@ sudo_gidlist_delref_item(void *v) { struct cache_item *item = v; - debug_decl(sudo_gidlist_delref_item, SUDOERS_DEBUG_NSS) + debug_decl(sudo_gidlist_delref_item, SUDOERS_DEBUG_NSS); if (--item->refcnt == 0) free(item); @@ -742,7 +742,7 @@ void sudo_gidlist_delref(struct gid_list *gidlist) { - debug_decl(sudo_gidlist_delref, SUDOERS_DEBUG_NSS) + debug_decl(sudo_gidlist_delref, SUDOERS_DEBUG_NSS); sudo_gidlist_delref_item(ptr_to_item(gidlist)); debug_return; } @@ -750,7 +750,7 @@ void sudo_grlist_addref(struct group_list *grlist) { - debug_decl(sudo_grlist_addref, SUDOERS_DEBUG_NSS) + debug_decl(sudo_grlist_addref, SUDOERS_DEBUG_NSS); ptr_to_item(grlist)->refcnt++; debug_return; } @@ -759,7 +759,7 @@ sudo_grlist_delref_item(void *v) { struct cache_item *item = v; - debug_decl(sudo_grlist_delref_item, SUDOERS_DEBUG_NSS) + debug_decl(sudo_grlist_delref_item, SUDOERS_DEBUG_NSS); if (--item->refcnt == 0) free(item); @@ -770,7 +770,7 @@ void sudo_grlist_delref(struct group_list *grlist) { - debug_decl(sudo_grlist_delref, SUDOERS_DEBUG_NSS) + debug_decl(sudo_grlist_delref, SUDOERS_DEBUG_NSS); sudo_grlist_delref_item(ptr_to_item(grlist)); debug_return; } @@ -778,7 +778,7 @@ void sudo_freegrcache(void) { - debug_decl(sudo_freegrcache, SUDOERS_DEBUG_NSS) + debug_decl(sudo_freegrcache, SUDOERS_DEBUG_NSS); if (grcache_bygid != NULL) { rbdestroy(grcache_bygid, sudo_gr_delref_item); @@ -805,7 +805,7 @@ { struct cache_item key, *item; struct rbnode *node; - debug_decl(sudo_get_grlist, SUDOERS_DEBUG_NSS) + debug_decl(sudo_get_grlist, SUDOERS_DEBUG_NSS); sudo_debug_printf(SUDO_DEBUG_DEBUG, "%s: looking up group names for %s", __func__, pw->pw_name); @@ -865,7 +865,7 @@ { struct cache_item key, *item; struct rbnode *node; - debug_decl(sudo_set_grlist, SUDOERS_DEBUG_NSS) + debug_decl(sudo_set_grlist, SUDOERS_DEBUG_NSS); if (grlist_cache == NULL) { grlist_cache = rbcreate(cmp_pwnam); @@ -906,7 +906,7 @@ { struct cache_item key, *item; struct rbnode *node; - debug_decl(sudo_get_gidlist, SUDOERS_DEBUG_NSS) + debug_decl(sudo_get_gidlist, SUDOERS_DEBUG_NSS); sudo_debug_printf(SUDO_DEBUG_DEBUG, "%s: looking up group-IDs for %s", __func__, pw->pw_name); @@ -967,7 +967,7 @@ { struct cache_item key, *item; struct rbnode *node; - debug_decl(sudo_set_gidlist, SUDOERS_DEBUG_NSS) + debug_decl(sudo_set_gidlist, SUDOERS_DEBUG_NSS); if (gidlist_cache == NULL) { gidlist_cache = rbcreate(cmp_gidlist); @@ -1012,7 +1012,7 @@ struct group *grp = NULL; bool matched = false; int i; - debug_decl(user_in_group, SUDOERS_DEBUG_NSS) + debug_decl(user_in_group, SUDOERS_DEBUG_NSS); /* * If it could be a sudo-style group-ID check gids first. diff -Nru sudo-1.8.31/plugins/sudoers/pwutil.h sudo-1.9.0/plugins/sudoers/pwutil.h --- sudo-1.8.31/plugins/sudoers/pwutil.h 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/pwutil.h 2020-05-11 16:28:23.000000000 +0000 @@ -45,7 +45,7 @@ /* * Container structs to simpify size and offset calculations and guarantee - * proper aligment of struct passwd, group, gid_list and group_list. + * proper alignment of struct passwd, group, gid_list and group_list. */ struct cache_item_pw { struct cache_item cache; diff -Nru sudo-1.8.31/plugins/sudoers/pwutil_impl.c sudo-1.9.0/plugins/sudoers/pwutil_impl.c --- sudo-1.8.31/plugins/sudoers/pwutil_impl.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/pwutil_impl.c 2020-05-11 16:28:23.000000000 +0000 @@ -87,7 +87,7 @@ size_t nsize, psize, csize, gsize, dsize, ssize, total; struct cache_item_pw *pwitem; struct passwd *pw, *newpw; - debug_decl(sudo_make_pwitem, SUDOERS_DEBUG_NSS) + debug_decl(sudo_make_pwitem, SUDOERS_DEBUG_NSS); /* Look up by name or uid. */ pw = name ? getpwnam(name) : getpwuid(uid); @@ -169,7 +169,7 @@ size_t nsize, psize, nmem, total, len; struct cache_item_gr *gritem; struct group *gr, *newgr; - debug_decl(sudo_make_gritem, SUDOERS_DEBUG_NSS) + debug_decl(sudo_make_gritem, SUDOERS_DEBUG_NSS); /* Look up by name or gid. */ gr = name ? getgrnam(name) : getgrgid(gid); @@ -247,7 +247,7 @@ struct gid_list *gidlist; GETGROUPS_T *gids; int i, ngids; - debug_decl(sudo_make_gidlist_item, SUDOERS_DEBUG_NSS) + debug_decl(sudo_make_gidlist_item, SUDOERS_DEBUG_NSS); /* Don't use user_gids if the entry type says we must query the db. */ if (type != ENTRY_TYPE_QUERIED && pw == sudo_user.pw && sudo_user.gids != NULL) { @@ -336,7 +336,7 @@ struct gid_list *gidlist; struct group *grp = NULL; int i, groupname_len; - debug_decl(sudo_make_grlist_item, SUDOERS_DEBUG_NSS) + debug_decl(sudo_make_grlist_item, SUDOERS_DEBUG_NSS); gidlist = sudo_get_gidlist(pw, ENTRY_TYPE_ANY); if (gidlist == NULL) { diff -Nru sudo-1.8.31/plugins/sudoers/rcstr.c sudo-1.9.0/plugins/sudoers/rcstr.c --- sudo-1.8.31/plugins/sudoers/rcstr.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/rcstr.c 2020-05-11 16:28:23.000000000 +0000 @@ -57,7 +57,7 @@ { size_t len = strlen(src); char *dst; - debug_decl(rcstr_dup, SUDOERS_DEBUG_UTIL) + debug_decl(rcstr_dup, SUDOERS_DEBUG_UTIL); dst = rcstr_alloc(len); memcpy(dst, src, len); @@ -69,7 +69,7 @@ rcstr_alloc(size_t len) { struct rcstr *rcs; - debug_decl(rcstr_dup, SUDOERS_DEBUG_UTIL) + debug_decl(rcstr_dup, SUDOERS_DEBUG_UTIL); /* Note: sizeof(struct rcstr) includes space for the NUL */ rcs = malloc(sizeof(struct rcstr) + len); @@ -86,7 +86,7 @@ rcstr_addref(const char *s) { struct rcstr *rcs; - debug_decl(rcstr_dup, SUDOERS_DEBUG_UTIL) + debug_decl(rcstr_dup, SUDOERS_DEBUG_UTIL); if (s == NULL) debug_return_ptr(NULL); @@ -100,7 +100,7 @@ rcstr_delref(const char *s) { struct rcstr *rcs; - debug_decl(rcstr_dup, SUDOERS_DEBUG_UTIL) + debug_decl(rcstr_dup, SUDOERS_DEBUG_UTIL); if (s != NULL) { rcs = __containerof((const void *)s, struct rcstr, str); diff -Nru sudo-1.8.31/plugins/sudoers/redblack.c sudo-1.9.0/plugins/sudoers/redblack.c --- sudo-1.8.31/plugins/sudoers/redblack.c 2019-10-28 12:27:46.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/redblack.c 2020-05-11 16:28:23.000000000 +0000 @@ -89,7 +89,7 @@ rbcreate(int (*compar)(const void *, const void*)) { struct rbtree *tree; - debug_decl(rbcreate, SUDOERS_DEBUG_RBTREE) + debug_decl(rbcreate, SUDOERS_DEBUG_RBTREE); if ((tree = malloc(sizeof(*tree))) == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, @@ -125,7 +125,7 @@ rotate_left(struct rbtree *tree, struct rbnode *node) { struct rbnode *child; - debug_decl(rotate_left, SUDOERS_DEBUG_RBTREE) + debug_decl(rotate_left, SUDOERS_DEBUG_RBTREE); child = node->right; node->right = child->left; @@ -151,7 +151,7 @@ rotate_right(struct rbtree *tree, struct rbnode *node) { struct rbnode *child; - debug_decl(rotate_right, SUDOERS_DEBUG_RBTREE) + debug_decl(rotate_right, SUDOERS_DEBUG_RBTREE); child = node->left; node->left = child->right; @@ -181,7 +181,7 @@ struct rbnode *node = rbfirst(tree); struct rbnode *parent = rbroot(tree); int res; - debug_decl(rbinsert, SUDOERS_DEBUG_RBTREE) + debug_decl(rbinsert, SUDOERS_DEBUG_RBTREE); /* Find correct insertion point. */ while (node != rbnil(tree)) { @@ -281,7 +281,7 @@ { struct rbnode *node = rbfirst(tree); int res; - debug_decl(rbfind, SUDOERS_DEBUG_RBTREE) + debug_decl(rbfind, SUDOERS_DEBUG_RBTREE); while (node != rbnil(tree)) { if ((res = tree->compar(key, node->data)) == 0) @@ -301,7 +301,7 @@ int (*func)(void *, void *), void *cookie, enum rbtraversal order) { int error; - debug_decl(rbapply_node, SUDOERS_DEBUG_RBTREE) + debug_decl(rbapply_node, SUDOERS_DEBUG_RBTREE); if (node != rbnil(tree)) { if (order == preorder) @@ -328,7 +328,7 @@ rbsuccessor(struct rbtree *tree, struct rbnode *node) { struct rbnode *succ; - debug_decl(rbsuccessor, SUDOERS_DEBUG_RBTREE) + debug_decl(rbsuccessor, SUDOERS_DEBUG_RBTREE); if ((succ = node->right) != rbnil(tree)) { while (succ->left != rbnil(tree)) @@ -349,7 +349,7 @@ static void rbdestroy_int(struct rbtree *tree, struct rbnode *node, void (*destroy)(void *)) { - debug_decl(rbdestroy_int, SUDOERS_DEBUG_RBTREE) + debug_decl(rbdestroy_int, SUDOERS_DEBUG_RBTREE); if (node != rbnil(tree)) { rbdestroy_int(tree, node->left, destroy); rbdestroy_int(tree, node->right, destroy); @@ -367,7 +367,7 @@ void rbdestroy(struct rbtree *tree, void (*destroy)(void *)) { - debug_decl(rbdestroy, SUDOERS_DEBUG_RBTREE) + debug_decl(rbdestroy, SUDOERS_DEBUG_RBTREE); rbdestroy_int(tree, rbfirst(tree), destroy); free(tree); debug_return; @@ -380,7 +380,7 @@ { struct rbnode *x, *y; void *data = z->data; - debug_decl(rbdelete, SUDOERS_DEBUG_RBTREE) + debug_decl(rbdelete, SUDOERS_DEBUG_RBTREE); if (z->left == rbnil(tree) || z->right == rbnil(tree)) y = z; @@ -422,7 +422,7 @@ rbrepair(struct rbtree *tree, struct rbnode *node) { struct rbnode *sibling; - debug_decl(rbrepair, SUDOERS_DEBUG_RBTREE) + debug_decl(rbrepair, SUDOERS_DEBUG_RBTREE); while (node->color == black && node != rbfirst(tree)) { if (node == node->parent->left) { diff -Nru sudo-1.8.31/plugins/sudoers/regress/check_symbols/check_symbols.c sudo-1.9.0/plugins/sudoers/regress/check_symbols/check_symbols.c --- sudo-1.8.31/plugins/sudoers/regress/check_symbols/check_symbols.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/regress/check_symbols/check_symbols.c 2020-05-11 16:28:23.000000000 +0000 @@ -41,7 +41,7 @@ usage(void) { fprintf(stderr, "usage: %s plugin.so symbols_file\n", getprogname()); - exit(1); + exit(EXIT_FAILURE); } int diff -Nru sudo-1.8.31/plugins/sudoers/regress/cvtsudoers/test30.sh sudo-1.9.0/plugins/sudoers/regress/cvtsudoers/test30.sh --- sudo-1.8.31/plugins/sudoers/regress/cvtsudoers/test30.sh 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/regress/cvtsudoers/test30.sh 2020-05-11 16:28:23.000000000 +0000 @@ -1,6 +1,6 @@ #!/bin/sh # -# Test alias expasion when converting to JSON. +# Test alias expansion when converting to JSON. # See https://bugzilla.sudo.ws/show_bug.cgi?id=853 # diff -Nru sudo-1.8.31/plugins/sudoers/regress/env_match/check_env_pattern.c sudo-1.9.0/plugins/sudoers/regress/env_match/check_env_pattern.c --- sudo-1.8.31/plugins/sudoers/regress/env_match/check_env_pattern.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/regress/env_match/check_env_pattern.c 2020-05-11 16:28:23.000000000 +0000 @@ -46,7 +46,7 @@ if (argc > 1) { if ((fp = fopen(argv[1], "r")) == NULL) { perror(argv[1]); - exit(1); + exit(EXIT_FAILURE); } } diff -Nru sudo-1.8.31/plugins/sudoers/regress/iolog_path/check_iolog_path.c sudo-1.9.0/plugins/sudoers/regress/iolog_path/check_iolog_path.c --- sudo-1.8.31/plugins/sudoers/regress/iolog_path/check_iolog_path.c 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/regress/iolog_path/check_iolog_path.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,217 +0,0 @@ -/* - * SPDX-License-Identifier: ISC - * - * Copyright (c) 2011-2013 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include - -#include -#include -#include -#ifdef HAVE_STRING_H -# include -#endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -# include -#endif /* HAVE_STRINGS_H */ -#include -#include -#include - -#define SUDO_ERROR_WRAP 0 - -#include "sudoers.h" -#include "def_data.c" - -struct sudo_user sudo_user; -struct passwd *list_pw; - -static char sessid[7]; - -__dso_public int main(int argc, char *argv[]); - -static void -usage(void) -{ - fprintf(stderr, "usage: %s datafile\n", getprogname()); - exit(1); -} - -static int -do_check(char *dir_in, char *file_in, char *tdir_out, char *tfile_out) -{ - char *path, *slash; - char dir_out[4096], file_out[4096]; - struct tm *timeptr; - time_t now; - int error = 0; - - /* - * Expand any strftime(3) escapes - * XXX - want to pass timeptr to expand_iolog_path - */ - time(&now); - timeptr = localtime(&now); - if (timeptr == NULL) - sudo_fatalx("localtime returned NULL"); - strftime(dir_out, sizeof(dir_out), tdir_out, timeptr); - strftime(file_out, sizeof(file_out), tfile_out, timeptr); - - path = expand_iolog_path(NULL, dir_in, file_in, &slash); - if (path == NULL) - sudo_fatalx("unable to expand I/O log path"); - *slash = '\0'; - if (strcmp(path, dir_out) != 0) { - sudo_warnx("%s: expected %s, got %s", dir_in, dir_out, path); - error = 1; - } - if (strcmp(slash + 1, file_out) != 0) { - sudo_warnx("%s: expected %s, got %s", file_in, file_out, slash + 1); - error = 1; - } - free(path); - - return error; -} - -#define MAX_STATE 12 - -int -main(int argc, char *argv[]) -{ - struct passwd pw, rpw; - size_t len; - FILE *fp; - char line[2048]; - char *file_in = NULL, *file_out = NULL; - char *dir_in = NULL, *dir_out = NULL; - const char *errstr; - int state = 0; - int errors = 0; - int tests = 0; - - initprogname(argc > 0 ? argv[0] : "check_iolog_path"); - - if (argc != 2) - usage(); - - fp = fopen(argv[1], "r"); - if (fp == NULL) - sudo_fatalx("unable to open %s", argv[1]); - - memset(&pw, 0, sizeof(pw)); - memset(&rpw, 0, sizeof(rpw)); - sudo_user.pw = &pw; - sudo_user._runas_pw = &rpw; - - /* - * Input consists of 12 lines: - * sequence number - * user name - * user gid - * runas user name - * runas gid - * hostname [short form] - * command - * dir [with escapes] - * file [with escapes] - * expanded dir - * expanded file - * empty line - */ - while (fgets(line, sizeof(line), fp) != NULL) { - len = strcspn(line, "\n"); - line[len] = '\0'; - - switch (state) { - case 0: - strlcpy(sessid, line, sizeof(sessid)); - break; - case 1: - if (user_name != NULL) - free(user_name); - user_name = strdup(line); - break; - case 2: - user_gid = (gid_t)sudo_strtoid(line, &errstr); - if (errstr != NULL) - sudo_fatalx("group ID %s: %s", line, errstr); - break; - case 3: - if (runas_pw->pw_name != NULL) - free(runas_pw->pw_name); - runas_pw->pw_name = strdup(line); - break; - case 4: - runas_pw->pw_gid = (gid_t)sudo_strtoid(line, &errstr); - if (errstr != NULL) - sudo_fatalx("group ID %s: %s", line, errstr); - break; - case 5: - if (user_shost != NULL) - free(user_shost); - user_shost = strdup(line); - break; - case 6: - if (user_base != NULL) - free(user_base); - user_base = strdup(line); - break; - case 7: - if (dir_in != NULL) - free(dir_in); - dir_in = strdup(line); - break; - case 8: - if (file_in != NULL) - free(file_in); - file_in = strdup(line); - break; - case 9: - if (dir_out != NULL) - free(dir_out); - dir_out = strdup(line); - break; - case 10: - if (file_out != NULL) - free(file_out); - file_out = strdup(line); - break; - case 11: - errors += do_check(dir_in, file_in, dir_out, file_out); - tests++; - break; - default: - sudo_fatalx("internal error, invalid state %d", state); - } - state = (state + 1) % MAX_STATE; - } - - if (tests != 0) { - printf("iolog_path: %d test%s run, %d errors, %d%% success rate\n", - tests, tests == 1 ? "" : "s", errors, - (tests - errors) * 100 / tests); - } - - exit(errors); -} - -bool -io_nextid(char *iolog_dir, char *fallback, char id[7]) -{ - memcpy(id, sessid, sizeof(sessid)); - return true; -} diff -Nru sudo-1.8.31/plugins/sudoers/regress/iolog_path/data sudo-1.9.0/plugins/sudoers/regress/iolog_path/data --- sudo-1.8.31/plugins/sudoers/regress/iolog_path/data 2019-10-28 12:27:46.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/regress/iolog_path/data 1970-01-01 00:00:00.000000000 +0000 @@ -1,96 +0,0 @@ -000001 -nobody -1 -root -0 -somehost -id -/var/log/sudo-io -%%{bogus} -/var/log/sudo-io -%%{bogus} - -000001 -nobody -1 -root -0 -somehost -id -/var/log/sudo-io -%%{seq} -/var/log/sudo-io -%%{seq} - -000001 -nobody -1 -root -0 -somehost -id -/var/log/sudo-io -%{seq} -/var/log/sudo-io -00/00/01 - -000001 -nobody -1 -root -0 -somehost -id -/var/log/sudo-io/%{user} -%{seq} -/var/log/sudo-io/nobody -00/00/01 - -000001 -nobody -1 -root -0 -somehost -su -/var/log/sudo-io/%{user}/%{runas_user} -%{command}_%Y%m%s_%H%M -/var/log/sudo-io/nobody/root -su_%Y%m%s_%H%M - -000001 -nobody -1 -root -0 -somehost -su -/var/log/sudo-io/ -/%{user}/%{runas_user}/%{command}_%Y%m%s_%H%M -/var/log/sudo-io -nobody/root/su_%Y%m%s_%H%M - -000001 -nobody -1 -root -0 -somehost -su -/var/log/sudo-io/%d%m%Y -%{user}/%{runas_user}/%{command} -/var/log/sudo-io/%d%m%Y -nobody/root/su - -000001 -nobody -1 -root -0 -somehost -su -//////// -%{user}/%{runas_user}/%{command} -/ -nobody/root/su - diff -Nru sudo-1.8.31/plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c sudo-1.9.0/plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c --- sudo-1.8.31/plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c 2019-10-28 12:27:46.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2018 Todd C. Miller + * Copyright (c) 2018-2020 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -37,7 +37,7 @@ #include "sudoers.h" #include "def_data.c" /* for iolog_path.c */ #include "sudo_plugin.h" -#include "iolog.h" +#include "sudo_iolog.h" extern struct io_plugin sudoers_io; @@ -52,7 +52,7 @@ usage(void) { fprintf(stderr, "usage: %s pathname\n", getprogname()); - exit(1); + exit(EXIT_FAILURE); } static int @@ -81,50 +81,65 @@ return len; } -bool -validate_iolog_info(const char *logfile) +static bool +validate_iolog_info(const char *log_dir, bool legacy) { + struct iolog_info *info; time_t now; - struct log_info *info; time(&now); /* Parse log file. */ - if ((info = parse_logfile(logfile)) == NULL) + if ((info = iolog_parse_loginfo(-1, log_dir)) == NULL) return false; - if (strcmp(info->cwd, "/") != 0) { - sudo_warnx("bad cwd: want \"/\", got \"%s\"", info->cwd); + if (info->cwd == NULL || strcmp(info->cwd, "/") != 0) { + sudo_warnx("bad cwd: want \"/\", got \"%s\"", + info->cwd ? info->cwd : "NULL"); return false; } - if (strcmp(info->user, "nobody") != 0) { - sudo_warnx("bad user: want \"nobody\" got \"%s\"", info->user); + /* No host in the legacy log file. */ + if (!legacy) { + if (info->host == NULL || strcmp(info->host, "localhost") != 0) { + sudo_warnx("bad host: want \"localhost\", got \"%s\"", + info->host ? info->host : "NULL"); + return false; + } + } + + if (info->user == NULL || strcmp(info->user, "nobody") != 0) { + sudo_warnx("bad user: want \"nobody\" got \"%s\"", + info->user ? info->user : "NULL"); return false; } - if (strcmp(info->runas_user, "root") != 0) { - sudo_warnx("bad runas_user: want \"root\" got \"%s\"", info->runas_user); + if (info->runas_user == NULL || strcmp(info->runas_user, "root") != 0) { + sudo_warnx("bad runas_user: want \"root\" got \"%s\"", + info->runas_user ? info->runas_user : "NULL"); return false; } + /* No runas group specified, should be NULL. */ if (info->runas_group != NULL) { - sudo_warnx("bad runas_group: want \"\" got \"%s\"", info->runas_user); + sudo_warnx("bad runas_group: want \"\" got \"%s\"", info->runas_group); return false; } - if (strcmp(info->tty, "/dev/console") != 0) { - sudo_warnx("bad tty: want \"/dev/console\" got \"%s\"", info->tty); + if (info->tty == NULL || strcmp(info->tty, "/dev/console") != 0) { + sudo_warnx("bad tty: want \"/dev/console\" got \"%s\"", + info->tty ? info->tty : "NULL"); return false; } - if (strcmp(info->cmd, "/usr/bin/id") != 0) { - sudo_warnx("bad command: want \"/usr/bin/id\" got \"%s\"", info->cmd); + if (info->cmd == NULL || strcmp(info->cmd, "/usr/bin/id") != 0) { + sudo_warnx("bad command: want \"/usr/bin/id\" got \"%s\"", + info->cmd ? info->cmd : "NULL"); return false; } - if (info->rows != 24) { - sudo_warnx("bad rows: want 24 got %d", info->rows); + if (info->lines != 24) { + sudo_warnx("bad lines: want 24 got %d", info->lines); return false; } @@ -133,13 +148,13 @@ return false; } - if (info->tstamp < now - 10 || info->tstamp > now + 10) { + if (info->tstamp.tv_sec < now - 10 || info->tstamp.tv_sec > now + 10) { sudo_warnx("bad tstamp: want %lld got %lld", (long long)now, - (long long)info->tstamp); + (long long)info->tstamp.tv_sec); return false; } - free_log_info(info); + iolog_free_loginfo(info); return true; } @@ -149,14 +164,13 @@ { struct timing_closure timing; char buf[LINE_MAX]; - struct timespec delay; if (!fgets(buf, sizeof(buf), fp)) { sudo_warn("unable to read timing file"); return false; } buf[strcspn(buf, "\n")] = '\0'; - if (!parse_timing(buf, &delay, &timing)) { + if (!iolog_parse_timing(buf, &timing)) { sudo_warnx("invalid timing file line: %s", buf); return false; } @@ -166,9 +180,9 @@ return false; } if (type == IO_EVENT_WINSIZE) { - if (timing.u.winsize.rows != (int)p1) { - sudo_warnx("record %d: want %u rows, got %u", recno, p1, - timing.u.winsize.rows); + if (timing.u.winsize.lines != (int)p1) { + sudo_warnx("record %d: want %u lines, got %u", recno, p1, + timing.u.winsize.lines); return false; } if (timing.u.winsize.cols != (int)p2) { @@ -183,9 +197,9 @@ return false; } } - if (delay.tv_sec != 0 || delay.tv_nsec > 10000000) { + if (timing.delay.tv_sec != 0) { sudo_warnx("record %d: got excessive delay %lld.%09ld", recno, - (long long)delay.tv_sec, delay.tv_nsec); + (long long)timing.delay.tv_sec, timing.delay.tv_nsec); return false; } @@ -200,6 +214,7 @@ test_endpoints(int *ntests, int *nerrors, const char *iolog_dir, char *envp[]) { int rc, cmnd_argc = 1; + const char *errstr = NULL; char buf[1024], iolog_path[PATH_MAX]; char runas_gid[64], runas_uid[64]; FILE *fp; @@ -211,6 +226,7 @@ "cols=80", "lines=24", "cwd=/", + "host=localhost", "tty=/dev/console", "user=nobody", NULL @@ -245,7 +261,7 @@ /* Test open endpoint. */ rc = sudoers_io.open(SUDO_API_VERSION, NULL, sudo_printf_int, settings, - user_info, command_info, cmnd_argc, cmnd_argv, envp, NULL); + user_info, command_info, cmnd_argc, cmnd_argv, envp, NULL, &errstr); (*ntests)++; if (rc != 1) { sudo_warnx("I/O log open endpoint failed"); @@ -253,14 +269,8 @@ return; } - /* Validate I/O log info file. */ - (*ntests)++; - snprintf(iolog_path, sizeof(iolog_path), "%s/log", iolog_dir); - if (!validate_iolog_info(iolog_path)) - (*nerrors)++; - /* Test log_ttyout endpoint. */ - rc = sudoers_io.log_ttyout(output, strlen(output)); + rc = sudoers_io.log_ttyout(output, strlen(output), &errstr); (*ntests)++; if (rc != 1) { sudo_warnx("I/O log_ttyout endpoint failed"); @@ -269,14 +279,14 @@ } /* Test change_winsize endpoint (twice). */ - rc = sudoers_io.change_winsize(32, 128); + rc = sudoers_io.change_winsize(32, 128, &errstr); (*ntests)++; if (rc != 1) { sudo_warnx("I/O change_winsize endpoint failed"); (*nerrors)++; return; } - rc = sudoers_io.change_winsize(24, 80); + rc = sudoers_io.change_winsize(24, 80, &errstr); (*ntests)++; if (rc != 1) { sudo_warnx("I/O change_winsize endpoint failed"); @@ -287,6 +297,18 @@ /* Close the plugin. */ sudoers_io.close(0, 0); + /* Validate I/O log info file (json). */ + (*ntests)++; + if (!validate_iolog_info(iolog_dir, false)) + (*nerrors)++; + + /* Validate I/O log info file (legacy). */ + snprintf(iolog_path, sizeof(iolog_path), "%s/log.json", iolog_dir); + unlink(iolog_path); + (*ntests)++; + if (!validate_iolog_info(iolog_dir, true)) + (*nerrors)++; + /* Validate the timing file. */ snprintf(iolog_path, sizeof(iolog_path), "%s/timing", iolog_dir); (*ntests)++; @@ -338,7 +360,7 @@ int main(int argc, char *argv[], char *envp[]) { - struct passwd pw, rpw, *tpw; + struct passwd *tpw; int tests = 0, errors = 0; const char *iolog_dir; @@ -348,21 +370,20 @@ usage(); iolog_dir = argv[1]; - /* Bare minimum to link. */ - memset(&pw, 0, sizeof(pw)); - memset(&rpw, 0, sizeof(rpw)); + /* Set runas user. */ if ((tpw = getpwuid(0)) == NULL) { if ((tpw = getpwnam("root")) == NULL) sudo_fatalx("unable to look up uid 0 or root"); } - rpw.pw_uid = tpw->pw_uid; - rpw.pw_gid = tpw->pw_gid; - sudo_user.pw = &pw; - sudo_user._runas_pw = &rpw; + sudo_user._runas_pw = pw_dup(tpw); + + /* Set invoking user. */ + if ((tpw = getpwuid(geteuid())) == NULL) + sudo_fatalx("unable to look up invoking user's uid"); + sudo_user.pw = pw_dup(tpw); /* Set iolog uid/gid to invoking user. */ - iolog_uid = geteuid(); - iolog_gid = getegid(); + iolog_set_owner(sudo_user.pw->pw_uid, sudo_user.pw->pw_gid); test_endpoints(&tests, &errors, iolog_dir, envp); diff -Nru sudo-1.8.31/plugins/sudoers/regress/iolog_util/check_iolog_util.c sudo-1.9.0/plugins/sudoers/regress/iolog_util/check_iolog_util.c --- sudo-1.8.31/plugins/sudoers/regress/iolog_util/check_iolog_util.c 2019-10-28 12:27:46.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/regress/iolog_util/check_iolog_util.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,153 +0,0 @@ -/* - * SPDX-License-Identifier: ISC - * - * Copyright (c) 2018 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include - -#include -#include -#include -#ifdef HAVE_STRING_H -# include -#endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -# include -#endif /* HAVE_STRINGS_H */ -#include -#include - -#define SUDO_ERROR_WRAP 0 - -#include "sudo_compat.h" -#include "sudo_util.h" -#include "sudo_fatal.h" -#include "iolog.h" - -__dso_public int main(int argc, char *argv[]); - -static struct parse_delay_test { - const char *input; - const char *next_field; - struct timespec expected_delay; -} parse_delay_tests[] = { - { "10.99999999999 X", "X", { 10, 999999999 } }, /* clamp to nsec */ - { "10.999999999 X", "X", { 10, 999999999 } }, /* nsec */ - { "10.999999 X", "X", { 10, 999999000 } }, /* usec -> nsec */ - { "10.000999999 X", "X", { 10, 999999 } }, - { "10.9 X", "X", { 10, 900000000 } }, - { "10.0 X", "X", { 10, 0 } } -}; - -/* - * Test parse_delay() - */ -void -test_parse_delay(int *ntests, int *nerrors) -{ - unsigned int i; - - for (i = 0; i < nitems(parse_delay_tests); i++) { - struct timespec delay; - struct parse_delay_test *test = &parse_delay_tests[i]; - char *cp = parse_delay(test->input, &delay, "."); - if (cp == NULL) { - sudo_warnx("%s:%u failed to parse delay: %s", __func__, - i, test->input); - (*nerrors)++; - continue; - } - if (strcmp(cp, test->next_field) != 0) { - sudo_warnx("%s:%u next field (want \"%s\", got \"%s\"", __func__, - i, test->next_field, cp); - (*nerrors)++; - continue; - } - if (delay.tv_sec != test->expected_delay.tv_sec) { - sudo_warnx("%s:%u wrong seconds (want %lld, got %lld)", __func__, - i, (long long)test->expected_delay.tv_sec, - (long long)delay.tv_sec); - (*nerrors)++; - continue; - } - if (delay.tv_nsec != test->expected_delay.tv_nsec) { - sudo_warnx("%s:%u wrong nanoseconds (want %ld, got %ld)", __func__, - i, test->expected_delay.tv_nsec, delay.tv_nsec); - (*nerrors)++; - continue; - } - } - (*ntests) += i; -} - -static struct adjust_delay_test { - struct timespec in_delay; - struct timespec out_delay; - struct timespec max_delay; - double scale_factor; -} adjust_delay_tests[] = { - { { 10, 300 }, { 10, 300 }, { 0, 0 }, 1.0 }, - { { 10, 300 }, { 5, 150 }, { 0, 0 }, 2.0 }, - { { 5, 300 }, { 2, 500000150 }, { 0, 0 }, 2.0 }, - { { 0, 1000000 }, { 0, 333333 }, { 0, 0 }, 3 }, - { { 10, 1000000 }, { 3, 333666666 }, { 0, 0 }, 3 }, - { { 5, 150 }, { 10, 300 }, { 0, 0 }, 0.5 }, - { { 5, 500000000 }, { 11, 0 }, { 0, 0 }, 0.5 }, - { { 5, 150 }, { 5, 0 }, { 5, 0 }, 0.5 } -}; - -/* - * Test adjust_delay() - */ -void -test_adjust_delay(int *ntests, int *nerrors) -{ - unsigned int i; - - for (i = 0; i < nitems(adjust_delay_tests); i++) { - struct adjust_delay_test *test = &adjust_delay_tests[i]; - - adjust_delay(&test->in_delay, sudo_timespecisset(&test->max_delay) ? - &test->max_delay : NULL, test->scale_factor); - if (!sudo_timespeccmp(&test->in_delay, &test->out_delay, ==)) { - sudo_warnx("%s:%u want {%lld, %ld}, got {%lld, %ld}", __func__, i, - (long long)test->out_delay.tv_sec, test->out_delay.tv_nsec, - (long long)test->in_delay.tv_sec, test->in_delay.tv_nsec); - (*nerrors)++; - } - } - (*ntests) += i; -} - -int -main(int argc, char *argv[]) -{ - int tests = 0, errors = 0; - - initprogname(argc > 0 ? argv[0] : "check_iolog_util"); - - test_parse_delay(&tests, &errors); - - test_adjust_delay(&tests, &errors); - - if (tests != 0) { - printf("check_iolog_util: %d test%s run, %d errors, %d%% success rate\n", - tests, tests == 1 ? "" : "s", errors, - (tests - errors) * 100 / tests); - } - - exit(errors); -} diff -Nru sudo-1.8.31/plugins/sudoers/regress/logging/check_wrap.c sudo-1.9.0/plugins/sudoers/regress/logging/check_wrap.c --- sudo-1.8.31/plugins/sudoers/regress/logging/check_wrap.c 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/regress/logging/check_wrap.c 2020-05-11 16:28:23.000000000 +0000 @@ -44,7 +44,7 @@ usage(void) { fprintf(stderr, "usage: %s inputfile\n", getprogname()); - exit(1); + exit(EXIT_FAILURE); } int diff -Nru sudo-1.8.31/plugins/sudoers/regress/parser/check_addr.c sudo-1.9.0/plugins/sudoers/regress/parser/check_addr.c --- sudo-1.8.31/plugins/sudoers/regress/parser/check_addr.c 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/regress/parser/check_addr.c 2020-05-11 16:28:23.000000000 +0000 @@ -77,7 +77,7 @@ usage(void) { fprintf(stderr, "usage: %s datafile\n", getprogname()); - exit(1); + exit(EXIT_FAILURE); } int diff -Nru sudo-1.8.31/plugins/sudoers/regress/sudoers/test10.json.ok sudo-1.9.0/plugins/sudoers/regress/sudoers/test10.json.ok --- sudo-1.8.31/plugins/sudoers/regress/sudoers/test10.json.ok 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/regress/sudoers/test10.json.ok 2020-05-11 16:28:23.000000000 +0000 @@ -1,2 +0,0 @@ -{ -} diff -Nru sudo-1.8.31/plugins/sudoers/regress/sudoers/test14.in sudo-1.9.0/plugins/sudoers/regress/sudoers/test14.in --- sudo-1.8.31/plugins/sudoers/regress/sudoers/test14.in 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/regress/sudoers/test14.in 2020-05-11 16:28:23.000000000 +0000 @@ -1,4 +1,6 @@ -Cmnd_Alias LS = sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1 /bin/ls -Cmnd_Alias SH = sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM= /bin/sh +Cmnd_Alias LS = sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1, sha224:d7910e1967342b4605cb73a550944044c631cd3514001900966962ac /bin/ls +Cmnd_Alias SH = sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= /bin/sh millert ALL = LS, SH, sha512:srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw /bin/kill + +operator ALL = sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= ALL diff -Nru sudo-1.8.31/plugins/sudoers/regress/sudoers/test14.json.ok sudo-1.9.0/plugins/sudoers/regress/sudoers/test14.json.ok --- sudo-1.8.31/plugins/sudoers/regress/sudoers/test14.json.ok 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/regress/sudoers/test14.json.ok 2020-05-11 16:28:23.000000000 +0000 @@ -3,13 +3,15 @@ "LS": [ { "command": "/bin/ls", - "sha224": "d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1" + "sha224": "d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1", + "sha224": "d7910e1967342b4605cb73a550944044c631cd3514001900966962ac" } ], "SH": [ { "command": "/bin/sh", - "sha256": "hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=" + "sha256": "hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=", + "sha256": "1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4=" } ] }, @@ -32,6 +34,28 @@ } ] } + ] + }, + { + "User_List": [ + { "username": "operator" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "setenv": true } + ], + "Commands": [ + { + "command": "ALL", + "sha256": "hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=", + "sha256": "1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4=" + } + ] + } ] } ] diff -Nru sudo-1.8.31/plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok sudo-1.9.0/plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok --- sudo-1.8.31/plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok 2020-05-11 16:28:23.000000000 +0000 @@ -1,5 +1,11 @@ # sudoRole millert -millert ALL = sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1\ - /bin/ls, sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM= /bin/sh,\ +millert ALL = sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1,\ + sha224:d7910e1967342b4605cb73a550944044c631cd3514001900966962ac /bin/ls,\ + sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=,\ + sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= /bin/sh,\ sha512:srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw\ /bin/kill + +# sudoRole operator +operator ALL = sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=,\ + sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= ALL diff -Nru sudo-1.8.31/plugins/sudoers/regress/sudoers/test14.ldif.ok sudo-1.9.0/plugins/sudoers/regress/sudoers/test14.ldif.ok --- sudo-1.8.31/plugins/sudoers/regress/sudoers/test14.ldif.ok 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/regress/sudoers/test14.ldif.ok 2020-05-11 16:28:23.000000000 +0000 @@ -4,8 +4,17 @@ cn: millert sudoUser: millert sudoHost: ALL -sudoCommand: sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1 /bin/ls -sudoCommand: sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM= /bin/sh +sudoCommand: sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1, sha224:d7910e1967342b4605cb73a550944044c631cd3514001900966962ac /bin/ls +sudoCommand: sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= /bin/sh sudoCommand: sha512:srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw /bin/kill sudoOrder: 1 +dn: cn=operator,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: operator +sudoUser: operator +sudoHost: ALL +sudoCommand: sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= ALL +sudoOrder: 2 + diff -Nru sudo-1.8.31/plugins/sudoers/regress/sudoers/test14.out.ok sudo-1.9.0/plugins/sudoers/regress/sudoers/test14.out.ok --- sudo-1.8.31/plugins/sudoers/regress/sudoers/test14.out.ok 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/regress/sudoers/test14.out.ok 2020-05-11 16:28:23.000000000 +0000 @@ -1,6 +1,7 @@ Parses OK. -Cmnd_Alias LS = sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1 /bin/ls -Cmnd_Alias SH = sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM= /bin/sh +Cmnd_Alias LS = sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1, sha224:d7910e1967342b4605cb73a550944044c631cd3514001900966962ac /bin/ls +Cmnd_Alias SH = sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= /bin/sh millert ALL = LS, SH, sha512:srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw /bin/kill +operator ALL = sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= ALL diff -Nru sudo-1.8.31/plugins/sudoers/regress/sudoers/test14.toke.ok sudo-1.9.0/plugins/sudoers/regress/sudoers/test14.toke.ok --- sudo-1.8.31/plugins/sudoers/regress/sudoers/test14.toke.ok 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/regress/sudoers/test14.toke.ok 2020-05-11 16:28:23.000000000 +0000 @@ -1,4 +1,6 @@ -CMNDALIAS ALIAS = SHA224_TOK : DIGEST COMMAND -CMNDALIAS ALIAS = SHA256_TOK : DIGEST COMMAND +CMNDALIAS ALIAS = SHA224_TOK : DIGEST , SHA224_TOK : DIGEST COMMAND +CMNDALIAS ALIAS = SHA256_TOK : DIGEST , SHA256_TOK : DIGEST COMMAND WORD(5) ALL = ALIAS , ALIAS , SHA512_TOK : DIGEST COMMAND + +WORD(5) ALL = SHA256_TOK : DIGEST , SHA256_TOK : DIGEST ALL diff -Nru sudo-1.8.31/plugins/sudoers/regress/sudoers/test23.in sudo-1.9.0/plugins/sudoers/regress/sudoers/test23.in --- sudo-1.8.31/plugins/sudoers/regress/sudoers/test23.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/regress/sudoers/test23.in 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,11 @@ +# Test parsing of env_check, env_delete and env_keep +Defaults env_check = "COLORTERM LANG LANGUAGE LC_* LINGUAS" +Defaults env_check += "TERM TZ" + +Defaults env_delete = "IFS CDPATH LOCALDOMAIN RES_OPTIONS HOSTALIASES" +Defaults env_delete += "NLSPATH PATH_LOCALE LD_* _RLD*" + +Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" +Defaults env_keep -= _XKB_CHARSET +Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" +Defaults env_keep += XDG_SESSION_COOKIE diff -Nru sudo-1.8.31/plugins/sudoers/regress/sudoers/test23.json.ok sudo-1.9.0/plugins/sudoers/regress/sudoers/test23.json.ok --- sudo-1.8.31/plugins/sudoers/regress/sudoers/test23.json.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/regress/sudoers/test23.json.ok 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,102 @@ +{ + "Defaults": [ + { + "Options": [ + { + "operation": "list_assign", + "env_check": [ + "COLORTERM", + "LANG", + "LANGUAGE", + "LC_*", + "LINGUAS" + ] + } + ] + }, + { + "Options": [ + { + "operation": "list_add", + "env_check": [ + "TERM", + "TZ" + ] + } + ] + }, + { + "Options": [ + { + "operation": "list_assign", + "env_delete": [ + "IFS", + "CDPATH", + "LOCALDOMAIN", + "RES_OPTIONS", + "HOSTALIASES" + ] + } + ] + }, + { + "Options": [ + { + "operation": "list_add", + "env_delete": [ + "NLSPATH", + "PATH_LOCALE", + "LD_*", + "_RLD*" + ] + } + ] + }, + { + "Options": [ + { + "operation": "list_add", + "env_keep": [ + "LANG", + "LANGUAGE", + "LINGUAS", + "LC_*", + "_XKB_CHARSET" + ] + } + ] + }, + { + "Options": [ + { + "operation": "list_remove", + "env_keep": [ + "_XKB_CHARSET" + ] + } + ] + }, + { + "Options": [ + { + "operation": "list_add", + "env_keep": [ + "XAPPLRESDIR", + "XFILESEARCHPATH", + "XUSERFILESEARCHPATH" + ] + } + ] + }, + { + "Options": [ + { + "operation": "list_add", + "env_keep": [ + "XDG_SESSION_COOKIE" + ] + } + ] + } + ] +} diff -Nru sudo-1.8.31/plugins/sudoers/regress/sudoers/test23.ldif2sudo.ok sudo-1.9.0/plugins/sudoers/regress/sudoers/test23.ldif2sudo.ok --- sudo-1.8.31/plugins/sudoers/regress/sudoers/test23.ldif2sudo.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/regress/sudoers/test23.ldif2sudo.ok 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,8 @@ +Defaults env_check="COLORTERM LANG LANGUAGE LC_* LINGUAS" +Defaults env_check+="TERM TZ" +Defaults env_delete="IFS CDPATH LOCALDOMAIN RES_OPTIONS HOSTALIASES" +Defaults env_delete+="NLSPATH PATH_LOCALE LD_* _RLD*" +Defaults env_keep+="LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" +Defaults env_keep-=_XKB_CHARSET +Defaults env_keep+="XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" +Defaults env_keep+=XDG_SESSION_COOKIE diff -Nru sudo-1.8.31/plugins/sudoers/regress/sudoers/test23.ldif.ok sudo-1.9.0/plugins/sudoers/regress/sudoers/test23.ldif.ok --- sudo-1.8.31/plugins/sudoers/regress/sudoers/test23.ldif.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/regress/sudoers/test23.ldif.ok 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,14 @@ +dn: cn=defaults,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: defaults +description: Default sudoOption's go here +sudoOption: env_check=COLORTERM LANG LANGUAGE LC_* LINGUAS +sudoOption: env_check+=TERM TZ +sudoOption: env_delete=IFS CDPATH LOCALDOMAIN RES_OPTIONS HOSTALIASES +sudoOption: env_delete+=NLSPATH PATH_LOCALE LD_* _RLD* +sudoOption: env_keep+=LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET +sudoOption: env_keep-=_XKB_CHARSET +sudoOption: env_keep+=XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH +sudoOption: env_keep+=XDG_SESSION_COOKIE + diff -Nru sudo-1.8.31/plugins/sudoers/regress/sudoers/test23.out.ok sudo-1.9.0/plugins/sudoers/regress/sudoers/test23.out.ok --- sudo-1.8.31/plugins/sudoers/regress/sudoers/test23.out.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/regress/sudoers/test23.out.ok 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,10 @@ +Parses OK. + +Defaults env_check="COLORTERM LANG LANGUAGE LC_* LINGUAS" +Defaults env_check+="TERM TZ" +Defaults env_delete="IFS CDPATH LOCALDOMAIN RES_OPTIONS HOSTALIASES" +Defaults env_delete+="NLSPATH PATH_LOCALE LD_* _RLD*" +Defaults env_keep+="LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" +Defaults env_keep-=_XKB_CHARSET +Defaults env_keep+="XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" +Defaults env_keep+=XDG_SESSION_COOKIE diff -Nru sudo-1.8.31/plugins/sudoers/regress/sudoers/test23.sudo.ok sudo-1.9.0/plugins/sudoers/regress/sudoers/test23.sudo.ok --- sudo-1.8.31/plugins/sudoers/regress/sudoers/test23.sudo.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/regress/sudoers/test23.sudo.ok 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,8 @@ +Defaults env_check="COLORTERM LANG LANGUAGE LC_* LINGUAS" +Defaults env_check+="TERM TZ" +Defaults env_delete="IFS CDPATH LOCALDOMAIN RES_OPTIONS HOSTALIASES" +Defaults env_delete+="NLSPATH PATH_LOCALE LD_* _RLD*" +Defaults env_keep+="LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" +Defaults env_keep-=_XKB_CHARSET +Defaults env_keep+="XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" +Defaults env_keep+=XDG_SESSION_COOKIE diff -Nru sudo-1.8.31/plugins/sudoers/regress/sudoers/test23.toke.ok sudo-1.9.0/plugins/sudoers/regress/sudoers/test23.toke.ok --- sudo-1.8.31/plugins/sudoers/regress/sudoers/test23.toke.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/regress/sudoers/test23.toke.ok 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,11 @@ +# +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR += BEGINSTR STRBODY ENDSTR WORD(4) + +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR += BEGINSTR STRBODY ENDSTR WORD(4) + +DEFAULTS DEFVAR += BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR -= WORD(2) +DEFAULTS DEFVAR += BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR += WORD(2) diff -Nru sudo-1.8.31/plugins/sudoers/regress/sudoers/test9.json.ok sudo-1.9.0/plugins/sudoers/regress/sudoers/test9.json.ok --- sudo-1.8.31/plugins/sudoers/regress/sudoers/test9.json.ok 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/regress/sudoers/test9.json.ok 2020-05-11 16:28:23.000000000 +0000 @@ -1,2 +0,0 @@ -{ -} diff -Nru sudo-1.8.31/plugins/sudoers/regress/testsudoers/test8.out.ok sudo-1.9.0/plugins/sudoers/regress/testsudoers/test8.out.ok --- sudo-1.8.31/plugins/sudoers/regress/testsudoers/test8.out.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/regress/testsudoers/test8.out.ok 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,10 @@ +Parses OK. + +Entries for user root: + +ALL = ALL + host matched + runas matched + cmnd allowed + +Command allowed diff -Nru sudo-1.8.31/plugins/sudoers/regress/testsudoers/test8.sh sudo-1.9.0/plugins/sudoers/regress/testsudoers/test8.sh --- sudo-1.8.31/plugins/sudoers/regress/testsudoers/test8.sh 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/regress/testsudoers/test8.sh 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,13 @@ +#!/bin/sh +# +# Test #include facility w/o a final newline. +# Same as test2.sh but missing the final newline. +# + +MYUID=`\ls -ln $TESTDIR/test2.inc | awk '{print $3}'` +MYGID=`\ls -ln $TESTDIR/test2.inc | awk '{print $4}'` +exec 2>&1 +printf "#include $TESTDIR/test2.inc" | \ + ./testsudoers -U $MYUID -G $MYGID root id + +exit 0 diff -Nru sudo-1.8.31/plugins/sudoers/set_perms.c sudo-1.9.0/plugins/sudoers/set_perms.c --- sudo-1.8.31/plugins/sudoers/set_perms.c 2019-10-28 12:27:46.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/set_perms.c 2020-05-11 16:28:23.000000000 +0000 @@ -84,7 +84,7 @@ bool rewind_perms(void) { - debug_decl(rewind_perms, SUDOERS_DEBUG_PERMS) + debug_decl(rewind_perms, SUDOERS_DEBUG_PERMS); if (perm_stack_depth != 0) { while (perm_stack_depth > 1) { @@ -114,7 +114,7 @@ struct perm_state *state, *ostate = NULL; char errbuf[1024]; const char *errstr = errbuf; - debug_decl(set_perms, SUDOERS_DEBUG_PERMS) + debug_decl(set_perms, SUDOERS_DEBUG_PERMS); if (perm_stack_depth == PERM_STACK_MAX) { errstr = N_("perm stack overflow"); @@ -356,37 +356,6 @@ goto bad; } break; - - case PERM_IOLOG: - state->gidlist = ostate->gidlist; - sudo_gidlist_addref(state->gidlist); - state->rgid = ostate->rgid; - state->egid = iolog_gid; - state->sgid = ostate->sgid; - state->ruid = ROOT_UID; - state->euid = iolog_uid; - state->suid = ROOT_UID; - sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_IOLOG: gid: " - "[%d, %d, %d] -> [%d, %d, %d]", __func__, - (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, - (int)state->rgid, (int)state->egid, (int)state->sgid); - if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) { - (void)snprintf(errbuf, sizeof(errbuf), - "PERM_IOLOG: setresgid(%d, %d, %d)", - (int)ID(rgid), (int)ID(egid), (int)ID(sgid)); - goto bad; - } - sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_IOLOG: uid: " - "[%d, %d, %d] -> [%d, %d, %d]", __func__, - (int)ostate->ruid, (int)ostate->euid, (int)ostate->suid, - (int)state->ruid, (int)state->euid, (int)state->suid); - if (UID_CHANGED && setresuid(ID(ruid), ID(euid), ID(suid))) { - (void)snprintf(errbuf, sizeof(errbuf), - "PERM_IOLOG: setresuid(%d, %d, %d)", - (int)ID(ruid), (int)ID(euid), (int)ID(suid)); - goto bad; - } - break; } perm_stack_depth++; @@ -403,7 +372,7 @@ restore_perms(void) { struct perm_state *state, *ostate; - debug_decl(restore_perms, SUDOERS_DEBUG_PERMS) + debug_decl(restore_perms, SUDOERS_DEBUG_PERMS); if (perm_stack_depth < 2) { sudo_warnx(U_("perm stack underflow")); @@ -472,7 +441,7 @@ struct perm_state *state, *ostate = NULL; char errbuf[1024]; const char *errstr = errbuf; - debug_decl(set_perms, SUDOERS_DEBUG_PERMS) + debug_decl(set_perms, SUDOERS_DEBUG_PERMS); if (perm_stack_depth == PERM_STACK_MAX) { errstr = N_("perm stack overflow"); @@ -726,46 +695,6 @@ } } break; - - case PERM_IOLOG: - state->gidlist = ostate->gidlist; - sudo_gidlist_addref(state->gidlist); - state->rgid = ostate->rgid; - state->egid = iolog_gid; - state->sgid = ostate->sgid; - state->ruid = ROOT_UID; - state->euid = iolog_uid; - state->suid = ROOT_UID; - sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_IOLOG: gid: " - "[%d, %d, %d] -> [%d, %d, %d]", __func__, - (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, - (int)state->rgid, (int)state->egid, (int)state->sgid); - if (GID_CHANGED && setgidx(ID_EFFECTIVE, iolog_gid)) { - (void)snprintf(errbuf, sizeof(errbuf), - "PERM_IOLOG: setgidx(ID_EFFECTIVE, %d)", (int)iolog_gid); - goto bad; - } - sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_IOLOG: uid: " - "[%d, %d, %d] -> [%d, %d, %d]", __func__, - (int)ostate->ruid, (int)ostate->euid, (int)ostate->suid, - (int)state->ruid, (int)state->euid, (int)state->suid); - if (UID_CHANGED) { - if (ostate->ruid != ROOT_UID || ostate->suid != ROOT_UID) { - if (setuidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, ROOT_UID)) { - (void)snprintf(errbuf, sizeof(errbuf), - "PERM_IOLOG: setuidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, %d)", - ROOT_UID); - goto bad; - } - } - if (setuidx(ID_EFFECTIVE, timestamp_uid)) { - (void)snprintf(errbuf, sizeof(errbuf), - "PERM_IOLOG: setuidx(ID_EFFECTIVE, %d)", - (int)timestamp_uid); - goto bad; - } - } - break; } perm_stack_depth++; @@ -782,7 +711,7 @@ restore_perms(void) { struct perm_state *state, *ostate; - debug_decl(restore_perms, SUDOERS_DEBUG_PERMS) + debug_decl(restore_perms, SUDOERS_DEBUG_PERMS); if (perm_stack_depth < 2) { sudo_warnx(U_("perm stack underflow")); @@ -915,7 +844,7 @@ struct perm_state *state, *ostate = NULL; char errbuf[1024]; const char *errstr = errbuf; - debug_decl(set_perms, SUDOERS_DEBUG_PERMS) + debug_decl(set_perms, SUDOERS_DEBUG_PERMS); if (perm_stack_depth == PERM_STACK_MAX) { errstr = N_("perm stack overflow"); @@ -1129,33 +1058,6 @@ goto bad; } break; - - case PERM_IOLOG: - state->gidlist = ostate->gidlist; - sudo_gidlist_addref(state->gidlist); - state->rgid = ostate->rgid; - state->egid = iolog_gid; - state->ruid = ROOT_UID; - state->euid = iolog_uid; - sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_IOLOG: gid: " - "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, - (int)ostate->egid, (int)state->rgid, (int)state->egid); - if (GID_CHANGED && setregid(ID(rgid), ID(egid))) { - (void)snprintf(errbuf, sizeof(errbuf), - "PERM_IOLOG: setregid(%d, %d)", - (int)ID(rgid), (int)ID(egid)); - goto bad; - } - sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_IOLOG: uid: " - "[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid, - (int)ostate->euid, (int)state->ruid, (int)state->euid); - if (UID_CHANGED && setreuid(ID(ruid), ID(euid))) { - (void)snprintf(errbuf, sizeof(errbuf), - "PERM_IOLOG: setreuid(%d, %d)", - (int)ID(ruid), (int)ID(euid)); - goto bad; - } - break; } perm_stack_depth++; @@ -1172,7 +1074,7 @@ restore_perms(void) { struct perm_state *state, *ostate; - debug_decl(restore_perms, SUDOERS_DEBUG_PERMS) + debug_decl(restore_perms, SUDOERS_DEBUG_PERMS); if (perm_stack_depth < 2) { sudo_warnx(U_("perm stack underflow")); @@ -1248,7 +1150,7 @@ struct perm_state *state, *ostate = NULL; char errbuf[1024]; const char *errstr = errbuf; - debug_decl(set_perms, SUDOERS_DEBUG_PERMS) + debug_decl(set_perms, SUDOERS_DEBUG_PERMS); if (perm_stack_depth == PERM_STACK_MAX) { errstr = N_("perm stack overflow"); @@ -1459,31 +1361,6 @@ goto bad; } break; - - case PERM_IOLOG: - state->gidlist = ostate->gidlist; - sudo_gidlist_addref(state->gidlist); - state->rgid = ostate->rgid; - state->egid = iolog_gid; - state->ruid = ROOT_UID; - state->euid = iolog_uid; - sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_IOLOG: gid: " - "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, - (int)ostate->egid, (int)state->rgid, (int)state->egid); - if (GID_CHANGED && setegid(iolog_gid)) { - (void)snprintf(errbuf, sizeof(errbuf), - "PERM_IOLOG: setegid(%d)", (int)iolog_gid); - goto bad; - } - sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_IOLOG: uid: " - "[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid, - (int)ostate->euid, (int)state->ruid, (int)state->euid); - if (seteuid(timestamp_uid)) { - (void)snprintf(errbuf, sizeof(errbuf), - "PERM_IOLOG: seteuid(%d)", (int)timestamp_uid); - goto bad; - } - break; } perm_stack_depth++; @@ -1500,7 +1377,7 @@ restore_perms(void) { struct perm_state *state, *ostate; - debug_decl(restore_perms, SUDOERS_DEBUG_PERMS) + debug_decl(restore_perms, SUDOERS_DEBUG_PERMS); if (perm_stack_depth < 2) { sudo_warnx(U_("perm stack underflow")); @@ -1524,11 +1401,11 @@ * real and effective uids to ROOT_UID initially to be safe. */ if (seteuid(ROOT_UID)) { - sudo_warnx("seteuid() [%d] -> [%d]", (int)state->euid, ROOT_UID); + sudo_warn("seteuid() [%d] -> [%d]", (int)state->euid, ROOT_UID); goto bad; } if (setuid(ROOT_UID)) { - sudo_warnx("setuid() [%d, %d] -> [%d, %d]", (int)state->ruid, ROOT_UID, + sudo_warn("setuid() [%d, %d] -> [%d, %d]", (int)state->ruid, ROOT_UID, ROOT_UID, ROOT_UID); goto bad; } @@ -1567,7 +1444,7 @@ struct perm_state *state, *ostate = NULL; char errbuf[1024]; const char *errstr = errbuf; - debug_decl(set_perms, SUDOERS_DEBUG_PERMS) + debug_decl(set_perms, SUDOERS_DEBUG_PERMS); if (perm_stack_depth == PERM_STACK_MAX) { errstr = N_("perm stack overflow"); @@ -1643,7 +1520,6 @@ case PERM_SUDOERS: case PERM_RUNAS: case PERM_TIMESTAMP: - case PERM_IOLOG: /* Unsupported since we can't set euid. */ state->ruid = ostate->ruid; state->rgid = ostate->rgid; @@ -1662,11 +1538,11 @@ debug_return_bool(false); } -boll +bool restore_perms(void) { struct perm_state *state, *ostate; - debug_decl(restore_perms, SUDOERS_DEBUG_PERMS) + debug_decl(restore_perms, SUDOERS_DEBUG_PERMS); if (perm_stack_depth < 2) { sudo_warnx(U_("perm stack underflow")); @@ -1709,7 +1585,7 @@ runas_setgroups(void) { struct gid_list *gidlist; - debug_decl(runas_setgroups, SUDOERS_DEBUG_PERMS) + debug_decl(runas_setgroups, SUDOERS_DEBUG_PERMS); gidlist = runas_getgroups(); if (gidlist != NULL && !def_preserve_groups) { diff -Nru sudo-1.8.31/plugins/sudoers/sssd.c sudo-1.9.0/plugins/sudoers/sssd.c --- sudo-1.8.31/plugins/sudoers/sssd.c 2019-12-04 19:41:47.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/sssd.c 2020-05-11 16:28:23.000000000 +0000 @@ -108,7 +108,7 @@ int ret = false; ssize_t len; FILE *fp; - debug_decl(get_ipa_hostname, SUDOERS_DEBUG_SSSD) + debug_decl(get_ipa_hostname, SUDOERS_DEBUG_SSSD); fp = fopen(_PATH_SSSD_CONF, "r"); if (fp != NULL) { @@ -247,7 +247,7 @@ struct userspec *us; struct member *m; unsigned int i; - debug_decl(sss_to_sudoers, SUDOERS_DEBUG_SSSD) + debug_decl(sss_to_sudoers, SUDOERS_DEBUG_SSSD); /* We only have a single userspec */ if ((us = calloc(1, sizeof(*us))) == NULL) diff -Nru sudo-1.8.31/plugins/sudoers/starttime.c sudo-1.9.0/plugins/sudoers/starttime.c --- sudo-1.8.31/plugins/sudoers/starttime.c 2019-12-25 19:19:10.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/starttime.c 2020-05-11 16:28:23.000000000 +0000 @@ -92,7 +92,7 @@ struct sudo_kinfo_proc *ki_proc = NULL; size_t size = sizeof(*ki_proc); int mib[6], rc; - debug_decl(get_starttime, SUDOERS_DEBUG_UTIL) + debug_decl(get_starttime, SUDOERS_DEBUG_UTIL); /* * Lookup start time for pid via sysctl. @@ -145,7 +145,7 @@ char path[PATH_MAX]; ssize_t nread; int fd, ret = -1; - debug_decl(get_starttime, SUDOERS_DEBUG_UTIL) + debug_decl(get_starttime, SUDOERS_DEBUG_UTIL); /* Determine the start time from pr_start in /proc/pid/psinfo. */ (void)snprintf(path, sizeof(path), "/proc/%u/psinfo", (unsigned int)pid); @@ -178,7 +178,7 @@ int ret = -1; int fd = -1; long tps; - debug_decl(get_starttime, SUDOERS_DEBUG_UTIL) + debug_decl(get_starttime, SUDOERS_DEBUG_UTIL); /* * Start time is in ticks per second on Linux. @@ -275,7 +275,7 @@ { struct pst_status pstat; int rc; - debug_decl(get_starttime, SUDOERS_DEBUG_UTIL) + debug_decl(get_starttime, SUDOERS_DEBUG_UTIL); /* * Determine the start time from pst_start in struct pst_status. @@ -302,7 +302,7 @@ int get_starttime(pid_t pid, struct timespec *starttime) { - debug_decl(get_starttime, SUDOERS_DEBUG_UTIL) + debug_decl(get_starttime, SUDOERS_DEBUG_UTIL); sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, "process start time not supported by sudo on this system"); diff -Nru sudo-1.8.31/plugins/sudoers/strlist.c sudo-1.9.0/plugins/sudoers/strlist.c --- sudo-1.8.31/plugins/sudoers/strlist.c 2019-10-28 12:27:39.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/strlist.c 2020-05-11 16:28:23.000000000 +0000 @@ -43,7 +43,7 @@ sudoers_string_alloc(const char *s) { struct sudoers_string *cs; - debug_decl(sudoers_string_alloc, SUDOERS_DEBUG_UTIL) + debug_decl(sudoers_string_alloc, SUDOERS_DEBUG_UTIL); if ((cs = malloc(sizeof(*cs))) != NULL) { if ((cs->str = strdup(s)) == NULL) { @@ -68,7 +68,7 @@ str_list_alloc(void) { struct sudoers_str_list *strlist; - debug_decl(str_list_alloc, SUDOERS_DEBUG_UTIL) + debug_decl(str_list_alloc, SUDOERS_DEBUG_UTIL); strlist = malloc(sizeof(*strlist)); if (strlist != NULL) { @@ -84,7 +84,7 @@ { struct sudoers_str_list *strlist = v; struct sudoers_string *first; - debug_decl(str_list_free, SUDOERS_DEBUG_UTIL) + debug_decl(str_list_free, SUDOERS_DEBUG_UTIL); if (strlist != NULL) { if (--strlist->refcnt == 0) { diff -Nru sudo-1.8.31/plugins/sudoers/stubs.c sudo-1.9.0/plugins/sudoers/stubs.c --- sudo-1.8.31/plugins/sudoers/stubs.c 2019-10-28 12:27:39.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/stubs.c 2020-05-11 16:28:23.000000000 +0000 @@ -94,7 +94,7 @@ get_hostname(void) { char *cp; - debug_decl(get_hostname, SUDOERS_DEBUG_UTIL) + debug_decl(get_hostname, SUDOERS_DEBUG_UTIL); if ((user_host = sudo_gethostname()) != NULL) { if ((cp = strchr(user_host, '.'))) { diff -Nru sudo-1.8.31/plugins/sudoers/sudoers.c sudo-1.9.0/plugins/sudoers/sudoers.c --- sudo-1.8.31/plugins/sudoers/sudoers.c 2019-12-18 16:45:50.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/sudoers.c 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1993-1996, 1998-2019 Todd C. Miller + * Copyright (c) 1993-1996, 1998-2020 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -68,6 +68,7 @@ #include "sudoers.h" #include "parse.h" #include "auth/sudo_auth.h" +#include "sudo_iolog.h" #ifndef HAVE_GETADDRINFO # include "compat/getaddrinfo.h" @@ -116,6 +117,12 @@ int NewArgc; char **NewArgv; +#ifdef SUDOERS_IOLOG_CLIENT +# define remote_iologs (!SLIST_EMPTY(&def_log_servers)) +#else +# define remote_iologs 0 +#endif + /* * Unlimit the number of processes since Linux's setuid() will * apply resource limits when changing uid and return EAGAIN if @@ -126,7 +133,7 @@ { #ifdef __linux__ struct rlimit rl; - debug_decl(unlimit_nproc, SUDOERS_DEBUG_UTIL) + debug_decl(unlimit_nproc, SUDOERS_DEBUG_UTIL); if (getrlimit(RLIMIT_NPROC, &nproclimit) != 0) sudo_warn("getrlimit(RLIMIT_NPROC)"); @@ -147,7 +154,7 @@ restore_nproc(void) { #ifdef __linux__ - debug_decl(restore_nproc, SUDOERS_DEBUG_UTIL) + debug_decl(restore_nproc, SUDOERS_DEBUG_UTIL); if (setrlimit(RLIMIT_NPROC, &nproclimit) != 0) sudo_warn("setrlimit(RLIMIT_NPROC)"); @@ -162,7 +169,7 @@ struct sudo_nss *nss, *nss_next; int oldlocale, sources = 0; int ret = -1; - debug_decl(sudoers_policy_init, SUDOERS_DEBUG_PLUGIN) + debug_decl(sudoers_policy_init, SUDOERS_DEBUG_PLUGIN); bindtextdomain("sudoers", LOCALEDIR); @@ -234,17 +241,55 @@ debug_return_int(ret); } +/* + * Expand I/O log dir and file into a full path. + * Returns the full I/O log path prefixed with "iolog_path=". + * Sets sudo_user.iolog_file as a side effect. + */ +static char * +format_iolog_path(void) +{ + char dir[PATH_MAX], file[PATH_MAX]; + char *iolog_path = NULL; + int oldlocale; + bool ok; + debug_decl(format_iolog_path, SUDOERS_DEBUG_PLUGIN); + + /* Use sudoers locale for strftime() */ + sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); + ok = expand_iolog_path(def_iolog_dir, dir, sizeof(dir), + &sudoers_iolog_path_escapes[1], NULL); + if (ok) { + ok = expand_iolog_path(def_iolog_file, file, sizeof(file), + &sudoers_iolog_path_escapes[0], dir); + } + sudoers_setlocale(oldlocale, NULL); + if (!ok) + goto done; + + if (asprintf(&iolog_path, "iolog_path=%s/%s", dir, file) == -1) { + iolog_path = NULL; + goto done; + } + + /* Stash pointer to the I/O log file for use when logging. */ + sudo_user.iolog_file = + iolog_path + sizeof("iolog_path=") - 1 + strlen(dir) + 1; + +done: + debug_return_str(iolog_path); +} + int sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], bool verbose, void *closure) { - char **edit_argv = NULL; char *iolog_path = NULL; mode_t cmnd_umask = ACCESSPERMS; struct sudo_nss *nss; int cmnd_status = -1, oldlocale, validated; int ret = -1; - debug_decl(sudoers_policy_main, SUDOERS_DEBUG_PLUGIN) + debug_decl(sudoers_policy_main, SUDOERS_DEBUG_PLUGIN); sudo_warn_set_locale_func(sudoers_warn_setlocale); @@ -252,7 +297,7 @@ /* Is root even allowed to run sudo? */ if (user_uid == 0 && !def_root_sudo) { - /* Not an audit event. */ + /* Not an audit event (should it be?). */ sudo_warnx(U_("sudoers specifies that root is not allowed to sudo")); goto bad; } @@ -275,6 +320,7 @@ sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto done; } + sudoers_gc_add(GC_VECTOR, NewArgv); NewArgv[0] = user_cmnd; NewArgv[1] = NULL; } else { @@ -285,6 +331,7 @@ sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto done; } + sudoers_gc_add(GC_VECTOR, NewArgv); NewArgv++; /* reserve an extra slot for --login */ memcpy(NewArgv, argv, argc * sizeof(char *)); NewArgv[NewArgc] = NULL; @@ -292,9 +339,9 @@ NewArgv[0] = strdup(runas_pw->pw_shell); if (NewArgv[0] == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - free(NewArgv); goto done; } + sudoers_gc_add(GC_PTR, NewArgv[0]); } } @@ -310,7 +357,8 @@ /* Check for -C overriding def_closefrom. */ if (user_closefrom >= 0 && user_closefrom != def_closefrom) { if (!def_closefrom_override) { - /* XXX - audit? */ + audit_failure(NewArgc, NewArgv, + N_("user not allowed to override closefrom limit")); sudo_warnx(U_("you are not permitted to use the -C option")); goto bad; } @@ -373,6 +421,7 @@ timestamp_gid = pw->pw_gid; sudo_pw_delref(pw); } else { + /* XXX - audit too? */ log_warningx(SLOG_SEND_MAIL, N_("timestamp owner (%s): No such user"), def_timestampowner); timestamp_uid = ROOT_UID; @@ -396,6 +445,8 @@ /* Check runas user's shell. */ if (!check_user_shell(runas_pw)) { + audit_failure(NewArgc, NewArgv, N_("invalid shell for user %s: %s"), + runas_pw->pw_name, runas_pw->pw_shell); log_warningx(SLOG_RAW_MSG, N_("invalid shell for user %s: %s"), runas_pw->pw_name, runas_pw->pw_shell); goto bad; @@ -477,7 +528,8 @@ /* If user specified a timeout make sure sudoers allows it. */ if (!def_user_command_timeouts && user_timeout > 0) { - /* XXX - audit/log? */ + audit_failure(NewArgc, NewArgv, + N_("user not allowed to set a command timeout")); sudo_warnx(U_("sorry, you are not allowed set a command timeout")); goto bad; } @@ -485,7 +537,8 @@ /* If user specified env vars make sure sudoers allows it. */ if (ISSET(sudo_mode, MODE_RUN) && !def_setenv) { if (ISSET(sudo_mode, MODE_PRESERVE_ENV)) { - /* XXX - audit/log? */ + audit_failure(NewArgc, NewArgv, + N_("user not allowed to set a preserve the environment")); sudo_warnx(U_("sorry, you are not allowed to preserve the environment")); goto bad; } else { @@ -494,19 +547,14 @@ } } - if (ISSET(sudo_mode, (MODE_RUN | MODE_EDIT))) { + if (ISSET(sudo_mode, (MODE_RUN | MODE_EDIT)) && !remote_iologs) { if ((def_log_input || def_log_output) && def_iolog_file && def_iolog_dir) { - const char prefix[] = "iolog_path="; - iolog_path = expand_iolog_path(prefix, def_iolog_dir, - def_iolog_file, &sudo_user.iolog_file); - if (iolog_path == NULL) { + if ((iolog_path = format_iolog_path()) == NULL) { if (!def_ignore_iolog_errors) goto done; /* Unable to expand I/O log path, disable I/O logging. */ def_log_input = false; def_log_output = false; - } else { - sudo_user.iolog_file++; } } } @@ -522,12 +570,10 @@ ret = display_privs(snl, list_pw ? list_pw : sudo_user.pw, verbose); break; case MODE_VALIDATE: - /* Nothing to do. */ - ret = true; - break; case MODE_RUN: case MODE_EDIT: - /* ret set by sudoers_policy_exec_setup() below. */ + /* ret may be overridden by "goto bad" later */ + ret = true; break; default: /* Should not happen. */ @@ -616,6 +662,7 @@ /* Note: must call audit before uid change. */ if (ISSET(sudo_mode, MODE_EDIT)) { + char **edit_argv; int edit_argc; const char *env_editor; @@ -631,7 +678,10 @@ env_editor ? env_editor : def_editor); goto bad; } - if (audit_success(edit_argc, edit_argv) != 0 && !def_ignore_audit_errors) + sudoers_gc_add(GC_VECTOR, edit_argv); + NewArgv = edit_argv; + NewArgc = edit_argc; + if (audit_success(NewArgc, NewArgv) != 0 && !def_ignore_audit_errors) goto done; /* We want to run the editor with the unmodified environment. */ @@ -641,19 +691,22 @@ goto done; } - /* Setup execution environment to pass back to front-end. */ - ret = sudoers_policy_exec_setup(edit_argv ? edit_argv : NewArgv, - env_get(), cmnd_umask, iolog_path, closure); - - /* Zero out stashed copy of environment, it is owned by the front-end. */ - (void)env_init(NULL); - goto done; bad: ret = false; done: + /* Setup execution environment to pass back to front-end. */ + if (ret != -1) { + if (!sudoers_policy_exec_setup(NewArgv, env_get(), cmnd_umask, + iolog_path, closure)) + ret = -1; + } + + /* Zero out stashed copy of environment, it is owned by the front-end. */ + (void)env_init(NULL); + if (!rewind_perms()) ret = -1; @@ -676,7 +729,7 @@ { char * const * ep; bool unknown_user = false; - debug_decl(init_vars, SUDOERS_DEBUG_PLUGIN) + debug_decl(init_vars, SUDOERS_DEBUG_PLUGIN); if (!sudoers_initlocale(setlocale(LC_ALL, NULL), def_sudoers_locale)) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); @@ -803,7 +856,7 @@ struct sudo_nss *nss; char *path = user_path; int ret = FOUND; - debug_decl(set_cmnd, SUDOERS_DEBUG_PLUGIN) + debug_decl(set_cmnd, SUDOERS_DEBUG_PLUGIN); /* Allocate user_stat for find_path() and match functions. */ user_stat = calloc(1, sizeof(struct stat)); @@ -836,8 +889,9 @@ debug_return_int(-1); } if (ret == NOT_FOUND_ERROR) { - if (errno == ENAMETOOLONG) + if (errno == ENAMETOOLONG) { audit_failure(NewArgc, NewArgv, N_("command too long")); + } log_warning(0, "%s", NewArgv[0]); debug_return_int(ret); } @@ -918,7 +972,7 @@ struct stat sb; FILE *fp = NULL; bool perm_root = false; - debug_decl(open_sudoers, SUDOERS_DEBUG_PLUGIN) + debug_decl(open_sudoers, SUDOERS_DEBUG_PLUGIN); if (!set_perms(PERM_SUDOERS)) debug_return_ptr(NULL); @@ -1015,7 +1069,7 @@ const int errflags = SLOG_RAW_MSG; login_cap_t *lc; bool ret = true; - debug_decl(set_loginclass, SUDOERS_DEBUG_PLUGIN) + debug_decl(set_loginclass, SUDOERS_DEBUG_PLUGIN); if (!def_use_loginclass) goto done; @@ -1074,7 +1128,7 @@ struct addrinfo *res0, hint; char *cp, *lname, *sname; int ret; - debug_decl(resolve_host, SUDOERS_DEBUG_PLUGIN) + debug_decl(resolve_host, SUDOERS_DEBUG_PLUGIN); memset(&hint, 0, sizeof(hint)); hint.ai_family = PF_UNSPEC; @@ -1111,8 +1165,9 @@ cb_fqdn(const union sudo_defs_val *sd_un) { bool remote; + int rc; char *lhost, *shost; - debug_decl(cb_fqdn, SUDOERS_DEBUG_PLUGIN) + debug_decl(cb_fqdn, SUDOERS_DEBUG_PLUGIN); /* Nothing to do if fqdn flag is disabled. */ if (sd_un != NULL && !sd_un->flag) @@ -1123,8 +1178,7 @@ /* First resolve user_host, setting user_host and user_shost. */ if (resolve_host(user_host, &lhost, &shost) != 0) { - int rc = resolve_host(user_runhost, &lhost, &shost); - if (rc != 0) { + if ((rc = resolve_host(user_runhost, &lhost, &shost)) != 0) { gai_log_warning(SLOG_SEND_MAIL|SLOG_RAW_MSG, rc, N_("unable to resolve host %s"), user_host); debug_return_bool(false); @@ -1139,8 +1193,10 @@ /* Next resolve user_runhost, setting user_runhost and user_srunhost. */ lhost = shost = NULL; if (remote) { - if (!resolve_host(user_runhost, &lhost, &shost)) { - sudo_warnx(U_("unable to resolve host %s"), user_runhost); + if ((rc = resolve_host(user_runhost, &lhost, &shost)) != 0) { + gai_log_warning(SLOG_NO_LOG|SLOG_RAW_MSG, rc, + N_("unable to resolve host %s"), user_runhost); + debug_return_bool(false); } } else { /* Not remote, just use user_host. */ @@ -1180,7 +1236,7 @@ set_runaspw(const char *user, bool quiet) { struct passwd *pw = NULL; - debug_decl(set_runaspw, SUDOERS_DEBUG_PLUGIN) + debug_decl(set_runaspw, SUDOERS_DEBUG_PLUGIN); unknown_runas_uid = false; if (*user == '#') { @@ -1214,7 +1270,7 @@ set_runasgr(const char *group, bool quiet) { struct group *gr = NULL; - debug_decl(set_runasgr, SUDOERS_DEBUG_PLUGIN) + debug_decl(set_runasgr, SUDOERS_DEBUG_PLUGIN); unknown_runas_gid = false; if (*group == '#') { @@ -1246,7 +1302,7 @@ static bool cb_runas_default(const union sudo_defs_val *sd_un) { - debug_decl(cb_runas_default, SUDOERS_DEBUG_PLUGIN) + debug_decl(cb_runas_default, SUDOERS_DEBUG_PLUGIN); /* Only reset runaspw if user didn't specify one. */ if (!runas_user && !runas_group) @@ -1260,7 +1316,7 @@ static bool cb_tty_tickets(const union sudo_defs_val *sd_un) { - debug_decl(cb_tty_tickets, SUDOERS_DEBUG_PLUGIN) + debug_decl(cb_tty_tickets, SUDOERS_DEBUG_PLUGIN); /* Convert tty_tickets -> timestamp_type */ if (sd_un->flag) @@ -1276,7 +1332,7 @@ static bool cb_umask(const union sudo_defs_val *sd_un) { - debug_decl(cb_umask, SUDOERS_DEBUG_PLUGIN) + debug_decl(cb_umask, SUDOERS_DEBUG_PLUGIN); /* Force umask if explicitly set in sudoers. */ force_umask = sd_un->mode != ACCESSPERMS; @@ -1291,7 +1347,7 @@ sudoers_cleanup(void) { struct sudo_nss *nss; - debug_decl(sudoers_cleanup, SUDOERS_DEBUG_PLUGIN) + debug_decl(sudoers_cleanup, SUDOERS_DEBUG_PLUGIN); if (snl != NULL) { TAILQ_FOREACH(nss, snl, entries) { @@ -1312,7 +1368,7 @@ { char flagfile[PATH_MAX]; int len, ret = -1; - debug_decl(create_admin_success_flag, SUDOERS_DEBUG_PLUGIN) + debug_decl(create_admin_success_flag, SUDOERS_DEBUG_PLUGIN); /* Check whether the user is in the sudo or admin group. */ if (!user_in_group(sudo_user.pw, "sudo") && @@ -1348,7 +1404,7 @@ static bool tty_present(void) { - debug_decl(tty_present, SUDOERS_DEBUG_PLUGIN) + debug_decl(tty_present, SUDOERS_DEBUG_PLUGIN); if (user_ttypath == NULL) { int fd = open(_PATH_TTY, O_RDWR); diff -Nru sudo-1.8.31/plugins/sudoers/sudoers_debug.c sudo-1.9.0/plugins/sudoers/sudoers_debug.c --- sudo-1.8.31/plugins/sudoers/sudoers_debug.c 2019-10-28 12:27:39.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/sudoers_debug.c 2020-05-11 16:28:23.000000000 +0000 @@ -43,6 +43,7 @@ #include "sudoers.h" static int sudoers_debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER; +static unsigned int sudoers_debug_refcnt; static const char *const sudoers_subsystem_names[] = { "alias", @@ -79,40 +80,11 @@ sudoers_debug_parse_flags(struct sudo_conf_debug_file_list *debug_files, const char *entry) { - struct sudo_debug_file *debug_file; - const char *filename, *flags; - size_t namelen; - /* Already initialized? */ if (sudoers_debug_instance != SUDO_DEBUG_INSTANCE_INITIALIZER) return true; - /* Only process new-style debug flags: filename flags,... */ - filename = entry; - if (*filename != '/' || (flags = strpbrk(filename, " \t")) == NULL) - return true; - namelen = (size_t)(flags - filename); - while (isblank((unsigned char)*flags)) - flags++; - if (*flags != '\0') { - if ((debug_file = calloc(1, sizeof(*debug_file))) == NULL) - goto oom; - if ((debug_file->debug_file = strndup(filename, namelen)) == NULL) - goto oom; - if ((debug_file->debug_flags = strdup(flags)) == NULL) - goto oom; - TAILQ_INSERT_TAIL(debug_files, debug_file, entries); - } - return true; -oom: - if (debug_file != NULL) { - free(debug_file->debug_file); - free(debug_file->debug_flags); - free(debug_file); - } - sudo_warnx_nodebug(U_("%s: %s"), "sudoers_debug_parse_flags", - U_("unable to allocate memory")); - return false; + return sudo_debug_parse_flags(debug_files, entry) != -1; } /* @@ -124,20 +96,14 @@ sudoers_debug_register(const char *program, struct sudo_conf_debug_file_list *debug_files) { + int instance = sudoers_debug_instance; struct sudo_debug_file *debug_file, *debug_next; - /* Already initialized? */ - if (sudoers_debug_instance != SUDO_DEBUG_INSTANCE_INITIALIZER) { - sudo_debug_set_active_instance(sudoers_debug_instance); - } - /* Setup debugging if indicated. */ if (debug_files != NULL && !TAILQ_EMPTY(debug_files)) { if (program != NULL) { - sudoers_debug_instance = sudo_debug_register(program, - sudoers_subsystem_names, sudoers_subsystem_ids, debug_files); - if (sudoers_debug_instance == SUDO_DEBUG_INSTANCE_ERROR) - return false; + instance = sudo_debug_register(program, sudoers_subsystem_names, + sudoers_subsystem_ids, debug_files); } TAILQ_FOREACH_SAFE(debug_file, debug_files, entries, debug_next) { TAILQ_REMOVE(debug_files, debug_file, entries); @@ -146,6 +112,21 @@ free(debug_file); } } + + switch (instance) { + case SUDO_DEBUG_INSTANCE_ERROR: + return false; + case SUDO_DEBUG_INSTANCE_INITIALIZER: + /* Nothing to do */ + break; + default: + /* New debug instance or additional reference on existing one. */ + sudoers_debug_instance = instance; + sudo_debug_set_active_instance(sudoers_debug_instance); + sudoers_debug_refcnt++; + break; + } + return true; } @@ -155,10 +136,13 @@ void sudoers_debug_deregister(void) { - debug_decl(sudoers_debug_deregister, SUDOERS_DEBUG_PLUGIN) - if (sudoers_debug_instance != SUDO_DEBUG_INSTANCE_INITIALIZER) { + debug_decl(sudoers_debug_deregister, SUDOERS_DEBUG_PLUGIN); + + if (sudoers_debug_refcnt != 0) { sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys); - sudo_debug_deregister(sudoers_debug_instance); - sudoers_debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER; + if (--sudoers_debug_refcnt == 0) { + if (sudo_debug_deregister(sudoers_debug_instance) < 1) + sudoers_debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER; + } } } diff -Nru sudo-1.8.31/plugins/sudoers/sudoers.h sudo-1.9.0/plugins/sudoers/sudoers.h --- sudo-1.8.31/plugins/sudoers/sudoers.h 2019-12-10 13:09:55.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/sudoers.h 2020-05-11 16:28:23.000000000 +0000 @@ -237,13 +237,6 @@ # define SUDOERS_MODE 0600 #endif -#ifdef __TANDEM -# define ROOT_UID 65535 -#else -# define ROOT_UID 0 -#endif -#define ROOT_GID 0 - struct sudo_lbuf; struct passwd; struct stat; @@ -279,7 +272,7 @@ int sudo_auth_end_session(struct passwd *pw); int sudo_auth_init(struct passwd *pw); int sudo_auth_approval(struct passwd *pw, int validated, bool exempt); -int sudo_auth_cleanup(struct passwd *pw); +int sudo_auth_cleanup(struct passwd *pw, bool force); /* set_perms.c */ bool rewind_perms(void); @@ -352,17 +345,14 @@ bool get_boottime(struct timespec *); /* iolog.c */ -bool io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7]); bool cb_maxseq(const union sudo_defs_val *sd_un); bool cb_iolog_user(const union sudo_defs_val *sd_un); bool cb_iolog_group(const union sudo_defs_val *sd_un); bool cb_iolog_mode(const union sudo_defs_val *sd_un); -extern uid_t iolog_uid; -extern gid_t iolog_gid; -/* iolog_path.c */ -char *expand_iolog_path(const char *prefix, const char *dir, const char *file, - char **slashp); +/* iolog_path_escapes.c */ +struct iolog_path_escape; +extern const struct iolog_path_escape *sudoers_iolog_path_escapes; /* env.c */ char **env_get(void); @@ -407,7 +397,7 @@ /* policy.c */ int sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group); -int sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask, char *iolog_path, void *v); +bool sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask, char *iolog_path, void *v); extern const char *path_ldap_conf; extern const char *path_ldap_secret; @@ -423,9 +413,6 @@ char *find_editor(int nfiles, char **files, int *argc_out, char ***argv_out, char * const *whitelist, const char **env_editor, bool env_error); -/* mkdir_parents.c */ -bool sudo_mkdir_parents(char *path, uid_t uid, gid_t gid, mode_t mode, bool quiet); - /* gc.c */ enum sudoers_gc_types { GC_UNKNOWN, diff -Nru sudo-1.8.31/plugins/sudoers/sudoers_version.h sudo-1.9.0/plugins/sudoers/sudoers_version.h --- sudo-1.8.31/plugins/sudoers/sudoers_version.h 2019-10-28 12:27:39.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/sudoers_version.h 2020-05-11 16:28:23.000000000 +0000 @@ -67,11 +67,12 @@ * 44 sudo 1.8.13, added MAIL/NOMAIL tags. * 45 sudo 1.8.15, added FOLLOW/NOFOLLOW tags as well as sudoedit_follow and sudoedit_checkdir Defaults. * 46 sudo 1.8.20, added TIMEOUT, NOTBEFORE and NOTAFTER options. + * 47 sudo 1.9.0, Cmd_Alias treated as Cmnd_Alias, support for multiple digests per command and for ALL. */ #ifndef SUDOERS_VERSION_H #define SUDOERS_VERSION_H -#define SUDOERS_GRAMMAR_VERSION 46 +#define SUDOERS_GRAMMAR_VERSION 47 #endif /* SUDOERS_VERSION_H */ diff -Nru sudo-1.8.31/plugins/sudoers/sudo_ldap.h sudo-1.9.0/plugins/sudoers/sudo_ldap.h --- sudo-1.8.31/plugins/sudoers/sudo_ldap.h 2019-10-28 12:27:39.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/sudo_ldap.h 2020-05-11 16:28:23.000000000 +0000 @@ -27,6 +27,5 @@ bool sudo_ldap_add_default(const char *var, const char *val, int op, char *source, struct defaults_list *defs); int sudo_ldap_parse_option(char *optstr, char **varp, char **valp); struct privilege *sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers, void *runasgroups, void *cmnds, void *opts, const char *notbefore, const char *notafter, bool warnings, bool store_options, sudo_ldap_iter_t iter); -struct command_digest *sudo_ldap_extract_digest(char **cmnd, struct command_digest *digest); #endif /* SUDOERS_LDAP_H */ diff -Nru sudo-1.8.31/plugins/sudoers/sudo_nss.c sudo-1.9.0/plugins/sudoers/sudo_nss.c --- sudo-1.8.31/plugins/sudoers/sudo_nss.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/sudo_nss.c 2020-05-11 16:28:23.000000000 +0000 @@ -77,7 +77,7 @@ bool saw_files = false; bool got_match = false; static struct sudo_nss_list snl = TAILQ_HEAD_INITIALIZER(snl); - debug_decl(sudo_read_nss, SUDOERS_DEBUG_NSS) + debug_decl(sudo_read_nss, SUDOERS_DEBUG_NSS); if ((fp = fopen(_PATH_NSSWITCH_CONF, "r")) == NULL) goto nomatch; @@ -157,7 +157,7 @@ bool saw_ldap = false; bool got_match = false; static struct sudo_nss_list snl = TAILQ_HEAD_INITIALIZER(snl); - debug_decl(sudo_read_nss, SUDOERS_DEBUG_NSS) + debug_decl(sudo_read_nss, SUDOERS_DEBUG_NSS); if ((fp = fopen(_PATH_NETSVC_CONF, "r")) == NULL) goto nomatch; @@ -238,7 +238,7 @@ sudo_read_nss(void) { static struct sudo_nss_list snl = TAILQ_HEAD_INITIALIZER(snl); - debug_decl(sudo_read_nss, SUDOERS_DEBUG_NSS) + debug_decl(sudo_read_nss, SUDOERS_DEBUG_NSS); # ifdef HAVE_SSSD TAILQ_INSERT_TAIL(&snl, &sudo_nss_sss, entries); @@ -258,7 +258,7 @@ bool sudo_nss_can_continue(struct sudo_nss *nss, int match) { - debug_decl(sudo_nss_should_continue, SUDOERS_DEBUG_NSS) + debug_decl(sudo_nss_should_continue, SUDOERS_DEBUG_NSS); /* Handle [NOTFOUND=return] */ if (nss->ret_if_notfound && match == UNSPEC) diff -Nru sudo-1.8.31/plugins/sudoers/sudoreplay.c sudo-1.9.0/plugins/sudoers/sudoreplay.c --- sudo-1.8.31/plugins/sudoers/sudoreplay.c 2019-10-28 12:27:46.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/sudoreplay.c 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2009-2019 Todd C. Miller + * Copyright (c) 2009-2020 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -55,7 +55,6 @@ #endif /* HAVE_STDBOOL_H */ #include #include -#include #include @@ -64,8 +63,7 @@ #include "sudo_compat.h" #include "sudo_fatal.h" #include "logging.h" -#include "iolog.h" -#include "iolog_files.h" +#include "sudo_iolog.h" #include "sudo_queue.h" #include "sudo_plugin.h" #include "sudo_conf.h" @@ -80,6 +78,7 @@ #endif /* HAVE_GETOPT_LONG */ struct replay_closure { + const char *iolog_dir; struct sudo_event_base *evbase; struct sudo_event *delay_ev; struct sudo_event *keyboard_ev; @@ -89,7 +88,9 @@ struct sudo_event *sigquit_ev; struct sudo_event *sigterm_ev; struct sudo_event *sigtstp_ev; + struct timespec *max_delay; struct timing_closure timing; + int iolog_dir_fd; bool interactive; bool suspend_wait; struct io_buffer { @@ -117,13 +118,15 @@ #define ST_FROMDATE 7 #define ST_TODATE 8 #define ST_CWD 9 +#define ST_HOST 10 char type; bool negated; bool or; union { regex_t cmdre; - time_t tstamp; + struct timespec tstamp; char *cwd; + char *host; char *tty; char *user; char *runas_group; @@ -141,10 +144,19 @@ static bool terminal_can_resize, terminal_was_resized; -static int terminal_rows, terminal_cols; +static int terminal_lines, terminal_cols; static int ttyfd = -1; +static struct iolog_file iolog_files[] = { + { false }, /* IOFD_STDIN */ + { false }, /* IOFD_STDOUT */ + { false }, /* IOFD_STDERR */ + { false }, /* IOFD_TTYIN */ + { false }, /* IOFD_TTYOUT */ + { true, }, /* IOFD_TIMING */ +}; + static const char short_opts[] = "d:f:hlm:nRSs:V"; static struct option long_opts[] = { { "directory", required_argument, NULL, 'd' }, @@ -165,16 +177,17 @@ extern time_t get_date(char *); static int list_sessions(int, char **, const char *, const char *, const char *); -static int open_io_fd(char *path, int len, struct io_log_file *iol); static int parse_expr(struct search_node_list *, char **, bool); static void read_keyboard(int fd, int what, void *v); static void help(void) __attribute__((__noreturn__)); -static int replay_session(struct timespec *max_wait, const char *decimal, bool interactive, bool suspend_wait); +static int replay_session(int iolog_dir_fd, const char *iolog_dir, + struct timespec *max_wait, const char *decimal, bool interactive, + bool suspend_wait); static void sudoreplay_cleanup(void); static void usage(int); static void write_output(int fd, int what, void *v); static void restore_terminal_size(void); -static void setup_terminal(struct log_info *li, bool interactive, bool resize); +static void setup_terminal(struct iolog_info *li, bool interactive, bool resize); #define VALID_ID(s) (isalnum((unsigned char)(s)[0]) && \ isalnum((unsigned char)(s)[1]) && isalnum((unsigned char)(s)[2]) && \ @@ -187,23 +200,22 @@ isalnum((unsigned char)(s)[3]) && isalnum((unsigned char)(s)[4]) && \ (s)[5] == '/' && \ isalnum((unsigned char)(s)[6]) && isalnum((unsigned char)(s)[7]) && \ - (s)[8] == '/' && (s)[9] == 'l' && (s)[10] == 'o' && (s)[11] == 'g' && \ - (s)[12] == '\0') + (s)[8] == '\0') __dso_public int main(int argc, char *argv[]); int main(int argc, char *argv[]) { - int ch, i, plen, exitcode = 0; + int ch, i, iolog_dir_fd, len, exitcode = EXIT_FAILURE; bool def_filter = true, listonly = false; bool interactive = true, suspend_wait = false, resize = true; const char *decimal, *id, *user = NULL, *pattern = NULL, *tty = NULL; - char *cp, *ep, path[PATH_MAX]; - struct log_info *li; + char *cp, *ep, iolog_dir[PATH_MAX]; + struct iolog_info *li; struct timespec max_delay_storage, *max_delay = NULL; double dval; - debug_decl(main, SUDO_DEBUG_MAIN) + debug_decl(main, SUDO_DEBUG_MAIN); #if defined(SUDO_DEVEL) && defined(__OpenBSD__) { @@ -237,15 +249,15 @@ def_filter = false; for (cp = strtok_r(optarg, ",", &ep); cp; cp = strtok_r(NULL, ",", &ep)) { if (strcmp(cp, "stdin") == 0) - io_log_files[IOFD_STDIN].enabled = true; + iolog_files[IOFD_STDIN].enabled = true; else if (strcmp(cp, "stdout") == 0) - io_log_files[IOFD_STDOUT].enabled = true; + iolog_files[IOFD_STDOUT].enabled = true; else if (strcmp(cp, "stderr") == 0) - io_log_files[IOFD_STDERR].enabled = true; + iolog_files[IOFD_STDERR].enabled = true; else if (strcmp(cp, "ttyin") == 0) - io_log_files[IOFD_TTYIN].enabled = true; + iolog_files[IOFD_TTYIN].enabled = true; else if (strcmp(cp, "ttyout") == 0) - io_log_files[IOFD_TTYOUT].enabled = true; + iolog_files[IOFD_TTYOUT].enabled = true; else sudo_fatalx(U_("invalid filter option: %s"), optarg); } @@ -287,6 +299,7 @@ break; case 'V': (void) printf(_("%s version %s\n"), getprogname(), PACKAGE_VERSION); + exitcode = EXIT_SUCCESS; goto done; default: usage(1); @@ -307,42 +320,50 @@ /* By default we replay stdout, stderr and ttyout. */ if (def_filter) { - io_log_files[IOFD_STDOUT].enabled = true; - io_log_files[IOFD_STDERR].enabled = true; - io_log_files[IOFD_TTYOUT].enabled = true; + iolog_files[IOFD_STDOUT].enabled = true; + iolog_files[IOFD_STDERR].enabled = true; + iolog_files[IOFD_TTYOUT].enabled = true; } /* 6 digit ID in base 36, e.g. 01G712AB or free-form name */ id = argv[0]; if (VALID_ID(id)) { - plen = snprintf(path, sizeof(path), "%s/%.2s/%.2s/%.2s/timing", + len = snprintf(iolog_dir, sizeof(iolog_dir), "%s/%.2s/%.2s/%.2s", session_dir, id, &id[2], &id[4]); - if (plen < 0 || plen >= ssizeof(path)) - sudo_fatalx(U_("%s/%.2s/%.2s/%.2s/timing: %s"), session_dir, + if (len < 0 || len >= ssizeof(iolog_dir)) + sudo_fatalx(U_("%s/%.2s/%.2s/%.2s: %s"), session_dir, id, &id[2], &id[4], strerror(ENAMETOOLONG)); } else if (id[0] == '/') { - plen = snprintf(path, sizeof(path), "%s/timing", id); - if (plen < 0 || plen >= ssizeof(path)) + len = snprintf(iolog_dir, sizeof(iolog_dir), "%s", id); + if (len < 0 || len >= ssizeof(iolog_dir)) sudo_fatalx(U_("%s/timing: %s"), id, strerror(ENAMETOOLONG)); } else { - plen = snprintf(path, sizeof(path), "%s/%s/timing", session_dir, id); - if (plen < 0 || plen >= ssizeof(path)) - sudo_fatalx(U_("%s/%s/timing: %s"), session_dir, id, + len = snprintf(iolog_dir, sizeof(iolog_dir), "%s/%s", session_dir, id); + if (len < 0 || len >= ssizeof(iolog_dir)) { + sudo_fatalx(U_("%s/%s: %s"), session_dir, id, strerror(ENAMETOOLONG)); + } } - plen -= 7; /* Open files for replay, applying replay filter for the -f flag. */ + if ((iolog_dir_fd = iolog_openat(AT_FDCWD, iolog_dir, O_RDONLY)) == -1) + sudo_fatal("%s", iolog_dir); for (i = 0; i < IOFD_MAX; i++) { - if (open_io_fd(path, plen, &io_log_files[i]) == -1) - sudo_fatal(U_("unable to open %s"), path); + if (!iolog_open(&iolog_files[i], iolog_dir_fd, i, "r")) { + if (errno != ENOENT) { + sudo_fatal(U_("unable to open %s/%s"), iolog_dir, + iolog_fd_to_name(i)); + } + } + } + if (!iolog_files[IOFD_TIMING].enabled) { + sudo_fatal(U_("unable to open %s/%s"), iolog_dir, + iolog_fd_to_name(IOFD_TIMING)); } /* Parse log file. */ - path[plen] = '\0'; - strlcat(path, "/log", sizeof(path)); - if ((li = parse_logfile(path)) == NULL) - exit(1); + if ((li = iolog_parse_loginfo(iolog_dir_fd, iolog_dir)) == NULL) + goto done; printf(_("Replaying sudo session: %s"), li->cmd); /* Setup terminal if appropriate. */ @@ -353,69 +374,18 @@ putchar('\n'); /* Done with parsed log file. */ - free_log_info(li); + iolog_free_loginfo(li); li = NULL; - /* Replay session corresponding to io_log_files[]. */ - exitcode = replay_session(max_delay, decimal, interactive, suspend_wait); + /* Replay session corresponding to iolog_files[]. */ + exitcode = replay_session(iolog_dir_fd, iolog_dir, max_delay, decimal, + interactive, suspend_wait); restore_terminal_size(); sudo_term_restore(ttyfd, true); done: sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, exitcode); - exit(exitcode); -} - -/* - * Call gzread() or fread() for the I/O log file in question. - * Return 0 for EOF or -1 on error. - */ -static ssize_t -io_log_read(union io_fd ifd, char *buf, size_t nbytes) -{ - ssize_t nread; - debug_decl(io_log_read, SUDO_DEBUG_UTIL) - - if (nbytes > INT_MAX) { - errno = EINVAL; - debug_return_ssize_t(-1); - } -#ifdef HAVE_ZLIB_H - nread = gzread(ifd.g, buf, nbytes); -#else - nread = (ssize_t)fread(buf, 1, nbytes, ifd.f); - if (nread == 0 && ferror(ifd.f)) - nread = -1; -#endif - debug_return_ssize_t(nread); -} - -static int -io_log_eof(union io_fd ifd) -{ - int ret; - debug_decl(io_log_eof, SUDO_DEBUG_UTIL) - -#ifdef HAVE_ZLIB_H - ret = gzeof(ifd.g); -#else - ret = feof(ifd.f); -#endif - debug_return_int(ret); -} - -static char * -io_log_gets(union io_fd ifd, char *buf, size_t nbytes) -{ - char *str; - debug_decl(io_log_gets, SUDO_DEBUG_UTIL) - -#ifdef HAVE_ZLIB_H - str = gzgets(ifd.g, buf, nbytes); -#else - str = fgets(buf, nbytes, ifd.f); -#endif - debug_return_str(str); + return exitcode; } /* @@ -466,7 +436,7 @@ { struct getsize_closure *gc = v; unsigned char ch = '\0'; - debug_decl(getsize_cb, SUDO_DEBUG_UTIL) + debug_decl(getsize_cb, SUDO_DEBUG_UTIL); for (;;) { if (gc->cp[0] == '\0') { @@ -551,14 +521,14 @@ * Get the terminal size using vt100 terminal escapes. */ static bool -xterm_get_size(int *new_rows, int *new_cols) +xterm_get_size(int *new_lines, int *new_cols) { struct sudo_event_base *evbase; struct getsize_closure gc; const char getsize_request[] = "\0337\033[r\033[999;999H\033[6n"; const char getsize_response[] = "\033[%d;%dR"; bool ret = false; - debug_decl(xterm_get_size, SUDO_DEBUG_UTIL) + debug_decl(xterm_get_size, SUDO_DEBUG_UTIL); /* request the terminal's size */ if (write(ttyfd, getsize_request, strlen(getsize_request)) == -1) { @@ -569,7 +539,7 @@ /* * Callback info for reading back the size with a 10 second timeout. - * We expect two numbers (rows and cols). + * We expect two numbers (lines and cols). */ gc.state = INITIAL|READCHAR; gc.nums_depth = 0; @@ -594,7 +564,7 @@ if (gc.state == GOTSIZE) { sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "terminal size %d x %x", gc.nums[0], gc.nums[1]); - *new_rows = gc.nums[0]; + *new_lines = gc.nums[0]; *new_cols = gc.nums[1]; ret = true; } @@ -607,21 +577,21 @@ } /* - * Set the size of the text area to rows and cols. + * Set the size of the text area to lines and cols. * Depending on the terminal implementation, the window itself may * or may not shrink to a smaller size. */ static bool -xterm_set_size(int rows, int cols) +xterm_set_size(int lines, int cols) { const char setsize_fmt[] = "\033[8;%d;%dt"; - int len, new_rows, new_cols; + int len, new_lines, new_cols; bool ret = false; char buf[1024]; - debug_decl(xterm_set_size, SUDO_DEBUG_UTIL) + debug_decl(xterm_set_size, SUDO_DEBUG_UTIL); /* XXX - save cursor and position restore after resizing */ - len = snprintf(buf, sizeof(buf), setsize_fmt, rows, cols); + len = snprintf(buf, sizeof(buf), setsize_fmt, lines, cols); if (len < 0 || len >= ssizeof(buf)) { /* not possible due to size of buf */ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, @@ -634,9 +604,9 @@ goto done; } /* XXX - keyboard input will interfere with this */ - if (!xterm_get_size(&new_rows, &new_cols)) + if (!xterm_get_size(&new_lines, &new_cols)) goto done; - if (rows == new_rows && cols == new_cols) + if (lines == new_lines && cols == new_cols) ret = true; done: @@ -644,10 +614,10 @@ } static void -setup_terminal(struct log_info *li, bool interactive, bool resize) +setup_terminal(struct iolog_info *li, bool interactive, bool resize) { const char *term; - debug_decl(check_terminal, SUDO_DEBUG_UTIL) + debug_decl(check_terminal, SUDO_DEBUG_UTIL); fflush(stdout); @@ -662,7 +632,7 @@ } /* Find terminal size if the session has size info. */ - if (li->rows == 0 && li->cols == 0) { + if (li->lines == 0 && li->cols == 0) { /* no tty size info, hope for the best... */ debug_return; } @@ -675,7 +645,7 @@ for (tn = compatible_terms; tn->name != NULL; tn++) { if (strncmp(term, tn->name, tn->len) == 0) { /* xterm-like terminals can resize themselves. */ - if (xterm_get_size(&terminal_rows, &terminal_cols)) + if (xterm_get_size(&terminal_lines, &terminal_cols)) terminal_can_resize = true; break; } @@ -685,20 +655,20 @@ if (!terminal_can_resize) { /* either not xterm or not interactive */ - sudo_get_ttysize(&terminal_rows, &terminal_cols); + sudo_get_ttysize(&terminal_lines, &terminal_cols); } - if (li->rows == terminal_rows && li->cols == terminal_cols) { + if (li->lines == terminal_lines && li->cols == terminal_cols) { /* nothing to change */ debug_return; } if (terminal_can_resize) { /* session terminal size is different, try to resize ours */ - if (xterm_set_size(li->rows, li->cols)) { + if (xterm_set_size(li->lines, li->cols)) { /* success */ sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, - "resized terminal to %d x %x", li->rows, li->cols); + "resized terminal to %d x %x", li->lines, li->cols); terminal_was_resized = true; debug_return; } @@ -706,20 +676,20 @@ terminal_can_resize = false; } - if (li->rows > terminal_rows || li->cols > terminal_cols) { + if (li->lines > terminal_lines || li->cols > terminal_cols) { fputs(_("Warning: your terminal is too small to properly replay the log.\n"), stdout); - printf(_("Log geometry is %d x %d, your terminal's geometry is %d x %d."), li->rows, li->cols, terminal_rows, terminal_cols); + printf(_("Log geometry is %d x %d, your terminal's geometry is %d x %d."), li->lines, li->cols, terminal_lines, terminal_cols); } debug_return; } static void -resize_terminal(int rows, int cols) +resize_terminal(int lines, int cols) { - debug_decl(resize_terminal, SUDO_DEBUG_UTIL) + debug_decl(resize_terminal, SUDO_DEBUG_UTIL); if (terminal_can_resize) { - if (xterm_set_size(rows, cols)) + if (xterm_set_size(lines, cols)) terminal_was_resized = true; else terminal_can_resize = false; @@ -731,7 +701,7 @@ static void restore_terminal_size(void) { - debug_decl(restore_terminal, SUDO_DEBUG_UTIL) + debug_decl(restore_terminal, SUDO_DEBUG_UTIL); if (terminal_was_resized) { /* We are still in raw mode, hence the carriage return. */ @@ -740,7 +710,7 @@ stdout); fflush(stdout); (void)getchar(); - xterm_set_size(terminal_rows, terminal_cols); + xterm_set_size(terminal_lines, terminal_cols); putchar('\r'); putchar('\n'); } @@ -754,38 +724,29 @@ * Return 0 on success, 1 on EOF and -1 on error. */ static int -read_timing_record(struct replay_closure *closure) +get_timing_record(struct replay_closure *closure) { - struct timespec timeout; - char buf[LINE_MAX]; - debug_decl(read_timing_record, SUDO_DEBUG_UTIL) - - /* Read next record from timing file. */ - if (io_log_gets(io_log_files[IOFD_TIMING].fd, buf, sizeof(buf)) == NULL) { - /* EOF or error reading timing file, we are done. */ - debug_return_int(io_log_eof(io_log_files[IOFD_TIMING].fd) ? 1 : -1); - } + struct timing_closure *timing = &closure->timing; + int ret; + debug_decl(get_timing_record, SUDO_DEBUG_UTIL); - /* Parse timing file record. */ - buf[strcspn(buf, "\n")] = '\0'; - if (!parse_timing(buf, &timeout, &closure->timing)) - sudo_fatalx(U_("invalid timing file line: %s"), buf); + if ((ret = iolog_read_timing_record(&iolog_files[IOFD_TIMING], timing)) != 0) + debug_return_int(ret); /* Record number bytes to read. */ - /* XXX - remove timing->nbytes? */ - if (closure->timing.event != IO_EVENT_WINSIZE && - closure->timing.event != IO_EVENT_SUSPEND) { + if (timing->event != IO_EVENT_WINSIZE && + timing->event != IO_EVENT_SUSPEND) { closure->iobuf.len = 0; closure->iobuf.off = 0; closure->iobuf.lastc = '\0'; - closure->iobuf.toread = closure->timing.u.nbytes; + closure->iobuf.toread = timing->u.nbytes; } /* Adjust delay using speed factor and max_delay. */ - adjust_delay(&timeout, closure->timing.max_delay, speed_factor); + iolog_adjust_delay(&timing->delay, closure->max_delay, speed_factor); /* Schedule the delay event. */ - if (sudo_ev_add(closure->evbase, closure->delay_ev, &timeout, false) == -1) + if (sudo_ev_add(closure->evbase, closure->delay_ev, &timing->delay, false) == -1) sudo_fatal(U_("unable to add event to queue")); debug_return_int(0); @@ -798,10 +759,10 @@ static void next_timing_record(struct replay_closure *closure) { - debug_decl(next_timing_record, SUDO_DEBUG_UTIL) + debug_decl(next_timing_record, SUDO_DEBUG_UTIL); again: - switch (read_timing_record(closure)) { + switch (get_timing_record(closure)) { case 0: /* success */ if (closure->timing.event == IO_EVENT_SUSPEND && @@ -827,24 +788,27 @@ { const size_t space = sizeof(closure->iobuf.buf) - closure->iobuf.len; const struct timing_closure *timing = &closure->timing; - debug_decl(fill_iobuf, SUDO_DEBUG_UTIL) + const char *errstr; + debug_decl(fill_iobuf, SUDO_DEBUG_UTIL); if (closure->iobuf.toread != 0 && space != 0) { const size_t len = closure->iobuf.toread < space ? closure->iobuf.toread : space; - ssize_t nread = io_log_read(timing->fd, - closure->iobuf.buf + closure->iobuf.off, len); + ssize_t nread = iolog_read(timing->iol, + closure->iobuf.buf + closure->iobuf.off, len, &errstr); if (nread <= 0) { if (nread == 0) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "%s: premature EOF, expected %u bytes", - io_log_files[timing->event].suffix, closure->iobuf.toread); + "%s/%s: premature EOF, expected %u bytes", + closure->iolog_dir, iolog_fd_to_name(timing->event), + closure->iobuf.toread); } else { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO, - "%s: read error", io_log_files[timing->event].suffix); + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "%s/%s: read error: %s", closure->iolog_dir, + iolog_fd_to_name(timing->event), errstr); } - sudo_warnx(U_("unable to read %s"), - io_log_files[timing->event].suffix); + sudo_warnx(U_("unable to read %s/%s: %s"), + closure->iolog_dir, iolog_fd_to_name(timing->event), errstr); debug_return_bool(false); } closure->iobuf.toread -= nread; @@ -864,35 +828,35 @@ { struct replay_closure *closure = v; struct timing_closure *timing = &closure->timing; - debug_decl(delay_cb, SUDO_DEBUG_UTIL) + debug_decl(delay_cb, SUDO_DEBUG_UTIL); switch (timing->event) { case IO_EVENT_WINSIZE: - resize_terminal(timing->u.winsize.rows, timing->u.winsize.cols); + resize_terminal(timing->u.winsize.lines, timing->u.winsize.cols); break; case IO_EVENT_STDIN: - if (io_log_files[IOFD_STDIN].enabled) - timing->fd = io_log_files[IOFD_STDIN].fd; + if (iolog_files[IOFD_STDIN].enabled) + timing->iol = &iolog_files[IOFD_STDIN]; break; case IO_EVENT_STDOUT: - if (io_log_files[IOFD_STDOUT].enabled) - timing->fd = io_log_files[IOFD_STDOUT].fd; + if (iolog_files[IOFD_STDOUT].enabled) + timing->iol = &iolog_files[IOFD_STDOUT]; break; case IO_EVENT_STDERR: - if (io_log_files[IOFD_STDERR].enabled) - timing->fd = io_log_files[IOFD_STDERR].fd; + if (iolog_files[IOFD_STDERR].enabled) + timing->iol = &iolog_files[IOFD_STDERR]; break; case IO_EVENT_TTYIN: - if (io_log_files[IOFD_TTYIN].enabled) - timing->fd = io_log_files[IOFD_TTYIN].fd; + if (iolog_files[IOFD_TTYIN].enabled) + timing->iol = &iolog_files[IOFD_TTYIN]; break; case IO_EVENT_TTYOUT: - if (io_log_files[IOFD_TTYOUT].enabled) - timing->fd = io_log_files[IOFD_TTYOUT].fd; + if (iolog_files[IOFD_TTYOUT].enabled) + timing->iol = &iolog_files[IOFD_TTYOUT]; break; } - if (timing->fd.v != NULL) { + if (timing->iol != NULL) { /* If the stream is open, enable the write event. */ if (sudo_ev_add(closure->evbase, closure->output_ev, NULL, false) == -1) sudo_fatal(U_("unable to add event to queue")); @@ -910,6 +874,8 @@ /* * Free events and event base, then the closure itself. */ + if (closure->iolog_dir_fd != -1) + close(closure->iolog_dir_fd); sudo_ev_free(closure->delay_ev); sudo_ev_free(closure->keyboard_ev); sudo_ev_free(closure->output_ev); @@ -926,7 +892,7 @@ signal_cb(int signo, int what, void *v) { struct replay_closure *closure = v; - debug_decl(signal_cb, SUDO_DEBUG_UTIL) + debug_decl(signal_cb, SUDO_DEBUG_UTIL); switch (signo) { case SIGHUP: @@ -949,18 +915,21 @@ } static struct replay_closure * -replay_closure_alloc(struct timespec *max_delay, const char *decimal, - bool interactive, bool suspend_wait) +replay_closure_alloc(int iolog_dir_fd, const char *iolog_dir, + struct timespec *max_delay, const char *decimal, bool interactive, + bool suspend_wait) { struct replay_closure *closure; - debug_decl(replay_closure_alloc, SUDO_DEBUG_UTIL) + debug_decl(replay_closure_alloc, SUDO_DEBUG_UTIL); if ((closure = calloc(1, sizeof(*closure))) == NULL) debug_return_ptr(NULL); + closure->iolog_dir_fd = iolog_dir_fd; + closure->iolog_dir = iolog_dir; closure->interactive = interactive; closure->suspend_wait = suspend_wait; - closure->timing.max_delay = max_delay; + closure->max_delay = max_delay; closure->timing.decimal = decimal; /* @@ -1032,17 +1001,18 @@ } static int -replay_session(struct timespec *max_delay, const char *decimal, - bool interactive, bool suspend_wait) +replay_session(int iolog_dir_fd, const char *iolog_dir, + struct timespec *max_delay, const char *decimal, bool interactive, + bool suspend_wait) { struct replay_closure *closure; int ret = 0; - debug_decl(replay_session, SUDO_DEBUG_UTIL) + debug_decl(replay_session, SUDO_DEBUG_UTIL); /* Allocate the delay closure and read the first timing record. */ - closure = replay_closure_alloc(max_delay, decimal, interactive, - suspend_wait); - if (read_timing_record(closure) != 0) { + closure = replay_closure_alloc(iolog_dir_fd, iolog_dir, max_delay, decimal, + interactive, suspend_wait); + if (get_timing_record(closure) != 0) { ret = 1; goto done; } @@ -1058,28 +1028,6 @@ debug_return_int(ret); } -static int -open_io_fd(char *path, int len, struct io_log_file *iol) -{ - debug_decl(open_io_fd, SUDO_DEBUG_UTIL) - - if (!iol->enabled) - debug_return_int(0); - - path[len] = '\0'; - strlcat(path, iol->suffix, PATH_MAX); -#ifdef HAVE_ZLIB_H - iol->fd.g = gzopen(path, "r"); -#else - iol->fd.f = fopen(path, "r"); -#endif - if (iol->fd.v == NULL) { - iol->enabled = false; - debug_return_int(-1); - } - debug_return_int(0); -} - /* * Write the I/O buffer. */ @@ -1093,7 +1041,7 @@ struct iovec iov[2]; bool added_cr = false; size_t nbytes, nwritten; - debug_decl(write_output, SUDO_DEBUG_UTIL) + debug_decl(write_output, SUDO_DEBUG_UTIL); /* Refill iobuf if there is more to read and buf is empty. */ if (!fill_iobuf(closure)) { @@ -1155,7 +1103,7 @@ if (iobuf->off == iobuf->len) { /* Write complete, go to next timing entry if possible. */ - switch (read_timing_record(closure)) { + switch (get_timing_record(closure)) { case 0: /* success */ break; @@ -1185,7 +1133,7 @@ bool or = false, not = false; struct search_node *sn; char type, **av; - debug_decl(parse_expr, SUDO_DEBUG_UTIL) + debug_decl(parse_expr, SUDO_DEBUG_UTIL); for (av = argv; *av != NULL; av++) { switch (av[0][0]) { @@ -1223,6 +1171,11 @@ goto bad; type = ST_RUNASGROUP; break; + case 'h': /* host */ + if (strncmp(*av, "host", strlen(*av)) != 0) + goto bad; + type = ST_HOST; + break; case 'r': /* runas user */ if (strncmp(*av, "runas", strlen(*av)) != 0) goto bad; @@ -1276,8 +1229,9 @@ if (regcomp(&sn->u.cmdre, *av, REG_EXTENDED|REG_NOSUB) != 0) sudo_fatalx(U_("invalid regular expression: %s"), *av); } else if (type == ST_TODATE || type == ST_FROMDATE) { - sn->u.tstamp = get_date(*av); - if (sn->u.tstamp == -1) + sn->u.tstamp.tv_sec = get_date(*av); + sn->u.tstamp.tv_nsec = 0; + if (sn->u.tstamp.tv_sec == -1) sudo_fatalx(U_("could not parse date \"%s\""), *av); } else { sn->u.ptr = *av; @@ -1297,12 +1251,12 @@ } static bool -match_expr(struct search_node_list *head, struct log_info *log, bool last_match) +match_expr(struct search_node_list *head, struct iolog_info *log, bool last_match) { struct search_node *sn; bool res = false, matched = last_match; int rc; - debug_decl(match_expr, SUDO_DEBUG_UTIL) + debug_decl(match_expr, SUDO_DEBUG_UTIL); STAILQ_FOREACH(sn, head, entries) { switch (sn->type) { @@ -1310,20 +1264,28 @@ res = match_expr(&sn->u.expr, log, matched); break; case ST_CWD: - res = strcmp(sn->u.cwd, log->cwd) == 0; + if (log->cwd != NULL) + res = strcmp(sn->u.cwd, log->cwd) == 0; + break; + case ST_HOST: + if (log->host != NULL) + res = strcmp(sn->u.host, log->host) == 0; break; case ST_TTY: - res = strcmp(sn->u.tty, log->tty) == 0; + if (log->tty != NULL) + res = strcmp(sn->u.tty, log->tty) == 0; break; case ST_RUNASGROUP: if (log->runas_group != NULL) res = strcmp(sn->u.runas_group, log->runas_group) == 0; break; case ST_RUNASUSER: - res = strcmp(sn->u.runas_user, log->runas_user) == 0; + if (log->runas_user != NULL) + res = strcmp(sn->u.runas_user, log->runas_user) == 0; break; case ST_USER: - res = strcmp(sn->u.user, log->user) == 0; + if (log->user != NULL) + res = strcmp(sn->u.user, log->user) == 0; break; case ST_PATTERN: rc = regexec(&sn->u.cmdre, log->cmd, 0, NULL, 0); @@ -1335,10 +1297,10 @@ res = rc == REG_NOMATCH ? 0 : 1; break; case ST_FROMDATE: - res = log->tstamp >= sn->u.tstamp; + res = sudo_timespeccmp(&log->tstamp, &sn->u.tstamp, >=); break; case ST_TODATE: - res = log->tstamp <= sn->u.tstamp; + res = sudo_timespeccmp(&log->tstamp, &sn->u.tstamp, <=); break; default: sudo_fatalx(U_("unknown search type %d"), sn->type); @@ -1353,23 +1315,23 @@ } static int -list_session(char *logfile, regex_t *re, const char *user, const char *tty) +list_session(char *log_dir, regex_t *re, const char *user, const char *tty) { char idbuf[7], *idstr, *cp; + struct iolog_info *li = NULL; const char *timestr; - struct log_info *li; int ret = -1; - debug_decl(list_session, SUDO_DEBUG_UTIL) + debug_decl(list_session, SUDO_DEBUG_UTIL); - if ((li = parse_logfile(logfile)) == NULL) + if ((li = iolog_parse_loginfo(-1, log_dir)) == NULL) goto done; /* Match on search expression if there is one. */ if (!STAILQ_EMPTY(&search_expr) && !match_expr(&search_expr, li, true)) goto done; - /* Convert from /var/log/sudo-sessions/00/00/01/log to 000001 */ - cp = logfile + strlen(session_dir) + 1; + /* Convert from /var/log/sudo-sessions/00/00/01 to 000001 */ + cp = log_dir + strlen(session_dir) + 1; if (IS_IDLOG(cp)) { idbuf[0] = cp[0]; idbuf[1] = cp[1]; @@ -1380,23 +1342,24 @@ idbuf[6] = '\0'; idstr = idbuf; } else { - /* Not an id, just use the iolog_file portion. */ - cp[strlen(cp) - 4] = '\0'; + /* Not an id, use as-is. */ idstr = cp; } - /* XXX - print rows + cols? */ - timestr = get_timestr(li->tstamp, 1); + /* XXX - print lines + cols? */ + timestr = get_timestr(li->tstamp.tv_sec, 1); printf("%s : %s : TTY=%s ; CWD=%s ; USER=%s ; ", timestr ? timestr : "invalid date", li->user, li->tty, li->cwd, li->runas_user); if (li->runas_group) printf("GROUP=%s ; ", li->runas_group); + if (li->host) + printf("HOST=%s ; ", li->host); printf("TSID=%s ; COMMAND=%s\n", idstr, li->cmd); ret = 0; done: - free_log_info(li); + iolog_free_loginfo(li); debug_return_int(ret); } @@ -1424,7 +1387,7 @@ #else const bool checked_type = false; #endif - debug_decl(find_sessions, SUDO_DEBUG_UTIL) + debug_decl(find_sessions, SUDO_DEBUG_UTIL); d = opendir(dir); if (d == NULL) @@ -1485,9 +1448,10 @@ /* Check for dir with a log file. */ if (lstat(pathbuf, &sb) == 0 && S_ISREG(sb.st_mode)) { + pathbuf[sdlen + len - 4] = '\0'; list_session(pathbuf, re, user, tty); } else { - /* Strip off "/log" and recurse if a dir. */ + /* Strip off "/log" and recurse if a non-log dir. */ pathbuf[sdlen + len - 4] = '\0'; if (checked_type || (lstat(pathbuf, &sb) == 0 && S_ISDIR(sb.st_mode))) @@ -1506,7 +1470,7 @@ const char *tty) { regex_t rebuf, *re = NULL; - debug_decl(list_sessions, SUDO_DEBUG_UTIL) + debug_decl(list_sessions, SUDO_DEBUG_UTIL); /* Parse search expression if present */ parse_expr(&search_expr, argv, false); @@ -1533,7 +1497,7 @@ struct timespec ts; ssize_t nread; char ch; - debug_decl(read_keyboard, SUDO_DEBUG_UTIL) + debug_decl(read_keyboard, SUDO_DEBUG_UTIL); nread = read(fd, &ch, 1); switch (nread) { @@ -1559,8 +1523,7 @@ break; case '<': speed_factor /= 2; - sudo_ev_get_timeleft(closure->delay_ev, &ts); - if (sudo_timespecisset(&ts)) { + if (sudo_ev_pending(closure->delay_ev, SUDO_EV_TIMEOUT, &ts)) { /* Double remaining timeout. */ ts.tv_sec *= 2; ts.tv_nsec *= 2; @@ -1576,8 +1539,7 @@ break; case '>': speed_factor *= 2; - sudo_ev_get_timeleft(closure->delay_ev, &ts); - if (sudo_timespecisset(&ts)) { + if (sudo_ev_pending(closure->delay_ev, SUDO_EV_TIMEOUT, &ts)) { /* Halve remaining timeout. */ if (ts.tv_sec & 1) ts.tv_nsec += 500000000; @@ -1614,7 +1576,7 @@ _("usage: %s [-h] [-d dir] -l [search expression]\n"), getprogname()); if (fatal) - exit(1); + exit(EXIT_FAILURE); } static void @@ -1633,7 +1595,7 @@ " -S, --suspend-wait wait while the command was suspended\n" " -s, --speed=num speed up or slow down output\n" " -V, --version display version information and exit")); - exit(0); + exit(EXIT_SUCCESS); } /* diff -Nru sudo-1.8.31/plugins/sudoers/testsudoers.c sudo-1.9.0/plugins/sudoers/testsudoers.c --- sudo-1.8.31/plugins/sudoers/testsudoers.c 2019-11-06 16:36:20.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/testsudoers.c 2020-05-11 16:28:23.000000000 +0000 @@ -121,7 +121,7 @@ int match, host_match, runas_match, cmnd_match; int ch, dflag, exitcode = EXIT_FAILURE; struct sudo_lbuf lbuf; - debug_decl(main, SUDOERS_DEBUG_MAIN) + debug_decl(main, SUDOERS_DEBUG_MAIN); #if defined(SUDO_DEVEL) && defined(__OpenBSD__) malloc_options = "S"; @@ -385,7 +385,7 @@ set_runaspw(const char *user) { struct passwd *pw = NULL; - debug_decl(set_runaspw, SUDOERS_DEBUG_UTIL) + debug_decl(set_runaspw, SUDOERS_DEBUG_UTIL); if (*user == '#') { const char *errstr; @@ -409,7 +409,7 @@ set_runasgr(const char *group) { struct group *gr = NULL; - debug_decl(set_runasgr, SUDOERS_DEBUG_UTIL) + debug_decl(set_runasgr, SUDOERS_DEBUG_UTIL); if (*group == '#') { const char *errstr; @@ -459,7 +459,7 @@ struct stat sb; FILE *fp = NULL; char *sudoers_base; - debug_decl(open_sudoers, SUDOERS_DEBUG_UTIL) + debug_decl(open_sudoers, SUDOERS_DEBUG_UTIL); sudoers_base = strrchr(sudoers, '/'); if (sudoers_base != NULL) @@ -516,7 +516,7 @@ print_defaults(struct sudo_lbuf *lbuf) { struct defaults *def, *next; - debug_decl(print_defaults, SUDOERS_DEBUG_UTIL) + debug_decl(print_defaults, SUDOERS_DEBUG_UTIL); TAILQ_FOREACH_SAFE(def, &parsed_policy.defaults, entries, next) sudoers_format_default_line(lbuf, &parsed_policy, def, &next, false); @@ -529,7 +529,7 @@ { struct sudo_lbuf *lbuf = v; struct member *m; - debug_decl(print_alias, SUDOERS_DEBUG_UTIL) + debug_decl(print_alias, SUDOERS_DEBUG_UTIL); sudo_lbuf_append(lbuf, "%s %s = ", alias_type_to_string(a->type), a->name); @@ -546,7 +546,7 @@ static bool print_aliases(struct sudo_lbuf *lbuf) { - debug_decl(print_aliases, SUDOERS_DEBUG_UTIL) + debug_decl(print_aliases, SUDOERS_DEBUG_UTIL); alias_apply(&parsed_policy, print_alias, lbuf); @@ -556,7 +556,7 @@ static void dump_sudoers(struct sudo_lbuf *lbuf) { - debug_decl(dump_sudoers, SUDOERS_DEBUG_UTIL) + debug_decl(dump_sudoers, SUDOERS_DEBUG_UTIL); /* Print Defaults */ if (!print_defaults(lbuf)) @@ -606,5 +606,5 @@ usage(void) { (void) fprintf(stderr, "usage: %s [-dt] [-G sudoers_gid] [-g group] [-h host] [-i input_format] [-P grfile] [-p pwfile] [-U sudoers_uid] [-u user] [args]\n", getprogname()); - exit(1); + exit(EXIT_FAILURE); } diff -Nru sudo-1.8.31/plugins/sudoers/timeout.c sudo-1.9.0/plugins/sudoers/timeout.c --- sudo-1.8.31/plugins/sudoers/timeout.c 2019-10-28 12:27:38.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/timeout.c 2020-05-11 16:28:23.000000000 +0000 @@ -49,7 +49,7 @@ int parse_timeout(const char *timestr) { - debug_decl(parse_timeout, SUDOERS_DEBUG_PARSER) + debug_decl(parse_timeout, SUDOERS_DEBUG_PARSER); const char suffixes[] = "dhms"; const char *cp = timestr; int timeout = 0; diff -Nru sudo-1.8.31/plugins/sudoers/timestamp.c sudo-1.9.0/plugins/sudoers/timestamp.c --- sudo-1.8.31/plugins/sudoers/timestamp.c 2019-10-28 12:27:39.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/timestamp.c 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2014-2019 Todd C. Miller + * Copyright (c) 2014-2020 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -81,7 +81,7 @@ ts_match_record(struct timestamp_entry *key, struct timestamp_entry *entry, unsigned int recno) { - debug_decl(ts_match_record, SUDOERS_DEBUG_AUTH) + debug_decl(ts_match_record, SUDOERS_DEBUG_AUTH); if (entry->version != key->version) { sudo_debug_printf(SUDO_DEBUG_DEBUG, @@ -155,7 +155,7 @@ { struct timestamp_entry cur; unsigned int recno = 0; - debug_decl(ts_find_record, SUDOERS_DEBUG_AUTH) + debug_decl(ts_find_record, SUDOERS_DEBUG_AUTH); /* * Find a matching record (does not match sid or time stamp value). @@ -197,7 +197,7 @@ { bool ret; mode_t omask; - debug_decl(ts_mkdirs, SUDOERS_DEBUG_AUTH) + debug_decl(ts_mkdirs, SUDOERS_DEBUG_AUTH); /* umask must not be more restrictive than the file modes. */ omask = umask(ACCESSPERMS & ~(mode|parent_mode)); @@ -234,7 +234,7 @@ { struct stat sb; bool ret = false; - debug_decl(ts_secure_dir, SUDOERS_DEBUG_AUTH) + debug_decl(ts_secure_dir, SUDOERS_DEBUG_AUTH); sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "checking %s", path); switch (sudo_secure_dir(path, timestamp_uid, -1, &sb)) { @@ -282,7 +282,7 @@ { bool uid_changed = false; int fd; - debug_decl(ts_open, SUDOERS_DEBUG_AUTH) + debug_decl(ts_open, SUDOERS_DEBUG_AUTH); if (timestamp_uid != 0) uid_changed = set_perms(PERM_TIMESTAMP); @@ -307,7 +307,7 @@ { ssize_t nwritten; off_t old_eof; - debug_decl(ts_write, SUDOERS_DEBUG_AUTH) + debug_decl(ts_write, SUDOERS_DEBUG_AUTH); if (offset == -1) { old_eof = lseek(fd, 0, SEEK_CUR); @@ -358,7 +358,7 @@ enum def_tuple ticket_type) { struct stat sb; - debug_decl(ts_init_key, SUDOERS_DEBUG_AUTH) + debug_decl(ts_init_key, SUDOERS_DEBUG_AUTH); memset(entry, 0, sizeof(*entry)); entry->version = TS_VERSION; @@ -422,7 +422,7 @@ struct ts_cookie *cookie; char *fname = NULL; int tries, fd = -1; - debug_decl(timestamp_open, SUDOERS_DEBUG_AUTH) + debug_decl(timestamp_open, SUDOERS_DEBUG_AUTH); /* Zero timeout means don't use the time stamp file. */ if (!sudo_timespecisset(&def_timestamp_timeout)) { @@ -513,7 +513,7 @@ struct sigaction sa, saveint, savequit; sigset_t mask, omask; bool ret; - debug_decl(timestamp_lock_record, SUDOERS_DEBUG_AUTH) + debug_decl(timestamp_lock_record, SUDOERS_DEBUG_AUTH); if (pos >= 0 && lseek(fd, pos, SEEK_SET) == -1) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO, @@ -556,7 +556,7 @@ static bool timestamp_unlock_record(int fd, off_t pos, off_t len) { - debug_decl(timestamp_unlock_record, SUDOERS_DEBUG_AUTH) + debug_decl(timestamp_unlock_record, SUDOERS_DEBUG_AUTH); if (pos >= 0 && lseek(fd, pos, SEEK_SET) == -1) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO, @@ -574,7 +574,7 @@ { ssize_t nread = -1; bool should_unlock = false; - debug_decl(ts_read, SUDOERS_DEBUG_AUTH) + debug_decl(ts_read, SUDOERS_DEBUG_AUTH); /* If the record is not already locked, lock it now. */ if (!cookie->locked) { @@ -613,6 +613,25 @@ } /* + * Write a TS_LOCKEXCL record at the beginning of the time stamp file. + */ +bool +timestamp_lock_write(struct ts_cookie *cookie) +{ + struct timestamp_entry entry; + bool ret = true; + debug_decl(timestamp_lock_write, SUDOERS_DEBUG_AUTH); + + memset(&entry, 0, sizeof(entry)); + entry.version = TS_VERSION; + entry.size = sizeof(entry); + entry.type = TS_LOCKEXCL; + if (ts_write(cookie->fd, cookie->fname, &entry, -1) == -1) + ret = false; + debug_return_bool(ret); +} + +/* * Lock a record in the time stamp file for exclusive access. * If the record does not exist, it is created (as disabled). */ @@ -621,9 +640,10 @@ { struct ts_cookie *cookie = vcookie; struct timestamp_entry entry; + bool overwrite = false; off_t lock_pos; ssize_t nread; - debug_decl(timestamp_lock, SUDOERS_DEBUG_AUTH) + debug_decl(timestamp_lock, SUDOERS_DEBUG_AUTH); if (cookie == NULL) { sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, @@ -642,26 +662,39 @@ /* Make sure the first record is of type TS_LOCKEXCL. */ memset(&entry, 0, sizeof(entry)); nread = read(cookie->fd, &entry, sizeof(entry)); - if (nread == 0) { - /* New file, add TS_LOCKEXCL record. */ - entry.version = TS_VERSION; - entry.size = sizeof(entry); - entry.type = TS_LOCKEXCL; - if (ts_write(cookie->fd, cookie->fname, &entry, -1) == -1) - debug_return_bool(false); + if (nread < ssizeof(struct timestamp_entry_v1)) { + /* New or invalid time stamp file. */ + overwrite = true; } else if (entry.type != TS_LOCKEXCL) { - /* Old sudo record, convert it to TS_LOCKEXCL. */ - entry.type = TS_LOCKEXCL; - memset((char *)&entry + offsetof(struct timestamp_entry, type), 0, - nread - offsetof(struct timestamp_entry, type)); - if (ts_write(cookie->fd, cookie->fname, &entry, 0) == -1) - debug_return_bool(false); + if (entry.size == sizeof(struct timestamp_entry_v1)) { + /* Old sudo record, convert it to TS_LOCKEXCL. */ + entry.type = TS_LOCKEXCL; + memset((char *)&entry + offsetof(struct timestamp_entry, type), 0, + nread - offsetof(struct timestamp_entry, type)); + if (ts_write(cookie->fd, cookie->fname, &entry, 0) == -1) + debug_return_bool(false); + } else { + /* Corrupted time stamp file? Just overwrite it. */ + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO, + "corrupt initial record, type: %hu, size: %hu (expected %zu)", + entry.type, entry.size, sizeof(struct timestamp_entry_v1)); + overwrite = true; + } } - if (entry.size != sizeof(entry)) { + if (overwrite) { + /* Rewrite existing time stamp file or create new one. */ + if (ftruncate(cookie->fd, 0) != 0) { + sudo_warn(U_("unable to truncate time stamp file to %lld bytes"), + 0LL); + debug_return_bool(false); + } + if (!timestamp_lock_write(cookie)) + debug_return_bool(false); + } else if (entry.size != sizeof(entry)) { /* Reset position if the lock record has an unexpected size. */ if (lseek(cookie->fd, entry.size, SEEK_SET) == -1) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO, - "unable to seek to %lld", (long long)entry.size); + "unable to seek to %hu", entry.size); debug_return_bool(false); } } @@ -732,7 +765,7 @@ timestamp_close(void *vcookie) { struct ts_cookie *cookie = vcookie; - debug_decl(timestamp_close, SUDOERS_DEBUG_AUTH) + debug_decl(timestamp_close, SUDOERS_DEBUG_AUTH); if (cookie != NULL) { close(cookie->fd); @@ -758,7 +791,7 @@ struct timespec diff, now; int status = TS_ERROR; /* assume the worst */ ssize_t nread; - debug_decl(timestamp_status, SUDOERS_DEBUG_AUTH) + debug_decl(timestamp_status, SUDOERS_DEBUG_AUTH); /* Zero timeout means don't use time stamp files. */ if (!sudo_timespecisset(&def_timestamp_timeout)) { @@ -884,7 +917,7 @@ { struct ts_cookie *cookie = vcookie; int ret = false; - debug_decl(timestamp_update, SUDOERS_DEBUG_AUTH) + debug_decl(timestamp_update, SUDOERS_DEBUG_AUTH); /* Zero timeout means don't use time stamp files. */ if (!sudo_timespecisset(&def_timestamp_timeout)) { @@ -944,7 +977,7 @@ struct timestamp_entry key, entry; int fd = -1, ret = true; char *fname = NULL; - debug_decl(timestamp_remove, SUDOERS_DEBUG_AUTH) + debug_decl(timestamp_remove, SUDOERS_DEBUG_AUTH); #ifdef TIOCCLRVERAUTH if (def_timestamp_type == kernel) { @@ -1018,7 +1051,7 @@ char status_file[PATH_MAX]; struct stat sb; int len; - debug_decl(already_lectured, SUDOERS_DEBUG_AUTH) + debug_decl(already_lectured, SUDOERS_DEBUG_AUTH); if (ts_secure_dir(def_lecture_status_dir, false, true)) { len = snprintf(status_file, sizeof(status_file), "%s/%s", @@ -1041,7 +1074,7 @@ { char lecture_status[PATH_MAX]; int len, fd, ret = false; - debug_decl(set_lectured, SUDOERS_DEBUG_AUTH) + debug_decl(set_lectured, SUDOERS_DEBUG_AUTH); len = snprintf(lecture_status, sizeof(lecture_status), "%s/%s", def_lecture_status_dir, user_name); diff -Nru sudo-1.8.31/plugins/sudoers/toke.c sudo-1.9.0/plugins/sudoers/toke.c --- sudo-1.8.31/plugins/sudoers/toke.c 2019-10-28 12:27:39.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/toke.c 2020-05-11 16:28:23.000000000 +0000 @@ -433,72 +433,72 @@ 45, 53, 53, 53, 53, 53, 53, 53, 53, 53, 53, 53, 53, 53, 53, 53, 53, 53, 53, 62, 62, 0, 0, 0, 0, 0, 72, 62, 62, 62, - 62, 62, 0, 62, 10, 0, 0, 0, 18, 18, - 18, 19, 19, 19, 19, 19, 19, 19, 19, 19, - 19, 19, 19, 19, 19, 19, 72, 72, 72, 62, + 62, 62, 62, 0, 62, 10, 0, 0, 0, 18, + 18, 18, 19, 19, 19, 19, 19, 19, 19, 19, + 19, 19, 19, 19, 19, 19, 19, 72, 72, 72, - 62, 62, 62, 62, 62, 0, 44, 44, 44, 0, - 0, 43, 43, 43, 43, 43, 43, 43, 53, 53, + 62, 62, 62, 62, 62, 62, 0, 44, 44, 44, + 0, 0, 43, 43, 43, 43, 43, 43, 43, 53, 53, 53, 53, 53, 53, 53, 53, 53, 53, 53, - 53, 53, 53, 53, 49, 53, 53, 50, 62, 62, - 62, 62, 0, 0, 0, 0, 0, 72, 62, 62, - 62, 62, 0, 0, 0, 0, 0, 18, 18, 19, - 19, 53, 19, 19, 19, 19, 19, 19, 19, 19, - 19, 19, 19, 19, 19, 62, 62, 62, 0, 0, - 44, 44, 44, 0, 43, 43, 0, 43, 43, 43, - 43, 43, 43, 43, 43, 43, 43, 43, 0, 27, - - 53, 53, 53, 53, 0, 34, 53, 53, 53, 53, - 53, 53, 53, 53, 53, 51, 53, 53, 62, 62, - 62, 62, 62, 0, 0, 0, 72, 62, 62, 62, - 0, 0, 0, 18, 18, 19, 53, 53, 19, 19, + 53, 53, 53, 53, 53, 49, 53, 53, 50, 62, + 62, 62, 62, 0, 0, 0, 0, 0, 0, 72, + 62, 62, 62, 62, 0, 0, 0, 0, 0, 18, + 18, 19, 19, 53, 19, 19, 19, 19, 19, 19, + 19, 19, 19, 19, 19, 19, 19, 62, 62, 62, + 0, 0, 44, 44, 44, 0, 43, 43, 0, 43, + 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, + + 0, 27, 53, 53, 53, 53, 0, 34, 53, 53, + 53, 53, 53, 53, 53, 53, 53, 51, 53, 53, + 62, 62, 62, 62, 62, 0, 0, 0, 72, 62, + 62, 62, 0, 0, 0, 18, 18, 19, 53, 53, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, - 19, 62, 62, 62, 62, 62, 0, 44, 0, 43, - 43, 43, 0, 0, 0, 43, 43, 43, 43, 43, - 43, 43, 43, 43, 43, 43, 43, 43, 53, 53, + 19, 19, 19, 62, 62, 62, 62, 62, 0, 44, + 0, 43, 43, 43, 0, 0, 0, 43, 43, 43, + 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 53, 53, 53, 53, 53, 53, 53, 53, 53, 53, - 53, 53, 53, 55, 56, 57, 58, 62, 0, 0, + 53, 53, 53, 53, 53, 55, 56, 57, 58, 62, - 72, 62, 62, 62, 0, 0, 0, 0, 0, 19, - 53, 53, 19, 19, 53, 19, 19, 19, 19, 19, - 19, 19, 19, 19, 19, 41, 41, 41, 0, 0, - 43, 43, 43, 43, 43, 43, 43, 0, 0, 0, - 0, 0, 43, 43, 43, 43, 43, 43, 43, 43, - 43, 43, 43, 43, 43, 43, 0, 36, 53, 53, - 53, 0, 26, 53, 53, 53, 0, 35, 53, 53, - 53, 53, 0, 25, 0, 28, 46, 62, 0, 0, - 72, 62, 62, 62, 41, 41, 41, 53, 53, 19, - 53, 53, 19, 19, 19, 62, 41, 41, 41, 41, + 0, 0, 72, 62, 62, 62, 0, 0, 0, 0, + 0, 19, 53, 53, 19, 19, 53, 19, 19, 19, + 19, 19, 19, 19, 19, 19, 19, 41, 41, 41, + 0, 0, 43, 43, 43, 43, 43, 43, 43, 0, + 0, 0, 0, 0, 43, 43, 43, 43, 43, 43, + 43, 43, 43, 43, 43, 43, 43, 43, 0, 36, + 53, 53, 53, 0, 26, 53, 53, 53, 0, 35, + 53, 53, 53, 53, 0, 25, 0, 28, 46, 62, + 0, 0, 72, 62, 62, 62, 41, 41, 41, 53, + 53, 19, 53, 53, 19, 19, 19, 62, 41, 41, - 0, 43, 0, 43, 43, 43, 43, 43, 43, 43, - 43, 43, 43, 43, 0, 0, 0, 43, 43, 43, + 41, 41, 0, 43, 0, 43, 43, 43, 43, 43, + 43, 43, 43, 43, 43, 43, 0, 0, 0, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, - 53, 53, 53, 53, 53, 53, 53, 53, 48, 53, - 59, 0, 0, 72, 62, 22, 54, 0, 41, 41, - 41, 41, 53, 53, 19, 53, 53, 19, 19, 19, - 42, 42, 42, 42, 43, 0, 0, 0, 43, 43, + 43, 43, 53, 53, 53, 53, 53, 53, 53, 53, + 48, 53, 59, 0, 0, 72, 62, 22, 54, 0, + 41, 41, 41, 41, 53, 53, 19, 53, 53, 19, + 19, 19, 42, 42, 42, 42, 43, 0, 0, 0, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, - 43, 0, 0, 0, 0, 0, 43, 43, 43, 43, - 43, 43, 43, 43, 53, 53, 53, 0, 37, 53, + 43, 43, 43, 0, 0, 0, 0, 0, 43, 43, + 43, 43, 43, 43, 43, 43, 53, 53, 53, 0, - 53, 0, 24, 0, 29, 47, 0, 22, 72, 72, - 62, 0, 62, 42, 42, 42, 42, 53, 53, 53, - 53, 62, 62, 42, 42, 42, 42, 0, 0, 0, - 0, 0, 43, 43, 43, 43, 43, 43, 43, 43, + 37, 53, 53, 0, 24, 0, 29, 47, 0, 22, + 20, 72, 23, 0, 62, 42, 42, 42, 42, 53, + 53, 53, 53, 62, 62, 42, 42, 42, 42, 0, + 0, 0, 0, 0, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, - 43, 43, 52, 0, 32, 53, 53, 53, 0, 72, - 72, 20, 72, 72, 23, 22, 0, 0, 0, 0, - 0, 22, 0, 0, 0, 42, 42, 42, 42, 53, - 53, 53, 62, 62, 62, 0, 0, 0, 43, 43, + 43, 43, 43, 43, 52, 0, 32, 53, 53, 53, + 23, 20, 20, 20, 20, 72, 22, 0, 0, 0, + 0, 0, 22, 0, 0, 0, 42, 42, 42, 42, + 53, 53, 53, 62, 62, 62, 0, 0, 0, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, - 43, 43, 43, 43, 43, 43, 0, 30, 53, 53, - 23, 20, 72, 0, 22, 0, 0, 0, 53, 53, + 43, 43, 43, 43, 43, 43, 43, 0, 30, 53, + 53, 20, 72, 0, 22, 0, 0, 0, 53, 53, 62, 62, 62, 62, 62, 0, 0, 0, 0, 0, 43, 43, 43, 43, 43, 43, 43, 43, 0, 33, - 53, 72, 0, 0, 0, 0, 0, 53, 62, 62, - 62, 43, 43, 43, 43, 43, 43, 0, 31, 72, - 72, 21, 72, 0, 0, 0, 62, 62, 62, 62, + 53, 21, 0, 0, 0, 0, 0, 53, 62, 62, + 62, 43, 43, 43, 43, 43, 43, 0, 31, 21, + 21, 21, 21, 0, 0, 0, 62, 62, 62, 62, 62, 43, 43, 43, 43, 43, 21, 0, 0, 0, 0, 0, 41, 41, 41, 41, 41, 41, 41, 41, 41, 41, 41, 41, 0 @@ -552,117 +552,117 @@ static yyconst flex_int16_t yy_base[1020] = { 0, 0, 72, 121, 191, 81, 88, 261, 333, 405, 459, - 142, 148, 514, 0, 4774, 4718, 73, 6207, 4769, 4765, - 6207, 585, 73, 6207, 6207, 4715, 6207, 151, 597, 153, - 164, 4741, 6207, 6207, 659, 4726, 46, 34, 715, 58, - 4724, 4710, 50, 4709, 4717, 60, 776, 791, 57, 189, - 816, 66, 63, 4683, 59, 4680, 113, 4735, 129, 204, - 4704, 4703, 4715, 134, 0, 6207, 4743, 4739, 6207, 0, - 880, 933, 137, 0, 4689, 6207, 135, 6207, 140, 6207, - 214, 4688, 154, 194, 6207, 239, 193, 259, 960, 1004, - 258, 232, 1062, 1112, 4700, 160, 180, 1168, 4696, 4708, - - 4694, 4706, 4701, 1215, 0, 156, 4681, 1239, 225, 6207, - 4729, 228, 6207, 4731, 273, 283, 4678, 4717, 332, 1266, - 4676, 1293, 415, 4675, 1322, 1335, 1375, 4681, 4681, 324, - 343, 334, 4657, 228, 1437, 1493, 4631, 4625, 4607, 4594, - 4587, 4573, 335, 4553, 4549, 4535, 4516, 4514, 4510, 371, - 6207, 157, 425, 215, 65, 442, 4488, 4493, 4484, 4479, - 4480, 355, 218, 369, 133, 369, 325, 434, 256, 431, - 377, 584, 4495, 1554, 448, 378, 0, 4543, 412, 4545, - 6207, 6207, 479, 0, 4492, 633, 6207, 6207, 4491, 438, - 4490, 4537, 591, 440, 505, 430, 4540, 736, 737, 659, - - 4487, 843, 0, 1581, 1611, 794, 842, 1650, 4525, 892, - 902, 740, 1700, 1756, 4498, 0, 4503, 4490, 4493, 4490, - 752, 4481, 4469, 4448, 4433, 308, 465, 475, 920, 959, - 1803, 974, 748, 1843, 4465, 4441, 1888, 454, 1934, 1979, - 0, 4423, 4410, 4411, 4394, 4407, 4395, 4402, 4401, 4413, - 4412, 4407, 454, 4394, 4390, 4404, 4402, 4401, 4398, 825, - 573, 4357, 4362, 4352, 4354, 4360, 594, 588, 4363, 572, - 232, 581, 1098, 778, 597, 4403, 4402, 2026, 2036, 4401, - 2081, 0, 4382, 4373, 4358, 4371, 4358, 4365, 4362, 4326, - 4325, 4320, 4294, 4303, 733, 4269, 6207, 508, 646, 2126, - - 730, 0, 0, 800, 773, 4308, 4307, 2164, 831, 4306, - 4305, 609, 984, 2177, 1193, 882, 2223, 2270, 4304, 851, - 4286, 4281, 830, 960, 4271, 4257, 4260, 4257, 4248, 4246, - 4257, 4246, 4229, 4226, 0, 4229, 4227, 0, 834, 111, - 774, 606, 4211, 4197, 4181, 4195, 4159, 946, 821, 1193, - 404, 742, 1236, 4212, 4211, 4199, 1095, 2280, 2325, 1100, - 4157, 833, 1204, 4163, 4156, 4159, 4156, 4147, 4145, 4141, - 4118, 867, 4133, 4139, 4096, 2372, 2384, 2396, 4128, 4127, - 2406, 4127, 4125, 4084, 4060, 804, 1263, 879, 1290, 1076, - 2419, 0, 1321, 2466, 1345, 1355, 2512, 2559, 1377, 6207, - - 4028, 4033, 4034, 4027, 1378, 6207, 4031, 4022, 4007, 4020, - 4007, 4018, 4004, 3998, 3993, 0, 3959, 3959, 875, 202, - 909, 851, 908, 3952, 3923, 3912, 1219, 1220, 1142, 958, - 3955, 3952, 2571, 2581, 2626, 3915, 3922, 3915, 3930, 3921, - 3906, 3889, 3863, 3851, 3851, 3821, 3849, 3846, 3846, 3839, - 3753, 2671, 877, 2711, 2723, 1515, 3770, 3767, 3766, 3746, - 2733, 1274, 3750, 3746, 2780, 1303, 1318, 1397, 1397, 1411, - 2792, 0, 1580, 2839, 1521, 1366, 2885, 2932, 2959, 1588, - 1602, 1629, 1438, 1634, 1653, 1439, 1792, 1686, 1623, 1803, - 1687, 1804, 1805, 3701, 3694, 3684, 3664, 1036, 3670, 3627, - - 1139, 1326, 1152, 1467, 1553, 3640, 3632, 3631, 1681, 1832, - 3585, 3553, 1844, 3532, 974, 1845, 3512, 3507, 1869, 1889, - 0, 0, 0, 0, 3483, 3016, 1863, 1780, 3456, 3426, - 3402, 1908, 3056, 1954, 1820, 3101, 3148, 1999, 3398, 3340, - 3321, 1920, 1414, 1577, 1616, 1621, 2056, 1636, 3160, 0, - 2103, 3207, 2136, 1964, 3253, 3300, 1890, 6207, 3327, 1517, - 1279, 1891, 6207, 1253, 1407, 1574, 2082, 6207, 1610, 1603, - 1566, 1616, 2083, 6207, 2084, 6207, 3277, 1494, 3243, 3236, - 1106, 1564, 1374, 1732, 3266, 3245, 3384, 3166, 3163, 3399, - 3164, 3140, 1760, 882, 3093, 3455, 1882, 3494, 0, 2003, - - 3103, 3084, 2146, 1290, 2197, 1553, 3534, 0, 2245, 3547, - 2300, 2114, 3592, 3639, 3095, 3090, 3651, 1677, 1678, 2015, - 2259, 3088, 2337, 3663, 0, 2350, 3710, 2439, 2156, 3757, - 3784, 1296, 923, 2226, 1614, 1802, 2328, 2467, 3036, 1228, - 3031, 3005, 2992, 2502, 1800, 2626, 3000, 2490, 2971, 2956, - 2952, 2533, 2916, 2899, 3856, 2886, 2882, 2224, 2225, 0, - 3914, 2601, 2646, 1945, 2866, 2871, 2863, 3954, 2850, 2246, - 2347, 2841, 2348, 3966, 0, 2683, 3979, 2694, 2545, 4024, - 4071, 2753, 2828, 2807, 2781, 2765, 1768, 1828, 2805, 1018, - 1043, 4083, 0, 2818, 2079, 2468, 1939, 2306, 6207, 1057, - - 2285, 2327, 6207, 2469, 6207, 2738, 2725, 2603, 2267, 2063, - 1625, 2840, 2875, 2747, 2659, 4095, 2541, 2672, 2886, 2887, - 2888, 4105, 1508, 4145, 0, 2683, 1700, 3026, 2639, 2620, - 2594, 3038, 2530, 2514, 2361, 2385, 3076, 2560, 4185, 0, - 3123, 4198, 3180, 2905, 4243, 4290, 2504, 2458, 4301, 2815, - 2311, 1630, 4328, 2934, 6207, 2961, 2229, 2183, 2154, 1832, - 2720, 6207, 2005, 2608, 2125, 2054, 3102, 2878, 2224, 2050, - 4398, 1980, 4425, 3227, 1994, 1973, 1928, 3046, 1882, 3208, - 3209, 3210, 4440, 4452, 4464, 1836, 1795, 4476, 1758, 1703, - 2712, 2913, 3273, 3057, 4488, 0, 3467, 4501, 3478, 3283, - - 4548, 1673, 1644, 1598, 3312, 1506, 3254, 6207, 3279, 1399, - 6207, 6207, 3145, 3504, 3514, 1410, 1388, 4560, 3593, 3594, - 4572, 2074, 4584, 4596, 3685, 3567, 1332, 1262, 1249, 3614, - 1223, 1170, 3124, 1063, 971, 4608, 0, 3129, 3595, 6207, - 3640, 3489, 3691, 875, 814, 739, 3732, 3736, 4620, 4632, - 4644, 3924, 3934, 3999, 617, 0, 585, 3758, 6207, 2030, - 3504, 6207, 2088, 576, 497, 4656, 4668, 2319, 4680, 4692, - 4011, 6207, 4049, 4115, 3524, 6207, 6207, 4125, 467, 297, - 231, 3844, 4702, 4740, 4778, 4155, 4165, 4218, 58, 4816, - 4228, 6207, 4266, 3769, 6207, 4871, 4892, 4913, 4934, 4955, - - 4976, 4997, 5018, 5039, 5048, 2666, 5068, 5089, 2187, 5110, - 5131, 5152, 5173, 5194, 5215, 5236, 5257, 5278, 2957, 5299, - 5320, 5341, 5350, 5358, 5367, 5387, 5408, 5429, 2429, 5450, - 5471, 5492, 5513, 5534, 5543, 5562, 5571, 5580, 2509, 2530, - 5588, 5596, 5604, 5613, 5621, 5628, 5636, 5644, 5653, 5663, - 2624, 2669, 5671, 5679, 5687, 2751, 2857, 5696, 5706, 5726, - 2927, 5735, 5743, 3119, 5752, 5762, 5782, 2297, 2368, 5791, - 5803, 5812, 5822, 3178, 3244, 5831, 5841, 5850, 5870, 2455, - 5879, 5891, 3250, 3344, 5900, 5910, 5918, 3402, 5927, 5937, - 5957, 5978, 5999, 3416, 3565, 6019, 3590, 6026, 6036, 2617, + 142, 148, 514, 0, 4805, 4738, 73, 6175, 4778, 4763, + 6175, 585, 73, 6175, 6175, 4702, 6175, 151, 597, 153, + 164, 4717, 6175, 6175, 659, 4691, 46, 34, 715, 58, + 4689, 4664, 50, 4652, 4649, 60, 776, 791, 57, 189, + 816, 66, 63, 4604, 59, 4590, 113, 4634, 129, 204, + 4592, 4580, 4581, 134, 0, 6175, 4598, 4583, 6175, 0, + 880, 933, 137, 0, 4522, 6175, 135, 6175, 140, 6175, + 214, 4510, 154, 194, 6175, 239, 193, 259, 960, 1004, + 258, 232, 1062, 1112, 4515, 160, 180, 1168, 4511, 4523, + + 4509, 4521, 4516, 1215, 0, 156, 4496, 1239, 225, 6175, + 4544, 228, 6175, 4546, 273, 283, 4493, 4532, 332, 1266, + 4491, 1293, 415, 4490, 1322, 1335, 1375, 4516, 4527, 324, + 343, 334, 4514, 228, 1437, 1493, 4499, 4504, 4497, 4489, + 4493, 4490, 335, 4481, 4478, 4463, 4444, 4438, 4423, 371, + 6175, 157, 425, 215, 65, 442, 4390, 4391, 4382, 4377, + 4378, 355, 378, 369, 133, 218, 325, 434, 256, 431, + 377, 584, 4393, 1554, 448, 377, 0, 4441, 412, 4443, + 6175, 6175, 479, 0, 4390, 633, 6175, 6175, 4389, 438, + 4388, 4435, 591, 453, 507, 466, 4438, 736, 737, 659, + + 4385, 843, 0, 1581, 1611, 794, 842, 1650, 4422, 892, + 902, 740, 1700, 1756, 4395, 0, 4398, 4383, 4386, 4383, + 752, 4374, 4372, 4363, 4359, 308, 475, 479, 920, 959, + 1803, 974, 748, 1843, 4402, 4389, 1888, 407, 1934, 1979, + 0, 4382, 4373, 4374, 4357, 4369, 4357, 4362, 4313, 4325, + 4324, 4306, 454, 4291, 4287, 4300, 4299, 4298, 4297, 825, + 573, 576, 4270, 4260, 4262, 4246, 594, 546, 588, 4242, + 595, 232, 777, 1098, 582, 751, 4282, 4281, 2026, 2036, + 4280, 2081, 0, 4261, 4252, 4237, 4250, 4238, 4245, 4244, + 4256, 4255, 4250, 4237, 4248, 804, 4214, 6175, 623, 751, + + 2126, 730, 0, 0, 851, 773, 4254, 4253, 2164, 831, + 4246, 4245, 862, 984, 2177, 1193, 882, 2223, 2270, 4244, + 828, 4226, 4205, 781, 868, 4217, 4210, 4213, 4210, 4201, + 4199, 4210, 4210, 4193, 4196, 0, 4199, 4197, 0, 834, + 111, 774, 414, 4185, 4180, 4182, 4166, 4180, 4166, 946, + 875, 1193, 590, 452, 1236, 4213, 4212, 4211, 1095, 2280, + 2325, 960, 4170, 923, 1100, 4166, 4157, 4160, 4157, 4148, + 4146, 4142, 4149, 911, 4136, 4140, 4097, 2372, 2384, 2396, + 4129, 4128, 2406, 4128, 4126, 4125, 4084, 878, 1263, 1076, + 1290, 1181, 2419, 0, 1321, 2466, 1345, 1355, 2512, 2559, + + 1377, 6175, 4036, 4034, 4035, 4028, 1378, 6175, 4043, 4034, + 4019, 4032, 4025, 4036, 4006, 4017, 4018, 0, 3984, 3984, + 1087, 202, 1088, 877, 958, 4001, 3959, 3960, 1219, 1209, + 1236, 959, 4014, 4013, 2571, 2581, 2626, 3976, 3983, 3959, + 3962, 3941, 3915, 3926, 3883, 3875, 3852, 3835, 3850, 3847, + 3837, 3793, 3738, 2671, 1151, 2711, 2723, 1515, 3767, 3746, + 3738, 3713, 2733, 1303, 3724, 3677, 2780, 1317, 1397, 1399, + 1521, 1401, 2792, 0, 1580, 2839, 1553, 1366, 2885, 2932, + 2959, 1419, 1588, 1602, 1417, 1633, 1651, 1439, 1652, 1653, + 1803, 1660, 1631, 1687, 1792, 3613, 3601, 3593, 3586, 909, + + 3555, 3536, 1031, 1270, 1152, 1467, 1824, 3582, 3561, 3535, + 1627, 1688, 3502, 3459, 1804, 3462, 1383, 1805, 3452, 3410, + 1832, 1869, 0, 0, 0, 0, 3365, 3016, 1863, 1680, + 3386, 3328, 3313, 1908, 3056, 1954, 1780, 3101, 3148, 1999, + 3322, 3321, 3301, 1920, 1364, 1403, 1423, 1597, 2056, 1678, + 3160, 0, 2103, 3207, 2136, 1834, 3253, 3300, 1889, 6175, + 3327, 1517, 757, 1890, 6175, 1253, 847, 1565, 1891, 6175, + 1408, 1588, 552, 1061, 1980, 6175, 1981, 6175, 3269, 1494, + 3236, 3211, 1343, 1574, 1371, 1659, 3265, 3246, 3384, 3206, + 3209, 3399, 3172, 3159, 1752, 1008, 3136, 3455, 1564, 3494, + + 0, 1963, 3162, 3137, 2146, 1290, 2197, 1578, 3534, 0, + 2245, 3547, 2300, 2009, 3592, 3639, 3134, 3096, 3651, 1635, + 1768, 2259, 2337, 3094, 2339, 3663, 0, 2352, 3710, 2439, + 2066, 3757, 3784, 1787, 1201, 2226, 1586, 1914, 2467, 2468, + 3051, 2076, 3040, 3030, 3015, 2172, 1589, 2626, 3015, 2486, + 2971, 2952, 2948, 2311, 2892, 2883, 3856, 2878, 2846, 2224, + 2225, 0, 3914, 2532, 2601, 2015, 2820, 2825, 2815, 3954, + 2795, 2246, 2348, 2794, 2350, 3966, 0, 2648, 3979, 2681, + 2114, 4024, 4071, 2691, 2781, 2748, 2709, 2544, 2745, 2746, + 2755, 1262, 1507, 4083, 0, 2759, 2221, 2469, 2016, 2607, + + 6175, 1761, 1789, 2840, 6175, 2841, 6175, 2673, 2649, 2649, + 2306, 2511, 2627, 2828, 2879, 2649, 2595, 4095, 2703, 2842, + 2886, 2887, 2921, 4105, 1882, 4145, 0, 2648, 2074, 3026, + 2594, 2572, 2552, 2909, 2533, 2489, 2361, 2385, 3036, 2712, + 4185, 0, 3078, 4198, 3121, 2766, 4243, 4290, 2458, 2431, + 4301, 2804, 2346, 1856, 4328, 2888, 6175, 2934, 2184, 2158, + 6175, 2088, 2835, 6175, 2106, 2446, 2056, 3102, 2623, 2170, + 2051, 4398, 1988, 4425, 3180, 1994, 1968, 1948, 3133, 1928, + 2961, 3208, 3209, 4440, 4452, 4464, 1883, 1779, 4476, 1758, + 1727, 2866, 3057, 3227, 3265, 4488, 0, 3276, 4501, 3465, + + 3046, 4548, 1713, 1647, 1607, 3312, 1552, 3210, 6175, 3256, + 1514, 6175, 2875, 3475, 3504, 1332, 1303, 4560, 3504, 3536, + 4572, 4584, 4596, 4608, 4620, 3568, 1249, 1216, 1192, 3524, + 1171, 1079, 3275, 1063, 971, 4632, 0, 3281, 3594, 6175, + 3595, 3531, 3612, 957, 917, 877, 3624, 3710, 4644, 4656, + 4668, 3683, 3730, 3924, 843, 0, 837, 3711, 6175, 2176, + 3756, 6175, 2203, 633, 479, 4680, 4692, 4704, 4716, 4728, + 4740, 6175, 3934, 3999, 3768, 6175, 6175, 4044, 297, 231, + 97, 3844, 4752, 4764, 4776, 4115, 4125, 4155, 4788, 4800, + 4812, 6175, 4165, 3944, 6175, 4839, 4860, 4881, 4902, 4923, + + 4944, 4965, 4986, 5007, 5016, 2623, 5036, 5057, 2522, 5078, + 5099, 5120, 5141, 5162, 5183, 5204, 5225, 5246, 2624, 5267, + 5288, 5309, 5318, 5326, 5335, 5355, 5376, 5397, 3111, 5418, + 5439, 5460, 5481, 5502, 5511, 5530, 5539, 5548, 2117, 2368, + 5556, 5564, 5572, 5581, 5589, 5596, 5604, 5612, 5621, 5631, + 2927, 3092, 5639, 5647, 5655, 3178, 3249, 5664, 5674, 5694, + 3289, 5703, 5711, 3344, 5720, 5730, 5750, 2258, 2266, 5759, + 5771, 5780, 5790, 3402, 3416, 5799, 5809, 5818, 5838, 2323, + 5847, 5859, 3492, 3526, 5868, 5878, 5886, 3565, 5895, 5905, + 5925, 5946, 5967, 3590, 3681, 5987, 3706, 5994, 6004, 2455, - 2818, 6045, 6065, 6086, 6107, 3328, 6128, 3627, 3628, 6137, - 6147, 3633, 3681, 6155, 6165, 6185, 3745, 3746, 3801 + 2509, 6013, 6033, 6054, 6075, 2960, 6096, 3751, 3752, 6105, + 6115, 3781, 3801, 6123, 6133, 6153, 3698, 3857, 3997 } ; static yyconst flex_int16_t yy_def[1020] = @@ -695,76 +695,76 @@ 900, 231, 231, 127, 234, 937, 895, 938, 895, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 900, - 900, 895, 895, 895, 895, 895, 916, 900, 234, 900, - 900, 900, 895, 900, 895, 939, 940, 895, 93, 279, - 213, 214, 214, 214, 214, 214, 214, 214, 214, 214, - 214, 214, 214, 214, 93, 93, 895, 936, 936, 900, + 900, 895, 895, 895, 895, 895, 916, 900, 900, 234, + 900, 900, 900, 895, 900, 895, 939, 940, 895, 93, + 280, 213, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 93, 93, 895, 936, 936, + + 900, 900, 231, 231, 231, 900, 941, 942, 942, 309, + 943, 942, 944, 239, 895, 315, 315, 895, 315, 136, + 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, + 136, 136, 136, 136, 136, 136, 136, 136, 136, 900, + 900, 900, 900, 895, 895, 895, 895, 895, 895, 916, + 900, 900, 900, 900, 895, 895, 939, 939, 895, 280, + 213, 214, 214, 945, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 93, 93, 93, 93, 231, 231, 231, + 895, 946, 946, 383, 946, 947, 948, 949, 895, 950, + 318, 950, 895, 393, 950, 895, 396, 396, 895, 396, - 900, 231, 231, 231, 900, 941, 942, 942, 308, 943, - 942, 944, 239, 895, 314, 314, 895, 314, 136, 136, + 895, 895, 136, 136, 136, 136, 895, 895, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, - 136, 136, 136, 136, 136, 136, 136, 136, 900, 900, - 900, 900, 895, 895, 895, 895, 895, 916, 900, 900, - 900, 900, 895, 895, 939, 939, 895, 279, 213, 214, - 214, 945, 214, 214, 214, 214, 214, 214, 214, 214, - 214, 93, 93, 93, 93, 231, 231, 231, 895, 946, - 946, 381, 946, 947, 948, 949, 895, 950, 317, 950, - 895, 391, 950, 895, 394, 394, 895, 394, 895, 895, - - 136, 136, 136, 136, 895, 895, 136, 136, 136, 136, - 136, 136, 136, 136, 136, 136, 136, 136, 900, 900, - 900, 900, 900, 895, 895, 895, 916, 900, 900, 900, - 951, 952, 895, 93, 214, 214, 945, 945, 214, 214, - 214, 214, 214, 214, 214, 214, 93, 93, 93, 93, - 93, 900, 900, 231, 231, 900, 953, 953, 954, 955, - 895, 895, 956, 957, 895, 958, 958, 959, 397, 959, - 895, 471, 959, 895, 474, 474, 895, 474, 895, 479, - 479, 479, 479, 479, 479, 479, 479, 479, 479, 479, - 479, 479, 479, 900, 900, 900, 900, 900, 895, 895, - - 960, 900, 900, 900, 895, 895, 961, 961, 895, 214, - 945, 945, 214, 214, 945, 214, 214, 214, 214, 214, - 93, 93, 93, 93, 93, 900, 526, 526, 895, 962, - 963, 461, 895, 533, 533, 895, 533, 895, 895, 964, - 964, 895, 895, 965, 965, 966, 477, 966, 895, 549, - 966, 895, 552, 552, 895, 552, 895, 895, 895, 559, - 559, 895, 895, 559, 559, 559, 895, 895, 559, 559, - 559, 559, 895, 895, 895, 895, 559, 900, 895, 895, - 967, 900, 900, 900, 968, 969, 895, 970, 970, 895, - 970, 970, 590, 590, 971, 900, 900, 900, 598, 598, - - 895, 972, 895, 973, 536, 973, 973, 607, 973, 895, - 610, 610, 895, 610, 974, 975, 895, 895, 976, 976, - 977, 978, 977, 895, 624, 977, 895, 627, 627, 627, - 895, 631, 631, 631, 631, 631, 631, 631, 631, 631, - 900, 895, 895, 979, 900, 900, 900, 895, 895, 980, - 980, 895, 981, 981, 895, 981, 981, 655, 655, 982, - 900, 661, 661, 661, 895, 983, 984, 895, 985, 985, - 986, 987, 986, 986, 674, 986, 895, 677, 677, 895, - 677, 895, 895, 988, 988, 895, 895, 989, 989, 990, - 990, 990, 692, 990, 631, 631, 631, 895, 895, 631, - - 631, 895, 895, 895, 895, 631, 895, 895, 991, 979, - 900, 992, 993, 994, 995, 895, 994, 996, 996, 996, - 996, 900, 900, 900, 724, 724, 900, 895, 895, 997, - 997, 895, 895, 998, 998, 999, 680, 999, 999, 739, - 999, 895, 742, 742, 895, 742, 1000, 1001, 895, 895, - 1002, 1002, 895, 895, 895, 753, 753, 753, 895, 1003, - 1003, 895, 1003, 1004, 900, 1005, 1005, 1005, 1005, 1006, - 1005, 1007, 1007, 895, 895, 994, 994, 895, 895, 996, - 996, 996, 724, 724, 724, 1008, 1009, 895, 895, 1010, - 1010, 1011, 745, 1011, 1011, 795, 1011, 895, 798, 798, - - 798, 895, 1000, 1000, 895, 895, 895, 895, 753, 753, - 895, 895, 1004, 895, 895, 1012, 1013, 895, 996, 996, - 724, 900, 724, 724, 900, 895, 895, 1008, 1008, 895, + 900, 900, 900, 900, 900, 895, 895, 895, 916, 900, + 900, 900, 951, 952, 895, 93, 214, 214, 945, 945, + 214, 214, 214, 214, 214, 214, 214, 214, 93, 93, + 93, 93, 93, 900, 900, 231, 231, 900, 953, 953, + 954, 955, 895, 895, 956, 957, 895, 958, 958, 959, + 399, 959, 895, 473, 959, 895, 476, 476, 895, 476, + 895, 481, 481, 481, 481, 481, 481, 481, 481, 481, + 481, 481, 481, 481, 481, 900, 900, 900, 900, 900, + + 895, 895, 960, 900, 900, 900, 895, 895, 961, 961, + 895, 214, 945, 945, 214, 214, 945, 214, 214, 214, + 214, 214, 93, 93, 93, 93, 93, 900, 528, 528, + 895, 962, 963, 463, 895, 535, 535, 895, 535, 895, + 895, 964, 964, 895, 895, 965, 965, 966, 479, 966, + 895, 551, 966, 895, 554, 554, 895, 554, 895, 895, + 895, 561, 561, 895, 895, 561, 561, 561, 895, 895, + 561, 561, 561, 561, 895, 895, 895, 895, 561, 900, + 895, 895, 967, 900, 900, 900, 968, 969, 895, 970, + 970, 895, 970, 970, 592, 592, 971, 900, 900, 900, + + 600, 600, 895, 972, 895, 973, 538, 973, 973, 609, + 973, 895, 612, 612, 895, 612, 974, 975, 895, 895, + 976, 976, 977, 978, 977, 895, 626, 977, 895, 629, + 629, 629, 895, 633, 633, 633, 633, 633, 633, 633, + 633, 633, 900, 895, 895, 979, 900, 900, 900, 895, + 895, 980, 980, 895, 981, 981, 895, 981, 981, 657, + 657, 982, 900, 663, 663, 663, 895, 983, 984, 895, + 985, 985, 986, 987, 986, 986, 676, 986, 895, 679, + 679, 895, 679, 895, 895, 988, 988, 895, 895, 989, + 989, 990, 990, 990, 694, 990, 633, 633, 633, 895, + + 895, 633, 633, 895, 895, 895, 895, 633, 895, 895, + 991, 979, 900, 992, 993, 994, 995, 895, 994, 996, + 996, 996, 996, 900, 900, 900, 726, 726, 900, 895, + 895, 997, 997, 895, 895, 998, 998, 999, 682, 999, + 999, 741, 999, 895, 744, 744, 895, 744, 1000, 1001, + 895, 895, 1002, 1002, 895, 895, 895, 755, 755, 755, + 895, 1003, 1003, 895, 1003, 1004, 1005, 1005, 1005, 1005, + 1006, 1005, 1007, 1007, 895, 895, 994, 994, 895, 895, + 996, 996, 996, 726, 726, 726, 1008, 1009, 895, 895, + 1010, 1010, 1011, 747, 1011, 1011, 796, 1011, 895, 799, + + 799, 799, 895, 1000, 1000, 895, 895, 895, 895, 755, + 755, 895, 1004, 895, 895, 1012, 1013, 895, 996, 996, + 726, 726, 726, 726, 726, 895, 895, 1008, 1008, 895, 895, 1014, 1014, 1015, 1015, 1015, 836, 836, 895, 895, - 753, 1016, 895, 895, 1012, 1012, 895, 996, 724, 724, - 724, 895, 895, 895, 895, 1017, 1017, 895, 895, 1016, - 1016, 895, 1016, 1018, 1019, 895, 724, 900, 724, 724, - 900, 895, 895, 895, 895, 895, 895, 895, 895, 1018, - 1018, 895, 900, 900, 900, 895, 895, 895, 900, 900, - 900, 895, 895, 895, 0, 895, 895, 895, 895, 895, + 755, 1016, 895, 895, 1012, 1012, 895, 996, 726, 726, + 726, 895, 895, 895, 895, 1017, 1017, 895, 895, 1016, + 1016, 895, 1016, 1018, 1019, 895, 726, 726, 726, 726, + 726, 895, 895, 895, 895, 895, 895, 895, 895, 1018, + 1018, 895, 726, 726, 726, 895, 895, 895, 726, 726, + 726, 895, 895, 895, 0, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, @@ -781,7 +781,7 @@ 895, 895, 895, 895, 895, 895, 895, 895, 895 } ; -static yyconst flex_int16_t yy_nxt[6281] = +static yyconst flex_int16_t yy_nxt[6249] = { 0, 16, 17, 18, 19, 17, 20, 21, 22, 23, 24, 25, 16, 26, 27, 16, 16, 28, 29, 30, 31, @@ -795,9 +795,9 @@ 66, 67, 17, 68, 69, 69, 145, 140, 138, 148, 119, 69, 141, 146, 136, 52, 53, 136, 69, 70, - 54, 108, 108, 149, 168, 69, 70, 168, 55, 108, + 54, 108, 878, 149, 168, 69, 70, 168, 55, 108, 154, 56, 57, 164, 261, 57, 169, 120, 58, 155, - 171, 166, 163, 171, 59, 71, 421, 60, 150, 151, + 171, 166, 163, 171, 59, 71, 423, 60, 150, 151, 180, 150, 71, 83, 18, 19, 83, 84, 85, 83, 18, 19, 83, 84, 85, 193, 124, 124, 193, 151, 124, 124, 61, 187, 62, 108, 63, 39, 188, 39, @@ -805,15 +805,15 @@ 124, 131, 131, 131, 131, 131, 132, 108, 108, 186, 156, 64, 57, 156, 186, 57, 86, 154, 58, 194, - 118, 214, 86, 270, 59, 125, 176, 60, 192, 173, + 118, 214, 86, 271, 59, 125, 176, 60, 192, 173, 173, 108, 217, 173, 173, 190, 151, 180, 190, 224, - 199, 214, 157, 158, 218, 495, 109, 159, 225, 109, + 199, 214, 157, 158, 218, 497, 109, 159, 225, 109, 113, 227, 61, 173, 62, 160, 63, 39, 161, 39, 195, 196, 197, 195, 237, 191, 878, 200, 192, 211, 211, 211, 211, 211, 212, 239, 108, 171, 174, 201, 171, 64, 17, 18, 19, 17, 20, 201, 72, 108, 201, 260, 108, 201, 201, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 268, 108, 203, 351, 201, + 210, 210, 210, 210, 210, 272, 108, 203, 353, 201, 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, @@ -824,22 +824,22 @@ 235, 235, 235, 235, 235, 235, 235, 113, 227, 895, 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, 247, 248, 150, 151, 180, 150, 249, 250, 171, 108, - 251, 171, 252, 253, 107, 272, 200, 73, 74, 74, + 251, 171, 252, 253, 107, 273, 200, 73, 74, 74, 74, 74, 74, 74, 74, 74, 74, 74, 74, 74, 74, 74, 74, 74, 74, 74, 17, 18, 19, 17, 20, 76, 72, 150, 151, 180, 150, 77, 78, 79, - 124, 124, 267, 108, 124, 124, 150, 151, 180, 150, - 269, 275, 108, 80, 275, 168, 271, 274, 168, 150, - 151, 180, 150, 156, 124, 194, 156, 169, 116, 116, - 116, 116, 116, 116, 116, 116, 116, 116, 108, 81, - 17, 18, 19, 17, 20, 76, 72, 297, 227, 125, - 237, 77, 78, 79, 349, 157, 158, 113, 299, 108, - 159, 313, 878, 247, 248, 331, 332, 80, 160, 249, - 250, 161, 186, 251, 192, 252, 895, 895, 895, 895, + 124, 124, 267, 237, 124, 124, 150, 151, 180, 150, + 270, 108, 108, 80, 314, 168, 275, 268, 168, 150, + 151, 180, 150, 156, 124, 269, 156, 169, 116, 116, + 116, 116, 116, 116, 116, 116, 116, 116, 194, 81, + 17, 18, 19, 17, 20, 76, 72, 276, 108, 125, + 276, 77, 78, 79, 425, 157, 158, 298, 227, 108, + 159, 113, 300, 247, 248, 332, 333, 80, 160, 249, + 250, 161, 186, 251, 878, 252, 895, 895, 895, 895, - 895, 895, 895, 895, 895, 895, 195, 196, 197, 195, - 113, 299, 878, 81, 34, 17, 18, 19, 17, 20, + 895, 895, 895, 895, 895, 895, 108, 192, 195, 196, + 197, 195, 432, 81, 34, 17, 18, 19, 17, 20, 34, 34, 87, 24, 25, 34, 88, 27, 34, 34, 89, 90, 91, 92, 90, 90, 90, 90, 90, 90, 90, 32, 93, 34, 34, 94, 95, 95, 95, 96, @@ -847,15 +847,15 @@ 98, 103, 98, 98, 98, 98, 98, 98, 73, 34, 104, 104, 104, 104, 104, 104, 105, 105, 105, 105, 105, 105, 105, 105, 106, 105, 105, 113, 114, 173, - 173, 878, 193, 173, 173, 193, 113, 227, 275, 115, + 173, 136, 193, 173, 173, 193, 113, 227, 641, 115, - 603, 275, 116, 116, 116, 116, 116, 116, 116, 116, + 108, 351, 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, 126, 173, 127, 127, 127, 127, 127, 127, - 127, 127, 127, 127, 128, 237, 108, 108, 129, 129, - 129, 129, 129, 129, 185, 108, 313, 185, 174, 185, - 185, 342, 108, 349, 793, 192, 185, 349, 297, 299, - 349, 108, 348, 129, 129, 129, 129, 129, 129, 107, - 108, 185, 198, 198, 198, 198, 423, 107, 198, 198, + 127, 127, 127, 127, 128, 113, 300, 108, 129, 129, + 129, 129, 129, 129, 185, 344, 108, 185, 174, 185, + 185, 343, 108, 345, 108, 192, 185, 268, 878, 108, + 354, 108, 350, 129, 129, 129, 129, 129, 129, 107, + 268, 185, 198, 198, 198, 198, 268, 107, 198, 198, 107, 107, 198, 107, 107, 107, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 128, 198, 198, 107, 135, 135, 135, 135, 135, 135, 136, 136, 136, 136, @@ -864,618 +864,615 @@ 136, 136, 136, 108, 136, 129, 129, 129, 129, 129, 129, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 136, 136, 136, 136, 136, 136, 136, 136, - 136, 136, 895, 895, 118, 300, 136, 136, 136, 136, - 136, 136, 372, 373, 843, 374, 136, 280, 280, 280, - 280, 280, 280, 895, 895, 303, 303, 303, 303, 303, - 304, 107, 107, 107, 107, 107, 107, 150, 151, 152, - 153, 107, 107, 107, 108, 107, 107, 287, 288, 107, - 200, 200, 422, 289, 290, 124, 108, 291, 124, 292, + 136, 136, 895, 895, 118, 301, 136, 136, 136, 136, + 136, 136, 276, 298, 300, 276, 136, 281, 281, 281, + 281, 281, 281, 895, 895, 304, 304, 304, 304, 304, + 305, 107, 107, 107, 107, 107, 107, 150, 151, 152, + 153, 107, 107, 107, 108, 107, 107, 288, 289, 107, + 200, 200, 424, 290, 291, 124, 136, 292, 124, 293, - 128, 124, 430, 107, 107, 107, 107, 124, 129, 129, + 128, 124, 635, 107, 107, 107, 107, 124, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 113, 114, - 237, 124, 124, 107, 107, 107, 107, 108, 108, 843, - 115, 313, 108, 116, 116, 116, 116, 116, 116, 116, - 116, 116, 116, 201, 339, 340, 352, 341, 383, 383, - 383, 201, 399, 419, 201, 399, 420, 201, 201, 276, - 277, 278, 276, 276, 276, 276, 276, 276, 276, 403, - 497, 203, 437, 201, 404, 108, 428, 438, 400, 108, - 162, 179, 151, 180, 179, 181, 447, 182, 108, 448, - 843, 181, 452, 182, 387, 237, 494, 204, 201, 392, - - 392, 392, 392, 392, 393, 108, 389, 182, 182, 280, - 280, 280, 280, 280, 280, 280, 280, 280, 280, 280, - 280, 280, 280, 280, 280, 280, 280, 280, 280, 108, - 496, 108, 659, 214, 182, 113, 114, 230, 230, 230, + 405, 124, 124, 374, 375, 406, 376, 108, 108, 401, + 115, 108, 401, 116, 116, 116, 116, 116, 116, 116, + 116, 116, 116, 201, 340, 341, 268, 342, 385, 385, + 385, 201, 605, 421, 201, 402, 422, 201, 201, 277, + 278, 279, 277, 277, 277, 277, 277, 277, 277, 407, + 794, 203, 407, 201, 107, 107, 107, 107, 237, 108, + 162, 179, 151, 180, 179, 181, 136, 182, 108, 314, + 637, 181, 843, 182, 237, 408, 499, 204, 201, 394, + + 394, 394, 394, 394, 395, 314, 430, 182, 182, 281, + 281, 281, 281, 281, 281, 281, 281, 281, 281, 281, + 281, 281, 281, 281, 281, 281, 281, 281, 281, 108, + 449, 108, 843, 450, 182, 113, 114, 230, 230, 230, 230, 230, 230, 230, 230, 230, 230, 183, 113, 227, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, - 124, 405, 108, 108, 405, 124, 124, 498, 124, 124, - 124, 124, 697, 136, 124, 124, 230, 230, 230, 230, - 230, 230, 230, 230, 230, 230, 895, 406, 203, 124, - 124, 302, 302, 302, 302, 302, 302, 302, 302, 302, + 124, 401, 439, 108, 401, 124, 124, 440, 124, 124, + 124, 124, 843, 580, 124, 124, 230, 230, 230, 230, + 230, 230, 230, 230, 230, 230, 895, 402, 203, 124, + 124, 303, 303, 303, 303, 303, 303, 303, 303, 303, - 302, 318, 318, 318, 318, 318, 318, 318, 318, 318, - 318, 427, 108, 591, 206, 124, 203, 504, 592, 207, + 303, 319, 319, 319, 319, 319, 319, 319, 319, 319, + 319, 429, 108, 108, 206, 124, 203, 500, 506, 207, 203, 208, 208, 208, 208, 208, 208, 208, 208, 208, - 208, 128, 203, 387, 237, 209, 209, 209, 209, 209, + 208, 128, 203, 113, 227, 209, 209, 209, 209, 209, 209, 203, 203, 203, 203, 203, 203, 203, 203, 203, - 203, 203, 203, 203, 203, 203, 203, 203, 895, 237, + 203, 203, 203, 203, 203, 203, 203, 203, 661, 214, 209, 209, 209, 209, 209, 209, 203, 203, 203, 203, - 203, 203, 203, 203, 203, 203, 203, 895, 603, 203, + 203, 203, 203, 203, 203, 203, 203, 895, 605, 203, 203, 203, 203, 203, 203, 203, 203, 203, 203, 895, - 108, 895, 237, 203, 203, 203, 203, 203, 203, 173, + 583, 389, 237, 203, 203, 203, 203, 203, 203, 173, - 578, 399, 173, 389, 399, 173, 757, 136, 113, 227, - 353, 173, 354, 354, 354, 354, 354, 354, 203, 203, - 203, 203, 203, 203, 203, 173, 173, 400, 203, 213, + 136, 407, 173, 391, 407, 173, 794, 642, 496, 498, + 355, 173, 356, 356, 356, 356, 356, 356, 203, 203, + 203, 203, 203, 203, 203, 173, 173, 408, 203, 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, 128, - 203, 113, 227, 213, 213, 213, 213, 213, 213, 214, + 203, 108, 108, 213, 213, 213, 213, 213, 213, 214, 214, 214, 214, 215, 214, 214, 214, 214, 214, 214, - 214, 214, 214, 214, 214, 214, 644, 216, 209, 209, + 214, 214, 214, 214, 214, 214, 454, 216, 209, 209, 209, 209, 209, 209, 203, 203, 203, 203, 203, 203, 203, 203, 203, 203, 203, 214, 214, 214, 214, 214, - 214, 214, 214, 214, 214, 895, 108, 793, 581, 214, + 214, 214, 214, 214, 214, 895, 895, 237, 739, 214, - 214, 214, 214, 214, 214, 405, 108, 503, 405, 214, - 391, 391, 391, 391, 391, 391, 391, 391, 391, 391, - 128, 113, 227, 583, 203, 203, 203, 203, 203, 203, - 895, 406, 209, 209, 209, 209, 209, 209, 209, 209, + 214, 214, 214, 214, 214, 108, 108, 826, 391, 214, + 393, 393, 393, 393, 393, 393, 393, 393, 393, 393, + 128, 113, 227, 585, 203, 203, 203, 203, 203, 203, + 895, 826, 209, 209, 209, 209, 209, 209, 209, 209, 209, 209, 107, 107, 107, 107, 107, 108, 107, 107, - 737, 502, 107, 431, 432, 433, 431, 431, 431, 431, - 431, 431, 431, 706, 826, 429, 107, 107, 107, 117, - 117, 117, 117, 117, 108, 117, 117, 826, 136, 117, - 463, 464, 465, 463, 463, 463, 463, 463, 463, 463, - 237, 501, 136, 117, 117, 117, 121, 121, 121, 121, - - 121, 313, 121, 121, 634, 603, 121, 398, 398, 398, - 398, 398, 398, 398, 398, 398, 398, 605, 136, 237, - 121, 121, 121, 124, 633, 107, 123, 107, 107, 123, - 389, 107, 107, 387, 237, 123, 387, 237, 467, 467, - 467, 467, 467, 467, 696, 389, 136, 826, 389, 123, + 699, 136, 107, 433, 434, 435, 433, 433, 433, 433, + 433, 433, 433, 108, 826, 431, 107, 107, 107, 117, + 117, 117, 117, 117, 504, 117, 117, 389, 237, 117, + 465, 466, 467, 465, 465, 465, 465, 465, 465, 465, + 108, 503, 136, 117, 117, 117, 121, 121, 121, 121, + + 121, 505, 121, 121, 636, 605, 121, 400, 400, 400, + 400, 400, 400, 400, 400, 400, 400, 607, 843, 237, + 121, 121, 121, 124, 108, 107, 123, 107, 107, 123, + 314, 107, 107, 237, 584, 123, 389, 237, 469, 469, + 469, 469, 469, 469, 391, 113, 227, 843, 391, 123, 123, 107, 231, 232, 233, 231, 231, 231, 231, 231, - 231, 231, 471, 471, 471, 471, 471, 471, 471, 471, - 471, 471, 472, 472, 472, 472, 472, 473, 399, 405, - 108, 399, 405, 550, 550, 550, 550, 550, 551, 108, - 126, 582, 234, 234, 234, 234, 234, 234, 234, 234, - - 234, 234, 128, 843, 400, 406, 234, 234, 234, 234, - 234, 234, 387, 237, 478, 478, 478, 478, 478, 478, - 478, 478, 478, 478, 469, 843, 895, 237, 108, 108, - 237, 234, 234, 234, 234, 234, 234, 107, 469, 562, - 567, 389, 562, 567, 646, 107, 136, 841, 107, 107, - 635, 107, 107, 107, 240, 240, 240, 240, 240, 240, - 240, 240, 240, 240, 128, 563, 568, 107, 240, 240, + 231, 231, 473, 473, 473, 473, 473, 473, 473, 473, + 473, 473, 474, 474, 474, 474, 474, 475, 401, 407, + 237, 401, 407, 552, 552, 552, 552, 552, 553, 108, + 126, 391, 234, 234, 234, 234, 234, 234, 234, 234, + + 234, 234, 128, 646, 402, 408, 234, 234, 234, 234, + 234, 234, 389, 237, 389, 237, 895, 237, 564, 237, + 895, 564, 593, 895, 391, 108, 471, 594, 471, 108, + 471, 234, 234, 234, 234, 234, 234, 107, 389, 237, + 569, 648, 639, 569, 565, 107, 895, 136, 107, 107, + 471, 107, 107, 107, 240, 240, 240, 240, 240, 240, + 240, 240, 240, 240, 128, 561, 570, 107, 240, 240, 240, 240, 240, 240, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 108, 136, 234, 234, 234, 234, 234, 234, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, - 895, 108, 237, 722, 136, 136, 136, 136, 136, 136, - 452, 584, 453, 453, 453, 453, 453, 453, 549, 549, - 549, 549, 549, 549, 549, 549, 549, 549, 108, 107, + 895, 108, 895, 237, 136, 136, 136, 136, 136, 136, + 454, 586, 455, 455, 455, 455, 455, 455, 480, 480, + 480, 480, 480, 480, 480, 480, 480, 480, 108, 107, 107, 107, 107, 107, 107, 173, 136, 107, 172, 107, - 107, 172, 108, 107, 107, 641, 632, 172, 895, 108, - 585, 586, 587, 585, 585, 585, 585, 585, 585, 585, - 605, 172, 172, 107, 201, 201, 201, 201, 201, 895, - 201, 201, 895, 237, 201, 387, 237, 545, 545, 545, - - 545, 545, 545, 895, 469, 136, 895, 469, 201, 201, - 201, 124, 639, 136, 237, 895, 124, 124, 108, 124, - 124, 124, 124, 636, 895, 124, 124, 895, 645, 895, - 895, 387, 237, 895, 559, 895, 387, 237, 895, 203, - 124, 124, 136, 469, 637, 387, 237, 560, 547, 136, - 895, 895, 237, 638, 895, 136, 895, 895, 571, 700, - 237, 895, 640, 547, 136, 206, 124, 279, 279, 279, - 279, 279, 279, 279, 279, 279, 279, 561, 564, 108, - 895, 279, 279, 279, 279, 279, 279, 895, 573, 237, - 895, 573, 565, 237, 237, 765, 505, 566, 506, 506, - - 506, 506, 506, 506, 469, 547, 279, 279, 279, 279, - 279, 279, 203, 895, 574, 722, 203, 281, 281, 281, - 281, 281, 281, 281, 281, 281, 281, 128, 203, 570, - 737, 281, 281, 281, 281, 281, 281, 214, 214, 214, + 107, 172, 841, 107, 107, 643, 634, 172, 237, 108, + 551, 551, 551, 551, 551, 551, 551, 551, 551, 551, + 598, 172, 172, 107, 201, 201, 201, 201, 201, 895, + 201, 201, 895, 895, 201, 389, 237, 547, 547, 547, + + 547, 547, 547, 895, 136, 607, 895, 471, 201, 201, + 201, 124, 389, 237, 638, 895, 124, 124, 108, 124, + 124, 124, 124, 237, 549, 124, 124, 136, 108, 895, + 647, 702, 575, 562, 895, 575, 136, 895, 640, 203, + 124, 124, 507, 108, 508, 508, 508, 508, 508, 508, + 563, 237, 895, 895, 895, 895, 895, 895, 576, 713, + 895, 895, 471, 237, 895, 206, 124, 280, 280, 280, + 280, 280, 280, 280, 280, 280, 280, 566, 895, 895, + 895, 280, 280, 280, 280, 280, 280, 895, 577, 559, + 567, 577, 559, 895, 237, 568, 572, 601, 601, 601, + + 601, 601, 602, 571, 574, 549, 280, 280, 280, 280, + 280, 280, 203, 108, 578, 560, 203, 282, 282, 282, + 282, 282, 282, 282, 282, 282, 282, 128, 203, 237, + 649, 282, 282, 282, 282, 282, 282, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, - 214, 214, 214, 214, 108, 216, 279, 279, 279, 279, - 279, 279, 203, 203, 203, 203, 203, 203, 203, 203, + 214, 214, 214, 214, 739, 216, 280, 280, 280, 280, + 280, 280, 203, 203, 203, 203, 203, 203, 203, 203, 203, 203, 203, 214, 214, 214, 214, 214, 214, 214, - 214, 214, 214, 895, 237, 672, 108, 214, 214, 214, - 214, 214, 214, 895, 658, 547, 895, 599, 599, 599, + 214, 214, 214, 895, 237, 674, 660, 214, 214, 214, + 214, 214, 214, 895, 826, 549, 895, 610, 610, 610, - 599, 599, 600, 647, 895, 575, 895, 895, 575, 895, - 826, 214, 203, 203, 203, 203, 203, 203, 300, 895, - 301, 301, 301, 301, 301, 301, 301, 301, 301, 301, - 895, 576, 895, 557, 762, 763, 557, 608, 608, 608, - 608, 608, 609, 569, 237, 562, 567, 572, 562, 567, - 701, 826, 136, 577, 108, 622, 711, 108, 107, 558, - 305, 305, 305, 305, 305, 305, 305, 305, 305, 305, - 573, 563, 568, 573, 305, 305, 305, 305, 305, 305, - 598, 598, 598, 598, 598, 598, 598, 598, 598, 598, - 575, 557, 562, 575, 557, 562, 574, 774, 596, 305, - - 305, 305, 305, 305, 305, 307, 308, 309, 309, 309, - 309, 309, 309, 309, 309, 310, 576, 558, 563, 311, - 311, 311, 311, 311, 311, 537, 537, 537, 537, 537, - 537, 537, 537, 537, 537, 538, 108, 539, 539, 539, - 539, 539, 539, 774, 311, 311, 311, 311, 311, 311, - 237, 314, 315, 316, 314, 314, 314, 314, 314, 314, - 314, 317, 727, 727, 727, 318, 318, 318, 318, 318, - 318, 607, 607, 607, 607, 607, 607, 607, 607, 607, - 607, 625, 625, 625, 625, 625, 626, 756, 774, 136, - 318, 318, 318, 318, 318, 318, 319, 319, 319, 319, - - 319, 319, 319, 319, 319, 319, 128, 812, 763, 774, - 319, 319, 319, 319, 319, 319, 615, 616, 617, 615, - 615, 615, 615, 615, 615, 615, 107, 107, 107, 107, - 387, 237, 862, 863, 773, 305, 305, 305, 305, 305, - 305, 353, 547, 356, 356, 356, 356, 356, 357, 354, - 354, 354, 354, 358, 358, 358, 358, 358, 358, 358, - 358, 358, 358, 128, 814, 113, 227, 358, 358, 358, - 358, 358, 358, 556, 556, 556, 556, 556, 556, 556, - 556, 556, 556, 567, 573, 575, 567, 573, 575, 821, - 877, 863, 358, 358, 358, 358, 358, 358, 359, 359, - - 359, 359, 359, 359, 359, 359, 359, 359, 771, 568, - 574, 576, 359, 359, 359, 359, 359, 359, 387, 237, - 620, 620, 620, 620, 620, 620, 753, 764, 108, 136, - 547, 675, 675, 675, 675, 675, 676, 358, 358, 358, - 358, 358, 358, 376, 377, 378, 376, 376, 376, 376, - 376, 376, 376, 624, 624, 624, 624, 624, 624, 624, - 624, 624, 624, 666, 667, 668, 666, 666, 666, 666, - 666, 666, 666, 693, 693, 693, 693, 693, 694, 108, - 108, 381, 381, 382, 383, 383, 383, 383, 383, 383, - 383, 310, 387, 237, 388, 388, 388, 388, 388, 388, - - 388, 388, 388, 388, 389, 184, 184, 184, 390, 390, - 390, 390, 390, 390, 614, 614, 614, 614, 614, 614, - 614, 614, 614, 614, 811, 702, 704, 698, 702, 704, - 698, 770, 810, 390, 390, 390, 390, 390, 390, 237, - 394, 395, 396, 394, 394, 394, 394, 394, 394, 394, - 397, 703, 705, 699, 398, 398, 398, 398, 398, 398, - 603, 603, 670, 670, 670, 670, 670, 670, 761, 762, - 763, 761, 605, 605, 387, 237, 136, 809, 771, 398, - 398, 398, 398, 398, 398, 895, 622, 390, 390, 390, - 390, 390, 390, 390, 390, 390, 390, 434, 434, 434, - - 434, 434, 434, 434, 434, 434, 434, 698, 649, 649, - 698, 434, 434, 434, 434, 434, 434, 674, 674, 674, - 674, 674, 674, 674, 674, 674, 674, 237, 702, 702, - 758, 702, 702, 699, 867, 136, 434, 434, 434, 434, - 434, 434, 435, 435, 435, 435, 435, 435, 435, 435, - 435, 435, 895, 237, 703, 703, 435, 435, 435, 435, - 435, 435, 603, 895, 622, 387, 237, 689, 689, 689, - 689, 689, 689, 108, 672, 672, 603, 622, 136, 650, - 650, 434, 434, 434, 434, 434, 434, 452, 672, 453, - 453, 453, 453, 453, 453, 453, 453, 453, 453, 452, - - 603, 454, 454, 454, 454, 454, 454, 454, 454, 454, - 454, 452, 737, 455, 455, 455, 455, 455, 456, 453, - 453, 453, 453, 458, 458, 458, 458, 458, 458, 458, - 458, 458, 458, 310, 387, 237, 467, 467, 467, 467, - 467, 467, 467, 467, 467, 467, 389, 184, 184, 184, - 466, 466, 466, 466, 466, 466, 692, 692, 692, 692, - 692, 692, 692, 692, 692, 692, 649, 649, 704, 754, - 704, 704, 754, 704, 237, 466, 466, 466, 466, 466, - 466, 387, 237, 468, 468, 468, 468, 468, 468, 468, - 468, 468, 468, 469, 705, 755, 705, 470, 470, 470, - - 470, 470, 470, 709, 113, 227, 709, 714, 715, 716, - 717, 714, 714, 714, 714, 714, 714, 136, 136, 354, - 237, 354, 470, 470, 470, 470, 470, 470, 237, 474, - 475, 476, 474, 474, 474, 474, 474, 474, 474, 477, - 355, 672, 355, 478, 478, 478, 478, 478, 478, 648, - 649, 649, 649, 649, 649, 649, 774, 605, 779, 779, - 779, 710, 740, 740, 740, 740, 740, 741, 478, 478, - 478, 478, 478, 478, 895, 895, 470, 470, 470, 470, - 470, 470, 470, 470, 470, 470, 505, 737, 508, 508, - 508, 508, 508, 509, 506, 506, 506, 506, 434, 434, - - 434, 434, 434, 434, 434, 434, 434, 434, 712, 728, - 113, 227, 434, 434, 434, 434, 434, 434, 724, 724, - 724, 724, 724, 724, 724, 724, 724, 724, 802, 802, - 712, 712, 712, 712, 506, 728, 506, 434, 434, 434, - 434, 434, 434, 435, 435, 435, 435, 435, 435, 435, - 435, 435, 435, 712, 728, 712, 713, 435, 435, 435, - 435, 435, 435, 725, 725, 725, 725, 725, 726, 727, - 727, 727, 727, 754, 774, 116, 754, 813, 116, 507, - 108, 507, 434, 434, 434, 434, 434, 434, 526, 527, - 528, 526, 526, 526, 526, 526, 526, 526, 603, 755, - - 735, 735, 735, 735, 735, 735, 107, 107, 107, 107, - 672, 739, 739, 739, 739, 739, 739, 739, 739, 739, - 739, 761, 762, 763, 761, 108, 452, 603, 453, 453, - 453, 453, 453, 453, 453, 453, 453, 453, 452, 737, - 453, 453, 453, 453, 453, 453, 453, 453, 453, 453, - 533, 534, 535, 533, 533, 533, 533, 533, 533, 533, - 536, 539, 774, 539, 537, 537, 537, 537, 537, 537, - 747, 748, 749, 747, 747, 747, 747, 747, 747, 747, - 682, 759, 683, 683, 683, 683, 683, 683, 136, 537, - 537, 537, 537, 537, 537, 538, 682, 541, 541, 541, - - 541, 541, 542, 539, 539, 539, 539, 387, 237, 545, - 545, 545, 545, 545, 545, 545, 545, 545, 545, 469, - 387, 237, 682, 544, 544, 544, 544, 544, 544, 803, - 803, 237, 622, 387, 237, 752, 752, 752, 752, 752, - 752, 767, 622, 682, 767, 768, 769, 770, 544, 544, - 544, 544, 544, 544, 387, 237, 546, 546, 546, 546, - 546, 546, 546, 546, 546, 546, 547, 540, 680, 540, - 548, 548, 548, 548, 548, 548, 767, 605, 728, 767, - 768, 769, 770, 768, 769, 770, 728, 895, 895, 895, - 895, 895, 895, 532, 771, 548, 548, 548, 548, 548, - - 548, 237, 552, 553, 554, 552, 552, 552, 552, 552, - 552, 552, 555, 895, 895, 895, 556, 556, 556, 556, - 556, 556, 796, 796, 796, 796, 796, 797, 603, 773, - 721, 720, 771, 782, 780, 754, 781, 506, 754, 506, - 793, 556, 556, 556, 556, 556, 556, 895, 719, 548, - 548, 548, 548, 548, 548, 548, 548, 548, 548, 107, - 557, 755, 807, 557, 718, 807, 230, 107, 648, 230, - 107, 107, 648, 107, 107, 107, 136, 136, 136, 136, - 136, 136, 136, 136, 136, 136, 558, 648, 808, 107, + 610, 610, 611, 214, 895, 564, 569, 895, 564, 569, + 759, 136, 203, 203, 203, 203, 203, 203, 301, 895, + 302, 302, 302, 302, 302, 302, 302, 302, 302, 302, + 895, 565, 570, 575, 760, 698, 575, 136, 573, 136, + 579, 587, 588, 589, 587, 587, 587, 587, 587, 587, + 587, 627, 627, 627, 627, 627, 628, 108, 107, 576, + 306, 306, 306, 306, 306, 306, 306, 306, 306, 306, + 577, 389, 237, 577, 306, 306, 306, 306, 306, 306, + 600, 600, 600, 600, 600, 600, 600, 600, 600, 600, + 559, 564, 569, 559, 564, 569, 578, 724, 826, 306, + + 306, 306, 306, 306, 306, 308, 309, 310, 310, 310, + 310, 310, 310, 310, 310, 311, 560, 565, 570, 312, + 312, 312, 312, 312, 312, 539, 539, 539, 539, 539, + 539, 539, 539, 539, 539, 540, 108, 541, 541, 541, + 541, 541, 541, 775, 312, 312, 312, 312, 312, 312, + 237, 315, 316, 317, 315, 315, 315, 315, 315, 315, + 315, 318, 703, 775, 136, 319, 319, 319, 319, 319, + 319, 609, 609, 609, 609, 609, 609, 609, 609, 609, + 609, 575, 577, 775, 575, 577, 107, 107, 107, 107, + 319, 319, 319, 319, 319, 319, 320, 320, 320, 320, + + 320, 320, 320, 320, 320, 320, 128, 576, 578, 775, + 320, 320, 320, 320, 320, 320, 617, 618, 619, 617, + 617, 617, 617, 617, 617, 617, 677, 677, 677, 677, + 677, 678, 729, 729, 729, 306, 306, 306, 306, 306, + 306, 355, 774, 358, 358, 358, 358, 358, 359, 356, + 356, 356, 356, 360, 360, 360, 360, 360, 360, 360, + 360, 360, 360, 128, 758, 814, 136, 360, 360, 360, + 360, 360, 360, 558, 558, 558, 558, 558, 558, 558, + 558, 558, 558, 695, 695, 695, 695, 695, 696, 724, + 764, 765, 360, 360, 360, 360, 360, 360, 361, 361, + + 361, 361, 361, 361, 361, 361, 361, 361, 812, 765, + 772, 708, 361, 361, 361, 361, 361, 361, 389, 237, + 622, 622, 622, 622, 622, 622, 136, 356, 108, 356, + 549, 742, 742, 742, 742, 742, 743, 360, 360, 360, + 360, 360, 360, 378, 379, 380, 378, 378, 378, 378, + 378, 378, 378, 626, 626, 626, 626, 626, 626, 626, + 626, 626, 626, 668, 669, 670, 668, 668, 668, 668, + 668, 668, 668, 711, 113, 227, 711, 771, 862, 863, + 108, 383, 383, 384, 385, 385, 385, 385, 385, 385, + 385, 311, 389, 237, 390, 390, 390, 390, 390, 390, + + 390, 390, 390, 390, 391, 877, 863, 811, 392, 392, + 392, 392, 392, 392, 616, 616, 616, 616, 616, 616, + 616, 616, 616, 616, 772, 704, 706, 700, 704, 706, + 700, 712, 810, 392, 392, 392, 392, 392, 392, 237, + 396, 397, 398, 396, 396, 396, 396, 396, 396, 396, + 399, 705, 707, 701, 400, 400, 400, 400, 400, 400, + 605, 605, 672, 672, 672, 672, 672, 672, 755, 651, + 651, 136, 607, 607, 389, 237, 136, 652, 652, 400, + 400, 400, 400, 400, 400, 895, 549, 392, 392, 392, + 392, 392, 392, 392, 392, 392, 392, 436, 436, 436, + + 436, 436, 436, 436, 436, 436, 436, 763, 764, 765, + 763, 436, 436, 436, 436, 436, 436, 676, 676, 676, + 676, 676, 676, 676, 676, 676, 676, 650, 651, 651, + 651, 651, 651, 651, 651, 651, 436, 436, 436, 436, + 436, 436, 437, 437, 437, 437, 437, 437, 437, 437, + 437, 437, 389, 237, 895, 237, 437, 437, 437, 437, + 437, 437, 237, 605, 624, 895, 624, 389, 237, 691, + 691, 691, 691, 691, 691, 674, 605, 674, 357, 624, + 357, 436, 436, 436, 436, 436, 436, 454, 674, 455, + 455, 455, 455, 455, 455, 455, 455, 455, 455, 454, + + 605, 456, 456, 456, 456, 456, 456, 456, 456, 456, + 456, 454, 739, 457, 457, 457, 457, 457, 458, 455, + 455, 455, 455, 460, 460, 460, 460, 460, 460, 460, + 460, 460, 460, 311, 389, 237, 469, 469, 469, 469, + 469, 469, 469, 469, 469, 469, 391, 237, 113, 227, + 468, 468, 468, 468, 468, 468, 694, 694, 694, 694, + 694, 694, 694, 694, 694, 694, 803, 803, 704, 706, + 756, 704, 706, 756, 237, 468, 468, 468, 468, 468, + 468, 389, 237, 470, 470, 470, 470, 470, 470, 470, + 470, 470, 470, 471, 705, 707, 757, 472, 472, 472, + + 472, 472, 472, 716, 717, 718, 719, 716, 716, 716, + 716, 716, 716, 113, 227, 813, 674, 136, 136, 136, + 804, 804, 472, 472, 472, 472, 472, 472, 237, 476, + 477, 478, 476, 476, 476, 476, 476, 476, 476, 479, + 184, 184, 184, 480, 480, 480, 480, 480, 480, 726, + 726, 726, 726, 726, 726, 726, 726, 726, 726, 684, + 607, 685, 685, 685, 685, 685, 685, 730, 480, 480, + 480, 480, 480, 480, 895, 766, 472, 472, 472, 472, + 472, 472, 472, 472, 472, 472, 507, 730, 510, 510, + 510, 510, 510, 511, 508, 508, 508, 508, 436, 436, + + 436, 436, 436, 436, 436, 436, 436, 436, 700, 730, + 775, 700, 436, 436, 436, 436, 436, 436, 727, 727, + 727, 727, 727, 728, 729, 729, 729, 729, 769, 770, + 771, 714, 116, 230, 701, 116, 230, 436, 436, 436, + 436, 436, 436, 437, 437, 437, 437, 437, 437, 437, + 437, 437, 437, 714, 714, 714, 715, 437, 437, 437, + 437, 437, 437, 605, 775, 737, 737, 737, 737, 737, + 737, 107, 107, 107, 107, 674, 714, 772, 714, 714, + 108, 108, 436, 436, 436, 436, 436, 436, 528, 529, + 530, 528, 528, 528, 528, 528, 528, 528, 741, 741, + + 741, 741, 741, 741, 741, 741, 741, 741, 749, 750, + 751, 749, 749, 749, 749, 749, 749, 749, 775, 761, + 780, 780, 780, 136, 684, 108, 454, 895, 455, 455, + 455, 455, 455, 455, 455, 455, 455, 455, 454, 739, + 455, 455, 455, 455, 455, 455, 455, 455, 455, 455, + 535, 536, 537, 535, 535, 535, 535, 535, 535, 535, + 538, 237, 237, 684, 539, 539, 539, 539, 539, 539, + 389, 237, 549, 624, 389, 237, 754, 754, 754, 754, + 754, 754, 624, 797, 797, 797, 797, 797, 798, 539, + 539, 539, 539, 539, 539, 540, 684, 543, 543, 543, + + 543, 543, 544, 541, 541, 541, 541, 389, 237, 547, + 547, 547, 547, 547, 547, 547, 547, 547, 547, 471, + 237, 682, 607, 546, 546, 546, 546, 546, 546, 768, + 730, 624, 768, 769, 770, 771, 763, 764, 765, 763, + 730, 704, 706, 756, 704, 706, 756, 534, 546, 546, + 546, 546, 546, 546, 389, 237, 548, 548, 548, 548, + 548, 548, 548, 548, 548, 548, 549, 705, 707, 757, + 550, 550, 550, 550, 550, 550, 842, 113, 227, 842, + 768, 605, 772, 768, 769, 770, 771, 895, 895, 756, + 895, 895, 756, 739, 723, 550, 550, 550, 550, 550, + + 550, 237, 554, 555, 556, 554, 554, 554, 554, 554, + 554, 554, 557, 895, 895, 757, 558, 558, 558, 558, + 558, 558, 895, 722, 730, 895, 731, 731, 731, 731, + 731, 731, 721, 774, 781, 808, 782, 508, 808, 508, + 720, 558, 558, 558, 558, 558, 558, 895, 895, 550, + 550, 550, 550, 550, 550, 550, 550, 550, 550, 107, + 559, 809, 808, 559, 650, 808, 783, 107, 650, 815, + 107, 107, 815, 107, 107, 107, 136, 136, 136, 136, + 136, 136, 136, 136, 136, 136, 560, 650, 809, 107, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 108, 136, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, - 107, 107, 596, 597, 597, 597, 597, 597, 597, 597, - 597, 597, 597, 786, 787, 788, 786, 786, 786, 786, - 786, 786, 786, 728, 108, 729, 729, 729, 729, 729, - 729, 774, 708, 775, 775, 775, 775, 775, 775, 707, - 108, 603, 895, 604, 604, 604, 604, 604, 604, 604, - 604, 604, 604, 605, 793, 108, 136, 606, 606, 606, - 606, 606, 606, 746, 746, 746, 746, 746, 746, 746, - - 746, 746, 746, 767, 237, 682, 767, 768, 769, 770, - 682, 532, 606, 606, 606, 606, 606, 606, 610, 611, - 612, 610, 610, 610, 610, 610, 610, 610, 613, 539, - 385, 539, 614, 614, 614, 614, 614, 614, 603, 603, - 791, 791, 791, 791, 791, 791, 842, 113, 227, 842, - 737, 793, 856, 856, 856, 856, 771, 614, 614, 614, - 614, 614, 614, 895, 660, 606, 606, 606, 606, 606, - 606, 606, 606, 606, 606, 387, 237, 620, 620, 620, - 620, 620, 620, 620, 620, 620, 620, 547, 683, 657, - 683, 619, 619, 619, 619, 619, 619, 795, 795, 795, - - 795, 795, 795, 795, 795, 795, 795, 656, 654, 807, - 895, 895, 807, 895, 895, 653, 619, 619, 619, 619, - 619, 619, 387, 237, 621, 621, 621, 621, 621, 621, - 621, 621, 621, 621, 622, 808, 895, 895, 623, 623, - 623, 623, 623, 623, 816, 817, 818, 816, 816, 816, - 816, 816, 816, 816, 684, 807, 684, 819, 807, 820, - 729, 648, 729, 623, 623, 623, 623, 623, 623, 237, - 627, 628, 629, 627, 627, 627, 627, 627, 627, 627, - 839, 808, 648, 839, 630, 630, 630, 630, 630, 630, - 801, 801, 801, 801, 801, 801, 801, 801, 801, 801, - - 837, 837, 837, 837, 837, 838, 840, 643, 642, 630, - 630, 630, 630, 630, 630, 895, 136, 623, 623, 623, - 623, 623, 623, 623, 623, 623, 623, 107, 237, 802, - 802, 802, 802, 802, 802, 107, 538, 815, 107, 107, - 815, 107, 107, 107, 136, 136, 136, 136, 136, 136, - 136, 136, 136, 136, 730, 538, 730, 107, 136, 136, - 136, 136, 136, 136, 136, 136, 631, 136, 136, 136, + 107, 107, 598, 599, 599, 599, 599, 599, 599, 599, + 599, 599, 599, 787, 788, 789, 787, 787, 787, 787, + 787, 787, 787, 748, 748, 748, 748, 748, 748, 748, + 748, 748, 748, 837, 837, 837, 837, 837, 838, 108, + 108, 605, 605, 606, 606, 606, 606, 606, 606, 606, + 606, 606, 606, 607, 794, 710, 709, 608, 608, 608, + 608, 608, 608, 605, 108, 792, 792, 792, 792, 792, + + 792, 136, 509, 768, 509, 739, 768, 769, 770, 771, + 237, 684, 608, 608, 608, 608, 608, 608, 612, 613, + 614, 612, 612, 612, 612, 612, 612, 612, 615, 184, + 184, 184, 616, 616, 616, 616, 616, 616, 796, 796, + 796, 796, 796, 796, 796, 796, 796, 796, 775, 684, + 776, 776, 776, 776, 776, 776, 772, 616, 616, 616, + 616, 616, 616, 895, 534, 608, 608, 608, 608, 608, + 608, 608, 608, 608, 608, 389, 237, 622, 622, 622, + 622, 622, 622, 622, 622, 622, 622, 549, 541, 387, + 541, 621, 621, 621, 621, 621, 621, 816, 817, 818, + + 816, 816, 816, 816, 816, 816, 816, 662, 659, 895, + 895, 808, 895, 895, 808, 658, 621, 621, 621, 621, + 621, 621, 389, 237, 623, 623, 623, 623, 623, 623, + 623, 623, 623, 623, 624, 895, 895, 809, 625, 625, + 625, 625, 625, 625, 802, 802, 802, 802, 802, 802, + 802, 802, 802, 802, 656, 655, 819, 839, 820, 542, + 839, 542, 650, 625, 625, 625, 625, 625, 625, 237, + 629, 630, 631, 629, 629, 629, 629, 629, 629, 629, + 895, 650, 645, 840, 632, 632, 632, 632, 632, 632, + 605, 605, 794, 833, 833, 833, 833, 833, 833, 508, + + 644, 508, 794, 794, 856, 856, 856, 856, 136, 632, + 632, 632, 632, 632, 632, 895, 540, 625, 625, 625, + 625, 625, 625, 625, 625, 625, 625, 107, 237, 803, + 803, 803, 803, 803, 803, 107, 540, 540, 107, 107, + 534, 107, 107, 107, 136, 136, 136, 136, 136, 136, + 136, 136, 136, 136, 541, 387, 541, 107, 136, 136, + 136, 136, 136, 136, 136, 136, 633, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 108, 136, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, - 648, 651, 651, 651, 651, 651, 652, 649, 649, 649, - 649, 203, 683, 538, 683, 203, 214, 214, 214, 214, - 214, 214, 214, 214, 214, 214, 775, 203, 775, 532, + 650, 653, 653, 653, 653, 653, 654, 651, 651, 651, + 651, 203, 685, 311, 685, 203, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 686, 203, 686, 597, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, - 655, 214, 214, 385, 216, 203, 203, 203, 203, 203, + 657, 214, 214, 596, 216, 203, 203, 203, 203, 203, 203, 203, 203, 203, 203, 203, 203, 203, 203, 203, - 203, 203, 661, 662, 663, 664, 661, 661, 661, 661, - 661, 661, 603, 310, 833, 833, 833, 833, 833, 833, - 861, 862, 863, 861, 793, 836, 836, 836, 836, 836, - - 836, 836, 836, 836, 836, 861, 862, 863, 861, 108, - 596, 597, 597, 597, 597, 597, 597, 597, 597, 597, - 597, 815, 815, 815, 815, 815, 815, 815, 815, 815, - 815, 815, 815, 815, 815, 815, 815, 815, 815, 815, - 815, 872, 872, 872, 872, 872, 872, 595, 108, 603, - 594, 670, 670, 670, 670, 670, 670, 670, 670, 670, - 670, 605, 603, 593, 671, 671, 671, 671, 671, 671, - 671, 671, 671, 671, 672, 776, 590, 776, 673, 673, - 673, 673, 673, 673, 852, 853, 854, 852, 852, 852, - 852, 852, 852, 852, 839, 895, 839, 839, 895, 839, - - 729, 589, 729, 673, 673, 673, 673, 673, 673, 677, - 678, 679, 677, 677, 677, 677, 677, 677, 677, 680, - 840, 895, 840, 681, 681, 681, 681, 681, 681, 826, - 588, 827, 827, 827, 827, 827, 827, 827, 828, 827, - 828, 858, 848, 844, 858, 844, 505, 505, 681, 681, - 681, 681, 681, 681, 895, 505, 673, 673, 673, 673, - 673, 673, 673, 673, 673, 673, 682, 859, 685, 685, - 685, 685, 685, 686, 683, 683, 683, 683, 387, 237, - 689, 689, 689, 689, 689, 689, 689, 689, 689, 689, - 622, 845, 580, 845, 688, 688, 688, 688, 688, 688, - - 821, 579, 822, 822, 822, 822, 822, 822, 864, 865, - 866, 864, 864, 864, 864, 864, 864, 864, 108, 688, - 688, 688, 688, 688, 688, 387, 237, 690, 690, 690, - 690, 690, 690, 690, 690, 690, 690, 858, 108, 108, - 858, 691, 691, 691, 691, 691, 691, 843, 108, 844, - 844, 844, 844, 844, 844, 108, 879, 876, 879, 858, - 876, 538, 858, 859, 876, 538, 691, 691, 691, 691, - 691, 691, 895, 532, 691, 691, 691, 691, 691, 691, - 691, 691, 691, 691, 107, 859, 892, 892, 892, 892, - 892, 892, 107, 385, 310, 107, 107, 310, 107, 107, + 203, 203, 663, 664, 665, 666, 663, 663, 663, 663, + 663, 663, 836, 836, 836, 836, 836, 836, 836, 836, + 836, 836, 815, 815, 815, 815, 815, 815, 815, 815, + + 815, 815, 731, 595, 731, 839, 592, 591, 839, 108, + 598, 599, 599, 599, 599, 599, 599, 599, 599, 599, + 599, 815, 815, 815, 815, 815, 815, 815, 815, 815, + 815, 840, 861, 862, 863, 861, 732, 895, 732, 826, + 895, 827, 827, 827, 827, 827, 827, 590, 108, 605, + 507, 672, 672, 672, 672, 672, 672, 672, 672, 672, + 672, 607, 605, 895, 673, 673, 673, 673, 673, 673, + 673, 673, 673, 673, 674, 685, 507, 685, 675, 675, + 675, 675, 675, 675, 848, 852, 853, 854, 852, 852, + 852, 852, 852, 852, 852, 839, 858, 507, 839, 858, + + 776, 582, 776, 675, 675, 675, 675, 675, 675, 679, + 680, 681, 679, 679, 679, 679, 679, 679, 679, 682, + 581, 840, 859, 683, 683, 683, 683, 683, 683, 864, + 865, 866, 864, 864, 864, 864, 864, 864, 864, 843, + 108, 844, 844, 844, 844, 844, 844, 108, 683, 683, + 683, 683, 683, 683, 895, 108, 675, 675, 675, 675, + 675, 675, 675, 675, 675, 675, 684, 108, 687, 687, + 687, 687, 687, 688, 685, 685, 685, 685, 389, 237, + 691, 691, 691, 691, 691, 691, 691, 691, 691, 691, + 624, 777, 540, 777, 690, 690, 690, 690, 690, 690, + + 872, 872, 872, 872, 872, 872, 872, 872, 872, 872, + 876, 858, 858, 876, 858, 858, 731, 876, 731, 690, + 690, 690, 690, 690, 690, 389, 237, 692, 692, 692, + 692, 692, 692, 692, 692, 692, 692, 859, 859, 540, + 534, 693, 693, 693, 693, 693, 693, 873, 873, 873, + 873, 873, 873, 873, 873, 873, 873, 861, 862, 863, + 861, 827, 828, 827, 828, 387, 693, 693, 693, 693, + 693, 693, 895, 311, 693, 693, 693, 693, 693, 693, + 693, 693, 693, 693, 107, 872, 872, 872, 872, 872, + 872, 844, 107, 844, 311, 107, 107, 527, 107, 107, 107, 136, 136, 136, 136, 136, 136, 136, 136, 136, - 136, 880, 525, 880, 107, 136, 136, 136, 136, 136, + 136, 845, 526, 845, 107, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, - 136, 136, 136, 136, 695, 136, 136, 136, 108, 136, + 136, 136, 136, 136, 697, 136, 136, 136, 108, 136, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, - 107, 107, 107, 107, 107, 107, 107, 698, 524, 878, - 698, 879, 879, 879, 879, 879, 879, 523, 203, 522, - 521, 520, 203, 214, 214, 214, 214, 214, 214, 214, - 214, 214, 214, 699, 203, 519, 518, 214, 214, 214, + 107, 107, 107, 107, 107, 107, 107, 700, 525, 878, + 700, 879, 879, 879, 879, 879, 879, 879, 203, 879, + 524, 523, 203, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 701, 203, 522, 521, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, - 517, 216, 203, 203, 203, 203, 203, 203, 203, 203, - 203, 203, 203, 203, 203, 203, 203, 203, 203, 722, - 516, 723, 723, 723, 723, 723, 723, 723, 723, 723, - 723, 872, 872, 872, 872, 872, 872, 872, 872, 872, - 872, 873, 873, 873, 873, 873, 873, 873, 873, 873, - 873, 515, 514, 513, 512, 511, 510, 505, 108, 728, - 505, 731, 731, 731, 731, 731, 732, 729, 729, 729, - 729, 603, 424, 735, 735, 735, 735, 735, 735, 735, - 735, 735, 735, 672, 603, 500, 736, 736, 736, 736, - - 736, 736, 736, 736, 736, 736, 737, 499, 493, 492, - 738, 738, 738, 738, 738, 738, 874, 874, 874, 874, - 874, 875, 872, 872, 872, 872, 867, 491, 868, 868, - 868, 868, 868, 868, 490, 738, 738, 738, 738, 738, - 738, 742, 743, 744, 742, 742, 742, 742, 742, 742, - 742, 745, 489, 488, 487, 746, 746, 746, 746, 746, - 746, 486, 485, 484, 483, 108, 872, 872, 872, 872, - 872, 872, 872, 872, 872, 872, 482, 481, 480, 479, - 746, 746, 746, 746, 746, 746, 895, 461, 738, 738, - 738, 738, 738, 738, 738, 738, 738, 738, 387, 237, - - 752, 752, 752, 752, 752, 752, 752, 752, 752, 752, - 774, 385, 777, 777, 777, 777, 777, 778, 779, 779, - 779, 779, 783, 784, 785, 783, 783, 783, 783, 783, - 783, 783, 872, 872, 872, 872, 872, 872, 872, 872, - 872, 872, 886, 887, 888, 886, 886, 886, 886, 886, - 886, 886, 310, 457, 310, 134, 451, 450, 449, 108, - 722, 446, 723, 723, 723, 723, 723, 723, 723, 723, - 723, 723, 892, 892, 892, 892, 892, 892, 892, 892, + 520, 216, 203, 203, 203, 203, 203, 203, 203, 203, + 203, 203, 203, 203, 203, 203, 203, 203, 203, 724, + 519, 725, 725, 725, 725, 725, 725, 725, 725, 725, + 725, 874, 874, 874, 874, 874, 875, 872, 872, 872, + 872, 872, 872, 872, 872, 872, 872, 872, 872, 872, + 872, 892, 892, 892, 892, 892, 892, 518, 108, 730, + 517, 733, 733, 733, 733, 733, 734, 731, 731, 731, + 731, 605, 516, 737, 737, 737, 737, 737, 737, 737, + 737, 737, 737, 674, 605, 515, 738, 738, 738, 738, + + 738, 738, 738, 738, 738, 738, 739, 880, 514, 880, + 740, 740, 740, 740, 740, 740, 872, 872, 872, 872, + 872, 872, 872, 872, 872, 872, 513, 512, 507, 507, + 344, 502, 501, 495, 494, 740, 740, 740, 740, 740, + 740, 744, 745, 746, 744, 744, 744, 744, 744, 744, + 744, 747, 493, 492, 491, 748, 748, 748, 748, 748, + 748, 886, 887, 888, 886, 886, 886, 886, 886, 886, + 886, 490, 489, 488, 487, 486, 485, 484, 483, 482, + 748, 748, 748, 748, 748, 748, 895, 481, 740, 740, + 740, 740, 740, 740, 740, 740, 740, 740, 389, 237, + + 754, 754, 754, 754, 754, 754, 754, 754, 754, 754, + 775, 463, 778, 778, 778, 778, 778, 779, 780, 780, + 780, 780, 784, 785, 786, 784, 784, 784, 784, 784, + 784, 784, 892, 892, 892, 892, 892, 892, 892, 892, 892, 892, 886, 886, 886, 886, 886, 886, 886, 886, - 886, 886, 445, 444, 443, 442, 441, 440, 439, 108, - - 603, 436, 791, 791, 791, 791, 791, 791, 791, 791, - 791, 791, 737, 603, 353, 792, 792, 792, 792, 792, - 792, 792, 792, 792, 792, 793, 353, 353, 424, 794, - 794, 794, 794, 794, 794, 893, 893, 893, 893, 893, - 894, 892, 892, 892, 892, 889, 889, 889, 889, 889, - 889, 426, 424, 425, 794, 794, 794, 794, 794, 794, - 798, 799, 800, 798, 798, 798, 798, 798, 798, 798, - 424, 418, 417, 416, 801, 801, 801, 801, 801, 801, - 415, 414, 108, 892, 892, 892, 892, 892, 892, 892, - 892, 892, 892, 413, 412, 411, 410, 409, 408, 801, - - 801, 801, 801, 801, 801, 895, 407, 794, 794, 794, - 794, 794, 794, 794, 794, 794, 794, 237, 804, 804, - 804, 804, 804, 805, 802, 802, 802, 802, 107, 402, - 401, 128, 310, 385, 310, 134, 107, 375, 371, 107, - 107, 370, 107, 107, 107, 136, 136, 136, 136, 136, - 136, 136, 136, 136, 136, 369, 368, 367, 107, 136, + 886, 886, 387, 311, 459, 311, 134, 453, 452, 108, + 724, 451, 725, 725, 725, 725, 725, 725, 725, 725, + 725, 725, 893, 893, 893, 893, 893, 894, 892, 892, + 892, 892, 892, 892, 892, 892, 892, 892, 892, 892, + 892, 892, 448, 447, 446, 445, 444, 443, 442, 108, + + 605, 441, 792, 792, 792, 792, 792, 792, 792, 792, + 792, 792, 739, 605, 438, 793, 793, 793, 793, 793, + 793, 793, 793, 793, 793, 794, 355, 355, 355, 795, + 795, 795, 795, 795, 795, 344, 428, 344, 427, 344, + 426, 420, 419, 418, 417, 416, 415, 414, 413, 412, + 411, 410, 409, 404, 795, 795, 795, 795, 795, 795, + 799, 800, 801, 799, 799, 799, 799, 799, 799, 799, + 403, 128, 311, 387, 802, 802, 802, 802, 802, 802, + 311, 134, 377, 373, 372, 371, 370, 369, 368, 367, + 366, 365, 364, 363, 362, 207, 355, 355, 352, 802, + + 802, 802, 802, 802, 802, 895, 349, 795, 795, 795, + 795, 795, 795, 795, 795, 795, 795, 237, 805, 805, + 805, 805, 805, 806, 803, 803, 803, 803, 107, 348, + 347, 346, 339, 338, 337, 336, 107, 335, 334, 107, + 107, 331, 107, 107, 107, 136, 136, 136, 136, 136, + 136, 136, 136, 136, 136, 330, 329, 328, 107, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, 108, 136, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, - 107, 766, 766, 766, 766, 766, 366, 766, 766, 365, - 364, 766, 363, 362, 361, 360, 207, 353, 353, 350, - 347, 346, 345, 344, 343, 766, 766, 766, 772, 772, - 772, 772, 772, 338, 772, 772, 337, 336, 772, 335, - 334, 333, 330, 329, 328, 327, 326, 325, 324, 323, - 322, 321, 772, 772, 772, 821, 320, 822, 822, 822, - 822, 822, 822, 822, 822, 822, 822, 821, 134, 823, + 107, 767, 767, 767, 767, 767, 327, 767, 767, 326, + 325, 767, 324, 323, 322, 321, 134, 126, 297, 296, + 295, 294, 287, 286, 285, 767, 767, 767, 773, 773, + 773, 773, 773, 284, 773, 773, 283, 895, 773, 204, + 196, 191, 192, 186, 186, 151, 178, 274, 266, 265, + 264, 263, 773, 773, 773, 821, 262, 822, 822, 822, + 822, 822, 822, 822, 822, 822, 822, 821, 259, 823, 823, 823, 823, 823, 823, 823, 823, 823, 823, 821, - 126, 824, 824, 824, 824, 824, 825, 822, 822, 822, - 822, 826, 296, 829, 829, 829, 829, 829, 830, 827, + 258, 824, 824, 824, 824, 824, 825, 822, 822, 822, + 822, 826, 257, 829, 829, 829, 829, 829, 830, 827, - 827, 827, 827, 603, 295, 833, 833, 833, 833, 833, - 833, 833, 833, 833, 833, 793, 603, 294, 834, 834, - 834, 834, 834, 834, 834, 834, 834, 834, 293, 286, - 285, 284, 835, 835, 835, 835, 835, 835, 283, 282, - 895, 204, 196, 191, 192, 186, 186, 151, 178, 273, - 266, 265, 264, 263, 262, 259, 258, 835, 835, 835, - 835, 835, 835, 895, 257, 835, 835, 835, 835, 835, - 835, 835, 835, 835, 835, 843, 256, 846, 846, 846, - 846, 846, 847, 844, 844, 844, 844, 107, 255, 849, + 827, 827, 827, 605, 256, 833, 833, 833, 833, 833, + 833, 833, 833, 833, 833, 794, 605, 255, 834, 834, + 834, 834, 834, 834, 834, 834, 834, 834, 254, 246, + 245, 244, 835, 835, 835, 835, 835, 835, 243, 242, + 241, 134, 107, 134, 206, 122, 229, 120, 113, 111, + 108, 223, 222, 221, 220, 219, 214, 835, 835, 835, + 835, 835, 835, 895, 192, 835, 835, 835, 835, 835, + 835, 835, 835, 835, 835, 843, 186, 846, 846, 846, + 846, 846, 847, 844, 844, 844, 844, 107, 178, 849, 850, 851, 849, 849, 849, 849, 849, 849, 849, 821, - 254, 822, 822, 822, 822, 822, 822, 822, 822, 822, - 822, 821, 246, 822, 822, 822, 822, 822, 822, 822, - 822, 822, 822, 603, 245, 857, 857, 857, 857, 857, - 857, 857, 857, 857, 857, 867, 244, 868, 868, 868, - 868, 868, 868, 868, 868, 868, 868, 867, 243, 869, - 869, 869, 869, 869, 869, 869, 869, 869, 869, 867, - 242, 870, 870, 870, 870, 870, 871, 868, 868, 868, - 868, 878, 241, 881, 881, 881, 881, 881, 882, 879, - 879, 879, 879, 107, 134, 883, 884, 885, 883, 883, - 883, 883, 883, 883, 883, 867, 107, 868, 868, 868, - - 868, 868, 868, 868, 868, 868, 868, 867, 134, 868, - 868, 868, 868, 868, 868, 868, 868, 868, 868, 889, - 889, 889, 889, 889, 889, 889, 889, 889, 889, 206, - 122, 229, 120, 113, 111, 108, 223, 222, 221, 220, - 219, 214, 192, 186, 178, 110, 144, 175, 141, 170, - 167, 165, 147, 146, 143, 142, 108, 883, 883, 883, - 883, 883, 883, 883, 883, 883, 883, 136, 134, 122, - 111, 110, 108, 895, 895, 895, 895, 895, 895, 895, - 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, - 895, 895, 895, 895, 108, 890, 890, 890, 890, 890, - - 891, 889, 889, 889, 889, 895, 895, 895, 895, 895, - 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, - 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, - 895, 895, 108, 889, 889, 889, 889, 889, 889, 889, - 889, 889, 889, 895, 895, 895, 895, 895, 895, 895, - 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, - 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, - 108, 65, 65, 65, 65, 65, 65, 65, 65, 65, + 110, 107, 107, 107, 107, 107, 107, 107, 107, 107, + 107, 821, 144, 822, 822, 822, 822, 822, 822, 822, + 822, 822, 822, 821, 175, 822, 822, 822, 822, 822, + 822, 822, 822, 822, 822, 821, 141, 822, 822, 822, + 822, 822, 822, 107, 107, 107, 107, 605, 170, 857, + 857, 857, 857, 857, 857, 857, 857, 857, 857, 867, + 167, 868, 868, 868, 868, 868, 868, 868, 868, 868, + 868, 867, 165, 869, 869, 869, 869, 869, 869, 869, + 869, 869, 869, 867, 147, 870, 870, 870, 870, 870, + 871, 868, 868, 868, 868, 878, 146, 881, 881, 881, + + 881, 881, 882, 879, 879, 879, 879, 107, 143, 883, + 884, 885, 883, 883, 883, 883, 883, 883, 883, 867, + 142, 107, 107, 107, 107, 107, 107, 107, 107, 107, + 107, 867, 136, 868, 868, 868, 868, 868, 868, 868, + 868, 868, 868, 867, 134, 868, 868, 868, 868, 868, + 868, 868, 868, 868, 868, 867, 122, 868, 868, 868, + 868, 868, 868, 107, 107, 107, 107, 107, 111, 889, + 889, 889, 889, 889, 889, 889, 889, 889, 889, 107, + 110, 883, 883, 883, 883, 883, 883, 883, 883, 883, + 883, 107, 108, 890, 890, 890, 890, 890, 891, 889, + + 889, 889, 889, 107, 895, 107, 107, 107, 107, 107, + 107, 107, 107, 107, 107, 107, 895, 889, 889, 889, + 889, 889, 889, 889, 889, 889, 889, 107, 895, 889, + 889, 889, 889, 889, 889, 107, 107, 107, 107, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, - 65, 65, 34, 34, 34, 34, 34, 34, 34, 34, - + 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, + 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, - 34, 34, 34, 75, 75, 75, 75, 75, 75, 75, + 34, 75, 75, 75, 75, 75, 75, 75, 75, 75, 75, 75, 75, 75, 75, 75, 75, 75, 75, 75, - 75, 75, 75, 75, 82, 82, 82, 82, 82, 82, + + 75, 75, 82, 82, 82, 82, 82, 82, 82, 82, 82, 82, 82, 82, 82, 82, 82, 82, 82, 82, - 82, 82, 82, 82, 82, 107, 895, 895, 895, 895, - 895, 895, 107, 895, 107, 107, 107, 107, 895, 895, - 107, 107, 107, 107, 107, 107, 112, 112, 112, 112, + 82, 82, 82, 107, 895, 895, 895, 895, 895, 895, + 107, 895, 107, 107, 107, 107, 895, 895, 107, 107, + 107, 107, 107, 107, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, - 112, 112, 112, 112, 112, 112, 112, 117, 895, 895, + 112, 112, 112, 112, 112, 117, 895, 895, 895, 895, + 117, 895, 117, 895, 117, 117, 117, 117, 117, 895, + 117, 117, 117, 117, 117, 117, 121, 895, 895, 895, + 895, 895, 895, 121, 895, 121, 121, 121, 121, 895, + + 895, 121, 121, 121, 121, 121, 121, 123, 895, 895, + 123, 123, 895, 123, 123, 895, 123, 123, 123, 123, + 895, 895, 123, 123, 123, 123, 123, 123, 133, 133, + 895, 133, 895, 895, 895, 133, 172, 895, 895, 172, + 172, 895, 172, 172, 895, 172, 172, 172, 172, 895, + 895, 172, 172, 172, 172, 172, 172, 177, 895, 895, + 177, 177, 895, 177, 177, 895, 177, 177, 177, 177, + 895, 177, 177, 177, 895, 177, 177, 177, 185, 895, + 895, 185, 895, 895, 185, 185, 895, 185, 185, 185, + 185, 185, 895, 185, 185, 185, 185, 185, 185, 189, - 895, 895, 117, 895, 117, 895, 117, 117, 117, 117, - 117, 895, 117, 117, 117, 117, 117, 117, 121, 895, - 895, 895, 895, 895, 895, 121, 895, 121, 121, 121, - 121, 895, 895, 121, 121, 121, 121, 121, 121, 123, - 895, 895, 123, 123, 895, 123, 123, 895, 123, 123, - 123, 123, 895, 895, 123, 123, 123, 123, 123, 123, - 133, 133, 895, 133, 895, 895, 895, 133, 172, 895, - 895, 172, 172, 895, 172, 172, 895, 172, 172, 172, - 172, 895, 895, 172, 172, 172, 172, 172, 172, 177, - 895, 895, 177, 177, 895, 177, 177, 895, 177, 177, - - 177, 177, 895, 177, 177, 177, 895, 177, 177, 177, - 185, 895, 895, 185, 895, 895, 185, 185, 895, 185, - 185, 185, 185, 185, 895, 185, 185, 185, 185, 185, - 185, 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, - 189, 189, 191, 191, 895, 191, 895, 191, 191, 191, + 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, + 191, 191, 895, 191, 895, 191, 191, 191, 191, 191, 191, 191, 191, 191, 191, 191, 191, 191, 191, 191, - 191, 191, 191, 198, 895, 895, 895, 895, 198, 895, - 198, 895, 198, 198, 198, 198, 198, 895, 198, 198, - 198, 198, 198, 198, 202, 895, 895, 895, 895, 895, - - 895, 202, 895, 202, 202, 202, 202, 895, 202, 202, - 202, 202, 202, 202, 202, 205, 895, 895, 205, 205, - 895, 205, 205, 895, 205, 205, 205, 205, 895, 205, - 205, 205, 205, 205, 205, 205, 226, 226, 226, 226, + 191, 198, 895, 895, 895, 895, 198, 895, 198, 895, + 198, 198, 198, 198, 198, 895, 198, 198, 198, 198, + 198, 198, 202, 895, 895, 895, 895, 895, 895, 202, + 895, 202, 202, 202, 202, 895, 202, 202, 202, 202, + 202, 202, 202, 205, 895, 895, 205, 205, 895, 205, + 205, 895, 205, 205, 205, 205, 895, 205, 205, 205, + + 205, 205, 205, 205, 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, - 226, 226, 226, 226, 226, 226, 226, 228, 228, 895, + 226, 226, 226, 226, 226, 228, 228, 895, 228, 228, 228, 228, 228, 228, 228, 228, 228, 228, 228, 228, - 228, 228, 228, 228, 228, 228, 228, 228, 117, 895, - 895, 895, 895, 895, 895, 117, 895, 117, 117, 117, - 117, 895, 895, 117, 117, 117, 117, 117, 117, 121, - - 895, 895, 895, 895, 895, 895, 121, 895, 121, 121, - 121, 121, 895, 895, 121, 121, 121, 121, 121, 121, - 123, 895, 895, 123, 123, 895, 123, 123, 895, 123, - 123, 123, 123, 895, 895, 123, 123, 123, 123, 123, - 123, 124, 895, 895, 124, 124, 895, 124, 124, 895, - 124, 124, 124, 124, 895, 895, 124, 124, 124, 124, - 124, 124, 133, 133, 895, 133, 895, 895, 895, 133, - 236, 236, 895, 236, 895, 895, 895, 236, 238, 238, - 238, 895, 238, 895, 895, 895, 238, 172, 895, 895, - 172, 172, 895, 172, 172, 895, 172, 172, 172, 172, - - 895, 895, 172, 172, 172, 172, 172, 172, 173, 895, - 895, 173, 173, 895, 173, 173, 895, 173, 173, 173, - 173, 895, 895, 173, 173, 173, 173, 173, 173, 177, - 895, 895, 177, 177, 895, 177, 177, 895, 177, 177, - 177, 177, 895, 177, 177, 177, 895, 177, 177, 177, - 185, 895, 895, 185, 895, 895, 185, 185, 895, 185, - 185, 185, 185, 185, 895, 185, 185, 185, 185, 185, - 185, 191, 191, 895, 191, 895, 191, 191, 191, 191, + 228, 228, 228, 228, 228, 228, 117, 895, 895, 895, + 895, 895, 895, 117, 895, 117, 117, 117, 117, 895, + 895, 117, 117, 117, 117, 117, 117, 121, 895, 895, + 895, 895, 895, 895, 121, 895, 121, 121, 121, 121, + 895, 895, 121, 121, 121, 121, 121, 121, 123, 895, + 895, 123, 123, 895, 123, 123, 895, 123, 123, 123, + + 123, 895, 895, 123, 123, 123, 123, 123, 123, 124, + 895, 895, 124, 124, 895, 124, 124, 895, 124, 124, + 124, 124, 895, 895, 124, 124, 124, 124, 124, 124, + 133, 133, 895, 133, 895, 895, 895, 133, 236, 236, + 895, 236, 895, 895, 895, 236, 238, 238, 238, 895, + 238, 895, 895, 895, 238, 172, 895, 895, 172, 172, + 895, 172, 172, 895, 172, 172, 172, 172, 895, 895, + 172, 172, 172, 172, 172, 172, 173, 895, 895, 173, + 173, 895, 173, 173, 895, 173, 173, 173, 173, 895, + 895, 173, 173, 173, 173, 173, 173, 177, 895, 895, + + 177, 177, 895, 177, 177, 895, 177, 177, 177, 177, + 895, 177, 177, 177, 895, 177, 177, 177, 185, 895, + 895, 185, 895, 895, 185, 185, 895, 185, 185, 185, + 185, 185, 895, 185, 185, 185, 185, 185, 185, 191, + 191, 895, 191, 895, 191, 191, 191, 191, 191, 191, 191, 191, 191, 191, 191, 191, 191, 191, 191, 191, - 191, 191, 201, 895, 895, 895, 895, 895, 895, 201, + 201, 895, 895, 895, 895, 895, 895, 201, 895, 201, + 201, 201, 201, 895, 895, 201, 201, 201, 201, 201, + 201, 202, 895, 895, 895, 895, 895, 895, 202, 895, + 202, 202, 202, 202, 895, 202, 202, 202, 202, 202, + + 202, 202, 205, 895, 895, 205, 205, 895, 205, 205, + 895, 205, 205, 205, 205, 895, 205, 205, 205, 205, + 205, 205, 205, 216, 895, 895, 216, 216, 895, 216, + 299, 299, 299, 299, 299, 299, 299, 299, 299, 299, + 299, 299, 299, 299, 299, 299, 299, 299, 299, 299, + 299, 307, 307, 895, 307, 895, 895, 895, 307, 313, + 313, 313, 895, 313, 895, 895, 895, 313, 381, 381, + 895, 381, 895, 895, 895, 381, 382, 382, 895, 382, + 895, 895, 895, 382, 386, 386, 895, 386, 895, 895, + 895, 386, 388, 388, 388, 895, 388, 895, 895, 895, + + 388, 216, 895, 895, 216, 216, 895, 216, 459, 459, + 895, 459, 895, 895, 895, 459, 461, 461, 895, 461, + 895, 895, 895, 461, 462, 462, 895, 462, 895, 895, + 895, 462, 464, 464, 464, 895, 464, 895, 895, 895, + 464, 468, 468, 468, 468, 895, 468, 895, 895, 895, + 468, 531, 531, 895, 531, 895, 895, 895, 531, 532, + 532, 895, 532, 895, 895, 895, 532, 533, 533, 895, + 533, 895, 895, 895, 533, 545, 545, 545, 895, 545, + 895, 895, 895, 545, 546, 546, 546, 546, 895, 546, + 895, 895, 895, 546, 226, 226, 226, 226, 226, 226, - 895, 201, 201, 201, 201, 895, 895, 201, 201, 201, - 201, 201, 201, 202, 895, 895, 895, 895, 895, 895, - 202, 895, 202, 202, 202, 202, 895, 202, 202, 202, - 202, 202, 202, 202, 205, 895, 895, 205, 205, 895, - 205, 205, 895, 205, 205, 205, 205, 895, 205, 205, - 205, 205, 205, 205, 205, 216, 895, 895, 216, 216, - 895, 216, 298, 298, 298, 298, 298, 298, 298, 298, - 298, 298, 298, 298, 298, 298, 298, 298, 298, 298, - 298, 298, 298, 306, 306, 895, 306, 895, 895, 895, - 306, 312, 312, 312, 895, 312, 895, 895, 895, 312, - - 379, 379, 895, 379, 895, 895, 895, 379, 380, 380, - 895, 380, 895, 895, 895, 380, 384, 384, 895, 384, - 895, 895, 895, 384, 386, 386, 386, 895, 386, 895, - 895, 895, 386, 216, 895, 895, 216, 216, 895, 216, - 457, 457, 895, 457, 895, 895, 895, 457, 459, 459, - 895, 459, 895, 895, 895, 459, 460, 460, 895, 460, - 895, 895, 895, 460, 462, 462, 462, 895, 462, 895, - 895, 895, 462, 466, 466, 466, 466, 895, 466, 895, - 895, 895, 466, 529, 529, 895, 529, 895, 895, 895, - 529, 530, 530, 895, 530, 895, 895, 895, 530, 531, - - 531, 895, 531, 895, 895, 895, 531, 543, 543, 543, - 895, 543, 895, 895, 895, 543, 544, 544, 544, 544, - 895, 544, 895, 895, 895, 544, 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, - 226, 226, 226, 226, 226, 226, 226, 601, 601, 895, - 601, 895, 895, 895, 601, 602, 602, 895, 602, 895, - 895, 895, 602, 618, 618, 618, 895, 618, 895, 895, - 895, 618, 619, 619, 619, 619, 895, 619, 895, 895, - 895, 619, 226, 226, 226, 226, 226, 226, 226, 226, - 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, - - 226, 226, 226, 216, 895, 895, 216, 216, 895, 216, - 203, 895, 895, 895, 203, 203, 895, 203, 203, 203, - 895, 895, 203, 203, 665, 665, 895, 665, 895, 895, - 895, 665, 669, 895, 669, 669, 895, 669, 895, 895, - 895, 669, 687, 687, 687, 895, 687, 895, 895, 895, - 687, 688, 688, 688, 688, 895, 688, 895, 895, 895, - 688, 630, 630, 895, 895, 630, 895, 895, 895, 630, + 226, 226, 226, 226, 226, 603, 603, 895, 603, 895, + 895, 895, 603, 604, 604, 895, 604, 895, 895, 895, + 604, 620, 620, 620, 895, 620, 895, 895, 895, 620, + 621, 621, 621, 621, 895, 621, 895, 895, 895, 621, 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, 216, 895, 895, 216, 216, 895, 216, 203, 895, - 895, 895, 203, 203, 895, 203, 203, 203, 895, 895, - 203, 203, 733, 733, 895, 733, 895, 895, 895, 733, - 734, 895, 734, 734, 895, 734, 895, 895, 895, 734, - 681, 681, 895, 681, 895, 895, 895, 681, 750, 750, - 750, 895, 750, 895, 895, 895, 750, 751, 751, 751, - 895, 895, 751, 895, 895, 895, 751, 760, 760, 760, - 760, 760, 760, 760, 760, 760, 760, 760, 760, 760, - 760, 760, 760, 760, 760, 760, 760, 760, 766, 766, - 895, 766, 766, 766, 895, 766, 895, 766, 766, 766, - 766, 895, 895, 766, 766, 766, 766, 766, 766, 772, - - 772, 895, 772, 772, 772, 895, 772, 895, 772, 772, - 772, 772, 895, 895, 772, 772, 772, 772, 772, 772, - 216, 895, 895, 895, 895, 895, 895, 895, 895, 895, - 895, 216, 216, 895, 216, 216, 895, 216, 789, 789, - 895, 789, 895, 895, 895, 789, 790, 895, 790, 790, - 895, 790, 895, 895, 895, 790, 806, 806, 895, 895, - 806, 895, 895, 895, 806, 760, 760, 760, 760, 760, - 760, 760, 760, 760, 760, 760, 760, 760, 760, 760, - 760, 760, 760, 760, 760, 760, 226, 226, 226, 226, - 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, + 203, 203, 667, 667, 895, 667, 895, 895, 895, 667, - 226, 226, 226, 226, 226, 226, 226, 766, 895, 895, - 895, 895, 895, 895, 766, 895, 766, 766, 766, 766, - 895, 895, 766, 766, 766, 766, 766, 766, 772, 895, - 895, 895, 895, 895, 895, 772, 895, 772, 772, 772, - 772, 895, 895, 772, 772, 772, 772, 772, 772, 831, - 831, 895, 831, 895, 895, 895, 831, 832, 895, 832, - 832, 895, 832, 895, 895, 895, 832, 855, 855, 895, - 855, 895, 895, 895, 855, 856, 895, 856, 895, 895, - 856, 895, 895, 895, 856, 860, 860, 860, 860, 860, + 671, 895, 671, 671, 895, 671, 895, 895, 895, 671, + 689, 689, 689, 895, 689, 895, 895, 895, 689, 690, + 690, 690, 690, 895, 690, 895, 895, 895, 690, 632, + 632, 895, 895, 632, 895, 895, 895, 632, 226, 226, + 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, + 226, 226, 226, 226, 226, 226, 226, 226, 226, 216, + 895, 895, 216, 216, 895, 216, 203, 895, 895, 895, + 203, 203, 895, 203, 203, 203, 895, 895, 203, 203, + 735, 735, 895, 735, 895, 895, 895, 735, 736, 895, + 736, 736, 895, 736, 895, 895, 895, 736, 683, 683, + + 895, 683, 895, 895, 895, 683, 752, 752, 752, 895, + 752, 895, 895, 895, 752, 753, 753, 753, 895, 895, + 753, 895, 895, 895, 753, 762, 762, 762, 762, 762, + 762, 762, 762, 762, 762, 762, 762, 762, 762, 762, + 762, 762, 762, 762, 762, 762, 767, 767, 895, 767, + 767, 767, 895, 767, 895, 767, 767, 767, 767, 895, + 895, 767, 767, 767, 767, 767, 767, 773, 773, 895, + 773, 773, 773, 895, 773, 895, 773, 773, 773, 773, + 895, 895, 773, 773, 773, 773, 773, 773, 216, 895, + 895, 895, 895, 895, 895, 895, 895, 895, 895, 216, + + 216, 895, 216, 216, 895, 216, 790, 790, 895, 790, + 895, 895, 895, 790, 791, 895, 791, 791, 895, 791, + 895, 895, 895, 791, 807, 807, 895, 895, 807, 895, + 895, 895, 807, 762, 762, 762, 762, 762, 762, 762, + 762, 762, 762, 762, 762, 762, 762, 762, 762, 762, + 762, 762, 762, 762, 226, 226, 226, 226, 226, 226, + 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, + 226, 226, 226, 226, 226, 767, 895, 895, 895, 895, + 895, 895, 767, 895, 767, 767, 767, 767, 895, 895, + 767, 767, 767, 767, 767, 767, 773, 895, 895, 895, + + 895, 895, 895, 773, 895, 773, 773, 773, 773, 895, + 895, 773, 773, 773, 773, 773, 773, 831, 831, 895, + 831, 895, 895, 895, 831, 832, 895, 832, 832, 895, + 832, 895, 895, 895, 832, 855, 855, 895, 855, 895, + 895, 895, 855, 856, 895, 856, 895, 895, 856, 895, + 895, 895, 856, 860, 860, 860, 860, 860, 860, 860, 860, 860, 860, 860, 860, 860, 860, 860, 860, 860, - - 860, 860, 860, 860, 860, 860, 15, 895, 895, 895, + 860, 860, 860, 860, 15, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, + 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, - 895, 895, 895, 895, 895, 895, 895, 895, 895, 895 + 895, 895, 895, 895, 895, 895, 895, 895 } ; -static yyconst flex_int16_t yy_chk[6281] = +static yyconst flex_int16_t yy_chk[6249] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -1489,29 +1486,29 @@ 6, 6, 6, 6, 5, 6, 43, 40, 37, 46, 23, 6, 40, 55, 53, 2, 2, 52, 5, 5, - 2, 49, 889, 46, 57, 6, 6, 57, 2, 155, + 2, 49, 881, 46, 57, 6, 6, 57, 2, 155, 49, 2, 3, 53, 155, 3, 57, 23, 3, 49, - 59, 55, 52, 59, 3, 5, 340, 3, 73, 73, + 59, 55, 52, 59, 3, 5, 341, 3, 73, 73, 73, 73, 6, 11, 11, 11, 11, 11, 11, 12, 12, 12, 12, 12, 12, 83, 28, 28, 83, 152, - 28, 28, 3, 77, 3, 340, 3, 3, 79, 3, + 28, 28, 3, 77, 3, 341, 3, 3, 79, 3, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 28, 31, 31, 31, 31, 31, 31, 165, 64, 77, 50, 3, 4, 50, 79, 4, 11, 64, 4, 84, 87, 96, 12, 165, 4, 28, 64, 4, 83, 60, 60, 152, 96, 60, 60, 81, 81, 81, 81, 106, - 87, 97, 50, 50, 97, 420, 109, 50, 106, 109, + 87, 97, 50, 50, 97, 422, 109, 50, 106, 109, 112, 112, 4, 60, 4, 50, 4, 4, 50, 4, - 86, 86, 86, 86, 134, 86, 881, 87, 84, 92, - 92, 92, 92, 92, 92, 134, 420, 169, 60, 88, + 86, 86, 86, 86, 134, 86, 880, 87, 84, 92, + 92, 92, 92, 92, 92, 134, 422, 169, 60, 88, 169, 4, 7, 7, 7, 7, 7, 88, 7, 154, - 88, 154, 163, 88, 88, 91, 91, 91, 91, 91, - 91, 91, 91, 91, 91, 163, 271, 88, 271, 88, + 88, 154, 166, 88, 88, 91, 91, 91, 91, 91, + 91, 91, 91, 91, 91, 166, 272, 88, 272, 88, 115, 115, 115, 115, 115, 115, 115, 115, 115, 115, 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, - 226, 226, 880, 88, 88, 7, 7, 7, 7, 7, + 226, 226, 879, 88, 88, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 8, 8, 8, 8, 8, 119, 8, 130, 130, 130, 130, 130, 130, 130, 130, 130, @@ -1523,17 +1520,17 @@ 8, 8, 8, 8, 8, 8, 9, 9, 9, 9, 9, 9, 9, 179, 179, 179, 179, 9, 9, 9, - 123, 123, 162, 166, 123, 123, 153, 153, 153, 153, - 164, 196, 176, 9, 196, 168, 166, 176, 168, 190, - 190, 190, 190, 156, 123, 194, 156, 168, 170, 170, - 170, 170, 170, 170, 170, 170, 170, 170, 351, 9, - 10, 10, 10, 10, 10, 10, 10, 227, 227, 123, - 238, 10, 10, 10, 351, 156, 156, 228, 228, 153, - 156, 238, 879, 175, 175, 253, 253, 10, 156, 175, - 175, 156, 190, 175, 194, 175, 183, 183, 183, 183, + 123, 123, 162, 238, 123, 123, 153, 153, 153, 153, + 164, 176, 163, 9, 238, 168, 176, 163, 168, 190, + 190, 190, 190, 156, 123, 163, 156, 168, 170, 170, + 170, 170, 170, 170, 170, 170, 170, 170, 194, 9, + 10, 10, 10, 10, 10, 10, 10, 196, 343, 123, + 196, 10, 10, 10, 343, 156, 156, 227, 227, 153, + 156, 228, 228, 175, 175, 253, 253, 10, 156, 175, + 175, 156, 190, 175, 865, 175, 183, 183, 183, 183, - 183, 183, 183, 183, 183, 183, 195, 195, 195, 195, - 298, 298, 865, 10, 13, 13, 13, 13, 13, 13, + 183, 183, 183, 183, 183, 183, 354, 194, 195, 195, + 195, 195, 354, 10, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, @@ -1541,15 +1538,15 @@ 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 22, 22, 172, - 172, 864, 193, 172, 172, 193, 267, 267, 275, 22, + 172, 573, 193, 172, 172, 193, 267, 267, 573, 22, - 857, 275, 22, 22, 22, 22, 22, 22, 22, 22, + 268, 268, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 29, 172, 29, 29, 29, 29, 29, 29, - 29, 29, 29, 29, 29, 312, 270, 261, 29, 29, - 29, 29, 29, 29, 186, 272, 312, 186, 172, 186, - 186, 261, 268, 270, 855, 193, 186, 268, 299, 299, - 272, 29, 267, 29, 29, 29, 29, 29, 29, 35, - 342, 186, 200, 200, 200, 200, 342, 35, 200, 200, + 29, 29, 29, 29, 29, 299, 299, 261, 29, 29, + 29, 29, 29, 29, 186, 262, 275, 186, 172, 186, + 186, 261, 269, 262, 353, 193, 186, 269, 864, 271, + 275, 29, 267, 29, 29, 29, 29, 29, 29, 35, + 353, 186, 200, 200, 200, 200, 271, 35, 200, 200, 35, 35, 200, 35, 35, 35, 35, 35, 35, 35, 35, 35, 35, 35, 35, 35, 35, 200, 200, 35, 35, 35, 35, 35, 35, 35, 35, 35, 35, 35, @@ -1558,615 +1555,612 @@ 35, 35, 35, 35, 35, 35, 35, 35, 35, 35, 35, 35, 35, 35, 35, 35, 35, 35, 35, 35, 35, 35, 39, 39, 39, 39, 39, 39, 39, 39, - 39, 39, 39, 198, 199, 301, 39, 39, 39, 39, - 39, 39, 295, 295, 846, 295, 39, 212, 212, 212, + 39, 39, 39, 198, 199, 302, 39, 39, 39, 39, + 39, 39, 276, 300, 300, 276, 39, 212, 212, 212, 212, 212, 212, 198, 199, 233, 233, 233, 233, 233, 233, 39, 39, 39, 39, 39, 39, 47, 47, 47, - 47, 47, 47, 47, 301, 47, 47, 221, 221, 47, - 198, 199, 341, 221, 221, 206, 352, 221, 206, 221, + 47, 47, 47, 47, 302, 47, 47, 221, 221, 47, + 198, 199, 342, 221, 221, 206, 563, 221, 206, 221, - 305, 206, 352, 47, 47, 47, 48, 206, 48, 48, + 306, 206, 563, 47, 47, 47, 48, 206, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 51, 51, - 386, 206, 206, 304, 304, 304, 304, 305, 341, 845, - 51, 386, 274, 51, 51, 51, 51, 51, 51, 51, - 51, 51, 51, 202, 260, 260, 274, 260, 309, 309, - 309, 202, 320, 339, 202, 320, 339, 202, 202, 207, - 207, 207, 207, 207, 207, 207, 207, 207, 207, 323, - 422, 202, 362, 202, 323, 349, 349, 362, 320, 260, - 51, 71, 71, 71, 71, 71, 372, 71, 339, 372, - 844, 71, 453, 71, 388, 388, 419, 202, 202, 316, + 324, 206, 206, 296, 296, 324, 296, 306, 342, 321, + 51, 273, 321, 51, 51, 51, 51, 51, 51, 51, + 51, 51, 51, 202, 260, 260, 273, 260, 310, 310, + 310, 202, 857, 340, 202, 321, 340, 202, 202, 207, + 207, 207, 207, 207, 207, 207, 207, 207, 207, 325, + 855, 202, 325, 202, 305, 305, 305, 305, 313, 260, + 51, 71, 71, 71, 71, 71, 567, 71, 340, 313, + 567, 71, 846, 71, 388, 325, 424, 202, 202, 317, - 316, 316, 316, 316, 316, 422, 388, 71, 71, 210, + 317, 317, 317, 317, 317, 388, 351, 71, 71, 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, 211, - 211, 211, 211, 211, 211, 211, 211, 211, 211, 419, - 421, 453, 594, 594, 71, 72, 72, 229, 229, 229, - 229, 229, 229, 229, 229, 229, 229, 72, 348, 348, + 211, 211, 211, 211, 211, 211, 211, 211, 211, 351, + 374, 424, 845, 374, 71, 72, 72, 229, 229, 229, + 229, 229, 229, 229, 229, 229, 229, 72, 350, 350, 72, 72, 72, 72, 72, 72, 72, 72, 72, 72, - 89, 324, 423, 421, 324, 89, 89, 423, 89, 89, - 89, 89, 633, 633, 89, 89, 230, 230, 230, 230, - 230, 230, 230, 230, 230, 230, 835, 324, 89, 89, + 89, 362, 364, 500, 362, 89, 89, 364, 89, 89, + 89, 89, 844, 500, 89, 89, 230, 230, 230, 230, + 230, 230, 230, 230, 230, 230, 835, 362, 89, 89, 89, 232, 232, 232, 232, 232, 232, 232, 232, 232, - 232, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 348, 430, 515, 89, 89, 90, 430, 515, 90, + 232, 314, 314, 314, 314, 314, 314, 314, 314, 314, + 314, 350, 425, 432, 89, 89, 90, 425, 432, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, - 90, 90, 90, 690, 690, 90, 90, 90, 90, 90, + 90, 90, 90, 503, 503, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, - 90, 90, 90, 90, 90, 90, 90, 90, 691, 691, + 90, 90, 90, 90, 90, 90, 90, 90, 596, 596, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 93, 834, 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, - 498, 390, 390, 93, 93, 93, 93, 93, 93, 273, + 503, 390, 390, 93, 93, 93, 93, 93, 93, 274, - 498, 360, 273, 390, 360, 273, 700, 700, 581, 581, - 357, 273, 357, 357, 357, 357, 357, 357, 93, 93, - 93, 93, 93, 93, 94, 273, 273, 360, 94, 94, + 574, 365, 274, 390, 365, 274, 832, 574, 421, 423, + 359, 274, 359, 359, 359, 359, 359, 359, 93, 93, + 93, 93, 93, 93, 94, 274, 274, 365, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, - 94, 501, 501, 94, 94, 94, 94, 94, 94, 94, + 94, 421, 423, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, - 94, 94, 94, 94, 94, 94, 581, 94, 94, 94, + 94, 94, 94, 94, 94, 94, 455, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 98, 98, 98, 98, 98, - 98, 98, 98, 98, 98, 98, 429, 832, 501, 98, + 98, 98, 98, 98, 98, 98, 392, 392, 831, 98, - 98, 98, 98, 98, 98, 363, 503, 429, 363, 98, - 315, 315, 315, 315, 315, 315, 315, 315, 315, 315, - 350, 427, 427, 503, 98, 98, 98, 98, 98, 98, - 104, 363, 104, 104, 104, 104, 104, 104, 104, 104, - 104, 104, 108, 108, 108, 108, 108, 350, 108, 108, - 831, 428, 108, 353, 353, 353, 353, 353, 353, 353, - 353, 353, 353, 640, 829, 350, 108, 108, 108, 120, - 120, 120, 120, 120, 428, 120, 120, 828, 640, 120, - 387, 387, 387, 387, 387, 387, 387, 387, 387, 387, - 462, 427, 564, 120, 120, 120, 122, 122, 122, 122, - - 122, 462, 122, 122, 564, 604, 122, 389, 389, 389, - 389, 389, 389, 389, 389, 389, 389, 604, 561, 466, - 122, 122, 122, 125, 561, 125, 125, 125, 125, 125, - 466, 125, 125, 467, 467, 125, 393, 393, 393, 393, - 393, 393, 393, 393, 632, 467, 632, 827, 393, 125, + 98, 98, 98, 98, 98, 455, 505, 829, 392, 98, + 316, 316, 316, 316, 316, 316, 316, 316, 316, 316, + 352, 429, 429, 505, 98, 98, 98, 98, 98, 98, + 104, 828, 104, 104, 104, 104, 104, 104, 104, 104, + 104, 104, 108, 108, 108, 108, 108, 352, 108, 108, + 635, 635, 108, 355, 355, 355, 355, 355, 355, 355, + 355, 355, 355, 430, 827, 352, 108, 108, 108, 120, + 120, 120, 120, 120, 430, 120, 120, 692, 692, 120, + 389, 389, 389, 389, 389, 389, 389, 389, 389, 389, + 431, 429, 566, 120, 120, 120, 122, 122, 122, 122, + + 122, 431, 122, 122, 566, 606, 122, 391, 391, 391, + 391, 391, 391, 391, 391, 391, 391, 606, 817, 464, + 122, 122, 122, 125, 504, 125, 125, 125, 125, 125, + 464, 125, 125, 468, 504, 125, 395, 395, 395, 395, + 395, 395, 395, 395, 468, 583, 583, 816, 395, 125, 125, 125, 126, 126, 126, 126, 126, 126, 126, 126, - 126, 126, 395, 395, 395, 395, 395, 395, 395, 395, - 395, 395, 396, 396, 396, 396, 396, 396, 399, 405, - 502, 399, 405, 476, 476, 476, 476, 476, 476, 126, - 127, 502, 127, 127, 127, 127, 127, 127, 127, 127, - - 127, 127, 127, 817, 399, 405, 127, 127, 127, 127, - 127, 127, 468, 468, 469, 469, 469, 469, 469, 469, - 469, 469, 469, 469, 468, 816, 470, 470, 583, 127, - 543, 127, 127, 127, 127, 127, 127, 135, 470, 483, - 486, 543, 483, 486, 583, 135, 565, 810, 135, 135, - 565, 135, 135, 135, 135, 135, 135, 135, 135, 135, - 135, 135, 135, 135, 135, 483, 486, 135, 135, 135, + 126, 126, 397, 397, 397, 397, 397, 397, 397, 397, + 397, 397, 398, 398, 398, 398, 398, 398, 401, 407, + 545, 401, 407, 478, 478, 478, 478, 478, 478, 126, + 127, 545, 127, 127, 127, 127, 127, 127, 127, 127, + + 127, 127, 127, 583, 401, 407, 127, 127, 127, 127, + 127, 127, 469, 469, 470, 470, 472, 472, 485, 546, + 482, 485, 517, 482, 469, 585, 470, 517, 472, 127, + 546, 127, 127, 127, 127, 127, 127, 135, 547, 547, + 488, 585, 571, 488, 485, 135, 482, 571, 135, 135, + 547, 135, 135, 135, 135, 135, 135, 135, 135, 135, + 135, 135, 135, 135, 135, 482, 488, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, 136, 136, 136, 136, 136, 136, 136, 136, 136, 136, - 136, 504, 806, 723, 136, 136, 136, 136, 136, 136, - 456, 504, 456, 456, 456, 456, 456, 456, 475, 475, - 475, 475, 475, 475, 475, 475, 475, 475, 578, 136, - 136, 136, 136, 136, 136, 174, 560, 174, 174, 174, - 174, 174, 723, 174, 174, 578, 560, 174, 606, 456, - 505, 505, 505, 505, 505, 505, 505, 505, 505, 505, - 606, 174, 174, 174, 204, 204, 204, 204, 204, 480, - 204, 204, 480, 544, 204, 473, 473, 473, 473, 473, - - 473, 473, 473, 481, 544, 571, 481, 473, 204, 204, - 204, 205, 571, 566, 804, 480, 205, 205, 582, 205, - 205, 205, 205, 566, 489, 205, 205, 489, 582, 481, - 482, 545, 545, 482, 480, 484, 546, 546, 484, 205, - 205, 205, 570, 545, 569, 752, 752, 481, 546, 569, - 489, 548, 548, 570, 485, 572, 482, 485, 489, 635, - 803, 484, 572, 548, 635, 205, 205, 208, 208, 208, - 208, 208, 208, 208, 208, 208, 208, 482, 484, 711, - 485, 208, 208, 208, 208, 208, 208, 488, 491, 802, - 488, 491, 485, 618, 619, 711, 509, 485, 509, 509, - - 509, 509, 509, 509, 618, 619, 208, 208, 208, 208, - 208, 208, 213, 488, 491, 727, 213, 213, 213, 213, - 213, 213, 213, 213, 213, 213, 213, 213, 213, 488, - 790, 213, 213, 213, 213, 213, 213, 213, 213, 213, + 136, 506, 693, 693, 136, 136, 136, 136, 136, 136, + 458, 506, 458, 458, 458, 458, 458, 458, 471, 471, + 471, 471, 471, 471, 471, 471, 471, 471, 580, 136, + 136, 136, 136, 136, 136, 174, 562, 174, 174, 174, + 174, 174, 811, 174, 174, 580, 562, 174, 807, 458, + 477, 477, 477, 477, 477, 477, 477, 477, 477, 477, + 599, 174, 174, 174, 204, 204, 204, 204, 204, 483, + 204, 204, 483, 608, 204, 475, 475, 475, 475, 475, + + 475, 475, 475, 484, 568, 608, 484, 475, 204, 204, + 204, 205, 548, 548, 568, 483, 205, 205, 599, 205, + 205, 205, 205, 805, 548, 205, 205, 572, 584, 484, + 584, 637, 493, 483, 486, 493, 637, 486, 572, 205, + 205, 205, 511, 647, 511, 511, 511, 511, 511, 511, + 484, 620, 487, 489, 490, 487, 489, 490, 493, 647, + 486, 492, 620, 804, 492, 205, 205, 208, 208, 208, + 208, 208, 208, 208, 208, 208, 208, 486, 487, 489, + 490, 208, 208, 208, 208, 208, 208, 492, 494, 512, + 487, 494, 512, 550, 550, 487, 490, 530, 530, 530, + + 530, 530, 530, 489, 492, 550, 208, 208, 208, 208, + 208, 208, 213, 586, 494, 512, 213, 213, 213, 213, + 213, 213, 213, 213, 213, 213, 213, 213, 213, 803, + 586, 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, - 213, 213, 213, 213, 727, 213, 213, 213, 213, 213, + 213, 213, 213, 213, 791, 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, 214, 214, 214, 214, 214, 214, 214, - 214, 214, 214, 214, 687, 789, 584, 214, 214, 214, - 214, 214, 214, 487, 593, 687, 487, 528, 528, 528, + 214, 214, 214, 214, 621, 790, 595, 214, 214, 214, + 214, 214, 214, 495, 788, 621, 495, 537, 537, 537, - 528, 528, 528, 584, 490, 492, 493, 490, 492, 493, - 787, 593, 214, 214, 214, 214, 214, 214, 231, 487, + 537, 537, 537, 595, 491, 515, 518, 491, 515, 518, + 702, 702, 214, 214, 214, 214, 214, 214, 231, 495, 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, - 490, 492, 493, 510, 760, 760, 510, 535, 535, 535, - 535, 535, 535, 487, 688, 513, 516, 490, 513, 516, - 636, 786, 636, 493, 645, 688, 645, 231, 234, 510, + 491, 515, 518, 521, 703, 634, 521, 634, 491, 703, + 495, 507, 507, 507, 507, 507, 507, 507, 507, 507, + 507, 556, 556, 556, 556, 556, 556, 231, 234, 521, 234, 234, 234, 234, 234, 234, 234, 234, 234, 234, - 519, 513, 516, 519, 234, 234, 234, 234, 234, 234, - 527, 527, 527, 527, 527, 527, 527, 527, 527, 527, - 520, 557, 562, 520, 557, 562, 519, 779, 597, 234, + 522, 754, 754, 522, 234, 234, 234, 234, 234, 234, + 529, 529, 529, 529, 529, 529, 529, 529, 529, 529, + 559, 564, 569, 559, 564, 569, 522, 725, 787, 234, 234, 234, 234, 234, 234, 237, 237, 237, 237, 237, - 237, 237, 237, 237, 237, 237, 520, 557, 562, 237, - 237, 237, 237, 237, 237, 532, 532, 532, 532, 532, - 532, 532, 532, 532, 532, 542, 597, 542, 542, 542, - 542, 542, 542, 777, 237, 237, 237, 237, 237, 237, + 237, 237, 237, 237, 237, 237, 559, 564, 569, 237, + 237, 237, 237, 237, 237, 534, 534, 534, 534, 534, + 534, 534, 534, 534, 534, 544, 725, 544, 544, 544, + 544, 544, 544, 780, 237, 237, 237, 237, 237, 237, 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 664, 664, 664, 239, 239, 239, 239, 239, - 239, 534, 534, 534, 534, 534, 534, 534, 534, 534, - 534, 554, 554, 554, 554, 554, 554, 697, 776, 697, + 239, 239, 638, 778, 638, 239, 239, 239, 239, 239, + 239, 536, 536, 536, 536, 536, 536, 536, 536, 536, + 536, 575, 577, 777, 575, 577, 602, 602, 602, 602, 239, 239, 239, 239, 239, 239, 240, 240, 240, 240, - 240, 240, 240, 240, 240, 240, 240, 763, 763, 775, - 240, 240, 240, 240, 240, 240, 538, 538, 538, 538, - 538, 538, 538, 538, 538, 538, 600, 600, 600, 600, - 620, 620, 860, 860, 772, 240, 240, 240, 240, 240, - 240, 278, 620, 278, 278, 278, 278, 278, 278, 278, - 278, 278, 278, 279, 279, 279, 279, 279, 279, 279, - 279, 279, 279, 279, 770, 710, 710, 279, 279, 279, - 279, 279, 279, 547, 547, 547, 547, 547, 547, 547, - 547, 547, 547, 567, 573, 575, 567, 573, 575, 822, - 863, 863, 279, 279, 279, 279, 279, 279, 281, 281, - - 281, 281, 281, 281, 281, 281, 281, 281, 766, 567, - 573, 575, 281, 281, 281, 281, 281, 281, 551, 551, - 551, 551, 551, 551, 551, 551, 695, 710, 822, 695, - 551, 612, 612, 612, 612, 612, 612, 281, 281, 281, - 281, 281, 281, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 553, 553, 553, 553, 553, 553, 553, - 553, 553, 553, 603, 603, 603, 603, 603, 603, 603, - 603, 603, 603, 629, 629, 629, 629, 629, 629, 765, - 300, 308, 308, 308, 308, 308, 308, 308, 308, 308, - 308, 308, 314, 314, 314, 314, 314, 314, 314, 314, - - 314, 314, 314, 314, 314, 909, 909, 909, 314, 314, - 314, 314, 314, 314, 605, 605, 605, 605, 605, 605, - 605, 605, 605, 605, 759, 658, 659, 634, 658, 659, - 634, 769, 758, 314, 314, 314, 314, 314, 314, 317, - 317, 317, 317, 317, 317, 317, 317, 317, 317, 317, - 317, 658, 659, 634, 317, 317, 317, 317, 317, 317, - 609, 670, 609, 609, 609, 609, 609, 609, 709, 709, - 709, 709, 609, 670, 621, 621, 634, 757, 769, 317, - 317, 317, 317, 317, 317, 318, 621, 318, 318, 318, - 318, 318, 318, 318, 318, 318, 318, 358, 358, 358, - - 358, 358, 358, 358, 358, 358, 358, 698, 968, 968, - 698, 358, 358, 358, 358, 358, 358, 611, 611, 611, - 611, 611, 611, 611, 611, 611, 611, 751, 702, 637, - 701, 702, 637, 698, 868, 701, 358, 358, 358, 358, - 358, 358, 359, 359, 359, 359, 359, 359, 359, 359, - 359, 359, 623, 623, 702, 637, 359, 359, 359, 359, - 359, 359, 671, 673, 623, 626, 626, 626, 626, 626, - 626, 626, 626, 868, 671, 673, 735, 626, 637, 969, - 969, 359, 359, 359, 359, 359, 359, 376, 735, 376, - 376, 376, 376, 376, 376, 376, 376, 376, 376, 377, - - 736, 377, 377, 377, 377, 377, 377, 377, 377, 377, - 377, 378, 736, 378, 378, 378, 378, 378, 378, 378, - 378, 378, 378, 381, 381, 381, 381, 381, 381, 381, - 381, 381, 381, 381, 391, 391, 391, 391, 391, 391, - 391, 391, 391, 391, 391, 391, 391, 929, 929, 929, - 391, 391, 391, 391, 391, 391, 628, 628, 628, 628, - 628, 628, 628, 628, 628, 628, 980, 980, 638, 696, - 704, 638, 696, 704, 748, 391, 391, 391, 391, 391, - 391, 394, 394, 394, 394, 394, 394, 394, 394, 394, - 394, 394, 394, 394, 638, 696, 704, 394, 394, 394, - - 394, 394, 394, 644, 644, 644, 644, 648, 648, 648, - 648, 648, 648, 648, 648, 648, 648, 638, 696, 939, - 747, 939, 394, 394, 394, 394, 394, 394, 397, 397, - 397, 397, 397, 397, 397, 397, 397, 397, 397, 397, - 940, 734, 940, 397, 397, 397, 397, 397, 397, 652, - 652, 652, 652, 652, 652, 652, 717, 733, 717, 717, - 717, 644, 679, 679, 679, 679, 679, 679, 397, 397, - 397, 397, 397, 397, 398, 738, 398, 398, 398, 398, - 398, 398, 398, 398, 398, 398, 433, 738, 433, 433, - 433, 433, 433, 433, 433, 433, 433, 433, 434, 434, - - 434, 434, 434, 434, 434, 434, 434, 434, 708, 731, - 764, 764, 434, 434, 434, 434, 434, 434, 662, 662, - 662, 662, 662, 662, 662, 662, 662, 662, 1000, 1000, - 708, 646, 708, 708, 951, 730, 951, 434, 434, 434, - 434, 434, 434, 435, 435, 435, 435, 435, 435, 435, - 435, 435, 435, 646, 729, 646, 646, 435, 435, 435, - 435, 435, 435, 663, 663, 663, 663, 663, 663, 663, - 663, 663, 663, 718, 715, 906, 718, 764, 906, 952, - 646, 952, 435, 435, 435, 435, 435, 435, 452, 452, - 452, 452, 452, 452, 452, 452, 452, 452, 676, 718, - - 676, 676, 676, 676, 676, 676, 726, 726, 726, 726, - 676, 678, 678, 678, 678, 678, 678, 678, 678, 678, - 678, 761, 761, 761, 761, 452, 454, 791, 454, 454, - 454, 454, 454, 454, 454, 454, 454, 454, 455, 791, - 455, 455, 455, 455, 455, 455, 455, 455, 455, 455, - 461, 461, 461, 461, 461, 461, 461, 461, 461, 461, - 461, 956, 714, 956, 461, 461, 461, 461, 461, 461, - 682, 682, 682, 682, 682, 682, 682, 682, 682, 682, - 686, 707, 686, 686, 686, 686, 686, 686, 706, 461, - 461, 461, 461, 461, 461, 465, 685, 465, 465, 465, - - 465, 465, 465, 465, 465, 465, 465, 471, 471, 471, - 471, 471, 471, 471, 471, 471, 471, 471, 471, 471, - 689, 689, 684, 471, 471, 471, 471, 471, 471, 1001, - 1001, 750, 689, 694, 694, 694, 694, 694, 694, 694, - 694, 712, 750, 683, 712, 712, 712, 712, 471, 471, - 471, 471, 471, 471, 474, 474, 474, 474, 474, 474, - 474, 474, 474, 474, 474, 474, 474, 957, 672, 957, - 474, 474, 474, 474, 474, 474, 713, 669, 667, 713, - 713, 713, 713, 768, 768, 768, 666, 719, 720, 721, - 719, 720, 721, 665, 712, 474, 474, 474, 474, 474, - - 474, 477, 477, 477, 477, 477, 477, 477, 477, 477, - 477, 477, 477, 719, 720, 721, 477, 477, 477, 477, - 477, 477, 744, 744, 744, 744, 744, 744, 792, 713, - 657, 656, 768, 721, 719, 754, 720, 961, 754, 961, - 792, 477, 477, 477, 477, 477, 477, 478, 654, 478, - 478, 478, 478, 478, 478, 478, 478, 478, 478, 479, - 479, 754, 756, 479, 653, 756, 919, 479, 651, 919, - 479, 479, 650, 479, 479, 479, 479, 479, 479, 479, - 479, 479, 479, 479, 479, 479, 479, 649, 756, 479, - 479, 479, 479, 479, 479, 479, 479, 479, 479, 479, - - 479, 479, 479, 479, 479, 479, 479, 479, 479, 479, - 479, 479, 479, 479, 479, 479, 479, 479, 479, 479, - 479, 479, 479, 479, 479, 479, 479, 479, 479, 479, - 479, 479, 526, 526, 526, 526, 526, 526, 526, 526, - 526, 526, 526, 728, 728, 728, 728, 728, 728, 728, - 728, 728, 728, 732, 647, 732, 732, 732, 732, 732, - 732, 778, 643, 778, 778, 778, 778, 778, 778, 642, - 526, 533, 794, 533, 533, 533, 533, 533, 533, 533, - 533, 533, 533, 533, 794, 641, 639, 533, 533, 533, - 533, 533, 533, 737, 737, 737, 737, 737, 737, 737, - - 737, 737, 737, 767, 622, 616, 767, 767, 767, 767, - 615, 602, 533, 533, 533, 533, 533, 533, 536, 536, - 536, 536, 536, 536, 536, 536, 536, 536, 536, 964, - 601, 964, 536, 536, 536, 536, 536, 536, 741, 833, - 741, 741, 741, 741, 741, 741, 813, 813, 813, 813, - 741, 833, 838, 838, 838, 838, 767, 536, 536, 536, - 536, 536, 536, 537, 595, 537, 537, 537, 537, 537, - 537, 537, 537, 537, 537, 549, 549, 549, 549, 549, - 549, 549, 549, 549, 549, 549, 549, 549, 974, 592, - 974, 549, 549, 549, 549, 549, 549, 743, 743, 743, - - 743, 743, 743, 743, 743, 743, 743, 591, 589, 780, - 781, 782, 780, 781, 782, 588, 549, 549, 549, 549, - 549, 549, 552, 552, 552, 552, 552, 552, 552, 552, - 552, 552, 552, 552, 552, 780, 781, 782, 552, 552, - 552, 552, 552, 552, 774, 774, 774, 774, 774, 774, - 774, 774, 774, 774, 975, 807, 975, 781, 807, 782, - 983, 586, 983, 552, 552, 552, 552, 552, 552, 555, - 555, 555, 555, 555, 555, 555, 555, 555, 555, 555, - 809, 807, 585, 809, 555, 555, 555, 555, 555, 555, - 793, 793, 793, 793, 793, 793, 793, 793, 793, 793, - - 800, 800, 800, 800, 800, 800, 809, 580, 579, 555, - 555, 555, 555, 555, 555, 556, 577, 556, 556, 556, - 556, 556, 556, 556, 556, 556, 556, 559, 805, 805, - 805, 805, 805, 805, 805, 559, 541, 1006, 559, 559, - 1006, 559, 559, 559, 559, 559, 559, 559, 559, 559, - 559, 559, 559, 559, 984, 540, 984, 559, 559, 559, - 559, 559, 559, 559, 559, 559, 559, 559, 559, 559, - 559, 559, 559, 559, 559, 559, 559, 559, 559, 559, - 559, 559, 559, 559, 559, 559, 559, 559, 559, 559, - 559, 559, 559, 559, 559, 559, 559, 559, 559, 559, - - 587, 587, 587, 587, 587, 587, 587, 587, 587, 587, - 587, 590, 988, 539, 988, 590, 590, 590, 590, 590, - 590, 590, 590, 590, 590, 590, 994, 590, 994, 531, - 590, 590, 590, 590, 590, 590, 590, 590, 590, 590, - 590, 590, 590, 590, 590, 590, 590, 590, 590, 590, - 590, 590, 590, 530, 590, 590, 590, 590, 590, 590, - 590, 590, 590, 590, 590, 590, 590, 590, 590, 590, - 590, 590, 596, 596, 596, 596, 596, 596, 596, 596, - 596, 596, 797, 529, 797, 797, 797, 797, 797, 797, - 842, 842, 842, 842, 797, 799, 799, 799, 799, 799, - - 799, 799, 799, 799, 799, 861, 861, 861, 861, 596, - 598, 598, 598, 598, 598, 598, 598, 598, 598, 598, - 598, 814, 814, 814, 814, 814, 814, 814, 814, 814, - 814, 815, 815, 815, 815, 815, 815, 815, 815, 815, - 815, 875, 875, 875, 875, 875, 875, 525, 598, 607, - 518, 607, 607, 607, 607, 607, 607, 607, 607, 607, - 607, 607, 610, 517, 610, 610, 610, 610, 610, 610, - 610, 610, 610, 610, 610, 995, 514, 995, 610, 610, - 610, 610, 610, 610, 826, 826, 826, 826, 826, 826, - 826, 826, 826, 826, 819, 820, 839, 819, 820, 839, - - 997, 512, 997, 610, 610, 610, 610, 610, 610, 613, - 613, 613, 613, 613, 613, 613, 613, 613, 613, 613, - 819, 820, 839, 613, 613, 613, 613, 613, 613, 830, - 511, 830, 830, 830, 830, 830, 830, 1008, 1009, 1008, - 1009, 841, 820, 1012, 841, 1012, 508, 507, 613, 613, - 613, 613, 613, 613, 614, 506, 614, 614, 614, 614, - 614, 614, 614, 614, 614, 614, 617, 841, 617, 617, - 617, 617, 617, 617, 617, 617, 617, 617, 624, 624, - 624, 624, 624, 624, 624, 624, 624, 624, 624, 624, - 624, 1013, 500, 1013, 624, 624, 624, 624, 624, 624, - - 825, 499, 825, 825, 825, 825, 825, 825, 843, 843, - 843, 843, 843, 843, 843, 843, 843, 843, 497, 624, - 624, 624, 624, 624, 624, 627, 627, 627, 627, 627, - 627, 627, 627, 627, 627, 627, 627, 848, 496, 825, - 848, 627, 627, 627, 627, 627, 627, 847, 495, 847, - 847, 847, 847, 847, 847, 494, 1018, 1017, 1018, 858, - 1017, 464, 858, 848, 1017, 463, 627, 627, 627, 627, - 627, 627, 630, 460, 630, 630, 630, 630, 630, 630, - 630, 630, 630, 630, 631, 858, 894, 894, 894, 894, - 894, 894, 631, 459, 458, 631, 631, 457, 631, 631, - - 631, 631, 631, 631, 631, 631, 631, 631, 631, 631, - 631, 1019, 451, 1019, 631, 631, 631, 631, 631, 631, - 631, 631, 631, 631, 631, 631, 631, 631, 631, 631, - 631, 631, 631, 631, 631, 631, 631, 631, 631, 631, - 631, 631, 631, 631, 631, 631, 631, 631, 631, 631, - 631, 631, 631, 631, 631, 631, 631, 655, 450, 882, - 655, 882, 882, 882, 882, 882, 882, 449, 655, 448, - 447, 446, 655, 655, 655, 655, 655, 655, 655, 655, - 655, 655, 655, 655, 655, 445, 444, 655, 655, 655, - 655, 655, 655, 655, 655, 655, 655, 655, 655, 655, - - 655, 655, 655, 655, 655, 655, 655, 655, 655, 655, - 443, 655, 655, 655, 655, 655, 655, 655, 655, 655, - 655, 655, 655, 655, 655, 655, 655, 655, 655, 661, - 442, 661, 661, 661, 661, 661, 661, 661, 661, 661, - 661, 852, 852, 852, 852, 852, 852, 852, 852, 852, - 852, 853, 853, 853, 853, 853, 853, 853, 853, 853, - 853, 441, 440, 439, 438, 437, 436, 432, 661, 668, - 431, 668, 668, 668, 668, 668, 668, 668, 668, 668, - 668, 674, 426, 674, 674, 674, 674, 674, 674, 674, - 674, 674, 674, 674, 677, 425, 677, 677, 677, 677, - - 677, 677, 677, 677, 677, 677, 677, 424, 418, 417, - 677, 677, 677, 677, 677, 677, 854, 854, 854, 854, - 854, 854, 854, 854, 854, 854, 871, 415, 871, 871, - 871, 871, 871, 871, 414, 677, 677, 677, 677, 677, - 677, 680, 680, 680, 680, 680, 680, 680, 680, 680, - 680, 680, 413, 412, 411, 680, 680, 680, 680, 680, - 680, 410, 409, 408, 407, 871, 873, 873, 873, 873, - 873, 873, 873, 873, 873, 873, 404, 403, 402, 401, - 680, 680, 680, 680, 680, 680, 681, 385, 681, 681, - 681, 681, 681, 681, 681, 681, 681, 681, 692, 692, - - 692, 692, 692, 692, 692, 692, 692, 692, 692, 692, - 716, 384, 716, 716, 716, 716, 716, 716, 716, 716, - 716, 716, 722, 722, 722, 722, 722, 722, 722, 722, - 722, 722, 874, 874, 874, 874, 874, 874, 874, 874, - 874, 874, 878, 878, 878, 878, 878, 878, 878, 878, - 878, 878, 383, 382, 380, 379, 375, 374, 373, 722, - 724, 371, 724, 724, 724, 724, 724, 724, 724, 724, + 240, 240, 240, 240, 240, 240, 240, 575, 577, 776, + 240, 240, 240, 240, 240, 240, 540, 540, 540, 540, + 540, 540, 540, 540, 540, 540, 614, 614, 614, 614, + 614, 614, 666, 666, 666, 240, 240, 240, 240, 240, + 240, 279, 773, 279, 279, 279, 279, 279, 279, 279, + 279, 279, 279, 280, 280, 280, 280, 280, 280, 280, + 280, 280, 280, 280, 699, 771, 699, 280, 280, 280, + 280, 280, 280, 549, 549, 549, 549, 549, 549, 549, + 549, 549, 549, 631, 631, 631, 631, 631, 631, 729, + 762, 762, 280, 280, 280, 280, 280, 280, 282, 282, + + 282, 282, 282, 282, 282, 282, 282, 282, 765, 765, + 767, 642, 282, 282, 282, 282, 282, 282, 553, 553, + 553, 553, 553, 553, 553, 553, 642, 939, 729, 939, + 553, 681, 681, 681, 681, 681, 681, 282, 282, 282, + 282, 282, 282, 301, 301, 301, 301, 301, 301, 301, + 301, 301, 301, 555, 555, 555, 555, 555, 555, 555, + 555, 555, 555, 605, 605, 605, 605, 605, 605, 605, + 605, 605, 605, 646, 646, 646, 646, 770, 860, 860, + 301, 309, 309, 309, 309, 309, 309, 309, 309, 309, + 309, 309, 315, 315, 315, 315, 315, 315, 315, 315, + + 315, 315, 315, 315, 315, 863, 863, 760, 315, 315, + 315, 315, 315, 315, 607, 607, 607, 607, 607, 607, + 607, 607, 607, 607, 770, 660, 661, 636, 660, 661, + 636, 646, 759, 315, 315, 315, 315, 315, 315, 318, + 318, 318, 318, 318, 318, 318, 318, 318, 318, 318, + 318, 660, 661, 636, 318, 318, 318, 318, 318, 318, + 611, 672, 611, 611, 611, 611, 611, 611, 697, 968, + 968, 697, 611, 672, 622, 622, 636, 969, 969, 318, + 318, 318, 318, 318, 318, 319, 622, 319, 319, 319, + 319, 319, 319, 319, 319, 319, 319, 360, 360, 360, + + 360, 360, 360, 360, 360, 360, 360, 711, 711, 711, + 711, 360, 360, 360, 360, 360, 360, 613, 613, 613, + 613, 613, 613, 613, 613, 613, 613, 654, 654, 654, + 654, 654, 654, 654, 980, 980, 360, 360, 360, 360, + 360, 360, 361, 361, 361, 361, 361, 361, 361, 361, + 361, 361, 623, 623, 625, 625, 361, 361, 361, 361, + 361, 361, 753, 673, 623, 675, 625, 628, 628, 628, + 628, 628, 628, 628, 628, 673, 737, 675, 940, 628, + 940, 361, 361, 361, 361, 361, 361, 378, 737, 378, + 378, 378, 378, 378, 378, 378, 378, 378, 378, 379, + + 738, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 380, 738, 380, 380, 380, 380, 380, 380, 380, + 380, 380, 380, 383, 383, 383, 383, 383, 383, 383, + 383, 383, 383, 383, 393, 393, 393, 393, 393, 393, + 393, 393, 393, 393, 393, 393, 393, 750, 766, 766, + 393, 393, 393, 393, 393, 393, 630, 630, 630, 630, + 630, 630, 630, 630, 630, 630, 1000, 1000, 639, 640, + 698, 639, 640, 698, 749, 393, 393, 393, 393, 393, + 393, 396, 396, 396, 396, 396, 396, 396, 396, 396, + 396, 396, 396, 396, 639, 640, 698, 396, 396, 396, + + 396, 396, 396, 650, 650, 650, 650, 650, 650, 650, + 650, 650, 650, 712, 712, 766, 736, 639, 640, 698, + 1001, 1001, 396, 396, 396, 396, 396, 396, 399, 399, + 399, 399, 399, 399, 399, 399, 399, 399, 399, 399, + 909, 909, 909, 399, 399, 399, 399, 399, 399, 664, + 664, 664, 664, 664, 664, 664, 664, 664, 664, 688, + 735, 688, 688, 688, 688, 688, 688, 733, 399, 399, + 399, 399, 399, 399, 400, 712, 400, 400, 400, 400, + 400, 400, 400, 400, 400, 400, 435, 732, 435, 435, + 435, 435, 435, 435, 435, 435, 435, 435, 436, 436, + + 436, 436, 436, 436, 436, 436, 436, 436, 700, 731, + 717, 700, 436, 436, 436, 436, 436, 436, 665, 665, + 665, 665, 665, 665, 665, 665, 665, 665, 769, 769, + 769, 648, 906, 919, 700, 906, 919, 436, 436, 436, + 436, 436, 436, 437, 437, 437, 437, 437, 437, 437, + 437, 437, 437, 648, 710, 648, 648, 437, 437, 437, + 437, 437, 437, 678, 716, 678, 678, 678, 678, 678, + 678, 728, 728, 728, 728, 678, 710, 769, 710, 710, + 648, 713, 437, 437, 437, 437, 437, 437, 454, 454, + 454, 454, 454, 454, 454, 454, 454, 454, 680, 680, + + 680, 680, 680, 680, 680, 680, 680, 680, 684, 684, + 684, 684, 684, 684, 684, 684, 684, 684, 719, 709, + 719, 719, 719, 708, 687, 454, 456, 740, 456, 456, + 456, 456, 456, 456, 456, 456, 456, 456, 457, 740, + 457, 457, 457, 457, 457, 457, 457, 457, 457, 457, + 463, 463, 463, 463, 463, 463, 463, 463, 463, 463, + 463, 689, 690, 686, 463, 463, 463, 463, 463, 463, + 691, 691, 689, 690, 696, 696, 696, 696, 696, 696, + 696, 696, 691, 746, 746, 746, 746, 746, 746, 463, + 463, 463, 463, 463, 463, 467, 685, 467, 467, 467, + + 467, 467, 467, 467, 467, 467, 467, 473, 473, 473, + 473, 473, 473, 473, 473, 473, 473, 473, 473, 473, + 752, 674, 671, 473, 473, 473, 473, 473, 473, 714, + 669, 752, 714, 714, 714, 714, 763, 763, 763, 763, + 668, 704, 706, 720, 704, 706, 720, 667, 473, 473, + 473, 473, 473, 473, 476, 476, 476, 476, 476, 476, + 476, 476, 476, 476, 476, 476, 476, 704, 706, 720, + 476, 476, 476, 476, 476, 476, 813, 813, 813, 813, + 715, 792, 714, 715, 715, 715, 715, 721, 722, 756, + 721, 722, 756, 792, 659, 476, 476, 476, 476, 476, + + 476, 479, 479, 479, 479, 479, 479, 479, 479, 479, + 479, 479, 479, 721, 722, 756, 479, 479, 479, 479, + 479, 479, 723, 658, 734, 723, 734, 734, 734, 734, + 734, 734, 656, 715, 721, 758, 722, 951, 758, 951, + 655, 479, 479, 479, 479, 479, 479, 480, 723, 480, + 480, 480, 480, 480, 480, 480, 480, 480, 480, 481, + 481, 758, 781, 481, 653, 781, 723, 481, 652, 1006, + 481, 481, 1006, 481, 481, 481, 481, 481, 481, 481, + 481, 481, 481, 481, 481, 481, 481, 651, 781, 481, + 481, 481, 481, 481, 481, 481, 481, 481, 481, 481, + + 481, 481, 481, 481, 481, 481, 481, 481, 481, 481, + 481, 481, 481, 481, 481, 481, 481, 481, 481, 481, + 481, 481, 481, 481, 481, 481, 481, 481, 481, 481, + 481, 481, 528, 528, 528, 528, 528, 528, 528, 528, + 528, 528, 528, 730, 730, 730, 730, 730, 730, 730, + 730, 730, 730, 739, 739, 739, 739, 739, 739, 739, + 739, 739, 739, 801, 801, 801, 801, 801, 801, 649, + 528, 535, 793, 535, 535, 535, 535, 535, 535, 535, + 535, 535, 535, 535, 793, 645, 644, 535, 535, 535, + 535, 535, 535, 743, 643, 743, 743, 743, 743, 743, + + 743, 641, 952, 768, 952, 743, 768, 768, 768, 768, + 624, 618, 535, 535, 535, 535, 535, 535, 538, 538, + 538, 538, 538, 538, 538, 538, 538, 538, 538, 929, + 929, 929, 538, 538, 538, 538, 538, 538, 745, 745, + 745, 745, 745, 745, 745, 745, 745, 745, 779, 617, + 779, 779, 779, 779, 779, 779, 768, 538, 538, 538, + 538, 538, 538, 539, 604, 539, 539, 539, 539, 539, + 539, 539, 539, 539, 539, 551, 551, 551, 551, 551, + 551, 551, 551, 551, 551, 551, 551, 551, 956, 603, + 956, 551, 551, 551, 551, 551, 551, 775, 775, 775, + + 775, 775, 775, 775, 775, 775, 775, 597, 594, 782, + 783, 808, 782, 783, 808, 593, 551, 551, 551, 551, + 551, 551, 554, 554, 554, 554, 554, 554, 554, 554, + 554, 554, 554, 554, 554, 782, 783, 808, 554, 554, + 554, 554, 554, 554, 794, 794, 794, 794, 794, 794, + 794, 794, 794, 794, 591, 590, 782, 810, 783, 957, + 810, 957, 588, 554, 554, 554, 554, 554, 554, 557, + 557, 557, 557, 557, 557, 557, 557, 557, 557, 557, + 795, 587, 582, 810, 557, 557, 557, 557, 557, 557, + 833, 798, 795, 798, 798, 798, 798, 798, 798, 961, + + 581, 961, 833, 798, 838, 838, 838, 838, 579, 557, + 557, 557, 557, 557, 557, 558, 543, 558, 558, 558, + 558, 558, 558, 558, 558, 558, 558, 561, 806, 806, + 806, 806, 806, 806, 806, 561, 542, 541, 561, 561, + 533, 561, 561, 561, 561, 561, 561, 561, 561, 561, + 561, 561, 561, 561, 964, 532, 964, 561, 561, 561, + 561, 561, 561, 561, 561, 561, 561, 561, 561, 561, + 561, 561, 561, 561, 561, 561, 561, 561, 561, 561, + 561, 561, 561, 561, 561, 561, 561, 561, 561, 561, + 561, 561, 561, 561, 561, 561, 561, 561, 561, 561, + + 589, 589, 589, 589, 589, 589, 589, 589, 589, 589, + 589, 592, 974, 531, 974, 592, 592, 592, 592, 592, + 592, 592, 592, 592, 592, 592, 975, 592, 975, 527, + 592, 592, 592, 592, 592, 592, 592, 592, 592, 592, + 592, 592, 592, 592, 592, 592, 592, 592, 592, 592, + 592, 592, 592, 520, 592, 592, 592, 592, 592, 592, + 592, 592, 592, 592, 592, 592, 592, 592, 592, 592, + 592, 592, 598, 598, 598, 598, 598, 598, 598, 598, + 598, 598, 800, 800, 800, 800, 800, 800, 800, 800, + 800, 800, 814, 814, 814, 814, 814, 814, 814, 814, + + 814, 814, 983, 519, 983, 819, 516, 514, 819, 598, + 600, 600, 600, 600, 600, 600, 600, 600, 600, 600, + 600, 815, 815, 815, 815, 815, 815, 815, 815, 815, + 815, 819, 842, 842, 842, 842, 984, 820, 984, 830, + 820, 830, 830, 830, 830, 830, 830, 513, 600, 609, + 510, 609, 609, 609, 609, 609, 609, 609, 609, 609, + 609, 609, 612, 820, 612, 612, 612, 612, 612, 612, + 612, 612, 612, 612, 612, 988, 509, 988, 612, 612, + 612, 612, 612, 612, 820, 826, 826, 826, 826, 826, + 826, 826, 826, 826, 826, 839, 841, 508, 839, 841, + + 994, 502, 994, 612, 612, 612, 612, 612, 612, 615, + 615, 615, 615, 615, 615, 615, 615, 615, 615, 615, + 501, 839, 841, 615, 615, 615, 615, 615, 615, 843, + 843, 843, 843, 843, 843, 843, 843, 843, 843, 847, + 499, 847, 847, 847, 847, 847, 847, 498, 615, 615, + 615, 615, 615, 615, 616, 497, 616, 616, 616, 616, + 616, 616, 616, 616, 616, 616, 619, 496, 619, 619, + 619, 619, 619, 619, 619, 619, 619, 619, 626, 626, + 626, 626, 626, 626, 626, 626, 626, 626, 626, 626, + 626, 995, 466, 995, 626, 626, 626, 626, 626, 626, + + 852, 852, 852, 852, 852, 852, 852, 852, 852, 852, + 1017, 848, 858, 1017, 848, 858, 997, 1017, 997, 626, + 626, 626, 626, 626, 626, 629, 629, 629, 629, 629, + 629, 629, 629, 629, 629, 629, 629, 848, 858, 465, + 462, 629, 629, 629, 629, 629, 629, 853, 853, 853, + 853, 853, 853, 853, 853, 853, 853, 861, 861, 861, + 861, 1008, 1009, 1008, 1009, 461, 629, 629, 629, 629, + 629, 629, 632, 460, 632, 632, 632, 632, 632, 632, + 632, 632, 632, 632, 633, 875, 875, 875, 875, 875, + 875, 1012, 633, 1012, 459, 633, 633, 453, 633, 633, + + 633, 633, 633, 633, 633, 633, 633, 633, 633, 633, + 633, 1013, 452, 1013, 633, 633, 633, 633, 633, 633, + 633, 633, 633, 633, 633, 633, 633, 633, 633, 633, + 633, 633, 633, 633, 633, 633, 633, 633, 633, 633, + 633, 633, 633, 633, 633, 633, 633, 633, 633, 633, + 633, 633, 633, 633, 633, 633, 633, 657, 451, 882, + 657, 882, 882, 882, 882, 882, 882, 1018, 657, 1018, + 450, 449, 657, 657, 657, 657, 657, 657, 657, 657, + 657, 657, 657, 657, 657, 448, 447, 657, 657, 657, + 657, 657, 657, 657, 657, 657, 657, 657, 657, 657, + + 657, 657, 657, 657, 657, 657, 657, 657, 657, 657, + 446, 657, 657, 657, 657, 657, 657, 657, 657, 657, + 657, 657, 657, 657, 657, 657, 657, 657, 657, 663, + 445, 663, 663, 663, 663, 663, 663, 663, 663, 663, + 663, 854, 854, 854, 854, 854, 854, 854, 854, 854, + 854, 873, 873, 873, 873, 873, 873, 873, 873, 873, + 873, 894, 894, 894, 894, 894, 894, 444, 663, 670, + 443, 670, 670, 670, 670, 670, 670, 670, 670, 670, + 670, 676, 442, 676, 676, 676, 676, 676, 676, 676, + 676, 676, 676, 676, 679, 441, 679, 679, 679, 679, + + 679, 679, 679, 679, 679, 679, 679, 1019, 440, 1019, + 679, 679, 679, 679, 679, 679, 874, 874, 874, 874, + 874, 874, 874, 874, 874, 874, 439, 438, 434, 433, + 428, 427, 426, 420, 419, 679, 679, 679, 679, 679, + 679, 682, 682, 682, 682, 682, 682, 682, 682, 682, + 682, 682, 417, 416, 415, 682, 682, 682, 682, 682, + 682, 878, 878, 878, 878, 878, 878, 878, 878, 878, + 878, 414, 413, 412, 411, 410, 409, 406, 405, 404, + 682, 682, 682, 682, 682, 682, 683, 403, 683, 683, + 683, 683, 683, 683, 683, 683, 683, 683, 694, 694, + + 694, 694, 694, 694, 694, 694, 694, 694, 694, 694, + 718, 387, 718, 718, 718, 718, 718, 718, 718, 718, + 718, 718, 724, 724, 724, 724, 724, 724, 724, 724, 724, 724, 886, 886, 886, 886, 886, 886, 886, 886, 886, 886, 887, 887, 887, 887, 887, 887, 887, 887, - 887, 887, 370, 369, 368, 367, 366, 365, 364, 724, - - 739, 361, 739, 739, 739, 739, 739, 739, 739, 739, - 739, 739, 739, 742, 356, 742, 742, 742, 742, 742, - 742, 742, 742, 742, 742, 742, 355, 354, 347, 742, - 742, 742, 742, 742, 742, 888, 888, 888, 888, 888, - 888, 888, 888, 888, 888, 891, 891, 891, 891, 891, - 891, 346, 345, 344, 742, 742, 742, 742, 742, 742, - 745, 745, 745, 745, 745, 745, 745, 745, 745, 745, - 343, 337, 336, 334, 745, 745, 745, 745, 745, 745, - 333, 332, 891, 893, 893, 893, 893, 893, 893, 893, - 893, 893, 893, 331, 330, 329, 328, 327, 326, 745, - - 745, 745, 745, 745, 745, 746, 325, 746, 746, 746, - 746, 746, 746, 746, 746, 746, 746, 749, 749, 749, - 749, 749, 749, 749, 749, 749, 749, 749, 753, 322, - 321, 319, 311, 310, 307, 306, 753, 296, 294, 753, - 753, 293, 753, 753, 753, 753, 753, 753, 753, 753, - 753, 753, 753, 753, 753, 292, 291, 290, 753, 753, - 753, 753, 753, 753, 753, 753, 753, 753, 753, 753, - 753, 753, 753, 753, 753, 753, 753, 753, 753, 753, - 753, 753, 753, 753, 753, 753, 753, 753, 753, 753, - 753, 753, 753, 753, 753, 753, 753, 753, 753, 753, - - 753, 771, 771, 771, 771, 771, 289, 771, 771, 288, - 287, 771, 286, 285, 284, 283, 280, 277, 276, 269, - 266, 265, 264, 263, 262, 771, 771, 771, 773, 773, - 773, 773, 773, 259, 773, 773, 258, 257, 773, 256, - 255, 254, 252, 251, 250, 249, 248, 247, 246, 245, - 244, 243, 773, 773, 773, 783, 242, 783, 783, 783, - 783, 783, 783, 783, 783, 783, 783, 784, 236, 784, - 784, 784, 784, 784, 784, 784, 784, 784, 784, 785, - 235, 785, 785, 785, 785, 785, 785, 785, 785, 785, - 785, 788, 225, 788, 788, 788, 788, 788, 788, 788, - - 788, 788, 788, 795, 224, 795, 795, 795, 795, 795, - 795, 795, 795, 795, 795, 795, 798, 223, 798, 798, - 798, 798, 798, 798, 798, 798, 798, 798, 222, 220, - 219, 218, 798, 798, 798, 798, 798, 798, 217, 215, - 209, 201, 197, 192, 191, 189, 185, 180, 178, 173, - 161, 160, 159, 158, 157, 149, 148, 798, 798, 798, - 798, 798, 798, 801, 147, 801, 801, 801, 801, 801, - 801, 801, 801, 801, 801, 818, 146, 818, 818, 818, - 818, 818, 818, 818, 818, 818, 818, 821, 145, 821, - 821, 821, 821, 821, 821, 821, 821, 821, 821, 823, - - 144, 823, 823, 823, 823, 823, 823, 823, 823, 823, - 823, 824, 142, 824, 824, 824, 824, 824, 824, 824, - 824, 824, 824, 836, 141, 836, 836, 836, 836, 836, - 836, 836, 836, 836, 836, 849, 140, 849, 849, 849, - 849, 849, 849, 849, 849, 849, 849, 850, 139, 850, - 850, 850, 850, 850, 850, 850, 850, 850, 850, 851, - 138, 851, 851, 851, 851, 851, 851, 851, 851, 851, - 851, 866, 137, 866, 866, 866, 866, 866, 866, 866, - 866, 866, 866, 867, 133, 867, 867, 867, 867, 867, - 867, 867, 867, 867, 867, 869, 129, 869, 869, 869, - - 869, 869, 869, 869, 869, 869, 869, 870, 128, 870, - 870, 870, 870, 870, 870, 870, 870, 870, 870, 883, - 883, 883, 883, 883, 883, 883, 883, 883, 883, 124, - 121, 118, 117, 114, 111, 107, 103, 102, 101, 100, - 99, 95, 82, 75, 68, 67, 63, 62, 61, 58, - 56, 54, 45, 44, 42, 41, 883, 884, 884, 884, - 884, 884, 884, 884, 884, 884, 884, 36, 32, 26, - 20, 19, 16, 15, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 884, 885, 885, 885, 885, 885, - - 885, 885, 885, 885, 885, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 885, 890, 890, 890, 890, 890, 890, 890, - 890, 890, 890, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 890, 896, 896, 896, 896, 896, 896, 896, 896, 896, + 887, 887, 386, 385, 384, 382, 381, 377, 376, 724, + 726, 375, 726, 726, 726, 726, 726, 726, 726, 726, + 726, 726, 888, 888, 888, 888, 888, 888, 888, 888, + 888, 888, 893, 893, 893, 893, 893, 893, 893, 893, + 893, 893, 373, 372, 371, 370, 369, 368, 367, 726, + + 741, 366, 741, 741, 741, 741, 741, 741, 741, 741, + 741, 741, 741, 744, 363, 744, 744, 744, 744, 744, + 744, 744, 744, 744, 744, 744, 358, 357, 356, 744, + 744, 744, 744, 744, 744, 349, 348, 347, 346, 345, + 344, 338, 337, 335, 334, 333, 332, 331, 330, 329, + 328, 327, 326, 323, 744, 744, 744, 744, 744, 744, + 747, 747, 747, 747, 747, 747, 747, 747, 747, 747, + 322, 320, 312, 311, 747, 747, 747, 747, 747, 747, + 308, 307, 297, 295, 294, 293, 292, 291, 290, 289, + 288, 287, 286, 285, 284, 281, 278, 277, 270, 747, + + 747, 747, 747, 747, 747, 748, 266, 748, 748, 748, + 748, 748, 748, 748, 748, 748, 748, 751, 751, 751, + 751, 751, 751, 751, 751, 751, 751, 751, 755, 265, + 264, 263, 259, 258, 257, 256, 755, 255, 254, 755, + 755, 252, 755, 755, 755, 755, 755, 755, 755, 755, + 755, 755, 755, 755, 755, 251, 250, 249, 755, 755, + 755, 755, 755, 755, 755, 755, 755, 755, 755, 755, + 755, 755, 755, 755, 755, 755, 755, 755, 755, 755, + 755, 755, 755, 755, 755, 755, 755, 755, 755, 755, + 755, 755, 755, 755, 755, 755, 755, 755, 755, 755, + + 755, 772, 772, 772, 772, 772, 248, 772, 772, 247, + 246, 772, 245, 244, 243, 242, 236, 235, 225, 224, + 223, 222, 220, 219, 218, 772, 772, 772, 774, 774, + 774, 774, 774, 217, 774, 774, 215, 209, 774, 201, + 197, 192, 191, 189, 185, 180, 178, 173, 161, 160, + 159, 158, 774, 774, 774, 784, 157, 784, 784, 784, + 784, 784, 784, 784, 784, 784, 784, 785, 149, 785, + 785, 785, 785, 785, 785, 785, 785, 785, 785, 786, + 148, 786, 786, 786, 786, 786, 786, 786, 786, 786, + 786, 789, 147, 789, 789, 789, 789, 789, 789, 789, + + 789, 789, 789, 796, 146, 796, 796, 796, 796, 796, + 796, 796, 796, 796, 796, 796, 799, 145, 799, 799, + 799, 799, 799, 799, 799, 799, 799, 799, 144, 142, + 141, 140, 799, 799, 799, 799, 799, 799, 139, 138, + 137, 133, 129, 128, 124, 121, 118, 117, 114, 111, + 107, 103, 102, 101, 100, 99, 95, 799, 799, 799, + 799, 799, 799, 802, 82, 802, 802, 802, 802, 802, + 802, 802, 802, 802, 802, 818, 75, 818, 818, 818, + 818, 818, 818, 818, 818, 818, 818, 821, 68, 821, + 821, 821, 821, 821, 821, 821, 821, 821, 821, 822, + + 67, 822, 822, 822, 822, 822, 822, 822, 822, 822, + 822, 823, 63, 823, 823, 823, 823, 823, 823, 823, + 823, 823, 823, 824, 62, 824, 824, 824, 824, 824, + 824, 824, 824, 824, 824, 825, 61, 825, 825, 825, + 825, 825, 825, 825, 825, 825, 825, 836, 58, 836, + 836, 836, 836, 836, 836, 836, 836, 836, 836, 849, + 56, 849, 849, 849, 849, 849, 849, 849, 849, 849, + 849, 850, 54, 850, 850, 850, 850, 850, 850, 850, + 850, 850, 850, 851, 45, 851, 851, 851, 851, 851, + 851, 851, 851, 851, 851, 866, 44, 866, 866, 866, + + 866, 866, 866, 866, 866, 866, 866, 867, 42, 867, + 867, 867, 867, 867, 867, 867, 867, 867, 867, 868, + 41, 868, 868, 868, 868, 868, 868, 868, 868, 868, + 868, 869, 36, 869, 869, 869, 869, 869, 869, 869, + 869, 869, 869, 870, 32, 870, 870, 870, 870, 870, + 870, 870, 870, 870, 870, 871, 26, 871, 871, 871, + 871, 871, 871, 871, 871, 871, 871, 883, 20, 883, + 883, 883, 883, 883, 883, 883, 883, 883, 883, 884, + 19, 884, 884, 884, 884, 884, 884, 884, 884, 884, + 884, 885, 16, 885, 885, 885, 885, 885, 885, 885, + + 885, 885, 885, 889, 15, 889, 889, 889, 889, 889, + 889, 889, 889, 889, 889, 890, 0, 890, 890, 890, + 890, 890, 890, 890, 890, 890, 890, 891, 0, 891, + 891, 891, 891, 891, 891, 891, 891, 891, 891, 896, + 896, 896, 896, 896, 896, 896, 896, 896, 896, 896, 896, 896, 896, 896, 896, 896, 896, 896, 896, 896, - 896, 896, 897, 897, 897, 897, 897, 897, 897, 897, - 897, 897, 897, 897, 897, 897, 897, 897, 897, 897, - 897, 897, 897, 898, 898, 898, 898, 898, 898, 898, + 897, 897, 897, 897, 897, 897, 897, 897, 897, 897, + 897, 898, 898, 898, 898, 898, 898, 898, 898, 898, 898, 898, 898, 898, 898, 898, 898, 898, 898, 898, - 898, 898, 898, 898, 899, 899, 899, 899, 899, 899, + + 898, 898, 899, 899, 899, 899, 899, 899, 899, 899, 899, 899, 899, 899, 899, 899, 899, 899, 899, 899, - 899, 899, 899, 899, 899, 900, 0, 0, 0, 0, - 0, 0, 900, 0, 900, 900, 900, 900, 0, 0, - 900, 900, 900, 900, 900, 900, 901, 901, 901, 901, + 899, 899, 899, 900, 0, 0, 0, 0, 0, 0, + 900, 0, 900, 900, 900, 900, 0, 0, 900, 900, + 900, 900, 900, 900, 901, 901, 901, 901, 901, 901, 901, 901, 901, 901, 901, 901, 901, 901, 901, 901, - 901, 901, 901, 901, 901, 901, 901, 902, 0, 0, + 901, 901, 901, 901, 901, 902, 0, 0, 0, 0, + 902, 0, 902, 0, 902, 902, 902, 902, 902, 0, + 902, 902, 902, 902, 902, 902, 903, 0, 0, 0, + 0, 0, 0, 903, 0, 903, 903, 903, 903, 0, + + 0, 903, 903, 903, 903, 903, 903, 904, 0, 0, + 904, 904, 0, 904, 904, 0, 904, 904, 904, 904, + 0, 0, 904, 904, 904, 904, 904, 904, 905, 905, + 0, 905, 0, 0, 0, 905, 907, 0, 0, 907, + 907, 0, 907, 907, 0, 907, 907, 907, 907, 0, + 0, 907, 907, 907, 907, 907, 907, 908, 0, 0, + 908, 908, 0, 908, 908, 0, 908, 908, 908, 908, + 0, 908, 908, 908, 0, 908, 908, 908, 910, 0, + 0, 910, 0, 0, 910, 910, 0, 910, 910, 910, + 910, 910, 0, 910, 910, 910, 910, 910, 910, 911, - 0, 0, 902, 0, 902, 0, 902, 902, 902, 902, - 902, 0, 902, 902, 902, 902, 902, 902, 903, 0, - 0, 0, 0, 0, 0, 903, 0, 903, 903, 903, - 903, 0, 0, 903, 903, 903, 903, 903, 903, 904, - 0, 0, 904, 904, 0, 904, 904, 0, 904, 904, - 904, 904, 0, 0, 904, 904, 904, 904, 904, 904, - 905, 905, 0, 905, 0, 0, 0, 905, 907, 0, - 0, 907, 907, 0, 907, 907, 0, 907, 907, 907, - 907, 0, 0, 907, 907, 907, 907, 907, 907, 908, - 0, 0, 908, 908, 0, 908, 908, 0, 908, 908, - - 908, 908, 0, 908, 908, 908, 0, 908, 908, 908, - 910, 0, 0, 910, 0, 0, 910, 910, 0, 910, - 910, 910, 910, 910, 0, 910, 910, 910, 910, 910, - 910, 911, 911, 911, 911, 911, 911, 911, 911, 911, 911, 911, 911, 911, 911, 911, 911, 911, 911, 911, - 911, 911, 912, 912, 0, 912, 0, 912, 912, 912, + 911, 911, 911, 911, 911, 911, 911, 911, 911, 911, + 912, 912, 0, 912, 0, 912, 912, 912, 912, 912, 912, 912, 912, 912, 912, 912, 912, 912, 912, 912, - 912, 912, 912, 913, 0, 0, 0, 0, 913, 0, - 913, 0, 913, 913, 913, 913, 913, 0, 913, 913, - 913, 913, 913, 913, 914, 0, 0, 0, 0, 0, - - 0, 914, 0, 914, 914, 914, 914, 0, 914, 914, - 914, 914, 914, 914, 914, 915, 0, 0, 915, 915, - 0, 915, 915, 0, 915, 915, 915, 915, 0, 915, - 915, 915, 915, 915, 915, 915, 916, 916, 916, 916, + 912, 913, 0, 0, 0, 0, 913, 0, 913, 0, + 913, 913, 913, 913, 913, 0, 913, 913, 913, 913, + 913, 913, 914, 0, 0, 0, 0, 0, 0, 914, + 0, 914, 914, 914, 914, 0, 914, 914, 914, 914, + 914, 914, 914, 915, 0, 0, 915, 915, 0, 915, + 915, 0, 915, 915, 915, 915, 0, 915, 915, 915, + + 915, 915, 915, 915, 916, 916, 916, 916, 916, 916, 916, 916, 916, 916, 916, 916, 916, 916, 916, 916, - 916, 916, 916, 916, 916, 916, 916, 917, 917, 0, + 916, 916, 916, 916, 916, 917, 917, 0, 917, 917, 917, 917, 917, 917, 917, 917, 917, 917, 917, 917, - 917, 917, 917, 917, 917, 917, 917, 917, 918, 0, - 0, 0, 0, 0, 0, 918, 0, 918, 918, 918, - 918, 0, 0, 918, 918, 918, 918, 918, 918, 920, - - 0, 0, 0, 0, 0, 0, 920, 0, 920, 920, - 920, 920, 0, 0, 920, 920, 920, 920, 920, 920, - 921, 0, 0, 921, 921, 0, 921, 921, 0, 921, - 921, 921, 921, 0, 0, 921, 921, 921, 921, 921, - 921, 922, 0, 0, 922, 922, 0, 922, 922, 0, - 922, 922, 922, 922, 0, 0, 922, 922, 922, 922, - 922, 922, 923, 923, 0, 923, 0, 0, 0, 923, - 924, 924, 0, 924, 0, 0, 0, 924, 925, 925, - 925, 0, 925, 0, 0, 0, 925, 926, 0, 0, - 926, 926, 0, 926, 926, 0, 926, 926, 926, 926, - - 0, 0, 926, 926, 926, 926, 926, 926, 927, 0, - 0, 927, 927, 0, 927, 927, 0, 927, 927, 927, - 927, 0, 0, 927, 927, 927, 927, 927, 927, 928, - 0, 0, 928, 928, 0, 928, 928, 0, 928, 928, - 928, 928, 0, 928, 928, 928, 0, 928, 928, 928, - 930, 0, 0, 930, 0, 0, 930, 930, 0, 930, - 930, 930, 930, 930, 0, 930, 930, 930, 930, 930, - 930, 931, 931, 0, 931, 0, 931, 931, 931, 931, + 917, 917, 917, 917, 917, 917, 918, 0, 0, 0, + 0, 0, 0, 918, 0, 918, 918, 918, 918, 0, + 0, 918, 918, 918, 918, 918, 918, 920, 0, 0, + 0, 0, 0, 0, 920, 0, 920, 920, 920, 920, + 0, 0, 920, 920, 920, 920, 920, 920, 921, 0, + 0, 921, 921, 0, 921, 921, 0, 921, 921, 921, + + 921, 0, 0, 921, 921, 921, 921, 921, 921, 922, + 0, 0, 922, 922, 0, 922, 922, 0, 922, 922, + 922, 922, 0, 0, 922, 922, 922, 922, 922, 922, + 923, 923, 0, 923, 0, 0, 0, 923, 924, 924, + 0, 924, 0, 0, 0, 924, 925, 925, 925, 0, + 925, 0, 0, 0, 925, 926, 0, 0, 926, 926, + 0, 926, 926, 0, 926, 926, 926, 926, 0, 0, + 926, 926, 926, 926, 926, 926, 927, 0, 0, 927, + 927, 0, 927, 927, 0, 927, 927, 927, 927, 0, + 0, 927, 927, 927, 927, 927, 927, 928, 0, 0, + + 928, 928, 0, 928, 928, 0, 928, 928, 928, 928, + 0, 928, 928, 928, 0, 928, 928, 928, 930, 0, + 0, 930, 0, 0, 930, 930, 0, 930, 930, 930, + 930, 930, 0, 930, 930, 930, 930, 930, 930, 931, + 931, 0, 931, 0, 931, 931, 931, 931, 931, 931, 931, 931, 931, 931, 931, 931, 931, 931, 931, 931, - 931, 931, 932, 0, 0, 0, 0, 0, 0, 932, - - 0, 932, 932, 932, 932, 0, 0, 932, 932, 932, - 932, 932, 932, 933, 0, 0, 0, 0, 0, 0, - 933, 0, 933, 933, 933, 933, 0, 933, 933, 933, - 933, 933, 933, 933, 934, 0, 0, 934, 934, 0, - 934, 934, 0, 934, 934, 934, 934, 0, 934, 934, - 934, 934, 934, 934, 934, 935, 0, 0, 935, 935, - 0, 935, 936, 936, 936, 936, 936, 936, 936, 936, + 932, 0, 0, 0, 0, 0, 0, 932, 0, 932, + 932, 932, 932, 0, 0, 932, 932, 932, 932, 932, + 932, 933, 0, 0, 0, 0, 0, 0, 933, 0, + 933, 933, 933, 933, 0, 933, 933, 933, 933, 933, + + 933, 933, 934, 0, 0, 934, 934, 0, 934, 934, + 0, 934, 934, 934, 934, 0, 934, 934, 934, 934, + 934, 934, 934, 935, 0, 0, 935, 935, 0, 935, 936, 936, 936, 936, 936, 936, 936, 936, 936, 936, - 936, 936, 936, 937, 937, 0, 937, 0, 0, 0, - 937, 938, 938, 938, 0, 938, 0, 0, 0, 938, + 936, 936, 936, 936, 936, 936, 936, 936, 936, 936, + 936, 937, 937, 0, 937, 0, 0, 0, 937, 938, + 938, 938, 0, 938, 0, 0, 0, 938, 941, 941, + 0, 941, 0, 0, 0, 941, 942, 942, 0, 942, + 0, 0, 0, 942, 943, 943, 0, 943, 0, 0, + 0, 943, 944, 944, 944, 0, 944, 0, 0, 0, + + 944, 945, 0, 0, 945, 945, 0, 945, 946, 946, + 0, 946, 0, 0, 0, 946, 947, 947, 0, 947, + 0, 0, 0, 947, 948, 948, 0, 948, 0, 0, + 0, 948, 949, 949, 949, 0, 949, 0, 0, 0, + 949, 950, 950, 950, 950, 0, 950, 0, 0, 0, + 950, 953, 953, 0, 953, 0, 0, 0, 953, 954, + 954, 0, 954, 0, 0, 0, 954, 955, 955, 0, + 955, 0, 0, 0, 955, 958, 958, 958, 0, 958, + 0, 0, 0, 958, 959, 959, 959, 959, 0, 959, + 0, 0, 0, 959, 960, 960, 960, 960, 960, 960, - 941, 941, 0, 941, 0, 0, 0, 941, 942, 942, - 0, 942, 0, 0, 0, 942, 943, 943, 0, 943, - 0, 0, 0, 943, 944, 944, 944, 0, 944, 0, - 0, 0, 944, 945, 0, 0, 945, 945, 0, 945, - 946, 946, 0, 946, 0, 0, 0, 946, 947, 947, - 0, 947, 0, 0, 0, 947, 948, 948, 0, 948, - 0, 0, 0, 948, 949, 949, 949, 0, 949, 0, - 0, 0, 949, 950, 950, 950, 950, 0, 950, 0, - 0, 0, 950, 953, 953, 0, 953, 0, 0, 0, - 953, 954, 954, 0, 954, 0, 0, 0, 954, 955, - - 955, 0, 955, 0, 0, 0, 955, 958, 958, 958, - 0, 958, 0, 0, 0, 958, 959, 959, 959, 959, - 0, 959, 0, 0, 0, 959, 960, 960, 960, 960, 960, 960, 960, 960, 960, 960, 960, 960, 960, 960, - 960, 960, 960, 960, 960, 960, 960, 962, 962, 0, - 962, 0, 0, 0, 962, 963, 963, 0, 963, 0, - 0, 0, 963, 965, 965, 965, 0, 965, 0, 0, - 0, 965, 966, 966, 966, 966, 0, 966, 0, 0, - 0, 966, 967, 967, 967, 967, 967, 967, 967, 967, + 960, 960, 960, 960, 960, 962, 962, 0, 962, 0, + 0, 0, 962, 963, 963, 0, 963, 0, 0, 0, + 963, 965, 965, 965, 0, 965, 0, 0, 0, 965, + 966, 966, 966, 966, 0, 966, 0, 0, 0, 966, 967, 967, 967, 967, 967, 967, 967, 967, 967, 967, - - 967, 967, 967, 970, 0, 0, 970, 970, 0, 970, - 971, 0, 0, 0, 971, 971, 0, 971, 971, 971, - 0, 0, 971, 971, 972, 972, 0, 972, 0, 0, - 0, 972, 973, 0, 973, 973, 0, 973, 0, 0, - 0, 973, 976, 976, 976, 0, 976, 0, 0, 0, - 976, 977, 977, 977, 977, 0, 977, 0, 0, 0, - 977, 978, 978, 0, 0, 978, 0, 0, 0, 978, - 979, 979, 979, 979, 979, 979, 979, 979, 979, 979, + 967, 967, 967, 967, 967, 967, 967, 967, 967, 967, + 967, 970, 0, 0, 970, 970, 0, 970, 971, 0, + 0, 0, 971, 971, 0, 971, 971, 971, 0, 0, + 971, 971, 972, 972, 0, 972, 0, 0, 0, 972, + + 973, 0, 973, 973, 0, 973, 0, 0, 0, 973, + 976, 976, 976, 0, 976, 0, 0, 0, 976, 977, + 977, 977, 977, 0, 977, 0, 0, 0, 977, 978, + 978, 0, 0, 978, 0, 0, 0, 978, 979, 979, 979, 979, 979, 979, 979, 979, 979, 979, 979, 979, - 979, 981, 0, 0, 981, 981, 0, 981, 982, 0, - - 0, 0, 982, 982, 0, 982, 982, 982, 0, 0, - 982, 982, 985, 985, 0, 985, 0, 0, 0, 985, - 986, 0, 986, 986, 0, 986, 0, 0, 0, 986, - 987, 987, 0, 987, 0, 0, 0, 987, 989, 989, - 989, 0, 989, 0, 0, 0, 989, 990, 990, 990, - 0, 0, 990, 0, 0, 0, 990, 991, 991, 991, + 979, 979, 979, 979, 979, 979, 979, 979, 979, 981, + 0, 0, 981, 981, 0, 981, 982, 0, 0, 0, + 982, 982, 0, 982, 982, 982, 0, 0, 982, 982, + 985, 985, 0, 985, 0, 0, 0, 985, 986, 0, + 986, 986, 0, 986, 0, 0, 0, 986, 987, 987, + + 0, 987, 0, 0, 0, 987, 989, 989, 989, 0, + 989, 0, 0, 0, 989, 990, 990, 990, 0, 0, + 990, 0, 0, 0, 990, 991, 991, 991, 991, 991, 991, 991, 991, 991, 991, 991, 991, 991, 991, 991, - 991, 991, 991, 991, 991, 991, 991, 991, 992, 992, - 0, 992, 992, 992, 0, 992, 0, 992, 992, 992, - 992, 0, 0, 992, 992, 992, 992, 992, 992, 993, - - 993, 0, 993, 993, 993, 0, 993, 0, 993, 993, - 993, 993, 0, 0, 993, 993, 993, 993, 993, 993, - 996, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 996, 996, 0, 996, 996, 0, 996, 998, 998, - 0, 998, 0, 0, 0, 998, 999, 0, 999, 999, - 0, 999, 0, 0, 0, 999, 1002, 1002, 0, 0, - 1002, 0, 0, 0, 1002, 1003, 1003, 1003, 1003, 1003, + 991, 991, 991, 991, 991, 991, 992, 992, 0, 992, + 992, 992, 0, 992, 0, 992, 992, 992, 992, 0, + 0, 992, 992, 992, 992, 992, 992, 993, 993, 0, + 993, 993, 993, 0, 993, 0, 993, 993, 993, 993, + 0, 0, 993, 993, 993, 993, 993, 993, 996, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 996, + + 996, 0, 996, 996, 0, 996, 998, 998, 0, 998, + 0, 0, 0, 998, 999, 0, 999, 999, 0, 999, + 0, 0, 0, 999, 1002, 1002, 0, 0, 1002, 0, + 0, 0, 1002, 1003, 1003, 1003, 1003, 1003, 1003, 1003, 1003, 1003, 1003, 1003, 1003, 1003, 1003, 1003, 1003, 1003, - 1003, 1003, 1003, 1003, 1003, 1003, 1004, 1004, 1004, 1004, + 1003, 1003, 1003, 1003, 1004, 1004, 1004, 1004, 1004, 1004, 1004, 1004, 1004, 1004, 1004, 1004, 1004, 1004, 1004, 1004, - - 1004, 1004, 1004, 1004, 1004, 1004, 1004, 1005, 0, 0, - 0, 0, 0, 0, 1005, 0, 1005, 1005, 1005, 1005, - 0, 0, 1005, 1005, 1005, 1005, 1005, 1005, 1007, 0, - 0, 0, 0, 0, 0, 1007, 0, 1007, 1007, 1007, - 1007, 0, 0, 1007, 1007, 1007, 1007, 1007, 1007, 1010, - 1010, 0, 1010, 0, 0, 0, 1010, 1011, 0, 1011, - 1011, 0, 1011, 0, 0, 0, 1011, 1014, 1014, 0, - 1014, 0, 0, 0, 1014, 1015, 0, 1015, 0, 0, - 1015, 0, 0, 0, 1015, 1016, 1016, 1016, 1016, 1016, + 1004, 1004, 1004, 1004, 1004, 1005, 0, 0, 0, 0, + 0, 0, 1005, 0, 1005, 1005, 1005, 1005, 0, 0, + 1005, 1005, 1005, 1005, 1005, 1005, 1007, 0, 0, 0, + + 0, 0, 0, 1007, 0, 1007, 1007, 1007, 1007, 0, + 0, 1007, 1007, 1007, 1007, 1007, 1007, 1010, 1010, 0, + 1010, 0, 0, 0, 1010, 1011, 0, 1011, 1011, 0, + 1011, 0, 0, 0, 1011, 1014, 1014, 0, 1014, 0, + 0, 0, 1014, 1015, 0, 1015, 0, 0, 1015, 0, + 0, 0, 1015, 1016, 1016, 1016, 1016, 1016, 1016, 1016, 1016, 1016, 1016, 1016, 1016, 1016, 1016, 1016, 1016, 1016, - - 1016, 1016, 1016, 1016, 1016, 1016, 895, 895, 895, 895, + 1016, 1016, 1016, 1016, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, + 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, 895, - 895, 895, 895, 895, 895, 895, 895, 895, 895, 895 + 895, 895, 895, 895, 895, 895, 895, 895 } ; static yy_state_type yy_last_accepting_state; @@ -2188,7 +2182,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1996, 1998-2005, 2007-2017 + * Copyright (c) 1996, 1998-2005, 2007-2020 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -2279,7 +2273,7 @@ -#line 2277 "toke.c" +#line 2271 "toke.c" #define INITIAL 0 #define GOTDEFS 1 @@ -2497,7 +2491,7 @@ { #line 115 "toke.l" -#line 2495 "toke.c" +#line 2489 "toke.c" while ( 1 ) /* loops until end-of-file is reached */ { @@ -2531,7 +2525,7 @@ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; ++yy_cp; } - while ( yy_base[yy_current_state] != 6207 ); + while ( yy_base[yy_current_state] != 6175 ); yy_find_action: yy_act = yy_accept[yy_current_state]; @@ -3423,7 +3417,7 @@ #line 744 "toke.l" ECHO; YY_BREAK -#line 3421 "toke.c" +#line 3415 "toke.c" case YY_END_OF_BUFFER: { @@ -4428,7 +4422,7 @@ int max_paths = 32; struct dirent *dent; struct path_list **paths = NULL; - debug_decl(read_dir_files, SUDOERS_DEBUG_PARSER) + debug_decl(read_dir_files, SUDOERS_DEBUG_PARSER); dir = opendir(dirpath); if (dir == NULL) { @@ -4509,7 +4503,7 @@ { struct path_list **paths = NULL; int count, i; - debug_decl(switch_dir, SUDOERS_DEBUG_PARSER) + debug_decl(switch_dir, SUDOERS_DEBUG_PARSER); count = read_dir_files(dirpath, &paths); if (count > 0) { @@ -4537,7 +4531,7 @@ init_lexer(void) { struct path_list *pl; - debug_decl(init_lexer, SUDOERS_DEBUG_PARSER) + debug_decl(init_lexer, SUDOERS_DEBUG_PARSER); while (idepth) { idepth--; @@ -4575,7 +4569,7 @@ { struct path_list *pl; FILE *fp; - debug_decl(push_include_int, SUDOERS_DEBUG_PARSER) + debug_decl(push_include_int, SUDOERS_DEBUG_PARSER); /* push current state onto stack */ if (idepth >= istacksize) { @@ -4675,7 +4669,7 @@ { struct path_list *pl; FILE *fp; - debug_decl(pop_include, SUDOERS_DEBUG_PARSER) + debug_decl(pop_include, SUDOERS_DEBUG_PARSER); if (idepth == 0 || YY_CURRENT_BUFFER == NULL) debug_return_bool(false); @@ -4718,7 +4712,7 @@ char *path, *pp; int dirlen = 0, len = 0, subst = 0; size_t shost_len = 0; - debug_decl(parse_include, SUDOERS_DEBUG_PARSER) + debug_decl(parse_include, SUDOERS_DEBUG_PARSER); /* Pull out path from #include line. */ cp = base + (isdir ? sizeof("#includedir") : sizeof("#include")); diff -Nru sudo-1.8.31/plugins/sudoers/toke.l sudo-1.9.0/plugins/sudoers/toke.l --- sudo-1.8.31/plugins/sudoers/toke.l 2019-10-28 12:27:39.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/toke.l 2020-05-11 16:28:23.000000000 +0000 @@ -2,7 +2,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1996, 1998-2005, 2007-2017 + * Copyright (c) 1996, 1998-2005, 2007-2020 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -285,7 +285,7 @@ yyless(sudoersleng); } /* base64 digest */ -^#include[[:blank:]]+.*\r?\n { +^#include[[:blank:]]+.*(\r\n|\n)? { char *path; if (continued) { @@ -303,7 +303,7 @@ yyterminate(); } -^#includedir[[:blank:]]+.*\r?\n { +^#includedir[[:blank:]]+.*(\r\n|\n)? { char *path; if (continued) { @@ -364,7 +364,7 @@ } } -^[[:blank:]]*(Host|Cmnd|User|Runas)_Alias { +^[[:blank:]]*(Host|Cmnd|Cmd|User|Runas)_Alias { int n; if (continued) { @@ -783,7 +783,7 @@ int max_paths = 32; struct dirent *dent; struct path_list **paths = NULL; - debug_decl(read_dir_files, SUDOERS_DEBUG_PARSER) + debug_decl(read_dir_files, SUDOERS_DEBUG_PARSER); dir = opendir(dirpath); if (dir == NULL) { @@ -864,7 +864,7 @@ { struct path_list **paths = NULL; int count, i; - debug_decl(switch_dir, SUDOERS_DEBUG_PARSER) + debug_decl(switch_dir, SUDOERS_DEBUG_PARSER); count = read_dir_files(dirpath, &paths); if (count > 0) { @@ -892,7 +892,7 @@ init_lexer(void) { struct path_list *pl; - debug_decl(init_lexer, SUDOERS_DEBUG_PARSER) + debug_decl(init_lexer, SUDOERS_DEBUG_PARSER); while (idepth) { idepth--; @@ -930,7 +930,7 @@ { struct path_list *pl; FILE *fp; - debug_decl(push_include_int, SUDOERS_DEBUG_PARSER) + debug_decl(push_include_int, SUDOERS_DEBUG_PARSER); /* push current state onto stack */ if (idepth >= istacksize) { @@ -1030,7 +1030,7 @@ { struct path_list *pl; FILE *fp; - debug_decl(pop_include, SUDOERS_DEBUG_PARSER) + debug_decl(pop_include, SUDOERS_DEBUG_PARSER); if (idepth == 0 || YY_CURRENT_BUFFER == NULL) debug_return_bool(false); @@ -1073,7 +1073,7 @@ char *path, *pp; int dirlen = 0, len = 0, subst = 0; size_t shost_len = 0; - debug_decl(parse_include, SUDOERS_DEBUG_PARSER) + debug_decl(parse_include, SUDOERS_DEBUG_PARSER); /* Pull out path from #include line. */ cp = base + (isdir ? sizeof("#includedir") : sizeof("#include")); diff -Nru sudo-1.8.31/plugins/sudoers/toke_util.c sudo-1.9.0/plugins/sudoers/toke_util.c --- sudo-1.8.31/plugins/sudoers/toke_util.c 2019-11-06 16:36:20.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/toke_util.c 2020-05-11 16:28:23.000000000 +0000 @@ -52,7 +52,7 @@ { char *dst; int h; - debug_decl(fill_txt, SUDOERS_DEBUG_PARSER) + debug_decl(fill_txt, SUDOERS_DEBUG_PARSER); dst = olen ? realloc(sudoerslval.string, olen + len + 1) : malloc(len + 1); if (dst == NULL) { @@ -87,7 +87,7 @@ append(const char *src, size_t len) { int olen = 0; - debug_decl(append, SUDOERS_DEBUG_PARSER) + debug_decl(append, SUDOERS_DEBUG_PARSER); if (sudoerslval.string != NULL) olen = strlen(sudoerslval.string); @@ -103,7 +103,7 @@ { char *dst; size_t i; - debug_decl(fill_cmnd, SUDOERS_DEBUG_PARSER) + debug_decl(fill_cmnd, SUDOERS_DEBUG_PARSER); arg_len = arg_size = 0; @@ -148,7 +148,7 @@ { unsigned int new_len; char *p; - debug_decl(fill_args, SUDOERS_DEBUG_PARSER) + debug_decl(fill_args, SUDOERS_DEBUG_PARSER); if (arg_size == 0) { addspace = 0; @@ -196,7 +196,7 @@ ipv6_valid(const char *s) { int nmatch = 0; - debug_decl(ipv6_valid, SUDOERS_DEBUG_PARSER) + debug_decl(ipv6_valid, SUDOERS_DEBUG_PARSER); for (; *s != '\0'; s++) { if (s[0] == ':' && s[1] == ':') { diff -Nru sudo-1.8.31/plugins/sudoers/tsdump.c sudo-1.9.0/plugins/sudoers/tsdump.c --- sudo-1.8.31/plugins/sudoers/tsdump.c 2019-10-28 12:27:39.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/tsdump.c 2020-05-11 16:28:23.000000000 +0000 @@ -75,7 +75,7 @@ char *fname = NULL; union timestamp_entry_storage cur; struct timespec now, timediff; - debug_decl(main, SUDOERS_DEBUG_MAIN) + debug_decl(main, SUDOERS_DEBUG_MAIN); #if defined(SUDO_DEVEL) && defined(__OpenBSD__) malloc_options = "S"; @@ -165,7 +165,7 @@ valid_entry(union timestamp_entry_storage *u, off_t pos) { struct timestamp_entry *entry = (struct timestamp_entry *)u; - debug_decl(valid_entry, SUDOERS_DEBUG_UTIL) + debug_decl(valid_entry, SUDOERS_DEBUG_UTIL); switch (entry->version) { case 1: @@ -195,7 +195,7 @@ type2string(int type) { static char name[64]; - debug_decl(type2string, SUDOERS_DEBUG_UTIL) + debug_decl(type2string, SUDOERS_DEBUG_UTIL); switch (type) { case TS_LOCKEXCL: @@ -215,7 +215,7 @@ print_flags(int flags) { bool first = true; - debug_decl(print_flags, SUDOERS_DEBUG_UTIL) + debug_decl(print_flags, SUDOERS_DEBUG_UTIL); printf("flags: "); if (ISSET(flags, TS_DISABLED)) { @@ -244,7 +244,7 @@ convert_entry(union timestamp_entry_storage *record, struct timespec *off) { union timestamp_entry_storage orig; - debug_decl(convert_entry, SUDOERS_DEBUG_UTIL) + debug_decl(convert_entry, SUDOERS_DEBUG_UTIL); if (record->common.version != TS_VERSION) { if (record->common.version != 1) { @@ -282,7 +282,7 @@ static void dump_entry(struct timestamp_entry *entry, off_t pos) { - debug_decl(dump_entry, SUDOERS_DEBUG_UTIL) + debug_decl(dump_entry, SUDOERS_DEBUG_UTIL); printf("position: %lld\n", (long long)pos); printf("version: %hu\n", entry->version); @@ -314,5 +314,5 @@ { fprintf(stderr, "usage: %s [-f timestamp_file] | [-u username]\n", getprogname()); - exit(1); + exit(EXIT_FAILURE); } diff -Nru sudo-1.8.31/plugins/sudoers/visudo.c sudo-1.9.0/plugins/sudoers/visudo.c --- sudo-1.8.31/plugins/sudoers/visudo.c 2019-11-06 16:36:20.000000000 +0000 +++ sudo-1.9.0/plugins/sudoers/visudo.c 2020-05-11 16:28:23.000000000 +0000 @@ -138,7 +138,7 @@ const char *export_path = NULL; int ch, oldlocale, editor_argc, exitcode = 0; bool quiet, strict, fflag; - debug_decl(main, SUDOERS_DEBUG_MAIN) + debug_decl(main, SUDOERS_DEBUG_MAIN); #if defined(SUDO_DEVEL) && defined(__OpenBSD__) { @@ -263,7 +263,7 @@ * errors and to pull in editor and env_editor conf values. */ if ((sudoersin = open_sudoers(sudoers_file, true, NULL)) == NULL) - exit(1); + exit(EXIT_FAILURE); init_parser(sudoers_file, quiet, true); sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); (void) sudoersparse(); @@ -311,7 +311,7 @@ const char *env_editor; static char *files[] = { "+1", "sudoers" }; unsigned int whitelist_len = 0; - debug_decl(get_editor, SUDOERS_DEBUG_UTIL) + debug_decl(get_editor, SUDOERS_DEBUG_UTIL); /* Build up editor whitelist from def_editor unless env_editor is set. */ if (!def_env_editor) { @@ -390,7 +390,7 @@ const char *editor_base = strrchr(editor, '/'); const char *cp; char **av; - debug_decl(editor_supports_plus, SUDOERS_DEBUG_UTIL) + debug_decl(editor_supports_plus, SUDOERS_DEBUG_UTIL); if (editor_base != NULL) editor_base++; @@ -431,7 +431,7 @@ off_t orig_size; /* starting size of sudoers file */ struct stat sb; /* stat buffer */ bool ret = false; /* return value */ - debug_decl(edit_sudoers, SUDOERS_DEBUG_UTIL) + debug_decl(edit_sudoers, SUDOERS_DEBUG_UTIL); if (fstat(sp->fd, &sb) == -1) sudo_fatal(U_("unable to stat %s"), sp->path); @@ -557,7 +557,7 @@ static void check_defaults_and_aliases(bool strict, bool quiet) { - debug_decl(check_defaults_and_aliases, SUDOERS_DEBUG_UTIL) + debug_decl(check_defaults_and_aliases, SUDOERS_DEBUG_UTIL); if (!check_defaults(&parsed_policy, quiet)) { struct defaults *d; @@ -593,7 +593,7 @@ struct sudoersfile *sp, *last; FILE *fp; int ch, oldlocale; - debug_decl(reparse_sudoers, SUDOERS_DEBUG_UTIL) + debug_decl(reparse_sudoers, SUDOERS_DEBUG_UTIL); /* * Parse the edited sudoers files and do sanity checking @@ -693,7 +693,7 @@ { struct stat sb; bool ret = false; - debug_decl(install_sudoers, SUDOERS_DEBUG_UTIL) + debug_decl(install_sudoers, SUDOERS_DEBUG_UTIL); if (sp->tpath == NULL) goto done; @@ -806,7 +806,7 @@ whatnow(void) { int choice, c; - debug_decl(whatnow, SUDOERS_DEBUG_UTIL) + debug_decl(whatnow, SUDOERS_DEBUG_UTIL); for (;;) { (void) fputs(_("What now? "), stdout); @@ -838,7 +838,7 @@ setup_signals(void) { struct sigaction sa; - debug_decl(setup_signals, SUDOERS_DEBUG_UTIL) + debug_decl(setup_signals, SUDOERS_DEBUG_UTIL); /* * Setup signal handlers to cleanup nicely. @@ -860,7 +860,7 @@ { int status; pid_t pid, rv; - debug_decl(run_command, SUDOERS_DEBUG_UTIL) + debug_decl(run_command, SUDOERS_DEBUG_UTIL); switch (pid = sudo_debug_fork()) { case -1: @@ -892,7 +892,7 @@ { struct stat sb; bool ok = true; - debug_decl(check_owner, SUDOERS_DEBUG_UTIL) + debug_decl(check_owner, SUDOERS_DEBUG_UTIL); if (stat(path, &sb) == 0) { if (sb.st_uid != sudoers_uid || sb.st_gid != sudoers_gid) { @@ -919,7 +919,7 @@ { bool ok = false; int oldlocale; - debug_decl(check_syntax, SUDOERS_DEBUG_UTIL) + debug_decl(check_syntax, SUDOERS_DEBUG_UTIL); if (strcmp(sudoers_file, "-") == 0) { sudoersin = stdin; @@ -985,7 +985,7 @@ lock_sudoers(struct sudoersfile *entry) { int ch; - debug_decl(lock_sudoers, SUDOERS_DEBUG_UTIL) + debug_decl(lock_sudoers, SUDOERS_DEBUG_UTIL); if (!sudo_lock_file(entry->fd, SUDO_TLOCK)) { if (errno == EAGAIN || errno == EWOULDBLOCK) { @@ -1011,7 +1011,7 @@ struct sudoersfile *entry; FILE *fp; int open_flags; - debug_decl(open_sudoers, SUDOERS_DEBUG_UTIL) + debug_decl(open_sudoers, SUDOERS_DEBUG_UTIL); if (checkonly) open_flags = O_RDONLY; @@ -1063,7 +1063,7 @@ struct member *m; struct alias *a; int errors = 0; - debug_decl(check_alias, SUDOERS_DEBUG_ALIAS) + debug_decl(check_alias, SUDOERS_DEBUG_ALIAS); if ((a = alias_get(&parsed_policy, name, type)) != NULL) { /* check alias contents */ @@ -1111,7 +1111,7 @@ struct privilege *priv; struct userspec *us; int errors = 0; - debug_decl(check_aliases, SUDOERS_DEBUG_ALIAS) + debug_decl(check_aliases, SUDOERS_DEBUG_ALIAS); used_aliases = alloc_aliases(); if (used_aliases == NULL) { @@ -1184,7 +1184,7 @@ parse_sudoers_options(void) { struct plugin_info_list *plugins; - debug_decl(parse_sudoers_options, SUDOERS_DEBUG_UTIL) + debug_decl(parse_sudoers_options, SUDOERS_DEBUG_UTIL); plugins = sudo_conf_plugins(); if (plugins) { @@ -1283,7 +1283,7 @@ (void) fprintf(fatal ? stderr : stdout, "usage: %s [-chqsV] [[-f] sudoers ]\n", getprogname()); if (fatal) - exit(1); + exit(EXIT_FAILURE); } static void @@ -1298,5 +1298,5 @@ " -q, --quiet less verbose (quiet) syntax error messages\n" " -s, --strict strict syntax checking\n" " -V, --version display version information and exit\n")); - exit(0); + exit(EXIT_SUCCESS); } diff -Nru sudo-1.8.31/plugins/system_group/Makefile.in sudo-1.9.0/plugins/system_group/Makefile.in --- sudo-1.8.31/plugins/system_group/Makefile.in 2019-12-10 13:11:44.000000000 +0000 +++ sudo-1.9.0/plugins/system_group/Makefile.in 2020-05-11 16:28:23.000000000 +0000 @@ -21,9 +21,13 @@ #### Start of system configuration section. #### srcdir = @srcdir@ -devdir = @devdir@ -top_builddir = @top_builddir@ +abs_srcdir = @abs_srcdir@ top_srcdir = @top_srcdir@ +abs_top_srcdir = @abs_top_srcdir@ +top_builddir = @top_builddir@ +abs_top_builddir = @abs_top_builddir@ +devdir = @devdir@ +scriptdir = $(top_srcdir)/scripts incdir = $(top_srcdir)/include cross_compiling = @CROSS_COMPILING@ @@ -43,7 +47,7 @@ LIBS = $(LT_LIBS) # C preprocessor flags -CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(top_srcdir) @CPPFLAGS@ +CPPFLAGS = -I$(incdir) -I$(top_builddir) @CPPFLAGS@ # Usually -O and/or -g CFLAGS = @CFLAGS@ @@ -117,8 +121,8 @@ all: system_group.la depend: - $(top_srcdir)/mkdep.pl --srcdir=$(top_srcdir) \ - --builddir=`pwd`/$(top_builddir) plugins/system_group/Makefile.in + $(scriptdir)/mkdep.pl --srcdir=$(abs_top_srcdir) \ + --builddir=$(abs_top_builddir) plugins/system_group/Makefile.in cd $(top_builddir) && ./config.status --file plugins/system_group/Makefile Makefile: $(srcdir)/Makefile.in @@ -149,7 +153,7 @@ install: install-plugin install-dirs: - $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(plugindir) + $(SHELL) $(scriptdir)/mkinstalldirs $(DESTDIR)$(plugindir) install-binaries: @@ -168,10 +172,10 @@ rm -f $(DESTDIR)$(plugindir)/system_group.so$(INSTALL_BACKUP) splint: - splint $(SPLINT_OPTS) -I$(incdir) -I$(top_builddir) -I$(top_srcdir) $(srcdir)/*.c + splint $(SPLINT_OPTS) -I$(incdir) -I$(top_builddir) $(srcdir)/*.c cppcheck: - cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) -I$(top_srcdir) $(srcdir)/*.c + cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) $(srcdir)/*.c pvs-log-files: $(POBJS) @@ -181,8 +185,8 @@ check: clean: - -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la *.a *.i *.plog \ - stamp-* core *.core core.* + -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la + -rm -f *.i *.plog stamp-* core *.core core.* mostlyclean: clean Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/po/ca.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/po/ca.mo differ diff -Nru sudo-1.8.31/po/ca.po sudo-1.9.0/po/ca.po --- sudo-1.8.31/po/ca.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/po/ca.po 2020-05-11 16:28:23.000000000 +0000 @@ -1,12 +1,12 @@ # translation of sudo to Catalan # This file is put in the public domain. -# Walter Garcia-Fontes , 2016. +# Walter Garcia-Fontes , 2020. msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.19b1\n" +"Project-Id-Version: sudo 1.8.29rc1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2016-11-21 17:45-0700\n" -"PO-Revision-Date: 2016-12-29 15:48+0100\n" +"POT-Creation-Date: 2019-10-21 19:55-0600\n" +"PO-Revision-Date: 2020-03-03 12:42+0100\n" "Last-Translator: Walter Garcia-Fontes \n" "Language-Team: Catalan \n" "Language: ca\n" @@ -15,7 +15,7 @@ "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" -#: lib/util/aix.c:85 lib/util/aix.c:172 +#: lib/util/aix.c:92 lib/util/aix.c:172 msgid "unable to open userdb" msgstr "no s'ha pogut obrir userdb" @@ -28,300 +28,368 @@ msgid "unable to restore registry" msgstr "no s'ha pogut restaurar el registre" -#: lib/util/aix.c:275 lib/util/gidlist.c:64 lib/util/gidlist.c:74 -#: lib/util/sudo_conf.c:184 lib/util/sudo_conf.c:270 lib/util/sudo_conf.c:347 -#: lib/util/sudo_conf.c:545 src/conversation.c:75 src/exec.c:867 -#: src/exec_common.c:107 src/exec_common.c:123 src/exec_common.c:132 -#: src/exec_pty.c:692 src/exec_pty.c:700 src/exec_pty.c:1163 -#: src/load_plugins.c:52 src/load_plugins.c:65 src/load_plugins.c:215 -#: src/load_plugins.c:238 src/load_plugins.c:303 src/load_plugins.c:318 -#: src/parse_args.c:180 src/parse_args.c:202 src/parse_args.c:370 -#: src/parse_args.c:466 src/parse_args.c:488 src/preserve_fds.c:47 -#: src/preserve_fds.c:130 src/selinux.c:83 src/selinux.c:292 src/selinux.c:415 -#: src/selinux.c:424 src/sesh.c:115 src/sudo.c:397 src/sudo.c:416 -#: src/sudo.c:480 src/sudo.c:602 src/sudo.c:662 src/sudo.c:672 src/sudo.c:692 -#: src/sudo.c:711 src/sudo.c:720 src/sudo.c:729 src/sudo.c:746 src/sudo.c:787 -#: src/sudo.c:797 src/sudo.c:817 src/sudo.c:1238 src/sudo.c:1259 -#: src/sudo.c:1433 src/sudo.c:1527 src/sudo_edit.c:151 src/sudo_edit.c:775 -#: src/sudo_edit.c:872 src/sudo_edit.c:985 src/sudo_edit.c:1005 +#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/gidlist.c:81 +#: lib/util/sudo_conf.c:193 lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 +#: lib/util/sudo_conf.c:560 src/conversation.c:84 src/exec_common.c:114 +#: src/exec_common.c:130 src/exec_common.c:139 src/exec_monitor.c:212 +#: src/exec_monitor.c:467 src/exec_monitor.c:473 src/exec_monitor.c:481 +#: src/exec_monitor.c:489 src/exec_monitor.c:496 src/exec_monitor.c:503 +#: src/exec_monitor.c:510 src/exec_monitor.c:517 src/exec_monitor.c:524 +#: src/exec_monitor.c:531 src/exec_monitor.c:538 src/exec_nopty.c:214 +#: src/exec_nopty.c:220 src/exec_nopty.c:229 src/exec_nopty.c:236 +#: src/exec_nopty.c:243 src/exec_nopty.c:250 src/exec_nopty.c:257 +#: src/exec_nopty.c:264 src/exec_nopty.c:271 src/exec_nopty.c:278 +#: src/exec_nopty.c:285 src/exec_nopty.c:292 src/exec_nopty.c:299 +#: src/exec_nopty.c:307 src/exec_nopty.c:480 src/exec_pty.c:786 +#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1002 +#: src/exec_pty.c:1165 src/exec_pty.c:1171 src/exec_pty.c:1180 +#: src/exec_pty.c:1187 src/exec_pty.c:1194 src/exec_pty.c:1201 +#: src/exec_pty.c:1208 src/exec_pty.c:1215 src/exec_pty.c:1222 +#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 +#: src/exec_pty.c:1251 src/exec_pty.c:1668 src/load_plugins.c:59 +#: src/load_plugins.c:72 src/load_plugins.c:225 src/load_plugins.c:246 +#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 +#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:207 +#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 +#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 +#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 +#: src/sudo.c:619 src/sudo.c:679 src/sudo.c:689 src/sudo.c:710 src/sudo.c:729 +#: src/sudo.c:738 src/sudo.c:747 src/sudo.c:764 src/sudo.c:805 src/sudo.c:815 +#: src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 src/sudo.c:1240 +#: src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 src/sudo_edit.c:891 +#: src/sudo_edit.c:1005 src/sudo_edit.c:1025 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/util/aix.c:275 lib/util/gidlist.c:64 lib/util/sudo_conf.c:185 -#: lib/util/sudo_conf.c:270 lib/util/sudo_conf.c:347 lib/util/sudo_conf.c:545 -#: src/conversation.c:76 src/exec.c:867 src/exec_common.c:107 -#: src/exec_common.c:124 src/exec_common.c:133 src/exec_pty.c:692 -#: src/exec_pty.c:700 src/load_plugins.c:215 src/load_plugins.c:238 -#: src/load_plugins.c:303 src/load_plugins.c:318 src/parse_args.c:180 -#: src/parse_args.c:202 src/parse_args.c:370 src/parse_args.c:466 -#: src/parse_args.c:488 src/preserve_fds.c:47 src/preserve_fds.c:130 -#: src/selinux.c:83 src/selinux.c:292 src/selinux.c:415 src/selinux.c:424 -#: src/sesh.c:115 src/sudo.c:397 src/sudo.c:416 src/sudo.c:480 src/sudo.c:602 -#: src/sudo.c:817 src/sudo.c:1238 src/sudo.c:1259 src/sudo.c:1433 -#: src/sudo.c:1527 src/sudo_edit.c:151 src/sudo_edit.c:775 src/sudo_edit.c:872 -#: src/sudo_edit.c:985 src/sudo_edit.c:1005 +#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/sudo_conf.c:194 +#: lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 lib/util/sudo_conf.c:560 +#: src/conversation.c:85 src/exec_common.c:114 src/exec_common.c:131 +#: src/exec_common.c:140 src/exec_monitor.c:467 src/exec_monitor.c:473 +#: src/exec_monitor.c:481 src/exec_monitor.c:489 src/exec_monitor.c:496 +#: src/exec_monitor.c:503 src/exec_monitor.c:510 src/exec_monitor.c:517 +#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_monitor.c:538 +#: src/exec_nopty.c:214 src/exec_nopty.c:220 src/exec_nopty.c:229 +#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 +#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 +#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 +#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:786 +#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1165 +#: src/exec_pty.c:1171 src/exec_pty.c:1180 src/exec_pty.c:1187 +#: src/exec_pty.c:1194 src/exec_pty.c:1201 src/exec_pty.c:1208 +#: src/exec_pty.c:1215 src/exec_pty.c:1222 src/exec_pty.c:1229 +#: src/exec_pty.c:1236 src/exec_pty.c:1243 src/exec_pty.c:1251 +#: src/exec_pty.c:1668 src/load_plugins.c:225 src/load_plugins.c:246 +#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 +#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:208 +#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 +#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 +#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 +#: src/sudo.c:619 src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 +#: src/sudo.c:1240 src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 +#: src/sudo_edit.c:891 src/sudo_edit.c:1005 src/sudo_edit.c:1025 msgid "unable to allocate memory" msgstr "no s'ha pogut assignar memòria" -#: lib/util/strsignal.c:48 +#: lib/util/strsignal.c:55 msgid "Unknown signal" msgstr "Senyal desconegut" -#: lib/util/strtoid.c:76 lib/util/strtoid.c:104 lib/util/strtomode.c:49 -#: lib/util/strtonum.c:58 lib/util/strtonum.c:176 +#: lib/util/strtoid.c:96 lib/util/strtomode.c:56 lib/util/strtonum.c:161 +#: lib/util/strtonum.c:196 msgid "invalid value" msgstr "valor no vàlid" -#: lib/util/strtoid.c:83 lib/util/strtoid.c:111 lib/util/strtomode.c:55 -#: lib/util/strtonum.c:61 lib/util/strtonum.c:188 +#: lib/util/strtomode.c:62 lib/util/strtonum.c:173 msgid "value too large" msgstr "valor massa gran" -#: lib/util/strtoid.c:89 lib/util/strtomode.c:55 lib/util/strtonum.c:61 -#: lib/util/strtonum.c:182 +#: lib/util/strtomode.c:62 lib/util/strtonum.c:167 msgid "value too small" msgstr "valor massa petit" -#: lib/util/sudo_conf.c:203 +#: lib/util/sudo_conf.c:212 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "valor Path no vàlid «%s» a %s, línia %u" -#: lib/util/sudo_conf.c:369 lib/util/sudo_conf.c:422 +#: lib/util/sudo_conf.c:378 lib/util/sudo_conf.c:431 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "valor no vàlid per a %s «%s» a %s, línia %u" -#: lib/util/sudo_conf.c:390 +#: lib/util/sudo_conf.c:399 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "font de grup no suportat «%s» a %s, línia %u" -#: lib/util/sudo_conf.c:406 +#: lib/util/sudo_conf.c:415 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "grups «%s» max no vàlids a %s, línia %u" -#: lib/util/sudo_conf.c:561 +#: lib/util/sudo_conf.c:576 #, c-format msgid "unable to stat %s" msgstr "no es pot obrir %s" -#: lib/util/sudo_conf.c:564 +#: lib/util/sudo_conf.c:579 #, c-format msgid "%s is not a regular file" msgstr "%s no és un fitxer regular" -#: lib/util/sudo_conf.c:567 +#: lib/util/sudo_conf.c:582 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s és propietat de l'uid %u, hauria de ser %u" -#: lib/util/sudo_conf.c:571 +#: lib/util/sudo_conf.c:586 #, c-format msgid "%s is world writable" msgstr "%s és escrivible per tothom" -#: lib/util/sudo_conf.c:574 +#: lib/util/sudo_conf.c:589 #, c-format msgid "%s is group writable" msgstr "%s és escrivible pel grup" -#: lib/util/sudo_conf.c:584 src/selinux.c:201 src/selinux.c:213 src/sudo.c:366 +#: lib/util/sudo_conf.c:599 src/selinux.c:233 src/selinux.c:250 src/sudo.c:363 #, c-format msgid "unable to open %s" msgstr "no s'ha pogut obrir %s" -#: src/exec.c:115 src/exec.c:117 src/exec.c:122 src/exec.c:408 src/exec.c:410 -#: src/exec.c:412 src/exec.c:414 src/exec.c:416 src/exec.c:418 src/exec.c:421 -#: src/exec.c:437 src/exec.c:439 src/exec.c:600 src/exec.c:794 -#: src/exec_pty.c:464 src/exec_pty.c:730 src/exec_pty.c:800 src/exec_pty.c:802 -#: src/exec_pty.c:814 src/exec_pty.c:816 src/exec_pty.c:1347 -#: src/exec_pty.c:1349 src/exec_pty.c:1354 src/exec_pty.c:1356 -#: src/exec_pty.c:1370 src/exec_pty.c:1381 src/exec_pty.c:1383 -#: src/exec_pty.c:1385 src/exec_pty.c:1387 src/exec_pty.c:1389 -#: src/exec_pty.c:1391 src/exec_pty.c:1393 src/signal.c:148 src/signal.c:162 +#: src/exec.c:111 +#, c-format +msgid "unknown login class %s" +msgstr "classe d'inici de sessió %s desconeguda" + +#: src/exec.c:123 +msgid "unable to set user context" +msgstr "no s'ha pogut establir el context d'usuari" + +#: src/exec.c:139 +msgid "unable to set process priority" +msgstr "no s'ha pogut establir la prioritat del procés" + +#: src/exec.c:150 +#, c-format +msgid "unable to change root to %s" +msgstr "no s'ha pogut canviar l'usuari primari a %s" + +#: src/exec.c:163 src/exec.c:169 src/exec.c:176 +#, c-format +msgid "unable to change to runas uid (%u, %u)" +msgstr "no s'ha pogut canviar a runas uid (%u, %u)" + +#: src/exec.c:194 +#, c-format +msgid "unable to change directory to %s" +msgstr "no s'ha pogut canviar el directori a %s" + +#: src/exec.c:293 src/exec_monitor.c:576 src/exec_monitor.c:578 +#: src/exec_nopty.c:538 src/exec_pty.c:530 src/exec_pty.c:1336 +#: src/exec_pty.c:1338 src/signal.c:150 src/signal.c:164 #, c-format msgid "unable to set handler for signal %d" msgstr "no es pot establir el gestor per al senyal %d" -#: src/exec.c:127 src/exec_pty.c:846 src/exec_pty.c:1431 src/tgetpass.c:250 -msgid "unable to fork" -msgstr "no s'ha pogut bifurcar" +#: src/exec_common.c:173 +msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" +msgstr "no s'ha pogut remoure PRIV_PROC_EXEC de PRIV_LIMIT" + +#: src/exec_monitor.c:366 +msgid "error reading from socketpair" +msgstr "error en llegir del parell de sòcols" + +#: src/exec_monitor.c:383 +#, c-format +msgid "unexpected reply type on backchannel: %d" +msgstr "tipus de resposta inesperada al canal posterior: %d" -#: src/exec.c:303 src/exec.c:311 src/exec.c:872 src/exec_pty.c:585 -#: src/exec_pty.c:590 src/exec_pty.c:660 src/exec_pty.c:667 src/exec_pty.c:954 -#: src/exec_pty.c:964 src/exec_pty.c:1009 src/exec_pty.c:1016 -#: src/exec_pty.c:1041 src/exec_pty.c:1496 src/exec_pty.c:1503 -#: src/exec_pty.c:1510 +#: src/exec_monitor.c:475 src/exec_monitor.c:483 src/exec_monitor.c:491 +#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 +#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_monitor.c:533 +#: src/exec_monitor.c:540 src/exec_nopty.c:222 src/exec_nopty.c:231 +#: src/exec_nopty.c:238 src/exec_nopty.c:245 src/exec_nopty.c:252 +#: src/exec_nopty.c:259 src/exec_nopty.c:266 src/exec_nopty.c:273 +#: src/exec_nopty.c:280 src/exec_nopty.c:287 src/exec_nopty.c:294 +#: src/exec_nopty.c:301 src/exec_nopty.c:309 src/exec_pty.c:652 +#: src/exec_pty.c:657 src/exec_pty.c:754 src/exec_pty.c:761 src/exec_pty.c:858 +#: src/exec_pty.c:1173 src/exec_pty.c:1182 src/exec_pty.c:1189 +#: src/exec_pty.c:1196 src/exec_pty.c:1203 src/exec_pty.c:1210 +#: src/exec_pty.c:1217 src/exec_pty.c:1224 src/exec_pty.c:1231 +#: src/exec_pty.c:1238 src/exec_pty.c:1245 src/exec_pty.c:1621 +#: src/exec_pty.c:1631 src/exec_pty.c:1676 src/exec_pty.c:1683 +#: src/exec_pty.c:1710 msgid "unable to add event to queue" msgstr "no s'ha pogut afegir un esdeveniment a la cua" -#: src/exec.c:391 -msgid "unable to create sockets" -msgstr "no s'ha pogut crear el sòcol" +#: src/exec_monitor.c:594 +msgid "unable to set controlling tty" +msgstr "no s'ha pogut configurar la tty controladora" + +#: src/exec_monitor.c:602 src/exec_nopty.c:366 src/exec_pty.c:1415 +#: src/exec_pty.c:1436 src/exec_pty.c:1456 src/tgetpass.c:307 +msgid "unable to create pipe" +msgstr "no s'ha pogut crear un conducte" + +#: src/exec_monitor.c:610 +msgid "unable to receive message from parent" +msgstr "no s'ha pogut enviar el missatge del pare" + +#: src/exec_monitor.c:624 src/exec_nopty.c:395 src/exec_pty.c:1494 +#: src/tgetpass.c:311 +msgid "unable to fork" +msgstr "no s'ha pogut bifurcar" + +#: src/exec_monitor.c:628 src/exec_monitor.c:727 src/exec_nopty.c:448 +msgid "unable to restore tty label" +msgstr "no s'ha pogut restaurar l'etiqueta tty" + +#: src/exec_monitor.c:644 src/sesh.c:127 src/sudo.c:1100 +#, c-format +msgid "unable to execute %s" +msgstr "no s'ha pogut executar %s" -#: src/exec.c:446 +#: src/exec_nopty.c:360 src/exec_pty.c:1345 msgid "policy plugin failed session initialization" msgstr "el connector de política ha fallat la inicialització de la sessió" -#: src/exec.c:491 +#: src/exec_nopty.c:437 src/exec_pty.c:1581 msgid "error in event loop" msgstr "error al bucle d'esdeveniment" -#: src/exec.c:509 -msgid "unable to restore tty label" -msgstr "no s'ha pogut restaurar l'etiqueta tty" - -#: src/exec.c:608 src/exec_pty.c:496 src/signal.c:87 +#: src/exec_nopty.c:546 src/exec_pty.c:565 src/signal.c:112 #, c-format msgid "unable to restore handler for signal %d" msgstr "no s'ha pogut restaurar el gestor per al senyal %d" -#: src/exec.c:726 src/exec_pty.c:1236 -msgid "error reading from signal pipe" -msgstr "error en llegir del conducte del senyal" - -#: src/exec_common.c:166 -msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" -msgstr "no s'ha pogut remoure PRIV_PROC_EXEC de PRIV_LIMIT" - -#: src/exec_pty.c:188 +#: src/exec_pty.c:158 msgid "unable to allocate pty" msgstr "no s'ha pogut assignar pty" -#: src/exec_pty.c:774 src/exec_pty.c:783 src/exec_pty.c:791 -#: src/exec_pty.c:1339 src/exec_pty.c:1428 src/signal.c:129 src/tgetpass.c:246 -msgid "unable to create pipe" -msgstr "no s'ha pogut crear un conducte" - -#: src/exec_pty.c:1269 -msgid "error reading from pipe" -msgstr "error en llegir del conducte" - -#: src/exec_pty.c:1296 -msgid "error reading from socketpair" -msgstr "error en llegir del parell de sòcols" - -#: src/exec_pty.c:1305 -#, c-format -msgid "unexpected reply type on backchannel: %d" -msgstr "tipus de resposta inesperada al canal posterior: %d" - -#: src/exec_pty.c:1407 -msgid "unable to set controlling tty" -msgstr "no s'ha pogut configurar la tty controladora" +#: src/exec_pty.c:1325 +msgid "unable to create sockets" +msgstr "no s'ha pogut crear el sòcol" -#: src/load_plugins.c:50 src/load_plugins.c:63 src/load_plugins.c:85 -#: src/load_plugins.c:115 src/load_plugins.c:123 src/load_plugins.c:129 -#: src/load_plugins.c:170 src/load_plugins.c:178 src/load_plugins.c:185 -#: src/load_plugins.c:191 +#: src/exec_pty.c:1538 +msgid "unable to send message to monitor process" +msgstr "no s'ha pogut enviar el missatge per monitorar el procés" + +#: src/load_plugins.c:57 src/load_plugins.c:70 src/load_plugins.c:92 +#: src/load_plugins.c:122 src/load_plugins.c:134 src/load_plugins.c:140 +#: src/load_plugins.c:181 src/load_plugins.c:189 src/load_plugins.c:196 +#: src/load_plugins.c:202 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "error a %s, línia %d quan s'estava carregant el connector «%s»" -#: src/load_plugins.c:87 +#: src/load_plugins.c:94 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:125 +#: src/load_plugins.c:136 #, c-format msgid "%s must be owned by uid %d" msgstr "%s ha de ser propietat de l'uid %d" -#: src/load_plugins.c:131 +#: src/load_plugins.c:142 #, c-format msgid "%s must be only be writable by owner" msgstr "%s ha de ser escrivible únicament pel propietari" -#: src/load_plugins.c:172 +#: src/load_plugins.c:183 #, c-format msgid "unable to load %s: %s" msgstr "no s'ha pogut carregar %s: %s" -#: src/load_plugins.c:180 +#: src/load_plugins.c:191 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "no s'ha pogut trobar el símbol «%s» a %s" -#: src/load_plugins.c:187 +#: src/load_plugins.c:198 #, c-format msgid "unknown policy type %d found in %s" msgstr "s'ha trobat un tipus desconegut de política %d a %s" -#: src/load_plugins.c:193 +#: src/load_plugins.c:204 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "s'ha trobat una versió major %d incompatible de connector (s'esperava %d) a %s" -#: src/load_plugins.c:202 +#: src/load_plugins.c:213 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "s'ignorarà el connector de política «%s» a %s, línia %d" -#: src/load_plugins.c:204 +#: src/load_plugins.c:215 msgid "only a single policy plugin may be specified" msgstr "sols es pot especificar un únic connector de política" -#: src/load_plugins.c:207 +#: src/load_plugins.c:218 #, c-format msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" msgstr "s'ignorarà el connector entrada/sortida duplicat «%s» a %s, línia %d" -#: src/load_plugins.c:228 +#: src/load_plugins.c:237 #, c-format msgid "ignoring duplicate I/O plugin \"%s\" in %s, line %d" msgstr "s'ignorarà el connector entrada/sortida duplica «%s» a %s, línia %d" -#: src/load_plugins.c:331 +#: src/load_plugins.c:353 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "el connector de política %s no inclou un mètode check_policy" -#: src/net_ifs.c:173 src/net_ifs.c:190 src/net_ifs.c:335 src/sudo.c:475 +#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:473 #, c-format msgid "internal error, %s overflow" msgstr "error intern, sobreeiximent de %s" -#: src/parse_args.c:239 +#: src/parse_args.c:228 +#, c-format +msgid "invalid environment variable name: %s" +msgstr "nom no vàlid de variable d'entorn: %s" + +#: src/parse_args.c:329 msgid "the argument to -C must be a number greater than or equal to 3" msgstr "l'argument per a -C ha de ser un número més gran o igual a 3" -#: src/parse_args.c:406 +#: src/parse_args.c:523 msgid "you may not specify both the `-i' and `-s' options" msgstr "no podeu especificar a l'hora les opcions `-i' i `-s'" -#: src/parse_args.c:410 +#: src/parse_args.c:527 msgid "you may not specify both the `-i' and `-E' options" msgstr "no podeu especificar a l'hora les opcons `-i' i `-E'" -#: src/parse_args.c:420 +#: src/parse_args.c:537 msgid "the `-E' option is not valid in edit mode" msgstr "l'opció `-E' no és vàlida al mode editar" -#: src/parse_args.c:422 +#: src/parse_args.c:539 msgid "you may not specify environment variables in edit mode" msgstr "no podeu especificar variables d'entorn al mode editar" -#: src/parse_args.c:430 +#: src/parse_args.c:547 msgid "the `-U' option may only be used with the `-l' option" msgstr "l'opció `-U' sols es pot usar amb l'opció `-l'" -#: src/parse_args.c:434 +#: src/parse_args.c:551 msgid "the `-A' and `-S' options may not be used together" msgstr "no es poden usar a l'hora les opcions `-A' i `-S'" -#: src/parse_args.c:510 +#: src/parse_args.c:627 msgid "sudoedit is not supported on this platform" msgstr "aquesta plataforma no dóna suport a sudoedit" -#: src/parse_args.c:583 +#: src/parse_args.c:700 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Sols es pot especificar una de les opcions -e, -h, -i, -K, -l, -s, -v o -V" -#: src/parse_args.c:597 +#: src/parse_args.c:714 #, c-format msgid "" "%s - edit files as another user\n" @@ -330,7 +398,7 @@ "%s - edita fitxers com un altre usuari\n" "\n" -#: src/parse_args.c:599 +#: src/parse_args.c:716 #, c-format msgid "" "%s - execute a command as another user\n" @@ -339,7 +407,7 @@ "%s - executa una ordre com un altre usuari\n" "\n" -#: src/parse_args.c:604 +#: src/parse_args.c:721 #, c-format msgid "" "\n" @@ -348,520 +416,535 @@ "\n" "Opcions:\n" -#: src/parse_args.c:606 +#: src/parse_args.c:723 msgid "use a helper program for password prompting" msgstr "usa un programa auxiliar per a la pregunta de la contrasenya" -#: src/parse_args.c:609 +#: src/parse_args.c:726 msgid "use specified BSD authentication type" msgstr "usa el tipus d'autenticació BSD especificat" -#: src/parse_args.c:612 +#: src/parse_args.c:729 msgid "run command in the background" msgstr "executa l'ordre en el segon pla" -#: src/parse_args.c:614 +#: src/parse_args.c:731 +msgid "ring bell when prompting" +msgstr "fer un avís sonor quan es pregunti" + +#: src/parse_args.c:733 msgid "close all file descriptors >= num" msgstr "tanca tots els descriptors de fitxer >= num" -#: src/parse_args.c:617 +#: src/parse_args.c:736 msgid "run command with the specified BSD login class" msgstr "executa l'ordre amb la classe d'inici de sesssió BSD especificada" -#: src/parse_args.c:620 +#: src/parse_args.c:739 msgid "preserve user environment when running command" msgstr "preserva l'entorn de l'usuari quan s'executi l'ordre" -#: src/parse_args.c:622 +#: src/parse_args.c:741 +msgid "preserve specific environment variables" +msgstr "preserva les variables específiques d'entorn" + +#: src/parse_args.c:743 msgid "edit files instead of running a command" msgstr "edita els fitxers en comptes d'executar una ordre" -#: src/parse_args.c:624 +#: src/parse_args.c:745 msgid "run command as the specified group name or ID" msgstr "executa l'ordre com el nom o ID especificats de grup" -#: src/parse_args.c:626 +#: src/parse_args.c:747 msgid "set HOME variable to target user's home dir" msgstr "estableix la variable HOME per apuntar al directori de l'usuari" -#: src/parse_args.c:628 +#: src/parse_args.c:749 msgid "display help message and exit" msgstr "mostra el missatge d'ajuda i surt" -#: src/parse_args.c:630 +#: src/parse_args.c:751 msgid "run command on host (if supported by plugin)" msgstr "executa l'ordre a l'amfitrió (si està suportat pel connector)" -#: src/parse_args.c:632 +#: src/parse_args.c:753 msgid "run login shell as the target user; a command may also be specified" msgstr "executa l'intèrpret d'ordres de l'inici de sessió com a usuari de destinació; també es pot especificar una ordre" -#: src/parse_args.c:634 +#: src/parse_args.c:755 msgid "remove timestamp file completely" msgstr "suprimeix completament el fitxer de marca de temps" -#: src/parse_args.c:636 +#: src/parse_args.c:757 msgid "invalidate timestamp file" msgstr "fitxer de marca de temps no vàlid" -#: src/parse_args.c:638 +#: src/parse_args.c:759 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "fes una llista dels privilegis de l'usuari o verifica una ordre específica; usueu-lo dues vegades per a formats més llargs" -#: src/parse_args.c:640 +#: src/parse_args.c:761 msgid "non-interactive mode, no prompts are used" msgstr "mode no interactiu, no es preguntarà res" -#: src/parse_args.c:642 +#: src/parse_args.c:763 msgid "preserve group vector instead of setting to target's" msgstr "preserva el vector de grup en comptes d'establir-lo d'acord amb la destinació" -#: src/parse_args.c:644 +#: src/parse_args.c:765 msgid "use the specified password prompt" msgstr "usa la pregunta específica de contrasenya" -#: src/parse_args.c:647 +#: src/parse_args.c:768 msgid "create SELinux security context with specified role" msgstr "crea un context de seguretat SELinux amb el rol especificat" -#: src/parse_args.c:650 +#: src/parse_args.c:771 msgid "read password from standard input" msgstr "llegeix la contrasenya des de l'entrada estàndard" -#: src/parse_args.c:652 +#: src/parse_args.c:773 msgid "run shell as the target user; a command may also be specified" msgstr "executa l'intèrpret d'ordres com a usuari de destinació; també es pot especificar una ordre" -#: src/parse_args.c:655 +#: src/parse_args.c:776 msgid "create SELinux security context with specified type" msgstr "crea el context de seguretat SELinux amb el tipus especificat" -#: src/parse_args.c:658 +#: src/parse_args.c:779 +msgid "terminate command after the specified time limit" +msgstr "finalitza l'ordre després del límit especificat de temps" + +#: src/parse_args.c:781 msgid "in list mode, display privileges for user" msgstr "en mode llista, mostra els privilegis per a l'usuari" -#: src/parse_args.c:660 +#: src/parse_args.c:783 msgid "run command (or edit file) as specified user name or ID" msgstr "executa l'ordre (o edita el fitxer) com el nom o ID especificats d'usuari" -#: src/parse_args.c:662 +#: src/parse_args.c:785 msgid "display version information and exit" msgstr "mostra la informació de versió i surt" -#: src/parse_args.c:664 +#: src/parse_args.c:787 msgid "update user's timestamp without running a command" msgstr "actualitza la marca de temps de l'usuari sense executar una ordre" -#: src/parse_args.c:666 +#: src/parse_args.c:789 msgid "stop processing command line arguments" msgstr "deixa de processar els arguments de línia d'ordres" -#: src/selinux.c:77 +#: src/selinux.c:85 msgid "unable to open audit system" msgstr "no s'ha pogut obrir el sistema d'auditoria" -#: src/selinux.c:87 +#: src/selinux.c:95 msgid "unable to send audit message" msgstr "no s'ha pogut enviar el missatge d'auditoria" -#: src/selinux.c:115 +#: src/selinux.c:129 #, c-format msgid "unable to fgetfilecon %s" msgstr "no s'ha pogut fgetfilecon %s" -#: src/selinux.c:120 +#: src/selinux.c:134 #, c-format msgid "%s changed labels" msgstr "%s ha canviat les etiquetes" -#: src/selinux.c:125 +#: src/selinux.c:142 #, c-format msgid "unable to restore context for %s" msgstr "no s'ha pogut restaurar el context per a %s" -#: src/selinux.c:165 +#: src/selinux.c:190 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "no s'ha pogut obrir %s, no es canviaran les etiquetes per a la tty" -#: src/selinux.c:173 +#: src/selinux.c:194 src/selinux.c:237 src/selinux.c:254 +#, c-format +msgid "%s is not a character device, not relabeling tty" +msgstr "%s no es un dispositiu de caràcters, no es canviarà l'etiqueta del tty" + +#: src/selinux.c:203 msgid "unable to get current tty context, not relabeling tty" msgstr "no s'ha pogut obtenir el context tty actual, no es canviaran les etiquetes per a la tty" -#: src/selinux.c:180 +#: src/selinux.c:210 msgid "unknown security class \"chr_file\", not relabeling tty" msgstr "classe de seguretat «char_file» desconeguda, no es canviaran les etiquetes de la tty" -#: src/selinux.c:185 +#: src/selinux.c:215 msgid "unable to get new tty context, not relabeling tty" msgstr "no s'ha pogut obtenir el nou context tty, no es canviaran les etiquetes tty" -#: src/selinux.c:192 +#: src/selinux.c:224 msgid "unable to set new tty context" msgstr "no s'ha pogut establir el nou context tty" -#: src/selinux.c:256 +#: src/selinux.c:298 #, c-format msgid "you must specify a role for type %s" msgstr "heu d'especificar un rol per al tipus %s" -#: src/selinux.c:262 +#: src/selinux.c:304 #, c-format msgid "unable to get default type for role %s" msgstr "no s'ha pogut obtenir un tipus predeterminat per al rol %s" -#: src/selinux.c:280 +#: src/selinux.c:316 +msgid "failed to get new context" +msgstr "no s'ha pogut obtenir el context nou" + +#: src/selinux.c:325 #, c-format msgid "failed to set new role %s" msgstr "no s'ha pogut establir el nou rol %s" -#: src/selinux.c:284 +#: src/selinux.c:329 #, c-format msgid "failed to set new type %s" msgstr "no s'ha pogut establir el nou tipus %s" -#: src/selinux.c:296 +#: src/selinux.c:341 #, c-format msgid "%s is not a valid context" msgstr "%s no és un context vàlid" -#: src/selinux.c:331 -msgid "failed to get old_context" -msgstr "no s'ha pogut obtenir old_context" +#: src/selinux.c:373 +msgid "failed to get old context" +msgstr "no s'ha pogut obtenir el context vell" -#: src/selinux.c:337 +#: src/selinux.c:379 msgid "unable to determine enforcing mode." msgstr "no s'ha pogut determinar el mode de fer complir" -#: src/selinux.c:354 +#: src/selinux.c:396 #, c-format msgid "unable to set tty context to %s" msgstr "no s'ha pogut establir el context tty a %s" -#: src/selinux.c:393 +#: src/selinux.c:428 #, c-format msgid "unable to set exec context to %s" msgstr "no s'ha pogut establir el context exec a %s" -#: src/selinux.c:400 +#: src/selinux.c:435 #, c-format msgid "unable to set key creation context to %s" msgstr "no s'ha pogut establir el context de creació de clau a %s" -#: src/sesh.c:77 +#: src/sesh.c:79 msgid "requires at least one argument" msgstr "es requereix almenys un argument" -#: src/sesh.c:106 +#: src/sesh.c:108 #, c-format msgid "invalid file descriptor number: %s" msgstr "número no vàlid de descriptor de fitxer: %s" -#: src/sesh.c:120 +#: src/sesh.c:122 #, c-format msgid "unable to run %s as a login shell" msgstr "no s'ha pogut executar %s com a intèrpret d'ordres d'inici de sessió" -#: src/sesh.c:125 src/sudo.c:1297 -#, c-format -msgid "unable to execute %s" -msgstr "no s'ha pogut executar %s" - -#: src/signal.c:69 +#: src/signal.c:90 #, c-format msgid "unable to save handler for signal %d" msgstr "no s'ha pogut desar el gestorper al senyal %d" -#: src/solaris.c:76 +#: src/solaris.c:83 msgid "resource control limit has been reached" msgstr "s'ha assolit el límit de control de recursos" -#: src/solaris.c:79 +#: src/solaris.c:86 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "l'usuari \"%s\" no és un membre del projecte \"%s\"" -#: src/solaris.c:83 +#: src/solaris.c:90 msgid "the invoking task is final" msgstr "la tasca invocant és final" -#: src/solaris.c:86 +#: src/solaris.c:93 #, c-format msgid "could not join project \"%s\"" msgstr "no es pot fer la incorporació al projecte \"%s\"" -#: src/solaris.c:91 +#: src/solaris.c:98 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "no hi ha vinculacions predeterminades d'acceptació de conjunt de recursos per al projecte \"%s\"" -#: src/solaris.c:95 +#: src/solaris.c:102 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "no existeix el conjunt de recursos especifica per al projecte \"%s\"" -#: src/solaris.c:99 +#: src/solaris.c:106 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "no s'ha pogut vincular al conjunt de recursos predeterminats per al projecte \"%s\"" -#: src/solaris.c:105 +#: src/solaris.c:112 #, c-format msgid "setproject failed for project \"%s\"" msgstr "ha fallat setproject per al projecte \"%s\"" -#: src/solaris.c:107 +#: src/solaris.c:114 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "advertiment, l'assignació de control de recursos ha fallat per al projecte \"%s\"" -#: src/sudo.c:212 +#: src/sudo.c:204 #, c-format msgid "Sudo version %s\n" msgstr "Versió de sudo %s\n" -#: src/sudo.c:214 +#: src/sudo.c:206 #, c-format msgid "Configure options: %s\n" msgstr "Opcions de configuració: %s\n" -#: src/sudo.c:222 +#: src/sudo.c:214 msgid "fatal error, unable to load plugins" msgstr "error fatal, no s'han pogut carregar els connectors" -#: src/sudo.c:230 +#: src/sudo.c:222 msgid "unable to initialize policy plugin" msgstr "no s'ha pogut inicialitzar el connector de polítiques" -#: src/sudo.c:274 +#: src/sudo.c:266 msgid "plugin did not return a command to execute" msgstr "el connector no ha retornat una ordre a executar" -#: src/sudo.c:290 +#: src/sudo.c:282 #, c-format msgid "error initializing I/O plugin %s" msgstr "no se pogut iniciliatzar el connector %s entrada/sortida" -#: src/sudo.c:316 +#: src/sudo.c:306 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "mode 0x%x inesperat de sudo" -#: src/sudo.c:460 -msgid "unable to get group vector" -msgstr "no s'ha pogut obtenir el vector de grup" - -#: src/sudo.c:522 +#: src/sudo.c:538 #, c-format -msgid "unknown uid %u: who are you?" -msgstr "uid %u desconegut: qui sou?" +msgid "you do not exist in the %s database" +msgstr "no existiu a la base de dades %s" -#: src/sudo.c:578 +#: src/sudo.c:595 msgid "unable to determine tty" msgstr "no s'ha pogut determinar la tty" -#: src/sudo.c:866 +#: src/sudo.c:887 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s ha de ser propietat de l'uid %d i tenir el bit setuid establert" -#: src/sudo.c:869 +#: src/sudo.c:890 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "" "l'uid efectiu no és %d, és %s a un sistema de fitxers amb l'opció\n" "'nosuid' establarta o un sistema de fitxers NFS sense d'usuari primari? " -#: src/sudo.c:875 +#: src/sudo.c:896 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "l'uid efectiu no és %d, és el sudo instal·lat com a setuid root?" -#: src/sudo.c:956 +#: src/sudo.c:912 msgid "unable to set supplementary group IDs" msgstr "no s'han pogut establir els IDs de grup suplementaris" -#: src/sudo.c:963 +#: src/sudo.c:919 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "no s'ha pogut establir el gid efectiu per a runas gid %u" -#: src/sudo.c:969 +#: src/sudo.c:925 #, c-format msgid "unable to set gid to runas gid %u" msgstr "no s'ha pogut establir el gid a runas gid %u" -#: src/sudo.c:1040 -#, c-format -msgid "unknown login class %s" -msgstr "classe d'inici de sessió %s desconeguda" - -#: src/sudo.c:1053 -msgid "unable to set user context" -msgstr "no s'ha pogut establir el context d'usuari" - -#: src/sudo.c:1069 -msgid "unable to set process priority" -msgstr "no s'ha pogut establir la prioritat del procés" - -#: src/sudo.c:1077 -#, c-format -msgid "unable to change root to %s" -msgstr "no s'ha pogut canviar l'usuari primari a %s" - -#: src/sudo.c:1090 src/sudo.c:1096 src/sudo.c:1103 -#, c-format -msgid "unable to change to runas uid (%u, %u)" -msgstr "no s'ha pogut canviar a runas uid (%u, %u)" - -#: src/sudo.c:1121 -#, c-format -msgid "unable to change directory to %s" -msgstr "no s'ha pogut canviar el directori a %s" - -#: src/sudo.c:1179 +#: src/sudo.c:982 #, c-format msgid "unexpected child termination condition: %d" msgstr "condició de terminació del fill inesperada: %d" -#: src/sudo.c:1325 +#: src/sudo.c:1128 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "no hi ha el mètode `check_policy' al connector de polítiques %s" -#: src/sudo.c:1343 +#: src/sudo.c:1146 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "el connector de política %s no dóna suport a llistar privilegis" -#: src/sudo.c:1360 +#: src/sudo.c:1163 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "el connector de polítiques %s no dóna suport a l'opció -v" -#: src/sudo.c:1375 +#: src/sudo.c:1178 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "el connector de polítiques %s no dóna suport a les opcions -k/-K" -#: src/sudo_edit.c:181 src/sudo_edit.c:270 +#: src/sudo_edit.c:221 +msgid "no writable temporary directory found" +msgstr "no s'ha trobat un directori temporari amb permís d'escriptura" + +#: src/sudo_edit.c:288 src/sudo_edit.c:377 msgid "unable to restore current working directory" msgstr "no s'ha pogut restaurar el directori actual de treball" -#: src/sudo_edit.c:577 src/sudo_edit.c:689 +#: src/sudo_edit.c:594 src/sudo_edit.c:707 #, c-format msgid "%s: not a regular file" msgstr "%s: no és un fitxer regular" -#: src/sudo_edit.c:584 +#: src/sudo_edit.c:601 #, c-format msgid "%s: editing symbolic links is not permitted" msgstr "%s: no es permet l'edició de enllaços simbòlics" -#: src/sudo_edit.c:587 +#: src/sudo_edit.c:604 #, c-format msgid "%s: editing files in a writable directory is not permitted" msgstr "%s: no es permet l'edició de fitxers a un directori amb permís d'escriptura" -#: src/sudo_edit.c:620 src/sudo_edit.c:728 +#: src/sudo_edit.c:637 src/sudo_edit.c:747 #, c-format msgid "%s: short write" msgstr "%s: escriptura breu" -#: src/sudo_edit.c:690 +#: src/sudo_edit.c:708 #, c-format msgid "%s left unmodified" msgstr "%s s'ha deixat sense modificar" -#: src/sudo_edit.c:703 src/sudo_edit.c:889 +#: src/sudo_edit.c:721 src/sudo_edit.c:908 #, c-format msgid "%s unchanged" msgstr "%s sense canviar" -#: src/sudo_edit.c:717 src/sudo_edit.c:739 +#: src/sudo_edit.c:736 src/sudo_edit.c:758 #, c-format msgid "unable to write to %s" msgstr "no s'ha pogut escriure a %s" -#: src/sudo_edit.c:718 src/sudo_edit.c:737 src/sudo_edit.c:740 -#: src/sudo_edit.c:914 src/sudo_edit.c:918 +#: src/sudo_edit.c:737 src/sudo_edit.c:756 src/sudo_edit.c:759 +#: src/sudo_edit.c:933 src/sudo_edit.c:937 #, c-format msgid "contents of edit session left in %s" msgstr "els continguts de la sessió d'edició s'han deixat a %s" -#: src/sudo_edit.c:736 +#: src/sudo_edit.c:755 msgid "unable to read temporary file" msgstr "no s'ha pogut llegir el fitxer temporal" -#: src/sudo_edit.c:819 +#: src/sudo_edit.c:838 msgid "sesh: internal error: odd number of paths" msgstr "sesh: error intern: nombre imparell de camins" -#: src/sudo_edit.c:821 +#: src/sudo_edit.c:840 msgid "sesh: unable to create temporary files" msgstr "sesh: no es poden crear fitxers temporal" -#: src/sudo_edit.c:823 src/sudo_edit.c:921 +#: src/sudo_edit.c:842 src/sudo_edit.c:940 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: error desconegut %d" -#: src/sudo_edit.c:913 +#: src/sudo_edit.c:932 msgid "unable to copy temporary files back to their original location" msgstr "no es poden copiar els fitxers temporals un altre cop a la seva ubicació original" -#: src/sudo_edit.c:917 +#: src/sudo_edit.c:936 msgid "unable to copy some of the temporary files back to their original location" msgstr "no es poden copiar alguns dels fitxers temporals un altre cop a la seva ubicació original" -#: src/sudo_edit.c:961 +#: src/sudo_edit.c:981 #, c-format msgid "unable to change uid to root (%u)" msgstr "no s'ha pogut canviar l'uid a l'usuari primari (%u)" -#: src/sudo_edit.c:978 +#: src/sudo_edit.c:998 msgid "plugin error: missing file list for sudoedit" msgstr "error de connector: no hi ha la llista de fitxers per a sudoedit" -#: src/sudo_edit.c:1019 src/sudo_edit.c:1032 +#: src/sudo_edit.c:1039 src/sudo_edit.c:1052 msgid "unable to read the clock" msgstr "no es pot llegir el rellotge" -#: src/tgetpass.c:107 -msgid "no tty present and no askpass program specified" -msgstr "no hi ha un tty present i no s'ha especificat un programa askpass" +#: src/tgetpass.c:102 +msgid "timed out reading password" +msgstr "s'exhaurit el temps d'espera quan es llegia la contrasenya" + +#: src/tgetpass.c:105 +msgid "no password was provided" +msgstr "no s'ha donat una contrasenya" + +#: src/tgetpass.c:108 +msgid "unable to read password" +msgstr "no s'ha pogut llegir la contrasenya" + +#: src/tgetpass.c:147 +msgid "a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper" +msgstr "cal una terminal per llegir la contrasenya; o bé useu l'opció -S per llegir de l'entrada estàndard o configureu un assistent askpass" -#: src/tgetpass.c:116 +#: src/tgetpass.c:157 msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "no s'ha especificat un programa askpass, proveu d'establir SUDO_ASKPASS" -#: src/tgetpass.c:261 +#: src/tgetpass.c:322 #, c-format msgid "unable to set gid to %u" msgstr "no s'ha pogut establir el gid a %u" -#: src/tgetpass.c:265 +#: src/tgetpass.c:326 #, c-format msgid "unable to set uid to %u" msgstr "no s'ha pogut establir el uid a %u" -#: src/tgetpass.c:270 +#: src/tgetpass.c:331 #, c-format msgid "unable to run %s" msgstr "no s'ha pogut executar %s" -#: src/utmp.c:268 +#: src/utmp.c:295 msgid "unable to save stdin" msgstr "no s'ha pogut desar el stdin" -#: src/utmp.c:270 +#: src/utmp.c:297 msgid "unable to dup2 stdin" msgstr "no s'ha pogut fer dup2 stdin" -#: src/utmp.c:273 +#: src/utmp.c:300 msgid "unable to restore stdin" msgstr "no s'ha pogut restaurar stdin" +#~ msgid "error reading from signal pipe" +#~ msgstr "error en llegir del conducte del senyal" + +#~ msgid "error reading from pipe" +#~ msgstr "error en llegir del conducte" + +#~ msgid "unable to get group vector" +#~ msgstr "no s'ha pogut obtenir el vector de grup" + +#~ msgid "unknown uid %u: who are you?" +#~ msgstr "uid %u desconegut: qui sou?" + +#~ msgid "no tty present and no askpass program specified" +#~ msgstr "no hi ha un tty present i no s'ha especificat un programa askpass" + #~ msgid "internal error, tried allocate zero bytes" #~ msgstr "error intern, s'han intentat assignar zero bytes" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/po/cs.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/po/cs.mo differ diff -Nru sudo-1.8.31/po/cs.po sudo-1.9.0/po/cs.po --- sudo-1.8.31/po/cs.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/po/cs.po 2020-05-11 16:28:23.000000000 +0000 @@ -2,13 +2,14 @@ # This file is put in the public domain. # Todd C. Miller , 2011-2013 # Petr Pisar , 2013, 2014, 2015, 2016, 2017, 2018, 2019. +# Petr Pisar , 2020. # msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.29rc1\n" +"Project-Id-Version: sudo 1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-10-28 22:38+01:00\n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-03-14 15:39+01:00\n" "Last-Translator: Petr Pisar \n" "Language-Team: Czech \n" "Language: cs\n" @@ -31,74 +32,98 @@ msgstr "registr nelze obnovit" #: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/gidlist.c:81 -#: lib/util/sudo_conf.c:193 lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 -#: lib/util/sudo_conf.c:560 src/conversation.c:84 src/exec_common.c:114 -#: src/exec_common.c:130 src/exec_common.c:139 src/exec_monitor.c:212 -#: src/exec_monitor.c:467 src/exec_monitor.c:473 src/exec_monitor.c:481 +#: lib/util/json.c:66 lib/util/json.c:192 lib/util/sudo_conf.c:191 +#: lib/util/sudo_conf.c:277 lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 +#: src/conversation.c:86 src/exec_common.c:114 src/exec_common.c:130 +#: src/exec_common.c:139 src/exec_monitor.c:211 src/exec_monitor.c:460 +#: src/exec_monitor.c:466 src/exec_monitor.c:474 src/exec_monitor.c:482 #: src/exec_monitor.c:489 src/exec_monitor.c:496 src/exec_monitor.c:503 #: src/exec_monitor.c:510 src/exec_monitor.c:517 src/exec_monitor.c:524 -#: src/exec_monitor.c:531 src/exec_monitor.c:538 src/exec_nopty.c:214 -#: src/exec_nopty.c:220 src/exec_nopty.c:229 src/exec_nopty.c:236 -#: src/exec_nopty.c:243 src/exec_nopty.c:250 src/exec_nopty.c:257 -#: src/exec_nopty.c:264 src/exec_nopty.c:271 src/exec_nopty.c:278 -#: src/exec_nopty.c:285 src/exec_nopty.c:292 src/exec_nopty.c:299 -#: src/exec_nopty.c:307 src/exec_nopty.c:480 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1002 -#: src/exec_pty.c:1165 src/exec_pty.c:1171 src/exec_pty.c:1180 -#: src/exec_pty.c:1187 src/exec_pty.c:1194 src/exec_pty.c:1201 -#: src/exec_pty.c:1208 src/exec_pty.c:1215 src/exec_pty.c:1222 -#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 -#: src/exec_pty.c:1251 src/exec_pty.c:1668 src/load_plugins.c:59 -#: src/load_plugins.c:72 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:207 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:679 src/sudo.c:689 src/sudo.c:710 src/sudo.c:729 -#: src/sudo.c:738 src/sudo.c:747 src/sudo.c:764 src/sudo.c:805 src/sudo.c:815 -#: src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 src/sudo.c:1240 -#: src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 src/sudo_edit.c:891 -#: src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:531 src/exec_nopty.c:218 src/exec_nopty.c:227 +#: src/exec_nopty.c:234 src/exec_nopty.c:241 src/exec_nopty.c:248 +#: src/exec_nopty.c:255 src/exec_nopty.c:262 src/exec_nopty.c:269 +#: src/exec_nopty.c:276 src/exec_nopty.c:283 src/exec_nopty.c:290 +#: src/exec_nopty.c:297 src/exec_nopty.c:305 src/exec_nopty.c:479 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1038 src/exec_pty.c:1206 src/exec_pty.c:1215 +#: src/exec_pty.c:1222 src/exec_pty.c:1229 src/exec_pty.c:1236 +#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 +#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 +#: src/exec_pty.c:1286 src/exec_pty.c:1709 src/load_plugins.c:59 +#: src/load_plugins.c:72 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:207 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:625 src/sudo.c:685 +#: src/sudo.c:695 src/sudo.c:716 src/sudo.c:735 src/sudo.c:744 src/sudo.c:753 +#: src/sudo.c:770 src/sudo.c:811 src/sudo.c:821 src/sudo.c:847 src/sudo.c:1037 +#: src/sudo.c:1059 src/sudo.c:1355 src/sudo.c:1528 src/sudo.c:1722 +#: src/sudo.c:2066 src/sudo_edit.c:270 src/sudo_edit.c:775 src/sudo_edit.c:872 +#: src/sudo_edit.c:986 src/sudo_edit.c:1006 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/sudo_conf.c:194 -#: lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 lib/util/sudo_conf.c:560 -#: src/conversation.c:85 src/exec_common.c:114 src/exec_common.c:131 -#: src/exec_common.c:140 src/exec_monitor.c:467 src/exec_monitor.c:473 -#: src/exec_monitor.c:481 src/exec_monitor.c:489 src/exec_monitor.c:496 +#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/json.c:67 +#: lib/util/json.c:193 lib/util/sudo_conf.c:192 lib/util/sudo_conf.c:277 +#: lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 src/conversation.c:87 +#: src/exec_common.c:114 src/exec_common.c:131 src/exec_common.c:140 +#: src/exec_monitor.c:460 src/exec_monitor.c:466 src/exec_monitor.c:474 +#: src/exec_monitor.c:482 src/exec_monitor.c:489 src/exec_monitor.c:496 #: src/exec_monitor.c:503 src/exec_monitor.c:510 src/exec_monitor.c:517 -#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_monitor.c:538 -#: src/exec_nopty.c:214 src/exec_nopty.c:220 src/exec_nopty.c:229 -#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 -#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 -#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 -#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1165 -#: src/exec_pty.c:1171 src/exec_pty.c:1180 src/exec_pty.c:1187 -#: src/exec_pty.c:1194 src/exec_pty.c:1201 src/exec_pty.c:1208 -#: src/exec_pty.c:1215 src/exec_pty.c:1222 src/exec_pty.c:1229 -#: src/exec_pty.c:1236 src/exec_pty.c:1243 src/exec_pty.c:1251 -#: src/exec_pty.c:1668 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:208 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 -#: src/sudo.c:1240 src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 -#: src/sudo_edit.c:891 src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_nopty.c:218 +#: src/exec_nopty.c:227 src/exec_nopty.c:234 src/exec_nopty.c:241 +#: src/exec_nopty.c:248 src/exec_nopty.c:255 src/exec_nopty.c:262 +#: src/exec_nopty.c:269 src/exec_nopty.c:276 src/exec_nopty.c:283 +#: src/exec_nopty.c:290 src/exec_nopty.c:297 src/exec_nopty.c:305 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1206 src/exec_pty.c:1215 src/exec_pty.c:1222 +#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 +#: src/exec_pty.c:1250 src/exec_pty.c:1257 src/exec_pty.c:1264 +#: src/exec_pty.c:1271 src/exec_pty.c:1278 src/exec_pty.c:1286 +#: src/exec_pty.c:1709 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:208 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:239 src/sudo.c:625 +#: src/sudo.c:847 src/sudo.c:1037 src/sudo.c:1059 src/sudo.c:1355 +#: src/sudo.c:1528 src/sudo.c:1722 src/sudo.c:2066 src/sudo_edit.c:270 +#: src/sudo_edit.c:775 src/sudo_edit.c:872 src/sudo_edit.c:986 +#: src/sudo_edit.c:1006 msgid "unable to allocate memory" msgstr "nelze alokovat paměť" +#: lib/util/mkdir_parents.c:79 lib/util/sudo_conf.c:619 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 +#, c-format +msgid "unable to open %s" +msgstr "%s nelze otevřít" + +#: lib/util/mkdir_parents.c:94 +#, c-format +msgid "unable to mkdir %s" +msgstr "adresář %s nelze vytvořit" + +#: lib/util/mkdir_parents.c:103 lib/util/sudo_conf.c:596 +#, c-format +msgid "unable to stat %s" +msgstr "nelze získat údaje o %s" + +#: lib/util/mkdir_parents.c:108 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s existuje, ale nejedná se o adresář (0%o)" + #: lib/util/strsignal.c:55 msgid "Unknown signal" msgstr "Neznámý signál" #: lib/util/strtoid.c:96 lib/util/strtomode.c:56 lib/util/strtonum.c:161 -#: lib/util/strtonum.c:196 +#: lib/util/strtonum.c:200 msgid "invalid value" msgstr "neplatná hodnota" @@ -110,88 +135,78 @@ msgid "value too small" msgstr "hodnota je příliš malá" -#: lib/util/sudo_conf.c:212 +#: lib/util/sudo_conf.c:210 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "neplatná hodnota Path „%s“ v %s, řádek %u" -#: lib/util/sudo_conf.c:378 lib/util/sudo_conf.c:431 +#: lib/util/sudo_conf.c:376 lib/util/sudo_conf.c:392 lib/util/sudo_conf.c:445 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "neplatná hodnota pro %s „%s“ v %s, řádek %u" -#: lib/util/sudo_conf.c:399 +#: lib/util/sudo_conf.c:413 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "nepodporovaný zdroj skupin „%s“ v %s, řádek %u" # This is about maximal GID. English text "max groups" is wrong. -#: lib/util/sudo_conf.c:415 +#: lib/util/sudo_conf.c:429 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "neplatné maximum skupin „%s“ v %s, řádek %u" -#: lib/util/sudo_conf.c:576 -#, c-format -msgid "unable to stat %s" -msgstr "nelze získat údaje o %s" - -#: lib/util/sudo_conf.c:579 +#: lib/util/sudo_conf.c:599 #, c-format msgid "%s is not a regular file" msgstr "%s není obyčejný soubor" -#: lib/util/sudo_conf.c:582 +#: lib/util/sudo_conf.c:602 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s je vlastněn UID %u, avšak UID by mělo být %u" -#: lib/util/sudo_conf.c:586 +#: lib/util/sudo_conf.c:606 #, c-format msgid "%s is world writable" msgstr "%s je zapisovatelný pro všechny" -#: lib/util/sudo_conf.c:589 +#: lib/util/sudo_conf.c:609 #, c-format msgid "%s is group writable" msgstr "%s je zapisovatelný pro skupinu" -#: lib/util/sudo_conf.c:599 src/selinux.c:233 src/selinux.c:250 src/sudo.c:363 -#, c-format -msgid "unable to open %s" -msgstr "%s nelze otevřít" - -#: src/exec.c:111 +#: src/exec.c:135 #, c-format msgid "unknown login class %s" msgstr "neznámá přihlašovací třída %s" -#: src/exec.c:123 +#: src/exec.c:147 msgid "unable to set user context" msgstr "nelze nastavit kontext uživatele" -#: src/exec.c:139 +#: src/exec.c:163 msgid "unable to set process priority" msgstr "nelze nastavit prioritu procesu" -#: src/exec.c:150 +#: src/exec.c:177 #, c-format msgid "unable to change root to %s" msgstr "kořenový adresář nelze změnit na %s" -#: src/exec.c:163 src/exec.c:169 src/exec.c:176 +#: src/exec.c:190 src/exec.c:196 src/exec.c:203 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "nelze změnit UID na (%u, %u)" -#: src/exec.c:194 +#: src/exec.c:221 #, c-format msgid "unable to change directory to %s" msgstr "pracovní adresář nelze změnit na %s" -#: src/exec.c:293 src/exec_monitor.c:576 src/exec_monitor.c:578 -#: src/exec_nopty.c:538 src/exec_pty.c:530 src/exec_pty.c:1336 -#: src/exec_pty.c:1338 src/signal.c:150 src/signal.c:164 +#: src/exec.c:304 src/exec_monitor.c:569 src/exec_monitor.c:571 +#: src/exec_nopty.c:537 src/exec_pty.c:566 src/exec_pty.c:1373 +#: src/exec_pty.c:1375 src/signal.c:150 src/signal.c:164 #, c-format msgid "unable to set handler for signal %d" msgstr "obsluhu pro signál %d nelze nastavit" @@ -200,89 +215,107 @@ msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "z PRIV_LIMIT nelze odstranit PRIV_PROC_EXEC" -#: src/exec_monitor.c:366 +#: src/exec_monitor.c:365 msgid "error reading from socketpair" msgstr "chyba při čtení z dvojice socketů" -#: src/exec_monitor.c:383 +#: src/exec_monitor.c:382 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "neočekávaný druh odpovědi na zpětném kanálu: %d" -#: src/exec_monitor.c:475 src/exec_monitor.c:483 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_monitor.c:533 -#: src/exec_monitor.c:540 src/exec_nopty.c:222 src/exec_nopty.c:231 -#: src/exec_nopty.c:238 src/exec_nopty.c:245 src/exec_nopty.c:252 -#: src/exec_nopty.c:259 src/exec_nopty.c:266 src/exec_nopty.c:273 -#: src/exec_nopty.c:280 src/exec_nopty.c:287 src/exec_nopty.c:294 -#: src/exec_nopty.c:301 src/exec_nopty.c:309 src/exec_pty.c:652 -#: src/exec_pty.c:657 src/exec_pty.c:754 src/exec_pty.c:761 src/exec_pty.c:858 -#: src/exec_pty.c:1173 src/exec_pty.c:1182 src/exec_pty.c:1189 -#: src/exec_pty.c:1196 src/exec_pty.c:1203 src/exec_pty.c:1210 -#: src/exec_pty.c:1217 src/exec_pty.c:1224 src/exec_pty.c:1231 -#: src/exec_pty.c:1238 src/exec_pty.c:1245 src/exec_pty.c:1621 -#: src/exec_pty.c:1631 src/exec_pty.c:1676 src/exec_pty.c:1683 -#: src/exec_pty.c:1710 +#: src/exec_monitor.c:468 src/exec_monitor.c:476 src/exec_monitor.c:484 +#: src/exec_monitor.c:491 src/exec_monitor.c:498 src/exec_monitor.c:505 +#: src/exec_monitor.c:512 src/exec_monitor.c:519 src/exec_monitor.c:526 +#: src/exec_monitor.c:533 src/exec_nopty.c:220 src/exec_nopty.c:229 +#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 +#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 +#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 +#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:688 +#: src/exec_pty.c:693 src/exec_pty.c:790 src/exec_pty.c:797 src/exec_pty.c:894 +#: src/exec_pty.c:1208 src/exec_pty.c:1217 src/exec_pty.c:1224 +#: src/exec_pty.c:1231 src/exec_pty.c:1238 src/exec_pty.c:1245 +#: src/exec_pty.c:1252 src/exec_pty.c:1259 src/exec_pty.c:1266 +#: src/exec_pty.c:1273 src/exec_pty.c:1280 src/exec_pty.c:1662 +#: src/exec_pty.c:1672 src/exec_pty.c:1717 src/exec_pty.c:1724 +#: src/exec_pty.c:1751 msgid "unable to add event to queue" msgstr "událost nelze přidat do fronty" -#: src/exec_monitor.c:594 +#: src/exec_monitor.c:587 msgid "unable to set controlling tty" msgstr "řídicí terminál nelze nastavit" -#: src/exec_monitor.c:602 src/exec_nopty.c:366 src/exec_pty.c:1415 -#: src/exec_pty.c:1436 src/exec_pty.c:1456 src/tgetpass.c:307 +#: src/exec_monitor.c:595 src/exec_nopty.c:364 src/exec_pty.c:1452 +#: src/exec_pty.c:1473 src/exec_pty.c:1493 src/tgetpass.c:311 msgid "unable to create pipe" msgstr "nelze vytvořit rouru" -#: src/exec_monitor.c:610 +#: src/exec_monitor.c:603 msgid "unable to receive message from parent" msgstr "od rodiče nelze přijmout zprávu" -#: src/exec_monitor.c:624 src/exec_nopty.c:395 src/exec_pty.c:1494 -#: src/tgetpass.c:311 +#: src/exec_monitor.c:617 src/exec_nopty.c:393 src/exec_pty.c:1531 +#: src/tgetpass.c:315 msgid "unable to fork" msgstr "nelze vytvořit potomka" -#: src/exec_monitor.c:628 src/exec_monitor.c:727 src/exec_nopty.c:448 +#: src/exec_monitor.c:621 src/exec_monitor.c:720 src/exec_nopty.c:447 msgid "unable to restore tty label" msgstr "nelze obnovit značku TTY" -#: src/exec_monitor.c:644 src/sesh.c:127 src/sudo.c:1100 +#: src/exec_monitor.c:637 src/sesh.c:127 src/sudo.c:1114 #, c-format msgid "unable to execute %s" msgstr "%s nelze spustit" -#: src/exec_nopty.c:360 src/exec_pty.c:1345 +#: src/exec_nopty.c:358 src/exec_pty.c:1382 msgid "policy plugin failed session initialization" msgstr "modul s politikami zrušil inicializaci relace" -#: src/exec_nopty.c:437 src/exec_pty.c:1581 +#: src/exec_nopty.c:435 src/exec_pty.c:1617 msgid "error in event loop" msgstr "chyba ve smyčce s událostmi" -#: src/exec_nopty.c:546 src/exec_pty.c:565 src/signal.c:112 +#: src/exec_nopty.c:545 src/exec_pty.c:601 src/signal.c:112 #, c-format msgid "unable to restore handler for signal %d" msgstr "nelze obnovit obsluhu signálu %d" -#: src/exec_pty.c:158 +#: src/exec_pty.c:157 msgid "unable to allocate pty" msgstr "nelze alokovat PTY" -#: src/exec_pty.c:1325 +#: src/exec_pty.c:221 src/exec_pty.c:260 src/exec_pty.c:299 src/exec_pty.c:349 +#: src/exec_pty.c:399 +msgid "I/O plugin error" +msgstr "chyba vstupně-výstupního modulu" + +#: src/exec_pty.c:224 src/exec_pty.c:263 src/exec_pty.c:302 src/exec_pty.c:352 +#: src/exec_pty.c:402 +msgid "command rejected by I/O plugin" +msgstr "příkaz zamítnut vstupně-výstupním modulem" + +#: src/exec_pty.c:449 +msgid "error logging suspend" +msgstr "chyba pozastavování protokolu" + +#: src/exec_pty.c:482 +msgid "error changing window size" +msgstr "chyba při měnění velikosti okna" + +#: src/exec_pty.c:1362 msgid "unable to create sockets" msgstr "nelze vytvořit sockety" -#: src/exec_pty.c:1538 +#: src/exec_pty.c:1574 msgid "unable to send message to monitor process" msgstr "dohlížejícímu procesu nelze odeslat zprávu" #: src/load_plugins.c:57 src/load_plugins.c:70 src/load_plugins.c:92 -#: src/load_plugins.c:122 src/load_plugins.c:134 src/load_plugins.c:140 -#: src/load_plugins.c:181 src/load_plugins.c:189 src/load_plugins.c:196 -#: src/load_plugins.c:202 +#: src/load_plugins.c:122 src/load_plugins.c:136 src/load_plugins.c:142 +#: src/load_plugins.c:293 src/load_plugins.c:301 src/load_plugins.c:308 +#: src/load_plugins.c:348 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "chyba v %s na řádku %d při zavádění modulu „%s“" @@ -292,61 +325,56 @@ msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:136 +#: src/load_plugins.c:138 #, c-format msgid "%s must be owned by uid %d" msgstr "%s musí být vlastněn UID %d" -#: src/load_plugins.c:142 +#: src/load_plugins.c:144 #, c-format msgid "%s must be only be writable by owner" msgstr "%s musí být zapisovatelný jen vlastníkem" -#: src/load_plugins.c:183 +#: src/load_plugins.c:254 src/load_plugins.c:321 +#, c-format +msgid "ignoring duplicate plugin \"%s\" in %s, line %d" +msgstr "ignoruje je opakovaný modul „%s“ v %s na řádku %d" + +#: src/load_plugins.c:295 #, c-format msgid "unable to load %s: %s" msgstr "%s nelze zavést: %s" -#: src/load_plugins.c:191 +#: src/load_plugins.c:303 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "v %s nelze nalézt symbol „%s“" -#: src/load_plugins.c:198 -#, c-format -msgid "unknown policy type %d found in %s" -msgstr "v %2$s nalezen neznámý druh politiky %1$d" - -#: src/load_plugins.c:204 +#: src/load_plugins.c:310 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "neslučitelná hlavní verze modulu %d (očekáváno %d) nalezena v %s" -#: src/load_plugins.c:213 +#: src/load_plugins.c:324 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "ignoruje se modul politiky „%s“ v %s na řádku %d" -#: src/load_plugins.c:215 +#: src/load_plugins.c:326 msgid "only a single policy plugin may be specified" msgstr "lze zadat pouze jeden modul s politikou" -#: src/load_plugins.c:218 -#, c-format -msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" -msgstr "ignoruje je opakovaný modul s politikou „%s“ v %s na řádku %d" - -#: src/load_plugins.c:237 +#: src/load_plugins.c:350 #, c-format -msgid "ignoring duplicate I/O plugin \"%s\" in %s, line %d" -msgstr "ignoruje je opakovaný modul vstupu a výstupu „%s“ v %s na řádku %d" +msgid "unknown plugin type %d found in %s" +msgstr "v %2$s nalezen neznámý druh modulu %1$d" -#: src/load_plugins.c:353 +#: src/load_plugins.c:511 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "modul s politikou %s neobsahuje metodu check_policy" -#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:473 +#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:478 #, c-format msgid "internal error, %s overflow" msgstr "vnitřní chyba, přetečení v %s" @@ -360,39 +388,39 @@ msgid "the argument to -C must be a number greater than or equal to 3" msgstr "argument u -C musí být číslo větší nebo rovno 3" -#: src/parse_args.c:523 +#: src/parse_args.c:524 msgid "you may not specify both the `-i' and `-s' options" msgstr "nesmíte zadávat přepínače „-i“ a „-s“ spolu" -#: src/parse_args.c:527 +#: src/parse_args.c:528 msgid "you may not specify both the `-i' and `-E' options" msgstr "nesmíte zadávat přepínače „-i“ a „-E“ spolu" -#: src/parse_args.c:537 +#: src/parse_args.c:538 msgid "the `-E' option is not valid in edit mode" msgstr "přepínač „-E“ není platný v režimu úprav" -#: src/parse_args.c:539 +#: src/parse_args.c:540 msgid "you may not specify environment variables in edit mode" msgstr "v režimu úprav nesmíte zadávat proměnné prostředí" -#: src/parse_args.c:547 +#: src/parse_args.c:548 msgid "the `-U' option may only be used with the `-l' option" msgstr "přepínač „-U“ smí být použit jen s přepínačem „-l“" -#: src/parse_args.c:551 +#: src/parse_args.c:552 msgid "the `-A' and `-S' options may not be used together" msgstr "přepínače „-A“ a „-S“ smí nesmí být použity spolu" -#: src/parse_args.c:627 +#: src/parse_args.c:645 msgid "sudoedit is not supported on this platform" msgstr "na této platformě není sudoedit podporován" -#: src/parse_args.c:700 +#: src/parse_args.c:726 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Smí být zadán pouze jeden z přepínačů -e, -h, -i, -K, -l, -s, -v nebo -V" -#: src/parse_args.c:714 +#: src/parse_args.c:740 #, c-format msgid "" "%s - edit files as another user\n" @@ -401,7 +429,7 @@ "%s – upraví soubory jako jiný uživatel\n" "\n" -#: src/parse_args.c:716 +#: src/parse_args.c:742 #, c-format msgid "" "%s - execute a command as another user\n" @@ -410,7 +438,7 @@ "%s – vykoná příkaz jako jiný uživatel\n" "\n" -#: src/parse_args.c:721 +#: src/parse_args.c:747 #, c-format msgid "" "\n" @@ -419,123 +447,123 @@ "\n" "Přepínače:\n" -#: src/parse_args.c:723 +#: src/parse_args.c:749 msgid "use a helper program for password prompting" msgstr "dotazuje se na heslo prostřednictvím pomocného programu" -#: src/parse_args.c:726 +#: src/parse_args.c:752 msgid "use specified BSD authentication type" msgstr "použije zadaný druh BSD autentizace" -#: src/parse_args.c:729 +#: src/parse_args.c:755 msgid "run command in the background" msgstr "spustí příkaz na pozadí" -#: src/parse_args.c:731 +#: src/parse_args.c:757 msgid "ring bell when prompting" msgstr "při výzvě vydá zvukové znamení" -#: src/parse_args.c:733 +#: src/parse_args.c:759 msgid "close all file descriptors >= num" msgstr "uzavře všechny deskriptory souboru >= číslu" -#: src/parse_args.c:736 +#: src/parse_args.c:762 msgid "run command with the specified BSD login class" msgstr "spustí příkaz se zadanou přihlašovací třídou BSD" -#: src/parse_args.c:739 +#: src/parse_args.c:765 msgid "preserve user environment when running command" msgstr "při spuštění příkazu zachová uživatelské prostředí" -#: src/parse_args.c:741 +#: src/parse_args.c:767 msgid "preserve specific environment variables" msgstr "zachová určité proměnné prostředí" -#: src/parse_args.c:743 +#: src/parse_args.c:769 msgid "edit files instead of running a command" msgstr "místo spuštění příkazu upraví soubory" -#: src/parse_args.c:745 +#: src/parse_args.c:771 msgid "run command as the specified group name or ID" msgstr "spustí příkaz jako skupina určení názvem nebo ID" -#: src/parse_args.c:747 +#: src/parse_args.c:773 msgid "set HOME variable to target user's home dir" msgstr "nastaví proměnnou HOME na domovský adresář uživatele" -#: src/parse_args.c:749 +#: src/parse_args.c:775 msgid "display help message and exit" msgstr "zobrazí nápovědu a skončí" -#: src/parse_args.c:751 +#: src/parse_args.c:777 msgid "run command on host (if supported by plugin)" msgstr "spustí příkaz na stroji (je-li podporováno modulem)" -#: src/parse_args.c:753 +#: src/parse_args.c:779 msgid "run login shell as the target user; a command may also be specified" msgstr "spustí přihlašovací shell jako cílový uživatel; příkaz lze rovněž zadat" -#: src/parse_args.c:755 +#: src/parse_args.c:781 msgid "remove timestamp file completely" msgstr "úplně odstraní soubor s časovými údaji" -#: src/parse_args.c:757 +#: src/parse_args.c:783 msgid "invalidate timestamp file" msgstr "zneplatní soubor s časovými údaji" -#: src/parse_args.c:759 +#: src/parse_args.c:785 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "vypíše oprávnění uživatele nebo zkontroluje určitý příkaz; pro delší výstup použijte dvakrát" -#: src/parse_args.c:761 +#: src/parse_args.c:787 msgid "non-interactive mode, no prompts are used" msgstr "neinteraktivní režim, nepoužijí se žádné dotazy" -#: src/parse_args.c:763 +#: src/parse_args.c:789 msgid "preserve group vector instead of setting to target's" msgstr "zachová vektor skupin namísto nastavení na skupiny cíle" -#: src/parse_args.c:765 +#: src/parse_args.c:791 msgid "use the specified password prompt" msgstr "použije určený dotaz na heslo" -#: src/parse_args.c:768 +#: src/parse_args.c:794 msgid "create SELinux security context with specified role" msgstr "vytvoří selinuxový bezpečnostní kontext se zadanou rolí" -#: src/parse_args.c:771 +#: src/parse_args.c:797 msgid "read password from standard input" msgstr "načte heslo ze standardní vstupu" -#: src/parse_args.c:773 +#: src/parse_args.c:799 msgid "run shell as the target user; a command may also be specified" msgstr "spustí shell jako cílový uživatel; příkaz lze rovněž zadat" -#: src/parse_args.c:776 +#: src/parse_args.c:802 msgid "create SELinux security context with specified type" msgstr "vytvoří selinuxový bezpečnostní kontext se zadaným typem" -#: src/parse_args.c:779 +#: src/parse_args.c:805 msgid "terminate command after the specified time limit" msgstr "po uplynutí zadaného času ukončí příkaz" -#: src/parse_args.c:781 +#: src/parse_args.c:807 msgid "in list mode, display privileges for user" msgstr "v režimu výpisu zobrazí oprávnění uživatele" -#: src/parse_args.c:783 +#: src/parse_args.c:809 msgid "run command (or edit file) as specified user name or ID" msgstr "spustí příkaz (nebo upraví soubor) jako uživatel určený jménem nebo ID" -#: src/parse_args.c:785 +#: src/parse_args.c:811 msgid "display version information and exit" msgstr "zobrazí údaje o verzi a skončí" -#: src/parse_args.c:787 +#: src/parse_args.c:813 msgid "update user's timestamp without running a command" msgstr "aktualizuje časové údaje uživatele bez spuštění příkazu" -#: src/parse_args.c:789 +#: src/parse_args.c:815 msgid "stop processing command line arguments" msgstr "přestane zpracovávat argumenty příkazového řádku" @@ -567,7 +595,7 @@ msgid "unable to open %s, not relabeling tty" msgstr "%s nelze otevřít, TTY nebude značka přepsána" -#: src/selinux.c:194 src/selinux.c:237 src/selinux.c:254 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s není znakové zařízení, TTY nebude značka přepsána" @@ -588,54 +616,54 @@ msgid "unable to set new tty context" msgstr "nelze nastavit nový kontext TTY" -#: src/selinux.c:298 +#: src/selinux.c:322 #, c-format msgid "you must specify a role for type %s" msgstr "pro typ %s musíte zadat roli" -#: src/selinux.c:304 +#: src/selinux.c:328 #, c-format msgid "unable to get default type for role %s" msgstr "výchozí typ pro roli %s nelze získat" -#: src/selinux.c:316 +#: src/selinux.c:340 msgid "failed to get new context" msgstr "nepodařilo se získat nový kontext" -#: src/selinux.c:325 +#: src/selinux.c:349 #, c-format msgid "failed to set new role %s" msgstr "nepodařilo se nastavit novou roli %s" -#: src/selinux.c:329 +#: src/selinux.c:353 #, c-format msgid "failed to set new type %s" msgstr "nepodařilo se nastavit nový typ %s" -#: src/selinux.c:341 +#: src/selinux.c:365 #, c-format msgid "%s is not a valid context" msgstr "%s není platný kontext" -#: src/selinux.c:373 +#: src/selinux.c:397 msgid "failed to get old context" msgstr "nepodařilo se získat starý kontext" -#: src/selinux.c:379 +#: src/selinux.c:403 msgid "unable to determine enforcing mode." msgstr "nepodařilo se určit režim vynucování SELinuxu." -#: src/selinux.c:396 +#: src/selinux.c:420 #, c-format msgid "unable to set tty context to %s" msgstr "nepodařilo se nastavit kontext TTY na %s" -#: src/selinux.c:428 +#: src/selinux.c:452 #, c-format msgid "unable to set exec context to %s" msgstr "nepodařilo se nastavit kontext pro spuštění na %s" -#: src/selinux.c:435 +#: src/selinux.c:459 #, c-format msgid "unable to set key creation context to %s" msgstr "nepodařilo se nastavit kontext pro vytváření klíčů na %s" @@ -702,185 +730,211 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "pozor, nepodařilo se přiřadit řízení zdrojů projektu „%s“" -#: src/sudo.c:204 +#: src/sudo.c:224 #, c-format msgid "Sudo version %s\n" msgstr "Sudo verze %s\n" -#: src/sudo.c:206 +#: src/sudo.c:226 #, c-format msgid "Configure options: %s\n" msgstr "Přepínače configure: %s\n" -#: src/sudo.c:214 +#: src/sudo.c:235 msgid "fatal error, unable to load plugins" msgstr "nepřekonatelná chyba, moduly nelze zavést" -#: src/sudo.c:222 -msgid "unable to initialize policy plugin" -msgstr "modul s politikami nelze inicializovat" - -#: src/sudo.c:266 +#: src/sudo.c:280 msgid "plugin did not return a command to execute" msgstr "modul nevrátil příkaz k provedení" -#: src/sudo.c:282 -#, c-format -msgid "error initializing I/O plugin %s" -msgstr "chyba při inicializaci vstupně-výstupního modulu %s" - -#: src/sudo.c:306 +#: src/sudo.c:311 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "neočekávaný režim programu sudo 0x%x" -#: src/sudo.c:538 +#: src/sudo.c:544 #, c-format msgid "you do not exist in the %s database" msgstr "neexistujete v databázi %s" -#: src/sudo.c:595 +#: src/sudo.c:601 msgid "unable to determine tty" msgstr "nelze určit terminál" -#: src/sudo.c:887 +#: src/sudo.c:893 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s musí být vlastněn UID %d a mít nastaven bit setuid" -#: src/sudo.c:890 +#: src/sudo.c:896 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "efektivní UID není %d, nalézá se %s na souborovém systému s nastavenou volbou „nosuid“ nebo na souborovém systému NFS bez práv roota?" -#: src/sudo.c:896 +#: src/sudo.c:902 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "efektivní UID není %d, je sudo nainstalované jako setuid vlastněné rootem?" -#: src/sudo.c:912 +#: src/sudo.c:918 msgid "unable to set supplementary group IDs" msgstr "nelze nastavit ID doplňkových skupin" -#: src/sudo.c:919 +#: src/sudo.c:925 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "efektivní GID nelze nastavit na %u" -#: src/sudo.c:925 +#: src/sudo.c:931 #, c-format msgid "unable to set gid to runas gid %u" msgstr "GID nelze nastavit na %u" -#: src/sudo.c:982 +#: src/sudo.c:978 #, c-format msgid "unexpected child termination condition: %d" msgstr "neočekávaný důvod ukončení potomka: %d" -#: src/sudo.c:1128 +#: src/sudo.c:1087 +msgid "unable to initialize policy plugin" +msgstr "modul s politikami nelze inicializovat" + +#: src/sudo.c:1148 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "modulu s politikami %s chybí metoda „check_policy“" -#: src/sudo.c:1146 +#: src/sudo.c:1163 src/sudo.c:1216 src/sudo.c:1260 +msgid "command rejected by policy" +msgstr "příkaz zamítnut politikou" + +#: src/sudo.c:1168 src/sudo.c:1221 src/sudo.c:1265 +msgid "policy plugin error" +msgstr "chyba modulu s politikou" + +#: src/sudo.c:1202 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "modul s politikami %s nepodporuje získání seznamu oprávnění" -#: src/sudo.c:1163 +#: src/sudo.c:1246 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "modul s politikami %s nepodporuje přepínač -v" -#: src/sudo.c:1178 +#: src/sudo.c:1284 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "modul s politikami %s nepodporuje přepínače -k/-K" -#: src/sudo_edit.c:221 +#: src/sudo.c:1413 +#, c-format +msgid "error initializing I/O plugin %s" +msgstr "chyba při inicializaci vstupně-výstupního modulu %s" + +#: src/sudo.c:1567 +#, c-format +msgid "error initializing audit plugin %s" +msgstr "chyba při inicializaci auditního modulu %s" + +#: src/sudo.c:1745 +#, c-format +msgid "error initializing approval plugin %s" +msgstr "chyba při inicializaci schvalovacího modulu %s" + +#: src/sudo.c:1821 +msgid "command rejected by approver" +msgstr "příkaz zamítnut schvalovatelem" + +#: src/sudo.c:1830 +msgid "approval plugin error" +msgstr "chyba schvalovacího modulu" + +#: src/sudo_edit.c:233 msgid "no writable temporary directory found" msgstr "nenalezen žádný dočasný adresář, do kterého lze zapisovat" -#: src/sudo_edit.c:288 src/sudo_edit.c:377 +#: src/sudo_edit.c:358 msgid "unable to restore current working directory" msgstr "současný pracovní adresář nelze obnovit" -#: src/sudo_edit.c:594 src/sudo_edit.c:707 +#: src/sudo_edit.c:575 src/sudo_edit.c:688 #, c-format msgid "%s: not a regular file" msgstr "%s: nejedná se o obyčejný soubor" -#: src/sudo_edit.c:601 +#: src/sudo_edit.c:582 #, c-format msgid "%s: editing symbolic links is not permitted" msgstr "%s: úprava symbolických odkazů není dovolena" -#: src/sudo_edit.c:604 +#: src/sudo_edit.c:585 #, c-format msgid "%s: editing files in a writable directory is not permitted" msgstr "%s: úprava souborů v adresáři, do kterého lze zapisovat, není dovolena" -#: src/sudo_edit.c:637 src/sudo_edit.c:747 +#: src/sudo_edit.c:618 src/sudo_edit.c:728 #, c-format msgid "%s: short write" msgstr "%s: krátký zápis" -#: src/sudo_edit.c:708 +#: src/sudo_edit.c:689 #, c-format msgid "%s left unmodified" msgstr "%s ponechán nezměněn" -#: src/sudo_edit.c:721 src/sudo_edit.c:908 +#: src/sudo_edit.c:702 src/sudo_edit.c:889 #, c-format msgid "%s unchanged" msgstr "%s nezměněn" -#: src/sudo_edit.c:736 src/sudo_edit.c:758 +#: src/sudo_edit.c:717 src/sudo_edit.c:739 #, c-format msgid "unable to write to %s" msgstr "do %s nelze zapsat" -#: src/sudo_edit.c:737 src/sudo_edit.c:756 src/sudo_edit.c:759 -#: src/sudo_edit.c:933 src/sudo_edit.c:937 +#: src/sudo_edit.c:718 src/sudo_edit.c:737 src/sudo_edit.c:740 +#: src/sudo_edit.c:914 src/sudo_edit.c:918 #, c-format msgid "contents of edit session left in %s" msgstr "obsah relace s úpravami ponechán v %s" -#: src/sudo_edit.c:755 +#: src/sudo_edit.c:736 msgid "unable to read temporary file" msgstr "nelze přečíst dočasný soubor" -#: src/sudo_edit.c:838 +#: src/sudo_edit.c:819 msgid "sesh: internal error: odd number of paths" msgstr "sesh: vnitřní chyba: lichý počet cest" -#: src/sudo_edit.c:840 +#: src/sudo_edit.c:821 msgid "sesh: unable to create temporary files" msgstr "sesh: nelze vytvořit dočasné soubory" -#: src/sudo_edit.c:842 src/sudo_edit.c:940 +#: src/sudo_edit.c:823 src/sudo_edit.c:921 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: neznámá chyba %d" -#: src/sudo_edit.c:932 +#: src/sudo_edit.c:913 msgid "unable to copy temporary files back to their original location" msgstr "dočasné soubory nelze zkopírovat zpět na jejich původní místo" -#: src/sudo_edit.c:936 +#: src/sudo_edit.c:917 msgid "unable to copy some of the temporary files back to their original location" msgstr "některé z dočasných souborů nelze zkopírovat zpět na jejich původní místo" -#: src/sudo_edit.c:981 +#: src/sudo_edit.c:962 #, c-format msgid "unable to change uid to root (%u)" msgstr "UID nelze změnit na roota (%u)" -#: src/sudo_edit.c:998 +#: src/sudo_edit.c:979 msgid "plugin error: missing file list for sudoedit" msgstr "chyba modulu: programu sudoedit chybí seznam souborů" -#: src/sudo_edit.c:1039 src/sudo_edit.c:1052 +#: src/sudo_edit.c:1020 src/sudo_edit.c:1033 msgid "unable to read the clock" msgstr "nelze přečíst hodiny" @@ -904,17 +958,17 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "program pro dotazování se na heslo nebyl zadán, zkuste nastavit SUDO_ASKPASS" -#: src/tgetpass.c:322 +#: src/tgetpass.c:332 #, c-format msgid "unable to set gid to %u" msgstr "GID nelze nastavit na %u" -#: src/tgetpass.c:326 +#: src/tgetpass.c:336 #, c-format msgid "unable to set uid to %u" msgstr "UID nelze nastavit na %u" -#: src/tgetpass.c:331 +#: src/tgetpass.c:341 #, c-format msgid "unable to run %s" msgstr "%s nelze spustit" @@ -931,6 +985,9 @@ msgid "unable to restore stdin" msgstr "standardní vstup nelze obnovit" +#~ msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" +#~ msgstr "ignoruje je opakovaný modul s politikou „%s“ v %s na řádku %d" + #~ msgid "no tty present and no askpass program specified" #~ msgstr "chybí terminál a program pro dotazování se na heslo nebyl zadán" @@ -943,9 +1000,6 @@ #~ msgid "error reading from signal pipe" #~ msgstr "chyba při čtení ze signální roury" -#~ msgid "error reading from pipe" -#~ msgstr "chyba při čtení z roury" - #~ msgid "unable to set terminal to raw mode" #~ msgstr "terminál nelze přepnout do syrového režimu" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/po/de.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/po/de.mo differ diff -Nru sudo-1.8.31/po/de.po sudo-1.9.0/po/de.po --- sudo-1.8.31/po/de.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/po/de.po 2020-05-11 16:28:23.000000000 +0000 @@ -1,13 +1,13 @@ # German translation for sudo. # This file is distributed under the same license as the sudo package. # Jakob Kramer , 2012, 2013, 2014. -# Mario Blättermann , 2012, 2014-2017, 2019. +# Mario Blättermann , 2012, 2014-2017, 2019-2020. msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.29rc1\n" +"Project-Id-Version: sudo 1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-10-25 13:46+0200\n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-03-14 19:44+0100\n" "Last-Translator: Mario Blättermann \n" "Language-Team: German \n" "Language: de\n" @@ -16,7 +16,7 @@ "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" -"X-Generator: Lokalize 19.08.2\n" +"X-Generator: Lokalize 19.12.2\n" #: lib/util/aix.c:92 lib/util/aix.c:172 msgid "unable to open userdb" @@ -32,74 +32,98 @@ msgstr "Registrierungsdatenbank konnte nicht wiederhergestellt werden" #: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/gidlist.c:81 -#: lib/util/sudo_conf.c:193 lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 -#: lib/util/sudo_conf.c:560 src/conversation.c:84 src/exec_common.c:114 -#: src/exec_common.c:130 src/exec_common.c:139 src/exec_monitor.c:212 -#: src/exec_monitor.c:467 src/exec_monitor.c:473 src/exec_monitor.c:481 +#: lib/util/json.c:66 lib/util/json.c:192 lib/util/sudo_conf.c:191 +#: lib/util/sudo_conf.c:277 lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 +#: src/conversation.c:86 src/exec_common.c:114 src/exec_common.c:130 +#: src/exec_common.c:139 src/exec_monitor.c:211 src/exec_monitor.c:460 +#: src/exec_monitor.c:466 src/exec_monitor.c:474 src/exec_monitor.c:482 #: src/exec_monitor.c:489 src/exec_monitor.c:496 src/exec_monitor.c:503 #: src/exec_monitor.c:510 src/exec_monitor.c:517 src/exec_monitor.c:524 -#: src/exec_monitor.c:531 src/exec_monitor.c:538 src/exec_nopty.c:214 -#: src/exec_nopty.c:220 src/exec_nopty.c:229 src/exec_nopty.c:236 -#: src/exec_nopty.c:243 src/exec_nopty.c:250 src/exec_nopty.c:257 -#: src/exec_nopty.c:264 src/exec_nopty.c:271 src/exec_nopty.c:278 -#: src/exec_nopty.c:285 src/exec_nopty.c:292 src/exec_nopty.c:299 -#: src/exec_nopty.c:307 src/exec_nopty.c:480 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1002 -#: src/exec_pty.c:1165 src/exec_pty.c:1171 src/exec_pty.c:1180 -#: src/exec_pty.c:1187 src/exec_pty.c:1194 src/exec_pty.c:1201 -#: src/exec_pty.c:1208 src/exec_pty.c:1215 src/exec_pty.c:1222 -#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 -#: src/exec_pty.c:1251 src/exec_pty.c:1668 src/load_plugins.c:59 -#: src/load_plugins.c:72 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:207 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:679 src/sudo.c:689 src/sudo.c:710 src/sudo.c:729 -#: src/sudo.c:738 src/sudo.c:747 src/sudo.c:764 src/sudo.c:805 src/sudo.c:815 -#: src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 src/sudo.c:1240 -#: src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 src/sudo_edit.c:891 -#: src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:531 src/exec_nopty.c:218 src/exec_nopty.c:227 +#: src/exec_nopty.c:234 src/exec_nopty.c:241 src/exec_nopty.c:248 +#: src/exec_nopty.c:255 src/exec_nopty.c:262 src/exec_nopty.c:269 +#: src/exec_nopty.c:276 src/exec_nopty.c:283 src/exec_nopty.c:290 +#: src/exec_nopty.c:297 src/exec_nopty.c:305 src/exec_nopty.c:479 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1038 src/exec_pty.c:1206 src/exec_pty.c:1215 +#: src/exec_pty.c:1222 src/exec_pty.c:1229 src/exec_pty.c:1236 +#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 +#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 +#: src/exec_pty.c:1286 src/exec_pty.c:1709 src/load_plugins.c:59 +#: src/load_plugins.c:72 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:207 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:625 src/sudo.c:685 +#: src/sudo.c:695 src/sudo.c:716 src/sudo.c:735 src/sudo.c:744 src/sudo.c:753 +#: src/sudo.c:770 src/sudo.c:811 src/sudo.c:821 src/sudo.c:847 src/sudo.c:1037 +#: src/sudo.c:1059 src/sudo.c:1355 src/sudo.c:1528 src/sudo.c:1722 +#: src/sudo.c:2066 src/sudo_edit.c:270 src/sudo_edit.c:775 src/sudo_edit.c:872 +#: src/sudo_edit.c:986 src/sudo_edit.c:1006 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/sudo_conf.c:194 -#: lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 lib/util/sudo_conf.c:560 -#: src/conversation.c:85 src/exec_common.c:114 src/exec_common.c:131 -#: src/exec_common.c:140 src/exec_monitor.c:467 src/exec_monitor.c:473 -#: src/exec_monitor.c:481 src/exec_monitor.c:489 src/exec_monitor.c:496 +#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/json.c:67 +#: lib/util/json.c:193 lib/util/sudo_conf.c:192 lib/util/sudo_conf.c:277 +#: lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 src/conversation.c:87 +#: src/exec_common.c:114 src/exec_common.c:131 src/exec_common.c:140 +#: src/exec_monitor.c:460 src/exec_monitor.c:466 src/exec_monitor.c:474 +#: src/exec_monitor.c:482 src/exec_monitor.c:489 src/exec_monitor.c:496 #: src/exec_monitor.c:503 src/exec_monitor.c:510 src/exec_monitor.c:517 -#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_monitor.c:538 -#: src/exec_nopty.c:214 src/exec_nopty.c:220 src/exec_nopty.c:229 -#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 -#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 -#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 -#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1165 -#: src/exec_pty.c:1171 src/exec_pty.c:1180 src/exec_pty.c:1187 -#: src/exec_pty.c:1194 src/exec_pty.c:1201 src/exec_pty.c:1208 -#: src/exec_pty.c:1215 src/exec_pty.c:1222 src/exec_pty.c:1229 -#: src/exec_pty.c:1236 src/exec_pty.c:1243 src/exec_pty.c:1251 -#: src/exec_pty.c:1668 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:208 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 -#: src/sudo.c:1240 src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 -#: src/sudo_edit.c:891 src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_nopty.c:218 +#: src/exec_nopty.c:227 src/exec_nopty.c:234 src/exec_nopty.c:241 +#: src/exec_nopty.c:248 src/exec_nopty.c:255 src/exec_nopty.c:262 +#: src/exec_nopty.c:269 src/exec_nopty.c:276 src/exec_nopty.c:283 +#: src/exec_nopty.c:290 src/exec_nopty.c:297 src/exec_nopty.c:305 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1206 src/exec_pty.c:1215 src/exec_pty.c:1222 +#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 +#: src/exec_pty.c:1250 src/exec_pty.c:1257 src/exec_pty.c:1264 +#: src/exec_pty.c:1271 src/exec_pty.c:1278 src/exec_pty.c:1286 +#: src/exec_pty.c:1709 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:208 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:239 src/sudo.c:625 +#: src/sudo.c:847 src/sudo.c:1037 src/sudo.c:1059 src/sudo.c:1355 +#: src/sudo.c:1528 src/sudo.c:1722 src/sudo.c:2066 src/sudo_edit.c:270 +#: src/sudo_edit.c:775 src/sudo_edit.c:872 src/sudo_edit.c:986 +#: src/sudo_edit.c:1006 msgid "unable to allocate memory" msgstr "Speicher konnte nicht zugewiesen werden" +#: lib/util/mkdir_parents.c:79 lib/util/sudo_conf.c:619 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 +#, c-format +msgid "unable to open %s" +msgstr "%s konnte nicht geöffnet werden" + +#: lib/util/mkdir_parents.c:94 +#, c-format +msgid "unable to mkdir %s" +msgstr "Verzeichnis %s konnte nicht erstellt werden" + +#: lib/util/mkdir_parents.c:103 lib/util/sudo_conf.c:596 +#, c-format +msgid "unable to stat %s" +msgstr "stat konnte nicht auf %s angewendet werden" + +#: lib/util/mkdir_parents.c:108 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s existiert, aber ist kein Verzeichnis (0%o)" + #: lib/util/strsignal.c:55 msgid "Unknown signal" msgstr "Unbekanntes Signal" #: lib/util/strtoid.c:96 lib/util/strtomode.c:56 lib/util/strtonum.c:161 -#: lib/util/strtonum.c:196 +#: lib/util/strtonum.c:200 msgid "invalid value" msgstr "ungültiger Wert" @@ -111,87 +135,77 @@ msgid "value too small" msgstr "Wert zu klein" -#: lib/util/sudo_conf.c:212 +#: lib/util/sudo_conf.c:210 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "Ungültiger Pfad-Wert »%s« in %s, Zeile %u" -#: lib/util/sudo_conf.c:378 lib/util/sudo_conf.c:431 +#: lib/util/sudo_conf.c:376 lib/util/sudo_conf.c:392 lib/util/sudo_conf.c:445 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "Ungültiger Wert für %s »%s« in %s, Zeile %u" -#: lib/util/sudo_conf.c:399 +#: lib/util/sudo_conf.c:413 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "Nicht unterstützte Gruppenquelle »%s« in %s, Zeile %u" -#: lib/util/sudo_conf.c:415 +#: lib/util/sudo_conf.c:429 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "Ungültige Maximalzahl an Gruppen »%s« in %s, Zeile %u" -#: lib/util/sudo_conf.c:576 -#, c-format -msgid "unable to stat %s" -msgstr "stat konnte nicht auf %s angewendet werden" - -#: lib/util/sudo_conf.c:579 +#: lib/util/sudo_conf.c:599 #, c-format msgid "%s is not a regular file" msgstr "%s ist keine reguläre Datei" -#: lib/util/sudo_conf.c:582 +#: lib/util/sudo_conf.c:602 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s gehört Benutzer mit UID %u, sollte allerdings %u gehören" -#: lib/util/sudo_conf.c:586 +#: lib/util/sudo_conf.c:606 #, c-format msgid "%s is world writable" msgstr "%s kann von allen verändert werden" -#: lib/util/sudo_conf.c:589 +#: lib/util/sudo_conf.c:609 #, c-format msgid "%s is group writable" msgstr "%s kann von der Gruppe verändert werden" -#: lib/util/sudo_conf.c:599 src/selinux.c:233 src/selinux.c:250 src/sudo.c:363 -#, c-format -msgid "unable to open %s" -msgstr "%s konnte nicht geöffnet werden" - -#: src/exec.c:111 +#: src/exec.c:135 #, c-format msgid "unknown login class %s" msgstr "Unbekannte Anmeldungsklasse %s" -#: src/exec.c:123 +#: src/exec.c:147 msgid "unable to set user context" msgstr "Benutzerkontext konnte nicht gesetzt werden" -#: src/exec.c:139 +#: src/exec.c:163 msgid "unable to set process priority" msgstr "Prozesspriorität konnte nicht gesetzt werden" -#: src/exec.c:150 +#: src/exec.c:177 #, c-format msgid "unable to change root to %s" msgstr "Wurzelverzeichnis konnte nicht zu %s geändert werden" -#: src/exec.c:163 src/exec.c:169 src/exec.c:176 +#: src/exec.c:190 src/exec.c:196 src/exec.c:203 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "Es konnte nicht zu »runas«-GID gewechselt werden (%u, %u)" -#: src/exec.c:194 +#: src/exec.c:221 #, c-format msgid "unable to change directory to %s" msgstr "In Verzeichnis »%s« konnte nicht gewechselt werden" -#: src/exec.c:293 src/exec_monitor.c:576 src/exec_monitor.c:578 -#: src/exec_nopty.c:538 src/exec_pty.c:530 src/exec_pty.c:1336 -#: src/exec_pty.c:1338 src/signal.c:150 src/signal.c:164 +#: src/exec.c:304 src/exec_monitor.c:569 src/exec_monitor.c:571 +#: src/exec_nopty.c:537 src/exec_pty.c:566 src/exec_pty.c:1373 +#: src/exec_pty.c:1375 src/signal.c:150 src/signal.c:164 #, c-format msgid "unable to set handler for signal %d" msgstr "Handler für Signal %d konnte nicht gesetzt werden" @@ -200,89 +214,107 @@ msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "PRIV_PROC_EXEC konnte nicht von PRIV_LIMIT entfernt werden" -#: src/exec_monitor.c:366 +#: src/exec_monitor.c:365 msgid "error reading from socketpair" msgstr "Fehler beim Lesen des Socket-Paars" -#: src/exec_monitor.c:383 +#: src/exec_monitor.c:382 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "Unerwarteter Antworttyp auf Rückmeldungskanal: %d" -#: src/exec_monitor.c:475 src/exec_monitor.c:483 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_monitor.c:533 -#: src/exec_monitor.c:540 src/exec_nopty.c:222 src/exec_nopty.c:231 -#: src/exec_nopty.c:238 src/exec_nopty.c:245 src/exec_nopty.c:252 -#: src/exec_nopty.c:259 src/exec_nopty.c:266 src/exec_nopty.c:273 -#: src/exec_nopty.c:280 src/exec_nopty.c:287 src/exec_nopty.c:294 -#: src/exec_nopty.c:301 src/exec_nopty.c:309 src/exec_pty.c:652 -#: src/exec_pty.c:657 src/exec_pty.c:754 src/exec_pty.c:761 src/exec_pty.c:858 -#: src/exec_pty.c:1173 src/exec_pty.c:1182 src/exec_pty.c:1189 -#: src/exec_pty.c:1196 src/exec_pty.c:1203 src/exec_pty.c:1210 -#: src/exec_pty.c:1217 src/exec_pty.c:1224 src/exec_pty.c:1231 -#: src/exec_pty.c:1238 src/exec_pty.c:1245 src/exec_pty.c:1621 -#: src/exec_pty.c:1631 src/exec_pty.c:1676 src/exec_pty.c:1683 -#: src/exec_pty.c:1710 +#: src/exec_monitor.c:468 src/exec_monitor.c:476 src/exec_monitor.c:484 +#: src/exec_monitor.c:491 src/exec_monitor.c:498 src/exec_monitor.c:505 +#: src/exec_monitor.c:512 src/exec_monitor.c:519 src/exec_monitor.c:526 +#: src/exec_monitor.c:533 src/exec_nopty.c:220 src/exec_nopty.c:229 +#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 +#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 +#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 +#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:688 +#: src/exec_pty.c:693 src/exec_pty.c:790 src/exec_pty.c:797 src/exec_pty.c:894 +#: src/exec_pty.c:1208 src/exec_pty.c:1217 src/exec_pty.c:1224 +#: src/exec_pty.c:1231 src/exec_pty.c:1238 src/exec_pty.c:1245 +#: src/exec_pty.c:1252 src/exec_pty.c:1259 src/exec_pty.c:1266 +#: src/exec_pty.c:1273 src/exec_pty.c:1280 src/exec_pty.c:1662 +#: src/exec_pty.c:1672 src/exec_pty.c:1717 src/exec_pty.c:1724 +#: src/exec_pty.c:1751 msgid "unable to add event to queue" msgstr "Ereignis konnte nicht zur Warteschlange hinzugefügt werden" -#: src/exec_monitor.c:594 +#: src/exec_monitor.c:587 msgid "unable to set controlling tty" msgstr "Kontrollierendes TTY konnte nicht gesetzt werden" -#: src/exec_monitor.c:602 src/exec_nopty.c:366 src/exec_pty.c:1415 -#: src/exec_pty.c:1436 src/exec_pty.c:1456 src/tgetpass.c:307 +#: src/exec_monitor.c:595 src/exec_nopty.c:364 src/exec_pty.c:1452 +#: src/exec_pty.c:1473 src/exec_pty.c:1493 src/tgetpass.c:311 msgid "unable to create pipe" msgstr "Weiterleitung konnte nicht erstellt werden" -#: src/exec_monitor.c:610 +#: src/exec_monitor.c:603 msgid "unable to receive message from parent" msgstr "Die Nachricht konnte nicht empfangen werden" -#: src/exec_monitor.c:624 src/exec_nopty.c:395 src/exec_pty.c:1494 -#: src/tgetpass.c:311 +#: src/exec_monitor.c:617 src/exec_nopty.c:393 src/exec_pty.c:1531 +#: src/tgetpass.c:315 msgid "unable to fork" msgstr "Es konnte nicht geforkt werden" -#: src/exec_monitor.c:628 src/exec_monitor.c:727 src/exec_nopty.c:448 +#: src/exec_monitor.c:621 src/exec_monitor.c:720 src/exec_nopty.c:447 msgid "unable to restore tty label" msgstr "TTY-Kennzeichnung konnte nicht wiederhergestellt werden" -#: src/exec_monitor.c:644 src/sesh.c:127 src/sudo.c:1100 +#: src/exec_monitor.c:637 src/sesh.c:127 src/sudo.c:1114 #, c-format msgid "unable to execute %s" msgstr "%s konnte nicht ausgeführt werden" -#: src/exec_nopty.c:360 src/exec_pty.c:1345 +#: src/exec_nopty.c:358 src/exec_pty.c:1382 msgid "policy plugin failed session initialization" msgstr "Regelwerks-Plugin konnte Sitzung nicht initialisieren" -#: src/exec_nopty.c:437 src/exec_pty.c:1581 +#: src/exec_nopty.c:435 src/exec_pty.c:1617 msgid "error in event loop" msgstr "Fehler in Ereignisschleife" -#: src/exec_nopty.c:546 src/exec_pty.c:565 src/signal.c:112 +#: src/exec_nopty.c:545 src/exec_pty.c:601 src/signal.c:112 #, c-format msgid "unable to restore handler for signal %d" msgstr "Handler für Signal %d konnte nicht wiederhergestellt werden" -#: src/exec_pty.c:158 +#: src/exec_pty.c:157 msgid "unable to allocate pty" msgstr "PTY konnte nicht vergeben werden" -#: src/exec_pty.c:1325 +#: src/exec_pty.c:221 src/exec_pty.c:260 src/exec_pty.c:299 src/exec_pty.c:349 +#: src/exec_pty.c:399 +msgid "I/O plugin error" +msgstr "E/A-Pluginfehler" + +#: src/exec_pty.c:224 src/exec_pty.c:263 src/exec_pty.c:302 src/exec_pty.c:352 +#: src/exec_pty.c:402 +msgid "command rejected by I/O plugin" +msgstr "Befehl wurde vom E/A-Plugin abgewiesen" + +#: src/exec_pty.c:449 +msgid "error logging suspend" +msgstr "Fehler bei der Aussetzung der Protokollierung" + +#: src/exec_pty.c:482 +msgid "error changing window size" +msgstr "Fehler beim Ändern der Fenstergröße" + +#: src/exec_pty.c:1362 msgid "unable to create sockets" msgstr "Sockets konnten nicht hergestellt werden" -#: src/exec_pty.c:1538 +#: src/exec_pty.c:1574 msgid "unable to send message to monitor process" msgstr "Die Nachricht konnte nicht an den überwachenden Prozess verschickt werden" #: src/load_plugins.c:57 src/load_plugins.c:70 src/load_plugins.c:92 -#: src/load_plugins.c:122 src/load_plugins.c:134 src/load_plugins.c:140 -#: src/load_plugins.c:181 src/load_plugins.c:189 src/load_plugins.c:196 -#: src/load_plugins.c:202 +#: src/load_plugins.c:122 src/load_plugins.c:136 src/load_plugins.c:142 +#: src/load_plugins.c:293 src/load_plugins.c:301 src/load_plugins.c:308 +#: src/load_plugins.c:348 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "Fehler in %s, Zeile %d, während Plugin »%s« geladen wurde" @@ -292,61 +324,56 @@ msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:136 +#: src/load_plugins.c:138 #, c-format msgid "%s must be owned by uid %d" msgstr "%s muss Benutzer mit UID %d gehören" -#: src/load_plugins.c:142 +#: src/load_plugins.c:144 #, c-format msgid "%s must be only be writable by owner" msgstr "%s darf nur vom Besitzer beschreibbar sein" -#: src/load_plugins.c:183 +#: src/load_plugins.c:254 src/load_plugins.c:321 +#, c-format +msgid "ignoring duplicate plugin \"%s\" in %s, line %d" +msgstr "Doppelt vorhandenes Plugin »%s« in %s, Zeile %d, wird ignoriert" + +#: src/load_plugins.c:295 #, c-format msgid "unable to load %s: %s" msgstr "»%s« konnte nicht geladen werden: %s" -#: src/load_plugins.c:191 +#: src/load_plugins.c:303 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "Symbol »%s« konnte in %s nicht gefunden werden" -#: src/load_plugins.c:198 -#, c-format -msgid "unknown policy type %d found in %s" -msgstr "Unbekannter Regelwerktyp %d wurde in %s gefunden" - -#: src/load_plugins.c:204 +#: src/load_plugins.c:310 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "Inkompatible Hauptversion %d des Regelwerks (%d erwartet) wurde in %s gefunden" -#: src/load_plugins.c:213 +#: src/load_plugins.c:324 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "Regelwerks-Plugin »%s« in %s, Zeile %d, wird ignoriert" -#: src/load_plugins.c:215 +#: src/load_plugins.c:326 msgid "only a single policy plugin may be specified" msgstr "Nur ein einziges Regelwerks-Plugin kann geladen werden" -#: src/load_plugins.c:218 -#, c-format -msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" -msgstr "Doppelt vorhandenes Regelwerks-Plugin »%s« in %s, Zeile %d, wird ignoriert" - -#: src/load_plugins.c:237 +#: src/load_plugins.c:350 #, c-format -msgid "ignoring duplicate I/O plugin \"%s\" in %s, line %d" -msgstr "Doppelt vorhandenes E/A-Plugin »%s« in %s, Zeile %d, wird ignoriert" +msgid "unknown plugin type %d found in %s" +msgstr "Unbekannter Plugintyp %d wurde in %s gefunden" -#: src/load_plugins.c:353 +#: src/load_plugins.c:511 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "Das Regelwerks-Plugin %s enthält keine check_policy-Methode" -#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:473 +#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:478 #, c-format msgid "internal error, %s overflow" msgstr "Interner Fehler: %s-Überlauf" @@ -360,39 +387,39 @@ msgid "the argument to -C must be a number greater than or equal to 3" msgstr "Das Argument für -C muss eine Zahl größer oder gleich 3 sein" -#: src/parse_args.c:523 +#: src/parse_args.c:524 msgid "you may not specify both the `-i' and `-s' options" msgstr "Die Optionen »-i« und »-s« können nicht gemeinsam benutzt werden" -#: src/parse_args.c:527 +#: src/parse_args.c:528 msgid "you may not specify both the `-i' and `-E' options" msgstr "Die Optionen »-i« und »-E« können nicht gemeinsam benutzt werden" -#: src/parse_args.c:537 +#: src/parse_args.c:538 msgid "the `-E' option is not valid in edit mode" msgstr "Die Option »-E« ist im Bearbeiten-Modus ungültig" -#: src/parse_args.c:539 +#: src/parse_args.c:540 msgid "you may not specify environment variables in edit mode" msgstr "Im Bearbeiten-Modus können keine Umgebungsvariablen gesetzt werden" -#: src/parse_args.c:547 +#: src/parse_args.c:548 msgid "the `-U' option may only be used with the `-l' option" msgstr "Die »-U«-Option kann nur zusammen mit »-l« benutzt werden" -#: src/parse_args.c:551 +#: src/parse_args.c:552 msgid "the `-A' and `-S' options may not be used together" msgstr "Die Optionen »-A« und »-S« können nicht gemeinsam benutzt werden" -#: src/parse_args.c:627 +#: src/parse_args.c:645 msgid "sudoedit is not supported on this platform" msgstr "sudoedit ist auf dieser Plattform nicht verfügbar" -#: src/parse_args.c:700 +#: src/parse_args.c:726 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Nur eine der Optionen -e, -h, -i, -K, -l, -s, -v oder -V darf angegeben werden" -#: src/parse_args.c:714 +#: src/parse_args.c:740 #, c-format msgid "" "%s - edit files as another user\n" @@ -401,7 +428,7 @@ "%s - Dateien als anderer Benutzer verändern\n" "\n" -#: src/parse_args.c:716 +#: src/parse_args.c:742 #, c-format msgid "" "%s - execute a command as another user\n" @@ -410,7 +437,7 @@ "%s - Einen Befehl als anderer Benutzer ausführen\n" "\n" -#: src/parse_args.c:721 +#: src/parse_args.c:747 #, c-format msgid "" "\n" @@ -419,123 +446,123 @@ "\n" "Optionen:\n" -#: src/parse_args.c:723 +#: src/parse_args.c:749 msgid "use a helper program for password prompting" msgstr "Hilfsprogramm zum Eingeben des Passworts verwenden" -#: src/parse_args.c:726 +#: src/parse_args.c:752 msgid "use specified BSD authentication type" msgstr "Angegebenen BSD-Legitimierungstypen verwenden" -#: src/parse_args.c:729 +#: src/parse_args.c:755 msgid "run command in the background" msgstr "Befehl im Hintergrund ausführen" -#: src/parse_args.c:731 +#: src/parse_args.c:757 msgid "ring bell when prompting" msgstr "Bei Eingabeaufforderung Systemklang abspielen" -#: src/parse_args.c:733 +#: src/parse_args.c:759 msgid "close all file descriptors >= num" msgstr "Alle Dateideskriptoren >= num schließen" -#: src/parse_args.c:736 +#: src/parse_args.c:762 msgid "run command with the specified BSD login class" msgstr "Befehl unter angegebener Login-Klasse ausführen" -#: src/parse_args.c:739 +#: src/parse_args.c:765 msgid "preserve user environment when running command" msgstr "Benutzerumgebung beim Starten des Befehls beibehalten" -#: src/parse_args.c:741 +#: src/parse_args.c:767 msgid "preserve specific environment variables" msgstr "Spezifische Umgebungsvariablen beibehalten" -#: src/parse_args.c:743 +#: src/parse_args.c:769 msgid "edit files instead of running a command" msgstr "Dateien bearbeiten, statt einen Befehl auszuführen" -#: src/parse_args.c:745 +#: src/parse_args.c:771 msgid "run command as the specified group name or ID" msgstr "Befehl unter angegebenem Gruppennamen oder Gruppen-ID ausführen" -#: src/parse_args.c:747 +#: src/parse_args.c:773 msgid "set HOME variable to target user's home dir" msgstr "HOME-Variable als Home-Verzeichnis des Zielbenutzers setzen" -#: src/parse_args.c:749 +#: src/parse_args.c:775 msgid "display help message and exit" msgstr "Hilfe ausgeben und beenden" -#: src/parse_args.c:751 +#: src/parse_args.c:777 msgid "run command on host (if supported by plugin)" msgstr "Befehl auf entferntem System ausführen (falls vom Plugin unterstützt)" -#: src/parse_args.c:753 +#: src/parse_args.c:779 msgid "run login shell as the target user; a command may also be specified" msgstr "Anmeldeshell als Zielbenutzer starten; es kann auch ein Befehl angegeben werden" -#: src/parse_args.c:755 +#: src/parse_args.c:781 msgid "remove timestamp file completely" msgstr "Zeitstempeldateien komplett entfernen" -#: src/parse_args.c:757 +#: src/parse_args.c:783 msgid "invalidate timestamp file" msgstr "Zeitstempeldatei ungültig machen" -#: src/parse_args.c:759 +#: src/parse_args.c:785 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "Benutzerrechte aufzählen oder einen bestimmten Befehl testen; für ein längeres Format zweimal angeben" -#: src/parse_args.c:761 +#: src/parse_args.c:787 msgid "non-interactive mode, no prompts are used" msgstr "Nicht-interaktiver Modus, es werden keine Eingabeaufforderungen verwendet" -#: src/parse_args.c:763 +#: src/parse_args.c:789 msgid "preserve group vector instead of setting to target's" msgstr "Gruppen-Vektor beibehalten, statt auf den des Zielbenutzers zu setzen" -#: src/parse_args.c:765 +#: src/parse_args.c:791 msgid "use the specified password prompt" msgstr "Angegebene Passwort-Eingabeaufforderung benutzen" -#: src/parse_args.c:768 +#: src/parse_args.c:794 msgid "create SELinux security context with specified role" msgstr "SELinux-Sicherheitskontext mit angegebener Funktion erstellen" -#: src/parse_args.c:771 +#: src/parse_args.c:797 msgid "read password from standard input" msgstr "Passwort von der Standardeingabe lesen" -#: src/parse_args.c:773 +#: src/parse_args.c:799 msgid "run shell as the target user; a command may also be specified" msgstr "Shell als Zielbenutzer ausführen; es kann auch ein Befehl angegeben werden" -#: src/parse_args.c:776 +#: src/parse_args.c:802 msgid "create SELinux security context with specified type" msgstr "SELinux-Sicherheitskontext mit angegebenem Typ erstellen" -#: src/parse_args.c:779 +#: src/parse_args.c:805 msgid "terminate command after the specified time limit" msgstr "Befehlausführung nach der angegebenen Zeitbegrenzung abbrechen" -#: src/parse_args.c:781 +#: src/parse_args.c:807 msgid "in list mode, display privileges for user" msgstr "im Aufzählungsmodus, Rechte des Benutzers anzeigen" -#: src/parse_args.c:783 +#: src/parse_args.c:809 msgid "run command (or edit file) as specified user name or ID" msgstr "Befehl oder Datei unter angegebenem Benutzernamen oder Benutzer-ID ausführen bzw. ändern" -#: src/parse_args.c:785 +#: src/parse_args.c:811 msgid "display version information and exit" msgstr "Versionsinformation anzeigen und beenden" -#: src/parse_args.c:787 +#: src/parse_args.c:813 msgid "update user's timestamp without running a command" msgstr "Den Zeitstempel des Benutzers erneuern, ohne einen Befehl auszuführen" -#: src/parse_args.c:789 +#: src/parse_args.c:815 msgid "stop processing command line arguments" msgstr "Aufhören, die Befehlszeilenargumente zu verarbeiten" @@ -567,7 +594,7 @@ msgid "unable to open %s, not relabeling tty" msgstr "%s konnte nicht geöffnet werden, TTY wird nicht neu gekennzeichnet" -#: src/selinux.c:194 src/selinux.c:237 src/selinux.c:254 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s ist kein zeichenorientiertes Gerät, TTY wird nicht neu gekennzeichnet." @@ -592,54 +619,54 @@ msgid "unable to set new tty context" msgstr "Neuer TTY-Kontext konnte nicht festgestellt werden" -#: src/selinux.c:298 +#: src/selinux.c:322 #, c-format msgid "you must specify a role for type %s" msgstr "Für den Typen %s muss eine Funktion angegeben werden" -#: src/selinux.c:304 +#: src/selinux.c:328 #, c-format msgid "unable to get default type for role %s" msgstr "Standardtyp für Funktion %s konnte nicht ermittelt werden" -#: src/selinux.c:316 +#: src/selinux.c:340 msgid "failed to get new context" msgstr "»new_context« konnte nicht geholt werden" -#: src/selinux.c:325 +#: src/selinux.c:349 #, c-format msgid "failed to set new role %s" msgstr "Neue Funktion %s konnte nicht festgelegt werden" -#: src/selinux.c:329 +#: src/selinux.c:353 #, c-format msgid "failed to set new type %s" msgstr "Neuer Typ %s konnte nicht festgelegt werden" -#: src/selinux.c:341 +#: src/selinux.c:365 #, c-format msgid "%s is not a valid context" msgstr "%s ist kein gültiger Kontext" -#: src/selinux.c:373 +#: src/selinux.c:397 msgid "failed to get old context" msgstr "»old_context« konnte nicht geholt werden" -#: src/selinux.c:379 +#: src/selinux.c:403 msgid "unable to determine enforcing mode." msgstr "»Enforcing«-Modus konnte nicht bestimmt werden." -#: src/selinux.c:396 +#: src/selinux.c:420 #, c-format msgid "unable to set tty context to %s" msgstr "TTY-Kontext konnte nicht auf %s gesetzt werden" -#: src/selinux.c:428 +#: src/selinux.c:452 #, c-format msgid "unable to set exec context to %s" msgstr "Ausführungskontext konnte nicht auf »%s« gesetzt werden" -#: src/selinux.c:435 +#: src/selinux.c:459 #, c-format msgid "unable to set key creation context to %s" msgstr "Kontext der Schüsselerstellung konnte nicht auf %s festgelegt werden." @@ -706,185 +733,211 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "Warnung: Ressourcenkontrolle von Projekt »%s« konnte nicht zugewiesen werden" -#: src/sudo.c:204 +#: src/sudo.c:224 #, c-format msgid "Sudo version %s\n" msgstr "Sudo-Version %s\n" -#: src/sudo.c:206 +#: src/sudo.c:226 #, c-format msgid "Configure options: %s\n" msgstr "Optionen für »configure«: %s\n" -#: src/sudo.c:214 +#: src/sudo.c:235 msgid "fatal error, unable to load plugins" msgstr "Schwerwiegender Fehler, Plugins konnten nicht geladen werden" -#: src/sudo.c:222 -msgid "unable to initialize policy plugin" -msgstr "Regelwerks-Plugin konnte nicht initialisiert werden" - -#: src/sudo.c:266 +#: src/sudo.c:280 msgid "plugin did not return a command to execute" msgstr "Plugin gab keinen auszuführenden Befehl zurück" -#: src/sudo.c:282 -#, c-format -msgid "error initializing I/O plugin %s" -msgstr "E/A-Plugin %s konnte nicht initialisiert werden" - -#: src/sudo.c:306 +#: src/sudo.c:311 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "Unerwarteter sudo-Modus 0x%x" -#: src/sudo.c:538 +#: src/sudo.c:544 #, c-format msgid "you do not exist in the %s database" msgstr "Sie sind in der %s-Datenbank nicht enthalten" -#: src/sudo.c:595 +#: src/sudo.c:601 msgid "unable to determine tty" msgstr "TTY konnte nicht ermittelt werden" -#: src/sudo.c:887 +#: src/sudo.c:893 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s muss dem Benutzer mit UID %d gehören und das »setuid«-Bit gesetzt haben" -#: src/sudo.c:890 +#: src/sudo.c:896 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "Effektive UID ist nicht %d. Liegt %s auf einem Dateisystem mit gesetzter »nosuid«-Option oder auf einem NFS-Dateisystem ohne Root-Rechte?" -#: src/sudo.c:896 +#: src/sudo.c:902 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "Effektive UID ist nicht %d. Wurde sudo mit »setuid root« installiert?" -#: src/sudo.c:912 +#: src/sudo.c:918 msgid "unable to set supplementary group IDs" msgstr "Zusätzliche Gruppenkennungen konnten nicht gesetzt werden" -#: src/sudo.c:919 +#: src/sudo.c:925 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "Effektive GID konnte nicht auf »runas«-GID %u gesetzt werden" -#: src/sudo.c:925 +#: src/sudo.c:931 #, c-format msgid "unable to set gid to runas gid %u" msgstr "GID konnte nicht auf »runas«-GID %u gesetzt werden" -#: src/sudo.c:982 +#: src/sudo.c:978 #, c-format msgid "unexpected child termination condition: %d" msgstr "Unerwartete Abbruchbedingung eines Unterprozesses: %d" -#: src/sudo.c:1128 +#: src/sudo.c:1087 +msgid "unable to initialize policy plugin" +msgstr "Regelwerks-Plugin konnte nicht initialisiert werden" + +#: src/sudo.c:1148 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "Dem Regelwerks-Plugin %s fehlt die »check_policy«-Methode" -#: src/sudo.c:1146 +#: src/sudo.c:1163 src/sudo.c:1216 src/sudo.c:1260 +msgid "command rejected by policy" +msgstr "Befehl wurde durch Regelwerk abgewiesen" + +#: src/sudo.c:1168 src/sudo.c:1221 src/sudo.c:1265 +msgid "policy plugin error" +msgstr "Regelwerk-Plugin-Fehler" + +#: src/sudo.c:1202 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "Regelwerks-Plugin %s unterstützt das Auflisten von Privilegien nicht" -#: src/sudo.c:1163 +#: src/sudo.c:1246 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "Regelwerks-Plugin %s unterstützt die Option -v nicht" -#: src/sudo.c:1178 +#: src/sudo.c:1284 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "Regelwerks-Plugin %s unterstützt die Optionen -k und -K nicht" -#: src/sudo_edit.c:221 +#: src/sudo.c:1413 +#, c-format +msgid "error initializing I/O plugin %s" +msgstr "E/A-Plugin %s konnte nicht initialisiert werden" + +#: src/sudo.c:1567 +#, c-format +msgid "error initializing audit plugin %s" +msgstr "Audit-Plugin %s konnte nicht initialisiert werden" + +#: src/sudo.c:1745 +#, c-format +msgid "error initializing approval plugin %s" +msgstr "Genehmigungs-Plugin %s konnte nicht initialisiert werden" + +#: src/sudo.c:1821 +msgid "command rejected by approver" +msgstr "Befehl wurde vom Genehmigenden abgewiesen" + +#: src/sudo.c:1830 +msgid "approval plugin error" +msgstr "Genehmigungs-Plugin-Fehler" + +#: src/sudo_edit.c:233 msgid "no writable temporary directory found" msgstr "Kein beschreibbares temporäres Verzeichnis gefunden" -#: src/sudo_edit.c:288 src/sudo_edit.c:377 +#: src/sudo_edit.c:358 msgid "unable to restore current working directory" msgstr "Aktueller Arbeitsordner konnte nicht wiederhergestellt werden" -#: src/sudo_edit.c:594 src/sudo_edit.c:707 +#: src/sudo_edit.c:575 src/sudo_edit.c:688 #, c-format msgid "%s: not a regular file" msgstr "%s: Keine reguläre Datei" -#: src/sudo_edit.c:601 +#: src/sudo_edit.c:582 #, c-format msgid "%s: editing symbolic links is not permitted" msgstr "%s: Bearbeiten symbolischer Links ist nicht erlaubt" -#: src/sudo_edit.c:604 +#: src/sudo_edit.c:585 #, c-format msgid "%s: editing files in a writable directory is not permitted" msgstr "%s: Bearbeiten von Dateien in einem beschreibbaren Ordner ist nicht erlaubt" -#: src/sudo_edit.c:637 src/sudo_edit.c:747 +#: src/sudo_edit.c:618 src/sudo_edit.c:728 #, c-format msgid "%s: short write" msgstr "%s: Zu kurzer Schreibvorgang" -#: src/sudo_edit.c:708 +#: src/sudo_edit.c:689 #, c-format msgid "%s left unmodified" msgstr "%s blieb unverändert" -#: src/sudo_edit.c:721 src/sudo_edit.c:908 +#: src/sudo_edit.c:702 src/sudo_edit.c:889 #, c-format msgid "%s unchanged" msgstr "%s unverändert" -#: src/sudo_edit.c:736 src/sudo_edit.c:758 +#: src/sudo_edit.c:717 src/sudo_edit.c:739 #, c-format msgid "unable to write to %s" msgstr "%s konnte nicht beschrieben werden" -#: src/sudo_edit.c:737 src/sudo_edit.c:756 src/sudo_edit.c:759 -#: src/sudo_edit.c:933 src/sudo_edit.c:937 +#: src/sudo_edit.c:718 src/sudo_edit.c:737 src/sudo_edit.c:740 +#: src/sudo_edit.c:914 src/sudo_edit.c:918 #, c-format msgid "contents of edit session left in %s" msgstr "Bearbeitungssitzung wurden in %s gelassen" -#: src/sudo_edit.c:755 +#: src/sudo_edit.c:736 msgid "unable to read temporary file" msgstr "Temporäre Datei konnte nicht gelesen werden" -#: src/sudo_edit.c:838 +#: src/sudo_edit.c:819 msgid "sesh: internal error: odd number of paths" msgstr "sesh: interner Fehler: seltsame Anzahl an Pfaden" -#: src/sudo_edit.c:840 +#: src/sudo_edit.c:821 msgid "sesh: unable to create temporary files" msgstr "sesh: Temporäre Dateien konnten nicht angelegt werden" -#: src/sudo_edit.c:842 src/sudo_edit.c:940 +#: src/sudo_edit.c:823 src/sudo_edit.c:921 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: unbekannter Fehler %d" -#: src/sudo_edit.c:932 +#: src/sudo_edit.c:913 msgid "unable to copy temporary files back to their original location" msgstr "Temporäre Dateien konnten nicht an ihre ursprünglichen Orte zurück kopiert werden" -#: src/sudo_edit.c:936 +#: src/sudo_edit.c:917 msgid "unable to copy some of the temporary files back to their original location" msgstr "Einige der temporären Dateien konnten nicht an ihre ursprünglichen Orte zurück kopiert werden" -#: src/sudo_edit.c:981 +#: src/sudo_edit.c:962 #, c-format msgid "unable to change uid to root (%u)" msgstr "UID konnte nicht zu Root (%u) geändert werden" -#: src/sudo_edit.c:998 +#: src/sudo_edit.c:979 msgid "plugin error: missing file list for sudoedit" msgstr "Plugin-Fehler: Fehlende Dateiliste für sudoedit" -#: src/sudo_edit.c:1039 src/sudo_edit.c:1052 +#: src/sudo_edit.c:1020 src/sudo_edit.c:1033 msgid "unable to read the clock" msgstr "Die Uhr konnte nicht gelesen werden" @@ -908,17 +961,17 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "Kein »askpass«-Programm angegeben, es wird versucht, SUDO_ASKPASS zu setzen" -#: src/tgetpass.c:322 +#: src/tgetpass.c:332 #, c-format msgid "unable to set gid to %u" msgstr "GID konnte nicht als %u festgelegt werden" -#: src/tgetpass.c:326 +#: src/tgetpass.c:336 #, c-format msgid "unable to set uid to %u" msgstr "UID konnte nicht als %u festgelegt werden" -#: src/tgetpass.c:331 +#: src/tgetpass.c:341 #, c-format msgid "unable to run %s" msgstr "%s konnte nicht ausgeführt werden" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/po/eo.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/po/eo.mo differ diff -Nru sudo-1.8.31/po/eo.po sudo-1.9.0/po/eo.po --- sudo-1.8.31/po/eo.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/po/eo.po 2020-05-11 16:28:23.000000000 +0000 @@ -1,15 +1,15 @@ # Esperanto translations for sudo package. # This file is distributed under the same license as the sudo package. # Keith Bowes , 2012, 2019. -# Felipe Castro , 2013, 2014, 2015, 2016, 2017, 2018, 2019. +# Felipe Castro , 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020. # msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.29rc1\n" +"Project-Id-Version: sudo 1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-10-26 17:39-0400\n" -"Last-Translator: Keith Bowes \n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-04-04 10:46-0300\n" +"Last-Translator: Felipe Castro \n" "Language-Team: Esperanto \n" "Language: eo\n" "MIME-Version: 1.0\n" @@ -17,7 +17,7 @@ "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" -"X-Generator: Poedit 2.0.7\n" +"X-Generator: Poedit 2.2.1\n" #: lib/util/aix.c:92 lib/util/aix.c:172 msgid "unable to open userdb" @@ -33,74 +33,98 @@ msgstr "ne eblas restarigi registrejon" #: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/gidlist.c:81 -#: lib/util/sudo_conf.c:193 lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 -#: lib/util/sudo_conf.c:560 src/conversation.c:84 src/exec_common.c:114 -#: src/exec_common.c:130 src/exec_common.c:139 src/exec_monitor.c:212 -#: src/exec_monitor.c:467 src/exec_monitor.c:473 src/exec_monitor.c:481 +#: lib/util/json.c:66 lib/util/json.c:192 lib/util/sudo_conf.c:191 +#: lib/util/sudo_conf.c:277 lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 +#: src/conversation.c:86 src/exec_common.c:114 src/exec_common.c:130 +#: src/exec_common.c:139 src/exec_monitor.c:211 src/exec_monitor.c:460 +#: src/exec_monitor.c:466 src/exec_monitor.c:474 src/exec_monitor.c:482 #: src/exec_monitor.c:489 src/exec_monitor.c:496 src/exec_monitor.c:503 #: src/exec_monitor.c:510 src/exec_monitor.c:517 src/exec_monitor.c:524 -#: src/exec_monitor.c:531 src/exec_monitor.c:538 src/exec_nopty.c:214 -#: src/exec_nopty.c:220 src/exec_nopty.c:229 src/exec_nopty.c:236 -#: src/exec_nopty.c:243 src/exec_nopty.c:250 src/exec_nopty.c:257 -#: src/exec_nopty.c:264 src/exec_nopty.c:271 src/exec_nopty.c:278 -#: src/exec_nopty.c:285 src/exec_nopty.c:292 src/exec_nopty.c:299 -#: src/exec_nopty.c:307 src/exec_nopty.c:480 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1002 -#: src/exec_pty.c:1165 src/exec_pty.c:1171 src/exec_pty.c:1180 -#: src/exec_pty.c:1187 src/exec_pty.c:1194 src/exec_pty.c:1201 -#: src/exec_pty.c:1208 src/exec_pty.c:1215 src/exec_pty.c:1222 -#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 -#: src/exec_pty.c:1251 src/exec_pty.c:1668 src/load_plugins.c:59 -#: src/load_plugins.c:72 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:207 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:679 src/sudo.c:689 src/sudo.c:710 src/sudo.c:729 -#: src/sudo.c:738 src/sudo.c:747 src/sudo.c:764 src/sudo.c:805 src/sudo.c:815 -#: src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 src/sudo.c:1240 -#: src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 src/sudo_edit.c:891 -#: src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:531 src/exec_nopty.c:218 src/exec_nopty.c:227 +#: src/exec_nopty.c:234 src/exec_nopty.c:241 src/exec_nopty.c:248 +#: src/exec_nopty.c:255 src/exec_nopty.c:262 src/exec_nopty.c:269 +#: src/exec_nopty.c:276 src/exec_nopty.c:283 src/exec_nopty.c:290 +#: src/exec_nopty.c:297 src/exec_nopty.c:305 src/exec_nopty.c:479 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1038 src/exec_pty.c:1206 src/exec_pty.c:1215 +#: src/exec_pty.c:1222 src/exec_pty.c:1229 src/exec_pty.c:1236 +#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 +#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 +#: src/exec_pty.c:1286 src/exec_pty.c:1709 src/load_plugins.c:59 +#: src/load_plugins.c:72 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:207 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:625 src/sudo.c:685 +#: src/sudo.c:695 src/sudo.c:716 src/sudo.c:735 src/sudo.c:744 src/sudo.c:753 +#: src/sudo.c:770 src/sudo.c:811 src/sudo.c:821 src/sudo.c:847 src/sudo.c:1037 +#: src/sudo.c:1059 src/sudo.c:1355 src/sudo.c:1528 src/sudo.c:1722 +#: src/sudo.c:2066 src/sudo_edit.c:270 src/sudo_edit.c:775 src/sudo_edit.c:872 +#: src/sudo_edit.c:986 src/sudo_edit.c:1006 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/sudo_conf.c:194 -#: lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 lib/util/sudo_conf.c:560 -#: src/conversation.c:85 src/exec_common.c:114 src/exec_common.c:131 -#: src/exec_common.c:140 src/exec_monitor.c:467 src/exec_monitor.c:473 -#: src/exec_monitor.c:481 src/exec_monitor.c:489 src/exec_monitor.c:496 +#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/json.c:67 +#: lib/util/json.c:193 lib/util/sudo_conf.c:192 lib/util/sudo_conf.c:277 +#: lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 src/conversation.c:87 +#: src/exec_common.c:114 src/exec_common.c:131 src/exec_common.c:140 +#: src/exec_monitor.c:460 src/exec_monitor.c:466 src/exec_monitor.c:474 +#: src/exec_monitor.c:482 src/exec_monitor.c:489 src/exec_monitor.c:496 #: src/exec_monitor.c:503 src/exec_monitor.c:510 src/exec_monitor.c:517 -#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_monitor.c:538 -#: src/exec_nopty.c:214 src/exec_nopty.c:220 src/exec_nopty.c:229 -#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 -#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 -#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 -#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1165 -#: src/exec_pty.c:1171 src/exec_pty.c:1180 src/exec_pty.c:1187 -#: src/exec_pty.c:1194 src/exec_pty.c:1201 src/exec_pty.c:1208 -#: src/exec_pty.c:1215 src/exec_pty.c:1222 src/exec_pty.c:1229 -#: src/exec_pty.c:1236 src/exec_pty.c:1243 src/exec_pty.c:1251 -#: src/exec_pty.c:1668 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:208 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 -#: src/sudo.c:1240 src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 -#: src/sudo_edit.c:891 src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_nopty.c:218 +#: src/exec_nopty.c:227 src/exec_nopty.c:234 src/exec_nopty.c:241 +#: src/exec_nopty.c:248 src/exec_nopty.c:255 src/exec_nopty.c:262 +#: src/exec_nopty.c:269 src/exec_nopty.c:276 src/exec_nopty.c:283 +#: src/exec_nopty.c:290 src/exec_nopty.c:297 src/exec_nopty.c:305 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1206 src/exec_pty.c:1215 src/exec_pty.c:1222 +#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 +#: src/exec_pty.c:1250 src/exec_pty.c:1257 src/exec_pty.c:1264 +#: src/exec_pty.c:1271 src/exec_pty.c:1278 src/exec_pty.c:1286 +#: src/exec_pty.c:1709 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:208 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:239 src/sudo.c:625 +#: src/sudo.c:847 src/sudo.c:1037 src/sudo.c:1059 src/sudo.c:1355 +#: src/sudo.c:1528 src/sudo.c:1722 src/sudo.c:2066 src/sudo_edit.c:270 +#: src/sudo_edit.c:775 src/sudo_edit.c:872 src/sudo_edit.c:986 +#: src/sudo_edit.c:1006 msgid "unable to allocate memory" msgstr "ne eblas generi memoron" +#: lib/util/mkdir_parents.c:79 lib/util/sudo_conf.c:619 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 +#, c-format +msgid "unable to open %s" +msgstr "ne eblas malfermi %s" + +#: lib/util/mkdir_parents.c:94 +#, c-format +msgid "unable to mkdir %s" +msgstr "ne eblas apliki mkdir al %s" + +#: lib/util/mkdir_parents.c:103 lib/util/sudo_conf.c:596 +#, c-format +msgid "unable to stat %s" +msgstr "ne eblas apliki stat al %s" + +#: lib/util/mkdir_parents.c:108 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s ekzistas sed ne estas dosierujo (0%o)" + #: lib/util/strsignal.c:55 msgid "Unknown signal" msgstr "Nekonata signalo" #: lib/util/strtoid.c:96 lib/util/strtomode.c:56 lib/util/strtonum.c:161 -#: lib/util/strtonum.c:196 +#: lib/util/strtonum.c:200 msgid "invalid value" msgstr "nevalida valoro" @@ -112,87 +136,77 @@ msgid "value too small" msgstr "valoro tro malgrandas" -#: lib/util/sudo_conf.c:212 +#: lib/util/sudo_conf.c:210 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "nevalida voja valoro \"%s\" en %s, linio %u" -#: lib/util/sudo_conf.c:378 lib/util/sudo_conf.c:431 +#: lib/util/sudo_conf.c:376 lib/util/sudo_conf.c:392 lib/util/sudo_conf.c:445 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "nevalida valoro por %s \"%s\" en %s, linio %u" -#: lib/util/sudo_conf.c:399 +#: lib/util/sudo_conf.c:413 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "nekomprenata grupa fonto \"%s\" en %s, linio %u" -#: lib/util/sudo_conf.c:415 +#: lib/util/sudo_conf.c:429 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "nevalidaj maksimumaj grupoj \"%s\" en %s, linio %u" -#: lib/util/sudo_conf.c:576 -#, c-format -msgid "unable to stat %s" -msgstr "ne eblas apliki stat al %s" - -#: lib/util/sudo_conf.c:579 +#: lib/util/sudo_conf.c:599 #, c-format msgid "%s is not a regular file" msgstr "%s estas ne regula dosiero" -#: lib/util/sudo_conf.c:582 +#: lib/util/sudo_conf.c:602 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s estas estrata de uid %u, devas esti %u" -#: lib/util/sudo_conf.c:586 +#: lib/util/sudo_conf.c:606 #, c-format msgid "%s is world writable" msgstr "%s estas skribebla de ĉiuj" -#: lib/util/sudo_conf.c:589 +#: lib/util/sudo_conf.c:609 #, c-format msgid "%s is group writable" msgstr "%s estas skribebla de la tuta grupo" -#: lib/util/sudo_conf.c:599 src/selinux.c:233 src/selinux.c:250 src/sudo.c:363 -#, c-format -msgid "unable to open %s" -msgstr "ne eblas malfermi %s" - -#: src/exec.c:111 +#: src/exec.c:135 #, c-format msgid "unknown login class %s" msgstr "nekonata ensaluta klaso %s" -#: src/exec.c:123 +#: src/exec.c:147 msgid "unable to set user context" msgstr "ne eblas elekti uzanto-kuntekston" -#: src/exec.c:139 +#: src/exec.c:163 msgid "unable to set process priority" msgstr "ne eblas elekti procezan prioritaton" -#: src/exec.c:150 +#: src/exec.c:177 #, c-format msgid "unable to change root to %s" msgstr "ne eblas ŝanĝi ĉefuzanton al %s" -#: src/exec.c:163 src/exec.c:169 src/exec.c:176 +#: src/exec.c:190 src/exec.c:196 src/exec.c:203 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "ne eblas ŝanĝi al plenumigkiela uid (%u, %u)" -#: src/exec.c:194 +#: src/exec.c:221 #, c-format msgid "unable to change directory to %s" msgstr "ne eblas ŝanĝi dosierujon al %s" -#: src/exec.c:293 src/exec_monitor.c:576 src/exec_monitor.c:578 -#: src/exec_nopty.c:538 src/exec_pty.c:530 src/exec_pty.c:1336 -#: src/exec_pty.c:1338 src/signal.c:150 src/signal.c:164 +#: src/exec.c:304 src/exec_monitor.c:569 src/exec_monitor.c:571 +#: src/exec_nopty.c:537 src/exec_pty.c:566 src/exec_pty.c:1373 +#: src/exec_pty.c:1375 src/signal.c:150 src/signal.c:164 #, c-format msgid "unable to set handler for signal %d" msgstr "ne eblas difini traktilon por la signalo %d" @@ -201,89 +215,107 @@ msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "ne eblas forigi PRIV_PROC_EXEC-on de PRIV_LIMIT" -#: src/exec_monitor.c:366 +#: src/exec_monitor.c:365 msgid "error reading from socketpair" msgstr "eraro dum legi la konektingan paron" -#: src/exec_monitor.c:383 +#: src/exec_monitor.c:382 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "neatendita respondotipo ĉe la postkanalo: %d" -#: src/exec_monitor.c:475 src/exec_monitor.c:483 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_monitor.c:533 -#: src/exec_monitor.c:540 src/exec_nopty.c:222 src/exec_nopty.c:231 -#: src/exec_nopty.c:238 src/exec_nopty.c:245 src/exec_nopty.c:252 -#: src/exec_nopty.c:259 src/exec_nopty.c:266 src/exec_nopty.c:273 -#: src/exec_nopty.c:280 src/exec_nopty.c:287 src/exec_nopty.c:294 -#: src/exec_nopty.c:301 src/exec_nopty.c:309 src/exec_pty.c:652 -#: src/exec_pty.c:657 src/exec_pty.c:754 src/exec_pty.c:761 src/exec_pty.c:858 -#: src/exec_pty.c:1173 src/exec_pty.c:1182 src/exec_pty.c:1189 -#: src/exec_pty.c:1196 src/exec_pty.c:1203 src/exec_pty.c:1210 -#: src/exec_pty.c:1217 src/exec_pty.c:1224 src/exec_pty.c:1231 -#: src/exec_pty.c:1238 src/exec_pty.c:1245 src/exec_pty.c:1621 -#: src/exec_pty.c:1631 src/exec_pty.c:1676 src/exec_pty.c:1683 -#: src/exec_pty.c:1710 +#: src/exec_monitor.c:468 src/exec_monitor.c:476 src/exec_monitor.c:484 +#: src/exec_monitor.c:491 src/exec_monitor.c:498 src/exec_monitor.c:505 +#: src/exec_monitor.c:512 src/exec_monitor.c:519 src/exec_monitor.c:526 +#: src/exec_monitor.c:533 src/exec_nopty.c:220 src/exec_nopty.c:229 +#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 +#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 +#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 +#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:688 +#: src/exec_pty.c:693 src/exec_pty.c:790 src/exec_pty.c:797 src/exec_pty.c:894 +#: src/exec_pty.c:1208 src/exec_pty.c:1217 src/exec_pty.c:1224 +#: src/exec_pty.c:1231 src/exec_pty.c:1238 src/exec_pty.c:1245 +#: src/exec_pty.c:1252 src/exec_pty.c:1259 src/exec_pty.c:1266 +#: src/exec_pty.c:1273 src/exec_pty.c:1280 src/exec_pty.c:1662 +#: src/exec_pty.c:1672 src/exec_pty.c:1717 src/exec_pty.c:1724 +#: src/exec_pty.c:1751 msgid "unable to add event to queue" msgstr "ne eblas aldoni al la atendovico eventon" -#: src/exec_monitor.c:594 +#: src/exec_monitor.c:587 msgid "unable to set controlling tty" msgstr "ne eblas elekti la regan tty-on" -#: src/exec_monitor.c:602 src/exec_nopty.c:366 src/exec_pty.c:1415 -#: src/exec_pty.c:1436 src/exec_pty.c:1456 src/tgetpass.c:307 +#: src/exec_monitor.c:595 src/exec_nopty.c:364 src/exec_pty.c:1452 +#: src/exec_pty.c:1473 src/exec_pty.c:1493 src/tgetpass.c:311 msgid "unable to create pipe" msgstr "ne eblas krei tubon" -#: src/exec_monitor.c:610 +#: src/exec_monitor.c:603 msgid "unable to receive message from parent" msgstr "ne eblas ricevi mesaĝon el supre" -#: src/exec_monitor.c:624 src/exec_nopty.c:395 src/exec_pty.c:1494 -#: src/tgetpass.c:311 +#: src/exec_monitor.c:617 src/exec_nopty.c:393 src/exec_pty.c:1531 +#: src/tgetpass.c:315 msgid "unable to fork" msgstr "ne eblas forki" -#: src/exec_monitor.c:628 src/exec_monitor.c:727 src/exec_nopty.c:448 +#: src/exec_monitor.c:621 src/exec_monitor.c:720 src/exec_nopty.c:447 msgid "unable to restore tty label" msgstr "ne eblis reatingi tty-etikedon" -#: src/exec_monitor.c:644 src/sesh.c:127 src/sudo.c:1100 +#: src/exec_monitor.c:637 src/sesh.c:127 src/sudo.c:1114 #, c-format msgid "unable to execute %s" msgstr "ne eblas plenumigi: %s" -#: src/exec_nopty.c:360 src/exec_pty.c:1345 +#: src/exec_nopty.c:358 src/exec_pty.c:1382 msgid "policy plugin failed session initialization" msgstr "konduta kromprogramo fiaskis dum seanca komenciĝo" -#: src/exec_nopty.c:437 src/exec_pty.c:1581 +#: src/exec_nopty.c:435 src/exec_pty.c:1617 msgid "error in event loop" msgstr "eraro en la eventa iteracio" -#: src/exec_nopty.c:546 src/exec_pty.c:565 src/signal.c:112 +#: src/exec_nopty.c:545 src/exec_pty.c:601 src/signal.c:112 #, c-format msgid "unable to restore handler for signal %d" msgstr "ne eblas restarigi traktilon por la signalo %d" -#: src/exec_pty.c:158 +#: src/exec_pty.c:157 msgid "unable to allocate pty" msgstr "ne eblis generi pty-on" -#: src/exec_pty.c:1325 +#: src/exec_pty.c:221 src/exec_pty.c:260 src/exec_pty.c:299 src/exec_pty.c:349 +#: src/exec_pty.c:399 +msgid "I/O plugin error" +msgstr "En/eliga kromprograma eraro" + +#: src/exec_pty.c:224 src/exec_pty.c:263 src/exec_pty.c:302 src/exec_pty.c:352 +#: src/exec_pty.c:402 +msgid "command rejected by I/O plugin" +msgstr "komando rifuzita de en/eliga kromprogramo" + +#: src/exec_pty.c:449 +msgid "error logging suspend" +msgstr "ni paŭzas la protokoladon de eraroj" + +#: src/exec_pty.c:482 +msgid "error changing window size" +msgstr "eraro dum ŝanĝo de fenestro-grando" + +#: src/exec_pty.c:1362 msgid "unable to create sockets" msgstr "ne eblas krei konektingojn" -#: src/exec_pty.c:1538 +#: src/exec_pty.c:1574 msgid "unable to send message to monitor process" msgstr "ne eblas sendi mesaĝon al observa procezo" #: src/load_plugins.c:57 src/load_plugins.c:70 src/load_plugins.c:92 -#: src/load_plugins.c:122 src/load_plugins.c:134 src/load_plugins.c:140 -#: src/load_plugins.c:181 src/load_plugins.c:189 src/load_plugins.c:196 -#: src/load_plugins.c:202 +#: src/load_plugins.c:122 src/load_plugins.c:136 src/load_plugins.c:142 +#: src/load_plugins.c:293 src/load_plugins.c:301 src/load_plugins.c:308 +#: src/load_plugins.c:348 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "eraro en %s, linio %d dum ŝargi kromprogramon \"%s\"" @@ -293,61 +325,56 @@ msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:136 +#: src/load_plugins.c:138 #, c-format msgid "%s must be owned by uid %d" msgstr "%s devas esti estrita de uid %d" -#: src/load_plugins.c:142 +#: src/load_plugins.c:144 #, c-format msgid "%s must be only be writable by owner" msgstr "%s estas skribebla nur de estro" -#: src/load_plugins.c:183 +#: src/load_plugins.c:254 src/load_plugins.c:321 +#, c-format +msgid "ignoring duplicate plugin \"%s\" in %s, line %d" +msgstr "ni malatentas duobligitan kromprogramon \"%s\" en %s, linio %d" + +#: src/load_plugins.c:295 #, c-format msgid "unable to load %s: %s" msgstr "maleblas ŝarĝi je %s: %s" -#: src/load_plugins.c:191 +#: src/load_plugins.c:303 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "ne eblas trovi simbolon \"%s\" en %s" -#: src/load_plugins.c:198 -#, c-format -msgid "unknown policy type %d found in %s" -msgstr "nekonata konduta tipo %d trovita en %s" - -#: src/load_plugins.c:204 +#: src/load_plugins.c:310 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "malkongrua granda versio %d de kromprogramo (atendite %d) trovita en %s" -#: src/load_plugins.c:213 +#: src/load_plugins.c:324 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "ni malatentas kondutan kromprogramon \"%s\" en %s, linio %d" -#: src/load_plugins.c:215 +#: src/load_plugins.c:326 msgid "only a single policy plugin may be specified" msgstr "nur unu konduta kromprogramo povas esti indikata" -#: src/load_plugins.c:218 -#, c-format -msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" -msgstr "ni malatentas duobligantan kondutan kromprogramon \"%s\" en %s, linio %d" - -#: src/load_plugins.c:237 +#: src/load_plugins.c:350 #, c-format -msgid "ignoring duplicate I/O plugin \"%s\" in %s, line %d" -msgstr "ni malatentas duobligitan eneligan kromprogramon \"%s\" en %s, linio %d" +msgid "unknown plugin type %d found in %s" +msgstr "nekonata kromprograma tipo %d trovita en %s" -#: src/load_plugins.c:353 +#: src/load_plugins.c:511 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "konduta kromprogramo %s ne inkluzivas la metodon check_policy" -#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:473 +#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:478 #, c-format msgid "internal error, %s overflow" msgstr "interna eraro, superfluo en %s" @@ -361,39 +388,39 @@ msgid "the argument to -C must be a number greater than or equal to 3" msgstr "la parametro de -C devas esti nombron almenaŭ 3" -#: src/parse_args.c:523 +#: src/parse_args.c:524 msgid "you may not specify both the `-i' and `-s' options" msgstr "specifi kaj '-i' kaj '-s' vi ne rajtas" -#: src/parse_args.c:527 +#: src/parse_args.c:528 msgid "you may not specify both the `-i' and `-E' options" msgstr "specifi kaj '-i' kaj '-E' vi ne rajtas" -#: src/parse_args.c:537 +#: src/parse_args.c:538 msgid "the `-E' option is not valid in edit mode" msgstr "la parametro '-E' ne validas en redakta reĝimo" -#: src/parse_args.c:539 +#: src/parse_args.c:540 msgid "you may not specify environment variables in edit mode" msgstr "vi ne rajtas specifi medivariablojn en redakta reĝimo" -#: src/parse_args.c:547 +#: src/parse_args.c:548 msgid "the `-U' option may only be used with the `-l' option" msgstr "la parametro '-U' nur povas esti uzata kun '-l'" -#: src/parse_args.c:551 +#: src/parse_args.c:552 msgid "the `-A' and `-S' options may not be used together" msgstr "'-A' kaj '-S' ne eblas uziĝi kune" -#: src/parse_args.c:627 +#: src/parse_args.c:645 msgid "sudoedit is not supported on this platform" msgstr "sudoedit ne estas havebla en ĉi tiu platformon" -#: src/parse_args.c:700 +#: src/parse_args.c:726 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Vi rajtas specifi nur unu el -e, -h, -i, -K, -l, -s, -v aŭ -V" -#: src/parse_args.c:714 +#: src/parse_args.c:740 #, c-format msgid "" "%s - edit files as another user\n" @@ -402,7 +429,7 @@ "%s - redakti dosierojn kiel alia uzanto\n" "\n" -#: src/parse_args.c:716 +#: src/parse_args.c:742 #, c-format msgid "" "%s - execute a command as another user\n" @@ -411,7 +438,7 @@ "%s - plenumigi komandon kiel alia uzanto\n" "\n" -#: src/parse_args.c:721 +#: src/parse_args.c:747 #, c-format msgid "" "\n" @@ -420,123 +447,123 @@ "\n" "Parametroj:\n" -#: src/parse_args.c:723 +#: src/parse_args.c:749 msgid "use a helper program for password prompting" msgstr "uzi helpoprogrogramon por pasvortilo" -#: src/parse_args.c:726 +#: src/parse_args.c:752 msgid "use specified BSD authentication type" msgstr "uzi specifitan BSD-konstatan tipon" -#: src/parse_args.c:729 +#: src/parse_args.c:755 msgid "run command in the background" msgstr "plenumigi komandon fone" -#: src/parse_args.c:731 +#: src/parse_args.c:757 msgid "ring bell when prompting" msgstr "sonigi pepon kiam invitanta" -#: src/parse_args.c:733 +#: src/parse_args.c:759 msgid "close all file descriptors >= num" msgstr "fermi ĉiujn dosierpriskribilojn >= numeron" -#: src/parse_args.c:736 +#: src/parse_args.c:762 msgid "run command with the specified BSD login class" msgstr "plenumigi komandon per specifita BSD-ensaluta klaso" -#: src/parse_args.c:739 +#: src/parse_args.c:765 msgid "preserve user environment when running command" msgstr "konservi uzanto-medivariablojn dum plenumigi komandon" -#: src/parse_args.c:741 +#: src/parse_args.c:767 msgid "preserve specific environment variables" msgstr "konservi specifajn medivariablojn" -#: src/parse_args.c:743 +#: src/parse_args.c:769 msgid "edit files instead of running a command" msgstr "redakti dosierojn anstataŭ plenumigi komandon" -#: src/parse_args.c:745 +#: src/parse_args.c:771 msgid "run command as the specified group name or ID" msgstr "plenumigi komandon kiel la specifitan grupnomon aŭ identigilon" -#: src/parse_args.c:747 +#: src/parse_args.c:773 msgid "set HOME variable to target user's home dir" msgstr "valorizi medivariablon HOME je la hejma dosierujo de la cela uzanto" -#: src/parse_args.c:749 +#: src/parse_args.c:775 msgid "display help message and exit" msgstr "elmontri helpan mesaĝon kaj eliri" -#: src/parse_args.c:751 +#: src/parse_args.c:777 msgid "run command on host (if supported by plugin)" msgstr "plenumigi komandon en gastiganto (se permesata de kromprogramo)" -#: src/parse_args.c:753 +#: src/parse_args.c:779 msgid "run login shell as the target user; a command may also be specified" msgstr "plenumigi ensalutan ŝelon kiel celan uzanton; komando ankaŭ enmeteblas" -#: src/parse_args.c:755 +#: src/parse_args.c:781 msgid "remove timestamp file completely" msgstr "tute forigi tempo-indikilan dosieron" -#: src/parse_args.c:757 +#: src/parse_args.c:783 msgid "invalidate timestamp file" msgstr "eksvalidigi tempo-indikilan dosieron" -#: src/parse_args.c:759 +#: src/parse_args.c:785 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "listigi privilegiojn de la uzanto aŭ kontroli specifan komandon; uzu dufoje por pli longa formato" -#: src/parse_args.c:761 +#: src/parse_args.c:787 msgid "non-interactive mode, no prompts are used" msgstr "neinteraga reĝimo, ne demandos al uzanto" -#: src/parse_args.c:763 +#: src/parse_args.c:789 msgid "preserve group vector instead of setting to target's" msgstr "konservi grupan vektoron anstataŭ elekti celan" -#: src/parse_args.c:765 +#: src/parse_args.c:791 msgid "use the specified password prompt" msgstr "uzi specifitan pasvortilon" -#: src/parse_args.c:768 +#: src/parse_args.c:794 msgid "create SELinux security context with specified role" msgstr "krei SELinux-sekurecan kuntekston kun specifita rolo" -#: src/parse_args.c:771 +#: src/parse_args.c:797 msgid "read password from standard input" msgstr "legi pasvorton el norma enigo" -#: src/parse_args.c:773 +#: src/parse_args.c:799 msgid "run shell as the target user; a command may also be specified" msgstr "plenumigi ŝelon kiel cela uzanto; komando ankaŭ specifebla" -#: src/parse_args.c:776 +#: src/parse_args.c:802 msgid "create SELinux security context with specified type" msgstr "krei SELinux-sekurecan kuntekston kun specifita rolo" -#: src/parse_args.c:779 +#: src/parse_args.c:805 msgid "terminate command after the specified time limit" msgstr "finigi la komandon post la specifita tempolimo" -#: src/parse_args.c:781 +#: src/parse_args.c:807 msgid "in list mode, display privileges for user" msgstr "en lista reĝimo elmontri privilegiojn por uzanto" -#: src/parse_args.c:783 +#: src/parse_args.c:809 msgid "run command (or edit file) as specified user name or ID" msgstr "plenumigi komandon (aŭ redakti dosieron) kiel specifita uzanto" -#: src/parse_args.c:785 +#: src/parse_args.c:811 msgid "display version information and exit" msgstr "elmontri eldonan informon kaj eliri" -#: src/parse_args.c:787 +#: src/parse_args.c:813 msgid "update user's timestamp without running a command" msgstr "ĝisdatigi la tempo-indikilon de la uzanto, sed ne plenumigi komandon" -#: src/parse_args.c:789 +#: src/parse_args.c:815 msgid "stop processing command line arguments" msgstr "ĉesigi procedi komandliniajn parametrojn" @@ -568,7 +595,7 @@ msgid "unable to open %s, not relabeling tty" msgstr "ne eblas malfermi %s, ne remarkanta tty-on" -#: src/selinux.c:194 src/selinux.c:237 src/selinux.c:254 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s ne estas signo-aparato, ni ne remarkas tty" @@ -589,54 +616,54 @@ msgid "unable to set new tty context" msgstr "ne eblas elekti novan tty-kuntekston" -#: src/selinux.c:298 +#: src/selinux.c:322 #, c-format msgid "you must specify a role for type %s" msgstr "vi devas specifi rolon por tipon %s" -#: src/selinux.c:304 +#: src/selinux.c:328 #, c-format msgid "unable to get default type for role %s" msgstr "ne eblas akiri aŭtomatan tipon por rolo %s" -#: src/selinux.c:316 +#: src/selinux.c:340 msgid "failed to get new context" msgstr "malsukcesis akiri novan kuntekston" -#: src/selinux.c:325 +#: src/selinux.c:349 #, c-format msgid "failed to set new role %s" msgstr "malsukcesis elekti novan rolon %s" -#: src/selinux.c:329 +#: src/selinux.c:353 #, c-format msgid "failed to set new type %s" msgstr "malsukcesis elekti novan tipon %s" -#: src/selinux.c:341 +#: src/selinux.c:365 #, c-format msgid "%s is not a valid context" msgstr "%s ne estas valida kunteksto" -#: src/selinux.c:373 +#: src/selinux.c:397 msgid "failed to get old context" msgstr "malsukcesis akiri malnovan kuntekston" -#: src/selinux.c:379 +#: src/selinux.c:403 msgid "unable to determine enforcing mode." msgstr "ne povas determini eldevigan reĝimon." -#: src/selinux.c:396 +#: src/selinux.c:420 #, c-format msgid "unable to set tty context to %s" msgstr "ne eblas agordi tty-kuntekston al %s" -#: src/selinux.c:428 +#: src/selinux.c:452 #, c-format msgid "unable to set exec context to %s" msgstr "ne eblas elekti exec-kuntekston al %s" -#: src/selinux.c:435 +#: src/selinux.c:459 #, c-format msgid "unable to set key creation context to %s" msgstr "ne eblas elekti kuntekston de kreo de ŝlosilo al %s" @@ -703,185 +730,211 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "averto, rimedo-rega asigno malsukcesis por projekto \"%s\"" -#: src/sudo.c:204 +#: src/sudo.c:224 #, c-format msgid "Sudo version %s\n" msgstr "Sudo: eldono %s\n" -#: src/sudo.c:206 +#: src/sudo.c:226 #, c-format msgid "Configure options: %s\n" msgstr "Muntaj parametroj: %s\n" -#: src/sudo.c:214 +#: src/sudo.c:235 msgid "fatal error, unable to load plugins" msgstr "ĉesiga eraro: ne eblas ŝargi kromprogramojn" -#: src/sudo.c:222 -msgid "unable to initialize policy plugin" -msgstr "ne eblas komenci konduktan kromprogramon" - -#: src/sudo.c:266 +#: src/sudo.c:280 msgid "plugin did not return a command to execute" msgstr "kromprogramo ne liveris komandon por plenumi" -#: src/sudo.c:282 -#, c-format -msgid "error initializing I/O plugin %s" -msgstr "eraro dum komenci eneligan kromprogramon %s" - -#: src/sudo.c:306 +#: src/sudo.c:311 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "neatendita sudo-reĝimon 0x%x" -#: src/sudo.c:538 +#: src/sudo.c:544 #, c-format msgid "you do not exist in the %s database" msgstr "vi ne ekzistas en la datumbazo %s" -#: src/sudo.c:595 +#: src/sudo.c:601 msgid "unable to determine tty" msgstr "ne eblas determini tty-on" -#: src/sudo.c:887 +#: src/sudo.c:893 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s devas esti posedata de uid %d kaj la setuid-bito devas esti markita" -#: src/sudo.c:890 +#: src/sudo.c:896 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "efektiva uid ne estas %d; ĉu %s estas en dosiersistemo kun la elekto 'nosuid' aŭ reta dosiersistemo sen ĉefuzanto-privilegioj?" -#: src/sudo.c:896 +#: src/sudo.c:902 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "efektiva uid ne estas %d; ĉu sudo estas instalita kiel setuid-radiko?" -#: src/sudo.c:912 +#: src/sudo.c:918 msgid "unable to set supplementary group IDs" msgstr "ne eblas elekti suplementajn grupajn identigilojn" -#: src/sudo.c:919 +#: src/sudo.c:925 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "ne eblas elekti efikan gid-on al plenumigkiela gid %u" -#: src/sudo.c:925 +#: src/sudo.c:931 #, c-format msgid "unable to set gid to runas gid %u" msgstr "ne eblas elekti gid-on kiel plenumigkielan gid-on %u" -#: src/sudo.c:982 +#: src/sudo.c:978 #, c-format msgid "unexpected child termination condition: %d" msgstr "neatendita ido ekzekutiĝis laŭ la kondiĉo: %d" -#: src/sudo.c:1128 +#: src/sudo.c:1087 +msgid "unable to initialize policy plugin" +msgstr "ne eblas komenci konduktan kromprogramon" + +#: src/sudo.c:1148 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "konduta kromprogramo %s ne inkluzivas la metodon 'check_policy'" -#: src/sudo.c:1146 +#: src/sudo.c:1163 src/sudo.c:1216 src/sudo.c:1260 +msgid "command rejected by policy" +msgstr "komando rifuzita pro konduto-regularo" + +#: src/sudo.c:1168 src/sudo.c:1221 src/sudo.c:1265 +msgid "policy plugin error" +msgstr "eraro de konduta kromprogramo" + +#: src/sudo.c:1202 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "konduta kromprogramo %s ne komprenas listigon de privilegioj" -#: src/sudo.c:1163 +#: src/sudo.c:1246 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "konduta kromprogramo %s ne komprenas la parametron -v" -#: src/sudo.c:1178 +#: src/sudo.c:1284 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "konduta kromprogramo %s ne komprenas la parametrojn -k kaj -K" -#: src/sudo_edit.c:221 +#: src/sudo.c:1413 +#, c-format +msgid "error initializing I/O plugin %s" +msgstr "eraro dum lanĉo de eneliga kromprogramo %s" + +#: src/sudo.c:1567 +#, c-format +msgid "error initializing audit plugin %s" +msgstr "eraro dum lanĉo de ekzamena kromprogramo %s" + +#: src/sudo.c:1745 +#, c-format +msgid "error initializing approval plugin %s" +msgstr "eraro dum lanĉo de aproba kromprogramo %s" + +#: src/sudo.c:1821 +msgid "command rejected by approver" +msgstr "komando rifuzita de aprobanto" + +#: src/sudo.c:1830 +msgid "approval plugin error" +msgstr "eraro de aproba kromprogramo" + +#: src/sudo_edit.c:233 msgid "no writable temporary directory found" msgstr "neniu skribebla provizora dosierujo estis trovata" -#: src/sudo_edit.c:288 src/sudo_edit.c:377 +#: src/sudo_edit.c:358 msgid "unable to restore current working directory" msgstr "ne eblas restarigi nune kurantan dosierujon" -#: src/sudo_edit.c:594 src/sudo_edit.c:707 +#: src/sudo_edit.c:575 src/sudo_edit.c:688 #, c-format msgid "%s: not a regular file" msgstr "%s: ne regula dosiero" -#: src/sudo_edit.c:601 +#: src/sudo_edit.c:582 #, c-format msgid "%s: editing symbolic links is not permitted" msgstr "%s: redakto de simbolaj ligoj ne estas permesata" -#: src/sudo_edit.c:604 +#: src/sudo_edit.c:585 #, c-format msgid "%s: editing files in a writable directory is not permitted" msgstr "%s: redakto de dosieroj en skribebla dosierujo ne estas permesata" -#: src/sudo_edit.c:637 src/sudo_edit.c:747 +#: src/sudo_edit.c:618 src/sudo_edit.c:728 #, c-format msgid "%s: short write" msgstr "%s: mallonga skribado" -#: src/sudo_edit.c:708 +#: src/sudo_edit.c:689 #, c-format msgid "%s left unmodified" msgstr "%s restas ne modifita" -#: src/sudo_edit.c:721 src/sudo_edit.c:908 +#: src/sudo_edit.c:702 src/sudo_edit.c:889 #, c-format msgid "%s unchanged" msgstr "%s ne ŝanĝita" -#: src/sudo_edit.c:736 src/sudo_edit.c:758 +#: src/sudo_edit.c:717 src/sudo_edit.c:739 #, c-format msgid "unable to write to %s" msgstr "ne eblas skribi al %s" -#: src/sudo_edit.c:737 src/sudo_edit.c:756 src/sudo_edit.c:759 -#: src/sudo_edit.c:933 src/sudo_edit.c:937 +#: src/sudo_edit.c:718 src/sudo_edit.c:737 src/sudo_edit.c:740 +#: src/sudo_edit.c:914 src/sudo_edit.c:918 #, c-format msgid "contents of edit session left in %s" msgstr "enhavo de redakta seanco restas en %s" -#: src/sudo_edit.c:755 +#: src/sudo_edit.c:736 msgid "unable to read temporary file" msgstr "ne eblas legi provizoran dosieron" -#: src/sudo_edit.c:838 +#: src/sudo_edit.c:819 msgid "sesh: internal error: odd number of paths" msgstr "sesh: interna eraro: malpara nombro da vojoj" -#: src/sudo_edit.c:840 +#: src/sudo_edit.c:821 msgid "sesh: unable to create temporary files" msgstr "sesh: ne eblas krei provizorajn dosierojn" -#: src/sudo_edit.c:842 src/sudo_edit.c:940 +#: src/sudo_edit.c:823 src/sudo_edit.c:921 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: nekonata eraro %d" -#: src/sudo_edit.c:932 +#: src/sudo_edit.c:913 msgid "unable to copy temporary files back to their original location" msgstr "ne eblas retrokopii provizorajn dosierojn al ilia originala loko" -#: src/sudo_edit.c:936 +#: src/sudo_edit.c:917 msgid "unable to copy some of the temporary files back to their original location" msgstr "ne eblas retrokopii kelkajn el la provizoraj dosieroj al ilia originala loko" -#: src/sudo_edit.c:981 +#: src/sudo_edit.c:962 #, c-format msgid "unable to change uid to root (%u)" msgstr "ne eblas ŝanĝi uid-on al ĉefuzanto (%u)" -#: src/sudo_edit.c:998 +#: src/sudo_edit.c:979 msgid "plugin error: missing file list for sudoedit" msgstr "kromprograma eraro: malhavas dosieran liston por sudoedit" -#: src/sudo_edit.c:1039 src/sudo_edit.c:1052 +#: src/sudo_edit.c:1020 src/sudo_edit.c:1033 msgid "unable to read the clock" msgstr "ne eblas legi la horloĝon" @@ -905,17 +958,17 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "neniu programo askpass indikita, provu difini SUDO_ASKPASS" -#: src/tgetpass.c:322 +#: src/tgetpass.c:332 #, c-format msgid "unable to set gid to %u" msgstr "ne eblas elekti gid-on al %u" -#: src/tgetpass.c:326 +#: src/tgetpass.c:336 #, c-format msgid "unable to set uid to %u" msgstr "ne eblas elekti uid-on al %u" -#: src/tgetpass.c:331 +#: src/tgetpass.c:341 #, c-format msgid "unable to run %s" msgstr "ne eblas plenumigi: %s" @@ -932,6 +985,9 @@ msgid "unable to restore stdin" msgstr "ne eblas restarigi norman enigon" +#~ msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" +#~ msgstr "ni malatentas duobligantan kondutan kromprogramon \"%s\" en %s, linio %d" + #~ msgid "no tty present and no askpass program specified" #~ msgstr "neniu tty ĉeestas kaj neniu pasvorto-programo specifita" @@ -944,9 +1000,6 @@ #~ msgid "error reading from signal pipe" #~ msgstr "eraro dum legi la signalan tubon" -#~ msgid "error reading from pipe" -#~ msgstr "eraro dum legi el tubo" - #~ msgid "internal error, tried allocate zero bytes" #~ msgstr "interna eraro, provo rezervi neniun bajton" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/po/fi.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/po/fi.mo differ diff -Nru sudo-1.8.31/po/fi.po sudo-1.9.0/po/fi.po --- sudo-1.8.31/po/fi.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/po/fi.po 2020-05-11 16:28:23.000000000 +0000 @@ -6,10 +6,10 @@ # msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.29rc1\n" +"Project-Id-Version: sudo 1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-12-05 22:54+0200\n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-03-18 19:10+0200\n" "Last-Translator: Lauri Nurmi \n" "Language-Team: Finnish \n" "Language: fi\n" @@ -18,7 +18,7 @@ "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" -"X-Generator: Poedit 2.2.4\n" +"X-Generator: Poedit 2.3\n" #: lib/util/aix.c:92 lib/util/aix.c:172 msgid "unable to open userdb" @@ -34,74 +34,98 @@ msgstr "rekisterin palautus epäonnistui" #: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/gidlist.c:81 -#: lib/util/sudo_conf.c:193 lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 -#: lib/util/sudo_conf.c:560 src/conversation.c:84 src/exec_common.c:114 -#: src/exec_common.c:130 src/exec_common.c:139 src/exec_monitor.c:212 -#: src/exec_monitor.c:467 src/exec_monitor.c:473 src/exec_monitor.c:481 +#: lib/util/json.c:66 lib/util/json.c:192 lib/util/sudo_conf.c:191 +#: lib/util/sudo_conf.c:277 lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 +#: src/conversation.c:86 src/exec_common.c:114 src/exec_common.c:130 +#: src/exec_common.c:139 src/exec_monitor.c:211 src/exec_monitor.c:460 +#: src/exec_monitor.c:466 src/exec_monitor.c:474 src/exec_monitor.c:482 #: src/exec_monitor.c:489 src/exec_monitor.c:496 src/exec_monitor.c:503 #: src/exec_monitor.c:510 src/exec_monitor.c:517 src/exec_monitor.c:524 -#: src/exec_monitor.c:531 src/exec_monitor.c:538 src/exec_nopty.c:214 -#: src/exec_nopty.c:220 src/exec_nopty.c:229 src/exec_nopty.c:236 -#: src/exec_nopty.c:243 src/exec_nopty.c:250 src/exec_nopty.c:257 -#: src/exec_nopty.c:264 src/exec_nopty.c:271 src/exec_nopty.c:278 -#: src/exec_nopty.c:285 src/exec_nopty.c:292 src/exec_nopty.c:299 -#: src/exec_nopty.c:307 src/exec_nopty.c:480 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1002 -#: src/exec_pty.c:1165 src/exec_pty.c:1171 src/exec_pty.c:1180 -#: src/exec_pty.c:1187 src/exec_pty.c:1194 src/exec_pty.c:1201 -#: src/exec_pty.c:1208 src/exec_pty.c:1215 src/exec_pty.c:1222 -#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 -#: src/exec_pty.c:1251 src/exec_pty.c:1668 src/load_plugins.c:59 -#: src/load_plugins.c:72 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:207 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:679 src/sudo.c:689 src/sudo.c:710 src/sudo.c:729 -#: src/sudo.c:738 src/sudo.c:747 src/sudo.c:764 src/sudo.c:805 src/sudo.c:815 -#: src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 src/sudo.c:1240 -#: src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 src/sudo_edit.c:891 -#: src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:531 src/exec_nopty.c:218 src/exec_nopty.c:227 +#: src/exec_nopty.c:234 src/exec_nopty.c:241 src/exec_nopty.c:248 +#: src/exec_nopty.c:255 src/exec_nopty.c:262 src/exec_nopty.c:269 +#: src/exec_nopty.c:276 src/exec_nopty.c:283 src/exec_nopty.c:290 +#: src/exec_nopty.c:297 src/exec_nopty.c:305 src/exec_nopty.c:479 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1038 src/exec_pty.c:1206 src/exec_pty.c:1215 +#: src/exec_pty.c:1222 src/exec_pty.c:1229 src/exec_pty.c:1236 +#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 +#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 +#: src/exec_pty.c:1286 src/exec_pty.c:1709 src/load_plugins.c:59 +#: src/load_plugins.c:72 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:207 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:625 src/sudo.c:685 +#: src/sudo.c:695 src/sudo.c:716 src/sudo.c:735 src/sudo.c:744 src/sudo.c:753 +#: src/sudo.c:770 src/sudo.c:811 src/sudo.c:821 src/sudo.c:847 src/sudo.c:1037 +#: src/sudo.c:1059 src/sudo.c:1355 src/sudo.c:1528 src/sudo.c:1722 +#: src/sudo.c:2066 src/sudo_edit.c:270 src/sudo_edit.c:775 src/sudo_edit.c:872 +#: src/sudo_edit.c:986 src/sudo_edit.c:1006 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/sudo_conf.c:194 -#: lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 lib/util/sudo_conf.c:560 -#: src/conversation.c:85 src/exec_common.c:114 src/exec_common.c:131 -#: src/exec_common.c:140 src/exec_monitor.c:467 src/exec_monitor.c:473 -#: src/exec_monitor.c:481 src/exec_monitor.c:489 src/exec_monitor.c:496 +#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/json.c:67 +#: lib/util/json.c:193 lib/util/sudo_conf.c:192 lib/util/sudo_conf.c:277 +#: lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 src/conversation.c:87 +#: src/exec_common.c:114 src/exec_common.c:131 src/exec_common.c:140 +#: src/exec_monitor.c:460 src/exec_monitor.c:466 src/exec_monitor.c:474 +#: src/exec_monitor.c:482 src/exec_monitor.c:489 src/exec_monitor.c:496 #: src/exec_monitor.c:503 src/exec_monitor.c:510 src/exec_monitor.c:517 -#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_monitor.c:538 -#: src/exec_nopty.c:214 src/exec_nopty.c:220 src/exec_nopty.c:229 -#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 -#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 -#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 -#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1165 -#: src/exec_pty.c:1171 src/exec_pty.c:1180 src/exec_pty.c:1187 -#: src/exec_pty.c:1194 src/exec_pty.c:1201 src/exec_pty.c:1208 -#: src/exec_pty.c:1215 src/exec_pty.c:1222 src/exec_pty.c:1229 -#: src/exec_pty.c:1236 src/exec_pty.c:1243 src/exec_pty.c:1251 -#: src/exec_pty.c:1668 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:208 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 -#: src/sudo.c:1240 src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 -#: src/sudo_edit.c:891 src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_nopty.c:218 +#: src/exec_nopty.c:227 src/exec_nopty.c:234 src/exec_nopty.c:241 +#: src/exec_nopty.c:248 src/exec_nopty.c:255 src/exec_nopty.c:262 +#: src/exec_nopty.c:269 src/exec_nopty.c:276 src/exec_nopty.c:283 +#: src/exec_nopty.c:290 src/exec_nopty.c:297 src/exec_nopty.c:305 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1206 src/exec_pty.c:1215 src/exec_pty.c:1222 +#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 +#: src/exec_pty.c:1250 src/exec_pty.c:1257 src/exec_pty.c:1264 +#: src/exec_pty.c:1271 src/exec_pty.c:1278 src/exec_pty.c:1286 +#: src/exec_pty.c:1709 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:208 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:239 src/sudo.c:625 +#: src/sudo.c:847 src/sudo.c:1037 src/sudo.c:1059 src/sudo.c:1355 +#: src/sudo.c:1528 src/sudo.c:1722 src/sudo.c:2066 src/sudo_edit.c:270 +#: src/sudo_edit.c:775 src/sudo_edit.c:872 src/sudo_edit.c:986 +#: src/sudo_edit.c:1006 msgid "unable to allocate memory" msgstr "muistin varaaminen epäonnistui" +#: lib/util/mkdir_parents.c:79 lib/util/sudo_conf.c:619 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 +#, c-format +msgid "unable to open %s" +msgstr "%s: avaaminen epäonnistui" + +#: lib/util/mkdir_parents.c:94 +#, c-format +msgid "unable to mkdir %s" +msgstr "käskyn mkdir %s suorittaminen epäonnistui" + +#: lib/util/mkdir_parents.c:103 lib/util/sudo_conf.c:596 +#, c-format +msgid "unable to stat %s" +msgstr "stat-kutsu epäonnistui tiedostolle %s" + +#: lib/util/mkdir_parents.c:108 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s on olemassa, mutta ei ole hakemisto (0%o)" + #: lib/util/strsignal.c:55 msgid "Unknown signal" msgstr "Tuntematon signaali" #: lib/util/strtoid.c:96 lib/util/strtomode.c:56 lib/util/strtonum.c:161 -#: lib/util/strtonum.c:196 +#: lib/util/strtonum.c:200 msgid "invalid value" msgstr "virheellinen arvo" @@ -113,88 +137,78 @@ msgid "value too small" msgstr "arvo on liian pieni" -#: lib/util/sudo_conf.c:212 +#: lib/util/sudo_conf.c:210 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "virheellinen Path-arvo ”%s” tiedostossa %s, rivillä %u" -#: lib/util/sudo_conf.c:378 lib/util/sudo_conf.c:431 +#: lib/util/sudo_conf.c:376 lib/util/sudo_conf.c:392 lib/util/sudo_conf.c:445 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "virheellinen %s-arvo ”%s” tiedostossa %s, rivillä %u" -#: lib/util/sudo_conf.c:399 +#: lib/util/sudo_conf.c:413 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "tukematon ryhmälähde ”%s” tiedostossa %s, rivillä %u" -#: lib/util/sudo_conf.c:415 +#: lib/util/sudo_conf.c:429 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "virheellinen ryhmien enimmäismäärä ”%s” tiedostossa %s, rivillä %u" -#: lib/util/sudo_conf.c:576 -#, c-format -msgid "unable to stat %s" -msgstr "stat-kutsu epäonnistui tiedostolle %s" - -#: lib/util/sudo_conf.c:579 +#: lib/util/sudo_conf.c:599 #, c-format msgid "%s is not a regular file" msgstr "%s ei ole tavallinen tiedosto" # ensimmäinen parametri on path -#: lib/util/sudo_conf.c:582 +#: lib/util/sudo_conf.c:602 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "polun %s omistaa uid %u, tulisi olla %u" -#: lib/util/sudo_conf.c:586 +#: lib/util/sudo_conf.c:606 #, c-format msgid "%s is world writable" msgstr "%s on yleiskirjoitettava" -#: lib/util/sudo_conf.c:589 +#: lib/util/sudo_conf.c:609 #, c-format msgid "%s is group writable" msgstr "%s on ryhmäkirjoitettava" -#: lib/util/sudo_conf.c:599 src/selinux.c:233 src/selinux.c:250 src/sudo.c:363 -#, c-format -msgid "unable to open %s" -msgstr "%s: avaaminen epäonnistui" - -#: src/exec.c:111 +#: src/exec.c:135 #, c-format msgid "unknown login class %s" msgstr "tuntematon kirjautumisluokka %s" -#: src/exec.c:123 +#: src/exec.c:147 msgid "unable to set user context" msgstr "käyttäjäkontekstin asettaminen epäonnistui" -#: src/exec.c:139 +#: src/exec.c:163 msgid "unable to set process priority" msgstr "prosessiprioriteetin asettaminen epäonnistui" -#: src/exec.c:150 +#: src/exec.c:177 #, c-format msgid "unable to change root to %s" msgstr "root-käyttäjän vaihtaminen käyttäjäksi %s epäonnistui" -#: src/exec.c:163 src/exec.c:169 src/exec.c:176 +#: src/exec.c:190 src/exec.c:196 src/exec.c:203 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "vaihtaminen runas-uid:ksi (%u, %u) epäonnistui" -#: src/exec.c:194 +#: src/exec.c:221 #, c-format msgid "unable to change directory to %s" msgstr "vaihtaminen hakemistoksi %s epäonnistui" -#: src/exec.c:293 src/exec_monitor.c:576 src/exec_monitor.c:578 -#: src/exec_nopty.c:538 src/exec_pty.c:530 src/exec_pty.c:1336 -#: src/exec_pty.c:1338 src/signal.c:150 src/signal.c:164 +#: src/exec.c:304 src/exec_monitor.c:569 src/exec_monitor.c:571 +#: src/exec_nopty.c:537 src/exec_pty.c:566 src/exec_pty.c:1373 +#: src/exec_pty.c:1375 src/signal.c:150 src/signal.c:164 #, c-format msgid "unable to set handler for signal %d" msgstr "käsittelijän asettaminen signaalille %d epäonnistui" @@ -204,90 +218,108 @@ msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "PRIV_PROC_EXEC-määreen poistaminen PRIV_LIMITiltä epäonnistui" -#: src/exec_monitor.c:366 +#: src/exec_monitor.c:365 msgid "error reading from socketpair" msgstr "virhe luettaessa sokettiparista" -#: src/exec_monitor.c:383 +#: src/exec_monitor.c:382 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "odottamaton vastaustyyppi paluukanavalla: %d" -#: src/exec_monitor.c:475 src/exec_monitor.c:483 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_monitor.c:533 -#: src/exec_monitor.c:540 src/exec_nopty.c:222 src/exec_nopty.c:231 -#: src/exec_nopty.c:238 src/exec_nopty.c:245 src/exec_nopty.c:252 -#: src/exec_nopty.c:259 src/exec_nopty.c:266 src/exec_nopty.c:273 -#: src/exec_nopty.c:280 src/exec_nopty.c:287 src/exec_nopty.c:294 -#: src/exec_nopty.c:301 src/exec_nopty.c:309 src/exec_pty.c:652 -#: src/exec_pty.c:657 src/exec_pty.c:754 src/exec_pty.c:761 src/exec_pty.c:858 -#: src/exec_pty.c:1173 src/exec_pty.c:1182 src/exec_pty.c:1189 -#: src/exec_pty.c:1196 src/exec_pty.c:1203 src/exec_pty.c:1210 -#: src/exec_pty.c:1217 src/exec_pty.c:1224 src/exec_pty.c:1231 -#: src/exec_pty.c:1238 src/exec_pty.c:1245 src/exec_pty.c:1621 -#: src/exec_pty.c:1631 src/exec_pty.c:1676 src/exec_pty.c:1683 -#: src/exec_pty.c:1710 +#: src/exec_monitor.c:468 src/exec_monitor.c:476 src/exec_monitor.c:484 +#: src/exec_monitor.c:491 src/exec_monitor.c:498 src/exec_monitor.c:505 +#: src/exec_monitor.c:512 src/exec_monitor.c:519 src/exec_monitor.c:526 +#: src/exec_monitor.c:533 src/exec_nopty.c:220 src/exec_nopty.c:229 +#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 +#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 +#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 +#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:688 +#: src/exec_pty.c:693 src/exec_pty.c:790 src/exec_pty.c:797 src/exec_pty.c:894 +#: src/exec_pty.c:1208 src/exec_pty.c:1217 src/exec_pty.c:1224 +#: src/exec_pty.c:1231 src/exec_pty.c:1238 src/exec_pty.c:1245 +#: src/exec_pty.c:1252 src/exec_pty.c:1259 src/exec_pty.c:1266 +#: src/exec_pty.c:1273 src/exec_pty.c:1280 src/exec_pty.c:1662 +#: src/exec_pty.c:1672 src/exec_pty.c:1717 src/exec_pty.c:1724 +#: src/exec_pty.c:1751 msgid "unable to add event to queue" msgstr "tapahtuman lisääminen jonoon epäonnistui" # Istunnolla voi olla ohjaava tty. Istunnon yksi prosessiryhmä voi olla edustaprosessiryhmä ja toimia siten ohjaavana tty:nä, joka vastaanottaa tty-syötteen ja -signaalit. -#: src/exec_monitor.c:594 +#: src/exec_monitor.c:587 msgid "unable to set controlling tty" msgstr "ohjaavan tty:n asettaminen epäonnistui" -#: src/exec_monitor.c:602 src/exec_nopty.c:366 src/exec_pty.c:1415 -#: src/exec_pty.c:1436 src/exec_pty.c:1456 src/tgetpass.c:307 +#: src/exec_monitor.c:595 src/exec_nopty.c:364 src/exec_pty.c:1452 +#: src/exec_pty.c:1473 src/exec_pty.c:1493 src/tgetpass.c:311 msgid "unable to create pipe" msgstr "putken luominen epäonnistui" -#: src/exec_monitor.c:610 +#: src/exec_monitor.c:603 msgid "unable to receive message from parent" msgstr "viestin vastaanotto vanhemmalta epäonnistui" -#: src/exec_monitor.c:624 src/exec_nopty.c:395 src/exec_pty.c:1494 -#: src/tgetpass.c:311 +#: src/exec_monitor.c:617 src/exec_nopty.c:393 src/exec_pty.c:1531 +#: src/tgetpass.c:315 msgid "unable to fork" msgstr "fork-kutsu epäonnistui" -#: src/exec_monitor.c:628 src/exec_monitor.c:727 src/exec_nopty.c:448 +#: src/exec_monitor.c:621 src/exec_monitor.c:720 src/exec_nopty.c:447 msgid "unable to restore tty label" msgstr "tty-nimiön palauttaminen epäonnistui" -#: src/exec_monitor.c:644 src/sesh.c:127 src/sudo.c:1100 +#: src/exec_monitor.c:637 src/sesh.c:127 src/sudo.c:1114 #, c-format msgid "unable to execute %s" msgstr "%s: suorittaminen epäonnistui" -#: src/exec_nopty.c:360 src/exec_pty.c:1345 +#: src/exec_nopty.c:358 src/exec_pty.c:1382 msgid "policy plugin failed session initialization" msgstr "käytäntölisäosa epäonnistui istunnon alustamisessa" -#: src/exec_nopty.c:437 src/exec_pty.c:1581 +#: src/exec_nopty.c:435 src/exec_pty.c:1617 msgid "error in event loop" msgstr "virhe tapahtumasilmukassa" -#: src/exec_nopty.c:546 src/exec_pty.c:565 src/signal.c:112 +#: src/exec_nopty.c:545 src/exec_pty.c:601 src/signal.c:112 #, c-format msgid "unable to restore handler for signal %d" msgstr "käsittelijän palauttaminen signaalille %d epäonnistui" -#: src/exec_pty.c:158 +#: src/exec_pty.c:157 msgid "unable to allocate pty" msgstr "pty:n varaaminen epäonnistui" -#: src/exec_pty.c:1325 +#: src/exec_pty.c:221 src/exec_pty.c:260 src/exec_pty.c:299 src/exec_pty.c:349 +#: src/exec_pty.c:399 +msgid "I/O plugin error" +msgstr "I/O-lisäosan virhe" + +#: src/exec_pty.c:224 src/exec_pty.c:263 src/exec_pty.c:302 src/exec_pty.c:352 +#: src/exec_pty.c:402 +msgid "command rejected by I/O plugin" +msgstr "I/O-lisäosa hylkäsi komennon" + +#: src/exec_pty.c:449 +msgid "error logging suspend" +msgstr "virhe suspend-toiminnon lokiin kirjaamisessa" + +#: src/exec_pty.c:482 +msgid "error changing window size" +msgstr "virhe ikkunan koon muuttamisessa" + +#: src/exec_pty.c:1362 msgid "unable to create sockets" msgstr "sokettien luominen epäonnistui" -#: src/exec_pty.c:1538 +#: src/exec_pty.c:1574 msgid "unable to send message to monitor process" msgstr "viestin lähettäminen prosessien valvomiseksi epäonnistui" #: src/load_plugins.c:57 src/load_plugins.c:70 src/load_plugins.c:92 -#: src/load_plugins.c:122 src/load_plugins.c:134 src/load_plugins.c:140 -#: src/load_plugins.c:181 src/load_plugins.c:189 src/load_plugins.c:196 -#: src/load_plugins.c:202 +#: src/load_plugins.c:122 src/load_plugins.c:136 src/load_plugins.c:142 +#: src/load_plugins.c:293 src/load_plugins.c:301 src/load_plugins.c:308 +#: src/load_plugins.c:348 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "virhe tiedostossa %s, rivillä %d alustettaessa lisäosaa ”%s”" @@ -298,62 +330,57 @@ msgstr "%s%s: %s" # ensimmäinen parametri on path -#: src/load_plugins.c:136 +#: src/load_plugins.c:138 #, c-format msgid "%s must be owned by uid %d" msgstr "polun %s omistajan on oltava uid %d" # parametri on path -#: src/load_plugins.c:142 +#: src/load_plugins.c:144 #, c-format msgid "%s must be only be writable by owner" msgstr "polun %s on oltava vain omistajan kirjoitettavissa" -#: src/load_plugins.c:183 +#: src/load_plugins.c:254 src/load_plugins.c:321 +#, c-format +msgid "ignoring duplicate plugin \"%s\" in %s, line %d" +msgstr "ohitetaan lisäosan ”%s” kaksoiskappale tiedostossa %s, rivillä %d" + +#: src/load_plugins.c:295 #, c-format msgid "unable to load %s: %s" msgstr "%s: lataaminen epäonnistui: %s" -#: src/load_plugins.c:191 +#: src/load_plugins.c:303 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "symbolia ”%s” ei löytynyt kohteesta %s" -#: src/load_plugins.c:198 -#, c-format -msgid "unknown policy type %d found in %s" -msgstr "tuntematon käytäntötyyppi %d löytyi kohteesta %s" - -#: src/load_plugins.c:204 +#: src/load_plugins.c:310 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "löydettiin yhteensopimaton lisäosan pääversio %d (odotettiin %d) kohteesta %s" -#: src/load_plugins.c:213 +#: src/load_plugins.c:324 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "ohitetaan käytäntölisäosa ”%s” tiedostossa %s, rivillä %d" -#: src/load_plugins.c:215 +#: src/load_plugins.c:326 msgid "only a single policy plugin may be specified" msgstr "vain yksi käytäntölisäosa voidaan määritellä" -#: src/load_plugins.c:218 -#, c-format -msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" -msgstr "ohitetaan käytäntölisäosan ”%s” kaksoiskappale tiedostossa %s, rivillä %d" - -#: src/load_plugins.c:237 +#: src/load_plugins.c:350 #, c-format -msgid "ignoring duplicate I/O plugin \"%s\" in %s, line %d" -msgstr "ohitetaan siirräntälisäosan ”%s” kaksoiskappale tiedostossa %s, rivillä %d" +msgid "unknown plugin type %d found in %s" +msgstr "tuntematon lisäosatyyppi %d löytyi kohteesta %s" -#: src/load_plugins.c:353 +#: src/load_plugins.c:511 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "käytäntölisäosa %s ei sisällä check_policy-metodia" -#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:473 +#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:478 #, c-format msgid "internal error, %s overflow" msgstr "sisäinen virhe, %s-ylivuoto" @@ -367,39 +394,39 @@ msgid "the argument to -C must be a number greater than or equal to 3" msgstr "argumentin valitsimelle -C on oltava vähintään 3" -#: src/parse_args.c:523 +#: src/parse_args.c:524 msgid "you may not specify both the `-i' and `-s' options" msgstr "valitsimia ”-i” ja ”-s” ei voi käyttää yhdessä" -#: src/parse_args.c:527 +#: src/parse_args.c:528 msgid "you may not specify both the `-i' and `-E' options" msgstr "valitsimia ”-i” ja ”-E” ei voi käyttää yhdessä" -#: src/parse_args.c:537 +#: src/parse_args.c:538 msgid "the `-E' option is not valid in edit mode" msgstr "valitsin ”-E” ei kelpaa muokkaustilassa" -#: src/parse_args.c:539 +#: src/parse_args.c:540 msgid "you may not specify environment variables in edit mode" msgstr "ympäristömuuttujia ei voi määritellä muokkaustilassa" -#: src/parse_args.c:547 +#: src/parse_args.c:548 msgid "the `-U' option may only be used with the `-l' option" msgstr "valitsinta ”-U” voi käyttää vain valitsimen ”-l” kanssa" -#: src/parse_args.c:551 +#: src/parse_args.c:552 msgid "the `-A' and `-S' options may not be used together" msgstr "valitsimia ”-A” ja ”-S” ei voi käyttää yhdessä" -#: src/parse_args.c:627 +#: src/parse_args.c:645 msgid "sudoedit is not supported on this platform" msgstr "sudoedit ei ole tuettu tällä alustalla" -#: src/parse_args.c:700 +#: src/parse_args.c:726 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Vain yhtä valitsimista -e, -h, -i, -K, -l, -s, -v tai -V voidaan käyttää" -#: src/parse_args.c:714 +#: src/parse_args.c:740 #, c-format msgid "" "%s - edit files as another user\n" @@ -408,7 +435,7 @@ "%s - muokkaa tiedostoja toisena käyttäjänä\n" "\n" -#: src/parse_args.c:716 +#: src/parse_args.c:742 #, c-format msgid "" "%s - execute a command as another user\n" @@ -417,7 +444,7 @@ "%s - suorita komentoja toisena käyttäjänä\n" "\n" -#: src/parse_args.c:721 +#: src/parse_args.c:747 #, c-format msgid "" "\n" @@ -426,124 +453,124 @@ "\n" "Valitsimet:\n" -#: src/parse_args.c:723 +#: src/parse_args.c:749 msgid "use a helper program for password prompting" msgstr "käytä apuohjelmaa salasanakyselyyn" -#: src/parse_args.c:726 +#: src/parse_args.c:752 msgid "use specified BSD authentication type" msgstr "käytä määriteltyä BSD-todennustyyppiä" -#: src/parse_args.c:729 +#: src/parse_args.c:755 msgid "run command in the background" msgstr "suorita komento taustalla" -#: src/parse_args.c:731 +#: src/parse_args.c:757 msgid "ring bell when prompting" msgstr "soita kelloa kehotteissa" -#: src/parse_args.c:733 +#: src/parse_args.c:759 msgid "close all file descriptors >= num" msgstr "sulje kaikki tiedostokahvat >= num" -#: src/parse_args.c:736 +#: src/parse_args.c:762 msgid "run command with the specified BSD login class" msgstr "suorita komento määritellyllä BSD-kirjautumisluokalla" -#: src/parse_args.c:739 +#: src/parse_args.c:765 msgid "preserve user environment when running command" msgstr "säilytä käyttäjäympäristö komentoa suoritettaessa" -#: src/parse_args.c:741 +#: src/parse_args.c:767 msgid "preserve specific environment variables" msgstr "säilytä tietyt ympäristömuuttujat" -#: src/parse_args.c:743 +#: src/parse_args.c:769 msgid "edit files instead of running a command" msgstr "muokkaa tiedostoja komennon suorittamisen sijasta" # tämä viittaa runas_group-määritelyyn -#: src/parse_args.c:745 +#: src/parse_args.c:771 msgid "run command as the specified group name or ID" msgstr "suorita komento määriteltynä ryhmänimenä tai -ID:nä" -#: src/parse_args.c:747 +#: src/parse_args.c:773 msgid "set HOME variable to target user's home dir" msgstr "aseta HOME-muuttuja osoittamaan kohdekäyttäjän kotihakemistoon" -#: src/parse_args.c:749 +#: src/parse_args.c:775 msgid "display help message and exit" msgstr "näytä opasteviesti ja poistu" -#: src/parse_args.c:751 +#: src/parse_args.c:777 msgid "run command on host (if supported by plugin)" msgstr "suorita komento etäkoneella (jos lisäosa tukee)" -#: src/parse_args.c:753 +#: src/parse_args.c:779 msgid "run login shell as the target user; a command may also be specified" msgstr "suorita kirjautumiskuori kohdekäyttäjänä; voidaan myös antaa komento" -#: src/parse_args.c:755 +#: src/parse_args.c:781 msgid "remove timestamp file completely" msgstr "poista aikaleimatiedosto kokonaan" -#: src/parse_args.c:757 +#: src/parse_args.c:783 msgid "invalidate timestamp file" msgstr "mitätöi aikaleimatiedosto" -#: src/parse_args.c:759 +#: src/parse_args.c:785 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "luettele käyttäjän käyttöoikeudet tai tarkasta tietty komento; kahdesti käyttämällä pidempi muoto" -#: src/parse_args.c:761 +#: src/parse_args.c:787 msgid "non-interactive mode, no prompts are used" msgstr "ei-vuorovaikutteinen tila, ei kehotteita" -#: src/parse_args.c:763 +#: src/parse_args.c:789 msgid "preserve group vector instead of setting to target's" msgstr "säilytä ryhmävektori kohteen vektorin asettamisen sijasta" -#: src/parse_args.c:765 +#: src/parse_args.c:791 msgid "use the specified password prompt" msgstr "käytä annettua salasanakehotetta" -#: src/parse_args.c:768 +#: src/parse_args.c:794 msgid "create SELinux security context with specified role" msgstr "luo SELinux-turvakonteksti määritellyllä roolilla" -#: src/parse_args.c:771 +#: src/parse_args.c:797 msgid "read password from standard input" msgstr "lue salasana vakiosyötteestä" -#: src/parse_args.c:773 +#: src/parse_args.c:799 msgid "run shell as the target user; a command may also be specified" msgstr "suorita kuori kohdekäyttäjänä; voidaan myös antaa komento" -#: src/parse_args.c:776 +#: src/parse_args.c:802 msgid "create SELinux security context with specified type" msgstr "luo SELinux-turvakonteksti määritellyllä roolilla" -#: src/parse_args.c:779 +#: src/parse_args.c:805 msgid "terminate command after the specified time limit" msgstr "päätä komento määrätyn aikarajan jälkeen" -#: src/parse_args.c:781 +#: src/parse_args.c:807 msgid "in list mode, display privileges for user" msgstr "näytä luettelotilassa käyttäjän oikeudet" -#: src/parse_args.c:783 +#: src/parse_args.c:809 msgid "run command (or edit file) as specified user name or ID" msgstr "suorita komento (tai muokkaa tiedostoa) määriteltynä käyttäjänimenä tai -ID:nä" -#: src/parse_args.c:785 +#: src/parse_args.c:811 msgid "display version information and exit" msgstr "näytä versiotiedot ja poistu" -#: src/parse_args.c:787 +#: src/parse_args.c:813 msgid "update user's timestamp without running a command" msgstr "päivitä käyttäjän aikaleima suorittamatta komentoa" -#: src/parse_args.c:789 +#: src/parse_args.c:815 msgid "stop processing command line arguments" msgstr "lopeta komentoriviargumenttien käsittely" @@ -575,7 +602,7 @@ msgid "unable to open %s, not relabeling tty" msgstr "%s: avaaminen epäonnistui, ei uudelleennimiöidä tty:tä" -#: src/selinux.c:194 src/selinux.c:237 src/selinux.c:254 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s ei ole merkkilaite, ei uudelleennimiöidä tty:tä" @@ -596,54 +623,54 @@ msgid "unable to set new tty context" msgstr "uuden tty-kontekstin asettaminen epäonnistui" -#: src/selinux.c:298 +#: src/selinux.c:322 #, c-format msgid "you must specify a role for type %s" msgstr "%s-tyypille on määriteltävä rooli" -#: src/selinux.c:304 +#: src/selinux.c:328 #, c-format msgid "unable to get default type for role %s" msgstr "oletustyypin hakeminen %s-roolille epäonnistui" -#: src/selinux.c:316 +#: src/selinux.c:340 msgid "failed to get new context" msgstr "uuden kontekstin noutaminen epäonnistui" -#: src/selinux.c:325 +#: src/selinux.c:349 #, c-format msgid "failed to set new role %s" msgstr "uuden roolin %s asettaminen epäonnistui" -#: src/selinux.c:329 +#: src/selinux.c:353 #, c-format msgid "failed to set new type %s" msgstr "uuden tyypin %s asettaminen epäonnistui" -#: src/selinux.c:341 +#: src/selinux.c:365 #, c-format msgid "%s is not a valid context" msgstr "%s ei ole kelvollinen konteksti" -#: src/selinux.c:373 +#: src/selinux.c:397 msgid "failed to get old context" msgstr "vanhan kontekstin noutaminen epäonnistui" -#: src/selinux.c:379 +#: src/selinux.c:403 msgid "unable to determine enforcing mode." msgstr "pakotustilan päättely epäonnistui." -#: src/selinux.c:396 +#: src/selinux.c:420 #, c-format msgid "unable to set tty context to %s" msgstr "tty-kontekstin asetus arvoon %s epäonnistui" -#: src/selinux.c:428 +#: src/selinux.c:452 #, c-format msgid "unable to set exec context to %s" msgstr "exec-kontekstin asetus arvoon %s epäonnistui" -#: src/selinux.c:435 +#: src/selinux.c:459 #, c-format msgid "unable to set key creation context to %s" msgstr "avaimenluontikontekstin asetus arvoon %s epäonnistui" @@ -710,188 +737,214 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "varoitus, ”%s”-hankkeen resurssivalvontaosoitus epäonnistui" -#: src/sudo.c:204 +#: src/sudo.c:224 #, c-format msgid "Sudo version %s\n" msgstr "Sudo-versio %s\n" -#: src/sudo.c:206 +#: src/sudo.c:226 #, c-format msgid "Configure options: %s\n" msgstr "Asetusvalitsimet: %s\n" -#: src/sudo.c:214 +#: src/sudo.c:235 msgid "fatal error, unable to load plugins" msgstr "vakava virhe, lisäosien lataaminen epäonnistui" -#: src/sudo.c:222 -msgid "unable to initialize policy plugin" -msgstr "käytäntölisäosan alustaminen epäonnistui" - -#: src/sudo.c:266 +#: src/sudo.c:280 msgid "plugin did not return a command to execute" msgstr "lisäosa ei palauttanut suoritettavaa komentoa" -#: src/sudo.c:282 -#, c-format -msgid "error initializing I/O plugin %s" -msgstr "virhe alustettaessa siirräntälisäosaa %s" - -#: src/sudo.c:306 +#: src/sudo.c:311 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "odottamaton sudo-tila 0x%x" -#: src/sudo.c:538 +#: src/sudo.c:544 #, c-format msgid "you do not exist in the %s database" msgstr "sinua ei ole olemassa %s-tietokannassa" -#: src/sudo.c:595 +#: src/sudo.c:601 msgid "unable to determine tty" msgstr "tty:n päätteleminen epäonnistui" # ensimmäinen parametri on path -#: src/sudo.c:887 +#: src/sudo.c:893 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "polun %s omistajan on oltava uid %d ja setuid-bitin on oltava asetettu" -#: src/sudo.c:890 +#: src/sudo.c:896 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "vallitseva käyttäjä-id ei ole %d, sijaitseeko %s ”nosuid”-valintaa käyttävällä tiedostojärjestelmällä, vai onko tämä NFS-tiedostojärjestelmä ilman root-käyttöoikeuksia?" -#: src/sudo.c:896 +#: src/sudo.c:902 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "vallitseva käyttäjä-id ei ole %d, onko sudo asennettu setuid root -käyttöoikeuksilla?" -#: src/sudo.c:912 +#: src/sudo.c:918 msgid "unable to set supplementary group IDs" msgstr "täydentävien ryhmä-ID:iden asettaminen epäonnistui" # tämän ymmärrän niin, että käyttöjärjestelmäydin luo tiedoston ja antaa tälle tavallaan tilapäisen effective gid-tunnisteen, joka vaihdetaan suorittamisen yhteydessä prosessin omistajan suoritettavaksi ryhmätunnisteeksi. -#: src/sudo.c:919 +#: src/sudo.c:925 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "vallitsevan ryhmä-ID:n asettaminen runas-ryhmä-ID:ksi %u epäonnistui" -#: src/sudo.c:925 +#: src/sudo.c:931 #, c-format msgid "unable to set gid to runas gid %u" msgstr "ryhmä-ID:n asettaminen runas-ryhmä-ID:ksi %u epäonnistui" -#: src/sudo.c:982 +#: src/sudo.c:978 #, c-format msgid "unexpected child termination condition: %d" msgstr "lapsiprosessin odottamaton päättymisehto: %d" -#: src/sudo.c:1128 +#: src/sudo.c:1087 +msgid "unable to initialize policy plugin" +msgstr "käytäntölisäosan alustaminen epäonnistui" + +#: src/sudo.c:1148 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "käytäntölisäosalta %s puuttuu ”check_policy”-metodi" -#: src/sudo.c:1146 +#: src/sudo.c:1163 src/sudo.c:1216 src/sudo.c:1260 +msgid "command rejected by policy" +msgstr "käytäntö hylkäsi komennon" + +#: src/sudo.c:1168 src/sudo.c:1221 src/sudo.c:1265 +msgid "policy plugin error" +msgstr "käytäntölisäosan virhe" + +#: src/sudo.c:1202 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "käytäntölisäosa %s ei tue käyttöoikeuksien luettelua" -#: src/sudo.c:1163 +#: src/sudo.c:1246 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "käytäntölisäosa %s ei tue valitsinta -v" -#: src/sudo.c:1178 +#: src/sudo.c:1284 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "käytäntölisäosa %s ei tue valitsimia -k/-K" +#: src/sudo.c:1413 +#, c-format +msgid "error initializing I/O plugin %s" +msgstr "virhe alustettaessa siirräntälisäosaa %s" + +#: src/sudo.c:1567 +#, c-format +msgid "error initializing audit plugin %s" +msgstr "audit-lisäosan %s alustaminen epäonnistui" + +#: src/sudo.c:1745 +#, c-format +msgid "error initializing approval plugin %s" +msgstr "hyväksyntälisäosan %s alustaminen epäonnistui" + +#: src/sudo.c:1821 +msgid "command rejected by approver" +msgstr "hyväksyjä hylkäsi komennon" + +#: src/sudo.c:1830 +msgid "approval plugin error" +msgstr "hyväksyntälisäosan virhe" + # parametrina on CWD- eli Change Working Directory- komennolla palautettava hakemisto -#: src/sudo_edit.c:221 +#: src/sudo_edit.c:233 msgid "no writable temporary directory found" msgstr "kirjoitettavaa väliaikaishakemistoa ei löytynyt" -#: src/sudo_edit.c:288 src/sudo_edit.c:377 +#: src/sudo_edit.c:358 msgid "unable to restore current working directory" msgstr "nykyisen työhakemiston palauttaminen epäonnistui" -#: src/sudo_edit.c:594 src/sudo_edit.c:707 +#: src/sudo_edit.c:575 src/sudo_edit.c:688 #, c-format msgid "%s: not a regular file" msgstr "%s: ei ole tavallinen tiedosto" -#: src/sudo_edit.c:601 +#: src/sudo_edit.c:582 #, c-format msgid "%s: editing symbolic links is not permitted" msgstr "%s: symbolisten linkkien muokkaus ei ole sallittua" -#: src/sudo_edit.c:604 +#: src/sudo_edit.c:585 #, c-format msgid "%s: editing files in a writable directory is not permitted" msgstr "%s: tiedostojen muokkaus kirjoitettavassa hakemistossa ei ole sallittua" -#: src/sudo_edit.c:637 src/sudo_edit.c:747 +#: src/sudo_edit.c:618 src/sudo_edit.c:728 #, c-format msgid "%s: short write" msgstr "%s: vaillinainen kirjoitus" -#: src/sudo_edit.c:708 +#: src/sudo_edit.c:689 #, c-format msgid "%s left unmodified" msgstr "%s jätetty muuttamattomaksi" -#: src/sudo_edit.c:721 src/sudo_edit.c:908 +#: src/sudo_edit.c:702 src/sudo_edit.c:889 #, c-format msgid "%s unchanged" msgstr "%s muuttamaton" -#: src/sudo_edit.c:736 src/sudo_edit.c:758 +#: src/sudo_edit.c:717 src/sudo_edit.c:739 #, c-format msgid "unable to write to %s" msgstr "kohteeseen %s kirjoittaminen epäonnistui" -#: src/sudo_edit.c:737 src/sudo_edit.c:756 src/sudo_edit.c:759 -#: src/sudo_edit.c:933 src/sudo_edit.c:937 +#: src/sudo_edit.c:718 src/sudo_edit.c:737 src/sudo_edit.c:740 +#: src/sudo_edit.c:914 src/sudo_edit.c:918 #, c-format msgid "contents of edit session left in %s" msgstr "muokkausistunnon sisältö jätetty kohteeseen %s" -#: src/sudo_edit.c:755 +#: src/sudo_edit.c:736 msgid "unable to read temporary file" msgstr "väliaikaistiedoston lukeminen epäonnistui" -#: src/sudo_edit.c:838 +#: src/sudo_edit.c:819 msgid "sesh: internal error: odd number of paths" msgstr "sesh: sisäinen virhe: polkujen pariton määrä" -#: src/sudo_edit.c:840 +#: src/sudo_edit.c:821 msgid "sesh: unable to create temporary files" msgstr "sesh: väliaikaistiedostojen luominen epäonnistui" -#: src/sudo_edit.c:842 src/sudo_edit.c:940 +#: src/sudo_edit.c:823 src/sudo_edit.c:921 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: tuntematon virhe %d" -#: src/sudo_edit.c:932 +#: src/sudo_edit.c:913 msgid "unable to copy temporary files back to their original location" msgstr "väliaikaistiedostojen kopioiminen takaisin niiden alkuperäiseen sijaintiin epäonnistui" -#: src/sudo_edit.c:936 +#: src/sudo_edit.c:917 msgid "unable to copy some of the temporary files back to their original location" msgstr "joidenkin väliaikaistiedostojen kopioiminen takaisin niiden alkuperäiseen sijaintiin epäonnistui" -#: src/sudo_edit.c:981 +#: src/sudo_edit.c:962 #, c-format msgid "unable to change uid to root (%u)" msgstr "käyttäjä-ID:n vaihtaminen rootiksi (%u) epäonnistui" -#: src/sudo_edit.c:998 +#: src/sudo_edit.c:979 msgid "plugin error: missing file list for sudoedit" msgstr "lisäosavirhe: puuttuu sudoedit-tiedostoluettelo" -#: src/sudo_edit.c:1039 src/sudo_edit.c:1052 +#: src/sudo_edit.c:1020 src/sudo_edit.c:1033 msgid "unable to read the clock" msgstr "kellon lukeminen epäonnistui" @@ -915,17 +968,17 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "salasanakyselin on määrittelemättä, yritä asettaa SUDO_ASKPASS" -#: src/tgetpass.c:322 +#: src/tgetpass.c:332 #, c-format msgid "unable to set gid to %u" msgstr "ryhmä-ID:n asettaminen arvoon %u epäonnistui" -#: src/tgetpass.c:326 +#: src/tgetpass.c:336 #, c-format msgid "unable to set uid to %u" msgstr "käyttäjä-ID:n asettaminen arvoon %u epäonnistui" -#: src/tgetpass.c:331 +#: src/tgetpass.c:341 #, c-format msgid "unable to run %s" msgstr "salasanakyselimen %s suorittaminen epäonnistui" @@ -942,6 +995,9 @@ msgid "unable to restore stdin" msgstr "vakiosyötteen palauttaminen epäonnistui" +#~ msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" +#~ msgstr "ohitetaan käytäntölisäosan ”%s” kaksoiskappale tiedostossa %s, rivillä %d" + #~ msgid "unable to get group vector" #~ msgstr "ei kyetä hakemaan ryhmävektoria" @@ -954,9 +1010,6 @@ #~ msgid "error reading from signal pipe" #~ msgstr "virhe luettaessa signaaliputkesta" -#~ msgid "error reading from pipe" -#~ msgstr "virhe luettaessa putkesta" - #~ msgid "internal error, tried allocate zero bytes" #~ msgstr "sisäinen virhe, yritettiin varata nolla tavua" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/po/fr.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/po/fr.mo differ diff -Nru sudo-1.8.31/po/fr.po sudo-1.9.0/po/fr.po --- sudo-1.8.31/po/fr.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/po/fr.po 2020-05-11 16:28:23.000000000 +0000 @@ -1,15 +1,15 @@ # Messages français pour sudo. -# Copyright (C) 2019 Free Software Foundation, Inc. +# Copyright (C) 2020 Free Software Foundation, Inc. # This file is put in the public domain. # Todd C. Miller , 2011-2013 -# Frédéric Marchal , 2019 +# Frédéric Marchal , 2020 # msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.29rc1\n" +"Project-Id-Version: sudo 1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-10-24 17:45+0200\n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-03-15 19:05+0100\n" "Last-Translator: Frédéric Marchal \n" "Language-Team: French \n" "Language: fr\n" @@ -33,74 +33,98 @@ msgstr "impossible de rétablir le registre" #: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/gidlist.c:81 -#: lib/util/sudo_conf.c:193 lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 -#: lib/util/sudo_conf.c:560 src/conversation.c:84 src/exec_common.c:114 -#: src/exec_common.c:130 src/exec_common.c:139 src/exec_monitor.c:212 -#: src/exec_monitor.c:467 src/exec_monitor.c:473 src/exec_monitor.c:481 +#: lib/util/json.c:66 lib/util/json.c:192 lib/util/sudo_conf.c:191 +#: lib/util/sudo_conf.c:277 lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 +#: src/conversation.c:86 src/exec_common.c:114 src/exec_common.c:130 +#: src/exec_common.c:139 src/exec_monitor.c:211 src/exec_monitor.c:460 +#: src/exec_monitor.c:466 src/exec_monitor.c:474 src/exec_monitor.c:482 #: src/exec_monitor.c:489 src/exec_monitor.c:496 src/exec_monitor.c:503 #: src/exec_monitor.c:510 src/exec_monitor.c:517 src/exec_monitor.c:524 -#: src/exec_monitor.c:531 src/exec_monitor.c:538 src/exec_nopty.c:214 -#: src/exec_nopty.c:220 src/exec_nopty.c:229 src/exec_nopty.c:236 -#: src/exec_nopty.c:243 src/exec_nopty.c:250 src/exec_nopty.c:257 -#: src/exec_nopty.c:264 src/exec_nopty.c:271 src/exec_nopty.c:278 -#: src/exec_nopty.c:285 src/exec_nopty.c:292 src/exec_nopty.c:299 -#: src/exec_nopty.c:307 src/exec_nopty.c:480 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1002 -#: src/exec_pty.c:1165 src/exec_pty.c:1171 src/exec_pty.c:1180 -#: src/exec_pty.c:1187 src/exec_pty.c:1194 src/exec_pty.c:1201 -#: src/exec_pty.c:1208 src/exec_pty.c:1215 src/exec_pty.c:1222 -#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 -#: src/exec_pty.c:1251 src/exec_pty.c:1668 src/load_plugins.c:59 -#: src/load_plugins.c:72 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:207 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:679 src/sudo.c:689 src/sudo.c:710 src/sudo.c:729 -#: src/sudo.c:738 src/sudo.c:747 src/sudo.c:764 src/sudo.c:805 src/sudo.c:815 -#: src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 src/sudo.c:1240 -#: src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 src/sudo_edit.c:891 -#: src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:531 src/exec_nopty.c:218 src/exec_nopty.c:227 +#: src/exec_nopty.c:234 src/exec_nopty.c:241 src/exec_nopty.c:248 +#: src/exec_nopty.c:255 src/exec_nopty.c:262 src/exec_nopty.c:269 +#: src/exec_nopty.c:276 src/exec_nopty.c:283 src/exec_nopty.c:290 +#: src/exec_nopty.c:297 src/exec_nopty.c:305 src/exec_nopty.c:479 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1038 src/exec_pty.c:1206 src/exec_pty.c:1215 +#: src/exec_pty.c:1222 src/exec_pty.c:1229 src/exec_pty.c:1236 +#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 +#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 +#: src/exec_pty.c:1286 src/exec_pty.c:1709 src/load_plugins.c:59 +#: src/load_plugins.c:72 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:207 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:625 src/sudo.c:685 +#: src/sudo.c:695 src/sudo.c:716 src/sudo.c:735 src/sudo.c:744 src/sudo.c:753 +#: src/sudo.c:770 src/sudo.c:811 src/sudo.c:821 src/sudo.c:847 src/sudo.c:1037 +#: src/sudo.c:1059 src/sudo.c:1355 src/sudo.c:1528 src/sudo.c:1722 +#: src/sudo.c:2066 src/sudo_edit.c:270 src/sudo_edit.c:775 src/sudo_edit.c:872 +#: src/sudo_edit.c:986 src/sudo_edit.c:1006 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/sudo_conf.c:194 -#: lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 lib/util/sudo_conf.c:560 -#: src/conversation.c:85 src/exec_common.c:114 src/exec_common.c:131 -#: src/exec_common.c:140 src/exec_monitor.c:467 src/exec_monitor.c:473 -#: src/exec_monitor.c:481 src/exec_monitor.c:489 src/exec_monitor.c:496 +#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/json.c:67 +#: lib/util/json.c:193 lib/util/sudo_conf.c:192 lib/util/sudo_conf.c:277 +#: lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 src/conversation.c:87 +#: src/exec_common.c:114 src/exec_common.c:131 src/exec_common.c:140 +#: src/exec_monitor.c:460 src/exec_monitor.c:466 src/exec_monitor.c:474 +#: src/exec_monitor.c:482 src/exec_monitor.c:489 src/exec_monitor.c:496 #: src/exec_monitor.c:503 src/exec_monitor.c:510 src/exec_monitor.c:517 -#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_monitor.c:538 -#: src/exec_nopty.c:214 src/exec_nopty.c:220 src/exec_nopty.c:229 -#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 -#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 -#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 -#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1165 -#: src/exec_pty.c:1171 src/exec_pty.c:1180 src/exec_pty.c:1187 -#: src/exec_pty.c:1194 src/exec_pty.c:1201 src/exec_pty.c:1208 -#: src/exec_pty.c:1215 src/exec_pty.c:1222 src/exec_pty.c:1229 -#: src/exec_pty.c:1236 src/exec_pty.c:1243 src/exec_pty.c:1251 -#: src/exec_pty.c:1668 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:208 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 -#: src/sudo.c:1240 src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 -#: src/sudo_edit.c:891 src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_nopty.c:218 +#: src/exec_nopty.c:227 src/exec_nopty.c:234 src/exec_nopty.c:241 +#: src/exec_nopty.c:248 src/exec_nopty.c:255 src/exec_nopty.c:262 +#: src/exec_nopty.c:269 src/exec_nopty.c:276 src/exec_nopty.c:283 +#: src/exec_nopty.c:290 src/exec_nopty.c:297 src/exec_nopty.c:305 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1206 src/exec_pty.c:1215 src/exec_pty.c:1222 +#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 +#: src/exec_pty.c:1250 src/exec_pty.c:1257 src/exec_pty.c:1264 +#: src/exec_pty.c:1271 src/exec_pty.c:1278 src/exec_pty.c:1286 +#: src/exec_pty.c:1709 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:208 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:239 src/sudo.c:625 +#: src/sudo.c:847 src/sudo.c:1037 src/sudo.c:1059 src/sudo.c:1355 +#: src/sudo.c:1528 src/sudo.c:1722 src/sudo.c:2066 src/sudo_edit.c:270 +#: src/sudo_edit.c:775 src/sudo_edit.c:872 src/sudo_edit.c:986 +#: src/sudo_edit.c:1006 msgid "unable to allocate memory" msgstr "impossible d'allouer la mémoire" +#: lib/util/mkdir_parents.c:79 lib/util/sudo_conf.c:619 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 +#, c-format +msgid "unable to open %s" +msgstr "impossible d'ouvrir %s" + +#: lib/util/mkdir_parents.c:94 +#, c-format +msgid "unable to mkdir %s" +msgstr "impossible d'exécuter mkdir %s" + +#: lib/util/mkdir_parents.c:103 lib/util/sudo_conf.c:596 +#, c-format +msgid "unable to stat %s" +msgstr "impossible d'évaluer par stat() %s" + +#: lib/util/mkdir_parents.c:108 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s existe mais il n'est pas un répertoire (0%o)" + #: lib/util/strsignal.c:55 msgid "Unknown signal" msgstr "Signal inconnu" #: lib/util/strtoid.c:96 lib/util/strtomode.c:56 lib/util/strtonum.c:161 -#: lib/util/strtonum.c:196 +#: lib/util/strtonum.c:200 msgid "invalid value" msgstr "valeur incorrecte" @@ -112,87 +136,77 @@ msgid "value too small" msgstr "valeur trop petite" -#: lib/util/sudo_conf.c:212 +#: lib/util/sudo_conf.c:210 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "valeur de chemin « %s » incorrecte dans %s, ligne %u" -#: lib/util/sudo_conf.c:378 lib/util/sudo_conf.c:431 +#: lib/util/sudo_conf.c:376 lib/util/sudo_conf.c:392 lib/util/sudo_conf.c:445 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "valeur « %2$s » incorrecte pour %1$s dans %3$s, ligne %4$u" -#: lib/util/sudo_conf.c:399 +#: lib/util/sudo_conf.c:413 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "source de groupe « %s » non supportée dans %s, ligne %u" -#: lib/util/sudo_conf.c:415 +#: lib/util/sudo_conf.c:429 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "groupes max « %s » incorrects dans %s, ligne %u" -#: lib/util/sudo_conf.c:576 -#, c-format -msgid "unable to stat %s" -msgstr "impossible d'évaluer par stat() %s" - -#: lib/util/sudo_conf.c:579 +#: lib/util/sudo_conf.c:599 #, c-format msgid "%s is not a regular file" msgstr "%s n'est pas un fichier régulier" -#: lib/util/sudo_conf.c:582 +#: lib/util/sudo_conf.c:602 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s est la propriété du uid %u alors que ça devrait être %u" -#: lib/util/sudo_conf.c:586 +#: lib/util/sudo_conf.c:606 #, c-format msgid "%s is world writable" msgstr "%s peut être écrit par tout le monde" -#: lib/util/sudo_conf.c:589 +#: lib/util/sudo_conf.c:609 #, c-format msgid "%s is group writable" msgstr "%s peut être écrit par le groupe" -#: lib/util/sudo_conf.c:599 src/selinux.c:233 src/selinux.c:250 src/sudo.c:363 -#, c-format -msgid "unable to open %s" -msgstr "impossible d'ouvrir %s" - -#: src/exec.c:111 +#: src/exec.c:135 #, c-format msgid "unknown login class %s" msgstr "classe de login %s inconnue" -#: src/exec.c:123 +#: src/exec.c:147 msgid "unable to set user context" msgstr "impossible de changer le contexte utilisateur" -#: src/exec.c:139 +#: src/exec.c:163 msgid "unable to set process priority" msgstr "impossible de changer la priorité du processus" -#: src/exec.c:150 +#: src/exec.c:177 #, c-format msgid "unable to change root to %s" msgstr "impossible de changer root en %s" -#: src/exec.c:163 src/exec.c:169 src/exec.c:176 +#: src/exec.c:190 src/exec.c:196 src/exec.c:203 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "impossible de changer vers runas uid (%u, %u)" -#: src/exec.c:194 +#: src/exec.c:221 #, c-format msgid "unable to change directory to %s" msgstr "impossible de changer le répertoire vers %s" -#: src/exec.c:293 src/exec_monitor.c:576 src/exec_monitor.c:578 -#: src/exec_nopty.c:538 src/exec_pty.c:530 src/exec_pty.c:1336 -#: src/exec_pty.c:1338 src/signal.c:150 src/signal.c:164 +#: src/exec.c:304 src/exec_monitor.c:569 src/exec_monitor.c:571 +#: src/exec_nopty.c:537 src/exec_pty.c:566 src/exec_pty.c:1373 +#: src/exec_pty.c:1375 src/signal.c:150 src/signal.c:164 #, c-format msgid "unable to set handler for signal %d" msgstr "impossible de spécifier le gestionnaire pour le signal %d" @@ -201,89 +215,107 @@ msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "impossible de supprimer PRIV_PROC_EXEC de PRIV_LIMIT" -#: src/exec_monitor.c:366 +#: src/exec_monitor.c:365 msgid "error reading from socketpair" msgstr "erreur de lecture sur la paire de sockets" -#: src/exec_monitor.c:383 +#: src/exec_monitor.c:382 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "réponse inattendue sur le backchannel : %d" -#: src/exec_monitor.c:475 src/exec_monitor.c:483 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_monitor.c:533 -#: src/exec_monitor.c:540 src/exec_nopty.c:222 src/exec_nopty.c:231 -#: src/exec_nopty.c:238 src/exec_nopty.c:245 src/exec_nopty.c:252 -#: src/exec_nopty.c:259 src/exec_nopty.c:266 src/exec_nopty.c:273 -#: src/exec_nopty.c:280 src/exec_nopty.c:287 src/exec_nopty.c:294 -#: src/exec_nopty.c:301 src/exec_nopty.c:309 src/exec_pty.c:652 -#: src/exec_pty.c:657 src/exec_pty.c:754 src/exec_pty.c:761 src/exec_pty.c:858 -#: src/exec_pty.c:1173 src/exec_pty.c:1182 src/exec_pty.c:1189 -#: src/exec_pty.c:1196 src/exec_pty.c:1203 src/exec_pty.c:1210 -#: src/exec_pty.c:1217 src/exec_pty.c:1224 src/exec_pty.c:1231 -#: src/exec_pty.c:1238 src/exec_pty.c:1245 src/exec_pty.c:1621 -#: src/exec_pty.c:1631 src/exec_pty.c:1676 src/exec_pty.c:1683 -#: src/exec_pty.c:1710 +#: src/exec_monitor.c:468 src/exec_monitor.c:476 src/exec_monitor.c:484 +#: src/exec_monitor.c:491 src/exec_monitor.c:498 src/exec_monitor.c:505 +#: src/exec_monitor.c:512 src/exec_monitor.c:519 src/exec_monitor.c:526 +#: src/exec_monitor.c:533 src/exec_nopty.c:220 src/exec_nopty.c:229 +#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 +#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 +#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 +#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:688 +#: src/exec_pty.c:693 src/exec_pty.c:790 src/exec_pty.c:797 src/exec_pty.c:894 +#: src/exec_pty.c:1208 src/exec_pty.c:1217 src/exec_pty.c:1224 +#: src/exec_pty.c:1231 src/exec_pty.c:1238 src/exec_pty.c:1245 +#: src/exec_pty.c:1252 src/exec_pty.c:1259 src/exec_pty.c:1266 +#: src/exec_pty.c:1273 src/exec_pty.c:1280 src/exec_pty.c:1662 +#: src/exec_pty.c:1672 src/exec_pty.c:1717 src/exec_pty.c:1724 +#: src/exec_pty.c:1751 msgid "unable to add event to queue" msgstr "impossible d'ajouter l'événement à la queue" -#: src/exec_monitor.c:594 +#: src/exec_monitor.c:587 msgid "unable to set controlling tty" msgstr "impossible de choisir le tty de contrôle" -#: src/exec_monitor.c:602 src/exec_nopty.c:366 src/exec_pty.c:1415 -#: src/exec_pty.c:1436 src/exec_pty.c:1456 src/tgetpass.c:307 +#: src/exec_monitor.c:595 src/exec_nopty.c:364 src/exec_pty.c:1452 +#: src/exec_pty.c:1473 src/exec_pty.c:1493 src/tgetpass.c:311 msgid "unable to create pipe" msgstr "impossible de créer le tube" -#: src/exec_monitor.c:610 +#: src/exec_monitor.c:603 msgid "unable to receive message from parent" msgstr "impossible de recevoir un message du parent" -#: src/exec_monitor.c:624 src/exec_nopty.c:395 src/exec_pty.c:1494 -#: src/tgetpass.c:311 +#: src/exec_monitor.c:617 src/exec_nopty.c:393 src/exec_pty.c:1531 +#: src/tgetpass.c:315 msgid "unable to fork" msgstr "erreur de fork" -#: src/exec_monitor.c:628 src/exec_monitor.c:727 src/exec_nopty.c:448 +#: src/exec_monitor.c:621 src/exec_monitor.c:720 src/exec_nopty.c:447 msgid "unable to restore tty label" msgstr "impossible de rétablir l'étiquette du tty" -#: src/exec_monitor.c:644 src/sesh.c:127 src/sudo.c:1100 +#: src/exec_monitor.c:637 src/sesh.c:127 src/sudo.c:1114 #, c-format msgid "unable to execute %s" msgstr "impossible d'exécuter %s" -#: src/exec_nopty.c:360 src/exec_pty.c:1345 +#: src/exec_nopty.c:358 src/exec_pty.c:1382 msgid "policy plugin failed session initialization" msgstr "le greffon de règles a échoué lors de l'initialisation de la session" -#: src/exec_nopty.c:437 src/exec_pty.c:1581 +#: src/exec_nopty.c:435 src/exec_pty.c:1617 msgid "error in event loop" msgstr "erreur dans la boucle des événements" -#: src/exec_nopty.c:546 src/exec_pty.c:565 src/signal.c:112 +#: src/exec_nopty.c:545 src/exec_pty.c:601 src/signal.c:112 #, c-format msgid "unable to restore handler for signal %d" msgstr "impossible de rétablir le gestionnaire pour le signal %d" -#: src/exec_pty.c:158 +#: src/exec_pty.c:157 msgid "unable to allocate pty" msgstr "impossible d'allouer le pty" -#: src/exec_pty.c:1325 +#: src/exec_pty.c:221 src/exec_pty.c:260 src/exec_pty.c:299 src/exec_pty.c:349 +#: src/exec_pty.c:399 +msgid "I/O plugin error" +msgstr "erreur du greffon d'E/S" + +#: src/exec_pty.c:224 src/exec_pty.c:263 src/exec_pty.c:302 src/exec_pty.c:352 +#: src/exec_pty.c:402 +msgid "command rejected by I/O plugin" +msgstr "commande rejetée par le greffon d'E/S" + +#: src/exec_pty.c:449 +msgid "error logging suspend" +msgstr "l'enregistrement des erreurs est suspendu" + +#: src/exec_pty.c:482 +msgid "error changing window size" +msgstr "erreur lors du changement de la taille de la fenêtre" + +#: src/exec_pty.c:1362 msgid "unable to create sockets" msgstr "impossible de créer des sockets" -#: src/exec_pty.c:1538 +#: src/exec_pty.c:1574 msgid "unable to send message to monitor process" msgstr "impossible d'envoyer le message au processus de monitoring" #: src/load_plugins.c:57 src/load_plugins.c:70 src/load_plugins.c:92 -#: src/load_plugins.c:122 src/load_plugins.c:134 src/load_plugins.c:140 -#: src/load_plugins.c:181 src/load_plugins.c:189 src/load_plugins.c:196 -#: src/load_plugins.c:202 +#: src/load_plugins.c:122 src/load_plugins.c:136 src/load_plugins.c:142 +#: src/load_plugins.c:293 src/load_plugins.c:301 src/load_plugins.c:308 +#: src/load_plugins.c:348 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "erreur dans %s, ligne %d lors du chargement du greffon « %s »" @@ -293,61 +325,56 @@ msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:136 +#: src/load_plugins.c:138 #, c-format msgid "%s must be owned by uid %d" msgstr "%s doit être la propriété du uid %d" -#: src/load_plugins.c:142 +#: src/load_plugins.c:144 #, c-format msgid "%s must be only be writable by owner" msgstr "seul le propriétaire doit pouvoir écrire dans %s" -#: src/load_plugins.c:183 +#: src/load_plugins.c:254 src/load_plugins.c:321 +#, c-format +msgid "ignoring duplicate plugin \"%s\" in %s, line %d" +msgstr "ignore le greffon en double « %s » dans %s, ligne %d" + +#: src/load_plugins.c:295 #, c-format msgid "unable to load %s: %s" msgstr "impossible de charger %s : %s" -#: src/load_plugins.c:191 +#: src/load_plugins.c:303 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "impossible de trouver le symbole « %s » dans %s" -#: src/load_plugins.c:198 -#, c-format -msgid "unknown policy type %d found in %s" -msgstr "type de règle %d inconnu dans %s" - -#: src/load_plugins.c:204 +#: src/load_plugins.c:310 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "greffon à la version majeure %d incompatible (%d attendu) trouvé dans %s" -#: src/load_plugins.c:213 +#: src/load_plugins.c:324 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "ignore le greffon de règles « %s » dans %s, ligne %d" -#: src/load_plugins.c:215 +#: src/load_plugins.c:326 msgid "only a single policy plugin may be specified" msgstr "un seul greffon de règles peut être spécifié" -#: src/load_plugins.c:218 -#, c-format -msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" -msgstr "ignore le greffon de règles en double « %s » dans %s, ligne %d" - -#: src/load_plugins.c:237 +#: src/load_plugins.c:350 #, c-format -msgid "ignoring duplicate I/O plugin \"%s\" in %s, line %d" -msgstr "ignore le greffon E/S en double « %s » dans %s, ligne %d" +msgid "unknown plugin type %d found in %s" +msgstr "type de greffon %d inconnu dans %s" -#: src/load_plugins.c:353 +#: src/load_plugins.c:511 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "le greffon de règles %s ne contient pas de méthode check_policy" -#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:473 +#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:478 #, c-format msgid "internal error, %s overflow" msgstr "erreur interne, débordement %s" @@ -361,39 +388,39 @@ msgid "the argument to -C must be a number greater than or equal to 3" msgstr "l'argument à -C doit être un nombre plus grand ou égal à 3" -#: src/parse_args.c:523 +#: src/parse_args.c:524 msgid "you may not specify both the `-i' and `-s' options" msgstr "vous ne pouvez pas spécifier les options « -i » et « -s » en même temps" -#: src/parse_args.c:527 +#: src/parse_args.c:528 msgid "you may not specify both the `-i' and `-E' options" msgstr "vous ne pouvez pas spécifier les options « -i » et « -E » en même temps" -#: src/parse_args.c:537 +#: src/parse_args.c:538 msgid "the `-E' option is not valid in edit mode" msgstr "l'option « -E » n'est pas valable en mode édition" -#: src/parse_args.c:539 +#: src/parse_args.c:540 msgid "you may not specify environment variables in edit mode" msgstr "vous ne pouvez pas spécifier de variable d'environnement en mode édition" -#: src/parse_args.c:547 +#: src/parse_args.c:548 msgid "the `-U' option may only be used with the `-l' option" msgstr "l'option « -U » ne peut être utilisée qu'avec l'option « -l »" -#: src/parse_args.c:551 +#: src/parse_args.c:552 msgid "the `-A' and `-S' options may not be used together" msgstr "les options « -A » et « -S » ne peuvent pas être utilisées ensemble" -#: src/parse_args.c:627 +#: src/parse_args.c:645 msgid "sudoedit is not supported on this platform" msgstr "sudoedit n'est pas pris en charge sur cette plate-forme" -#: src/parse_args.c:700 +#: src/parse_args.c:726 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Seule une des options -e, -h, -i, -K, -l, -s, -v ou -V peut être spécifiée" -#: src/parse_args.c:714 +#: src/parse_args.c:740 #, c-format msgid "" "%s - edit files as another user\n" @@ -402,7 +429,7 @@ "%s – édite les fichiers en tant qu'un autre utilisateur\n" "\n" -#: src/parse_args.c:716 +#: src/parse_args.c:742 #, c-format msgid "" "%s - execute a command as another user\n" @@ -411,7 +438,7 @@ "%s – exécute une commande en tant qu'un autre utilisateur\n" "\n" -#: src/parse_args.c:721 +#: src/parse_args.c:747 #, c-format msgid "" "\n" @@ -420,123 +447,123 @@ "\n" "Options:\n" -#: src/parse_args.c:723 +#: src/parse_args.c:749 msgid "use a helper program for password prompting" msgstr "utiliser un programme adjoint pour demander le mot de passe" -#: src/parse_args.c:726 +#: src/parse_args.c:752 msgid "use specified BSD authentication type" msgstr "utiliser le type d'authentification BSD spécifié" -#: src/parse_args.c:729 +#: src/parse_args.c:755 msgid "run command in the background" msgstr "exécuter la commande en arrière-plan" -#: src/parse_args.c:731 +#: src/parse_args.c:757 msgid "ring bell when prompting" msgstr "émettre un signal sonore lors d'une demande" -#: src/parse_args.c:733 +#: src/parse_args.c:759 msgid "close all file descriptors >= num" msgstr "fermer tous les descripteurs de fichiers >= n°" -#: src/parse_args.c:736 +#: src/parse_args.c:762 msgid "run command with the specified BSD login class" msgstr "exécuter la commande avec la classe de login BSD" -#: src/parse_args.c:739 +#: src/parse_args.c:765 msgid "preserve user environment when running command" msgstr "préserver l'environnement de l'utilisateur en exécutant la commande" -#: src/parse_args.c:741 +#: src/parse_args.c:767 msgid "preserve specific environment variables" msgstr "préserver les variables d'environnement spécifiques" -#: src/parse_args.c:743 +#: src/parse_args.c:769 msgid "edit files instead of running a command" msgstr "éditer les fichiers au lieu d'exécuter une commande" -#: src/parse_args.c:745 +#: src/parse_args.c:771 msgid "run command as the specified group name or ID" msgstr "exécuter la commande en tant que le nom ou ID de groupe spécifié" -#: src/parse_args.c:747 +#: src/parse_args.c:773 msgid "set HOME variable to target user's home dir" msgstr "assigner à la variable HOME le répertoire personnel de l'utilisateur cible" -#: src/parse_args.c:749 +#: src/parse_args.c:775 msgid "display help message and exit" msgstr "afficher le message d'aide et terminer" -#: src/parse_args.c:751 +#: src/parse_args.c:777 msgid "run command on host (if supported by plugin)" msgstr "exécuter la commande sur l'hôte (si supporté par le greffon)" -#: src/parse_args.c:753 +#: src/parse_args.c:779 msgid "run login shell as the target user; a command may also be specified" msgstr "exécuter le shell de login comme l'utilisateur cible. Une commande peut aussi être spécifiée" -#: src/parse_args.c:755 +#: src/parse_args.c:781 msgid "remove timestamp file completely" msgstr "supprime complètement le fichier d'horodatage" -#: src/parse_args.c:757 +#: src/parse_args.c:783 msgid "invalidate timestamp file" msgstr "invalide le fichier d'horodatage" -#: src/parse_args.c:759 +#: src/parse_args.c:785 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "afficher les privilèges de l'utilisateur ou vérifie une commande spécifique. Utilisez deux fois pour une forme plus longue" -#: src/parse_args.c:761 +#: src/parse_args.c:787 msgid "non-interactive mode, no prompts are used" msgstr "mode non interactif, aucune invite utilisée" -#: src/parse_args.c:763 +#: src/parse_args.c:789 msgid "preserve group vector instead of setting to target's" msgstr "préserve le vecteur des groupes au lieu de le changer en celui de la cible" -#: src/parse_args.c:765 +#: src/parse_args.c:791 msgid "use the specified password prompt" msgstr "utiliser l'invite de mot de passe spécifié" -#: src/parse_args.c:768 +#: src/parse_args.c:794 msgid "create SELinux security context with specified role" msgstr "créer le contexte de sécurité SELinux avec le rôle spécifié" -#: src/parse_args.c:771 +#: src/parse_args.c:797 msgid "read password from standard input" msgstr "lire le mot de passe depuis l'entrée standard" -#: src/parse_args.c:773 +#: src/parse_args.c:799 msgid "run shell as the target user; a command may also be specified" msgstr "exécuter le shell en tant que l'utilisateur cible. Une commande peut aussi être spécifiée" -#: src/parse_args.c:776 +#: src/parse_args.c:802 msgid "create SELinux security context with specified type" msgstr "créer le contexte de sécurité SELinux avec le type spécifié" -#: src/parse_args.c:779 +#: src/parse_args.c:805 msgid "terminate command after the specified time limit" msgstr "terminer la commande après la limite de temps spécifiée" -#: src/parse_args.c:781 +#: src/parse_args.c:807 msgid "in list mode, display privileges for user" msgstr "en mode liste, afficher les privilèges de l'utilisateur" -#: src/parse_args.c:783 +#: src/parse_args.c:809 msgid "run command (or edit file) as specified user name or ID" msgstr "exécuter la commande (ou éditer le fichier) sous le nom d'utilisateur ou le ID spécifié" -#: src/parse_args.c:785 +#: src/parse_args.c:811 msgid "display version information and exit" msgstr "afficher les informations de version et terminer" -#: src/parse_args.c:787 +#: src/parse_args.c:813 msgid "update user's timestamp without running a command" msgstr "mettre à jour l'horodatage de l'utilisateur sans exécuter de commande" -#: src/parse_args.c:789 +#: src/parse_args.c:815 msgid "stop processing command line arguments" msgstr "arrêter de traiter les arguments en ligne de commande" @@ -568,7 +595,7 @@ msgid "unable to open %s, not relabeling tty" msgstr "impossible d'ouvrir %s, le tty n'est pas ré-étiqueté" -#: src/selinux.c:194 src/selinux.c:237 src/selinux.c:254 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s n'est pas un périphérique caractères, le tty n'est pas ré-étiqueté" @@ -589,54 +616,54 @@ msgid "unable to set new tty context" msgstr "impossible de changer le nouveau contexte du tty" -#: src/selinux.c:298 +#: src/selinux.c:322 #, c-format msgid "you must specify a role for type %s" msgstr "vous devez spécifier un rôle pour le type %s" -#: src/selinux.c:304 +#: src/selinux.c:328 #, c-format msgid "unable to get default type for role %s" msgstr "impossible d'obtenir le type par défaut pour le rôle %s" -#: src/selinux.c:316 +#: src/selinux.c:340 msgid "failed to get new context" msgstr "échec de l'obtention du nouveau contexte" -#: src/selinux.c:325 +#: src/selinux.c:349 #, c-format msgid "failed to set new role %s" msgstr "échec lors du changement du nouveau rôle %s" -#: src/selinux.c:329 +#: src/selinux.c:353 #, c-format msgid "failed to set new type %s" msgstr "échec lors du changement du nouveau type %s" -#: src/selinux.c:341 +#: src/selinux.c:365 #, c-format msgid "%s is not a valid context" msgstr "%s n'est pas un contexte valide" -#: src/selinux.c:373 +#: src/selinux.c:397 msgid "failed to get old context" msgstr "échec de l'obtention de l'ancien contexte" -#: src/selinux.c:379 +#: src/selinux.c:403 msgid "unable to determine enforcing mode." msgstr "impossible de déterminer le mode de contrainte" -#: src/selinux.c:396 +#: src/selinux.c:420 #, c-format msgid "unable to set tty context to %s" msgstr "impossible de changer le contexte du tty en %s" -#: src/selinux.c:428 +#: src/selinux.c:452 #, c-format msgid "unable to set exec context to %s" msgstr "impossible de changer le contexte exec en %s" -#: src/selinux.c:435 +#: src/selinux.c:459 #, c-format msgid "unable to set key creation context to %s" msgstr "impossible de changer le contexte de création de clé en %s" @@ -703,185 +730,211 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "attention, l'assignement du contrôle de ressources a échoue pour le projet « %s »" -#: src/sudo.c:204 +#: src/sudo.c:224 #, c-format msgid "Sudo version %s\n" msgstr "Sudo version %s\n" -#: src/sudo.c:206 +#: src/sudo.c:226 #, c-format msgid "Configure options: %s\n" msgstr "Options de configuration : %s\n" -#: src/sudo.c:214 +#: src/sudo.c:235 msgid "fatal error, unable to load plugins" msgstr "erreur fatale, impossible de charger les greffons" -#: src/sudo.c:222 -msgid "unable to initialize policy plugin" -msgstr "impossible d'initialiser le greffon de règles" - -#: src/sudo.c:266 +#: src/sudo.c:280 msgid "plugin did not return a command to execute" msgstr "le greffon n'a pas retourné une commande à exécuter" -#: src/sudo.c:282 -#, c-format -msgid "error initializing I/O plugin %s" -msgstr "erreur à l'initialisation du greffon E/S %s" - -#: src/sudo.c:306 +#: src/sudo.c:311 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "mode sudo 0x%x inattendu" -#: src/sudo.c:538 +#: src/sudo.c:544 #, c-format msgid "you do not exist in the %s database" msgstr "vous n'existez pas dans la base de données %s" -#: src/sudo.c:595 +#: src/sudo.c:601 msgid "unable to determine tty" msgstr "impossible de déterminer le tty" -#: src/sudo.c:887 +#: src/sudo.c:893 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s doit être la propriété du uid %d et avoir le bit setuid mis" -#: src/sudo.c:890 +#: src/sudo.c:896 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "le uid effectif n'est pas %d. Est-ce que %s est sur un système de fichiers avec l'option « nosuid » ou un système de fichiers NFS sans privilèges root ?" -#: src/sudo.c:896 +#: src/sudo.c:902 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "le uid effectif n'est pas %d. Est-ce que sudo est installé setuid root ?" -#: src/sudo.c:912 +#: src/sudo.c:918 msgid "unable to set supplementary group IDs" msgstr "impossible d'attribuer les ID de groupe supplémentaires" -#: src/sudo.c:919 +#: src/sudo.c:925 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "impossible de changer le gid effectif à runas gid %u" -#: src/sudo.c:925 +#: src/sudo.c:931 #, c-format msgid "unable to set gid to runas gid %u" msgstr "impossible de changer le gid à runas gid %u" -#: src/sudo.c:982 +#: src/sudo.c:978 #, c-format msgid "unexpected child termination condition: %d" msgstr "condition de fin de l'enfant inconnue: %d" -#: src/sudo.c:1128 +#: src/sudo.c:1087 +msgid "unable to initialize policy plugin" +msgstr "impossible d'initialiser le greffon de règles" + +#: src/sudo.c:1148 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "le greffon de règles %s n'a pas de méthode « check_policy »" -#: src/sudo.c:1146 +#: src/sudo.c:1163 src/sudo.c:1216 src/sudo.c:1260 +msgid "command rejected by policy" +msgstr "commande rejetée par la politique" + +#: src/sudo.c:1168 src/sudo.c:1221 src/sudo.c:1265 +msgid "policy plugin error" +msgstr "erreur du greffon de politique" + +#: src/sudo.c:1202 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "le greffon de règles %s ne supporte pas les privilèges de listage" -#: src/sudo.c:1163 +#: src/sudo.c:1246 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "le greffon de règles %s ne supporte pas l'option -v" -#: src/sudo.c:1178 +#: src/sudo.c:1284 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "le greffon de règles %s ne supporte pas les options -k/-K" -#: src/sudo_edit.c:221 +#: src/sudo.c:1413 +#, c-format +msgid "error initializing I/O plugin %s" +msgstr "erreur à l'initialisation du greffon E/S %s" + +#: src/sudo.c:1567 +#, c-format +msgid "error initializing audit plugin %s" +msgstr "erreur à l'initialisation du greffon d'audit %s" + +#: src/sudo.c:1745 +#, c-format +msgid "error initializing approval plugin %s" +msgstr "erreur à l'initialisation du greffon d'approbation %s" + +#: src/sudo.c:1821 +msgid "command rejected by approver" +msgstr "commande rejetée par l'approbateur" + +#: src/sudo.c:1830 +msgid "approval plugin error" +msgstr "erreur du greffon d'approbation" + +#: src/sudo_edit.c:233 msgid "no writable temporary directory found" msgstr "aucun répertoire temporaire est disponible en écriture" -#: src/sudo_edit.c:288 src/sudo_edit.c:377 +#: src/sudo_edit.c:358 msgid "unable to restore current working directory" msgstr "impossible de rétablir le répertoire de travail actuel" -#: src/sudo_edit.c:594 src/sudo_edit.c:707 +#: src/sudo_edit.c:575 src/sudo_edit.c:688 #, c-format msgid "%s: not a regular file" msgstr "%s: pas un fichier régulier" -#: src/sudo_edit.c:601 +#: src/sudo_edit.c:582 #, c-format msgid "%s: editing symbolic links is not permitted" msgstr "%s: l'édition de liens symboliques n'est pas permise" -#: src/sudo_edit.c:604 +#: src/sudo_edit.c:585 #, c-format msgid "%s: editing files in a writable directory is not permitted" msgstr "%s: l'édition de fichiers dans un répertoire accessible en écriture n'est pas permis" -#: src/sudo_edit.c:637 src/sudo_edit.c:747 +#: src/sudo_edit.c:618 src/sudo_edit.c:728 #, c-format msgid "%s: short write" msgstr "%s: écriture trop courte" -#: src/sudo_edit.c:708 +#: src/sudo_edit.c:689 #, c-format msgid "%s left unmodified" msgstr "%s laissé tel quel" -#: src/sudo_edit.c:721 src/sudo_edit.c:908 +#: src/sudo_edit.c:702 src/sudo_edit.c:889 #, c-format msgid "%s unchanged" msgstr "%s non modifié" -#: src/sudo_edit.c:736 src/sudo_edit.c:758 +#: src/sudo_edit.c:717 src/sudo_edit.c:739 #, c-format msgid "unable to write to %s" msgstr "impossible d'écrire dans %s" -#: src/sudo_edit.c:737 src/sudo_edit.c:756 src/sudo_edit.c:759 -#: src/sudo_edit.c:933 src/sudo_edit.c:937 +#: src/sudo_edit.c:718 src/sudo_edit.c:737 src/sudo_edit.c:740 +#: src/sudo_edit.c:914 src/sudo_edit.c:918 #, c-format msgid "contents of edit session left in %s" msgstr "contenu de la session d'édition laissé dans %s" -#: src/sudo_edit.c:755 +#: src/sudo_edit.c:736 msgid "unable to read temporary file" msgstr "impossible de lire le fichier temporaire" -#: src/sudo_edit.c:838 +#: src/sudo_edit.c:819 msgid "sesh: internal error: odd number of paths" msgstr "sesh: erreur interne: nombre impaire de chemins" -#: src/sudo_edit.c:840 +#: src/sudo_edit.c:821 msgid "sesh: unable to create temporary files" msgstr "sesh: impossible de créer des fichiers temporaires" -#: src/sudo_edit.c:842 src/sudo_edit.c:940 +#: src/sudo_edit.c:823 src/sudo_edit.c:921 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: erreur %d inconnue" -#: src/sudo_edit.c:932 +#: src/sudo_edit.c:913 msgid "unable to copy temporary files back to their original location" msgstr "impossible de copier les fichiers temporaires à leurs emplacements d'origine" -#: src/sudo_edit.c:936 +#: src/sudo_edit.c:917 msgid "unable to copy some of the temporary files back to their original location" msgstr "impossible de copier quelques fichiers temporaires à leurs emplacements d'origine" -#: src/sudo_edit.c:981 +#: src/sudo_edit.c:962 #, c-format msgid "unable to change uid to root (%u)" msgstr "impossible de changer le uid en root (%u)" -#: src/sudo_edit.c:998 +#: src/sudo_edit.c:979 msgid "plugin error: missing file list for sudoedit" msgstr "erreur de greffon : liste de fichiers manquantes pour sudoedit" -#: src/sudo_edit.c:1039 src/sudo_edit.c:1052 +#: src/sudo_edit.c:1020 src/sudo_edit.c:1033 msgid "unable to read the clock" msgstr "impossible de lire l'horloge" @@ -905,17 +958,17 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "pas de programme askpass spécifié, essayez avec SUDO_ASKPASS" -#: src/tgetpass.c:322 +#: src/tgetpass.c:332 #, c-format msgid "unable to set gid to %u" msgstr "impossible de changer le gid en %u" -#: src/tgetpass.c:326 +#: src/tgetpass.c:336 #, c-format msgid "unable to set uid to %u" msgstr "impossible de changer le uid en %u" -#: src/tgetpass.c:331 +#: src/tgetpass.c:341 #, c-format msgid "unable to run %s" msgstr "impossible d'exécuter %s" @@ -932,6 +985,9 @@ msgid "unable to restore stdin" msgstr "impossible de rétablir stdin" +#~ msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" +#~ msgstr "ignore le greffon de règles en double « %s » dans %s, ligne %d" + #~ msgid "no tty present and no askpass program specified" #~ msgstr "pas de tty présent et pas de programme askpass spécifié" @@ -944,9 +1000,6 @@ #~ msgid "error reading from signal pipe" #~ msgstr "erreur lors de la lecture du tube signal" -#~ msgid "error reading from pipe" -#~ msgstr "erreur de lecture sur le tube" - #~ msgid "unable to set terminal to raw mode" #~ msgstr "impossible de mettre le terminal en mode brut" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/po/hr.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/po/hr.mo differ diff -Nru sudo-1.8.31/po/hr.po sudo-1.9.0/po/hr.po --- sudo-1.8.31/po/hr.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/po/hr.po 2020-05-11 16:28:23.000000000 +0000 @@ -1,13 +1,13 @@ # Translation of sudo to Croatian. # This file is put in the public domain. # Tomislav Krznar , 2012, 2013. -# Božidar Putanec , 2016, 2017, 2018, 2019. +# Božidar Putanec , 2016, 2017, 2018, 2019, 2020. msgid "" msgstr "" -"Project-Id-Version: sudo-1.8.29rc1\n" +"Project-Id-Version: sudo-1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-10-24 12:10-0700\n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-03-14 18:00-0700\n" "Last-Translator: Božidar Putanec \n" "Language-Team: Croatian \n" "Language: hr\n" @@ -16,13 +16,13 @@ "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" -"X-Generator: Poedit 2.2.4\n" +"X-Generator: Lokalize 19.04.3\n" "X-Poedit-Basepath: sources/sudo-1.8.26b1\n" "X-Poedit-SearchPath-0: .\n" #: lib/util/aix.c:92 lib/util/aix.c:172 msgid "unable to open userdb" -msgstr "nije moguće otvoriti userdb (korisnička baza podataka)" +msgstr "nije moguće otvoriti userdb (korisničku baza podataka)" #: lib/util/aix.c:227 #, c-format @@ -34,74 +34,98 @@ msgstr "nije moguće obnoviti registar" #: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/gidlist.c:81 -#: lib/util/sudo_conf.c:193 lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 -#: lib/util/sudo_conf.c:560 src/conversation.c:84 src/exec_common.c:114 -#: src/exec_common.c:130 src/exec_common.c:139 src/exec_monitor.c:212 -#: src/exec_monitor.c:467 src/exec_monitor.c:473 src/exec_monitor.c:481 +#: lib/util/json.c:66 lib/util/json.c:192 lib/util/sudo_conf.c:191 +#: lib/util/sudo_conf.c:277 lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 +#: src/conversation.c:86 src/exec_common.c:114 src/exec_common.c:130 +#: src/exec_common.c:139 src/exec_monitor.c:211 src/exec_monitor.c:460 +#: src/exec_monitor.c:466 src/exec_monitor.c:474 src/exec_monitor.c:482 #: src/exec_monitor.c:489 src/exec_monitor.c:496 src/exec_monitor.c:503 #: src/exec_monitor.c:510 src/exec_monitor.c:517 src/exec_monitor.c:524 -#: src/exec_monitor.c:531 src/exec_monitor.c:538 src/exec_nopty.c:214 -#: src/exec_nopty.c:220 src/exec_nopty.c:229 src/exec_nopty.c:236 -#: src/exec_nopty.c:243 src/exec_nopty.c:250 src/exec_nopty.c:257 -#: src/exec_nopty.c:264 src/exec_nopty.c:271 src/exec_nopty.c:278 -#: src/exec_nopty.c:285 src/exec_nopty.c:292 src/exec_nopty.c:299 -#: src/exec_nopty.c:307 src/exec_nopty.c:480 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1002 -#: src/exec_pty.c:1165 src/exec_pty.c:1171 src/exec_pty.c:1180 -#: src/exec_pty.c:1187 src/exec_pty.c:1194 src/exec_pty.c:1201 -#: src/exec_pty.c:1208 src/exec_pty.c:1215 src/exec_pty.c:1222 -#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 -#: src/exec_pty.c:1251 src/exec_pty.c:1668 src/load_plugins.c:59 -#: src/load_plugins.c:72 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:207 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:679 src/sudo.c:689 src/sudo.c:710 src/sudo.c:729 -#: src/sudo.c:738 src/sudo.c:747 src/sudo.c:764 src/sudo.c:805 src/sudo.c:815 -#: src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 src/sudo.c:1240 -#: src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 src/sudo_edit.c:891 -#: src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:531 src/exec_nopty.c:218 src/exec_nopty.c:227 +#: src/exec_nopty.c:234 src/exec_nopty.c:241 src/exec_nopty.c:248 +#: src/exec_nopty.c:255 src/exec_nopty.c:262 src/exec_nopty.c:269 +#: src/exec_nopty.c:276 src/exec_nopty.c:283 src/exec_nopty.c:290 +#: src/exec_nopty.c:297 src/exec_nopty.c:305 src/exec_nopty.c:479 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1038 src/exec_pty.c:1206 src/exec_pty.c:1215 +#: src/exec_pty.c:1222 src/exec_pty.c:1229 src/exec_pty.c:1236 +#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 +#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 +#: src/exec_pty.c:1286 src/exec_pty.c:1709 src/load_plugins.c:59 +#: src/load_plugins.c:72 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:207 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:625 src/sudo.c:685 +#: src/sudo.c:695 src/sudo.c:716 src/sudo.c:735 src/sudo.c:744 src/sudo.c:753 +#: src/sudo.c:770 src/sudo.c:811 src/sudo.c:821 src/sudo.c:847 src/sudo.c:1037 +#: src/sudo.c:1059 src/sudo.c:1355 src/sudo.c:1528 src/sudo.c:1722 +#: src/sudo.c:2066 src/sudo_edit.c:270 src/sudo_edit.c:775 src/sudo_edit.c:872 +#: src/sudo_edit.c:986 src/sudo_edit.c:1006 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/sudo_conf.c:194 -#: lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 lib/util/sudo_conf.c:560 -#: src/conversation.c:85 src/exec_common.c:114 src/exec_common.c:131 -#: src/exec_common.c:140 src/exec_monitor.c:467 src/exec_monitor.c:473 -#: src/exec_monitor.c:481 src/exec_monitor.c:489 src/exec_monitor.c:496 +#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/json.c:67 +#: lib/util/json.c:193 lib/util/sudo_conf.c:192 lib/util/sudo_conf.c:277 +#: lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 src/conversation.c:87 +#: src/exec_common.c:114 src/exec_common.c:131 src/exec_common.c:140 +#: src/exec_monitor.c:460 src/exec_monitor.c:466 src/exec_monitor.c:474 +#: src/exec_monitor.c:482 src/exec_monitor.c:489 src/exec_monitor.c:496 #: src/exec_monitor.c:503 src/exec_monitor.c:510 src/exec_monitor.c:517 -#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_monitor.c:538 -#: src/exec_nopty.c:214 src/exec_nopty.c:220 src/exec_nopty.c:229 -#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 -#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 -#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 -#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1165 -#: src/exec_pty.c:1171 src/exec_pty.c:1180 src/exec_pty.c:1187 -#: src/exec_pty.c:1194 src/exec_pty.c:1201 src/exec_pty.c:1208 -#: src/exec_pty.c:1215 src/exec_pty.c:1222 src/exec_pty.c:1229 -#: src/exec_pty.c:1236 src/exec_pty.c:1243 src/exec_pty.c:1251 -#: src/exec_pty.c:1668 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:208 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 -#: src/sudo.c:1240 src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 -#: src/sudo_edit.c:891 src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_nopty.c:218 +#: src/exec_nopty.c:227 src/exec_nopty.c:234 src/exec_nopty.c:241 +#: src/exec_nopty.c:248 src/exec_nopty.c:255 src/exec_nopty.c:262 +#: src/exec_nopty.c:269 src/exec_nopty.c:276 src/exec_nopty.c:283 +#: src/exec_nopty.c:290 src/exec_nopty.c:297 src/exec_nopty.c:305 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1206 src/exec_pty.c:1215 src/exec_pty.c:1222 +#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 +#: src/exec_pty.c:1250 src/exec_pty.c:1257 src/exec_pty.c:1264 +#: src/exec_pty.c:1271 src/exec_pty.c:1278 src/exec_pty.c:1286 +#: src/exec_pty.c:1709 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:208 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:239 src/sudo.c:625 +#: src/sudo.c:847 src/sudo.c:1037 src/sudo.c:1059 src/sudo.c:1355 +#: src/sudo.c:1528 src/sudo.c:1722 src/sudo.c:2066 src/sudo_edit.c:270 +#: src/sudo_edit.c:775 src/sudo_edit.c:872 src/sudo_edit.c:986 +#: src/sudo_edit.c:1006 msgid "unable to allocate memory" msgstr "nije moguće dodijeliti memoriju" +#: lib/util/mkdir_parents.c:79 lib/util/sudo_conf.c:619 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 +#, c-format +msgid "unable to open %s" +msgstr "nije moguće otvoriti %s" + +#: lib/util/mkdir_parents.c:94 +#, c-format +msgid "unable to mkdir %s" +msgstr "nije moguće izvršiti mkdir %s" + +#: lib/util/mkdir_parents.c:103 lib/util/sudo_conf.c:596 +#, c-format +msgid "unable to stat %s" +msgstr "nije moguće dobiti status od %s" + +#: lib/util/mkdir_parents.c:108 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s postoji ali nije direktorij (0%o)" + #: lib/util/strsignal.c:55 msgid "Unknown signal" msgstr "Nepoznati signal" #: lib/util/strtoid.c:96 lib/util/strtomode.c:56 lib/util/strtonum.c:161 -#: lib/util/strtonum.c:196 +#: lib/util/strtonum.c:200 msgid "invalid value" msgstr "nevaljana vrijednost" @@ -113,88 +137,78 @@ msgid "value too small" msgstr "veličina je premala" -#: lib/util/sudo_conf.c:212 +#: lib/util/sudo_conf.c:210 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "nevaljana Path vrijednost „%s“ u %s, redak %u" -#: lib/util/sudo_conf.c:378 lib/util/sudo_conf.c:431 +#: lib/util/sudo_conf.c:376 lib/util/sudo_conf.c:392 lib/util/sudo_conf.c:445 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "nevaljana vrijednost za %s „%s“ u %s, redak %u" -#: lib/util/sudo_conf.c:399 +#: lib/util/sudo_conf.c:413 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "nepodržani izvor grupe „%s“ u %s, redak %u" -#: lib/util/sudo_conf.c:415 +#: lib/util/sudo_conf.c:429 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "nevaljani maksimalni broj grupa „%s“ u %s, redak %u" -#: lib/util/sudo_conf.c:576 -#, c-format -msgid "unable to stat %s" -msgstr "nije moguće dobiti status od %s" - -#: lib/util/sudo_conf.c:579 +#: lib/util/sudo_conf.c:599 #, c-format msgid "%s is not a regular file" msgstr "%s nije obična datoteka" -#: lib/util/sudo_conf.c:582 +#: lib/util/sudo_conf.c:602 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "vlasnik %s je UID %u, a trebao bi biti %u" -#: lib/util/sudo_conf.c:586 +#: lib/util/sudo_conf.c:606 #, c-format msgid "%s is world writable" msgstr "%s može svatko mijenjati/pisati" -#: lib/util/sudo_conf.c:589 +#: lib/util/sudo_conf.c:609 #, c-format msgid "%s is group writable" msgstr "%s može svaki član grupe mijenjati/pisati" -#: lib/util/sudo_conf.c:599 src/selinux.c:233 src/selinux.c:250 src/sudo.c:363 -#, c-format -msgid "unable to open %s" -msgstr "nije moguće otvoriti %s" - -#: src/exec.c:111 +#: src/exec.c:135 #, c-format msgid "unknown login class %s" msgstr "nepoznata prijavnička klasa %s" -#: src/exec.c:123 +#: src/exec.c:147 msgid "unable to set user context" msgstr "nije moguće uspostaviti korisnički kontekst" -#: src/exec.c:139 +#: src/exec.c:163 msgid "unable to set process priority" msgstr "nije moguće uspostaviti prioritet procesa" -#: src/exec.c:150 +#: src/exec.c:177 #, c-format msgid "unable to change root to %s" msgstr "nije moguće promijeniti root na %s" -#: src/exec.c:163 src/exec.c:169 src/exec.c:176 +#: src/exec.c:190 src/exec.c:196 src/exec.c:203 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "nije moguće promijeniti na runas UID (%u, %u)" -#: src/exec.c:194 +#: src/exec.c:221 #, c-format msgid "unable to change directory to %s" msgstr "nije moguće promijeniti direktorij na %s" # Handler, an asynchronous callback (computer programming) subroutine in computing -#: src/exec.c:293 src/exec_monitor.c:576 src/exec_monitor.c:578 -#: src/exec_nopty.c:538 src/exec_pty.c:530 src/exec_pty.c:1336 -#: src/exec_pty.c:1338 src/signal.c:150 src/signal.c:164 +#: src/exec.c:304 src/exec_monitor.c:569 src/exec_monitor.c:571 +#: src/exec_nopty.c:537 src/exec_pty.c:566 src/exec_pty.c:1373 +#: src/exec_pty.c:1375 src/signal.c:150 src/signal.c:164 #, c-format msgid "unable to set handler for signal %d" msgstr "nije moguće postaviti rukovatelja za signal %d" @@ -203,90 +217,108 @@ msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "nije moguće ukloniti PRIV_PROC_EXEC iz PRIV_LIMIT" -#: src/exec_monitor.c:366 +#: src/exec_monitor.c:365 msgid "error reading from socketpair" msgstr "greška čitanja iz para utičnica" -#: src/exec_monitor.c:383 +#: src/exec_monitor.c:382 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "neočekivana vrsta odgovora na povratnom kanalu: %d" -#: src/exec_monitor.c:475 src/exec_monitor.c:483 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_monitor.c:533 -#: src/exec_monitor.c:540 src/exec_nopty.c:222 src/exec_nopty.c:231 -#: src/exec_nopty.c:238 src/exec_nopty.c:245 src/exec_nopty.c:252 -#: src/exec_nopty.c:259 src/exec_nopty.c:266 src/exec_nopty.c:273 -#: src/exec_nopty.c:280 src/exec_nopty.c:287 src/exec_nopty.c:294 -#: src/exec_nopty.c:301 src/exec_nopty.c:309 src/exec_pty.c:652 -#: src/exec_pty.c:657 src/exec_pty.c:754 src/exec_pty.c:761 src/exec_pty.c:858 -#: src/exec_pty.c:1173 src/exec_pty.c:1182 src/exec_pty.c:1189 -#: src/exec_pty.c:1196 src/exec_pty.c:1203 src/exec_pty.c:1210 -#: src/exec_pty.c:1217 src/exec_pty.c:1224 src/exec_pty.c:1231 -#: src/exec_pty.c:1238 src/exec_pty.c:1245 src/exec_pty.c:1621 -#: src/exec_pty.c:1631 src/exec_pty.c:1676 src/exec_pty.c:1683 -#: src/exec_pty.c:1710 +#: src/exec_monitor.c:468 src/exec_monitor.c:476 src/exec_monitor.c:484 +#: src/exec_monitor.c:491 src/exec_monitor.c:498 src/exec_monitor.c:505 +#: src/exec_monitor.c:512 src/exec_monitor.c:519 src/exec_monitor.c:526 +#: src/exec_monitor.c:533 src/exec_nopty.c:220 src/exec_nopty.c:229 +#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 +#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 +#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 +#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:688 +#: src/exec_pty.c:693 src/exec_pty.c:790 src/exec_pty.c:797 src/exec_pty.c:894 +#: src/exec_pty.c:1208 src/exec_pty.c:1217 src/exec_pty.c:1224 +#: src/exec_pty.c:1231 src/exec_pty.c:1238 src/exec_pty.c:1245 +#: src/exec_pty.c:1252 src/exec_pty.c:1259 src/exec_pty.c:1266 +#: src/exec_pty.c:1273 src/exec_pty.c:1280 src/exec_pty.c:1662 +#: src/exec_pty.c:1672 src/exec_pty.c:1717 src/exec_pty.c:1724 +#: src/exec_pty.c:1751 msgid "unable to add event to queue" msgstr "nije moguće dodati događaj u red čekanja" -#: src/exec_monitor.c:594 +#: src/exec_monitor.c:587 msgid "unable to set controlling tty" msgstr "nije moguće uspostaviti upravljački TTY" -#: src/exec_monitor.c:602 src/exec_nopty.c:366 src/exec_pty.c:1415 -#: src/exec_pty.c:1436 src/exec_pty.c:1456 src/tgetpass.c:307 +#: src/exec_monitor.c:595 src/exec_nopty.c:364 src/exec_pty.c:1452 +#: src/exec_pty.c:1473 src/exec_pty.c:1493 src/tgetpass.c:311 msgid "unable to create pipe" msgstr "nije moguće napraviti cijev" -#: src/exec_monitor.c:610 +#: src/exec_monitor.c:603 msgid "unable to receive message from parent" msgstr "nije moguće primiti poruku od pretka (roditelja)" -#: src/exec_monitor.c:624 src/exec_nopty.c:395 src/exec_pty.c:1494 -#: src/tgetpass.c:311 +#: src/exec_monitor.c:617 src/exec_nopty.c:393 src/exec_pty.c:1531 +#: src/tgetpass.c:315 msgid "unable to fork" msgstr "nije moguće kreirati potomka (dijete)" -#: src/exec_monitor.c:628 src/exec_monitor.c:727 src/exec_nopty.c:448 +#: src/exec_monitor.c:621 src/exec_monitor.c:720 src/exec_nopty.c:447 msgid "unable to restore tty label" msgstr "nije moguće obnoviti TTY etiketu" -#: src/exec_monitor.c:644 src/sesh.c:127 src/sudo.c:1100 +#: src/exec_monitor.c:637 src/sesh.c:127 src/sudo.c:1114 #, c-format msgid "unable to execute %s" msgstr "nije moguće izvršiti %s" # initialization > inicirati > dati/davati inicijativu, pobudu; pokrenuti/pokretati, započeti/započinjati -#: src/exec_nopty.c:360 src/exec_pty.c:1345 +#: src/exec_nopty.c:358 src/exec_pty.c:1382 msgid "policy plugin failed session initialization" msgstr "plugin s pravilima nije uspio pokrenuti inicijalizaciju sesije" -#: src/exec_nopty.c:437 src/exec_pty.c:1581 +#: src/exec_nopty.c:435 src/exec_pty.c:1617 msgid "error in event loop" msgstr "greška u petlji događaja" -#: src/exec_nopty.c:546 src/exec_pty.c:565 src/signal.c:112 +#: src/exec_nopty.c:545 src/exec_pty.c:601 src/signal.c:112 #, c-format msgid "unable to restore handler for signal %d" msgstr "nije moguće obnoviti rukovatelja za signal %d" -#: src/exec_pty.c:158 +#: src/exec_pty.c:157 msgid "unable to allocate pty" msgstr "nije moguće dodijeliti PTY" -#: src/exec_pty.c:1325 +#: src/exec_pty.c:221 src/exec_pty.c:260 src/exec_pty.c:299 src/exec_pty.c:349 +#: src/exec_pty.c:399 +msgid "I/O plugin error" +msgstr "greška I/O plugina (plugin za U/I)" + +#: src/exec_pty.c:224 src/exec_pty.c:263 src/exec_pty.c:302 src/exec_pty.c:352 +#: src/exec_pty.c:402 +msgid "command rejected by I/O plugin" +msgstr "U/I plugin je odbio izvršiti naredbu" + +#: src/exec_pty.c:449 +msgid "error logging suspend" +msgstr "obustava evidentiranja greški" + +#: src/exec_pty.c:482 +msgid "error changing window size" +msgstr "pogreška pri mijenjanju veličine prozora" + +#: src/exec_pty.c:1362 msgid "unable to create sockets" msgstr "nije moguće napraviti utičnice" -#: src/exec_pty.c:1538 +#: src/exec_pty.c:1574 msgid "unable to send message to monitor process" msgstr "nije moguće poslati poruku za praćenje procesa" #: src/load_plugins.c:57 src/load_plugins.c:70 src/load_plugins.c:92 -#: src/load_plugins.c:122 src/load_plugins.c:134 src/load_plugins.c:140 -#: src/load_plugins.c:181 src/load_plugins.c:189 src/load_plugins.c:196 -#: src/load_plugins.c:202 +#: src/load_plugins.c:122 src/load_plugins.c:136 src/load_plugins.c:142 +#: src/load_plugins.c:293 src/load_plugins.c:301 src/load_plugins.c:308 +#: src/load_plugins.c:348 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "greška u %s, redak %d pri učitavanju plugina „%s“" @@ -296,61 +328,56 @@ msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:136 +#: src/load_plugins.c:138 #, c-format msgid "%s must be owned by uid %d" msgstr "vlasnik %s mora biti UID %d" -#: src/load_plugins.c:142 +#: src/load_plugins.c:144 #, c-format msgid "%s must be only be writable by owner" msgstr "%s za pisanje mora biti dostupan samo vlasniku" -#: src/load_plugins.c:183 +#: src/load_plugins.c:254 src/load_plugins.c:321 +#, c-format +msgid "ignoring duplicate plugin \"%s\" in %s, line %d" +msgstr "ignorira se duplikat plugina „%s“ u %s, redak %d" + +#: src/load_plugins.c:295 #, c-format msgid "unable to load %s: %s" msgstr "nije moguće učitati %s: %s" -#: src/load_plugins.c:191 +#: src/load_plugins.c:303 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "nije moguće pronaći simbol „%s“ u %s" -#: src/load_plugins.c:198 -#, c-format -msgid "unknown policy type %d found in %s" -msgstr "nepoznata vrsta pravila %d pronađena u %s" - -#: src/load_plugins.c:204 +#: src/load_plugins.c:310 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "nekompatibilni plugin inačica %d (očekivana %d) pronađen u %s" -#: src/load_plugins.c:213 +#: src/load_plugins.c:324 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "ignorira se plugin s pravilima „%s“ u %s, redak %d" -#: src/load_plugins.c:215 +#: src/load_plugins.c:326 msgid "only a single policy plugin may be specified" msgstr "smije se navesti samo jedan plugin s pravilima" -#: src/load_plugins.c:218 -#, c-format -msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" -msgstr "ignorira se duplikat plugina s pravilima „%s“ u %s, redak %d" - -#: src/load_plugins.c:237 +#: src/load_plugins.c:350 #, c-format -msgid "ignoring duplicate I/O plugin \"%s\" in %s, line %d" -msgstr "ignorira se duplikat U/I plugina „%s“ u %s, redak %d" +msgid "unknown plugin type %d found in %s" +msgstr "nepoznata vrsta %d plugina pronađena u %s" -#: src/load_plugins.c:353 +#: src/load_plugins.c:511 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "plugin s pravilima %s ne sadrži metodu check_policy" -#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:473 +#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:478 #, c-format msgid "internal error, %s overflow" msgstr "**interna greška**, %s prelijevanje" @@ -364,39 +391,39 @@ msgid "the argument to -C must be a number greater than or equal to 3" msgstr "argument za -C mora biti broj veći ili jednak 3" -#: src/parse_args.c:523 +#: src/parse_args.c:524 msgid "you may not specify both the `-i' and `-s' options" msgstr "ne smijete navesti opcije „-i“ i „-s“ zajedno" -#: src/parse_args.c:527 +#: src/parse_args.c:528 msgid "you may not specify both the `-i' and `-E' options" msgstr "ne smijete navesti opcije „-i“ i -„E“ zajedno" -#: src/parse_args.c:537 +#: src/parse_args.c:538 msgid "the `-E' option is not valid in edit mode" msgstr "opcija „-E“ nije valjana kad se redigira (in edit mode)" -#: src/parse_args.c:539 +#: src/parse_args.c:540 msgid "you may not specify environment variables in edit mode" msgstr "ne smijete specificirati varijable okoline kad se redigira (in edit mode)" -#: src/parse_args.c:547 +#: src/parse_args.c:548 msgid "the `-U' option may only be used with the `-l' option" msgstr "opciju „-U“ može se koristiti samo s „-l“ opcijom" -#: src/parse_args.c:551 +#: src/parse_args.c:552 msgid "the `-A' and `-S' options may not be used together" msgstr "ne smiju se zajedno koristiti „-A“ i „-S“ opcije" -#: src/parse_args.c:627 +#: src/parse_args.c:645 msgid "sudoedit is not supported on this platform" msgstr "sudoedit nije podržan na ovoj platformi" -#: src/parse_args.c:700 +#: src/parse_args.c:726 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Smije se navesti samo jedna od opcija -e, -h, -i, -K, -l, -s, -v i -V" -#: src/parse_args.c:714 +#: src/parse_args.c:740 #, c-format msgid "" "%s - edit files as another user\n" @@ -405,7 +432,7 @@ "%s - redigira datoteku kao neki drugi korisnik\n" "\n" -#: src/parse_args.c:716 +#: src/parse_args.c:742 #, c-format msgid "" "%s - execute a command as another user\n" @@ -414,7 +441,7 @@ "%s - izvrši naredbu kao neki drugi korisnik\n" "\n" -#: src/parse_args.c:721 +#: src/parse_args.c:747 #, c-format msgid "" "\n" @@ -423,123 +450,123 @@ "\n" "Opcije:\n" -#: src/parse_args.c:723 +#: src/parse_args.c:749 msgid "use a helper program for password prompting" msgstr "zahtjev za lozinku koristi pomoćni program" -#: src/parse_args.c:726 +#: src/parse_args.c:752 msgid "use specified BSD authentication type" msgstr "rabi navedenu BSD autentifikaciju" -#: src/parse_args.c:729 +#: src/parse_args.c:755 msgid "run command in the background" msgstr "pokrene naredbu u pozadini" -#: src/parse_args.c:731 +#: src/parse_args.c:757 msgid "ring bell when prompting" msgstr "pozvoni kad treba ulaz ili kad nešto pita" -#: src/parse_args.c:733 +#: src/parse_args.c:759 msgid "close all file descriptors >= num" msgstr "zatvara sve deskriptore datoteka >= num" -#: src/parse_args.c:736 +#: src/parse_args.c:762 msgid "run command with the specified BSD login class" msgstr "pokrene naredbu s navedenom BSD klasom prijave" -#: src/parse_args.c:739 +#: src/parse_args.c:765 msgid "preserve user environment when running command" msgstr "sačuva okolinu korisnika pri izvršenju naredbe" -#: src/parse_args.c:741 +#: src/parse_args.c:767 msgid "preserve specific environment variables" msgstr "sačuva specifične varijable okoline" -#: src/parse_args.c:743 +#: src/parse_args.c:769 msgid "edit files instead of running a command" msgstr "redigira datoteke umjesto pokretanja naredbe" -#: src/parse_args.c:745 +#: src/parse_args.c:771 msgid "run command as the specified group name or ID" msgstr "izvrši naredbu kao navedeno group ime ili ID" -#: src/parse_args.c:747 +#: src/parse_args.c:773 msgid "set HOME variable to target user's home dir" msgstr "var HOME postavi na osobni direktorij korisnika" -#: src/parse_args.c:749 +#: src/parse_args.c:775 msgid "display help message and exit" msgstr "pokaže ovu pomoć i iziđe" -#: src/parse_args.c:751 +#: src/parse_args.c:777 msgid "run command on host (if supported by plugin)" msgstr "pokrene naredbu na host računalu (ako to plugin podržava)" -#: src/parse_args.c:753 +#: src/parse_args.c:779 msgid "run login shell as the target user; a command may also be specified" msgstr "pokrene prijavnu ljusku kao ciljani korisnik; može se navesti i naredba" -#: src/parse_args.c:755 +#: src/parse_args.c:781 msgid "remove timestamp file completely" msgstr "sasvim ukloni datoteku s vremenskim oznakama" -#: src/parse_args.c:757 +#: src/parse_args.c:783 msgid "invalidate timestamp file" msgstr "poništi datoteku s vremenskim oznakama" -#: src/parse_args.c:759 +#: src/parse_args.c:785 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "privilegije korisnika ili test specifične naredbe; rabite -ll za duži popis" -#: src/parse_args.c:761 +#: src/parse_args.c:787 msgid "non-interactive mode, no prompts are used" msgstr "ne-interaktivni mȏd; bez prompta" -#: src/parse_args.c:763 +#: src/parse_args.c:789 msgid "preserve group vector instead of setting to target's" msgstr "sačuva grupni vektor umjesto postavljanja na ciljanu grupu" -#: src/parse_args.c:765 +#: src/parse_args.c:791 msgid "use the specified password prompt" msgstr "koristi navedeni prompt za unos lozinke" -#: src/parse_args.c:768 +#: src/parse_args.c:794 msgid "create SELinux security context with specified role" msgstr "stvori SELinux sigurnosni kontekst s navedenom role ulogom" -#: src/parse_args.c:771 +#: src/parse_args.c:797 msgid "read password from standard input" msgstr "čita lozinku iz standardnog ulaza" -#: src/parse_args.c:773 +#: src/parse_args.c:799 msgid "run shell as the target user; a command may also be specified" msgstr "pokrene ljusku kao ciljani korisnik; može se navesti i naredba" -#: src/parse_args.c:776 +#: src/parse_args.c:802 msgid "create SELinux security context with specified type" msgstr "stvori SELinux sigurnosni kontekst s navedenom type ulogom" -#: src/parse_args.c:779 +#: src/parse_args.c:805 msgid "terminate command after the specified time limit" -msgstr "naredba završi nakon navedenoga timeout vremena" +msgstr "naredba završi nakon navedenoga vremenskog ograničenja" -#: src/parse_args.c:781 +#: src/parse_args.c:807 msgid "in list mode, display privileges for user" msgstr "izlista popis privilegija user korisnika" -#: src/parse_args.c:783 +#: src/parse_args.c:809 msgid "run command (or edit file) as specified user name or ID" msgstr "pokreni naredbu (ili redigira datoteku) kao navedeni user korisnik" -#: src/parse_args.c:785 +#: src/parse_args.c:811 msgid "display version information and exit" msgstr "informira o inačici ovog programa i iziđe" -#: src/parse_args.c:787 +#: src/parse_args.c:813 msgid "update user's timestamp without running a command" msgstr "obnovi vremensku oznaku korisnika bez pokretanja naredbe" -#: src/parse_args.c:789 +#: src/parse_args.c:815 msgid "stop processing command line arguments" msgstr "prestane s obradom argumenata na naredbenom retku" @@ -571,7 +598,7 @@ msgid "unable to open %s, not relabeling tty" msgstr "nije moguće otvoriti %s, oznaka TTY se ne mijenja" -#: src/selinux.c:194 src/selinux.c:237 src/selinux.c:254 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s nije znakovni uređaj (c-device), oznaka TTY se me mijenja" @@ -592,54 +619,54 @@ msgid "unable to set new tty context" msgstr "nije moguće uspostaviti novi TTY kontekst" -#: src/selinux.c:298 +#: src/selinux.c:322 #, c-format msgid "you must specify a role for type %s" msgstr "morate navesti ulogu za vrstu %s" -#: src/selinux.c:304 +#: src/selinux.c:328 #, c-format msgid "unable to get default type for role %s" msgstr "nije moguće dobiti zadanu vrstu za ulogu %s" -#: src/selinux.c:316 +#: src/selinux.c:340 msgid "failed to get new context" msgstr "nije uspjelo dobiti novi kontekst" -#: src/selinux.c:325 +#: src/selinux.c:349 #, c-format msgid "failed to set new role %s" msgstr "nije uspjelo postaviti novu ulogu %s" -#: src/selinux.c:329 +#: src/selinux.c:353 #, c-format msgid "failed to set new type %s" msgstr "nije uspjelo postaviti novu vrstu %s" -#: src/selinux.c:341 +#: src/selinux.c:365 #, c-format msgid "%s is not a valid context" msgstr "%s nije valjani kontekst" -#: src/selinux.c:373 +#: src/selinux.c:397 msgid "failed to get old context" msgstr "nije uspjelo dobiti stari kontekst" -#: src/selinux.c:379 +#: src/selinux.c:403 msgid "unable to determine enforcing mode." msgstr "nije moguće odrediti način provedbe." -#: src/selinux.c:396 +#: src/selinux.c:420 #, c-format msgid "unable to set tty context to %s" msgstr "nije moguće postaviti TTY kontekst za %s" -#: src/selinux.c:428 +#: src/selinux.c:452 #, c-format msgid "unable to set exec context to %s" msgstr "nije moguće postaviti exec kontekst na %s" -#: src/selinux.c:435 +#: src/selinux.c:459 #, c-format msgid "unable to set key creation context to %s" msgstr "nije moguće postaviti kontekst stvaranja ključa na %s" @@ -706,187 +733,213 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "upozorenje: nije uspjelo dodijeliti upravljanje resursima projekta „%s“" -#: src/sudo.c:204 +#: src/sudo.c:224 #, c-format msgid "Sudo version %s\n" msgstr "Sudo inačica %s\n" -#: src/sudo.c:206 +#: src/sudo.c:226 #, c-format msgid "Configure options: %s\n" msgstr "Konfiguracijske opcije: %s\n" -#: src/sudo.c:214 +#: src/sudo.c:235 msgid "fatal error, unable to load plugins" msgstr "kobna greška, nije moguće učitati plugine" -#: src/sudo.c:222 -msgid "unable to initialize policy plugin" -msgstr "nije moguće inicijalizirati plugin s pravilima" - -#: src/sudo.c:266 +#: src/sudo.c:280 msgid "plugin did not return a command to execute" msgstr "plugin nije uzvratio naredbu za izvršiti" -#: src/sudo.c:282 -#, c-format -msgid "error initializing I/O plugin %s" -msgstr "greška pri inicijalizaciji U/I plugina %s" - -#: src/sudo.c:306 +#: src/sudo.c:311 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "neočekivani sudo mȏd 0x%x" -#: src/sudo.c:538 +#: src/sudo.c:544 #, c-format msgid "you do not exist in the %s database" msgstr "vas nema u %s bazi podataka" -#: src/sudo.c:595 +#: src/sudo.c:601 msgid "unable to determine tty" msgstr "nije moguće odrediti TTY" -#: src/sudo.c:887 +#: src/sudo.c:893 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "vlasnik %s mora biti UID %d i mora imati postavljeni setuid bit" -#: src/sudo.c:890 +#: src/sudo.c:896 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "efektivni UID nije %d; je li %s na datotečnom sustavu s postavljenom opcijom „nosuid“ ili NFS datotečnom sustavu bez root privilegija?" -#: src/sudo.c:896 +#: src/sudo.c:902 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "efektivni UID nije %d; je li sudo instaliran sa setuid root?" -#: src/sudo.c:912 +#: src/sudo.c:918 msgid "unable to set supplementary group IDs" msgstr "nije moguće postaviti ID dodatnih grupa" -#: src/sudo.c:919 +#: src/sudo.c:925 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "nije moguće postaviti efektivni GID na runas GID %u" -#: src/sudo.c:925 +#: src/sudo.c:931 #, c-format msgid "unable to set gid to runas gid %u" msgstr "nije moguće postaviti GID na runas GID %u" -#: src/sudo.c:982 +#: src/sudo.c:978 #, c-format msgid "unexpected child termination condition: %d" msgstr "neočekivano stanje završetka potomka (dijete-procesa) : %d" -#: src/sudo.c:1128 +#: src/sudo.c:1087 +msgid "unable to initialize policy plugin" +msgstr "nije moguće inicijalizirati plugin s pravilima" + +#: src/sudo.c:1148 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "plugin s pravilima %s nema metodu „check_policy“" -#: src/sudo.c:1146 +#: src/sudo.c:1163 src/sudo.c:1216 src/sudo.c:1260 +msgid "command rejected by policy" +msgstr "pravilnik (policy) je odbio izvršiti naredbu" + +#: src/sudo.c:1168 src/sudo.c:1221 src/sudo.c:1265 +msgid "policy plugin error" +msgstr "greška plugina s pravilima (policy plugin)" + +#: src/sudo.c:1202 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "plugin s pravilima %s ne podržava ispis ovlasti" -#: src/sudo.c:1163 +#: src/sudo.c:1246 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "plugin s pravilima %s ne podržava opciju -v" -#: src/sudo.c:1178 +#: src/sudo.c:1284 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "plugin s pravilima %s ne podržava -k/-K opcije" -#: src/sudo_edit.c:221 +#: src/sudo.c:1413 +#, c-format +msgid "error initializing I/O plugin %s" +msgstr "greška pri inicijalizaciji U/I plugina %s" + +#: src/sudo.c:1567 +#, c-format +msgid "error initializing audit plugin %s" +msgstr "greška pri inicijalizaciji plugina za reviziju %s" + +#: src/sudo.c:1745 +#, c-format +msgid "error initializing approval plugin %s" +msgstr "greška pri inicijalizaciji plugina za odobrenje %s" + +#: src/sudo.c:1821 +msgid "command rejected by approver" +msgstr "odobravatelj je odbio izvršiti naredbu" + +#: src/sudo.c:1830 +msgid "approval plugin error" +msgstr "greška plugina za odobravanje" + +#: src/sudo_edit.c:233 msgid "no writable temporary directory found" msgstr "nije pronađen privremeni direktorij u koji je moguće pisati" -#: src/sudo_edit.c:288 src/sudo_edit.c:377 +#: src/sudo_edit.c:358 msgid "unable to restore current working directory" msgstr "nije moguće obnoviti trenutačni radni direktorij" -#: src/sudo_edit.c:594 src/sudo_edit.c:707 +#: src/sudo_edit.c:575 src/sudo_edit.c:688 #, c-format msgid "%s: not a regular file" msgstr "%s: nije obična datoteka" -#: src/sudo_edit.c:601 +#: src/sudo_edit.c:582 #, c-format msgid "%s: editing symbolic links is not permitted" msgstr "%s: simboličke veze nije dopušteno redigirati" # writable> zapisiv, upisiv, u kojem je dopušteno pisati # http://hjp.znanje.hr/ > upisiv > koji se može upisati, koji ispunjava uvjete upisa -#: src/sudo_edit.c:604 +#: src/sudo_edit.c:585 #, c-format msgid "%s: editing files in a writable directory is not permitted" msgstr "%s: datoteke nije dopušteno redigirati u direktoriju koji dopušta pisanje" -#: src/sudo_edit.c:637 src/sudo_edit.c:747 +#: src/sudo_edit.c:618 src/sudo_edit.c:728 #, c-format msgid "%s: short write" msgstr "%s: nepotpuni zapis" -#: src/sudo_edit.c:708 +#: src/sudo_edit.c:689 #, c-format msgid "%s left unmodified" msgstr "%s nije izmijenjeno" -#: src/sudo_edit.c:721 src/sudo_edit.c:908 +#: src/sudo_edit.c:702 src/sudo_edit.c:889 #, c-format msgid "%s unchanged" msgstr "%s nije promijenjeno" -#: src/sudo_edit.c:736 src/sudo_edit.c:758 +#: src/sudo_edit.c:717 src/sudo_edit.c:739 #, c-format msgid "unable to write to %s" msgstr "nije moguće pisati u %s" -#: src/sudo_edit.c:737 src/sudo_edit.c:756 src/sudo_edit.c:759 -#: src/sudo_edit.c:933 src/sudo_edit.c:937 +#: src/sudo_edit.c:718 src/sudo_edit.c:737 src/sudo_edit.c:740 +#: src/sudo_edit.c:914 src/sudo_edit.c:918 #, c-format msgid "contents of edit session left in %s" msgstr "sadržaj sesije redigiranja je ostavljen u %s" -#: src/sudo_edit.c:755 +#: src/sudo_edit.c:736 msgid "unable to read temporary file" msgstr "nije moguće čitati privremenu datoteku" -#: src/sudo_edit.c:838 +#: src/sudo_edit.c:819 msgid "sesh: internal error: odd number of paths" msgstr "sesh: interna greška: neparni broj staza" -#: src/sudo_edit.c:840 +#: src/sudo_edit.c:821 msgid "sesh: unable to create temporary files" msgstr "sesh: nije moguće čitati privremenu datoteku" -#: src/sudo_edit.c:842 src/sudo_edit.c:940 +#: src/sudo_edit.c:823 src/sudo_edit.c:921 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: nepoznata greška: %d" -#: src/sudo_edit.c:932 +#: src/sudo_edit.c:913 msgid "unable to copy temporary files back to their original location" msgstr "nije moguće kopirati privremene datoteke u njihovu originalnu lokaciju" -#: src/sudo_edit.c:936 +#: src/sudo_edit.c:917 msgid "unable to copy some of the temporary files back to their original location" msgstr "nije moguće kopirati neke od privremenih datoteka u njihovu originalnu lokaciju" -#: src/sudo_edit.c:981 +#: src/sudo_edit.c:962 #, c-format msgid "unable to change uid to root (%u)" msgstr "nije moguće promijeniti UID na root (%u)" -#: src/sudo_edit.c:998 +#: src/sudo_edit.c:979 msgid "plugin error: missing file list for sudoedit" msgstr "greška plugina: nedostaje popis datoteka za sudoedit" -#: src/sudo_edit.c:1039 src/sudo_edit.c:1052 +#: src/sudo_edit.c:1020 src/sudo_edit.c:1033 msgid "unable to read the clock" msgstr "nije moguće očitati vrijeme (clock)" @@ -910,17 +963,17 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "nije specificiran askpass program, pokušajte postaviti SUDO_ASKPASS" -#: src/tgetpass.c:322 +#: src/tgetpass.c:332 #, c-format msgid "unable to set gid to %u" msgstr "nije moguće postaviti GID na %u" -#: src/tgetpass.c:326 +#: src/tgetpass.c:336 #, c-format msgid "unable to set uid to %u" msgstr "nije moguće postaviti UID na %u" -#: src/tgetpass.c:331 +#: src/tgetpass.c:341 #, c-format msgid "unable to run %s" msgstr "nije moguće pokrenuti %s" @@ -937,6 +990,9 @@ msgid "unable to restore stdin" msgstr "nije moguće obnoviti stdin" +#~ msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" +#~ msgstr "ignorira se duplikat plugina s pravilima „%s“ u %s, redak %d" + #~ msgid "no tty present and no askpass program specified" #~ msgstr "nema TTY i nije specificiran askpass program" @@ -949,9 +1005,6 @@ #~ msgid "error reading from signal pipe" #~ msgstr "greška čitanja iz signalne cijevi" -#~ msgid "error reading from pipe" -#~ msgstr "greška čitanja iz cjevovoda" - #~ msgid "internal error, tried to emalloc(0)" #~ msgstr "interna greška, pokušao sam emalloc(0)" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/po/it.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/po/it.mo differ diff -Nru sudo-1.8.31/po/it.po sudo-1.9.0/po/it.po --- sudo-1.8.31/po/it.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/po/it.po 2020-05-11 16:28:23.000000000 +0000 @@ -1,13 +1,13 @@ # Italian translations for sudo package # This file is put in the public domain. -# Milo Casagrande , 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019. +# Milo Casagrande , 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020. # msgid "" msgstr "" -"Project-Id-Version: sudo-1.8.29rc1\n" +"Project-Id-Version: sudo-1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-10-24 16:21+0200\n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-03-13 13:13+0100\n" "Last-Translator: Milo Casagrande \n" "Language-Team: Italian \n" "Language: it\n" @@ -16,7 +16,7 @@ "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=2; plural=(n!=1);\n" -"X-Generator: Poedit 2.2.3\n" +"X-Generator: Poedit 2.2.4\n" #: lib/util/aix.c:92 lib/util/aix.c:172 msgid "unable to open userdb" @@ -32,74 +32,98 @@ msgstr "impossibile ripristinare il registro" #: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/gidlist.c:81 -#: lib/util/sudo_conf.c:193 lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 -#: lib/util/sudo_conf.c:560 src/conversation.c:84 src/exec_common.c:114 -#: src/exec_common.c:130 src/exec_common.c:139 src/exec_monitor.c:212 -#: src/exec_monitor.c:467 src/exec_monitor.c:473 src/exec_monitor.c:481 +#: lib/util/json.c:66 lib/util/json.c:192 lib/util/sudo_conf.c:191 +#: lib/util/sudo_conf.c:277 lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 +#: src/conversation.c:86 src/exec_common.c:114 src/exec_common.c:130 +#: src/exec_common.c:139 src/exec_monitor.c:211 src/exec_monitor.c:460 +#: src/exec_monitor.c:466 src/exec_monitor.c:474 src/exec_monitor.c:482 #: src/exec_monitor.c:489 src/exec_monitor.c:496 src/exec_monitor.c:503 #: src/exec_monitor.c:510 src/exec_monitor.c:517 src/exec_monitor.c:524 -#: src/exec_monitor.c:531 src/exec_monitor.c:538 src/exec_nopty.c:214 -#: src/exec_nopty.c:220 src/exec_nopty.c:229 src/exec_nopty.c:236 -#: src/exec_nopty.c:243 src/exec_nopty.c:250 src/exec_nopty.c:257 -#: src/exec_nopty.c:264 src/exec_nopty.c:271 src/exec_nopty.c:278 -#: src/exec_nopty.c:285 src/exec_nopty.c:292 src/exec_nopty.c:299 -#: src/exec_nopty.c:307 src/exec_nopty.c:480 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1002 -#: src/exec_pty.c:1165 src/exec_pty.c:1171 src/exec_pty.c:1180 -#: src/exec_pty.c:1187 src/exec_pty.c:1194 src/exec_pty.c:1201 -#: src/exec_pty.c:1208 src/exec_pty.c:1215 src/exec_pty.c:1222 -#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 -#: src/exec_pty.c:1251 src/exec_pty.c:1668 src/load_plugins.c:59 -#: src/load_plugins.c:72 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:207 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:679 src/sudo.c:689 src/sudo.c:710 src/sudo.c:729 -#: src/sudo.c:738 src/sudo.c:747 src/sudo.c:764 src/sudo.c:805 src/sudo.c:815 -#: src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 src/sudo.c:1240 -#: src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 src/sudo_edit.c:891 -#: src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:531 src/exec_nopty.c:218 src/exec_nopty.c:227 +#: src/exec_nopty.c:234 src/exec_nopty.c:241 src/exec_nopty.c:248 +#: src/exec_nopty.c:255 src/exec_nopty.c:262 src/exec_nopty.c:269 +#: src/exec_nopty.c:276 src/exec_nopty.c:283 src/exec_nopty.c:290 +#: src/exec_nopty.c:297 src/exec_nopty.c:305 src/exec_nopty.c:479 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1038 src/exec_pty.c:1206 src/exec_pty.c:1215 +#: src/exec_pty.c:1222 src/exec_pty.c:1229 src/exec_pty.c:1236 +#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 +#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 +#: src/exec_pty.c:1286 src/exec_pty.c:1709 src/load_plugins.c:59 +#: src/load_plugins.c:72 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:207 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:625 src/sudo.c:685 +#: src/sudo.c:695 src/sudo.c:716 src/sudo.c:735 src/sudo.c:744 src/sudo.c:753 +#: src/sudo.c:770 src/sudo.c:811 src/sudo.c:821 src/sudo.c:847 src/sudo.c:1037 +#: src/sudo.c:1059 src/sudo.c:1355 src/sudo.c:1528 src/sudo.c:1722 +#: src/sudo.c:2066 src/sudo_edit.c:270 src/sudo_edit.c:775 src/sudo_edit.c:872 +#: src/sudo_edit.c:986 src/sudo_edit.c:1006 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/sudo_conf.c:194 -#: lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 lib/util/sudo_conf.c:560 -#: src/conversation.c:85 src/exec_common.c:114 src/exec_common.c:131 -#: src/exec_common.c:140 src/exec_monitor.c:467 src/exec_monitor.c:473 -#: src/exec_monitor.c:481 src/exec_monitor.c:489 src/exec_monitor.c:496 +#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/json.c:67 +#: lib/util/json.c:193 lib/util/sudo_conf.c:192 lib/util/sudo_conf.c:277 +#: lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 src/conversation.c:87 +#: src/exec_common.c:114 src/exec_common.c:131 src/exec_common.c:140 +#: src/exec_monitor.c:460 src/exec_monitor.c:466 src/exec_monitor.c:474 +#: src/exec_monitor.c:482 src/exec_monitor.c:489 src/exec_monitor.c:496 #: src/exec_monitor.c:503 src/exec_monitor.c:510 src/exec_monitor.c:517 -#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_monitor.c:538 -#: src/exec_nopty.c:214 src/exec_nopty.c:220 src/exec_nopty.c:229 -#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 -#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 -#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 -#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1165 -#: src/exec_pty.c:1171 src/exec_pty.c:1180 src/exec_pty.c:1187 -#: src/exec_pty.c:1194 src/exec_pty.c:1201 src/exec_pty.c:1208 -#: src/exec_pty.c:1215 src/exec_pty.c:1222 src/exec_pty.c:1229 -#: src/exec_pty.c:1236 src/exec_pty.c:1243 src/exec_pty.c:1251 -#: src/exec_pty.c:1668 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:208 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 -#: src/sudo.c:1240 src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 -#: src/sudo_edit.c:891 src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_nopty.c:218 +#: src/exec_nopty.c:227 src/exec_nopty.c:234 src/exec_nopty.c:241 +#: src/exec_nopty.c:248 src/exec_nopty.c:255 src/exec_nopty.c:262 +#: src/exec_nopty.c:269 src/exec_nopty.c:276 src/exec_nopty.c:283 +#: src/exec_nopty.c:290 src/exec_nopty.c:297 src/exec_nopty.c:305 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1206 src/exec_pty.c:1215 src/exec_pty.c:1222 +#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 +#: src/exec_pty.c:1250 src/exec_pty.c:1257 src/exec_pty.c:1264 +#: src/exec_pty.c:1271 src/exec_pty.c:1278 src/exec_pty.c:1286 +#: src/exec_pty.c:1709 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:208 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:239 src/sudo.c:625 +#: src/sudo.c:847 src/sudo.c:1037 src/sudo.c:1059 src/sudo.c:1355 +#: src/sudo.c:1528 src/sudo.c:1722 src/sudo.c:2066 src/sudo_edit.c:270 +#: src/sudo_edit.c:775 src/sudo_edit.c:872 src/sudo_edit.c:986 +#: src/sudo_edit.c:1006 msgid "unable to allocate memory" msgstr "impossibile allocare memoria" +#: lib/util/mkdir_parents.c:79 lib/util/sudo_conf.c:619 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 +#, c-format +msgid "unable to open %s" +msgstr "impossibile aprire %s" + +#: lib/util/mkdir_parents.c:94 +#, c-format +msgid "unable to mkdir %s" +msgstr "impossibile creare la directory %s" + +#: lib/util/mkdir_parents.c:103 lib/util/sudo_conf.c:596 +#, c-format +msgid "unable to stat %s" +msgstr "impossibile eseguire stat su %s" + +#: lib/util/mkdir_parents.c:108 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s esiste, ma non è una directory (0%o)" + #: lib/util/strsignal.c:55 msgid "Unknown signal" msgstr "Segnale sconosciuto" #: lib/util/strtoid.c:96 lib/util/strtomode.c:56 lib/util/strtonum.c:161 -#: lib/util/strtonum.c:196 +#: lib/util/strtonum.c:200 msgid "invalid value" msgstr "valore non valido" @@ -111,87 +135,77 @@ msgid "value too small" msgstr "valore troppo piccolo" -#: lib/util/sudo_conf.c:212 +#: lib/util/sudo_conf.c:210 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "valore percorso \"%s\" non valido in %s, riga %u" -#: lib/util/sudo_conf.c:378 lib/util/sudo_conf.c:431 +#: lib/util/sudo_conf.c:376 lib/util/sudo_conf.c:392 lib/util/sudo_conf.c:445 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "valore %s \"%s\" non valido in %s, riga %u" -#: lib/util/sudo_conf.c:399 +#: lib/util/sudo_conf.c:413 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "gruppo sorgente \"%s\" non supportato in %s, riga %u" -#: lib/util/sudo_conf.c:415 +#: lib/util/sudo_conf.c:429 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "gruppi massimi \"%s\" non validi in %s, riga %u" -#: lib/util/sudo_conf.c:576 -#, c-format -msgid "unable to stat %s" -msgstr "impossibile eseguire stat su %s" - -#: lib/util/sudo_conf.c:579 +#: lib/util/sudo_conf.c:599 #, c-format msgid "%s is not a regular file" msgstr "%s non è un file regolare" -#: lib/util/sudo_conf.c:582 +#: lib/util/sudo_conf.c:602 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s è di proprietà dello uid %u, dovrebbe essere di %u" -#: lib/util/sudo_conf.c:586 +#: lib/util/sudo_conf.c:606 #, c-format msgid "%s is world writable" msgstr "%s è scrivibile da tutti" -#: lib/util/sudo_conf.c:589 +#: lib/util/sudo_conf.c:609 #, c-format msgid "%s is group writable" msgstr "%s è scrivibile dal gruppo" -#: lib/util/sudo_conf.c:599 src/selinux.c:233 src/selinux.c:250 src/sudo.c:363 -#, c-format -msgid "unable to open %s" -msgstr "impossibile aprire %s" - -#: src/exec.c:111 +#: src/exec.c:135 #, c-format msgid "unknown login class %s" msgstr "classe di accesso %s sconosciuta" -#: src/exec.c:123 +#: src/exec.c:147 msgid "unable to set user context" msgstr "impossibile impostare il contesto utente" -#: src/exec.c:139 +#: src/exec.c:163 msgid "unable to set process priority" msgstr "impossibile impostare la priorità del processo" -#: src/exec.c:150 +#: src/exec.c:177 #, c-format msgid "unable to change root to %s" msgstr "impossibile modificare root a %s" -#: src/exec.c:163 src/exec.c:169 src/exec.c:176 +#: src/exec.c:190 src/exec.c:196 src/exec.c:203 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "impossibile passare a un diverso uid (%u, %u)" -#: src/exec.c:194 +#: src/exec.c:221 #, c-format msgid "unable to change directory to %s" msgstr "impossibile passare alla root %s" -#: src/exec.c:293 src/exec_monitor.c:576 src/exec_monitor.c:578 -#: src/exec_nopty.c:538 src/exec_pty.c:530 src/exec_pty.c:1336 -#: src/exec_pty.c:1338 src/signal.c:150 src/signal.c:164 +#: src/exec.c:304 src/exec_monitor.c:569 src/exec_monitor.c:571 +#: src/exec_nopty.c:537 src/exec_pty.c:566 src/exec_pty.c:1373 +#: src/exec_pty.c:1375 src/signal.c:150 src/signal.c:164 #, c-format msgid "unable to set handler for signal %d" msgstr "impossibile impostare il gestore per il segnale %d" @@ -200,89 +214,107 @@ msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "impossibile rimuovere PRIV_PROC_EXEC da PRIV_LIMIT" -#: src/exec_monitor.c:366 +#: src/exec_monitor.c:365 msgid "error reading from socketpair" msgstr "errore nel leggere dal socketpair" -#: src/exec_monitor.c:383 +#: src/exec_monitor.c:382 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "tipologia di risposta inattesa sul backchannel: %d" -#: src/exec_monitor.c:475 src/exec_monitor.c:483 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_monitor.c:533 -#: src/exec_monitor.c:540 src/exec_nopty.c:222 src/exec_nopty.c:231 -#: src/exec_nopty.c:238 src/exec_nopty.c:245 src/exec_nopty.c:252 -#: src/exec_nopty.c:259 src/exec_nopty.c:266 src/exec_nopty.c:273 -#: src/exec_nopty.c:280 src/exec_nopty.c:287 src/exec_nopty.c:294 -#: src/exec_nopty.c:301 src/exec_nopty.c:309 src/exec_pty.c:652 -#: src/exec_pty.c:657 src/exec_pty.c:754 src/exec_pty.c:761 src/exec_pty.c:858 -#: src/exec_pty.c:1173 src/exec_pty.c:1182 src/exec_pty.c:1189 -#: src/exec_pty.c:1196 src/exec_pty.c:1203 src/exec_pty.c:1210 -#: src/exec_pty.c:1217 src/exec_pty.c:1224 src/exec_pty.c:1231 -#: src/exec_pty.c:1238 src/exec_pty.c:1245 src/exec_pty.c:1621 -#: src/exec_pty.c:1631 src/exec_pty.c:1676 src/exec_pty.c:1683 -#: src/exec_pty.c:1710 +#: src/exec_monitor.c:468 src/exec_monitor.c:476 src/exec_monitor.c:484 +#: src/exec_monitor.c:491 src/exec_monitor.c:498 src/exec_monitor.c:505 +#: src/exec_monitor.c:512 src/exec_monitor.c:519 src/exec_monitor.c:526 +#: src/exec_monitor.c:533 src/exec_nopty.c:220 src/exec_nopty.c:229 +#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 +#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 +#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 +#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:688 +#: src/exec_pty.c:693 src/exec_pty.c:790 src/exec_pty.c:797 src/exec_pty.c:894 +#: src/exec_pty.c:1208 src/exec_pty.c:1217 src/exec_pty.c:1224 +#: src/exec_pty.c:1231 src/exec_pty.c:1238 src/exec_pty.c:1245 +#: src/exec_pty.c:1252 src/exec_pty.c:1259 src/exec_pty.c:1266 +#: src/exec_pty.c:1273 src/exec_pty.c:1280 src/exec_pty.c:1662 +#: src/exec_pty.c:1672 src/exec_pty.c:1717 src/exec_pty.c:1724 +#: src/exec_pty.c:1751 msgid "unable to add event to queue" msgstr "impossibile aggiungere l'evento alla coda" -#: src/exec_monitor.c:594 +#: src/exec_monitor.c:587 msgid "unable to set controlling tty" msgstr "impossibile impostare il tty di controllo" -#: src/exec_monitor.c:602 src/exec_nopty.c:366 src/exec_pty.c:1415 -#: src/exec_pty.c:1436 src/exec_pty.c:1456 src/tgetpass.c:307 +#: src/exec_monitor.c:595 src/exec_nopty.c:364 src/exec_pty.c:1452 +#: src/exec_pty.c:1473 src/exec_pty.c:1493 src/tgetpass.c:311 msgid "unable to create pipe" msgstr "impossibile creare una pipe" -#: src/exec_monitor.c:610 +#: src/exec_monitor.c:603 msgid "unable to receive message from parent" msgstr "impossibile ricevere il messaggio dal genitore" -#: src/exec_monitor.c:624 src/exec_nopty.c:395 src/exec_pty.c:1494 -#: src/tgetpass.c:311 +#: src/exec_monitor.c:617 src/exec_nopty.c:393 src/exec_pty.c:1531 +#: src/tgetpass.c:315 msgid "unable to fork" msgstr "impossibile eseguire fork" -#: src/exec_monitor.c:628 src/exec_monitor.c:727 src/exec_nopty.c:448 +#: src/exec_monitor.c:621 src/exec_monitor.c:720 src/exec_nopty.c:447 msgid "unable to restore tty label" msgstr "impossibile ripristinare l'etichetta tty" -#: src/exec_monitor.c:644 src/sesh.c:127 src/sudo.c:1100 +#: src/exec_monitor.c:637 src/sesh.c:127 src/sudo.c:1114 #, c-format msgid "unable to execute %s" msgstr "impossibile eseguire %s" -#: src/exec_nopty.c:360 src/exec_pty.c:1345 +#: src/exec_nopty.c:358 src/exec_pty.c:1382 msgid "policy plugin failed session initialization" msgstr "inizializzazione della sessione non riuscita da parte del plugin della politica" -#: src/exec_nopty.c:437 src/exec_pty.c:1581 +#: src/exec_nopty.c:435 src/exec_pty.c:1617 msgid "error in event loop" msgstr "errore nel ciclo dell'evento" -#: src/exec_nopty.c:546 src/exec_pty.c:565 src/signal.c:112 +#: src/exec_nopty.c:545 src/exec_pty.c:601 src/signal.c:112 #, c-format msgid "unable to restore handler for signal %d" msgstr "impossibile ripristinare il gestore per il segnale %d" -#: src/exec_pty.c:158 +#: src/exec_pty.c:157 msgid "unable to allocate pty" msgstr "impossibile allocare pty" -#: src/exec_pty.c:1325 +#: src/exec_pty.c:221 src/exec_pty.c:260 src/exec_pty.c:299 src/exec_pty.c:349 +#: src/exec_pty.c:399 +msgid "I/O plugin error" +msgstr "errore del plugin I/O" + +#: src/exec_pty.c:224 src/exec_pty.c:263 src/exec_pty.c:302 src/exec_pty.c:352 +#: src/exec_pty.c:402 +msgid "command rejected by I/O plugin" +msgstr "comando rifiutato dal plugin I/O" + +#: src/exec_pty.c:449 +msgid "error logging suspend" +msgstr "sospensione della registrazione degli errori" + +#: src/exec_pty.c:482 +msgid "error changing window size" +msgstr "errore nel modificare le dimensioni della finestra" + +#: src/exec_pty.c:1362 msgid "unable to create sockets" msgstr "impossibile creare socket" -#: src/exec_pty.c:1538 +#: src/exec_pty.c:1574 msgid "unable to send message to monitor process" msgstr "impossibile inviare il messaggio per controllare il processo" #: src/load_plugins.c:57 src/load_plugins.c:70 src/load_plugins.c:92 -#: src/load_plugins.c:122 src/load_plugins.c:134 src/load_plugins.c:140 -#: src/load_plugins.c:181 src/load_plugins.c:189 src/load_plugins.c:196 -#: src/load_plugins.c:202 +#: src/load_plugins.c:122 src/load_plugins.c:136 src/load_plugins.c:142 +#: src/load_plugins.c:293 src/load_plugins.c:301 src/load_plugins.c:308 +#: src/load_plugins.c:348 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "errore in %s, riga %d, durante il caricamento del plugin \"%s\"" @@ -292,61 +324,56 @@ msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:136 +#: src/load_plugins.c:138 #, c-format msgid "%s must be owned by uid %d" msgstr "%s deve essere di proprietà dello uid %d" -#: src/load_plugins.c:142 +#: src/load_plugins.c:144 #, c-format msgid "%s must be only be writable by owner" msgstr "%s deve essere scrivibile solo dal proprietario" -#: src/load_plugins.c:183 +#: src/load_plugins.c:254 src/load_plugins.c:321 +#, c-format +msgid "ignoring duplicate plugin \"%s\" in %s, line %d" +msgstr "viene ignorato il plugin duplicato \"%s\" in %s, riga %d" + +#: src/load_plugins.c:295 #, c-format msgid "unable to load %s: %s" msgstr "impossibile caricare %s: %s" -#: src/load_plugins.c:191 +#: src/load_plugins.c:303 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "impossibile trovare il simbolo \"%s\" in %s" -#: src/load_plugins.c:198 -#, c-format -msgid "unknown policy type %d found in %s" -msgstr "politica di tipo %d sconosciuta trovata in %s" - -#: src/load_plugins.c:204 +#: src/load_plugins.c:310 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "numero principale di versione del plugin %d non compatibile (atteso %d) trovato in %s" -#: src/load_plugins.c:213 +#: src/load_plugins.c:324 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "viene ignorato il plugin di politica \"%s\" in %s, riga %d" -#: src/load_plugins.c:215 +#: src/load_plugins.c:326 msgid "only a single policy plugin may be specified" msgstr "solo un plugin di politica può essere specificato" -#: src/load_plugins.c:218 -#, c-format -msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" -msgstr "viene ignorato il plugin di politica duplicato \"%s\" in %s, riga %d" - -#: src/load_plugins.c:237 +#: src/load_plugins.c:350 #, c-format -msgid "ignoring duplicate I/O plugin \"%s\" in %s, line %d" -msgstr "viene ignorato il plugin di I/O duplicato \"%s\" in %s, riga %d" +msgid "unknown plugin type %d found in %s" +msgstr "tipo di plugin %d sconosciuto trovato in %s" -#: src/load_plugins.c:353 +#: src/load_plugins.c:511 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "il plugin di politica %s non include un metodo check_policy" -#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:473 +#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:478 #, c-format msgid "internal error, %s overflow" msgstr "errore interno, overflow di %s" @@ -360,39 +387,39 @@ msgid "the argument to -C must be a number greater than or equal to 3" msgstr "l'argomento di -C deve essere un numero maggiore o uguale a 3" -#: src/parse_args.c:523 +#: src/parse_args.c:524 msgid "you may not specify both the `-i' and `-s' options" msgstr "non è possibile specificare entrambe le opzioni \"-i\" e \"-s\"" -#: src/parse_args.c:527 +#: src/parse_args.c:528 msgid "you may not specify both the `-i' and `-E' options" msgstr "non è possibile specificare entrambe le opzioni \"-i\" ed \"-E\"" -#: src/parse_args.c:537 +#: src/parse_args.c:538 msgid "the `-E' option is not valid in edit mode" msgstr "l'opzione \"-E\" non è valida in modalità di modifica" -#: src/parse_args.c:539 +#: src/parse_args.c:540 msgid "you may not specify environment variables in edit mode" msgstr "non è possibile specificare variabili d'ambiente in modalità di modifica" -#: src/parse_args.c:547 +#: src/parse_args.c:548 msgid "the `-U' option may only be used with the `-l' option" msgstr "l'opzione \"-U\" può essere usata solo con l'opzione \"-l\"" -#: src/parse_args.c:551 +#: src/parse_args.c:552 msgid "the `-A' and `-S' options may not be used together" msgstr "non è possibile usare assieme le opzioni \"-A\" e \"-S\"" -#: src/parse_args.c:627 +#: src/parse_args.c:645 msgid "sudoedit is not supported on this platform" msgstr "sudoedit non è supportato su questa piattaforma" -#: src/parse_args.c:700 +#: src/parse_args.c:726 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Solo una delle opzioni -e, -h, -i, -K, -l, -s, -v o -V può essere specificata" -#: src/parse_args.c:714 +#: src/parse_args.c:740 #, c-format msgid "" "%s - edit files as another user\n" @@ -401,7 +428,7 @@ "%s - modifica file come un altro utente\n" "\n" -#: src/parse_args.c:716 +#: src/parse_args.c:742 #, c-format msgid "" "%s - execute a command as another user\n" @@ -410,7 +437,7 @@ "%s - esegue un comando come un altro utente\n" "\n" -#: src/parse_args.c:721 +#: src/parse_args.c:747 #, c-format msgid "" "\n" @@ -419,123 +446,123 @@ "\n" "Opzioni:\n" -#: src/parse_args.c:723 +#: src/parse_args.c:749 msgid "use a helper program for password prompting" msgstr "Utilizza un programma d'aiuto per richiedere la password" -#: src/parse_args.c:726 +#: src/parse_args.c:752 msgid "use specified BSD authentication type" msgstr "Utilizza la tipologia di autenticazione BSD specificata" -#: src/parse_args.c:729 +#: src/parse_args.c:755 msgid "run command in the background" msgstr "Esegue il comando in background" -#: src/parse_args.c:731 +#: src/parse_args.c:757 msgid "ring bell when prompting" msgstr "Suona la campanella con le richieste" -#: src/parse_args.c:733 +#: src/parse_args.c:759 msgid "close all file descriptors >= num" msgstr "Chiude tutti i descrittori di file >= num" -#: src/parse_args.c:736 +#: src/parse_args.c:762 msgid "run command with the specified BSD login class" msgstr "Esegue il comando con la classe di accesso BSD specificata" -#: src/parse_args.c:739 +#: src/parse_args.c:765 msgid "preserve user environment when running command" msgstr "Mantiene l'ambiente dell'utente quando viene eseguito il comando" -#: src/parse_args.c:741 +#: src/parse_args.c:767 msgid "preserve specific environment variables" msgstr "Mantiene delle variabile d'ambiente specifiche" -#: src/parse_args.c:743 +#: src/parse_args.c:769 msgid "edit files instead of running a command" msgstr "Modifica i file invece di eseguire un comando" -#: src/parse_args.c:745 +#: src/parse_args.c:771 msgid "run command as the specified group name or ID" msgstr "Esegue il comando come il gruppo o l'ID specificato" -#: src/parse_args.c:747 +#: src/parse_args.c:773 msgid "set HOME variable to target user's home dir" msgstr "Imposta la variabile HOME alla directory dell'utente finale" -#: src/parse_args.c:749 +#: src/parse_args.c:775 msgid "display help message and exit" msgstr "Visualizza il messaggio di aiuto ed esce" -#: src/parse_args.c:751 +#: src/parse_args.c:777 msgid "run command on host (if supported by plugin)" msgstr "Esegue il comando sull'host (se supportato dal plugin)" -#: src/parse_args.c:753 +#: src/parse_args.c:779 msgid "run login shell as the target user; a command may also be specified" msgstr "Esegue una shell di login come l'utente finale; può essere specificato un comando" -#: src/parse_args.c:755 +#: src/parse_args.c:781 msgid "remove timestamp file completely" msgstr "Rimuove completamente il file temporale" -#: src/parse_args.c:757 +#: src/parse_args.c:783 msgid "invalidate timestamp file" msgstr "Invalida il file temporale" -#: src/parse_args.c:759 +#: src/parse_args.c:785 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "Elenca i privilegi dell'utente o verifica un comando specifico; usare due volte per il formato più lungo" -#: src/parse_args.c:761 +#: src/parse_args.c:787 msgid "non-interactive mode, no prompts are used" msgstr "Modalità non interattiva, non richiede nulla all'utente" -#: src/parse_args.c:763 +#: src/parse_args.c:789 msgid "preserve group vector instead of setting to target's" msgstr "Mantiene il vettore di gruppo invece di impostarlo a quello dell'obiettivo" -#: src/parse_args.c:765 +#: src/parse_args.c:791 msgid "use the specified password prompt" msgstr "Utilizza la richiesta della password specificata" -#: src/parse_args.c:768 +#: src/parse_args.c:794 msgid "create SELinux security context with specified role" msgstr "Crea il contesto di sicurezza SELinux con il ruolo specificato" -#: src/parse_args.c:771 +#: src/parse_args.c:797 msgid "read password from standard input" msgstr "Legge la password dallo standard input" -#: src/parse_args.c:773 +#: src/parse_args.c:799 msgid "run shell as the target user; a command may also be specified" msgstr "Esegue la shell come l'utente finale; può essere specificato un comando" -#: src/parse_args.c:776 +#: src/parse_args.c:802 msgid "create SELinux security context with specified type" msgstr "Crea il contesto di sicurezza SELinux con il tipo specificato" -#: src/parse_args.c:779 +#: src/parse_args.c:805 msgid "terminate command after the specified time limit" msgstr "Termina il comando allo trascorrere del limite temporale specificato" -#: src/parse_args.c:781 +#: src/parse_args.c:807 msgid "in list mode, display privileges for user" msgstr "In modalità elenco, visualizza i privilegi dell'utente" -#: src/parse_args.c:783 +#: src/parse_args.c:809 msgid "run command (or edit file) as specified user name or ID" msgstr "Esegue un comando (o modifica un file) come il nome utente o l'ID specificato" -#: src/parse_args.c:785 +#: src/parse_args.c:811 msgid "display version information and exit" msgstr "Visualizza le informazioni sulla versione ed esce" -#: src/parse_args.c:787 +#: src/parse_args.c:813 msgid "update user's timestamp without running a command" msgstr "Aggiorna il timestamp dell'utente senza eseguire un comando" -#: src/parse_args.c:789 +#: src/parse_args.c:815 msgid "stop processing command line arguments" msgstr "Ferma l'elaborazione degli argomenti a riga di comando" @@ -567,7 +594,7 @@ msgid "unable to open %s, not relabeling tty" msgstr "impossibile aprire %s, tty non viene ri-etichettato" -#: src/selinux.c:194 src/selinux.c:237 src/selinux.c:254 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s non è un dispositivo a caratteri, tty non viene ri-etichettato" @@ -588,54 +615,54 @@ msgid "unable to set new tty context" msgstr "impossibile impostare il nuovo contesto tty" -#: src/selinux.c:298 +#: src/selinux.c:322 #, c-format msgid "you must specify a role for type %s" msgstr "è necessario specificare un ruolo per la tipologia %s" -#: src/selinux.c:304 +#: src/selinux.c:328 #, c-format msgid "unable to get default type for role %s" msgstr "impossibile ottenere la tipologia predefinita per il ruolo %s" -#: src/selinux.c:316 +#: src/selinux.c:340 msgid "failed to get new context" msgstr "recupero del nuovo contesto non riuscito" -#: src/selinux.c:325 +#: src/selinux.c:349 #, c-format msgid "failed to set new role %s" msgstr "impossibile impostare il nuovo ruolo %s" -#: src/selinux.c:329 +#: src/selinux.c:353 #, c-format msgid "failed to set new type %s" msgstr "impossibile impostare la nuova tipologia %s" -#: src/selinux.c:341 +#: src/selinux.c:365 #, c-format msgid "%s is not a valid context" msgstr "%s non è un contesto valido" -#: src/selinux.c:373 +#: src/selinux.c:397 msgid "failed to get old context" msgstr "recupero del vecchio contesto non riuscito" -#: src/selinux.c:379 +#: src/selinux.c:403 msgid "unable to determine enforcing mode." msgstr "impossibile determinare la modalità di rispetto." -#: src/selinux.c:396 +#: src/selinux.c:420 #, c-format msgid "unable to set tty context to %s" msgstr "impossibile impostare il contesto tty a %s" -#: src/selinux.c:428 +#: src/selinux.c:452 #, c-format msgid "unable to set exec context to %s" msgstr "impossibile impostare il contesto exec a %s" -#: src/selinux.c:435 +#: src/selinux.c:459 #, c-format msgid "unable to set key creation context to %s" msgstr "impossibile impostare il contesto di creazione della chiave a %s" @@ -702,185 +729,211 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "attenzione, assegnazione della risorsa di controllo per il progetto \"%s\" non riuscita" -#: src/sudo.c:204 +#: src/sudo.c:224 #, c-format msgid "Sudo version %s\n" msgstr "Versione di sudo: %s\n" -#: src/sudo.c:206 +#: src/sudo.c:226 #, c-format msgid "Configure options: %s\n" msgstr "Opzioni di configurazione: %s\n" -#: src/sudo.c:214 +#: src/sudo.c:235 msgid "fatal error, unable to load plugins" msgstr "errore irreversibile, impossibile caricare i plugin" -#: src/sudo.c:222 -msgid "unable to initialize policy plugin" -msgstr "impossibile inizializzare il plugin delle politiche" - -#: src/sudo.c:266 +#: src/sudo.c:280 msgid "plugin did not return a command to execute" msgstr "il plug-in non ha restituito un comando da eseguire" -#: src/sudo.c:282 -#, c-format -msgid "error initializing I/O plugin %s" -msgstr "errore nell'inizializzare il plugin di I/O %s" - -#: src/sudo.c:306 +#: src/sudo.c:311 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "modalità 0x%x di sudo non attesa" -#: src/sudo.c:538 +#: src/sudo.c:544 #, c-format msgid "you do not exist in the %s database" msgstr "l'utente attuale non esiste nel database %s" -#: src/sudo.c:595 +#: src/sudo.c:601 msgid "unable to determine tty" msgstr "impossibile impostare il tty" -#: src/sudo.c:887 +#: src/sudo.c:893 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s deve essere di proprietà dello uid %d e avere il bit setuid impostato" -#: src/sudo.c:890 +#: src/sudo.c:896 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "lo uid effettivo non è %d. %s si trova su un file system con l'opzione \"nosuid\" impostata o su un file system NFS senza privilegi di root?" -#: src/sudo.c:896 +#: src/sudo.c:902 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "lo uid effettivo non è %d. Il programma sudo è installato con setuid root?" -#: src/sudo.c:912 +#: src/sudo.c:918 msgid "unable to set supplementary group IDs" msgstr "impossibile impostare ID di gruppo supplementari" -#: src/sudo.c:919 +#: src/sudo.c:925 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "impossibile impostare il gid effettivo per eseguire come %u" -#: src/sudo.c:925 +#: src/sudo.c:931 #, c-format msgid "unable to set gid to runas gid %u" msgstr "impossibile impostare il gid per eseguire come gid %u" -#: src/sudo.c:982 +#: src/sudo.c:978 #, c-format msgid "unexpected child termination condition: %d" msgstr "condizione di uscita del figlio inattesa: %d" -#: src/sudo.c:1128 +#: src/sudo.c:1087 +msgid "unable to initialize policy plugin" +msgstr "impossibile inizializzare il plugin delle politiche" + +#: src/sudo.c:1148 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "il plugin di politica %s non include un metodo \"check_policy\"" -#: src/sudo.c:1146 +#: src/sudo.c:1163 src/sudo.c:1216 src/sudo.c:1260 +msgid "command rejected by policy" +msgstr "comando rifiutato dalla politica" + +#: src/sudo.c:1168 src/sudo.c:1221 src/sudo.c:1265 +msgid "policy plugin error" +msgstr "errore plugin di politica" + +#: src/sudo.c:1202 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "il plugin di politica %s non supporta l'elencazione dei privilegi" -#: src/sudo.c:1163 +#: src/sudo.c:1246 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "il plugin di politica %s non supporta l'opzione -v" -#: src/sudo.c:1178 +#: src/sudo.c:1284 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "il plugin di politica %s non supporta le opzioni -k/-K" -#: src/sudo_edit.c:221 +#: src/sudo.c:1413 +#, c-format +msgid "error initializing I/O plugin %s" +msgstr "errore nell'inizializzare il plugin di I/O %s" + +#: src/sudo.c:1567 +#, c-format +msgid "error initializing audit plugin %s" +msgstr "errore nell'inizializzare il plugin di audit %s" + +#: src/sudo.c:1745 +#, c-format +msgid "error initializing approval plugin %s" +msgstr "errore nell'inizializzare il plugin di approvazione %s" + +#: src/sudo.c:1821 +msgid "command rejected by approver" +msgstr "comando rifiutato dall'approvatore" + +#: src/sudo.c:1830 +msgid "approval plugin error" +msgstr "errore plugin di approvazione" + +#: src/sudo_edit.c:233 msgid "no writable temporary directory found" msgstr "nessuna directory temporanea scrivibile trovata" -#: src/sudo_edit.c:288 src/sudo_edit.c:377 +#: src/sudo_edit.c:358 msgid "unable to restore current working directory" msgstr "impossibile ripristinare la directory di lavoro attuale" -#: src/sudo_edit.c:594 src/sudo_edit.c:707 +#: src/sudo_edit.c:575 src/sudo_edit.c:688 #, c-format msgid "%s: not a regular file" msgstr "%s: non è un file regolare" -#: src/sudo_edit.c:601 +#: src/sudo_edit.c:582 #, c-format msgid "%s: editing symbolic links is not permitted" msgstr "%s: la modifica di collegamenti simbolici non è consentita" -#: src/sudo_edit.c:604 +#: src/sudo_edit.c:585 #, c-format msgid "%s: editing files in a writable directory is not permitted" msgstr "%s: la modifica di file in una directory con accesso in scrittura non è consentita" -#: src/sudo_edit.c:637 src/sudo_edit.c:747 +#: src/sudo_edit.c:618 src/sudo_edit.c:728 #, c-format msgid "%s: short write" msgstr "%s: scrittura breve" -#: src/sudo_edit.c:708 +#: src/sudo_edit.c:689 #, c-format msgid "%s left unmodified" msgstr "%s lasciato non modificato" -#: src/sudo_edit.c:721 src/sudo_edit.c:908 +#: src/sudo_edit.c:702 src/sudo_edit.c:889 #, c-format msgid "%s unchanged" msgstr "%s non modificato" -#: src/sudo_edit.c:736 src/sudo_edit.c:758 +#: src/sudo_edit.c:717 src/sudo_edit.c:739 #, c-format msgid "unable to write to %s" msgstr "impossibile scrivere su %s" -#: src/sudo_edit.c:737 src/sudo_edit.c:756 src/sudo_edit.c:759 -#: src/sudo_edit.c:933 src/sudo_edit.c:937 +#: src/sudo_edit.c:718 src/sudo_edit.c:737 src/sudo_edit.c:740 +#: src/sudo_edit.c:914 src/sudo_edit.c:918 #, c-format msgid "contents of edit session left in %s" msgstr "contenuto della sessione di modifica lasciato in %s" -#: src/sudo_edit.c:755 +#: src/sudo_edit.c:736 msgid "unable to read temporary file" msgstr "impossibile leggere il file temporaneo" -#: src/sudo_edit.c:838 +#: src/sudo_edit.c:819 msgid "sesh: internal error: odd number of paths" msgstr "sesh: errore interno: strano numero numero di percorsi" -#: src/sudo_edit.c:840 +#: src/sudo_edit.c:821 msgid "sesh: unable to create temporary files" msgstr "sesh: impossibile creare file temporanei" -#: src/sudo_edit.c:842 src/sudo_edit.c:940 +#: src/sudo_edit.c:823 src/sudo_edit.c:921 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: errore %d sconosciuto" -#: src/sudo_edit.c:932 +#: src/sudo_edit.c:913 msgid "unable to copy temporary files back to their original location" msgstr "impossibile copiare i file temporanei nella loro posizione originale" -#: src/sudo_edit.c:936 +#: src/sudo_edit.c:917 msgid "unable to copy some of the temporary files back to their original location" msgstr "impossibile copiare alcuni dei file temporanei nella loro posizione originale" -#: src/sudo_edit.c:981 +#: src/sudo_edit.c:962 #, c-format msgid "unable to change uid to root (%u)" msgstr "impossibile modificare lo uid a root (%u)" -#: src/sudo_edit.c:998 +#: src/sudo_edit.c:979 msgid "plugin error: missing file list for sudoedit" msgstr "errore di plugin: elenco file mancante per sudoedit" -#: src/sudo_edit.c:1039 src/sudo_edit.c:1052 +#: src/sudo_edit.c:1020 src/sudo_edit.c:1033 msgid "unable to read the clock" msgstr "impossibile leggere l'orologio" @@ -904,17 +957,17 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "nessun programma di richiesta password specificato, impostare SUDO_ASKPASS" -#: src/tgetpass.c:322 +#: src/tgetpass.c:332 #, c-format msgid "unable to set gid to %u" msgstr "impossibile impostare il gid a %u" -#: src/tgetpass.c:326 +#: src/tgetpass.c:336 #, c-format msgid "unable to set uid to %u" msgstr "impossibile impostare lo uid a %u" -#: src/tgetpass.c:331 +#: src/tgetpass.c:341 #, c-format msgid "unable to run %s" msgstr "impossibile eseguire %s" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/po/ja.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/po/ja.mo differ diff -Nru sudo-1.8.31/po/ja.po sudo-1.9.0/po/ja.po --- sudo-1.8.31/po/ja.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/po/ja.po 2020-05-11 16:28:23.000000000 +0000 @@ -1,14 +1,14 @@ # Japanese messages for sudo # This file is put in the public domain. # Yasuaki Taniguchi , 2011. -# Takeshi Hamasaki , 2012, 2015, 2016, 2017, 2018, 2019. +# Takeshi Hamasaki , 2012, 2015, 2016, 2017, 2018, 2019, 2020. # msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.29rc1\n" +"Project-Id-Version: sudo 1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-10-27 10:44+0900\n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-05-02 11:59+0900\n" "Last-Translator: Takeshi Hamasaki \n" "Language-Team: Japanese \n" "Language: ja\n" @@ -33,74 +33,98 @@ msgstr "レジストリーを復元できません" #: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/gidlist.c:81 -#: lib/util/sudo_conf.c:193 lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 -#: lib/util/sudo_conf.c:560 src/conversation.c:84 src/exec_common.c:114 -#: src/exec_common.c:130 src/exec_common.c:139 src/exec_monitor.c:212 -#: src/exec_monitor.c:467 src/exec_monitor.c:473 src/exec_monitor.c:481 +#: lib/util/json.c:66 lib/util/json.c:192 lib/util/sudo_conf.c:191 +#: lib/util/sudo_conf.c:277 lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 +#: src/conversation.c:86 src/exec_common.c:114 src/exec_common.c:130 +#: src/exec_common.c:139 src/exec_monitor.c:211 src/exec_monitor.c:460 +#: src/exec_monitor.c:466 src/exec_monitor.c:474 src/exec_monitor.c:482 #: src/exec_monitor.c:489 src/exec_monitor.c:496 src/exec_monitor.c:503 #: src/exec_monitor.c:510 src/exec_monitor.c:517 src/exec_monitor.c:524 -#: src/exec_monitor.c:531 src/exec_monitor.c:538 src/exec_nopty.c:214 -#: src/exec_nopty.c:220 src/exec_nopty.c:229 src/exec_nopty.c:236 -#: src/exec_nopty.c:243 src/exec_nopty.c:250 src/exec_nopty.c:257 -#: src/exec_nopty.c:264 src/exec_nopty.c:271 src/exec_nopty.c:278 -#: src/exec_nopty.c:285 src/exec_nopty.c:292 src/exec_nopty.c:299 -#: src/exec_nopty.c:307 src/exec_nopty.c:480 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1002 -#: src/exec_pty.c:1165 src/exec_pty.c:1171 src/exec_pty.c:1180 -#: src/exec_pty.c:1187 src/exec_pty.c:1194 src/exec_pty.c:1201 -#: src/exec_pty.c:1208 src/exec_pty.c:1215 src/exec_pty.c:1222 -#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 -#: src/exec_pty.c:1251 src/exec_pty.c:1668 src/load_plugins.c:59 -#: src/load_plugins.c:72 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:207 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:679 src/sudo.c:689 src/sudo.c:710 src/sudo.c:729 -#: src/sudo.c:738 src/sudo.c:747 src/sudo.c:764 src/sudo.c:805 src/sudo.c:815 -#: src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 src/sudo.c:1240 -#: src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 src/sudo_edit.c:891 -#: src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:531 src/exec_nopty.c:218 src/exec_nopty.c:227 +#: src/exec_nopty.c:234 src/exec_nopty.c:241 src/exec_nopty.c:248 +#: src/exec_nopty.c:255 src/exec_nopty.c:262 src/exec_nopty.c:269 +#: src/exec_nopty.c:276 src/exec_nopty.c:283 src/exec_nopty.c:290 +#: src/exec_nopty.c:297 src/exec_nopty.c:305 src/exec_nopty.c:479 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1038 src/exec_pty.c:1206 src/exec_pty.c:1215 +#: src/exec_pty.c:1222 src/exec_pty.c:1229 src/exec_pty.c:1236 +#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 +#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 +#: src/exec_pty.c:1286 src/exec_pty.c:1709 src/load_plugins.c:59 +#: src/load_plugins.c:72 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:207 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:625 src/sudo.c:685 +#: src/sudo.c:695 src/sudo.c:716 src/sudo.c:735 src/sudo.c:744 src/sudo.c:753 +#: src/sudo.c:770 src/sudo.c:811 src/sudo.c:821 src/sudo.c:847 src/sudo.c:1037 +#: src/sudo.c:1059 src/sudo.c:1355 src/sudo.c:1528 src/sudo.c:1722 +#: src/sudo.c:2066 src/sudo_edit.c:270 src/sudo_edit.c:775 src/sudo_edit.c:872 +#: src/sudo_edit.c:986 src/sudo_edit.c:1006 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/sudo_conf.c:194 -#: lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 lib/util/sudo_conf.c:560 -#: src/conversation.c:85 src/exec_common.c:114 src/exec_common.c:131 -#: src/exec_common.c:140 src/exec_monitor.c:467 src/exec_monitor.c:473 -#: src/exec_monitor.c:481 src/exec_monitor.c:489 src/exec_monitor.c:496 +#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/json.c:67 +#: lib/util/json.c:193 lib/util/sudo_conf.c:192 lib/util/sudo_conf.c:277 +#: lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 src/conversation.c:87 +#: src/exec_common.c:114 src/exec_common.c:131 src/exec_common.c:140 +#: src/exec_monitor.c:460 src/exec_monitor.c:466 src/exec_monitor.c:474 +#: src/exec_monitor.c:482 src/exec_monitor.c:489 src/exec_monitor.c:496 #: src/exec_monitor.c:503 src/exec_monitor.c:510 src/exec_monitor.c:517 -#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_monitor.c:538 -#: src/exec_nopty.c:214 src/exec_nopty.c:220 src/exec_nopty.c:229 -#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 -#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 -#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 -#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1165 -#: src/exec_pty.c:1171 src/exec_pty.c:1180 src/exec_pty.c:1187 -#: src/exec_pty.c:1194 src/exec_pty.c:1201 src/exec_pty.c:1208 -#: src/exec_pty.c:1215 src/exec_pty.c:1222 src/exec_pty.c:1229 -#: src/exec_pty.c:1236 src/exec_pty.c:1243 src/exec_pty.c:1251 -#: src/exec_pty.c:1668 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:208 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 -#: src/sudo.c:1240 src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 -#: src/sudo_edit.c:891 src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_nopty.c:218 +#: src/exec_nopty.c:227 src/exec_nopty.c:234 src/exec_nopty.c:241 +#: src/exec_nopty.c:248 src/exec_nopty.c:255 src/exec_nopty.c:262 +#: src/exec_nopty.c:269 src/exec_nopty.c:276 src/exec_nopty.c:283 +#: src/exec_nopty.c:290 src/exec_nopty.c:297 src/exec_nopty.c:305 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1206 src/exec_pty.c:1215 src/exec_pty.c:1222 +#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 +#: src/exec_pty.c:1250 src/exec_pty.c:1257 src/exec_pty.c:1264 +#: src/exec_pty.c:1271 src/exec_pty.c:1278 src/exec_pty.c:1286 +#: src/exec_pty.c:1709 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:208 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:239 src/sudo.c:625 +#: src/sudo.c:847 src/sudo.c:1037 src/sudo.c:1059 src/sudo.c:1355 +#: src/sudo.c:1528 src/sudo.c:1722 src/sudo.c:2066 src/sudo_edit.c:270 +#: src/sudo_edit.c:775 src/sudo_edit.c:872 src/sudo_edit.c:986 +#: src/sudo_edit.c:1006 msgid "unable to allocate memory" msgstr "メモリ割り当てを行えませんでした" +#: lib/util/mkdir_parents.c:79 lib/util/sudo_conf.c:619 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 +#, c-format +msgid "unable to open %s" +msgstr "%s を開けません" + +#: lib/util/mkdir_parents.c:94 +#, c-format +msgid "unable to mkdir %s" +msgstr "%s を mkdir できません" + +#: lib/util/mkdir_parents.c:103 lib/util/sudo_conf.c:596 +#, c-format +msgid "unable to stat %s" +msgstr "%s の状態取得 (stat) ができません" + +#: lib/util/mkdir_parents.c:108 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s は存在しますが、ディレクトリではありません (0%o)" + #: lib/util/strsignal.c:55 msgid "Unknown signal" msgstr "不明なシグナルです" #: lib/util/strtoid.c:96 lib/util/strtomode.c:56 lib/util/strtonum.c:161 -#: lib/util/strtonum.c:196 +#: lib/util/strtonum.c:200 msgid "invalid value" msgstr "無効な値" @@ -112,87 +136,77 @@ msgid "value too small" msgstr "値が小さ過ぎます" -#: lib/util/sudo_conf.c:212 +#: lib/util/sudo_conf.c:210 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "無効な Path の値 \"%s\" が %s の %u 行目 にあります" -#: lib/util/sudo_conf.c:378 lib/util/sudo_conf.c:431 +#: lib/util/sudo_conf.c:376 lib/util/sudo_conf.c:392 lib/util/sudo_conf.c:445 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "無効な %s の値 \"%s\" が %s の %u 行目 にあります" -#: lib/util/sudo_conf.c:399 +#: lib/util/sudo_conf.c:413 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "サポートしていないグループソース \"%s\" が %s の %u 行目で指定されています" -#: lib/util/sudo_conf.c:415 +#: lib/util/sudo_conf.c:429 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "無効な最大グループの値 \"%s\" が %s の %u 行目 にあります" -#: lib/util/sudo_conf.c:576 -#, c-format -msgid "unable to stat %s" -msgstr "%s の状態取得 (stat) ができません" - -#: lib/util/sudo_conf.c:579 +#: lib/util/sudo_conf.c:599 #, c-format msgid "%s is not a regular file" msgstr "%s は通常ファイルではありません" -#: lib/util/sudo_conf.c:582 +#: lib/util/sudo_conf.c:602 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s はユーザーID %u によって所有されています。これは %u であるべきです" -#: lib/util/sudo_conf.c:586 +#: lib/util/sudo_conf.c:606 #, c-format msgid "%s is world writable" msgstr "%s は誰でも書き込み可能です" -#: lib/util/sudo_conf.c:589 +#: lib/util/sudo_conf.c:609 #, c-format msgid "%s is group writable" msgstr "%s はグループのメンバーによる書き込みが可能です" -#: lib/util/sudo_conf.c:599 src/selinux.c:233 src/selinux.c:250 src/sudo.c:363 -#, c-format -msgid "unable to open %s" -msgstr "%s を開けません" - -#: src/exec.c:111 +#: src/exec.c:135 #, c-format msgid "unknown login class %s" msgstr "不明なログインクラス %s です" -#: src/exec.c:123 +#: src/exec.c:147 msgid "unable to set user context" msgstr "ユーザーコンテキストを設定できません" -#: src/exec.c:139 +#: src/exec.c:163 msgid "unable to set process priority" msgstr "プロセス優先度を設定できません" -#: src/exec.c:150 +#: src/exec.c:177 #, c-format msgid "unable to change root to %s" msgstr "root を %s へ変更できません" -#: src/exec.c:163 src/exec.c:169 src/exec.c:176 +#: src/exec.c:190 src/exec.c:196 src/exec.c:203 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "実行時のユーザーID (uid) (%u, %u) へ変更できません" -#: src/exec.c:194 +#: src/exec.c:221 #, c-format msgid "unable to change directory to %s" msgstr "ディレクトリーを %s に変更できません" -#: src/exec.c:293 src/exec_monitor.c:576 src/exec_monitor.c:578 -#: src/exec_nopty.c:538 src/exec_pty.c:530 src/exec_pty.c:1336 -#: src/exec_pty.c:1338 src/signal.c:150 src/signal.c:164 +#: src/exec.c:304 src/exec_monitor.c:569 src/exec_monitor.c:571 +#: src/exec_nopty.c:537 src/exec_pty.c:566 src/exec_pty.c:1373 +#: src/exec_pty.c:1375 src/signal.c:150 src/signal.c:164 #, c-format msgid "unable to set handler for signal %d" msgstr "シグナル %d のハンドラを設定できません" @@ -201,89 +215,107 @@ msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "PRIV_LIMIT から PRIV_PROC_EXEC を取り除くことができません" -#: src/exec_monitor.c:366 +#: src/exec_monitor.c:365 msgid "error reading from socketpair" msgstr "ソケットペアからの読み込み中にエラーが発生しました" -#: src/exec_monitor.c:383 +#: src/exec_monitor.c:382 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "バックチャンネルに関する予期しないリプレイタイプです: %d" -#: src/exec_monitor.c:475 src/exec_monitor.c:483 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_monitor.c:533 -#: src/exec_monitor.c:540 src/exec_nopty.c:222 src/exec_nopty.c:231 -#: src/exec_nopty.c:238 src/exec_nopty.c:245 src/exec_nopty.c:252 -#: src/exec_nopty.c:259 src/exec_nopty.c:266 src/exec_nopty.c:273 -#: src/exec_nopty.c:280 src/exec_nopty.c:287 src/exec_nopty.c:294 -#: src/exec_nopty.c:301 src/exec_nopty.c:309 src/exec_pty.c:652 -#: src/exec_pty.c:657 src/exec_pty.c:754 src/exec_pty.c:761 src/exec_pty.c:858 -#: src/exec_pty.c:1173 src/exec_pty.c:1182 src/exec_pty.c:1189 -#: src/exec_pty.c:1196 src/exec_pty.c:1203 src/exec_pty.c:1210 -#: src/exec_pty.c:1217 src/exec_pty.c:1224 src/exec_pty.c:1231 -#: src/exec_pty.c:1238 src/exec_pty.c:1245 src/exec_pty.c:1621 -#: src/exec_pty.c:1631 src/exec_pty.c:1676 src/exec_pty.c:1683 -#: src/exec_pty.c:1710 +#: src/exec_monitor.c:468 src/exec_monitor.c:476 src/exec_monitor.c:484 +#: src/exec_monitor.c:491 src/exec_monitor.c:498 src/exec_monitor.c:505 +#: src/exec_monitor.c:512 src/exec_monitor.c:519 src/exec_monitor.c:526 +#: src/exec_monitor.c:533 src/exec_nopty.c:220 src/exec_nopty.c:229 +#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 +#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 +#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 +#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:688 +#: src/exec_pty.c:693 src/exec_pty.c:790 src/exec_pty.c:797 src/exec_pty.c:894 +#: src/exec_pty.c:1208 src/exec_pty.c:1217 src/exec_pty.c:1224 +#: src/exec_pty.c:1231 src/exec_pty.c:1238 src/exec_pty.c:1245 +#: src/exec_pty.c:1252 src/exec_pty.c:1259 src/exec_pty.c:1266 +#: src/exec_pty.c:1273 src/exec_pty.c:1280 src/exec_pty.c:1662 +#: src/exec_pty.c:1672 src/exec_pty.c:1717 src/exec_pty.c:1724 +#: src/exec_pty.c:1751 msgid "unable to add event to queue" msgstr "キューにイベントを追加できません" -#: src/exec_monitor.c:594 +#: src/exec_monitor.c:587 msgid "unable to set controlling tty" msgstr "tty の制御設定ができません" -#: src/exec_monitor.c:602 src/exec_nopty.c:366 src/exec_pty.c:1415 -#: src/exec_pty.c:1436 src/exec_pty.c:1456 src/tgetpass.c:307 +#: src/exec_monitor.c:595 src/exec_nopty.c:364 src/exec_pty.c:1452 +#: src/exec_pty.c:1473 src/exec_pty.c:1493 src/tgetpass.c:311 msgid "unable to create pipe" msgstr "パイプを作成できません" -#: src/exec_monitor.c:610 +#: src/exec_monitor.c:603 msgid "unable to receive message from parent" msgstr "親からのメッセージを受け取ることができません" -#: src/exec_monitor.c:624 src/exec_nopty.c:395 src/exec_pty.c:1494 -#: src/tgetpass.c:311 +#: src/exec_monitor.c:617 src/exec_nopty.c:393 src/exec_pty.c:1531 +#: src/tgetpass.c:315 msgid "unable to fork" msgstr "fork できません" -#: src/exec_monitor.c:628 src/exec_monitor.c:727 src/exec_nopty.c:448 +#: src/exec_monitor.c:621 src/exec_monitor.c:720 src/exec_nopty.c:447 msgid "unable to restore tty label" msgstr "tty ラベルを復旧できません" -#: src/exec_monitor.c:644 src/sesh.c:127 src/sudo.c:1100 +#: src/exec_monitor.c:637 src/sesh.c:127 src/sudo.c:1114 #, c-format msgid "unable to execute %s" msgstr "%s を実行できません" -#: src/exec_nopty.c:360 src/exec_pty.c:1345 +#: src/exec_nopty.c:358 src/exec_pty.c:1382 msgid "policy plugin failed session initialization" msgstr "ポリシープラグインがセッションの初期化に失敗しました" -#: src/exec_nopty.c:437 src/exec_pty.c:1581 +#: src/exec_nopty.c:435 src/exec_pty.c:1617 msgid "error in event loop" msgstr "イベントループでエラーが発生しました" -#: src/exec_nopty.c:546 src/exec_pty.c:565 src/signal.c:112 +#: src/exec_nopty.c:545 src/exec_pty.c:601 src/signal.c:112 #, c-format msgid "unable to restore handler for signal %d" msgstr "シグナル %d のハンドラを復元できません" -#: src/exec_pty.c:158 +#: src/exec_pty.c:157 msgid "unable to allocate pty" msgstr "pty を割り当てられません" -#: src/exec_pty.c:1325 +#: src/exec_pty.c:221 src/exec_pty.c:260 src/exec_pty.c:299 src/exec_pty.c:349 +#: src/exec_pty.c:399 +msgid "I/O plugin error" +msgstr "I/O プラグインエラー" + +#: src/exec_pty.c:224 src/exec_pty.c:263 src/exec_pty.c:302 src/exec_pty.c:352 +#: src/exec_pty.c:402 +msgid "command rejected by I/O plugin" +msgstr "I/O プラグインによりコマンドが拒否されました" + +#: src/exec_pty.c:449 +msgid "error logging suspend" +msgstr "エラーの記録が一時中断しています" + +#: src/exec_pty.c:482 +msgid "error changing window size" +msgstr "ウィンドウサイズの変更でエラー" + +#: src/exec_pty.c:1362 msgid "unable to create sockets" msgstr "ソケットを作成できません" -#: src/exec_pty.c:1538 +#: src/exec_pty.c:1574 msgid "unable to send message to monitor process" msgstr "監視プロセスへメッセージを送ることができません" #: src/load_plugins.c:57 src/load_plugins.c:70 src/load_plugins.c:92 -#: src/load_plugins.c:122 src/load_plugins.c:134 src/load_plugins.c:140 -#: src/load_plugins.c:181 src/load_plugins.c:189 src/load_plugins.c:196 -#: src/load_plugins.c:202 +#: src/load_plugins.c:122 src/load_plugins.c:136 src/load_plugins.c:142 +#: src/load_plugins.c:293 src/load_plugins.c:301 src/load_plugins.c:308 +#: src/load_plugins.c:348 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "%s, %d 行目 プラグイン \"%s\" をロード中にエラーが発生しました" @@ -293,61 +325,56 @@ msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:136 +#: src/load_plugins.c:138 #, c-format msgid "%s must be owned by uid %d" msgstr "%s の所有者は uid %d でなければいけません" -#: src/load_plugins.c:142 +#: src/load_plugins.c:144 #, c-format msgid "%s must be only be writable by owner" msgstr "%s は所有者のみ書き込み可能で無ければいけません" -#: src/load_plugins.c:183 +#: src/load_plugins.c:254 src/load_plugins.c:321 +#, c-format +msgid "ignoring duplicate plugin \"%s\" in %s, line %d" +msgstr "重複しているプラグイン \"%s\" を無視します。%s の %d 行目" + +#: src/load_plugins.c:295 #, c-format msgid "unable to load %s: %s" msgstr "%s をロードできません: %s" -#: src/load_plugins.c:191 +#: src/load_plugins.c:303 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "シンボル \"%s\" が %s に見つかりません" -#: src/load_plugins.c:198 -#, c-format -msgid "unknown policy type %d found in %s" -msgstr "不明なポリシータイプ %d が %s で見つかりました" - -#: src/load_plugins.c:204 +#: src/load_plugins.c:310 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "互換性の無いポリシーメジャーバージョン %d (予期されるのは %d)が %s で見つかりました" -#: src/load_plugins.c:213 +#: src/load_plugins.c:324 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "ポリシープラグイン \"%s\" を無視します。%s の %d 行目" -#: src/load_plugins.c:215 +#: src/load_plugins.c:326 msgid "only a single policy plugin may be specified" msgstr "1つのポリシープラグインのみ指定できます" -#: src/load_plugins.c:218 -#, c-format -msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" -msgstr "重複しているポリシープラグイン \"%s\" を無視します。%s の %d 行目" - -#: src/load_plugins.c:237 +#: src/load_plugins.c:350 #, c-format -msgid "ignoring duplicate I/O plugin \"%s\" in %s, line %d" -msgstr "重複している I/O プラグイン \"%s\" を無視します。%s の %d 行目" +msgid "unknown plugin type %d found in %s" +msgstr "不明なプラグインタイプ %d が %s で見つかりました" -#: src/load_plugins.c:353 +#: src/load_plugins.c:511 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "ポリシープラグイン %s には check_policy メソッドが含まれていません" -#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:473 +#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:478 #, c-format msgid "internal error, %s overflow" msgstr "内部エラー、 %s がオーバーフローしました" @@ -361,39 +388,39 @@ msgid "the argument to -C must be a number greater than or equal to 3" msgstr "-C の引数は 3 以上の数値でなければいけません" -#: src/parse_args.c:523 +#: src/parse_args.c:524 msgid "you may not specify both the `-i' and `-s' options" msgstr "`-i' と `-s' オプションを同時に指定することはできません" -#: src/parse_args.c:527 +#: src/parse_args.c:528 msgid "you may not specify both the `-i' and `-E' options" msgstr "`-i' と `-E' オプションを同時に指定することはできません" -#: src/parse_args.c:537 +#: src/parse_args.c:538 msgid "the `-E' option is not valid in edit mode" msgstr "`-E' オプションは編集モードでは無効です" -#: src/parse_args.c:539 +#: src/parse_args.c:540 msgid "you may not specify environment variables in edit mode" msgstr "編集モードでは環境変数を指定できません" -#: src/parse_args.c:547 +#: src/parse_args.c:548 msgid "the `-U' option may only be used with the `-l' option" msgstr "`-U' オプションは `-l' オプションのみと同時に指定できます" -#: src/parse_args.c:551 +#: src/parse_args.c:552 msgid "the `-A' and `-S' options may not be used together" msgstr "`-A' と `-S' オプションは同時に指定することはできません" -#: src/parse_args.c:627 +#: src/parse_args.c:645 msgid "sudoedit is not supported on this platform" msgstr "sudoedit はこのプラットフォームではサポートされていません" -#: src/parse_args.c:700 +#: src/parse_args.c:726 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "-e, -h, -i, -K, -l, -s, -v または -V のうち一つのみ指定できます" -#: src/parse_args.c:714 +#: src/parse_args.c:740 #, c-format msgid "" "%s - edit files as another user\n" @@ -402,7 +429,7 @@ "%s - 別のユーザーとしてファイルを編集します\n" "\n" -#: src/parse_args.c:716 +#: src/parse_args.c:742 #, c-format msgid "" "%s - execute a command as another user\n" @@ -411,7 +438,7 @@ "%s - 別のユーザーとしてコマンドを実行します\n" "\n" -#: src/parse_args.c:721 +#: src/parse_args.c:747 #, c-format msgid "" "\n" @@ -420,123 +447,123 @@ "\n" "オプション:\n" -#: src/parse_args.c:723 +#: src/parse_args.c:749 msgid "use a helper program for password prompting" msgstr "パスワード要求のために補助プログラムを使用する" -#: src/parse_args.c:726 +#: src/parse_args.c:752 msgid "use specified BSD authentication type" msgstr "指定した BSD 認証タイプを使用する" -#: src/parse_args.c:729 +#: src/parse_args.c:755 msgid "run command in the background" msgstr "コマンドをバックグラウンドで実行する" -#: src/parse_args.c:731 +#: src/parse_args.c:757 msgid "ring bell when prompting" msgstr "プロンプトと同時にベルを鳴らす" -#: src/parse_args.c:733 +#: src/parse_args.c:759 msgid "close all file descriptors >= num" msgstr "num 以上のすべてのファイル記述子を閉じる" -#: src/parse_args.c:736 +#: src/parse_args.c:762 msgid "run command with the specified BSD login class" msgstr "指定した BSD ログインクラスでコマンドを実行する" -#: src/parse_args.c:739 +#: src/parse_args.c:765 msgid "preserve user environment when running command" msgstr "コマンドを実行する時にユーザーの環境変数を維持する" -#: src/parse_args.c:741 +#: src/parse_args.c:767 msgid "preserve specific environment variables" msgstr "指定の環境変数を維持する" -#: src/parse_args.c:743 +#: src/parse_args.c:769 msgid "edit files instead of running a command" msgstr "コマンドを実行するのではなくファイルを編集する" -#: src/parse_args.c:745 +#: src/parse_args.c:771 msgid "run command as the specified group name or ID" msgstr "指定したグループ名またはグループIDでコマンドを実行する" -#: src/parse_args.c:747 +#: src/parse_args.c:773 msgid "set HOME variable to target user's home dir" msgstr "HOME 変数を変更先となるユーザーのホームディレクトリに設定する" -#: src/parse_args.c:749 +#: src/parse_args.c:775 msgid "display help message and exit" msgstr "このヘルプを表示して終了する" -#: src/parse_args.c:751 +#: src/parse_args.c:777 msgid "run command on host (if supported by plugin)" msgstr "host でコマンドを実行する(プラグインがサポートしている場合)" -#: src/parse_args.c:753 +#: src/parse_args.c:779 msgid "run login shell as the target user; a command may also be specified" msgstr "変更先のユーザーとしてログインシェルを実行する; コマンドを指定することもできます" -#: src/parse_args.c:755 +#: src/parse_args.c:781 msgid "remove timestamp file completely" msgstr "タイムスタンプファイルを完全に削除する" -#: src/parse_args.c:757 +#: src/parse_args.c:783 msgid "invalidate timestamp file" msgstr "無効なタイムスタンプファイルです" -#: src/parse_args.c:759 +#: src/parse_args.c:785 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "ユーザーの権限を一覧表示するまたは指定したコマンドについて確認する ;長い表示にするには2回指定すること" -#: src/parse_args.c:761 +#: src/parse_args.c:787 msgid "non-interactive mode, no prompts are used" msgstr "非対話モードで実行し、ユーザーに入力を求めない" -#: src/parse_args.c:763 +#: src/parse_args.c:789 msgid "preserve group vector instead of setting to target's" msgstr "グループベクトルを保護する (変更先のユーザーのものに設定しない)" -#: src/parse_args.c:765 +#: src/parse_args.c:791 msgid "use the specified password prompt" msgstr "指定したパスワードプロンプトを使用する" -#: src/parse_args.c:768 +#: src/parse_args.c:794 msgid "create SELinux security context with specified role" msgstr "指定した役割で SELinux セキュリティーコンテキストを作成する" -#: src/parse_args.c:771 +#: src/parse_args.c:797 msgid "read password from standard input" msgstr "標準入力からパスワードを読み込む" -#: src/parse_args.c:773 +#: src/parse_args.c:799 msgid "run shell as the target user; a command may also be specified" msgstr "変更先のユーザーとしてシェルを実行する; コマンドを指定することもできます" -#: src/parse_args.c:776 +#: src/parse_args.c:802 msgid "create SELinux security context with specified type" msgstr "指定したタイプで SELinux セキュリティーコンテキストを作成する" -#: src/parse_args.c:779 +#: src/parse_args.c:805 msgid "terminate command after the specified time limit" msgstr "指定した制限時間でコマンドの実行を中止する" -#: src/parse_args.c:781 +#: src/parse_args.c:807 msgid "in list mode, display privileges for user" msgstr "リストモードで、ユーザーの権限を表示する" -#: src/parse_args.c:783 +#: src/parse_args.c:809 msgid "run command (or edit file) as specified user name or ID" msgstr "指定したユーザー名またはユーザーIDでコマンドを実行する (またはファイルを編集する)" -#: src/parse_args.c:785 +#: src/parse_args.c:811 msgid "display version information and exit" msgstr "バージョン情報を表示して終了する" -#: src/parse_args.c:787 +#: src/parse_args.c:813 msgid "update user's timestamp without running a command" msgstr "コマンドを実行せずにユーザーのタイムスタンプを更新する" -#: src/parse_args.c:789 +#: src/parse_args.c:815 msgid "stop processing command line arguments" msgstr "コマンドライン引数の処理を終了する" @@ -568,7 +595,7 @@ msgid "unable to open %s, not relabeling tty" msgstr "%s を開くことができません。tty の再ラベル付けを行いません" -#: src/selinux.c:194 src/selinux.c:237 src/selinux.c:254 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s はキャラクターデバイスではありません、tty の再ラベル付けを行いません" @@ -589,54 +616,54 @@ msgid "unable to set new tty context" msgstr "新しい tty コンテキストを設定できません" -#: src/selinux.c:298 +#: src/selinux.c:322 #, c-format msgid "you must specify a role for type %s" msgstr "タイプ %s 用の役割を指定しなければいけません" -#: src/selinux.c:304 +#: src/selinux.c:328 #, c-format msgid "unable to get default type for role %s" msgstr "役割 %s 用のデフォルトのタイプを取得できません" -#: src/selinux.c:316 +#: src/selinux.c:340 msgid "failed to get new context" msgstr "新しいコンテキストの取得に失敗しました" -#: src/selinux.c:325 +#: src/selinux.c:349 #, c-format msgid "failed to set new role %s" msgstr "新しい役割 %s の設定に失敗しました" -#: src/selinux.c:329 +#: src/selinux.c:353 #, c-format msgid "failed to set new type %s" msgstr "新しいタイプ %s の設定に失敗しました" -#: src/selinux.c:341 +#: src/selinux.c:365 #, c-format msgid "%s is not a valid context" msgstr "%s は有効なコンテキストではありません" -#: src/selinux.c:373 +#: src/selinux.c:397 msgid "failed to get old context" msgstr "古いコンテキストの取得に失敗しました" -#: src/selinux.c:379 +#: src/selinux.c:403 msgid "unable to determine enforcing mode." msgstr "強制モードを決定することができません。" -#: src/selinux.c:396 +#: src/selinux.c:420 #, c-format msgid "unable to set tty context to %s" msgstr "新しい tty コンテキストを %s に設定できません" -#: src/selinux.c:428 +#: src/selinux.c:452 #, c-format msgid "unable to set exec context to %s" msgstr "実行コンテキストを %s に設定できません" -#: src/selinux.c:435 +#: src/selinux.c:459 #, c-format msgid "unable to set key creation context to %s" msgstr "キー作成コンテキストを %s へ設定できません" @@ -703,185 +730,211 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "警告、プロジェクト \"%s\" への資源制御割り当てに失敗しました" -#: src/sudo.c:204 +#: src/sudo.c:224 #, c-format msgid "Sudo version %s\n" msgstr "Sudo バージョン %s\n" -#: src/sudo.c:206 +#: src/sudo.c:226 #, c-format msgid "Configure options: %s\n" msgstr "configure オプション: %s\n" -#: src/sudo.c:214 +#: src/sudo.c:235 msgid "fatal error, unable to load plugins" msgstr "致命的エラー、プラグインをロードできません" -#: src/sudo.c:222 -msgid "unable to initialize policy plugin" -msgstr "ポリシープラグインを初期化できません" - -#: src/sudo.c:266 +#: src/sudo.c:280 msgid "plugin did not return a command to execute" msgstr "プラグインが実行するべきコマンドを返しませんでした" -#: src/sudo.c:282 -#, c-format -msgid "error initializing I/O plugin %s" -msgstr "I/O プラグイン %s を初期化中にエラーが発生しました" - -#: src/sudo.c:306 +#: src/sudo.c:311 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "予期しない sudo のモード 0x%x です" -#: src/sudo.c:538 +#: src/sudo.c:544 #, c-format msgid "you do not exist in the %s database" msgstr "あなたは %s データベースに存在しません" -#: src/sudo.c:595 +#: src/sudo.c:601 msgid "unable to determine tty" msgstr "tty を特定できません" -#: src/sudo.c:887 +#: src/sudo.c:893 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s は所有者が uid %d である必要があり、かつ setuid が設定されている必要があります" -#: src/sudo.c:890 +#: src/sudo.c:896 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "実効 uid が %d ではありません、%s は 'nosuid' が設定されたファイルシステムにあるか、root 権限のないNFSファイルシステムにあるのでは?" -#: src/sudo.c:896 +#: src/sudo.c:902 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "実効 uid が %d ではありません、sudo は setuid root を設定してインストールされていますか?" -#: src/sudo.c:912 +#: src/sudo.c:918 msgid "unable to set supplementary group IDs" msgstr "追加のグループIDを設定できません" -#: src/sudo.c:919 +#: src/sudo.c:925 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "実行時のグループID (gid) %u を実効グループIDに設定できません" -#: src/sudo.c:925 +#: src/sudo.c:931 #, c-format msgid "unable to set gid to runas gid %u" msgstr "実行時のグループID (gid) %u をグループIDに設定できません" -#: src/sudo.c:982 +#: src/sudo.c:978 #, c-format msgid "unexpected child termination condition: %d" msgstr "予期しない子プロセスの終了コードです: %d" -#: src/sudo.c:1128 +#: src/sudo.c:1087 +msgid "unable to initialize policy plugin" +msgstr "ポリシープラグインを初期化できません" + +#: src/sudo.c:1148 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "ポリシープラグイン %s には check_policy メソッドが含まれていません" -#: src/sudo.c:1146 +#: src/sudo.c:1163 src/sudo.c:1216 src/sudo.c:1260 +msgid "command rejected by policy" +msgstr "ポリシーによりコマンドが拒否されました" + +#: src/sudo.c:1168 src/sudo.c:1221 src/sudo.c:1265 +msgid "policy plugin error" +msgstr "ポリシープラグインエラー" + +#: src/sudo.c:1202 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "ポリシープラグイン %s は権限の一覧表示をサポートしていません" -#: src/sudo.c:1163 +#: src/sudo.c:1246 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "ポリシープラグイン %s は -v オプションをサポートしません" -#: src/sudo.c:1178 +#: src/sudo.c:1284 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "ポリシープラグイン %s は -k/-K オプションをサポートしません" -#: src/sudo_edit.c:221 +#: src/sudo.c:1413 +#, c-format +msgid "error initializing I/O plugin %s" +msgstr "I/O プラグイン %s を初期化中にエラーが発生しました" + +#: src/sudo.c:1567 +#, c-format +msgid "error initializing audit plugin %s" +msgstr "認証プラグイン %s を初期化中にエラーが発生しました" + +#: src/sudo.c:1745 +#, c-format +msgid "error initializing approval plugin %s" +msgstr "承認プラグイン %s を初期化中にエラーが発生しました" + +#: src/sudo.c:1821 +msgid "command rejected by approver" +msgstr "承認者によりコマンドが拒否されました" + +#: src/sudo.c:1830 +msgid "approval plugin error" +msgstr "承認プラグイン エラー" + +#: src/sudo_edit.c:233 msgid "no writable temporary directory found" msgstr "書き込み可能な一時ディレクトリが見つかりません" -#: src/sudo_edit.c:288 src/sudo_edit.c:377 +#: src/sudo_edit.c:358 msgid "unable to restore current working directory" msgstr "カレントディレクトリを復元できません" -#: src/sudo_edit.c:594 src/sudo_edit.c:707 +#: src/sudo_edit.c:575 src/sudo_edit.c:688 #, c-format msgid "%s: not a regular file" msgstr "%s: 通常ファイルではありません" -#: src/sudo_edit.c:601 +#: src/sudo_edit.c:582 #, c-format msgid "%s: editing symbolic links is not permitted" msgstr "%s: シンボリックリンクの編集は許可されていません" -#: src/sudo_edit.c:604 +#: src/sudo_edit.c:585 #, c-format msgid "%s: editing files in a writable directory is not permitted" msgstr "%s: 書き込み可能なディレクトリ内のファイルの編集は許可されていません" -#: src/sudo_edit.c:637 src/sudo_edit.c:747 +#: src/sudo_edit.c:618 src/sudo_edit.c:728 #, c-format msgid "%s: short write" msgstr "%s: 短い書き込みです" -#: src/sudo_edit.c:708 +#: src/sudo_edit.c:689 #, c-format msgid "%s left unmodified" msgstr "%s を修正しないままにします" -#: src/sudo_edit.c:721 src/sudo_edit.c:908 +#: src/sudo_edit.c:702 src/sudo_edit.c:889 #, c-format msgid "%s unchanged" msgstr "%s を変更しません" -#: src/sudo_edit.c:736 src/sudo_edit.c:758 +#: src/sudo_edit.c:717 src/sudo_edit.c:739 #, c-format msgid "unable to write to %s" msgstr "%s へ書き込むことができません" -#: src/sudo_edit.c:737 src/sudo_edit.c:756 src/sudo_edit.c:759 -#: src/sudo_edit.c:933 src/sudo_edit.c:937 +#: src/sudo_edit.c:718 src/sudo_edit.c:737 src/sudo_edit.c:740 +#: src/sudo_edit.c:914 src/sudo_edit.c:918 #, c-format msgid "contents of edit session left in %s" msgstr "編集セッションの内容が %s 内に残っています" -#: src/sudo_edit.c:755 +#: src/sudo_edit.c:736 msgid "unable to read temporary file" msgstr "一時ファイルを読み込むことができません" -#: src/sudo_edit.c:838 +#: src/sudo_edit.c:819 msgid "sesh: internal error: odd number of paths" msgstr "sesh: 内部エラー: パスの数がおかしいです" -#: src/sudo_edit.c:840 +#: src/sudo_edit.c:821 msgid "sesh: unable to create temporary files" msgstr "sesh: 一時ファイルを作成することができません" -#: src/sudo_edit.c:842 src/sudo_edit.c:940 +#: src/sudo_edit.c:823 src/sudo_edit.c:921 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: 不明なエラー %d" -#: src/sudo_edit.c:932 +#: src/sudo_edit.c:913 msgid "unable to copy temporary files back to their original location" msgstr "一時ファイルを元の場所に戻すことができません" -#: src/sudo_edit.c:936 +#: src/sudo_edit.c:917 msgid "unable to copy some of the temporary files back to their original location" msgstr "一時ファイルのいくつかを元の場所に戻すことができません" -#: src/sudo_edit.c:981 +#: src/sudo_edit.c:962 #, c-format msgid "unable to change uid to root (%u)" msgstr "ユーザーID (uid) を root (%u) に変更できません" -#: src/sudo_edit.c:998 +#: src/sudo_edit.c:979 msgid "plugin error: missing file list for sudoedit" msgstr "プラグインエラー: sudoedit 用のファイル一覧がありません" -#: src/sudo_edit.c:1039 src/sudo_edit.c:1052 +#: src/sudo_edit.c:1020 src/sudo_edit.c:1033 msgid "unable to read the clock" msgstr "時刻を読み込むことができません" @@ -905,17 +958,17 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "パスワードを尋ねる (askpass) プログラムが指定されていません。 SUDO_ASKPASS を設定し、やり直してください" -#: src/tgetpass.c:322 +#: src/tgetpass.c:332 #, c-format msgid "unable to set gid to %u" msgstr "グループIDを %u に設定できません" -#: src/tgetpass.c:326 +#: src/tgetpass.c:336 #, c-format msgid "unable to set uid to %u" msgstr "ユーザーIDを %u に設定できません" -#: src/tgetpass.c:331 +#: src/tgetpass.c:341 #, c-format msgid "unable to run %s" msgstr "%s を実行できません" @@ -932,6 +985,9 @@ msgid "unable to restore stdin" msgstr "標準入力を復元できません" +#~ msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" +#~ msgstr "重複しているポリシープラグイン \"%s\" を無視します。%s の %d 行目" + #~ msgid "no tty present and no askpass program specified" #~ msgstr "端末 (tty) が存在せず、パスワードを尋ねる (askpass) プログラムが指定されていません" @@ -944,9 +1000,6 @@ #~ msgid "error reading from signal pipe" #~ msgstr "シグナルパイプからの読み込み中にエラーが発生しました" -#~ msgid "error reading from pipe" -#~ msgstr "パイプからの読み込み中にエラーが発生しました" - #~ msgid "internal error, tried allocate zero bytes" #~ msgstr "内部エラー、0バイトの確保を試みました" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/po/nb.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/po/nb.mo differ diff -Nru sudo-1.8.31/po/nb.po sudo-1.9.0/po/nb.po --- sudo-1.8.31/po/nb.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/po/nb.po 2020-05-11 16:28:23.000000000 +0000 @@ -2,14 +2,14 @@ # This file is distributed under the same license as the sudo package. # Copyright (C) 2017 Free Software Foundation, Inc. # Todd C. Miller , 2011-2013. -# Åka Sikrom , 2014-2019. +# Åka Sikrom , 2014-2020. # msgid "" msgstr "" -"Project-Id-Version: sudo-1.8.29rc1\n" +"Project-Id-Version: sudo-1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-10-29 09:12+0100\n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-03-16 07:31+0100\n" "Last-Translator: Åka Sikrom \n" "Language-Team: Norwegian Bokmaal \n" "Language: nb\n" @@ -34,74 +34,98 @@ msgstr "klarte ikke å gjenopprette register" #: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/gidlist.c:81 -#: lib/util/sudo_conf.c:193 lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 -#: lib/util/sudo_conf.c:560 src/conversation.c:84 src/exec_common.c:114 -#: src/exec_common.c:130 src/exec_common.c:139 src/exec_monitor.c:212 -#: src/exec_monitor.c:467 src/exec_monitor.c:473 src/exec_monitor.c:481 +#: lib/util/json.c:66 lib/util/json.c:192 lib/util/sudo_conf.c:191 +#: lib/util/sudo_conf.c:277 lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 +#: src/conversation.c:86 src/exec_common.c:114 src/exec_common.c:130 +#: src/exec_common.c:139 src/exec_monitor.c:211 src/exec_monitor.c:460 +#: src/exec_monitor.c:466 src/exec_monitor.c:474 src/exec_monitor.c:482 #: src/exec_monitor.c:489 src/exec_monitor.c:496 src/exec_monitor.c:503 #: src/exec_monitor.c:510 src/exec_monitor.c:517 src/exec_monitor.c:524 -#: src/exec_monitor.c:531 src/exec_monitor.c:538 src/exec_nopty.c:214 -#: src/exec_nopty.c:220 src/exec_nopty.c:229 src/exec_nopty.c:236 -#: src/exec_nopty.c:243 src/exec_nopty.c:250 src/exec_nopty.c:257 -#: src/exec_nopty.c:264 src/exec_nopty.c:271 src/exec_nopty.c:278 -#: src/exec_nopty.c:285 src/exec_nopty.c:292 src/exec_nopty.c:299 -#: src/exec_nopty.c:307 src/exec_nopty.c:480 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1002 -#: src/exec_pty.c:1165 src/exec_pty.c:1171 src/exec_pty.c:1180 -#: src/exec_pty.c:1187 src/exec_pty.c:1194 src/exec_pty.c:1201 -#: src/exec_pty.c:1208 src/exec_pty.c:1215 src/exec_pty.c:1222 -#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 -#: src/exec_pty.c:1251 src/exec_pty.c:1668 src/load_plugins.c:59 -#: src/load_plugins.c:72 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:207 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:679 src/sudo.c:689 src/sudo.c:710 src/sudo.c:729 -#: src/sudo.c:738 src/sudo.c:747 src/sudo.c:764 src/sudo.c:805 src/sudo.c:815 -#: src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 src/sudo.c:1240 -#: src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 src/sudo_edit.c:891 -#: src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:531 src/exec_nopty.c:218 src/exec_nopty.c:227 +#: src/exec_nopty.c:234 src/exec_nopty.c:241 src/exec_nopty.c:248 +#: src/exec_nopty.c:255 src/exec_nopty.c:262 src/exec_nopty.c:269 +#: src/exec_nopty.c:276 src/exec_nopty.c:283 src/exec_nopty.c:290 +#: src/exec_nopty.c:297 src/exec_nopty.c:305 src/exec_nopty.c:479 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1038 src/exec_pty.c:1206 src/exec_pty.c:1215 +#: src/exec_pty.c:1222 src/exec_pty.c:1229 src/exec_pty.c:1236 +#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 +#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 +#: src/exec_pty.c:1286 src/exec_pty.c:1709 src/load_plugins.c:59 +#: src/load_plugins.c:72 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:207 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:625 src/sudo.c:685 +#: src/sudo.c:695 src/sudo.c:716 src/sudo.c:735 src/sudo.c:744 src/sudo.c:753 +#: src/sudo.c:770 src/sudo.c:811 src/sudo.c:821 src/sudo.c:847 src/sudo.c:1037 +#: src/sudo.c:1059 src/sudo.c:1355 src/sudo.c:1528 src/sudo.c:1722 +#: src/sudo.c:2066 src/sudo_edit.c:270 src/sudo_edit.c:775 src/sudo_edit.c:872 +#: src/sudo_edit.c:986 src/sudo_edit.c:1006 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/sudo_conf.c:194 -#: lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 lib/util/sudo_conf.c:560 -#: src/conversation.c:85 src/exec_common.c:114 src/exec_common.c:131 -#: src/exec_common.c:140 src/exec_monitor.c:467 src/exec_monitor.c:473 -#: src/exec_monitor.c:481 src/exec_monitor.c:489 src/exec_monitor.c:496 +#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/json.c:67 +#: lib/util/json.c:193 lib/util/sudo_conf.c:192 lib/util/sudo_conf.c:277 +#: lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 src/conversation.c:87 +#: src/exec_common.c:114 src/exec_common.c:131 src/exec_common.c:140 +#: src/exec_monitor.c:460 src/exec_monitor.c:466 src/exec_monitor.c:474 +#: src/exec_monitor.c:482 src/exec_monitor.c:489 src/exec_monitor.c:496 #: src/exec_monitor.c:503 src/exec_monitor.c:510 src/exec_monitor.c:517 -#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_monitor.c:538 -#: src/exec_nopty.c:214 src/exec_nopty.c:220 src/exec_nopty.c:229 -#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 -#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 -#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 -#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1165 -#: src/exec_pty.c:1171 src/exec_pty.c:1180 src/exec_pty.c:1187 -#: src/exec_pty.c:1194 src/exec_pty.c:1201 src/exec_pty.c:1208 -#: src/exec_pty.c:1215 src/exec_pty.c:1222 src/exec_pty.c:1229 -#: src/exec_pty.c:1236 src/exec_pty.c:1243 src/exec_pty.c:1251 -#: src/exec_pty.c:1668 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:208 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 -#: src/sudo.c:1240 src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 -#: src/sudo_edit.c:891 src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_nopty.c:218 +#: src/exec_nopty.c:227 src/exec_nopty.c:234 src/exec_nopty.c:241 +#: src/exec_nopty.c:248 src/exec_nopty.c:255 src/exec_nopty.c:262 +#: src/exec_nopty.c:269 src/exec_nopty.c:276 src/exec_nopty.c:283 +#: src/exec_nopty.c:290 src/exec_nopty.c:297 src/exec_nopty.c:305 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1206 src/exec_pty.c:1215 src/exec_pty.c:1222 +#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 +#: src/exec_pty.c:1250 src/exec_pty.c:1257 src/exec_pty.c:1264 +#: src/exec_pty.c:1271 src/exec_pty.c:1278 src/exec_pty.c:1286 +#: src/exec_pty.c:1709 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:208 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:239 src/sudo.c:625 +#: src/sudo.c:847 src/sudo.c:1037 src/sudo.c:1059 src/sudo.c:1355 +#: src/sudo.c:1528 src/sudo.c:1722 src/sudo.c:2066 src/sudo_edit.c:270 +#: src/sudo_edit.c:775 src/sudo_edit.c:872 src/sudo_edit.c:986 +#: src/sudo_edit.c:1006 msgid "unable to allocate memory" msgstr "klarte ikke å tildele minne" +#: lib/util/mkdir_parents.c:79 lib/util/sudo_conf.c:619 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 +#, c-format +msgid "unable to open %s" +msgstr "klarte ikke å åpne %s" + +#: lib/util/mkdir_parents.c:94 +#, c-format +msgid "unable to mkdir %s" +msgstr "klarte ikke å opprette mappe %s" + +#: lib/util/mkdir_parents.c:103 lib/util/sudo_conf.c:596 +#, c-format +msgid "unable to stat %s" +msgstr "klarte ikke å lage statistikk av %s" + +#: lib/util/mkdir_parents.c:108 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s finnes, men er ikke en mappe (0%o)" + #: lib/util/strsignal.c:55 msgid "Unknown signal" msgstr "Ukjent signal" #: lib/util/strtoid.c:96 lib/util/strtomode.c:56 lib/util/strtonum.c:161 -#: lib/util/strtonum.c:196 +#: lib/util/strtonum.c:200 msgid "invalid value" msgstr "ugyldig verdi" @@ -113,87 +137,77 @@ msgid "value too small" msgstr "verdien er for liten" -#: lib/util/sudo_conf.c:212 +#: lib/util/sudo_conf.c:210 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "«%s» er en ugyldig Path-verdi i %s, linje %u" -#: lib/util/sudo_conf.c:378 lib/util/sudo_conf.c:431 +#: lib/util/sudo_conf.c:376 lib/util/sudo_conf.c:392 lib/util/sudo_conf.c:445 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "«%2$s» er en ugyldig verdi for %1$s i %3$s, linje %4$u" -#: lib/util/sudo_conf.c:399 +#: lib/util/sudo_conf.c:413 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "gruppekilden «%s» (i %s, linje %u) støttes ikke" -#: lib/util/sudo_conf.c:415 +#: lib/util/sudo_conf.c:429 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "«%s» er et ugyldig maskimalt antall grupper i %s, linje %u" -#: lib/util/sudo_conf.c:576 -#, c-format -msgid "unable to stat %s" -msgstr "klarte ikke å lage statistikk av %s" - -#: lib/util/sudo_conf.c:579 +#: lib/util/sudo_conf.c:599 #, c-format msgid "%s is not a regular file" msgstr "«%s» er ikke en vanlig fil" -#: lib/util/sudo_conf.c:582 +#: lib/util/sudo_conf.c:602 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "«%s» eies av uid %u, som skulle vært %u" -#: lib/util/sudo_conf.c:586 +#: lib/util/sudo_conf.c:606 #, c-format msgid "%s is world writable" msgstr "«%s» kan overskrives av alle" -#: lib/util/sudo_conf.c:589 +#: lib/util/sudo_conf.c:609 #, c-format msgid "%s is group writable" msgstr "«%s» kan overskrives av eiergruppa" -#: lib/util/sudo_conf.c:599 src/selinux.c:233 src/selinux.c:250 src/sudo.c:363 -#, c-format -msgid "unable to open %s" -msgstr "klarte ikke å åpne %s" - -#: src/exec.c:111 +#: src/exec.c:135 #, c-format msgid "unknown login class %s" msgstr "innloggingsklassen «%s» er ukjent" -#: src/exec.c:123 +#: src/exec.c:147 msgid "unable to set user context" msgstr "klarte ikke å velge brukerkontekst" -#: src/exec.c:139 +#: src/exec.c:163 msgid "unable to set process priority" msgstr "klarte ikke å velge prosessprioritet" -#: src/exec.c:150 +#: src/exec.c:177 #, c-format msgid "unable to change root to %s" msgstr "klarte ikke å endre rot til «%s»" -#: src/exec.c:163 src/exec.c:169 src/exec.c:176 +#: src/exec.c:190 src/exec.c:196 src/exec.c:203 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "klarte ikke å endre til runas uid (%u, %u)" -#: src/exec.c:194 +#: src/exec.c:221 #, c-format msgid "unable to change directory to %s" msgstr "klarte ikke å endre mappe til «%s»" -#: src/exec.c:293 src/exec_monitor.c:576 src/exec_monitor.c:578 -#: src/exec_nopty.c:538 src/exec_pty.c:530 src/exec_pty.c:1336 -#: src/exec_pty.c:1338 src/signal.c:150 src/signal.c:164 +#: src/exec.c:304 src/exec_monitor.c:569 src/exec_monitor.c:571 +#: src/exec_nopty.c:537 src/exec_pty.c:566 src/exec_pty.c:1373 +#: src/exec_pty.c:1375 src/signal.c:150 src/signal.c:164 #, c-format msgid "unable to set handler for signal %d" msgstr "klarte ikke å velge håndtering av signal %d" @@ -202,89 +216,107 @@ msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "klarte ikke å fjerne PRIV_PROC_EXEC fra PRIV_LIMIT" -#: src/exec_monitor.c:366 +#: src/exec_monitor.c:365 msgid "error reading from socketpair" msgstr "feil under lesing fra sokkelpar" -#: src/exec_monitor.c:383 +#: src/exec_monitor.c:382 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "uforventet responstype i bak-kanalen: %d" -#: src/exec_monitor.c:475 src/exec_monitor.c:483 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_monitor.c:533 -#: src/exec_monitor.c:540 src/exec_nopty.c:222 src/exec_nopty.c:231 -#: src/exec_nopty.c:238 src/exec_nopty.c:245 src/exec_nopty.c:252 -#: src/exec_nopty.c:259 src/exec_nopty.c:266 src/exec_nopty.c:273 -#: src/exec_nopty.c:280 src/exec_nopty.c:287 src/exec_nopty.c:294 -#: src/exec_nopty.c:301 src/exec_nopty.c:309 src/exec_pty.c:652 -#: src/exec_pty.c:657 src/exec_pty.c:754 src/exec_pty.c:761 src/exec_pty.c:858 -#: src/exec_pty.c:1173 src/exec_pty.c:1182 src/exec_pty.c:1189 -#: src/exec_pty.c:1196 src/exec_pty.c:1203 src/exec_pty.c:1210 -#: src/exec_pty.c:1217 src/exec_pty.c:1224 src/exec_pty.c:1231 -#: src/exec_pty.c:1238 src/exec_pty.c:1245 src/exec_pty.c:1621 -#: src/exec_pty.c:1631 src/exec_pty.c:1676 src/exec_pty.c:1683 -#: src/exec_pty.c:1710 +#: src/exec_monitor.c:468 src/exec_monitor.c:476 src/exec_monitor.c:484 +#: src/exec_monitor.c:491 src/exec_monitor.c:498 src/exec_monitor.c:505 +#: src/exec_monitor.c:512 src/exec_monitor.c:519 src/exec_monitor.c:526 +#: src/exec_monitor.c:533 src/exec_nopty.c:220 src/exec_nopty.c:229 +#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 +#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 +#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 +#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:688 +#: src/exec_pty.c:693 src/exec_pty.c:790 src/exec_pty.c:797 src/exec_pty.c:894 +#: src/exec_pty.c:1208 src/exec_pty.c:1217 src/exec_pty.c:1224 +#: src/exec_pty.c:1231 src/exec_pty.c:1238 src/exec_pty.c:1245 +#: src/exec_pty.c:1252 src/exec_pty.c:1259 src/exec_pty.c:1266 +#: src/exec_pty.c:1273 src/exec_pty.c:1280 src/exec_pty.c:1662 +#: src/exec_pty.c:1672 src/exec_pty.c:1717 src/exec_pty.c:1724 +#: src/exec_pty.c:1751 msgid "unable to add event to queue" msgstr "klarte ikke å legge hendelse i kø" -#: src/exec_monitor.c:594 +#: src/exec_monitor.c:587 msgid "unable to set controlling tty" msgstr "klarte ikke å velge styrende tty" -#: src/exec_monitor.c:602 src/exec_nopty.c:366 src/exec_pty.c:1415 -#: src/exec_pty.c:1436 src/exec_pty.c:1456 src/tgetpass.c:307 +#: src/exec_monitor.c:595 src/exec_nopty.c:364 src/exec_pty.c:1452 +#: src/exec_pty.c:1473 src/exec_pty.c:1493 src/tgetpass.c:311 msgid "unable to create pipe" msgstr "klarte ikke å lage datarør" -#: src/exec_monitor.c:610 +#: src/exec_monitor.c:603 msgid "unable to receive message from parent" msgstr "klarte ikke å motta melding fra forelder" -#: src/exec_monitor.c:624 src/exec_nopty.c:395 src/exec_pty.c:1494 -#: src/tgetpass.c:311 +#: src/exec_monitor.c:617 src/exec_nopty.c:393 src/exec_pty.c:1531 +#: src/tgetpass.c:315 msgid "unable to fork" msgstr "klarte ikke å lage kopi av prosess" -#: src/exec_monitor.c:628 src/exec_monitor.c:727 src/exec_nopty.c:448 +#: src/exec_monitor.c:621 src/exec_monitor.c:720 src/exec_nopty.c:447 msgid "unable to restore tty label" msgstr "klarte ikke å gjenopprette tty-etikett" -#: src/exec_monitor.c:644 src/sesh.c:127 src/sudo.c:1100 +#: src/exec_monitor.c:637 src/sesh.c:127 src/sudo.c:1114 #, c-format msgid "unable to execute %s" msgstr "klarte ikke å kjøre «%s»" -#: src/exec_nopty.c:360 src/exec_pty.c:1345 +#: src/exec_nopty.c:358 src/exec_pty.c:1382 msgid "policy plugin failed session initialization" msgstr "regeltillegg klarte ikke å starte økt" -#: src/exec_nopty.c:437 src/exec_pty.c:1581 +#: src/exec_nopty.c:435 src/exec_pty.c:1617 msgid "error in event loop" msgstr "feil i hendelsesløkke" -#: src/exec_nopty.c:546 src/exec_pty.c:565 src/signal.c:112 +#: src/exec_nopty.c:545 src/exec_pty.c:601 src/signal.c:112 #, c-format msgid "unable to restore handler for signal %d" msgstr "klarte ikke å gjenopprette håndtering av signal %d" -#: src/exec_pty.c:158 +#: src/exec_pty.c:157 msgid "unable to allocate pty" msgstr "klarte ikke å tildele pty" -#: src/exec_pty.c:1325 +#: src/exec_pty.c:221 src/exec_pty.c:260 src/exec_pty.c:299 src/exec_pty.c:349 +#: src/exec_pty.c:399 +msgid "I/O plugin error" +msgstr "Feil med I/O-tillegg" + +#: src/exec_pty.c:224 src/exec_pty.c:263 src/exec_pty.c:302 src/exec_pty.c:352 +#: src/exec_pty.c:402 +msgid "command rejected by I/O plugin" +msgstr "kommando avvist av I/O-tillegg" + +#: src/exec_pty.c:449 +msgid "error logging suspend" +msgstr "feil under loggføring av hvilemodus" + +#: src/exec_pty.c:482 +msgid "error changing window size" +msgstr "feil under endring av vindustørrelse" + +#: src/exec_pty.c:1362 msgid "unable to create sockets" msgstr "klarte ikke å lage sokkel" -#: src/exec_pty.c:1538 +#: src/exec_pty.c:1574 msgid "unable to send message to monitor process" msgstr "klarte ikke å sende melding til overvåkningsprosess" #: src/load_plugins.c:57 src/load_plugins.c:70 src/load_plugins.c:92 -#: src/load_plugins.c:122 src/load_plugins.c:134 src/load_plugins.c:140 -#: src/load_plugins.c:181 src/load_plugins.c:189 src/load_plugins.c:196 -#: src/load_plugins.c:202 +#: src/load_plugins.c:122 src/load_plugins.c:136 src/load_plugins.c:142 +#: src/load_plugins.c:293 src/load_plugins.c:301 src/load_plugins.c:308 +#: src/load_plugins.c:348 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "feil i «%s» linje %d under innlasting av tillegg «%s»" @@ -294,61 +326,56 @@ msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:136 +#: src/load_plugins.c:138 #, c-format msgid "%s must be owned by uid %d" msgstr "«%s» må eies av uid %d" -#: src/load_plugins.c:142 +#: src/load_plugins.c:144 #, c-format msgid "%s must be only be writable by owner" msgstr "«%s» kan ikke være overskrivbar for andre enn eier" -#: src/load_plugins.c:183 +#: src/load_plugins.c:254 src/load_plugins.c:321 +#, c-format +msgid "ignoring duplicate plugin \"%s\" in %s, line %d" +msgstr "duplikattillegg «%s» for inn- og utdata i «%s» linje %d blir ignorert" + +#: src/load_plugins.c:295 #, c-format msgid "unable to load %s: %s" msgstr "klarte ikke å laste inn «%s». %s" -#: src/load_plugins.c:191 +#: src/load_plugins.c:303 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "fant ikke symbol «%s» i %s" -#: src/load_plugins.c:198 -#, c-format -msgid "unknown policy type %d found in %s" -msgstr "regeltypen «%d», som ble funnet i «%s», er ukjent" - -#: src/load_plugins.c:204 +#: src/load_plugins.c:310 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "ukompatibel versjon av programtillegg %d (forventet %d) ble funnet i «%s»" -#: src/load_plugins.c:213 +#: src/load_plugins.c:324 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "regeltillegg «%s» i «%s» linje %d blir ignorert" -#: src/load_plugins.c:215 +#: src/load_plugins.c:326 msgid "only a single policy plugin may be specified" msgstr "du kan bare velge ett regeltillegg" -#: src/load_plugins.c:218 -#, c-format -msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" -msgstr "duplikattillegg «%s» i «%s» linje %d blir ignorert" - -#: src/load_plugins.c:237 +#: src/load_plugins.c:350 #, c-format -msgid "ignoring duplicate I/O plugin \"%s\" in %s, line %d" -msgstr "duplikattillegg «%s» for inn- og utdata i «%s» line %d blir ignorert" +msgid "unknown plugin type %d found in %s" +msgstr "tilleggstype «%d» som ble funnet i «%s» er ukjent" -#: src/load_plugins.c:353 +#: src/load_plugins.c:511 #, c-format msgid "policy plugin %s does not include a check_policy method" -msgstr "regeltillegget «%s» inneholder ikke en «check_policy»-metode" +msgstr "regeltillegg «%s» inneholder ikke en «check_policy»-metode" -#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:473 +#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:478 #, c-format msgid "internal error, %s overflow" msgstr "intern feil: %s er full" @@ -362,39 +389,39 @@ msgid "the argument to -C must be a number greater than or equal to 3" msgstr "«-C» må brukes med et tallargument med en verdi på minst 3" -#: src/parse_args.c:523 +#: src/parse_args.c:524 msgid "you may not specify both the `-i' and `-s' options" msgstr "du kan ikke velge både «-i» og «-s»" -#: src/parse_args.c:527 +#: src/parse_args.c:528 msgid "you may not specify both the `-i' and `-E' options" msgstr "du kan ikke velge både «-i» og «-E»" -#: src/parse_args.c:537 +#: src/parse_args.c:538 msgid "the `-E' option is not valid in edit mode" msgstr "valget «-E» er ugyldig i redigeringsmodus" -#: src/parse_args.c:539 +#: src/parse_args.c:540 msgid "you may not specify environment variables in edit mode" msgstr "du kan ikke velge miljøvariabler i redigeringsmodus" -#: src/parse_args.c:547 +#: src/parse_args.c:548 msgid "the `-U' option may only be used with the `-l' option" msgstr "valget «-U» kan ikke brukes uten «-l»" -#: src/parse_args.c:551 +#: src/parse_args.c:552 msgid "the `-A' and `-S' options may not be used together" msgstr "valgene «-A» og «-S» kan ikke brukes samtidig" -#: src/parse_args.c:627 +#: src/parse_args.c:645 msgid "sudoedit is not supported on this platform" msgstr "sudoedit støttes ikke på denne plattformen" -#: src/parse_args.c:700 +#: src/parse_args.c:726 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Du kan bare velge ett av valgene -e, -h, -i, -K, -l, -s, -v eller -V" -#: src/parse_args.c:714 +#: src/parse_args.c:740 #, c-format msgid "" "%s - edit files as another user\n" @@ -403,7 +430,7 @@ "%s - rediger filer som om du var en annen bruker\n" "\n" -#: src/parse_args.c:716 +#: src/parse_args.c:742 #, c-format msgid "" "%s - execute a command as another user\n" @@ -412,7 +439,7 @@ "%s - kjør en kommando som om du var en annen bruker\n" "\n" -#: src/parse_args.c:721 +#: src/parse_args.c:747 #, c-format msgid "" "\n" @@ -421,123 +448,123 @@ "\n" "Valg:\n" -#: src/parse_args.c:723 +#: src/parse_args.c:749 msgid "use a helper program for password prompting" msgstr "bruk et hjelpeprogram for å oppgi passord" -#: src/parse_args.c:726 +#: src/parse_args.c:752 msgid "use specified BSD authentication type" msgstr "bruk valgt BSD-autentiseringsmetode" -#: src/parse_args.c:729 +#: src/parse_args.c:755 msgid "run command in the background" msgstr "kjør kommando i bakgrunnen" -#: src/parse_args.c:731 +#: src/parse_args.c:757 msgid "ring bell when prompting" msgstr "lag varsellyd ved spørrende ledetekst" -#: src/parse_args.c:733 +#: src/parse_args.c:759 msgid "close all file descriptors >= num" msgstr "lukk alle fildeskriptorer >= num" -#: src/parse_args.c:736 +#: src/parse_args.c:762 msgid "run command with the specified BSD login class" msgstr "kjør kommando med valgt BSD-innloggingsklasse" -#: src/parse_args.c:739 +#: src/parse_args.c:765 msgid "preserve user environment when running command" msgstr "behold gjeldende brukermiljø når kommandoen kjøres" -#: src/parse_args.c:741 +#: src/parse_args.c:767 msgid "preserve specific environment variables" msgstr "behold bestemte miljøvariabler" -#: src/parse_args.c:743 +#: src/parse_args.c:769 msgid "edit files instead of running a command" msgstr "rediger filer i stedet for å kjøre en kommando" -#: src/parse_args.c:745 +#: src/parse_args.c:771 msgid "run command as the specified group name or ID" msgstr "kjør kommando som om du var en del av valgt gruppe (-navn eller -ID)" -#: src/parse_args.c:747 +#: src/parse_args.c:773 msgid "set HOME variable to target user's home dir" msgstr "bruk valgt brukers hjemmemappe som HOME-miljøvariabel" -#: src/parse_args.c:749 +#: src/parse_args.c:775 msgid "display help message and exit" msgstr "vis hjelpetekst og avslutt" -#: src/parse_args.c:751 +#: src/parse_args.c:777 msgid "run command on host (if supported by plugin)" msgstr "kjør kommando på verten (hvis programtillegget støtter det)" -#: src/parse_args.c:753 +#: src/parse_args.c:779 msgid "run login shell as the target user; a command may also be specified" msgstr "kjør innloggingsskall som om du var den valgte brukeren (du kan også oppgi en kommando her)" -#: src/parse_args.c:755 +#: src/parse_args.c:781 msgid "remove timestamp file completely" msgstr "fjern tidsstempel-fil skikkelig" -#: src/parse_args.c:757 +#: src/parse_args.c:783 msgid "invalidate timestamp file" msgstr "gjør tidsstempel-fil ugyldig" -#: src/parse_args.c:759 +#: src/parse_args.c:785 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "vis brukerens privilegier, eller sjekk om det fungerer å kjøre en bestemt kommando (bruk to ganger for å se et lengre format)" -#: src/parse_args.c:761 +#: src/parse_args.c:787 msgid "non-interactive mode, no prompts are used" msgstr "stillemodus (ingen ledetekst vises)" -#: src/parse_args.c:763 +#: src/parse_args.c:789 msgid "preserve group vector instead of setting to target's" msgstr "behold gruppevektor, i stedet for å bruke den som gjelder for målet" -#: src/parse_args.c:765 +#: src/parse_args.c:791 msgid "use the specified password prompt" msgstr "bruk valgt passord-ledetekst" -#: src/parse_args.c:768 +#: src/parse_args.c:794 msgid "create SELinux security context with specified role" msgstr "lag SELinux-sikkerhetskontekst med valgt rolle" -#: src/parse_args.c:771 +#: src/parse_args.c:797 msgid "read password from standard input" msgstr "les passord fra standard inndata" -#: src/parse_args.c:773 +#: src/parse_args.c:799 msgid "run shell as the target user; a command may also be specified" msgstr "kjør skall som valgt bruker (du kan også oppgi en kommando her)" -#: src/parse_args.c:776 +#: src/parse_args.c:802 msgid "create SELinux security context with specified type" msgstr "lag SELinux-sikkerhetskontekst med valgt type" -#: src/parse_args.c:779 +#: src/parse_args.c:805 msgid "terminate command after the specified time limit" msgstr "avslutt kommando etter valgt tidsfrist" -#: src/parse_args.c:781 +#: src/parse_args.c:807 msgid "in list mode, display privileges for user" msgstr "vis brukerprivilegier (i listemodus)" -#: src/parse_args.c:783 +#: src/parse_args.c:809 msgid "run command (or edit file) as specified user name or ID" msgstr "kjør kommando (eller rediger fil) som valgt brukernavn eller bruker-ID" -#: src/parse_args.c:785 +#: src/parse_args.c:811 msgid "display version information and exit" msgstr "vis programversjon og avslutt" -#: src/parse_args.c:787 +#: src/parse_args.c:813 msgid "update user's timestamp without running a command" msgstr "oppdater brukerens tidsstempel uten å kjøre en kommando" -#: src/parse_args.c:789 +#: src/parse_args.c:815 msgid "stop processing command line arguments" msgstr "slutt å behandle kommandolinje-argumenter" @@ -569,7 +596,7 @@ msgid "unable to open %s, not relabeling tty" msgstr "klarte ikke å åpne «%s». tty får ikke ny etikett" -#: src/selinux.c:194 src/selinux.c:237 src/selinux.c:254 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s er ikke en tegnenhet. tty får ikke ny etikett" @@ -590,54 +617,54 @@ msgid "unable to set new tty context" msgstr "klarte ikke å velge ny tty-kontekst" -#: src/selinux.c:298 +#: src/selinux.c:322 #, c-format msgid "you must specify a role for type %s" msgstr "du må velge en rolle for typen «%s»" -#: src/selinux.c:304 +#: src/selinux.c:328 #, c-format msgid "unable to get default type for role %s" msgstr "klarte ikke å hente standardtype for rollen «%s»" -#: src/selinux.c:316 +#: src/selinux.c:340 msgid "failed to get new context" msgstr "klarte ikke å hente ny kontekst" -#: src/selinux.c:325 +#: src/selinux.c:349 #, c-format msgid "failed to set new role %s" msgstr "klarte ikke å velge den nye rollen «%s»" -#: src/selinux.c:329 +#: src/selinux.c:353 #, c-format msgid "failed to set new type %s" msgstr "klarte ikke å velge den nye typen «%s»" -#: src/selinux.c:341 +#: src/selinux.c:365 #, c-format msgid "%s is not a valid context" msgstr "«%s» er en ugyldig kontekst" -#: src/selinux.c:373 +#: src/selinux.c:397 msgid "failed to get old context" msgstr "klarte ikke å hente gammel kontekst" -#: src/selinux.c:379 +#: src/selinux.c:403 msgid "unable to determine enforcing mode." msgstr "klarte ikke å finne håndhevelsesmodus." -#: src/selinux.c:396 +#: src/selinux.c:420 #, c-format msgid "unable to set tty context to %s" msgstr "klarte ikke å velge «%s» som tty-kontekst" -#: src/selinux.c:428 +#: src/selinux.c:452 #, c-format msgid "unable to set exec context to %s" msgstr "klarte ikke å velge «%s» som kjørekontekst" -#: src/selinux.c:435 +#: src/selinux.c:459 #, c-format msgid "unable to set key creation context to %s" msgstr "klarte ikke å velge «%s» som nøkkelkontekst" @@ -704,185 +731,211 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "advarsel: noe gikk galt ved tildeling av ressurskontroll for prosjektet «%s»" -#: src/sudo.c:204 +#: src/sudo.c:224 #, c-format msgid "Sudo version %s\n" msgstr "Sudo versjon %s\n" -#: src/sudo.c:206 +#: src/sudo.c:226 #, c-format msgid "Configure options: %s\n" msgstr "Velg innstillinger: %s\n" -#: src/sudo.c:214 +#: src/sudo.c:235 msgid "fatal error, unable to load plugins" msgstr "kritisk feil: klarte ikke å laste inn tilleggsprogrammer" -#: src/sudo.c:222 -msgid "unable to initialize policy plugin" -msgstr "klarte ikke å starte opp regeltillegg" - -#: src/sudo.c:266 +#: src/sudo.c:280 msgid "plugin did not return a command to execute" msgstr "tillegget sendte ikke en kjørbar kommando" -#: src/sudo.c:282 -#, c-format -msgid "error initializing I/O plugin %s" -msgstr "feil under klargjøring av inn-/utdatatillegget «%s»" - -#: src/sudo.c:306 +#: src/sudo.c:311 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "uforventet sudo-modus 0x%x" -#: src/sudo.c:538 +#: src/sudo.c:544 #, c-format msgid "you do not exist in the %s database" msgstr "du finnes ikke i databasen %s" -#: src/sudo.c:595 +#: src/sudo.c:601 msgid "unable to determine tty" msgstr "fant ikke gjeldende tty" -#: src/sudo.c:887 +#: src/sudo.c:893 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "«%s» må eies av uid %d, og setuid-biten må være valgt" -#: src/sudo.c:890 +#: src/sudo.c:896 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "effektiv uid er ikke %d. Er «%s» på et filsystem hvor «nosuid» er valgt, eller på et NFS-filsystem uten rot-rettigheter?" -#: src/sudo.c:896 +#: src/sudo.c:902 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "effektiv uid er ikke %d. Er sudo installert med «setuid root»?" -#: src/sudo.c:912 +#: src/sudo.c:918 msgid "unable to set supplementary group IDs" msgstr "klarte ikke å velge ekstra grruppe-id-er" -#: src/sudo.c:919 +#: src/sudo.c:925 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "klarte ikke å velge «runas gid %u» som effektiv gid" -#: src/sudo.c:925 +#: src/sudo.c:931 #, c-format msgid "unable to set gid to runas gid %u" msgstr "klarte ikke å velge «runas gid %u» som gid" -#: src/sudo.c:982 +#: src/sudo.c:978 #, c-format msgid "unexpected child termination condition: %d" msgstr "uforventet årsak for avslutning av underprosess: %d" -#: src/sudo.c:1128 +#: src/sudo.c:1087 +msgid "unable to initialize policy plugin" +msgstr "klarte ikke å starte opp regeltillegg" + +#: src/sudo.c:1148 #, c-format msgid "policy plugin %s is missing the `check_policy' method" -msgstr "regeltillegget «%s» mangler «check_policy»-metoden" +msgstr "regeltillegg «%s» mangler «check_policy»-metoden" + +#: src/sudo.c:1163 src/sudo.c:1216 src/sudo.c:1260 +msgid "command rejected by policy" +msgstr "kommando avvist av regelsett" + +#: src/sudo.c:1168 src/sudo.c:1221 src/sudo.c:1265 +msgid "policy plugin error" +msgstr "feil med regelsett-tillegg" -#: src/sudo.c:1146 +#: src/sudo.c:1202 #, c-format msgid "policy plugin %s does not support listing privileges" -msgstr "regeltillegget «%s» støtter ikke listetillatelser" +msgstr "regeltillegg «%s» støtter ikke listetillatelser" -#: src/sudo.c:1163 +#: src/sudo.c:1246 #, c-format msgid "policy plugin %s does not support the -v option" -msgstr "regeltillegget «%s» støtter ikke valget «-v»" +msgstr "regeltillegg «%s» støtter ikke valget «-v»" -#: src/sudo.c:1178 +#: src/sudo.c:1284 #, c-format msgid "policy plugin %s does not support the -k/-K options" -msgstr "regeltillegget «%s» støtter ikke valgene «-k» og «-K»" +msgstr "regeltillegg «%s» støtter ikke valgene «-k» og «-K»" -#: src/sudo_edit.c:221 +#: src/sudo.c:1413 +#, c-format +msgid "error initializing I/O plugin %s" +msgstr "feil under klargjøring av inn-/utdatatillegg «%s»" + +#: src/sudo.c:1567 +#, c-format +msgid "error initializing audit plugin %s" +msgstr "feil under klargjøring av revisjonstillegg «%s»" + +#: src/sudo.c:1745 +#, c-format +msgid "error initializing approval plugin %s" +msgstr "feil under klargjøring av godkjenningstillegg «%s»" + +#: src/sudo.c:1821 +msgid "command rejected by approver" +msgstr "kommando avvist av godkjenner" + +#: src/sudo.c:1830 +msgid "approval plugin error" +msgstr "feil med godkjenningstillegg" + +#: src/sudo_edit.c:233 msgid "no writable temporary directory found" msgstr "fant ingen midlertidig mappe med skrivetillatelse" -#: src/sudo_edit.c:288 src/sudo_edit.c:377 +#: src/sudo_edit.c:358 msgid "unable to restore current working directory" msgstr "klarte ikke å gjenopprette gjeldende arbeidsmappe" -#: src/sudo_edit.c:594 src/sudo_edit.c:707 +#: src/sudo_edit.c:575 src/sudo_edit.c:688 #, c-format msgid "%s: not a regular file" msgstr "«%s» er ikke en vanlig fil" -#: src/sudo_edit.c:601 +#: src/sudo_edit.c:582 #, c-format msgid "%s: editing symbolic links is not permitted" msgstr "%s: redigering av symbolske lenker tillates ikke" -#: src/sudo_edit.c:604 +#: src/sudo_edit.c:585 #, c-format msgid "%s: editing files in a writable directory is not permitted" msgstr "%s: redigering av filer i en mappe med skrivetilgang tillates ikke" -#: src/sudo_edit.c:637 src/sudo_edit.c:747 +#: src/sudo_edit.c:618 src/sudo_edit.c:728 #, c-format msgid "%s: short write" msgstr "«%s» har kort skriving" -#: src/sudo_edit.c:708 +#: src/sudo_edit.c:689 #, c-format msgid "%s left unmodified" msgstr "«%s» ble uendret" -#: src/sudo_edit.c:721 src/sudo_edit.c:908 +#: src/sudo_edit.c:702 src/sudo_edit.c:889 #, c-format msgid "%s unchanged" msgstr "«%s» er uendret" -#: src/sudo_edit.c:736 src/sudo_edit.c:758 +#: src/sudo_edit.c:717 src/sudo_edit.c:739 #, c-format msgid "unable to write to %s" msgstr "klarte ikke å skrive til «%s»" -#: src/sudo_edit.c:737 src/sudo_edit.c:756 src/sudo_edit.c:759 -#: src/sudo_edit.c:933 src/sudo_edit.c:937 +#: src/sudo_edit.c:718 src/sudo_edit.c:737 src/sudo_edit.c:740 +#: src/sudo_edit.c:914 src/sudo_edit.c:918 #, c-format msgid "contents of edit session left in %s" msgstr "innhold fra redigeringsøkt ligger igjen i «%s»" -#: src/sudo_edit.c:755 +#: src/sudo_edit.c:736 msgid "unable to read temporary file" msgstr "klarte ikke å lese midlertidig fil" -#: src/sudo_edit.c:838 +#: src/sudo_edit.c:819 msgid "sesh: internal error: odd number of paths" msgstr "sesh: intern feil: for høyt antall stier" -#: src/sudo_edit.c:840 +#: src/sudo_edit.c:821 msgid "sesh: unable to create temporary files" msgstr "sesh: klarte ikke å lage midlertidige filer" -#: src/sudo_edit.c:842 src/sudo_edit.c:940 +#: src/sudo_edit.c:823 src/sudo_edit.c:921 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: ukjent feil (%d)" -#: src/sudo_edit.c:932 +#: src/sudo_edit.c:913 msgid "unable to copy temporary files back to their original location" msgstr "klarte ikke å kopiere midlertidige filer tilbake til opprinnelig plassering" -#: src/sudo_edit.c:936 +#: src/sudo_edit.c:917 msgid "unable to copy some of the temporary files back to their original location" msgstr "klarte ikke å kopiere enkelte midlertidige filer tilbake til opprinnelig plassering" -#: src/sudo_edit.c:981 +#: src/sudo_edit.c:962 #, c-format msgid "unable to change uid to root (%u)" msgstr "klarte ikke å endre uid til root (%u)" -#: src/sudo_edit.c:998 +#: src/sudo_edit.c:979 msgid "plugin error: missing file list for sudoedit" msgstr "feil med tillegg: sudoedit mangler filliste" -#: src/sudo_edit.c:1039 src/sudo_edit.c:1052 +#: src/sudo_edit.c:1020 src/sudo_edit.c:1033 msgid "unable to read the clock" msgstr "klarte ikke å lese klokka" @@ -906,17 +959,17 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "intet program for passord-etterspørsel er valgt. Prøv å velge «SUDO_ASKPASS»" -#: src/tgetpass.c:322 +#: src/tgetpass.c:332 #, c-format msgid "unable to set gid to %u" msgstr "klarte ikke å velge %u som gid" -#: src/tgetpass.c:326 +#: src/tgetpass.c:336 #, c-format msgid "unable to set uid to %u" msgstr "klarte ikke å velge %u som uid" -#: src/tgetpass.c:331 +#: src/tgetpass.c:341 #, c-format msgid "unable to run %s" msgstr "klarte ikke å kjøre «%s»" @@ -933,6 +986,9 @@ msgid "unable to restore stdin" msgstr "klarte ikke å gjenopprette standard innkanal" +#~ msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" +#~ msgstr "duplikattillegg «%s» i «%s» linje %d blir ignorert" + #~ msgid "no tty present and no askpass program specified" #~ msgstr "ingen tty er tilgjengelig, og intet program for passord-etterspørsel er valgt" @@ -945,9 +1001,6 @@ #~ msgid "error reading from signal pipe" #~ msgstr "feil under lesing fra signalrør" -#~ msgid "error reading from pipe" -#~ msgstr "feil under lesing fra datarør" - #~ msgid "unable to set terminal to raw mode" #~ msgstr "klarte ikke å sette terminal i råmodus" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/po/pl.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/po/pl.mo differ diff -Nru sudo-1.8.31/po/pl.po sudo-1.9.0/po/pl.po --- sudo-1.8.31/po/pl.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/po/pl.po 2020-05-11 16:28:23.000000000 +0000 @@ -1,13 +1,13 @@ # Polish translation for sudo. # This file is put in the public domain. -# Jakub Bogusz , 2011-2019. +# Jakub Bogusz , 2011-2020. # msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.29rc1\n" +"Project-Id-Version: sudo 1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-10-25 20:30+0200\n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-03-13 18:15+0100\n" "Last-Translator: Jakub Bogusz \n" "Language-Team: Polish \n" "Language: pl\n" @@ -30,74 +30,98 @@ msgstr "nie udało się odtworzyć rejestru" #: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/gidlist.c:81 -#: lib/util/sudo_conf.c:193 lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 -#: lib/util/sudo_conf.c:560 src/conversation.c:84 src/exec_common.c:114 -#: src/exec_common.c:130 src/exec_common.c:139 src/exec_monitor.c:212 -#: src/exec_monitor.c:467 src/exec_monitor.c:473 src/exec_monitor.c:481 +#: lib/util/json.c:66 lib/util/json.c:192 lib/util/sudo_conf.c:191 +#: lib/util/sudo_conf.c:277 lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 +#: src/conversation.c:86 src/exec_common.c:114 src/exec_common.c:130 +#: src/exec_common.c:139 src/exec_monitor.c:211 src/exec_monitor.c:460 +#: src/exec_monitor.c:466 src/exec_monitor.c:474 src/exec_monitor.c:482 #: src/exec_monitor.c:489 src/exec_monitor.c:496 src/exec_monitor.c:503 #: src/exec_monitor.c:510 src/exec_monitor.c:517 src/exec_monitor.c:524 -#: src/exec_monitor.c:531 src/exec_monitor.c:538 src/exec_nopty.c:214 -#: src/exec_nopty.c:220 src/exec_nopty.c:229 src/exec_nopty.c:236 -#: src/exec_nopty.c:243 src/exec_nopty.c:250 src/exec_nopty.c:257 -#: src/exec_nopty.c:264 src/exec_nopty.c:271 src/exec_nopty.c:278 -#: src/exec_nopty.c:285 src/exec_nopty.c:292 src/exec_nopty.c:299 -#: src/exec_nopty.c:307 src/exec_nopty.c:480 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1002 -#: src/exec_pty.c:1165 src/exec_pty.c:1171 src/exec_pty.c:1180 -#: src/exec_pty.c:1187 src/exec_pty.c:1194 src/exec_pty.c:1201 -#: src/exec_pty.c:1208 src/exec_pty.c:1215 src/exec_pty.c:1222 -#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 -#: src/exec_pty.c:1251 src/exec_pty.c:1668 src/load_plugins.c:59 -#: src/load_plugins.c:72 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:207 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:679 src/sudo.c:689 src/sudo.c:710 src/sudo.c:729 -#: src/sudo.c:738 src/sudo.c:747 src/sudo.c:764 src/sudo.c:805 src/sudo.c:815 -#: src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 src/sudo.c:1240 -#: src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 src/sudo_edit.c:891 -#: src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:531 src/exec_nopty.c:218 src/exec_nopty.c:227 +#: src/exec_nopty.c:234 src/exec_nopty.c:241 src/exec_nopty.c:248 +#: src/exec_nopty.c:255 src/exec_nopty.c:262 src/exec_nopty.c:269 +#: src/exec_nopty.c:276 src/exec_nopty.c:283 src/exec_nopty.c:290 +#: src/exec_nopty.c:297 src/exec_nopty.c:305 src/exec_nopty.c:479 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1038 src/exec_pty.c:1206 src/exec_pty.c:1215 +#: src/exec_pty.c:1222 src/exec_pty.c:1229 src/exec_pty.c:1236 +#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 +#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 +#: src/exec_pty.c:1286 src/exec_pty.c:1709 src/load_plugins.c:59 +#: src/load_plugins.c:72 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:207 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:625 src/sudo.c:685 +#: src/sudo.c:695 src/sudo.c:716 src/sudo.c:735 src/sudo.c:744 src/sudo.c:753 +#: src/sudo.c:770 src/sudo.c:811 src/sudo.c:821 src/sudo.c:847 src/sudo.c:1037 +#: src/sudo.c:1059 src/sudo.c:1355 src/sudo.c:1528 src/sudo.c:1722 +#: src/sudo.c:2066 src/sudo_edit.c:270 src/sudo_edit.c:775 src/sudo_edit.c:872 +#: src/sudo_edit.c:986 src/sudo_edit.c:1006 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/sudo_conf.c:194 -#: lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 lib/util/sudo_conf.c:560 -#: src/conversation.c:85 src/exec_common.c:114 src/exec_common.c:131 -#: src/exec_common.c:140 src/exec_monitor.c:467 src/exec_monitor.c:473 -#: src/exec_monitor.c:481 src/exec_monitor.c:489 src/exec_monitor.c:496 +#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/json.c:67 +#: lib/util/json.c:193 lib/util/sudo_conf.c:192 lib/util/sudo_conf.c:277 +#: lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 src/conversation.c:87 +#: src/exec_common.c:114 src/exec_common.c:131 src/exec_common.c:140 +#: src/exec_monitor.c:460 src/exec_monitor.c:466 src/exec_monitor.c:474 +#: src/exec_monitor.c:482 src/exec_monitor.c:489 src/exec_monitor.c:496 #: src/exec_monitor.c:503 src/exec_monitor.c:510 src/exec_monitor.c:517 -#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_monitor.c:538 -#: src/exec_nopty.c:214 src/exec_nopty.c:220 src/exec_nopty.c:229 -#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 -#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 -#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 -#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1165 -#: src/exec_pty.c:1171 src/exec_pty.c:1180 src/exec_pty.c:1187 -#: src/exec_pty.c:1194 src/exec_pty.c:1201 src/exec_pty.c:1208 -#: src/exec_pty.c:1215 src/exec_pty.c:1222 src/exec_pty.c:1229 -#: src/exec_pty.c:1236 src/exec_pty.c:1243 src/exec_pty.c:1251 -#: src/exec_pty.c:1668 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:208 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 -#: src/sudo.c:1240 src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 -#: src/sudo_edit.c:891 src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_nopty.c:218 +#: src/exec_nopty.c:227 src/exec_nopty.c:234 src/exec_nopty.c:241 +#: src/exec_nopty.c:248 src/exec_nopty.c:255 src/exec_nopty.c:262 +#: src/exec_nopty.c:269 src/exec_nopty.c:276 src/exec_nopty.c:283 +#: src/exec_nopty.c:290 src/exec_nopty.c:297 src/exec_nopty.c:305 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1206 src/exec_pty.c:1215 src/exec_pty.c:1222 +#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 +#: src/exec_pty.c:1250 src/exec_pty.c:1257 src/exec_pty.c:1264 +#: src/exec_pty.c:1271 src/exec_pty.c:1278 src/exec_pty.c:1286 +#: src/exec_pty.c:1709 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:208 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:239 src/sudo.c:625 +#: src/sudo.c:847 src/sudo.c:1037 src/sudo.c:1059 src/sudo.c:1355 +#: src/sudo.c:1528 src/sudo.c:1722 src/sudo.c:2066 src/sudo_edit.c:270 +#: src/sudo_edit.c:775 src/sudo_edit.c:872 src/sudo_edit.c:986 +#: src/sudo_edit.c:1006 msgid "unable to allocate memory" msgstr "nie udało się przydzielić pamięci" +#: lib/util/mkdir_parents.c:79 lib/util/sudo_conf.c:619 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 +#, c-format +msgid "unable to open %s" +msgstr "nie udało się otworzyć %s" + +#: lib/util/mkdir_parents.c:94 +#, c-format +msgid "unable to mkdir %s" +msgstr "nie udało się utworzyć katalogu %s" + +#: lib/util/mkdir_parents.c:103 lib/util/sudo_conf.c:596 +#, c-format +msgid "unable to stat %s" +msgstr "nie udało się wykonać stat na %s" + +#: lib/util/mkdir_parents.c:108 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s istnieje, ale nie jest katalogiem (0%o)" + #: lib/util/strsignal.c:55 msgid "Unknown signal" msgstr "Nieznany sygnał" #: lib/util/strtoid.c:96 lib/util/strtomode.c:56 lib/util/strtonum.c:161 -#: lib/util/strtonum.c:196 +#: lib/util/strtonum.c:200 msgid "invalid value" msgstr "błędna wartość" @@ -109,87 +133,77 @@ msgid "value too small" msgstr "wartość zbyt mała" -#: lib/util/sudo_conf.c:212 +#: lib/util/sudo_conf.c:210 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "błędna wartość Path \"%s\" w %s, w linii %u" -#: lib/util/sudo_conf.c:378 lib/util/sudo_conf.c:431 +#: lib/util/sudo_conf.c:376 lib/util/sudo_conf.c:392 lib/util/sudo_conf.c:445 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "błędna wartość opcji %s \"%s\" w %s, w linii %u" -#: lib/util/sudo_conf.c:399 +#: lib/util/sudo_conf.c:413 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "nieobsługiwane źródło grup \"%s\" w %s, w linii %u" -#: lib/util/sudo_conf.c:415 +#: lib/util/sudo_conf.c:429 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "błędna maksymalna liczba grup \"%s\" w %s, w linii %u" -#: lib/util/sudo_conf.c:576 -#, c-format -msgid "unable to stat %s" -msgstr "nie udało się wykonać stat na %s" - -#: lib/util/sudo_conf.c:579 +#: lib/util/sudo_conf.c:599 #, c-format msgid "%s is not a regular file" msgstr "%s nie jest zwykłym plikiem" -#: lib/util/sudo_conf.c:582 +#: lib/util/sudo_conf.c:602 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "właścicielem %s jest uid %u, powinien być %u" -#: lib/util/sudo_conf.c:586 +#: lib/util/sudo_conf.c:606 #, c-format msgid "%s is world writable" msgstr "%s jest zapisywalny dla świata" -#: lib/util/sudo_conf.c:589 +#: lib/util/sudo_conf.c:609 #, c-format msgid "%s is group writable" msgstr "%s jest zapisywalny dla grupy" -#: lib/util/sudo_conf.c:599 src/selinux.c:233 src/selinux.c:250 src/sudo.c:363 -#, c-format -msgid "unable to open %s" -msgstr "nie udało się otworzyć %s" - -#: src/exec.c:111 +#: src/exec.c:135 #, c-format msgid "unknown login class %s" msgstr "nieznana klasa logowania %s" -#: src/exec.c:123 +#: src/exec.c:147 msgid "unable to set user context" msgstr "nie udało się ustawić kontekstu użytkownika" -#: src/exec.c:139 +#: src/exec.c:163 msgid "unable to set process priority" msgstr "nie udało się ustawić priorytetu procesu" -#: src/exec.c:150 +#: src/exec.c:177 #, c-format msgid "unable to change root to %s" msgstr "nie udało się zmienić katalogu głównego na %s" -#: src/exec.c:163 src/exec.c:169 src/exec.c:176 +#: src/exec.c:190 src/exec.c:196 src/exec.c:203 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "nie udało się zmienić uid-ów, aby działać jako (%u, %u)" -#: src/exec.c:194 +#: src/exec.c:221 #, c-format msgid "unable to change directory to %s" msgstr "nie udało się zmienić katalogu na %s" -#: src/exec.c:293 src/exec_monitor.c:576 src/exec_monitor.c:578 -#: src/exec_nopty.c:538 src/exec_pty.c:530 src/exec_pty.c:1336 -#: src/exec_pty.c:1338 src/signal.c:150 src/signal.c:164 +#: src/exec.c:304 src/exec_monitor.c:569 src/exec_monitor.c:571 +#: src/exec_nopty.c:537 src/exec_pty.c:566 src/exec_pty.c:1373 +#: src/exec_pty.c:1375 src/signal.c:150 src/signal.c:164 #, c-format msgid "unable to set handler for signal %d" msgstr "nie udało się ustawić procedury obsługi dla sygnału %d" @@ -198,89 +212,107 @@ msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "nie udało się usunąć PRIV_PROC_EXEC z PRIV_LIMIT" -#: src/exec_monitor.c:366 +#: src/exec_monitor.c:365 msgid "error reading from socketpair" msgstr "błąd odczytu z pary gniazd" -#: src/exec_monitor.c:383 +#: src/exec_monitor.c:382 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "nieoczekiwany typ odpowiedzi z kanału zwrotnego: %d" -#: src/exec_monitor.c:475 src/exec_monitor.c:483 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_monitor.c:533 -#: src/exec_monitor.c:540 src/exec_nopty.c:222 src/exec_nopty.c:231 -#: src/exec_nopty.c:238 src/exec_nopty.c:245 src/exec_nopty.c:252 -#: src/exec_nopty.c:259 src/exec_nopty.c:266 src/exec_nopty.c:273 -#: src/exec_nopty.c:280 src/exec_nopty.c:287 src/exec_nopty.c:294 -#: src/exec_nopty.c:301 src/exec_nopty.c:309 src/exec_pty.c:652 -#: src/exec_pty.c:657 src/exec_pty.c:754 src/exec_pty.c:761 src/exec_pty.c:858 -#: src/exec_pty.c:1173 src/exec_pty.c:1182 src/exec_pty.c:1189 -#: src/exec_pty.c:1196 src/exec_pty.c:1203 src/exec_pty.c:1210 -#: src/exec_pty.c:1217 src/exec_pty.c:1224 src/exec_pty.c:1231 -#: src/exec_pty.c:1238 src/exec_pty.c:1245 src/exec_pty.c:1621 -#: src/exec_pty.c:1631 src/exec_pty.c:1676 src/exec_pty.c:1683 -#: src/exec_pty.c:1710 +#: src/exec_monitor.c:468 src/exec_monitor.c:476 src/exec_monitor.c:484 +#: src/exec_monitor.c:491 src/exec_monitor.c:498 src/exec_monitor.c:505 +#: src/exec_monitor.c:512 src/exec_monitor.c:519 src/exec_monitor.c:526 +#: src/exec_monitor.c:533 src/exec_nopty.c:220 src/exec_nopty.c:229 +#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 +#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 +#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 +#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:688 +#: src/exec_pty.c:693 src/exec_pty.c:790 src/exec_pty.c:797 src/exec_pty.c:894 +#: src/exec_pty.c:1208 src/exec_pty.c:1217 src/exec_pty.c:1224 +#: src/exec_pty.c:1231 src/exec_pty.c:1238 src/exec_pty.c:1245 +#: src/exec_pty.c:1252 src/exec_pty.c:1259 src/exec_pty.c:1266 +#: src/exec_pty.c:1273 src/exec_pty.c:1280 src/exec_pty.c:1662 +#: src/exec_pty.c:1672 src/exec_pty.c:1717 src/exec_pty.c:1724 +#: src/exec_pty.c:1751 msgid "unable to add event to queue" msgstr "nie udało się dodać zdarzenia do kolejki" -#: src/exec_monitor.c:594 +#: src/exec_monitor.c:587 msgid "unable to set controlling tty" msgstr "nie udało się ustawić sterującego tty" -#: src/exec_monitor.c:602 src/exec_nopty.c:366 src/exec_pty.c:1415 -#: src/exec_pty.c:1436 src/exec_pty.c:1456 src/tgetpass.c:307 +#: src/exec_monitor.c:595 src/exec_nopty.c:364 src/exec_pty.c:1452 +#: src/exec_pty.c:1473 src/exec_pty.c:1493 src/tgetpass.c:311 msgid "unable to create pipe" msgstr "nie udało się utworzyć potoku" -#: src/exec_monitor.c:610 +#: src/exec_monitor.c:603 msgid "unable to receive message from parent" msgstr "nie udało się odebrać komunikatu od rodzica" -#: src/exec_monitor.c:624 src/exec_nopty.c:395 src/exec_pty.c:1494 -#: src/tgetpass.c:311 +#: src/exec_monitor.c:617 src/exec_nopty.c:393 src/exec_pty.c:1531 +#: src/tgetpass.c:315 msgid "unable to fork" msgstr "nie udało się wykonać fork" -#: src/exec_monitor.c:628 src/exec_monitor.c:727 src/exec_nopty.c:448 +#: src/exec_monitor.c:621 src/exec_monitor.c:720 src/exec_nopty.c:447 msgid "unable to restore tty label" msgstr "nie udało się przywrócić etykiety tty" -#: src/exec_monitor.c:644 src/sesh.c:127 src/sudo.c:1100 +#: src/exec_monitor.c:637 src/sesh.c:127 src/sudo.c:1114 #, c-format msgid "unable to execute %s" msgstr "nie udało się wykonać %s" -#: src/exec_nopty.c:360 src/exec_pty.c:1345 +#: src/exec_nopty.c:358 src/exec_pty.c:1382 msgid "policy plugin failed session initialization" msgstr "nie udało się zainicjować sesji przez wtyczkę polityki" -#: src/exec_nopty.c:437 src/exec_pty.c:1581 +#: src/exec_nopty.c:435 src/exec_pty.c:1617 msgid "error in event loop" msgstr "błąd w pętli zdarzeń" -#: src/exec_nopty.c:546 src/exec_pty.c:565 src/signal.c:112 +#: src/exec_nopty.c:545 src/exec_pty.c:601 src/signal.c:112 #, c-format msgid "unable to restore handler for signal %d" msgstr "nie udało się przywrócić procedury obsługi dla sygnału %d" -#: src/exec_pty.c:158 +#: src/exec_pty.c:157 msgid "unable to allocate pty" msgstr "nie udało się przydzielić pty" -#: src/exec_pty.c:1325 +#: src/exec_pty.c:221 src/exec_pty.c:260 src/exec_pty.c:299 src/exec_pty.c:349 +#: src/exec_pty.c:399 +msgid "I/O plugin error" +msgstr "błąd wtyczki we/wy" + +#: src/exec_pty.c:224 src/exec_pty.c:263 src/exec_pty.c:302 src/exec_pty.c:352 +#: src/exec_pty.c:402 +msgid "command rejected by I/O plugin" +msgstr "polecenie odrzucone przez wtyczkę we/wy" + +#: src/exec_pty.c:449 +msgid "error logging suspend" +msgstr "błąd logowania odroczenia" + +#: src/exec_pty.c:482 +msgid "error changing window size" +msgstr "błąd zmiany rozmiaru okna" + +#: src/exec_pty.c:1362 msgid "unable to create sockets" msgstr "nie udało się utworzyć gniazd" -#: src/exec_pty.c:1538 +#: src/exec_pty.c:1574 msgid "unable to send message to monitor process" msgstr "nie udało się wysłać komunikatu do procesu monitorującego" #: src/load_plugins.c:57 src/load_plugins.c:70 src/load_plugins.c:92 -#: src/load_plugins.c:122 src/load_plugins.c:134 src/load_plugins.c:140 -#: src/load_plugins.c:181 src/load_plugins.c:189 src/load_plugins.c:196 -#: src/load_plugins.c:202 +#: src/load_plugins.c:122 src/load_plugins.c:136 src/load_plugins.c:142 +#: src/load_plugins.c:293 src/load_plugins.c:301 src/load_plugins.c:308 +#: src/load_plugins.c:348 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "błąd w %s, w linii %d podczas wczytywania wtyczki \"%s\"" @@ -290,61 +322,56 @@ msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:136 +#: src/load_plugins.c:138 #, c-format msgid "%s must be owned by uid %d" msgstr "właścicielem %s musi być uid %d" -#: src/load_plugins.c:142 +#: src/load_plugins.c:144 #, c-format msgid "%s must be only be writable by owner" msgstr "prawo zapisu do %s może mieć tylko właściciel" -#: src/load_plugins.c:183 +#: src/load_plugins.c:254 src/load_plugins.c:321 +#, c-format +msgid "ignoring duplicate plugin \"%s\" in %s, line %d" +msgstr "zignotowano powtórzoną wtyczkę \"%s\" w %s, w linii %d" + +#: src/load_plugins.c:295 #, c-format msgid "unable to load %s: %s" msgstr "nie udało się załadować %s: %s" -#: src/load_plugins.c:191 +#: src/load_plugins.c:303 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "nie udało się odnaleźć symbolu \"%s\" w %s" -#: src/load_plugins.c:198 -#, c-format -msgid "unknown policy type %d found in %s" -msgstr "nieznany typ polityki %d napotkany w %s" - -#: src/load_plugins.c:204 +#: src/load_plugins.c:310 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "niezgodna główna wersja polityki %d (zamiast oczekiwanej %d) napotkana w %s" -#: src/load_plugins.c:213 +#: src/load_plugins.c:324 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "zignorowano wtyczkę polityki \"%s\" w %s, w linii %d" -#: src/load_plugins.c:215 +#: src/load_plugins.c:326 msgid "only a single policy plugin may be specified" msgstr "może być podana tylko jedna wtyczka polityki" -#: src/load_plugins.c:218 -#, c-format -msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" -msgstr "zignotowano powtórzoną wtyczkę polityki \"%s\" w %s, w linii %d" - -#: src/load_plugins.c:237 +#: src/load_plugins.c:350 #, c-format -msgid "ignoring duplicate I/O plugin \"%s\" in %s, line %d" -msgstr "zignotowano powtórzoną wtyczkę we/wy \"%s\" w %s, w linii %d" +msgid "unknown plugin type %d found in %s" +msgstr "nieznany typ wtyczki %d napotkany w %s" -#: src/load_plugins.c:353 +#: src/load_plugins.c:511 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "wtyczka polityki %s nie zawiera metody check_policy" -#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:473 +#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:478 #, c-format msgid "internal error, %s overflow" msgstr "błąd wewnętrzny, przepełnienie %s" @@ -358,39 +385,39 @@ msgid "the argument to -C must be a number greater than or equal to 3" msgstr "argument opcji -C musi być większy lub równy 3" -#: src/parse_args.c:523 +#: src/parse_args.c:524 msgid "you may not specify both the `-i' and `-s' options" msgstr "nie można podać jednocześnie opcji `-i' oraz `-s'" -#: src/parse_args.c:527 +#: src/parse_args.c:528 msgid "you may not specify both the `-i' and `-E' options" msgstr "nie można podać jednocześnie opcji `-i' oraz `-E'" -#: src/parse_args.c:537 +#: src/parse_args.c:538 msgid "the `-E' option is not valid in edit mode" msgstr "opcja `-E' nie jest poprawna w trybie edycji" -#: src/parse_args.c:539 +#: src/parse_args.c:540 msgid "you may not specify environment variables in edit mode" msgstr "w trybie edycji nie można przekazywać zmiennych środowiskowych" -#: src/parse_args.c:547 +#: src/parse_args.c:548 msgid "the `-U' option may only be used with the `-l' option" msgstr "opcji `-U' można używać tylko wraz z opcją `-l'" -#: src/parse_args.c:551 +#: src/parse_args.c:552 msgid "the `-A' and `-S' options may not be used together" msgstr "opcji `-A' oraz `-S' nie można używać jednocześnie" -#: src/parse_args.c:627 +#: src/parse_args.c:645 msgid "sudoedit is not supported on this platform" msgstr "sudoedit nie jest obsługiwane na tej platformie" -#: src/parse_args.c:700 +#: src/parse_args.c:726 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Można podać tylko jedną z opcji -e, -h, -i, -K, -l, -s, -v lub -V" -#: src/parse_args.c:714 +#: src/parse_args.c:740 #, c-format msgid "" "%s - edit files as another user\n" @@ -399,7 +426,7 @@ "%s - modyfikowanie plików jako inny użytkownik\n" "\n" -#: src/parse_args.c:716 +#: src/parse_args.c:742 #, c-format msgid "" "%s - execute a command as another user\n" @@ -408,7 +435,7 @@ "%s - wykonywanie poleceń jako inny użytkownik\n" "\n" -#: src/parse_args.c:721 +#: src/parse_args.c:747 #, c-format msgid "" "\n" @@ -417,123 +444,123 @@ "\n" "Opcje:\n" -#: src/parse_args.c:723 +#: src/parse_args.c:749 msgid "use a helper program for password prompting" msgstr "użycie programu pomocniczego do pytań o hasło" -#: src/parse_args.c:726 +#: src/parse_args.c:752 msgid "use specified BSD authentication type" msgstr "użycie podanego rodzaju uwierzytelnienia BSD" -#: src/parse_args.c:729 +#: src/parse_args.c:755 msgid "run command in the background" msgstr "uruchomienie polecenia w tle" -#: src/parse_args.c:731 +#: src/parse_args.c:757 msgid "ring bell when prompting" msgstr "dzwonek przy zapytaniu" -#: src/parse_args.c:733 +#: src/parse_args.c:759 msgid "close all file descriptors >= num" msgstr "zamknięcie wszystkich deskryptorów >= fd" -#: src/parse_args.c:736 +#: src/parse_args.c:762 msgid "run command with the specified BSD login class" msgstr "uruchomienie polecenia z podaną klasą logowania BSD" -#: src/parse_args.c:739 +#: src/parse_args.c:765 msgid "preserve user environment when running command" msgstr "zachowanie środowiska użytkownika przy uruchamianiu polecenia" -#: src/parse_args.c:741 +#: src/parse_args.c:767 msgid "preserve specific environment variables" msgstr "zachowanie określonych zmiennych środowiskowych" -#: src/parse_args.c:743 +#: src/parse_args.c:769 msgid "edit files instead of running a command" msgstr "modyfikowanie plików zamiast uruchomienia polecenia" -#: src/parse_args.c:745 +#: src/parse_args.c:771 msgid "run command as the specified group name or ID" msgstr "wywołanie polecenia jako określona grupa lub ID" -#: src/parse_args.c:747 +#: src/parse_args.c:773 msgid "set HOME variable to target user's home dir" msgstr "ustawienie zmiennej HOME na katalog domowy użytkownika docelowego" -#: src/parse_args.c:749 +#: src/parse_args.c:775 msgid "display help message and exit" msgstr "wyświetlenie opisu i zakończenie" -#: src/parse_args.c:751 +#: src/parse_args.c:777 msgid "run command on host (if supported by plugin)" msgstr "uruchomienie polecenia na hoście (jeśli obsługiwane przez wtyczkę)" -#: src/parse_args.c:753 +#: src/parse_args.c:779 msgid "run login shell as the target user; a command may also be specified" msgstr "uruchomienie powłoki logowania jako użytkownik docelowy; można także podać polecenie" -#: src/parse_args.c:755 +#: src/parse_args.c:781 msgid "remove timestamp file completely" msgstr "całkowite usunięcie pliku znacznika czasu" -#: src/parse_args.c:757 +#: src/parse_args.c:783 msgid "invalidate timestamp file" msgstr "unieważnienie pliku znacznika czasu" -#: src/parse_args.c:759 +#: src/parse_args.c:785 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "wypisanie uprawnień użytkownika lub sprawdzenie określonego polecenia; dwukrotne użycie to dłuższy format" -#: src/parse_args.c:761 +#: src/parse_args.c:787 msgid "non-interactive mode, no prompts are used" msgstr "tryb nieinteraktywny, bez pytań" -#: src/parse_args.c:763 +#: src/parse_args.c:789 msgid "preserve group vector instead of setting to target's" msgstr "zachowanie wektora grup zamiast ustawiania docelowych" -#: src/parse_args.c:765 +#: src/parse_args.c:791 msgid "use the specified password prompt" msgstr "użycie podanego pytania o hasło" -#: src/parse_args.c:768 +#: src/parse_args.c:794 msgid "create SELinux security context with specified role" msgstr "utworzenie kontekstu bezpieczeństwa SELinuksa z podaną rolą" -#: src/parse_args.c:771 +#: src/parse_args.c:797 msgid "read password from standard input" msgstr "odczyt hasła ze standardowego wejścia" -#: src/parse_args.c:773 +#: src/parse_args.c:799 msgid "run shell as the target user; a command may also be specified" msgstr "uruchomienie powłoki jako użytkownik docelowy; można także podać polecenie" -#: src/parse_args.c:776 +#: src/parse_args.c:802 msgid "create SELinux security context with specified type" msgstr "utworzenie kontekstu bezpieczeństwa SELinuksa z podanym typem" -#: src/parse_args.c:779 +#: src/parse_args.c:805 msgid "terminate command after the specified time limit" msgstr "zakończenie polecenia po zadanym limicie czasu" -#: src/parse_args.c:781 +#: src/parse_args.c:807 msgid "in list mode, display privileges for user" msgstr "w trybie listy - wyświetlenie uprawnień użytkownika" -#: src/parse_args.c:783 +#: src/parse_args.c:809 msgid "run command (or edit file) as specified user name or ID" msgstr "uruchomienie polecenia (lub modyfikowanie pliku) jako podany użytkownik lub ID" -#: src/parse_args.c:785 +#: src/parse_args.c:811 msgid "display version information and exit" msgstr "wyświetlenie informacji o wersji i zakończenie" -#: src/parse_args.c:787 +#: src/parse_args.c:813 msgid "update user's timestamp without running a command" msgstr "uaktualnienie znacznika czasu użytkownika bez uruchamiania polecenia" -#: src/parse_args.c:789 +#: src/parse_args.c:815 msgid "stop processing command line arguments" msgstr "zakończenie przetwarzania argumentów linii poleceń" @@ -565,7 +592,7 @@ msgid "unable to open %s, not relabeling tty" msgstr "nie udało się otworzyć %s, bez zmiany etykiety tty" -#: src/selinux.c:194 src/selinux.c:237 src/selinux.c:254 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s nie jest urządzeniem znakowym, bez ponownego etykietowania tty" @@ -586,54 +613,54 @@ msgid "unable to set new tty context" msgstr "nie udało się ustawić nowego kontekstu tty" -#: src/selinux.c:298 +#: src/selinux.c:322 #, c-format msgid "you must specify a role for type %s" msgstr "trzeba podać rolę dla typu %s" -#: src/selinux.c:304 +#: src/selinux.c:328 #, c-format msgid "unable to get default type for role %s" msgstr "nie udało się uzyskać domyślnego typu dla roli %s" -#: src/selinux.c:316 +#: src/selinux.c:340 msgid "failed to get new context" msgstr "nie udało się uzyskać nowego kontekstu" -#: src/selinux.c:325 +#: src/selinux.c:349 #, c-format msgid "failed to set new role %s" msgstr "nie udało się ustawić nowej roli %s" -#: src/selinux.c:329 +#: src/selinux.c:353 #, c-format msgid "failed to set new type %s" msgstr "nie udało się ustawić nowego typu %s" -#: src/selinux.c:341 +#: src/selinux.c:365 #, c-format msgid "%s is not a valid context" msgstr "%s nie jest poprawnym kontekstem" -#: src/selinux.c:373 +#: src/selinux.c:397 msgid "failed to get old context" msgstr "nie udało się uzyskać starego kontekstu" -#: src/selinux.c:379 +#: src/selinux.c:403 msgid "unable to determine enforcing mode." msgstr "nie udało się określić trybu wymuszenia." -#: src/selinux.c:396 +#: src/selinux.c:420 #, c-format msgid "unable to set tty context to %s" msgstr "nie udało się ustawić kontekstu tty na %s" -#: src/selinux.c:428 +#: src/selinux.c:452 #, c-format msgid "unable to set exec context to %s" msgstr "nie udało się ustawić kontekstu wykonywania na %s" -#: src/selinux.c:435 +#: src/selinux.c:459 #, c-format msgid "unable to set key creation context to %s" msgstr "nie udało się ustawić kontekstu tworzenia klucza na %s" @@ -700,185 +727,211 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "uwaga: przypisanie kontroli zasobów dla projektu \"%s\" nie powiodło się" -#: src/sudo.c:204 +#: src/sudo.c:224 #, c-format msgid "Sudo version %s\n" msgstr "Sudo wersja %s\n" -#: src/sudo.c:206 +#: src/sudo.c:226 #, c-format msgid "Configure options: %s\n" msgstr "Opcje konfiguracji: %s\n" -#: src/sudo.c:214 +#: src/sudo.c:235 msgid "fatal error, unable to load plugins" msgstr "błąd krytyczny, nie udało się załadować wtyczek" -#: src/sudo.c:222 -msgid "unable to initialize policy plugin" -msgstr "nie udało się zainicjować wtyczki polityki" - -#: src/sudo.c:266 +#: src/sudo.c:280 msgid "plugin did not return a command to execute" msgstr "wtyczka nie zwróciła polecenia do wykonania" -#: src/sudo.c:282 -#, c-format -msgid "error initializing I/O plugin %s" -msgstr "błąd inicjalizacji wtyczki we/wy %s" - -#: src/sudo.c:306 +#: src/sudo.c:311 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "nieoczekiwany tryb sudo 0x%x" -#: src/sudo.c:538 +#: src/sudo.c:544 #, c-format msgid "you do not exist in the %s database" msgstr "nie istniejesz w bazie danych %s" -#: src/sudo.c:595 +#: src/sudo.c:601 msgid "unable to determine tty" msgstr "nie udało się określić tty" -#: src/sudo.c:887 +#: src/sudo.c:893 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s musi mieć uid %d jako właściciela oraz ustawiony bit setuid" -#: src/sudo.c:890 +#: src/sudo.c:896 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "efektywny uid nie wynosi %d, czy %s jest na systemie plików z opcją 'nosuid' albo systemie plików NFS bez uprawnień roota?" -#: src/sudo.c:896 +#: src/sudo.c:902 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "efektywny uid nie wynosi %d, czy sudo jest zainstalowane z setuid root?" -#: src/sudo.c:912 +#: src/sudo.c:918 msgid "unable to set supplementary group IDs" msgstr "nie udało się ustawić ID dodatkowych grup" -#: src/sudo.c:919 +#: src/sudo.c:925 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "nie udało się ustawić efektywnego gid-a w celu działania jako gid %u" -#: src/sudo.c:925 +#: src/sudo.c:931 #, c-format msgid "unable to set gid to runas gid %u" msgstr "nie udało się ustawić gid-a w celu działania jako gid %u" -#: src/sudo.c:982 +#: src/sudo.c:978 #, c-format msgid "unexpected child termination condition: %d" msgstr "nieoczekiwane zakończenie procesu potomnego: %d" -#: src/sudo.c:1128 +#: src/sudo.c:1087 +msgid "unable to initialize policy plugin" +msgstr "nie udało się zainicjować wtyczki polityki" + +#: src/sudo.c:1148 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "wtyczka polityki %s nie zawiera metody `check_policy'" -#: src/sudo.c:1146 +#: src/sudo.c:1163 src/sudo.c:1216 src/sudo.c:1260 +msgid "command rejected by policy" +msgstr "polecenie odrzucone przez politykę" + +#: src/sudo.c:1168 src/sudo.c:1221 src/sudo.c:1265 +msgid "policy plugin error" +msgstr "błąd wtyczki polityki" + +#: src/sudo.c:1202 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "wtyczka polityki %s nie obsługuje wypisywania uprawnień" -#: src/sudo.c:1163 +#: src/sudo.c:1246 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "wtyczka polityki %s nie obsługuje opcji -v" -#: src/sudo.c:1178 +#: src/sudo.c:1284 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "wtyczka polityki %s nie obsługuje opcji -k/-K" -#: src/sudo_edit.c:221 +#: src/sudo.c:1413 +#, c-format +msgid "error initializing I/O plugin %s" +msgstr "błąd inicjalizacji wtyczki we/wy %s" + +#: src/sudo.c:1567 +#, c-format +msgid "error initializing audit plugin %s" +msgstr "błąd inicjowania wtyczki audytu %s" + +#: src/sudo.c:1745 +#, c-format +msgid "error initializing approval plugin %s" +msgstr "błąd inicjowania wtyczki zgody %s" + +#: src/sudo.c:1821 +msgid "command rejected by approver" +msgstr "polecenie odrzucone przez wtyczkę zgody" + +#: src/sudo.c:1830 +msgid "approval plugin error" +msgstr "błąd wtyczki zgody" + +#: src/sudo_edit.c:233 msgid "no writable temporary directory found" msgstr "nie znaleziono katalogu tymczasowego z prawem zapisu" -#: src/sudo_edit.c:288 src/sudo_edit.c:377 +#: src/sudo_edit.c:358 msgid "unable to restore current working directory" msgstr "nie udało się odtworzyć bieżącego kartalogu roboczego" -#: src/sudo_edit.c:594 src/sudo_edit.c:707 +#: src/sudo_edit.c:575 src/sudo_edit.c:688 #, c-format msgid "%s: not a regular file" msgstr "%s: nie jest zwykłym plikiem" -#: src/sudo_edit.c:601 +#: src/sudo_edit.c:582 #, c-format msgid "%s: editing symbolic links is not permitted" msgstr "%s: edycja dowiązań symbolicznych nie jest dozwolona" -#: src/sudo_edit.c:604 +#: src/sudo_edit.c:585 #, c-format msgid "%s: editing files in a writable directory is not permitted" msgstr "%s: edycja plików w katalogu zapisywalnym nie jest dozwolona" -#: src/sudo_edit.c:637 src/sudo_edit.c:747 +#: src/sudo_edit.c:618 src/sudo_edit.c:728 #, c-format msgid "%s: short write" msgstr "%s: skrócony zapis" -#: src/sudo_edit.c:708 +#: src/sudo_edit.c:689 #, c-format msgid "%s left unmodified" msgstr "pozostawiono bez zmian: %s" -#: src/sudo_edit.c:721 src/sudo_edit.c:908 +#: src/sudo_edit.c:702 src/sudo_edit.c:889 #, c-format msgid "%s unchanged" msgstr "nie zmieniono: %s" -#: src/sudo_edit.c:736 src/sudo_edit.c:758 +#: src/sudo_edit.c:717 src/sudo_edit.c:739 #, c-format msgid "unable to write to %s" msgstr "nie udało się zapisać do %s" -#: src/sudo_edit.c:737 src/sudo_edit.c:756 src/sudo_edit.c:759 -#: src/sudo_edit.c:933 src/sudo_edit.c:937 +#: src/sudo_edit.c:718 src/sudo_edit.c:737 src/sudo_edit.c:740 +#: src/sudo_edit.c:914 src/sudo_edit.c:918 #, c-format msgid "contents of edit session left in %s" msgstr "zawartość sesji edycji pozostawiono w %s" -#: src/sudo_edit.c:755 +#: src/sudo_edit.c:736 msgid "unable to read temporary file" msgstr "nie udało się odczytać pliku tymczasowego" -#: src/sudo_edit.c:838 +#: src/sudo_edit.c:819 msgid "sesh: internal error: odd number of paths" msgstr "sesh: błąd wewnętrzny: nieparzysta liczba ścieżek" -#: src/sudo_edit.c:840 +#: src/sudo_edit.c:821 msgid "sesh: unable to create temporary files" msgstr "sesh: nie udało się utworzyć plików tymczasowych" -#: src/sudo_edit.c:842 src/sudo_edit.c:940 +#: src/sudo_edit.c:823 src/sudo_edit.c:921 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: nieznany błąd %d" -#: src/sudo_edit.c:932 +#: src/sudo_edit.c:913 msgid "unable to copy temporary files back to their original location" msgstr "nie udało się skopiować plików tymczasowych z powrotem w ich oryginalne miejsce" -#: src/sudo_edit.c:936 +#: src/sudo_edit.c:917 msgid "unable to copy some of the temporary files back to their original location" msgstr "nie udało się skopiować części plików tymczasowych z powrotem w ich oryginalne miejsce" -#: src/sudo_edit.c:981 +#: src/sudo_edit.c:962 #, c-format msgid "unable to change uid to root (%u)" msgstr "nie udało się zmienić uid-a na roota (%u)" -#: src/sudo_edit.c:998 +#: src/sudo_edit.c:979 msgid "plugin error: missing file list for sudoedit" msgstr "błąd wtyczki: brak listy plików dla sudoedit" -#: src/sudo_edit.c:1039 src/sudo_edit.c:1052 +#: src/sudo_edit.c:1020 src/sudo_edit.c:1033 msgid "unable to read the clock" msgstr "nie udało się odczytać zegara" @@ -902,17 +955,17 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "nie podano programu pytającego o hasło, proszę spróbować ustawić SUDO_ASKPASS" -#: src/tgetpass.c:322 +#: src/tgetpass.c:332 #, c-format msgid "unable to set gid to %u" msgstr "nie udało się ustawić gid-a na %u" -#: src/tgetpass.c:326 +#: src/tgetpass.c:336 #, c-format msgid "unable to set uid to %u" msgstr "nie udało się ustawić uid-a na %u" -#: src/tgetpass.c:331 +#: src/tgetpass.c:341 #, c-format msgid "unable to run %s" msgstr "nie udało się uruchomić %s" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/po/pt.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/po/pt.mo differ diff -Nru sudo-1.8.31/po/pt.po sudo-1.9.0/po/pt.po --- sudo-1.8.31/po/pt.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/po/pt.po 2020-05-11 16:28:23.000000000 +0000 @@ -1,22 +1,22 @@ # Portuguese (Portugal) translations for the sudo package # This file is distributed under the same license as the sudo package. # Todd C. Miller , 2011-2016 -# Pedro Albuquerque , 2018, 2019. +# Pedro Albuquerque , 2018, 2019, 2020. # msgid "" msgstr "" -"Project-Id-Version: sudo-1.8.29rc1\n" +"Project-Id-Version: sudo-1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-10-25 06:34+0100\n" -"Last-Translator: Pedro Albuquerque \n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-03-14 07:28+0000\n" +"Last-Translator: Pedro Albuquerque \n" "Language-Team: Portuguese \n" "Language: pt\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" -"X-Generator: Gtranslator 2.91.7\n" +"X-Generator: Geany / PoHelper 1.36\n" "X-Bugs: Report translation errors to the Language-Team address.\n" #: lib/util/aix.c:92 lib/util/aix.c:172 @@ -33,74 +33,98 @@ msgstr "impossível restaurar o registo" #: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/gidlist.c:81 -#: lib/util/sudo_conf.c:193 lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 -#: lib/util/sudo_conf.c:560 src/conversation.c:84 src/exec_common.c:114 -#: src/exec_common.c:130 src/exec_common.c:139 src/exec_monitor.c:212 -#: src/exec_monitor.c:467 src/exec_monitor.c:473 src/exec_monitor.c:481 +#: lib/util/json.c:66 lib/util/json.c:192 lib/util/sudo_conf.c:191 +#: lib/util/sudo_conf.c:277 lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 +#: src/conversation.c:86 src/exec_common.c:114 src/exec_common.c:130 +#: src/exec_common.c:139 src/exec_monitor.c:211 src/exec_monitor.c:460 +#: src/exec_monitor.c:466 src/exec_monitor.c:474 src/exec_monitor.c:482 #: src/exec_monitor.c:489 src/exec_monitor.c:496 src/exec_monitor.c:503 #: src/exec_monitor.c:510 src/exec_monitor.c:517 src/exec_monitor.c:524 -#: src/exec_monitor.c:531 src/exec_monitor.c:538 src/exec_nopty.c:214 -#: src/exec_nopty.c:220 src/exec_nopty.c:229 src/exec_nopty.c:236 -#: src/exec_nopty.c:243 src/exec_nopty.c:250 src/exec_nopty.c:257 -#: src/exec_nopty.c:264 src/exec_nopty.c:271 src/exec_nopty.c:278 -#: src/exec_nopty.c:285 src/exec_nopty.c:292 src/exec_nopty.c:299 -#: src/exec_nopty.c:307 src/exec_nopty.c:480 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1002 -#: src/exec_pty.c:1165 src/exec_pty.c:1171 src/exec_pty.c:1180 -#: src/exec_pty.c:1187 src/exec_pty.c:1194 src/exec_pty.c:1201 -#: src/exec_pty.c:1208 src/exec_pty.c:1215 src/exec_pty.c:1222 -#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 -#: src/exec_pty.c:1251 src/exec_pty.c:1668 src/load_plugins.c:59 -#: src/load_plugins.c:72 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:207 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:679 src/sudo.c:689 src/sudo.c:710 src/sudo.c:729 -#: src/sudo.c:738 src/sudo.c:747 src/sudo.c:764 src/sudo.c:805 src/sudo.c:815 -#: src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 src/sudo.c:1240 -#: src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 src/sudo_edit.c:891 -#: src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:531 src/exec_nopty.c:218 src/exec_nopty.c:227 +#: src/exec_nopty.c:234 src/exec_nopty.c:241 src/exec_nopty.c:248 +#: src/exec_nopty.c:255 src/exec_nopty.c:262 src/exec_nopty.c:269 +#: src/exec_nopty.c:276 src/exec_nopty.c:283 src/exec_nopty.c:290 +#: src/exec_nopty.c:297 src/exec_nopty.c:305 src/exec_nopty.c:479 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1038 src/exec_pty.c:1206 src/exec_pty.c:1215 +#: src/exec_pty.c:1222 src/exec_pty.c:1229 src/exec_pty.c:1236 +#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 +#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 +#: src/exec_pty.c:1286 src/exec_pty.c:1709 src/load_plugins.c:59 +#: src/load_plugins.c:72 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:207 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:625 src/sudo.c:685 +#: src/sudo.c:695 src/sudo.c:716 src/sudo.c:735 src/sudo.c:744 src/sudo.c:753 +#: src/sudo.c:770 src/sudo.c:811 src/sudo.c:821 src/sudo.c:847 src/sudo.c:1037 +#: src/sudo.c:1059 src/sudo.c:1355 src/sudo.c:1528 src/sudo.c:1722 +#: src/sudo.c:2066 src/sudo_edit.c:270 src/sudo_edit.c:775 src/sudo_edit.c:872 +#: src/sudo_edit.c:986 src/sudo_edit.c:1006 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/sudo_conf.c:194 -#: lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 lib/util/sudo_conf.c:560 -#: src/conversation.c:85 src/exec_common.c:114 src/exec_common.c:131 -#: src/exec_common.c:140 src/exec_monitor.c:467 src/exec_monitor.c:473 -#: src/exec_monitor.c:481 src/exec_monitor.c:489 src/exec_monitor.c:496 +#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/json.c:67 +#: lib/util/json.c:193 lib/util/sudo_conf.c:192 lib/util/sudo_conf.c:277 +#: lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 src/conversation.c:87 +#: src/exec_common.c:114 src/exec_common.c:131 src/exec_common.c:140 +#: src/exec_monitor.c:460 src/exec_monitor.c:466 src/exec_monitor.c:474 +#: src/exec_monitor.c:482 src/exec_monitor.c:489 src/exec_monitor.c:496 #: src/exec_monitor.c:503 src/exec_monitor.c:510 src/exec_monitor.c:517 -#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_monitor.c:538 -#: src/exec_nopty.c:214 src/exec_nopty.c:220 src/exec_nopty.c:229 -#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 -#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 -#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 -#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1165 -#: src/exec_pty.c:1171 src/exec_pty.c:1180 src/exec_pty.c:1187 -#: src/exec_pty.c:1194 src/exec_pty.c:1201 src/exec_pty.c:1208 -#: src/exec_pty.c:1215 src/exec_pty.c:1222 src/exec_pty.c:1229 -#: src/exec_pty.c:1236 src/exec_pty.c:1243 src/exec_pty.c:1251 -#: src/exec_pty.c:1668 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:208 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 -#: src/sudo.c:1240 src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 -#: src/sudo_edit.c:891 src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_nopty.c:218 +#: src/exec_nopty.c:227 src/exec_nopty.c:234 src/exec_nopty.c:241 +#: src/exec_nopty.c:248 src/exec_nopty.c:255 src/exec_nopty.c:262 +#: src/exec_nopty.c:269 src/exec_nopty.c:276 src/exec_nopty.c:283 +#: src/exec_nopty.c:290 src/exec_nopty.c:297 src/exec_nopty.c:305 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1206 src/exec_pty.c:1215 src/exec_pty.c:1222 +#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 +#: src/exec_pty.c:1250 src/exec_pty.c:1257 src/exec_pty.c:1264 +#: src/exec_pty.c:1271 src/exec_pty.c:1278 src/exec_pty.c:1286 +#: src/exec_pty.c:1709 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:208 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:239 src/sudo.c:625 +#: src/sudo.c:847 src/sudo.c:1037 src/sudo.c:1059 src/sudo.c:1355 +#: src/sudo.c:1528 src/sudo.c:1722 src/sudo.c:2066 src/sudo_edit.c:270 +#: src/sudo_edit.c:775 src/sudo_edit.c:872 src/sudo_edit.c:986 +#: src/sudo_edit.c:1006 msgid "unable to allocate memory" msgstr "impossível alocar memória" +#: lib/util/mkdir_parents.c:79 lib/util/sudo_conf.c:619 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 +#, c-format +msgid "unable to open %s" +msgstr "impossível abrir %s" + +#: lib/util/mkdir_parents.c:94 +#, c-format +msgid "unable to mkdir %s" +msgstr "impossível executar mkdir %s" + +#: lib/util/mkdir_parents.c:103 lib/util/sudo_conf.c:596 +#, c-format +msgid "unable to stat %s" +msgstr "impossível obter informações de %s" + +#: lib/util/mkdir_parents.c:108 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s existe, mas não é uma pasta (0%o)" + #: lib/util/strsignal.c:55 msgid "Unknown signal" msgstr "Sinal desconhecido" #: lib/util/strtoid.c:96 lib/util/strtomode.c:56 lib/util/strtonum.c:161 -#: lib/util/strtonum.c:196 +#: lib/util/strtonum.c:200 msgid "invalid value" msgstr "valor inválido" @@ -112,87 +136,77 @@ msgid "value too small" msgstr "valor muito pequeno" -#: lib/util/sudo_conf.c:212 +#: lib/util/sudo_conf.c:210 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "valor de caminho inválido \"%s\" em %s, linha %u" -#: lib/util/sudo_conf.c:378 lib/util/sudo_conf.c:431 +#: lib/util/sudo_conf.c:376 lib/util/sudo_conf.c:392 lib/util/sudo_conf.c:445 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "valor inválido %s \"%s\" em %s, linha %u" -#: lib/util/sudo_conf.c:399 +#: lib/util/sudo_conf.c:413 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "fonte de grupo não suportada \"%s\" em %s, linna %u" -#: lib/util/sudo_conf.c:415 +#: lib/util/sudo_conf.c:429 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "máximo de grupos inválido \"%s\" em %s, linha %u" -#: lib/util/sudo_conf.c:576 -#, c-format -msgid "unable to stat %s" -msgstr "impossível obter informações de %s" - -#: lib/util/sudo_conf.c:579 +#: lib/util/sudo_conf.c:599 #, c-format msgid "%s is not a regular file" msgstr "%s não é um ficheiro normal" -#: lib/util/sudo_conf.c:582 +#: lib/util/sudo_conf.c:602 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s é propriedade de uid %u, deveria ser %u" -#: lib/util/sudo_conf.c:586 +#: lib/util/sudo_conf.c:606 #, c-format msgid "%s is world writable" msgstr "%s é escrito universalmente" -#: lib/util/sudo_conf.c:589 +#: lib/util/sudo_conf.c:609 #, c-format msgid "%s is group writable" msgstr "%s é escrito pelo grupo" -#: lib/util/sudo_conf.c:599 src/selinux.c:233 src/selinux.c:250 src/sudo.c:363 -#, c-format -msgid "unable to open %s" -msgstr "impossível abrir %s" - -#: src/exec.c:111 +#: src/exec.c:135 #, c-format msgid "unknown login class %s" msgstr "classe de sessão %s desconhecida" -#: src/exec.c:123 +#: src/exec.c:147 msgid "unable to set user context" msgstr "impossível definir contexto de utilizador" -#: src/exec.c:139 +#: src/exec.c:163 msgid "unable to set process priority" msgstr "impossível processar prioridade" -#: src/exec.c:150 +#: src/exec.c:177 #, c-format msgid "unable to change root to %s" msgstr "impossível alterar root para %s" -#: src/exec.c:163 src/exec.c:169 src/exec.c:176 +#: src/exec.c:190 src/exec.c:196 src/exec.c:203 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "impossível alterar para runas uid (%u, %u)" -#: src/exec.c:194 +#: src/exec.c:221 #, c-format msgid "unable to change directory to %s" msgstr "impossível alterar pasta para %s" -#: src/exec.c:293 src/exec_monitor.c:576 src/exec_monitor.c:578 -#: src/exec_nopty.c:538 src/exec_pty.c:530 src/exec_pty.c:1336 -#: src/exec_pty.c:1338 src/signal.c:150 src/signal.c:164 +#: src/exec.c:304 src/exec_monitor.c:569 src/exec_monitor.c:571 +#: src/exec_nopty.c:537 src/exec_pty.c:566 src/exec_pty.c:1373 +#: src/exec_pty.c:1375 src/signal.c:150 src/signal.c:164 #, c-format msgid "unable to set handler for signal %d" msgstr "impossível definir gestor para sinal %d" @@ -201,89 +215,107 @@ msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "impossível remover PRIV_PROC_EXEC de PRIV_LIMIT" -#: src/exec_monitor.c:366 +#: src/exec_monitor.c:365 msgid "error reading from socketpair" msgstr "erro ao ler de socketpair" -#: src/exec_monitor.c:383 +#: src/exec_monitor.c:382 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "tipo de resposta inesperada no canal secundário: %d" -#: src/exec_monitor.c:475 src/exec_monitor.c:483 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_monitor.c:533 -#: src/exec_monitor.c:540 src/exec_nopty.c:222 src/exec_nopty.c:231 -#: src/exec_nopty.c:238 src/exec_nopty.c:245 src/exec_nopty.c:252 -#: src/exec_nopty.c:259 src/exec_nopty.c:266 src/exec_nopty.c:273 -#: src/exec_nopty.c:280 src/exec_nopty.c:287 src/exec_nopty.c:294 -#: src/exec_nopty.c:301 src/exec_nopty.c:309 src/exec_pty.c:652 -#: src/exec_pty.c:657 src/exec_pty.c:754 src/exec_pty.c:761 src/exec_pty.c:858 -#: src/exec_pty.c:1173 src/exec_pty.c:1182 src/exec_pty.c:1189 -#: src/exec_pty.c:1196 src/exec_pty.c:1203 src/exec_pty.c:1210 -#: src/exec_pty.c:1217 src/exec_pty.c:1224 src/exec_pty.c:1231 -#: src/exec_pty.c:1238 src/exec_pty.c:1245 src/exec_pty.c:1621 -#: src/exec_pty.c:1631 src/exec_pty.c:1676 src/exec_pty.c:1683 -#: src/exec_pty.c:1710 +#: src/exec_monitor.c:468 src/exec_monitor.c:476 src/exec_monitor.c:484 +#: src/exec_monitor.c:491 src/exec_monitor.c:498 src/exec_monitor.c:505 +#: src/exec_monitor.c:512 src/exec_monitor.c:519 src/exec_monitor.c:526 +#: src/exec_monitor.c:533 src/exec_nopty.c:220 src/exec_nopty.c:229 +#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 +#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 +#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 +#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:688 +#: src/exec_pty.c:693 src/exec_pty.c:790 src/exec_pty.c:797 src/exec_pty.c:894 +#: src/exec_pty.c:1208 src/exec_pty.c:1217 src/exec_pty.c:1224 +#: src/exec_pty.c:1231 src/exec_pty.c:1238 src/exec_pty.c:1245 +#: src/exec_pty.c:1252 src/exec_pty.c:1259 src/exec_pty.c:1266 +#: src/exec_pty.c:1273 src/exec_pty.c:1280 src/exec_pty.c:1662 +#: src/exec_pty.c:1672 src/exec_pty.c:1717 src/exec_pty.c:1724 +#: src/exec_pty.c:1751 msgid "unable to add event to queue" msgstr "impossível adicionar evento à fila" -#: src/exec_monitor.c:594 +#: src/exec_monitor.c:587 msgid "unable to set controlling tty" msgstr "impossível definir tty de controlo" -#: src/exec_monitor.c:602 src/exec_nopty.c:366 src/exec_pty.c:1415 -#: src/exec_pty.c:1436 src/exec_pty.c:1456 src/tgetpass.c:307 +#: src/exec_monitor.c:595 src/exec_nopty.c:364 src/exec_pty.c:1452 +#: src/exec_pty.c:1473 src/exec_pty.c:1493 src/tgetpass.c:311 msgid "unable to create pipe" msgstr "impossível criar túnel" -#: src/exec_monitor.c:610 +#: src/exec_monitor.c:603 msgid "unable to receive message from parent" msgstr "impossível receber mensagem de pai" -#: src/exec_monitor.c:624 src/exec_nopty.c:395 src/exec_pty.c:1494 -#: src/tgetpass.c:311 +#: src/exec_monitor.c:617 src/exec_nopty.c:393 src/exec_pty.c:1531 +#: src/tgetpass.c:315 msgid "unable to fork" msgstr "impossível bifurcar" -#: src/exec_monitor.c:628 src/exec_monitor.c:727 src/exec_nopty.c:448 +#: src/exec_monitor.c:621 src/exec_monitor.c:720 src/exec_nopty.c:447 msgid "unable to restore tty label" msgstr "impossível restaurar rótulo tty" -#: src/exec_monitor.c:644 src/sesh.c:127 src/sudo.c:1100 +#: src/exec_monitor.c:637 src/sesh.c:127 src/sudo.c:1114 #, c-format msgid "unable to execute %s" msgstr "impossível executar %s" -#: src/exec_nopty.c:360 src/exec_pty.c:1345 +#: src/exec_nopty.c:358 src/exec_pty.c:1382 msgid "policy plugin failed session initialization" msgstr "a extensão de política falhou a inicialização de sessão" -#: src/exec_nopty.c:437 src/exec_pty.c:1581 +#: src/exec_nopty.c:435 src/exec_pty.c:1617 msgid "error in event loop" msgstr "erro em ciclo de evento" -#: src/exec_nopty.c:546 src/exec_pty.c:565 src/signal.c:112 +#: src/exec_nopty.c:545 src/exec_pty.c:601 src/signal.c:112 #, c-format msgid "unable to restore handler for signal %d" msgstr "impossível restaurar gestor para o sinal %d" -#: src/exec_pty.c:158 +#: src/exec_pty.c:157 msgid "unable to allocate pty" msgstr "impossível alocar pty" -#: src/exec_pty.c:1325 +#: src/exec_pty.c:221 src/exec_pty.c:260 src/exec_pty.c:299 src/exec_pty.c:349 +#: src/exec_pty.c:399 +msgid "I/O plugin error" +msgstr "Erro da extensão E/S" + +#: src/exec_pty.c:224 src/exec_pty.c:263 src/exec_pty.c:302 src/exec_pty.c:352 +#: src/exec_pty.c:402 +msgid "command rejected by I/O plugin" +msgstr "comando rejeitado pela extensão E/S" + +#: src/exec_pty.c:449 +msgid "error logging suspend" +msgstr "erro ao registar suspensão" + +#: src/exec_pty.c:482 +msgid "error changing window size" +msgstr "erro ao alterar o tamanho da janela" + +#: src/exec_pty.c:1362 msgid "unable to create sockets" msgstr "impossível criar sockets" -#: src/exec_pty.c:1538 +#: src/exec_pty.c:1574 msgid "unable to send message to monitor process" msgstr "impossível enviar mensagem para monitorizar processo" #: src/load_plugins.c:57 src/load_plugins.c:70 src/load_plugins.c:92 -#: src/load_plugins.c:122 src/load_plugins.c:134 src/load_plugins.c:140 -#: src/load_plugins.c:181 src/load_plugins.c:189 src/load_plugins.c:196 -#: src/load_plugins.c:202 +#: src/load_plugins.c:122 src/load_plugins.c:136 src/load_plugins.c:142 +#: src/load_plugins.c:293 src/load_plugins.c:301 src/load_plugins.c:308 +#: src/load_plugins.c:348 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "erro em %s, linha %d ao carregar a extensão \"%s\"" @@ -293,61 +325,56 @@ msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:136 +#: src/load_plugins.c:138 #, c-format msgid "%s must be owned by uid %d" msgstr "%s tem de ser propriedade de uid %d" -#: src/load_plugins.c:142 +#: src/load_plugins.c:144 #, c-format msgid "%s must be only be writable by owner" msgstr "%s só pode ter permissão de escrita para o dono" -#: src/load_plugins.c:183 +#: src/load_plugins.c:254 src/load_plugins.c:321 +#, c-format +msgid "ignoring duplicate plugin \"%s\" in %s, line %d" +msgstr "a ignorar extensão duplicada \"%s\" em %s, linha %d" + +#: src/load_plugins.c:295 #, c-format msgid "unable to load %s: %s" msgstr "impossível carregar %s: %s" -#: src/load_plugins.c:191 +#: src/load_plugins.c:303 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "impossível encontrar símbolo \"%s\" em %s" -#: src/load_plugins.c:198 -#, c-format -msgid "unknown policy type %d found in %s" -msgstr "tipo de política %d desconhecida encontrada em %s" - -#: src/load_plugins.c:204 +#: src/load_plugins.c:310 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "versão principal de extensão %d incompatível (esperada %d) encontrada em %s" -#: src/load_plugins.c:213 +#: src/load_plugins.c:324 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "a ignorar extensão de política \"%s\" em %s, linha %d" -#: src/load_plugins.c:215 +#: src/load_plugins.c:326 msgid "only a single policy plugin may be specified" msgstr "só pode especificar um tipo de extensão de política" -#: src/load_plugins.c:218 -#, c-format -msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" -msgstr "a ignorar extensão de política duplicada \"%s\" em %s, linha %d" - -#: src/load_plugins.c:237 +#: src/load_plugins.c:350 #, c-format -msgid "ignoring duplicate I/O plugin \"%s\" in %s, line %d" -msgstr "a ignorar extensão E/S duplicada \"%s\" em %s, linha %d" +msgid "unknown plugin type %d found in %s" +msgstr "tipo de extensão %d desconhecida encontrada em %s" -#: src/load_plugins.c:353 +#: src/load_plugins.c:511 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "extensão de política %s não inclui um método check_policy" -#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:473 +#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:478 #, c-format msgid "internal error, %s overflow" msgstr "erro interno, transporte %s" @@ -361,39 +388,39 @@ msgid "the argument to -C must be a number greater than or equal to 3" msgstr "o argumento para -C tem de ser um número maior ou igual a 3" -#: src/parse_args.c:523 +#: src/parse_args.c:524 msgid "you may not specify both the `-i' and `-s' options" msgstr "não pode especificar ambas as opções \"-i\" e \"-s\"" -#: src/parse_args.c:527 +#: src/parse_args.c:528 msgid "you may not specify both the `-i' and `-E' options" msgstr "não pode especificar ambas as opções \"-i\" e \"-E\"" -#: src/parse_args.c:537 +#: src/parse_args.c:538 msgid "the `-E' option is not valid in edit mode" msgstr "a opção \"-E\" não é válida em modo de edição" -#: src/parse_args.c:539 +#: src/parse_args.c:540 msgid "you may not specify environment variables in edit mode" msgstr "não pode especificar variáveis de ambiente em modo de edição" -#: src/parse_args.c:547 +#: src/parse_args.c:548 msgid "the `-U' option may only be used with the `-l' option" msgstr "a opção \"-U\" só pode ser usada com a opção \"-l\"" -#: src/parse_args.c:551 +#: src/parse_args.c:552 msgid "the `-A' and `-S' options may not be used together" msgstr "não pode especificar ambas as opções \"-A\" e \"-S\"" -#: src/parse_args.c:627 +#: src/parse_args.c:645 msgid "sudoedit is not supported on this platform" msgstr "sudoedit não é suportado nesta plataforma" -#: src/parse_args.c:700 +#: src/parse_args.c:726 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Só uma das opções -e, -h, -i, -K, -l, -s, -v ou -V pode ser especificada" -#: src/parse_args.c:714 +#: src/parse_args.c:740 #, c-format msgid "" "%s - edit files as another user\n" @@ -402,7 +429,7 @@ "%s - edita ficheiros como outro utilizador\n" "\n" -#: src/parse_args.c:716 +#: src/parse_args.c:742 #, c-format msgid "" "%s - execute a command as another user\n" @@ -411,7 +438,7 @@ "%s - executa um comando como outro utilizador\n" "\n" -#: src/parse_args.c:721 +#: src/parse_args.c:747 #, c-format msgid "" "\n" @@ -420,123 +447,123 @@ "\n" "Opções:\n" -#: src/parse_args.c:723 +#: src/parse_args.c:749 msgid "use a helper program for password prompting" msgstr "usa um programa de ajuda para pedir a senha" -#: src/parse_args.c:726 +#: src/parse_args.c:752 msgid "use specified BSD authentication type" msgstr "usa um tipo de autenticação BSD especificado" -#: src/parse_args.c:729 +#: src/parse_args.c:755 msgid "run command in the background" msgstr "executa o comando em 2º plano" -#: src/parse_args.c:731 +#: src/parse_args.c:757 msgid "ring bell when prompting" msgstr "tocar campainha ao pedir" -#: src/parse_args.c:733 +#: src/parse_args.c:759 msgid "close all file descriptors >= num" msgstr "fecha todos os descritores de ficheiros >= num" -#: src/parse_args.c:736 +#: src/parse_args.c:762 msgid "run command with the specified BSD login class" msgstr "executa o comando com a classe de sessão BSD especificada" -#: src/parse_args.c:739 +#: src/parse_args.c:765 msgid "preserve user environment when running command" msgstr "preserva o ambiente de utilizador ao executar o comando" -#: src/parse_args.c:741 +#: src/parse_args.c:767 msgid "preserve specific environment variables" msgstr "preserva variáveis de ambiente específicas" -#: src/parse_args.c:743 +#: src/parse_args.c:769 msgid "edit files instead of running a command" msgstr "edita ficheiros em vez de executar um comando" -#: src/parse_args.c:745 +#: src/parse_args.c:771 msgid "run command as the specified group name or ID" msgstr "executa o comando como nome de grupo ou ID especificados" -#: src/parse_args.c:747 +#: src/parse_args.c:773 msgid "set HOME variable to target user's home dir" msgstr "define a variável HOME para a pasta home do utilizador alvo" -#: src/parse_args.c:749 +#: src/parse_args.c:775 msgid "display help message and exit" msgstr "mostra a ajuda e sai" -#: src/parse_args.c:751 +#: src/parse_args.c:777 msgid "run command on host (if supported by plugin)" msgstr "executa o comando no anfitrião (se suportado pela extensão)" -#: src/parse_args.c:753 +#: src/parse_args.c:779 msgid "run login shell as the target user; a command may also be specified" msgstr "executa a shell de sessão como utilizador alvo; também pode especificar um comando" -#: src/parse_args.c:755 +#: src/parse_args.c:781 msgid "remove timestamp file completely" msgstr "remove completamente o ficheiro de datação" -#: src/parse_args.c:757 +#: src/parse_args.c:783 msgid "invalidate timestamp file" msgstr "invalida o ficheiro de datação" -#: src/parse_args.c:759 +#: src/parse_args.c:785 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "lista privilégios do utilizador ou verifica um comando específico; use duas vezes para formato mais longo" -#: src/parse_args.c:761 +#: src/parse_args.c:787 msgid "non-interactive mode, no prompts are used" msgstr "modo não-interactivo, não usa prompts" -#: src/parse_args.c:763 +#: src/parse_args.c:789 msgid "preserve group vector instead of setting to target's" msgstr "preserva vector de grupo em vez de o definir para o do alvo" -#: src/parse_args.c:765 +#: src/parse_args.c:791 msgid "use the specified password prompt" msgstr "usa o pedido de senha especificado" -#: src/parse_args.c:768 +#: src/parse_args.c:794 msgid "create SELinux security context with specified role" msgstr "cria contexto de segurnaça SELinux com o papel especificado" -#: src/parse_args.c:771 +#: src/parse_args.c:797 msgid "read password from standard input" msgstr "lê a senha da entrada padrão" -#: src/parse_args.c:773 +#: src/parse_args.c:799 msgid "run shell as the target user; a command may also be specified" msgstr "executa a shell como utilizador alvo; também pode especificar um comando" -#: src/parse_args.c:776 +#: src/parse_args.c:802 msgid "create SELinux security context with specified type" msgstr "cria contexto de segurnaça SELinux com o tipo especificado" -#: src/parse_args.c:779 +#: src/parse_args.c:805 msgid "terminate command after the specified time limit" msgstr "termina o comando após o tempo limite especificado" -#: src/parse_args.c:781 +#: src/parse_args.c:807 msgid "in list mode, display privileges for user" msgstr "em modo Lista, mostra os privilégios do utilizador" -#: src/parse_args.c:783 +#: src/parse_args.c:809 msgid "run command (or edit file) as specified user name or ID" msgstr "executa o comando (ou edita o ficheiro) como nome ou ID de utilizador especificados" -#: src/parse_args.c:785 +#: src/parse_args.c:811 msgid "display version information and exit" msgstr "mostra informação da versão e sai" -#: src/parse_args.c:787 +#: src/parse_args.c:813 msgid "update user's timestamp without running a command" msgstr "actualiza datação do utilizador sem executar um comando" -#: src/parse_args.c:789 +#: src/parse_args.c:815 msgid "stop processing command line arguments" msgstr "pára o processamento de argumentos da linha de comandos" @@ -568,7 +595,7 @@ msgid "unable to open %s, not relabeling tty" msgstr "impossível abrir %s, sem re-rotular tty" -#: src/selinux.c:194 src/selinux.c:237 src/selinux.c:254 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s não é um dispositivo carácter, sem re-rotular tty" @@ -589,54 +616,54 @@ msgid "unable to set new tty context" msgstr "impossível definir novo contexto tty" -#: src/selinux.c:298 +#: src/selinux.c:322 #, c-format msgid "you must specify a role for type %s" msgstr "tem de especificar um papel para o tipo %s" -#: src/selinux.c:304 +#: src/selinux.c:328 #, c-format msgid "unable to get default type for role %s" msgstr "impossível obter o tipo predefinido para o papel %s" -#: src/selinux.c:316 +#: src/selinux.c:340 msgid "failed to get new context" msgstr "falha ao obter novo contexto" -#: src/selinux.c:325 +#: src/selinux.c:349 #, c-format msgid "failed to set new role %s" msgstr "falha ao definir novo papel %s" -#: src/selinux.c:329 +#: src/selinux.c:353 #, c-format msgid "failed to set new type %s" msgstr "falha ao definir novo tipo %s" -#: src/selinux.c:341 +#: src/selinux.c:365 #, c-format msgid "%s is not a valid context" msgstr "%s não é um contexto válido" -#: src/selinux.c:373 +#: src/selinux.c:397 msgid "failed to get old context" msgstr "falha ao obter contexto antigo" -#: src/selinux.c:379 +#: src/selinux.c:403 msgid "unable to determine enforcing mode." msgstr "impossível determinar modo de imposição." -#: src/selinux.c:396 +#: src/selinux.c:420 #, c-format msgid "unable to set tty context to %s" msgstr "impossível definir contexto tty para %s" -#: src/selinux.c:428 +#: src/selinux.c:452 #, c-format msgid "unable to set exec context to %s" msgstr "impossível definir contexto exec para %s" -#: src/selinux.c:435 +#: src/selinux.c:459 #, c-format msgid "unable to set key creation context to %s" msgstr "impossível definir contexto de criação de chave para %s" @@ -703,185 +730,211 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "aviso: falha na atribuição de controlo de recursos para o projecto \"%s\"" -#: src/sudo.c:204 +#: src/sudo.c:224 #, c-format msgid "Sudo version %s\n" msgstr "Sudo versão %s\n" -#: src/sudo.c:206 +#: src/sudo.c:226 #, c-format msgid "Configure options: %s\n" msgstr "Opções de configuração: %s\n" -#: src/sudo.c:214 +#: src/sudo.c:235 msgid "fatal error, unable to load plugins" msgstr "erro fatal, impossível carregar extensões" -#: src/sudo.c:222 -msgid "unable to initialize policy plugin" -msgstr "impossível inicializar a extensão de política" - -#: src/sudo.c:266 +#: src/sudo.c:280 msgid "plugin did not return a command to execute" msgstr "a extensão não devolveu um comando a executar" -#: src/sudo.c:282 -#, c-format -msgid "error initializing I/O plugin %s" -msgstr "erro ao inicializar a extensão E/S %s" - -#: src/sudo.c:306 +#: src/sudo.c:311 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "modo sudo 0x%x inesperado" -#: src/sudo.c:538 +#: src/sudo.c:544 #, c-format msgid "you do not exist in the %s database" msgstr "utilizador não existente na base de dados %s" -#: src/sudo.c:595 +#: src/sudo.c:601 msgid "unable to determine tty" msgstr "impossível determinar tty" -#: src/sudo.c:887 +#: src/sudo.c:893 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s tem ser propriedade de uid %d e ter o bit setuid definido" -#: src/sudo.c:890 +#: src/sudo.c:896 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "a uid efectiva não é %d, é %s num sistema de ficheiros com a opção 'nosuid' definida ou um sistema de ficheiros NFS sem privilégios root?" -#: src/sudo.c:896 +#: src/sudo.c:902 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "a uid efectiva não é %d, tem sudo instalado com setuid root?" -#: src/sudo.c:912 +#: src/sudo.c:918 msgid "unable to set supplementary group IDs" msgstr "impossível definir IDs de grupo suplementares" -#: src/sudo.c:919 +#: src/sudo.c:925 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "impossível definir gid efectiva para gid runas %u" -#: src/sudo.c:925 +#: src/sudo.c:931 #, c-format msgid "unable to set gid to runas gid %u" msgstr "impossível definir gid para gid runas %u" -#: src/sudo.c:982 +#: src/sudo.c:978 #, c-format msgid "unexpected child termination condition: %d" msgstr "condição de terminação de filho inesperada: %d" -#: src/sudo.c:1128 +#: src/sudo.c:1087 +msgid "unable to initialize policy plugin" +msgstr "impossível inicializar a extensão de política" + +#: src/sudo.c:1148 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "a extensão de política %s tem o método \"check_policy\" em falta" -#: src/sudo.c:1146 +#: src/sudo.c:1163 src/sudo.c:1216 src/sudo.c:1260 +msgid "command rejected by policy" +msgstr "cpmando rejeitado pela política" + +#: src/sudo.c:1168 src/sudo.c:1221 src/sudo.c:1265 +msgid "policy plugin error" +msgstr "erro da extensão de política" + +#: src/sudo.c:1202 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "a extensão de política %s não suporta privilégios de listagem" -#: src/sudo.c:1163 +#: src/sudo.c:1246 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "a extensão de política %s não suporta a opção -v" -#: src/sudo.c:1178 +#: src/sudo.c:1284 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "a extensão de política %s não suporta as opções -k/-K" -#: src/sudo_edit.c:221 +#: src/sudo.c:1413 +#, c-format +msgid "error initializing I/O plugin %s" +msgstr "erro ao inicializar a extensão E/S %s" + +#: src/sudo.c:1567 +#, c-format +msgid "error initializing audit plugin %s" +msgstr "erro ao inicializar a extensão de auditoria %s" + +#: src/sudo.c:1745 +#, c-format +msgid "error initializing approval plugin %s" +msgstr "erro ao inicializar a extensão de aprovação %s" + +#: src/sudo.c:1821 +msgid "command rejected by approver" +msgstr "comando rejeitado pelo aprovador" + +#: src/sudo.c:1830 +msgid "approval plugin error" +msgstr "erro da extensão de aprovação" + +#: src/sudo_edit.c:233 msgid "no writable temporary directory found" msgstr "sem pasta temporária onde possa escrever" -#: src/sudo_edit.c:288 src/sudo_edit.c:377 +#: src/sudo_edit.c:358 msgid "unable to restore current working directory" msgstr "impossível restaurar pasta de trabalho actual" -#: src/sudo_edit.c:594 src/sudo_edit.c:707 +#: src/sudo_edit.c:575 src/sudo_edit.c:688 #, c-format msgid "%s: not a regular file" msgstr "%s não é um ficheiro normal" -#: src/sudo_edit.c:601 +#: src/sudo_edit.c:582 #, c-format msgid "%s: editing symbolic links is not permitted" msgstr "%s: não é permitido editar ligações simbólicas" -#: src/sudo_edit.c:604 +#: src/sudo_edit.c:585 #, c-format msgid "%s: editing files in a writable directory is not permitted" msgstr "%s: não é permitido editar ficheiros numa pasta onde se pode escrever" -#: src/sudo_edit.c:637 src/sudo_edit.c:747 +#: src/sudo_edit.c:618 src/sudo_edit.c:728 #, c-format msgid "%s: short write" msgstr "%s: escrita curta" -#: src/sudo_edit.c:708 +#: src/sudo_edit.c:689 #, c-format msgid "%s left unmodified" msgstr "%s deixado sem alterações" -#: src/sudo_edit.c:721 src/sudo_edit.c:908 +#: src/sudo_edit.c:702 src/sudo_edit.c:889 #, c-format msgid "%s unchanged" msgstr "%s não alterado" -#: src/sudo_edit.c:736 src/sudo_edit.c:758 +#: src/sudo_edit.c:717 src/sudo_edit.c:739 #, c-format msgid "unable to write to %s" msgstr "impossível escrever em %s" -#: src/sudo_edit.c:737 src/sudo_edit.c:756 src/sudo_edit.c:759 -#: src/sudo_edit.c:933 src/sudo_edit.c:937 +#: src/sudo_edit.c:718 src/sudo_edit.c:737 src/sudo_edit.c:740 +#: src/sudo_edit.c:914 src/sudo_edit.c:918 #, c-format msgid "contents of edit session left in %s" msgstr "conteúdo da sessão de edição deixados em %s" -#: src/sudo_edit.c:755 +#: src/sudo_edit.c:736 msgid "unable to read temporary file" msgstr "impossível ler ficheiro temporário" -#: src/sudo_edit.c:838 +#: src/sudo_edit.c:819 msgid "sesh: internal error: odd number of paths" msgstr "sesh: erro interno: número de caminhos ímpar" -#: src/sudo_edit.c:840 +#: src/sudo_edit.c:821 msgid "sesh: unable to create temporary files" msgstr "sesh: impossível criar ficheiros temporários" -#: src/sudo_edit.c:842 src/sudo_edit.c:940 +#: src/sudo_edit.c:823 src/sudo_edit.c:921 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: erro %d desconhecido" -#: src/sudo_edit.c:932 +#: src/sudo_edit.c:913 msgid "unable to copy temporary files back to their original location" msgstr "impossível copiar ficheiros temporários de volta à localização original" -#: src/sudo_edit.c:936 +#: src/sudo_edit.c:917 msgid "unable to copy some of the temporary files back to their original location" msgstr "impossível copiar alguns ficheiros temporários de volta à localização original" -#: src/sudo_edit.c:981 +#: src/sudo_edit.c:962 #, c-format msgid "unable to change uid to root (%u)" msgstr "impossível alterar uid para root (%u)" -#: src/sudo_edit.c:998 +#: src/sudo_edit.c:979 msgid "plugin error: missing file list for sudoedit" msgstr "erro de extensão: lista de ficheiros para sudoedit em falta" -#: src/sudo_edit.c:1039 src/sudo_edit.c:1052 +#: src/sudo_edit.c:1020 src/sudo_edit.c:1033 msgid "unable to read the clock" msgstr "impossível ler o relógio" @@ -905,17 +958,17 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "sem programa askpass especificado, tente definir SUDO_ASKPASS" -#: src/tgetpass.c:322 +#: src/tgetpass.c:332 #, c-format msgid "unable to set gid to %u" msgstr "impossível definir gid para %u" -#: src/tgetpass.c:326 +#: src/tgetpass.c:336 #, c-format msgid "unable to set uid to %u" msgstr "impossível definir uid para %u" -#: src/tgetpass.c:331 +#: src/tgetpass.c:341 #, c-format msgid "unable to run %s" msgstr "impossível executar %s" @@ -932,6 +985,9 @@ msgid "unable to restore stdin" msgstr "impossível restaurar stdin" +#~ msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" +#~ msgstr "a ignorar extensão de política duplicada \"%s\" em %s, linha %d" + #~ msgid "no tty present and no askpass program specified" #~ msgstr "sem tty presente e sem programa askpass especificado" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/po/sr.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/po/sr.mo differ diff -Nru sudo-1.8.31/po/sr.po sudo-1.9.0/po/sr.po --- sudo-1.8.31/po/sr.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/po/sr.po 2020-05-11 16:28:23.000000000 +0000 @@ -1,12 +1,12 @@ # Serbian translations for sudo package. # This file is put in the public domain. -# Мирослав Николић , 2011—2017. +# Мирослав Николић , 2011—2020. msgid "" msgstr "" -"Project-Id-Version: sudo-1.8.21b2\n" +"Project-Id-Version: sudo-1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2017-08-03 10:04-0600\n" -"PO-Revision-Date: 2017-08-06 14:45+0200\n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-04-02 18:29+0200\n" "Last-Translator: Мирослав Николић \n" "Language-Team: Serbian <(nothing)>\n" "Language: sr\n" @@ -14,9 +14,10 @@ "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" +"X-Generator: Virtaal 0.7.1\n" "X-Bugs: Report translation errors to the Language-Team address.\n" -#: lib/util/aix.c:85 lib/util/aix.c:172 +#: lib/util/aix.c:92 lib/util/aix.c:172 msgid "unable to open userdb" msgstr "не могу да отворим корисничку базу података" @@ -29,331 +30,395 @@ msgid "unable to restore registry" msgstr "не могу да повратим регистар" -#: lib/util/aix.c:275 lib/util/gidlist.c:64 lib/util/gidlist.c:74 -#: lib/util/sudo_conf.c:186 lib/util/sudo_conf.c:272 lib/util/sudo_conf.c:349 -#: lib/util/sudo_conf.c:553 src/conversation.c:75 src/exec_common.c:107 -#: src/exec_common.c:123 src/exec_common.c:132 src/exec_monitor.c:167 -#: src/exec_nopty.c:462 src/exec_pty.c:667 src/exec_pty.c:676 -#: src/exec_pty.c:738 src/exec_pty.c:867 src/load_plugins.c:52 -#: src/load_plugins.c:65 src/load_plugins.c:215 src/load_plugins.c:238 -#: src/load_plugins.c:303 src/load_plugins.c:318 src/parse_args.c:177 -#: src/parse_args.c:198 src/parse_args.c:273 src/parse_args.c:540 -#: src/parse_args.c:562 src/preserve_fds.c:47 src/preserve_fds.c:130 -#: src/selinux.c:84 src/selinux.c:309 src/selinux.c:432 src/selinux.c:441 -#: src/sesh.c:115 src/sudo.c:389 src/sudo.c:416 src/sudo.c:481 src/sudo.c:603 -#: src/sudo.c:663 src/sudo.c:673 src/sudo.c:693 src/sudo.c:712 src/sudo.c:721 -#: src/sudo.c:730 src/sudo.c:747 src/sudo.c:788 src/sudo.c:798 src/sudo.c:818 -#: src/sudo.c:1058 src/sudo.c:1079 src/sudo.c:1253 src/sudo.c:1351 -#: src/sudo_edit.c:148 src/sudo_edit.c:771 src/sudo_edit.c:868 -#: src/sudo_edit.c:982 src/sudo_edit.c:1002 +#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/gidlist.c:81 +#: lib/util/json.c:66 lib/util/json.c:192 lib/util/sudo_conf.c:191 +#: lib/util/sudo_conf.c:277 lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 +#: src/conversation.c:86 src/exec_common.c:114 src/exec_common.c:130 +#: src/exec_common.c:139 src/exec_monitor.c:211 src/exec_monitor.c:460 +#: src/exec_monitor.c:466 src/exec_monitor.c:474 src/exec_monitor.c:482 +#: src/exec_monitor.c:489 src/exec_monitor.c:496 src/exec_monitor.c:503 +#: src/exec_monitor.c:510 src/exec_monitor.c:517 src/exec_monitor.c:524 +#: src/exec_monitor.c:531 src/exec_nopty.c:218 src/exec_nopty.c:227 +#: src/exec_nopty.c:234 src/exec_nopty.c:241 src/exec_nopty.c:248 +#: src/exec_nopty.c:255 src/exec_nopty.c:262 src/exec_nopty.c:269 +#: src/exec_nopty.c:276 src/exec_nopty.c:283 src/exec_nopty.c:290 +#: src/exec_nopty.c:297 src/exec_nopty.c:305 src/exec_nopty.c:479 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1038 src/exec_pty.c:1206 src/exec_pty.c:1215 +#: src/exec_pty.c:1222 src/exec_pty.c:1229 src/exec_pty.c:1236 +#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 +#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 +#: src/exec_pty.c:1286 src/exec_pty.c:1709 src/load_plugins.c:59 +#: src/load_plugins.c:72 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:207 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:625 src/sudo.c:685 +#: src/sudo.c:695 src/sudo.c:716 src/sudo.c:735 src/sudo.c:744 src/sudo.c:753 +#: src/sudo.c:770 src/sudo.c:811 src/sudo.c:821 src/sudo.c:847 src/sudo.c:1037 +#: src/sudo.c:1059 src/sudo.c:1355 src/sudo.c:1528 src/sudo.c:1722 +#: src/sudo.c:2066 src/sudo_edit.c:270 src/sudo_edit.c:775 src/sudo_edit.c:872 +#: src/sudo_edit.c:986 src/sudo_edit.c:1006 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/util/aix.c:275 lib/util/gidlist.c:64 lib/util/sudo_conf.c:187 -#: lib/util/sudo_conf.c:272 lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:553 -#: src/conversation.c:76 src/exec_common.c:107 src/exec_common.c:124 -#: src/exec_common.c:133 src/exec_pty.c:667 src/exec_pty.c:676 -#: src/exec_pty.c:738 src/load_plugins.c:215 src/load_plugins.c:238 -#: src/load_plugins.c:303 src/load_plugins.c:318 src/parse_args.c:177 -#: src/parse_args.c:199 src/parse_args.c:273 src/parse_args.c:540 -#: src/parse_args.c:562 src/preserve_fds.c:47 src/preserve_fds.c:130 -#: src/selinux.c:84 src/selinux.c:309 src/selinux.c:432 src/selinux.c:441 -#: src/sesh.c:115 src/sudo.c:389 src/sudo.c:416 src/sudo.c:481 src/sudo.c:603 -#: src/sudo.c:818 src/sudo.c:1058 src/sudo.c:1079 src/sudo.c:1253 -#: src/sudo.c:1351 src/sudo_edit.c:148 src/sudo_edit.c:771 src/sudo_edit.c:868 -#: src/sudo_edit.c:982 src/sudo_edit.c:1002 +#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/json.c:67 +#: lib/util/json.c:193 lib/util/sudo_conf.c:192 lib/util/sudo_conf.c:277 +#: lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 src/conversation.c:87 +#: src/exec_common.c:114 src/exec_common.c:131 src/exec_common.c:140 +#: src/exec_monitor.c:460 src/exec_monitor.c:466 src/exec_monitor.c:474 +#: src/exec_monitor.c:482 src/exec_monitor.c:489 src/exec_monitor.c:496 +#: src/exec_monitor.c:503 src/exec_monitor.c:510 src/exec_monitor.c:517 +#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_nopty.c:218 +#: src/exec_nopty.c:227 src/exec_nopty.c:234 src/exec_nopty.c:241 +#: src/exec_nopty.c:248 src/exec_nopty.c:255 src/exec_nopty.c:262 +#: src/exec_nopty.c:269 src/exec_nopty.c:276 src/exec_nopty.c:283 +#: src/exec_nopty.c:290 src/exec_nopty.c:297 src/exec_nopty.c:305 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1206 src/exec_pty.c:1215 src/exec_pty.c:1222 +#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 +#: src/exec_pty.c:1250 src/exec_pty.c:1257 src/exec_pty.c:1264 +#: src/exec_pty.c:1271 src/exec_pty.c:1278 src/exec_pty.c:1286 +#: src/exec_pty.c:1709 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:208 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:239 src/sudo.c:625 +#: src/sudo.c:847 src/sudo.c:1037 src/sudo.c:1059 src/sudo.c:1355 +#: src/sudo.c:1528 src/sudo.c:1722 src/sudo.c:2066 src/sudo_edit.c:270 +#: src/sudo_edit.c:775 src/sudo_edit.c:872 src/sudo_edit.c:986 +#: src/sudo_edit.c:1006 msgid "unable to allocate memory" msgstr "не могу да доделим меморију" -#: lib/util/strsignal.c:48 +#: lib/util/mkdir_parents.c:79 lib/util/sudo_conf.c:619 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 +#, c-format +msgid "unable to open %s" +msgstr "не могу да отворим %s" + +#: lib/util/mkdir_parents.c:94 +#, c-format +msgid "unable to mkdir %s" +msgstr "не могу да направим директоријум „%s“" + +#: lib/util/mkdir_parents.c:103 lib/util/sudo_conf.c:596 +#, c-format +msgid "unable to stat %s" +msgstr "не могу да добијем податке о „%s“" + +#: lib/util/mkdir_parents.c:108 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "„%s“ постоји али није директоријум (0%o)" + +#: lib/util/strsignal.c:55 msgid "Unknown signal" msgstr "Непознати сигнал" -#: lib/util/strtoid.c:77 lib/util/strtoid.c:124 lib/util/strtoid.c:152 -#: lib/util/strtomode.c:49 lib/util/strtonum.c:58 lib/util/strtonum.c:176 +#: lib/util/strtoid.c:96 lib/util/strtomode.c:56 lib/util/strtonum.c:161 +#: lib/util/strtonum.c:200 msgid "invalid value" msgstr "неисправна вредност" -#: lib/util/strtoid.c:84 lib/util/strtoid.c:131 lib/util/strtoid.c:159 -#: lib/util/strtomode.c:55 lib/util/strtonum.c:61 lib/util/strtonum.c:188 +#: lib/util/strtomode.c:62 lib/util/strtonum.c:173 msgid "value too large" msgstr "вредност је превелика" -#: lib/util/strtoid.c:86 lib/util/strtoid.c:137 lib/util/strtomode.c:55 -#: lib/util/strtonum.c:61 lib/util/strtonum.c:182 +#: lib/util/strtomode.c:62 lib/util/strtonum.c:167 msgid "value too small" msgstr "вредност је премала" -#: lib/util/sudo_conf.c:205 +#: lib/util/sudo_conf.c:210 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "неисправна вредност путање „%s“ у „%s“, %u. ред" -#: lib/util/sudo_conf.c:371 lib/util/sudo_conf.c:424 +#: lib/util/sudo_conf.c:376 lib/util/sudo_conf.c:392 lib/util/sudo_conf.c:445 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "неисправна вредност за %s „%s“ у „%s“, %u. ред" -#: lib/util/sudo_conf.c:392 +#: lib/util/sudo_conf.c:413 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "неподржани извор групе „%s“ у „%s“, %u. ред" -#: lib/util/sudo_conf.c:408 +#: lib/util/sudo_conf.c:429 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "неисправне највеће групе „%s“ у „%s“, %u. ред" -#: lib/util/sudo_conf.c:569 -#, c-format -msgid "unable to stat %s" -msgstr "не могу да добијем податке о „%s“" - -#: lib/util/sudo_conf.c:572 +#: lib/util/sudo_conf.c:599 #, c-format msgid "%s is not a regular file" msgstr "„%s“ није обична датотека" -#: lib/util/sudo_conf.c:575 +#: lib/util/sudo_conf.c:602 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s је у власништву уиб-а %u, а треба бити %u" -#: lib/util/sudo_conf.c:579 +#: lib/util/sudo_conf.c:606 #, c-format msgid "%s is world writable" msgstr "%s је светски уписив" -#: lib/util/sudo_conf.c:582 +#: lib/util/sudo_conf.c:609 #, c-format msgid "%s is group writable" msgstr "%s је групно уписив" -#: lib/util/sudo_conf.c:592 src/selinux.c:208 src/selinux.c:225 src/sudo.c:357 -#, c-format -msgid "unable to open %s" -msgstr "не могу да отворим %s" - -#: src/exec.c:160 +#: src/exec.c:135 #, c-format msgid "unknown login class %s" msgstr "непозната класа пријаве %s" -#: src/exec.c:173 +#: src/exec.c:147 msgid "unable to set user context" msgstr "не могу да подесим кориснички контекст" -#: src/exec.c:189 +#: src/exec.c:163 msgid "unable to set process priority" msgstr "не могу да подесим приоритет процеса" -#: src/exec.c:197 +#: src/exec.c:177 #, c-format msgid "unable to change root to %s" msgstr "не могу да променим администратора на %s" -#: src/exec.c:210 src/exec.c:216 src/exec.c:223 +#: src/exec.c:190 src/exec.c:196 src/exec.c:203 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "не могу да се пребацим у покрени_као уид (%u, %u)" -#: src/exec.c:241 +#: src/exec.c:221 #, c-format msgid "unable to change directory to %s" msgstr "не могу да променим директоријум у %s" -#: src/exec.c:337 src/exec_monitor.c:526 src/exec_monitor.c:528 -#: src/exec_nopty.c:520 src/exec_pty.c:472 src/exec_pty.c:1184 -#: src/exec_pty.c:1186 src/signal.c:139 src/signal.c:153 +#: src/exec.c:304 src/exec_monitor.c:569 src/exec_monitor.c:571 +#: src/exec_nopty.c:537 src/exec_pty.c:566 src/exec_pty.c:1373 +#: src/exec_pty.c:1375 src/signal.c:150 src/signal.c:164 #, c-format msgid "unable to set handler for signal %d" msgstr "не могу да подесим руковаоца за сигнал „%d“" -#: src/exec_common.c:166 +#: src/exec_common.c:173 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "не могу да уклоним PRIV_PROC_EXEC из PRIV_LIMIT" -#: src/exec_monitor.c:326 +#: src/exec_monitor.c:365 msgid "error reading from socketpair" msgstr "грешка у читању из пара прикључка" -#: src/exec_monitor.c:338 +#: src/exec_monitor.c:382 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "неочекивана врста одговора на повратном каналу: %d" -#: src/exec_monitor.c:423 src/exec_monitor.c:431 src/exec_monitor.c:439 -#: src/exec_monitor.c:446 src/exec_monitor.c:453 src/exec_monitor.c:460 -#: src/exec_monitor.c:467 src/exec_monitor.c:474 src/exec_monitor.c:481 -#: src/exec_monitor.c:488 src/exec_nopty.c:215 src/exec_nopty.c:224 -#: src/exec_nopty.c:231 src/exec_nopty.c:238 src/exec_nopty.c:245 -#: src/exec_nopty.c:252 src/exec_nopty.c:259 src/exec_nopty.c:266 -#: src/exec_nopty.c:273 src/exec_nopty.c:280 src/exec_nopty.c:287 -#: src/exec_nopty.c:294 src/exec_nopty.c:302 src/exec_pty.c:563 -#: src/exec_pty.c:568 src/exec_pty.c:635 src/exec_pty.c:642 src/exec_pty.c:743 -#: src/exec_pty.c:1029 src/exec_pty.c:1038 src/exec_pty.c:1045 -#: src/exec_pty.c:1052 src/exec_pty.c:1059 src/exec_pty.c:1066 -#: src/exec_pty.c:1073 src/exec_pty.c:1080 src/exec_pty.c:1087 -#: src/exec_pty.c:1094 src/exec_pty.c:1101 src/exec_pty.c:1446 -#: src/exec_pty.c:1456 src/exec_pty.c:1501 src/exec_pty.c:1508 -#: src/exec_pty.c:1533 +#: src/exec_monitor.c:468 src/exec_monitor.c:476 src/exec_monitor.c:484 +#: src/exec_monitor.c:491 src/exec_monitor.c:498 src/exec_monitor.c:505 +#: src/exec_monitor.c:512 src/exec_monitor.c:519 src/exec_monitor.c:526 +#: src/exec_monitor.c:533 src/exec_nopty.c:220 src/exec_nopty.c:229 +#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 +#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 +#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 +#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:688 +#: src/exec_pty.c:693 src/exec_pty.c:790 src/exec_pty.c:797 src/exec_pty.c:894 +#: src/exec_pty.c:1208 src/exec_pty.c:1217 src/exec_pty.c:1224 +#: src/exec_pty.c:1231 src/exec_pty.c:1238 src/exec_pty.c:1245 +#: src/exec_pty.c:1252 src/exec_pty.c:1259 src/exec_pty.c:1266 +#: src/exec_pty.c:1273 src/exec_pty.c:1280 src/exec_pty.c:1662 +#: src/exec_pty.c:1672 src/exec_pty.c:1717 src/exec_pty.c:1724 +#: src/exec_pty.c:1751 msgid "unable to add event to queue" msgstr "не могу да додам догађај у ред" -#: src/exec_monitor.c:540 +#: src/exec_monitor.c:587 msgid "unable to set controlling tty" msgstr "не могу да подесим контролисање tty" -#: src/exec_monitor.c:548 src/exec_nopty.c:359 src/exec_pty.c:1261 -#: src/exec_pty.c:1280 src/exec_pty.c:1298 src/tgetpass.c:246 +#: src/exec_monitor.c:595 src/exec_nopty.c:364 src/exec_pty.c:1452 +#: src/exec_pty.c:1473 src/exec_pty.c:1493 src/tgetpass.c:311 msgid "unable to create pipe" msgstr "не могу да направим спојку" -#: src/exec_monitor.c:553 src/exec_nopty.c:377 src/exec_pty.c:1335 -#: src/tgetpass.c:250 +#: src/exec_monitor.c:603 +msgid "unable to receive message from parent" +msgstr "не могу да примим поруку од родитеља" + +#: src/exec_monitor.c:617 src/exec_nopty.c:393 src/exec_pty.c:1531 +#: src/tgetpass.c:315 msgid "unable to fork" msgstr "не могу да поделим" -#: src/exec_monitor.c:639 src/exec_nopty.c:430 +#: src/exec_monitor.c:621 src/exec_monitor.c:720 src/exec_nopty.c:447 msgid "unable to restore tty label" msgstr "не могу да повратим tty натпис" -#: src/exec_nopty.c:353 src/exec_pty.c:1193 +#: src/exec_monitor.c:637 src/sesh.c:127 src/sudo.c:1114 +#, c-format +msgid "unable to execute %s" +msgstr "не могу да извршим %s" + +#: src/exec_nopty.c:358 src/exec_pty.c:1382 msgid "policy plugin failed session initialization" msgstr "није успело покретање сесије прикључка политике" -#: src/exec_nopty.c:419 src/exec_pty.c:1404 +#: src/exec_nopty.c:435 src/exec_pty.c:1617 msgid "error in event loop" msgstr "грешка у петљи догађаја" -#: src/exec_nopty.c:528 src/exec_pty.c:504 src/signal.c:101 +#: src/exec_nopty.c:545 src/exec_pty.c:601 src/signal.c:112 #, c-format msgid "unable to restore handler for signal %d" msgstr "не могу да повратим руковаоца за сигнал „%d“" -#: src/exec_pty.c:143 +#: src/exec_pty.c:157 msgid "unable to allocate pty" msgstr "не могу да доделим pty" -#: src/exec_pty.c:1173 +#: src/exec_pty.c:221 src/exec_pty.c:260 src/exec_pty.c:299 src/exec_pty.c:349 +#: src/exec_pty.c:399 +msgid "I/O plugin error" +msgstr "грешка У/И прикључка" + +#: src/exec_pty.c:224 src/exec_pty.c:263 src/exec_pty.c:302 src/exec_pty.c:352 +#: src/exec_pty.c:402 +msgid "command rejected by I/O plugin" +msgstr "наредбу је одбацио У/И прикључак" + +#: src/exec_pty.c:449 +msgid "error logging suspend" +msgstr "грешка обуставе писања дневника" + +#: src/exec_pty.c:482 +msgid "error changing window size" +msgstr "грешка промене величине прозора" + +#: src/exec_pty.c:1362 msgid "unable to create sockets" msgstr "не могу да направим утичнице" -#: src/load_plugins.c:50 src/load_plugins.c:63 src/load_plugins.c:85 -#: src/load_plugins.c:115 src/load_plugins.c:123 src/load_plugins.c:129 -#: src/load_plugins.c:170 src/load_plugins.c:178 src/load_plugins.c:185 -#: src/load_plugins.c:191 +#: src/exec_pty.c:1574 +msgid "unable to send message to monitor process" +msgstr "не могу да пошаљем поруку процесу праћења" + +#: src/load_plugins.c:57 src/load_plugins.c:70 src/load_plugins.c:92 +#: src/load_plugins.c:122 src/load_plugins.c:136 src/load_plugins.c:142 +#: src/load_plugins.c:293 src/load_plugins.c:301 src/load_plugins.c:308 +#: src/load_plugins.c:348 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "грешка у „%s“, %d. ред приликом учитавања прикључка „%s“" -#: src/load_plugins.c:87 +#: src/load_plugins.c:94 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:125 +#: src/load_plugins.c:138 #, c-format msgid "%s must be owned by uid %d" msgstr "%s мора бити у власништву уида %d" -#: src/load_plugins.c:131 +#: src/load_plugins.c:144 #, c-format msgid "%s must be only be writable by owner" msgstr "%s мора бити уписив само од стране власника" -#: src/load_plugins.c:172 +#: src/load_plugins.c:254 src/load_plugins.c:321 +#, c-format +msgid "ignoring duplicate plugin \"%s\" in %s, line %d" +msgstr "занемарујем удвостручени „%s“ прикључак у %s, %d. ред" + +#: src/load_plugins.c:295 #, c-format msgid "unable to load %s: %s" msgstr "не могу да учитам %s: %s" -#: src/load_plugins.c:180 +#: src/load_plugins.c:303 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "не могу да пронађем симбол „%s“ у %s" -#: src/load_plugins.c:187 -#, c-format -msgid "unknown policy type %d found in %s" -msgstr "непозната врста сигурности %d је пронађена у %s" - -#: src/load_plugins.c:193 +#: src/load_plugins.c:310 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "пронађено је несагласно главно издање прикључка %d (очекивано је %d) у „%s“" -#: src/load_plugins.c:202 +#: src/load_plugins.c:324 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "занемарујем прикључак сигурности „%s“ у %s, %d. ред" -#: src/load_plugins.c:204 +#: src/load_plugins.c:326 msgid "only a single policy plugin may be specified" msgstr "може бити наведен само један прикључак сигурности" -#: src/load_plugins.c:207 +#: src/load_plugins.c:350 #, c-format -msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" -msgstr "занемарујем удвостручен прикључак сигурности „%s“ у %s, %d. ред" +msgid "unknown plugin type %d found in %s" +msgstr "нађох непознату врсту прикључка %d у „%s“" -#: src/load_plugins.c:228 -#, c-format -msgid "ignoring duplicate I/O plugin \"%s\" in %s, line %d" -msgstr "занемарујем удвостручени У/И прикључак „%s“ у %s, %d. ред" - -#: src/load_plugins.c:331 +#: src/load_plugins.c:511 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "прикључак сигурности %s не садржи метод провере_сигурности" -#: src/net_ifs.c:173 src/net_ifs.c:190 src/net_ifs.c:335 src/sudo.c:476 +#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:478 #, c-format msgid "internal error, %s overflow" msgstr "унутрашња грешка, прекорачење функције „%s“" -#: src/parse_args.c:219 +#: src/parse_args.c:228 #, c-format msgid "invalid environment variable name: %s" msgstr "неисправан назив променљиве окружења: %s" -#: src/parse_args.c:313 +#: src/parse_args.c:329 msgid "the argument to -C must be a number greater than or equal to 3" msgstr "аргумент уз -C мора бити број већи или једнак 3" -#: src/parse_args.c:480 +#: src/parse_args.c:524 msgid "you may not specify both the `-i' and `-s' options" msgstr "не можете да наведете обе опције „-i“ и „-s“" -#: src/parse_args.c:484 +#: src/parse_args.c:528 msgid "you may not specify both the `-i' and `-E' options" msgstr "не можете да наведете обе опције „-i“ и „-E“" -#: src/parse_args.c:494 +#: src/parse_args.c:538 msgid "the `-E' option is not valid in edit mode" msgstr "опција „-E“ није исправна у режиму уређивања" -#: src/parse_args.c:496 +#: src/parse_args.c:540 msgid "you may not specify environment variables in edit mode" msgstr "не можете да одредите променљиве окружења у режиму уређивања" -#: src/parse_args.c:504 +#: src/parse_args.c:548 msgid "the `-U' option may only be used with the `-l' option" msgstr "опција „-U“ може бити коришћена само са опцијом „-l“" -#: src/parse_args.c:508 +#: src/parse_args.c:552 msgid "the `-A' and `-S' options may not be used together" msgstr "опције „-A“ и „-S“ не могу бити коришћене заједно" -#: src/parse_args.c:584 +#: src/parse_args.c:645 msgid "sudoedit is not supported on this platform" msgstr "„sudoedit“ није подржано на овој платформи" -#: src/parse_args.c:657 +#: src/parse_args.c:726 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Само једна од опција -e, -h, -i, -K, -l, -s, -v или -V може бити наведена" -#: src/parse_args.c:671 +#: src/parse_args.c:740 #, c-format msgid "" "%s - edit files as another user\n" @@ -362,7 +427,7 @@ "%s — уредите датотеке као други корисник\n" "\n" -#: src/parse_args.c:673 +#: src/parse_args.c:742 #, c-format msgid "" "%s - execute a command as another user\n" @@ -371,7 +436,7 @@ "%s — извршите наредбу као други корисник\n" "\n" -#: src/parse_args.c:678 +#: src/parse_args.c:747 #, c-format msgid "" "\n" @@ -380,509 +445,559 @@ "\n" "Опције:\n" -#: src/parse_args.c:680 +#: src/parse_args.c:749 msgid "use a helper program for password prompting" msgstr "користи програм испомоћи за упит лозинке" -#: src/parse_args.c:683 +#: src/parse_args.c:752 msgid "use specified BSD authentication type" msgstr "користи наведену врсту БСД потврде идентитета" -#: src/parse_args.c:686 +#: src/parse_args.c:755 msgid "run command in the background" msgstr "покреће наредбу у позадини" -#: src/parse_args.c:688 +#: src/parse_args.c:757 +msgid "ring bell when prompting" +msgstr "звони приликом постављања упита" + +#: src/parse_args.c:759 msgid "close all file descriptors >= num" msgstr "затвара све описнике датотеке >= fd" -#: src/parse_args.c:691 +#: src/parse_args.c:762 msgid "run command with the specified BSD login class" msgstr "покреће наредбу са наведеним разредом БСД пријаве" -#: src/parse_args.c:694 +#: src/parse_args.c:765 msgid "preserve user environment when running command" msgstr "чува корисничко окружење приликом покретања наредбе" -#: src/parse_args.c:696 +#: src/parse_args.c:767 msgid "preserve specific environment variables" msgstr "чува нарочите променљиве окружења" -#: src/parse_args.c:698 +#: src/parse_args.c:769 msgid "edit files instead of running a command" msgstr "уређује датотеке уместо да изврши наредбу" -#: src/parse_args.c:700 +#: src/parse_args.c:771 msgid "run command as the specified group name or ID" msgstr "извршава наредбу као наведени назив групе или ИБ" -#: src/parse_args.c:702 +#: src/parse_args.c:773 msgid "set HOME variable to target user's home dir" msgstr "подешава променљиву ЛИЧНО у циљну корисничку личну фасциклу" -#: src/parse_args.c:704 +#: src/parse_args.c:775 msgid "display help message and exit" msgstr "приказује поруку помоћи и излази" -#: src/parse_args.c:706 +#: src/parse_args.c:777 msgid "run command on host (if supported by plugin)" msgstr "покреће наредбу на домаћину (ако је подржано прикључком)" -#: src/parse_args.c:708 +#: src/parse_args.c:779 msgid "run login shell as the target user; a command may also be specified" msgstr "покреће љуску пријаве као крајњи корисник; наредба може такође бити наведена" -#: src/parse_args.c:710 +#: src/parse_args.c:781 msgid "remove timestamp file completely" msgstr "потпуно уклања датотеку записа датума и времена" -#: src/parse_args.c:712 +#: src/parse_args.c:783 msgid "invalidate timestamp file" msgstr "чини неисправном датотеку датума и времена" -#: src/parse_args.c:714 +#: src/parse_args.c:785 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "исписује привилегије корисника или проверава посебну наредбу; користи се двапута за дуже записе" -#: src/parse_args.c:716 +#: src/parse_args.c:787 msgid "non-interactive mode, no prompts are used" msgstr "немеђудејствени режим, не користи упите" -#: src/parse_args.c:718 +#: src/parse_args.c:789 msgid "preserve group vector instead of setting to target's" msgstr "чува вектор групе уместо да подеси на циљеве" -#: src/parse_args.c:720 +#: src/parse_args.c:791 msgid "use the specified password prompt" msgstr "користи упит наведене лозинке" -#: src/parse_args.c:723 +#: src/parse_args.c:794 msgid "create SELinux security context with specified role" msgstr "ствара СЕЛинукс сигурносни контекст са наведеном улогом" -#: src/parse_args.c:726 +#: src/parse_args.c:797 msgid "read password from standard input" msgstr "чита лозинку са стандардног улаза" -#: src/parse_args.c:728 +#: src/parse_args.c:799 msgid "run shell as the target user; a command may also be specified" msgstr "покреће љуску као крајњи корисник; наредба такође може бити наведена" -#: src/parse_args.c:731 +#: src/parse_args.c:802 msgid "create SELinux security context with specified type" msgstr "ствара СЕЛинукс сигурносни контекст са наведеном улогом" -#: src/parse_args.c:734 +#: src/parse_args.c:805 msgid "terminate command after the specified time limit" msgstr "окончава наредбу након наведеног временског ограничења" -#: src/parse_args.c:736 +#: src/parse_args.c:807 msgid "in list mode, display privileges for user" msgstr "у режиму списка, приказује привилегије за корисника" -#: src/parse_args.c:738 +#: src/parse_args.c:809 msgid "run command (or edit file) as specified user name or ID" msgstr "покреће наредбу (или уређује датотеку) као наведени корисник" -#: src/parse_args.c:740 +#: src/parse_args.c:811 msgid "display version information and exit" msgstr "приказује податке о издању и излази" -#: src/parse_args.c:742 +#: src/parse_args.c:813 msgid "update user's timestamp without running a command" msgstr "освежава кориснички запис датума и времена без покретања наредбе" -#: src/parse_args.c:744 +#: src/parse_args.c:815 msgid "stop processing command line arguments" msgstr "зауставља обрађивање аргумената линије наредби" -#: src/selinux.c:78 +#: src/selinux.c:85 msgid "unable to open audit system" msgstr "не могу да отворим аудит систем" -#: src/selinux.c:88 +#: src/selinux.c:95 msgid "unable to send audit message" msgstr "не могу да пошаљем аудит поруку" -#: src/selinux.c:116 +#: src/selinux.c:129 #, c-format msgid "unable to fgetfilecon %s" msgstr "не могу да добавим контекст отворене датотеке %s" -#: src/selinux.c:121 +#: src/selinux.c:134 #, c-format msgid "%s changed labels" msgstr "%s измењена натписа" -#: src/selinux.c:126 +#: src/selinux.c:142 #, c-format msgid "unable to restore context for %s" msgstr "не могу да повратим контекст за %s" -#: src/selinux.c:167 +#: src/selinux.c:190 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "не могу да отворим %s, није тту за поновно натписивање" -#: src/selinux.c:171 src/selinux.c:212 src/selinux.c:229 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "„%s“ није знаковни уређај, није конзола за поновно натписивање" -#: src/selinux.c:180 +#: src/selinux.c:203 msgid "unable to get current tty context, not relabeling tty" msgstr "не могу да добавим текући тту контекст, није тту за поновно натписивање" -#: src/selinux.c:187 +#: src/selinux.c:210 msgid "unknown security class \"chr_file\", not relabeling tty" msgstr "непознат разред безбедности „chr_file“, није тту за поновно натписивање" -#: src/selinux.c:192 +#: src/selinux.c:215 msgid "unable to get new tty context, not relabeling tty" msgstr "не могу да добавим нови тту контекст, није тту за поновно натписивање" -#: src/selinux.c:199 +#: src/selinux.c:224 msgid "unable to set new tty context" msgstr "не могу да подесим нови тту контекст" -#: src/selinux.c:273 +#: src/selinux.c:322 #, c-format msgid "you must specify a role for type %s" msgstr "морате да наведете улогу за врсту %s" -#: src/selinux.c:279 +#: src/selinux.c:328 #, c-format msgid "unable to get default type for role %s" msgstr "не могу да добавим основну врсту за улогу %s" -#: src/selinux.c:297 +#: src/selinux.c:340 +msgid "failed to get new context" +msgstr "нисам успео да добавим нови контекст" + +#: src/selinux.c:349 #, c-format msgid "failed to set new role %s" msgstr "нисам успео да подесим нову улогу %s" -#: src/selinux.c:301 +#: src/selinux.c:353 #, c-format msgid "failed to set new type %s" msgstr "нисам успео да подесим нову врсту %s" -#: src/selinux.c:313 +#: src/selinux.c:365 #, c-format msgid "%s is not a valid context" msgstr "%s није исправан контекст" -#: src/selinux.c:348 -msgid "failed to get old_context" -msgstr "нисам успео да добавим стари_контекст" +#: src/selinux.c:397 +msgid "failed to get old context" +msgstr "нисам успео да добавим стари контекст" -#: src/selinux.c:354 +#: src/selinux.c:403 msgid "unable to determine enforcing mode." msgstr "не могу да одредим режим присиљавања." -#: src/selinux.c:371 +#: src/selinux.c:420 #, c-format msgid "unable to set tty context to %s" msgstr "не могу да подесим тту контекст на %s" -#: src/selinux.c:410 +#: src/selinux.c:452 #, c-format msgid "unable to set exec context to %s" msgstr "не могу да подесим извршни контекст за %s" -#: src/selinux.c:417 +#: src/selinux.c:459 #, c-format msgid "unable to set key creation context to %s" msgstr "не могу да подесим контекст стварања кључа за %s" -#: src/sesh.c:77 +#: src/sesh.c:79 msgid "requires at least one argument" msgstr "захтева барем један аргумент" -#: src/sesh.c:106 +#: src/sesh.c:108 #, c-format msgid "invalid file descriptor number: %s" msgstr "неисправан број описника датотеке: %s" -#: src/sesh.c:120 +#: src/sesh.c:122 #, c-format msgid "unable to run %s as a login shell" msgstr "не могу да покренем „%s“ као шкољку пријављивања" -#: src/sesh.c:125 src/sudo.c:1117 -#, c-format -msgid "unable to execute %s" -msgstr "не могу да извршим %s" - -#: src/signal.c:83 +#: src/signal.c:90 #, c-format msgid "unable to save handler for signal %d" msgstr "не могу да сачувам руковаоца за сигнал „%d“" -#: src/solaris.c:76 +#: src/solaris.c:83 msgid "resource control limit has been reached" msgstr "ограничење контроле ресурса је достигнуто" -#: src/solaris.c:79 +#: src/solaris.c:86 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "корисник „%s“ није члан пројекта „%s“" -#: src/solaris.c:83 +#: src/solaris.c:90 msgid "the invoking task is final" msgstr "задатак призивања је завршни" -#: src/solaris.c:86 +#: src/solaris.c:93 #, c-format msgid "could not join project \"%s\"" msgstr "не могу да приступим пројекту „%s“" -#: src/solaris.c:91 +#: src/solaris.c:98 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "не постоји депо извора који прихвата основне пречице за пројекат „%s“" -#: src/solaris.c:95 +#: src/solaris.c:102 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "наведени депо извора не постоји за пројекат „%s“" -#: src/solaris.c:99 +#: src/solaris.c:106 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "не могу да се повежем са основним депоом извора за пројекат „%s“" -#: src/solaris.c:105 +#: src/solaris.c:112 #, c-format msgid "setproject failed for project \"%s\"" msgstr "подешавање пројекта није успело за пројекат „%s“" -#: src/solaris.c:107 +#: src/solaris.c:114 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "упозорење, није успело додељивање контроле ресурса за пројекат „%s“" -#: src/sudo.c:198 +#: src/sudo.c:224 #, c-format msgid "Sudo version %s\n" msgstr "Судо издање %s\n" -#: src/sudo.c:200 +#: src/sudo.c:226 #, c-format msgid "Configure options: %s\n" msgstr "Опције подешавања: %s\n" -#: src/sudo.c:208 +#: src/sudo.c:235 msgid "fatal error, unable to load plugins" msgstr "кобна грешка, не могу да учитам прикључке" -#: src/sudo.c:216 -msgid "unable to initialize policy plugin" -msgstr "не могу да започнем прикључак сигурности" - -#: src/sudo.c:260 +#: src/sudo.c:280 msgid "plugin did not return a command to execute" msgstr "прикључак није вратио наредбу за извршавање" -#: src/sudo.c:276 -#, c-format -msgid "error initializing I/O plugin %s" -msgstr "грешка приликом покретања У/И прикључка %s" - -#: src/sudo.c:299 +#: src/sudo.c:311 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "неочекивани судо режим 0x%x" -#: src/sudo.c:461 -msgid "unable to get group vector" -msgstr "не могу да добавим вектор групе" - -#: src/sudo.c:523 +#: src/sudo.c:544 #, c-format -msgid "unknown uid %u: who are you?" -msgstr "непознати уид %u: ко сте ви?" +msgid "you do not exist in the %s database" +msgstr "не постојите у „%s“ бази података" -#: src/sudo.c:579 +#: src/sudo.c:601 msgid "unable to determine tty" msgstr "не могу да одредим конзолу" -#: src/sudo.c:867 +#: src/sudo.c:893 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s мора бити власништвo уида %d и треба да има подешен бит „setuid“" -#: src/sudo.c:870 +#: src/sudo.c:896 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "стварни уид није %d, већ %s на систему датотека са подешеном опцијом „nosuid“ или је НФС систем датотека без администраторских привилегија?" -#: src/sudo.c:876 +#: src/sudo.c:902 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "стварни уид није %d, већ сетуид администратор инсталиран судоом?" -#: src/sudo.c:929 +#: src/sudo.c:918 msgid "unable to set supplementary group IDs" msgstr "не могу да подесим додатне ИБ-ове групе" -#: src/sudo.c:936 +#: src/sudo.c:925 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "не могу да подесим ефективан гид да се покрене_као гид %u" -#: src/sudo.c:942 +#: src/sudo.c:931 #, c-format msgid "unable to set gid to runas gid %u" msgstr "не могу да подесим гид да се покрене као гид %u" -#: src/sudo.c:999 +#: src/sudo.c:978 #, c-format msgid "unexpected child termination condition: %d" msgstr "неочекивани услов завршетка потпроцеса: %d" -#: src/sudo.c:1145 +#: src/sudo.c:1087 +msgid "unable to initialize policy plugin" +msgstr "не могу да започнем прикључак сигурности" + +#: src/sudo.c:1148 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "прикључак сигурности %s не садржи метод „check_policy“" -#: src/sudo.c:1163 +#: src/sudo.c:1163 src/sudo.c:1216 src/sudo.c:1260 +msgid "command rejected by policy" +msgstr "наредба је одбачена политиком" + +#: src/sudo.c:1168 src/sudo.c:1221 src/sudo.c:1265 +msgid "policy plugin error" +msgstr "грешка прикључка политике" + +#: src/sudo.c:1202 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "прикључак сигурности %s не подржава привилегије исписивања" -#: src/sudo.c:1180 +#: src/sudo.c:1246 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "прикључак сигурности %s не подржава опцију -v" -#: src/sudo.c:1195 +#: src/sudo.c:1284 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "прикључак сигурности %s не подржава опције -k/-K" -#: src/sudo_edit.c:178 src/sudo_edit.c:267 +#: src/sudo.c:1413 +#, c-format +msgid "error initializing I/O plugin %s" +msgstr "грешка приликом покретања У/И прикључка %s" + +#: src/sudo.c:1567 +#, c-format +msgid "error initializing audit plugin %s" +msgstr "грешка покретања аудит прикључка „%s“" + +#: src/sudo.c:1745 +#, c-format +msgid "error initializing approval plugin %s" +msgstr "грешка покретања прикључка одобравања „%s“" + +#: src/sudo.c:1821 +msgid "command rejected by approver" +msgstr "наредбу је одбацио одобравач" + +#: src/sudo.c:1830 +msgid "approval plugin error" +msgstr "грешка прикључка одобравања" + +#: src/sudo_edit.c:233 +msgid "no writable temporary directory found" +msgstr "нисам нашао уписиви привремени директоријум" + +#: src/sudo_edit.c:358 msgid "unable to restore current working directory" msgstr "не могу да повратим текући радни директоријум" -#: src/sudo_edit.c:574 src/sudo_edit.c:686 +#: src/sudo_edit.c:575 src/sudo_edit.c:688 #, c-format msgid "%s: not a regular file" msgstr "%s: није обична датотека" -#: src/sudo_edit.c:581 +#: src/sudo_edit.c:582 #, c-format msgid "%s: editing symbolic links is not permitted" msgstr "%s: уређивање симболичких веза није допуштено" -#: src/sudo_edit.c:584 +#: src/sudo_edit.c:585 #, c-format msgid "%s: editing files in a writable directory is not permitted" msgstr "%s: уређивање датотека у уписивом директоријуму није допуштено" -#: src/sudo_edit.c:617 src/sudo_edit.c:724 +#: src/sudo_edit.c:618 src/sudo_edit.c:728 #, c-format msgid "%s: short write" msgstr "%s: кратак упис" -#: src/sudo_edit.c:687 +#: src/sudo_edit.c:689 #, c-format msgid "%s left unmodified" msgstr "%s је остао неизмењен" -#: src/sudo_edit.c:700 src/sudo_edit.c:885 +#: src/sudo_edit.c:702 src/sudo_edit.c:889 #, c-format msgid "%s unchanged" msgstr "%s је непромењен" -#: src/sudo_edit.c:713 src/sudo_edit.c:735 +#: src/sudo_edit.c:717 src/sudo_edit.c:739 #, c-format msgid "unable to write to %s" msgstr "не могу да упишем у %s" -#: src/sudo_edit.c:714 src/sudo_edit.c:733 src/sudo_edit.c:736 -#: src/sudo_edit.c:910 src/sudo_edit.c:914 +#: src/sudo_edit.c:718 src/sudo_edit.c:737 src/sudo_edit.c:740 +#: src/sudo_edit.c:914 src/sudo_edit.c:918 #, c-format msgid "contents of edit session left in %s" msgstr "садржај сесије уређивања је остао у %s" -#: src/sudo_edit.c:732 +#: src/sudo_edit.c:736 msgid "unable to read temporary file" msgstr "не могу да прочитам привремену датотеку" -#: src/sudo_edit.c:815 +#: src/sudo_edit.c:819 msgid "sesh: internal error: odd number of paths" msgstr "sesh: унутрашња грешка: непарн број путања" -#: src/sudo_edit.c:817 +#: src/sudo_edit.c:821 msgid "sesh: unable to create temporary files" msgstr "sesh: не могу да направим привремене датотеке" -#: src/sudo_edit.c:819 src/sudo_edit.c:917 +#: src/sudo_edit.c:823 src/sudo_edit.c:921 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: непозната грешка „%d“" -#: src/sudo_edit.c:909 +#: src/sudo_edit.c:913 msgid "unable to copy temporary files back to their original location" msgstr "не могу да умножим привремене датотеке назад на њихова првобитна места" -#: src/sudo_edit.c:913 +#: src/sudo_edit.c:917 msgid "unable to copy some of the temporary files back to their original location" msgstr "не могу да умножим неке од привремених датотека назад на њихова првобитна места" -#: src/sudo_edit.c:958 +#: src/sudo_edit.c:962 #, c-format msgid "unable to change uid to root (%u)" msgstr "не могу да променим уид у администратора (%u)" -#: src/sudo_edit.c:975 +#: src/sudo_edit.c:979 msgid "plugin error: missing file list for sudoedit" msgstr "грешка прикључка: недостаје датотеа списка за уређивање судоа" -#: src/sudo_edit.c:1016 src/sudo_edit.c:1029 +#: src/sudo_edit.c:1020 src/sudo_edit.c:1033 msgid "unable to read the clock" msgstr "не могу да прочитам сат" -#: src/tgetpass.c:107 -msgid "no tty present and no askpass program specified" -msgstr "тту не постоји и није наведен програм за пропуштање" +#: src/tgetpass.c:102 +msgid "timed out reading password" +msgstr "истече време при читању лозинке" + +#: src/tgetpass.c:105 +msgid "no password was provided" +msgstr "лозинка није достављена" + +#: src/tgetpass.c:108 +msgid "unable to read password" +msgstr "не могу да прочитам лозинку" + +#: src/tgetpass.c:147 +msgid "a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper" +msgstr "терминал је потребан за читање лозинке; или користите опцију „-S“ да читате из стандардног улаза или подесите помоћника тражиоца пролаза" -#: src/tgetpass.c:116 +#: src/tgetpass.c:157 msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "није наведен програм за пропуштање, покушајте да подесите SUDO_ASKPASS" -#: src/tgetpass.c:261 +#: src/tgetpass.c:332 #, c-format msgid "unable to set gid to %u" msgstr "не могу да подесим гид у %u" -#: src/tgetpass.c:265 +#: src/tgetpass.c:336 #, c-format msgid "unable to set uid to %u" msgstr "не могу да подесим уид у %u" -#: src/tgetpass.c:270 +#: src/tgetpass.c:341 #, c-format msgid "unable to run %s" msgstr "не могу да покренем %s" -#: src/utmp.c:268 +#: src/utmp.c:295 msgid "unable to save stdin" msgstr "не могу да сачувам стандардни улаз" -#: src/utmp.c:270 +#: src/utmp.c:297 msgid "unable to dup2 stdin" msgstr "не могу да дуп2 стандардни улаз" -#: src/utmp.c:273 +#: src/utmp.c:300 msgid "unable to restore stdin" msgstr "не могу да повратим стандардни улаз" +#~ msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" +#~ msgstr "занемарујем удвостручен прикључак сигурности „%s“ у %s, %d. ред" + +#~ msgid "unable to get group vector" +#~ msgstr "не могу да добавим вектор групе" + +#~ msgid "unknown uid %u: who are you?" +#~ msgstr "непознати уид %u: ко сте ви?" + +#~ msgid "no tty present and no askpass program specified" +#~ msgstr "тту не постоји и није наведен програм за пропуштање" + #~ msgid "error reading from signal pipe" #~ msgstr "грешка у читању из спојке сигнала" -#~ msgid "error reading from pipe" -#~ msgstr "грешка у читању из спојке" - #~ msgid "internal error, tried allocate zero bytes" #~ msgstr "унутрашња грешка, покушах да доделим нула бајта" diff -Nru sudo-1.8.31/po/sudo.pot sudo-1.9.0/po/sudo.pot --- sudo-1.8.31/po/sudo.pot 2019-10-28 12:28:54.000000000 +0000 +++ sudo-1.9.0/po/sudo.pot 2020-05-11 16:28:23.000000000 +0000 @@ -5,9 +5,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.29\n" +"Project-Id-Version: sudo 1.9.0\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" +"POT-Creation-Date: 2020-05-07 12:22-0600\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -30,74 +30,97 @@ msgstr "" #: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/gidlist.c:81 -#: lib/util/sudo_conf.c:193 lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 -#: lib/util/sudo_conf.c:560 src/conversation.c:84 src/exec_common.c:114 -#: src/exec_common.c:130 src/exec_common.c:139 src/exec_monitor.c:212 -#: src/exec_monitor.c:467 src/exec_monitor.c:473 src/exec_monitor.c:481 +#: lib/util/json.c:66 lib/util/json.c:192 lib/util/sudo_conf.c:191 +#: lib/util/sudo_conf.c:277 lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 +#: src/conversation.c:86 src/exec_common.c:114 src/exec_common.c:130 +#: src/exec_common.c:139 src/exec_monitor.c:211 src/exec_monitor.c:460 +#: src/exec_monitor.c:466 src/exec_monitor.c:474 src/exec_monitor.c:482 #: src/exec_monitor.c:489 src/exec_monitor.c:496 src/exec_monitor.c:503 #: src/exec_monitor.c:510 src/exec_monitor.c:517 src/exec_monitor.c:524 -#: src/exec_monitor.c:531 src/exec_monitor.c:538 src/exec_nopty.c:214 -#: src/exec_nopty.c:220 src/exec_nopty.c:229 src/exec_nopty.c:236 -#: src/exec_nopty.c:243 src/exec_nopty.c:250 src/exec_nopty.c:257 -#: src/exec_nopty.c:264 src/exec_nopty.c:271 src/exec_nopty.c:278 -#: src/exec_nopty.c:285 src/exec_nopty.c:292 src/exec_nopty.c:299 -#: src/exec_nopty.c:307 src/exec_nopty.c:480 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1002 -#: src/exec_pty.c:1165 src/exec_pty.c:1171 src/exec_pty.c:1180 -#: src/exec_pty.c:1187 src/exec_pty.c:1194 src/exec_pty.c:1201 -#: src/exec_pty.c:1208 src/exec_pty.c:1215 src/exec_pty.c:1222 -#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 -#: src/exec_pty.c:1251 src/exec_pty.c:1668 src/load_plugins.c:59 -#: src/load_plugins.c:72 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:207 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:679 src/sudo.c:689 src/sudo.c:710 src/sudo.c:729 -#: src/sudo.c:738 src/sudo.c:747 src/sudo.c:764 src/sudo.c:805 src/sudo.c:815 -#: src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 src/sudo.c:1240 -#: src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 src/sudo_edit.c:891 -#: src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:531 src/exec_nopty.c:218 src/exec_nopty.c:227 +#: src/exec_nopty.c:234 src/exec_nopty.c:241 src/exec_nopty.c:248 +#: src/exec_nopty.c:255 src/exec_nopty.c:262 src/exec_nopty.c:269 +#: src/exec_nopty.c:276 src/exec_nopty.c:283 src/exec_nopty.c:290 +#: src/exec_nopty.c:297 src/exec_nopty.c:305 src/exec_nopty.c:479 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 src/exec_pty.c:1038 +#: src/exec_pty.c:1210 src/exec_pty.c:1219 src/exec_pty.c:1226 +#: src/exec_pty.c:1233 src/exec_pty.c:1240 src/exec_pty.c:1247 +#: src/exec_pty.c:1254 src/exec_pty.c:1261 src/exec_pty.c:1268 +#: src/exec_pty.c:1275 src/exec_pty.c:1282 src/exec_pty.c:1290 +#: src/exec_pty.c:1716 src/load_plugins.c:59 src/load_plugins.c:72 +#: src/load_plugins.c:170 src/load_plugins.c:195 src/load_plugins.c:230 +#: src/load_plugins.c:470 src/load_plugins.c:476 src/load_plugins.c:491 +#: src/load_plugins.c:497 src/parse_args.c:186 src/parse_args.c:207 +#: src/parse_args.c:280 src/parse_args.c:603 src/parse_args.c:625 +#: src/parse_args.c:650 src/preserve_fds.c:54 src/preserve_fds.c:139 +#: src/selinux.c:91 src/selinux.c:361 src/selinux.c:486 src/selinux.c:495 +#: src/sesh.c:117 src/sudo.c:625 src/sudo.c:694 src/sudo.c:704 src/sudo.c:725 +#: src/sudo.c:744 src/sudo.c:753 src/sudo.c:762 src/sudo.c:779 src/sudo.c:821 +#: src/sudo.c:831 src/sudo.c:860 src/sudo.c:1046 src/sudo.c:1068 +#: src/sudo.c:1364 src/sudo.c:1537 src/sudo.c:1731 src/sudo.c:2075 +#: src/sudo_edit.c:269 src/sudo_edit.c:773 src/sudo_edit.c:857 +#: src/sudo_edit.c:977 src/sudo_edit.c:997 #, c-format msgid "%s: %s" msgstr "" -#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/sudo_conf.c:194 -#: lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 lib/util/sudo_conf.c:560 -#: src/conversation.c:85 src/exec_common.c:114 src/exec_common.c:131 -#: src/exec_common.c:140 src/exec_monitor.c:467 src/exec_monitor.c:473 -#: src/exec_monitor.c:481 src/exec_monitor.c:489 src/exec_monitor.c:496 +#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/json.c:67 +#: lib/util/json.c:193 lib/util/sudo_conf.c:192 lib/util/sudo_conf.c:277 +#: lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 src/conversation.c:87 +#: src/exec_common.c:114 src/exec_common.c:131 src/exec_common.c:140 +#: src/exec_monitor.c:460 src/exec_monitor.c:466 src/exec_monitor.c:474 +#: src/exec_monitor.c:482 src/exec_monitor.c:489 src/exec_monitor.c:496 #: src/exec_monitor.c:503 src/exec_monitor.c:510 src/exec_monitor.c:517 -#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_monitor.c:538 -#: src/exec_nopty.c:214 src/exec_nopty.c:220 src/exec_nopty.c:229 -#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 -#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 -#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 -#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1165 -#: src/exec_pty.c:1171 src/exec_pty.c:1180 src/exec_pty.c:1187 -#: src/exec_pty.c:1194 src/exec_pty.c:1201 src/exec_pty.c:1208 -#: src/exec_pty.c:1215 src/exec_pty.c:1222 src/exec_pty.c:1229 -#: src/exec_pty.c:1236 src/exec_pty.c:1243 src/exec_pty.c:1251 -#: src/exec_pty.c:1668 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:208 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 -#: src/sudo.c:1240 src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 -#: src/sudo_edit.c:891 src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_nopty.c:218 +#: src/exec_nopty.c:227 src/exec_nopty.c:234 src/exec_nopty.c:241 +#: src/exec_nopty.c:248 src/exec_nopty.c:255 src/exec_nopty.c:262 +#: src/exec_nopty.c:269 src/exec_nopty.c:276 src/exec_nopty.c:283 +#: src/exec_nopty.c:290 src/exec_nopty.c:297 src/exec_nopty.c:305 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 src/exec_pty.c:1210 +#: src/exec_pty.c:1219 src/exec_pty.c:1226 src/exec_pty.c:1233 +#: src/exec_pty.c:1240 src/exec_pty.c:1247 src/exec_pty.c:1254 +#: src/exec_pty.c:1261 src/exec_pty.c:1268 src/exec_pty.c:1275 +#: src/exec_pty.c:1282 src/exec_pty.c:1290 src/exec_pty.c:1716 +#: src/load_plugins.c:170 src/load_plugins.c:195 src/load_plugins.c:230 +#: src/load_plugins.c:470 src/load_plugins.c:476 src/load_plugins.c:491 +#: src/load_plugins.c:497 src/parse_args.c:186 src/parse_args.c:208 +#: src/parse_args.c:280 src/parse_args.c:603 src/parse_args.c:625 +#: src/parse_args.c:650 src/preserve_fds.c:54 src/preserve_fds.c:139 +#: src/selinux.c:91 src/selinux.c:361 src/selinux.c:486 src/selinux.c:495 +#: src/sesh.c:117 src/sudo.c:239 src/sudo.c:625 src/sudo.c:860 src/sudo.c:1046 +#: src/sudo.c:1068 src/sudo.c:1364 src/sudo.c:1537 src/sudo.c:1731 +#: src/sudo.c:2075 src/sudo_edit.c:269 src/sudo_edit.c:773 src/sudo_edit.c:857 +#: src/sudo_edit.c:977 src/sudo_edit.c:997 msgid "unable to allocate memory" msgstr "" +#: lib/util/mkdir_parents.c:79 lib/util/sudo_conf.c:619 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 +#, c-format +msgid "unable to open %s" +msgstr "" + +#: lib/util/mkdir_parents.c:94 +#, c-format +msgid "unable to mkdir %s" +msgstr "" + +#: lib/util/mkdir_parents.c:103 lib/util/sudo_conf.c:596 +#, c-format +msgid "unable to stat %s" +msgstr "" + +#: lib/util/mkdir_parents.c:108 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "" + #: lib/util/strsignal.c:55 msgid "Unknown signal" msgstr "" #: lib/util/strtoid.c:96 lib/util/strtomode.c:56 lib/util/strtonum.c:161 -#: lib/util/strtonum.c:196 +#: lib/util/strtonum.c:200 msgid "invalid value" msgstr "" @@ -109,87 +132,92 @@ msgid "value too small" msgstr "" -#: lib/util/sudo_conf.c:212 +#: lib/util/sudo_conf.c:210 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "" -#: lib/util/sudo_conf.c:378 lib/util/sudo_conf.c:431 +#: lib/util/sudo_conf.c:376 lib/util/sudo_conf.c:392 lib/util/sudo_conf.c:445 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "" -#: lib/util/sudo_conf.c:399 +#: lib/util/sudo_conf.c:413 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "" -#: lib/util/sudo_conf.c:415 +#: lib/util/sudo_conf.c:429 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "" -#: lib/util/sudo_conf.c:576 -#, c-format -msgid "unable to stat %s" -msgstr "" - -#: lib/util/sudo_conf.c:579 +#: lib/util/sudo_conf.c:599 #, c-format msgid "%s is not a regular file" msgstr "" -#: lib/util/sudo_conf.c:582 +#: lib/util/sudo_conf.c:602 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "" -#: lib/util/sudo_conf.c:586 +#: lib/util/sudo_conf.c:606 #, c-format msgid "%s is world writable" msgstr "" -#: lib/util/sudo_conf.c:589 +#: lib/util/sudo_conf.c:609 #, c-format msgid "%s is group writable" msgstr "" -#: lib/util/sudo_conf.c:599 src/selinux.c:233 src/selinux.c:250 src/sudo.c:363 +#: src/copy_file.c:121 #, c-format -msgid "unable to open %s" +msgid "unable to read from %s" +msgstr "" + +#: src/copy_file.c:125 src/sudo_edit.c:701 +#, c-format +msgid "unable to write to %s" msgstr "" -#: src/exec.c:111 +#: src/exec.c:135 #, c-format msgid "unknown login class %s" msgstr "" -#: src/exec.c:123 +#: src/exec.c:147 msgid "unable to set user context" msgstr "" -#: src/exec.c:139 +#: src/exec.c:163 msgid "unable to set process priority" msgstr "" -#: src/exec.c:150 +#: src/exec.c:177 #, c-format msgid "unable to change root to %s" msgstr "" -#: src/exec.c:163 src/exec.c:169 src/exec.c:176 +#: src/exec.c:190 src/exec.c:196 src/exec.c:203 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "" -#: src/exec.c:194 +#: src/exec.c:221 #, c-format msgid "unable to change directory to %s" msgstr "" -#: src/exec.c:293 src/exec_monitor.c:576 src/exec_monitor.c:578 -#: src/exec_nopty.c:538 src/exec_pty.c:530 src/exec_pty.c:1336 -#: src/exec_pty.c:1338 src/signal.c:150 src/signal.c:164 +#: src/exec.c:225 +#, c-format +msgid "starting from %s" +msgstr "" + +#: src/exec.c:307 src/exec_monitor.c:569 src/exec_monitor.c:571 +#: src/exec_nopty.c:537 src/exec_pty.c:566 src/exec_pty.c:1377 +#: src/exec_pty.c:1379 src/signal.c:150 src/signal.c:164 #, c-format msgid "unable to set handler for signal %d" msgstr "" @@ -198,89 +226,107 @@ msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "" -#: src/exec_monitor.c:366 +#: src/exec_monitor.c:365 msgid "error reading from socketpair" msgstr "" -#: src/exec_monitor.c:383 +#: src/exec_monitor.c:382 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "" -#: src/exec_monitor.c:475 src/exec_monitor.c:483 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_monitor.c:533 -#: src/exec_monitor.c:540 src/exec_nopty.c:222 src/exec_nopty.c:231 -#: src/exec_nopty.c:238 src/exec_nopty.c:245 src/exec_nopty.c:252 -#: src/exec_nopty.c:259 src/exec_nopty.c:266 src/exec_nopty.c:273 -#: src/exec_nopty.c:280 src/exec_nopty.c:287 src/exec_nopty.c:294 -#: src/exec_nopty.c:301 src/exec_nopty.c:309 src/exec_pty.c:652 -#: src/exec_pty.c:657 src/exec_pty.c:754 src/exec_pty.c:761 src/exec_pty.c:858 -#: src/exec_pty.c:1173 src/exec_pty.c:1182 src/exec_pty.c:1189 -#: src/exec_pty.c:1196 src/exec_pty.c:1203 src/exec_pty.c:1210 -#: src/exec_pty.c:1217 src/exec_pty.c:1224 src/exec_pty.c:1231 -#: src/exec_pty.c:1238 src/exec_pty.c:1245 src/exec_pty.c:1621 -#: src/exec_pty.c:1631 src/exec_pty.c:1676 src/exec_pty.c:1683 -#: src/exec_pty.c:1710 +#: src/exec_monitor.c:468 src/exec_monitor.c:476 src/exec_monitor.c:484 +#: src/exec_monitor.c:491 src/exec_monitor.c:498 src/exec_monitor.c:505 +#: src/exec_monitor.c:512 src/exec_monitor.c:519 src/exec_monitor.c:526 +#: src/exec_monitor.c:533 src/exec_nopty.c:220 src/exec_nopty.c:229 +#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 +#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 +#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 +#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:688 +#: src/exec_pty.c:693 src/exec_pty.c:790 src/exec_pty.c:797 src/exec_pty.c:894 +#: src/exec_pty.c:1212 src/exec_pty.c:1221 src/exec_pty.c:1228 +#: src/exec_pty.c:1235 src/exec_pty.c:1242 src/exec_pty.c:1249 +#: src/exec_pty.c:1256 src/exec_pty.c:1263 src/exec_pty.c:1270 +#: src/exec_pty.c:1277 src/exec_pty.c:1284 src/exec_pty.c:1669 +#: src/exec_pty.c:1679 src/exec_pty.c:1724 src/exec_pty.c:1731 +#: src/exec_pty.c:1758 msgid "unable to add event to queue" msgstr "" -#: src/exec_monitor.c:594 +#: src/exec_monitor.c:587 msgid "unable to set controlling tty" msgstr "" -#: src/exec_monitor.c:602 src/exec_nopty.c:366 src/exec_pty.c:1415 -#: src/exec_pty.c:1436 src/exec_pty.c:1456 src/tgetpass.c:307 +#: src/exec_monitor.c:595 src/exec_nopty.c:364 src/exec_pty.c:1456 +#: src/exec_pty.c:1477 src/exec_pty.c:1497 src/tgetpass.c:311 msgid "unable to create pipe" msgstr "" -#: src/exec_monitor.c:610 +#: src/exec_monitor.c:603 msgid "unable to receive message from parent" msgstr "" -#: src/exec_monitor.c:624 src/exec_nopty.c:395 src/exec_pty.c:1494 -#: src/tgetpass.c:311 +#: src/exec_monitor.c:617 src/exec_nopty.c:393 src/exec_pty.c:1535 +#: src/sudo_edit.c:738 src/tgetpass.c:315 msgid "unable to fork" msgstr "" -#: src/exec_monitor.c:628 src/exec_monitor.c:727 src/exec_nopty.c:448 +#: src/exec_monitor.c:621 src/exec_monitor.c:720 src/exec_nopty.c:447 msgid "unable to restore tty label" msgstr "" -#: src/exec_monitor.c:644 src/sesh.c:127 src/sudo.c:1100 +#: src/exec_monitor.c:637 src/sesh.c:127 src/sudo.c:1123 #, c-format msgid "unable to execute %s" msgstr "" -#: src/exec_nopty.c:360 src/exec_pty.c:1345 +#: src/exec_nopty.c:358 src/exec_pty.c:1386 msgid "policy plugin failed session initialization" msgstr "" -#: src/exec_nopty.c:437 src/exec_pty.c:1581 +#: src/exec_nopty.c:435 src/exec_pty.c:1621 msgid "error in event loop" msgstr "" -#: src/exec_nopty.c:546 src/exec_pty.c:565 src/signal.c:112 +#: src/exec_nopty.c:545 src/exec_pty.c:601 src/signal.c:112 #, c-format msgid "unable to restore handler for signal %d" msgstr "" -#: src/exec_pty.c:158 +#: src/exec_pty.c:157 msgid "unable to allocate pty" msgstr "" -#: src/exec_pty.c:1325 +#: src/exec_pty.c:221 src/exec_pty.c:260 src/exec_pty.c:299 src/exec_pty.c:349 +#: src/exec_pty.c:399 +msgid "I/O plugin error" +msgstr "" + +#: src/exec_pty.c:224 src/exec_pty.c:263 src/exec_pty.c:302 src/exec_pty.c:352 +#: src/exec_pty.c:402 +msgid "command rejected by I/O plugin" +msgstr "" + +#: src/exec_pty.c:449 +msgid "error logging suspend" +msgstr "" + +#: src/exec_pty.c:482 +msgid "error changing window size" +msgstr "" + +#: src/exec_pty.c:1366 msgid "unable to create sockets" msgstr "" -#: src/exec_pty.c:1538 +#: src/exec_pty.c:1578 msgid "unable to send message to monitor process" msgstr "" #: src/load_plugins.c:57 src/load_plugins.c:70 src/load_plugins.c:92 -#: src/load_plugins.c:122 src/load_plugins.c:134 src/load_plugins.c:140 -#: src/load_plugins.c:181 src/load_plugins.c:189 src/load_plugins.c:196 -#: src/load_plugins.c:202 +#: src/load_plugins.c:122 src/load_plugins.c:136 src/load_plugins.c:142 +#: src/load_plugins.c:293 src/load_plugins.c:301 src/load_plugins.c:308 +#: src/load_plugins.c:348 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "" @@ -290,61 +336,56 @@ msgid "%s%s: %s" msgstr "" -#: src/load_plugins.c:136 +#: src/load_plugins.c:138 #, c-format msgid "%s must be owned by uid %d" msgstr "" -#: src/load_plugins.c:142 +#: src/load_plugins.c:144 #, c-format msgid "%s must be only be writable by owner" msgstr "" -#: src/load_plugins.c:183 +#: src/load_plugins.c:254 src/load_plugins.c:321 #, c-format -msgid "unable to load %s: %s" +msgid "ignoring duplicate plugin \"%s\" in %s, line %d" msgstr "" -#: src/load_plugins.c:191 +#: src/load_plugins.c:295 #, c-format -msgid "unable to find symbol \"%s\" in %s" +msgid "unable to load %s: %s" msgstr "" -#: src/load_plugins.c:198 +#: src/load_plugins.c:303 #, c-format -msgid "unknown policy type %d found in %s" +msgid "unable to find symbol \"%s\" in %s" msgstr "" -#: src/load_plugins.c:204 +#: src/load_plugins.c:310 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "" -#: src/load_plugins.c:213 +#: src/load_plugins.c:324 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "" -#: src/load_plugins.c:215 +#: src/load_plugins.c:326 msgid "only a single policy plugin may be specified" msgstr "" -#: src/load_plugins.c:218 +#: src/load_plugins.c:350 #, c-format -msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" +msgid "unknown plugin type %d found in %s" msgstr "" -#: src/load_plugins.c:237 -#, c-format -msgid "ignoring duplicate I/O plugin \"%s\" in %s, line %d" -msgstr "" - -#: src/load_plugins.c:353 +#: src/load_plugins.c:511 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "" -#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:473 +#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:478 #, c-format msgid "internal error, %s overflow" msgstr "" @@ -358,179 +399,179 @@ msgid "the argument to -C must be a number greater than or equal to 3" msgstr "" -#: src/parse_args.c:523 +#: src/parse_args.c:542 msgid "you may not specify both the `-i' and `-s' options" msgstr "" -#: src/parse_args.c:527 +#: src/parse_args.c:546 msgid "you may not specify both the `-i' and `-E' options" msgstr "" -#: src/parse_args.c:537 +#: src/parse_args.c:556 msgid "the `-E' option is not valid in edit mode" msgstr "" -#: src/parse_args.c:539 +#: src/parse_args.c:558 msgid "you may not specify environment variables in edit mode" msgstr "" -#: src/parse_args.c:547 +#: src/parse_args.c:567 msgid "the `-U' option may only be used with the `-l' option" msgstr "" -#: src/parse_args.c:551 +#: src/parse_args.c:571 msgid "the `-A' and `-S' options may not be used together" msgstr "" -#: src/parse_args.c:627 +#: src/parse_args.c:664 msgid "sudoedit is not supported on this platform" msgstr "" -#: src/parse_args.c:700 +#: src/parse_args.c:745 msgid "" "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "" -#: src/parse_args.c:714 +#: src/parse_args.c:759 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" -#: src/parse_args.c:716 +#: src/parse_args.c:761 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" -#: src/parse_args.c:721 +#: src/parse_args.c:766 #, c-format msgid "" "\n" "Options:\n" msgstr "" -#: src/parse_args.c:723 +#: src/parse_args.c:768 msgid "use a helper program for password prompting" msgstr "" -#: src/parse_args.c:726 +#: src/parse_args.c:771 msgid "use specified BSD authentication type" msgstr "" -#: src/parse_args.c:729 +#: src/parse_args.c:774 msgid "run command in the background" msgstr "" -#: src/parse_args.c:731 +#: src/parse_args.c:776 msgid "ring bell when prompting" msgstr "" -#: src/parse_args.c:733 +#: src/parse_args.c:778 msgid "close all file descriptors >= num" msgstr "" -#: src/parse_args.c:736 +#: src/parse_args.c:781 msgid "run command with the specified BSD login class" msgstr "" -#: src/parse_args.c:739 +#: src/parse_args.c:784 msgid "preserve user environment when running command" msgstr "" -#: src/parse_args.c:741 +#: src/parse_args.c:786 msgid "preserve specific environment variables" msgstr "" -#: src/parse_args.c:743 +#: src/parse_args.c:788 msgid "edit files instead of running a command" msgstr "" -#: src/parse_args.c:745 +#: src/parse_args.c:790 msgid "run command as the specified group name or ID" msgstr "" -#: src/parse_args.c:747 +#: src/parse_args.c:792 msgid "set HOME variable to target user's home dir" msgstr "" -#: src/parse_args.c:749 +#: src/parse_args.c:794 msgid "display help message and exit" msgstr "" -#: src/parse_args.c:751 +#: src/parse_args.c:796 msgid "run command on host (if supported by plugin)" msgstr "" -#: src/parse_args.c:753 +#: src/parse_args.c:798 msgid "run login shell as the target user; a command may also be specified" msgstr "" -#: src/parse_args.c:755 +#: src/parse_args.c:800 msgid "remove timestamp file completely" msgstr "" -#: src/parse_args.c:757 +#: src/parse_args.c:802 msgid "invalidate timestamp file" msgstr "" -#: src/parse_args.c:759 +#: src/parse_args.c:804 msgid "" "list user's privileges or check a specific command; use twice for longer " "format" msgstr "" -#: src/parse_args.c:761 +#: src/parse_args.c:806 msgid "non-interactive mode, no prompts are used" msgstr "" -#: src/parse_args.c:763 +#: src/parse_args.c:808 msgid "preserve group vector instead of setting to target's" msgstr "" -#: src/parse_args.c:765 +#: src/parse_args.c:810 msgid "use the specified password prompt" msgstr "" -#: src/parse_args.c:768 +#: src/parse_args.c:813 msgid "create SELinux security context with specified role" msgstr "" -#: src/parse_args.c:771 +#: src/parse_args.c:816 msgid "read password from standard input" msgstr "" -#: src/parse_args.c:773 +#: src/parse_args.c:818 msgid "run shell as the target user; a command may also be specified" msgstr "" -#: src/parse_args.c:776 +#: src/parse_args.c:821 msgid "create SELinux security context with specified type" msgstr "" -#: src/parse_args.c:779 +#: src/parse_args.c:824 msgid "terminate command after the specified time limit" msgstr "" -#: src/parse_args.c:781 +#: src/parse_args.c:826 msgid "in list mode, display privileges for user" msgstr "" -#: src/parse_args.c:783 +#: src/parse_args.c:828 msgid "run command (or edit file) as specified user name or ID" msgstr "" -#: src/parse_args.c:785 +#: src/parse_args.c:830 msgid "display version information and exit" msgstr "" -#: src/parse_args.c:787 +#: src/parse_args.c:832 msgid "update user's timestamp without running a command" msgstr "" -#: src/parse_args.c:789 +#: src/parse_args.c:834 msgid "stop processing command line arguments" msgstr "" @@ -562,7 +603,7 @@ msgid "unable to open %s, not relabeling tty" msgstr "" -#: src/selinux.c:194 src/selinux.c:237 src/selinux.c:254 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "" @@ -583,54 +624,54 @@ msgid "unable to set new tty context" msgstr "" -#: src/selinux.c:298 +#: src/selinux.c:322 #, c-format msgid "you must specify a role for type %s" msgstr "" -#: src/selinux.c:304 +#: src/selinux.c:328 #, c-format msgid "unable to get default type for role %s" msgstr "" -#: src/selinux.c:316 +#: src/selinux.c:340 msgid "failed to get new context" msgstr "" -#: src/selinux.c:325 +#: src/selinux.c:349 #, c-format msgid "failed to set new role %s" msgstr "" -#: src/selinux.c:329 +#: src/selinux.c:353 #, c-format msgid "failed to set new type %s" msgstr "" -#: src/selinux.c:341 +#: src/selinux.c:365 #, c-format msgid "%s is not a valid context" msgstr "" -#: src/selinux.c:373 +#: src/selinux.c:397 msgid "failed to get old context" msgstr "" -#: src/selinux.c:379 +#: src/selinux.c:403 msgid "unable to determine enforcing mode." msgstr "" -#: src/selinux.c:396 +#: src/selinux.c:420 #, c-format msgid "unable to set tty context to %s" msgstr "" -#: src/selinux.c:428 +#: src/selinux.c:441 #, c-format msgid "unable to set exec context to %s" msgstr "" -#: src/selinux.c:435 +#: src/selinux.c:448 #, c-format msgid "unable to set key creation context to %s" msgstr "" @@ -697,188 +738,203 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "" -#: src/sudo.c:204 +#: src/sudo.c:224 #, c-format msgid "Sudo version %s\n" msgstr "" -#: src/sudo.c:206 +#: src/sudo.c:226 #, c-format msgid "Configure options: %s\n" msgstr "" -#: src/sudo.c:214 +#: src/sudo.c:235 msgid "fatal error, unable to load plugins" msgstr "" -#: src/sudo.c:222 -msgid "unable to initialize policy plugin" -msgstr "" - -#: src/sudo.c:266 +#: src/sudo.c:280 msgid "plugin did not return a command to execute" msgstr "" -#: src/sudo.c:282 -#, c-format -msgid "error initializing I/O plugin %s" -msgstr "" - -#: src/sudo.c:306 +#: src/sudo.c:311 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "" -#: src/sudo.c:538 +#: src/sudo.c:544 #, c-format msgid "you do not exist in the %s database" msgstr "" -#: src/sudo.c:595 +#: src/sudo.c:601 msgid "unable to determine tty" msgstr "" -#: src/sudo.c:887 +#: src/sudo.c:906 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "" -#: src/sudo.c:890 +#: src/sudo.c:909 #, c-format msgid "" "effective uid is not %d, is %s on a file system with the 'nosuid' option set " "or an NFS file system without root privileges?" msgstr "" -#: src/sudo.c:896 +#: src/sudo.c:915 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "" -#: src/sudo.c:912 +#: src/sudo.c:931 msgid "unable to set supplementary group IDs" msgstr "" -#: src/sudo.c:919 +#: src/sudo.c:938 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "" -#: src/sudo.c:925 +#: src/sudo.c:944 #, c-format msgid "unable to set gid to runas gid %u" msgstr "" -#: src/sudo.c:982 +#: src/sudo.c:987 #, c-format msgid "unexpected child termination condition: %d" msgstr "" -#: src/sudo.c:1128 +#: src/sudo.c:1096 +msgid "unable to initialize policy plugin" +msgstr "" + +#: src/sudo.c:1157 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "" -#: src/sudo.c:1146 +#: src/sudo.c:1172 src/sudo.c:1225 src/sudo.c:1269 +msgid "command rejected by policy" +msgstr "" + +#: src/sudo.c:1177 src/sudo.c:1230 src/sudo.c:1274 +msgid "policy plugin error" +msgstr "" + +#: src/sudo.c:1211 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "" -#: src/sudo.c:1163 +#: src/sudo.c:1255 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "" -#: src/sudo.c:1178 +#: src/sudo.c:1293 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "" -#: src/sudo_edit.c:221 +#: src/sudo.c:1422 +#, c-format +msgid "error initializing I/O plugin %s" +msgstr "" + +#: src/sudo.c:1576 +#, c-format +msgid "error initializing audit plugin %s" +msgstr "" + +#: src/sudo.c:1754 +#, c-format +msgid "error initializing approval plugin %s" +msgstr "" + +#: src/sudo.c:1830 +msgid "command rejected by approver" +msgstr "" + +#: src/sudo.c:1839 +msgid "approval plugin error" +msgstr "" + +#: src/sudo_edit.c:232 msgid "no writable temporary directory found" msgstr "" -#: src/sudo_edit.c:288 src/sudo_edit.c:377 +#: src/sudo_edit.c:357 msgid "unable to restore current working directory" msgstr "" -#: src/sudo_edit.c:594 src/sudo_edit.c:707 +#: src/sudo_edit.c:572 src/sudo_edit.c:672 #, c-format msgid "%s: not a regular file" msgstr "" -#: src/sudo_edit.c:601 +#: src/sudo_edit.c:579 #, c-format msgid "%s: editing symbolic links is not permitted" msgstr "" -#: src/sudo_edit.c:604 +#: src/sudo_edit.c:582 #, c-format msgid "%s: editing files in a writable directory is not permitted" msgstr "" -#: src/sudo_edit.c:637 src/sudo_edit.c:747 -#, c-format -msgid "%s: short write" -msgstr "" - -#: src/sudo_edit.c:708 +#: src/sudo_edit.c:673 #, c-format msgid "%s left unmodified" msgstr "" -#: src/sudo_edit.c:721 src/sudo_edit.c:908 +#: src/sudo_edit.c:686 src/sudo_edit.c:874 #, c-format msgid "%s unchanged" msgstr "" -#: src/sudo_edit.c:736 src/sudo_edit.c:758 -#, c-format -msgid "unable to write to %s" -msgstr "" - -#: src/sudo_edit.c:737 src/sudo_edit.c:756 src/sudo_edit.c:759 -#: src/sudo_edit.c:933 src/sudo_edit.c:937 +#: src/sudo_edit.c:709 src/sudo_edit.c:910 #, c-format msgid "contents of edit session left in %s" msgstr "" -#: src/sudo_edit.c:755 -msgid "unable to read temporary file" -msgstr "" - -#: src/sudo_edit.c:838 +#: src/sudo_edit.c:817 msgid "sesh: internal error: odd number of paths" msgstr "" -#: src/sudo_edit.c:840 +#: src/sudo_edit.c:819 msgid "sesh: unable to create temporary files" msgstr "" -#: src/sudo_edit.c:842 src/sudo_edit.c:940 +#: src/sudo_edit.c:821 src/sudo_edit.c:903 +msgid "sesh: killed by a signal" +msgstr "" + +#: src/sudo_edit.c:823 src/sudo_edit.c:906 #, c-format msgid "sesh: unknown error %d" msgstr "" -#: src/sudo_edit.c:932 +#: src/sudo_edit.c:897 msgid "unable to copy temporary files back to their original location" msgstr "" -#: src/sudo_edit.c:936 +#: src/sudo_edit.c:900 msgid "" "unable to copy some of the temporary files back to their original location" msgstr "" -#: src/sudo_edit.c:981 +#: src/sudo_edit.c:944 #, c-format msgid "unable to change uid to root (%u)" msgstr "" -#: src/sudo_edit.c:998 +#: src/sudo_edit.c:961 msgid "plugin error: missing file list for sudoedit" msgstr "" -#: src/sudo_edit.c:1039 src/sudo_edit.c:1052 +#: src/sudo_edit.c:1012 src/sudo_edit.c:1025 msgid "unable to read the clock" msgstr "" @@ -904,17 +960,17 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "" -#: src/tgetpass.c:322 +#: src/tgetpass.c:332 #, c-format msgid "unable to set gid to %u" msgstr "" -#: src/tgetpass.c:326 +#: src/tgetpass.c:336 #, c-format msgid "unable to set uid to %u" msgstr "" -#: src/tgetpass.c:331 +#: src/tgetpass.c:341 #, c-format msgid "unable to run %s" msgstr "" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/po/sv.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/po/sv.mo differ diff -Nru sudo-1.8.31/po/sv.po sudo-1.9.0/po/sv.po --- sudo-1.8.31/po/sv.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/po/sv.po 2020-05-11 16:28:23.000000000 +0000 @@ -1,15 +1,15 @@ # Swedish translation for sudo. -# Copyright © 2012, 2016, 2017, 2018, 2019 Free Software Foundation, Inc. +# Copyright © 2012, 2016, 2017, 2018, 2019, 2020 Free Software Foundation, Inc. # This file is put in the public domain. # Daniel Nylander , 2012. -# Sebastian Rasmussen , 2016, 2017, 2018, 2019. +# Sebastian Rasmussen , 2016, 2017, 2018, 2019, 2020. # msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.29rc1\n" +"Project-Id-Version: sudo 1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-10-24 15:00+0200\n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-04-29 00:02+0800\n" "Last-Translator: Sebastian Rasmussen \n" "Language-Team: Swedish \n" "Language: sv\n" @@ -18,7 +18,7 @@ "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" -"X-Generator: Poedit 2.2.3\n" +"X-Generator: Poedit 2.3\n" "X-Poedit-Bookmarks: -1,0,-1,-1,-1,-1,-1,-1,-1,-1\n" #: lib/util/aix.c:92 lib/util/aix.c:172 @@ -35,74 +35,98 @@ msgstr "kunde inte återställa registret" #: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/gidlist.c:81 -#: lib/util/sudo_conf.c:193 lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 -#: lib/util/sudo_conf.c:560 src/conversation.c:84 src/exec_common.c:114 -#: src/exec_common.c:130 src/exec_common.c:139 src/exec_monitor.c:212 -#: src/exec_monitor.c:467 src/exec_monitor.c:473 src/exec_monitor.c:481 +#: lib/util/json.c:66 lib/util/json.c:192 lib/util/sudo_conf.c:191 +#: lib/util/sudo_conf.c:277 lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 +#: src/conversation.c:86 src/exec_common.c:114 src/exec_common.c:130 +#: src/exec_common.c:139 src/exec_monitor.c:211 src/exec_monitor.c:460 +#: src/exec_monitor.c:466 src/exec_monitor.c:474 src/exec_monitor.c:482 #: src/exec_monitor.c:489 src/exec_monitor.c:496 src/exec_monitor.c:503 #: src/exec_monitor.c:510 src/exec_monitor.c:517 src/exec_monitor.c:524 -#: src/exec_monitor.c:531 src/exec_monitor.c:538 src/exec_nopty.c:214 -#: src/exec_nopty.c:220 src/exec_nopty.c:229 src/exec_nopty.c:236 -#: src/exec_nopty.c:243 src/exec_nopty.c:250 src/exec_nopty.c:257 -#: src/exec_nopty.c:264 src/exec_nopty.c:271 src/exec_nopty.c:278 -#: src/exec_nopty.c:285 src/exec_nopty.c:292 src/exec_nopty.c:299 -#: src/exec_nopty.c:307 src/exec_nopty.c:480 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1002 -#: src/exec_pty.c:1165 src/exec_pty.c:1171 src/exec_pty.c:1180 -#: src/exec_pty.c:1187 src/exec_pty.c:1194 src/exec_pty.c:1201 -#: src/exec_pty.c:1208 src/exec_pty.c:1215 src/exec_pty.c:1222 -#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 -#: src/exec_pty.c:1251 src/exec_pty.c:1668 src/load_plugins.c:59 -#: src/load_plugins.c:72 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:207 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:679 src/sudo.c:689 src/sudo.c:710 src/sudo.c:729 -#: src/sudo.c:738 src/sudo.c:747 src/sudo.c:764 src/sudo.c:805 src/sudo.c:815 -#: src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 src/sudo.c:1240 -#: src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 src/sudo_edit.c:891 -#: src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:531 src/exec_nopty.c:218 src/exec_nopty.c:227 +#: src/exec_nopty.c:234 src/exec_nopty.c:241 src/exec_nopty.c:248 +#: src/exec_nopty.c:255 src/exec_nopty.c:262 src/exec_nopty.c:269 +#: src/exec_nopty.c:276 src/exec_nopty.c:283 src/exec_nopty.c:290 +#: src/exec_nopty.c:297 src/exec_nopty.c:305 src/exec_nopty.c:479 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1038 src/exec_pty.c:1206 src/exec_pty.c:1215 +#: src/exec_pty.c:1222 src/exec_pty.c:1229 src/exec_pty.c:1236 +#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 +#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 +#: src/exec_pty.c:1286 src/exec_pty.c:1709 src/load_plugins.c:59 +#: src/load_plugins.c:72 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:207 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:625 src/sudo.c:685 +#: src/sudo.c:695 src/sudo.c:716 src/sudo.c:735 src/sudo.c:744 src/sudo.c:753 +#: src/sudo.c:770 src/sudo.c:811 src/sudo.c:821 src/sudo.c:847 src/sudo.c:1037 +#: src/sudo.c:1059 src/sudo.c:1355 src/sudo.c:1528 src/sudo.c:1722 +#: src/sudo.c:2066 src/sudo_edit.c:270 src/sudo_edit.c:775 src/sudo_edit.c:872 +#: src/sudo_edit.c:986 src/sudo_edit.c:1006 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/sudo_conf.c:194 -#: lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 lib/util/sudo_conf.c:560 -#: src/conversation.c:85 src/exec_common.c:114 src/exec_common.c:131 -#: src/exec_common.c:140 src/exec_monitor.c:467 src/exec_monitor.c:473 -#: src/exec_monitor.c:481 src/exec_monitor.c:489 src/exec_monitor.c:496 +#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/json.c:67 +#: lib/util/json.c:193 lib/util/sudo_conf.c:192 lib/util/sudo_conf.c:277 +#: lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 src/conversation.c:87 +#: src/exec_common.c:114 src/exec_common.c:131 src/exec_common.c:140 +#: src/exec_monitor.c:460 src/exec_monitor.c:466 src/exec_monitor.c:474 +#: src/exec_monitor.c:482 src/exec_monitor.c:489 src/exec_monitor.c:496 #: src/exec_monitor.c:503 src/exec_monitor.c:510 src/exec_monitor.c:517 -#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_monitor.c:538 -#: src/exec_nopty.c:214 src/exec_nopty.c:220 src/exec_nopty.c:229 -#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 -#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 -#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 -#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1165 -#: src/exec_pty.c:1171 src/exec_pty.c:1180 src/exec_pty.c:1187 -#: src/exec_pty.c:1194 src/exec_pty.c:1201 src/exec_pty.c:1208 -#: src/exec_pty.c:1215 src/exec_pty.c:1222 src/exec_pty.c:1229 -#: src/exec_pty.c:1236 src/exec_pty.c:1243 src/exec_pty.c:1251 -#: src/exec_pty.c:1668 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:208 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 -#: src/sudo.c:1240 src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 -#: src/sudo_edit.c:891 src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_nopty.c:218 +#: src/exec_nopty.c:227 src/exec_nopty.c:234 src/exec_nopty.c:241 +#: src/exec_nopty.c:248 src/exec_nopty.c:255 src/exec_nopty.c:262 +#: src/exec_nopty.c:269 src/exec_nopty.c:276 src/exec_nopty.c:283 +#: src/exec_nopty.c:290 src/exec_nopty.c:297 src/exec_nopty.c:305 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1206 src/exec_pty.c:1215 src/exec_pty.c:1222 +#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 +#: src/exec_pty.c:1250 src/exec_pty.c:1257 src/exec_pty.c:1264 +#: src/exec_pty.c:1271 src/exec_pty.c:1278 src/exec_pty.c:1286 +#: src/exec_pty.c:1709 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:208 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:239 src/sudo.c:625 +#: src/sudo.c:847 src/sudo.c:1037 src/sudo.c:1059 src/sudo.c:1355 +#: src/sudo.c:1528 src/sudo.c:1722 src/sudo.c:2066 src/sudo_edit.c:270 +#: src/sudo_edit.c:775 src/sudo_edit.c:872 src/sudo_edit.c:986 +#: src/sudo_edit.c:1006 msgid "unable to allocate memory" msgstr "kunde inte allokera minne" +#: lib/util/mkdir_parents.c:79 lib/util/sudo_conf.c:619 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 +#, c-format +msgid "unable to open %s" +msgstr "kunde inte öppna %s" + +#: lib/util/mkdir_parents.c:94 +#, c-format +msgid "unable to mkdir %s" +msgstr "kunde inte köra mkdir %s" + +#: lib/util/mkdir_parents.c:103 lib/util/sudo_conf.c:596 +#, c-format +msgid "unable to stat %s" +msgstr "kunde inte ta status på %s" + +#: lib/util/mkdir_parents.c:108 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s existerar men är inte en katalog (0%o)" + #: lib/util/strsignal.c:55 msgid "Unknown signal" msgstr "Okänd signal" #: lib/util/strtoid.c:96 lib/util/strtomode.c:56 lib/util/strtonum.c:161 -#: lib/util/strtonum.c:196 +#: lib/util/strtonum.c:200 msgid "invalid value" msgstr "ogiltigt värde" @@ -114,87 +138,77 @@ msgid "value too small" msgstr "värde för litet" -#: lib/util/sudo_conf.c:212 +#: lib/util/sudo_conf.c:210 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "ogiltigt Path-värde ”%s” i %s, rad %u" -#: lib/util/sudo_conf.c:378 lib/util/sudo_conf.c:431 +#: lib/util/sudo_conf.c:376 lib/util/sudo_conf.c:392 lib/util/sudo_conf.c:445 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "ogiltigt värde för %s ”%s” i %s, rad %u" -#: lib/util/sudo_conf.c:399 +#: lib/util/sudo_conf.c:413 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "gruppkälla ”%s” stöds ej i %s, rad %u" -#: lib/util/sudo_conf.c:415 +#: lib/util/sudo_conf.c:429 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "ogiltigt största antal grupper ”%s” i %s, rad %u" -#: lib/util/sudo_conf.c:576 -#, c-format -msgid "unable to stat %s" -msgstr "kunde inte ta status på %s" - -#: lib/util/sudo_conf.c:579 +#: lib/util/sudo_conf.c:599 #, c-format msgid "%s is not a regular file" msgstr "%s är inte en vanlig fil" -#: lib/util/sudo_conf.c:582 +#: lib/util/sudo_conf.c:602 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s ägs av uid %u, ska vara %u" -#: lib/util/sudo_conf.c:586 +#: lib/util/sudo_conf.c:606 #, c-format msgid "%s is world writable" msgstr "%s är skrivbar för alla" -#: lib/util/sudo_conf.c:589 +#: lib/util/sudo_conf.c:609 #, c-format msgid "%s is group writable" msgstr "%s är skrivbar för gruppen" -#: lib/util/sudo_conf.c:599 src/selinux.c:233 src/selinux.c:250 src/sudo.c:363 -#, c-format -msgid "unable to open %s" -msgstr "kunde inte öppna %s" - -#: src/exec.c:111 +#: src/exec.c:135 #, c-format msgid "unknown login class %s" msgstr "okänd inloggningsklass %s" -#: src/exec.c:123 +#: src/exec.c:147 msgid "unable to set user context" msgstr "kunde inte ställa in användarens kontext" -#: src/exec.c:139 +#: src/exec.c:163 msgid "unable to set process priority" msgstr "kunde inte ställa in processprioritet" -#: src/exec.c:150 +#: src/exec.c:177 #, c-format msgid "unable to change root to %s" msgstr "kunde inte ändra rot till %s" -#: src/exec.c:163 src/exec.c:169 src/exec.c:176 +#: src/exec.c:190 src/exec.c:196 src/exec.c:203 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "kunde inte ändra till runas uid (%u, %u)" -#: src/exec.c:194 +#: src/exec.c:221 #, c-format msgid "unable to change directory to %s" msgstr "kunde inte ändra katalog till %s" -#: src/exec.c:293 src/exec_monitor.c:576 src/exec_monitor.c:578 -#: src/exec_nopty.c:538 src/exec_pty.c:530 src/exec_pty.c:1336 -#: src/exec_pty.c:1338 src/signal.c:150 src/signal.c:164 +#: src/exec.c:304 src/exec_monitor.c:569 src/exec_monitor.c:571 +#: src/exec_nopty.c:537 src/exec_pty.c:566 src/exec_pty.c:1373 +#: src/exec_pty.c:1375 src/signal.c:150 src/signal.c:164 #, c-format msgid "unable to set handler for signal %d" msgstr "kunde inte ställa in hanterare för signal %d" @@ -203,89 +217,107 @@ msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "kan inte ta bort PRIV_PROC_EXEC från PRIV_LIMIT" -#: src/exec_monitor.c:366 +#: src/exec_monitor.c:365 msgid "error reading from socketpair" msgstr "fel vid läsning från uttagspar" -#: src/exec_monitor.c:383 +#: src/exec_monitor.c:382 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "oväntad svarstyp i bakkanal: %d" -#: src/exec_monitor.c:475 src/exec_monitor.c:483 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_monitor.c:533 -#: src/exec_monitor.c:540 src/exec_nopty.c:222 src/exec_nopty.c:231 -#: src/exec_nopty.c:238 src/exec_nopty.c:245 src/exec_nopty.c:252 -#: src/exec_nopty.c:259 src/exec_nopty.c:266 src/exec_nopty.c:273 -#: src/exec_nopty.c:280 src/exec_nopty.c:287 src/exec_nopty.c:294 -#: src/exec_nopty.c:301 src/exec_nopty.c:309 src/exec_pty.c:652 -#: src/exec_pty.c:657 src/exec_pty.c:754 src/exec_pty.c:761 src/exec_pty.c:858 -#: src/exec_pty.c:1173 src/exec_pty.c:1182 src/exec_pty.c:1189 -#: src/exec_pty.c:1196 src/exec_pty.c:1203 src/exec_pty.c:1210 -#: src/exec_pty.c:1217 src/exec_pty.c:1224 src/exec_pty.c:1231 -#: src/exec_pty.c:1238 src/exec_pty.c:1245 src/exec_pty.c:1621 -#: src/exec_pty.c:1631 src/exec_pty.c:1676 src/exec_pty.c:1683 -#: src/exec_pty.c:1710 +#: src/exec_monitor.c:468 src/exec_monitor.c:476 src/exec_monitor.c:484 +#: src/exec_monitor.c:491 src/exec_monitor.c:498 src/exec_monitor.c:505 +#: src/exec_monitor.c:512 src/exec_monitor.c:519 src/exec_monitor.c:526 +#: src/exec_monitor.c:533 src/exec_nopty.c:220 src/exec_nopty.c:229 +#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 +#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 +#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 +#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:688 +#: src/exec_pty.c:693 src/exec_pty.c:790 src/exec_pty.c:797 src/exec_pty.c:894 +#: src/exec_pty.c:1208 src/exec_pty.c:1217 src/exec_pty.c:1224 +#: src/exec_pty.c:1231 src/exec_pty.c:1238 src/exec_pty.c:1245 +#: src/exec_pty.c:1252 src/exec_pty.c:1259 src/exec_pty.c:1266 +#: src/exec_pty.c:1273 src/exec_pty.c:1280 src/exec_pty.c:1662 +#: src/exec_pty.c:1672 src/exec_pty.c:1717 src/exec_pty.c:1724 +#: src/exec_pty.c:1751 msgid "unable to add event to queue" msgstr "kunde inte lägga till händelse till kö" -#: src/exec_monitor.c:594 +#: src/exec_monitor.c:587 msgid "unable to set controlling tty" msgstr "kan inte ställa in kontrollerande tty" -#: src/exec_monitor.c:602 src/exec_nopty.c:366 src/exec_pty.c:1415 -#: src/exec_pty.c:1436 src/exec_pty.c:1456 src/tgetpass.c:307 +#: src/exec_monitor.c:595 src/exec_nopty.c:364 src/exec_pty.c:1452 +#: src/exec_pty.c:1473 src/exec_pty.c:1493 src/tgetpass.c:311 msgid "unable to create pipe" msgstr "kunde inte skapa rör" -#: src/exec_monitor.c:610 +#: src/exec_monitor.c:603 msgid "unable to receive message from parent" msgstr "kan inte ta emot meddelande från förälder" -#: src/exec_monitor.c:624 src/exec_nopty.c:395 src/exec_pty.c:1494 -#: src/tgetpass.c:311 +#: src/exec_monitor.c:617 src/exec_nopty.c:393 src/exec_pty.c:1531 +#: src/tgetpass.c:315 msgid "unable to fork" msgstr "kunde inte grena process" -#: src/exec_monitor.c:628 src/exec_monitor.c:727 src/exec_nopty.c:448 +#: src/exec_monitor.c:621 src/exec_monitor.c:720 src/exec_nopty.c:447 msgid "unable to restore tty label" msgstr "kan inte återställa tty-etikett" -#: src/exec_monitor.c:644 src/sesh.c:127 src/sudo.c:1100 +#: src/exec_monitor.c:637 src/sesh.c:127 src/sudo.c:1114 #, c-format msgid "unable to execute %s" msgstr "kunde inte köra %s" -#: src/exec_nopty.c:360 src/exec_pty.c:1345 +#: src/exec_nopty.c:358 src/exec_pty.c:1382 msgid "policy plugin failed session initialization" msgstr "policyinsticksmodul misslyckades att initiera session" -#: src/exec_nopty.c:437 src/exec_pty.c:1581 +#: src/exec_nopty.c:435 src/exec_pty.c:1617 msgid "error in event loop" msgstr "fel i händelseslinga" -#: src/exec_nopty.c:546 src/exec_pty.c:565 src/signal.c:112 +#: src/exec_nopty.c:545 src/exec_pty.c:601 src/signal.c:112 #, c-format msgid "unable to restore handler for signal %d" msgstr "kunde inte återställa hanterare för signal %d" -#: src/exec_pty.c:158 +#: src/exec_pty.c:157 msgid "unable to allocate pty" msgstr "kunde inte allokera pty" -#: src/exec_pty.c:1325 +#: src/exec_pty.c:221 src/exec_pty.c:260 src/exec_pty.c:299 src/exec_pty.c:349 +#: src/exec_pty.c:399 +msgid "I/O plugin error" +msgstr "fel i I/O-insticksmodul" + +#: src/exec_pty.c:224 src/exec_pty.c:263 src/exec_pty.c:302 src/exec_pty.c:352 +#: src/exec_pty.c:402 +msgid "command rejected by I/O plugin" +msgstr "kommando avböjt av I/O-insticksmodul" + +#: src/exec_pty.c:449 +msgid "error logging suspend" +msgstr "felloggning avstängd" + +#: src/exec_pty.c:482 +msgid "error changing window size" +msgstr "fel vid ändring av fönsterstorlek" + +#: src/exec_pty.c:1362 msgid "unable to create sockets" msgstr "kunde inte skapa uttag" -#: src/exec_pty.c:1538 +#: src/exec_pty.c:1574 msgid "unable to send message to monitor process" msgstr "kan inte skicka meddelande till övervakningsprocess" #: src/load_plugins.c:57 src/load_plugins.c:70 src/load_plugins.c:92 -#: src/load_plugins.c:122 src/load_plugins.c:134 src/load_plugins.c:140 -#: src/load_plugins.c:181 src/load_plugins.c:189 src/load_plugins.c:196 -#: src/load_plugins.c:202 +#: src/load_plugins.c:122 src/load_plugins.c:136 src/load_plugins.c:142 +#: src/load_plugins.c:293 src/load_plugins.c:301 src/load_plugins.c:308 +#: src/load_plugins.c:348 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "fel i %s, rad %d under inläsning av insticksmodul ”%s”" @@ -295,61 +327,56 @@ msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:136 +#: src/load_plugins.c:138 #, c-format msgid "%s must be owned by uid %d" msgstr "%s måste ägas av uid %d" -#: src/load_plugins.c:142 +#: src/load_plugins.c:144 #, c-format msgid "%s must be only be writable by owner" msgstr "%s får endast vara skrivbar av ägaren" -#: src/load_plugins.c:183 +#: src/load_plugins.c:254 src/load_plugins.c:321 +#, c-format +msgid "ignoring duplicate plugin \"%s\" in %s, line %d" +msgstr "ignorerar dubblerad insticksmodul ”%s” i %s, rad %d" + +#: src/load_plugins.c:295 #, c-format msgid "unable to load %s: %s" msgstr "kunde inte läsa in %s: %s" -#: src/load_plugins.c:191 +#: src/load_plugins.c:303 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "kunde inte hitta symbol ”%s” i %s" -#: src/load_plugins.c:198 -#, c-format -msgid "unknown policy type %d found in %s" -msgstr "okänd policytyp %d hittad i %s" - -#: src/load_plugins.c:204 +#: src/load_plugins.c:310 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "inkompatibel huvudversion %d för insticksmodul (%d förväntades) hittad i %s" -#: src/load_plugins.c:213 +#: src/load_plugins.c:324 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "ignorerar policyinsticksmodul ”%s” i %s, rad %d" -#: src/load_plugins.c:215 +#: src/load_plugins.c:326 msgid "only a single policy plugin may be specified" msgstr "bara en policyinsticksmodul kan anges" -#: src/load_plugins.c:218 -#, c-format -msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" -msgstr "ignorerar dubblerad policyinsticksmodul ”%s” i %s, rad %d" - -#: src/load_plugins.c:237 +#: src/load_plugins.c:350 #, c-format -msgid "ignoring duplicate I/O plugin \"%s\" in %s, line %d" -msgstr "ignorerar dubblerad I/O-insticksmodul ”%s” i %s, rad %d" +msgid "unknown plugin type %d found in %s" +msgstr "okänd insticksmodulstyp %d hittad i %s" -#: src/load_plugins.c:353 +#: src/load_plugins.c:511 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "policyinsticksmodul %s inkluderar inte en check_policy-metod" -#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:473 +#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:478 #, c-format msgid "internal error, %s overflow" msgstr "internt fel, %s spill" @@ -363,39 +390,39 @@ msgid "the argument to -C must be a number greater than or equal to 3" msgstr "argumentet till -C måste vara ett tal större än eller lika med 3" -#: src/parse_args.c:523 +#: src/parse_args.c:524 msgid "you may not specify both the `-i' and `-s' options" msgstr "du får inte ange flaggorna ”-i” och ”-s” samtidigt" -#: src/parse_args.c:527 +#: src/parse_args.c:528 msgid "you may not specify both the `-i' and `-E' options" msgstr "du får inte ange flaggorna ”-i” och ”-E” samtidigt" -#: src/parse_args.c:537 +#: src/parse_args.c:538 msgid "the `-E' option is not valid in edit mode" msgstr "flaggan ”-E” är inte giltig i redigeringsläget" -#: src/parse_args.c:539 +#: src/parse_args.c:540 msgid "you may not specify environment variables in edit mode" msgstr "du får inte ange miljövariabler i redigeringsläget" -#: src/parse_args.c:547 +#: src/parse_args.c:548 msgid "the `-U' option may only be used with the `-l' option" msgstr "flaggan ”-U” får bara användas med flaggan ”-l”" -#: src/parse_args.c:551 +#: src/parse_args.c:552 msgid "the `-A' and `-S' options may not be used together" msgstr "flaggorna ”-A” och ”-S” får inte användas tillsammans" -#: src/parse_args.c:627 +#: src/parse_args.c:645 msgid "sudoedit is not supported on this platform" msgstr "sudoedit stöds inte på denna plattform" -#: src/parse_args.c:700 +#: src/parse_args.c:726 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Endast en av flaggorna -e, -h, -i, -K, -l, -s, -v eller -V får anges" -#: src/parse_args.c:714 +#: src/parse_args.c:740 #, c-format msgid "" "%s - edit files as another user\n" @@ -404,7 +431,7 @@ "%s - redigera filer som en annan användare\n" "\n" -#: src/parse_args.c:716 +#: src/parse_args.c:742 #, c-format msgid "" "%s - execute a command as another user\n" @@ -413,7 +440,7 @@ "%s - kör ett kommando som en annan användare\n" "\n" -#: src/parse_args.c:721 +#: src/parse_args.c:747 #, c-format msgid "" "\n" @@ -422,123 +449,123 @@ "\n" "Flaggor:\n" -#: src/parse_args.c:723 +#: src/parse_args.c:749 msgid "use a helper program for password prompting" msgstr "använd hjälpprogram för att fråga efter lösenord" -#: src/parse_args.c:726 +#: src/parse_args.c:752 msgid "use specified BSD authentication type" msgstr "använd angiven BSD-autentiseringstyp" -#: src/parse_args.c:729 +#: src/parse_args.c:755 msgid "run command in the background" msgstr "kör kommando i bakgrunden" -#: src/parse_args.c:731 +#: src/parse_args.c:757 msgid "ring bell when prompting" msgstr "ring i klockan vid fråga" -#: src/parse_args.c:733 +#: src/parse_args.c:759 msgid "close all file descriptors >= num" msgstr "stäng alla fildeskriptorer >= num" -#: src/parse_args.c:736 +#: src/parse_args.c:762 msgid "run command with the specified BSD login class" msgstr "kör kommando med den angivna BSD-inloggningsklassen" -#: src/parse_args.c:739 +#: src/parse_args.c:765 msgid "preserve user environment when running command" msgstr "bevara användarens miljö när kommandot körs" -#: src/parse_args.c:741 +#: src/parse_args.c:767 msgid "preserve specific environment variables" msgstr "bevara specifika miljövariabler" -#: src/parse_args.c:743 +#: src/parse_args.c:769 msgid "edit files instead of running a command" msgstr "redigera filer istället för att köra ett kommando" -#: src/parse_args.c:745 +#: src/parse_args.c:771 msgid "run command as the specified group name or ID" msgstr "kör kommando som angivet gruppnamn eller ID" -#: src/parse_args.c:747 +#: src/parse_args.c:773 msgid "set HOME variable to target user's home dir" msgstr "ställ in HOME-variabeln till målanvändarens hemkatalog" -#: src/parse_args.c:749 +#: src/parse_args.c:775 msgid "display help message and exit" msgstr "visa hjälpmeddelande och avsluta" -#: src/parse_args.c:751 +#: src/parse_args.c:777 msgid "run command on host (if supported by plugin)" msgstr "kör kommando på värd (om det stöds av instick)" -#: src/parse_args.c:753 +#: src/parse_args.c:779 msgid "run login shell as the target user; a command may also be specified" msgstr "kör ett inloggningsskal som målanvändaren; ett kommando kan också anges" -#: src/parse_args.c:755 +#: src/parse_args.c:781 msgid "remove timestamp file completely" msgstr "ta bort tidsstämpelfil helt" -#: src/parse_args.c:757 +#: src/parse_args.c:783 msgid "invalidate timestamp file" msgstr "ogiltigförklara tidsstämpelfil" -#: src/parse_args.c:759 +#: src/parse_args.c:785 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "lista användarens rättigheter eller kontrollera ett specifikt kommando; använd två gånger för längre format" -#: src/parse_args.c:761 +#: src/parse_args.c:787 msgid "non-interactive mode, no prompts are used" msgstr "icke-interaktivt läge, inga frågor ställs" -#: src/parse_args.c:763 +#: src/parse_args.c:789 msgid "preserve group vector instead of setting to target's" msgstr "behåll gruppvektor istället för att ställa in den till målets" -#: src/parse_args.c:765 +#: src/parse_args.c:791 msgid "use the specified password prompt" msgstr "använd angiven lösenordsprompt" -#: src/parse_args.c:768 +#: src/parse_args.c:794 msgid "create SELinux security context with specified role" msgstr "skapa SELinux-säkerhetskontext med angiven roll" -#: src/parse_args.c:771 +#: src/parse_args.c:797 msgid "read password from standard input" msgstr "läs lösenord från standard in" -#: src/parse_args.c:773 +#: src/parse_args.c:799 msgid "run shell as the target user; a command may also be specified" msgstr "kör skal som målanvändaren; ett kommando kan också anges" -#: src/parse_args.c:776 +#: src/parse_args.c:802 msgid "create SELinux security context with specified type" msgstr "skapa SELinux-säkerhetskontext med angiven typ" -#: src/parse_args.c:779 +#: src/parse_args.c:805 msgid "terminate command after the specified time limit" msgstr "avsluta kommando efter den angivna tidsgränsen" -#: src/parse_args.c:781 +#: src/parse_args.c:807 msgid "in list mode, display privileges for user" msgstr "i listläge, visa rättigheter för användaren" -#: src/parse_args.c:783 +#: src/parse_args.c:809 msgid "run command (or edit file) as specified user name or ID" msgstr "kör kommando (eller redigera fil) som angivet användarnamn eller ID" -#: src/parse_args.c:785 +#: src/parse_args.c:811 msgid "display version information and exit" msgstr "visa versionsinformation och avsluta" -#: src/parse_args.c:787 +#: src/parse_args.c:813 msgid "update user's timestamp without running a command" msgstr "uppdatera användarens tidsstämpel utan att köra ett kommando" -#: src/parse_args.c:789 +#: src/parse_args.c:815 msgid "stop processing command line arguments" msgstr "sluta behandla kommandoradsargument" @@ -570,7 +597,7 @@ msgid "unable to open %s, not relabeling tty" msgstr "kan inte öppna %s, ometiketterar inte tty" -#: src/selinux.c:194 src/selinux.c:237 src/selinux.c:254 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s är inte en teckenenhet, ometiketterar inte tty" @@ -591,54 +618,54 @@ msgid "unable to set new tty context" msgstr "kan inte ställa in ny tty-kontext" -#: src/selinux.c:298 +#: src/selinux.c:322 #, c-format msgid "you must specify a role for type %s" msgstr "du måste ange en roll för typen %s" -#: src/selinux.c:304 +#: src/selinux.c:328 #, c-format msgid "unable to get default type for role %s" msgstr "kunde inte få tag på standardtyp för rollen %s" -#: src/selinux.c:316 +#: src/selinux.c:340 msgid "failed to get new context" msgstr "misslyckades med att få tag på ny kontext" -#: src/selinux.c:325 +#: src/selinux.c:349 #, c-format msgid "failed to set new role %s" msgstr "misslyckades med att ställa in nya rollen %s" -#: src/selinux.c:329 +#: src/selinux.c:353 #, c-format msgid "failed to set new type %s" msgstr "misslyckades med att ställa in nya typen %s" -#: src/selinux.c:341 +#: src/selinux.c:365 #, c-format msgid "%s is not a valid context" msgstr "%s är inte en giltig kontext" -#: src/selinux.c:373 +#: src/selinux.c:397 msgid "failed to get old context" msgstr "misslyckades med att få tag på gammal kontext" -#: src/selinux.c:379 +#: src/selinux.c:403 msgid "unable to determine enforcing mode." msgstr "kan inte fastställa påtvingande läge." -#: src/selinux.c:396 +#: src/selinux.c:420 #, c-format msgid "unable to set tty context to %s" msgstr "kunde inte ställa in tty-kontext till %s" -#: src/selinux.c:428 +#: src/selinux.c:452 #, c-format msgid "unable to set exec context to %s" msgstr "kunde inte ställa in körkontext till %s" -#: src/selinux.c:435 +#: src/selinux.c:459 #, c-format msgid "unable to set key creation context to %s" msgstr "kan inte ställa in kontext för nyckelskapande till %s" @@ -705,185 +732,211 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "varning, tilldelning av resurskontroll misslyckades för projekt ”%s”" -#: src/sudo.c:204 +#: src/sudo.c:224 #, c-format msgid "Sudo version %s\n" msgstr "Sudo version %s\n" -#: src/sudo.c:206 +#: src/sudo.c:226 #, c-format msgid "Configure options: %s\n" msgstr "Konfigurationsflaggor: %s\n" -#: src/sudo.c:214 +#: src/sudo.c:235 msgid "fatal error, unable to load plugins" msgstr "ödesdigert fel, kunde inte läsa in insticksmoduler" -#: src/sudo.c:222 -msgid "unable to initialize policy plugin" -msgstr "kan inte initiera policy-instick" - -#: src/sudo.c:266 +#: src/sudo.c:280 msgid "plugin did not return a command to execute" msgstr "insticksmodul returnerade ett kommando att exekvera" -#: src/sudo.c:282 -#, c-format -msgid "error initializing I/O plugin %s" -msgstr "fel vid initiering av I/O-insticksmodul %s" - -#: src/sudo.c:306 +#: src/sudo.c:311 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "oväntat sudo-läge 0x%x" -#: src/sudo.c:538 +#: src/sudo.c:544 #, c-format msgid "you do not exist in the %s database" msgstr "du existerar inte i %s-databasen" -#: src/sudo.c:595 +#: src/sudo.c:601 msgid "unable to determine tty" msgstr "kan inte detektera tty" -#: src/sudo.c:887 +#: src/sudo.c:893 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s måste ägas av uid %d och ha setuid-biten inställd" -#: src/sudo.c:890 +#: src/sudo.c:896 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "effektivt uid är inte %d, är %s på ett filsystem med flaggan ”nosuid” inställd eller ett NFS-filsystem utan root-rättigheter?" -#: src/sudo.c:896 +#: src/sudo.c:902 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "effektivt uid är inte %d, har sudo installerats som setuid root?" -#: src/sudo.c:912 +#: src/sudo.c:918 msgid "unable to set supplementary group IDs" msgstr "kan inte ställa in kompletterande grupp-ID:n" -#: src/sudo.c:919 +#: src/sudo.c:925 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "kunde inte ställa in effektiv gid till runas gid %u" -#: src/sudo.c:925 +#: src/sudo.c:931 #, c-format msgid "unable to set gid to runas gid %u" msgstr "kunde inte ställa in gid för runas gid %u" -#: src/sudo.c:982 +#: src/sudo.c:978 #, c-format msgid "unexpected child termination condition: %d" msgstr "oväntat barnavslutsvillkor: %d" -#: src/sudo.c:1128 +#: src/sudo.c:1087 +msgid "unable to initialize policy plugin" +msgstr "kan inte initiera policy-instick" + +#: src/sudo.c:1148 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "policyinsticksmodul %s saknar metoden ”check_policy”" -#: src/sudo.c:1146 +#: src/sudo.c:1163 src/sudo.c:1216 src/sudo.c:1260 +msgid "command rejected by policy" +msgstr "kommando avböjt enligt policy" + +#: src/sudo.c:1168 src/sudo.c:1221 src/sudo.c:1265 +msgid "policy plugin error" +msgstr "fel i policyinsticksmodul" + +#: src/sudo.c:1202 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "policyinsticksmodul %s har inte stöd för att lista rättigheter" -#: src/sudo.c:1163 +#: src/sudo.c:1246 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "policyinsticksmodul %s har inte stöd för flaggan -v" -#: src/sudo.c:1178 +#: src/sudo.c:1284 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "policyinsticksmodul %s har inte stöd för flaggorna -k/-K" -#: src/sudo_edit.c:221 +#: src/sudo.c:1413 +#, c-format +msgid "error initializing I/O plugin %s" +msgstr "fel vid initiering av I/O-insticksmodul %s" + +#: src/sudo.c:1567 +#, c-format +msgid "error initializing audit plugin %s" +msgstr "fel vid initiering av granskningsinsticksmodul %s" + +#: src/sudo.c:1745 +#, c-format +msgid "error initializing approval plugin %s" +msgstr "fel vid initiering av godkänningsinsticksmodul %s" + +#: src/sudo.c:1821 +msgid "command rejected by approver" +msgstr "kommando avböjt av godkännare" + +#: src/sudo.c:1830 +msgid "approval plugin error" +msgstr "fel i godkänningsinsticksmodul" + +#: src/sudo_edit.c:233 msgid "no writable temporary directory found" msgstr "ingen skrivbar temporärkatalog hittad" -#: src/sudo_edit.c:288 src/sudo_edit.c:377 +#: src/sudo_edit.c:358 msgid "unable to restore current working directory" msgstr "kunde inte återställa aktuell arbetskatalog" -#: src/sudo_edit.c:594 src/sudo_edit.c:707 +#: src/sudo_edit.c:575 src/sudo_edit.c:688 #, c-format msgid "%s: not a regular file" msgstr "%s: inte en vanlig fil" -#: src/sudo_edit.c:601 +#: src/sudo_edit.c:582 #, c-format msgid "%s: editing symbolic links is not permitted" msgstr "%s: att redigera symboliska länkar är inte tillåtet" -#: src/sudo_edit.c:604 +#: src/sudo_edit.c:585 #, c-format msgid "%s: editing files in a writable directory is not permitted" msgstr "%s: att redigera filer i en skrivbar katalog är inte tillåtet" -#: src/sudo_edit.c:637 src/sudo_edit.c:747 +#: src/sudo_edit.c:618 src/sudo_edit.c:728 #, c-format msgid "%s: short write" msgstr "%s: kort skrivning" -#: src/sudo_edit.c:708 +#: src/sudo_edit.c:689 #, c-format msgid "%s left unmodified" msgstr "%s lämnad oförändrad" -#: src/sudo_edit.c:721 src/sudo_edit.c:908 +#: src/sudo_edit.c:702 src/sudo_edit.c:889 #, c-format msgid "%s unchanged" msgstr "%s oförändrad" -#: src/sudo_edit.c:736 src/sudo_edit.c:758 +#: src/sudo_edit.c:717 src/sudo_edit.c:739 #, c-format msgid "unable to write to %s" msgstr "kunde inte skriva till %s" -#: src/sudo_edit.c:737 src/sudo_edit.c:756 src/sudo_edit.c:759 -#: src/sudo_edit.c:933 src/sudo_edit.c:937 +#: src/sudo_edit.c:718 src/sudo_edit.c:737 src/sudo_edit.c:740 +#: src/sudo_edit.c:914 src/sudo_edit.c:918 #, c-format msgid "contents of edit session left in %s" msgstr "innehåll av redigeringssession finns kvar i %s" -#: src/sudo_edit.c:755 +#: src/sudo_edit.c:736 msgid "unable to read temporary file" msgstr "kunde inte läsa temporärfil" -#: src/sudo_edit.c:838 +#: src/sudo_edit.c:819 msgid "sesh: internal error: odd number of paths" msgstr "sesh: internt fel: udda antal sökvägar" -#: src/sudo_edit.c:840 +#: src/sudo_edit.c:821 msgid "sesh: unable to create temporary files" msgstr "sesh: kunde inte skapa temporärfiler" -#: src/sudo_edit.c:842 src/sudo_edit.c:940 +#: src/sudo_edit.c:823 src/sudo_edit.c:921 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: okänt fel %d" -#: src/sudo_edit.c:932 +#: src/sudo_edit.c:913 msgid "unable to copy temporary files back to their original location" msgstr "kan inte kopiera temporära filer tillbaka till deras originalplats" -#: src/sudo_edit.c:936 +#: src/sudo_edit.c:917 msgid "unable to copy some of the temporary files back to their original location" msgstr "kan inte kopiera vissa av de temporära filerna tillbaka till deras originalplats" -#: src/sudo_edit.c:981 +#: src/sudo_edit.c:962 #, c-format msgid "unable to change uid to root (%u)" msgstr "kunde inte ändra uid till root (%u)" -#: src/sudo_edit.c:998 +#: src/sudo_edit.c:979 msgid "plugin error: missing file list for sudoedit" msgstr "insticksfel: fillista för sudoedit saknas" -#: src/sudo_edit.c:1039 src/sudo_edit.c:1052 +#: src/sudo_edit.c:1020 src/sudo_edit.c:1033 msgid "unable to read the clock" msgstr "kunde inte läsa klockan" @@ -907,17 +960,17 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "inget askpass-program angivet, prova att ställ in SUDO_ASKPASS" -#: src/tgetpass.c:322 +#: src/tgetpass.c:332 #, c-format msgid "unable to set gid to %u" msgstr "kunde inte ställa in gid till %u" -#: src/tgetpass.c:326 +#: src/tgetpass.c:336 #, c-format msgid "unable to set uid to %u" msgstr "kunde inte ställa in uid till %u" -#: src/tgetpass.c:331 +#: src/tgetpass.c:341 #, c-format msgid "unable to run %s" msgstr "kunde inte köra %s" @@ -934,6 +987,9 @@ msgid "unable to restore stdin" msgstr "kan inte återställa standard in" +#~ msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" +#~ msgstr "ignorerar dubblerad policyinsticksmodul ”%s” i %s, rad %d" + #~ msgid "no tty present and no askpass program specified" #~ msgstr "ingen tty finns tillgänglig och inget askpass-program angivet" @@ -946,9 +1002,6 @@ #~ msgid "error reading from signal pipe" #~ msgstr "fel vid läsning från signalrör" -#~ msgid "error reading from pipe" -#~ msgstr "fel vid läsning från rör" - #~ msgid ": " #~ msgstr ": " Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/po/tr.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/po/tr.mo differ diff -Nru sudo-1.8.31/po/tr.po sudo-1.9.0/po/tr.po --- sudo-1.8.31/po/tr.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/po/tr.po 2020-05-11 16:28:23.000000000 +0000 @@ -1,13 +1,13 @@ # This file is put in the public domain. # This file is distributed under the same license as the sudo package. # Volkan Gezer , 2013, 2015. -# Mehmet Kececi , 2016, 2017, 2018, 2019. +# Mehmet Kececi , 2016, 2017, 2018, 2019, 2020. msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.29rc1\n" +"Project-Id-Version: sudo 1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-10-24 15:13+0300\n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-03-14 00:30+0300\n" "Last-Translator: Mehmet Kececi \n" "Language-Team: Turkish \n" "Language: tr\n" @@ -15,7 +15,7 @@ "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" -"X-Generator: Virtaal 0.7.1\n" +"X-Generator: Poedit 2.3\n" "X-Bugs: Report translation errors to the Language-Team address.\n" #: lib/util/aix.c:92 lib/util/aix.c:172 @@ -32,74 +32,98 @@ msgstr "kayıt geri yüklenemiyor" #: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/gidlist.c:81 -#: lib/util/sudo_conf.c:193 lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 -#: lib/util/sudo_conf.c:560 src/conversation.c:84 src/exec_common.c:114 -#: src/exec_common.c:130 src/exec_common.c:139 src/exec_monitor.c:212 -#: src/exec_monitor.c:467 src/exec_monitor.c:473 src/exec_monitor.c:481 +#: lib/util/json.c:66 lib/util/json.c:192 lib/util/sudo_conf.c:191 +#: lib/util/sudo_conf.c:277 lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 +#: src/conversation.c:86 src/exec_common.c:114 src/exec_common.c:130 +#: src/exec_common.c:139 src/exec_monitor.c:211 src/exec_monitor.c:460 +#: src/exec_monitor.c:466 src/exec_monitor.c:474 src/exec_monitor.c:482 #: src/exec_monitor.c:489 src/exec_monitor.c:496 src/exec_monitor.c:503 #: src/exec_monitor.c:510 src/exec_monitor.c:517 src/exec_monitor.c:524 -#: src/exec_monitor.c:531 src/exec_monitor.c:538 src/exec_nopty.c:214 -#: src/exec_nopty.c:220 src/exec_nopty.c:229 src/exec_nopty.c:236 -#: src/exec_nopty.c:243 src/exec_nopty.c:250 src/exec_nopty.c:257 -#: src/exec_nopty.c:264 src/exec_nopty.c:271 src/exec_nopty.c:278 -#: src/exec_nopty.c:285 src/exec_nopty.c:292 src/exec_nopty.c:299 -#: src/exec_nopty.c:307 src/exec_nopty.c:480 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1002 -#: src/exec_pty.c:1165 src/exec_pty.c:1171 src/exec_pty.c:1180 -#: src/exec_pty.c:1187 src/exec_pty.c:1194 src/exec_pty.c:1201 -#: src/exec_pty.c:1208 src/exec_pty.c:1215 src/exec_pty.c:1222 -#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 -#: src/exec_pty.c:1251 src/exec_pty.c:1668 src/load_plugins.c:59 -#: src/load_plugins.c:72 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:207 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:679 src/sudo.c:689 src/sudo.c:710 src/sudo.c:729 -#: src/sudo.c:738 src/sudo.c:747 src/sudo.c:764 src/sudo.c:805 src/sudo.c:815 -#: src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 src/sudo.c:1240 -#: src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 src/sudo_edit.c:891 -#: src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:531 src/exec_nopty.c:218 src/exec_nopty.c:227 +#: src/exec_nopty.c:234 src/exec_nopty.c:241 src/exec_nopty.c:248 +#: src/exec_nopty.c:255 src/exec_nopty.c:262 src/exec_nopty.c:269 +#: src/exec_nopty.c:276 src/exec_nopty.c:283 src/exec_nopty.c:290 +#: src/exec_nopty.c:297 src/exec_nopty.c:305 src/exec_nopty.c:479 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1038 src/exec_pty.c:1206 src/exec_pty.c:1215 +#: src/exec_pty.c:1222 src/exec_pty.c:1229 src/exec_pty.c:1236 +#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 +#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 +#: src/exec_pty.c:1286 src/exec_pty.c:1709 src/load_plugins.c:59 +#: src/load_plugins.c:72 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:207 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:625 src/sudo.c:685 +#: src/sudo.c:695 src/sudo.c:716 src/sudo.c:735 src/sudo.c:744 src/sudo.c:753 +#: src/sudo.c:770 src/sudo.c:811 src/sudo.c:821 src/sudo.c:847 src/sudo.c:1037 +#: src/sudo.c:1059 src/sudo.c:1355 src/sudo.c:1528 src/sudo.c:1722 +#: src/sudo.c:2066 src/sudo_edit.c:270 src/sudo_edit.c:775 src/sudo_edit.c:872 +#: src/sudo_edit.c:986 src/sudo_edit.c:1006 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/sudo_conf.c:194 -#: lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 lib/util/sudo_conf.c:560 -#: src/conversation.c:85 src/exec_common.c:114 src/exec_common.c:131 -#: src/exec_common.c:140 src/exec_monitor.c:467 src/exec_monitor.c:473 -#: src/exec_monitor.c:481 src/exec_monitor.c:489 src/exec_monitor.c:496 +#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/json.c:67 +#: lib/util/json.c:193 lib/util/sudo_conf.c:192 lib/util/sudo_conf.c:277 +#: lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 src/conversation.c:87 +#: src/exec_common.c:114 src/exec_common.c:131 src/exec_common.c:140 +#: src/exec_monitor.c:460 src/exec_monitor.c:466 src/exec_monitor.c:474 +#: src/exec_monitor.c:482 src/exec_monitor.c:489 src/exec_monitor.c:496 #: src/exec_monitor.c:503 src/exec_monitor.c:510 src/exec_monitor.c:517 -#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_monitor.c:538 -#: src/exec_nopty.c:214 src/exec_nopty.c:220 src/exec_nopty.c:229 -#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 -#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 -#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 -#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1165 -#: src/exec_pty.c:1171 src/exec_pty.c:1180 src/exec_pty.c:1187 -#: src/exec_pty.c:1194 src/exec_pty.c:1201 src/exec_pty.c:1208 -#: src/exec_pty.c:1215 src/exec_pty.c:1222 src/exec_pty.c:1229 -#: src/exec_pty.c:1236 src/exec_pty.c:1243 src/exec_pty.c:1251 -#: src/exec_pty.c:1668 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:208 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 -#: src/sudo.c:1240 src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 -#: src/sudo_edit.c:891 src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_nopty.c:218 +#: src/exec_nopty.c:227 src/exec_nopty.c:234 src/exec_nopty.c:241 +#: src/exec_nopty.c:248 src/exec_nopty.c:255 src/exec_nopty.c:262 +#: src/exec_nopty.c:269 src/exec_nopty.c:276 src/exec_nopty.c:283 +#: src/exec_nopty.c:290 src/exec_nopty.c:297 src/exec_nopty.c:305 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1206 src/exec_pty.c:1215 src/exec_pty.c:1222 +#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 +#: src/exec_pty.c:1250 src/exec_pty.c:1257 src/exec_pty.c:1264 +#: src/exec_pty.c:1271 src/exec_pty.c:1278 src/exec_pty.c:1286 +#: src/exec_pty.c:1709 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:208 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:239 src/sudo.c:625 +#: src/sudo.c:847 src/sudo.c:1037 src/sudo.c:1059 src/sudo.c:1355 +#: src/sudo.c:1528 src/sudo.c:1722 src/sudo.c:2066 src/sudo_edit.c:270 +#: src/sudo_edit.c:775 src/sudo_edit.c:872 src/sudo_edit.c:986 +#: src/sudo_edit.c:1006 msgid "unable to allocate memory" msgstr "bellek ayırma başarısız" +#: lib/util/mkdir_parents.c:79 lib/util/sudo_conf.c:619 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 +#, c-format +msgid "unable to open %s" +msgstr "%s açılamıyor" + +#: lib/util/mkdir_parents.c:94 +#, c-format +msgid "unable to mkdir %s" +msgstr "mkdir %s için olanaksız" + +#: lib/util/mkdir_parents.c:103 lib/util/sudo_conf.c:596 +#, c-format +msgid "unable to stat %s" +msgstr "%s durumlanamıyor" + +#: lib/util/mkdir_parents.c:108 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s var ancak bir dizin değil (0%o)" + #: lib/util/strsignal.c:55 msgid "Unknown signal" msgstr "Bilinmeyen sinyal" #: lib/util/strtoid.c:96 lib/util/strtomode.c:56 lib/util/strtonum.c:161 -#: lib/util/strtonum.c:196 +#: lib/util/strtonum.c:200 msgid "invalid value" msgstr "geçersiz değer" @@ -111,178 +135,186 @@ msgid "value too small" msgstr "değer çok küçük" -#: lib/util/sudo_conf.c:212 +#: lib/util/sudo_conf.c:210 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "geçersiz Yol değeri %s içinde \"%s\", satır %u" -#: lib/util/sudo_conf.c:378 lib/util/sudo_conf.c:431 +#: lib/util/sudo_conf.c:376 lib/util/sudo_conf.c:392 lib/util/sudo_conf.c:445 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "%s \"%s\" için geçersiz değer, %s içinde, satır %u" -#: lib/util/sudo_conf.c:399 +#: lib/util/sudo_conf.c:413 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "\"%s\" desteklenmeyen grup kaynağı, %s içinde, satır %u" -#: lib/util/sudo_conf.c:415 +#: lib/util/sudo_conf.c:429 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "`\"%s\" geçersiz azami grubu, %s içinde, satır %u" -#: lib/util/sudo_conf.c:576 -#, c-format -msgid "unable to stat %s" -msgstr "%s durumlanamıyor" - -#: lib/util/sudo_conf.c:579 +#: lib/util/sudo_conf.c:599 #, c-format msgid "%s is not a regular file" msgstr "%s düzenli bir dosya değil" -#: lib/util/sudo_conf.c:582 +#: lib/util/sudo_conf.c:602 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s, %u kullanıcı kimliği tarafından sahiplenmiş, %u olmalı" -#: lib/util/sudo_conf.c:586 +#: lib/util/sudo_conf.c:606 #, c-format msgid "%s is world writable" msgstr "%s genel yazılabilir" -#: lib/util/sudo_conf.c:589 +#: lib/util/sudo_conf.c:609 #, c-format msgid "%s is group writable" msgstr "%s grup yazılabilir" -#: lib/util/sudo_conf.c:599 src/selinux.c:233 src/selinux.c:250 src/sudo.c:363 -#, c-format -msgid "unable to open %s" -msgstr "%s açılamıyor" - -#: src/exec.c:111 +#: src/exec.c:135 #, c-format msgid "unknown login class %s" msgstr "bilinmeyen %s oturum sınıfı" -#: src/exec.c:123 +#: src/exec.c:147 msgid "unable to set user context" msgstr "kullanıcı bağlamı ayarlama başarısız" -#: src/exec.c:139 +#: src/exec.c:163 msgid "unable to set process priority" msgstr "süreç önceliği ayarlanamıyor" -#: src/exec.c:150 +#: src/exec.c:177 #, c-format msgid "unable to change root to %s" msgstr "kök %s olarak değiştirilemiyor" -#: src/exec.c:163 src/exec.c:169 src/exec.c:176 +#: src/exec.c:190 src/exec.c:196 src/exec.c:203 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "runas uid (%u, %u) olarak değiştirilemiyor" -#: src/exec.c:194 +#: src/exec.c:221 #, c-format msgid "unable to change directory to %s" msgstr "%s dizinine değiştirilemiyor" -#: src/exec.c:293 src/exec_monitor.c:576 src/exec_monitor.c:578 -#: src/exec_nopty.c:538 src/exec_pty.c:530 src/exec_pty.c:1336 -#: src/exec_pty.c:1338 src/signal.c:150 src/signal.c:164 +#: src/exec.c:304 src/exec_monitor.c:569 src/exec_monitor.c:571 +#: src/exec_nopty.c:537 src/exec_pty.c:566 src/exec_pty.c:1373 +#: src/exec_pty.c:1375 src/signal.c:150 src/signal.c:164 #, c-format msgid "unable to set handler for signal %d" msgstr "sinyal %d için işleyici ayarlanamıyor" #: src/exec_common.c:173 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" -msgstr "PRIV_LIMIT'ten PRIV_PROC_EXEC kaldırılamıyor" +msgstr "kaynak PRIV_LIMIT'dan PRIV_PROC_EXEC kaldırılamıyor" -#: src/exec_monitor.c:366 +#: src/exec_monitor.c:365 msgid "error reading from socketpair" msgstr "sockerpair'den okuma hatası" -#: src/exec_monitor.c:383 +#: src/exec_monitor.c:382 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "backchannel'da beklenmeyen yanıt türü: %d" -#: src/exec_monitor.c:475 src/exec_monitor.c:483 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_monitor.c:533 -#: src/exec_monitor.c:540 src/exec_nopty.c:222 src/exec_nopty.c:231 -#: src/exec_nopty.c:238 src/exec_nopty.c:245 src/exec_nopty.c:252 -#: src/exec_nopty.c:259 src/exec_nopty.c:266 src/exec_nopty.c:273 -#: src/exec_nopty.c:280 src/exec_nopty.c:287 src/exec_nopty.c:294 -#: src/exec_nopty.c:301 src/exec_nopty.c:309 src/exec_pty.c:652 -#: src/exec_pty.c:657 src/exec_pty.c:754 src/exec_pty.c:761 src/exec_pty.c:858 -#: src/exec_pty.c:1173 src/exec_pty.c:1182 src/exec_pty.c:1189 -#: src/exec_pty.c:1196 src/exec_pty.c:1203 src/exec_pty.c:1210 -#: src/exec_pty.c:1217 src/exec_pty.c:1224 src/exec_pty.c:1231 -#: src/exec_pty.c:1238 src/exec_pty.c:1245 src/exec_pty.c:1621 -#: src/exec_pty.c:1631 src/exec_pty.c:1676 src/exec_pty.c:1683 -#: src/exec_pty.c:1710 +#: src/exec_monitor.c:468 src/exec_monitor.c:476 src/exec_monitor.c:484 +#: src/exec_monitor.c:491 src/exec_monitor.c:498 src/exec_monitor.c:505 +#: src/exec_monitor.c:512 src/exec_monitor.c:519 src/exec_monitor.c:526 +#: src/exec_monitor.c:533 src/exec_nopty.c:220 src/exec_nopty.c:229 +#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 +#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 +#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 +#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:688 +#: src/exec_pty.c:693 src/exec_pty.c:790 src/exec_pty.c:797 src/exec_pty.c:894 +#: src/exec_pty.c:1208 src/exec_pty.c:1217 src/exec_pty.c:1224 +#: src/exec_pty.c:1231 src/exec_pty.c:1238 src/exec_pty.c:1245 +#: src/exec_pty.c:1252 src/exec_pty.c:1259 src/exec_pty.c:1266 +#: src/exec_pty.c:1273 src/exec_pty.c:1280 src/exec_pty.c:1662 +#: src/exec_pty.c:1672 src/exec_pty.c:1717 src/exec_pty.c:1724 +#: src/exec_pty.c:1751 msgid "unable to add event to queue" msgstr "olay kuyruğa eklenemedi" -#: src/exec_monitor.c:594 +#: src/exec_monitor.c:587 msgid "unable to set controlling tty" msgstr "tty denetleme ayarlaması başarısız" -#: src/exec_monitor.c:602 src/exec_nopty.c:366 src/exec_pty.c:1415 -#: src/exec_pty.c:1436 src/exec_pty.c:1456 src/tgetpass.c:307 +#: src/exec_monitor.c:595 src/exec_nopty.c:364 src/exec_pty.c:1452 +#: src/exec_pty.c:1473 src/exec_pty.c:1493 src/tgetpass.c:311 msgid "unable to create pipe" msgstr "iletişim tüneli oluşturulamıyor" -#: src/exec_monitor.c:610 +#: src/exec_monitor.c:603 msgid "unable to receive message from parent" msgstr "ebeveynden mesaj alamıyor" -#: src/exec_monitor.c:624 src/exec_nopty.c:395 src/exec_pty.c:1494 -#: src/tgetpass.c:311 +#: src/exec_monitor.c:617 src/exec_nopty.c:393 src/exec_pty.c:1531 +#: src/tgetpass.c:315 msgid "unable to fork" msgstr "çatallanamıyor" -#: src/exec_monitor.c:628 src/exec_monitor.c:727 src/exec_nopty.c:448 +#: src/exec_monitor.c:621 src/exec_monitor.c:720 src/exec_nopty.c:447 msgid "unable to restore tty label" msgstr "tty etiketi geri yüklenemiyor" -#: src/exec_monitor.c:644 src/sesh.c:127 src/sudo.c:1100 +#: src/exec_monitor.c:637 src/sesh.c:127 src/sudo.c:1114 #, c-format msgid "unable to execute %s" msgstr "%s çalıştırılamıyor" -#: src/exec_nopty.c:360 src/exec_pty.c:1345 +#: src/exec_nopty.c:358 src/exec_pty.c:1382 msgid "policy plugin failed session initialization" msgstr "oturum başlatma için ilke eklentisi başarısız" -#: src/exec_nopty.c:437 src/exec_pty.c:1581 +#: src/exec_nopty.c:435 src/exec_pty.c:1617 msgid "error in event loop" msgstr "olay döngüsünde hata" -#: src/exec_nopty.c:546 src/exec_pty.c:565 src/signal.c:112 +#: src/exec_nopty.c:545 src/exec_pty.c:601 src/signal.c:112 #, c-format msgid "unable to restore handler for signal %d" msgstr "sinyal %d için işleyici geri yüklenemiyor" -#: src/exec_pty.c:158 +#: src/exec_pty.c:157 msgid "unable to allocate pty" msgstr "pty ayırma başarısız" -#: src/exec_pty.c:1325 +#: src/exec_pty.c:221 src/exec_pty.c:260 src/exec_pty.c:299 src/exec_pty.c:349 +#: src/exec_pty.c:399 +msgid "I/O plugin error" +msgstr "G/Ç eklenti hatası" + +#: src/exec_pty.c:224 src/exec_pty.c:263 src/exec_pty.c:302 src/exec_pty.c:352 +#: src/exec_pty.c:402 +msgid "command rejected by I/O plugin" +msgstr "komut G/Ç eklentisi tarafından reddedildi" + +#: src/exec_pty.c:449 +msgid "error logging suspend" +msgstr "günlüğü askıya alma hatası" + +#: src/exec_pty.c:482 +msgid "error changing window size" +msgstr "pencere boyutunu değiştirme hatası" + +#: src/exec_pty.c:1362 msgid "unable to create sockets" msgstr "soket oluşturulamıyor" -#: src/exec_pty.c:1538 +#: src/exec_pty.c:1574 msgid "unable to send message to monitor process" msgstr "süreci izlemek için mesaj gönderilemiyor" #: src/load_plugins.c:57 src/load_plugins.c:70 src/load_plugins.c:92 -#: src/load_plugins.c:122 src/load_plugins.c:134 src/load_plugins.c:140 -#: src/load_plugins.c:181 src/load_plugins.c:189 src/load_plugins.c:196 -#: src/load_plugins.c:202 +#: src/load_plugins.c:122 src/load_plugins.c:136 src/load_plugins.c:142 +#: src/load_plugins.c:293 src/load_plugins.c:301 src/load_plugins.c:308 +#: src/load_plugins.c:348 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "\"%s\" eklentisi yüklenirken satır %d, %s içerisinde hata" @@ -292,61 +324,56 @@ msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:136 +#: src/load_plugins.c:138 #, c-format msgid "%s must be owned by uid %d" msgstr "%s, %d kullanıcı kimliği tarafından sahiplenmeli" -#: src/load_plugins.c:142 +#: src/load_plugins.c:144 #, c-format msgid "%s must be only be writable by owner" msgstr "%s sadece sahibi tarafından yazılabilir olmalı" -#: src/load_plugins.c:183 +#: src/load_plugins.c:254 src/load_plugins.c:321 +#, c-format +msgid "ignoring duplicate plugin \"%s\" in %s, line %d" +msgstr "%s içinde \"%s\" yinelenen eklentisini yok sayılıyor, %d satırı" + +#: src/load_plugins.c:295 #, c-format msgid "unable to load %s: %s" msgstr "%s yüklenemedi: %s" -#: src/load_plugins.c:191 +#: src/load_plugins.c:303 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "%s içerisinde \"%s\" sembolü bulunamıyor" -#: src/load_plugins.c:198 -#, c-format -msgid "unknown policy type %d found in %s" -msgstr "bilinmeyen ilke türü %d bulundu: %s içerisinde" - -#: src/load_plugins.c:204 +#: src/load_plugins.c:310 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "uyumsuz temel ilke sürümü %d bulundu (beklenen %d) %s içerisinde" -#: src/load_plugins.c:213 +#: src/load_plugins.c:324 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "\"%s\" ilke eklentisi ihmal ediliyor, %s içinde, satır %d" -#: src/load_plugins.c:215 +#: src/load_plugins.c:326 msgid "only a single policy plugin may be specified" msgstr "sadece tek ilke eklentisi belirtilebilir" -#: src/load_plugins.c:218 -#, c-format -msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" -msgstr "yinelenmiş \"%s\" ilke eklentisi ihmal ediliyor, %s içinde, satır %d" - -#: src/load_plugins.c:237 +#: src/load_plugins.c:350 #, c-format -msgid "ignoring duplicate I/O plugin \"%s\" in %s, line %d" -msgstr "kopyalanmış \"%s\" I/O eklentisi ihmal ediliyor, %s içinde, satır %d" +msgid "unknown plugin type %d found in %s" +msgstr "bilinmeyen eklenti türü %d %s içinde bulundu" -#: src/load_plugins.c:353 +#: src/load_plugins.c:511 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "%s ilke eklentisi, bir check_policy yöntemi içermiyor" -#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:473 +#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:478 #, c-format msgid "internal error, %s overflow" msgstr "dahili hata, %s taşması" @@ -360,39 +387,39 @@ msgid "the argument to -C must be a number greater than or equal to 3" msgstr "-C argümanı 3 veya daha büyük bir sayı olmalıdır" -#: src/parse_args.c:523 +#: src/parse_args.c:524 msgid "you may not specify both the `-i' and `-s' options" msgstr "`-i' ve `-s' seçeneklerini aynı anda belirtemezsiniz" -#: src/parse_args.c:527 +#: src/parse_args.c:528 msgid "you may not specify both the `-i' and `-E' options" msgstr "`-i' ve `-E' seçeneklerini aynı anda belirtemezsiniz" -#: src/parse_args.c:537 +#: src/parse_args.c:538 msgid "the `-E' option is not valid in edit mode" msgstr "düzenleme kipinde `-E' seçeneği geçerli değil" -#: src/parse_args.c:539 +#: src/parse_args.c:540 msgid "you may not specify environment variables in edit mode" msgstr "düzenleme kipinde ortam değişkenlerini belirtemezsiniz" -#: src/parse_args.c:547 +#: src/parse_args.c:548 msgid "the `-U' option may only be used with the `-l' option" msgstr "`-U' seçeneği sadece `-l' seçeneği ile kullanılabilir" -#: src/parse_args.c:551 +#: src/parse_args.c:552 msgid "the `-A' and `-S' options may not be used together" msgstr "`-A' ve `-S' seçenekleri birlikte kullanılamaz" -#: src/parse_args.c:627 +#: src/parse_args.c:645 msgid "sudoedit is not supported on this platform" msgstr "sudoedit bu platformda desteklenmiyor" -#: src/parse_args.c:700 +#: src/parse_args.c:726 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "-e, -h, -i, -K, -l, -s, -v veya -V seçeneklerinden sadece biri belirtilebilir" -#: src/parse_args.c:714 +#: src/parse_args.c:740 #, c-format msgid "" "%s - edit files as another user\n" @@ -401,7 +428,7 @@ "%s - dosyaları farklı kullanıcı olarak düzenle\n" "\n" -#: src/parse_args.c:716 +#: src/parse_args.c:742 #, c-format msgid "" "%s - execute a command as another user\n" @@ -410,7 +437,7 @@ "%s - bir komutu farklı kullanıcı olarak çalıştır\n" "\n" -#: src/parse_args.c:721 +#: src/parse_args.c:747 #, c-format msgid "" "\n" @@ -419,123 +446,123 @@ "\n" "Seçenekler:\n" -#: src/parse_args.c:723 +#: src/parse_args.c:749 msgid "use a helper program for password prompting" msgstr "parola sorgulaması için bir yardımcı program kullan" -#: src/parse_args.c:726 +#: src/parse_args.c:752 msgid "use specified BSD authentication type" msgstr "belirtilen BSD kimlik doğrulama türünü kullan" -#: src/parse_args.c:729 +#: src/parse_args.c:755 msgid "run command in the background" msgstr "arkaalanda komutu çalıştır" -#: src/parse_args.c:731 +#: src/parse_args.c:757 msgid "ring bell when prompting" msgstr "istendiğinde zili çal" -#: src/parse_args.c:733 +#: src/parse_args.c:759 msgid "close all file descriptors >= num" msgstr ">= sayı olan tüm dosya tanımlayıcılarını kapat" -#: src/parse_args.c:736 +#: src/parse_args.c:762 msgid "run command with the specified BSD login class" msgstr "komutu belirtilen BSD oturum sınıfı ile çalıştır" -#: src/parse_args.c:739 +#: src/parse_args.c:765 msgid "preserve user environment when running command" msgstr "komut çalıştırılırken kullanıcı ortamını koru" -#: src/parse_args.c:741 +#: src/parse_args.c:767 msgid "preserve specific environment variables" msgstr "özel çevre değişkenlerini koru" -#: src/parse_args.c:743 +#: src/parse_args.c:769 msgid "edit files instead of running a command" msgstr "komut çalıştırmak yerine dosyaları düzenleyiniz" -#: src/parse_args.c:745 +#: src/parse_args.c:771 msgid "run command as the specified group name or ID" msgstr "grup adı veya ID olarak tanımlanan komutu çalıştır" -#: src/parse_args.c:747 +#: src/parse_args.c:773 msgid "set HOME variable to target user's home dir" -msgstr "HOME değişkenini kullanıcının ev dizinine hedefle" +msgstr "kullanıcının HOME değişkenini ana dizinini hedefleyecek şekilde ayarlama" -#: src/parse_args.c:749 +#: src/parse_args.c:775 msgid "display help message and exit" msgstr "yardım mesajını görüntüle ve çık" -#: src/parse_args.c:751 +#: src/parse_args.c:777 msgid "run command on host (if supported by plugin)" msgstr "komutunuzu hostta çalıştırın (eğer plugin tarafından destekleniyorsa)" -#: src/parse_args.c:753 +#: src/parse_args.c:779 msgid "run login shell as the target user; a command may also be specified" msgstr "oturum kabuğunu hedef kullanıcı olarak çalıştır; bir komut da belirtilebilir" -#: src/parse_args.c:755 +#: src/parse_args.c:781 msgid "remove timestamp file completely" msgstr "zaman damgası dosyasını kalıcı olarak kaldır" -#: src/parse_args.c:757 +#: src/parse_args.c:783 msgid "invalidate timestamp file" msgstr "zaman damgası dosyasının geçerliliğini kaldır" -#: src/parse_args.c:759 +#: src/parse_args.c:785 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "kullanıcı yetkilerini listele veya özel bir komut denetle; daha uzun biçim için iki kez kullanın" -#: src/parse_args.c:761 +#: src/parse_args.c:787 msgid "non-interactive mode, no prompts are used" msgstr "etkileşimsiz kip, sorgu yapılmaz" -#: src/parse_args.c:763 +#: src/parse_args.c:789 msgid "preserve group vector instead of setting to target's" msgstr "hedefe atamak yerine grup vektörünü koru" -#: src/parse_args.c:765 +#: src/parse_args.c:791 msgid "use the specified password prompt" msgstr "belirtilen parola sorgusunu kullan" -#: src/parse_args.c:768 +#: src/parse_args.c:794 msgid "create SELinux security context with specified role" -msgstr "SELinux güvenlik bağlamını belirtilen rol ile oluştur" +msgstr "belirtilen rolle SELinux güvenlik bağlamı oluşturma" -#: src/parse_args.c:771 +#: src/parse_args.c:797 msgid "read password from standard input" msgstr "standart girdiden şifreyi okuyun" -#: src/parse_args.c:773 +#: src/parse_args.c:799 msgid "run shell as the target user; a command may also be specified" msgstr "kabuğu hedef kullanıcı olarak çalıştır; bir komut da belirtilebilir" -#: src/parse_args.c:776 +#: src/parse_args.c:802 msgid "create SELinux security context with specified type" -msgstr "SELinux güvenlik bağlamını belirtilen tür ile oluştur" +msgstr "belirtilen türde SELinux güvenlik bağlamı oluşturma" -#: src/parse_args.c:779 +#: src/parse_args.c:805 msgid "terminate command after the specified time limit" msgstr "belirtilen süre sonunda komutu sonlandır" -#: src/parse_args.c:781 +#: src/parse_args.c:807 msgid "in list mode, display privileges for user" msgstr "liste modunda, kullanıcıların ayrıcalıklarını görüntüle" -#: src/parse_args.c:783 +#: src/parse_args.c:809 msgid "run command (or edit file) as specified user name or ID" msgstr "belirtilen kullanıcı adı veya ID ile komutu çalıştırın (veya dosyayı düzenleyin)" -#: src/parse_args.c:785 +#: src/parse_args.c:811 msgid "display version information and exit" msgstr "sürüm bilgisini göster ve çık" -#: src/parse_args.c:787 +#: src/parse_args.c:813 msgid "update user's timestamp without running a command" msgstr "kullanıcı zaman damgasını bir komut çalıştırmadan güncelle" -#: src/parse_args.c:789 +#: src/parse_args.c:815 msgid "stop processing command line arguments" msgstr "komut satırı argümanlarını işlemeyi durdur" @@ -567,7 +594,7 @@ msgid "unable to open %s, not relabeling tty" msgstr "%s açılamadı, tty yeniden etiketlenemiyor" -#: src/selinux.c:194 src/selinux.c:237 src/selinux.c:254 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s bir karakter aygıtı değildir, tty yeniden etiketlenemiyor" @@ -588,54 +615,54 @@ msgid "unable to set new tty context" msgstr "yeni tty bağlamı alınamıyor" -#: src/selinux.c:298 +#: src/selinux.c:322 #, c-format msgid "you must specify a role for type %s" msgstr "%s türü için bir görev belirtmelisiniz" -#: src/selinux.c:304 +#: src/selinux.c:328 #, c-format msgid "unable to get default type for role %s" msgstr "%s görevi için öntanımlı tür alınamıyor" -#: src/selinux.c:316 +#: src/selinux.c:340 msgid "failed to get new context" msgstr "yeni bağlam alınamadı" -#: src/selinux.c:325 +#: src/selinux.c:349 #, c-format msgid "failed to set new role %s" msgstr "%s yeni görevi atanamadı" -#: src/selinux.c:329 +#: src/selinux.c:353 #, c-format msgid "failed to set new type %s" msgstr "yeni tür %s atanamadı" -#: src/selinux.c:341 +#: src/selinux.c:365 #, c-format msgid "%s is not a valid context" msgstr "%s geçerli bir bağlam değil" -#: src/selinux.c:373 +#: src/selinux.c:397 msgid "failed to get old context" msgstr "eski bağlam alınamadı" -#: src/selinux.c:379 +#: src/selinux.c:403 msgid "unable to determine enforcing mode." msgstr "zorlama kipini belirleme başarısız." -#: src/selinux.c:396 +#: src/selinux.c:420 #, c-format msgid "unable to set tty context to %s" msgstr "tty bağlamı %s olarak ayarlanamadı" -#: src/selinux.c:428 +#: src/selinux.c:452 #, c-format msgid "unable to set exec context to %s" msgstr "%s için exec bağlamı ayarlanamıyor" -#: src/selinux.c:435 +#: src/selinux.c:459 #, c-format msgid "unable to set key creation context to %s" msgstr "%s için anahtar oluşturma bağlamı ayarlanamıyor" @@ -702,185 +729,211 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "uyarı, \"%s\" projesi için kaynak denetim ataması başarısız" -#: src/sudo.c:204 +#: src/sudo.c:224 #, c-format msgid "Sudo version %s\n" msgstr "Sudo sürüm %s\n" -#: src/sudo.c:206 +#: src/sudo.c:226 #, c-format msgid "Configure options: %s\n" msgstr "Yapılandırma seçenekleri: %s\n" -#: src/sudo.c:214 +#: src/sudo.c:235 msgid "fatal error, unable to load plugins" msgstr "ölümcül hata, eklentiler yüklenemiyor" -#: src/sudo.c:222 -msgid "unable to initialize policy plugin" -msgstr "ilke eklentisi başlatılamıyor" - -#: src/sudo.c:266 +#: src/sudo.c:280 msgid "plugin did not return a command to execute" msgstr "eklenti çalıştırmak için bir komut döndürmedi" -#: src/sudo.c:282 -#, c-format -msgid "error initializing I/O plugin %s" -msgstr "I/O eklentisi %s başlatılırken hata" - -#: src/sudo.c:306 +#: src/sudo.c:311 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "beklenmeyen 0x%x sudo kipi" -#: src/sudo.c:538 +#: src/sudo.c:544 #, c-format msgid "you do not exist in the %s database" msgstr "sen %s veritabanında yoksun" -#: src/sudo.c:595 +#: src/sudo.c:601 msgid "unable to determine tty" msgstr "tty belirlenemiyor" -#: src/sudo.c:887 +#: src/sudo.c:893 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s, %d kullanıcı kimliği tarafından sahiplenmeli ve setuid biti ayarlanmış olmalı" -#: src/sudo.c:890 +#: src/sudo.c:896 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "etkin kullanıcı kimliği %d değil, %s 'nosuid' seçeneği ayarlanmış bir dosya sisteminde veya yetkisiz haklara sahip bir NFS dosya sisteminde mi?" -#: src/sudo.c:896 +#: src/sudo.c:902 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "etkin kullanıcı kimliği %d değil, sudo setuid root ile mi yüklendi?" -#: src/sudo.c:912 +#: src/sudo.c:918 msgid "unable to set supplementary group IDs" msgstr "ek grup kimlikleri ayarlanamıyor" -#: src/sudo.c:919 +#: src/sudo.c:925 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "etkin grup kimliği, runas gid %u olarak ayarlanamıyor" -#: src/sudo.c:925 +#: src/sudo.c:931 #, c-format msgid "unable to set gid to runas gid %u" msgstr "grup kimliği, runas gid %u olarak ayarlanamıyor" -#: src/sudo.c:982 +#: src/sudo.c:978 #, c-format msgid "unexpected child termination condition: %d" msgstr "beklenmeyen alt sonlandırma şartı: %d" -#: src/sudo.c:1128 +#: src/sudo.c:1087 +msgid "unable to initialize policy plugin" +msgstr "ilke eklentisi başlatılamıyor" + +#: src/sudo.c:1148 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "%s ilke eklentisi, bir `check_policy' yöntemi içermiyor" -#: src/sudo.c:1146 +#: src/sudo.c:1163 src/sudo.c:1216 src/sudo.c:1260 +msgid "command rejected by policy" +msgstr "komut politika tarafından reddedildi" + +#: src/sudo.c:1168 src/sudo.c:1221 src/sudo.c:1265 +msgid "policy plugin error" +msgstr "politika eklentisi hatası" + +#: src/sudo.c:1202 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "%s ilke eklentisi listeleme yetkilerini desteklemiyor" -#: src/sudo.c:1163 +#: src/sudo.c:1246 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "%s ilke eklentisi -v seçeneğini desteklemiyor" -#: src/sudo.c:1178 +#: src/sudo.c:1284 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "%s ilke eklentisi -k/-K seçeneklerini desteklemiyor" -#: src/sudo_edit.c:221 +#: src/sudo.c:1413 +#, c-format +msgid "error initializing I/O plugin %s" +msgstr "başlatma hatası G/Ç eklentisi %s" + +#: src/sudo.c:1567 +#, c-format +msgid "error initializing audit plugin %s" +msgstr "başlatma hatası I/O eklentisi %s" + +#: src/sudo.c:1745 +#, c-format +msgid "error initializing approval plugin %s" +msgstr "onay eklentisini %s başlatma hatası" + +#: src/sudo.c:1821 +msgid "command rejected by approver" +msgstr "onaylayan tarafından komut reddedildi" + +#: src/sudo.c:1830 +msgid "approval plugin error" +msgstr "onay eklentisi hatası" + +#: src/sudo_edit.c:233 msgid "no writable temporary directory found" msgstr "yazılabilir geçici dizin bulunamadı" -#: src/sudo_edit.c:288 src/sudo_edit.c:377 +#: src/sudo_edit.c:358 msgid "unable to restore current working directory" msgstr "geçerli çalışma klasörü geri yüklenemiyor" -#: src/sudo_edit.c:594 src/sudo_edit.c:707 +#: src/sudo_edit.c:575 src/sudo_edit.c:688 #, c-format msgid "%s: not a regular file" msgstr "%s: düzenli bir dosya değil" -#: src/sudo_edit.c:601 +#: src/sudo_edit.c:582 #, c-format msgid "%s: editing symbolic links is not permitted" msgstr "%s: sembolik bağlantı düzenlemesine izin verilmemiştir" -#: src/sudo_edit.c:604 +#: src/sudo_edit.c:585 #, c-format msgid "%s: editing files in a writable directory is not permitted" msgstr "%s: yazılabilir klasördeki düzenleme dosyalarına izin verilmemiştir" -#: src/sudo_edit.c:637 src/sudo_edit.c:747 +#: src/sudo_edit.c:618 src/sudo_edit.c:728 #, c-format msgid "%s: short write" msgstr "%s: kısa yazım" -#: src/sudo_edit.c:708 +#: src/sudo_edit.c:689 #, c-format msgid "%s left unmodified" msgstr "%s düzenlenmemiş olarak bırakıldı" -#: src/sudo_edit.c:721 src/sudo_edit.c:908 +#: src/sudo_edit.c:702 src/sudo_edit.c:889 #, c-format msgid "%s unchanged" msgstr "%s değiştirilmemiş" -#: src/sudo_edit.c:736 src/sudo_edit.c:758 +#: src/sudo_edit.c:717 src/sudo_edit.c:739 #, c-format msgid "unable to write to %s" msgstr "%s dosyasına yazılamıyor" -#: src/sudo_edit.c:737 src/sudo_edit.c:756 src/sudo_edit.c:759 -#: src/sudo_edit.c:933 src/sudo_edit.c:937 +#: src/sudo_edit.c:718 src/sudo_edit.c:737 src/sudo_edit.c:740 +#: src/sudo_edit.c:914 src/sudo_edit.c:918 #, c-format msgid "contents of edit session left in %s" msgstr "düzenleme oturumu içerikleri %s içinde bırakıldı" -#: src/sudo_edit.c:755 +#: src/sudo_edit.c:736 msgid "unable to read temporary file" msgstr "geçici dosya okunamıyor" -#: src/sudo_edit.c:838 +#: src/sudo_edit.c:819 msgid "sesh: internal error: odd number of paths" msgstr "sesh: iç hata: yolların tek sayısı" -#: src/sudo_edit.c:840 +#: src/sudo_edit.c:821 msgid "sesh: unable to create temporary files" msgstr "sesh: geçici dosyalar oluşturulamıyor" -#: src/sudo_edit.c:842 src/sudo_edit.c:940 +#: src/sudo_edit.c:823 src/sudo_edit.c:921 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: bilinmeyen hata %d" -#: src/sudo_edit.c:932 +#: src/sudo_edit.c:913 msgid "unable to copy temporary files back to their original location" msgstr "geçici dosyalar onların özgün konumlarına kopyalanamıyor" -#: src/sudo_edit.c:936 +#: src/sudo_edit.c:917 msgid "unable to copy some of the temporary files back to their original location" msgstr "bazı geçici dosyalar onların özgün konumlarına kopyalanamıyor" -#: src/sudo_edit.c:981 +#: src/sudo_edit.c:962 #, c-format msgid "unable to change uid to root (%u)" msgstr "kullanıcı kimliği yetkili (%u) olarak değiştirilemiyor" -#: src/sudo_edit.c:998 +#: src/sudo_edit.c:979 msgid "plugin error: missing file list for sudoedit" msgstr "eklenti hatası: sudoedit için eksik dosya listesi" -#: src/sudo_edit.c:1039 src/sudo_edit.c:1052 +#: src/sudo_edit.c:1020 src/sudo_edit.c:1033 msgid "unable to read the clock" msgstr "saat okunamıyor" @@ -904,17 +957,17 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "askpass programı belirtilmemiş, SUDO_ASKPASS ayarlamayı deneyin" -#: src/tgetpass.c:322 +#: src/tgetpass.c:332 #, c-format msgid "unable to set gid to %u" msgstr "grup kimliği %u olarak ayarlanamıyor" -#: src/tgetpass.c:326 +#: src/tgetpass.c:336 #, c-format msgid "unable to set uid to %u" msgstr "kullanıcı kimliği %u olarak ayarlanamıyor" -#: src/tgetpass.c:331 +#: src/tgetpass.c:341 #, c-format msgid "unable to run %s" msgstr "%s çalıştırılamıyor" @@ -931,6 +984,9 @@ msgid "unable to restore stdin" msgstr "stdin geri yüklenemiyor" +#~ msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" +#~ msgstr "yinelenmiş \"%s\" ilke eklentisi ihmal ediliyor, %s içinde, satır %d" + #~ msgid "no tty present and no askpass program specified" #~ msgstr "tty bulunmuyor ve askpass programı belirtilmemiş" @@ -943,9 +999,6 @@ #~ msgid "error reading from signal pipe" #~ msgstr "sinyal tünelinden okuma hatası" -#~ msgid "error reading from pipe" -#~ msgstr "tünelden okuma hatası" - #, fuzzy #~| msgid "internal error, tried to emalloc(0)" #~ msgid "internal error, tried allocate zero bytes" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/po/uk.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/po/uk.mo differ diff -Nru sudo-1.8.31/po/uk.po sudo-1.9.0/po/uk.po --- sudo-1.8.31/po/uk.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/po/uk.po 2020-05-11 16:28:23.000000000 +0000 @@ -1,13 +1,13 @@ # Ukrainian translation for sudo. # This file is put in the public domain. # -# Yuri Chornoivan , 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019. +# Yuri Chornoivan , 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020. msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.29rc1\n" +"Project-Id-Version: sudo 1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-10-24 13:57+0300\n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-03-13 12:07+0200\n" "Last-Translator: Yuri Chornoivan \n" "Language-Team: Ukrainian \n" "Language: uk\n" @@ -32,74 +32,98 @@ msgstr "не вдалося відновити регістр" #: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/gidlist.c:81 -#: lib/util/sudo_conf.c:193 lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 -#: lib/util/sudo_conf.c:560 src/conversation.c:84 src/exec_common.c:114 -#: src/exec_common.c:130 src/exec_common.c:139 src/exec_monitor.c:212 -#: src/exec_monitor.c:467 src/exec_monitor.c:473 src/exec_monitor.c:481 +#: lib/util/json.c:66 lib/util/json.c:192 lib/util/sudo_conf.c:191 +#: lib/util/sudo_conf.c:277 lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 +#: src/conversation.c:86 src/exec_common.c:114 src/exec_common.c:130 +#: src/exec_common.c:139 src/exec_monitor.c:211 src/exec_monitor.c:460 +#: src/exec_monitor.c:466 src/exec_monitor.c:474 src/exec_monitor.c:482 #: src/exec_monitor.c:489 src/exec_monitor.c:496 src/exec_monitor.c:503 #: src/exec_monitor.c:510 src/exec_monitor.c:517 src/exec_monitor.c:524 -#: src/exec_monitor.c:531 src/exec_monitor.c:538 src/exec_nopty.c:214 -#: src/exec_nopty.c:220 src/exec_nopty.c:229 src/exec_nopty.c:236 -#: src/exec_nopty.c:243 src/exec_nopty.c:250 src/exec_nopty.c:257 -#: src/exec_nopty.c:264 src/exec_nopty.c:271 src/exec_nopty.c:278 -#: src/exec_nopty.c:285 src/exec_nopty.c:292 src/exec_nopty.c:299 -#: src/exec_nopty.c:307 src/exec_nopty.c:480 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1002 -#: src/exec_pty.c:1165 src/exec_pty.c:1171 src/exec_pty.c:1180 -#: src/exec_pty.c:1187 src/exec_pty.c:1194 src/exec_pty.c:1201 -#: src/exec_pty.c:1208 src/exec_pty.c:1215 src/exec_pty.c:1222 -#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 -#: src/exec_pty.c:1251 src/exec_pty.c:1668 src/load_plugins.c:59 -#: src/load_plugins.c:72 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:207 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:679 src/sudo.c:689 src/sudo.c:710 src/sudo.c:729 -#: src/sudo.c:738 src/sudo.c:747 src/sudo.c:764 src/sudo.c:805 src/sudo.c:815 -#: src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 src/sudo.c:1240 -#: src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 src/sudo_edit.c:891 -#: src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:531 src/exec_nopty.c:218 src/exec_nopty.c:227 +#: src/exec_nopty.c:234 src/exec_nopty.c:241 src/exec_nopty.c:248 +#: src/exec_nopty.c:255 src/exec_nopty.c:262 src/exec_nopty.c:269 +#: src/exec_nopty.c:276 src/exec_nopty.c:283 src/exec_nopty.c:290 +#: src/exec_nopty.c:297 src/exec_nopty.c:305 src/exec_nopty.c:479 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1038 src/exec_pty.c:1206 src/exec_pty.c:1215 +#: src/exec_pty.c:1222 src/exec_pty.c:1229 src/exec_pty.c:1236 +#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 +#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 +#: src/exec_pty.c:1286 src/exec_pty.c:1709 src/load_plugins.c:59 +#: src/load_plugins.c:72 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:207 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:625 src/sudo.c:685 +#: src/sudo.c:695 src/sudo.c:716 src/sudo.c:735 src/sudo.c:744 src/sudo.c:753 +#: src/sudo.c:770 src/sudo.c:811 src/sudo.c:821 src/sudo.c:847 src/sudo.c:1037 +#: src/sudo.c:1059 src/sudo.c:1355 src/sudo.c:1528 src/sudo.c:1722 +#: src/sudo.c:2066 src/sudo_edit.c:270 src/sudo_edit.c:775 src/sudo_edit.c:872 +#: src/sudo_edit.c:986 src/sudo_edit.c:1006 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/sudo_conf.c:194 -#: lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 lib/util/sudo_conf.c:560 -#: src/conversation.c:85 src/exec_common.c:114 src/exec_common.c:131 -#: src/exec_common.c:140 src/exec_monitor.c:467 src/exec_monitor.c:473 -#: src/exec_monitor.c:481 src/exec_monitor.c:489 src/exec_monitor.c:496 +#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/json.c:67 +#: lib/util/json.c:193 lib/util/sudo_conf.c:192 lib/util/sudo_conf.c:277 +#: lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 src/conversation.c:87 +#: src/exec_common.c:114 src/exec_common.c:131 src/exec_common.c:140 +#: src/exec_monitor.c:460 src/exec_monitor.c:466 src/exec_monitor.c:474 +#: src/exec_monitor.c:482 src/exec_monitor.c:489 src/exec_monitor.c:496 #: src/exec_monitor.c:503 src/exec_monitor.c:510 src/exec_monitor.c:517 -#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_monitor.c:538 -#: src/exec_nopty.c:214 src/exec_nopty.c:220 src/exec_nopty.c:229 -#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 -#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 -#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 -#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1165 -#: src/exec_pty.c:1171 src/exec_pty.c:1180 src/exec_pty.c:1187 -#: src/exec_pty.c:1194 src/exec_pty.c:1201 src/exec_pty.c:1208 -#: src/exec_pty.c:1215 src/exec_pty.c:1222 src/exec_pty.c:1229 -#: src/exec_pty.c:1236 src/exec_pty.c:1243 src/exec_pty.c:1251 -#: src/exec_pty.c:1668 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:208 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 -#: src/sudo.c:1240 src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 -#: src/sudo_edit.c:891 src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_nopty.c:218 +#: src/exec_nopty.c:227 src/exec_nopty.c:234 src/exec_nopty.c:241 +#: src/exec_nopty.c:248 src/exec_nopty.c:255 src/exec_nopty.c:262 +#: src/exec_nopty.c:269 src/exec_nopty.c:276 src/exec_nopty.c:283 +#: src/exec_nopty.c:290 src/exec_nopty.c:297 src/exec_nopty.c:305 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1206 src/exec_pty.c:1215 src/exec_pty.c:1222 +#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 +#: src/exec_pty.c:1250 src/exec_pty.c:1257 src/exec_pty.c:1264 +#: src/exec_pty.c:1271 src/exec_pty.c:1278 src/exec_pty.c:1286 +#: src/exec_pty.c:1709 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:208 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:239 src/sudo.c:625 +#: src/sudo.c:847 src/sudo.c:1037 src/sudo.c:1059 src/sudo.c:1355 +#: src/sudo.c:1528 src/sudo.c:1722 src/sudo.c:2066 src/sudo_edit.c:270 +#: src/sudo_edit.c:775 src/sudo_edit.c:872 src/sudo_edit.c:986 +#: src/sudo_edit.c:1006 msgid "unable to allocate memory" msgstr "не вдалося отримати потрібний об’єм пам’яті" +#: lib/util/mkdir_parents.c:79 lib/util/sudo_conf.c:619 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 +#, c-format +msgid "unable to open %s" +msgstr "не вдалося відкрити %s" + +#: lib/util/mkdir_parents.c:94 +#, c-format +msgid "unable to mkdir %s" +msgstr "не вдалося створити каталог %s" + +#: lib/util/mkdir_parents.c:103 lib/util/sudo_conf.c:596 +#, c-format +msgid "unable to stat %s" +msgstr "не вдалося виконати stat для %s" + +#: lib/util/mkdir_parents.c:108 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s існує, але не є каталогом (0%o)" + #: lib/util/strsignal.c:55 msgid "Unknown signal" msgstr "Невідомий сигнал" #: lib/util/strtoid.c:96 lib/util/strtomode.c:56 lib/util/strtonum.c:161 -#: lib/util/strtonum.c:196 +#: lib/util/strtonum.c:200 msgid "invalid value" msgstr "некоректне значення" @@ -111,87 +135,77 @@ msgid "value too small" msgstr "надто мале значення" -#: lib/util/sudo_conf.c:212 +#: lib/util/sudo_conf.c:210 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "некоректне значення Path, «%s», у %s, рядок %u" -#: lib/util/sudo_conf.c:378 lib/util/sudo_conf.c:431 +#: lib/util/sudo_conf.c:376 lib/util/sudo_conf.c:392 lib/util/sudo_conf.c:445 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "некоректне значення %s, «%s», у %s, рядок %u" -#: lib/util/sudo_conf.c:399 +#: lib/util/sudo_conf.c:413 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "непідтримуване джерело групи, «%s», у %s, рядок %u" -#: lib/util/sudo_conf.c:415 +#: lib/util/sudo_conf.c:429 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "некоректна максимальна кількість груп, «%s», у %s, рядок %u" -#: lib/util/sudo_conf.c:576 -#, c-format -msgid "unable to stat %s" -msgstr "не вдалося виконати stat для %s" - -#: lib/util/sudo_conf.c:579 +#: lib/util/sudo_conf.c:599 #, c-format msgid "%s is not a regular file" msgstr "%s не є звичайним файлом" -#: lib/util/sudo_conf.c:582 +#: lib/util/sudo_conf.c:602 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s належить uid %u, має належати %u" -#: lib/util/sudo_conf.c:586 +#: lib/util/sudo_conf.c:606 #, c-format msgid "%s is world writable" msgstr "Запис до «%s» можливий для довільного користувача" -#: lib/util/sudo_conf.c:589 +#: lib/util/sudo_conf.c:609 #, c-format msgid "%s is group writable" msgstr "Запис до «%s» може здійснювати будь-який користувач з групи" -#: lib/util/sudo_conf.c:599 src/selinux.c:233 src/selinux.c:250 src/sudo.c:363 -#, c-format -msgid "unable to open %s" -msgstr "не вдалося відкрити %s" - -#: src/exec.c:111 +#: src/exec.c:135 #, c-format msgid "unknown login class %s" msgstr "невідомий клас входу %s" -#: src/exec.c:123 +#: src/exec.c:147 msgid "unable to set user context" msgstr "не вдалося встановити контекст користувача" -#: src/exec.c:139 +#: src/exec.c:163 msgid "unable to set process priority" msgstr "не вдалося встановити пріоритет процесу" -#: src/exec.c:150 +#: src/exec.c:177 #, c-format msgid "unable to change root to %s" msgstr "не вдалося змінити root на %s" -#: src/exec.c:163 src/exec.c:169 src/exec.c:176 +#: src/exec.c:190 src/exec.c:196 src/exec.c:203 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "не вдалося змінити uid користувача, від імені якого відбувається виконання (%u, %u)" -#: src/exec.c:194 +#: src/exec.c:221 #, c-format msgid "unable to change directory to %s" msgstr "не вдалося змінити каталог на %s" -#: src/exec.c:293 src/exec_monitor.c:576 src/exec_monitor.c:578 -#: src/exec_nopty.c:538 src/exec_pty.c:530 src/exec_pty.c:1336 -#: src/exec_pty.c:1338 src/signal.c:150 src/signal.c:164 +#: src/exec.c:304 src/exec_monitor.c:569 src/exec_monitor.c:571 +#: src/exec_nopty.c:537 src/exec_pty.c:566 src/exec_pty.c:1373 +#: src/exec_pty.c:1375 src/signal.c:150 src/signal.c:164 #, c-format msgid "unable to set handler for signal %d" msgstr "не вдалося встановити обробник для сигналу %d" @@ -200,89 +214,107 @@ msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "не вдалося вилучити PRIV_PROC_EXEC з PRIV_LIMIT" -#: src/exec_monitor.c:366 +#: src/exec_monitor.c:365 msgid "error reading from socketpair" msgstr "помилка під час спроби читання з пари сокетів" -#: src/exec_monitor.c:383 +#: src/exec_monitor.c:382 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "неочікуваний тип відповіді на зворотному каналі: %d" -#: src/exec_monitor.c:475 src/exec_monitor.c:483 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_monitor.c:533 -#: src/exec_monitor.c:540 src/exec_nopty.c:222 src/exec_nopty.c:231 -#: src/exec_nopty.c:238 src/exec_nopty.c:245 src/exec_nopty.c:252 -#: src/exec_nopty.c:259 src/exec_nopty.c:266 src/exec_nopty.c:273 -#: src/exec_nopty.c:280 src/exec_nopty.c:287 src/exec_nopty.c:294 -#: src/exec_nopty.c:301 src/exec_nopty.c:309 src/exec_pty.c:652 -#: src/exec_pty.c:657 src/exec_pty.c:754 src/exec_pty.c:761 src/exec_pty.c:858 -#: src/exec_pty.c:1173 src/exec_pty.c:1182 src/exec_pty.c:1189 -#: src/exec_pty.c:1196 src/exec_pty.c:1203 src/exec_pty.c:1210 -#: src/exec_pty.c:1217 src/exec_pty.c:1224 src/exec_pty.c:1231 -#: src/exec_pty.c:1238 src/exec_pty.c:1245 src/exec_pty.c:1621 -#: src/exec_pty.c:1631 src/exec_pty.c:1676 src/exec_pty.c:1683 -#: src/exec_pty.c:1710 +#: src/exec_monitor.c:468 src/exec_monitor.c:476 src/exec_monitor.c:484 +#: src/exec_monitor.c:491 src/exec_monitor.c:498 src/exec_monitor.c:505 +#: src/exec_monitor.c:512 src/exec_monitor.c:519 src/exec_monitor.c:526 +#: src/exec_monitor.c:533 src/exec_nopty.c:220 src/exec_nopty.c:229 +#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 +#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 +#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 +#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:688 +#: src/exec_pty.c:693 src/exec_pty.c:790 src/exec_pty.c:797 src/exec_pty.c:894 +#: src/exec_pty.c:1208 src/exec_pty.c:1217 src/exec_pty.c:1224 +#: src/exec_pty.c:1231 src/exec_pty.c:1238 src/exec_pty.c:1245 +#: src/exec_pty.c:1252 src/exec_pty.c:1259 src/exec_pty.c:1266 +#: src/exec_pty.c:1273 src/exec_pty.c:1280 src/exec_pty.c:1662 +#: src/exec_pty.c:1672 src/exec_pty.c:1717 src/exec_pty.c:1724 +#: src/exec_pty.c:1751 msgid "unable to add event to queue" msgstr "не вдалося додати подію до черги обробки" -#: src/exec_monitor.c:594 +#: src/exec_monitor.c:587 msgid "unable to set controlling tty" msgstr "не вдалося встановити tty для керування" -#: src/exec_monitor.c:602 src/exec_nopty.c:366 src/exec_pty.c:1415 -#: src/exec_pty.c:1436 src/exec_pty.c:1456 src/tgetpass.c:307 +#: src/exec_monitor.c:595 src/exec_nopty.c:364 src/exec_pty.c:1452 +#: src/exec_pty.c:1473 src/exec_pty.c:1493 src/tgetpass.c:311 msgid "unable to create pipe" msgstr "не вдалося створити канал" -#: src/exec_monitor.c:610 +#: src/exec_monitor.c:603 msgid "unable to receive message from parent" msgstr "не вдалося отримати повідомлення від батьківського процесу" -#: src/exec_monitor.c:624 src/exec_nopty.c:395 src/exec_pty.c:1494 -#: src/tgetpass.c:311 +#: src/exec_monitor.c:617 src/exec_nopty.c:393 src/exec_pty.c:1531 +#: src/tgetpass.c:315 msgid "unable to fork" msgstr "не вдалося створити відгалуження" -#: src/exec_monitor.c:628 src/exec_monitor.c:727 src/exec_nopty.c:448 +#: src/exec_monitor.c:621 src/exec_monitor.c:720 src/exec_nopty.c:447 msgid "unable to restore tty label" msgstr "не вдалося відновити позначку tty" -#: src/exec_monitor.c:644 src/sesh.c:127 src/sudo.c:1100 +#: src/exec_monitor.c:637 src/sesh.c:127 src/sudo.c:1114 #, c-format msgid "unable to execute %s" msgstr "не вдалося виконати %s" -#: src/exec_nopty.c:360 src/exec_pty.c:1345 +#: src/exec_nopty.c:358 src/exec_pty.c:1382 msgid "policy plugin failed session initialization" msgstr "не вдалося виконати ініціалізацію сеансу через додаток правил" -#: src/exec_nopty.c:437 src/exec_pty.c:1581 +#: src/exec_nopty.c:435 src/exec_pty.c:1617 msgid "error in event loop" msgstr "помилка у циклі обробки подій" -#: src/exec_nopty.c:546 src/exec_pty.c:565 src/signal.c:112 +#: src/exec_nopty.c:545 src/exec_pty.c:601 src/signal.c:112 #, c-format msgid "unable to restore handler for signal %d" msgstr "не вдалося відновити обробник для сигналу %d" -#: src/exec_pty.c:158 +#: src/exec_pty.c:157 msgid "unable to allocate pty" msgstr "не вдалося розмістити pty" -#: src/exec_pty.c:1325 +#: src/exec_pty.c:221 src/exec_pty.c:260 src/exec_pty.c:299 src/exec_pty.c:349 +#: src/exec_pty.c:399 +msgid "I/O plugin error" +msgstr "Помилка у додатку введення-виведення" + +#: src/exec_pty.c:224 src/exec_pty.c:263 src/exec_pty.c:302 src/exec_pty.c:352 +#: src/exec_pty.c:402 +msgid "command rejected by I/O plugin" +msgstr "відмова у виконання команди від додатка введення-виведення" + +#: src/exec_pty.c:449 +msgid "error logging suspend" +msgstr "помилка під час призупинення ведення журналу" + +#: src/exec_pty.c:482 +msgid "error changing window size" +msgstr "помилка під час зміни розмірів вікна" + +#: src/exec_pty.c:1362 msgid "unable to create sockets" msgstr "не вдалося створити сокети" -#: src/exec_pty.c:1538 +#: src/exec_pty.c:1574 msgid "unable to send message to monitor process" msgstr "не вдалося надіслати повідомлення до процесу аудиту" #: src/load_plugins.c:57 src/load_plugins.c:70 src/load_plugins.c:92 -#: src/load_plugins.c:122 src/load_plugins.c:134 src/load_plugins.c:140 -#: src/load_plugins.c:181 src/load_plugins.c:189 src/load_plugins.c:196 -#: src/load_plugins.c:202 +#: src/load_plugins.c:122 src/load_plugins.c:136 src/load_plugins.c:142 +#: src/load_plugins.c:293 src/load_plugins.c:301 src/load_plugins.c:308 +#: src/load_plugins.c:348 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "помилка у %s, рядок %d під час спроби завантаження додатка «%s»" @@ -292,61 +324,56 @@ msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:136 +#: src/load_plugins.c:138 #, c-format msgid "%s must be owned by uid %d" msgstr "%s має належати користувачеві з uid %d" -#: src/load_plugins.c:142 +#: src/load_plugins.c:144 #, c-format msgid "%s must be only be writable by owner" msgstr "%s має бути доступним до запису лише для власника" -#: src/load_plugins.c:183 +#: src/load_plugins.c:254 src/load_plugins.c:321 +#, c-format +msgid "ignoring duplicate plugin \"%s\" in %s, line %d" +msgstr "ігноруємо повторний запис додатка, «%s», у %s, рядок %d" + +#: src/load_plugins.c:295 #, c-format msgid "unable to load %s: %s" msgstr "не вдалося завантажити %s: %s" -#: src/load_plugins.c:191 +#: src/load_plugins.c:303 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "не вдалося знайти символ «%s» у %s" -#: src/load_plugins.c:198 -#, c-format -msgid "unknown policy type %d found in %s" -msgstr "у %2$s виявлено невідомий тип правил, %1$d" - -#: src/load_plugins.c:204 +#: src/load_plugins.c:310 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "несумісна основна версія додатка, %d, (мало бути %d) у %s" -#: src/load_plugins.c:213 +#: src/load_plugins.c:324 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "ігноруємо додаток правил, «%s», у %s, рядок %d" -#: src/load_plugins.c:215 +#: src/load_plugins.c:326 msgid "only a single policy plugin may be specified" msgstr "можна визначати лише один додаток обробки правил" -#: src/load_plugins.c:218 -#, c-format -msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" -msgstr "ігноруємо повторний запис додатка правил, «%s», у %s, рядок %d" - -#: src/load_plugins.c:237 +#: src/load_plugins.c:350 #, c-format -msgid "ignoring duplicate I/O plugin \"%s\" in %s, line %d" -msgstr "ігноруємо повторний запис додатка введення-виведення, «%s», у %s, рядок %d" +msgid "unknown plugin type %d found in %s" +msgstr "у %2$s виявлено невідомий тип додатка, %1$d" -#: src/load_plugins.c:353 +#: src/load_plugins.c:511 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "до додатка правил %s не включено метод check_policy" -#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:473 +#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:478 #, c-format msgid "internal error, %s overflow" msgstr "внутрішня помилка, переповнення %s" @@ -360,39 +387,39 @@ msgid "the argument to -C must be a number greater than or equal to 3" msgstr "аргументом параметра -C mмає бути число не менше за 3" -#: src/parse_args.c:523 +#: src/parse_args.c:524 msgid "you may not specify both the `-i' and `-s' options" msgstr "не можна одночасно вказувати параметри «-i» і «-s»" -#: src/parse_args.c:527 +#: src/parse_args.c:528 msgid "you may not specify both the `-i' and `-E' options" msgstr "не можна одночасно вказувати параметри «-i» і «-E»" -#: src/parse_args.c:537 +#: src/parse_args.c:538 msgid "the `-E' option is not valid in edit mode" msgstr "не можна використовувати «-E» у режимі редагування" -#: src/parse_args.c:539 +#: src/parse_args.c:540 msgid "you may not specify environment variables in edit mode" msgstr "не можна вказувати змінні середовища у режимі редагування" -#: src/parse_args.c:547 +#: src/parse_args.c:548 msgid "the `-U' option may only be used with the `-l' option" msgstr "параметр «-U» можна використовувати лише разом з параметром «-l»" -#: src/parse_args.c:551 +#: src/parse_args.c:552 msgid "the `-A' and `-S' options may not be used together" msgstr "параметри «-A» і «-S» не можна використовувати одночасно" -#: src/parse_args.c:627 +#: src/parse_args.c:645 msgid "sudoedit is not supported on this platform" msgstr "підтримки sudoedit для цієї платформи не передбачено" -#: src/parse_args.c:700 +#: src/parse_args.c:726 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Можна використовувати лише такі параметри: -e, -h, -i, -K, -l, -s, -v та -V" -#: src/parse_args.c:714 +#: src/parse_args.c:740 #, c-format msgid "" "%s - edit files as another user\n" @@ -401,7 +428,7 @@ "%s — редагувати файли від імені іншого користувача\n" "\n" -#: src/parse_args.c:716 +#: src/parse_args.c:742 #, c-format msgid "" "%s - execute a command as another user\n" @@ -410,7 +437,7 @@ "%s — виконати команду від імені іншого користувача\n" "\n" -#: src/parse_args.c:721 +#: src/parse_args.c:747 #, c-format msgid "" "\n" @@ -419,123 +446,123 @@ "\n" "Параметри:\n" -#: src/parse_args.c:723 +#: src/parse_args.c:749 msgid "use a helper program for password prompting" msgstr "використовувати допоміжну програму для запитів щодо пароля" -#: src/parse_args.c:726 +#: src/parse_args.c:752 msgid "use specified BSD authentication type" msgstr "використовувати вказаний тип розпізнавання BSD" -#: src/parse_args.c:729 +#: src/parse_args.c:755 msgid "run command in the background" msgstr "виконати команду у фоновому режимі" -#: src/parse_args.c:731 +#: src/parse_args.c:757 msgid "ring bell when prompting" msgstr "звук дзвінка під час запиту" -#: src/parse_args.c:733 +#: src/parse_args.c:759 msgid "close all file descriptors >= num" msgstr "закрити всі дескриптори файлів >= num" -#: src/parse_args.c:736 +#: src/parse_args.c:762 msgid "run command with the specified BSD login class" msgstr "виконати команду з вказаним класом доступу BSD" -#: src/parse_args.c:739 +#: src/parse_args.c:765 msgid "preserve user environment when running command" msgstr "зберегти середовище користувача на час виконання команди" -#: src/parse_args.c:741 +#: src/parse_args.c:767 msgid "preserve specific environment variables" msgstr "зберегти вказані змінні середовища" -#: src/parse_args.c:743 +#: src/parse_args.c:769 msgid "edit files instead of running a command" msgstr "редагувати файли замість виконання команди" -#: src/parse_args.c:745 +#: src/parse_args.c:771 msgid "run command as the specified group name or ID" msgstr "виконати команду від імені групи користувачів, вказаної за назвою або ідентифікатором" -#: src/parse_args.c:747 +#: src/parse_args.c:773 msgid "set HOME variable to target user's home dir" msgstr "встановити для змінної HOME значення домашнього каталогу вказаного користувача." -#: src/parse_args.c:749 +#: src/parse_args.c:775 msgid "display help message and exit" msgstr "показати довідкове повідомлення і завершити роботу" -#: src/parse_args.c:751 +#: src/parse_args.c:777 msgid "run command on host (if supported by plugin)" msgstr "виконати команду на комп’ютері (якщо підтримується додатком)" -#: src/parse_args.c:753 +#: src/parse_args.c:779 msgid "run login shell as the target user; a command may also be specified" msgstr "запустити оболонку для входу до системи від імені вказаного користувача; слід вказати команду запуску" -#: src/parse_args.c:755 +#: src/parse_args.c:781 msgid "remove timestamp file completely" msgstr "повністю вилучити файл часової позначки" -#: src/parse_args.c:757 +#: src/parse_args.c:783 msgid "invalidate timestamp file" msgstr "позбавити чинності файл часової позначки" -#: src/parse_args.c:759 +#: src/parse_args.c:785 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "показати список прав доступу користувача або перевірити певну команду; подвоєння параметра призводить до виведення додаткових даних" -#: src/parse_args.c:761 +#: src/parse_args.c:787 msgid "non-interactive mode, no prompts are used" msgstr "неінтерактивний режим, не просити користувача відповідати на питання" -#: src/parse_args.c:763 +#: src/parse_args.c:789 msgid "preserve group vector instead of setting to target's" msgstr "зберегти вектор групи, не встановлювати вектор вказаного користувача" -#: src/parse_args.c:765 +#: src/parse_args.c:791 msgid "use the specified password prompt" msgstr "використовувати вказаний інструмент отримання паролів" -#: src/parse_args.c:768 +#: src/parse_args.c:794 msgid "create SELinux security context with specified role" msgstr "створити контекст захисту SELinux з вказаною роллю" -#: src/parse_args.c:771 +#: src/parse_args.c:797 msgid "read password from standard input" msgstr "прочитати пароль зі стандартного джерела вхідних даних" -#: src/parse_args.c:773 +#: src/parse_args.c:799 msgid "run shell as the target user; a command may also be specified" msgstr "виконати командну оболонку від імені вказаного користувача; слід також вказати команду" -#: src/parse_args.c:776 +#: src/parse_args.c:802 msgid "create SELinux security context with specified type" msgstr "створити контекст захисту SELinux вказаного типу" -#: src/parse_args.c:779 +#: src/parse_args.c:805 msgid "terminate command after the specified time limit" msgstr "перервати виконання команди щойно буде перевищено вказане обмеження за часом" -#: src/parse_args.c:781 +#: src/parse_args.c:807 msgid "in list mode, display privileges for user" msgstr "у режимі списку, показати права доступу користувача" -#: src/parse_args.c:783 +#: src/parse_args.c:809 msgid "run command (or edit file) as specified user name or ID" msgstr "виконати команду (або редагувати файл) від імені користувача, вказаного за іменем або ідентифікатором" -#: src/parse_args.c:785 +#: src/parse_args.c:811 msgid "display version information and exit" msgstr "показати дані щодо версії і завершити роботу" -#: src/parse_args.c:787 +#: src/parse_args.c:813 msgid "update user's timestamp without running a command" msgstr "оновити штамп часу користувача без виконання команди" -#: src/parse_args.c:789 +#: src/parse_args.c:815 msgid "stop processing command line arguments" msgstr "зупинити обробку аргументів командного рядка" @@ -567,7 +594,7 @@ msgid "unable to open %s, not relabeling tty" msgstr "не вдалося відкрити %s, не змінюємо позначки tty" -#: src/selinux.c:194 src/selinux.c:237 src/selinux.c:254 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s не є символьним пристроєм, не змінюємо мітки tty" @@ -588,54 +615,54 @@ msgid "unable to set new tty context" msgstr "не вдалося встановити новий контекст tty" -#: src/selinux.c:298 +#: src/selinux.c:322 #, c-format msgid "you must specify a role for type %s" msgstr "вам слід вказати роль для типу %s" -#: src/selinux.c:304 +#: src/selinux.c:328 #, c-format msgid "unable to get default type for role %s" msgstr "не вдалося отримати типовий тип для ролі %s" -#: src/selinux.c:316 +#: src/selinux.c:340 msgid "failed to get new context" msgstr "не вдалося отримати новий контекст" -#: src/selinux.c:325 +#: src/selinux.c:349 #, c-format msgid "failed to set new role %s" msgstr "не вдалося встановити нову роль %s" -#: src/selinux.c:329 +#: src/selinux.c:353 #, c-format msgid "failed to set new type %s" msgstr "не вдалося встановити новий тип %s" -#: src/selinux.c:341 +#: src/selinux.c:365 #, c-format msgid "%s is not a valid context" msgstr "%s не є коректним контекстом" -#: src/selinux.c:373 +#: src/selinux.c:397 msgid "failed to get old context" msgstr "не вдалося отримати старий контекст" -#: src/selinux.c:379 +#: src/selinux.c:403 msgid "unable to determine enforcing mode." msgstr "не вдалося визначити режим примушення." -#: src/selinux.c:396 +#: src/selinux.c:420 #, c-format msgid "unable to set tty context to %s" msgstr "не вдалося встановити контекст tty у значення %s" -#: src/selinux.c:428 +#: src/selinux.c:452 #, c-format msgid "unable to set exec context to %s" msgstr "не вдалося встановити контекст виконання у значення %s" -#: src/selinux.c:435 +#: src/selinux.c:459 #, c-format msgid "unable to set key creation context to %s" msgstr "не вдалося встановити контекст ключа створення у значення %s" @@ -702,185 +729,211 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "попередження, помилка призначення керування ресурсами проекту «%s»" -#: src/sudo.c:204 +#: src/sudo.c:224 #, c-format msgid "Sudo version %s\n" msgstr "Версія sudo %s\n" -#: src/sudo.c:206 +#: src/sudo.c:226 #, c-format msgid "Configure options: %s\n" msgstr "Параметри налаштування: %s\n" -#: src/sudo.c:214 +#: src/sudo.c:235 msgid "fatal error, unable to load plugins" msgstr "критична помилка, не вдалося завантажити додатки" -#: src/sudo.c:222 -msgid "unable to initialize policy plugin" -msgstr "не вдалося ініціалізувати додаток правил" - -#: src/sudo.c:266 +#: src/sudo.c:280 msgid "plugin did not return a command to execute" msgstr "додатком не повернуто команди, яку слід виконати" -#: src/sudo.c:282 -#, c-format -msgid "error initializing I/O plugin %s" -msgstr "помилка під час спроби ініціалізації додатка введення/виведення даних %s" - -#: src/sudo.c:306 +#: src/sudo.c:311 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "неочікуваний режим sudo 0x%x" -#: src/sudo.c:538 +#: src/sudo.c:544 #, c-format msgid "you do not exist in the %s database" msgstr "вас немає у базі даних %s" -#: src/sudo.c:595 +#: src/sudo.c:601 msgid "unable to determine tty" msgstr "не вдалося визначити tty" -#: src/sudo.c:887 +#: src/sudo.c:893 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s має належати користувачеві з uid %d, крім того, має бути встановлено біт setuid" -#: src/sudo.c:890 +#: src/sudo.c:896 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "поточним uid не є %d. Можливо %s зберігається у файловій системі зі встановленим параметром «nosuid» або у файловій системі NFS без прав доступу root?" -#: src/sudo.c:896 +#: src/sudo.c:902 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "поточним uid не є %d, sudo встановлено з ідентифікатором користувача root?" -#: src/sudo.c:912 +#: src/sudo.c:918 msgid "unable to set supplementary group IDs" msgstr "не вдалося встановити ідентифікатори додаткових груп" -#: src/sudo.c:919 +#: src/sudo.c:925 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "не вдалося встановити ефективний ідентифікатор групи для ідентифікатора групи запуску %u" -#: src/sudo.c:925 +#: src/sudo.c:931 #, c-format msgid "unable to set gid to runas gid %u" msgstr "не вдалося встановити ідентифікатор групи для ідентифікатора групи запуску %u" -#: src/sudo.c:982 +#: src/sudo.c:978 #, c-format msgid "unexpected child termination condition: %d" msgstr "неочікувана умова переривання дочірнього процесу: %d" -#: src/sudo.c:1128 +#: src/sudo.c:1087 +msgid "unable to initialize policy plugin" +msgstr "не вдалося ініціалізувати додаток правил" + +#: src/sudo.c:1148 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "до додатка правил %s не включено метод «check_policy»" -#: src/sudo.c:1146 +#: src/sudo.c:1163 src/sudo.c:1216 src/sudo.c:1260 +msgid "command rejected by policy" +msgstr "у виконанні команди відмовлено згідно правил" + +#: src/sudo.c:1168 src/sudo.c:1221 src/sudo.c:1265 +msgid "policy plugin error" +msgstr "помилка у додатку правил" + +#: src/sudo.c:1202 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "у додатку правил %s не передбачено підтримки побудови списку прав доступу" -#: src/sudo.c:1163 +#: src/sudo.c:1246 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "у додатку правил %s не передбачено підтримки параметра -v" -#: src/sudo.c:1178 +#: src/sudo.c:1284 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "у додатку правил %s не передбачено підтримки параметрів -k/-K" -#: src/sudo_edit.c:221 +#: src/sudo.c:1413 +#, c-format +msgid "error initializing I/O plugin %s" +msgstr "помилка під час спроби ініціалізації додатка введення/виведення даних %s" + +#: src/sudo.c:1567 +#, c-format +msgid "error initializing audit plugin %s" +msgstr "помилка під час спроби ініціалізації додатка аудиту %s" + +#: src/sudo.c:1745 +#, c-format +msgid "error initializing approval plugin %s" +msgstr "помилка під час спроби ініціалізації додатка підтвердження %s" + +#: src/sudo.c:1821 +msgid "command rejected by approver" +msgstr "у виконанні команди відмовлено засобом підтвердження" + +#: src/sudo.c:1830 +msgid "approval plugin error" +msgstr "помилка у додатку підтвердження" + +#: src/sudo_edit.c:233 msgid "no writable temporary directory found" msgstr "не знайдено придатного до запису тимчасового каталогу" -#: src/sudo_edit.c:288 src/sudo_edit.c:377 +#: src/sudo_edit.c:358 msgid "unable to restore current working directory" msgstr "не вдалося відновити поточний робочий каталог" -#: src/sudo_edit.c:594 src/sudo_edit.c:707 +#: src/sudo_edit.c:575 src/sudo_edit.c:688 #, c-format msgid "%s: not a regular file" msgstr "%s: не є звичайним файлом" -#: src/sudo_edit.c:601 +#: src/sudo_edit.c:582 #, c-format msgid "%s: editing symbolic links is not permitted" msgstr "%s: не можна редагувати символічні посилання" -#: src/sudo_edit.c:604 +#: src/sudo_edit.c:585 #, c-format msgid "%s: editing files in a writable directory is not permitted" msgstr "%s: не можна редагувати файли у непридатному до запису каталозі" -#: src/sudo_edit.c:637 src/sudo_edit.c:747 +#: src/sudo_edit.c:618 src/sudo_edit.c:728 #, c-format msgid "%s: short write" msgstr "%s: короткий запис" -#: src/sudo_edit.c:708 +#: src/sudo_edit.c:689 #, c-format msgid "%s left unmodified" msgstr "%s залишено без змін" -#: src/sudo_edit.c:721 src/sudo_edit.c:908 +#: src/sudo_edit.c:702 src/sudo_edit.c:889 #, c-format msgid "%s unchanged" msgstr "%s не змінено" -#: src/sudo_edit.c:736 src/sudo_edit.c:758 +#: src/sudo_edit.c:717 src/sudo_edit.c:739 #, c-format msgid "unable to write to %s" msgstr "не вдалося виконати запис до %s" -#: src/sudo_edit.c:737 src/sudo_edit.c:756 src/sudo_edit.c:759 -#: src/sudo_edit.c:933 src/sudo_edit.c:937 +#: src/sudo_edit.c:718 src/sudo_edit.c:737 src/sudo_edit.c:740 +#: src/sudo_edit.c:914 src/sudo_edit.c:918 #, c-format msgid "contents of edit session left in %s" msgstr "дані сеансу редагування залишилися у %s" -#: src/sudo_edit.c:755 +#: src/sudo_edit.c:736 msgid "unable to read temporary file" msgstr "не вдалося виконати читання з файла тимчасових даних" -#: src/sudo_edit.c:838 +#: src/sudo_edit.c:819 msgid "sesh: internal error: odd number of paths" msgstr "sesh: внутрішня помилка: непарна кількість шляхів" -#: src/sudo_edit.c:840 +#: src/sudo_edit.c:821 msgid "sesh: unable to create temporary files" msgstr "sesh: не вдалося створити тимчасові файли" -#: src/sudo_edit.c:842 src/sudo_edit.c:940 +#: src/sudo_edit.c:823 src/sudo_edit.c:921 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: невідома помилка %d" -#: src/sudo_edit.c:932 +#: src/sudo_edit.c:913 msgid "unable to copy temporary files back to their original location" msgstr "не вдалося скопіювати тимчасові файли назад до початкового місця зберігання" -#: src/sudo_edit.c:936 +#: src/sudo_edit.c:917 msgid "unable to copy some of the temporary files back to their original location" msgstr "не вдалося скопіювати деякі з тимчасових файлів назад до початкового місця зберігання" -#: src/sudo_edit.c:981 +#: src/sudo_edit.c:962 #, c-format msgid "unable to change uid to root (%u)" msgstr "не вдалося змінити значення uid на значення root (%u)" -#: src/sudo_edit.c:998 +#: src/sudo_edit.c:979 msgid "plugin error: missing file list for sudoedit" msgstr "помилка додатка: не вистачає списку файлів для sudoedit" -#: src/sudo_edit.c:1039 src/sudo_edit.c:1052 +#: src/sudo_edit.c:1020 src/sudo_edit.c:1033 msgid "unable to read the clock" msgstr "не вдалося прочитати час на годиннику" @@ -904,17 +957,17 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "не вказано програми askpass, спробуйте встановити значення змінної SUDO_ASKPASS" -#: src/tgetpass.c:322 +#: src/tgetpass.c:332 #, c-format msgid "unable to set gid to %u" msgstr "не вдалося встановити gid у значення %u" -#: src/tgetpass.c:326 +#: src/tgetpass.c:336 #, c-format msgid "unable to set uid to %u" msgstr "не вдалося встановити uid у значення %u" -#: src/tgetpass.c:331 +#: src/tgetpass.c:341 #, c-format msgid "unable to run %s" msgstr "не вдалося виконати %s" @@ -931,5 +984,8 @@ msgid "unable to restore stdin" msgstr "не вдалося відновити stdin" +#~ msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" +#~ msgstr "ігноруємо повторний запис додатка правил, «%s», у %s, рядок %d" + #~ msgid "no tty present and no askpass program specified" #~ msgstr "не виявлено tty і не вказано програми askpass" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/po/vi.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/po/vi.mo differ diff -Nru sudo-1.8.31/po/vi.po sudo-1.9.0/po/vi.po --- sudo-1.8.31/po/vi.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/po/vi.po 2020-05-11 16:28:23.000000000 +0000 @@ -1,405 +1,401 @@ # Vietnamese translation for sudo. # Bản dịch tiếng Việt dành cho sudo. # This file is put in the public domain. -# Trần Ngọc Quân , 2012-2014, 2015, 2016, 2017, 2018. +# Trần Ngọc Quân , 2012-2014, 2015, 2016, 2017, 2018, 2020. # msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.26b1\n" +"Project-Id-Version: sudo 1.8.29rc1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2018-10-29 08:31-0600\n" -"PO-Revision-Date: 2018-11-01 13:57+0700\n" +"POT-Creation-Date: 2019-10-21 19:55-0600\n" +"PO-Revision-Date: 2020-01-08 14:28+0700\n" "Last-Translator: Trần Ngọc Quân \n" "Language-Team: Vietnamese \n" "Language: vi\n" -"X-Bugs: Report translation errors to the Language-Team address.\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Language-Team-Website: \n" -"X-Generator: Gtranslator 2.91.7\n" +"X-Generator: Poedit 2.2.4\n" "X-Poedit-SourceCharset: UTF-8\n" -"X-Poedit-Language: Vietnamese\n" -"X-Poedit-Country: VIET NAM\n" -#: lib/util/aix.c:90 lib/util/aix.c:177 +#: lib/util/aix.c:92 lib/util/aix.c:172 msgid "unable to open userdb" msgstr "không thể mở cơ sở dữ liệu người dùng userdb" -#: lib/util/aix.c:232 +#: lib/util/aix.c:227 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "không thể chuyển đến sổ đăng ký “%s” cho %s" -#: lib/util/aix.c:257 +#: lib/util/aix.c:252 msgid "unable to restore registry" msgstr "không thể phục hồi sổ đăng ký" -#: lib/util/aix.c:280 lib/util/gidlist.c:69 lib/util/gidlist.c:79 -#: lib/util/sudo_conf.c:191 lib/util/sudo_conf.c:277 lib/util/sudo_conf.c:354 -#: lib/util/sudo_conf.c:558 src/conversation.c:82 src/exec_common.c:112 -#: src/exec_common.c:128 src/exec_common.c:137 src/exec_monitor.c:210 -#: src/exec_monitor.c:465 src/exec_monitor.c:471 src/exec_monitor.c:479 -#: src/exec_monitor.c:487 src/exec_monitor.c:494 src/exec_monitor.c:501 -#: src/exec_monitor.c:508 src/exec_monitor.c:515 src/exec_monitor.c:522 -#: src/exec_monitor.c:529 src/exec_monitor.c:536 src/exec_nopty.c:212 -#: src/exec_nopty.c:218 src/exec_nopty.c:227 src/exec_nopty.c:234 -#: src/exec_nopty.c:241 src/exec_nopty.c:248 src/exec_nopty.c:255 -#: src/exec_nopty.c:262 src/exec_nopty.c:269 src/exec_nopty.c:276 -#: src/exec_nopty.c:283 src/exec_nopty.c:290 src/exec_nopty.c:297 -#: src/exec_nopty.c:305 src/exec_nopty.c:467 src/exec_pty.c:778 -#: src/exec_pty.c:787 src/exec_pty.c:844 src/exec_pty.c:994 -#: src/exec_pty.c:1157 src/exec_pty.c:1163 src/exec_pty.c:1172 -#: src/exec_pty.c:1179 src/exec_pty.c:1186 src/exec_pty.c:1193 -#: src/exec_pty.c:1200 src/exec_pty.c:1207 src/exec_pty.c:1214 -#: src/exec_pty.c:1221 src/exec_pty.c:1228 src/exec_pty.c:1235 -#: src/exec_pty.c:1243 src/exec_pty.c:1661 src/load_plugins.c:57 -#: src/load_plugins.c:70 src/load_plugins.c:219 src/load_plugins.c:240 -#: src/load_plugins.c:309 src/load_plugins.c:315 src/load_plugins.c:329 -#: src/load_plugins.c:335 src/parse_args.c:182 src/parse_args.c:203 -#: src/parse_args.c:278 src/parse_args.c:565 src/parse_args.c:587 -#: src/preserve_fds.c:52 src/preserve_fds.c:137 src/selinux.c:89 -#: src/selinux.c:314 src/selinux.c:437 src/selinux.c:446 src/sesh.c:115 -#: src/sudo.c:616 src/sudo.c:676 src/sudo.c:686 src/sudo.c:706 src/sudo.c:725 -#: src/sudo.c:734 src/sudo.c:743 src/sudo.c:760 src/sudo.c:801 src/sudo.c:811 -#: src/sudo.c:834 src/sudo.c:1071 src/sudo.c:1092 src/sudo.c:1266 -#: src/sudo.c:1382 src/sudo_edit.c:256 src/sudo_edit.c:789 src/sudo_edit.c:886 -#: src/sudo_edit.c:1000 src/sudo_edit.c:1020 +#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/gidlist.c:81 +#: lib/util/sudo_conf.c:193 lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 +#: lib/util/sudo_conf.c:560 src/conversation.c:84 src/exec_common.c:114 +#: src/exec_common.c:130 src/exec_common.c:139 src/exec_monitor.c:212 +#: src/exec_monitor.c:467 src/exec_monitor.c:473 src/exec_monitor.c:481 +#: src/exec_monitor.c:489 src/exec_monitor.c:496 src/exec_monitor.c:503 +#: src/exec_monitor.c:510 src/exec_monitor.c:517 src/exec_monitor.c:524 +#: src/exec_monitor.c:531 src/exec_monitor.c:538 src/exec_nopty.c:214 +#: src/exec_nopty.c:220 src/exec_nopty.c:229 src/exec_nopty.c:236 +#: src/exec_nopty.c:243 src/exec_nopty.c:250 src/exec_nopty.c:257 +#: src/exec_nopty.c:264 src/exec_nopty.c:271 src/exec_nopty.c:278 +#: src/exec_nopty.c:285 src/exec_nopty.c:292 src/exec_nopty.c:299 +#: src/exec_nopty.c:307 src/exec_nopty.c:480 src/exec_pty.c:786 +#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1002 +#: src/exec_pty.c:1165 src/exec_pty.c:1171 src/exec_pty.c:1180 +#: src/exec_pty.c:1187 src/exec_pty.c:1194 src/exec_pty.c:1201 +#: src/exec_pty.c:1208 src/exec_pty.c:1215 src/exec_pty.c:1222 +#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 +#: src/exec_pty.c:1251 src/exec_pty.c:1668 src/load_plugins.c:59 +#: src/load_plugins.c:72 src/load_plugins.c:225 src/load_plugins.c:246 +#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 +#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:207 +#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 +#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 +#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 +#: src/sudo.c:619 src/sudo.c:679 src/sudo.c:689 src/sudo.c:710 src/sudo.c:729 +#: src/sudo.c:738 src/sudo.c:747 src/sudo.c:764 src/sudo.c:805 src/sudo.c:815 +#: src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 src/sudo.c:1240 +#: src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 src/sudo_edit.c:891 +#: src/sudo_edit.c:1005 src/sudo_edit.c:1025 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/util/aix.c:280 lib/util/gidlist.c:69 lib/util/sudo_conf.c:192 -#: lib/util/sudo_conf.c:277 lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:558 -#: src/conversation.c:83 src/exec_common.c:112 src/exec_common.c:129 -#: src/exec_common.c:138 src/exec_monitor.c:465 src/exec_monitor.c:471 -#: src/exec_monitor.c:479 src/exec_monitor.c:487 src/exec_monitor.c:494 -#: src/exec_monitor.c:501 src/exec_monitor.c:508 src/exec_monitor.c:515 -#: src/exec_monitor.c:522 src/exec_monitor.c:529 src/exec_monitor.c:536 -#: src/exec_nopty.c:212 src/exec_nopty.c:218 src/exec_nopty.c:227 -#: src/exec_nopty.c:234 src/exec_nopty.c:241 src/exec_nopty.c:248 -#: src/exec_nopty.c:255 src/exec_nopty.c:262 src/exec_nopty.c:269 -#: src/exec_nopty.c:276 src/exec_nopty.c:283 src/exec_nopty.c:290 -#: src/exec_nopty.c:297 src/exec_nopty.c:305 src/exec_pty.c:778 -#: src/exec_pty.c:787 src/exec_pty.c:844 src/exec_pty.c:1157 -#: src/exec_pty.c:1163 src/exec_pty.c:1172 src/exec_pty.c:1179 -#: src/exec_pty.c:1186 src/exec_pty.c:1193 src/exec_pty.c:1200 -#: src/exec_pty.c:1207 src/exec_pty.c:1214 src/exec_pty.c:1221 -#: src/exec_pty.c:1228 src/exec_pty.c:1235 src/exec_pty.c:1243 -#: src/exec_pty.c:1661 src/load_plugins.c:219 src/load_plugins.c:240 -#: src/load_plugins.c:309 src/load_plugins.c:315 src/load_plugins.c:329 -#: src/load_plugins.c:335 src/parse_args.c:182 src/parse_args.c:204 -#: src/parse_args.c:278 src/parse_args.c:565 src/parse_args.c:587 -#: src/preserve_fds.c:52 src/preserve_fds.c:137 src/selinux.c:89 -#: src/selinux.c:314 src/selinux.c:437 src/selinux.c:446 src/sesh.c:115 -#: src/sudo.c:616 src/sudo.c:834 src/sudo.c:1071 src/sudo.c:1092 -#: src/sudo.c:1266 src/sudo.c:1382 src/sudo_edit.c:256 src/sudo_edit.c:789 -#: src/sudo_edit.c:886 src/sudo_edit.c:1000 src/sudo_edit.c:1020 +#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/sudo_conf.c:194 +#: lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 lib/util/sudo_conf.c:560 +#: src/conversation.c:85 src/exec_common.c:114 src/exec_common.c:131 +#: src/exec_common.c:140 src/exec_monitor.c:467 src/exec_monitor.c:473 +#: src/exec_monitor.c:481 src/exec_monitor.c:489 src/exec_monitor.c:496 +#: src/exec_monitor.c:503 src/exec_monitor.c:510 src/exec_monitor.c:517 +#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_monitor.c:538 +#: src/exec_nopty.c:214 src/exec_nopty.c:220 src/exec_nopty.c:229 +#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 +#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 +#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 +#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:786 +#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1165 +#: src/exec_pty.c:1171 src/exec_pty.c:1180 src/exec_pty.c:1187 +#: src/exec_pty.c:1194 src/exec_pty.c:1201 src/exec_pty.c:1208 +#: src/exec_pty.c:1215 src/exec_pty.c:1222 src/exec_pty.c:1229 +#: src/exec_pty.c:1236 src/exec_pty.c:1243 src/exec_pty.c:1251 +#: src/exec_pty.c:1668 src/load_plugins.c:225 src/load_plugins.c:246 +#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 +#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:208 +#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 +#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 +#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 +#: src/sudo.c:619 src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 +#: src/sudo.c:1240 src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 +#: src/sudo_edit.c:891 src/sudo_edit.c:1005 src/sudo_edit.c:1025 msgid "unable to allocate memory" msgstr "không thể cấp phát bộ nhớ" -#: lib/util/strsignal.c:53 +#: lib/util/strsignal.c:55 msgid "Unknown signal" msgstr "Không hiểu tín hiệu" -#: lib/util/strtoid.c:82 lib/util/strtoid.c:129 lib/util/strtoid.c:157 -#: lib/util/strtomode.c:54 lib/util/strtonum.c:63 lib/util/strtonum.c:181 +#: lib/util/strtoid.c:96 lib/util/strtomode.c:56 lib/util/strtonum.c:161 +#: lib/util/strtonum.c:196 msgid "invalid value" msgstr "giá trị không hợp lệ" -#: lib/util/strtoid.c:89 lib/util/strtoid.c:136 lib/util/strtoid.c:164 -#: lib/util/strtomode.c:60 lib/util/strtonum.c:66 lib/util/strtonum.c:193 +#: lib/util/strtomode.c:62 lib/util/strtonum.c:173 msgid "value too large" msgstr "giá trị quá lớn" -#: lib/util/strtoid.c:91 lib/util/strtoid.c:142 lib/util/strtomode.c:60 -#: lib/util/strtonum.c:66 lib/util/strtonum.c:187 +#: lib/util/strtomode.c:62 lib/util/strtonum.c:167 msgid "value too small" msgstr "giá trị quá nhỏ" -#: lib/util/sudo_conf.c:210 +#: lib/util/sudo_conf.c:212 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "đường dẫn không hợp lệ “%s” trong %s, dòng %u" -#: lib/util/sudo_conf.c:376 lib/util/sudo_conf.c:429 +#: lib/util/sudo_conf.c:378 lib/util/sudo_conf.c:431 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "giá trị không hợp lệ cho %s “%s” trong %s, dòng %u" -#: lib/util/sudo_conf.c:397 +#: lib/util/sudo_conf.c:399 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "nguồn nhóm không được hỗ trợ “%s” trong %s, dòng %u" -#: lib/util/sudo_conf.c:413 +#: lib/util/sudo_conf.c:415 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "nhóm tối đa không hợp lệ “%s” trong %s, dòng %u" -#: lib/util/sudo_conf.c:574 +#: lib/util/sudo_conf.c:576 #, c-format msgid "unable to stat %s" msgstr "không thể lấy thống kê về %s" -#: lib/util/sudo_conf.c:577 +#: lib/util/sudo_conf.c:579 #, c-format msgid "%s is not a regular file" msgstr "%s không phải tập tin thường" -#: lib/util/sudo_conf.c:580 +#: lib/util/sudo_conf.c:582 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s được sở hữu bởi uid %u, nên là %u" -#: lib/util/sudo_conf.c:584 +#: lib/util/sudo_conf.c:586 #, c-format msgid "%s is world writable" msgstr "%s là ai ghi cũng được" -#: lib/util/sudo_conf.c:587 +#: lib/util/sudo_conf.c:589 #, c-format msgid "%s is group writable" msgstr "%s là nhóm có thể ghi" -#: lib/util/sudo_conf.c:597 src/selinux.c:213 src/selinux.c:230 src/sudo.c:360 +#: lib/util/sudo_conf.c:599 src/selinux.c:233 src/selinux.c:250 src/sudo.c:363 #, c-format msgid "unable to open %s" msgstr "không thể mở “%s”" -#: src/exec.c:165 +#: src/exec.c:111 #, c-format msgid "unknown login class %s" msgstr "không hiểu lớp đăng nhập %s" -#: src/exec.c:178 +#: src/exec.c:123 msgid "unable to set user context" msgstr "không thể đặt ngữ cảnh người dùng" -#: src/exec.c:194 +#: src/exec.c:139 msgid "unable to set process priority" msgstr "không thể đặt ưu tiên cho quá trình" -#: src/exec.c:202 +#: src/exec.c:150 #, c-format msgid "unable to change root to %s" msgstr "không thể chuyển đổi thư mục gốc thành %s" -#: src/exec.c:215 src/exec.c:221 src/exec.c:228 +#: src/exec.c:163 src/exec.c:169 src/exec.c:176 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "không thể thay đổi thành chạy như là mã người dùng này (%u, %u)" -#: src/exec.c:246 +#: src/exec.c:194 #, c-format msgid "unable to change directory to %s" msgstr "không thể thay đổi thư mục thành %s" -#: src/exec.c:345 src/exec_monitor.c:574 src/exec_monitor.c:576 -#: src/exec_nopty.c:525 src/exec_pty.c:522 src/exec_pty.c:1329 -#: src/exec_pty.c:1331 src/signal.c:148 src/signal.c:162 +#: src/exec.c:293 src/exec_monitor.c:576 src/exec_monitor.c:578 +#: src/exec_nopty.c:538 src/exec_pty.c:530 src/exec_pty.c:1336 +#: src/exec_pty.c:1338 src/signal.c:150 src/signal.c:164 #, c-format msgid "unable to set handler for signal %d" msgstr "không thể đặt bộ tiếp hợp cho tín hiệu %d" -#: src/exec_common.c:171 +#: src/exec_common.c:173 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "không thể xóa bỏ PRIV_PROC_EXEC từ PRIV_LIMIT" -#: src/exec_monitor.c:364 +#: src/exec_monitor.c:366 msgid "error reading from socketpair" msgstr "gặp lỗi khi đọc từ socketpair" -#: src/exec_monitor.c:381 +#: src/exec_monitor.c:383 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "kiểu trả về không như mong đợi từ backchannel: %d" -#: src/exec_monitor.c:473 src/exec_monitor.c:481 src/exec_monitor.c:489 -#: src/exec_monitor.c:496 src/exec_monitor.c:503 src/exec_monitor.c:510 -#: src/exec_monitor.c:517 src/exec_monitor.c:524 src/exec_monitor.c:531 -#: src/exec_monitor.c:538 src/exec_nopty.c:220 src/exec_nopty.c:229 -#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 -#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 -#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 -#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:644 -#: src/exec_pty.c:649 src/exec_pty.c:746 src/exec_pty.c:753 src/exec_pty.c:850 -#: src/exec_pty.c:1165 src/exec_pty.c:1174 src/exec_pty.c:1181 -#: src/exec_pty.c:1188 src/exec_pty.c:1195 src/exec_pty.c:1202 -#: src/exec_pty.c:1209 src/exec_pty.c:1216 src/exec_pty.c:1223 -#: src/exec_pty.c:1230 src/exec_pty.c:1237 src/exec_pty.c:1614 -#: src/exec_pty.c:1624 src/exec_pty.c:1669 src/exec_pty.c:1676 -#: src/exec_pty.c:1703 +#: src/exec_monitor.c:475 src/exec_monitor.c:483 src/exec_monitor.c:491 +#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 +#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_monitor.c:533 +#: src/exec_monitor.c:540 src/exec_nopty.c:222 src/exec_nopty.c:231 +#: src/exec_nopty.c:238 src/exec_nopty.c:245 src/exec_nopty.c:252 +#: src/exec_nopty.c:259 src/exec_nopty.c:266 src/exec_nopty.c:273 +#: src/exec_nopty.c:280 src/exec_nopty.c:287 src/exec_nopty.c:294 +#: src/exec_nopty.c:301 src/exec_nopty.c:309 src/exec_pty.c:652 +#: src/exec_pty.c:657 src/exec_pty.c:754 src/exec_pty.c:761 src/exec_pty.c:858 +#: src/exec_pty.c:1173 src/exec_pty.c:1182 src/exec_pty.c:1189 +#: src/exec_pty.c:1196 src/exec_pty.c:1203 src/exec_pty.c:1210 +#: src/exec_pty.c:1217 src/exec_pty.c:1224 src/exec_pty.c:1231 +#: src/exec_pty.c:1238 src/exec_pty.c:1245 src/exec_pty.c:1621 +#: src/exec_pty.c:1631 src/exec_pty.c:1676 src/exec_pty.c:1683 +#: src/exec_pty.c:1710 msgid "unable to add event to queue" msgstr "không thể thêm sự kiện vào hàng đợi" -#: src/exec_monitor.c:592 +#: src/exec_monitor.c:594 msgid "unable to set controlling tty" msgstr "không thể đặt điều khiển cho tty" -#: src/exec_monitor.c:600 src/exec_nopty.c:364 src/exec_pty.c:1408 -#: src/exec_pty.c:1429 src/exec_pty.c:1449 src/tgetpass.c:292 +#: src/exec_monitor.c:602 src/exec_nopty.c:366 src/exec_pty.c:1415 +#: src/exec_pty.c:1436 src/exec_pty.c:1456 src/tgetpass.c:307 msgid "unable to create pipe" msgstr "không tạo được đường ống pipe" -#: src/exec_monitor.c:608 +#: src/exec_monitor.c:610 msgid "unable to receive message from parent" msgstr "không thể nhận tin nhắn từ cha mẹ" -#: src/exec_monitor.c:614 src/exec_nopty.c:382 src/exec_pty.c:1487 -#: src/tgetpass.c:296 +#: src/exec_monitor.c:624 src/exec_nopty.c:395 src/exec_pty.c:1494 +#: src/tgetpass.c:311 msgid "unable to fork" msgstr "không thể tạo tiến trình con" -#: src/exec_monitor.c:628 src/sesh.c:125 src/sudo.c:1130 +#: src/exec_monitor.c:628 src/exec_monitor.c:727 src/exec_nopty.c:448 +msgid "unable to restore tty label" +msgstr "không thể phục hồi nhãn cho tty" + +#: src/exec_monitor.c:644 src/sesh.c:127 src/sudo.c:1100 #, c-format msgid "unable to execute %s" msgstr "không thể thực thi %s" -#: src/exec_monitor.c:711 src/exec_nopty.c:435 -msgid "unable to restore tty label" -msgstr "không thể phục hồi nhãn cho tty" - -#: src/exec_nopty.c:358 src/exec_pty.c:1338 +#: src/exec_nopty.c:360 src/exec_pty.c:1345 msgid "policy plugin failed session initialization" msgstr "phần bổ sung chính sách gặp lỗi khi khởi tạo phiên" -#: src/exec_nopty.c:424 src/exec_pty.c:1574 +#: src/exec_nopty.c:437 src/exec_pty.c:1581 msgid "error in event loop" msgstr "có lỗi trong vòng lặp sự kiện" -#: src/exec_nopty.c:533 src/exec_pty.c:557 src/signal.c:110 +#: src/exec_nopty.c:546 src/exec_pty.c:565 src/signal.c:112 #, c-format msgid "unable to restore handler for signal %d" msgstr "không thể phục hồi bộ tiếp hợp cho tín hiệu %d" -#: src/exec_pty.c:156 +#: src/exec_pty.c:158 msgid "unable to allocate pty" msgstr "không thể phân bổ pty" -#: src/exec_pty.c:1318 +#: src/exec_pty.c:1325 msgid "unable to create sockets" msgstr "không thể tạo các ổ cắm mạng" -#: src/exec_pty.c:1531 +#: src/exec_pty.c:1538 msgid "unable to send message to monitor process" msgstr "không thể gửi tin đến tiến trình theo dõi" -#: src/load_plugins.c:55 src/load_plugins.c:68 src/load_plugins.c:90 -#: src/load_plugins.c:120 src/load_plugins.c:128 src/load_plugins.c:134 -#: src/load_plugins.c:175 src/load_plugins.c:183 src/load_plugins.c:190 -#: src/load_plugins.c:196 +#: src/load_plugins.c:57 src/load_plugins.c:70 src/load_plugins.c:92 +#: src/load_plugins.c:122 src/load_plugins.c:134 src/load_plugins.c:140 +#: src/load_plugins.c:181 src/load_plugins.c:189 src/load_plugins.c:196 +#: src/load_plugins.c:202 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "lỗi trong %s, dòng %d, trong khi tải phần bổ sung “%s”" -#: src/load_plugins.c:92 +#: src/load_plugins.c:94 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:130 +#: src/load_plugins.c:136 #, c-format msgid "%s must be owned by uid %d" msgstr "%s phải được sở hữu bởi uid %d" -#: src/load_plugins.c:136 +#: src/load_plugins.c:142 #, c-format msgid "%s must be only be writable by owner" msgstr "%s phải là những thứ chỉ có thể ghi bởi chủ sở hữu" -#: src/load_plugins.c:177 +#: src/load_plugins.c:183 #, c-format msgid "unable to load %s: %s" msgstr "không thể tải %s: %s" -#: src/load_plugins.c:185 +#: src/load_plugins.c:191 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "không tìm thấy ký hiệu “%s” trong %s" -#: src/load_plugins.c:192 +#: src/load_plugins.c:198 #, c-format msgid "unknown policy type %d found in %s" msgstr "không hiểu kiểu chính sách %d tìm thấy trong %s" -#: src/load_plugins.c:198 +#: src/load_plugins.c:204 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "không tương thích số hiệu phiên bản lớn %d (cần %d) tìm thấy trong %s" -#: src/load_plugins.c:207 +#: src/load_plugins.c:213 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "lờ đi phần bổ sung chính sách “%s” trong %s, dòng %d" -#: src/load_plugins.c:209 +#: src/load_plugins.c:215 msgid "only a single policy plugin may be specified" msgstr "chỉ được phép chỉ định một phần bổ sung chính sách" -#: src/load_plugins.c:212 +#: src/load_plugins.c:218 #, c-format msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" msgstr "lờ đi phần bổ sung chính sách bị trùng lặp “%s” trong %s, dòng %d" -#: src/load_plugins.c:231 +#: src/load_plugins.c:237 #, c-format msgid "ignoring duplicate I/O plugin \"%s\" in %s, line %d" msgstr "lờ đi phần bổ sung I/O trùng lặp “%s” trong %s, dòng %d" -#: src/load_plugins.c:347 +#: src/load_plugins.c:353 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "phần bổ sung chính sách %s không bao gồm phương thức kiểm tra chính sách" -#: src/net_ifs.c:180 src/net_ifs.c:197 src/net_ifs.c:342 src/sudo.c:470 +#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:473 #, c-format msgid "internal error, %s overflow" msgstr "lỗi nội bộ, %s bị tràn" -#: src/parse_args.c:224 +#: src/parse_args.c:228 #, c-format msgid "invalid environment variable name: %s" msgstr "tên biến môi trường không hợp lệ: %s" -#: src/parse_args.c:320 +#: src/parse_args.c:329 msgid "the argument to -C must be a number greater than or equal to 3" msgstr "đối số cho -C phải là một số lớn hơn hoặc bằng 3" -#: src/parse_args.c:505 +#: src/parse_args.c:523 msgid "you may not specify both the `-i' and `-s' options" msgstr "bạn không thể chỉ định đồng thời cả hai tùy chọn “-i” và “-s”" -#: src/parse_args.c:509 +#: src/parse_args.c:527 msgid "you may not specify both the `-i' and `-E' options" msgstr "bạn không thể chỉ định cả hai tùy chọn “-i” và “-E”" -#: src/parse_args.c:519 +#: src/parse_args.c:537 msgid "the `-E' option is not valid in edit mode" msgstr "tùy chọn “-E” không hợp lệ trong chế độ chỉnh sửa" -#: src/parse_args.c:521 +#: src/parse_args.c:539 msgid "you may not specify environment variables in edit mode" msgstr "bạn có lẽ không được chỉ định biến môi trường trong chế độ soạn thảo" -#: src/parse_args.c:529 +#: src/parse_args.c:547 msgid "the `-U' option may only be used with the `-l' option" msgstr "tùy chọn “-U” chỉ sử dụng cùng với tùy chọn “-l”" -#: src/parse_args.c:533 +#: src/parse_args.c:551 msgid "the `-A' and `-S' options may not be used together" msgstr "tùy chọn “-A” và “-S” không thể dùng cùng một lúc với nhau" -#: src/parse_args.c:609 +#: src/parse_args.c:627 msgid "sudoedit is not supported on this platform" msgstr "sudoedit không được hỗ trợ trên nền tảng này" -#: src/parse_args.c:682 +#: src/parse_args.c:700 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Chỉ được phép chỉ định một trong số các tùy chọn -e, -h, -i, -K, -l, -s, -v hay -V" -#: src/parse_args.c:696 +#: src/parse_args.c:714 #, c-format msgid "" "%s - edit files as another user\n" @@ -408,7 +404,7 @@ "%s - sửa chữa các tập tin trên danh nghĩa người dùng khác\n" "\n" -#: src/parse_args.c:698 +#: src/parse_args.c:716 #, c-format msgid "" "%s - execute a command as another user\n" @@ -417,7 +413,7 @@ "%s - thực hiện câu lệnh trên danh nghĩa người dùng khác\n" "\n" -#: src/parse_args.c:703 +#: src/parse_args.c:721 #, c-format msgid "" "\n" @@ -426,510 +422,521 @@ "\n" "Tùy chọn:\n" -#: src/parse_args.c:705 +#: src/parse_args.c:723 msgid "use a helper program for password prompting" msgstr "sử dụng chương trình trợ giúp cho hỏi đáp mật khẩu" -#: src/parse_args.c:708 +#: src/parse_args.c:726 msgid "use specified BSD authentication type" msgstr "sử dụng kiểu xác thực BSD được chỉ ra" -#: src/parse_args.c:711 +#: src/parse_args.c:729 msgid "run command in the background" msgstr "chạy lệnh ở chế độ nền" -#: src/parse_args.c:713 +#: src/parse_args.c:731 +msgid "ring bell when prompting" +msgstr "reo chuông khi nhắc" + +#: src/parse_args.c:733 msgid "close all file descriptors >= num" msgstr "đóng tất cả các mô tả của tập tin >= số" -#: src/parse_args.c:716 +#: src/parse_args.c:736 msgid "run command with the specified BSD login class" msgstr "chạy lệnh với một lớp đăng nhập BSD được chỉ ra" -#: src/parse_args.c:719 +#: src/parse_args.c:739 msgid "preserve user environment when running command" msgstr "bảo tồn môi trường người dùng khi thi hành lệnh" -#: src/parse_args.c:721 +#: src/parse_args.c:741 msgid "preserve specific environment variables" msgstr "bảo tôn các biến môi trường chuyên biệt" -#: src/parse_args.c:723 +#: src/parse_args.c:743 msgid "edit files instead of running a command" msgstr "chỉnh sửa các tập tin thay vì chạy lệnh" -#: src/parse_args.c:725 +#: src/parse_args.c:745 msgid "run command as the specified group name or ID" msgstr "thực hiện câu lệnh với tư cách là tên hay ID của nhóm được chỉ định" -#: src/parse_args.c:727 +#: src/parse_args.c:747 msgid "set HOME variable to target user's home dir" msgstr "đặt biến HOME cho thư mục riêng của người dùng đích" -#: src/parse_args.c:729 +#: src/parse_args.c:749 msgid "display help message and exit" msgstr "hiển thị trợ giúp này rồi thoát" -#: src/parse_args.c:731 +#: src/parse_args.c:751 msgid "run command on host (if supported by plugin)" msgstr "chạy câu lệnh trên máy chủ (nếu được hỗ trợ bởi phần bổ sung)" -#: src/parse_args.c:733 +#: src/parse_args.c:753 msgid "run login shell as the target user; a command may also be specified" msgstr "chạy shell đăng nhập như là người dùng đích; có thể đồng thời chỉ định một câu lệnh" -#: src/parse_args.c:735 +#: src/parse_args.c:755 msgid "remove timestamp file completely" msgstr "gỡ bỏ hoàn toàn dấu vết thời gian của tập tin" -#: src/parse_args.c:737 +#: src/parse_args.c:757 msgid "invalidate timestamp file" msgstr "làm mất hiệu lực dấu vết thời gian (timestamp) của tập tin" -#: src/parse_args.c:739 +#: src/parse_args.c:759 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "liệt kê đặc quyền của người dùng hay kiểm tra câu lệnh xác định; dùng hai lần cho định dạng dài" -#: src/parse_args.c:741 +#: src/parse_args.c:761 msgid "non-interactive mode, no prompts are used" msgstr "chế độ không-tương-tác, sẽ không hỏi tên người dùng" -#: src/parse_args.c:743 +#: src/parse_args.c:763 msgid "preserve group vector instead of setting to target's" msgstr "bảo tồn véc-tơ nhóm thay vì các cài đặt cho đích" -#: src/parse_args.c:745 +#: src/parse_args.c:765 msgid "use the specified password prompt" msgstr "sử dụng nhắc nhập mật khẩu đã chỉ ra" -#: src/parse_args.c:748 +#: src/parse_args.c:768 msgid "create SELinux security context with specified role" msgstr "tạo ngữ cảnh an ninh SELinux với vai trò đã chỉ ra" -#: src/parse_args.c:751 +#: src/parse_args.c:771 msgid "read password from standard input" msgstr "đọc mật khẩu từ đầu vào tiêu chuẩn" -#: src/parse_args.c:753 +#: src/parse_args.c:773 msgid "run shell as the target user; a command may also be specified" msgstr "chạy hệ vỏ dưới danh nghĩa người dùng đích; cũng có thể chỉ định thêm câu lệnh" -#: src/parse_args.c:756 +#: src/parse_args.c:776 msgid "create SELinux security context with specified type" msgstr "tạo ngữ cảnh an ninh SELinux với kiểu đã chỉ ra" -#: src/parse_args.c:759 +#: src/parse_args.c:779 msgid "terminate command after the specified time limit" msgstr "chấm dứt lệnh sau một thời hạn giới hạn được chỉ định" -#: src/parse_args.c:761 +#: src/parse_args.c:781 msgid "in list mode, display privileges for user" msgstr "ở chế độ liệt kê, hiển thị đặc quyền cho người dùng" -#: src/parse_args.c:763 +#: src/parse_args.c:783 msgid "run command (or edit file) as specified user name or ID" msgstr "chạy lệnh (hay sửa chữa tập tin) trên tư cách của người dùng hay ID đã chỉ ra" -#: src/parse_args.c:765 +#: src/parse_args.c:785 msgid "display version information and exit" msgstr "hiển thị thông tin phiên bản rồi thoát" -#: src/parse_args.c:767 +#: src/parse_args.c:787 msgid "update user's timestamp without running a command" msgstr "cập nhật dấu vết thời gian (timestamp) của người dùng mà không chạy một lệnh" -#: src/parse_args.c:769 +#: src/parse_args.c:789 msgid "stop processing command line arguments" msgstr "dừng việc xử lý đối số dòng lệnh" -#: src/selinux.c:83 +#: src/selinux.c:85 msgid "unable to open audit system" msgstr "không thể mở hệ thống audit" -#: src/selinux.c:93 +#: src/selinux.c:95 msgid "unable to send audit message" msgstr "không thể gửi thông tin audit" -#: src/selinux.c:121 +#: src/selinux.c:129 #, c-format msgid "unable to fgetfilecon %s" msgstr "không thể fgetfilecon %s" -#: src/selinux.c:126 +#: src/selinux.c:134 #, c-format msgid "%s changed labels" msgstr "%s nhãn đã thay đổi" -#: src/selinux.c:131 +#: src/selinux.c:142 #, c-format msgid "unable to restore context for %s" -msgstr "Không thể phục hồi ngữ cảnh cho %s" +msgstr "không thể phục hồi ngữ cảnh cho %s" -#: src/selinux.c:172 +#: src/selinux.c:190 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "không thể mở %s, không phải là tty dán nhãn lại" -#: src/selinux.c:176 src/selinux.c:217 src/selinux.c:234 +#: src/selinux.c:194 src/selinux.c:237 src/selinux.c:254 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s không phải là một thiết bị ký tự, không phải là tty dán nhãn lại" -#: src/selinux.c:185 +#: src/selinux.c:203 msgid "unable to get current tty context, not relabeling tty" msgstr "không thể lấy ngữ cảnh tty hiện hành, không phải là tty dán nhãn lại" -#: src/selinux.c:192 +#: src/selinux.c:210 msgid "unknown security class \"chr_file\", not relabeling tty" msgstr "không hiểu lớp an ninh \"chr_file\", không phải là tty dán nhãn lại" -#: src/selinux.c:197 +#: src/selinux.c:215 msgid "unable to get new tty context, not relabeling tty" msgstr "không thể lấy ngữ cảnh tty mới, không phải là tty dán nhãn lại" -#: src/selinux.c:204 +#: src/selinux.c:224 msgid "unable to set new tty context" msgstr "không thể đặt ngữ cảnh tty mới" -#: src/selinux.c:278 +#: src/selinux.c:298 #, c-format msgid "you must specify a role for type %s" msgstr "bạn phải chỉ định một kiểu vai trò cho %s" -#: src/selinux.c:284 +#: src/selinux.c:304 #, c-format msgid "unable to get default type for role %s" msgstr "không thể lấy kiểu mặc định cho vai trò %s" -#: src/selinux.c:302 +#: src/selinux.c:316 +msgid "failed to get new context" +msgstr "gặp lỗi khi lấy ngữ cảnh mới" + +#: src/selinux.c:325 #, c-format msgid "failed to set new role %s" msgstr "gặp lỗi khi đặt đặt vai trò mới %s" -#: src/selinux.c:306 +#: src/selinux.c:329 #, c-format msgid "failed to set new type %s" msgstr "gặp lỗi khi đặt kiểu mới %s" -#: src/selinux.c:318 +#: src/selinux.c:341 #, c-format msgid "%s is not a valid context" msgstr "%s không phải là một ngữ cảnh hợp lệ" -#: src/selinux.c:353 -msgid "failed to get old_context" +#: src/selinux.c:373 +msgid "failed to get old context" msgstr "gặp lỗi khi lấy ngữ cảnh cũ" -#: src/selinux.c:359 +#: src/selinux.c:379 msgid "unable to determine enforcing mode." msgstr "không thể xác định rõ chế độ ép buộc." -#: src/selinux.c:376 +#: src/selinux.c:396 #, c-format msgid "unable to set tty context to %s" msgstr "không thể cài đặt ngữ cảnh tty mới cho %s" -#: src/selinux.c:415 +#: src/selinux.c:428 #, c-format msgid "unable to set exec context to %s" msgstr "không thể đặt ngữ cảnh bảo thực thi thành %s" -#: src/selinux.c:422 +#: src/selinux.c:435 #, c-format msgid "unable to set key creation context to %s" msgstr "không thể đặt ngữ cảnh tạo khóa thành %s" -#: src/sesh.c:77 +#: src/sesh.c:79 msgid "requires at least one argument" msgstr "cần thiết ít nhất một đối số" -#: src/sesh.c:106 +#: src/sesh.c:108 #, c-format msgid "invalid file descriptor number: %s" msgstr "số mô tả của tập tin không hợp lệ: %s" -#: src/sesh.c:120 +#: src/sesh.c:122 #, c-format msgid "unable to run %s as a login shell" msgstr "không thể chạy %s như là hệ vỏ đăng nhập" -#: src/signal.c:88 +#: src/signal.c:90 #, c-format msgid "unable to save handler for signal %d" msgstr "không thể ghi lại bộ tiếp hợp cho tín hiệu %d" -#: src/solaris.c:81 +#: src/solaris.c:83 msgid "resource control limit has been reached" msgstr "giới hạn điều khiển tài nguyên đã tới hạn" -#: src/solaris.c:84 +#: src/solaris.c:86 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "người dùng “%s” không phải là thành viên của dự án “%s”" -#: src/solaris.c:88 +#: src/solaris.c:90 msgid "the invoking task is final" msgstr "tác vụ được gọi là cuối cùng" -#: src/solaris.c:91 +#: src/solaris.c:93 #, c-format msgid "could not join project \"%s\"" msgstr "không thể gia nhập dự án “%s”" -#: src/solaris.c:96 +#: src/solaris.c:98 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "không kho tài nguyên chung nào được thừa nhận ràng buộc đã tồn tại sẵn cho dự án “%s”" -#: src/solaris.c:100 +#: src/solaris.c:102 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "nguồn tài nguyên chung được chỉ ra chưa tồn tại cho dự án “%s”" -#: src/solaris.c:104 +#: src/solaris.c:106 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "không thể buộc phần tài nguyên chung mặc định cho dự án “%s”" -#: src/solaris.c:110 +#: src/solaris.c:112 #, c-format msgid "setproject failed for project \"%s\"" msgstr "đặt dự án cho dự án “%s” gặp lỗi" -#: src/solaris.c:112 +#: src/solaris.c:114 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "cảnh báo, nguồn điều khiển gán gặp lỗi cho dự án “%s”" -#: src/sudo.c:201 +#: src/sudo.c:204 #, c-format msgid "Sudo version %s\n" msgstr "Sudo phiên bản %s\n" -#: src/sudo.c:203 +#: src/sudo.c:206 #, c-format msgid "Configure options: %s\n" msgstr "Các tùy chọn cấu hình: %s\n" -#: src/sudo.c:211 +#: src/sudo.c:214 msgid "fatal error, unable to load plugins" msgstr "lỗi nghiêm trọng, không thể tải các phần bổ sung" -#: src/sudo.c:219 +#: src/sudo.c:222 msgid "unable to initialize policy plugin" msgstr "không thể khởi tạo phần bổ sung chính sách" -#: src/sudo.c:263 +#: src/sudo.c:266 msgid "plugin did not return a command to execute" msgstr "phần bổ sung không trả về một lệnh để thực thi" -#: src/sudo.c:279 +#: src/sudo.c:282 #, c-format msgid "error initializing I/O plugin %s" -msgstr "Gặp lỗi khi nạp phần bổ sung I/O %s" +msgstr "gặp lỗi khi khởi tạo phần bổ sung I/O %s" -#: src/sudo.c:302 +#: src/sudo.c:306 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "không mong đợi chế độ sudo 0x%x" -#: src/sudo.c:535 +#: src/sudo.c:538 #, c-format msgid "you do not exist in the %s database" msgstr "bạn không tồn tại trong cơ sở dữ liệu %s" -#: src/sudo.c:592 +#: src/sudo.c:595 msgid "unable to determine tty" msgstr "không thể dò tìm tty" -#: src/sudo.c:880 +#: src/sudo.c:887 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s phải được sở hữu bởi uid %d và bít setuid phải được đặt" -#: src/sudo.c:883 +#: src/sudo.c:890 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "uid chịu tác động hiện tại không phải là %d, có phải là %s trên hệ thống tập tin với tùy chọn “nosuid” được đặt, hay một hệ thống tập tin NFS không có đặc quyền của root không?" -#: src/sudo.c:889 +#: src/sudo.c:896 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "uid chịu tác động hiện tại không phải là %d, chương trình sudo có được cài với setuid root không?" -#: src/sudo.c:942 +#: src/sudo.c:912 msgid "unable to set supplementary group IDs" msgstr "không thể đặt nhóm phụ IDs" -#: src/sudo.c:949 +#: src/sudo.c:919 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "không thể đặt hiệu ứng gid chạy như là gid %u" -#: src/sudo.c:955 +#: src/sudo.c:925 #, c-format msgid "unable to set gid to runas gid %u" msgstr "không thể thay đổi gid thành runas gid %u" -#: src/sudo.c:1012 +#: src/sudo.c:982 #, c-format msgid "unexpected child termination condition: %d" msgstr "biểu thức điều kiện con kết thúc không như mong đợi: %d" -#: src/sudo.c:1158 +#: src/sudo.c:1128 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "phần bổ sung chính sách %s bị thiếu phương thức kiểm tra chính sách “check_policy”" -#: src/sudo.c:1176 +#: src/sudo.c:1146 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "phần bổ sung chính sách %s không hỗ trợ liệt kê đặc quyền" -#: src/sudo.c:1193 +#: src/sudo.c:1163 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "phần bổ sung chính sách %s không hỗ trợ tùy chọn -v" -#: src/sudo.c:1208 +#: src/sudo.c:1178 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "phần bổ sung chính sách %s không hỗ trợ tùy chọn -k/-K" -#: src/sudo_edit.c:219 +#: src/sudo_edit.c:221 msgid "no writable temporary directory found" msgstr "không thể tìm thấy thư mục tạm ghi được nào" -#: src/sudo_edit.c:286 src/sudo_edit.c:375 +#: src/sudo_edit.c:288 src/sudo_edit.c:377 msgid "unable to restore current working directory" msgstr "không thể phục hồi thư mục làm việc hiện tại" -#: src/sudo_edit.c:592 src/sudo_edit.c:704 +#: src/sudo_edit.c:594 src/sudo_edit.c:707 #, c-format msgid "%s: not a regular file" msgstr "%s: không phải là tập tin thường" -#: src/sudo_edit.c:599 +#: src/sudo_edit.c:601 #, c-format msgid "%s: editing symbolic links is not permitted" msgstr "%s: sửa các liên kết mềm là không được phép" -#: src/sudo_edit.c:602 +#: src/sudo_edit.c:604 #, c-format msgid "%s: editing files in a writable directory is not permitted" msgstr "%s: sửa các tập tin trong thư mục ghi được là là không được phép" -#: src/sudo_edit.c:635 src/sudo_edit.c:742 +#: src/sudo_edit.c:637 src/sudo_edit.c:747 #, c-format msgid "%s: short write" msgstr "%s: ghi ngắn" -#: src/sudo_edit.c:705 +#: src/sudo_edit.c:708 #, c-format msgid "%s left unmodified" msgstr "%s còn lại chưa thay đổi" -#: src/sudo_edit.c:718 src/sudo_edit.c:903 +#: src/sudo_edit.c:721 src/sudo_edit.c:908 #, c-format msgid "%s unchanged" msgstr "%s không thay đổi" -#: src/sudo_edit.c:731 src/sudo_edit.c:753 +#: src/sudo_edit.c:736 src/sudo_edit.c:758 #, c-format msgid "unable to write to %s" msgstr "không thể ghi vào %s" -#: src/sudo_edit.c:732 src/sudo_edit.c:751 src/sudo_edit.c:754 -#: src/sudo_edit.c:928 src/sudo_edit.c:932 +#: src/sudo_edit.c:737 src/sudo_edit.c:756 src/sudo_edit.c:759 +#: src/sudo_edit.c:933 src/sudo_edit.c:937 #, c-format msgid "contents of edit session left in %s" msgstr "nội dung của phiên chỉnh sửa chỉ còn %s" -#: src/sudo_edit.c:750 +#: src/sudo_edit.c:755 msgid "unable to read temporary file" msgstr "không thể đọc tập tin tạm thời" -#: src/sudo_edit.c:833 +#: src/sudo_edit.c:838 msgid "sesh: internal error: odd number of paths" msgstr "sesh: lỗi nội tại: số cũ của đường dẫn" -#: src/sudo_edit.c:835 +#: src/sudo_edit.c:840 msgid "sesh: unable to create temporary files" msgstr "sesh: không thể tạo tập tin tạm thời" -#: src/sudo_edit.c:837 src/sudo_edit.c:935 +#: src/sudo_edit.c:842 src/sudo_edit.c:940 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: không hiểu lỗi %d" -#: src/sudo_edit.c:927 +#: src/sudo_edit.c:932 msgid "unable to copy temporary files back to their original location" msgstr "không thể chép các tập tin tạm trở lại vị trí gốc của chúng" -#: src/sudo_edit.c:931 +#: src/sudo_edit.c:936 msgid "unable to copy some of the temporary files back to their original location" msgstr "không thể chép một số tập tin tạm trở lại vị trí gốc của chúng" -#: src/sudo_edit.c:976 +#: src/sudo_edit.c:981 #, c-format msgid "unable to change uid to root (%u)" msgstr "không thể thay đổi uid thành root (%u)" -#: src/sudo_edit.c:993 +#: src/sudo_edit.c:998 msgid "plugin error: missing file list for sudoedit" msgstr "lỗi phần bổ sung: thiếu danh sách tập tin cho sudoedit" -#: src/sudo_edit.c:1034 src/sudo_edit.c:1047 +#: src/sudo_edit.c:1039 src/sudo_edit.c:1052 msgid "unable to read the clock" msgstr "không thể đọc khóa" -#: src/tgetpass.c:101 +#: src/tgetpass.c:102 msgid "timed out reading password" msgstr "quá thời hạn chờ đọc mật khẩu" -#: src/tgetpass.c:104 +#: src/tgetpass.c:105 msgid "no password was provided" msgstr "chưa đưa ra mật khẩu" -#: src/tgetpass.c:107 +#: src/tgetpass.c:108 msgid "unable to read password" msgstr "không thể đọc mật khẩu" -#: src/tgetpass.c:141 -msgid "no tty present and no askpass program specified" -msgstr "không có tty hiện diện và không có chương trình hỏi mật khẩu nào được chỉ ra" +#: src/tgetpass.c:147 +msgid "a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper" +msgstr "một thiết bị đầu cuối là cần thiết để đọc mật khẩu; hoặc sử dụng tùy chọn -S để đọc từ đầu vào tiêu chuẩn hoặc cấu hình một chương trình hỗ trợ nhắc hỏi mật khẩu (askpass)" -#: src/tgetpass.c:150 +#: src/tgetpass.c:157 msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "không có chương trình hỏi mật khẩu nào được chỉ ra, hãy thử đặt SUDO_ASKPASS" -#: src/tgetpass.c:307 +#: src/tgetpass.c:322 #, c-format msgid "unable to set gid to %u" msgstr "không thể đặt mã số nhóm thành %u" -#: src/tgetpass.c:311 +#: src/tgetpass.c:326 #, c-format msgid "unable to set uid to %u" msgstr "không thể đặt mã số người dùng thành %u" -#: src/tgetpass.c:316 +#: src/tgetpass.c:331 #, c-format msgid "unable to run %s" msgstr "không thể chạy %s" -#: src/utmp.c:271 +#: src/utmp.c:295 msgid "unable to save stdin" msgstr "không thể ghi lại đầu vào tiêu chuẩn" -#: src/utmp.c:273 +#: src/utmp.c:297 msgid "unable to dup2 stdin" msgstr "không thể dup2 (nhân đôi) đầu vào tiêu chuẩn" -#: src/utmp.c:276 +#: src/utmp.c:300 msgid "unable to restore stdin" msgstr "không thể phục hồi đầu vào tiêu chuẩn" +#~ msgid "no tty present and no askpass program specified" +#~ msgstr "không có tty hiện diện và không có chương trình hỏi mật khẩu nào được chỉ ra" + #~ msgid "unable to get group vector" #~ msgstr "không thể lấy véc-tơ nhóm" Binary files /tmp/tmpcjR7II/j0un3w1jSf/sudo-1.8.31/po/zh_TW.mo and /tmp/tmpcjR7II/PWBo6YFK7Q/sudo-1.9.0/po/zh_TW.mo differ diff -Nru sudo-1.8.31/po/zh_TW.po sudo-1.9.0/po/zh_TW.po --- sudo-1.8.31/po/zh_TW.po 2019-12-31 12:58:36.000000000 +0000 +++ sudo-1.9.0/po/zh_TW.po 2020-05-11 16:28:23.000000000 +0000 @@ -2,22 +2,22 @@ # This file is put in the public domain. # # 林博仁 (Buo-ren, Lin) , 2018. -# pan93412 , 2019. +# Yi-Jyun Pan , 2019, 2020. msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.29rc1\n" +"Project-Id-Version: sudo 1.9.0b4\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2019-10-24 21:13+0800\n" -"Last-Translator: pan93412 \n" -"Language-Team: Chinese (traditional) \n" +"POT-Creation-Date: 2020-03-12 17:39-0600\n" +"PO-Revision-Date: 2020-03-13 18:48+0800\n" +"Last-Translator: Yi-Jyun Pan \n" +"Language-Team: Chinese (traditional) \n" "Language: zh_TW\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=1; plural=0;\n" -"X-Generator: Lokalize 19.08.2\n" +"X-Generator: Poedit 2.3\n" #: lib/util/aix.c:92 lib/util/aix.c:172 msgid "unable to open userdb" @@ -33,74 +33,98 @@ msgstr "無法還原登錄表" #: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/gidlist.c:81 -#: lib/util/sudo_conf.c:193 lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 -#: lib/util/sudo_conf.c:560 src/conversation.c:84 src/exec_common.c:114 -#: src/exec_common.c:130 src/exec_common.c:139 src/exec_monitor.c:212 -#: src/exec_monitor.c:467 src/exec_monitor.c:473 src/exec_monitor.c:481 +#: lib/util/json.c:66 lib/util/json.c:192 lib/util/sudo_conf.c:191 +#: lib/util/sudo_conf.c:277 lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 +#: src/conversation.c:86 src/exec_common.c:114 src/exec_common.c:130 +#: src/exec_common.c:139 src/exec_monitor.c:211 src/exec_monitor.c:460 +#: src/exec_monitor.c:466 src/exec_monitor.c:474 src/exec_monitor.c:482 #: src/exec_monitor.c:489 src/exec_monitor.c:496 src/exec_monitor.c:503 #: src/exec_monitor.c:510 src/exec_monitor.c:517 src/exec_monitor.c:524 -#: src/exec_monitor.c:531 src/exec_monitor.c:538 src/exec_nopty.c:214 -#: src/exec_nopty.c:220 src/exec_nopty.c:229 src/exec_nopty.c:236 -#: src/exec_nopty.c:243 src/exec_nopty.c:250 src/exec_nopty.c:257 -#: src/exec_nopty.c:264 src/exec_nopty.c:271 src/exec_nopty.c:278 -#: src/exec_nopty.c:285 src/exec_nopty.c:292 src/exec_nopty.c:299 -#: src/exec_nopty.c:307 src/exec_nopty.c:480 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1002 -#: src/exec_pty.c:1165 src/exec_pty.c:1171 src/exec_pty.c:1180 -#: src/exec_pty.c:1187 src/exec_pty.c:1194 src/exec_pty.c:1201 -#: src/exec_pty.c:1208 src/exec_pty.c:1215 src/exec_pty.c:1222 -#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 -#: src/exec_pty.c:1251 src/exec_pty.c:1668 src/load_plugins.c:59 -#: src/load_plugins.c:72 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:207 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:679 src/sudo.c:689 src/sudo.c:710 src/sudo.c:729 -#: src/sudo.c:738 src/sudo.c:747 src/sudo.c:764 src/sudo.c:805 src/sudo.c:815 -#: src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 src/sudo.c:1240 -#: src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 src/sudo_edit.c:891 -#: src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:531 src/exec_nopty.c:218 src/exec_nopty.c:227 +#: src/exec_nopty.c:234 src/exec_nopty.c:241 src/exec_nopty.c:248 +#: src/exec_nopty.c:255 src/exec_nopty.c:262 src/exec_nopty.c:269 +#: src/exec_nopty.c:276 src/exec_nopty.c:283 src/exec_nopty.c:290 +#: src/exec_nopty.c:297 src/exec_nopty.c:305 src/exec_nopty.c:479 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1038 src/exec_pty.c:1206 src/exec_pty.c:1215 +#: src/exec_pty.c:1222 src/exec_pty.c:1229 src/exec_pty.c:1236 +#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 +#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 +#: src/exec_pty.c:1286 src/exec_pty.c:1709 src/load_plugins.c:59 +#: src/load_plugins.c:72 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:207 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:625 src/sudo.c:685 +#: src/sudo.c:695 src/sudo.c:716 src/sudo.c:735 src/sudo.c:744 src/sudo.c:753 +#: src/sudo.c:770 src/sudo.c:811 src/sudo.c:821 src/sudo.c:847 src/sudo.c:1037 +#: src/sudo.c:1059 src/sudo.c:1355 src/sudo.c:1528 src/sudo.c:1722 +#: src/sudo.c:2066 src/sudo_edit.c:270 src/sudo_edit.c:775 src/sudo_edit.c:872 +#: src/sudo_edit.c:986 src/sudo_edit.c:1006 #, c-format msgid "%s: %s" msgstr "%s:%s" -#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/sudo_conf.c:194 -#: lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 lib/util/sudo_conf.c:560 -#: src/conversation.c:85 src/exec_common.c:114 src/exec_common.c:131 -#: src/exec_common.c:140 src/exec_monitor.c:467 src/exec_monitor.c:473 -#: src/exec_monitor.c:481 src/exec_monitor.c:489 src/exec_monitor.c:496 +#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/json.c:67 +#: lib/util/json.c:193 lib/util/sudo_conf.c:192 lib/util/sudo_conf.c:277 +#: lib/util/sudo_conf.c:354 lib/util/sudo_conf.c:580 src/conversation.c:87 +#: src/exec_common.c:114 src/exec_common.c:131 src/exec_common.c:140 +#: src/exec_monitor.c:460 src/exec_monitor.c:466 src/exec_monitor.c:474 +#: src/exec_monitor.c:482 src/exec_monitor.c:489 src/exec_monitor.c:496 #: src/exec_monitor.c:503 src/exec_monitor.c:510 src/exec_monitor.c:517 -#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_monitor.c:538 -#: src/exec_nopty.c:214 src/exec_nopty.c:220 src/exec_nopty.c:229 -#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 -#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 -#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 -#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1165 -#: src/exec_pty.c:1171 src/exec_pty.c:1180 src/exec_pty.c:1187 -#: src/exec_pty.c:1194 src/exec_pty.c:1201 src/exec_pty.c:1208 -#: src/exec_pty.c:1215 src/exec_pty.c:1222 src/exec_pty.c:1229 -#: src/exec_pty.c:1236 src/exec_pty.c:1243 src/exec_pty.c:1251 -#: src/exec_pty.c:1668 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:208 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 -#: src/sudo.c:1240 src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 -#: src/sudo_edit.c:891 src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_nopty.c:218 +#: src/exec_nopty.c:227 src/exec_nopty.c:234 src/exec_nopty.c:241 +#: src/exec_nopty.c:248 src/exec_nopty.c:255 src/exec_nopty.c:262 +#: src/exec_nopty.c:269 src/exec_nopty.c:276 src/exec_nopty.c:283 +#: src/exec_nopty.c:290 src/exec_nopty.c:297 src/exec_nopty.c:305 +#: src/exec_pty.c:822 src/exec_pty.c:831 src/exec_pty.c:888 +#: src/exec_pty.c:1206 src/exec_pty.c:1215 src/exec_pty.c:1222 +#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 +#: src/exec_pty.c:1250 src/exec_pty.c:1257 src/exec_pty.c:1264 +#: src/exec_pty.c:1271 src/exec_pty.c:1278 src/exec_pty.c:1286 +#: src/exec_pty.c:1709 src/load_plugins.c:170 src/load_plugins.c:195 +#: src/load_plugins.c:230 src/load_plugins.c:470 src/load_plugins.c:476 +#: src/load_plugins.c:491 src/load_plugins.c:497 src/parse_args.c:186 +#: src/parse_args.c:208 src/parse_args.c:282 src/parse_args.c:584 +#: src/parse_args.c:606 src/parse_args.c:631 src/preserve_fds.c:54 +#: src/preserve_fds.c:139 src/selinux.c:91 src/selinux.c:361 src/selinux.c:474 +#: src/selinux.c:483 src/sesh.c:117 src/sudo.c:239 src/sudo.c:625 +#: src/sudo.c:847 src/sudo.c:1037 src/sudo.c:1059 src/sudo.c:1355 +#: src/sudo.c:1528 src/sudo.c:1722 src/sudo.c:2066 src/sudo_edit.c:270 +#: src/sudo_edit.c:775 src/sudo_edit.c:872 src/sudo_edit.c:986 +#: src/sudo_edit.c:1006 msgid "unable to allocate memory" msgstr "無法分配記憶體" +#: lib/util/mkdir_parents.c:79 lib/util/sudo_conf.c:619 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 +#, c-format +msgid "unable to open %s" +msgstr "無法開啟 %s" + +#: lib/util/mkdir_parents.c:94 +#, c-format +msgid "unable to mkdir %s" +msgstr "無法建立 %s 目錄" + +#: lib/util/mkdir_parents.c:103 lib/util/sudo_conf.c:596 +#, c-format +msgid "unable to stat %s" +msgstr "無法取得 %s 檔案的資訊" + +#: lib/util/mkdir_parents.c:108 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s 存在,但不是目錄 (0%o)" + #: lib/util/strsignal.c:55 msgid "Unknown signal" msgstr "訊號未知" #: lib/util/strtoid.c:96 lib/util/strtomode.c:56 lib/util/strtonum.c:161 -#: lib/util/strtonum.c:196 +#: lib/util/strtonum.c:200 msgid "invalid value" msgstr "數值無效" @@ -112,87 +136,77 @@ msgid "value too small" msgstr "數值過小" -#: lib/util/sudo_conf.c:212 +#: lib/util/sudo_conf.c:210 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "於 %2$s 第 %3$u 行發現無效的 Path 值「%1$s」" -#: lib/util/sudo_conf.c:378 lib/util/sudo_conf.c:431 +#: lib/util/sudo_conf.c:376 lib/util/sudo_conf.c:392 lib/util/sudo_conf.c:445 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "於 %3$s 中第 %4$u 行發現用於 %1$s 的「%2$s」無效數值" -#: lib/util/sudo_conf.c:399 +#: lib/util/sudo_conf.c:413 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "於「%2$s」第 %3$u 行發現不支援的「%1$s」群組來源" -#: lib/util/sudo_conf.c:415 +#: lib/util/sudo_conf.c:429 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "於 %2$s 第 %3$u 行發現無效的「%1$s」最大群組" -#: lib/util/sudo_conf.c:576 -#, c-format -msgid "unable to stat %s" -msgstr "無法取得 %s 檔案的資訊" - -#: lib/util/sudo_conf.c:579 +#: lib/util/sudo_conf.c:599 #, c-format msgid "%s is not a regular file" msgstr "%s 非一般檔案" -#: lib/util/sudo_conf.c:582 +#: lib/util/sudo_conf.c:602 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s 不應由使用者 ID 為 %u 的使用者所擁有,應為 %u" -#: lib/util/sudo_conf.c:586 +#: lib/util/sudo_conf.c:606 #, c-format msgid "%s is world writable" msgstr "%s 允許所有使用者寫入" -#: lib/util/sudo_conf.c:589 +#: lib/util/sudo_conf.c:609 #, c-format msgid "%s is group writable" msgstr "%s 允許群組寫入" -#: lib/util/sudo_conf.c:599 src/selinux.c:233 src/selinux.c:250 src/sudo.c:363 -#, c-format -msgid "unable to open %s" -msgstr "無法開啟 %s" - -#: src/exec.c:111 +#: src/exec.c:135 #, c-format msgid "unknown login class %s" msgstr "未知的 %s 登入類別" -#: src/exec.c:123 +#: src/exec.c:147 msgid "unable to set user context" msgstr "無法設定使用者上下文" -#: src/exec.c:139 +#: src/exec.c:163 msgid "unable to set process priority" msgstr "無法設定行程優先層級" -#: src/exec.c:150 +#: src/exec.c:177 #, c-format msgid "unable to change root to %s" msgstr "無法切換根目錄至 %s" -#: src/exec.c:163 src/exec.c:169 src/exec.c:176 +#: src/exec.c:190 src/exec.c:196 src/exec.c:203 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "無法變更至 runas 使用者 ID (%u, %u)" -#: src/exec.c:194 +#: src/exec.c:221 #, c-format msgid "unable to change directory to %s" msgstr "無法變更目錄至 %s" -#: src/exec.c:293 src/exec_monitor.c:576 src/exec_monitor.c:578 -#: src/exec_nopty.c:538 src/exec_pty.c:530 src/exec_pty.c:1336 -#: src/exec_pty.c:1338 src/signal.c:150 src/signal.c:164 +#: src/exec.c:304 src/exec_monitor.c:569 src/exec_monitor.c:571 +#: src/exec_nopty.c:537 src/exec_pty.c:566 src/exec_pty.c:1373 +#: src/exec_pty.c:1375 src/signal.c:150 src/signal.c:164 #, c-format msgid "unable to set handler for signal %d" msgstr "無法設定用於處理 %d 訊號的程式" @@ -201,89 +215,107 @@ msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "無法自 PRIV_LIMIT 移除 PRIV_PROC_EXEC" -#: src/exec_monitor.c:366 +#: src/exec_monitor.c:365 msgid "error reading from socketpair" msgstr "自 socketpair 讀取資料時發生錯誤" -#: src/exec_monitor.c:383 +#: src/exec_monitor.c:382 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "未預期的 backchannel 回應類型:%d" -#: src/exec_monitor.c:475 src/exec_monitor.c:483 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_monitor.c:533 -#: src/exec_monitor.c:540 src/exec_nopty.c:222 src/exec_nopty.c:231 -#: src/exec_nopty.c:238 src/exec_nopty.c:245 src/exec_nopty.c:252 -#: src/exec_nopty.c:259 src/exec_nopty.c:266 src/exec_nopty.c:273 -#: src/exec_nopty.c:280 src/exec_nopty.c:287 src/exec_nopty.c:294 -#: src/exec_nopty.c:301 src/exec_nopty.c:309 src/exec_pty.c:652 -#: src/exec_pty.c:657 src/exec_pty.c:754 src/exec_pty.c:761 src/exec_pty.c:858 -#: src/exec_pty.c:1173 src/exec_pty.c:1182 src/exec_pty.c:1189 -#: src/exec_pty.c:1196 src/exec_pty.c:1203 src/exec_pty.c:1210 -#: src/exec_pty.c:1217 src/exec_pty.c:1224 src/exec_pty.c:1231 -#: src/exec_pty.c:1238 src/exec_pty.c:1245 src/exec_pty.c:1621 -#: src/exec_pty.c:1631 src/exec_pty.c:1676 src/exec_pty.c:1683 -#: src/exec_pty.c:1710 +#: src/exec_monitor.c:468 src/exec_monitor.c:476 src/exec_monitor.c:484 +#: src/exec_monitor.c:491 src/exec_monitor.c:498 src/exec_monitor.c:505 +#: src/exec_monitor.c:512 src/exec_monitor.c:519 src/exec_monitor.c:526 +#: src/exec_monitor.c:533 src/exec_nopty.c:220 src/exec_nopty.c:229 +#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 +#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 +#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 +#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:688 +#: src/exec_pty.c:693 src/exec_pty.c:790 src/exec_pty.c:797 src/exec_pty.c:894 +#: src/exec_pty.c:1208 src/exec_pty.c:1217 src/exec_pty.c:1224 +#: src/exec_pty.c:1231 src/exec_pty.c:1238 src/exec_pty.c:1245 +#: src/exec_pty.c:1252 src/exec_pty.c:1259 src/exec_pty.c:1266 +#: src/exec_pty.c:1273 src/exec_pty.c:1280 src/exec_pty.c:1662 +#: src/exec_pty.c:1672 src/exec_pty.c:1717 src/exec_pty.c:1724 +#: src/exec_pty.c:1751 msgid "unable to add event to queue" msgstr "無法新增事件至佇列中" -#: src/exec_monitor.c:594 +#: src/exec_monitor.c:587 msgid "unable to set controlling tty" msgstr "無法設定控制終端" -#: src/exec_monitor.c:602 src/exec_nopty.c:366 src/exec_pty.c:1415 -#: src/exec_pty.c:1436 src/exec_pty.c:1456 src/tgetpass.c:307 +#: src/exec_monitor.c:595 src/exec_nopty.c:364 src/exec_pty.c:1452 +#: src/exec_pty.c:1473 src/exec_pty.c:1493 src/tgetpass.c:311 msgid "unable to create pipe" msgstr "無法建立管線" -#: src/exec_monitor.c:610 +#: src/exec_monitor.c:603 msgid "unable to receive message from parent" msgstr "無法自上層接收訊息" -#: src/exec_monitor.c:624 src/exec_nopty.c:395 src/exec_pty.c:1494 -#: src/tgetpass.c:311 +#: src/exec_monitor.c:617 src/exec_nopty.c:393 src/exec_pty.c:1531 +#: src/tgetpass.c:315 msgid "unable to fork" msgstr "無法複製 (fork) 出新行程" -#: src/exec_monitor.c:628 src/exec_monitor.c:727 src/exec_nopty.c:448 +#: src/exec_monitor.c:621 src/exec_monitor.c:720 src/exec_nopty.c:447 msgid "unable to restore tty label" msgstr "無法還原終端標籤 (tty label)" -#: src/exec_monitor.c:644 src/sesh.c:127 src/sudo.c:1100 +#: src/exec_monitor.c:637 src/sesh.c:127 src/sudo.c:1114 #, c-format msgid "unable to execute %s" msgstr "無法執行 %s" -#: src/exec_nopty.c:360 src/exec_pty.c:1345 +#: src/exec_nopty.c:358 src/exec_pty.c:1382 msgid "policy plugin failed session initialization" msgstr "政策外掛程式初始化工作階段失敗" -#: src/exec_nopty.c:437 src/exec_pty.c:1581 +#: src/exec_nopty.c:435 src/exec_pty.c:1617 msgid "error in event loop" msgstr "在事件處理迴圈中發生錯誤" -#: src/exec_nopty.c:546 src/exec_pty.c:565 src/signal.c:112 +#: src/exec_nopty.c:545 src/exec_pty.c:601 src/signal.c:112 #, c-format msgid "unable to restore handler for signal %d" msgstr "無法還原用於處理 %d 訊號的程序" -#: src/exec_pty.c:158 +#: src/exec_pty.c:157 msgid "unable to allocate pty" msgstr "無法分配虛擬終端機" -#: src/exec_pty.c:1325 +#: src/exec_pty.c:221 src/exec_pty.c:260 src/exec_pty.c:299 src/exec_pty.c:349 +#: src/exec_pty.c:399 +msgid "I/O plugin error" +msgstr "I/O 外掛程式錯誤" + +#: src/exec_pty.c:224 src/exec_pty.c:263 src/exec_pty.c:302 src/exec_pty.c:352 +#: src/exec_pty.c:402 +msgid "command rejected by I/O plugin" +msgstr "命令被 I/O 外掛程式拒絕" + +#: src/exec_pty.c:449 +msgid "error logging suspend" +msgstr "記錄暫停時發生錯誤" + +#: src/exec_pty.c:482 +msgid "error changing window size" +msgstr "變更視窗大小時發生錯誤" + +#: src/exec_pty.c:1362 msgid "unable to create sockets" msgstr "無法建立 socket 檔案" -#: src/exec_pty.c:1538 +#: src/exec_pty.c:1574 msgid "unable to send message to monitor process" msgstr "無法傳送訊息至監控程序" #: src/load_plugins.c:57 src/load_plugins.c:70 src/load_plugins.c:92 -#: src/load_plugins.c:122 src/load_plugins.c:134 src/load_plugins.c:140 -#: src/load_plugins.c:181 src/load_plugins.c:189 src/load_plugins.c:196 -#: src/load_plugins.c:202 +#: src/load_plugins.c:122 src/load_plugins.c:136 src/load_plugins.c:142 +#: src/load_plugins.c:293 src/load_plugins.c:301 src/load_plugins.c:308 +#: src/load_plugins.c:348 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "載入「%3$s」外掛程式時,發現 %1$s 中的第 %2$d 行有錯誤" @@ -293,61 +325,56 @@ msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:136 +#: src/load_plugins.c:138 #, c-format msgid "%s must be owned by uid %d" msgstr "%s 必須由使用者 ID 為 %d 的使用者所擁有" -#: src/load_plugins.c:142 +#: src/load_plugins.c:144 #, c-format msgid "%s must be only be writable by owner" msgstr "%s 必須只能被其所有者可寫" -#: src/load_plugins.c:183 +#: src/load_plugins.c:254 src/load_plugins.c:321 +#, c-format +msgid "ignoring duplicate plugin \"%s\" in %s, line %d" +msgstr "忽略第 %3$d 行 %2$s 中的重複外掛程式「%1$s」" + +#: src/load_plugins.c:295 #, c-format msgid "unable to load %s: %s" msgstr "無法載入 %s:%s" -#: src/load_plugins.c:191 +#: src/load_plugins.c:303 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "無法在 %s 中找到「%s」符號" -#: src/load_plugins.c:198 -#, c-format -msgid "unknown policy type %d found in %s" -msgstr "在 %2$s 發現未知的 %1$d sudo 政策類型" - -#: src/load_plugins.c:204 +#: src/load_plugins.c:310 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "在 %3$s 中發現不相容的外掛程式主版本號 %1$d(預期應為 %2$d)" -#: src/load_plugins.c:213 +#: src/load_plugins.c:324 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "無視 %2$s 中第 %3$d 行的「%1$s」sudo 政策外掛程式" -#: src/load_plugins.c:215 +#: src/load_plugins.c:326 msgid "only a single policy plugin may be specified" msgstr "只能指定一個 Sudo 政策外掛程式" -#: src/load_plugins.c:218 -#, c-format -msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" -msgstr "無視 %2$s 中 %3$d 行的重複「%1$s」Sudo 政策外掛程式" - -#: src/load_plugins.c:237 +#: src/load_plugins.c:350 #, c-format -msgid "ignoring duplicate I/O plugin \"%s\" in %s, line %d" -msgstr "無視 %2$s 中第 %3$d 行的「%1$s」重複 I/O 外掛程式" +msgid "unknown plugin type %d found in %s" +msgstr "在 %2$s 發現未知的外掛程式類型 %1$d" -#: src/load_plugins.c:353 +#: src/load_plugins.c:511 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "%s 政策外掛程式未包含 check_policy 方法" -#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:473 +#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:478 #, c-format msgid "internal error, %s overflow" msgstr "內部錯誤,%s 溢位" @@ -361,39 +388,39 @@ msgid "the argument to -C must be a number greater than or equal to 3" msgstr "傳入 -C 的參數數字應該要等於或大於 3" -#: src/parse_args.c:523 +#: src/parse_args.c:524 msgid "you may not specify both the `-i' and `-s' options" msgstr "不能同時指定 -i 跟 -s 指令列選項" -#: src/parse_args.c:527 +#: src/parse_args.c:528 msgid "you may not specify both the `-i' and `-E' options" msgstr "不能同時指定 -i 跟 -E 指令列選項" -#: src/parse_args.c:537 +#: src/parse_args.c:538 msgid "the `-E' option is not valid in edit mode" msgstr "-E 指令列選項在編輯模式中無效" -#: src/parse_args.c:539 +#: src/parse_args.c:540 msgid "you may not specify environment variables in edit mode" msgstr "不能在編輯模式中指定環境變數" -#: src/parse_args.c:547 +#: src/parse_args.c:548 msgid "the `-U' option may only be used with the `-l' option" msgstr "-U 指令列選項只能跟 -l 選項一起使用" -#: src/parse_args.c:551 +#: src/parse_args.c:552 msgid "the `-A' and `-S' options may not be used together" msgstr "不能同時使用 -A 跟 -S 指令列選項" -#: src/parse_args.c:627 +#: src/parse_args.c:645 msgid "sudoedit is not supported on this platform" msgstr "此平台不支援 sudoedit" -#: src/parse_args.c:700 +#: src/parse_args.c:726 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "只能指定以下指令列選項之一:-e、-h、-i、-K、-l、-s、-v、-V" -#: src/parse_args.c:714 +#: src/parse_args.c:740 #, c-format msgid "" "%s - edit files as another user\n" @@ -402,7 +429,7 @@ "%s - 以另一個使用者的身份編輯檔案\n" "\n" -#: src/parse_args.c:716 +#: src/parse_args.c:742 #, c-format msgid "" "%s - execute a command as another user\n" @@ -411,7 +438,7 @@ "%s - 以另一個使用者的身份執行指令\n" "\n" -#: src/parse_args.c:721 +#: src/parse_args.c:747 #, c-format msgid "" "\n" @@ -420,123 +447,123 @@ "\n" "指令列選項:\n" -#: src/parse_args.c:723 +#: src/parse_args.c:749 msgid "use a helper program for password prompting" msgstr "使用助手程式詢問密碼" -#: src/parse_args.c:726 +#: src/parse_args.c:752 msgid "use specified BSD authentication type" msgstr "使用指定的 BSD 身份驗證類型" -#: src/parse_args.c:729 +#: src/parse_args.c:755 msgid "run command in the background" msgstr "在背景中執行指令" -#: src/parse_args.c:731 +#: src/parse_args.c:757 msgid "ring bell when prompting" msgstr "提示時響鈴" -#: src/parse_args.c:733 +#: src/parse_args.c:759 msgid "close all file descriptors >= num" msgstr "關閉所有 >= num 的檔案描述元" -#: src/parse_args.c:736 +#: src/parse_args.c:762 msgid "run command with the specified BSD login class" msgstr "以指定的 BSD 登入類型執行指令" -#: src/parse_args.c:739 +#: src/parse_args.c:765 msgid "preserve user environment when running command" msgstr "在執行指令時保留使用者的環境" -#: src/parse_args.c:741 +#: src/parse_args.c:767 msgid "preserve specific environment variables" msgstr "保留指定的環境變數" -#: src/parse_args.c:743 +#: src/parse_args.c:769 msgid "edit files instead of running a command" msgstr "編輯檔案而非執行指令" -#: src/parse_args.c:745 +#: src/parse_args.c:771 msgid "run command as the specified group name or ID" msgstr "以指定的群組名稱或 ID 執行指令" -#: src/parse_args.c:747 +#: src/parse_args.c:773 msgid "set HOME variable to target user's home dir" msgstr "設定 HOME 環境變數為目標使用者的家目錄" -#: src/parse_args.c:749 +#: src/parse_args.c:775 msgid "display help message and exit" msgstr "顯示說明訊息並退出" -#: src/parse_args.c:751 +#: src/parse_args.c:777 msgid "run command on host (if supported by plugin)" msgstr "在指定的主機上執行指令(若外掛程式支援)" -#: src/parse_args.c:753 +#: src/parse_args.c:779 msgid "run login shell as the target user; a command may also be specified" msgstr "以目標使用者的身份執行登入 shell;亦可同時指定一個指令" -#: src/parse_args.c:755 +#: src/parse_args.c:781 msgid "remove timestamp file completely" msgstr "完全地移除時間戳記檔案" -#: src/parse_args.c:757 +#: src/parse_args.c:783 msgid "invalidate timestamp file" msgstr "使時間戳檔案無效化" -#: src/parse_args.c:759 +#: src/parse_args.c:785 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "列出使用者的權限或是檢查特定的指令;指定兩次以用更長的格式輸出" -#: src/parse_args.c:761 +#: src/parse_args.c:787 msgid "non-interactive mode, no prompts are used" msgstr "非互動式模式,不使用任何提示文字" -#: src/parse_args.c:763 +#: src/parse_args.c:789 msgid "preserve group vector instead of setting to target's" msgstr "保留目前的群組集合而非設定為目標的群組集合" -#: src/parse_args.c:765 +#: src/parse_args.c:791 msgid "use the specified password prompt" msgstr "使用指定的密碼提示文字" -#: src/parse_args.c:768 +#: src/parse_args.c:794 msgid "create SELinux security context with specified role" msgstr "使用指定的角色建立 SELinux 安全上下文" -#: src/parse_args.c:771 +#: src/parse_args.c:797 msgid "read password from standard input" msgstr "自標準輸入讀取密碼" -#: src/parse_args.c:773 +#: src/parse_args.c:799 msgid "run shell as the target user; a command may also be specified" msgstr "以目標使用者的身份執行 shell;一個指令亦可同時被指定" -#: src/parse_args.c:776 +#: src/parse_args.c:802 msgid "create SELinux security context with specified type" msgstr "使用指定的類型建立 SELinux 安全上下文" -#: src/parse_args.c:779 +#: src/parse_args.c:805 msgid "terminate command after the specified time limit" msgstr "在指定的時間限制過後中止指令" -#: src/parse_args.c:781 +#: src/parse_args.c:807 msgid "in list mode, display privileges for user" msgstr "在清單模式中顯示使用者的權限" -#: src/parse_args.c:783 +#: src/parse_args.c:809 msgid "run command (or edit file) as specified user name or ID" msgstr "以指定的使用者名稱或 ID 來執行指令(或編輯檔案)" -#: src/parse_args.c:785 +#: src/parse_args.c:811 msgid "display version information and exit" msgstr "顯示版本資訊並離開" -#: src/parse_args.c:787 +#: src/parse_args.c:813 msgid "update user's timestamp without running a command" msgstr "更新使用者時間戳記而不執行指令" -#: src/parse_args.c:789 +#: src/parse_args.c:815 msgid "stop processing command line arguments" msgstr "停止處理指令列引數" @@ -568,7 +595,7 @@ msgid "unable to open %s, not relabeling tty" msgstr "無法開啟 %s,將不重加終端機的標籤" -#: src/selinux.c:194 src/selinux.c:237 src/selinux.c:254 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s 不是一個字元裝置,將不重加終端機的標籤" @@ -589,54 +616,54 @@ msgid "unable to set new tty context" msgstr "無法設定新的終端機上下文" -#: src/selinux.c:298 +#: src/selinux.c:322 #, c-format msgid "you must specify a role for type %s" msgstr "你必須對 %s 類別指定一個角色" -#: src/selinux.c:304 +#: src/selinux.c:328 #, c-format msgid "unable to get default type for role %s" msgstr "無法取得 %s 角色的預設分類" -#: src/selinux.c:316 +#: src/selinux.c:340 msgid "failed to get new context" msgstr "無法取得新上下文" -#: src/selinux.c:325 +#: src/selinux.c:349 #, c-format msgid "failed to set new role %s" msgstr "無法設定新的角色 %s" -#: src/selinux.c:329 +#: src/selinux.c:353 #, c-format msgid "failed to set new type %s" msgstr "無法設定新的類別 %s" -#: src/selinux.c:341 +#: src/selinux.c:365 #, c-format msgid "%s is not a valid context" msgstr "%s 不是有效的 SELinux 上下文" -#: src/selinux.c:373 +#: src/selinux.c:397 msgid "failed to get old context" msgstr "無法取得舊上下文" -#: src/selinux.c:379 +#: src/selinux.c:403 msgid "unable to determine enforcing mode." msgstr "無法判斷 SELinux 行使模式。" -#: src/selinux.c:396 +#: src/selinux.c:420 #, c-format msgid "unable to set tty context to %s" msgstr "無法設定 tty 上下文為 %s" -#: src/selinux.c:428 +#: src/selinux.c:452 #, c-format msgid "unable to set exec context to %s" msgstr "無法設定執行上下文為 %s" -#: src/selinux.c:435 +#: src/selinux.c:459 #, c-format msgid "unable to set key creation context to %s" msgstr "無法設定金鑰建立上下文為 %s" @@ -703,185 +730,211 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "警告:對專案「%s」執行資源控制指派失敗" -#: src/sudo.c:204 +#: src/sudo.c:224 #, c-format msgid "Sudo version %s\n" msgstr "Sudo 版本 %s\n" -#: src/sudo.c:206 +#: src/sudo.c:226 #, c-format msgid "Configure options: %s\n" msgstr "設定選項:%s\n" -#: src/sudo.c:214 +#: src/sudo.c:235 msgid "fatal error, unable to load plugins" msgstr "致命錯誤:無法載入外掛程式" -#: src/sudo.c:222 -msgid "unable to initialize policy plugin" -msgstr "無法初始化 Sudo 政策外掛程式" - -#: src/sudo.c:266 +#: src/sudo.c:280 msgid "plugin did not return a command to execute" msgstr "外掛程式沒有回傳要執行的指令" -#: src/sudo.c:282 -#, c-format -msgid "error initializing I/O plugin %s" -msgstr "初始化「%s」I/O 外掛程式時發生錯誤" - -#: src/sudo.c:306 +#: src/sudo.c:311 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "未預期的 0x%x sudo 模式" -#: src/sudo.c:538 +#: src/sudo.c:544 #, c-format msgid "you do not exist in the %s database" msgstr "您不在 %s 資料庫中" -#: src/sudo.c:595 +#: src/sudo.c:601 msgid "unable to determine tty" msgstr "無法判斷終端機" -#: src/sudo.c:887 +#: src/sudo.c:893 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s 必須由使用者 ID 為 %d 的使用者所擁有,且必須設定 setuid 位元" -#: src/sudo.c:890 +#: src/sudo.c:896 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "有效的使用者 ID 不是 %d,請問「%s」是存在於設定「nosuid」掛載選項的檔案系統中,還是存在於沒有 root 權限的 NFS 檔案系統?" -#: src/sudo.c:896 +#: src/sudo.c:902 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "有效的使用者 ID 不是 %d,請檢查 sudo 是否安裝了 setuid root。" -#: src/sudo.c:912 +#: src/sudo.c:918 msgid "unable to set supplementary group IDs" msgstr "無法設定增補群組 ID" -#: src/sudo.c:919 +#: src/sudo.c:925 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "無法將有效群組 ID 設定為 runas 群組 ID %u" -#: src/sudo.c:925 +#: src/sudo.c:931 #, c-format msgid "unable to set gid to runas gid %u" msgstr "無法將群組 ID 設定為 runas 群組 ID %u" -#: src/sudo.c:982 +#: src/sudo.c:978 #, c-format msgid "unexpected child termination condition: %d" msgstr "未預期之子行程中止狀況:%d" -#: src/sudo.c:1128 +#: src/sudo.c:1087 +msgid "unable to initialize policy plugin" +msgstr "無法初始化 Sudo 政策外掛程式" + +#: src/sudo.c:1148 #, c-format msgid "policy plugin %s is missing the `check_policy' method" msgstr "%s 政策外掛程式缺少 check_policy 方法" -#: src/sudo.c:1146 +#: src/sudo.c:1163 src/sudo.c:1216 src/sudo.c:1260 +msgid "command rejected by policy" +msgstr "命令被策略拒絕" + +#: src/sudo.c:1168 src/sudo.c:1221 src/sudo.c:1265 +msgid "policy plugin error" +msgstr "策略外掛程式發生錯誤" + +#: src/sudo.c:1202 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "%s 政策外掛程式不支援權限" -#: src/sudo.c:1163 +#: src/sudo.c:1246 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "%s 政策外掛程式不支援 -v 指令列選項" -#: src/sudo.c:1178 +#: src/sudo.c:1284 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "%s 政策外掛程式不支援 -k/-K 指令列選項" -#: src/sudo_edit.c:221 +#: src/sudo.c:1413 +#, c-format +msgid "error initializing I/O plugin %s" +msgstr "初始化「%s」I/O 外掛程式時發生錯誤" + +#: src/sudo.c:1567 +#, c-format +msgid "error initializing audit plugin %s" +msgstr "初始化稽核外掛程式 %s 時發生錯誤" + +#: src/sudo.c:1745 +#, c-format +msgid "error initializing approval plugin %s" +msgstr "初始化核准外掛程式 %s 時發生錯誤" + +#: src/sudo.c:1821 +msgid "command rejected by approver" +msgstr "命令被核准人拒絕" + +#: src/sudo.c:1830 +msgid "approval plugin error" +msgstr "核准外掛程式發生錯誤" + +#: src/sudo_edit.c:233 msgid "no writable temporary directory found" msgstr "沒有找到可寫入的暫存目錄" -#: src/sudo_edit.c:288 src/sudo_edit.c:377 +#: src/sudo_edit.c:358 msgid "unable to restore current working directory" msgstr "無法還原目前的工作目錄" -#: src/sudo_edit.c:594 src/sudo_edit.c:707 +#: src/sudo_edit.c:575 src/sudo_edit.c:688 #, c-format msgid "%s: not a regular file" msgstr "%s:非一般檔案" -#: src/sudo_edit.c:601 +#: src/sudo_edit.c:582 #, c-format msgid "%s: editing symbolic links is not permitted" msgstr "%s:不允許編輯符號連結" -#: src/sudo_edit.c:604 +#: src/sudo_edit.c:585 #, c-format msgid "%s: editing files in a writable directory is not permitted" msgstr "%s:不允許在可寫目錄編輯檔案" -#: src/sudo_edit.c:637 src/sudo_edit.c:747 +#: src/sudo_edit.c:618 src/sudo_edit.c:728 #, c-format msgid "%s: short write" msgstr "%s:過短寫入" -#: src/sudo_edit.c:708 +#: src/sudo_edit.c:689 #, c-format msgid "%s left unmodified" msgstr "%s 保持未變更狀態" -#: src/sudo_edit.c:721 src/sudo_edit.c:908 +#: src/sudo_edit.c:702 src/sudo_edit.c:889 #, c-format msgid "%s unchanged" msgstr "%s 未變更" -#: src/sudo_edit.c:736 src/sudo_edit.c:758 +#: src/sudo_edit.c:717 src/sudo_edit.c:739 #, c-format msgid "unable to write to %s" msgstr "無法寫入「%s」" -#: src/sudo_edit.c:737 src/sudo_edit.c:756 src/sudo_edit.c:759 -#: src/sudo_edit.c:933 src/sudo_edit.c:937 +#: src/sudo_edit.c:718 src/sudo_edit.c:737 src/sudo_edit.c:740 +#: src/sudo_edit.c:914 src/sudo_edit.c:918 #, c-format msgid "contents of edit session left in %s" msgstr "編輯階段的內容被留在 %s" -#: src/sudo_edit.c:755 +#: src/sudo_edit.c:736 msgid "unable to read temporary file" msgstr "無法讀取暫存檔案" -#: src/sudo_edit.c:838 +#: src/sudo_edit.c:819 msgid "sesh: internal error: odd number of paths" msgstr "sesh:內部錯誤:只有奇數個路徑" -#: src/sudo_edit.c:840 +#: src/sudo_edit.c:821 msgid "sesh: unable to create temporary files" msgstr "sesh:無法建立暫存檔案" -#: src/sudo_edit.c:842 src/sudo_edit.c:940 +#: src/sudo_edit.c:823 src/sudo_edit.c:921 #, c-format msgid "sesh: unknown error %d" msgstr "sesh:未知錯誤代碼 %d" -#: src/sudo_edit.c:932 +#: src/sudo_edit.c:913 msgid "unable to copy temporary files back to their original location" msgstr "無法將暫存檔複製回暫存檔的原始位置" -#: src/sudo_edit.c:936 +#: src/sudo_edit.c:917 msgid "unable to copy some of the temporary files back to their original location" msgstr "無法將部份的暫存檔複製回其原始位置" -#: src/sudo_edit.c:981 +#: src/sudo_edit.c:962 #, c-format msgid "unable to change uid to root (%u)" msgstr "無法將使用者 ID 變更為 root (%u)" -#: src/sudo_edit.c:998 +#: src/sudo_edit.c:979 msgid "plugin error: missing file list for sudoedit" msgstr "外掛程式錯誤:缺少可用於 sudoedit 的檔案清單" -#: src/sudo_edit.c:1039 src/sudo_edit.c:1052 +#: src/sudo_edit.c:1020 src/sudo_edit.c:1033 msgid "unable to read the clock" msgstr "無法讀取時間" @@ -905,17 +958,17 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "沒有指定 askpass 程式,將嘗試設定 SUDO_ASKPASS 環境變數" -#: src/tgetpass.c:322 +#: src/tgetpass.c:332 #, c-format msgid "unable to set gid to %u" msgstr "無法將群組 ID 設定為 %u" -#: src/tgetpass.c:326 +#: src/tgetpass.c:336 #, c-format msgid "unable to set uid to %u" msgstr "無法將使用者 ID 設定為 %u" -#: src/tgetpass.c:331 +#: src/tgetpass.c:341 #, c-format msgid "unable to run %s" msgstr "無法執行 %s" @@ -932,6 +985,9 @@ msgid "unable to restore stdin" msgstr "無法復原標準輸入" +#~ msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" +#~ msgstr "無視 %2$s 中 %3$d 行的重複「%1$s」Sudo 政策外掛程式" + #~ msgid "no tty present and no askpass program specified" #~ msgstr "未提供終端機且沒有指定 askpass 程式" diff -Nru sudo-1.8.31/pp sudo-1.9.0/pp --- sudo-1.8.31/pp 2019-10-28 12:27:39.000000000 +0000 +++ sudo-1.9.0/pp 1970-01-01 00:00:00.000000000 +0000 @@ -1,8804 +0,0 @@ -#!/bin/sh -# Copyright 2019 One Identity LLC. ALL RIGHTS RESERVED -pp_revision="20190919" - # Copyright 2018 One Identity LLC. ALL RIGHTS RESERVED. - # - # Redistribution and use in source and binary forms, with or without - # modification, are permitted provided that the following conditions - # are met: - # - # 1. Redistributions of source code must retain the above copyright - # notice, this list of conditions and the following disclaimer. - # 2. Redistributions in binary form must reproduce the above copyright - # notice, this list of conditions and the following disclaimer in the - # documentation and/or other materials provided with the distribution. - # 3. Neither the name of One Identity LLC. nor the names of its - # contributors may be used to endorse or promote products derived from - # this software without specific prior written permission. - # - # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - # TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - # PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - # Please see for more information - -pp_version="1.0.0.$pp_revision" -pp_copyright="Copyright 2018, One Identity LLC. ALL RIGHTS RESERVED." - -pp_opt_debug=false -pp_opt_destdir="$DESTDIR" -pp_opt_install_script= -pp_opt_list=false -pp_opt_no_clean=false -pp_opt_no_package=false -pp_opt_only_front=false -pp_opt_platform= -pp_opt_probe=false -pp_opt_strip=false -pp_opt_save_unstripped=false -pp_opt_vas_platforms=false -pp_opt_wrkdir="`pwd`/pp.work.$$" -pp_opt_verbose=false -pp_opt_version=false -pp_opt_input="-" -pp_opt_init_vars="" -pp_opt_eval= - -test -n "$PP_NO_CLEAN" && pp_opt_no_clean=true -test -n "$PP_DEBUG" && pp_opt_debug=true -test -n "$PP_VERBOSE" && pp_opt_verbose=true - -pp_main_cleanup () { - pp_debug "main_cleanup" - pp_remove_later_now - if $pp_opt_no_clean || test x"$pp_platform" = x"unknown"; then - : no cleanup - else - pp_backend_${pp_platform}_cleanup - $pp_errors && pp_die "Errors during cleanup" - if test -d "$pp_wrkdir"; then - if $pp_opt_debug; then - pp_debug "not removing $pp_wrkdir" - else - pp_verbose rm -rf "$pp_wrkdir" - fi - fi - fi -} - -pp_parseopts () { - typeset a n _var _val - while test $# -gt 0; do - - # convert -[dilpv] to --long-options - case "$1" in - --?*=?*) n=`echo "$1" | sed -ne 's/^--\([^=]*\)=.*/\1/p'` - a=`echo "$1" | sed -ne 's/^--[^=]*=\(.*\)/\1/p'` - shift - set -- "--$n" "$a" "$@";; - --?*) : ;; - - -d) shift; set -- "--debug" "$@";; - -d*) a=`echo "$1" | sed -ne 's/^-.//'` - shift; set -- "--debug" "$@";; - - -i) shift; set -- "--install-script" "$@";; - -i*) a=`echo "$1" | sed -ne 's/^-.//'` - shift; set -- "--install-script" "$a" "$@";; - - -l) shift; set -- "--list" "$@";; - -l*) a=`echo "$1" | sed -ne 's/^-.//'` - shift; set -- "--list" "$@";; - - -p) shift; set -- "--platform" "$@";; - -p*) a=`echo "$1" | sed -ne 's/^-.//'` - shift; set -- "--platform" "$a" "$@";; - - -v) shift; set -- "--verbose" "$@";; - -v*) a=`echo "$1" | sed -ne 's/^-.//'` - shift; set -- "--verbose" "$@";; - - -\?) shift; set -- "--help" "$@";; - -\?*) a=`echo "$1" | sed -ne 's/^-.//'` - shift; set -- "--help" "$@";; - esac - - case "$1" in - --destdir|--eval|--install-script|--platform|--wrkdir) - test $# -ge 2 || pp_error "missing argument to $1";; - esac - - case "$1" in - --) shift;break;; - --debug) pp_opt_debug=true; shift;; - --destdir) pp_opt_destdir="$2"; shift;shift;; - --eval) pp_opt_eval="$2"; shift;shift;; # undoc - --install-script) pp_opt_install_script="$2"; shift;shift;; - --list) pp_opt_list=true; shift;; - --no-clean) pp_opt_no_clean=true; shift;; - --no-package) pp_opt_no_package=true; shift;; - --only-front) pp_opt_only_front=true; shift;; - --platform) pp_opt_platform="$2"; shift;shift;; - --probe) pp_opt_probe=true; shift;; - --strip) pp_opt_strip=true; shift;; - --save-unstripped) pp_opt_save_unstripped=true; shift;; - --wrkdir) pp_opt_wrkdir="$2"; shift;shift;; - --vas-platforms) pp_opt_vas_platforms=true; shift;; - --verbose) pp_opt_verbose=true; shift;; - --version) pp_opt_version=true; shift;; - --help) pp_errors=true; shift;; - -) break;; - -*) pp_error "unknown option $1"; shift;; - *) break;; - esac - - done - - pp_opt_input=- - if test $# -gt 0; then - pp_opt_input="$1" - shift - fi - - #-- extra arguments of the form Foo=bar alter *global* vars - while test $# -gt 0; do - case "$1" in - -*) pp_error "unexpected option '$1'" - shift;; - *=*) _val="${1#*=}" - _var=${1%="$_val"} - _val=`echo "$_val"|sed -e 's/[$"\\]/\\&/g'` - pp_debug "setting $_var = \"$_val\"" - pp_opt_init_vars="$pp_opt_init_vars$_var=\"$_val\";" - shift;; - *) pp_error "unexpected argument $1'" - shift;; - esac - done - - test $# -gt 0 && - pp_error "unknown argument $1" - - if $pp_errors; then - cat <<. >&2 -polypkg $pp_version $pp_copyright -usage: $0 [options] [input.pp] [var=value ...] - -d --debug -- write copious info to stderr - --destdir=path -- file root, defaults to \$DESTDIR - -? --help -- display this information - -i --install-script=path -- create an install helper script - -l --list -- write package filenames to stdout - --no-clean -- don't remove temporary files - --no-package -- do everything but create packages - --only-front -- only perform front-end actions - -p --platform=platform -- defaults to local platform - --probe -- print local system identifier, then exit - --strip -- strip debug symbols from binaries before - packaging (modifies files in destdir) - --save-unstripped -- save unstripped binaries to - \$name-\$version-unstripped.tar.gz - --wrkdir=path -- defaults to subdirectory of \$TMPDIR or /tmp - -v --verbose -- write info to stderr - --version -- display version and quit -. - exit 1 - fi -} - -pp_drive () { - # initialise the front and back ends - pp_model_init - pp_frontend_init - $pp_opt_only_front || pp_backend_init - - # run the front-end to generate the intermediate files - # set $pp_input_dir to be the 'include dir' if needed - pp_debug "calling frontend on $pp_opt_input" - case "$pp_opt_input" in - -) pp_input_dir=. - test -t 1<&0 && - pp_warn "reading directives from standard input" - pp_frontend - ;; - */*) pp_input_dir=${pp_opt_input%/*} - pp_frontend <"$pp_opt_input" - ;; - *) pp_input_dir=. - pp_frontend <"$pp_opt_input" - ;; - esac - - pp_files_ignore_others - pp_service_scan_groups - - # some sanity checks after front-end processing - if test x"$pp_platform" != x"null"; then - pp_debug "sanity checks" - test -n "$pp_components" || pp_error "No components?" - pp_check_var_is_defined "name" - pp_check_var_is_defined "version" - pp_files_check_duplicates - pp_files_check_coverage - pp_die_if_errors "Errors during sanity checks" - fi - - # stop now if we're only running the front - $pp_opt_only_front && return - - if test x"$pp_opt_strip" = x"true"; then - pp_strip_binaries - fi - - # run the back-end to generate the package - pp_debug "calling backend" - pp_backend - pp_die_if_errors "Errors during backend processing" - - # copy the resulting package files to PP_PKGDESTDIR or . - for f in `pp_backend_names` -; do - test x"$f" = x"-" && continue - pp_debug "copying: $f to `pwd`" - if pp_verbose cp -r $pp_wrkdir/$f ${PP_PKGDESTDIR:-.}; then - echo "${PP_PKGDESTDIR:+$PP_PKGDESTDIR/}$f" - else - pp_error "$f: missing package" - fi - done - pp_die_if_errors "Errors during package copying" -} - -pp_install_script () { - pp_debug "writing install script to $pp_opt_install_script" - rm -f $pp_opt_install_script - pp_backend_install_script > $pp_opt_install_script - pp_die_if_errors "Errors during package install script" - chmod +x $pp_opt_install_script -} - -pp_main () { - # If PP_DEV_PATH is set, then jump to that script. - # (Useful when working on polypkg source that isn't installed) - if test -n "$PP_DEV_PATH" -a x"$PP_DEV_PATH" != x"$0"; then - pp_warn "switching from $0 to $PP_DEV_PATH ..." - exec "$PP_DEV_PATH" "$@" || exit 1 - fi - - pp_set_expand_converter_or_reexec "$@" - pp_parseopts "$@" - - if $pp_opt_version; then - #-- print version and exit - echo "polypkg $pp_version" - exit 0 - fi - - pp_set_platform - - trap 'pp_main_cleanup' 0 - - pp_wrkdir="$pp_opt_wrkdir" - pp_debug "pp_wrkdir = $pp_wrkdir" - rm -rf "$pp_wrkdir" - mkdir -p "$pp_wrkdir" - - pp_destdir="$pp_opt_destdir" - pp_debug "pp_destdir = $pp_destdir" - - if $pp_opt_probe; then - pp_backend_init - pp_backend_probe - elif $pp_opt_vas_platforms; then - pp_backend_init - pp_backend_vas_platforms - elif test -n "$pp_opt_eval"; then - #-- execute a shell command - eval "$pp_opt_eval" || exit - else - pp_drive - if test -n "$pp_opt_install_script"; then - pp_install_script - fi - fi - - exit 0 -} - - -pp_errors=false - -if test -n "$TERM" -a -t 1 && (tput op) >/dev/null 2>/dev/null; then - pp_col_redfg=`tput setf 4` 2>/dev/null - pp_col_bluefg=`tput setf 1` 2>/dev/null - pp_col_reset=`tput op` 2>/dev/null -else - pp_col_redfg='[' - pp_col_bluefg='[' - pp_col_reset=']' -fi - -pp__warn () { - if test x"" = x"$pp_lineno"; then - echo "$1 $2" >&2 - else - echo "$1 line $pp_lineno: $2" >&2 - fi -} - -pp_warn () { - pp__warn "pp: ${pp_col_redfg}warning${pp_col_reset}" "$*" -} - -pp_error () { - pp__warn "pp: ${pp_col_redfg}error${pp_col_reset}" "$*" - pp_errors=true -} - -pp_die () { - pp_error "$@" - exit 1 -} - -pp_die_if_errors () { - $pp_errors && pp_die "$@" -} - -pp_debug () { - $pp_opt_debug && echo "${pp_col_bluefg}debug${pp_col_reset} $*" >&2 -} - -pp_verbose () { - $pp_opt_verbose && echo "pp: ${pp_col_bluefg}info${pp_col_reset} $*" >&2 - "$@"; -} - -pp_substitute () { - sed -e 's,%(\([^)]*\)),`\1`,g' \ - -e 's,%{\([^}]*\)},${\1},g' \ - -e 's,$,,' | - tr '' '\012' | - sed -e '/^[^]/s/["$`\\]/\\&/g' \ - -e 's/^//' \ - -e '1s/^/echo "/' \ - -e '$s,$,",' \ - -e 's,,"echo ",g' | - tr -d '\012' | - tr '' '\012' - echo -} - -pp_incr () { - eval "$1=\`expr \$$1 + 1\`" -} - -pp_decr () { - eval "$1=\`expr \$$1 - 1\`" -} - -pp_check_var_is_defined () { - if eval test -z "\"\$$1\""; then - pp_error "\$$1: not set" - eval "$1=undefined" - fi -} - -pp_contains () { - case " $1 " in - *" $2 "*) return 0;; - *) return 1;; - esac -} - -pp_contains_all () { - typeset _s _c - _l="$1"; shift - for _w - do - pp_contains "$_l" "$_w" || return 1 - done - return 0 -} - -pp_contains_any () { - typeset _s _c - _l="$1"; shift - for _w - do - pp_contains "$_l" "$_w" && return 0 - done - return 1 -} - -pp_add_to_list () { - if eval test -z \"\$$1\"; then - eval $1='"$2"' - elif eval pp_contains '"$'$1'"' '"$2"'; then - : already there - else - eval $1='"$'$1' $2"' - fi -} - -pp_unique () { - typeset result element - result= - for element - do - pp_add_to_list result $element - done - echo $result -} - -pp_mode_strip_altaccess () { - case "$1" in - ??????????[+.]) - echo `echo "$1" | cut -b -10`;; - *) - echo "$1";; - esac -} - -pp_mode_from_ls () { - typeset umode gmode omode smode - - set -- `pp_mode_strip_altaccess "$1"` - - case "$1" in - ?--[-X]??????) umode=0;; - ?--[xs]??????) umode=1;; - ?-w[-X]??????) umode=2;; - ?-w[xs]??????) umode=3;; - ?r-[-X]??????) umode=4;; - ?r-[xs]??????) umode=5;; - ?rw[-X]??????) umode=6;; - ?rw[xs]??????) umode=7;; - *) pp_error "bad user mode $1";; - esac - - case "$1" in - ????--[-S]???) gmode=0;; - ????--[xs]???) gmode=1;; - ????-w[-S]???) gmode=2;; - ????-w[xs]???) gmode=3;; - ????r-[-X]???) gmode=4;; - ????r-[xs]???) gmode=5;; - ????rw[-X]???) gmode=6;; - ????rw[xs]???) gmode=7;; - *) pp_error "bad group mode $1";; - esac - - case "$1" in - ???????--[-T]) omode=0;; - ???????--[xt]) omode=1;; - ???????-w[-T]) omode=2;; - ???????-w[xt]) omode=3;; - ???????r-[-T]) omode=4;; - ???????r-[xt]) omode=5;; - ???????rw[-T]) omode=6;; - ???????rw[xt]) omode=7;; - *) pp_error "bad other mode $1";; - esac - - case "$1" in - ???[-x]??[-x]??[-x]) smode=;; - ???[-x]??[-x]??[tT]) smode=1;; - ???[-x]??[Ss]??[-x]) smode=2;; - ???[-x]??[Ss]??[tT]) smode=3;; - ???[Ss]??[-x]??[-x]) smode=4;; - ???[Ss]??[-x]??[tT]) smode=5;; - ???[Ss]??[Ss]??[-x]) smode=6;; - ???[Ss]??[Ss]??[tT]) smode=7;; - *) pp_error "bad set-id mode $1";; - esac - - echo "$smode$umode$gmode$omode" -} - -pp_find_recurse () { - pp_debug "find: ${1#$pp_destdir}/" - for f in "$1"/.* "$1"/*; do - case "$f" in */.|*/..) continue;; esac # should never happen! - if test -d "$f" -o -f "$f" -o -h "$f"; then - if test -d "$f" -a ! -h "$f"; then - echo "${f#$pp_destdir}/" - pp_find_recurse "$f" - else - echo "${f#$pp_destdir}" - fi - fi - done -} - -pp_prepend () { - #test -t && pp_warn "pp_prepend: stdin is a tty?" - if test -f $1; then - pp_debug "prepending to $1" - mv $1 $1._prepend - cat - $1._prepend >$1 - rm -f $1._prepend - else - pp_debug "prepend: creating $1" - cat >$1 - fi -} - -pp_note_file_used() { - echo "$1" >> $pp_wrkdir/all.files -} - -pp_create_dir_if_missing () { - case "$1" in - */) pp_error "pp_create_dir_if_missing: trailing / forbidden";; - "") return 0;; - *) if test ! -d "$pp_destdir$1"; then - pp_debug "fabricating directory $1/" - pp_create_dir_if_missing "${1%/*}" - mkdir "$pp_destdir$1" && - pp_note_file_used "$1/" - pp_remove_later "$1" && - chmod ${2:-755} "$pp_destdir$1" - fi;; - esac -} - -pp_add_file_if_missing () { - typeset dir - #-- check that the file isn't already declared in the component - if test -s $pp_wrkdir/%files.${2:-run}; then - awk "\$6 == \"$1\" {exit 1}" < $pp_wrkdir/%files.${2:-run} || return 1 - fi - - pp_create_dir_if_missing "${1%/*}" - pp_debug "fabricating file $1" - echo "f ${3:-755} - - ${4:--} $1" >> $pp_wrkdir/%files.${2:-run} - pp_note_file_used "$1" - pp_remove_later "$1" - return 0 -} - -pp_add_transient_file () { - test -f "$pp_destdir$1" && pp_die "$pp_destdir$1: exists" - pp_create_dir_if_missing "${1%/*}" - pp_debug "transient file $1" - pp_note_file_used "$1" - pp_remove_later "$1" -} - -pp_remove_later () { - { - echo "$1" - test -s $pp_wrkdir/pp_cleanup && cat $pp_wrkdir/pp_cleanup - } > $pp_wrkdir/pp_cleanup.new - mv $pp_wrkdir/pp_cleanup.new $pp_wrkdir/pp_cleanup -} - -pp_ls_readlink () { - if test -h "$1"; then - ls -1ld "$1" | sed -ne 's,.* -> ,,p' - else - echo "$1: not a symbolic link" >&2 - return 1 - fi -} - -pp_remove_later_now () { - typeset f - if test -s $pp_wrkdir/pp_cleanup; then - pp_debug "pp_remove_later_now" - while read f; do - pp_debug "removing $pp_destdir$f" - if test -d $pp_destdir$f; then - rmdir $pp_destdir$f - else - rm $pp_destdir$f - fi - done < $pp_wrkdir/pp_cleanup - rm $pp_wrkdir/pp_cleanup - fi -} - -pp_readlink() { - -pp_debug "&& pp_readlink_fn=$pp_readlink_fn" - - if test -n "$pp_readlink_fn"; then -pp_debug "&& calling $pp_readlink_fn $*" - "$pp_readlink_fn" "$@" - else - readlink "$@" - fi -} - - -pp_install_script_common () { - cat <<-. - - # Automatically generated for - # $name $version ($pp_platform) - # by PolyPackage $pp_version - - usage () { - case "$1" in - "list-services") - echo "usage: \$0 list-services" ;; - "list-components") - echo "usage: \$0 list-components" ;; - "list-files") - echo "usage: \$0 list-files {cpt...|all}" ;; - "install") - echo "usage: \$0 install {cpt...|all}" ;; - "uninstall") - echo "usage: \$0 uninstall {cpt...|all}" ;; - "start") - echo "usage: \$0 start {svc...}" ;; - "stop") - echo "usage: \$0 stop {svc...}" ;; - "print-platform") - echo "usage: \$0 print-platform" ;; - *) - echo "usage: \$0 [-q] command [args]" - echo " list-services" - echo " list-components" - echo " list-files {cpt...|all}" - echo " install {cpt...|all}" - echo " uninstall {cpt...|all}" - echo " start {svc...}" - echo " stop {svc...}" - echo " print-platform" - ;; - esac >&2 - exit 1 - } - - if test x"\$1" = x"-q"; then - shift - verbose () { "\$@"; } - verbosemsg () { : ; } - else - verbose () { echo "+ \$*"; "\$@"; } - verbosemsg () { echo "\$*"; } - fi -. -} - - -pp_functions () { - typeset func deps allfuncs - allfuncs= - while test $# -gt 0; do - pp_add_to_list allfuncs "$1" - deps=`pp_backend_function "$1:depends"` - shift - set -- `pp_unique "$@" $deps` - done - - for func in $allfuncs - do - pp_debug "generating function code for '$1'" - echo "" - echo "$func () {" - case "$func" in - pp_mkgroup|pp_mkuser|pp_havelib) echo <<.;; - if test \$# -lt 1; then - echo "$func: not enough arguments" >&2 - return 1 - fi -. - esac - pp_backend_function "$func" || cat <<. - echo "$func: not implemented" >&2 - return 1 -. - echo "}" - done -} - -pp_function () { - pp_functions "$1" -} - -pp_makevar () { - #-- convert all non alpha/digits to underscores - echo "$*" | tr -c '[a-z][A-Z][0-9]\012' '[_*]' -} - -pp_getpwuid () { - awk -F: '$3 == uid { if (!found) print $1; found=1; } END { if (!found) exit 1; }' uid="$1" \ - < /etc/passwd || pp_error "no local username for uid $1" -} - -pp_getgrgid () { - awk -F: '$3 == gid { if (!found) print $1; found=1; } END { if (!found) exit 1; }' gid="$1" \ - < /etc/group || pp_error "no local group for gid $1" -} - -pp_backend_function_getopt () { - cat <<'..' -pp_getopt () { - _pp_optstring="$1"; shift; eval `_pp_getopt "$_pp_optstring"` -} -_pp_getopt_meta=s,[\\\\\"\'\`\$\&\;\(\)\{\}\#\%\ \ ],\\\\\&,g -_pp_protect () { - sed "$_pp_getopt_meta" <<. | tr '\012' ' ' -$* -. -} -_pp_protect2 () { - sed "s,^..,,$pp_getopt_meta" <<. | tr '\012' ' ' -$* -. -} -_pp_nonl () { - tr '\012' ' ' <<. -$* -. -} -_pp_getopt () { - _pp_nonl '_pp_nonl set --; while test $# -gt 0; do case "$1" in "--") shift; break;;' - sed 's/\([^: ]:*\)/<@<\1>@>/g; - s/<@<\(.\):>@>/"-\1") _pp_nonl -"\1"; _pp_protect "$2"; shift; shift;; "-\1"*) _pp_nonl -"\1"; _pp_protect2 "$1"; shift;;/g;s/<@<\(.\)>@>/ "-\1") _pp_nonl -"\1"; shift;; "-\1"*) _pp_nonl -"\1"; _pp_tmp="$1"; shift; set -- -`_pp_protect2 "$_pp_tmp"` "$@";;/g' <<. -$1 -. - _pp_nonl '-*) echo "$1: unknown option">&2; return 1;; *) break;; esac; done; _pp_nonl --; while test $# -gt 0; do _pp_nonl "$1"; shift; done; echo' - echo -} -.. -} - -pp_copy_unstripped () { - typeset filedir realdir - filedir="`dirname ${1#$pp_destdir}`" - realdir="$pp_wrkdir/unstripped/$filedir" - - mkdir -p "$realdir" - # Can't use hardlinks because `strip` modifies the original file in-place - cp "$1" "$realdir" -} - -pp_package_stripped_binaries () { - (cd "$pp_wrkdir/unstripped" && tar -c .) \ - | gzip > "$name-dbg-$version.tar.gz" - rm -rf "$pp_wrkdir/unstripped" -} - -pp_strip_binaries () { - if test x"$pp_opt_save_unstripped" = x"true"; then - rm -rf "$pp_wrkdir/unstripped" - mkdir "$pp_wrkdir/unstripped" - fi - - for f in `find "$pp_destdir" -type f`; do - if file "$f" | awk '{print $2}' | grep ^ELF >/dev/null 2>&1; then - if test x"$pp_opt_save_unstripped" = x"true"; then - if file "$f" | LC_MESSAGES=C grep 'not stripped' >/dev/null 2>&1; then - pp_debug "Saving unstripped binary $f" - pp_copy_unstripped "$f" - else - pp_debug "$f is already stripped; not saving a copy" - fi - fi - pp_debug "Stripping unnecessary symbols from $f" - strip "$f" - fi - done - - if test x"$pp_opt_save_unstripped" = x"true"; then - pp_package_stripped_binaries - fi -} - -pp_if_true=0 -pp_if_false=0 - -pp_frontend_init () { - name= - version= - build_number= - summary="no summary" - description="No description" - copyright="Copyright 2018 One Identity LLC. ALL RIGHTS RESERVED." - - #-- if the user supplied extra arguments on the command line - # then load them now. - pp_debug "pp_opt_init_vars=$pp_opt_init_vars" - test -n "$pp_opt_init_vars" && eval "$pp_opt_init_vars" -} - -pp_is_qualifier () { - typeset ret - - case "$1" in - "["*"]") ret=true;; - *) ret=false;; - esac - pp_debug "is_qualifier: $* -> $ret" - test $ret = true -} - -pp_eval_qualifier () { - typeset ret - - case "$1" in - "[!$pp_platform]"| \ - "[!"*",$pp_platform]"| \ - "[!$pp_platform,"*"]"| \ - "[!"*",$pp_platform,"*"]") ret=false;; - "[!"*"]") ret=true;; - "[$pp_platform]"| \ - "["*",$pp_platform]"| \ - "[$pp_platform,"*"]"| \ - "["*",$pp_platform,"*"]") ret=true;; - "["*"]") ret=false;; - *) pp_die "pp_eval_qualifier: bad qualifier '$1'" - esac - pp_debug "eval: $* -> $ret" - test true = $ret -} - -pp_frontend_if () { - typeset ifcmd ifret - ifcmd="$1"; - shift - case "$ifcmd" in - %if) if test 0 = $pp_if_false; then - case "$*" in - true |1) pp_incr pp_if_true;; - false|0) pp_incr pp_if_false;; - *) - ifret=true - if pp_is_qualifier "$*"; then - pp_eval_qualifier "$*" || ifret=false - else - eval test "$@" || ifret=false - pp_debug "evaluating test $* -> $ifret" - fi - pp_incr pp_if_$ifret - ;; - esac - else - pp_incr pp_if_false - fi;; - %else) test $# = 0 || pp_warn "ignoring argument to %else" - if test $pp_if_false -gt 1; then - : no change - elif test $pp_if_false = 1; then - pp_incr pp_if_true - pp_decr pp_if_false - elif test $pp_if_true = 0; then - pp_die "unmatched %else" - else - pp_incr pp_if_false - pp_decr pp_if_true - fi;; - %endif) test $# = 0 || pp_warn "ignoring argument to %endif" - if test $pp_if_false -gt 0; then - pp_decr pp_if_false - elif test $pp_if_true -gt 0; then - pp_decr pp_if_true - else - pp_die "unmatched %endif" - fi;; - *) pp_die "frontend_if: unknown cmd $ifcmd";; - esac -} - - -pp_frontend () { - typeset section newsection sed_word sed_ws line cpt svc - typeset section_enabled newsection_enabled s sed sed_candidate - - section='%_initial' - newsection='%_initial' - section_enabled=: - newsection_enabled=: - sed_word="[a-zA-Z_][a-zA-Z_0-9]*" - sed_ws="[ ]" - - #-- not all seds are created equal - sed= - for sed_candidate in ${PP_SED:-sed} /usr/xpg4/bin/sed; do - if echo 'foo' | $sed_candidate -ne '/^\(x\)*foo/p' | grep foo > /dev/null - then - sed="$sed_candidate" - break - fi - done - test -z "$sed" && - pp_die "sed is broken on this system" - - pp_lineno=0 - - #-- Note: this sed script should perform similar to pp_eval_qualifier() - $sed -e "/^#/s/.*//" \ - -e "/^\\[!\\($sed_word,\\)*$pp_platform\\(,$sed_word\\)*\\]/s/.*//" \ - -e "s/^\\[\\($sed_word,\\)*$pp_platform\\(,$sed_word\\)*\\]$sed_ws*//" \ - -e "s/^\\[!\\($sed_word,\\)*$sed_word\\]$sed_ws*//" \ - -e "/^\\[\\($sed_word,\\)*$sed_word\\]/s/.*//" \ - -e "s/^%$sed_ws*/%/" \ - -e "s/^$sed_ws/%\\\\&/" \ - > $pp_wrkdir/frontend.tmp - - #-- add an ignore section at the end to force section completion - echo '%ignore' >> $pp_wrkdir/frontend.tmp - echo >> $pp_wrkdir/frontend.tmp - - exec 0<$pp_wrkdir/frontend.tmp - : > $pp_wrkdir/tmp - : > $pp_wrkdir/%fixup - while read -r line; do - #-- Convert leading double-% to single-%, or switch sections - pp_incr pp_lineno - - pp_debug "line $pp_lineno: $line" - set -f - set -- $line - set +f - #pp_debug "line $pp_lineno: $*" - - case "$line" in %*) - case "$1" in - %if|%else|%endif) - pp_debug "processing if directive $1" - pp_frontend_if "$@" - continue;; - esac - test 0 -ne $pp_if_false && continue # ignore lines %if'd out - - case "$1" in - %set|%fixup|%ignore) - pp_debug "processing new section $1" - newsection="$1"; shift - newsection_enabled=: - if pp_is_qualifier "$1"; then - pp_eval_qualifier "$1" || newsection_enabled=false - shift - fi - test $# -eq 0 || pp_warn "ignoring extra arguments: $line" - continue;; - %pre|%post|%preun|%postup|%preup|%postun|%files|%depend|%check|%conflict) - pp_debug "processing new component section $*" - s="$1"; shift - if test $# -eq 0 || pp_is_qualifier "$1"; then - cpt=run - else - cpt="$1" - shift - fi - newsection="$s.$cpt" - newsection_enabled=: - if test $# -gt 0 && pp_is_qualifier "$1"; then - pp_eval_qualifier "$1" || newsection_enabled=false - shift - fi - test $# -eq 0 || - pp_warn "ignoring extra arguments: $line" - case "$cpt" in - run|dbg|doc|dev) - $newsection_enabled && pp_add_component "$cpt";; - x-*) :;; # useful for discarding stuff - *) pp_error "unknown component: $1 $cpt";; - esac - continue;; - %pp) - newsection="%ignore"; shift - if test $# -gt 0; then - pp_set_api_version "$1" - shift - else - pp_error "%pp: missing version" - fi - test $# -gt 0 && - pp_error "%pp: too many arguments" - continue;; - %service) - pp_debug "processing new service section $1 $2" - s="$1"; shift - if test $# -eq 0 || pp_is_qualifier "$1"; then - pp_error "$s: service name required" - svc=unknown - else - svc="$1"; shift - fi - - newsection="$s.$svc" - newsection_enabled=: - if test $# -gt 0 && pp_is_qualifier "$1"; then - pp_eval_qualifier "$1" || newsection_enabled=false - shift - fi - test $# -eq 0 || - pp_warn "ignoring extra arguments: $line" - $newsection_enabled && pp_add_service "$svc" - continue;; - %\\*) - pp_debug "removing leading %\\" - line="${line#??}" - pp_debug " result is <$line>" - set -f - set -- $line - set +f - ;; - %%*) - pp_debug "removing leading %" - line="${line#%}" - set -f - set -- $line - set +f - ;; - %*) - pp_error "unknown section $1" - newsection='%ignore' - newsection_enabled=: - continue;; - esac;; - esac - - test 0 != $pp_if_false && continue # ignore lines %if'd out - - pp_debug "section=$section (enabled=$section_enabled) newsection=$newsection (enabled=$newsection_enabled)" - - #-- finish processing a previous section - if test x"$newsection" != x""; then - $section_enabled && case "$section" in - %ignore|%_initial) - pp_debug "leaving ignored section $section" - : ignore # guaranteed to be the last section - ;; - %set) - pp_debug "leaving $section: sourcing $pp_wrkdir/tmp" - $pp_opt_debug && cat $pp_wrkdir/tmp >&2 - . $pp_wrkdir/tmp - : > $pp_wrkdir/tmp - ;; - %pre.*|%preun.*|%post.*|%postup.*|%preup.*|%postun.*|%depend.*|%check.*|%conflict.*|%service.*|%fixup) - pp_debug "leaving $section: substituting $pp_wrkdir/tmp" - # cat $pp_wrkdir/tmp >&2 # debugging - $pp_opt_debug && pp_substitute < $pp_wrkdir/tmp >&2 - pp_substitute < $pp_wrkdir/tmp > $pp_wrkdir/tmp.sh - . $pp_wrkdir/tmp.sh >> $pp_wrkdir/$section || - pp_error "shell error in $section" - rm -f $pp_wrkdir/tmp.sh - : > $pp_wrkdir/tmp - ;; - esac - section="$newsection" - section_enabled="$newsection_enabled" - newsection= - fi - - #-- ignore section content that is disabled - $section_enabled || continue - - #-- process some lines in-place - case "$section" in - %_initial) - case "$line" in "") continue;; esac # ignore non-section blanks - pp_die "Ignoring text before % section introducer";; - %set|%pre.*|%preun.*|%post.*|%postup.*|%preup.*|%postun.*|%check.*|%service.*|%fixup) - pp_debug "appending line to \$pp_wrkdir/tmp" - echo "$line" >> $pp_wrkdir/tmp - ;; - %files.*) - test $# -eq 0 && continue; - pp_files_expand "$@" >> $pp_wrkdir/$section - ;; - %depend.*) - pp_debug "Adding explicit dependency $@ to $cpt" - echo "$@" >> $pp_wrkdir/%depend.$cpt - ;; - %conflict.*) - pp_debug "Adding explicit conflict $@ to $cpt" - echo "$@" >> $pp_wrkdir/%conflict.$cpt - ;; - esac - done - exec <&- - - if test $pp_if_true != 0 -o $pp_if_false != 0; then - pp_die "missing %endif at end of file" - fi - - pp_lineno= - - pp_debug " name = $name" - pp_debug " version = $version" - pp_debug " summary = $summary" - pp_debug " description = $description" - pp_debug " copyright = $copyright" - pp_debug "" - pp_debug "\$pp_components: $pp_components" - pp_debug "\$pp_services: $pp_services" -} - -pp_set_api_version() { - case "$1" in - 1.0) : ;; - *) pp_error "This version of polypackage is too old";; - esac -} - -pp_platform= - -pp_set_platform () { - if test -n "$pp_opt_platform"; then - pp_contains "$pp_platforms" "$pp_opt_platform" || - pp_die "$pp_opt_platform: unknown platform" - pp_platform="$pp_opt_platform" - else - uname_s=`uname -s 2>/dev/null` - pp_platform= - for p in $pp_platforms; do - pp_debug "probing for platform $p" - if eval pp_backend_${p}_detect "$uname_s"; then - pp_platform="$p" - break; - fi - done - test -z "$pp_platform" && - pp_die "cannot detect platform (supported: $pp_platforms)" - fi - pp_debug "pp_platform = $pp_platform" -} - -pp_expand_path= - -pp_expand_test_usr_bin () { - awk '$1 == "/usr" || $2 == "/usr" {usr++} - $1 == "/bin" || $2 == "/bin" {bin++} - END { if (usr == 1 && bin == 1) exit(0); else exit(1); }' -} - -pp_set_expand_converter_or_reexec () { - test -d /usr -a -d /bin || - pp_die "missing /usr or /bin" - echo /usr /bin | pp_expand_test_usr_bin || pp_die "pp_expand_test_usr_bin?" - if (eval "echo /{usr,bin}" | pp_expand_test_usr_bin) 2>/dev/null; then - pp_expand_path=pp_expand_path_brace - elif (eval "echo /@(usr|bin)" | pp_expand_test_usr_bin) 2>/dev/null; then - pp_expand_path=pp_expand_path_at - else - test x"$pp_expand_rexec" != x"true" || - pp_die "problem finding shell that can do brace expansion" - for shell in bash ksh ksh93; do - if ($shell -c 'echo /{usr,bin}' | - pp_expand_test_usr_bin) 2>/dev/null || - ($shell -c 'echo /@(usr|bin)' | - pp_expand_test_usr_bin) 2>/dev/null - then - pp_debug "switching to shell $shell" - pp_expand_rexec=true exec $shell "$0" "$@" - fi - done - pp_die "cannot find a shell that does brace expansion" - fi -} - -pp_expand_path_brace () { - typeset f - eval "for f in $1; do echo \"\$f\"; done|sort -u" -} - -pp_expand_path_at () { - typeset f - eval "for f in ` - echo "$1" | sed -e 's/{/@(/g' -e 's/}/)/g' -e 's/,/|/g' - `; do echo \"\$f\"; done|sort -u" -} - -pp_shlib_suffix='.so*' - -pp_model_init () { - #@ $pp_components: whitespace-delimited list of components seen in %files - pp_components= - #@ $pp_services: whitespace-delimited list of %service seen - pp_services= - - rm -f $pp_wrkdir/%files.* \ - $pp_wrkdir/%post.* \ - $pp_wrkdir/%pre.* \ - $pp_wrkdir/%preun.* \ - $pp_wrkdir/%postup.* \ - $pp_wrkdir/%postun.* \ - $pp_wrkdir/%service.* \ - $pp_wrkdir/%set \ - $pp_wrkdir/%fixup -} - - -pp_have_component () { - pp_contains "$pp_components" "$1" -} - -pp_have_all_components () { - pp_contains_all "$pp_components" "$@" -} - -pp_add_component () { - pp_add_to_list 'pp_components' "$1" -} - -pp_add_service () { - pp_add_to_list 'pp_services' "$1" -} - -pp_service_init_vars () { - cmd= - pidfile= - stop_signal=15 # SIGTERM - user=root - group= - enable=yes # make it so the service starts on boot - optional=no # Whether installing this service is optional - pp_backend_init_svc_vars -} - -pp_service_check_vars () { - test -n "$cmd" || - pp_error "%service $1: cmd not defined" - case "$enable" in - yes|no) : ;; - *) pp_error "%service $1: \$enable must be set to yes or no";; - esac -} - -pp_load_service_vars () { - pp_service_init_vars - . "$pp_wrkdir/%service.$1" - pp_service_check_vars "$1" -} - -pp_files_expand () { - typeset _p _mode _group _owner _flags _path _optional _has_target _tree - typeset _target _file _tgt _m _o _g _f _type _lm _ll _lo _lg _ls _lx - typeset _ignore _a - - test $# -eq 0 && return - - pp_debug "pp_files_expand: path is: $1" - - case "$1" in "#"*) return;; esac - _p="$1"; shift - - pp_debug "pp_files_expand: other arguments: $*" - - #-- the mode must be an octal number of at least three digits - _mode="=" - _a=`eval echo \"$1\"` - case "$_a" in - *:*) :;; - -|=|[01234567][01234567][01234567]*) _mode="$_a"; shift;; - esac - - #-- the owner:group field may have optional parts - _a=`eval echo \"$1\"` - case "$_a" in - *:*) _group=${_a#*:}; _owner=${_a%:*}; shift;; - =|-) _group=$_a; _owner=$_a; shift;; - *) _group=; _owner=;; - esac - - #-- process the flags argument - _flags= - _target= - _optional=false - _has_target=false - _ignore=false - if test $# -gt 0; then - _a=`eval echo \"$1\"` - case ",$_a," in *,volatile,*) _flags="${_flags}v";; esac - case ",$_a," in *,optional,*) _optional=true;; esac - case ",$_a," in *,symlink,*) _has_target=true;; esac - case ",$_a," in *,ignore-others,*) _flags="${_flags}i";; esac - case ",$_a," in *,ignore,*) _ignore=true;; esac - shift - fi - - #-- process the target argument - if $_has_target; then - test $# -ne 0 || pp_error "$_p: missing target" - _a=`eval echo \"$1\"` - _target="$_a" - shift - fi - - pp_debug "pp_files_expand: $_mode|$_owner:$_group|$_flags|$_target|$*" - - test $# -eq 0 || pp_error "$_p: too many arguments" - - #-- process speciall suffixes - tree= - case "$_p" in - *"/**") _p="${_p%"/**"}"; tree="**";; - *".%so") _p="${_p%".%so"}$pp_shlib_suffix";; - esac - - #-- expand the path using the shell glob - pp_debug "expanding .$_p ... with $pp_expand_path" - (cd ${pp_destdir} && $pp_expand_path ".$_p") > $pp_wrkdir/tmp.files.exp - - #-- expand path/** by rewriting the glob output file - case "$tree" in - "") : ;; - "**") - pp_debug "expanding /** tree ..." - while read _path; do - _path="${_path#.}" - pp_find_recurse "$pp_destdir${_path%/}" - done < $pp_wrkdir/tmp.files.exp | - sort -u > $pp_wrkdir/tmp.files.exp2 - mv $pp_wrkdir/tmp.files.exp2 $pp_wrkdir/tmp.files.exp - ;; - esac - - while read _path; do - _path="${_path#.}" - _file="${pp_destdir}${_path}" - _tgt= - _m="$_mode" - _o="${_owner:--}" - _g="${_group:--}" - _f="$_flags" - - case "$_path" in - /*) :;; - *) pp_warn "$_path: inserting leading /" - _path="/$_path";; # ensure leading / - esac - - #-- sanity checks - case "$_path" in - */../*|*/..) pp_error "$_path: invalid .. in path";; - */./*|*/.) pp_warn "$_path: invalid component . in path";; - *//*) pp_warn "$_path: redundant / in path";; - esac - - #-- set the type based on the real file's type - if $_ignore; then - _type=f _m=_ _o=_ _g=_ - elif test -h "$_file"; then - case "$_path" in - */) pp_warn "$_path (symlink $_file): removing trailing /" - _path="${_path%/}" - ;; - esac - _type=s - if test x"$_target" != x"=" -a -n "$_target"; then - _tgt="$_target" -pp_debug "symlink target is $_tgt" - else - _tgt=`pp_readlink "$_file"`; - test -z "$_tgt" && pp_error "can't readlink $_file" - case "$_tgt" in - ${pp_destdir}/*) - pp_warn "stripped \$destdir from symlink ($_path)" - _tgt="${_tgt#$pp_destdir}";; - esac - fi - _m=777 - elif test -d "$_file"; then - #-- display a warning if the user forgot the trailing / - case "$_path" in - */) :;; - *) pp_warn "$_path (matching $_file): adding trailing /" - _path="$_path/";; - esac - _type=d - $_has_target && pp_error "$_file: not a symlink" - elif test -f "$_file"; then - case "$_path" in - */) pp_warn "$_path (matching $_file): removing trailing /" - _path="${_path%/}" - ;; - esac - _type=f - $_has_target && pp_error "$_file: not a symlink" - else - $_optional && continue - pp_error "$_file: missing" - _type=f - fi - - #-- convert '=' shortcuts into mode/owner/group from ls - case ":$_m:$_o:$_g:" in *:=:*) - if LS_OPTIONS=--color=never /bin/ls -ld "$_file" \ - > $pp_wrkdir/ls.tmp - then - read _lm _ll _lo _lg _ls _lx < $pp_wrkdir/ls.tmp - test x"$_m" = x"=" && _m=`pp_mode_from_ls "$_lm"` - test x"$_o" = x"=" && _o="$_lo" - test x"$_g" = x"=" && _g="$_lg" - else - pp_error "cannot read $_file" - test x"$_m" = x"=" && _m=- - test x"$_o" = x"=" && _o=- - test x"$_g" = x"=" && _g=- - fi - ;; - esac - - test -n "$_f" || _f=- - - #-- sanity checks - test -n "$_type" || pp_die "_type empty" - test -n "$_path" || pp_die "_path empty" - test -n "$_m" || pp_die "_m empty" - test -n "$_o" || pp_die "_o empty" - test -n "$_g" || pp_die "_g empty" - - #-- setuid/gid files must be given an explicit owner/group (or =) - case "$_o:$_g:$_m" in - -:*:[4657][1357]??|-:*:[4657]?[1357]?|-:*:[4657]??[1357]) - pp_error "$_path: setuid file ($_m) missing explicit owner";; - *:-:[2367][1357]??|*:-:[2367]?[1357]?|*:-:[2367]??[1357]) - pp_error "$_path: setgid file ($_m) missing explicit group";; - esac - - # convert numeric uids into usernames; only works for /etc/passwd - case "$_o" in [0-9]*) _o=`pp_getpwuid $_o`;; esac - case "$_g" in [0-9]*) _g=`pp_getgrgid $_g`;; esac - - pp_debug "$_type $_m $_o $_g $_f $_path" $_tgt - $_ignore || echo "$_type $_m $_o $_g $_f $_path" $_tgt - pp_note_file_used "$_path" - case "$_f" in *i*) echo "$_path" >> $pp_wrkdir/ign.files;; esac - done < $pp_wrkdir/tmp.files.exp -} - -pp_files_check_duplicates () { - typeset _path - if test -s $pp_wrkdir/all.files; then - sort < $pp_wrkdir/all.files | uniq -d > $pp_wrkdir/duplicate.files - if test -f $pp_wrkdir/ign.awk; then - # Remove ignored files - mv $pp_wrkdir/duplicate.files $pp_wrkdir/duplicate.files.ign - sed -e 's/^/_ _ _ _ _ /' < $pp_wrkdir/duplicate.files.ign | - awk -f $pp_wrkdir/ign.awk | - sed -e 's/^_ _ _ _ _ //' > $pp_wrkdir/duplicate.files - fi - while read _path; do - pp_warn "$_path: file declared more than once" - done <$pp_wrkdir/duplicate.files - fi -} - -pp_files_check_coverage () { - pp_find_recurse "$pp_destdir" | sort > $pp_wrkdir/coverage.avail - if test -s $pp_wrkdir/all.files; then - sort -u < $pp_wrkdir/all.files - else - : - fi > $pp_wrkdir/coverage.used - join -v1 $pp_wrkdir/coverage.avail $pp_wrkdir/coverage.used \ - > $pp_wrkdir/coverage.not-packaged - if test -s $pp_wrkdir/coverage.not-packaged; then - pp_warn "The following files/directories were found but not packaged:" - sed -e 's,^, ,' < $pp_wrkdir/coverage.not-packaged >&2 - fi - join -v2 $pp_wrkdir/coverage.avail $pp_wrkdir/coverage.used \ - > $pp_wrkdir/coverage.not-avail - if test -s $pp_wrkdir/coverage.not-avail; then - pp_warn "The following files/directories were named but not found:" - sed -e 's,^, ,' < $pp_wrkdir/coverage.not-avail >&2 - fi -} - -pp_files_ignore_others () { - typeset p f - - test -s $pp_wrkdir/ign.files || return - - #-- for each file in ign.files, we remove it from all the - # other %files.* lists, except where it has an i flag. - # rather than scan each list multiple times, we build - # an awk script - - pp_debug "stripping ignore files" - - while read p; do - echo '$6 == "'"$p"'" && $5 !~ /i/ { next }' - done < $pp_wrkdir/ign.files > $pp_wrkdir/ign.awk - echo '{ print }' >> $pp_wrkdir/ign.awk - - $pp_opt_debug && cat $pp_wrkdir/ign.awk - - for f in $pp_wrkdir/%files.*; do - mv $f $f.ign - awk -f $pp_wrkdir/ign.awk < $f.ign > $f || pp_error "awk" - done -} - -pp_service_scan_groups () { - typeset svc - - #-- scan for "group" commands, and build a list of groups - pp_service_groups= - if test -n "$pp_services"; then - for svc in $pp_services; do - group= - . $pp_wrkdir/%service.$svc - if test -n "$group"; then - pp_contains "$pp_services" "$group" && pp_error \ - "%service $svc: group name $group in use by a service" - pp_add_to_list 'pp_service_groups' "$group" - echo "$svc" >> $pp_wrkdir/%svcgrp.$group - fi - done - fi -} - -pp_service_get_svc_group () { - (tr '\012' ' ' < $pp_wrkdir/%svcgrp.$1 ; echo) | sed -e 's/ $//' -} - -for _sufx in _init '' _names _cleanup _install_script \ - _init_svc_vars _function _probe _vas_platforms -do - eval "pp_backend$_sufx () { pp_debug pp_backend$_sufx; pp_backend_\${pp_platform}$_sufx \"\$@\"; }" -done - - -pp_platforms="$pp_platforms aix" - -pp_backend_aix_detect () { - test x"$1" = x"AIX" -} - -pp_backend_aix_init () { - pp_aix_detect_arch - pp_aix_detect_os - - pp_aix_bosboot= # components that need bosboot - pp_aix_lang=en_US - pp_aix_copyright= - pp_aix_start_services_after_install=false - pp_aix_init_services_after_install=true - - pp_aix_sudo=sudo # AIX package tools must run as root - - case "$pp_aix_os" in - *) pp_readlink_fn=pp_ls_readlink;; # XXX - esac - - pp_aix_abis_seen= -} - -pp_aix_detect_arch () { - pp_aix_arch_p=`uname -p 2>/dev/null` - case "$pp_aix_arch_p" in - "") pp_debug "can't get processor type from uname -p" - pp_aix_arch_p=powerpc - pp_aix_arch=R;; # guess (lsattr -l proc0 ??) - powerpc) pp_aix_arch=R;; - *) pp_aix_arch_p=intel - pp_aix_arch=I;; # XXX? verify - esac - - case "`/usr/sbin/lsattr -El proc0 -a type -F value`" in - PowerPC_POWER*) pp_aix_arch_std=ppc64;; - PowerPC*) pp_aix_arch_std=ppc;; - *) pp_aix_arch_std=unknown;; - esac -} - -pp_aix_detect_os () { - typeset r v - - r=`uname -r` - v=`uname -v` - pp_aix_os=aix$v$r -} - -pp_aix_version_fix () { - typeset v - v=`echo $1 | sed 's/[-+]/./' | tr -c -d '[0-9].\012' | awk -F"." '{ printf "%d.%d.%d.%.4s\n", $1, $2, $3, $4 }' | sed 's/[.]*$//g'` - if test x"$v" != x"$1"; then - pp_warn "stripped version '$1' to '$v'" - fi - case $v in - ""|*..*|.*|*.) pp_error "malformed '$1'" - echo "0.0.0.0";; - *.*.*.*.*) - # 5 components are only valid for fileset updates, not base - # filesets (full packages). We trim 5+ components down to 4. - pp_warn "version '$1' has too many dots for AIX, truncating" - echo "$v" | cut -d. -f1-4;; - *.*.*.*) echo "$v";; - *.*.*) echo "$v.0";; - *.*) echo "$v.0.0";; - *) echo "$v.0.0.0";; - esac -} - -pp_aix_select () { - case "$1" in - -user) op="";; - -root) op="!";; - *) pp_die "pp_aix_select: bad argument";; - esac - #pp_debug awk '$5 '$op' /^\/(usr|opt)(\/|$)/ { print; }' - #awk '$5 '$op' /^\/(usr|opt)(\/|$)/ { print; }' - awk $op'($6 ~ /^\/usr\// || $6 ~ /^\/opt\//) { print; }' -} - -pp_aix_copy_root () { - typeset t m o g f p st target - while read t m o g f p st; do - case "$t" in - d) pp_create_dir_if_missing "$1${p%/}";; - f) pp_add_transient_file "$1$p" - pp_verbose ln "$pp_destdir$p" "$pp_destdir$1$p" || - pp_error "can't link $p into $1";; - *) pp_warn "pp_aix_copy_root: filetype $t not handled";; - esac - done -} - -pp_aix_size () { - typeset prefix t m o g f p st - - prefix="$1" - while read t m o g f p st; do - case "$t" in f) du -a "$pp_destdir$p";; esac - done | sed -e 's!/[^/]*$!!' | sort +1 | - awk '{ if ($2 != d) - { if (sz) print d,sz; - d=$2; sz=0 } - sz += $1; } - END { if (sz) print d,sz }' | - sed -n -e "s!^$pp_destdir!$prefix!p" -} - -pp_aix_list () { - awk '{ print "." pfx $6; }' pfx="$1" -} - -pp_aix_make_liblpp () { - typeset out dn fl f - - out="$1"; shift - dn=`dirname "$2"` - fl= - for f - do - case "$f" in "$dn/"*) fl="$fl `basename $f`" ;; - *) pp_die "liblpp name $f not in $dn/";; esac - done - (cd "$dn" && pp_verbose ar -c -g -r "$out" $fl) || pp_error "ar error" -} - -pp_aix_make_script () { - rm -f "$1" - echo "#!/bin/sh" > "$1" - cat >> "$1" - echo "exit 0" >> "$1" - chmod +x "$1" -} - -pp_aix_inventory () { - typeset fileset t m o g f p st type - - fileset="$1" - while read t m o g f p st; do - case "$p" in *:*) pp_error "path $p contains colon";; esac - echo "$p:" - case "$t" in - f) type=FILE; defm=644 ;; - s) type=SYMLINK; defm=777 ;; - d) type=DIRECTORY; defm=755 ;; - esac - echo " type = $type" - echo " class = inventory,apply,$fileset" - if test x"$m" = x"-"; then m="$defm"; fi - if test x"$o" = x"-"; then o="root"; fi - if test x"$g" = x"-"; then g="system"; fi - echo " owner = $o" - echo " group = $g" - - case "$m" in ????) - m=`echo $m|sed -e 's/^1/TCB,/' \ - -e 's/^[23]/TCB,SGID,/' \ - -e 's/^[45]/TCB,SUID,/' \ - -e 's/^[67]/TCB,SUID,SGID,/'`;; # vtx bit ignored - esac - echo " mode = $m" - case "$t" in - f) if test ! -f "$pp_destdir$p"; then - pp_error "$p: missing file" - fi - case "$flags" in - *v*) - echo " size = VOLATILE" - echo " checksum = VOLATILE" - ;; - *) - if test -r "$pp_destdir$p"; then - echo " size = $size" - pp_verbose sum -r < "$pp_destdir$p" | - sed -e 's/.*/ checksum = "&"/' - fi - ;; - esac;; - s) - echo " target = $st" - ;; - esac - - #-- Record ABI types seen - case "$t" in - f) if test -r "$pp_destdir$p"; then - case "`file "$pp_destdir$p"`" in - *"executable (RISC System/6000)"*) abi=ppc;; - *"64-bit XCOFF executable"*) abi=ppc64;; - *) abi=;; - esac - if test -n "$abi"; then - pp_add_to_list pp_aix_abis_seen $abi - fi - fi;; - esac - - done -} - -pp_aix_depend () -{ - if test -s "$1"; then - pp_warn "aix dependencies not implemented" - fi -} - -pp_aix_add_service () { - typeset svc cmd_cmd cmd_arg f - svc="$1" - - pp_load_service_vars $svc - - set -- $cmd - cmd_cmd="$1"; shift - cmd_arg="${pp_aix_mkssys_cmd_args:-$*}"; - - case "$stop_signal" in - HUP) stop_signal=1;; - INT) stop_signal=2;; - QUIT) stop_signal=3;; - KILL) stop_signal=9;; - TERM) stop_signal=15;; - USR1) stop_signal=30;; - USR2) stop_signal=31;; - "") - pp_error "%service $svc: stop_signal not set";; - [a-zA-Z]*) - pp_error "%service $svc: bad stop_signal ($stop_signal)";; - esac - - test -z "$pidfile" || pp_error "aix requires empty pidfile (non daemon)" - - pp_add_component run - if test "$user" = "root"; then - uid=0 - else - uid="\"\`/usr/bin/id -u $user\`\"" - fi - - - #-- add command text to create/remove the service - cat <<-. >> $pp_wrkdir/%post.$svc -svc=$svc -uid=0 -cmd_cmd="$cmd_cmd" -cmd_arg="$cmd_arg" -stop_signal=$stop_signal -force_signal=9 -srcgroup="$pp_aix_mkssys_group" -instances_allowed=${pp_aix_mkssys_instances_allowed:--Q} - -lssrc -s \$svc > /dev/null 2>&1 -if [ \$? -eq 0 ]; then - lssrc -s \$svc | grep "active" > /dev/null 2>&1 - if [ \$? -eq 0 ]; then - stopsrc -s \$svc > /dev/null 2>&1 - fi - rmsys -s \$svc > /dev/null 2>&1 -fi - -mkssys -s \$svc -u \$uid -p "\$cmd_cmd" \${cmd_arg:+-a "\$cmd_arg"} -S -n \$stop_signal -f 9 ${pp_aix_mkssys_args} \${srcgroup:+-G \$srcgroup} \$instances_allowed -. - - #-- add code to start the service on reboot - ${pp_aix_init_services_after_install} && - cat <<-. >> $pp_wrkdir/%post.$svc -id=\`echo "\$svc" | cut -c1-14\` -mkitab "\$id:2:once:/usr/bin/startsrc -s \$svc" > /dev/null 2>&1 -. - - ${pp_aix_start_services_after_install} && - cat <<-. >> $pp_wrkdir/%post.$svc -startsrc -s \$svc -. - -if [ -f "$pp_wrkdir/%post.run" ];then - cat $pp_wrkdir/%post.run >> $pp_wrkdir/%post.$svc -fi -mv $pp_wrkdir/%post.$svc $pp_wrkdir/%post.run - - - ${pp_aix_init_services_after_install} && - pp_prepend $pp_wrkdir/%preun.$svc <<-. -rmitab `echo "$svc" | cut -c1-14` > /dev/null 2>&1 -. - pp_prepend $pp_wrkdir/%preun.$svc <<-. -stopsrc -s $svc >/dev/null 2>&1 -rmssys -s $svc -. - -if [ -f "$pp_wrkdir/%preun.run" ];then - cat $pp_wrkdir/%preun.run >> $pp_wrkdir/%preun.$svc -fi -mv $pp_wrkdir/%preun.$svc $pp_wrkdir/%preun.run -} - -pp_backend_aix () { - typeset briefex instuser instroot svc cmp outbff - typeset user_wrkdir root_wrkdir - typeset user_files root_files - - test -n "$pp_destdir" || - pp_error "AIX backend requires the '--destdir' option" - - instuser="/usr/lpp/$name" - instroot="$instuser/inst_root" - pp_aix_bff_name=${pp_aix_bff_name:-$name} - - # Here is the component mapping: - # run -> $pp_aix_bff_name.rte ('Run time environment') - # doc -> $pp_aix_bff_name.doc (non-standard) - # dev -> $pp_aix_bff_name.adt ('Application developer toolkit') - # dbg -> $pp_aix_bff_name.diag ('Diagnostics') - - test `echo "$summary" | wc -c ` -gt 40 && pp_error "\$summary too long" - - user_wrkdir=$pp_wrkdir/u - root_wrkdir=$pp_wrkdir/r - pp_verbose rm -rf $user_wrkdir $root_wrkdir - pp_verbose mkdir -p $user_wrkdir $root_wrkdir - - for svc in $pp_services .; do - test . = "$svc" && continue - pp_aix_add_service $svc - done - - { - echo "4 $pp_aix_arch I $name {" - - for cmp in $pp_components; do - case "$cmp" in - run) ex=rte briefex="runtime";; - doc) ex=doc briefex="documentation";; - dev) ex=adt briefex="developer toolkit";; - dbg) ex=diag briefex="diagnostics";; - esac - - user_files=$pp_wrkdir/%files.$cmp.u - root_files=$pp_wrkdir/%files.$cmp.r - - pp_aix_select -user < $pp_wrkdir/%files.$cmp > $user_files - pp_aix_select -root < $pp_wrkdir/%files.$cmp > $root_files - - # Default to USR only unless there are root files, - # or a post/pre/check script associated - content=U - if test -s $root_files \ - -o -s $pp_wrkdir/%pre.$cmp \ - -o -s $pp_wrkdir/%post.$cmp \ - -o -s $pp_wrkdir/%preun.$cmp \ - -o -s $pp_wrkdir/%postun.$cmp \ - -o -s $pp_wrkdir/%check.$cmp - then - content=B - fi - - if $pp_opt_debug; then - echo "$cmp USER %files:" - cat $user_files - echo "$cmp ROOT %files:" - cat $root_files - fi >&2 - - bosboot=N; pp_contains_any "$pp_aix_bosboot" $cmp && bosboot=b - - echo $pp_aix_bff_name.$ex \ - `[ $pp_aix_version ] && pp_aix_version_fix $pp_aix_version || pp_aix_version_fix "$version"` \ - 1 $bosboot $content \ - $pp_aix_lang "$summary $briefex" - echo "[" - - pp_aix_depend $pp_wrkdir/%depend.$cmp - - echo "%" - - # generate per-directory size information - pp_aix_size < $user_files - pp_aix_size $instroot < $root_files - - pp_aix_list < $user_files > $user_wrkdir/$pp_aix_bff_name.$ex.al - pp_aix_list $instroot < $root_files >> $user_wrkdir/$pp_aix_bff_name.$ex.al - pp_aix_list < $root_files > $root_wrkdir/$pp_aix_bff_name.$ex.al - - if $pp_opt_debug; then - echo "$cmp USER $pp_aix_bff_name.$ex.al:" - cat $user_wrkdir/$pp_aix_bff_name.$ex.al - echo "$cmp ROOT $pp_aix_bff_name.$ex.al:" - cat $root_wrkdir/$pp_aix_bff_name.$ex.al - fi >&2 - - pp_aix_inventory $pp_aix_bff_name.$ex < $user_files \ - > $user_wrkdir/$pp_aix_bff_name.$ex.inventory - pp_aix_inventory $pp_aix_bff_name.$ex < $root_files \ - > $root_wrkdir/$pp_aix_bff_name.$ex.inventory - - if $pp_opt_debug; then - pp_debug "$cmp USER $pp_aix_bff_name.$ex.inventory:" - cat $user_wrkdir/$pp_aix_bff_name.$ex.inventory - pp_debug "$cmp ROOT $pp_aix_bff_name.$ex.inventory:" - cat $root_wrkdir/$pp_aix_bff_name.$ex.inventory - fi >&2 - - if test x"" != x"${pp_aix_copyright:-$copyright}"; then - echo "${pp_aix_copyright:-$copyright}" > $user_wrkdir/$pp_aix_bff_name.$ex.copyright - echo "${pp_aix_copyright:-$copyright}" > $root_wrkdir/$pp_aix_bff_name.$ex.copyright - fi - - #-- assume that post/pre uninstall scripts only make - # sense when installed in a root context - - if test -r $pp_wrkdir/%pre.$cmp; then - pp_aix_make_script $user_wrkdir/$pp_aix_bff_name.$ex.pre_i \ - < $pp_wrkdir/%pre.$cmp - fi - - if test -r $pp_wrkdir/%post.$cmp; then - pp_aix_make_script $root_wrkdir/$pp_aix_bff_name.$ex.post_i \ - < $pp_wrkdir/%post.$cmp - fi - - if test -r $pp_wrkdir/%preun.$cmp; then - pp_aix_make_script $root_wrkdir/$pp_aix_bff_name.$ex.unpost_i \ - < $pp_wrkdir/%preun.$cmp - fi - - if test -r $pp_wrkdir/%postun.$cmp; then - pp_aix_make_script $root_wrkdir/$pp_aix_bff_name.$ex.unpre_i \ - < $pp_wrkdir/%postun.$cmp - fi - - # remove empty files - for f in $user_wrkdir/$pp_aix_bff_name.$ex.* $root_wrkdir/$pp_aix_bff_name.$ex.*; do - if test ! -s "$f"; then - pp_debug "removing empty $f" - rm -f "$f" - fi - done - - # copy/link the root files so we can do an easy backup later - pp_aix_copy_root $instroot < $root_files - - echo "%" - echo "]" - done - echo "}" - } > $pp_wrkdir/lpp_name - - if $pp_opt_debug; then - echo "/lpp_name :" - cat $pp_wrkdir/lpp_name - fi >&2 - - #-- copy the /lpp_name file to the destdir - pp_add_transient_file /lpp_name - cp $pp_wrkdir/lpp_name $pp_destdir/lpp_name - - #-- copy the liblpp.a files under destdir for packaging - (cd $user_wrkdir && pp_verbose ar -c -g -r liblpp.a $name.*) || - pp_error "ar error" - if test -s $user_wrkdir/liblpp.a; then - pp_add_transient_file $instuser/liblpp.a - pp_verbose cp $user_wrkdir/liblpp.a $pp_destdir$instuser/liblpp.a || - pp_error "cannot create user liblpp.a" - fi - (cd $root_wrkdir && pp_verbose ar -c -g -r liblpp.a $name.*) || - pp_error "ar error" - if test -s $root_wrkdir/liblpp.a; then - pp_add_transient_file $instroot/liblpp.a - pp_verbose cp $root_wrkdir/liblpp.a $pp_destdir$instroot/liblpp.a || - pp_error "cannot create root liblpp.a" - fi - - { echo ./lpp_name - test -s $user_wrkdir/liblpp.a && echo .$instuser/liblpp.a - test -s $root_wrkdir/liblpp.a && echo .$instroot/liblpp.a - cat $user_wrkdir/$name.*.al # includes the relocated root files! - } > $pp_wrkdir/bff.list - - if test -n "$pp_aix_abis_seen" -a x"$pp_aix_arch_std" = x"auto"; then - case "$pp_aix_abis_seen" in - "ppc ppc64"|"ppc64 ppc") - pp_aix_arch_std=ppc64 - ;; - ppc|ppc64) - pp_aix_arch_std=$pp_aix_abis_seen - ;; - *" "*) - pp_warn "multiple architectures detected: $pp_aix_abis_seen" - pp_aix_arch_std=unknown - ;; - "") - pp_warn "no binary executables detected; using noarch" - pp_aix_arch_std=noarch - ;; - *) - pp_warn "unknown architecture detected $pp_aix_abis_seen" - pp_aix_arch_std=$pp_aix_abis_seen - ;; - esac - fi - - . $pp_wrkdir/%fixup - - outbff=`pp_backend_aix_names` - pp_debug "creating: $pp_wrkdir/$outbff" - (cd $pp_destdir && pp_verbose /usr/sbin/backup -i -q -p -f -) \ - < $pp_wrkdir/bff.list \ - > $pp_wrkdir/$outbff || pp_error "backup failed" - if test -n "$pp_aix_sudo" -o -x /usr/sbin/installp; then - $pp_aix_sudo /usr/sbin/installp -l -d $pp_wrkdir/$outbff - fi -} - -pp_backend_aix_cleanup () { - : -} - -pp_backend_aix_names () { - echo "$name.`[ $pp_aix_version ] && pp_aix_version_fix $pp_aix_version || pp_aix_version_fix "$version"`.bff" -} - -pp_backend_aix_install_script () { - typeset pkgname platform - # - # The script should take a first argument being the - # operation; further arguments refer to components or services - # - # list-components -- lists components in the pkg - # install component... -- installs the components - # uninstall component... -- uninstalles the components - # list-services -- lists the services in the pkg - # start service... -- starts the name service - # stop service... -- stops the named services - # print-platform -- prints the platform group - # - pkgname="`pp_backend_aix_names`" - platform="`pp_backend_aix_probe`" # XXX should be derived from files - - fsets= - for cmp in $pp_components; do - case "$cmp" in - run) ex=rte;; - doc) ex=doc;; - dev) ex=adt;; - dbg) ex=diag;; - esac - fsets="$fsets $name.$ex" - done - - echo '#!/bin/sh' - pp_install_script_common - - cat <<-. - - cpt_to_fileset () { - test x"\$*" = x"all" && - set -- $pp_components - for cpt - do - case "\$cpt" in - run) echo "$name.rte";; - doc) echo "$name.doc";; - dev) echo "$name.adt";; - dbg) echo "$name.diag";; - *) usage;; - esac - done - } - - test \$# -eq 0 && usage - op="\$1"; shift - - case "\$op" in - list-components) - test \$# -eq 0 || usage \$op - echo "$pp_components" - ;; - list-services) - test \$# -eq 0 || usage \$op - echo "$pp_services" - ;; - list-files) - test \$# -ge 1 || usage \$op - echo \${PP_PKGDESTDIR:-.}/$pkgname - ;; - install) - test \$# -ge 1 || usage \$op - verbose /usr/sbin/installp -acX -V0 -F \ - -d \${PP_PKGDESTDIR:-.}/$pkgname \ - \`cpt_to_fileset "\$@"\` - ;; - uninstall) - test \$# -ge 1 || usage \$op - verbose /usr/sbin/installp -u -e/dev/null \ - -V0 \`cpt_to_fileset "\$@"\` - ;; - start|stop) - test \$# -ge 1 || usage \$op - ec=0 - for svc - do - verbose \${op}src -s \$svc || ec=1 - done - exit \$ec - ;; - print-platform) - echo "$platform" - ;; - *) - usage;; - esac -. -} - -pp_backend_aix_init_svc_vars () { - : -} - -pp_backend_aix_probe () { - echo "${pp_aix_os}-${pp_aix_arch_std}" -} - -pp_backend_aix_vas_platforms () { - case "${pp_aix_arch_std}" in - ppc*) :;; - *) pp_die "unknown architecture ${pp_aix_arch_std}";; - esac - case "${pp_aix_os}" in - aix43) echo "aix-43";; - aix51) echo "aix-51 aix-43";; - aix52) echo "aix-51 aix-43";; - aix53) echo "aix-53 aix-51 aix-43";; - aix61) echo "aix-53 aix-51 aix-43";; - *) pp_die "unknown system ${pp_aix_os}";; - esac -} -pp_backend_aix_function () { - case "$1" in - pp_mkgroup) cat <<'.';; - /usr/sbin/lsgroup "$1" >/dev/null && - return 0 - echo "Creating group $1" - /usr/bin/mkgroup -A "$1" -. - pp_mkuser:depends) echo pp_mkgroup;; - pp_mkuser) cat <<'.';; - /usr/sbin/lsuser "$1" >/dev/null && - return 0 - pp_mkgroup "${2:-$1}" || return 1 - echo "Creating user $1" - /usr/bin/mkuser \ - login=false \ - rlogin=false \ - account_locked=true \ - home="${3:-/nohome.$1}" \ - pgrp="${2:-$1}" \ - "$1" -. - pp_havelib) cat <<'.';; - case "$2" in - "") pp_tmp_name="lib$1.so";; - *.*.*) pp_tmp_name="lib$1.so.$2";; - *.*) pp_tmp_name="lib$1.so.$2.0";; - *) pp_tmp_name="lib$1.so.$2";; - esac - for pp_tmp_dir in `echo "/usr/lib:/lib${3:+:$3}" | tr : ' '`; do - test -r "$pp_tmp_dir/$pp_tmp_name" -a \ - -r "$pp_tmp_dir/lib$1.so" && return 0 - done - return 1 -. - *) false;; - esac -} - -pp_platforms="$pp_platforms sd" - -pp_backend_sd_detect () { - test x"$1" = x"HP-UX" -} - -pp_backend_sd_init () { - pp_sd_sudo=sudo - pp_sd_startlevels=2 - pp_sd_stoplevels=auto - pp_sd_config_file= - pp_sd_vendor= - pp_sd_vendor_tag=OneIdentity - pp_sd_default_start=1 # config_file default start value - - pp_readlink_fn=pp_ls_readlink # HPUX has no readlink - pp_shlib_suffix='.sl' # .so on most other platforms - - pp_sd_detect_os -} - -pp_sd_detect_os () { - typeset revision - - revision=`uname -r` - pp_sd_os="${revision#?.}" - test -z "$pp_sd_os" && - pp_warn "cannot detect OS version" - pp_sd_os_std="hpux`echo $pp_sd_os | tr -d .`" - - case "`uname -m`" in - 9000/[678]??) pp_sd_arch_std=hppa;; - ia64) pp_sd_arch_std=ia64;; - *) pp_sd_arch_std=unknown;; - esac -} - -pp_sd_write_files () { - typeset t m o g f p st line dm - while read t m o g f p st; do - line=" file" - case "$f" in *v*) line="$line -v";; esac # FIXME for uninstall - case ${pp_sd_os} in - 10.*) - case $t in - f) dm=644;; - d) p=${p%/}; dm=755;; - esac - ;; - *) - case $t in - f) dm=644;; - d) line="$line -t d"; p=${p%/}; dm=755;; - s) line="$line -t s";; - esac - ;; - esac - - test x"$o" = x"-" && o=root - test x"$g" = x"-" && g=sys - test x"$m" = x"-" && m=$dm - - case $t in - s) - # swpackage will make unqualified links relative to the - # current working (source) directory, not the destination; - # we need to qualify them to prevent this. - case "$st" in - [!/]*) st="`dirname \"$p\"`/$st";; - esac - echo "$line -o $o -g $g -m $m $st $p" - ;; - *) - echo "$line -o $o -g $g -m $m $pp_destdir$p $p" - ;; - esac - - done -} - -pp_sd_service_group_script () { - typeset grp svcs scriptpath out - grp="$1" - svcs="$2" - scriptpath="/sbin/init.d/$grp" - out="$pp_destdir$scriptpath" - - pp_add_file_if_missing $scriptpath run 755 || return 0 - - cat <<-. > $out - #!/sbin/sh - # generated by pp $pp_version - svcs="$svcs" -. - - cat <<-'.' >> $out - #-- starts services in order.. stops them all if any break - pp_start () { - undo= - for svc in \$svcs; do - /sbin/init.d/\$svc start - case \$? in - 0|4) - undo="\$svc \$undo" - ;; - *) - if test -n "\$undo"; then - for svc in \$undo; do - /sbin/init.d/\$svc stop - done - return 1 - fi - ;; - esac - done - return 0 - } - - #-- stops services in reverse - pp_stop () { - reverse= - for svc in \$svcs; do - reverse="\$svc \$reverse" - done - rc=0 - for svc in \$reverse; do - /sbin/init.d/\$svc stop || rc=\$? - done - return \$rc - } - - case \$1 in - start_msg) echo "Starting \$svcs";; - stop_msg) echo "Stopping \$svcs";; - start) pp_start;; - stop) pp_stop;; - *) echo "usage: \$0 {start|stop|start_msg|stop_msg}" - exit 1;; - esac -. -} - -pp_sd_service_script () { - typeset svc config_file config_value scriptpath out - - svc="$1" - scriptpath="/sbin/init.d/$svc" - - config_file=${pp_sd_config_file:-/etc/rc.config.d/$svc} - sd_config_var=`echo run-$svc | tr '[a-z]-' '[A-Z]_'` - sd_config_value=${pp_sd_default_start:-0} - pp_load_service_vars "$svc" - - test -n "$user" -a x"$user" != x"root" && - cmd="SHELL=/usr/bin/sh /usr/bin/su $user -c \"exec `echo $cmd | sed -e 's,[$\\\`],\\&,g'`\"" - if test -z "$pidfile"; then - pidfile="/var/run/$svc.pid" - cmd="$cmd & echo \$! > \$pidfile" - fi - - pp_debug "config file is $config_file" - - pp_add_file_if_missing $scriptpath run 755 - pp_add_file_if_missing $config_file run 644 v - - cat <<-. >> $pp_destdir$config_file - - # Controls whether the $svc service is started - $sd_config_var=$sd_config_value -. - - if test ! -f $pp_destdir$scriptpath; then - cat <<-. > $pp_destdir$scriptpath - #!/sbin/sh - # generated by pp $pp_version - - svc="$svc" - pidfile="$pidfile" - config_file="$config_file" - - pp_start () { - $cmd - } - - pp_disabled () { - test \${$sd_config_var:-0} -eq 0 - } - - pp_stop () { - if test ! -s "\$pidfile"; then - echo "Unable to stop \$svc (no pid file)" - return 1 - else - read pid < "\$pidfile" - if kill -0 "\$pid" 2>/dev/null; then - if kill -${stop_signal:-TERM} "\$pid"; then - rm -f "\$pidfile" - return 0 - else - echo "Unable to stop \$svc" - return 1 - fi - else - rm -f "\$pidfile" - return 0 - fi - fi - } - - pp_running () { - if test -s "\$pidfile"; then - read pid < "\$pidfile" 2>/dev/null - if test \${pid:-0} -gt 1 && kill -0 "\$pid" 2>/dev/null; then - # make sure command name matches - c="\`echo $cmd | sed -e 's: .*::' -e 's:^.*/::'\`" - pid="\`ps -p \$pid 2>/dev/null | sed -n \"s/^ *\(\$pid\) .*\$c *\$/\1/p\"\`" - if test -n "\$pid"; then - return 0 - fi - fi - fi - return 1 - } - - case \$1 in - start_msg) echo "Starting the \$svc service";; - stop_msg) echo "Stopping the \$svc service";; - start) - if test -f "\$config_file"; then - . \$config_file - fi - if pp_disabled; then - exit 2 - elif pp_running; then - echo "\$svc already running"; - exit 0 - elif pp_start; then - echo "\$svc started"; - # rc(1M) says we should exit 4, but nobody expects it! - exit 0 - else - exit 1 - fi;; - stop) if pp_stop; then - echo "\$svc stopped"; - exit 0 - else - exit 1 - fi;; - *) echo "usage: \$0 {start|stop|start_msg|stop_msg}" - exit 1;; - esac -. - fi -} - -pp_sd_make_service () { - typeset level startpriority stoppriority startlevels stoplevels - typeset svc svcvar symtype - - svc="$1" - svcvar=`pp_makevar $svc` - - case ${pp_sd_os} in - 10.*) symtype="file";; - *) symtype="file -t s";; - esac - - # TODO: Figure out why this check is here - #-- don't do anything if the script exists - #if test -s "$pp_destdir/sbin/init.d/$svc"; then - # pp_error "$pp_destdir/sbin/init.d/$svc exists" - # return - #fi - - # symlink the script, depending on the priorities chosen - eval startpriority='${pp_sd_startpriority_'$svcvar'}' - eval stoppriority='${pp_sd_stoppriority_'$svcvar'}' - test -z "$startpriority" && startpriority="${pp_sd_startpriority:-50}" - test -z "$stoppriority" && stoppriority="${pp_sd_stoppriority:-50}" - - eval startlevels='${pp_sd_startlevels_'$svcvar'}' - test -z "$startlevels" && startlevels="$pp_sd_startlevels" - - eval stoplevels='${pp_sd_stoplevels_'$svcvar'}' - test -z "$stoplevels" && stoplevels="$pp_sd_stoplevels" - - # create the script and config file - pp_sd_service_script $svc - - # fix the priority up - case "$startpriority" in - ???) :;; - ??) startpriority=0$startpriority;; - ?) startpriority=00$startpriority;; - esac - case "$stoppriority" in - ???) :;; - ??) stoppriority=0$stoppriority;; - ?) stoppriority=00$stoppriority;; - esac - - if test x"$stoplevels" = x"auto"; then - stoplevels= - test -z "$startlevels" || for level in $startlevels; do - stoplevels="$stoplevels `expr $level - 1`" - done - fi - - # create the symlinks - test -z "$startlevels" || for level in $startlevels; do - echo " ${symtype}" \ - "/sbin/init.d/$svc" \ - "/sbin/rc$level.d/S$startpriority$svc" - done - test -z "$stoplevels" || for level in $stoplevels; do - echo " ${symtype}" \ - "/sbin/init.d/$svc" \ - "/sbin/rc$level.d/K$stoppriority$svc" - done -} - -pp_sd_control () { - typeset ctrl script - typeset cpt - - ctrl="$1"; shift - cpt="$1"; shift - script="$pp_wrkdir/control.$ctrl.$cpt" - cat <<. >$script -. - cat "$@" >> $script - echo "exit 0" >> $script - /usr/bin/chmod +x $script - echo " $ctrl $script" -} - -pp_sd_depend () { - typeset _name _vers - while read _name _vers; do - case "$_name" in ""| "#"*) continue ;; esac - echo " prerequisites $_name ${_vers:+r>= $_vers}" - done -} - -pp_sd_conflict () { - typeset _name _vers - while read _name _vers; do - case "$_name" in ""| "#"*) continue ;; esac - echo " exrequisites $_name ${_vers:+r>= $_vers}" - done -} - -pp_backend_sd () { - typeset psf cpt svc outfile release swp_flags - - psf=$pp_wrkdir/psf - release="?.${pp_sd_os%.[0-9][0-9]}.*" - - echo "depot" > $psf - echo "layout_version 1.0" >>$psf - - #-- vendor - cat <<. >>$psf - vendor - tag $pp_sd_vendor_tag - title "${pp_sd_vendor:-$vendor}" - end - - product - tag $name - revision $version - vendor_tag $pp_sd_vendor_tag - is_patch false - title "$summary" - copyright "$copyright" - machine_type * - os_name HP-UX - os_release $release - os_version ? - directory / - is_locatable false -. - test -n "$description" \ - && echo $description > $pp_wrkdir/description \ - && cat <<. >> $psf - description < $pp_wrkdir/description -. - - # make convenience service groups - if test -n "$pp_service_groups"; then - for grp in $pp_service_groups; do - pp_sd_service_group_script \ - $grp "`pp_service_get_svc_group $grp`" - done - fi - - for cpt in $pp_components; do - cat <<. >>$psf - fileset - tag ${pp_sd_fileset_tag:-$cpt} - title "${summary:-cpt}" - revision $version -. - test -s $pp_wrkdir/%depend.$cpt && - pp_sd_depend < $pp_wrkdir/%depend.$cpt >> $psf - test -s $pp_wrkdir/%conflict.$cpt && - pp_sd_conflict < $pp_wrkdir/%conflict.$cpt >> $psf - - #-- make sure services are shut down during uninstall - if test $cpt = run -a -n "$pp_services"; then - for svc in $pp_services; do - pp_prepend $pp_wrkdir/%preun.$cpt <<-. - /sbin/init.d/$svc stop -. - done - fi - - #-- we put the post/preun code into configure/unconfigure - # and not postinstall/preremove, because configure/unconfigure - # scripts are run on the hosts where the package is installed, - # not loaded (a subtle difference). - test -s $pp_wrkdir/%pre.$cpt && - pp_sd_control checkinstall $cpt $pp_wrkdir/%pre.$cpt >> $psf - test -s $pp_wrkdir/%post.$cpt && - pp_sd_control configure $cpt $pp_wrkdir/%post.$cpt >> $psf - test -s $pp_wrkdir/%preun.$cpt && - pp_sd_control unconfigure $cpt $pp_wrkdir/%preun.$cpt >> $psf - test -s $pp_wrkdir/%postun.$cpt && - pp_sd_control postremove $cpt $pp_wrkdir/%postun.$cpt >> $psf - test -s $pp_wrkdir/%check.$cpt && - pp_sd_control checkinstall $cpt $pp_wrkdir/%check.$cpt >> $psf - - if test $cpt = run -a -n "$pp_services"; then - for svc in $pp_services; do - #-- service names are 10 chars max on hpux - case "$svc" in ???????????*) - pp_warn "service name '$svc' is too long for hpux";; - esac - pp_sd_make_service $svc >> $psf - done - #pp_sd_make_service_config - fi - - pp_sd_write_files < $pp_wrkdir/%files.$cpt >> $psf - - #-- end fileset clause - cat <<. >>$psf - end -. - - done - - #-- end product clause - cat <<. >>$psf - end -. - - $pp_opt_debug && cat $psf >&2 - - test -s $pp_wrkdir/%fixup && . $pp_wrkdir/%fixup - - outfile=`pp_backend_sd_names` - case ${pp_sd_os} in - 10.*) - swp_flags="-x target_type=tape" - ;; - *) - swp_flags="-x media_type=tape" - ;; - esac - if pp_verbose ${pp_sd_sudo} /usr/sbin/swpackage -s $psf $swp_flags \ - @ $pp_wrkdir/$outfile - then - pp_verbose ${pp_sd_sudo} /usr/sbin/swlist -l file -s $pp_wrkdir/$outfile - else - pp_error "swpackage failed" - fi -} - -pp_backend_sd_cleanup () { - : -} - -pp_backend_sd_names () { - echo "$name-$version.$pp_sd_arch_std.depot" -} - -pp_backend_sd_install_script () { - typeset pkgname platform - - pkgname=`pp_backend_sd_names` - platform="`pp_backend_sd_probe`" - - echo "#!/bin/sh" - pp_install_script_common - cat <<. - - cpt_to_tags () { - test x"\$*" = x"all" && set -- $pp_components - for cpt - do - echo "$name.\$cpt" - done - } - - test \$# -eq 0 && usage - op="\$1"; shift - - case "\$op" in - list-components) - test \$# -eq 0 || usage \$op - echo "$pp_components" - ;; - list-services) - test \$# -eq 0 || usage \$op - echo "$pp_services" - ;; - list-files) - test \$# -ge 1 || usage \$op - echo \${PP_PKGDESTDIR:-.}/$pkgname - ;; - install) - test \$# -ge 1 || usage \$op - verbose /usr/sbin/swinstall -x verbose=0 \ - -s \${PP_PKGDESTDIR:-\`pwd\`}/$pkgname \ - \`cpt_to_tags "\$@"\` - ;; - uninstall) - test \$# -ge 1 || usage \$op - verbose /usr/sbin/swremove -x verbose=0 \ - \`cpt_to_tags "\$@"\` - ;; - start|stop) - test \$# -ge 1 || usage \$op - ec=0 - for svc - do - verbose /sbin/init.d/\$svc \$op - [ \$? -eq 4 -o \$? -eq 0 ] || ec=1 - done - exit \$ec - ;; - print-platform) - echo "$platform" - ;; - *) - usage - ;; - esac -. -} - -pp_backend_sd_probe () { - echo "${pp_sd_os_std}-${pp_sd_arch_std}" -} - -pp_backend_sd_vas_platforms () { - case "`pp_backend_sd_probe`" in - hpux*-hppa) echo hpux-pa;; - hpux*-ia64) echo hpux-ia64 hpux-pa;; - *) pp_die "unknown system `pp_backend_sd_probe`";; - esac -} - -pp_backend_sd_init_svc_vars () { - : -} -pp_backend_sd_function () { - case "$1" in - pp_mkgroup) cat <<'.';; - /usr/sbin/groupmod "$1" 2>/dev/null || - /usr/sbin/groupadd "$1" -. - pp_mkuser:depends) echo pp_mkgroup;; - pp_mkuser) cat <<'.';; - pp_mkgroup "${2:-$1}" || return 1 - /usr/sbin/useradd \ - -g "${2:-$1}" \ - -d "${3:-/nonexistent}" \ - -s "${4:-/bin/false}" \ - "$1" -. - pp_havelib) cat <<'.';; - for pp_tmp_dir in `echo /usr/lib${3:+:$3} | tr : ' '`; do - test -r "$pp_tmp_dir/lib$1${2:+.$2}.sl" && return 0 - done - return 1 -. - *) false;; - esac -} - -pp_platforms="$pp_platforms solaris" - -pp_backend_solaris_detect () { - test x"$1" = x"SunOS" -} - -pp_backend_solaris_init () { - pp_solaris_category= - pp_solaris_istates="s S 1 2 3" # run-states when install is ok - pp_solaris_rstates="s S 1 2 3" # run-states when remove is ok - pp_solaris_maxinst= - pp_solaris_vendor= - pp_solaris_pstamp= - pp_solaris_copyright= - pp_solaris_name= - pp_solaris_desc= - pp_solaris_package_arch=auto - - pp_solaris_detect_os - pp_solaris_detect_arch - - pp_solaris_init_svc - - #-- readlink not reliably available on Solaris - pp_readlink_fn=pp_ls_readlink -} - -pp_solaris_detect_os () { - typeset osrel - - osrel=`/usr/bin/uname -r` - case "$osrel" in - 5.[0-6]) pp_solaris_os="sol2${osrel#5.}";; - 5.*) pp_solaris_os="sol${osrel#5.}";; - esac - test -z "$pp_solaris_os" && - pp_warn "can't determine OS suffix from uname -r" - -} - -pp_solaris_detect_arch () { - pp_solaris_arch=`/usr/bin/optisa amd64 sparcv9 i386 sparc` - [ -z "$pp_solaris_arch" ] && - pp_error "can't determine processor architecture" - case "$pp_solaris_arch" in - amd64) pp_solaris_arch_std=x86_64;; - i386) pp_solaris_arch_std=i386;; - sparcv9) pp_solaris_arch_std=sparc64;; - sparc) pp_solaris_arch_std=sparc;; - *) pp_solaris_arch_std=unknown;; - esac -} - -pp_solaris_is_request_script_necessary () { - typeset has_optional_services - - has_optional_services=no - for _svc in $pp_services; do - pp_load_service_vars $_svc - if test "$optional" = "yes"; then - has_optional_services=yes - fi - done - - # If the package has no optional services and only one component, don't - # create a request script at all. - if test "$has_optional_services" = "no" && - test `echo $pp_components | wc -w` -eq 1; then - return 1 # no - fi - - return 0 # yes -} - -pp_solaris_request () { - typeset _cmp _svc - - #-- The common part of the request script contains the ask() function - # and resets the CLASSES list to empty - cat <<'.' - trap 'exit 3' 15 - ask () { - ans=`ckyorn -d "$1" \ - -p "Do you want to $2"` \ - || exit $? - case "$ans" in y*|Y*) return 0;; *) return 1;; esac - } - CLASSES= -. - #-- each of our components adds itself to the CLASSES list - for _cmp in $pp_components; do - case "$_cmp" in - run) :;; - doc) echo 'ask y "install the documentation files" &&';; - dev) echo 'ask y "install the development files" &&';; - dbg) echo 'ask n "install the diagnostic files" &&';; - esac - echo ' CLASSES="$CLASSES '$_cmp'"' - done - - #-- the request script writes the CLASSES var to its output - cat <<'.' - echo "CLASSES=$CLASSES" > $1 -. - - if test -n "$pp_services"; then - echo 'SERVICES=' - for _svc in $pp_services; do - pp_load_service_vars $_svc - if test "$enable" = "yes"; then - _default_prompt=y - else - _default_prompt=n - fi - if test "$optional" = "yes"; then - echo 'ask '$_default_prompt' "install '$_svc' service" &&' - fi - echo ' SERVICES="$SERVICES '$_svc'"' - done - echo 'echo "SERVICES=$SERVICES" >> $1' - fi - -} - -pp_solaris_procedure () { - cat <<. - - #-- $2 for $1 component of $name - case " \$CLASSES " in *" $1 "*) -. - cat - cat <<. - ;; esac -. -} - -pp_solaris_depend () { - typeset _name _vers - while read _name _vers; do - if test -n "$_name"; then - echo "P $_name $_name" - test -n "$_vers" && echo " $_vers" - fi - done -} - -pp_solaris_conflict () { - typeset _name _vers - while read _name _vers; do - if test -n "$_name"; then - echo "I $_name $_name" - test -n "$_vers" && echo " $_vers" - fi - done -} - -pp_solaris_space() { - echo "$2:$3:$1" >> $pp_wrkdir/space.cumulative -} - -pp_solaris_sum_space () { - if test -s $pp_wrkdir/space.cumulative; then - sort -t: +2 < $pp_wrkdir/space.cumulative | - awk -F: 'NR==1{n=$3}{if($3==n){b+=$1;i+=$2}else{print n" "b" "i;b=$1;i=$2;n=$3}}END{print n" "b" "i}' > $pp_wrkdir/space - fi -} - -pp_solaris_proto () { - typeset t m o g f p st - typeset abi - - while read t m o g f p st; do - # Use Solaris default mode, owner and group if all unspecified - if test x"$m$o$g" = x"---"; then - m="?"; o="?"; g="?" - fi - test x"$o" = x"-" && o="root" - case "$t" in - f) test x"$g" = x"-" && g="bin" - test x"$m" = x"-" && m=444 - case "$f" in - *v*) echo "v $1 $p=$pp_destdir$p $m $o $g";; - *) echo "f $1 $p=$pp_destdir$p $m $o $g";; - esac - if test -r "$pp_destdir$p"; then - #-- Use file to record ABI types seen - case "`file "$pp_destdir$p"`" in - *"ELF 32"*80386*) abi=i386;; - *"ELF 64"*AMD*) abi=x86_64;; - *"ELF 32"*SPARC*) abi=sparc;; - *"ELF 64"*SPARC*) abi=sparc64;; - *) abi=;; - esac - if test -n "$abi"; then - pp_add_to_list pp_solaris_abis_seen $abi - fi - fi - ;; - d) test x"$g" = x"-" && g="sys" - test x"$m" = x"-" && m=555 - echo "d $1 $p $m $o $g" - ;; - s) test x"$g" = x"-" && g="bin" - test x"$m" = x"-" && m=777 - if test x"$m" != x"777" -a x"$m" != x"?"; then - pp_warn "$p: invalid mode $m for symlink, should be 777 or -" - fi - echo "s $1 $p=$st $m $o $g" - ;; - esac - done -} - -pp_backend_solaris () { - typeset _cmp _svc _grp - - prototype=$pp_wrkdir/prototype - : > $prototype - - pkginfo=$pp_wrkdir/pkginfo - : > $pkginfo - echo "i pkginfo=$pkginfo" >> $prototype - - case "${pp_solaris_name:-$name}" in - [0-9]*) - pp_error "Package name '${pp_solaris_name:-$name}'" \ - "cannot start with a number" - ;; - ???????????????*) - pp_warn "Package name '${pp_solaris_name:-$name}'" \ - "too long for Solaris 2.6 or 2.7 (max 9 characters)" - ;; - ??????????*) - pp_warn "Package name '${pp_solaris_name:-$name}'" \ - "too long for 2.7 Solaris (max 9 characters)" - ;; - esac - - #-- generate the package info file - echo "VERSION=$version" >> $pkginfo - echo "PKG=${pp_solaris_name:-$name}" >> $pkginfo - echo "CLASSES=$pp_components" >> $pkginfo - echo "BASEDIR=/" >> $pkginfo - echo "NAME=$name $version" >> $pkginfo - echo "CATEGORY=${pp_solaris_category:-application}" >> $pkginfo - - desc="${pp_solaris_desc:-$description}" - test -n "$desc" && - echo "DESC=$desc" >> $pkginfo - - test -n "$pp_solaris_rstates" && - echo "RSTATES=$pp_solaris_rstates" >> $pkginfo - test -n "$pp_solaris_istates" && - echo "ISTATES=$pp_solaris_istates" >> $pkginfo - test -n "$pp_solaris_maxinst" && - echo "MAXINST=$pp_solaris_maxinst" >> $pkginfo - test -n "${pp_solaris_vendor:-$vendor}" && - echo "VENDOR=${pp_solaris_vendor:-$vendor}" >> $pkginfo - test -n "$pp_solaris_pstamp" && - echo "PSTAMP=$pp_solaris_pstamp" >> $pkginfo - - if test -n "${pp_solaris_copyright:-$copyright}"; then - echo "${pp_solaris_copyright:-$copyright}" > $pp_wrkdir/copyright - echo "i copyright=$pp_wrkdir/copyright" >> $prototype - fi - - #-- scripts to run before and after install - : > $pp_wrkdir/postinstall - : > $pp_wrkdir/preremove - : > $pp_wrkdir/postremove - for _cmp in $pp_components; do - #-- add the preinstall scripts in definition order - if test -s $pp_wrkdir/%pre.$_cmp; then - pp_solaris_procedure $_cmp preinst < $pp_wrkdir/%pre.$_cmp \ - >> $pp_wrkdir/preinstall - fi - #-- add the postinstall scripts in definition order - if test -s $pp_wrkdir/%post.$_cmp; then - pp_solaris_procedure $_cmp postinst < $pp_wrkdir/%post.$_cmp \ - >> $pp_wrkdir/postinstall - fi - #-- add the preremove rules in reverse definition order - if test -s $pp_wrkdir/%preun.$_cmp; then - pp_solaris_procedure $_cmp preremove < $pp_wrkdir/%preun.$_cmp | - pp_prepend $pp_wrkdir/preremove - fi - #-- add the postremove scripts in definition order - if test -s $pp_wrkdir/%postun.$_cmp; then - pp_solaris_procedure $_cmp postremove < $pp_wrkdir/%postun.$_cmp \ - >> $pp_wrkdir/postremove - fi - #-- Add the check script in definition order - if test -s $pp_wrkdir/%check.$_cmp; then - pp_solaris_procedure $_cmp checkinstall \ - < $pp_wrkdir/%check.$_cmp \ - >> $pp_wrkdir/checkinstall - fi - #-- All dependencies and conflicts are merged together for Solaris pkgs - test -s $pp_wrkdir/%depend.$_cmp && - pp_solaris_depend < $pp_wrkdir/%depend.$_cmp >> $pp_wrkdir/depend - test -s $pp_wrkdir/%conflict.$_cmp && - pp_solaris_conflict < $pp_wrkdir/%conflict.$_cmp >> $pp_wrkdir/depend - done - - - if pp_solaris_is_request_script_necessary; then - pp_solaris_request > $pp_wrkdir/request - fi - - test -n "$pp_services" && - for _svc in $pp_services; do - pp_load_service_vars $_svc - pp_solaris_smf $_svc - pp_solaris_make_service $_svc - pp_solaris_install_service $_svc | pp_prepend $pp_wrkdir/postinstall - pp_solaris_remove_service $_svc | pp_prepend $pp_wrkdir/preremove - pp_solaris_remove_service $_svc | pp_prepend $pp_wrkdir/postremove - unset pp_svc_xml_file - done - - test -n "$pp_service_groups" && - for _grp in $pp_service_groups; do - pp_solaris_make_service_group \ - $_grp "`pp_service_get_svc_group $_grp`" - done - - #-- if installf was used; we need to indicate a termination - grep installf $pp_wrkdir/postinstall >/dev/null && - echo 'installf -f $PKGINST' >> $pp_wrkdir/postinstall - - pp_solaris_sum_space - - # NB: pkginfo and copyright are added earlier - for f in compver depend space checkinstall \ - preinstall request postinstall \ - preremove postremove; do - if test -s $pp_wrkdir/$f; then - case $f in - *install|*remove|request) - # turn scripts into a proper shell scripts - mv $pp_wrkdir/$f $pp_wrkdir/$f.tmp - { echo "#!/bin/sh"; - echo "# $f script for ${pp_solaris_name:-$name}-$version" - cat $pp_wrkdir/$f.tmp - echo "exit 0"; } > $pp_wrkdir/$f - chmod +x $pp_wrkdir/$f - rm -f $pp_wrkdir/$f.tmp - ;; - esac - if $pp_opt_debug; then - pp_debug "contents of $f:" - cat $pp_wrkdir/$f >&2 - fi - echo "i $f=$pp_wrkdir/$f" >> $prototype - fi - done - - #-- create the prototype file which lists the files to install - # do this as late as possible because files could be added - pp_solaris_abis_seen= - for _cmp in $pp_components; do - pp_solaris_proto $_cmp < $pp_wrkdir/%files.$_cmp - done >> $prototype - - if test x"$pp_solaris_package_arch" = x"auto"; then - if pp_contains "$pp_solaris_abis_seen" sparc64; then - pp_solaris_package_arch_std="sparc64" - echo "ARCH=sparcv9" >> $pkginfo - elif pp_contains "$pp_solaris_abis_seen" sparc; then - pp_solaris_package_arch_std="sparc" - echo "ARCH=sparc" >> $pkginfo - elif pp_contains "$pp_solaris_abis_seen" x86_64; then - pp_solaris_package_arch_std="x86_64" - echo "ARCH=amd64" >> $pkginfo - elif pp_contains "$pp_solaris_abis_seen" i386; then - pp_solaris_package_arch_std="i386" - echo "ARCH=i386" >> $pkginfo - else - pp_warn "No ELF files found: not supplying an ARCH type" - pp_solaris_package_arch_std="noarch" - fi - else - pp_solaris_package_arch_std="$pp_solaris_package_arch" - echo "ARCH=$pp_solaris_package_arch" >> $pkginfo - fi - - mkdir $pp_wrkdir/pkg - - . $pp_wrkdir/%fixup - -if $pp_opt_debug; then - echo "$pkginfo::"; cat $pkginfo - echo "$prototype::"; cat $prototype -fi >&2 - - pkgmk -d $pp_wrkdir/pkg -f $prototype \ - || { error "pkgmk failed"; return; } - pkgtrans -s $pp_wrkdir/pkg \ - $pp_wrkdir/`pp_backend_solaris_names` \ - ${pp_solaris_name:-$name} \ - || { error "pkgtrans failed"; return; } -} - -pp_backend_solaris_cleanup () { - : -} - -pp_backend_solaris_names () { - echo ${pp_solaris_name:-$name}-$version-${pp_solaris_package_arch_std:-$pp_solaris_arch}.pkg -} - -pp_backend_solaris_install_script () { - typeset pkgname platform - - platform="${pp_solaris_os:-solaris}-${pp_solaris_package_arch_std:-$pp_solaris_arch}" - - echo "#! /sbin/sh" - pp_install_script_common - pkgname=`pp_backend_solaris_names` - - cat <<. - tmpnocheck=/tmp/nocheck\$\$ - tmpresponse=/tmp/response\$\$ - trap 'rm -f \$tmpnocheck \$tmpresponse' 0 - - make_tmpfiles () { - cat <<-.. > \$tmpresponse - CLASSES=\$* - SERVICES=$pp_services -.. - cat <<-.. > \$tmpnocheck - mail= - instance=overwrite - partial=nocheck - runlevel=nocheck - idepend=nocheck - rdepend=nocheck - space=nocheck - setuid=nocheck - conflict=nocheck - action=nocheck - basedir=default -.. - } - - test \$# -eq 0 && usage - op="\$1"; shift - - case "\$op" in - list-components) - test \$# -eq 0 || usage \$op - echo "$pp_components" - ;; - list-services) - test \$# -eq 0 || usage \$op - echo "$pp_services" - ;; - list-files) - test \$# -ge 1 || usage \$op - echo \${PP_PKGDESTDIR:-.}/$pkgname - ;; - install) - test \$# -ge 1 || usage \$op - make_tmpfiles "\$@" - verbose /usr/sbin/pkgadd -n -d \${PP_PKGDESTDIR:-.}/$pkgname \ - -r \$tmpresponse \ - -a \$tmpnocheck \ - ${pp_solaris_name:-$name} - ;; - uninstall) - test \$# -ge 1 || usage \$op - make_tmpfiles "\$@" - verbose /usr/sbin/pkgrm -n \ - -a \$tmpnocheck \ - ${pp_solaris_name:-$name} - ;; - start|stop) - test \$# -ge 1 || usage \$op - ec=0 - for svc - do - verbose /etc/init.d/\$svc \$op || ec=1 - done - exit \$ec - ;; - print-platform) - echo "$platform" - ;; - *) - usage - ;; - esac -. -} - -pp_solaris_dynlib_depend () { - xargs ldd 2>/dev/null | - sed -e '/^[^ ]*:$/d' -e 's,.*=>[ ]*,,' -e 's,^[ ]*,,' | - sort -u | - grep -v '^/usr/platform/' | ( - set -- ""; shift - while read p; do - set -- "$@" -p "$p" - if [ $# -gt 32 ]; then - echo "$# is $#" >&2 - pkgchk -l "$@" - set -- ""; shift - fi - done - [ $# -gt 0 ] && pkgchk -l "$@" - )| - awk '/^Current status:/{p=0} p==1 {print $1} /^Referenced by/ {p=1}' | - sort -u | - xargs -l32 pkginfo -x | - awk 'NR % 2 == 1 { name=$1; } NR%2 == 0 { print name, $2 }' -} - -pp_solaris_add_dynlib_depends () { - typeset tmp - tmp=$pp_wrkdir/tmp.dynlib - - for _cmp in $pp_components; do - awk '{print destdir $6}' destdir="$pp_destdir" \ - < $pp_wrkdir/%files.$_cmp | - pp_solaris_dynlib_depend > $tmp - if test -s $tmp; then - cat $tmp >> $pp_wrkdir/%depend.$_cmp - fi - rm -f $tmp - done -} - -pp_backend_solaris_probe () { - echo "${pp_solaris_os}-${pp_solaris_arch_std}" -} - -pp_backend_solaris_vas_platforms () { - case `pp_backend_solaris_probe` in - sol10-sparc* | sol9-sparc* | sol8-sparc*) - echo solaris8-sparc solaris7-sparc solaris26-sparc;; - sol7-sparc*) echo solaris7-sparc solaris26-sparc;; - sol26-sparc*) echo solaris26-sparc;; - sol8-*86) echo solaris8-x86;; - sol10-*86 | sol10-x86_64) - echo solaris10-x64 solaris8-x86;; - *) pp_die "unknown system `pp_backend_solaris_probe`";; - esac -} -pp_backend_solaris_function() { - case "$1" in - pp_mkgroup) cat<<'.';; - /usr/sbin/groupmod "$1" 2>/dev/null && return 0 - /usr/sbin/groupadd "$1" -. - pp_mkuser:depends) echo pp_mkgroup;; - pp_mkuser) cat<<'.';; - id "$1" >/dev/null 2>/dev/null && return 0 - pp_mkgroup "${2:-$1}" || return 1 - /usr/sbin/useradd \ - -g "${2:-$1}" \ - -d "${3:-/nonexistent}" \ - -s "${4:-/bin/false}" \ - "$1" -. - *) false;; - esac -} - -pp_backend_solaris_init_svc_vars () { - _smf_category=${pp_solaris_smf_category:-application} - _smf_method_envvar_name=${smf_method_envvar_name:-"PP_SMF_SERVICE"} - pp_solaris_service_shell=/sbin/sh -} - -pp_solaris_init_svc () { - smf_version=1 - smf_type=service - solaris_user= - solaris_stop_signal= - solaris_sysv_init_start=S70 # invocation order for start scripts - solaris_sysv_init_kill=K30 # invocation order for kill scripts - solaris_sysv_init_start_states="2" # states to install start link - solaris_sysv_init_kill_states="S 0 1" # states to install kill link - - # - # To have the service be installed to start automatically, - # %service foo - # solaris_sysv_init_start_states="S 0 1 2" - # -} - -pp_solaris_smf () { - typeset f _pp_solaris_service_script svc _pp_solaris_manpage - - pp_solaris_name=${pp_solaris_name:-$name} - pp_solaris_manpath=${pp_solaris_manpath:-"/usr/share/man"} - pp_solaris_mansect=${pp_solaris_mansect:-1} - smf_start_timeout=${smf_start_timeout:-60} - smf_stop_timeout=${smf_stop_timeout:-60} - smf_restart_timeout=${smf_restart_timeout:-60} - - svc=${pp_solaris_smf_service_name:-$1} - _pp_solaris_service_script=${pp_solaris_service_script:-"/etc/init.d/${pp_solaris_service_script_name:-$svc}"} - _pp_solaris_manpage=${pp_solaris_manpage:-$svc} - - if [ -z $pp_svc_xml_file ]; then - pp_svc_xml_file="/var/svc/manifest/$_smf_category/$svc.xml" - echo "## Generating the smf service manifest file for $pp_svc_xml_file" - else - echo "## SMF service manifest file already defined at $pp_svc_xml_file" - if [ -z $pp_solaris_smf_service_name ] || [ -z $pp_solaris_smf_category ] || [ -z $pp_solaris_service_script ] || [ -z $smf_method_envvar_name ]; then - pp_error "All required variables are not set.\n"\ - "When using a custom manifest file all of the following variables must be set:\n"\ - "pp_solaris_smf_service_name, pp_solaris_smf_category, pp_solaris_service_script and smf_method_envvar_name.\n\n"\ - "Example:\n"\ - " \$pp_solaris_smf_category=application\n"\ - " \$pp_solaris_smf_service_name=pp\n\n"\ - " \n\n"\ - "Example:\n"\ - " \$pp_solaris_service_script=/etc/init.d/pp\n\n"\ - " \n\n"\ - "Example:\n"\ - " \$smf_method_envvar_name=PP_SMF_SERVICE\n\n"\ - " \n"\ - " \n"\ - " \n" - - return 1 - fi - return 0 - fi - - f=$pp_svc_xml_file - pp_add_file_if_missing $f || - return 0 - pp_solaris_add_parent_dirs "$f" - - _pp_solaris_smf_dependencies=" - - - - - - - -" - _pp_solaris_smf_dependencies=${pp_solaris_smf_dependencies:-$_pp_solaris_smf_dependencies} - - cat <<-. >$pp_destdir$f - - - - - - - - - - - - $_pp_solaris_smf_dependencies - - $pp_solaris_smf_additional_dependencies - - - - - - - - - - - - - - - $pp_solaris_smf_property_groups - - - - -. -} - -pp_solaris_make_service_group () { - typeset group out file svcs svc - - group="$1" - svcs="$2" - file="/etc/init.d/$group" - out="$pp_destdir$file" - - #-- return if the script is supplied already - pp_add_file_if_missing "$file" run 755 || return 0 - pp_solaris_add_parent_dirs "$file" - - echo "#! /sbin/sh" > $out - echo "# polypkg service group script for these services:" >> $out - echo "svcs=\"$svcs\"" >> $out - - cat <<'.' >>$out - - #-- starts services in order.. stops them all if any break - pp_start () { - undo= - for svc in $svcs; do - if /etc/init.d/$svc start; then - undo="$svc $undo" - else - if test -n "$undo"; then - for svc in $undo; do - /etc/init.d/$svc stop - done - return 1 - fi - fi - done - return 0 - } - - #-- stops services in reverse - pp_stop () { - reverse= - for svc in $svcs; do - reverse="$svc $reverse" - done - rc=0 - for svc in $reverse; do - /etc/init.d/$svc stop || rc=$? - done - return $rc - } - - #-- returns true only if all services return true status - pp_status () { - rc=0 - for svc in $svcs; do - /etc/init.d/$svc status || rc=$? - done - return $rc - } - - case "$1" in - start) pp_start;; - stop) pp_stop;; - status) pp_status;; - restart) pp_stop && pp_start;; - *) echo "usage: $0 {start|stop|restart|status}" >&2; exit 1;; - esac -. -} - -pp_solaris_make_service () { - typeset file out svc - - svc="${pp_solaris_smf_service_name:-$1}" - file=${pp_solaris_service_script:-"/etc/init.d/${pp_solaris_service_script_name:-$svc}"} - out="$pp_destdir$file" - - #-- return if we don't need to create the init script - pp_add_file_if_missing "$file" run 755 || - return 0 - pp_solaris_add_parent_dirs "$file" - - echo "#! /sbin/sh" >$out - echo "#-- This service init file generated by polypkg" >>$out - - #-- Start SMF integration. - if [ -n "$pp_svc_xml_file" ] ; then - cat <<_EOF >>$out -if [ -x /usr/sbin/svcadm ] && [ "x\$1" != "xstatus" ] && [ "t\$$_smf_method_envvar_name" = "t" ] ; then - case "\$1" in - start) - echo "starting $svc" - /usr/sbin/svcadm clear svc:/$_smf_category/$svc:default >/dev/null 2>&1 - /usr/sbin/svcadm enable -s $_smf_category/$svc - RESULT=\$? - if [ "\$RESULT" -ne 0 ] ; then - echo "Error \$RESULT starting $svc" >&2 - fi - ;; - stop) - echo "stopping $svc" - /usr/sbin/svcadm disable -ts $_smf_category/$svc - RESULT=0 - ;; - restart) - echo "restarting $svc" - /usr/sbin/svcadm disable -ts $_smf_category/$svc - /usr/sbin/svcadm clear svc:/$_smf_category/$svc:default >/dev/null 2>&1 - /usr/sbin/svcadm enable -s $_smf_category/$svc - RESULT=\$? - if [ "\$RESULT" -ne 0 ] ; then - echo "Error \$RESULT starting $svc" >&2 - fi - ;; - *) - echo "Usage: $file {start|stop|restart|status}" >&2 - RESULT=1 - esac - exit $RESULT -fi -_EOF - fi - - #-- Construct a start command that builds a pid file as needed - # and forks the daemon. Services started by smf may not fork. - if test -z "$pidfile"; then - # The service does not define a pidfile, so we have to make - # our own up. On Solaris systems where there is no /var/run - # we must use /tmp to guarantee the pid files are removed after - # a system crash. - if test -z "$pp_piddir"; then - pp_piddir="/var/run" - fi - cat <<. >>$out - pp_isdaemon=0 - pp_piddirs="${pp_piddir}${pp_piddir+ }/var/run /tmp" - for pp_piddir in \$pp_piddirs; do - test -d "\$pp_piddir/." && break - done - pidfile="\$pp_piddir/$svc.pid" -. - else - # The service is able to write its own PID file - cat <<. >>$out - pp_isdaemon=1 - pidfile="$pidfile" -. - fi - - pp_su= - if test "${user:-root}" != "root"; then - pp_su="su $user -c exec " - fi - - cat <<. >>$out - stop_signal="${stop_signal:-TERM}" - svc="${svc}" - - # generated command to run $svc as a service - pp_exec () { - if [ \$pp_isdaemon -ne 1 ]; then - if [ "t\$PP_SMF_SERVICE" = "t" ]; then - ${pp_su}$cmd & - echo \$! > \$pidfile - else - echo "via exec." - echo \$$ > \$pidfile - exec ${pp_su}$cmd - return 1 - fi - else - ${pp_su}$cmd - fi - } -. - - #-- write the invariant section of the init script - cat <<'.' >>$out - - # returns true if $svc is running - pp_running () { - if test -s "$pidfile"; then - read pid < "$pidfile" 2>/dev/null - if test ${pid:-0} -gt 1 && kill -0 "$pid" 2>/dev/null; then - # make sure command name matches up to the first 8 chars - c="`echo $cmd | sed -e 's: .*::' -e 's:^.*/::' -e 's/^\(........\).*$/\1/'`" - pid="`ps -p $pid 2>/dev/null | sed -n \"s/^ *\($pid\) .*$c *$/\1/p\"`" - if test -n "$pid"; then - return 0 - fi - fi - fi - return 1 - } - - # prints a message describing $svc's running state - pp_status () { - if pp_running; then - echo "service $svc is running (pid $pid)" - return 0 - elif test -f "$pidfile"; then - echo "service $svc is not running, but pid file exists" - return 2 - else - echo "service $svc is not running" - return 1 - fi - } - - # starts $svc - pp_start () { - if pp_running; then - echo "service $svc already running" >&2 - return 0 - fi - echo "starting $svc... \c" - if pp_exec; then - echo "done." - else - echo "ERROR." - exit 1 - fi - } - - # stops $svc - pp_stop () { - if pp_running; then - echo "stopping $svc... \c" - if kill -$stop_signal $pid; then - rm -f "$pidfile" - echo "done." - else - echo "ERROR." - return 1 - fi - else - echo "service $svc already stopped" >&2 - return 0 - fi - } - - umask 022 - case "$1" in - start) pp_start;; - stop) pp_stop;; - status) pp_status;; - restart) pp_stop && pp_start;; - *) echo "usage: $0 {start|stop|restart|status}" >&2; exit 1;; - esac -. -} - -pp_solaris_remove_service () { - typeset file svc - - svc="${pp_solaris_smf_service_name:-$1}" - file=${pp_solaris_service_script:-"/etc/init.d/${pp_solaris_service_script_name:-$svc}"} - - echo ' -if [ "x${PKG_INSTALL_ROOT}" = 'x' ]; then - if [ -x /usr/sbin/svcadm ] ; then - /usr/sbin/svcadm disable -s '$svc' 2>/dev/null - case "`uname -r`-$pp_svc_xml_file" in - 5.1[1-9]*-/var/svc/manifest/*|5.[2-9]*-/var/svc/manifest/*) - # Use manifest-import if > 5.10 and manifest in default location - /usr/sbin/svcadm restart manifest-import 2>/dev/null - ;; - *) - /usr/sbin/svccfg delete '$svc' 2>/dev/null - ;; - esac - else - '$file' stop >/dev/null 2>/dev/null - fi -fi - ' -} - -pp_solaris_install_service () { - typeset s k l file svc - - svc="${pp_solaris_smf_service_name:-$1}" - file=${pp_solaris_service_script:-"/etc/init.d/${pp_solaris_service_script_name:-$svc}"} - - s="${solaris_sysv_init_start}$svc" - k="${solaris_sysv_init_kill}$svc" - - echo ' -if [ "x${PKG_INSTALL_ROOT}" != "x" ]; then - if [ -x ${PKG_INSTALL_ROOT}/usr/sbin/svcadm ]; then - case "`uname -r`-$pp_svc_xml_file" in - 5.1[1-9]*-/var/svc/manifest/*|5.[2-9]*-/var/svc/manifest/*) - # Use manifest-import if > 5.10 and manifest in default location - echo "/usr/sbin/svcadm restart manifest-import 2>/dev/null" >> ${PKG_INSTALL_ROOT}/var/svc/profile/upgrade - ;; - *) - echo "/usr/sbin/svccfg import '$pp_svc_xml_file' 2>/dev/null" >> ${PKG_INSTALL_ROOT}/var/svc/profile/upgrade - ;; - esac - else' - test -n "${solaris_sysv_init_start_states}" && - for state in ${solaris_sysv_init_start_states}; do - l="/etc/rc$state.d/$s" - echo "echo '$l'" - echo "installf -c run \$PKGINST \$PKG_INSTALL_ROOT$l=$file s" - pp_solaris_space /etc/rc$state.d 0 1 - done - test -n "${solaris_sysv_init_kill_states}" && - for state in ${solaris_sysv_init_kill_states}; do - l="/etc/rc$state.d/$k" - echo "echo '$l'" - echo "installf -c run \$PKGINST \$PKG_INSTALL_ROOT$l=$file s" - pp_solaris_space /etc/rc$state.d 0 1 - done - echo ' - fi -else - if [ -x /usr/sbin/svcadm ]; then - echo "Registering '$svc' with SMF" - /usr/sbin/svcadm disable -s '$svc' 2>/dev/null - case "`uname -r`-$pp_svc_xml_file" in - 5.1[1-9]*-/var/svc/manifest/*|5.[2-9]*-/var/svc/manifest/*) - # Use manifest-import if > 5.10 and manifest in default location - /usr/sbin/svcadm restart manifest-import - # Wait for import to complete, otherwise it will not know - # about our service until after we try to start it - echo Waiting for manifest-import... - typeset waited - waited=0 - while [ $waited -lt 15 ] && ! /usr/bin/svcs -l '$svc' >/dev/null 2>&1; do - sleep 1 - waited=`expr $waited + 1` - done - if /usr/bin/svcs -l '$svc' >/dev/null 2>&1; then - echo OK - else - echo manifest-import took to long, you might have to control '$svc' manually. - fi - ;; - *) - /usr/sbin/svccfg delete '$svc' 2>/dev/null - /usr/sbin/svccfg import '$pp_svc_xml_file' - ;; - esac - else' - test -n "${solaris_sysv_init_start_states}" && - for state in ${solaris_sysv_init_start_states}; do - l="/etc/rc$state.d/$s" - echo "echo '$l'" - echo "installf -c run \$PKGINST \$PKG_INSTALL_ROOT$l=$file s" - pp_solaris_space /etc/rc$state.d 0 1 - done - test -n "${solaris_sysv_init_kill_states}" && - for state in ${solaris_sysv_init_kill_states}; do - l="/etc/rc$state.d/$k" - echo "echo '$l'" - echo "installf -c run \$PKGINST \$PKG_INSTALL_ROOT$l=$file s" - pp_solaris_space /etc/rc$state.d 0 1 - done - echo ' - fi -fi' -} - -pp_solaris_add_parent_dirs () { - typeset dir - - dir=${1%/*} - while test -n "$dir"; do - if awk "\$6 == \"$dir/\" {exit 1}" < $pp_wrkdir/%files.run; then - echo "d - - - - $dir/" >> $pp_wrkdir/%files.run - fi - dir=${dir%/*} - done -} - -pp_platforms="$pp_platforms deb" - -pp_backend_deb_detect () { - test -f /etc/debian_version -} - -pp_deb_cmp_full_name () { - local prefix - prefix="${pp_deb_name:-$name}" - case "$1" in - run) echo "${prefix}" ;; - dbg) echo "${prefix}-${pp_deb_dbg_pkgname}";; - dev) echo "${prefix}-${pp_deb_dev_pkgname}";; - doc) echo "${prefix}-${pp_deb_doc_pkgname}";; - *) pp_error "unknown component '$1'"; - esac -} - -pp_backend_deb_init () { - pp_deb_dpkg_version="2.0" - pp_deb_name= - pp_deb_version= - pp_deb_release= - pp_deb_arch= - pp_deb_arch_std= - pp_deb_maintainer="One Identity LLC " - pp_deb_copyright= - pp_deb_distro= - pp_deb_control_description= - pp_deb_summary= - pp_deb_description= - pp_deb_dbg_pkgname="dbg" - pp_deb_dev_pkgname="dev" - pp_deb_doc_pkgname="doc" - pp_deb_section=contrib # Free software that depends on non-free software - - # Detect the host architecture - pp_deb_detect_arch - - # Make sure any programs we require are installed - pp_deb_check_required_programs -} - -pp_deb_check_required_programs () { - local p needed notfound ok - needed= notfound= - for prog in dpkg dpkg-deb install md5sum fakeroot - do - if which $prog 2>/dev/null >/dev/null; then - pp_debug "$prog: found" - else - pp_debug "$prog: not found" - case "$prog" in - dpkg|dpkg-deb) p=dpkg;; - install|md5sum) p=coreutils;; - fakeroot) p=fakeroot;; - *) pp_die "unexpected dpkg tool $prog";; - esac - notfound="$notfound $prog" - pp_contains "$needed" "$p" || needed="$needed $p" - fi - done - if [ -n "$notfound" ]; then - pp_error "cannot find these programs: $notfound" - pp_error "please install these packages: $needed" - fi -} - -pp_deb_munge_description () { - # Insert a leading space on each line, replace blank lines with a - #space followed by a full-stop. - pp_deb_control_description="`echo ${pp_deb_description:-$description} | \ - sed 's,^\(.*\)$, \1, ' | sed 's,^[ \t]*$, .,g' | fmt -w 80`" -} - -pp_deb_detect_arch () { - pp_deb_arch=`dpkg-architecture -qDEB_HOST_ARCH` - pp_deb_arch_std=`uname -m` -} - -pp_deb_sanitize_version() { - echo "$@" | tr -d -c '[:alnum:].+-:~' -} - -pp_deb_version_final() { - if test -n "$pp_deb_version"; then - # Don't sanitize; assume the user is sane (hah!) - echo "$pp_deb_version" - else - pp_deb_sanitize_version "$version" - fi -} - -pp_deb_conflict () { - local _name _vers _conflicts - - _conflicts="Conflicts:" - while read _name _vers; do - case "$_name" in ""| "#"*) continue ;; esac - _conflicts="$_conflicts $_name" - test -n "$_vers" && _conflicts="$_conflicts $_name (>= $vers)" - _conflicts="${_conflicts}," - done - echo "${_conflicts%,}" -} - -pp_deb_make_control() { - local cmp="$1" - local installed_size - - # compute the installed size - installed_size=`pp_deb_files_size < $pp_wrkdir/%files.$cmp` - - package_name=`pp_deb_cmp_full_name "$cmp"` - cat <<-. - Package: ${package_name} - Version: `pp_deb_version_final`-${pp_deb_release:-1} - Section: ${pp_deb_section:-contrib} - Priority: optional - Architecture: ${pp_deb_arch} - Maintainer: ${pp_deb_maintainer:-$maintainer} - Description: ${pp_deb_summary:-$summary} - ${pp_deb_control_description} - Installed-Size: ${installed_size} -. - if test -s $pp_wrkdir/%depend."$cmp"; then - sed -ne '/^[ ]*$/!s/^[ ]*/Depends: /p' \ - < $pp_wrkdir/%depend."$cmp" - fi - if test -s $pp_wrkdir/%conflict."$cmp"; then - pp_deb_conflict < $pp_wrkdir/%conflict."$cmp" - fi -} - -pp_deb_make_md5sums() { - local cmp="$1"; shift - local pkg_dir - - pkg_dir=$pp_wrkdir/`pp_deb_cmp_full_name $cmp` - (cd $pkg_dir && md5sum "$@") > $pkg_dir/DEBIAN/md5sums || - pp_error "cannot make md5sums" -} - -pp_deb_make_package_maintainer_script() { - local output="$1" - local source="$2" - local desc="$3" - - # See if we need to create this script at all - if [ -s "$source" ] - then - - # Create header - cat <<-. >$output || pp_error "Cannot create $output" - #!/bin/sh - # $desc - # Generated by PolyPackage $pp_version - -. - - cat $source >> "$output" || pp_error "Cannot append to $output" - - # Set perms - chmod 755 "$output" || pp_error "Cannot chmod $output" - fi -} - -pp_deb_handle_services() { - local svc - - #-- add service start/stop code - if test -n "$pp_services"; then - #-- record the uninstall commands in reverse order - for svc in $pp_services; do - pp_load_service_vars $svc - - # Create init script (unless one exists) - pp_deb_service_make_init_script $svc - - #-- append %post code to install the svc - test x"yes" = x"$enable" && - cat<<-. >> $pp_wrkdir/%post.run - case "\$1" in - configure) - # Install the service links - update-rc.d $svc defaults - ;; - esac -. - - #-- prepend %preun code to stop svc - cat<<-. | pp_prepend $pp_wrkdir/%preun.run - case "\$1" in - remove|deconfigure|upgrade) - # Stop the $svc service - invoke-rc.d $svc stop - ;; - esac -. - - #-- prepend %postun code to remove service - cat<<-. | pp_prepend $pp_wrkdir/%postun.run - case "\$1" in - purge) - # Remove the service links - update-rc.d $svc remove - ;; - esac -. - done - #pp_deb_service_remove_common | pp_prepend $pp_wrkdir/%preun.run - fi - -} -pp_deb_fakeroot () { - if test -s $pp_wrkdir/fakeroot.save; then - fakeroot -i $pp_wrkdir/fakeroot.save -s $pp_wrkdir/fakeroot.save "$@" - else - fakeroot -s $pp_wrkdir/fakeroot.save "$@" - fi -} - -pp_deb_files_size () { - local t m o g f p st - while read t m o g f p st; do - case $t in - f|s) du -k "${pp_destdir}$p";; - d) echo 4;; - esac - done | awk '{n+=$1} END {print n}' -} - -pp_deb_make_DEBIAN() { - local cmp="${1:-run}" - local data cmp_full_name - local old_umask - - old_umask=`umask` - umask 0022 - cmp_full_name=`pp_deb_cmp_full_name $cmp` - data=$pp_wrkdir/$cmp_full_name - - # Create DEBIAN dir $data/DEBIAN - mkdir -p $data/DEBIAN - - # Create control file - pp_deb_make_control $cmp > $data/DEBIAN/control - - # Copy in conffiles - if test -f $pp_wrkdir/%conffiles.$cmp; then - cp $pp_wrkdir/%conffiles.$cmp $data/DEBIAN/conffiles - fi - - # Create preinst - pp_deb_make_package_maintainer_script "$data/DEBIAN/preinst" \ - "$pp_wrkdir/%pre.$cmp" "Pre-install script for $cmp_full_name"\ - || exit $? - - # Create postinst - pp_deb_make_package_maintainer_script "$data/DEBIAN/postinst" \ - "$pp_wrkdir/%post.$cmp" "Post-install script for $cmp_full_name"\ - || exit $? - - # Create prerm - pp_deb_make_package_maintainer_script "$data/DEBIAN/prerm" \ - "$pp_wrkdir/%preun.$cmp" "Pre-uninstall script for $cmp_full_name"\ - || exit $? - - # Create postrm - pp_deb_make_package_maintainer_script "$data/DEBIAN/postrm" \ - "$pp_wrkdir/%postun.$cmp" "Post-uninstall script for $cmp_full_name"\ - || exit $? - - umask $old_umask -} - -pp_deb_make_data() { - local _l t m o g f p st data - local data share_doc owner group - cmp=$1 - data=$pp_wrkdir/`pp_deb_cmp_full_name $cmp` - cat $pp_wrkdir/%files.${cmp} | while read t m o g f p st; do - if test x"$m" = x"-"; then - case "$t" in - d) m=755;; - f) m=644;; - esac - fi - test x"$o" = x"-" && o=root - test x"$g" = x"-" && g=root - case "$t" in - f) # Files - pp_deb_fakeroot install -D -o $o -g $g -m ${m} $pp_destdir/$p $data/$p; - if [ x"$f" = x"v" ] - then - # File marked as "volatile". Assume this means it's a conffile - # TODO: check this as admins like modified conffiles to be left - # behind - echo "$p" >> $pp_wrkdir/%conffiles.$cmp - fi;; - - d) # Directories - pp_deb_fakeroot install -m ${m} -o $o -g $g -d $data/$p;; - - s) # Symlinks - # Remove leading / from vars - rel_p=`echo $p | sed s,^/,,` - rel_st=`echo $st | sed s,^/,,` - # TODO: we are always doing absolute links here. We should follow - # the debian policy of relative links when in the same top-level - # directory - (cd $data; ln -sf $st $rel_p);; - *) pp_error "Unsupported data file type: $t";; - esac - done - - # If no copyright file is present add one. This is a debian requirement. - share_doc="/usr/share/doc/`pp_deb_cmp_full_name $cmp`" - if [ ! -f "$data/$share_doc/copyright" ] - then - echo "${pp_deb_copyright:-$copyright}" > "$pp_wrkdir/copyright" - install -D -m 644 "$pp_wrkdir/copyright" "$data/$share_doc/copyright" - fi - -} - -pp_deb_makedeb () { - local cmp - local package_build_dir - - cmp="$1" - - package_build_dir=$pp_wrkdir/`pp_deb_cmp_full_name $cmp` - - # Create package dir - mkdir -p $package_build_dir - - # Copy in data - pp_deb_make_data $cmp || - pp_die "Could not make DEBIAN data files for $cmp" - - # Make control files - # must be done after copying data so conffiles are found - pp_deb_make_DEBIAN $cmp || - pp_die "Could not make DEBIAN control files for $cmp" - - # Create md5sums - pp_deb_make_md5sums $cmp `(cd $package_build_dir; - find . -name DEBIAN -prune -o -type f -print | sed "s,^\./,,")` || - pp_die "Could not make DEBIAN md5sums for $cmp" -} - -pp_backend_deb () { - local debname - - # Munge description for control file inclusion - pp_deb_munge_description - - # Handle services - pp_deb_handle_services $cmp - - for cmp in $pp_components - do - debname=`pp_deb_name $cmp` - pp_deb_makedeb $cmp - done - - . $pp_wrkdir/%fixup - - for cmp in $pp_components - do - debname=`pp_deb_name $cmp` - # Create debian package - pp_debug "Building `pp_deb_cmp_full_name $cmp` -> $output" - pp_deb_fakeroot dpkg-deb \ - --build $pp_wrkdir/`pp_deb_cmp_full_name $cmp` \ - $pp_wrkdir/$debname || - pp_error "failed to create $cmp package" - done -} - -pp_backend_deb_cleanup () { - # rm -rf $pp_wrkdir - : -} - -pp_deb_name () { - local cmp="${1:-run}" - echo `pp_deb_cmp_full_name $cmp`"_"`pp_deb_version_final`"-${pp_deb_release:-1}_${pp_deb_arch}.deb" -} -pp_backend_deb_names () { - for cmp in $pp_components - do - pp_deb_name $cmp - done -} - -pp_backend_deb_install_script () { - local cmp _cmp_full_name - - echo "#!/bin/sh" - pp_install_script_common - - cat <<. - - cmp_to_pkgname () { - test x"\$*" = x"all" && - set -- $pp_components - for cmp - do - case \$cmp in -. - for cmp in $pp_components; do - echo "$cmp) echo '`pp_deb_cmp_full_name $cmp`';;" - done - cat <<. - *) usage;; - esac - done - } - - - cmp_to_pathname () { - test x"\$*" = x"all" && - set -- $pp_components - for cmp - do - case \$cmp in -. - for cmp in $pp_components; do - echo "$cmp) echo \${PP_PKGDESTDIR:-.}/'`pp_deb_name $cmp`';;" - done - cat <<. - *) usage;; - esac - done - } - - test \$# -eq 0 && usage - op="\$1"; shift - case "\$op" in - list-components) - test \$# -eq 0 || usage \$op - echo $pp_components - ;; - list-services) - test \$# -eq 0 || usage \$op - echo $pp_services - ;; - list-files) - test \$# -ge 1 || usage \$op - cmp_to_pathname "\$@" - ;; - install) - test \$# -ge 1 || usage \$op - dpkg --install \`cmp_to_pathname "\$@"\` - ;; - uninstall) - test \$# -ge 1 || usage \$op - dpkg --remove \`cmp_to_pkgname "\$@"\`; : - ;; - start|stop) - test \$# -ge 1 || usage \$op - ec=0 - for svc - do - /etc/init.d/\$svc \$op || ec=1 - done - exit \$ec - ;; - print-platform) - test \$# -eq 0 || usage \$op - echo "linux-${pp_deb_arch}" - ;; - *) - usage - ;; - esac -. -} - -pp_backend_deb_probe() { - local arch distro release - - pp_deb_detect_arch - - # /etc/debian_version exists on Debian & Ubuntu, so it's no use - # to us. Use lsb_release instead. - - case `(lsb_release -is || echo no-lsb) 2>/dev/null` in - Debian) - distro=deb - ;; - Ubuntu) - distro=ubu - ;; - no-lsb) - echo unknown-$pp_deb_arch_std - return 0 - ;; - *) - distro=unknown - ;; - esac - - release=`lsb_release -rs` - - # If release is not numeric, use the codename - case $release in - *[!.0-9r]*) - release=`lsb_release -cs` - case $release in - buzz) - release="11" - ;; - rex) - release="12" - ;; - bo) - release="13" - ;; - hamm) - release="20" - ;; - slink) - release="21" - ;; - potato) - release="22" - ;; - woody) - release="30" - ;; - sarge) - release="31" - ;; - etch) - release="40" - ;; - lenny) - release="50" - ;; - squeeze) - release="60" - ;; - wheezy) - release="70" - ;; - jessie) - release="80" - ;; - stretch) - release="90" - ;; - esac - ;; - *) - # Remove trailing revision number and any dots - release=`echo $release | cut -dr -f1 | tr -d .` - ;; - esac - - echo $distro$release-$pp_deb_arch_std -} - -pp_backend_deb_vas_platforms () { - case "$pp_deb_arch_std" in - x86_64) echo "linux-x86_64.deb";; # DO NOT add linux-x86.deb here!! - *86) echo "linux-x86.deb";; - *) pp_die "unknown architecture ${pp_deb_arch_std}";; - esac -} -pp_backend_deb_init_svc_vars () { - - reload_signal= - start_runlevels=${pp_deb_default_start_runlevels-"2 3 4 5"} # == lsb default-start - stop_runlevels=${pp_deb_default_stop_runlevels-"0 1 6"} # == lsb default-stop - svc_description="${pp_deb_default_svc_description}" # == lsb short descr - svc_process= - - lsb_required_start='$local_fs $network' - lsb_should_start= - lsb_required_stop='$local_fs' - lsb_description= - - start_priority=50 - stop_priority=50 #-- stop_priority = 100 - start_priority -} - -pp_deb_service_make_init_script () { - local svc=$1 - local script=/etc/init.d/$svc - local out=$pp_destdir$script - local _process _cmd - - pp_add_file_if_missing $script run 755 v || return 0 - - #-- start out as an empty shell script - cat <<-'.' >$out - #!/bin/sh -. - - #-- determine the process name from $cmd unless $svc_process is given - set -- $cmd - #_process=${svc_process:-"$1"} --? WTF - - #-- construct a start command that builds a pid file if needed - #-- the command name in /proc/[pid]/stat is limited to 15 characters - _cmd="$cmd"; - _cmd_path=`echo $cmd | cut -d" " -f1` - _cmd_name=`basename $_cmd_path | cut -c1-15` - _cmd_args=`echo $cmd | cut -d" " -f2-` - test x"$_cmd_path" != x"$_cmd_args" || _cmd_args= - - #-- generate the LSB init info - cat <<-. >>$out - ### BEGIN INIT INFO - # Provides: ${svc} - # Required-Start: ${lsb_required_start} - # Should-Start: ${lsb_should_start} - # Required-Stop: ${lsb_required_stop} - # Default-Start: ${start_runlevels} - # Default-Stop: ${stop_runlevels} - # Short-Description: ${svc_description:-no description} - ### END INIT INFO - # Generated by PolyPackage ${pp_version} - # ${copyright} - -. - - if test x"${svc_description}" = x"${pp_deb_default_svc_description}"; then - svc_description= - fi - - #-- write service-specific definitions - cat <<. >>$out -NAME="${_cmd_name}" -DESC="${svc_description:-$svc service}" -USER="${user}" -GROUP="${group}" -PIDFILE="${pidfile}" -STOP_SIGNAL="${stop_signal}" -RELOAD_SIGNAL="${reload_signal}" -CMD="${_cmd}" -DAEMON="${_cmd_path}" -DAEMON_ARGS="${_cmd_args}" -SCRIPTNAME=${script} -. - - #-- write the generic part of the init script - cat <<'.' >>$out - -[ -x "$DAEMON" ] || exit 0 - -[ -r /etc/default/$NAME ] && . /etc/default/$NAME - -[ -f /etc/default/rcS ] && . /etc/default/rcS - -. /lib/lsb/init-functions - -do_start() -{ - # Return - # 0 if daemon has been started - # 1 if daemon was already running - # 2 if daemon could not be started - if [ -n "$PIDFILE" ] - then - pidfile_opt="--pidfile $PIDFILE" - else - pidfile_opt="--make-pidfile --background --pidfile /var/run/$NAME.pid" - fi - if [ -n "$USER" ] - then - user_opt="--user $USER" - fi - if [ -n "$GROUP" ] - then - group_opt="--group $GROUP" - fi - - start-stop-daemon --start --quiet $pidfile_opt $user_opt --exec $DAEMON --test > /dev/null \ - || return 1 - - # Note: there seems to be no way to tell whether the daemon will fork itself or not, so pass - # --background for now - start-stop-daemon --start --quiet $pidfile_opt $user_opt --exec $DAEMON -- \ - $DAEMON_ARGS \ - || return 2 -} - -do_stop() -{ - # Return - # 0 if daemon has been stopped - # 1 if daemon was already stopped - # 2 if daemon could not be stopped - # other if a failure occurred - if [ -n "$PIDFILE" ] - then - pidfile_opt="--pidfile $PIDFILE" - else - pidfile_opt="--pidfile /var/run/$NAME.pid" - fi - if [ -n "$USER" ] - then - user_opt="--user $USER" - fi - if [ -n $STOP_SIGNAL ] - then - signal_opt="--signal $STOP_SIGNAL" - fi - start-stop-daemon --stop --quiet $signal_opt --retry=TERM/30/KILL/5 $pidfile_opt --name $NAME - RETVAL="$?" - [ "$RETVAL" = 2 ] && return 2 - # Wait for children to finish too if this is a daemon that forks - # and if the daemon is only ever run from this initscript. - # If the above conditions are not satisfied then add some other code - # that waits for the process to drop all resources that could be - # needed by services started subsequently. A last resort is to - # sleep for some time. - start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON - [ "$?" = 2 ] && return 2 - # Many daemons don't delete their pidfiles when they exit. - test -z $PIDFILE || rm -f $PIDFILE - return "$RETVAL" -} - -do_reload() { - # - # If the daemon can reload its configuration without - # restarting (for example, when it is sent a SIGHUP), - # then implement that here. - # - if [ -n "$PIDFILE" ] - then - pidfile_opt="--pidfile $PIDFILE" - else - pidfile_opt="--pidfile /var/run/$NAME.pid" - fi - if [ -n "$RELOAD_SIGNAL" ] - then - start-stop-daemon --stop --signal $RELOAD_SIGNAL --quiet $pidfile_opt --name $NAME - fi - return 0 -} - -case "$1" in - start) - [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" - do_start - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - stop) - [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - reload|force-reload) - if [ -n "$RELOAD_SIGNAL" ] - then - log_daemon_msg "Reloading $DESC" "$NAME" - do_reload - log_end_msg $? - else - # Do a restart instead - "$0" restart - fi - ;; - restart) - # - # If the "reload" option is implemented then remove the - # 'force-reload' alias - # - log_daemon_msg "Restarting $DESC" "$NAME" - do_stop - case "$?" in - 0|1) - do_start - case "$?" in - 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - *) - #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 - echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 - exit 3 - ;; -esac - -: -. - chmod 755 $out -} -pp_backend_deb_function() { - case "$1" in - pp_mkgroup) cat<<'.';; - /usr/sbin/groupmod "$1" 2>/dev/null && return 0 - /usr/sbin/groupadd "$1" -. - pp_mkuser:depends) echo pp_mkgroup;; - pp_mkuser) cat<<'.';; - pp_tmp_system= - id -u "$1" >/dev/null 2>/dev/null && return 0 - # deb 3.1's useradd changed API in 4.0. Gah! - /usr/sbin/useradd --help 2>&1 | /bin/grep -q .--system && - pp_tmp_system=--system - pp_mkgroup "${2:-$1}" || return 1 - /usr/sbin/useradd \ - -g "${2:-$1}" \ - -d "${3:-/nonexistent}" \ - -s "${4:-/bin/false}" \ - $pp_tmp_system \ - "$1" -. - pp_havelib) cat<<'.';; - for pp_tmp_dir in `echo "/usr/lib:/lib${3:+:$3}" | tr : ' '`; do - test -r "$pp_tmp_dir/lib$1.so{$2:+.$2}" && return 0 - done - return 1 -. - *) false;; - esac -} - -pp_platforms="$pp_platforms kit" - -pp_backend_kit_detect () { - test x"$1" = x"OSF1" -} - -pp_backend_kit_init () { - pp_kit_name= - pp_kit_package= - pp_kit_desc= - pp_kit_version= - pp_kit_subset= - pp_readlink_fn=pp_ls_readlink - pp_kit_startlevels="2 3" - pp_kit_stoplevels="0 2 3" -} - -pp_backend_kit () { - typeset mi_file k_file svc outfile - typeset desc - - pp_backend_kit_names > /dev/null - - if test -z "$pp_kit_desc"; then - pp_kit_desc="$description" - fi - - mi_file="$pp_wrkdir/$pp_kit_subset.mi" - k_file="$pp_wrkdir/$pp_kit_subset.k" - scp_file="$pp_wrkdir/$pp_kit_subset.scp" - - desc="${pp_kit_desc:-$description}" - - cat <<-. >> $k_file - NAME='$name' - CODE=$pp_kit_name - VERS=$pp_kit_version - MI=$mi_file - COMPRESS=0 - %% - $pp_kit_subset . 0 '$desc' -. - - if test -n "$pp_services"; then - for svc in $pp_services; do - pp_kit_make_service $svc - pp_prepend $pp_wrkdir/%preun.run <<-. - /sbin/init.d/$svc stop -. - done - fi - - pp_backend_kit_make_mi "$mi_file" - pp_backend_kit_make_scp - #rm -rf $pp_wrkdir/kit_dest - mkdir -p $pp_wrkdir/kit_dest - pp_backend_kit_kits $k_file $pp_opt_destdir $pp_wrkdir/kit_dest - tar cvf $pp_wrkdir/$pp_kit_subset.tar -C $pp_wrkdir/kit_dest . - gzip -c $pp_wrkdir/$pp_kit_subset.tar > $pp_wrkdir/$pp_kit_subset.tar.gz - #rm -rf $pp_wrkdir/$pp_kit_subset.tar $pp_wrkdir/scps -} - -pp_backend_kit_make_mi () { - # XXX this information should go into the .inv files - typeset t m o g f p st line dm - while read t m o g f p st; do - case $t in - f|d) - echo "0 .$p $pp_kit_subset" - echo " chmod $m $p" >> $pp_wrkdir/%post.run - if [ x"$o" = x"-" ] ; then - echo " chown root $p" >> $pp_wrkdir/%post.run - else - echo " chown $o $p" >> $pp_wrkdir/%post.run - fi - if [ x"$g" = x"-" ] ; then - echo " chgrp 0 $p" >> $pp_wrkdir/%post.run - else - echo " chgrp $g $p" >> $pp_wrkdir/%post.run - fi - ;; - s) - echo " ln -s $st $p" >> $pp_wrkdir/%post.run - echo " rm -f $p" >> $pp_wrkdir/%preun.run - ;; - esac - done < $pp_wrkdir/%files.run | sort -k3 |uniq > $1 -} - - -pp_backend_kit_make_scp () { - scpdir="$pp_wrkdir/scps" - mkdir "$scpdir" && touch "$scpdir"/$pp_kit_subset.scp - cat <"$scpdir"/$pp_kit_subset.scp - - . /usr/share/lib/shell/libscp - - case "\$ACT" in - PRE_L) - STL_ScpInit - - - - ;; - POST_L) - STL_ScpInit - STL_LinkCreate -EOF - - cat $pp_wrkdir/%post.run >>"$scpdir"/$pp_kit_subset.scp - cat >>"$scpdir"/$pp_kit_subset.scp <>"$scpdir"/$pp_kit_subset.scp - cat >>"$scpdir"/$pp_kit_subset.scp </dev/null || - /usr/sbin/groupadd $1 -. - pp_mkuser) cat <<'.';; - eval user=\$$# - grep "^$user:" /etc/passwd >/dev/null || - /usr/sbin/useradd -s /usr/bin/false "$@" -. - pp_havelib) cat <<'.';; - for dir in `echo /usr/lib${3+:$3} | tr : ' '`; do - test -r "$dir/lib$1.${2-sl}" && return 0 - done - return 1 -. - *) pp_error "unknown function request: $1";; - esac -} - -pp_backend_kit_init_svc_vars () { - : -} - -pp_backend_kit_probe () { - echo tru64-`uname -r | sed 's/V\([0-9]*\)\.\([0-9]*\)/\1\2/'` -} - -pp_kit_service_group_script () { - typeset grp svcs scriptpath out - grp="$1" - svcs="$2" - scriptpath="/sbin/init.d/$grp" - out="$pp_destdir$scriptpath" - - pp_add_file_if_missing $scriptpath run 755 || return 0 - - cat <<-. > $out - #!/sbin/sh - # generated by pp $pp_version - svcs="$svcs" -. - -cat <<-'.' >> $out - #-- starts services in order.. stops them all if any break - pp_start () { - undo= - for svc in $svcs; do - /sbin/init.d/$svc start - case $? in - 0|4) - undo="$svc $undo" - ;; - *) - if test -n "$undo"; then - for svc in $undo; do - /sbin/init.d/$svc stop - done - return 1 - fi - ;; - esac - done - return 0 - } - - #-- stops services in reverse - pp_stop () { - reverse= - for svc in $svcs; do - reverse="$svc $reverse" - done - rc=0 - for svc in $reverse; do - /sbin/init.d/$svc stop || rc=$? - done - return $rc - } - - case "$1" in - start_msg) echo "Starting $svcs";; - stop_msg) echo "Stopping $svcs";; - start) pp_start;; - stop) pp_stop;; - *) echo "usage: $0 {start|stop|start_msg|stop_msg}" - exit 1;; - esac -. -} - -pp_kit_service_script () { - typeset svc scriptpath out - - svc="$1" - scriptpath="/sbin/init.d/$svc" - - pp_load_service_vars "$svc" - - test -n "$user" -a x"$user" != x"root" && - cmd="SHELL=/usr/bin/sh /usr/bin/su $user -c \"exec `echo $cmd | sed -e 's,[$\\\`],\\&,g'`\"" - if test -z "$pidfile"; then - pidfile="/var/run/$svc.pid" - cmd="$cmd & echo \$! > \$pidfile" - fi - - pp_add_file_if_missing $scriptpath run 755 - - cat <<-. > $pp_destdir$scriptpath - svc="$svc" - pidfile="$pidfile" - - pp_start () { - $cmd - } -. - cat <<-'.' >>$pp_destdir$scriptpath - pp_stop () { - if test ! -s "$pidfile"; then - echo "Unable to stop $svc (no pid file)" - return 1 - else - read pid < "$pidfile" - if kill -0 "$pid" 2>/dev/null; then - if kill -${stop_signal:-TERM} "$pid"; then - rm -f "$pidfile" - return 0 - else - echo "Unable to stop $svc" - return 1 - fi - else - rm -f "$pidfile" - return 0 - fi - fi - } - - pp_running () { - if test ! -s "$pidfile"; then - return 1 - else - read pid < "$pidfile" - kill -0 "$pid" 2>/dev/null - fi - } - case "$1" in - start_msg) echo "Starting the $svc service";; - stop_msg) echo "Stopping the $svc service";; - start) - if pp_running; then - echo "$svc already running"; - exit 0 - elif pp_start; then - echo "$svc started"; - # rc(1M) says we should exit 4, but nobody expects it! - exit 0 - else - exit 1 - fi - ;; - stop) - if pp_stop; then - echo "$svc stopped"; - exit 0 - else - exit 1 - fi - ;; - *) echo "usage: $0 {start|stop|start_msg|stop_msg}" - exit 1 - ;; - esac -. -} - -pp_kit_make_service () { - typeset level priority startlevels stoplevels - typeset svc svcvar - - svc="$1" - svcvar=`pp_makevar $svc` - - #-- don't do anything if the script exists - if test -s "$pp_destdir/sbin/init.d/$svc"; then - pp_error "$pp_destdir/sbin/init.d/$svc exists" - return - fi - - # symlink the script, depending on the priorities chosen - eval priority='${pp_kit_priority_'$svcvar'}' - test -z "$priority" && priority="${pp_kit_priority:-50}" - - eval startlevels='${pp_kit_startlevels_'$svcvar'}' - test -z "$startlevels" && startlevels="$pp_kit_startlevels" - - eval stoplevels='${pp_kit_stoplevels_'$svcvar'}' - test -z "$stoplevels" && stoplevels="$pp_kit_stoplevels" - - # create the script and config file - pp_kit_service_script $svc - - # fix the priority up - case "$priority" in - ???) :;; - ??) priority=0$priority;; - ?) priority=00$priority;; - esac - - if test x"$stoplevels" = x"auto"; then - stoplevels= - test -z "$startlevels" || for level in $startlevels; do - stoplevels="$stoplevels `expr $level - 1`" - done - fi - - # create the symlinks - test -z "$startlevels" || for level in $startlevels; do - echo " ln -s /sbin/init.d/$svc /sbin/rc$level.d/S$priority$svc" >>$pp_wrkdir/%post.run - echo " rm /sbin/rc$level.d/S$priority$svc" >>$pp_wrkdir/%preun.run - done - test -z "$stoplevels" || for level in $stoplevels; do - echo " ln -s /sbin/init.d/$svc /sbin/rc$level.d/K$priority$svc" >>$pp_wrkdir/%post.run - echo " rm -f /sbin/rc$level.d/K$priority$svc" >>$pp_wrkdir/%preun.run - done -} - - - - -pp_backend_kit_sizes () { - awk ' - BEGIN { root = usr = var = 0; } - { - if (substr($9, 1, 1) != "l") - if (substr($10, 1, 6) == "./var/") - var += $2; - else if (substr($10, 1, 10) == "./usr/var/") - var += $2 - else if (substr($10, 1, 6) == "./usr/") - usr += $2 - else - root += $2 - } - END { printf "%d\t%d\t%d", root, usr, var } - ' "$@" -} - -pp_kit_kits_global () { - line=`sed -n '/^%%/q;/^'$2'=/{s/^'$2'=//p;q;}' <"$1"` - test -z "$line" && return 1 - eval "echo $line" - : -} - -pp_backend_kit_kits () { - typeset KITFILE FROMDIR TODIR - typeset SCPDIR - - SCPDIR="$pp_wrkdir/scps" - - PATH="/usr/lbin:/usr/bin:/etc:/usr/ucb:$PATH"; export PATH # XXX - #umask 2 # XXX - - test $# -ge 3 || pp_die "pp_backend_kit_kits: too few arguments" - KITFILE="$1"; shift - FROMDIR="$1"; shift - TODIR="$1"; shift - - test -f "$KITFILE" || pp_die "$KITFILE not found" - test -d "$FROMDIR" || pp_die "$FROMDIR not found" - test -d "$TODIR" || pp_die "$TODIR not found" - - INSTCTRL="$TODIR/instctrl" - mkdir -p "$INSTCTRL" || pp_die "cannot create instctrl directory" - chmod 775 "$INSTCTRL" - - grep "%%" $KITFILE > /dev/null || pp_die "no %% in $KITFILE" - - typeset NAME CODE VERS MI ROOT COMPRESS - typeset S_LIST ALLSUBS - - NAME=`pp_kit_kits_global "$KITFILE" NAME` || pp_die "no NAME in $KITFILE" - CODE=`pp_kit_kits_global "$KITFILE" CODE` || pp_die "no CODE in $KITFILE" - VERS=`pp_kit_kits_global "$KITFILE" VERS` || pp_die "no VERS in $KITFILE" - MI=`pp_kit_kits_global "$KITFILE" MI` || pp_die "no MI in $KITFILE" - ROOT=`pp_kit_kits_global "$KITFILE" ROOT` - COMPRESS=`pp_kit_kits_global "$KITFILE" COMPRESS` - - test -f "$MI" || pp_die "Inventory file $MI not found" - - case "$ROOT" in - *ROOT) - test -f "$TODIR/$ROOT" || - pp_die "Root image $ROOT not found in $TODIR" ;; - esac - - ALLSUBS=`awk 'insub==1 {print $1} /^%%/ {insub=1}' <"$KITFILE"` - test $# -eq 0 && set -- $ALLSUBS - - pp_debug "Creating $# $NAME subsets." - pp_debug "ALLSUBS=<$ALLSUBS>" - - if test x"$COMPRESS" = x"1"; then - COMPRESS=: - else - COMPRESS=false - fi - - #rm -f *.ctrl Volume* - - for SUB - do - test -z "$SUB" && pp_die "SUB is empty" - - typeset INV CTRL ROOTSIZE USRSIZE VARSIZE TSSUB - #rm -f Volume* - case $SUB in - .*) :;; - *) pp_verbose rm -f "$TODIR/$SUB"* "$INSTCTRL/$SUB"*;; - esac - - TSSUB="$pp_wrkdir/ts.$SUB" - - pp_debug "kits: Subset $SUB" - - INV="$SUB.inv" - CTRL="$SUB.ctrl" - pp_debug "kits: Generating media creation information..." - - # Invcutter takes as input - # SUB dir/path - # and generates stl_inv(4) files, like this - # f 0 00000 0 0 100644 2/11/09 010 f dir/path none SUB - grep " $SUB\$" "$MI" | - pp_verbose /usr/lbin/invcutter \ - -v "$VERS" -f "$FROMDIR" > "$INSTCTRL/$INV" || - pp_die "failed to create $INSTCTRL/$INV" - chmod 664 "$INSTCTRL/$INV" - - pp_backend_kit_sizes "$INSTCTRL/$INV" > "$pp_wrkdir/kit.sizes" - read ROOTSIZE USRSIZE VARSIZE < "$pp_wrkdir/kit.sizes" - - # Prefix each line with $FROMDIR. This will be stripped - awk '$1 != "d" {print from $10}' from="$FROMDIR/" \ - > "$TSSUB" < "$INSTCTRL/$INV" || - pp_die "failed" - - NVOLS=0 - - pp_debug "kits: Creating $SUB control file..." - - sed '1,/^%%/d;/^'"$SUB"'/{p;q;}' < "$KITFILE" > "$pp_wrkdir/kit.line" - read _SUB _IGNOR DEPS FLAGS DESC < "$pp_wrkdir/kit.line" - if test -z "$_SUB"; then - pp_warn "No such subset $SUB in $KITFILE" - continue - fi - DEPS=`echo $DEPS | tr '|' ' '` - case $FLAGS in - FLGEXP*) pp_verbose FLAGS='"${'"$FLAGS"'}"' ;; - esac - case $DESC in - *%*) DESC=`echo $DESC|awk -F% '{printf "%-36s%%%s\n", $1, $2}'`;; - esac - - cat > "$INSTCTRL/$CTRL" <<-. - NAME='$NAME $SUB' - DESC=$DESC - ROOTSIZE=$ROOTSIZE - USRSIZE=$USRSIZE - VARSIZE=$VARSIZE - NVOLS=1:$NVOLS - MTLOC=1:$TLOC - DEPS="$DEPS" - FLAGS=$FLAGS -. - chmod 664 "$INSTCTRL/$CTRL" - - pp_debug "kits: Making tar image" - - pp_verbose tar cfPR "$TODIR/$SUB" "$FROMDIR/" "$TSSUB" || - pp_error "problem creating kit file" - - if $COMPRESS; then - pp_debug "kits: Compressing" - (cd "$TODIR" && compress -f -v "$SUB") || - pp_die "problem compressing $TODIR/$SUB" - SPC=`expr $SUB : '\(...\).*'` # first three characters - SVC=`expr $SUB : '.*\(...\)'` # last three characters - : > "$INSTCTRL/$SPC$SVC.comp" - chmod 664 "$INSTCTRL/$SPC$SVC.comp" - pp_debug "kits: Padding compressed file to 10kB" # wtf? - rm -f "$TODIR/$SUB" - pp_verbose \ - dd if="$TODIR/$SUB.Z" of="$TODIR/$SUB" bs=10k conv=sync || - pp_die "problem moving compressed file" - rm -f "$TODIR/$SUB.Z" - fi - chmod 664 "$TODIR/$SUB" - - if test -f "$SCPDIR/$SUB.scp"; then - cp "$SCPDIR/$SUB.scp" "$INSTCTRL/$SUB.scp" - chmod 755 "$INSTCTRL/$SUB.scp" - else - pp_debug "kits: null subset control program for $SUB" - : > "$INSTCTRL/$SUB.scp" - chmod 744 "$INSTCTRL/$SUB.scp" - fi - - pp_debug "kits: Finished creating media image for $SUB" - done - - pp_debug "kits: Creating $CODE.image" - - case "$ROOT" in - *ROOT) ALLSUBS="$ROOT $ALLSUBS" - ;; - esac - - (cd "$TODIR" && sum $ALLSUBS) > "$INSTCTRL/$CODE.image" - chmod 664 "$INSTTRL/$CODE.image" - pp_debug "kits: Creating INSTCTRL" - (cd "$INSTCTRL" && tar cpvf - *) > "$TODIR/INSTCTRL" - chmod 664 "$TODIR/INSTCTRL" - cp "$INSTCTRL/$CODE.image" "$TODIR/$CODE.image" - chmod 664 "$TODIR/$CODE.image" - - pp_debug "kits: Media image production complete" -} - -pp_platforms="$pp_platforms rpm" - -pp_backend_rpm_detect () { - test x"$1" = x"Linux" -a ! -f /etc/debian_version -} - -pp_backend_rpm_init () { - - pp_rpm_version= - pp_rpm_summary= - pp_rpm_description= - pp_rpm_group="Applications/Internet" - pp_rpm_license="Unspecified" - pp_rpm_vendor= - pp_rpm_url= - pp_rpm_packager= - pp_rpm_provides= - pp_rpm_requires= - pp_rpm_requires_pre= - pp_rpm_requires_post= - pp_rpm_requires_preun= - pp_rpm_requires_postun= - pp_rpm_release= - pp_rpm_epoch= - pp_rpm_dev_group="Development/Libraries" - pp_rpm_dbg_group="Development/Tools" - pp_rpm_doc_group="Documentation" - pp_rpm_dev_description= - pp_rpm_dbg_description= - pp_rpm_doc_description= - pp_rpm_dev_requires= - pp_rpm_dev_requires_pre= - pp_rpm_dev_requires_post= - pp_rpm_dev_requires_preun= - pp_rpm_dev_requires_postun= - pp_rpm_dbg_requires= - pp_rpm_dbg_requires_pre= - pp_rpm_dbg_requires_post= - pp_rpm_dbg_requires_preun= - pp_rpm_dbg_requires_postun= - pp_rpm_doc_requires= - pp_rpm_doc_requires_pre= - pp_rpm_doc_requires_post= - pp_rpm_doc_requires_preun= - pp_rpm_doc_requires_postun= - pp_rpm_dev_provides= - pp_rpm_dbg_provides= - pp_rpm_doc_provides= - - pp_rpm_autoprov= - pp_rpm_autoreq= - pp_rpm_autoreqprov= - - pp_rpm_dbg_pkgname=debug - pp_rpm_dev_pkgname=devel - pp_rpm_doc_pkgname=doc - - pp_rpm_defattr_uid=root - pp_rpm_defattr_gid=root - - pp_rpm_detect_arch - pp_rpm_detect_distro - pp_rpm_rpmbuild=`pp_rpm_detect_rpmbuild` - - # SLES8 doesn't always come with readlink - test -x /usr/bin/readlink -o -x /bin/readlink || - pp_readlink_fn=pp_ls_readlink -} - -pp_rpm_detect_arch () { - pp_rpm_arch=auto - - #-- Find the default native architecture that RPM is configured to use - cat <<-. >$pp_wrkdir/dummy.spec - Name: dummy - Version: 1 - Release: 1 - Summary: dummy - Group: ${pp_rpm_group} - License: ${pp_rpm_license} - %description - dummy -. - $pp_opt_debug && cat $pp_wrkdir/dummy.spec - pp_rpm_arch_local=`rpm -q --qf '%{arch}\n' --specfile $pp_wrkdir/dummy.spec` - rm $pp_wrkdir/dummy.spec - - #-- Ask the kernel what machine architecture is in use - local arch - for arch in "`uname -m`" "`uname -p`"; do - case "$arch" in - i?86) - pp_rpm_arch_std=i386 - break - ;; - x86_64|ppc|ppc64|ppc64le|ia64|s390|s390x) - pp_rpm_arch_std="$arch" - break - ;; - powerpc) - # Probably AIX - case "`/usr/sbin/lsattr -El proc0 -a type -F value`" in - PowerPC_POWER*) pp_rpm_arch_std=ppc64;; - *) pp_rpm_arch_std=ppc;; - esac - break - ;; - *) pp_rpm_arch_std=unknown - ;; - esac - done - - #-- Later on, when files are processed, we use 'file' to determine - # what platform ABIs are used. This is used when pp_rpm_arch == auto - pp_rpm_arch_seen= -} - -pp_rpm_detect_distro () { - pp_rpm_distro= - if test -f /etc/whitebox-release; then - pp_rpm_distro=`awk ' - /^White Box Enterprise Linux release/ { print "wbel" $6; exit; } - ' /etc/whitebox-release` - elif test -f /etc/mandrakelinux-release; then - pp_rpm_distro=`awk ' - /^Mandrakelinux release/ { print "mand" $3; exit; } - ' /etc/mandrake-release` - elif test -f /etc/mandrake-release; then - pp_rpm_distro=`awk ' - /^Linux Mandrake release/ { print "mand" $4; exit; } - /^Mandrake Linux release/ { print "mand" $4; exit; } - ' /etc/mandrake-release` - elif test -f /etc/fedora-release; then - pp_rpm_distro=`awk ' - /^Fedora Core release/ { print "fc" $4; exit; } - /^Fedora release/ { print "f" $3; exit; } - ' /etc/fedora-release` - elif test -f /etc/redhat-release; then - pp_rpm_distro=`awk ' - /^Red Hat Enterprise Linux/ { print "rhel" $7; exit; } - /^CentOS release/ { print "centos" $3; exit; } - /^CentOS Linux release/ { print "centos" $4; exit; } - /^Red Hat Linux release/ { print "rh" $5; exit; } - ' /etc/redhat-release` - elif test -f /etc/SuSE-release; then - pp_rpm_distro=`awk ' - /^SuSE Linux [0-9]/ { print "suse" $3; exit; } - /^SUSE LINUX [0-9]/ { print "suse" $3; exit; } - /^openSUSE [0-9]/ { print "suse" $2; exit; } - /^S[uU]SE Linux Enterprise Server [0-9]/ { print "sles" $5; exit; } - /^S[uU]SE LINUX Enterprise Server [0-9]/ { print "sles" $5; exit; } - /^SuSE SLES-[0-9]/ { print "sles" substr($2,6); exit; } - ' /etc/SuSE-release` - elif test -f /etc/os-release; then - pp_rpm_distro="`. /etc/os-release && echo \$ID\$VERSION`" - elif test -f /etc/pld-release; then - pp_rpm_distro=`awk ' - /^[^ ]* PLD Linux/ { print "pld" $1; exit; } - ' /etc/pld-release` - elif test X"`uname -s 2>/dev/null`" = X"AIX"; then - local r v - r=`uname -r` - v=`uname -v` - pp_rpm_distro="aix$v$r" - fi - pp_rpm_distro=`echo $pp_rpm_distro | tr -d .` - test -z "$pp_rpm_distro" && - pp_warn "unknown distro" -} - -pp_rpm_detect_rpmbuild () { - local cmd - for cmd in rpmbuild rpm; do - if `which $cmd > /dev/null 2>&1`; then - echo $cmd - return 0 - fi - done - - pp_error "Could not find rpmbuild" - # Default to `rpmbuild` in case it magically appears - echo rpmbuild - return 1 -} - -pp_rpm_label () { - local label arg - label="$1"; shift - for arg - do - test -z "$arg" || echo "$label: $arg" - done -} - -pp_rpm_writefiles () { - local _l t m o g f p st fo farch - while read t m o g f p st; do - _l="$p" - test $t = d && _l="%dir ${_l%/}/" - if test $t = s; then - # rpm warns if %attr contains a mode for symlinks - m=- - elif test x"$m" = x"-"; then - case "$t" in - d) m=755;; - f) m=644;; - esac - fi - test x"$o" = x"-" && o="${pp_rpm_defattr_uid:-root}" - test x"$g" = x"-" && g="${pp_rpm_defattr_gid:-root}" - _l="%attr($m,$o,$g) $_l" - - if test "$t" = "f" -a x"$pp_rpm_arch" = x"auto"; then - fo=`file "${pp_destdir}$p" 2>/dev/null` - #NB: The following should match executables and shared objects, - #relocatable objects. It will not match .a files however. - case "$fo" in - *": ELF 32-bit LSB "*", Intel 80386"*) - farch=i386;; - *": ELF 64-bit LSB "*", AMD x86-64"*|\ - *": ELF 64-bit LSB "*", x86-64"*) - farch=x86_64;; - *": ELF 32-bit MSB "*", PowerPC"*) - farch=ppc;; - *": ELF 64-bit LSB "*", 64-bit PowerPC"*) - farch=ppc64le;; - *": ELF 64-bit MSB "*", 64-bit PowerPC"*) - farch=ppc64;; - *": ELF 64-bit LSB "*", IA-64"*) - farch=ia64;; - *": ELF 32-bit MSB "*", IBM S/390"*) - farch=s390;; - *": ELF 64-bit MSB "*", IBM S/390"*) - farch=s390x;; - *"executable (RISC System/6000)"*) - farch=ppc;; - *"64-bit XCOFF executable"*) - farch=ppc64;; - *": ELF 64-bit LSB "*", ARM aarch64"*) - farch=aarch64;; - *" ELF "*) - farch=ELF;; - *) - farch=noarch;; - esac - # If file(1) doesn't provide enough info, try readelf(1) - if test "$farch" = "ELF"; then - fo=`readelf -h "${pp_destdir}$p" | awk '{if ($1 == "Class:") {class=$2} else if ($1 == "Machine:") {machine=$0; sub(/^ *Machine: */, "", machine)}} END {print class " " machine}' 2>/dev/null` - case "$fo" in - "ELF32 Intel 80386") - farch=i386;; - "ELF64 "*[xX]"86-64") - farch=x86_64;; - "ELF32 PowerPC") - farch=ppc;; - "ELF64 PowerPC"*) - farch=ppc64;; - "ELF64 IA-64") - farch=ia64;; - "ELF32 IBM S/390") - farch=s390;; - "ELF64 IBM S/390") - farch=s390x;; - "ELF64 AArch64") - farch=aarch64;; - *) - farch=noarch;; - esac - fi - pp_debug "file: $fo -> $farch" - test x"$farch" = x"noarch" || pp_add_to_list pp_rpm_arch_seen $farch - fi - - case $f in *v*) _l="%config(noreplace) $_l";; esac - echo "$_l" - done - echo -} - -pp_rpm_subname () { - case "$1" in - run) : ;; - dbg) echo "${2}${pp_rpm_dbg_pkgname}";; - dev) echo "${2}${pp_rpm_dev_pkgname}";; - doc) echo "${2}${pp_rpm_doc_pkgname}";; - *) pp_error "unknown component '$1'"; - esac -} - -pp_rpm_depend () { - local _name _vers - while read _name _vers; do - case "$_name" in ""| "#"*) continue ;; esac - echo "Requires: $_name ${_vers:+>= $_vers}" - done -} - -pp_rpm_conflict () { - local _name _vers - while read _name _vers; do - case "$_name" in ""| "#"*) continue ;; esac - echo "Conflicts: $_name ${_vers:+>= $_vers}" - done -} - -pp_rpm_override_requires () { - local orig_find_requires - - if test -z "$pp_rpm_depend_filter_cmd"; then - return 0 - fi - - orig_find_requires=`rpm --eval '%{__find_requires}'` - cat << EOF > "$pp_wrkdir/filtered-find-requires" -$orig_find_requires \$@ | $pp_rpm_depend_filter_cmd -EOF - chmod +x "$pp_wrkdir/filtered-find-requires" - echo "%define __find_requires $pp_wrkdir/filtered-find-requires" - # Might be necessary for old versions of RPM? Not for 4.4.2. - #echo "%define _use_internal_dependency_generator 0" -} - -pp_backend_rpm () { - local cmp specfile _summary _group _desc _pkg _subname svc _script - - specfile=$pp_wrkdir/$name.spec - : > $specfile - - #-- force existence of a 'run' component - pp_add_component run - : >> $pp_wrkdir/%files.run - - if test -z "$pp_rpm_arch"; then - pp_error "Unknown RPM architecture" - return 1 - fi - - #-- Write the header components of the RPM spec file - cat <<-. >>$specfile - Name: ${pp_rpm_name:-$name} - Version: ${pp_rpm_version:-$version} - Release: ${pp_rpm_release:-1} - Summary: ${pp_rpm_summary:-$summary} - Group: ${pp_rpm_group} - License: ${pp_rpm_license} -. - pp_rpm_label "URL" "$pp_rpm_url" >>$specfile - pp_rpm_label "Vendor" "${pp_rpm_vendor:-$vendor}" >>$specfile - pp_rpm_label "Packager" "$pp_rpm_packager" >>$specfile - pp_rpm_label "Provides" "$pp_rpm_provides" >>$specfile - pp_rpm_label "Requires(pre)" "$pp_rpm_requires_pre" >>$specfile - pp_rpm_label "Requires(post)" "$pp_rpm_requires_post" >>$specfile - pp_rpm_label "Requires(preun)" "$pp_rpm_requires_preun" >>$specfile - pp_rpm_label "Requires(postun)" "$pp_rpm_requires_postun" >>$specfile - pp_rpm_label "AutoProv" "$pp_rpm_autoprov" >>$specfile - pp_rpm_label "AutoReq" "$pp_rpm_autoreq" >>$specfile - pp_rpm_label "AutoReqProv" "$pp_rpm_autoreqprov" >>$specfile - - test -n "$pp_rpm_serial" && pp_warn "pp_rpm_serial deprecated" - if test -n "$pp_rpm_epoch"; then - #-- Epoch was introduced in RPM 2.5.6 - case `$pp_rpm_rpmbuild --version 2>/dev/null` in - 1.*|2.[0-5].*|2.5.[0-5]) - pp_rpm_label "Serial" $pp_rpm_epoch >>$specfile;; - *) - pp_rpm_label "Epoch" $pp_rpm_epoch >>$specfile;; - esac - fi - - if test -n "$pp_rpm_requires"; then - pp_rpm_label "Requires" "$pp_rpm_requires" >>$specfile - elif test -s $pp_wrkdir/%depend.run; then - pp_rpm_depend < $pp_wrkdir/%depend.run >> $specfile - fi - if test -s $pp_wrkdir/%conflict.run; then - pp_rpm_conflict < $pp_wrkdir/%conflict.run >> $specfile - fi - - pp_rpm_override_requires >> $specfile - - cat <<-. >>$specfile - - %description - ${pp_rpm_description:-$description} -. - - for cmp in $pp_components; do - case $cmp in - run) continue;; - dev) _summary="development tools for $pp_rpm_summary" - _group="$pp_rpm_dev_group" - _desc="${pp_rpm_dev_description:-Development libraries for $name. $pp_rpm_description.}" - ;; - doc) _summary="documentation for $pp_rpm_summary" - _group="$pp_rpm_doc_group" - _desc="${pp_rpm_doc_description:-Documentation for $name. $pp_rpm_description.}" - ;; - dbg) _summary="diagnostic tools for $pp_rpm_summary" - _group="$pp_rpm_dbg_group" - _desc="${pp_rpm_dbg_description:-Diagnostic tools for $name.}" - ;; - esac - - _subname=`pp_rpm_subname $cmp` - cat <<-. - - %package $_subname - Summary: $name $_summary - Group: $_group -. - for _script in pre post preun postun; do - eval '_pkg="$pp_rpm_'$cmp'_requires_'$_script'"' - if test -n "$_pkg"; then - eval pp_rpm_label "Requires($_script)" $_pkg - fi - done - eval '_pkg="$pp_rpm_'$cmp'_requires"' - if test -n "$_pkg"; then - eval pp_rpm_label Requires ${pp_rpm_name:-$name} $_pkg - elif test -s $pp_wrkdir/%depend.$cmp; then - pp_rpm_depend < $pp_wrkdir/%depend.$cmp >> $specfile - fi - if test -s $pp_wrkdir/%conflict.$cmp; then - pp_rpm_conflict < $pp_wrkdir/%conflict.$cmp >> $specfile - fi - - eval '_pkg="$pp_rpm_'$cmp'_provides"' - eval pp_rpm_label Provides $_pkg - - cat <<-. - - %description $_subname - $_desc -. - done >>$specfile - - #-- NB: we don't put any %prep, %build or %install RPM sections - # into the spec file. - - #-- add service start/stop code - if test -n "$pp_services"; then - pp_rpm_service_install_common >> $pp_wrkdir/%post.run - - #-- record the uninstall commands in reverse order - for svc in $pp_services; do - pp_load_service_vars $svc - - pp_rpm_service_make_init_script $svc - - #-- append %post code to install the svc - pp_rpm_service_install $svc >> $pp_wrkdir/%post.run - - #-- prepend %preun code to uninstall svc - # (use files in case vars are modified) - pp_rpm_service_remove $svc | pp_prepend $pp_wrkdir/%preun.run - done - pp_rpm_service_remove_common | pp_prepend $pp_wrkdir/%preun.run - fi - - # make convenience service groups - if test -n "$pp_service_groups"; then - for grp in $pp_service_groups; do - pp_rpm_service_group_make_init_script \ - $grp "`pp_service_get_svc_group $grp`" - done - fi - - #-- Write the RPM %file sections - # (do this after services, since services adds to %files.run) - for cmp in $pp_components; do - _subname=`pp_rpm_subname $cmp` - - if test -s $pp_wrkdir/%check.$cmp; then - echo "" - echo "%pre $_subname" - cat $pp_wrkdir/%check.$cmp - echo : # causes script to exit true by default - fi - - if test -s $pp_wrkdir/%files.$cmp; then - echo "" - echo "%files $_subname" - pp_rpm_writefiles < $pp_wrkdir/%files.$cmp - fi - - if test -n "$pp_rpm_ghost"; then - for ghost in $pp_rpm_ghost; do - echo "%ghost $ghost" - done - fi - - if test -s $pp_wrkdir/%pre.$cmp; then - echo "" - echo "%pre $_subname" - cat $pp_wrkdir/%pre.$cmp - echo : # causes script to exit true - fi - - if test -s $pp_wrkdir/%post.$cmp; then - echo "" - echo "%post $_subname" - cat $pp_wrkdir/%post.$cmp - echo : # causes script to exit true - fi - - if test -s $pp_wrkdir/%preun.$cmp; then - echo "" - echo "%preun $_subname" - cat $pp_wrkdir/%preun.$cmp - echo : # causes script to exit true - fi - - if test -s $pp_wrkdir/%postun.$cmp; then - echo "" - echo "%postun $_subname" - cat $pp_wrkdir/%postun.$cmp - echo : # causes script to exit true - fi - done >>$specfile - - #-- create a suitable work area for rpmbuild - cat <<-. >$pp_wrkdir/.rpmmacros - %_topdir $pp_wrkdir - # XXX Note escaped %% for use in headerSprintf - %_rpmfilename %%{ARCH}/%%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm - . - mkdir $pp_wrkdir/RPMS - mkdir $pp_wrkdir/BUILD - - if test x"$pp_rpm_arch" = x"auto"; then - #-- Reduce the arch_seen list to exactly one item - case "$pp_rpm_arch_seen" in - "i386 x86_64"|"x86_64 i386") - pp_rpm_arch_seen=x86_64;; - *"s390 s390x"* | *"s390x s390"* ) - pp_rpm_arch_seen=s390x;; - *"aarch64"* ) - pp_rpm_arch_seen=aarch64;; - *" "*) - pp_error "detected multiple targets: $pp_rpm_arch_seen" - pp_rpm_arch_seen=unknown;; # not detected - "") - pp_warn "detected no binaries: using target noarch" - pp_rpm_arch_seen=noarch;; - *) - pp_debug "detected architecture $pp_rpm_arch_seen" - esac - pp_rpm_arch="$pp_rpm_arch_seen" - fi - - . $pp_wrkdir/%fixup - -$pp_opt_debug && cat $specfile - - pp_debug "creating: `pp_backend_rpm_names`" - -pp_debug "pp_rpm_arch_seen = <${pp_rpm_arch_seen}>" -pp_debug "pp_rpm_arch = <${pp_rpm_arch}>" - - HOME=$pp_wrkdir \ - pp_verbose \ - $pp_rpm_rpmbuild -bb \ - --buildroot="$pp_destdir/" \ - --target="${pp_rpm_arch}" \ - --define='_unpackaged_files_terminate_build 0' \ - --define='_use_internal_dependency_generator 0' \ - `$pp_opt_debug && echo --verbose || echo --quiet` \ - $pp_rpm_rpmbuild_extra_flags \ - $specfile || - pp_error "Problem creating RPM packages" - - for f in `pp_backend_rpm_names`; do - # The package might be in an arch-specific subdir - pkgfile=not-found - for dir in $pp_wrkdir/RPMS/${pp_rpm_arch} $pp_wrkdir/RPMS; do - if test -f $dir/$f; then - pkgfile=$dir/$f - fi - done - if test x"$pkgfile" = x"not-found"; then - pp_error "Problem predicting RPM filename: $f" - else - ln $pkgfile $pp_wrkdir/$f - fi - done -} - -pp_rpm_output_name () { - echo "${pp_rpm_name:-$name}`pp_rpm_subname "$1" -`-${pp_rpm_version:-$version}-${pp_rpm_release:-1}.${pp_rpm_arch}.rpm" -} - -pp_backend_rpm_names () { - local cmp _subname - for cmp in $pp_components; do - pp_rpm_output_name $cmp - done -} - -pp_backend_rpm_cleanup () { - : -} - -pp_rpm_print_requires () { - local _subname _name - - echo "CPU:$pp_rpm_arch" - ## XXX should be lines of the form (from file/ldd/objdump) - # EXEC:/bin/sh - # RTLD:libc.so.4:open - rpm -q --requires -p $pp_wrkdir/`pp_rpm_output_name $1` |sed -e '/^rpmlib(/d;s/ //g;s/^/RPM:/' | sort -u -} - -pp_backend_rpm_install_script () { - local cmp _subname - - echo "#!/bin/sh" - pp_install_script_common - - cat <<. - - cmp_to_pkgname () { - local oi name - if test x"\$1" = x"--only-installed"; then - #-- only print if installation detected - oi=false - shift - else - oi=true - fi - test x"\$*" = x"all" && - set -- $pp_components - for cmp - do - case \$cmp in -. - for cmp in $pp_components; do - _subname=`pp_rpm_subname $cmp -` - echo "$cmp) name=${pp_rpm_name:-$name}${_subname};;" - done - cat <<. - *) usage;; - esac - if \$oi || rpm -q "\$name" >/dev/null 2>/dev/null; then - echo "\$name" - fi - done - } - - - cmp_to_pathname () { - test x"\$*" = x"all" && - set -- $pp_components - for cmp - do - case \$cmp in -. - for cmp in $pp_components; do - echo "$cmp) echo \${PP_PKGDESTDIR:-.}/`pp_rpm_output_name $cmp` ;;" - done - cat <<. - *) usage;; - esac - done - } - - print_requires () { - test x"\$*" = x"all" && - set -- $pp_components - for cmp - do - case \$cmp in -. - for cmp in $pp_components; do - echo "$cmp) cat <<'._end'" - pp_rpm_print_requires $cmp - echo "._end"; echo ';;' - done - cat <<. - *) usage;; - esac - done - } - - test \$# -eq 0 && usage - op="\$1"; shift - case "\$op" in - list-components) - test \$# -eq 0 || usage \$op - echo $pp_components - ;; - list-services) - test \$# -eq 0 || usage \$op - echo $pp_services - ;; - list-files) - test \$# -ge 1 || usage \$op - cmp_to_pathname "\$@" - ;; - install) - test \$# -ge 1 || usage \$op - verbose rpm -U --replacepkgs --oldpackage \ - \`cmp_to_pathname "\$@"\` - ;; - uninstall) - test \$# -ge 1 || usage \$op - pkgs=\`cmp_to_pkgname --only-installed "\$@"\` - if test -z "\$pkgs"; then - verbosemsg "nothing to uninstall" - else - verbose rpm -e \$pkgs - fi - ;; - start|stop) - test \$# -ge 1 || usage \$op - ec=0 - for svc - do - verbose /etc/init.d/\$svc \$op || ec=1 - done - exit \$ec - ;; - print-platform) - test \$# -eq 0 || usage \$op - echo "linux-${pp_rpm_arch}" - ;; - print-requires) - test \$# -ge 1 || usage \$op - print_requires "\$@" - ;; - *) - usage - ;; - esac -. - -} - -pp_backend_rpm_probe () { - echo "${pp_rpm_distro}-${pp_rpm_arch_std}" -} - -pp_backend_rpm_vas_platforms () { - case "$pp_rpm_arch_std" in - x86_64) echo "linux-x86_64.rpm linux-x86.rpm";; - *86) echo "linux-x86.rpm";; - s390) echo "linux-s390";; - s390x) echo "linux-s390x";; - ppc*) echo "linux-glibc23-ppc64 linux-glibc22-ppc64";; - ia64) echo "linux-ia64";; - *) pp_die "unknown architecture $pp_rpm_arch_std";; - esac -} - -pp_rpm_service_install_common () { - cat <<-'.' - - _pp_install_service () { - local svc level - svc="$1" - if [ -x /usr/lib/lsb/install_initd -a ! -r /etc/redhat-release ] - then - # LSB-style install - /usr/lib/lsb/install_initd /etc/init.d/$svc &> /dev/null - elif [ -x /sbin/chkconfig ]; then - # Red Hat/chkconfig-style install - /sbin/chkconfig --add $svc &> /dev/null - /sbin/chkconfig $svc off &> /dev/null - else - : # manual links under /etc/init.d - fi - } - - _pp_enable_service () { - local svc level - svc="$1" - if [ -x /usr/lib/lsb/install_initd -a ! -r /etc/redhat-release ] - then - # LSB-style install - : # not sure how to enable - elif [ -x /sbin/chkconfig ]; then - # Red Hat/chkconfig-style install - /sbin/chkconfig $svc on &> /dev/null - else - # manual install - set -- `sed -n -e 's/^# Default-Start://p' /etc/init.d/$svc` - start_priority=`sed -n -e 's/^# X-Quest-Start-Priority:[[:space:]]*//p' /etc/init.d/$svc` - stop_priority=`sed -n -e 's/^# X-Quest-Stop-Priority:[[:space:]]*//p' /etc/init.d/$svc` - - # Provide default start & stop priorities of 20 & 80 in - # accordance with Debian update-rc.d defaults - if [ -z "$start_priority" ]; then - start_priority=20 - fi - if [ -z "$stop_priority" ]; then - stop_priority=80 - fi - - if [ -d "/etc/rc.d" ];then - rcdir=/etc/rc.d - else - rcdir=/etc - fi - - for level - do ln -sf /etc/init.d/$svc $rcdir/rc$level.d/S$start_priority$svc; done - set -- `sed -n -e 's/^# Default-Stop://p' /etc/init.d/$svc` - for level - do ln -sf /etc/init.d/$svc $rcdir/rc$level.d/K$stop_priority$svc; done - fi - } -. -} - -pp_rpm_service_remove_common () { - cat <<-'.' - - _pp_remove_service () { - local svc - svc="$1" - /etc/init.d/$svc stop >/dev/null 2>&1 - if [ -x /usr/lib/lsb/remove_initd -a ! -r /etc/redhat-release ] - then - /usr/lib/lsb/remove_initd /etc/init.d/$svc &> /dev/null - elif [ -x /sbin/chkconfig ]; then - /sbin/chkconfig --del $svc &> /dev/null - else - if [ -d "/etc/rc.d" ];then - rcdir=/etc/rc.d - else - rcdir=/etc - fi - - rm -f $rcdir/rc?.d/[SK]??$svc - fi - } -. -} - - -pp_rpm_service_install () { - pp_rpm_service_make_init_script $1 >/dev/null || - pp_error "could not create init script for service $1" - echo "_pp_install_service $1" - test $enable = yes && echo "_pp_enable_service $1" -} - -pp_rpm_service_remove () { - cat <<-. - if [ "\$1" = "remove" -o "\$1" = "0" ]; then - # only remove the service if not upgrade - _pp_remove_service $1 - fi -. -} - - -pp_backend_rpm_init_svc_vars () { - - reload_signal= - start_runlevels=${pp_rpm_default_start_runlevels-"2 3 4 5"} # == lsb default-start - stop_runlevels=${pp_rpm_default_stop_runlevels-"0 1 6"} # == lsb default-stop - svc_description="${pp_rpm_default_svc_description}" # == lsb short descr - svc_process= - - lsb_required_start='$local_fs $network' - lsb_should_start= - lsb_required_stop= - lsb_description= - - start_priority=50 - stop_priority=50 #-- stop_priority = 100 - start_priority -} - -pp_rpm_service_group_make_init_script () { - local grp=$1 - local svcs="$2" - local script=/etc/init.d/$grp - local out=$pp_destdir$script - - pp_add_file_if_missing $script run 755 || return 0 - - cat <<-. >>$out - #!/bin/sh - svcs="$svcs" -. - - cat <<-'.' >>$out - - #-- prints usage message - pp_usage () { - echo "usage: $0 {start|stop|status|restart|reload|condrestart|try-restart|force-reload}" >&2 - return 2 - } - - #-- starts services in order.. stops them all if any break - pp_start () { - undo= - for svc in $svcs; do - if /etc/init.d/$svc start; then - undo="$svc $undo" - else - if test -n "$undo"; then - for svc in $undo; do - /etc/init.d/$svc stop - done - return 1 - fi - fi - done - return 0 - } - - #-- stops services in reverse - pp_stop () { - reverse= - for svc in $svcs; do - reverse="$svc $reverse" - done - rc=0 - for svc in $reverse; do - /etc/init.d/$svc stop || rc=$? - done - return $rc - } - - #-- returns true only if all services return true status - pp_status () { - rc=0 - for svc in $svcs; do - /etc/init.d/$svc status || rc=$? - done - return $rc - } - - pp_reload () { - rc=0 - for svc in $svcs; do - /etc/init.d/$svc reload || rc=$? - done - return $rc - } - - case "$1" in - start) pp_start;; - stop) pp_stop;; - restart) pp_stop; pp_start;; - status) pp_status;; - try-restart|condrestart) - if pp_status >/dev/null; then - pp_restart - fi;; - reload) pp_reload;; - force-reload) if pp_status >/dev/null; then - pp_reload - else - pp_restart - fi;; - *) pp_usage;; - esac -. - chmod 755 $out -} - -pp_rpm_service_make_init_script () { - local svc=$1 - local script=/etc/init.d/$svc - local out=$pp_destdir$script - local _process _cmd _rpmlevels - - pp_add_file_if_missing $script run 755 || return 0 - - #-- start out as an empty shell script - cat <<-'.' >$out - #!/bin/sh -. - - #-- determine the process name from $cmd unless $svc_process is given - set -- $cmd - _process=${svc_process:-"$1"} - - #-- construct a start command that builds a pid file if needed - _cmd="$cmd"; - if test -z "$pidfile"; then - pidfile=/var/run/$svc.pid - _cmd="$cmd & echo \$! > \$pidfile" - fi - if test "$user" != "root"; then - _cmd="su $user -c exec $_cmd"; - fi - - #-- generate the Red Hat chkconfig headers - _rpmlevels=`echo $start_runlevels | tr -d ' '` - cat <<-. >>$out - # chkconfig: ${_rpmlevels:--} ${start_priority:-50} ${stop_priority:-50} - # description: ${svc_description:-no description} - # processname: ${_process} - # pidfile: ${pidfile} -. - - #-- generate the LSB init info - cat <<-. >>$out - ### BEGIN INIT INFO - # Provides: ${svc} - # Required-Start: ${lsb_required_start} - # Should-Start: ${lsb_should_start} - # Required-Stop: ${lsb_required_stop} - # Default-Start: ${start_runlevels} - # Default-Stop: ${stop_runlevels} - # Short-Description: ${svc_description} - ### END INIT INFO - # Generated by PolyPackage ${pp_version} - # ${copyright} - - prog="`echo $cmd | sed -e 's: .*::' -e 's:^.*/::'`" - -. - - if test x"${svc_description}" = x"${pp_rpm_default_svc_description}"; then - svc_description= - fi - - #-- write service-specific definitions - cat <<. >>$out - #-- definitions specific to service ${svc} - svc_name="${svc_description:-$svc service}" - user="${user}" - pidfile="${pidfile}" - stop_signal="${stop_signal}" - reload_signal="${reload_signal}" - pp_exec_cmd () { $_cmd; } -. - - #-- write the generic part of the init script - cat <<'.' >>$out - - #-- use system message logging, if available - if [ -f /lib/lsb/init-functions -a ! -r /etc/redhat-release ]; then - . /lib/lsb/init-functions - pp_success_msg () { log_success_msg "$@"; } - pp_failure_msg () { log_failure_msg "$@"; } - pp_warning_msg () { log_warning_msg "$@"; } - elif [ -f /etc/init.d/functions ]; then - . /etc/init.d/functions - pp_success_msg () { echo -n "$*"; success "$@"; echo; } - pp_failure_msg () { echo -n "$*"; failure "$@"; echo; } - pp_warning_msg () { echo -n "$*"; warning "$@"; echo; } - else - pp_success_msg () { echo ${1:+"$*:"} OK; } - pp_failure_msg () { echo ${1:+"$*:"} FAIL; } - pp_warning_msg () { echo ${1:+"$*:"} WARNING; } - fi - - #-- prints a status message - pp_msg () { echo -n "$*: "; } - - #-- prints usage message - pp_usage () { - echo "usage: $0 {start|stop|status|restart|reload|condrestart|try-restart|force-reload}" >&2 - return 2 - } - - #-- reloads the service, if possible - # returns 0=success 1=failure 3=unimplemented - pp_reload () { - test -n "$reload_signal" || return 3 # unimplemented - pp_msg "Reloading ${svc_name}" - if pp_signal -${reload_signal}; then - pp_success_msg - return 0 - else - pp_failure_msg "not running" - return 1 - fi - } - - #-- delivers signal $1 to the pidfile - # returns 0=success 1=failure - pp_signal () { - if test -s "$pidfile"; then - read pid < "$pidfile" 2>/dev/null - kill "$@" "$pid" 2>/dev/null - else - return 1 - fi - } - - #-- verifies that ${svc_name} is running - # returns 0=success 1=failure - pp_running () { - if test -s "$pidfile"; then - read pid < "$pidfile" 2>/dev/null - if test ${pid:-0} -gt 1 && kill -0 "$pid" 2>/dev/null; then - # make sure name matches - pid="`ps -p $pid 2>/dev/null | sed -n \"s/^ *\($pid\) .*$prog *$/\1/p\"`" - if test -n "$pid"; then - return 0 - fi - fi - fi - return 1 - } - - #-- prints information about the service status - # returns 0=running 1=crashed 3=stopped - pp_status () { - pp_msg "Checking for ${svc_name}" - if pp_running; then - pp_success_msg "running" - return 0 - elif test -s "$pidfile"; then - pp_failure_msg "not running (crashed)" - return 1 - else - pp_failure_msg "not running" - return 3 - fi - } - - #-- starts the service - # returns 0=success 1=failure - pp_start () { - pp_msg "Starting ${svc_name}" - if pp_status >/dev/null; then - pp_warning_msg "already started" - return 0 - elif pp_exec_cmd; then - pp_success_msg - return 0 - else - pp_failure_msg "cannot start" - return 1 - fi - } - - #-- stops the service - # returns 0=success (always) - pp_stop () { - pp_msg "Stopping ${svc_name}" - if pp_signal -${stop_signal}; then - pp_success_msg - else - pp_success_msg "already stopped" - fi - rm -f "$pidfile" - return 0 - } - - #-- stops and starts the service - pp_restart () { - pp_stop - pp_start - } - - case "$1" in - start) pp_start;; - stop) pp_stop;; - restart) pp_restart;; - status) pp_status;; - try-restart|condrestart) - if pp_status >/dev/null; then - pp_restart - fi;; - reload) pp_reload;; - force-reload) if pp_status >/dev/null; then - pp_reload - else - pp_restart - fi;; - *) pp_usage;; - esac - -. - chmod 755 $out -} -pp_backend_rpm_function () { - case "$1" in - pp_mkgroup) cat<<'.';; - /usr/sbin/groupadd -f -r "$1" -. - pp_mkuser:depends) echo pp_mkgroup;; - pp_mkuser) cat<<'.';; - pp_mkgroup "${2:-$1}" || return 1 - /usr/sbin/useradd \ - -g "${2:-$1}" \ - -M -d "${3:-/nonexistent}" \ - -s "${4:-/bin/false}" \ - -r "$1" -. - pp_havelib) cat<<'.';; - for pp_tmp_dir in `echo "/usr/lib:/lib${3:+:$3}" | tr : ' '`; do - test -r "$pp_tmp_dir/lib$1.so{$2:+.$2}" && return 0 - done - return 1 -. - *) false;; - esac -} - -: NOTES <<. - - # creating a dmg file for publishing on the web - hdiutil create -srcfolder /path/foo foo.dmg - hdiutil internet-enable -yes /path/foo.dmg - # Layout for packages - -/component/ - -/extras/postinstall - -/extras/postupgrade - # /Developer/usr/bin/packagemaker (man packagemaker) - - Make a bunch of packages, and then build a 'distribution' - which is only understood by macos>10.4 - - # Message files in the resource path used are - Welcome.{rtf,html,rtfd,txt} - limited text shown in Intro - ReadMe.{rtf,html,rtfd,txt} - scrollable/printable, after Intro - License.{rtf,html,rtfd,txt} - ditto, user must click 'Accept' - background.{jpg,tif,gif,pict,eps,pdf} 620x418 background image - - # These scripts looked for in the resource path - InstallationCheck $pkgpath $defaultloc $targetvol - 0:ok 32:warn 32+x:warn[1] 64:stop 96+x:stop[2] - VolumeCheck $volpath - 0:ok 32:failure 32+x:failure[3] - preflight $pkgpath $targetloc $targetvol [priv] - preinstall $pkgpath $targetloc $targetvol [priv] - preupgrade $pkgpath $targetloc $targetvol [priv] - postinstall $pkgpath $targetloc $targetvol [priv] - postupgrade $pkgpath $targetloc $targetvol [priv] - postflight $pkgpath $targetloc $targetvol [priv] - 0:ok else fail (for all scripts) - - A detailed reason is deduced by finding an index x (16..31) - in the file InstallationCheck.strings or VolumeCheck.strings. - - Scripts marked [priv] are executed with root privileges. - None of the [priv] scripts are used by metapackages. - - # Default permissions - Permissions of existing directories should match those - of a clean install of the OS; typically root:admin 0775 - New directories or files should be 0775 or 0664 with the - appropriate user:group. - Exceptions: - /etc root:admin 0755 - /var root:admin 0755 - - - Info.plist = { - CFBundleGetInfoString: "1.2.3, One Identity LLC.", - CFBundleIdentifier: "com.quest.rc.openssh", - CFBundleShortVersionString: "1.2.3", - IFMajorVersion: 1, - IFMinorVersion: 2, - IFPkgFlagAllowBackRev: false, - IFPkgFlagAuthorizationAction: "AdminAuthorization", - IFPkgFlagDefaultLocation: "/", - IFPkgFlagFollowLinks: true, - IFPkgFlagInstallFat: false, - IFPkgFlagInstalledSize: , # this is added by packagemaker - IFPkgFlagIsRequired: false, - IFPkgFlagOverwritePermissions: false, - IFPkgFlagRelocatable: false, - IFPkgFlagRestartAction: "NoRestart", - IFPkgFlagRootVolumeOnly: false, - IFPkgFlagUpdateInstalledLanguages: false, - IFPkgFormatVersion= 0.10000000149011612, - IFRequirementDicts: [ { - Level = "requires", - SpecArgument = "/opt/quest/lib/libvas.4.2.0.dylib", - SpecType = "file", - TestObject = true, - TestOperator = "eq", } ] - } - - Description.plist = { - IFPkgDescriptionDescription = "this is the description text", - IFPkgDescriptionTitle = "quest-openssh" - } - - # Startup scripts - 'launchd' is a kind of combined inetd and rc/init.d system. - - Create a /Library/LaunchDaemons/$daemonname.plist file - Examples found in /System/Library/LaunchDaemons/ - See manual page launchd.plist(5) for details: - - { Label: "com.quest.rc.foo", # required - Program: "/sbin/program", - ProgramArguments: [ "/sbin/program", "arg1", "arg2" ], # required - RunAtLoad: true, - WatchPaths: [ "/etc/crontab" ], - QueueDirectories: [ "/var/cron/tabs" ], - inetdCompatibility: { Wait: false }, # inetd-only - OnDemand: false, # recommended - SessionCreate: true, - UserName: "nobody", - InitGroups: true, - Sockets: { # inetd only - Listeners: { - SockServiceName: "ssh", - Bonjour: ["ssh", "sftp-ssh"], } }, - Disabled: false, - StandardErrorPath: "/dev/null", - } - - - How to add a new user - dscl . -create /Users/$user - dscl . -create /Users/$user UserShell /bin/bash - dscl . -create /Users/$user RealName "$user" - dscl . -create /Users/$user UniqueID $uid - dscl . -create /Users/$user PrimaryGroupID $gid - dscl . -create /Users/$user NFSHomeDirectory /Users/$user - dscl . -passwd /Users/$user "$passwd" - mkdir /Users/$user - chown $uid.$gid /Users/$user - -. - - -pp_platforms="$pp_platforms macos" - -pp_backend_macos_detect () { - [ x"$1" = x"Darwin" ] -} - -pp_backend_macos_init () { - pp_macos_default_bundle_id_prefix="com.quest.rc." - pp_macos_bundle_id= - pp_macos_bundle_vendor= - pp_macos_bundle_version= - pp_macos_bundle_info_string= - pp_macos_pkg_type=bundle - pp_macos_pkg_license= - pp_macos_pkg_readme= - pp_macos_pkg_welcome= - pp_macos_sudo=sudo - pp_macos_installer_plugin= - # OS X puts the library version *before* the .dylib extension - pp_shlib_suffix='*.dylib' -} - -pp_macos_plist () { - typeset in - in="" - while test $# -gt 0; do - case "$1" in - - start-plist) cat <<-.; in=" "; shift ;; - - - -. - end-plist) echo ""; in=; shift;; - - '[') echo "$in"; in="$in "; shift;; - ']') echo "$in"; in="${in# }"; shift;; - '{') echo ""; in="$in "; shift;; - '}') echo ""; in="${in# }"; shift;; - key) shift; echo "$in$1"; shift;; - string) shift; - echo "$1" | sed -e 's/&/&/g;s//\>/g;' \ - -e 's/^/'"$in"'/;s/$/<\/string>/'; - shift;; - true) echo "$in"; shift;; - false) echo "$in"; shift;; - real) shift; echo "$in$1"; shift;; - integer) shift; echo "$in$1"; shift;; - date) shift; echo "$in$1"; shift;; # ISO 8601 format - data) shift; echo "$in$1"; shift;; # base64 encoded - *) pp_error "pp_macos_plist: bad argument '$1'"; shift;; - esac - done -} - -pp_macos_rewrite_cpio () { - typeset script - script=$pp_wrkdir/cpio-rewrite.pl - cat <<-'.' >$script - #!/usr/bin/perl - # - # Filter a cpio file, applying the user/group/mode specified in %files - # - # A CPIO header block has octal fields at the following offset/lengths: - # 0 6 magic - # 6 6 dev - # 12 6 ino - # 18 6 mode - # 24 6 uid - # 30 6 gid - # 36 6 nlink - # 42 6 rdev - # 48 11 mtime - # 59 6 namesize (including NUL terminator) - # 65 11 filesize - # 76 -- - # - use strict; - use warnings; - no strict 'subs'; - - # set %uid, %gid, %mode based on %files - my (%uid, %gid, %mode, %users, %groups); - my %type_map = ( d => 0040000, f => 0100000, s => 0120000 ); - while () { - my ($type,$mode,$uid,$gid,$flags,$name) = - m/^(.) (\S+) (\S+) (\S+) (\S+) (\S+)/; - $mode = $type eq "f" ? "0644" : "0755" if $mode eq "-"; - $uid = 0 if $uid eq "-"; - $gid = 0 if $gid eq "-"; - if ($uid ne "=" and $uid =~ m/\D/) { - unless (exists $users{$uid}) { - my @pw = getpwnam($uid) or die "bad username '$uid'"; - $users{$uid} = $pw[2]; - } - $uid = $users{$uid}; - } - if ($gid ne "=" and $gid =~ m/\D/) { - unless (exists $groups{$gid}) { - my @gr = getgrnam($gid) or die "bad group'$gid'"; - $groups{$gid} = $gr[2]; - } - $gid = $groups{$gid}; - } - $name =~ s:/$:: if $type eq "d"; - $name = ".".$name."\0"; - $uid{$name} = sprintf("%06o",int($uid)) unless $uid eq "="; - $gid{$name} = sprintf("%06o",int($gid)) unless $gid eq "="; - $mode{$name} = sprintf("%06o",oct($mode)|$type_map{$type}) unless $mode eq "="; - } - undef %users; - undef %groups; - # parse the cpio file - my $hdrlen = 76; - while (read(STDIN, my $header, $hdrlen)) { - my ($name, $namesize, $filesize); - my $filepad = 0; - if ($header =~ m/^07070[12]/) { - # SVR4 ASCII format, convert to ODC - if ($hdrlen == 76) { - # Read in rest of header and update header len for SVR4 - read(STDIN, $header, 110 - 76, 76); - $hdrlen = 110; - } - my $ino = hex(substr($header, 6, 8)) & 0x3ffff; - my $mode = hex(substr($header, 14, 8)) & 0x3ffff; - my $uid = hex(substr($header, 22, 8)) & 0x3ffff; - my $gid = hex(substr($header, 30, 8)) & 0x3ffff; - my $nlink = hex(substr($header, 38, 8)) & 0x3ffff; - my $mtime = hex(substr($header, 46, 8)) & 0xffffffff; - $filesize = hex(substr($header, 54, 8)) & 0xffffffff; - my $dev_maj = hex(substr($header, 62, 8)); - my $dev_min = hex(substr($header, 70, 8)); - my $dev = &makedev($dev_maj, $dev_min) & 0x3ffff; - my $rdev_maj = hex(substr($header, 78, 8)); - my $rdev_min = hex(substr($header, 86, 8)); - my $rdev = &makedev($rdev_maj, $rdev_min) & 0x3ffff; - $namesize = hex(substr($header, 94, 8)) & 0x3ffff; - read(STDIN, $name, $namesize); - # Header + name is padded to a multiple of 4 bytes - my $namepad = (($hdrlen + $namesize + 3) & 0xfffffffc) - ($hdrlen + $namesize); - read(STDIN, my $padding, $namepad) if ($namepad); - # File data is padded to be a multiple of 4 bytes - $filepad = (($filesize + 3) & 0xfffffffc) - $filesize; - - my $new_header = sprintf("070707%06o%06o%06o%06o%06o%06o%06o%011o%06o%011o", $dev, $ino, $mode, $uid, $gid, $nlink, $rdev, $mtime, $namesize, $filesize); - $header = $new_header; - } elsif ($header =~ m/^070707/) { - # POSIX Portable ASCII Format - $namesize = oct(substr($header, 59, 6)); - $filesize = oct(substr($header, 65, 11)); - read(STDIN, $name, $namesize); - } else { - die "bad magic"; - } - # update uid, gid and mode (already in octal) - substr($header, 24, 6) = $uid{$name} if exists $uid{$name}; - substr($header, 30, 6) = $gid{$name} if exists $gid{$name}; - substr($header, 18, 6) = $mode{$name} if exists $mode{$name}; - print($header, $name); - # check for trailer at EOF - last if $filesize == 0 && $name =~ /^TRAILER!!!\0/; - # copy-through the file data - while ($filesize > 0) { - my $seg = 8192; - $seg = $filesize if $filesize < $seg; - read(STDIN, my $data, $seg); - print $data; - $filesize -= $seg; - } - # If file data is padded, skip it - read(STDIN, my $padding, $filepad) if ($filepad); - } - # pass through any padding at the end (blocksize-dependent) - for (;;) { - my $numread = read(STDIN, my $data, 8192); - last unless $numread; - print $data; - } - exit(0); - - sub makedev { - (((($_[0] & 0xff)) << 24) | ($_[1] & 0xffffff)); - } - __DATA__ -. - # Append to the script the %files data - cat "$@" > $script - /usr/bin/perl $script || pp_error "pp_macos_rewrite_cpio error"; -} - -pp_macos_files_bom () { - typeset _l t m o g f p st owner - while read t m o g f p st; do - # make sure that $m is padded up to 4 digits long - case "$m" in - ?) m="000$m";; - ??) m="00$m";; - ???) m="0$m";; - ?????*) pp_error "pp_macos_writebom: mode '$m' too long";; - esac - - # convert owner,group into owner/group in octal - case $o in -) o=0;; esac - case $g in -) g=0;; esac - owner=`pp_d2o $o`/`pp_d2o $g` - - case $t in - f) - test x"$m" = x"000-" && m=0644 - echo ".$p 10$m $owner ` - /usr/bin/cksum < "${pp_destdir}$p" | - awk '{print $2 " " $1}'`" - ;; - d) - test x"$m" = x"000-" && m=0755 - echo ".${p%/} 4$m $owner" - ;; - s) - test x"$m" = x"000-" && m=0755 - rl=`/usr/bin/readlink "${pp_destdir}$p"` - #test x"$rl" = x"$st" || - # pp_error "symlink mismatch $rl != $st" - echo ".$p 12$m $owner ` - /usr/bin/readlink -n "${pp_destdir}$p" | - /usr/bin/cksum | - awk '{print $2 " " $1}'` $st" - ;; - esac - done -} - -pp_macos_bom_fix_parents () { - perl -pe ' - sub dirname { my $d=shift; $d=~s,/[^/]*$,,; $d; } - sub chk { my $d=shift; - &chk(&dirname($d)) if $d =~ m,/,; - unless ($seen{$d}++) { - # Make sure we do not override system directories - if ($d =~ m:^\./(etc|var)$:) { - my $tgt = "private/$1"; - my ($sum, $len) = split(/\s+/, `/usr/bin/printf "$tgt" | /usr/bin/cksum /dev/stdin`); - print "$d\t120755\t0/0\t$len\t$sum\t$tgt\n"; - } elsif ($d eq "." || $d eq "./Library") { - print "$d\t41775\t0/80\n"; - } elsif ($d eq "./Applications" || $d eq "./Developer") { - print "$d\t40775\t0/80\n"; - } else { - print "$d\t40755\t0/0\n"; - } - } - } - m/^(\S+)\s+(\d+)/; - if (oct($2) & 040000) { - $seen{$1}++; # directory - } - &chk(&dirname($1));' -} - -pp_macos_files_size () { - typeset _l t m o g f p st owner - while read t m o g f p st; do - case $t in - f) wc -c < "${pp_destdir}$p";; - s) echo 4095;; - d) ;; # always seems to be zero - esac - done | awk '{n+=1+int($1/4096)} END {print n*4}' -} - -pp_o2d () { - awk 'BEGIN { x=0; '`echo "$1" | - sed -e 's/./x=x*8+&;/g'`'print x;}' /dev/null; then - rm -f "$2" - /usr/bin/mkbom -i "$1" "$2" - return - fi - - # On 10.4 we have this nonsense. - pp_warn "mkbom workaround: copying source files to staging area" - - bomstage=$pp_wrkdir/bom_stage - $pp_macos_sudo /bin/mkdir "$bomstage" - while IFS=' ' read path mode ugid size cksumi linkpath; do - if test -h "$pp_destdir/$path"; then - $pp_macos_sudo /bin/ln -s "$linkpath" "$bomstage/$path" - else - if test -d "$pp_destdir/$path"; then - $pp_macos_sudo /bin/mkdir -p "$bomstage/$path" - else - $pp_macos_sudo /bin/cp "$pp_destdir/$path" "$bomstage/$path" - fi - $pp_macos_sudo /bin/chmod $mode "$bomstage/$path" - $pp_macos_sudo /usr/sbin/chown `echo $ugid| tr / :` "$bomstage/$path" - fi - done <"$1" - (cd $bomstage && $pp_macos_sudo mkbom . $pp_wrkdir/bom_stage.bom) || - pp_error "mkbom failed" - $pp_macos_sudo mv $pp_wrkdir/bom_stage.bom "$2" -} - -pp_backend_macos () { - : ${pp_macos_bundle_id:=$pp_macos_default_bundle_id_prefix$name} - case "$pp_macos_pkg_type" in - bundle) pp_backend_macos_bundle;; - flat) pp_backend_macos_flat;; - *) pp_error "unsupported package type $pp_macos_pkg_type";; - esac -} - -pp_backend_macos_bundle () { - typeset pkgdir Contents Resources lprojdir svc - typeset Info_plist Description_plist - typeset bundle_vendor bundle_version size cmp filelists - - mac_version=`sw_vers -productVersion` - bundle_vendor=${pp_macos_bundle_vendor:-$vendor} - - if test -z "$pp_macos_bundle_version"; then - bundle_version=`echo "$version.0.0.0" | sed -n -e 's/[^0-9.]//g' \ - -e 's/^\([0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\).*/\1/p'` - else - bundle_version="$pp_macos_bundle_version" - fi - source_version=`echo $version | sed 's/.*\.//'` - - # build the package layout - pkgdir=$pp_wrkdir/$name.pkg - Contents=$pkgdir/Contents - Resources=$Contents/Resources - lprojdir=$Resources/en.lproj - mkdir $pkgdir $Contents $Resources $lprojdir || - pp_error "Can't make package temporary directories" - - echo "major: 1" > $Resources/package_version - echo "minor: 0" >> $Resources/package_version - echo "pmkrpkg1" > $Contents/PkgInfo - case $mac_version in - "10.6"*) - xattr -w "com.apple.TextEncoding" "macintosh;0" "$Resources/package_version" - xattr -w "com.apple.TextEncoding" "macintosh;0" "$Contents/PkgInfo" - ;; - esac - - # Copy welcome file/dir for display at package install time. - if test -n "$pp_macos_pkg_welcome"; then - typeset sfx - sfx=`echo "$pp_macos_pkg_welcome"|sed 's/^.*\.\([^\.]*\)$/\1/'` - case "$sfx" in - rtf|html|rtfd|txt) ;; - *) sfx=txt;; - esac - cp -R ${pp_macos_pkg_welcome} $Resources/Welcome.$sfx - fi - - # Copy readme file/dir for display at package install time. - if test -n "$pp_macos_pkg_readme"; then - typeset sfx - sfx=`echo "$pp_macos_pkg_readme"|sed 's/^.*\.\([^\.]*\)$/\1/'` - case "$sfx" in - rtf|html|rtfd|txt) ;; - *) sfx=txt;; - esac - cp -R ${pp_macos_pkg_readme} $Resources/ReadMe.$sfx - fi - - # Copy license file/dir for display at package install time. - if test -n "$pp_macos_pkg_license"; then - typeset sfx - sfx=`echo "$pp_macos_pkg_license"|sed 's/^.*\.\([^\.]*\)$/\1/'` - case "$sfx" in - rtf|html|rtfd|txt) ;; - *) sfx=txt;; - esac - cp -R ${pp_macos_pkg_license} $Resources/License.$sfx - fi - - # Add services (may modify %files) - for svc in $pp_services .; do - test . = "$svc" && continue - pp_macos_add_service $svc - done - - # Find file lists (%files.* includes ignore files) - for cmp in $pp_components; do - test -f $pp_wrkdir/%files.$cmp && filelists="$filelists${filelists:+ }$pp_wrkdir/%files.$cmp" - done - - # compute the installed size - size=`cat $filelists | pp_macos_files_size` - - #-- Create Info.plist - Info_plist=$Contents/Info.plist - pp_macos_plist \ - start-plist \{ \ - key CFBundleGetInfoString string \ - "${pp_macos_bundle_info_string:-$version $bundle_vendor}" \ - key CFBundleIdentifier string \ - "${pp_macos_bundle_id}" \ - key CFBundleName string "$name" \ - key CFBundleShortVersionString string "$bundle_version.$source_version" \ - key IFMajorVersion integer 1 \ - key IFMinorVersion integer 0 \ - key IFPkgFlagAllowBackRev false \ - key IFPkgFlagAuthorizationAction string "RootAuthorization" \ - key IFPkgFlagDefaultLocation string "/" \ - key IFPkgFlagFollowLinks true \ - key IFPkgFlagInstallFat true \ - key IFPkgFlagInstalledSize integer $size \ - key IFPkgFlagIsRequired false \ - key IFPkgFlagOverwritePermissions true \ - key IFPkgFlagRelocatable false \ - key IFPkgFlagRestartAction string "NoRestart" \ - key IFPkgFlagRootVolumeOnly true \ - key IFPkgFlagUpdateInstalledLanguages false \ - key IFPkgFlagUseUserMask false \ - key IFPkgFormatVersion real 0.10000000149011612 \ - key SourceVersion string $source_version \ - \} end-plist> $Info_plist - - # write en.lproj/Description.plist - Description_plist=$lprojdir/Description.plist - pp_macos_plist \ - start-plist \{ \ - key IFPkgDescriptionDeleteWarning string "" \ - key IFPkgDescriptionDescription string "$pp_macos_bundle_info_string" \ - key IFPkgDescriptionTitle string "$name" \ - key IFPkgDescriptionVersion string "$bundle_version.$source_version" \ - \} end-plist > $Description_plist - - # write Resources/files - awk '{print $6}' $filelists > $Resources/files - - # write package size file - printf \ -"NumFiles 0 -InstalledSize $size -CompressedSize 0 -" > $Resources/$name.sizes - - # write Resources/preinstall - for cmp in $pp_components; do - if test -s $pp_wrkdir/%pre.$cmp; then - if test ! -s $Resources/preinstall; then - echo "#!/bin/sh" > $Resources/preinstall - chmod +x $Resources/preinstall - fi - cat $pp_wrkdir/%pre.$cmp >> $Resources/preinstall - echo : >> $Resources/preinstall - fi - done - - # write Resources/postinstall - for cmp in $pp_components; do - if test -s $pp_wrkdir/%post.$cmp; then - if test ! -s $Resources/postinstall; then - echo "#!/bin/sh" > $Resources/postinstall - chmod +x $Resources/postinstall - fi - cat $pp_wrkdir/%post.$cmp >> $Resources/postinstall - echo : >> $Resources/postinstall - fi - done - - # write Resources/postupgrade - for cmp in $pp_components; do - if test -s $pp_wrkdir/%postup.$cmp; then - if test ! -s $Resources/postupgrade; then - echo "#!/bin/sh" > $Resources/postupgrade - chmod +x $Resources/postupgrade - fi - cat $pp_wrkdir/%postup.$cmp >> $Resources/postupgrade - echo : >> $Resources/postupgrade - fi - done - - # write Resources/preremove - for cmp in $pp_components; do - if test -s $pp_wrkdir/%preun.$cmp; then - if test ! -s $Resources/preremove; then - echo "#!/bin/sh" > $Resources/preremove - chmod +x $Resources/preremove - fi - cat $pp_wrkdir/%preun.$cmp >> $Resources/preremove - echo : >> $Resources/preremove - fi - done - - # write Resources/postremove - for cmp in $pp_components; do - if test -s $pp_wrkdir/%postun.$cmp; then - if test ! -s $Resources/postremove; then - echo "#!/bin/sh" > $Resources/postremove - chmod +x $Resources/postremove - fi - cat $pp_wrkdir/%postun.$cmp >> $Resources/postremove - echo : >> $Resources/postremove - fi - done - - # write uninstall info - echo "version=$version" > $Resources/uninstall - if [ -n "$pp_macos_requires" ];then - echo "requires=$pp_macos_requires" >> $Resources/uninstall - fi - - . $pp_wrkdir/%fixup - - # Create the bill-of-materials (Archive.bom) - cat $filelists | pp_macos_files_bom | sort | - pp_macos_bom_fix_parents > $pp_wrkdir/tmp.bomls - - pp_macos_mkbom $pp_wrkdir/tmp.bomls $Contents/Archive.bom - - # Create the cpio archive (Archive.pax.gz) - ( - cd $pp_destdir && - awk '{ print "." $6 }' $filelists | sed 's:/$::' | sort | /usr/bin/cpio -o | pp_macos_rewrite_cpio $filelists | gzip -9f -c > $Contents/Archive.pax.gz - ) - - # Copy installer plugins if any - if test -n "$pp_macos_installer_plugin"; then - if test ! -f "$pp_macos_installer_plugin/InstallerSections.plist"; then - pp_error "Missing InstallerSections.plist file in $pp_macos_installer_plugin" - fi - mkdir -p $pkgdir/Plugins - cp -R "$pp_macos_installer_plugin"/* $pkgdir/Plugins - fi - - test -d $pp_wrkdir/bom_stage && $pp_macos_sudo rm -rf $pp_wrkdir/bom_stage - - rm -f ${name}-${version}.dmg - hdiutil create -fs HFS+ -srcfolder $pkgdir -volname $name ${name}-${version}.dmg -} - -pp_backend_macos_flat () { - typeset pkgdir bundledir Resources lprojdir svc - typeset Info_plist Description_plist - typeset bundle_vendor bundle_version size numfiles cmp filelists - - mac_version=`sw_vers -productVersion` - bundle_vendor=${pp_macos_bundle_vendor:-$vendor} - - if test -z "$pp_macos_bundle_version"; then - bundle_version=`echo "$version.0.0.0" | sed -n -e 's/[^0-9.]//g' \ - -e 's/^\([0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\).*/\1/p'` - else - bundle_version="$pp_macos_bundle_version" - fi - source_version=`echo $version | sed 's/.*\.//'` - - # build the flat package layout - pkgdir=$pp_wrkdir/pkg - bundledir=$pp_wrkdir/pkg/$name.pkg - Resources=$pkgdir/Resources - lprojdir=$Resources/en.lproj - mkdir $pkgdir $bundledir $Resources $lprojdir || - pp_error "Can't make package temporary directories" - - # Add services (may modify %files) - for svc in $pp_services .; do - test . = "$svc" && continue - pp_macos_add_service $svc - done - - # Find file lists (%files.* includes ignore files) - for cmp in $pp_components; do - test -f $pp_wrkdir/%files.$cmp && filelists="$filelists${filelists:+ }$pp_wrkdir/%files.$cmp" - done - - # compute the installed size and number of files/dirs - size=`cat $filelists | pp_macos_files_size` - numfiles=`cat $filelists | wc -l` - numfiles="${numfiles##* }" - - # Write Distribution file - cat <<-. >$pkgdir/Distribution - - - $name $version - - -. - if test -n "$pp_macos_pkg_welcome"; then - cp -R "${pp_macos_pkg_welcome}" $Resources - echo " " >>$pkgdir/Distribution - fi - if test -n "$pp_macos_pkg_readme"; then - cp -R "${pp_macos_pkg_readme}" $Resources - echo " " >>$pkgdir/Distribution - fi - if test -n "$pp_macos_pkg_license"; then - cp -R "${pp_macos_pkg_license}" $Resources - echo " " >>$pkgdir/Distribution - fi - cat <<-. >>$pkgdir/Distribution - - - - - - - #$name.pkg - -. - - # write scripts archive - # XXX - missing preupgrade, preflight, postflight - mkdir $pp_wrkdir/scripts - for cmp in $pp_components; do - if test -s $pp_wrkdir/%pre.$cmp; then - if test ! -s $pp_wrkdir/scripts/preinstall; then - echo "#!/bin/sh" > $pp_wrkdir/scripts/preinstall - chmod +x $pp_wrkdir/scripts/preinstall - fi - cat $pp_wrkdir/%pre.$cmp >> $pp_wrkdir/scripts/preinstall - echo : >> $pp_wrkdir/scripts/preinstall - fi - if test -s $pp_wrkdir/%post.$cmp; then - if test ! -s $pp_wrkdir/scripts/postinstall; then - echo "#!/bin/sh" > $pp_wrkdir/scripts/postinstall - chmod +x $pp_wrkdir/scripts/postinstall - fi - cat $pp_wrkdir/%post.$cmp >> $pp_wrkdir/scripts/postinstall - echo : >> $pp_wrkdir/scripts/postinstall - fi - if test -s $pp_wrkdir/%postup.$cmp; then - if test ! -s $pp_wrkdir/scripts/postupgrade; then - echo "#!/bin/sh" > $pp_wrkdir/scripts/postupgrade - chmod +x $pp_wrkdir/scripts/postupgrade - fi - cat $pp_wrkdir/%postup.$cmp >> $pp_wrkdir/scripts/postupgrade - echo : >> $pp_wrkdir/scripts/postupgrade - fi - # XXX - not supported - if test -s $pp_wrkdir/%preun.$cmp; then - if test ! -s $pp_wrkdir/scripts/preremove; then - echo "#!/bin/sh" > $pp_wrkdir/scripts/preremove - chmod +x $pp_wrkdir/scripts/preremove - fi - cat $pp_wrkdir/%preun.$cmp >> $pp_wrkdir/scripts/preremove - echo : >> $pp_wrkdir/scripts/preremove - fi - # XXX - not supported - if test -s $pp_wrkdir/%postun.$cmp; then - if test ! -s $pp_wrkdir/scripts/postremove; then - echo "#!/bin/sh" > $pp_wrkdir/scripts/postremove - chmod +x $pp_wrkdir/scripts/postremove - fi - cat $pp_wrkdir/%postun.$cmp >> $pp_wrkdir/scripts/postremove - echo : >> $pp_wrkdir/scripts/postremove - fi - done - if test "`echo $pp_wrkdir/scripts/*`" != "$pp_wrkdir/scripts/*"; then - # write scripts archive, scripts are mode 0755 uid/gid 0/0 - # resetting the owner and mode is not strictly required - ( - cd $pp_wrkdir/scripts || pp_error "Can't cd to $pp_wrkdir/scripts" - rm -f $pp_wrkdir/tmp.files.scripts - for s in *; do - echo "f 0755 0 0 - ./$s" >>$pp_wrkdir/tmp.files.scripts - done - find . -type f | /usr/bin/cpio -o | pp_macos_rewrite_cpio $pp_wrkdir/tmp.files.scripts | gzip -9f -c > $bundledir/Scripts - ) - fi - - # Write PackageInfo file - cat <<-. >$bundledir/PackageInfo - - - -. - if test -s $bundledir/Scripts; then - echo " " >>$bundledir/PackageInfo - for s in preflight postflight preinstall postinstall preupgrade postupgrade; do - if test -s "$pp_wrkdir/scripts/$s"; then - echo " <$s file=\"$s\"/>" >>$bundledir/PackageInfo - fi - done - echo " " >>$bundledir/PackageInfo - fi - cat <<-. >>$bundledir/PackageInfo - -. - - . $pp_wrkdir/%fixup - - # Create the bill-of-materials (Bom) - cat $filelists | pp_macos_files_bom | sort | - pp_macos_bom_fix_parents > $pp_wrkdir/tmp.bomls - pp_macos_mkbom $pp_wrkdir/tmp.bomls $bundledir/Bom - - # Create the cpio payload - ( - cd $pp_destdir || pp_error "Can't cd to $pp_destdir" - awk '{ print "." $6 }' $filelists | sed 's:/$::' | sort | /usr/bin/cpio -o | pp_macos_rewrite_cpio $filelists | gzip -9f -c > $bundledir/Payload - ) - - # Copy installer plugins if any - if test -n "$pp_macos_installer_plugin"; then - if test ! -f "$pp_macos_installer_plugin/InstallerSections.plist"; then - pp_error "Missing InstallerSections.plist file in $pp_macos_installer_plugin" - fi - mkdir -p $pkgdir/Plugins - cp -R "$pp_macos_installer_plugin"/* $pkgdir/Plugins - fi - - test -d $pp_wrkdir/bom_stage && $pp_macos_sudo rm -rf $pp_wrkdir/bom_stage - - # Create the flat package with xar (like pkgutil --flatten does) - # Note that --distribution is only supported by Mac OS X 10.6 and above - xar_flags="--compression=bzip2 --no-compress Scripts --no-compress Payload" - case $mac_version in - "10.5"*) ;; - *) xar_flags="$xar_flags --distribution";; - esac - (cd $pkgdir && /usr/bin/xar $xar_flags -cf "../$name-$version.pkg" *) -} - -pp_backend_macos_cleanup () { - : -} - -pp_backend_macos_names () { - case "$pp_macos_pkg_type" in - bundle) echo ${name}.pkg;; - flat) echo ${name}-${version}.pkg;; - *) pp_error "unsupported package type $pp_macos_pkg_type";; - esac -} - -pp_backend_macos_install_script () { - echo '#!/bin/sh' - typeset pkgname platform - - pkgname="`pp_backend_macos_names`" - platform="`pp_backend_macos_probe`" - pp_install_script_common - - cat <<. - test \$# -eq 0 && usage - op="\$1"; shift - - case "\$op" in - list-components) - test \$# -eq 0 || usage \$op - echo "$pp_components" - ;; - list-services) - test \$# -eq 0 || usage \$op - echo "$pp_services" - ;; - list-files) - test \$# -ge 1 || usage \$op - echo \${PP_PKGDESTDIR:-.}/"$pkgname" - ;; - install) - test \$# -ge 1 || usage \$op - vol=/Volumes/pp\$\$ - pkg=\$vol/${name}-${version}.pkg - hdiutil attach -readonly -mountpoint \$vol \ - \${PP_PKGDESTDIR:-.}/"$pkgname" - trap "hdiutil detach \$vol" 0 - installer -pkginfo -pkg \$pkg - installer -verbose -pkg \$pkg -target / - ;; - uninstall) - test \$# -ge 1 || usage \$op - # XXX - echo "Uninstall not implemented" >&2 - exit 1;; - start|stop) - test \$# -ge 1 || usage \$op - ec=0 - for svc - do - # XXX - echo "\${op} not implemented" >&2 - ec=1 - done - exit \$ec - ;; - print-platform) - echo "$platform" - ;; - *) - usage;; - esac -. -} - -pp_backend_macos_init_svc_vars () { - pp_macos_start_services_after_install=true - pp_macos_service_name= - pp_macos_default_service_id_prefix="com.quest.rc." - pp_macos_service_id= - pp_macos_service_user= - pp_macos_service_group= - pp_macos_service_initgroups= - pp_macos_service_umask= - pp_macos_service_cwd= - pp_macos_service_nice= - pp_macos_svc_plist_file= -} - -pp_macos_launchd_plist () { - typeset svc svc_id - - svc="$1" - svc_id="$2" - - set -- $cmd - - if [ -n "$pp_macos_svc_plist_file" ]; then - echo "## Launchd plist file already defined at $pp_macos_svc_plist_file" - return - fi - - echo "## Generating the launchd plist file for $svc" - pp_macos_svc_plist_file="$pp_wrkdir/$svc.plist" - cat <<-. > $pp_macos_svc_plist_file - - - - - Label - $svc_id - ProgramArguments - -. - while test $# != 0; do - printf " $1\n" >> $pp_macos_svc_plist_file - shift - done - cat <<-. >> $pp_macos_svc_plist_file - - KeepAlive - -. - if test -n "$pp_macos_service_user"; then - printf " UserName\n" >> $pp_macos_svc_plist_file - printf " $pp_macos_service_user\n" >> $pp_macos_svc_plist_file - fi - if test -n "$pp_macos_service_group"; then - printf " GroupName\n" >> $pp_macos_svc_plist_file - printf " $pp_macos_service_group\n" >> $pp_macos_svc_plist_file - fi - if test -n "$pp_macos_service_initgroups"; then - printf " InitGroups\n" >> $pp_macos_svc_plist_file - printf " $pp_macos_service_initgroups\n" >> $pp_macos_svc_plist_file - fi - if test -n "$pp_macos_service_umask"; then - printf " Umask\n" >> $pp_macos_svc_plist_file - printf " $pp_macos_service_umask\n" >> $pp_macos_svc_plist_file - fi - if test -n "$pp_macos_service_cwd"; then - printf " WorkingDirectory\n" >> $pp_macos_svc_plist_file - printf " $pp_macos_service_cwd\n" >> $pp_macos_svc_plist_file - fi - if test -n "$pp_macos_service_nice"; then - printf " Nice\n" >> $pp_macos_svc_plist_file - printf " $pp_macos_service_nice\n" >> $pp_macos_svc_plist_file - fi - cat <<-. >> $pp_macos_svc_plist_file - - -. -} - -pp_macos_add_service () { - typeset svc svc_id plist_file plist_dir - - pp_load_service_vars "$1" - svc=${pp_macos_service_name:-$1} - svc_id=${pp_macos_service_id:-$pp_macos_default_service_id_prefix$svc} - - #-- create a plist file for svc - pp_macos_launchd_plist "$svc" "$svc_id" - - #-- copy the plist file into place and add to %files - plist_dir="/Library/LaunchDaemons" - plist_file="$plist_dir/$svc_id.plist" - mkdir -p "$pp_destdir/$plist_dir" - cp "$pp_macos_svc_plist_file" "$pp_destdir/$plist_file" - pp_add_file_if_missing "$plist_file" - - #-- add code to start the service on install & upgrade - ${pp_macos_start_services_after_install} && <<-. >> $pp_wrkdir/%post.$svc - # start service '$svc' automatically after install - launchctl load "$plist_file" -. - ${pp_macos_start_services_after_install} && <<-. >> $pp_wrkdir/%postup.$svc - # start service '$svc' automatically after upgrade - # This is necessary if the service is new since the previous version. - # XXX: Does launchd automatically reload an service if its binary - # is replaced? - launchctl load "$plist_file" -. -} - -pp_backend_macos_probe () { - typeset name vers arch - case `sw_vers -productName` in - "Mac OS X") name="macos";; - *) name="unknown";; - esac - vers=`sw_vers -productVersion | sed -e 's/^\([^.]*\)\.\([^.]*\).*/\1\2/'` - arch=`arch` - echo "$name$vers-$arch" -} - -pp_backend_macos_vas_platforms () { - echo "osx" # XXX non-really sure what they do.. it should be "macos" -} -pp_backend_macos_function () { - case "$1" in - _pp_macos_search_unused) cat<<'.';; - # Find an unused value in the given path - # args: path attribute minid [maxid] - pp_tmp_val=$3 - while :; do - test $pp_tmp_val -ge ${4:-999999} && return 1 - /usr/bin/dscl . -search "$1" "$2" $pp_tmp_val | - grep . > /dev/null || break - pp_tmp_val=`expr $pp_tmp_val + 1` - done - echo $pp_tmp_val -. - pp_mkgroup:depends) echo _pp_macos_search_unused;; - pp_mkgroup) cat<<'.';; - set -e - /usr/bin/dscl . -read /Groups/"$1" >/dev/null 2>&1 && return - pp_tmp_gid=`_pp_macos_search_unused /Groups PrimaryGroupID 100` - /usr/bin/dscl . -create /Groups/"$1" - /usr/bin/dscl . -create /Groups/"$1" PrimaryGroupID $pp_tmp_gid - /usr/bin/dscl . -create /Groups/"$1" RealName "Group $1" - /usr/bin/dscl . -create /Groups/"$1" GroupMembership "" - /usr/bin/dscl . -create /Groups/"$1" Password '*' -. - pp_mkuser:depends) echo pp_mkgroup _pp_macos_search_unused;; - pp_mkuser) cat<<'.';; - set -e - /usr/bin/dscl . -read /Users/"$1" >/dev/null 2>&1 && return - pp_tmp_uid=`_pp_macos_search_unused /Users UniqueID 100` - pp_mkgroup "${2:-$1}" - pp_tmp_gid=`/usr/bin/dscl . -read /Groups/"${2:-$1}" \ - PrimaryGroupID | awk '{print $2}'` - /usr/bin/dscl . -create /Users/"$1" - /usr/bin/dscl . -create /Users/"$1" PrimaryGroupID $pp_tmp_gid - /usr/bin/dscl . -create /Users/"$1" NFSHomeDirectory \ - "${3:-/var/empty}" - /usr/bin/dscl . -create /Users/"$1" UserShell \ - "${4:-/usr/bin/false}" - /usr/bin/dscl . -create /Users/"$1" RealName "$1" - /usr/bin/dscl . -create /Users/"$1" UniqueID $pp_tmp_uid - /usr/bin/dscl . -create /Users/"$1" Password '*' -. - pp_havelib) cat<<'.';; - # (use otool -L to find dependent libraries) - for pp_tmp_dir in `echo "${3:+$3:}/usr/local/lib:/lib:/usr/lib" | - tr : ' '`; do - test -r "$pp_tmp_dir/lib$1{$2:+.$2}.dylib" && return 0 - done - return 1 -. - *) false;; - esac -} - -pp_platforms="$pp_platforms inst" - -pp_backend_inst_detect () { - case "$1" in - IRIX*) return 0;; - *) return 1;; - esac -} - -pp_backend_inst_init () { - pp_readlink_fn=pp_ls_readlink -} - -pp_backend_inst_create_idb() -{ - typeset t m o g f p st - - while read t m o g f p st; do - if test x"$o" = x"-"; then - o="root" - fi - if test x"$g" = x"-"; then - g="sys" - fi - case "$t" in - f) test x"$m" = x"-" && m=444 - echo "f 0$m $o $g $p $p $name.sw.base" - ;; - d) test x"$m" = x"-" && m=555 - echo "d 0$m $o $g $p $p $name.sw.base" - ;; - s) test x"$m" = x"-" && m=777 - test x"$m" = x"777" || - pp_warn "$p: invalid mode $m for symlink, should be 777 or -" - echo "l 0$m $o $g $p $p $name.sw.base symval($st)" - ;; - esac - done -} - -pp_backend_inst_create_spec() -{ - echo "product $name" - echo " id \"${summary}. Version: ${version}\"" - echo " image sw" - echo " id \"Software\"" - echo " version $version" - echo " order 9999" - echo " subsys base" - echo " id \"Base Software\"" - echo " replaces self" - echo " exp $name.sw.base" - echo " endsubsys" - echo " endimage" - echo "endproduct" -} - -pp_backend_inst () { - curdir=`pwd` - - cd "$pp_opt_wrkdir" - - # initialize - pp_inst_tardist=tardist - pp_inst_spec=${name}.spec - pp_inst_idb=${name}.idb - - rm -rf $pp_inst_tardist $pp_inst_spec $pp_inst_idb - mkdir -p $pp_inst_tardist - - # Create idb file - (for _cmp in $pp_components; do - cat %files.$_cmp | sort +4u -6 | pp_backend_inst_create_idb - done) >> $pp_inst_idb - - pp_backend_inst_create_spec >> $pp_inst_spec - - # Generate tardist - gendist -verbose -all -root / -source $pp_opt_destdir -idb $pp_inst_idb -spec $pp_inst_spec -dist $pp_inst_tardist $name - tar -cvf `pp_backend_inst_names` $pp_inst_tardist - - cd "$curdir" -} - -pp_backend_inst_cleanup () { - : -} - -pp_backend_inst_names () { - echo ${name}-${version}.tardist -} - -pp_backend_inst_install_script () { - : -} - -pp_backend_inst_function () { - echo false -} - -pp_backend_inst_init_svc_vars () { - : -} - -pp_backend_inst_probe () { - cpu=`hinv|sed -n '/^CPU/{s/000 /k /;s/^CPU: //;s/ Process.*//;s/^MIPS //;p;q;}'|tr A-Z a-z` - echo irix`uname -r`-$cpu -} - -pp_backend_inst_vas_platforms () { - echo "irix-65" -} - -pp_platforms="$pp_platforms null" - -pp_backend_null_detect () { - ! : -} - -pp_backend_null_init () { - : -} - - -pp_backend_null () { - : -} - -pp_backend_null_cleanup () { - : -} - -pp_backend_null_names () { - : -} - -pp_backend_null_install_script () { - : -} - -pp_backend_null_function () { - echo false -} - -pp_backend_null_init_svc_vars () { - : -} - -pp_backend_null_probe () { - echo unknown-unknown -} - -pp_backend_null_vas_platforms () { -: -} - -pp_platforms="$pp_platforms bsd" - -pp_bsd_munge_text () { - # Insert a leading space on each line, replace blank lines with a - #space followed by a full-stop. - test -z "$1" && pp_die "pp_bsd_munge_text requires a parameter" - echo ${1} | sed "s,^\(.*\)$, \1, " | sed "s,^[ \t]*$, .,g" -} - -pp_backend_bsd_detect () { - test x"$1" = x"FreeBSD" -} - -pp_backend_bsd_init () { - - # Get the OS revision - pp_bsd_detect_os - - # Get the arch (i386/amd64) - pp_bsd_detect_arch - - pp_bsd_name= - pp_bsd_version= - pp_bsd_origin= - pp_bsd_comment= - pp_bsd_arch= - pp_bsd_abi= - pp_bsd_www= - pp_bsd_maintainer= - pp_bsd_prefix="/usr/local/" - pp_bsd_desc= - pp_bsd_message= - - # pp_bsd_category must be in array format comma seperated - # pp_bsd_category=[security,network] - pp_bsd_category= - - # pp_bsd_licenselogic can be one of the following: single, and, or unset - pp_bsd_licenselogic= - - # pp_bsd_licenses must be in array format comma seperated - # pp_bsd_licenses=[GPLv2,MIT] - pp_bsd_licenses= - - # pp_bsd_annotations. These can be any key: value pair - # key must be seperated by a : - # keyvalue pairs must be comma seperated - # pp_bsd_annotations="repo_type: binary, somekey: somevalue" - # since all packages created by PolyPackage will be of type binary - # let's just set it now. - pp_bsd_annotations="repo_type: binary" - - pp_bsd_dbg_pkgname="debug" - pp_bsd_dev_pkgname="devel" - pp_bsd_doc_pkgname="doc" - - # Make sure any programs we require are installed - pp_bsd_check_required_programs - -} - -pp_bsd_cmp_full_name () { - typeset prefix - prefix="${pp_bsd_name:-$name}" - case "$1" in - run) echo "${prefix}" ;; - dbg) echo "${prefix}-${pp_bsd_dbg_pkgname}";; - dev) echo "${prefix}-${pp_bsd_dev_pkgname}";; - doc) echo "${prefix}-${pp_bsd_doc_pkgname}";; - *) pp_error "unknown component '$1'"; - esac -} - -pp_bsd_check_required_programs () { - local p needed notfound ok - needed= notfound= - - # list of programs FreeBSD needs in order to create a binary package - for prog in ${pp_bsd_required_programs:-"pkg"} - do - if which $prog 2>&1 > /dev/null; then - pp_debug "$prog: found" - else - pp_debug "$prog: not found" - case "$prog" in - pkg) p=pkg;; - *) pp_die "Unexpected pkg tool $prog";; - esac - notfound="$notfound $prod" - pp_contains "$needed" "$p" || needed="$needed $p" - fi - done - if [ -n "$notfound" ]; then - pp_error "cannot find these programs: $notfound" - pp_error "please install these packages: $needed" - fi -} - -pp_bsd_detect_os () { - typeset revision - - pp_bsd_os=`uname -s` - revision=`uname -r` - pp_bsd_os_rev=`echo $revision | awk -F '-' '{print $1}'` -} - -pp_bsd_detect_arch() { - pp_bsd_platform="`uname -m`" - case $pp_bsd_platform in - amd64) pp_bsd_platform_std=x86_64;; - i386) pp_bsd_platform_std=i386;; - *) pp_bsd_platform_std=unknown;; - esac -} - -pp_bsd_label () { - local label arg - label="$1"; shift - for arg - do - test -z "$arg" || echo "$label: $arg" - done -} - -pp_bsd_make_annotations () { - - test -z $1 && pp_die "pp_bsd_make_annotations requires a parameter" - manifest=$1 - - # Add annotations. These can be any key: value pair - # key must be seperated by a : - # key:value pairs must be comma seperated. - if test -n "$pp_bsd_annotations"; then - pp_debug "Processing annotations:" - pp_bsd_label "annotations" "{" >> $manifest - - SAVEIFS=$IFS - IFS=, - for annotate in $pp_bsd_annotations; do - # Remove any spaces at the start of the line - annotate=`echo $annotate | sed 's/^ *//'` - pp_debug " $annotate" - echo " $annotate" >> $manifest - done - IFS=$SAVEIFS - echo "}" >> $manifest - fi -} - -pp_bsd_make_depends() { - typeset package origin version - cmp=$1 - manifest=$2 - - if test -s $pp_wrkdir/%depend.${cmp}; then - echo "deps: {" >> $manifest - cat $pp_wrkdir/%depend.${cmp} | while read package origin version; do - if test x != x$package; then - pp_debug "Processing dependency: $package" - if test x != x$origin -a x != x$version; then - pp_debug " $package: {origin: \"$origin\", version: \"$version\"}" - echo " $package: {origin: \"$origin\", version: \"$version\"}" >> $manifest - else - pp_warn "Dependency $package is missing origin or version or both" - fi - fi - done - echo "}" >> $manifest - fi -} - -pp_bsd_make_messages () { - test -z $1 && pp_die "pp_bsd_make_messages requires a parameter" - manifest=$1 - - pp_debug "Processing messsages" - - # Empty messages: [ ] is OK in the manifest - pp_bsd_label "messages" "[" >> $manifest - # Look for a single message in the variable pp_bsd_message - if test -n "$pp_bsd_message"; then - echo " { message: \"`pp_bsd_munge_text "$pp_bsd_message"`\" }," >> $manifest - fi - local a=1 - # Look for messages in the variables pp_bsd_message_[1..n] - var="pp_bsd_messages_1" - while [ -n "${!var}" ]; do - echo " { message: \"`pp_bsd_munge_text "${!var}"`\" }," >> $manifest - a=`expr $a + 1` - var="pp_bsd_messages_$a" - done - echo "]" >> $manifest -} - -pp_bsd_make_manifest() { - local cmp manifest - - cmp="$1" - manifest="$2" - - package_name=`pp_bsd_cmp_full_name $cmp` - - # Required for pkg +MANIFEST - cat <<-. >> $manifest - name: "${package_name}" - version: "${pp_bsd_version:-$version}" - origin: "${pp_bsd_origin}" - www: "${pp_bsd_www}" - desc: "`pp_bsd_munge_text "${pp_bsd_desc:-$description}"`" - comment: "${pp_bsd_comment:-$summary}" - maintainer: "${pp_bsd_maintainer}" - prefix: "${pp_bsd_prefix}" -. - - # Optional, so if they are not included in the pkg-product.pp file then do not create the label - pp_bsd_label "categories" "${pp_bsd_categories}" >> $manifest - pp_bsd_label "arch" "${pp_bsd_arch}" >> $manifest - pp_bsd_label "abi" "${pp_bsd_abi}" >> $manifest - pp_bsd_label "licenselogic" "${pp_bsd_licenselogic}" >> $manifest - pp_bsd_label "licenses" "${pp_bsd_licenses}" >> $manifest - - pp_bsd_make_annotations $manifest - pp_bsd_make_depends $cmp $manifest - - pp_bsd_make_messages $manifest -} - -pp_bsd_fakeroot () { - if test -s $pp_wrkdir/fakeroot.save; then - fakeroot -i $pp_wrkdir/fakeroot.save -s $pp_wrkdir/fakeroot.save "$@" - else - fakeroot -s $pp_wrkdir/fakeroot.save "$@" - fi -} - -pp_bsd_make_data() { - # t = file type - # m = file mode - # o = file owner - # g = file group - # f = ? - # p = file path - # st = file link - # - # EXAMPLE: f 755 root httpd v /usr/bin/hello goodbye - # -> /usr/bin/hello: {uname: root, gname: httpd, perm: 755 } goodbye - typeset _l t m o g f p st datadir - cmp=$1 - datadir=$pp_wrkdir/`pp_bsd_cmp_full_name $cmp` - local path - - outfilelist="$pp_wrkdir/files.list.$cmp" - outdirslist="$pp_wrkdir/dirs.list.$cmp" - - pp_debug "Processing $pp_wrkdir/%file.${cmp}" - - echo "files: {" > $outfilelist - echo "directories: {" > $outdirslist - - cat $pp_wrkdir/%files.${cmp} | while read t m o g f p st; do - test x"$o" = x"-" && o="${pp_bsd_defattr_uid:-root}" - test x"$g" = x"-" && g="${pp_bsd_defattr_gid:-wheel}" - path=$p - case "$t" in - f) # Files - # For now just skip the file if it is volatile, we will need to remove it in the pre uninstall script - if [ x"$f" != x"v" ]; then - # If the directory doesn't exist where we are going to copy this file, then create it first - if [ ! -d `dirname "$datadir$path"` ]; then - pp_debug "creating directory `dirname "$datadir$path"`" - mkdir -p `dirname "$datadir$path"` - fi - - pp_debug "install -D $datadir -o $o -g $g -h sha256 -m ${m} -v $pp_destdir$p $datadir$path"; - pp_bsd_fakeroot install -D $datadir -o $o -g $g -h sha256 -m ${m} -v $pp_destdir$p $datadir$path; - echo " \"$path\": \"-\", \"$path\": {uname: $o, gname: $g, perm: ${m}}" >> $outfilelist; - else - pp_warn "file $f was marked as volatile, skipping" - fi; - ;; - d) # Directories - pp_debug "install -D $datadir -o $o -g $g -m ${m} -d -v $datadir$path"; - pp_bsd_fakeroot install -D $datadir -o $o -g $g -m ${m} -d -v $datadir$path; - echo " \"$path\": \"-\", \"$path\": {uname: $o, gname: $g, perm: ${m}}" >> $outdirslist; - ;; - s) # Symlinks - pp_debug "Found symlink: $datadir$path"; - # Remove leading / - rel_p=`echo $p | sed s,^/,,` - (cd $datadir; ln -sf $st $rel_p); - # Do we care if the file doesn't exist? Just symnlink it regardless and throw a warning? This will be important in the case - # where we depend on other packages to be installed and will be using the libs from that package. - if [ ! -e "$datadir$path" ]; then - pp_warn "$datadir$path does not exist" - fi - echo " \"$path\": \"$st\"" >> $outfilelist; - ;; - *) pp_error "Unsupported data file type: %t";; - esac - done - - echo "}" >> $outfilelist - echo "}" >> $outdirslist - cat $outfilelist >> $manifest - cat $outdirslist >> $manifest - - pp_debug "Finished processing $pp_wrkdir/%file.${cmp}" -} - -pp_bsd_makebsd() { - typeset cmp - typeset package_build_dir - local manifest postinstall preinstall preuninstall postuninstall preupgrade postupgrade - - cmp="$1" - - if test -z "$pp_bsd_platform"; then - pp_error "Unknown BSD architecture" - return 1 - fi - - _subname=`pp_bsd_cmp_full_name $cmp` - package_build_dir=$pp_wrkdir/$_subname - - manifest="$package_build_dir/+MANIFEST" - postinstall="$package_build_dir/+POST_INSTALL" - preinstall="$package_build_dir/+PRE_INSTALL" - preuninstall="$package_build_dir/+PRE_DEINSTALL" - postuninstall="$package_build_dir/+POST_DEINSTALL" - preupgrade="$package_build_dir/+PRE_UPGRADE" - postupgrade="$package_build_dir/+POST_UPGRADE" - - # Create package dir - mkdir -p $package_build_dir - - pp_bsd_make_manifest $cmp $manifest - pp_bsd_make_data $cmp - - pp_debug "Processing pre/post install scripts" - - if test -s $pp_wrkdir/%pre.$cmp; then - pp_debug "Found %pre.$cmp" - { - cat "$pp_wrkdir/%pre.$cmp" - } > $preinstall - pp_debug "Created $preinstall" - fi - - if test -s $pp_wrkdir/%post.$cmp; then - pp_debug "Found %post.$cmp" - { - echo "# Post install script for " - cat "$pp_wrkdir/%post.$cmp" - } > $postinstall - pp_debug "Created $postinstall" - fi - - pp_debug "Processing pre/post uninstall scripts" - - if test -s $pp_wrkdir/%preun.$cmp; then - pp_debug "Found %preun.$cmp" - { - echo "# Pre uninstall script for ${pp_bsd_name:-$name}" - cat "$pp_wrkdir/%preun.$cmp" - } > $preuninstall - pp_debug "Created pkg $preuninstall" - fi - - if test -s $pp_wrkdir/%postun.$cmp; then - pp_debug "Found %postun.$cmp" - { - echo "# Post uninstall script for ${pp_bsd_name:-$name}" - cat "$pp_wrkdir/%postun.$cmp" - } > $postuninstall - pp_debug "Created $postuninstall" - fi - - if test -s $pp_wrkdir/%preup.$cmp; then - pp_debug "Found %preup.$cmp" - { - echo "# Pre upgrade script for ${pp_bsd_name:-$name}" - cat "$pp_wrkdir/%preup.$cmp" - } > $preupgrade - pp_debug "Created pkg $preupgrade" - fi - - if test -s $pp_wrkdir/%postup.$cmp; then - pp_debug "Found %postup.$cmp" - { - echo "# Post upgrade script for ${pp_bsd_name:-$name}" - cat "$pp_wrkdir/%postup.$cmp" - } > $postupgrade - pp_debug "Created $postupgrade" - fi -} - -pp_backend_bsd() { - #get-files-dir-entries - #create-manifest - #create-preuninstall - #create-postinstall - #create-package - # - pp_bsd_handle_services - - for cmp in $pp_components - do - _subname=`pp_bsd_cmp_full_name $cmp` - pp_debug "Generating packaging specific files for $_subname" - pp_bsd_makebsd $cmp - done - - # call this to fixup any files before creating the actual packages - . $pp_wrkdir/%fixup - - for cmp in $pp_components - do - _subname=`pp_bsd_cmp_full_name $cmp` - package_build_dir=$pp_wrkdir/$_subname - # Build the actual packages now - pp_debug "Building FreeBSD $_subname" - pp_debug "Running package create command: pkg create -m $package_build_dir -r $pp_wrkdir/`pp_bsd_cmp_full_name $cmp` -o $pp_wrkdir" - pp_bsd_fakeroot pkg create -m $package_build_dir -r $pp_wrkdir/`pp_bsd_cmp_full_name $cmp` -o $pp_wrkdir -v - done - -} - -pp_bsd_name () { - typeset cmp="${1:-run}" - echo `pp_bsd_cmp_full_name $cmp`"-${pp_bsd_version:-$version}.txz" -} - -pp_backend_bsd_names () { - for cmp in $pp_components; do - echo `pp_bsd_cmp_full_name $cmp`"-${pp_bsd_version:-$version}.txz" - done -} - -pp_backend_bsd_cleanup () { - : -} - -pp_backend_bsd_probe () { - echo "${pp_bsd_os}-${pp_bsd_platform_std}" - echo "${pp_bsd_os}${pp_bsd_os_rev}-${pp_bsd_platform_std}" -} - - -pp_backend_bsd_vas_platforms() { - case "${pp_bsd_platform_std}" in - x86_64) echo "FreeBSD-x86_64.txz FreeBSD-i386.txz";; - i386) echo "FreeBSD-i386.txz";; - *) pp_die "unknown architecture $pp_bsd_platform_std";; - esac -} - - -pp_backend_bsd_install_script () { - typeset cmp _cmp_full_name - - echo "#!/bin/sh" - pp_install_script_common - - cat <<. - - cmp_to_pkgname () { - test x"\$*" = x"all" && set -- $pp_components - for cmp - do - case \$cmp in -. - for cmp in $pp_components; do - echo " $cmp) echo '`pp_bsd_cmp_full_name $cmp`';;" - done - - cat <<. - *) usage;; - esac - done - } - - cmp_to_pathname () { - test x"\$*" = x"all" && - set -- $pp_components - for cmp - do - case \$cmp in -. - for cmp in $pp_components; do - echo " $cmp) echo \${PP_PKGDESTDIR:-.}/'`pp_bsd_name $cmp`';;" - done - - cat <<. - *) usage;; - esac - done - } - - test \$# -eq 0 && usage - op="\$1"; shift - case "\$op" in - list-components) - test \$# -eq 0 || usage \$op - echo $pp_components - ;; - list-services) - test \$# -eq 0 || usage \$op - echo $pp_services - ;; - list-files) - test \$# -ge 1 || usage \$op - cmp_to_pathname "\$@" - ;; - install) - test \$# -ge 1 || usage \$op - pkg add \`cmp_to_pathname "\$@"\` - ;; - uninstall) - test \$# -ge 1 || usage \$op - pkg remove \`cmp_to_pkgname "\$@"\`; : - ;; - start|stop) - test \$# -ge 1 || usage \$op - ec=0 - for svc - do - /etc/rc.d/\$svc \$op || ec=1 - done - exit \$ec - ;; - print-platform) - test \$# -eq 0 || usage \$op - echo "${pp_bsd_os}-${pp_bsd_platform}" - echo '`pp_backend_bsd_probe`' - ;; - *) - usage - ;; - esac -. -} -pp_backend_bsd_init_svc_vars () { - svc_process_regex="${pp_bsd_svc_process_regex}" - svc_description=$summary - svc_init_prefix="${pp_bsd_prefix}" - svc_init_filename="${pp_bsd_svc_init_filename}" # == $svc - svc_init_filepath="${pp_bsd_svc_init_filepath}" # == $pp_bsd_prefix/etc/rc.d/ by default - - bsd_svc_before="${pp_bsd_svc_before}" - bsd_svc_require="${pp_bsd_svc_require}" - bsd_svc_keyword="${pp_bsd_svc_keyword}" - -} - -pp_bsd_service_make_init_info() { - local svc=$1 - local out=$2 - cat <<-. >$out - #!/bin/sh - # - # FreeBSD Script Header Detail - # - # PROVIDE: $svc -. - - if [ ! -z "$bsd_svc_before" ]; then - cat <<-. >>$out - # BEFORE: $bsd_svc_before -. - fi - - if [ ! -z "$bsd_svc_require" ]; then - cat <<-. >>$out - # REQUIRE: $bsd_svc_require -. - fi - - if [ ! -z "$bsd_svc_keyword" ]; then - cat <<-. >>$out - # KEYWORD: $bsd_svc_keyword -. - fi - - cat <<-'.' >>$out - ### END INIT INFO - -. - -} - -pp_bsd_service_make_init_set_vars() { - local svc=$1 - local out=$2 - - svc_command="$cmd" - svc_pre_command="${pp_bsd_svc_pre_command}" - svc_pre_command_args="${pp_bsd_svc_pre_command_args}" - - local run_command="${svc_pre_command:-$svc_command}" - local run_pre_command_args="${svc_pre_command:+"${svc_pre_command_args}"}" - local run_post_command_args="${svc_command:+"${svc_command_args}"}" - local run_post_command_without_pre_command="${svc_pre_command:+"$svc_command"}" - local run_post_command_with_args="${run_post_command_without_pre_command}${run_post_command_args:+" $run_post_command_args"}" - local run_command_args="${run_pre_command_args:+"$run_pre_command_args"}${run_post_command_with_args:+" $run_post_command_with_args"}" - - # https://www.freebsd.org/cgi/man.cgi?query=rc.subr - cat <<-. >>$out - # FreeBSD rc subroutines - . /etc/rc.subr - - # 0: Not running. - # 1: Running normally - # 2: Running, but no PID file. - # 3: Running, but PID file doesn't match running processes. - # If the PID file is found but no process, the file is removed and 0 is returned. - DAEMON_RUNNING=0 - - name="$svc" - desc="${svc_description:-\$name}" - - start_cmd="\${name}_start" - status_cmd="\${name}_status" - stop_cmd="\${name}_stop" - - # Loads any variables set in /etc/rc.conf.d/\$name - load_rc_config \$name - - : \${${svc}_enable:="Yes"} - : \${${svc}_pidfile:="${pidfile:-/var/run/\${name\}.pid}"} - : \${${svc}_args:="$run_command_args"} - : \${${svc}_cmd:="$run_command"} - - # Regex used in the pp_check_daemon_running ps check to find our running processe(s) - # If it's set in /etc/rc.conf.d/\$name this will be used first - # then check if pp_bsd_svc_process_regex is set, finally set to the \${name}_cmd - # When set to \${name}_cmd pp_check_daemon_running will only find the parent process pid - : \${${svc}_process_regex:="${pp_bsd_svc_process_regex:-${cmd}}"} - - # For additional information about the rc.subr see: - # https://www.freebsd.org/cgi/man.cgi?query=rc.subr - rcvar="\${name}_enable" - - pidfile=\${${svc}_pidfile} - - command="\$${svc}_cmd" - command_args="\$${svc}_args" - -. - -} - -pp_bsd_service_make_init_body() { - local svc=$1 - local out=$2 - - cat<<-'.' >>$out - pp_exec_cmd() { (eval $command $command_args) } - - pp_success_msg () { echo ${1:+"$*:"} OK; } - pp_failure_msg () { echo ${1:+"$*:"} FAIL; } - pp_warning_msg () { echo ${1:+"$*:"} WARNING; } - - #-- prints a status message - pp_msg () { echo -n "$*: "; } - - # Kills process $1. - # First a sigterm, then wait up to 10 seconds - # before issuing a sig kill. - pp_signal () { - # Kill the processes the nice way first - if [ -z "$1" ]; then - # No pid file. Use the list from pp_check_daemon_running - kill $PROCESSES 2>/dev/null - else - kill $1 2>/dev/null - fi - count=1 - - #Check to make sure the processes died, if not kill them the hard way - while [ $count -le 10 ]; do - sleep 1 - pp_check_daemon_running - if [ $DAEMON_RUNNING -eq 0 ]; then - break; - fi - if [ $count -eq 1 ]; then - # We tried killing the pid associated to the pidfile, now try the ones we found from pp_check_daemon_running - kill $PROCESSES 2>/dev/null - fi - count=`expr $count + 1` - done - # Check one more time to make sure we got them all - if [ $DAEMON_RUNNING -ne 0 ]; then - # These guys don't want to go down the nice way, now just kill them - kill -9 $PROCESSES 2>/dev/null - fi - # make sure to remove the pidfile - rm -f $pidfile - } - - # Check to see if the daemon process is running - # Sets the PROCESSES global variable with all pids that match - # ${name}_process_regex - # Sets global variable DAEMON_RUNNING to one of the following: - # 0: Not Running - # 1: Running normally - # 2: Running, but no PID file - # 3: Running, but PID file doesn't match running processes. - # - pp_check_daemon_running() - { - DAEMON_RUNNING=0 -. - cat<<-. >>$out - - PROCESSES="\`eval ps -axo pid,args | grep "\${${svc}_process_regex}" | grep -v grep | awk '{print \$1}'\`" - -. - cat<<-'.' >>$out - if [ -f $pidfile ]; then - if [ ! -z "$PROCESSES" ]; then - PARENT_PID=`cat $pidfile 2>/dev/null` - PPROCESS=`echo $PROCESSES | grep "${PARENT_PID:-"NOPID"}"` - if [ $? -eq 0 ]; then - DAEMON_RUNNING=1 - else - DAEMON_RUNNING=3 - fi - else - rm -r $pidfile - fi - else - if [ ! -z "$PROCESSES" ]; then - DAEMON_RUNNING=2 - fi - fi - } -. - cat <<-. >>$out - - # starts the service - ${svc}_start() -. - cat <<-'.' >>$out - { - pp_msg "Starting ${desc}" - pp_check_daemon_running - - if [ $DAEMON_RUNNING -eq 0 ]; then - pp_exec_cmd - RETVAL=$? - if [ $RETVAL -eq 0 ]; then - pp_success_msg - else - pp_failure_msg "cannot start" - fi - else - if [ $DAEMON_RUNNING -eq 1 ]; then - pp_success_msg "${name} appears to be running already" - else - pp_warning_msg "${name} is already running but without a pid file" - fi - fi - } - -. - - cat <<-. >>$out - # stops the service - ${svc}_stop() -. - - cat <<-'.' >>$out - { - pp_msg "Stopping ${desc}" - pp_check_daemon_running - - if [ $DAEMON_RUNNING -ne 0 ]; then - pp_signal `cat $pidfile 2>/dev/null` - if [ -n "$pidfile" ]; then - loop_cnt=1 - while [ -e ${pidfile} ]; do - sleep 1 - loop_cnt=`expr $loop_cnt + 1` - if [ $loop_cnt -eq 10 ]; then - break - fi - done - fi - rm -f $pidfile - - pp_success_msg - else - pp_failure_msg - echo -n "$desc does not appear to be running." - echo - fi - } -. - - cat <<-. >>$out - # prints information about the service status - # returns: - # 0=running - # 1=Not running - # 2=Running without pidfile - # 3=Running with pid that doesn't match pidfile - ${svc}_status() -. - - cat <<-'.' >>$out - { - pp_msg "Checking ${desc}" - pp_check_daemon_running - if [ $DAEMON_RUNNING -eq 1 ]; then - pp_success_msg "PID $PARENT_PID: running" - return 0 - else - if [ $DAEMON_RUNNING -eq 0 ]; then - pp_failure_msg "not running" - return 1 - elif [ $DAEMON_RUNNING -eq 2 ]; then - pp_warning_msg "running without a pid file" - return 2 - else - pp_warning_msg "running but pid file doesn't match running processe()" - return 3 - fi - fi - } - - run_rc_command "$1" -. -} - -pp_bsd_service_make_init_script () { - local svc=${svc_init_filename:-$1} - local script="${svc_init_filepath:-"${svc_init_prefix}/etc/rc.d"}/$svc" - script=`echo $script | sed 's://*:/:g'` - local out=$pp_destdir$script - - pp_add_file_if_missing $script run 755 || return 0 - - pp_bsd_service_make_init_info "$svc" "$out" - pp_bsd_service_make_init_set_vars "$svc" "$out" - pp_bsd_service_make_init_body "$svc" "$out" - - chmod 755 $out - -} - -pp_bsd_handle_services () { - if test -n "$pp_services"; then - for svc in $pp_services; do - pp_load_service_vars $svc - # Append some code to %post to install the svc TODO: Figure out why/what - pp_bsd_service_make_init_script $svc - # prepend some code to %preun to uninstall svc TODO: Figure out why/what - done - fi -} -pp_backend_bsd_function() { - case "$1" in - pp_mkgroup) cat<<'.';; - /usr/sbin/pw group show "$1" 2>/dev/null && return 0 - /usr/sbin/pw group add "$1" -. - pp_mkuser:depends) echo pp_mkgroup;; - pp_mkuser) cat<<'.';; - #Check if user exists - /usr/sbin/pw user show "$1" 2>/dev/null && return 0 - pp_mkgroup "${2:-$1}" || return 1 - echo "Creating user $1" - /usr/sbin/pw user add \ - -n "$1" \ - -d "${3:-/nonexistent}" \ - -g "${2:-$1}" \ - -s "${4:-/bin/false}" -. - pp_havelib) cat<<'.';; - for pp_tmp_dir in `echo "/usr/local/lib:/usr/lib:/lib${3:+:$3}" | tr : ' '`; do - test -r "$pp_tmp_dir/lib$1.so{$2:+.$2}" && return 0 - done - return 1 -. - *) false;; - esac -} - - -quest_require_vas () { - typeset v d - - if test $# -ne 1; then - return - fi - set -- `echo "$1" | tr . ' '` 0 0 0 - - for d - do - echo $d | grep '^[0-9][0-9]*$' > /dev/null || - pp_error "quest_require_vas: Bad version component $d" - done - - test $# -lt 4 && - pp_error "quest_require_vas: missing version number" - - case "$1.$2.$3.$4" in - *.0.0.0) v=$1;; - *.*.0.0) v=$1.$2;; - *.*.*.0) v=$1.$2.$3;; - *) v=$1.$2.$3.$4;; - esac - - cat <<. - if test -x /opt/quest/bin/vastool && - /opt/quest/bin/vastool -v | - awk 'NR == 1 {print \$4}' | - awk -F. '{ if (\$1<$1 || \$1==$1 && ( \ - \$2<$2 || \$2==$2 && ( \ - \$3<$3 || \$2==$3 && ( \ - \$4<$4 )))) exit(1); }' - then - exit 0 - else - echo "Requires VAS $v or later" - exit 1 - fi -. -} -pp_main ${1+"$@"} diff -Nru sudo-1.8.31/scripts/generate_test_coverage.sh sudo-1.9.0/scripts/generate_test_coverage.sh --- sudo-1.8.31/scripts/generate_test_coverage.sh 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/scripts/generate_test_coverage.sh 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,28 @@ +#! /bin/bash + +# This script is meant as an example on how to generate test coverage information +# It is meant to be executed from an empty build directory like: +# Usage: /generate_test_coverage.sh [some extra configure options] + +# Example: +# mkdir -p build +# cd build +# ../generate_test_coverage.sh --enable-python + +script_dir=$(dirname "$0") +CONFIGURE=${CONFIGURE:-${script_dir}/configure} +LCOV=${LCOV:-lcov} +GENHTML=${GENHTML:-genhtml} + +echo "Using configure: $CONFIGURE (Override with CONFIGURE environment variable)" +echo "Extra configure options: $@ (Override with script arguments)" +echo "Using lcov: $LCOV (Override with LCOV environment variable)" +echo "Using genhtml: $GENHTML (Override with GENHTML environment variable)" +echo + +"$CONFIGURE" "$@" CFLAGS="--coverage -fprofile-arcs -ftest-coverage -O0" LDFLAGS="-lgcov" +make +make check +"${LCOV}" -c --directory . --output-file coverage.info --rc "geninfo_adjust_src_path = $PWD => $script_dir" +"${GENHTML}" coverage.info --output-directory test_coverage +echo "Test coverage can be found at: test_coverage/index.html" diff -Nru sudo-1.8.31/scripts/log2cl.pl sudo-1.9.0/scripts/log2cl.pl --- sudo-1.8.31/scripts/log2cl.pl 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/scripts/log2cl.pl 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,115 @@ +#!/usr/bin/env perl +# +# SPDX-License-Identifier: ISC +# +# Copyright (c) 2017, 2020 Todd C. Miller +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# +# Simple script to massage "git log" output into a GNU style ChangeLog. +# The goal is to emulate "hg log --style=changelog" via perl format. + +use Getopt::Std; +use Text::Wrap; +use strict; +use warnings; + +# Git log format: author date, author name, author email +# abbreviated commit hash +# raw commit body +my $format="%ad %aN <%aE>%n%h%n%B%n"; + +# Parse options and build up "git log" command +my @cmd = ( "git" ); +my %opts; +getopts('b:R:', \%opts); +push(@cmd, "-b", $opts{"b"}) if exists $opts{"b"}; +push(@cmd, "--git-dir", $opts{"R"}) if exists $opts{"R"}; +push(@cmd, "log", "--log-size", "--name-only", "--date=short", "--format=$format", @ARGV); + +open(LOG, '-|', @cmd) || die "$0: unable to run git log: $!"; + +my $hash; +my $body; +my @files; +my $key_date = ""; +my $log_size = 0; +my @lines; + +# Wrap like "hg log --style=changelog" +$Text::Wrap::columns = 77; + +while () { + chomp; + if (/^log size (\d+)$/) { + $log_size = $1; + + # Print previous entry if there is one + print_entry($hash, $body, @files) if defined($hash); + + # Init new entry + undef $hash; + undef $body; + undef @files; + undef @lines; + + # Read entry and split on newlines + read(LOG, my $buf, $log_size) || + die "$0: unable to read $log_size bytes: $!\n"; + @lines = split(/\r?\n/, $buf); + + # Check for continued entry (duplicate Date + Author) + $_ = shift(@lines); + if ($_ ne $key_date) { + # New entry + print "$_\n\n"; + $key_date = $_; + } + + # Hash comes first + $hash = shift(@lines); + + # Commit message body (multi-line) + my $sep = ""; + foreach (@lines) { + last if $_ eq "--HG--"; + if ($_ eq "") { + $sep = "\n\n"; + next; + } + s/^\s+//; + s/\s+$//; + $body .= ${sep} . $_; + $sep = " "; + } + } else { + # Not a log entry, must be the file list + push(@files, $_) unless $_ eq ""; + } +} + +# Print the last entry +print_entry($hash, $body, @files) if defined($hash); + +exit(0); + +sub print_entry +{ + my $hash = shift; + my $body = shift; + my $files = "* " . join(", ", @_) . ":"; + + print wrap("\t", "\t", $files) . "\n"; + print wrap("\t", "\t", $body) . "\n"; + print "\t[$hash]\n\n"; +} diff -Nru sudo-1.8.31/scripts/mkdep.pl sudo-1.9.0/scripts/mkdep.pl --- sudo-1.8.31/scripts/mkdep.pl 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/scripts/mkdep.pl 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,303 @@ +#!/usr/bin/env perl +# +# SPDX-License-Identifier: ISC +# +# Copyright (c) 2011-2020 Todd C. Miller +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# + +use File::Temp qw/ :mktemp /; +use Fcntl; +use warnings; + +die "usage: $0 [--builddir=dir] [--srcdir=dir] Makefile.in ...\n" unless $#ARGV >= 0; + +my @incpaths; +my %dir_vars; +my %implicit; +my %generated; +my $top_builddir = "."; +my $top_srcdir; + +# Check for srcdir and/or builddir, if present +while ($ARGV[0] =~ /^--(src|build)dir=(.*)/) { + if ($1 eq 'src') { + $top_srcdir = $2; + } else { + $top_builddir = $2; + } + shift @ARGV; +} +chdir($top_srcdir) if defined($top_srcdir); + +# Read in MANIFEST or fail if not present +my %manifest; +die "unable to open MANIFEST: $!\n" unless open(MANIFEST, ") { + chomp; + next unless /([^\/]+\.[cly])$/; + $manifest{$1} = $_; +} + +foreach (@ARGV) { + mkdep($_); +} + +sub fmt_depend { + my ($obj, $src) = @_; + my $ret; + + my $deps = sprintf("%s: %s %s", $obj, $src, + join(' ', find_depends($src))); + if (length($deps) > 80) { + my $off = 0; + my $indent = length($obj) + 2; + while (length($deps) - $off > 80 - $indent) { + my $pos; + if ($off != 0) { + $ret .= ' ' x $indent; + $pos = rindex($deps, ' ', $off + 80 - $indent - 2); + } else { + $pos = rindex($deps, ' ', $off + 78); + } + $ret .= substr($deps, $off, $pos - $off) . " \\\n"; + $off = $pos + 1; + } + $ret .= ' ' x $indent; + $ret .= substr($deps, $off) . "\n"; + } else { + $ret = "$deps\n"; + } + + $ret; +} + +sub mkdep { + my $file = $_[0]; + $file =~ s:^\./+::; # strip off leading ./ + $file =~ m:^(.*)/[^/]+$:; + my $srcdir = $1; # parent dir of Makefile + + my $makefile; + if (open(MF, "<$file")) { + local $/; # enable "slurp" mode + $makefile = ; + } else { + warn "$0: $file: $!\n"; + return undef; + } + close(MF); + + # New makefile, minus the autogenerated dependencies + my $separator = "# Autogenerated dependencies, do not modify"; + my $new_makefile = $makefile; + $new_makefile =~ s/${separator}.*$//s; + $new_makefile .= "$separator\n"; + + # Old makefile, join lines with continuation characters + $makefile =~ s/\\\n//mg; + + # Expand some configure bits + $makefile =~ s:\@DEV\@::g; + $makefile =~ s:\@COMMON_OBJS\@:aix.lo event_poll.lo event_select.lo:; + $makefile =~ s:\@SUDO_OBJS\@:openbsd.o preload.o selinux.o sesh.o solaris.o:; + $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo ldap_util.lo ldap_conf.lo solaris_audit.lo sssd.lo:; + # XXX - fill in AUTH_OBJS from contents of the auth dir instead + $makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid5.lo sia.lo:; + $makefile =~ s:\@DIGEST\@:digest.lo digest_openssl.lo digest_gcrypt.lo:; + $makefile =~ s:\@LTLIBOBJS\@:arc4random.lo arc4random_uniform.lo closefrom.lo dup3.lo fchmodat.lo fstatat.lo fnmatch.lo getaddrinfo.lo getcwd.lo getentropy.lo getgrouplist.lo getdelim.lo getopt_long.lo getusershell.lo glob.lo inet_ntop_lo inet_pton.lo isblank.lo memrchr.lo memset_s.lo mksiglist.lo mksigname.lo mktemp.lo nanosleep.lo openat.lo pipe2.lo pw_dup.lo reallocarray.lo sha2.lo sig2str.lo siglist.lo signame.lo snprintf.lo str2sig.lo strlcat.lo strlcpy.lo strndup.lo strnlen.lo strsignal.lo unlinkat.lo utimens.lo vsyslog.lo:; + + # Parse OBJS lines + my %objs; + while ($makefile =~ /^[A-Z0-9_]*OBJS\s*=\s*(.*)/mg) { + foreach (split/\s+/, $1) { + next if /^\$[\(\{].*[\)\}]$/; # skip included vars for now + $objs{$_} = 1; + } + } + + # Find include paths + @incpaths = (); + while ($makefile =~ /-I(\S+)/mg) { + push(@incpaths, $1) unless $1 eq "."; + } + + # Check for generated files + if ($makefile =~ /GENERATED\s*=\s*(.+)$/m) { + foreach (split(/\s+/, $1)) { + $generated{$_} = 1; + } + } + + # Values of srcdir, top_srcdir, top_builddir, incdir + %dir_vars = (); + $file =~ m:^(.*)/+[^/]+:; + $dir_vars{'srcdir'} = $1 || '.'; + $dir_vars{'devdir'} = $dir_vars{'srcdir'}; + $dir_vars{'authdir'} = $dir_vars{'srcdir'} . "/auth"; + $dir_vars{'builddir'} = $top_builddir . "/" . $dir_vars{'srcdir'}; + $dir_vars{'top_srcdir'} = $top_srcdir; + $dir_vars{'sudoers_srcdir'} = $top_srcdir . "/plugins/sudoers"; + #$dir_vars{'top_builddir'} = '.'; + $dir_vars{'incdir'} = 'include'; + + # Find implicit rules for generated .o and .lo files + %implicit = (); + while ($makefile =~ /^\.[ci]\.(l?o|i|plog):\s*\n\t+(.*)$/mg) { + $implicit{$1} = $2; + } + + # Find existing .o and .lo dependencies + my %old_deps; + while ($makefile =~ /^(\w+\.l?o):\s*(\S+\.c)/mg) { + $old_deps{$1} = $2; + } + + # Sort files so we do .lo files first + foreach my $obj (sort keys %objs) { + next unless $obj =~ /(\S+)\.(l?o)$/; + if ($2 eq "o" && exists($objs{"$1.lo"})) { + # We have both .lo and .o files, only the .lo should be used + warn "$file: $obj should be $1.lo\n"; + } else { + # Use old dependencies when mapping objects to their source. + # If no old dependency, use the MANIFEST file to find the source. + my $src = $1 . '.c'; + my $ext = $2; + if (exists $old_deps{$obj}) { + $src = $old_deps{$obj}; + } elsif (exists $manifest{$src}) { + $src = $manifest{$src}; + foreach (sort { length($b) <=> length($a) } keys %dir_vars) { + next if $_ eq "devdir"; + last if $src =~ s:^\Q$dir_vars{$_}/\E:\$\($_\)/:; + } + } else { + warn "$file: unable to find source for $obj ($src) in MANIFEST\n"; + if (-f "$srcdir/$src") { + $src = '$(srcdir)/' . $src; + } + } + my $imp = $implicit{$ext}; + $imp =~ s/\$$newfile")) { + warn("cannot open $newfile: $!\n"); + } else { + print MF $new_makefile || warn("cannot write $newfile: $!\n"); + close(MF) || warn("cannot close $newfile: $!\n");; + rename($newfile, $file); + } +} + +exit(0); + +sub find_depends { + my $src = $_[0]; + my ($deps, $code, %headers); + + if ($src !~ /\//) { + # generated file, local to build dir + $src = "$dir_vars{'builddir'}/$src"; + } + + # resolve $(srcdir) etc. + foreach (keys %dir_vars) { + $src =~ s/\$[\(\{]$_[\)\}]/$dir_vars{$_}/g; + } + + # find open source file and find headers used by it + if (!open(FILE, "<$src")) { + warn "unable to open $src\n"; + return ""; + } + local $/; # enable "slurp" mode + $code = ; + close(FILE); + + # find all headers + while ($code =~ /^\s*#\s*include\s+["<](\S+)[">]/mg) { + my ($hdr, $hdr_path) = find_header($src, $1); + if (defined($hdr)) { + $headers{$hdr} = 1; + # Look for other includes in the .h file + foreach (find_depends($hdr_path)) { + $headers{$_} = 1; + } + } + } + + sort keys %headers; +} + +# find the path to a header file +# returns path or undef if not found +sub find_header { + my $src = $_[0]; + my $hdr = $_[1]; + + # Look for .h.in files in top_builddir and build dir + return ("\$(top_builddir\)/$hdr", "./${hdr}.in") if -r "./${hdr}.in"; + return ("./$hdr", "$dir_vars{'srcdir'}/${hdr}.in") if -r "$dir_vars{'srcdir'}/${hdr}.in"; + + if (exists $generated{$hdr}) { + my $hdr_path = $dir_vars{'devdir'} . '/' . $hdr; + return ('$(devdir)/' . $hdr, $hdr_path) if -r $hdr_path; + } + foreach my $inc (@incpaths) { + my $hdr_path = "$inc/$hdr"; + # resolve variables in include path + foreach (keys %dir_vars) { + next if $_ eq "devdir"; + $hdr_path =~ s/\$[\(\{]$_[\)\}]/$dir_vars{$_}/g; + } + return ("$inc/$hdr", $hdr_path) if -r $hdr_path; + } + # Check path relative to src dir (XXX - should be for "include" only) + if ($src =~ m#^(.*)/[^/]+$# && -r "$1/$hdr") { + my $hdr_path = "$1/$hdr"; + $hdr_path =~ s#/[^/]+/\.\.##g; # resolve .. + my $hdr_pretty = $hdr_path; + foreach (sort { length($dir_vars{$b}) <=> length($dir_vars{$a}) } keys %dir_vars) { + next if $_ eq "devdir"; + $hdr_pretty =~ s/$dir_vars{$_}/\$($_)/; + } + return ($hdr_pretty, $hdr_path); + } + + undef; +} diff -Nru sudo-1.8.31/scripts/mkinstalldirs sudo-1.9.0/scripts/mkinstalldirs --- sudo-1.8.31/scripts/mkinstalldirs 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/scripts/mkinstalldirs 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,84 @@ +#! /bin/sh +# mkinstalldirs --- make directory hierarchy +# Author: Noah Friedman +# Created: 1993-05-16 +# Public domain + +umask 022 +errstatus=0 +dirmode="" + +usage="\ +Usage: mkinstalldirs [-h] [--help] [-m mode] dir ..." + +# process command line arguments +while test $# -gt 0 ; do + case $1 in + -h | --help | --h*) # -h for help + echo "$usage" 1>&2 + exit 0 + ;; + -m) # -m PERM arg + shift + test $# -eq 0 && { echo "$usage" 1>&2; exit 1; } + dirmode=$1 + shift + ;; + --) # stop option processing + shift + break + ;; + -*) # unknown option + echo "$usage" 1>&2 + exit 1 + ;; + *) # first non-opt arg + break + ;; + esac +done + +for file +do + set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'` + shift + + pathcomp= + for d + do + pathcomp="$pathcomp$d" + case $pathcomp in + -*) pathcomp=./$pathcomp ;; + esac + + if test ! -d "$pathcomp"; then + echo "mkdir $pathcomp" + + mkdir "$pathcomp" || lasterr=$? + + if test ! -d "$pathcomp"; then + errstatus=$lasterr + else + if test ! -z "$dirmode"; then + echo "chmod $dirmode $pathcomp" + lasterr="" + chmod "$dirmode" "$pathcomp" || lasterr=$? + + if test ! -z "$lasterr"; then + errstatus=$lasterr + fi + fi + fi + fi + + pathcomp="$pathcomp/" + done +done + +exit $errstatus + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# End: +# mkinstalldirs ends here diff -Nru sudo-1.8.31/scripts/mkpkg sudo-1.9.0/scripts/mkpkg --- sudo-1.8.31/scripts/mkpkg 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/scripts/mkpkg 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,463 @@ +#!/bin/sh +# +# SPDX-License-Identifier: ISC +# +# Copyright (c) 2010-2020 Todd C. Miller +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# +# Build a binary package using polypkg +# Usage: mkpkg [--debug] [--flavor flavor] [--platform platform] [--osversion ver] +# + +# Make sure IFS is set to space, tab, newline in that order. +space=' ' +tab=' ' +nl=' +' +IFS=" $nl" + +# Parse arguments +usage="usage: mkpkg [--debug] [--flavor flavor] [--platform platform] [--osversion ver]" +debug=0 +flavor=vanilla +crossbuild=false +while test $# -gt 0; do + case "$1" in + --debug) + set -x + debug=1 + PPFLAGS="--debug${PPFLAGS+$space}${PPFLAGS}" + ;; + --flavor=?*) + flavor=`echo "$1" | sed -n 's/^--flavor=\(.*\)/\1/p'` + PPVARS="${PPVARS}${PPVARS+$space}flavor=$flavor" + ;; + --flavor) + if [ $# -lt 2 ]; then + echo "$usage" 1>&2 + exit 1 + fi + flavor="$2" + PPVARS="${PPVARS}${PPVARS+$space}flavor=$flavor" + shift + ;; + --platform=?*) + arg=`echo "$1" | sed -n 's/^--platform=\(.*\)/\1/p'` + PPFLAGS="${PPFLAGS}${PPFLAGS+$space}--platform $arg" + ;; + --platform) + if [ $# -lt 2 ]; then + echo "$usage" 1>&2 + exit 1 + fi + PPFLAGS="${PPFLAGS}${PPFLAGS+$space}--platform $2" + shift + ;; + --osversion=?*) + arg=`echo "$1" | sed -n 's/^--osversion=\(.*\)/\1/p'` + osversion="$arg" + ;; + --osversion) + if [ $# -lt 2 ]; then + echo "$usage" 1>&2 + exit 1 + fi + osversion="$2" + shift + ;; + --build|--host) + crossbuild=true + configure_opts="${configure_opts}${configure_opts+$tab}$1" + ;; + *) + # Pass unknown options to configure + configure_opts="${configure_opts}${configure_opts+$tab}$1" + ;; + esac + shift +done + +scriptdir=`dirname $0` +configure="${scriptdir}/../configure" + +: ${osversion="`$scriptdir/pp --probe`"} +test -n "$osversion" || exit 1 +osrelease=`echo "$osversion" | sed -e 's/^[^0-9]*//' -e 's/-.*$//'` +: ${MAKE=make} + +# If using GNU make, set number of jobs +if ${MAKE} --version 2>&1 | grep GNU >/dev/null; then + NJOBS=0 + case "`uname`" in + Darwin) + # macOS + NJOBS=`sysctl -n hw.ncpu` + ;; + Linux) + if [ -r /proc/cpuinfo ]; then + for c in `sed -n 's/^cpu cores[ ]*: *//p' /proc/cpuinfo`; do + NJOBS=`expr $NJOBS + $c` + done + fi + ;; + SunOS) + # Solaris + if [ -x /usr/sbin/psrinfo ]; then + NJOBS=`/usr/sbin/psrinfo | wc -l` + fi + ;; + HP-UX) + NJOBS=`sar -Mu 1 1 | awk 'END {print NR-5}'` + ;; + AIX) + NJOBS=`bindprocessor -q | awk '{print NF-4}'` + ;; + esac + if [ $NJOBS -gt 1 ]; then + make_opts="-j$NJOBS" + fi +fi + +# Choose compiler options by osversion if not cross-compiling. +if [ "$crossbuild" = "false" ]; then + case "$osversion" in + macos*) + # Use clang on macOS if present + if [ -z "$CC" -a -x /usr/bin/clang ]; then + CC=/usr/bin/clang; export CC + fi + ;; + sol[0-9]*) + # Use the Sun Studio C compiler on Solaris if possible + if [ -z "$CC" ]; then + for f in /opt/developerstudio12.[9876]/bin/cc /opt/solarisstudio12.[43]/bin/cc; do + if [ -x $f ]; then + CC=$f; export CC + if [ -z "$CFLAGS" ]; then + CFLAGS=-O; export CFLAGS + fi + break + fi + done + fi + ;; + esac +fi + +# Give configure a hint that we are building a package. +# Some libc functions are only available on certain OS revisions. +configure_opts="${configure_opts}${configure_opts+$tab}--enable-package-build" + +# Some systems don't have a recent enough OpenSSL for the I/O log server. +with_openssl=false + +# Not all systems have Python 3. +with_python=false + +# Choose configure options by osversion. +# We use the same configure options as vendor packages when possible. +case "$osversion" in + centos*|rhel*|f[0-9]*) + case "$osversion" in + centos*|rhel*) + osmajor=`sed -n -e 's/^.*release \([0-9]*\)[^0-9].*$/\1/p' /etc/redhat-release` + if [ $osmajor -ge 4 ]; then + # RHEL 4 and up support SELinux + with_selinux=true + if [ $osmajor -ge 5 ]; then + # RHEL 5 and up has audit support and uses a + # separate PAM config file for "sudo -i". + with_linux_audit=true + with_pam_login=true + if [ $osmajor -ge 6 ]; then + # RHEL 6 and above builds sudo with SSSD support + with_sssd=true + # RHEL 6 and above use /etc/sudo-ldap.conf + with_sudo_ldap_conf=true + fi + if [ $osmajor -ge 7 ]; then + # Encrypted remote I/O log support. + with_openssl=true + # Python plugins + with_python=true + fi + fi + fi + ;; + f[0-9]*) + # XXX - investigate which features were in which fedora version + with_selinux=true + with_linux_audit=true + with_pam_login=true + with_sssd=true + with_openssl=true + ;; + esac + + if [ X"$with_selinux" = X"true" ]; then + configure_opts="${configure_opts}${configure_opts+$tab}--with-selinux" + fi + if [ X"$with_linux_audit" = X"true" ]; then + configure_opts="${configure_opts}${configure_opts+$tab}--with-linux-audit" + PPVARS="${PPVARS}${PPVARS+$space}linux_audit=1.4.0" + fi + if [ X"$with_pam_login" = X"true" ]; then + configure_opts="${configure_opts}${configure_opts+$tab}--with-pam-login" + fi + if [ X"$with_sssd" = X"true" ]; then + configure_opts="${configure_opts}${configure_opts+$tab}--with-sssd" + if test "`getconf LONG_BIT`" = "64"; then + # SSSD backend needs to know where to find the sssd lib + configure_opts="${configure_opts}${configure_opts+$tab}--with-sssd-lib=/usr/lib64" + fi + fi + if [ X"$with_sudo_ldap_conf" = X"true" ]; then + configure_opts="${configure_opts}${configure_opts+$tab}--with-ldap-conf-file=/etc/sudo-ldap.conf" + fi + # Note, must indent with tabs, not spaces due to IFS trickery + configure_opts="--prefix=/usr + --with-logging=syslog + --with-logfac=authpriv + --with-pam + --enable-zlib=system + --with-editor=/bin/vi + --with-env-editor + --with-ignore-dot + --with-tty-tickets + --with-ldap + --with-passprompt=[sudo] password for %p: + --with-sendmail=/usr/sbin/sendmail + $configure_opts" + ;; + sles*) + if [ $osrelease -ge 10 ]; then + if [ $osrelease -ge 11 ]; then + # SLES 11 and higher have SELinux + configure_opts="${configure_opts}${configure_opts+$tab}--with-selinux" + fi + if [ $osrelease -ge 12 ]; then + # Encrypted remote I/O log support. + with_openssl=true + # Python plugins + with_python=true + fi + fi + # SuSE doesn't have /usr/libexec + libexec=lib + case "$osversion" in + *64*) gcc -v 2>&1 | grep "with-cpu=[^ ]*32" >/dev/null || libexec=lib64 + ;; + esac + # Note, must indent with tabs, not spaces due to IFS trickery + # XXX - SuSE uses secure path but only for env_reset + configure_opts="--prefix=/usr + --libexecdir=/usr/$libexec + --with-logging=syslog + --with-logfac=auth + --with-all-insults + --with-ignore-dot + --with-tty-tickets + --enable-shell-sets-home + --with-sudoers-mode=0440 + --with-pam + --enable-zlib=system + --with-ldap + --with-env-editor + --with-passprompt=%p\'s password: + --with-sendmail=/usr/sbin/sendmail + $configure_opts" + + make_opts="${make_opts}${make_opts+ }"'docdir=$(datarootdir)/doc/packages/$(PACKAGE_TARNAME)' + ;; + deb*|ubu*) + # Encrypted remote I/O log support. + with_openssl=true + # Python plugins + with_python=true + # Man pages should be compressed in .deb files + export MANCOMPRESS='gzip -9' + export MANCOMPRESSEXT='.gz' + # If Ubuntu, add --enable-admin-flag + case "$osversion" in + ubu*) + configure_opts="${configure_opts}${configure_opts+$tab}--enable-admin-flag${tab}--without-lecture" + ;; + esac + # Newer Debian uses arch-specific lib dirs + MULTIARCH=`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null` + # Note, must indent with tabs, not spaces due to IFS trickery + if test "$flavor" = "ldap"; then + configure_opts="${configure_opts}${configure_opts+$tab}--with-ldap + --with-ldap-conf-file=/etc/sudo-ldap.conf" + else + configure_opts="${configure_opts}${configure_opts+$tab}--with-sssd" + if test -n "$MULTIARCH"; then + # SSSD backend needs to know where to find the sssd lib + configure_opts="${configure_opts}${configure_opts+$tab}--with-sssd-lib=/usr/lib/$MULTIARCH" + fi + fi + configure_opts="--prefix=/usr + --with-all-insults + --with-pam + --enable-zlib=system + --with-fqdn + --with-logging=syslog + --with-logfac=authpriv + --with-env-editor + --with-editor=/usr/bin/editor + --with-timeout=15 + --with-password-timeout=0 + --with-passprompt=[sudo] password for %p: + --disable-root-mailer + --with-sendmail=/usr/sbin/sendmail + --mandir=/usr/share/man + --libexecdir=/usr/lib + --with-selinux + --with-linux-audit + $configure_opts" + # Use correct libaudit dependency + for f in /lib/${MULTIARCH}${MULTIARCH:+/}libaudit.so.[0-9]* /lib/libaudit.so.[0-9]*; do + if test -f "$f"; then + linux_audit=`dpkg-query -S "$f" 2>/dev/null | sed -n 's/:.*//p'` + test -n "$linux_audit" && break; + fi + done + if [ -z "$linux_audit" ]; then + echo "unable to determine package for libaudit" 1>&2 + exit 1 + fi + PPVARS="${PPVARS}${PPVARS+$space}linux_audit=$linux_audit" + ;; + macos*) + # TODO: openssl (homebrew?) + case "$osversion" in + macos10[0-6]-i386|macos10[0-6]-x86_64) + # Build intel universal binaries for 10.6 and below + ARCH_FLAGS="-arch i386 -arch x86_64" + ;; + esac + if test "${osversion}" != "`$scriptdir/pp --probe`"; then + sdkvers=`echo "${osversion}" | sed 's/^macos\([0-9][0-9]\)\([0-9]*\)-.*$/\1.\2/'` + # SDKs may be under Xcode.app or CommandLineTools (for non-Xcode) + if [ -d "/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs" ]; then + SDK_DIR="/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs" + elif [ -d "/Library/Developer/CommandLineTools/SDKs" ]; then + SDK_DIR="/Library/Developer/CommandLineTools/SDKs" + else + echo "unable to find macOS SDKs directory" 1>&2 + exit 1 + fi + SDK_DIR="${SDK_DIR}/MacOSX${sdkvers}.sdk" + if test -d "${SDK_DIR}"; then + SDK_FLAGS="-isysroot ${SDK_DIR} -mmacosx-version-min=${sdkvers}" + else + echo "unable to find SDKs directory for macOS $sdkvers" 1>&2 + exit 1 + fi + fi + export CFLAGS="-O2 -g $ARCH_FLAGS $SDK_FLAGS" + export LDFLAGS="$ARCH_FLAGS $SDK_FLAGS" + # Note, must indent with tabs, not spaces due to IFS trickery + configure_opts="--with-pam + --with-bsm-audit + --without-tty-tickets + --enable-zlib=system + --with-ldap + --with-insults=disabled + --with-logging=syslog + --with-logfac=authpriv + --with-editor=/usr/bin/vim + --with-env-editor + $configure_opts" + ;; + aix*) + # TODO: openssl (AIX freeware?) + # Use -gxcoff with gcc instead of -g for dbx-style debugging symbols. + if test -z "$CC" && gcc -v >/dev/null 2>&1; then + CFLAGS="-O2 -gxcoff"; export CFLAGS + fi + # Note, must indent with tabs, not spaces due to IFS trickery + # Note: we include our own zlib instead of relying on the + # AIX freeware version being installed. + configure_opts=" + --prefix=/opt/freeware + --mandir=/opt/freeware/man + --with-insults=disabled + --with-logging=syslog + --with-logfac=auth + --with-editor=/usr/bin/vi + --with-env-editor + --enable-zlib=builtin + --disable-nls + --with-sendmail=/usr/sbin/sendmail + $configure_opts" + PPVARS="${PPVARS}${PPVARS+$space}aix_freeware=true" + ;; + *) + # For Solaris, add project support and use let configure choose zlib. + # For all others, use the builtin zlib and disable NLS support. + case "$osversion" in + sol*) + configure_opts="${configure_opts}${configure_opts+$tab}--with-project" + + if [ $osrelease -ge 11 ]; then + configure_opts="${configure_opts}${configure_opts+$tab}--with-bsm-audit" + # Encrypted remote I/O log support. + with_openssl=true + fi + ;; + *) + # TODO: openssl + configure_opts="${configure_opts}${configure_opts+$tab}--enable-zlib=builtin${tab}--disable-nls" + ;; + esac + if test "$flavor" = "ldap"; then + configure_opts="${configure_opts}${configure_opts+$tab}--with-ldap" + fi + # Note, must indent with tabs, not spaces due to IFS trickery + configure_opts=" + --with-insults=disabled + --with-logging=syslog + --with-logfac=auth + --with-editor=/usr/bin/vim:/usr/bin/vi:/bin/vi + --with-env-editor + $configure_opts" + ;; +esac + +# Don't enable OpenSSL if user disabled it. +case "$configure_opts" in + *--disable-openssl*) with_openssl=false;; +esac +if [ X"$with_openssl" = X"true" ]; then + configure_opts="${configure_opts}${configure_opts+$tab}--enable-openssl" +fi +if [ X"$with_python" = X"true" ]; then + configure_opts="${configure_opts}${configure_opts+$tab}--enable-python" +fi + +# The postinstall script will create tmpfiles.d/sudo.conf for us +configure_opts="${configure_opts}${configure_opts+$tab}--disable-tmpfiles.d" + +# Remove spaces from IFS when setting $@ so that passprompt may include them +OIFS="$IFS" +IFS=" $nl" +set -- $configure_opts $extra_opts +IFS="$OIFS" +if [ -r Makefile ]; then + ${MAKE} $make_opts distclean +fi +${configure} "$@" || exit 1 +${MAKE} $make_opts && ${MAKE} $make_opts PPFLAGS="$PPFLAGS" PPVARS="$PPVARS" package +test $debug -eq 0 && rm -rf destdir diff -Nru sudo-1.8.31/scripts/pp sudo-1.9.0/scripts/pp --- sudo-1.8.31/scripts/pp 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/scripts/pp 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,9074 @@ +#!/bin/sh +# Copyright 2020 One Identity LLC. ALL RIGHTS RESERVED +pp_revision="20200506" + # Copyright 2018 One Identity LLC. ALL RIGHTS RESERVED. + # + # Redistribution and use in source and binary forms, with or without + # modification, are permitted provided that the following conditions + # are met: + # + # 1. Redistributions of source code must retain the above copyright + # notice, this list of conditions and the following disclaimer. + # 2. Redistributions in binary form must reproduce the above copyright + # notice, this list of conditions and the following disclaimer in the + # documentation and/or other materials provided with the distribution. + # 3. Neither the name of One Identity LLC. nor the names of its + # contributors may be used to endorse or promote products derived from + # this software without specific prior written permission. + # + # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + # TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + # PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + # Please see for more information + +pp_version="1.0.0.$pp_revision" +pp_copyright="Copyright 2018, One Identity LLC. ALL RIGHTS RESERVED." + +pp_opt_debug=false +pp_opt_destdir="$DESTDIR" +pp_opt_install_script= +pp_opt_list=false +pp_opt_no_clean=false +pp_opt_no_package=false +pp_opt_only_front=false +pp_opt_platform= +pp_opt_probe=false +pp_opt_strip=false +pp_opt_save_unstripped=false +pp_opt_vas_platforms=false +pp_opt_wrkdir="`pwd`/pp.work.$$" +pp_opt_verbose=false +pp_opt_version=false +pp_opt_input="-" +pp_opt_init_vars="" +pp_opt_eval= + +test -n "$PP_NO_CLEAN" && pp_opt_no_clean=true +test -n "$PP_DEBUG" && pp_opt_debug=true +test -n "$PP_VERBOSE" && pp_opt_verbose=true + +pp_main_cleanup () { + pp_debug "main_cleanup" + pp_remove_later_now + if $pp_opt_no_clean || test x"$pp_platform" = x"unknown"; then + : no cleanup + else + pp_backend_${pp_platform}_cleanup + $pp_errors && pp_die "Errors during cleanup" + if test -d "$pp_wrkdir"; then + if $pp_opt_debug; then + pp_debug "not removing $pp_wrkdir" + else + pp_verbose rm -rf "$pp_wrkdir" + fi + fi + fi +} + +pp_parseopts () { + typeset a n _var _val + while test $# -gt 0; do + + # convert -[dilpv] to --long-options + case "$1" in + --?*=?*) n=`echo "$1" | sed -ne 's/^--\([^=]*\)=.*/\1/p'` + a=`echo "$1" | sed -ne 's/^--[^=]*=\(.*\)/\1/p'` + shift + set -- "--$n" "$a" "$@";; + --?*) : ;; + + -d) shift; set -- "--debug" "$@";; + -d*) a=`echo "$1" | sed -ne 's/^-.//'` + shift; set -- "--debug" "$@";; + + -i) shift; set -- "--install-script" "$@";; + -i*) a=`echo "$1" | sed -ne 's/^-.//'` + shift; set -- "--install-script" "$a" "$@";; + + -l) shift; set -- "--list" "$@";; + -l*) a=`echo "$1" | sed -ne 's/^-.//'` + shift; set -- "--list" "$@";; + + -p) shift; set -- "--platform" "$@";; + -p*) a=`echo "$1" | sed -ne 's/^-.//'` + shift; set -- "--platform" "$a" "$@";; + + -v) shift; set -- "--verbose" "$@";; + -v*) a=`echo "$1" | sed -ne 's/^-.//'` + shift; set -- "--verbose" "$@";; + + -\?) shift; set -- "--help" "$@";; + -\?*) a=`echo "$1" | sed -ne 's/^-.//'` + shift; set -- "--help" "$@";; + esac + + case "$1" in + --destdir|--eval|--install-script|--platform|--wrkdir) + test $# -ge 2 || pp_error "missing argument to $1";; + esac + + case "$1" in + --) shift;break;; + --debug) pp_opt_debug=true; shift;; + --destdir) pp_opt_destdir="$2"; shift;shift;; + --eval) pp_opt_eval="$2"; shift;shift;; # undoc + --install-script) pp_opt_install_script="$2"; shift;shift;; + --list) pp_opt_list=true; shift;; + --no-clean) pp_opt_no_clean=true; shift;; + --no-package) pp_opt_no_package=true; shift;; + --only-front) pp_opt_only_front=true; shift;; + --platform) pp_opt_platform="$2"; shift;shift;; + --probe) pp_opt_probe=true; shift;; + --strip) pp_opt_strip=true; shift;; + --save-unstripped) pp_opt_save_unstripped=true; shift;; + --wrkdir) pp_opt_wrkdir="$2"; shift;shift;; + --vas-platforms) pp_opt_vas_platforms=true; shift;; + --verbose) pp_opt_verbose=true; shift;; + --version) pp_opt_version=true; shift;; + --help) pp_errors=true; shift;; + -) break;; + -*) pp_error "unknown option $1"; shift;; + *) break;; + esac + + done + + pp_opt_input=- + if test $# -gt 0; then + pp_opt_input="$1" + shift + fi + + #-- extra arguments of the form Foo=bar alter *global* vars + while test $# -gt 0; do + case "$1" in + -*) pp_error "unexpected option '$1'" + shift;; + *=*) _val="${1#*=}" + _var=${1%="$_val"} + _val=`echo "$_val"|sed -e 's/[$"\\]/\\&/g'` + pp_debug "setting $_var = \"$_val\"" + pp_opt_init_vars="$pp_opt_init_vars$_var=\"$_val\";" + shift;; + *) pp_error "unexpected argument $1'" + shift;; + esac + done + + test $# -gt 0 && + pp_error "unknown argument $1" + + if $pp_errors; then + cat <<. >&2 +polypkg $pp_version $pp_copyright +usage: $0 [options] [input.pp] [var=value ...] + -d --debug -- write copious info to stderr + --destdir=path -- file root, defaults to \$DESTDIR + -? --help -- display this information + -i --install-script=path -- create an install helper script + -l --list -- write package filenames to stdout + --no-clean -- don't remove temporary files + --no-package -- do everything but create packages + --only-front -- only perform front-end actions + -p --platform=platform -- defaults to local platform + --probe -- print local system identifier, then exit + --strip -- strip debug symbols from binaries before + packaging (modifies files in destdir) + --save-unstripped -- save unstripped binaries to + \$name-\$version-unstripped.tar.gz + --wrkdir=path -- defaults to subdirectory of \$TMPDIR or /tmp + -v --verbose -- write info to stderr + --version -- display version and quit +. + exit 1 + fi +} + +pp_drive () { + # initialise the front and back ends + pp_model_init + pp_frontend_init + $pp_opt_only_front || pp_backend_init + + # run the front-end to generate the intermediate files + # set $pp_input_dir to be the 'include dir' if needed + pp_debug "calling frontend on $pp_opt_input" + case "$pp_opt_input" in + -) pp_input_dir=. + test -t 1<&0 && + pp_warn "reading directives from standard input" + pp_frontend + ;; + */*) pp_input_dir=${pp_opt_input%/*} + pp_frontend <"$pp_opt_input" + ;; + *) pp_input_dir=. + pp_frontend <"$pp_opt_input" + ;; + esac + + pp_files_ignore_others + pp_service_scan_groups + + # some sanity checks after front-end processing + if test x"$pp_platform" != x"null"; then + pp_debug "sanity checks" + test -n "$pp_components" || pp_error "No components?" + pp_check_var_is_defined "name" + pp_check_var_is_defined "version" + pp_files_check_duplicates + pp_files_check_coverage + pp_die_if_errors "Errors during sanity checks" + fi + + # stop now if we're only running the front + $pp_opt_only_front && return + + if test x"$pp_opt_strip" = x"true"; then + pp_strip_binaries + fi + + # run the back-end to generate the package + pp_debug "calling backend" + pp_backend + pp_die_if_errors "Errors during backend processing" + + # copy the resulting package files to PP_PKGDESTDIR or . + for f in `pp_backend_names` -; do + test x"$f" = x"-" && continue + pp_debug "copying: $f to `pwd`" + if pp_verbose cp -r $pp_wrkdir/$f ${PP_PKGDESTDIR:-.}; then + echo "${PP_PKGDESTDIR:+$PP_PKGDESTDIR/}$f" + else + pp_error "$f: missing package" + fi + done + pp_die_if_errors "Errors during package copying" +} + +pp_install_script () { + pp_debug "writing install script to $pp_opt_install_script" + rm -f $pp_opt_install_script + pp_backend_install_script > $pp_opt_install_script + pp_die_if_errors "Errors during package install script" + chmod +x $pp_opt_install_script +} + +pp_main () { + # If PP_DEV_PATH is set, then jump to that script. + # (Useful when working on polypkg source that isn't installed) + if test -n "$PP_DEV_PATH" -a x"$PP_DEV_PATH" != x"$0"; then + pp_warn "switching from $0 to $PP_DEV_PATH ..." + exec "$PP_DEV_PATH" "$@" || exit 1 + fi + + pp_set_expand_converter_or_reexec "$@" + pp_parseopts "$@" + + if $pp_opt_version; then + #-- print version and exit + echo "polypkg $pp_version" + exit 0 + fi + + pp_set_platform + + trap 'pp_main_cleanup' 0 + + pp_wrkdir="$pp_opt_wrkdir" + pp_debug "pp_wrkdir = $pp_wrkdir" + rm -rf "$pp_wrkdir" + mkdir -p "$pp_wrkdir" + + pp_destdir="$pp_opt_destdir" + pp_debug "pp_destdir = $pp_destdir" + + if $pp_opt_probe; then + pp_backend_init + pp_backend_probe + elif $pp_opt_vas_platforms; then + pp_backend_init + pp_backend_vas_platforms + elif test -n "$pp_opt_eval"; then + #-- execute a shell command + eval "$pp_opt_eval" || exit + else + pp_drive + if test -n "$pp_opt_install_script"; then + pp_install_script + fi + fi + + exit 0 +} + + +pp_errors=false + +if test -n "$TERM" -a -t 1 && (tput op) >/dev/null 2>/dev/null; then + pp_col_redfg=`tput setf 4` 2>/dev/null + pp_col_bluefg=`tput setf 1` 2>/dev/null + pp_col_reset=`tput op` 2>/dev/null +else + pp_col_redfg='[' + pp_col_bluefg='[' + pp_col_reset=']' +fi + +pp__warn () { + if test x"" = x"$pp_lineno"; then + echo "$1 $2" >&2 + else + echo "$1 line $pp_lineno: $2" >&2 + fi +} + +pp_warn () { + pp__warn "pp: ${pp_col_redfg}warning${pp_col_reset}" "$*" +} + +pp_error () { + pp__warn "pp: ${pp_col_redfg}error${pp_col_reset}" "$*" + pp_errors=true +} + +pp_die () { + pp_error "$@" + exit 1 +} + +pp_die_if_errors () { + $pp_errors && pp_die "$@" +} + +pp_debug () { + $pp_opt_debug && echo "${pp_col_bluefg}debug${pp_col_reset} $*" >&2 +} + +pp_verbose () { + $pp_opt_verbose && echo "pp: ${pp_col_bluefg}info${pp_col_reset} $*" >&2 + "$@"; +} + +pp_substitute () { + sed -e 's,%(\([^)]*\)),`\1`,g' \ + -e 's,%{\([^}]*\)},${\1},g' \ + -e 's,$,,' | + tr '' '\012' | + sed -e '/^[^]/s/["$`\\]/\\&/g' \ + -e 's/^//' \ + -e '1s/^/echo "/' \ + -e '$s,$,",' \ + -e 's,,"echo ",g' | + tr -d '\012' | + tr '' '\012' + echo +} + +pp_incr () { + eval "$1=\`expr \$$1 + 1\`" +} + +pp_decr () { + eval "$1=\`expr \$$1 - 1\`" +} + +pp_check_var_is_defined () { + if eval test -z "\"\$$1\""; then + pp_error "\$$1: not set" + eval "$1=undefined" + fi +} + +pp_contains () { + case " $1 " in + *" $2 "*) return 0;; + *) return 1;; + esac +} + +pp_contains_all () { + typeset _s _c + _l="$1"; shift + for _w + do + pp_contains "$_l" "$_w" || return 1 + done + return 0 +} + +pp_contains_any () { + typeset _s _c + _l="$1"; shift + for _w + do + pp_contains "$_l" "$_w" && return 0 + done + return 1 +} + +pp_add_to_list () { + if eval test -z \"\$$1\"; then + eval $1='"$2"' + elif eval pp_contains '"$'$1'"' '"$2"'; then + : already there + else + eval $1='"$'$1' $2"' + fi +} + +pp_unique () { + typeset result element + result= + for element + do + pp_add_to_list result $element + done + echo $result +} + +pp_mode_strip_altaccess () { + case "$1" in + ??????????[+.]) + echo `echo "$1" | cut -b -10`;; + *) + echo "$1";; + esac +} + +pp_mode_from_ls () { + typeset umode gmode omode smode + + set -- `pp_mode_strip_altaccess "$1"` + + case "$1" in + ?--[-X]??????) umode=0;; + ?--[xs]??????) umode=1;; + ?-w[-X]??????) umode=2;; + ?-w[xs]??????) umode=3;; + ?r-[-X]??????) umode=4;; + ?r-[xs]??????) umode=5;; + ?rw[-X]??????) umode=6;; + ?rw[xs]??????) umode=7;; + *) pp_error "bad user mode $1";; + esac + + case "$1" in + ????--[-S]???) gmode=0;; + ????--[xs]???) gmode=1;; + ????-w[-S]???) gmode=2;; + ????-w[xs]???) gmode=3;; + ????r-[-X]???) gmode=4;; + ????r-[xs]???) gmode=5;; + ????rw[-X]???) gmode=6;; + ????rw[xs]???) gmode=7;; + *) pp_error "bad group mode $1";; + esac + + case "$1" in + ???????--[-T]) omode=0;; + ???????--[xt]) omode=1;; + ???????-w[-T]) omode=2;; + ???????-w[xt]) omode=3;; + ???????r-[-T]) omode=4;; + ???????r-[xt]) omode=5;; + ???????rw[-T]) omode=6;; + ???????rw[xt]) omode=7;; + *) pp_error "bad other mode $1";; + esac + + case "$1" in + ???[-x]??[-x]??[-x]) smode=;; + ???[-x]??[-x]??[tT]) smode=1;; + ???[-x]??[Ss]??[-x]) smode=2;; + ???[-x]??[Ss]??[tT]) smode=3;; + ???[Ss]??[-x]??[-x]) smode=4;; + ???[Ss]??[-x]??[tT]) smode=5;; + ???[Ss]??[Ss]??[-x]) smode=6;; + ???[Ss]??[Ss]??[tT]) smode=7;; + *) pp_error "bad set-id mode $1";; + esac + + echo "$smode$umode$gmode$omode" +} + +pp_find_recurse () { + pp_debug "find: ${1#$pp_destdir}/" + for f in "$1"/.* "$1"/*; do + case "$f" in */.|*/..) continue;; esac # should never happen! + if test -d "$f" -o -f "$f" -o -h "$f"; then + if test -d "$f" -a ! -h "$f"; then + echo "${f#$pp_destdir}/" + pp_find_recurse "$f" + else + echo "${f#$pp_destdir}" + fi + fi + done +} + +pp_prepend () { + #test -t && pp_warn "pp_prepend: stdin is a tty?" + if test -f $1; then + pp_debug "prepending to $1" + mv $1 $1._prepend + cat - $1._prepend >$1 + rm -f $1._prepend + else + pp_debug "prepend: creating $1" + cat >$1 + fi +} + +pp_note_file_used() { + echo "$1" >> $pp_wrkdir/all.files +} + +pp_create_dir_if_missing () { + case "$1" in + */) pp_error "pp_create_dir_if_missing: trailing / forbidden";; + "") return 0;; + *) if test ! -d "$pp_destdir$1"; then + pp_debug "fabricating directory $1/" + pp_create_dir_if_missing "${1%/*}" + mkdir "$pp_destdir$1" && + pp_note_file_used "$1/" + pp_remove_later "$1" && + chmod ${2:-755} "$pp_destdir$1" + fi;; + esac +} + +pp_add_file_if_missing () { + typeset dir + #-- check that the file isn't already declared in the component + if test -s $pp_wrkdir/%files.${2:-run}; then + awk "\$6 == \"$1\" {exit 1}" < $pp_wrkdir/%files.${2:-run} || return 1 + fi + + pp_create_dir_if_missing "${1%/*}" + pp_debug "fabricating file $1" + echo "f ${3:-755} - - ${4:--} $1" >> $pp_wrkdir/%files.${2:-run} + pp_note_file_used "$1" + pp_remove_later "$1" + return 0 +} + +pp_add_transient_file () { + test -f "$pp_destdir$1" && pp_die "$pp_destdir$1: exists" + pp_create_dir_if_missing "${1%/*}" + pp_debug "transient file $1" + pp_note_file_used "$1" + pp_remove_later "$1" +} + +pp_remove_later () { + { + echo "$1" + test -s $pp_wrkdir/pp_cleanup && cat $pp_wrkdir/pp_cleanup + } > $pp_wrkdir/pp_cleanup.new + mv $pp_wrkdir/pp_cleanup.new $pp_wrkdir/pp_cleanup +} + +pp_ls_readlink () { + if test -h "$1"; then + ls -1ld "$1" | sed -ne 's,.* -> ,,p' + else + echo "$1: not a symbolic link" >&2 + return 1 + fi +} + +pp_remove_later_now () { + typeset f + if test -s $pp_wrkdir/pp_cleanup; then + pp_debug "pp_remove_later_now" + while read f; do + pp_debug "removing $pp_destdir$f" + if test -d $pp_destdir$f; then + rmdir $pp_destdir$f + else + rm $pp_destdir$f + fi + done < $pp_wrkdir/pp_cleanup + rm $pp_wrkdir/pp_cleanup + fi +} + +pp_readlink() { + +pp_debug "&& pp_readlink_fn=$pp_readlink_fn" + + if test -n "$pp_readlink_fn"; then +pp_debug "&& calling $pp_readlink_fn $*" + "$pp_readlink_fn" "$@" + else + readlink "$@" + fi +} + + +pp_install_script_common () { + cat <<-. + + # Automatically generated for + # $name $version ($pp_platform) + # by PolyPackage $pp_version + + usage () { + case "$1" in + "list-services") + echo "usage: \$0 list-services" ;; + "list-components") + echo "usage: \$0 list-components" ;; + "list-files") + echo "usage: \$0 list-files {cpt...|all}" ;; + "install") + echo "usage: \$0 install {cpt...|all}" ;; + "uninstall") + echo "usage: \$0 uninstall {cpt...|all}" ;; + "start") + echo "usage: \$0 start {svc...}" ;; + "stop") + echo "usage: \$0 stop {svc...}" ;; + "print-platform") + echo "usage: \$0 print-platform" ;; + *) + echo "usage: \$0 [-q] command [args]" + echo " list-services" + echo " list-components" + echo " list-files {cpt...|all}" + echo " install {cpt...|all}" + echo " uninstall {cpt...|all}" + echo " start {svc...}" + echo " stop {svc...}" + echo " print-platform" + ;; + esac >&2 + exit 1 + } + + if test x"\$1" = x"-q"; then + shift + verbose () { "\$@"; } + verbosemsg () { : ; } + else + verbose () { echo "+ \$*"; "\$@"; } + verbosemsg () { echo "\$*"; } + fi +. +} + + +pp_functions () { + typeset func deps allfuncs + allfuncs= + while test $# -gt 0; do + pp_add_to_list allfuncs "$1" + deps=`pp_backend_function "$1:depends"` + shift + set -- `pp_unique "$@" $deps` + done + + for func in $allfuncs + do + pp_debug "generating function code for '$1'" + echo "" + echo "$func () {" + case "$func" in + pp_mkgroup|pp_mkuser|pp_havelib) echo <<.;; + if test \$# -lt 1; then + echo "$func: not enough arguments" >&2 + return 1 + fi +. + esac + pp_backend_function "$func" || cat <<. + echo "$func: not implemented" >&2 + return 1 +. + echo "}" + done +} + +pp_function () { + pp_functions "$1" +} + +pp_makevar () { + #-- convert all non alpha/digits to underscores + echo "$*" | tr -c '[a-z][A-Z][0-9]\012' '[_*]' +} + +pp_getpwuid () { + awk -F: '$3 == uid { if (!found) print $1; found=1; } END { if (!found) exit 1; }' uid="$1" \ + < /etc/passwd || pp_error "no local username for uid $1" +} + +pp_getgrgid () { + awk -F: '$3 == gid { if (!found) print $1; found=1; } END { if (!found) exit 1; }' gid="$1" \ + < /etc/group || pp_error "no local group for gid $1" +} + +pp_backend_function_getopt () { + cat <<'..' +pp_getopt () { + _pp_optstring="$1"; shift; eval `_pp_getopt "$_pp_optstring"` +} +_pp_getopt_meta=s,[\\\\\"\'\`\$\&\;\(\)\{\}\#\%\ \ ],\\\\\&,g +_pp_protect () { + sed "$_pp_getopt_meta" <<. | tr '\012' ' ' +$* +. +} +_pp_protect2 () { + sed "s,^..,,$pp_getopt_meta" <<. | tr '\012' ' ' +$* +. +} +_pp_nonl () { + tr '\012' ' ' <<. +$* +. +} +_pp_getopt () { + _pp_nonl '_pp_nonl set --; while test $# -gt 0; do case "$1" in "--") shift; break;;' + sed 's/\([^: ]:*\)/<@<\1>@>/g; + s/<@<\(.\):>@>/"-\1") _pp_nonl -"\1"; _pp_protect "$2"; shift; shift;; "-\1"*) _pp_nonl -"\1"; _pp_protect2 "$1"; shift;;/g;s/<@<\(.\)>@>/ "-\1") _pp_nonl -"\1"; shift;; "-\1"*) _pp_nonl -"\1"; _pp_tmp="$1"; shift; set -- -`_pp_protect2 "$_pp_tmp"` "$@";;/g' <<. +$1 +. + _pp_nonl '-*) echo "$1: unknown option">&2; return 1;; *) break;; esac; done; _pp_nonl --; while test $# -gt 0; do _pp_nonl "$1"; shift; done; echo' + echo +} +.. +} + +pp_copy_unstripped () { + typeset filedir realdir + filedir="`dirname ${1#$pp_destdir}`" + realdir="$pp_wrkdir/unstripped/$filedir" + + mkdir -p "$realdir" + # Can't use hardlinks because `strip` modifies the original file in-place + cp "$1" "$realdir" +} + +pp_package_stripped_binaries () { + (cd "$pp_wrkdir/unstripped" && tar -c .) \ + | gzip > "$name-dbg-$version.tar.gz" + rm -rf "$pp_wrkdir/unstripped" +} + +pp_strip_binaries () { + if test x"$pp_opt_save_unstripped" = x"true"; then + rm -rf "$pp_wrkdir/unstripped" + mkdir "$pp_wrkdir/unstripped" + fi + + for f in `find "$pp_destdir" -type f`; do + if file "$f" | awk '{print $2}' | grep ^ELF >/dev/null 2>&1; then + if test x"$pp_opt_save_unstripped" = x"true"; then + if file "$f" | LC_MESSAGES=C grep 'not stripped' >/dev/null 2>&1; then + pp_debug "Saving unstripped binary $f" + pp_copy_unstripped "$f" + else + pp_debug "$f is already stripped; not saving a copy" + fi + fi + pp_debug "Stripping unnecessary symbols from $f" + strip "$f" + fi + done + + if test x"$pp_opt_save_unstripped" = x"true"; then + pp_package_stripped_binaries + fi +} + +pp_if_true=0 +pp_if_false=0 + +pp_frontend_init () { + name= + version= + build_number= + summary="no summary" + description="No description" + copyright="Copyright 2018 One Identity LLC. ALL RIGHTS RESERVED." + + #-- if the user supplied extra arguments on the command line + # then load them now. + pp_debug "pp_opt_init_vars=$pp_opt_init_vars" + test -n "$pp_opt_init_vars" && eval "$pp_opt_init_vars" +} + +pp_is_qualifier () { + typeset ret + + case "$1" in + "["*"]") ret=true;; + *) ret=false;; + esac + pp_debug "is_qualifier: $* -> $ret" + test $ret = true +} + +pp_eval_qualifier () { + typeset ret + + case "$1" in + "[!$pp_platform]"| \ + "[!"*",$pp_platform]"| \ + "[!$pp_platform,"*"]"| \ + "[!"*",$pp_platform,"*"]") ret=false;; + "[!"*"]") ret=true;; + "[$pp_platform]"| \ + "["*",$pp_platform]"| \ + "[$pp_platform,"*"]"| \ + "["*",$pp_platform,"*"]") ret=true;; + "["*"]") ret=false;; + *) pp_die "pp_eval_qualifier: bad qualifier '$1'" + esac + pp_debug "eval: $* -> $ret" + test true = $ret +} + +pp_frontend_if () { + typeset ifcmd ifret + ifcmd="$1"; + shift + case "$ifcmd" in + %if) if test 0 = $pp_if_false; then + case "$*" in + true |1) pp_incr pp_if_true;; + false|0) pp_incr pp_if_false;; + *) + ifret=true + if pp_is_qualifier "$*"; then + pp_eval_qualifier "$*" || ifret=false + else + eval test "$@" || ifret=false + pp_debug "evaluating test $* -> $ifret" + fi + pp_incr pp_if_$ifret + ;; + esac + else + pp_incr pp_if_false + fi;; + %else) test $# = 0 || pp_warn "ignoring argument to %else" + if test $pp_if_false -gt 1; then + : no change + elif test $pp_if_false = 1; then + pp_incr pp_if_true + pp_decr pp_if_false + elif test $pp_if_true = 0; then + pp_die "unmatched %else" + else + pp_incr pp_if_false + pp_decr pp_if_true + fi;; + %endif) test $# = 0 || pp_warn "ignoring argument to %endif" + if test $pp_if_false -gt 0; then + pp_decr pp_if_false + elif test $pp_if_true -gt 0; then + pp_decr pp_if_true + else + pp_die "unmatched %endif" + fi;; + *) pp_die "frontend_if: unknown cmd $ifcmd";; + esac +} + + +pp_frontend () { + typeset section newsection sed_word sed_ws line cpt svc + typeset section_enabled newsection_enabled s sed sed_candidate + + section='%_initial' + newsection='%_initial' + section_enabled=: + newsection_enabled=: + sed_word="[a-zA-Z_][a-zA-Z_0-9]*" + sed_ws="[ ]" + + #-- not all seds are created equal + sed= + for sed_candidate in ${PP_SED:-sed} /usr/xpg4/bin/sed; do + if echo 'foo' | $sed_candidate -ne '/^\(x\)*foo/p' | grep foo > /dev/null + then + sed="$sed_candidate" + break + fi + done + test -z "$sed" && + pp_die "sed is broken on this system" + + pp_lineno=0 + + #-- Note: this sed script should perform similar to pp_eval_qualifier() + $sed -e "/^#/s/.*//" \ + -e "/^\\[!\\($sed_word,\\)*$pp_platform\\(,$sed_word\\)*\\]/s/.*//" \ + -e "s/^\\[\\($sed_word,\\)*$pp_platform\\(,$sed_word\\)*\\]$sed_ws*//" \ + -e "s/^\\[!\\($sed_word,\\)*$sed_word\\]$sed_ws*//" \ + -e "/^\\[\\($sed_word,\\)*$sed_word\\]/s/.*//" \ + -e "s/^%$sed_ws*/%/" \ + -e "s/^$sed_ws/%\\\\&/" \ + > $pp_wrkdir/frontend.tmp + + #-- add an ignore section at the end to force section completion + echo '%ignore' >> $pp_wrkdir/frontend.tmp + echo >> $pp_wrkdir/frontend.tmp + + exec 0<$pp_wrkdir/frontend.tmp + : > $pp_wrkdir/tmp + : > $pp_wrkdir/%fixup + while read -r line; do + #-- Convert leading double-% to single-%, or switch sections + pp_incr pp_lineno + + pp_debug "line $pp_lineno: $line" + set -f + set -- $line + set +f + #pp_debug "line $pp_lineno: $*" + + case "$line" in %*) + case "$1" in + %if|%else|%endif) + pp_debug "processing if directive $1" + pp_frontend_if "$@" + continue;; + esac + test 0 -ne $pp_if_false && continue # ignore lines %if'd out + + case "$1" in + %set|%fixup|%ignore) + pp_debug "processing new section $1" + newsection="$1"; shift + newsection_enabled=: + if pp_is_qualifier "$1"; then + pp_eval_qualifier "$1" || newsection_enabled=false + shift + fi + test $# -eq 0 || pp_warn "ignoring extra arguments: $line" + continue;; + %pre|%post|%preun|%postup|%preup|%postun|%files|%depend|%check|%conflict) + pp_debug "processing new component section $*" + s="$1"; shift + if test $# -eq 0 || pp_is_qualifier "$1"; then + cpt=run + else + cpt="$1" + shift + fi + newsection="$s.$cpt" + newsection_enabled=: + if test $# -gt 0 && pp_is_qualifier "$1"; then + pp_eval_qualifier "$1" || newsection_enabled=false + shift + fi + test $# -eq 0 || + pp_warn "ignoring extra arguments: $line" + case "$cpt" in + run|dbg|doc|dev) + $newsection_enabled && pp_add_component "$cpt";; + x-*) :;; # useful for discarding stuff + *) pp_error "unknown component: $1 $cpt";; + esac + continue;; + %pp) + newsection="%ignore"; shift + if test $# -gt 0; then + pp_set_api_version "$1" + shift + else + pp_error "%pp: missing version" + fi + test $# -gt 0 && + pp_error "%pp: too many arguments" + continue;; + %service) + pp_debug "processing new service section $1 $2" + s="$1"; shift + if test $# -eq 0 || pp_is_qualifier "$1"; then + pp_error "$s: service name required" + svc=unknown + else + svc="$1"; shift + fi + + newsection="$s.$svc" + newsection_enabled=: + if test $# -gt 0 && pp_is_qualifier "$1"; then + pp_eval_qualifier "$1" || newsection_enabled=false + shift + fi + test $# -eq 0 || + pp_warn "ignoring extra arguments: $line" + $newsection_enabled && pp_add_service "$svc" + continue;; + %\\*) + pp_debug "removing leading %\\" + line="${line#??}" + pp_debug " result is <$line>" + set -f + set -- $line + set +f + ;; + %%*) + pp_debug "removing leading %" + line="${line#%}" + set -f + set -- $line + set +f + ;; + %*) + pp_error "unknown section $1" + newsection='%ignore' + newsection_enabled=: + continue;; + esac;; + esac + + test 0 != $pp_if_false && continue # ignore lines %if'd out + + pp_debug "section=$section (enabled=$section_enabled) newsection=$newsection (enabled=$newsection_enabled)" + + #-- finish processing a previous section + if test x"$newsection" != x""; then + $section_enabled && case "$section" in + %ignore|%_initial) + pp_debug "leaving ignored section $section" + : ignore # guaranteed to be the last section + ;; + %set) + pp_debug "leaving $section: sourcing $pp_wrkdir/tmp" + $pp_opt_debug && cat $pp_wrkdir/tmp >&2 + . $pp_wrkdir/tmp + : > $pp_wrkdir/tmp + ;; + %pre.*|%preun.*|%post.*|%postup.*|%preup.*|%postun.*|%depend.*|%check.*|%conflict.*|%service.*|%fixup) + pp_debug "leaving $section: substituting $pp_wrkdir/tmp" + # cat $pp_wrkdir/tmp >&2 # debugging + $pp_opt_debug && pp_substitute < $pp_wrkdir/tmp >&2 + pp_substitute < $pp_wrkdir/tmp > $pp_wrkdir/tmp.sh + . $pp_wrkdir/tmp.sh >> $pp_wrkdir/$section || + pp_error "shell error in $section" + rm -f $pp_wrkdir/tmp.sh + : > $pp_wrkdir/tmp + ;; + esac + section="$newsection" + section_enabled="$newsection_enabled" + newsection= + fi + + #-- ignore section content that is disabled + $section_enabled || continue + + #-- process some lines in-place + case "$section" in + %_initial) + case "$line" in "") continue;; esac # ignore non-section blanks + pp_die "Ignoring text before % section introducer";; + %set|%pre.*|%preun.*|%post.*|%postup.*|%preup.*|%postun.*|%check.*|%service.*|%fixup) + pp_debug "appending line to \$pp_wrkdir/tmp" + echo "$line" >> $pp_wrkdir/tmp + ;; + %files.*) + test $# -eq 0 && continue; + pp_files_expand "$@" >> $pp_wrkdir/$section + ;; + %depend.*) + pp_debug "Adding explicit dependency $@ to $cpt" + echo "$@" >> $pp_wrkdir/%depend.$cpt + ;; + %conflict.*) + pp_debug "Adding explicit conflict $@ to $cpt" + echo "$@" >> $pp_wrkdir/%conflict.$cpt + ;; + esac + done + exec <&- + + if test $pp_if_true != 0 -o $pp_if_false != 0; then + pp_die "missing %endif at end of file" + fi + + pp_lineno= + + pp_debug " name = $name" + pp_debug " version = $version" + pp_debug " summary = $summary" + pp_debug " description = $description" + pp_debug " copyright = $copyright" + pp_debug "" + pp_debug "\$pp_components: $pp_components" + pp_debug "\$pp_services: $pp_services" +} + +pp_set_api_version() { + case "$1" in + 1.0) : ;; + *) pp_error "This version of polypackage is too old";; + esac +} + +pp_platform= + +pp_set_platform () { + if test -n "$pp_opt_platform"; then + pp_contains "$pp_platforms" "$pp_opt_platform" || + pp_die "$pp_opt_platform: unknown platform" + pp_platform="$pp_opt_platform" + else + uname_s=`uname -s 2>/dev/null` + pp_platform= + for p in $pp_platforms; do + pp_debug "probing for platform $p" + if eval pp_backend_${p}_detect "$uname_s"; then + pp_platform="$p" + break; + fi + done + test -z "$pp_platform" && + pp_die "cannot detect platform (supported: $pp_platforms)" + fi + pp_debug "pp_platform = $pp_platform" +} + +pp_expand_path= + +pp_expand_test_usr_bin () { + awk '$1 == "/usr" || $2 == "/usr" {usr++} + $1 == "/bin" || $2 == "/bin" {bin++} + END { if (usr == 1 && bin == 1) exit(0); else exit(1); }' +} + +pp_set_expand_converter_or_reexec () { + test -d /usr -a -d /bin || + pp_die "missing /usr or /bin" + echo /usr /bin | pp_expand_test_usr_bin || pp_die "pp_expand_test_usr_bin?" + if (eval "echo /{usr,bin}" | pp_expand_test_usr_bin) 2>/dev/null; then + pp_expand_path=pp_expand_path_brace + elif (eval "echo /@(usr|bin)" | pp_expand_test_usr_bin) 2>/dev/null; then + pp_expand_path=pp_expand_path_at + else + test x"$pp_expand_rexec" != x"true" || + pp_die "problem finding shell that can do brace expansion" + for shell in bash ksh ksh93; do + if ($shell -c 'echo /{usr,bin}' | + pp_expand_test_usr_bin) 2>/dev/null || + ($shell -c 'echo /@(usr|bin)' | + pp_expand_test_usr_bin) 2>/dev/null + then + pp_debug "switching to shell $shell" + pp_expand_rexec=true exec $shell "$0" "$@" + fi + done + pp_die "cannot find a shell that does brace expansion" + fi +} + +pp_expand_path_brace () { + typeset f + eval "for f in $1; do echo \"\$f\"; done|sort -u" +} + +pp_expand_path_at () { + typeset f + eval "for f in ` + echo "$1" | sed -e 's/{/@(/g' -e 's/}/)/g' -e 's/,/|/g' + `; do echo \"\$f\"; done|sort -u" +} + +pp_shlib_suffix='.so*' + +pp_model_init () { + #@ $pp_components: whitespace-delimited list of components seen in %files + pp_components= + #@ $pp_services: whitespace-delimited list of %service seen + pp_services= + + rm -f $pp_wrkdir/%files.* \ + $pp_wrkdir/%post.* \ + $pp_wrkdir/%pre.* \ + $pp_wrkdir/%preun.* \ + $pp_wrkdir/%postup.* \ + $pp_wrkdir/%postun.* \ + $pp_wrkdir/%service.* \ + $pp_wrkdir/%set \ + $pp_wrkdir/%fixup +} + + +pp_have_component () { + pp_contains "$pp_components" "$1" +} + +pp_have_all_components () { + pp_contains_all "$pp_components" "$@" +} + +pp_add_component () { + pp_add_to_list 'pp_components' "$1" +} + +pp_add_service () { + pp_add_to_list 'pp_services' "$1" +} + +pp_service_init_vars () { + cmd= + pidfile= + stop_signal=15 # SIGTERM + user=root + group= + enable=yes # make it so the service starts on boot + optional=no # Whether installing this service is optional + pp_backend_init_svc_vars +} + +pp_service_check_vars () { + test -n "$cmd" || + pp_error "%service $1: cmd not defined" + case "$enable" in + yes|no) : ;; + *) pp_error "%service $1: \$enable must be set to yes or no";; + esac +} + +pp_load_service_vars () { + pp_service_init_vars + . "$pp_wrkdir/%service.$1" + pp_service_check_vars "$1" +} + +pp_files_expand () { + typeset _p _mode _group _owner _flags _path _optional _has_target _tree + typeset _target _file _tgt _m _o _g _f _type _lm _ll _lo _lg _ls _lx + typeset _ignore _a + + test $# -eq 0 && return + + pp_debug "pp_files_expand: path is: $1" + + case "$1" in "#"*) return;; esac + _p="$1"; shift + + pp_debug "pp_files_expand: other arguments: $*" + + #-- the mode must be an octal number of at least three digits + _mode="=" + _a=`eval echo \"$1\"` + case "$_a" in + *:*) :;; + -|=|[01234567][01234567][01234567]*) _mode="$_a"; shift;; + esac + + #-- the owner:group field may have optional parts + _a=`eval echo \"$1\"` + case "$_a" in + *:*) _group=${_a#*:}; _owner=${_a%:*}; shift;; + =|-) _group=$_a; _owner=$_a; shift;; + *) _group=; _owner=;; + esac + + #-- process the flags argument + _flags= + _target= + _optional=false + _has_target=false + _ignore=false + if test $# -gt 0; then + _a=`eval echo \"$1\"` + case ",$_a," in *,volatile,*) _flags="${_flags}v";; esac + case ",$_a," in *,optional,*) _optional=true;; esac + case ",$_a," in *,symlink,*) _has_target=true;; esac + case ",$_a," in *,ignore-others,*) _flags="${_flags}i";; esac + case ",$_a," in *,ignore,*) _ignore=true;; esac + shift + fi + + #-- process the target argument + if $_has_target; then + test $# -ne 0 || pp_error "$_p: missing target" + _a=`eval echo \"$1\"` + _target="$_a" + shift + fi + + pp_debug "pp_files_expand: $_mode|$_owner:$_group|$_flags|$_target|$*" + + test $# -eq 0 || pp_error "$_p: too many arguments" + + #-- process speciall suffixes + tree= + case "$_p" in + *"/**") _p="${_p%"/**"}"; tree="**";; + *".%so") _p="${_p%".%so"}$pp_shlib_suffix";; + esac + + #-- expand the path using the shell glob + pp_debug "expanding .$_p ... with $pp_expand_path" + (cd ${pp_destdir} && $pp_expand_path ".$_p") > $pp_wrkdir/tmp.files.exp + + #-- expand path/** by rewriting the glob output file + case "$tree" in + "") : ;; + "**") + pp_debug "expanding /** tree ..." + while read _path; do + _path="${_path#.}" + pp_find_recurse "$pp_destdir${_path%/}" + done < $pp_wrkdir/tmp.files.exp | + sort -u > $pp_wrkdir/tmp.files.exp2 + mv $pp_wrkdir/tmp.files.exp2 $pp_wrkdir/tmp.files.exp + ;; + esac + + while read _path; do + _path="${_path#.}" + _file="${pp_destdir}${_path}" + _tgt= + _m="$_mode" + _o="${_owner:--}" + _g="${_group:--}" + _f="$_flags" + + case "$_path" in + /*) :;; + *) pp_warn "$_path: inserting leading /" + _path="/$_path";; # ensure leading / + esac + + #-- sanity checks + case "$_path" in + */../*|*/..) pp_error "$_path: invalid .. in path";; + */./*|*/.) pp_warn "$_path: invalid component . in path";; + *//*) pp_warn "$_path: redundant / in path";; + esac + + #-- set the type based on the real file's type + if $_ignore; then + _type=f _m=_ _o=_ _g=_ + elif test -h "$_file"; then + case "$_path" in + */) pp_warn "$_path (symlink $_file): removing trailing /" + _path="${_path%/}" + ;; + esac + _type=s + if test x"$_target" != x"=" -a -n "$_target"; then + _tgt="$_target" +pp_debug "symlink target is $_tgt" + else + _tgt=`pp_readlink "$_file"`; + test -z "$_tgt" && pp_error "can't readlink $_file" + case "$_tgt" in + ${pp_destdir}/*) + pp_warn "stripped \$destdir from symlink ($_path)" + _tgt="${_tgt#$pp_destdir}";; + esac + fi + _m=777 + elif test -d "$_file"; then + #-- display a warning if the user forgot the trailing / + case "$_path" in + */) :;; + *) pp_warn "$_path (matching $_file): adding trailing /" + _path="$_path/";; + esac + _type=d + $_has_target && pp_error "$_file: not a symlink" + elif test -f "$_file"; then + case "$_path" in + */) pp_warn "$_path (matching $_file): removing trailing /" + _path="${_path%/}" + ;; + esac + _type=f + $_has_target && pp_error "$_file: not a symlink" + else + $_optional && continue + pp_error "$_file: missing" + _type=f + fi + + #-- convert '=' shortcuts into mode/owner/group from ls + case ":$_m:$_o:$_g:" in *:=:*) + if LS_OPTIONS=--color=never /bin/ls -ld "$_file" \ + > $pp_wrkdir/ls.tmp + then + read _lm _ll _lo _lg _ls _lx < $pp_wrkdir/ls.tmp + test x"$_m" = x"=" && _m=`pp_mode_from_ls "$_lm"` + test x"$_o" = x"=" && _o="$_lo" + test x"$_g" = x"=" && _g="$_lg" + else + pp_error "cannot read $_file" + test x"$_m" = x"=" && _m=- + test x"$_o" = x"=" && _o=- + test x"$_g" = x"=" && _g=- + fi + ;; + esac + + test -n "$_f" || _f=- + + #-- sanity checks + test -n "$_type" || pp_die "_type empty" + test -n "$_path" || pp_die "_path empty" + test -n "$_m" || pp_die "_m empty" + test -n "$_o" || pp_die "_o empty" + test -n "$_g" || pp_die "_g empty" + + #-- setuid/gid files must be given an explicit owner/group (or =) + case "$_o:$_g:$_m" in + -:*:[4657][1357]??|-:*:[4657]?[1357]?|-:*:[4657]??[1357]) + pp_error "$_path: setuid file ($_m) missing explicit owner";; + *:-:[2367][1357]??|*:-:[2367]?[1357]?|*:-:[2367]??[1357]) + pp_error "$_path: setgid file ($_m) missing explicit group";; + esac + + # convert numeric uids into usernames; only works for /etc/passwd + case "$_o" in [0-9]*) _o=`pp_getpwuid $_o`;; esac + case "$_g" in [0-9]*) _g=`pp_getgrgid $_g`;; esac + + pp_debug "$_type $_m $_o $_g $_f $_path" $_tgt + $_ignore || echo "$_type $_m $_o $_g $_f $_path" $_tgt + pp_note_file_used "$_path" + case "$_f" in *i*) echo "$_path" >> $pp_wrkdir/ign.files;; esac + done < $pp_wrkdir/tmp.files.exp +} + +pp_files_check_duplicates () { + typeset _path + if test -s $pp_wrkdir/all.files; then + sort < $pp_wrkdir/all.files | uniq -d > $pp_wrkdir/duplicate.files + if test -f $pp_wrkdir/ign.awk; then + # Remove ignored files + mv $pp_wrkdir/duplicate.files $pp_wrkdir/duplicate.files.ign + sed -e 's/^/_ _ _ _ _ /' < $pp_wrkdir/duplicate.files.ign | + awk -f $pp_wrkdir/ign.awk | + sed -e 's/^_ _ _ _ _ //' > $pp_wrkdir/duplicate.files + fi + while read _path; do + pp_warn "$_path: file declared more than once" + done <$pp_wrkdir/duplicate.files + fi +} + +pp_files_check_coverage () { + pp_find_recurse "$pp_destdir" | sort > $pp_wrkdir/coverage.avail + if test -s $pp_wrkdir/all.files; then + sort -u < $pp_wrkdir/all.files + else + : + fi > $pp_wrkdir/coverage.used + join -v1 $pp_wrkdir/coverage.avail $pp_wrkdir/coverage.used \ + > $pp_wrkdir/coverage.not-packaged + if test -s $pp_wrkdir/coverage.not-packaged; then + pp_warn "The following files/directories were found but not packaged:" + sed -e 's,^, ,' < $pp_wrkdir/coverage.not-packaged >&2 + fi + join -v2 $pp_wrkdir/coverage.avail $pp_wrkdir/coverage.used \ + > $pp_wrkdir/coverage.not-avail + if test -s $pp_wrkdir/coverage.not-avail; then + pp_warn "The following files/directories were named but not found:" + sed -e 's,^, ,' < $pp_wrkdir/coverage.not-avail >&2 + fi +} + +pp_files_ignore_others () { + typeset p f + + test -s $pp_wrkdir/ign.files || return + + #-- for each file in ign.files, we remove it from all the + # other %files.* lists, except where it has an i flag. + # rather than scan each list multiple times, we build + # an awk script + + pp_debug "stripping ignore files" + + while read p; do + echo '$6 == "'"$p"'" && $5 !~ /i/ { next }' + done < $pp_wrkdir/ign.files > $pp_wrkdir/ign.awk + echo '{ print }' >> $pp_wrkdir/ign.awk + + $pp_opt_debug && cat $pp_wrkdir/ign.awk + + for f in $pp_wrkdir/%files.*; do + mv $f $f.ign + awk -f $pp_wrkdir/ign.awk < $f.ign > $f || pp_error "awk" + done +} + +pp_service_scan_groups () { + typeset svc + + #-- scan for "group" commands, and build a list of groups + pp_service_groups= + if test -n "$pp_services"; then + for svc in $pp_services; do + group= + . $pp_wrkdir/%service.$svc + if test -n "$group"; then + pp_contains "$pp_services" "$group" && pp_error \ + "%service $svc: group name $group in use by a service" + pp_add_to_list 'pp_service_groups' "$group" + echo "$svc" >> $pp_wrkdir/%svcgrp.$group + fi + done + fi +} + +pp_service_get_svc_group () { + (tr '\012' ' ' < $pp_wrkdir/%svcgrp.$1 ; echo) | sed -e 's/ $//' +} + +for _sufx in _init '' _names _cleanup _install_script \ + _init_svc_vars _function _probe _vas_platforms +do + eval "pp_backend$_sufx () { pp_debug pp_backend$_sufx; pp_backend_\${pp_platform}$_sufx \"\$@\"; }" +done + + +pp_platforms="$pp_platforms aix" + +pp_backend_aix_detect () { + test x"$1" = x"AIX" +} + +pp_backend_aix_init () { + pp_aix_detect_arch + pp_aix_detect_os + + pp_aix_bosboot= # components that need bosboot + pp_aix_lang=en_US + pp_aix_copyright= + pp_aix_start_services_after_install=false + pp_aix_init_services_after_install=true + + pp_aix_sudo=sudo # AIX package tools must run as root + + case "$pp_aix_os" in + *) pp_readlink_fn=pp_ls_readlink;; # XXX + esac + + pp_aix_abis_seen= +} + +pp_aix_detect_arch () { + pp_aix_arch_p=`uname -p 2>/dev/null` + case "$pp_aix_arch_p" in + "") pp_debug "can't get processor type from uname -p" + pp_aix_arch_p=powerpc + pp_aix_arch=R;; # guess (lsattr -l proc0 ??) + powerpc) pp_aix_arch=R;; + *) pp_aix_arch_p=intel + pp_aix_arch=I;; # XXX? verify + esac + + case "`/usr/sbin/lsattr -El proc0 -a type -F value`" in + PowerPC_POWER*) pp_aix_arch_std=ppc64;; + PowerPC*) pp_aix_arch_std=ppc;; + *) pp_aix_arch_std=unknown;; + esac +} + +pp_aix_detect_os () { + typeset r v + + r=`uname -r` + v=`uname -v` + pp_aix_os=aix$v$r +} + +pp_aix_version_fix () { + typeset v + v=`echo $1 | sed 's/[-+]/./' | tr -c -d '[0-9].\012' | awk -F"." '{ printf "%d.%d.%d.%.4s\n", $1, $2, $3, $4 }' | sed 's/[.]*$//g'` + if test x"$v" != x"$1"; then + pp_warn "stripped version '$1' to '$v'" + fi + case $v in + ""|*..*|.*|*.) pp_error "malformed '$1'" + echo "0.0.0.0";; + *.*.*.*.*) + # 5 components are only valid for fileset updates, not base + # filesets (full packages). We trim 5+ components down to 4. + pp_warn "version '$1' has too many dots for AIX, truncating" + echo "$v" | cut -d. -f1-4;; + *.*.*.*) echo "$v";; + *.*.*) echo "$v.0";; + *.*) echo "$v.0.0";; + *) echo "$v.0.0.0";; + esac +} + +pp_aix_select () { + case "$1" in + -user) op="";; + -root) op="!";; + *) pp_die "pp_aix_select: bad argument";; + esac + #pp_debug awk '$5 '$op' /^\/(usr|opt)(\/|$)/ { print; }' + #awk '$5 '$op' /^\/(usr|opt)(\/|$)/ { print; }' + awk $op'($6 ~ /^\/usr\// || $6 ~ /^\/opt\//) { print; }' +} + +pp_aix_copy_root () { + typeset t m o g f p st target + while read t m o g f p st; do + case "$t" in + d) pp_create_dir_if_missing "$1${p%/}";; + f) pp_add_transient_file "$1$p" + pp_verbose ln "$pp_destdir$p" "$pp_destdir$1$p" || + pp_error "can't link $p into $1";; + *) pp_warn "pp_aix_copy_root: filetype $t not handled";; + esac + done +} + +pp_aix_size () { + typeset prefix t m o g f p st + + prefix="$1" + while read t m o g f p st; do + case "$t" in f) du -a "$pp_destdir$p";; esac + done | sed -e 's!/[^/]*$!!' | sort +1 | + awk '{ if ($2 != d) + { if (sz) print d,sz; + d=$2; sz=0 } + sz += $1; } + END { if (sz) print d,sz }' | + sed -n -e "s!^$pp_destdir!$prefix!p" +} + +pp_aix_list () { + awk '{ print "." pfx $6; }' pfx="$1" +} + +pp_aix_make_liblpp () { + typeset out dn fl f + + out="$1"; shift + dn=`dirname "$2"` + fl= + for f + do + case "$f" in "$dn/"*) fl="$fl `basename $f`" ;; + *) pp_die "liblpp name $f not in $dn/";; esac + done + (cd "$dn" && pp_verbose ar -c -g -r "$out" $fl) || pp_error "ar error" +} + +pp_aix_make_script () { + rm -f "$1" + echo "#!/bin/sh" > "$1" + cat >> "$1" + echo "exit 0" >> "$1" + chmod +x "$1" +} + +pp_aix_inventory () { + typeset fileset t m o g f p st type + + fileset="$1" + while read t m o g f p st; do + case "$p" in *:*) pp_error "path $p contains colon";; esac + echo "$p:" + case "$t" in + f) type=FILE; defm=644 ;; + s) type=SYMLINK; defm=777 ;; + d) type=DIRECTORY; defm=755 ;; + esac + echo " type = $type" + echo " class = inventory,apply,$fileset" + if test x"$m" = x"-"; then m="$defm"; fi + if test x"$o" = x"-"; then o="root"; fi + if test x"$g" = x"-"; then g="system"; fi + echo " owner = $o" + echo " group = $g" + + case "$m" in ????) + m=`echo $m|sed -e 's/^1/TCB,/' \ + -e 's/^[23]/TCB,SGID,/' \ + -e 's/^[45]/TCB,SUID,/' \ + -e 's/^[67]/TCB,SUID,SGID,/'`;; # vtx bit ignored + esac + echo " mode = $m" + case "$t" in + f) if test ! -f "$pp_destdir$p"; then + pp_error "$p: missing file" + fi + case "$flags" in + *v*) + echo " size = VOLATILE" + echo " checksum = VOLATILE" + ;; + *) + if test -r "$pp_destdir$p"; then + echo " size = $size" + pp_verbose sum -r < "$pp_destdir$p" | + sed -e 's/.*/ checksum = "&"/' + fi + ;; + esac;; + s) + echo " target = $st" + ;; + esac + + #-- Record ABI types seen + case "$t" in + f) if test -r "$pp_destdir$p"; then + case "`file "$pp_destdir$p"`" in + *"executable (RISC System/6000)"*) abi=ppc;; + *"64-bit XCOFF executable"*) abi=ppc64;; + *) abi=;; + esac + if test -n "$abi"; then + pp_add_to_list pp_aix_abis_seen $abi + fi + fi;; + esac + + done +} + +pp_aix_depend () +{ + if test -s "$1"; then + pp_warn "aix dependencies not implemented" + fi +} + +pp_aix_add_service () { + typeset svc cmd_cmd cmd_arg f + svc="$1" + + pp_load_service_vars $svc + + set -- $cmd + cmd_cmd="$1"; shift + cmd_arg="${pp_aix_mkssys_cmd_args:-$*}"; + + case "$stop_signal" in + HUP) stop_signal=1;; + INT) stop_signal=2;; + QUIT) stop_signal=3;; + KILL) stop_signal=9;; + TERM) stop_signal=15;; + USR1) stop_signal=30;; + USR2) stop_signal=31;; + "") + pp_error "%service $svc: stop_signal not set";; + [a-zA-Z]*) + pp_error "%service $svc: bad stop_signal ($stop_signal)";; + esac + + test -z "$pidfile" || pp_error "aix requires empty pidfile (non daemon)" + + pp_add_component run + if test "$user" = "root"; then + uid=0 + else + uid="\"\`/usr/bin/id -u $user\`\"" + fi + + + #-- add command text to create/remove the service + cat <<-. >> $pp_wrkdir/%post.$svc +svc=$svc +uid=0 +cmd_cmd="$cmd_cmd" +cmd_arg="$cmd_arg" +stop_signal=$stop_signal +force_signal=9 +srcgroup="$pp_aix_mkssys_group" +instances_allowed=${pp_aix_mkssys_instances_allowed:--Q} + +lssrc -s \$svc > /dev/null 2>&1 +if [ \$? -eq 0 ]; then + lssrc -s \$svc | grep "active" > /dev/null 2>&1 + if [ \$? -eq 0 ]; then + stopsrc -s \$svc > /dev/null 2>&1 + fi + rmsys -s \$svc > /dev/null 2>&1 +fi + +mkssys -s \$svc -u \$uid -p "\$cmd_cmd" \${cmd_arg:+-a "\$cmd_arg"} -S -n \$stop_signal -f 9 ${pp_aix_mkssys_args} \${srcgroup:+-G \$srcgroup} \$instances_allowed +. + + #-- add code to start the service on reboot + ${pp_aix_init_services_after_install} && + cat <<-. >> $pp_wrkdir/%post.$svc +id=\`echo "\$svc" | cut -c1-14\` +mkitab "\$id:2:once:/usr/bin/startsrc -s \$svc" > /dev/null 2>&1 +. + + ${pp_aix_start_services_after_install} && + cat <<-. >> $pp_wrkdir/%post.$svc +startsrc -s \$svc +. + +if [ -f "$pp_wrkdir/%post.run" ];then + cat $pp_wrkdir/%post.run >> $pp_wrkdir/%post.$svc +fi +mv $pp_wrkdir/%post.$svc $pp_wrkdir/%post.run + + + ${pp_aix_init_services_after_install} && + pp_prepend $pp_wrkdir/%preun.$svc <<-. +rmitab `echo "$svc" | cut -c1-14` > /dev/null 2>&1 +. + pp_prepend $pp_wrkdir/%preun.$svc <<-. +stopsrc -s $svc >/dev/null 2>&1 +rmssys -s $svc +. + +if [ -f "$pp_wrkdir/%preun.run" ];then + cat $pp_wrkdir/%preun.run >> $pp_wrkdir/%preun.$svc +fi +mv $pp_wrkdir/%preun.$svc $pp_wrkdir/%preun.run +} + +pp_backend_aix () { + typeset briefex instuser instroot svc cmp outbff + typeset user_wrkdir root_wrkdir + typeset user_files root_files + + test -n "$pp_destdir" || + pp_error "AIX backend requires the '--destdir' option" + + instuser="/usr/lpp/$name" + instroot="$instuser/inst_root" + pp_aix_bff_name=${pp_aix_bff_name:-$name} + + # Here is the component mapping: + # run -> $pp_aix_bff_name.rte ('Run time environment') + # doc -> $pp_aix_bff_name.doc (non-standard) + # dev -> $pp_aix_bff_name.adt ('Application developer toolkit') + # dbg -> $pp_aix_bff_name.diag ('Diagnostics') + + test `echo "$summary" | wc -c ` -gt 40 && pp_error "\$summary too long" + + user_wrkdir=$pp_wrkdir/u + root_wrkdir=$pp_wrkdir/r + pp_verbose rm -rf $user_wrkdir $root_wrkdir + pp_verbose mkdir -p $user_wrkdir $root_wrkdir + + for svc in $pp_services .; do + test . = "$svc" && continue + pp_aix_add_service $svc + done + + { + echo "4 $pp_aix_arch I $name {" + + for cmp in $pp_components; do + case "$cmp" in + run) ex=rte briefex="runtime";; + doc) ex=doc briefex="documentation";; + dev) ex=adt briefex="developer toolkit";; + dbg) ex=diag briefex="diagnostics";; + esac + + user_files=$pp_wrkdir/%files.$cmp.u + root_files=$pp_wrkdir/%files.$cmp.r + + pp_aix_select -user < $pp_wrkdir/%files.$cmp > $user_files + pp_aix_select -root < $pp_wrkdir/%files.$cmp > $root_files + + # Default to USR only unless there are root files, + # or a post/pre/check script associated + content=U + if test -s $root_files \ + -o -s $pp_wrkdir/%pre.$cmp \ + -o -s $pp_wrkdir/%post.$cmp \ + -o -s $pp_wrkdir/%preun.$cmp \ + -o -s $pp_wrkdir/%postun.$cmp \ + -o -s $pp_wrkdir/%check.$cmp + then + content=B + fi + + if $pp_opt_debug; then + echo "$cmp USER %files:" + cat $user_files + echo "$cmp ROOT %files:" + cat $root_files + fi >&2 + + bosboot=N; pp_contains_any "$pp_aix_bosboot" $cmp && bosboot=b + + echo $pp_aix_bff_name.$ex \ + `[ $pp_aix_version ] && pp_aix_version_fix $pp_aix_version || pp_aix_version_fix "$version"` \ + 1 $bosboot $content \ + $pp_aix_lang "$summary $briefex" + echo "[" + + pp_aix_depend $pp_wrkdir/%depend.$cmp + + echo "%" + + # generate per-directory size information + pp_aix_size < $user_files + pp_aix_size $instroot < $root_files + + pp_aix_list < $user_files > $user_wrkdir/$pp_aix_bff_name.$ex.al + pp_aix_list $instroot < $root_files >> $user_wrkdir/$pp_aix_bff_name.$ex.al + pp_aix_list < $root_files > $root_wrkdir/$pp_aix_bff_name.$ex.al + + if $pp_opt_debug; then + echo "$cmp USER $pp_aix_bff_name.$ex.al:" + cat $user_wrkdir/$pp_aix_bff_name.$ex.al + echo "$cmp ROOT $pp_aix_bff_name.$ex.al:" + cat $root_wrkdir/$pp_aix_bff_name.$ex.al + fi >&2 + + pp_aix_inventory $pp_aix_bff_name.$ex < $user_files \ + > $user_wrkdir/$pp_aix_bff_name.$ex.inventory + pp_aix_inventory $pp_aix_bff_name.$ex < $root_files \ + > $root_wrkdir/$pp_aix_bff_name.$ex.inventory + + if $pp_opt_debug; then + pp_debug "$cmp USER $pp_aix_bff_name.$ex.inventory:" + cat $user_wrkdir/$pp_aix_bff_name.$ex.inventory + pp_debug "$cmp ROOT $pp_aix_bff_name.$ex.inventory:" + cat $root_wrkdir/$pp_aix_bff_name.$ex.inventory + fi >&2 + + if test x"" != x"${pp_aix_copyright:-$copyright}"; then + echo "${pp_aix_copyright:-$copyright}" > $user_wrkdir/$pp_aix_bff_name.$ex.copyright + echo "${pp_aix_copyright:-$copyright}" > $root_wrkdir/$pp_aix_bff_name.$ex.copyright + fi + + #-- assume that post/pre uninstall scripts only make + # sense when installed in a root context + + if test -r $pp_wrkdir/%pre.$cmp; then + pp_aix_make_script $user_wrkdir/$pp_aix_bff_name.$ex.pre_i \ + < $pp_wrkdir/%pre.$cmp + fi + + if test -r $pp_wrkdir/%post.$cmp; then + pp_aix_make_script $root_wrkdir/$pp_aix_bff_name.$ex.post_i \ + < $pp_wrkdir/%post.$cmp + fi + + if test -r $pp_wrkdir/%preun.$cmp; then + pp_aix_make_script $root_wrkdir/$pp_aix_bff_name.$ex.unpost_i \ + < $pp_wrkdir/%preun.$cmp + fi + + if test -r $pp_wrkdir/%postun.$cmp; then + pp_aix_make_script $root_wrkdir/$pp_aix_bff_name.$ex.unpre_i \ + < $pp_wrkdir/%postun.$cmp + fi + + # remove empty files + for f in $user_wrkdir/$pp_aix_bff_name.$ex.* $root_wrkdir/$pp_aix_bff_name.$ex.*; do + if test ! -s "$f"; then + pp_debug "removing empty $f" + rm -f "$f" + fi + done + + # copy/link the root files so we can do an easy backup later + pp_aix_copy_root $instroot < $root_files + + echo "%" + echo "]" + done + echo "}" + } > $pp_wrkdir/lpp_name + + if $pp_opt_debug; then + echo "/lpp_name :" + cat $pp_wrkdir/lpp_name + fi >&2 + + #-- copy the /lpp_name file to the destdir + pp_add_transient_file /lpp_name + cp $pp_wrkdir/lpp_name $pp_destdir/lpp_name + + #-- copy the liblpp.a files under destdir for packaging + (cd $user_wrkdir && pp_verbose ar -c -g -r liblpp.a $name.*) || + pp_error "ar error" + if test -s $user_wrkdir/liblpp.a; then + pp_add_transient_file $instuser/liblpp.a + pp_verbose cp $user_wrkdir/liblpp.a $pp_destdir$instuser/liblpp.a || + pp_error "cannot create user liblpp.a" + fi + (cd $root_wrkdir && pp_verbose ar -c -g -r liblpp.a $name.*) || + pp_error "ar error" + if test -s $root_wrkdir/liblpp.a; then + pp_add_transient_file $instroot/liblpp.a + pp_verbose cp $root_wrkdir/liblpp.a $pp_destdir$instroot/liblpp.a || + pp_error "cannot create root liblpp.a" + fi + + { echo ./lpp_name + test -s $user_wrkdir/liblpp.a && echo .$instuser/liblpp.a + test -s $root_wrkdir/liblpp.a && echo .$instroot/liblpp.a + cat $user_wrkdir/$name.*.al # includes the relocated root files! + } > $pp_wrkdir/bff.list + + if test -n "$pp_aix_abis_seen" -a x"$pp_aix_arch_std" = x"auto"; then + case "$pp_aix_abis_seen" in + "ppc ppc64"|"ppc64 ppc") + pp_aix_arch_std=ppc64 + ;; + ppc|ppc64) + pp_aix_arch_std=$pp_aix_abis_seen + ;; + *" "*) + pp_warn "multiple architectures detected: $pp_aix_abis_seen" + pp_aix_arch_std=unknown + ;; + "") + pp_warn "no binary executables detected; using noarch" + pp_aix_arch_std=noarch + ;; + *) + pp_warn "unknown architecture detected $pp_aix_abis_seen" + pp_aix_arch_std=$pp_aix_abis_seen + ;; + esac + fi + + . $pp_wrkdir/%fixup + + outbff=`pp_backend_aix_names` + pp_debug "creating: $pp_wrkdir/$outbff" + (cd $pp_destdir && pp_verbose /usr/sbin/backup -i -q -p -f -) \ + < $pp_wrkdir/bff.list \ + > $pp_wrkdir/$outbff || pp_error "backup failed" + if test -n "$pp_aix_sudo" -o -x /usr/sbin/installp; then + $pp_aix_sudo /usr/sbin/installp -l -d $pp_wrkdir/$outbff + fi +} + +pp_backend_aix_cleanup () { + : +} + +pp_backend_aix_names () { + echo "$name.`[ $pp_aix_version ] && pp_aix_version_fix $pp_aix_version || pp_aix_version_fix "$version"`.bff" +} + +pp_backend_aix_install_script () { + typeset pkgname platform + # + # The script should take a first argument being the + # operation; further arguments refer to components or services + # + # list-components -- lists components in the pkg + # install component... -- installs the components + # uninstall component... -- uninstalles the components + # list-services -- lists the services in the pkg + # start service... -- starts the name service + # stop service... -- stops the named services + # print-platform -- prints the platform group + # + pkgname="`pp_backend_aix_names`" + platform="`pp_backend_aix_probe`" # XXX should be derived from files + + fsets= + for cmp in $pp_components; do + case "$cmp" in + run) ex=rte;; + doc) ex=doc;; + dev) ex=adt;; + dbg) ex=diag;; + esac + fsets="$fsets $name.$ex" + done + + echo '#!/bin/sh' + pp_install_script_common + + cat <<-. + + cpt_to_fileset () { + test x"\$*" = x"all" && + set -- $pp_components + for cpt + do + case "\$cpt" in + run) echo "$name.rte";; + doc) echo "$name.doc";; + dev) echo "$name.adt";; + dbg) echo "$name.diag";; + *) usage;; + esac + done + } + + test \$# -eq 0 && usage + op="\$1"; shift + + case "\$op" in + list-components) + test \$# -eq 0 || usage \$op + echo "$pp_components" + ;; + list-services) + test \$# -eq 0 || usage \$op + echo "$pp_services" + ;; + list-files) + test \$# -ge 1 || usage \$op + echo \${PP_PKGDESTDIR:-.}/$pkgname + ;; + install) + test \$# -ge 1 || usage \$op + verbose /usr/sbin/installp -acX -V0 -F \ + -d \${PP_PKGDESTDIR:-.}/$pkgname \ + \`cpt_to_fileset "\$@"\` + ;; + uninstall) + test \$# -ge 1 || usage \$op + verbose /usr/sbin/installp -u -e/dev/null \ + -V0 \`cpt_to_fileset "\$@"\` + ;; + start|stop) + test \$# -ge 1 || usage \$op + ec=0 + for svc + do + verbose \${op}src -s \$svc || ec=1 + done + exit \$ec + ;; + print-platform) + echo "$platform" + ;; + *) + usage;; + esac +. +} + +pp_backend_aix_init_svc_vars () { + : +} + +pp_backend_aix_probe () { + echo "${pp_aix_os}-${pp_aix_arch_std}" +} + +pp_backend_aix_vas_platforms () { + case "${pp_aix_arch_std}" in + ppc*) :;; + *) pp_die "unknown architecture ${pp_aix_arch_std}";; + esac + case "${pp_aix_os}" in + aix43) echo "aix-43";; + aix51) echo "aix-51 aix-43";; + aix52) echo "aix-51 aix-43";; + aix53) echo "aix-53 aix-51 aix-43";; + aix61) echo "aix-53 aix-51 aix-43";; + *) pp_die "unknown system ${pp_aix_os}";; + esac +} +pp_backend_aix_function () { + case "$1" in + pp_mkgroup) cat <<'.';; + /usr/sbin/lsgroup "$1" >/dev/null && + return 0 + echo "Creating group $1" + /usr/bin/mkgroup -A "$1" +. + pp_mkuser:depends) echo pp_mkgroup;; + pp_mkuser) cat <<'.';; + /usr/sbin/lsuser "$1" >/dev/null && + return 0 + pp_mkgroup "${2:-$1}" || return 1 + echo "Creating user $1" + /usr/bin/mkuser \ + login=false \ + rlogin=false \ + account_locked=true \ + home="${3:-/nohome.$1}" \ + pgrp="${2:-$1}" \ + "$1" +. + pp_havelib) cat <<'.';; + case "$2" in + "") pp_tmp_name="lib$1.so";; + *.*.*) pp_tmp_name="lib$1.so.$2";; + *.*) pp_tmp_name="lib$1.so.$2.0";; + *) pp_tmp_name="lib$1.so.$2";; + esac + for pp_tmp_dir in `echo "/usr/lib:/lib${3:+:$3}" | tr : ' '`; do + test -r "$pp_tmp_dir/$pp_tmp_name" -a \ + -r "$pp_tmp_dir/lib$1.so" && return 0 + done + return 1 +. + *) false;; + esac +} + +pp_platforms="$pp_platforms sd" + +pp_backend_sd_detect () { + test x"$1" = x"HP-UX" +} + +pp_backend_sd_init () { + pp_sd_sudo=sudo + pp_sd_startlevels=2 + pp_sd_stoplevels=auto + pp_sd_config_file= + pp_sd_vendor= + pp_sd_vendor_tag=OneIdentity + pp_sd_default_start=1 # config_file default start value + + pp_readlink_fn=pp_ls_readlink # HPUX has no readlink + pp_shlib_suffix='.sl' # .so on most other platforms + + pp_sd_detect_os +} + +pp_sd_detect_os () { + typeset revision + + revision=`uname -r` + pp_sd_os="${revision#?.}" + test -z "$pp_sd_os" && + pp_warn "cannot detect OS version" + pp_sd_os_std="hpux`echo $pp_sd_os | tr -d .`" + + case "`uname -m`" in + 9000/[678]??) pp_sd_arch_std=hppa;; + ia64) pp_sd_arch_std=ia64;; + *) pp_sd_arch_std=unknown;; + esac +} + +pp_sd_write_files () { + typeset t m o g f p st line dm + while read t m o g f p st; do + line=" file" + case "$f" in *v*) line="$line -v";; esac # FIXME for uninstall + case ${pp_sd_os} in + 10.*) + case $t in + f) dm=644;; + d) p=${p%/}; dm=755;; + esac + ;; + *) + case $t in + f) dm=644;; + d) line="$line -t d"; p=${p%/}; dm=755;; + s) line="$line -t s";; + esac + ;; + esac + + test x"$o" = x"-" && o=root + test x"$g" = x"-" && g=sys + test x"$m" = x"-" && m=$dm + + case $t in + s) + # swpackage will make unqualified links relative to the + # current working (source) directory, not the destination; + # we need to qualify them to prevent this. + case "$st" in + [!/]*) st="`dirname \"$p\"`/$st";; + esac + echo "$line -o $o -g $g -m $m $st $p" + ;; + *) + echo "$line -o $o -g $g -m $m $pp_destdir$p $p" + ;; + esac + + done +} + +pp_sd_service_group_script () { + typeset grp svcs scriptpath out + grp="$1" + svcs="$2" + scriptpath="/sbin/init.d/$grp" + out="$pp_destdir$scriptpath" + + pp_add_file_if_missing $scriptpath run 755 || return 0 + + cat <<-. > $out + #!/sbin/sh + # generated by pp $pp_version + svcs="$svcs" +. + + cat <<-'.' >> $out + #-- starts services in order.. stops them all if any break + pp_start () { + undo= + for svc in \$svcs; do + /sbin/init.d/\$svc start + case \$? in + 0|4) + undo="\$svc \$undo" + ;; + *) + if test -n "\$undo"; then + for svc in \$undo; do + /sbin/init.d/\$svc stop + done + return 1 + fi + ;; + esac + done + return 0 + } + + #-- stops services in reverse + pp_stop () { + reverse= + for svc in \$svcs; do + reverse="\$svc \$reverse" + done + rc=0 + for svc in \$reverse; do + /sbin/init.d/\$svc stop || rc=\$? + done + return \$rc + } + + case \$1 in + start_msg) echo "Starting \$svcs";; + stop_msg) echo "Stopping \$svcs";; + start) pp_start;; + stop) pp_stop;; + *) echo "usage: \$0 {start|stop|start_msg|stop_msg}" + exit 1;; + esac +. +} + +pp_sd_service_script () { + typeset svc config_file config_value scriptpath out + + svc="$1" + scriptpath="/sbin/init.d/$svc" + + config_file=${pp_sd_config_file:-/etc/rc.config.d/$svc} + sd_config_var=`echo run-$svc | tr '[a-z]-' '[A-Z]_'` + sd_config_value=${pp_sd_default_start:-0} + pp_load_service_vars "$svc" + + test -n "$user" -a x"$user" != x"root" && + cmd="SHELL=/usr/bin/sh /usr/bin/su $user -c \"exec `echo $cmd | sed -e 's,[$\\\`],\\&,g'`\"" + if test -z "$pidfile"; then + pidfile="/var/run/$svc.pid" + cmd="$cmd & echo \$! > \$pidfile" + fi + + pp_debug "config file is $config_file" + + pp_add_file_if_missing $scriptpath run 755 + pp_add_file_if_missing $config_file run 644 v + + cat <<-. >> $pp_destdir$config_file + + # Controls whether the $svc service is started + $sd_config_var=$sd_config_value +. + + if test ! -f $pp_destdir$scriptpath; then + cat <<-. > $pp_destdir$scriptpath + #!/sbin/sh + # generated by pp $pp_version + + svc="$svc" + pidfile="$pidfile" + config_file="$config_file" + + pp_start () { + $cmd + } + + pp_disabled () { + test \${$sd_config_var:-0} -eq 0 + } + + pp_stop () { + if test ! -s "\$pidfile"; then + echo "Unable to stop \$svc (no pid file)" + return 1 + else + read pid < "\$pidfile" + if kill -0 "\$pid" 2>/dev/null; then + if kill -${stop_signal:-TERM} "\$pid"; then + rm -f "\$pidfile" + return 0 + else + echo "Unable to stop \$svc" + return 1 + fi + else + rm -f "\$pidfile" + return 0 + fi + fi + } + + pp_running () { + if test -s "\$pidfile"; then + read pid < "\$pidfile" 2>/dev/null + if test \${pid:-0} -gt 1 && kill -0 "\$pid" 2>/dev/null; then + # make sure command name matches + c="\`echo $cmd | sed -e 's: .*::' -e 's:^.*/::'\`" + pid="\`ps -p \$pid 2>/dev/null | sed -n \"s/^ *\(\$pid\) .*\$c *\$/\1/p\"\`" + if test -n "\$pid"; then + return 0 + fi + fi + fi + return 1 + } + + case \$1 in + start_msg) echo "Starting the \$svc service";; + stop_msg) echo "Stopping the \$svc service";; + start) + if test -f "\$config_file"; then + . \$config_file + fi + if pp_disabled; then + exit 2 + elif pp_running; then + echo "\$svc already running"; + exit 0 + elif pp_start; then + echo "\$svc started"; + # rc(1M) says we should exit 4, but nobody expects it! + exit 0 + else + exit 1 + fi;; + stop) if pp_stop; then + echo "\$svc stopped"; + exit 0 + else + exit 1 + fi;; + *) echo "usage: \$0 {start|stop|start_msg|stop_msg}" + exit 1;; + esac +. + fi +} + +pp_sd_make_service () { + typeset level startpriority stoppriority startlevels stoplevels + typeset svc svcvar symtype + + svc="$1" + svcvar=`pp_makevar $svc` + + case ${pp_sd_os} in + 10.*) symtype="file";; + *) symtype="file -t s";; + esac + + # TODO: Figure out why this check is here + #-- don't do anything if the script exists + #if test -s "$pp_destdir/sbin/init.d/$svc"; then + # pp_error "$pp_destdir/sbin/init.d/$svc exists" + # return + #fi + + # symlink the script, depending on the priorities chosen + eval startpriority='${pp_sd_startpriority_'$svcvar'}' + eval stoppriority='${pp_sd_stoppriority_'$svcvar'}' + test -z "$startpriority" && startpriority="${pp_sd_startpriority:-50}" + test -z "$stoppriority" && stoppriority="${pp_sd_stoppriority:-50}" + + eval startlevels='${pp_sd_startlevels_'$svcvar'}' + test -z "$startlevels" && startlevels="$pp_sd_startlevels" + + eval stoplevels='${pp_sd_stoplevels_'$svcvar'}' + test -z "$stoplevels" && stoplevels="$pp_sd_stoplevels" + + # create the script and config file + pp_sd_service_script $svc + + # fix the priority up + case "$startpriority" in + ???) :;; + ??) startpriority=0$startpriority;; + ?) startpriority=00$startpriority;; + esac + case "$stoppriority" in + ???) :;; + ??) stoppriority=0$stoppriority;; + ?) stoppriority=00$stoppriority;; + esac + + if test x"$stoplevels" = x"auto"; then + stoplevels= + test -z "$startlevels" || for level in $startlevels; do + stoplevels="$stoplevels `expr $level - 1`" + done + fi + + # create the symlinks + test -z "$startlevels" || for level in $startlevels; do + echo " ${symtype}" \ + "/sbin/init.d/$svc" \ + "/sbin/rc$level.d/S$startpriority$svc" + done + test -z "$stoplevels" || for level in $stoplevels; do + echo " ${symtype}" \ + "/sbin/init.d/$svc" \ + "/sbin/rc$level.d/K$stoppriority$svc" + done +} + +pp_sd_control () { + typeset ctrl script + typeset cpt + + ctrl="$1"; shift + cpt="$1"; shift + script="$pp_wrkdir/control.$ctrl.$cpt" + cat <<. >$script +. + cat "$@" >> $script + echo "exit 0" >> $script + /usr/bin/chmod +x $script + echo " $ctrl $script" +} + +pp_sd_depend () { + typeset _name _vers + while read _name _vers; do + case "$_name" in ""| "#"*) continue ;; esac + echo " prerequisites $_name ${_vers:+r>= $_vers}" + done +} + +pp_sd_conflict () { + typeset _name _vers + while read _name _vers; do + case "$_name" in ""| "#"*) continue ;; esac + echo " exrequisites $_name ${_vers:+r>= $_vers}" + done +} + +pp_backend_sd () { + typeset psf cpt svc outfile release swp_flags + + psf=$pp_wrkdir/psf + release="?.${pp_sd_os%.[0-9][0-9]}.*" + + echo "depot" > $psf + echo "layout_version 1.0" >>$psf + + #-- vendor + cat <<. >>$psf + vendor + tag $pp_sd_vendor_tag + title "${pp_sd_vendor:-$vendor}" + end + + product + tag $name + revision $version + vendor_tag $pp_sd_vendor_tag + is_patch false + title "$summary" + copyright "$copyright" + machine_type * + os_name HP-UX + os_release $release + os_version ? + directory / + is_locatable false +. + test -n "$description" \ + && echo $description > $pp_wrkdir/description \ + && cat <<. >> $psf + description < $pp_wrkdir/description +. + + # make convenience service groups + if test -n "$pp_service_groups"; then + for grp in $pp_service_groups; do + pp_sd_service_group_script \ + $grp "`pp_service_get_svc_group $grp`" + done + fi + + for cpt in $pp_components; do + cat <<. >>$psf + fileset + tag ${pp_sd_fileset_tag:-$cpt} + title "${summary:-cpt}" + revision $version +. + test -s $pp_wrkdir/%depend.$cpt && + pp_sd_depend < $pp_wrkdir/%depend.$cpt >> $psf + test -s $pp_wrkdir/%conflict.$cpt && + pp_sd_conflict < $pp_wrkdir/%conflict.$cpt >> $psf + + #-- make sure services are shut down during uninstall + if test $cpt = run -a -n "$pp_services"; then + for svc in $pp_services; do + pp_prepend $pp_wrkdir/%preun.$cpt <<-. + /sbin/init.d/$svc stop +. + done + fi + + #-- we put the post/preun code into configure/unconfigure + # and not postinstall/preremove, because configure/unconfigure + # scripts are run on the hosts where the package is installed, + # not loaded (a subtle difference). + test -s $pp_wrkdir/%pre.$cpt && + pp_sd_control checkinstall $cpt $pp_wrkdir/%pre.$cpt >> $psf + test -s $pp_wrkdir/%post.$cpt && + pp_sd_control configure $cpt $pp_wrkdir/%post.$cpt >> $psf + test -s $pp_wrkdir/%preun.$cpt && + pp_sd_control unconfigure $cpt $pp_wrkdir/%preun.$cpt >> $psf + test -s $pp_wrkdir/%postun.$cpt && + pp_sd_control postremove $cpt $pp_wrkdir/%postun.$cpt >> $psf + test -s $pp_wrkdir/%check.$cpt && + pp_sd_control checkinstall $cpt $pp_wrkdir/%check.$cpt >> $psf + + if test $cpt = run -a -n "$pp_services"; then + for svc in $pp_services; do + #-- service names are 10 chars max on hpux + case "$svc" in ???????????*) + pp_warn "service name '$svc' is too long for hpux";; + esac + pp_sd_make_service $svc >> $psf + done + #pp_sd_make_service_config + fi + + pp_sd_write_files < $pp_wrkdir/%files.$cpt >> $psf + + #-- end fileset clause + cat <<. >>$psf + end +. + + done + + #-- end product clause + cat <<. >>$psf + end +. + + $pp_opt_debug && cat $psf >&2 + + test -s $pp_wrkdir/%fixup && . $pp_wrkdir/%fixup + + outfile=`pp_backend_sd_names` + case ${pp_sd_os} in + 10.*) + swp_flags="-x target_type=tape" + ;; + *) + swp_flags="-x media_type=tape" + ;; + esac + if pp_verbose ${pp_sd_sudo} /usr/sbin/swpackage -s $psf $swp_flags \ + @ $pp_wrkdir/$outfile + then + pp_verbose ${pp_sd_sudo} /usr/sbin/swlist -l file -s $pp_wrkdir/$outfile + else + pp_error "swpackage failed" + fi +} + +pp_backend_sd_cleanup () { + : +} + +pp_backend_sd_names () { + echo "$name-$version.$pp_sd_arch_std.depot" +} + +pp_backend_sd_install_script () { + typeset pkgname platform + + pkgname=`pp_backend_sd_names` + platform="`pp_backend_sd_probe`" + + echo "#!/bin/sh" + pp_install_script_common + cat <<. + + cpt_to_tags () { + test x"\$*" = x"all" && set -- $pp_components + for cpt + do + echo "$name.\$cpt" + done + } + + test \$# -eq 0 && usage + op="\$1"; shift + + case "\$op" in + list-components) + test \$# -eq 0 || usage \$op + echo "$pp_components" + ;; + list-services) + test \$# -eq 0 || usage \$op + echo "$pp_services" + ;; + list-files) + test \$# -ge 1 || usage \$op + echo \${PP_PKGDESTDIR:-.}/$pkgname + ;; + install) + test \$# -ge 1 || usage \$op + verbose /usr/sbin/swinstall -x verbose=0 \ + -s \${PP_PKGDESTDIR:-\`pwd\`}/$pkgname \ + \`cpt_to_tags "\$@"\` + ;; + uninstall) + test \$# -ge 1 || usage \$op + verbose /usr/sbin/swremove -x verbose=0 \ + \`cpt_to_tags "\$@"\` + ;; + start|stop) + test \$# -ge 1 || usage \$op + ec=0 + for svc + do + verbose /sbin/init.d/\$svc \$op + [ \$? -eq 4 -o \$? -eq 0 ] || ec=1 + done + exit \$ec + ;; + print-platform) + echo "$platform" + ;; + *) + usage + ;; + esac +. +} + +pp_backend_sd_probe () { + echo "${pp_sd_os_std}-${pp_sd_arch_std}" +} + +pp_backend_sd_vas_platforms () { + case "`pp_backend_sd_probe`" in + hpux*-hppa) echo hpux-pa;; + hpux*-ia64) echo hpux-ia64 hpux-pa;; + *) pp_die "unknown system `pp_backend_sd_probe`";; + esac +} + +pp_backend_sd_init_svc_vars () { + : +} +pp_backend_sd_function () { + case "$1" in + pp_mkgroup) cat <<'.';; + /usr/sbin/groupmod "$1" 2>/dev/null || + /usr/sbin/groupadd "$1" +. + pp_mkuser:depends) echo pp_mkgroup;; + pp_mkuser) cat <<'.';; + pp_mkgroup "${2:-$1}" || return 1 + /usr/sbin/useradd \ + -g "${2:-$1}" \ + -d "${3:-/nonexistent}" \ + -s "${4:-/bin/false}" \ + "$1" +. + pp_havelib) cat <<'.';; + for pp_tmp_dir in `echo /usr/lib${3:+:$3} | tr : ' '`; do + test -r "$pp_tmp_dir/lib$1${2:+.$2}.sl" && return 0 + done + return 1 +. + *) false;; + esac +} + +pp_platforms="$pp_platforms solaris" + +pp_backend_solaris_detect () { + test x"$1" = x"SunOS" +} + +pp_backend_solaris_init () { + pp_solaris_category= + pp_solaris_istates="s S 1 2 3" # run-states when install is ok + pp_solaris_rstates="s S 1 2 3" # run-states when remove is ok + pp_solaris_maxinst= + pp_solaris_vendor= + pp_solaris_pstamp= + pp_solaris_copyright= + pp_solaris_name= + pp_solaris_desc= + pp_solaris_package_arch=auto + + pp_solaris_detect_os + pp_solaris_detect_arch + + pp_solaris_init_svc + + #-- readlink not reliably available on Solaris + pp_readlink_fn=pp_ls_readlink +} + +pp_solaris_detect_os () { + typeset osrel + + osrel=`/usr/bin/uname -r` + case "$osrel" in + 5.[0-6]) pp_solaris_os="sol2${osrel#5.}";; + 5.*) pp_solaris_os="sol${osrel#5.}";; + esac + test -z "$pp_solaris_os" && + pp_warn "can't determine OS suffix from uname -r" + +} + +pp_solaris_detect_arch () { + pp_solaris_arch=`/usr/bin/optisa amd64 sparcv9 i386 sparc` + [ -z "$pp_solaris_arch" ] && + pp_error "can't determine processor architecture" + case "$pp_solaris_arch" in + amd64) pp_solaris_arch_std=x86_64;; + i386) pp_solaris_arch_std=i386;; + sparcv9) pp_solaris_arch_std=sparc64;; + sparc) pp_solaris_arch_std=sparc;; + *) pp_solaris_arch_std=unknown;; + esac +} + +pp_solaris_is_request_script_necessary () { + typeset has_optional_services + + has_optional_services=no + for _svc in $pp_services; do + pp_load_service_vars $_svc + if test "$optional" = "yes"; then + has_optional_services=yes + fi + done + + # If the package has no optional services and only one component, don't + # create a request script at all. + if test "$has_optional_services" = "no" && + test `echo $pp_components | wc -w` -eq 1; then + return 1 # no + fi + + return 0 # yes +} + +pp_solaris_request () { + typeset _cmp _svc + + #-- The common part of the request script contains the ask() function + # and resets the CLASSES list to empty + cat <<'.' + trap 'exit 3' 15 + ask () { + ans=`ckyorn -d "$1" \ + -p "Do you want to $2"` \ + || exit $? + case "$ans" in y*|Y*) return 0;; *) return 1;; esac + } + CLASSES= +. + #-- each of our components adds itself to the CLASSES list + for _cmp in $pp_components; do + case "$_cmp" in + run) :;; + doc) echo 'ask y "install the documentation files" &&';; + dev) echo 'ask y "install the development files" &&';; + dbg) echo 'ask n "install the diagnostic files" &&';; + esac + echo ' CLASSES="$CLASSES '$_cmp'"' + done + + #-- the request script writes the CLASSES var to its output + cat <<'.' + echo "CLASSES=$CLASSES" > $1 +. + + if test -n "$pp_services"; then + echo 'SERVICES=' + for _svc in $pp_services; do + pp_load_service_vars $_svc + if test "$enable" = "yes"; then + _default_prompt=y + else + _default_prompt=n + fi + if test "$optional" = "yes"; then + echo 'ask '$_default_prompt' "install '$_svc' service" &&' + fi + echo ' SERVICES="$SERVICES '$_svc'"' + done + echo 'echo "SERVICES=$SERVICES" >> $1' + fi + +} + +pp_solaris_procedure () { + cat <<. + + #-- $2 for $1 component of $name + case " \$CLASSES " in *" $1 "*) +. + cat + cat <<. + ;; esac +. +} + +pp_solaris_depend () { + typeset _name _vers + while read _name _vers; do + if test -n "$_name"; then + echo "P $_name $_name" + test -n "$_vers" && echo " $_vers" + fi + done +} + +pp_solaris_conflict () { + typeset _name _vers + while read _name _vers; do + if test -n "$_name"; then + echo "I $_name $_name" + test -n "$_vers" && echo " $_vers" + fi + done +} + +pp_solaris_space() { + echo "$2:$3:$1" >> $pp_wrkdir/space.cumulative +} + +pp_solaris_sum_space () { + if test -s $pp_wrkdir/space.cumulative; then + sort -t: +2 < $pp_wrkdir/space.cumulative | + awk -F: 'NR==1{n=$3}{if($3==n){b+=$1;i+=$2}else{print n" "b" "i;b=$1;i=$2;n=$3}}END{print n" "b" "i}' > $pp_wrkdir/space + fi +} + +pp_solaris_proto () { + typeset t m o g f p st + typeset abi + + while read t m o g f p st; do + # Use Solaris default mode, owner and group if all unspecified + if test x"$m$o$g" = x"---"; then + m="?"; o="?"; g="?" + fi + test x"$o" = x"-" && o="root" + case "$t" in + f) test x"$g" = x"-" && g="bin" + test x"$m" = x"-" && m=444 + case "$f" in + *v*) echo "v $1 $p=$pp_destdir$p $m $o $g";; + *) echo "f $1 $p=$pp_destdir$p $m $o $g";; + esac + if test -r "$pp_destdir$p"; then + #-- Use file to record ABI types seen + case "`file "$pp_destdir$p"`" in + *"ELF 32"*80386*) abi=i386;; + *"ELF 64"*AMD*) abi=x86_64;; + *"ELF 32"*SPARC*) abi=sparc;; + *"ELF 64"*SPARC*) abi=sparc64;; + *) abi=;; + esac + if test -n "$abi"; then + pp_add_to_list pp_solaris_abis_seen $abi + fi + fi + ;; + d) test x"$g" = x"-" && g="sys" + test x"$m" = x"-" && m=555 + echo "d $1 $p $m $o $g" + ;; + s) test x"$g" = x"-" && g="bin" + test x"$m" = x"-" && m=777 + if test x"$m" != x"777" -a x"$m" != x"?"; then + pp_warn "$p: invalid mode $m for symlink, should be 777 or -" + fi + echo "s $1 $p=$st $m $o $g" + ;; + esac + done +} + +pp_backend_solaris () { + typeset _cmp _svc _grp + + prototype=$pp_wrkdir/prototype + : > $prototype + + pkginfo=$pp_wrkdir/pkginfo + : > $pkginfo + echo "i pkginfo=$pkginfo" >> $prototype + + case "${pp_solaris_name:-$name}" in + [0-9]*) + pp_error "Package name '${pp_solaris_name:-$name}'" \ + "cannot start with a number" + ;; + ???????????????*) + pp_warn "Package name '${pp_solaris_name:-$name}'" \ + "too long for Solaris 2.6 or 2.7 (max 9 characters)" + ;; + ??????????*) + pp_warn "Package name '${pp_solaris_name:-$name}'" \ + "too long for 2.7 Solaris (max 9 characters)" + ;; + esac + + #-- generate the package info file + echo "VERSION=$version" >> $pkginfo + echo "PKG=${pp_solaris_name:-$name}" >> $pkginfo + echo "CLASSES=$pp_components" >> $pkginfo + echo "BASEDIR=/" >> $pkginfo + echo "NAME=$name $version" >> $pkginfo + echo "CATEGORY=${pp_solaris_category:-application}" >> $pkginfo + + desc="${pp_solaris_desc:-$description}" + test -n "$desc" && + echo "DESC=$desc" >> $pkginfo + + test -n "$pp_solaris_rstates" && + echo "RSTATES=$pp_solaris_rstates" >> $pkginfo + test -n "$pp_solaris_istates" && + echo "ISTATES=$pp_solaris_istates" >> $pkginfo + test -n "$pp_solaris_maxinst" && + echo "MAXINST=$pp_solaris_maxinst" >> $pkginfo + test -n "${pp_solaris_vendor:-$vendor}" && + echo "VENDOR=${pp_solaris_vendor:-$vendor}" >> $pkginfo + test -n "$pp_solaris_pstamp" && + echo "PSTAMP=$pp_solaris_pstamp" >> $pkginfo + + if test -n "${pp_solaris_copyright:-$copyright}"; then + echo "${pp_solaris_copyright:-$copyright}" > $pp_wrkdir/copyright + echo "i copyright=$pp_wrkdir/copyright" >> $prototype + fi + + #-- scripts to run before and after install + : > $pp_wrkdir/postinstall + : > $pp_wrkdir/preremove + : > $pp_wrkdir/postremove + for _cmp in $pp_components; do + #-- add the preinstall scripts in definition order + if test -s $pp_wrkdir/%pre.$_cmp; then + pp_solaris_procedure $_cmp preinst < $pp_wrkdir/%pre.$_cmp \ + >> $pp_wrkdir/preinstall + fi + #-- add the postinstall scripts in definition order + if test -s $pp_wrkdir/%post.$_cmp; then + pp_solaris_procedure $_cmp postinst < $pp_wrkdir/%post.$_cmp \ + >> $pp_wrkdir/postinstall + fi + #-- add the preremove rules in reverse definition order + if test -s $pp_wrkdir/%preun.$_cmp; then + pp_solaris_procedure $_cmp preremove < $pp_wrkdir/%preun.$_cmp | + pp_prepend $pp_wrkdir/preremove + fi + #-- add the postremove scripts in definition order + if test -s $pp_wrkdir/%postun.$_cmp; then + pp_solaris_procedure $_cmp postremove < $pp_wrkdir/%postun.$_cmp \ + >> $pp_wrkdir/postremove + fi + #-- Add the check script in definition order + if test -s $pp_wrkdir/%check.$_cmp; then + pp_solaris_procedure $_cmp checkinstall \ + < $pp_wrkdir/%check.$_cmp \ + >> $pp_wrkdir/checkinstall + fi + #-- All dependencies and conflicts are merged together for Solaris pkgs + test -s $pp_wrkdir/%depend.$_cmp && + pp_solaris_depend < $pp_wrkdir/%depend.$_cmp >> $pp_wrkdir/depend + test -s $pp_wrkdir/%conflict.$_cmp && + pp_solaris_conflict < $pp_wrkdir/%conflict.$_cmp >> $pp_wrkdir/depend + done + + + if pp_solaris_is_request_script_necessary; then + pp_solaris_request > $pp_wrkdir/request + fi + + test -n "$pp_services" && + for _svc in $pp_services; do + pp_load_service_vars $_svc + pp_solaris_smf $_svc + pp_solaris_make_service $_svc + pp_solaris_install_service $_svc | pp_prepend $pp_wrkdir/postinstall + pp_solaris_remove_service $_svc | pp_prepend $pp_wrkdir/preremove + pp_solaris_remove_service $_svc | pp_prepend $pp_wrkdir/postremove + unset pp_svc_xml_file + done + + test -n "$pp_service_groups" && + for _grp in $pp_service_groups; do + pp_solaris_make_service_group \ + $_grp "`pp_service_get_svc_group $_grp`" + done + + #-- if installf was used; we need to indicate a termination + grep installf $pp_wrkdir/postinstall >/dev/null && + echo 'installf -f $PKGINST' >> $pp_wrkdir/postinstall + + pp_solaris_sum_space + + # NB: pkginfo and copyright are added earlier + for f in compver depend space checkinstall \ + preinstall request postinstall \ + preremove postremove; do + if test -s $pp_wrkdir/$f; then + case $f in + *install|*remove|request) + # turn scripts into a proper shell scripts + mv $pp_wrkdir/$f $pp_wrkdir/$f.tmp + { echo "#!/bin/sh"; + echo "# $f script for ${pp_solaris_name:-$name}-$version" + cat $pp_wrkdir/$f.tmp + echo "exit 0"; } > $pp_wrkdir/$f + chmod +x $pp_wrkdir/$f + rm -f $pp_wrkdir/$f.tmp + ;; + esac + if $pp_opt_debug; then + pp_debug "contents of $f:" + cat $pp_wrkdir/$f >&2 + fi + echo "i $f=$pp_wrkdir/$f" >> $prototype + fi + done + + #-- create the prototype file which lists the files to install + # do this as late as possible because files could be added + pp_solaris_abis_seen= + for _cmp in $pp_components; do + pp_solaris_proto $_cmp < $pp_wrkdir/%files.$_cmp + done >> $prototype + + if test x"$pp_solaris_package_arch" = x"auto"; then + if pp_contains "$pp_solaris_abis_seen" sparc64; then + pp_solaris_package_arch_std="sparc64" + echo "ARCH=sparcv9" >> $pkginfo + elif pp_contains "$pp_solaris_abis_seen" sparc; then + pp_solaris_package_arch_std="sparc" + echo "ARCH=sparc" >> $pkginfo + elif pp_contains "$pp_solaris_abis_seen" x86_64; then + pp_solaris_package_arch_std="x86_64" + echo "ARCH=amd64" >> $pkginfo + elif pp_contains "$pp_solaris_abis_seen" i386; then + pp_solaris_package_arch_std="i386" + echo "ARCH=i386" >> $pkginfo + else + pp_warn "No ELF files found: not supplying an ARCH type" + pp_solaris_package_arch_std="noarch" + fi + else + pp_solaris_package_arch_std="$pp_solaris_package_arch" + echo "ARCH=$pp_solaris_package_arch" >> $pkginfo + fi + + mkdir $pp_wrkdir/pkg + + . $pp_wrkdir/%fixup + +if $pp_opt_debug; then + echo "$pkginfo::"; cat $pkginfo + echo "$prototype::"; cat $prototype +fi >&2 + + pkgmk -d $pp_wrkdir/pkg -f $prototype \ + || { error "pkgmk failed"; return; } + pkgtrans -s $pp_wrkdir/pkg \ + $pp_wrkdir/`pp_backend_solaris_names` \ + ${pp_solaris_name:-$name} \ + || { error "pkgtrans failed"; return; } +} + +pp_backend_solaris_cleanup () { + : +} + +pp_backend_solaris_names () { + echo ${pp_solaris_name:-$name}-$version-${pp_solaris_package_arch_std:-$pp_solaris_arch}.pkg +} + +pp_backend_solaris_install_script () { + typeset pkgname platform + + platform="${pp_solaris_os:-solaris}-${pp_solaris_package_arch_std:-$pp_solaris_arch}" + + echo "#! /sbin/sh" + pp_install_script_common + pkgname=`pp_backend_solaris_names` + + cat <<. + tmpnocheck=/tmp/nocheck\$\$ + tmpresponse=/tmp/response\$\$ + trap 'rm -f \$tmpnocheck \$tmpresponse' 0 + + make_tmpfiles () { + cat <<-.. > \$tmpresponse + CLASSES=\$* + SERVICES=$pp_services +.. + cat <<-.. > \$tmpnocheck + mail= + instance=overwrite + partial=nocheck + runlevel=nocheck + idepend=nocheck + rdepend=nocheck + space=nocheck + setuid=nocheck + conflict=nocheck + action=nocheck + basedir=default +.. + } + + test \$# -eq 0 && usage + op="\$1"; shift + + case "\$op" in + list-components) + test \$# -eq 0 || usage \$op + echo "$pp_components" + ;; + list-services) + test \$# -eq 0 || usage \$op + echo "$pp_services" + ;; + list-files) + test \$# -ge 1 || usage \$op + echo \${PP_PKGDESTDIR:-.}/$pkgname + ;; + install) + test \$# -ge 1 || usage \$op + make_tmpfiles "\$@" + verbose /usr/sbin/pkgadd -n -d \${PP_PKGDESTDIR:-.}/$pkgname \ + -r \$tmpresponse \ + -a \$tmpnocheck \ + ${pp_solaris_name:-$name} + ;; + uninstall) + test \$# -ge 1 || usage \$op + make_tmpfiles "\$@" + verbose /usr/sbin/pkgrm -n \ + -a \$tmpnocheck \ + ${pp_solaris_name:-$name} + ;; + start|stop) + test \$# -ge 1 || usage \$op + ec=0 + for svc + do + verbose /etc/init.d/\$svc \$op || ec=1 + done + exit \$ec + ;; + print-platform) + echo "$platform" + ;; + *) + usage + ;; + esac +. +} + +pp_solaris_dynlib_depend () { + xargs ldd 2>/dev/null | + sed -e '/^[^ ]*:$/d' -e 's,.*=>[ ]*,,' -e 's,^[ ]*,,' | + sort -u | + grep -v '^/usr/platform/' | ( + set -- ""; shift + while read p; do + set -- "$@" -p "$p" + if [ $# -gt 32 ]; then + echo "$# is $#" >&2 + pkgchk -l "$@" + set -- ""; shift + fi + done + [ $# -gt 0 ] && pkgchk -l "$@" + )| + awk '/^Current status:/{p=0} p==1 {print $1} /^Referenced by/ {p=1}' | + sort -u | + xargs -l32 pkginfo -x | + awk 'NR % 2 == 1 { name=$1; } NR%2 == 0 { print name, $2 }' +} + +pp_solaris_add_dynlib_depends () { + typeset tmp + tmp=$pp_wrkdir/tmp.dynlib + + for _cmp in $pp_components; do + awk '{print destdir $6}' destdir="$pp_destdir" \ + < $pp_wrkdir/%files.$_cmp | + pp_solaris_dynlib_depend > $tmp + if test -s $tmp; then + cat $tmp >> $pp_wrkdir/%depend.$_cmp + fi + rm -f $tmp + done +} + +pp_backend_solaris_probe () { + echo "${pp_solaris_os}-${pp_solaris_arch_std}" +} + +pp_backend_solaris_vas_platforms () { + case `pp_backend_solaris_probe` in + sol10-sparc* | sol9-sparc* | sol8-sparc*) + echo solaris8-sparc solaris7-sparc solaris26-sparc;; + sol7-sparc*) echo solaris7-sparc solaris26-sparc;; + sol26-sparc*) echo solaris26-sparc;; + sol8-*86) echo solaris8-x86;; + sol10-*86 | sol10-x86_64) + echo solaris10-x64 solaris8-x86;; + *) pp_die "unknown system `pp_backend_solaris_probe`";; + esac +} +pp_backend_solaris_function() { + case "$1" in + pp_mkgroup) cat<<'.';; + /usr/sbin/groupmod "$1" 2>/dev/null && return 0 + /usr/sbin/groupadd "$1" +. + pp_mkuser:depends) echo pp_mkgroup;; + pp_mkuser) cat<<'.';; + id "$1" >/dev/null 2>/dev/null && return 0 + pp_mkgroup "${2:-$1}" || return 1 + /usr/sbin/useradd \ + -g "${2:-$1}" \ + -d "${3:-/nonexistent}" \ + -s "${4:-/bin/false}" \ + "$1" +. + *) false;; + esac +} + +pp_backend_solaris_init_svc_vars () { + _smf_category=${pp_solaris_smf_category:-application} + _smf_method_envvar_name=${smf_method_envvar_name:-"PP_SMF_SERVICE"} + pp_solaris_service_shell=/sbin/sh +} + +pp_solaris_init_svc () { + smf_version=1 + smf_type=service + solaris_user= + solaris_stop_signal= + solaris_sysv_init_start=S70 # invocation order for start scripts + solaris_sysv_init_kill=K30 # invocation order for kill scripts + solaris_sysv_init_start_states="2" # states to install start link + solaris_sysv_init_kill_states="S 0 1" # states to install kill link + + # + # To have the service be installed to start automatically, + # %service foo + # solaris_sysv_init_start_states="S 0 1 2" + # +} + +pp_solaris_smf () { + typeset f _pp_solaris_service_script svc _pp_solaris_manpage + + pp_solaris_name=${pp_solaris_name:-$name} + pp_solaris_manpath=${pp_solaris_manpath:-"/usr/share/man"} + pp_solaris_mansect=${pp_solaris_mansect:-1} + smf_start_timeout=${smf_start_timeout:-60} + smf_stop_timeout=${smf_stop_timeout:-60} + smf_restart_timeout=${smf_restart_timeout:-60} + + svc=${pp_solaris_smf_service_name:-$1} + _pp_solaris_service_script=${pp_solaris_service_script:-"/etc/init.d/${pp_solaris_service_script_name:-$svc}"} + _pp_solaris_manpage=${pp_solaris_manpage:-$svc} + + if [ -z $pp_svc_xml_file ]; then + pp_svc_xml_file="/var/svc/manifest/$_smf_category/$svc.xml" + echo "## Generating the smf service manifest file for $pp_svc_xml_file" + else + echo "## SMF service manifest file already defined at $pp_svc_xml_file" + if [ -z $pp_solaris_smf_service_name ] || [ -z $pp_solaris_smf_category ] || [ -z $pp_solaris_service_script ] || [ -z $smf_method_envvar_name ]; then + pp_error "All required variables are not set.\n"\ + "When using a custom manifest file all of the following variables must be set:\n"\ + "pp_solaris_smf_service_name, pp_solaris_smf_category, pp_solaris_service_script and smf_method_envvar_name.\n\n"\ + "Example:\n"\ + " \$pp_solaris_smf_category=application\n"\ + " \$pp_solaris_smf_service_name=pp\n\n"\ + " \n\n"\ + "Example:\n"\ + " \$pp_solaris_service_script=/etc/init.d/pp\n\n"\ + " \n\n"\ + "Example:\n"\ + " \$smf_method_envvar_name=PP_SMF_SERVICE\n\n"\ + " \n"\ + " \n"\ + " \n" + + return 1 + fi + return 0 + fi + + f=$pp_svc_xml_file + pp_add_file_if_missing $f || + return 0 + pp_solaris_add_parent_dirs "$f" + + _pp_solaris_smf_dependencies=" + + + + + + + +" + _pp_solaris_smf_dependencies=${pp_solaris_smf_dependencies:-$_pp_solaris_smf_dependencies} + + cat <<-. >$pp_destdir$f + + + + + + + + + + + + $_pp_solaris_smf_dependencies + + $pp_solaris_smf_additional_dependencies + + + + + + + + + + + + + + + $pp_solaris_smf_property_groups + + + + +. +} + +pp_solaris_make_service_group () { + typeset group out file svcs svc + + group="$1" + svcs="$2" + file="/etc/init.d/$group" + out="$pp_destdir$file" + + #-- return if the script is supplied already + pp_add_file_if_missing "$file" run 755 || return 0 + pp_solaris_add_parent_dirs "$file" + + echo "#! /sbin/sh" > $out + echo "# polypkg service group script for these services:" >> $out + echo "svcs=\"$svcs\"" >> $out + + cat <<'.' >>$out + + #-- starts services in order.. stops them all if any break + pp_start () { + undo= + for svc in $svcs; do + if /etc/init.d/$svc start; then + undo="$svc $undo" + else + if test -n "$undo"; then + for svc in $undo; do + /etc/init.d/$svc stop + done + return 1 + fi + fi + done + return 0 + } + + #-- stops services in reverse + pp_stop () { + reverse= + for svc in $svcs; do + reverse="$svc $reverse" + done + rc=0 + for svc in $reverse; do + /etc/init.d/$svc stop || rc=$? + done + return $rc + } + + #-- returns true only if all services return true status + pp_status () { + rc=0 + for svc in $svcs; do + /etc/init.d/$svc status || rc=$? + done + return $rc + } + + case "$1" in + start) pp_start;; + stop) pp_stop;; + status) pp_status;; + restart) pp_stop && pp_start;; + *) echo "usage: $0 {start|stop|restart|status}" >&2; exit 1;; + esac +. +} + +pp_solaris_make_service () { + typeset file out svc + + svc="${pp_solaris_smf_service_name:-$1}" + file=${pp_solaris_service_script:-"/etc/init.d/${pp_solaris_service_script_name:-$svc}"} + out="$pp_destdir$file" + + #-- return if we don't need to create the init script + pp_add_file_if_missing "$file" run 755 || + return 0 + pp_solaris_add_parent_dirs "$file" + + echo "#! /sbin/sh" >$out + echo "#-- This service init file generated by polypkg" >>$out + + #-- Start SMF integration. + if [ -n "$pp_svc_xml_file" ] ; then + cat <<_EOF >>$out +if [ -x /usr/sbin/svcadm ] && [ "x\$1" != "xstatus" ] && [ "t\$$_smf_method_envvar_name" = "t" ] ; then + case "\$1" in + start) + echo "starting $svc" + /usr/sbin/svcadm clear svc:/$_smf_category/$svc:default >/dev/null 2>&1 + /usr/sbin/svcadm enable -s $_smf_category/$svc + RESULT=\$? + if [ "\$RESULT" -ne 0 ] ; then + echo "Error \$RESULT starting $svc" >&2 + fi + ;; + stop) + echo "stopping $svc" + /usr/sbin/svcadm disable -ts $_smf_category/$svc + RESULT=0 + ;; + restart) + echo "restarting $svc" + /usr/sbin/svcadm disable -ts $_smf_category/$svc + /usr/sbin/svcadm clear svc:/$_smf_category/$svc:default >/dev/null 2>&1 + /usr/sbin/svcadm enable -s $_smf_category/$svc + RESULT=\$? + if [ "\$RESULT" -ne 0 ] ; then + echo "Error \$RESULT starting $svc" >&2 + fi + ;; + *) + echo "Usage: $file {start|stop|restart|status}" >&2 + RESULT=1 + esac + exit $RESULT +fi +_EOF + fi + + #-- Construct a start command that builds a pid file as needed + # and forks the daemon. Services started by smf may not fork. + if test -z "$pidfile"; then + # The service does not define a pidfile, so we have to make + # our own up. On Solaris systems where there is no /var/run + # we must use /tmp to guarantee the pid files are removed after + # a system crash. + if test -z "$pp_piddir"; then + pp_piddir="/var/run" + fi + cat <<. >>$out + pp_isdaemon=0 + pp_piddirs="${pp_piddir}${pp_piddir+ }/var/run /tmp" + for pp_piddir in \$pp_piddirs; do + test -d "\$pp_piddir/." && break + done + pidfile="\$pp_piddir/$svc.pid" +. + else + # The service is able to write its own PID file + cat <<. >>$out + pp_isdaemon=1 + pidfile="$pidfile" +. + fi + + pp_su= + if test "${user:-root}" != "root"; then + pp_su="su $user -c exec " + fi + + cat <<. >>$out + stop_signal="${stop_signal:-TERM}" + svc="${svc}" + + # generated command to run $svc as a service + pp_exec () { + if [ \$pp_isdaemon -ne 1 ]; then + if [ "t\$PP_SMF_SERVICE" = "t" ]; then + ${pp_su}$cmd & + echo \$! > \$pidfile + else + echo "via exec." + echo \$$ > \$pidfile + exec ${pp_su}$cmd + return 1 + fi + else + ${pp_su}$cmd + fi + } +. + + #-- write the invariant section of the init script + cat <<'.' >>$out + + # returns true if $svc is running + pp_running () { + if test -s "$pidfile"; then + read pid < "$pidfile" 2>/dev/null + if test ${pid:-0} -gt 1 && kill -0 "$pid" 2>/dev/null; then + # make sure command name matches up to the first 8 chars + c="`echo $cmd | sed -e 's: .*::' -e 's:^.*/::' -e 's/^\(........\).*$/\1/'`" + pid="`ps -p $pid 2>/dev/null | sed -n \"s/^ *\($pid\) .*$c *$/\1/p\"`" + if test -n "$pid"; then + return 0 + fi + fi + fi + return 1 + } + + # prints a message describing $svc's running state + pp_status () { + if pp_running; then + echo "service $svc is running (pid $pid)" + return 0 + elif test -f "$pidfile"; then + echo "service $svc is not running, but pid file exists" + return 2 + else + echo "service $svc is not running" + return 1 + fi + } + + # starts $svc + pp_start () { + if pp_running; then + echo "service $svc already running" >&2 + return 0 + fi + echo "starting $svc... \c" + if pp_exec; then + echo "done." + else + echo "ERROR." + exit 1 + fi + } + + # stops $svc + pp_stop () { + if pp_running; then + echo "stopping $svc... \c" + if kill -$stop_signal $pid; then + rm -f "$pidfile" + echo "done." + else + echo "ERROR." + return 1 + fi + else + echo "service $svc already stopped" >&2 + return 0 + fi + } + + umask 022 + case "$1" in + start) pp_start;; + stop) pp_stop;; + status) pp_status;; + restart) pp_stop && pp_start;; + *) echo "usage: $0 {start|stop|restart|status}" >&2; exit 1;; + esac +. +} + +pp_solaris_remove_service () { + typeset file svc + + svc="${pp_solaris_smf_service_name:-$1}" + file=${pp_solaris_service_script:-"/etc/init.d/${pp_solaris_service_script_name:-$svc}"} + + echo ' +if [ "x${PKG_INSTALL_ROOT}" = 'x' ]; then + if [ -x /usr/sbin/svcadm ] ; then + /usr/sbin/svcadm disable -s '$svc' 2>/dev/null + if [ `uname -r` = 5.10 ] || [ "'${pp_svc_xml_file%/*/*}'" != "/var/svc/manifest" ]; then + /usr/sbin/svccfg delete '$svc' 2>/dev/null + else + /usr/sbin/svcadm restart manifest-import 2>/dev/null + fi + else + '$file' stop >/dev/null 2>/dev/null + fi +fi + ' +} + +pp_solaris_install_service () { + typeset s k l file svc + + svc="${pp_solaris_smf_service_name:-$1}" + file=${pp_solaris_service_script:-"/etc/init.d/${pp_solaris_service_script_name:-$svc}"} + + s="${solaris_sysv_init_start}$svc" + k="${solaris_sysv_init_kill}$svc" + + echo ' +if [ "x${PKG_INSTALL_ROOT}" != "x" ]; then + if [ -x ${PKG_INSTALL_ROOT}/usr/sbin/svcadm ]; then + if [ `uname -r` = 5.10 ] || [ "'${pp_svc_xml_file%/*/*}'" != "/var/svc/manifest" ]; then + echo "/usr/sbin/svccfg import '$pp_svc_xml_file' 2>/dev/null" >> ${PKG_INSTALL_ROOT}/var/svc/profile/upgrade + else + echo "/usr/sbin/svcadm restart manifest-import 2>/dev/null" >> ${PKG_INSTALL_ROOT}/var/svc/profile/upgrade + fi + else' + test -n "${solaris_sysv_init_start_states}" && + for state in ${solaris_sysv_init_start_states}; do + l="/etc/rc$state.d/$s" + echo "echo '$l'" + echo "installf -c run \$PKGINST \$PKG_INSTALL_ROOT$l=$file s" + pp_solaris_space /etc/rc$state.d 0 1 + done + test -n "${solaris_sysv_init_kill_states}" && + for state in ${solaris_sysv_init_kill_states}; do + l="/etc/rc$state.d/$k" + echo "echo '$l'" + echo "installf -c run \$PKGINST \$PKG_INSTALL_ROOT$l=$file s" + pp_solaris_space /etc/rc$state.d 0 1 + done + echo ' + fi +else + if [ -x /usr/sbin/svcadm ]; then + echo "Registering '$svc' with SMF" + /usr/sbin/svcadm disable -s '$svc' 2>/dev/null + if [ `uname -r` = 5.10 ] || [ "'${pp_svc_xml_file%/*/*}'" != "/var/svc/manifest" ]; then + /usr/sbin/svccfg delete '$svc' 2>/dev/null + /usr/sbin/svccfg import '$pp_svc_xml_file' + else + /usr/sbin/svcadm restart manifest-import + # Wait for import to complete, otherwise it will not know + # about our service until after we try to start it + echo Waiting for manifest-import... + typeset waited + waited=0 + while [ $waited -lt 15 ] && ! /usr/bin/svcs -l '$svc' >/dev/null 2>&1; do + sleep 1 + waited=`expr $waited + 1` + done + if /usr/bin/svcs -l '$svc' >/dev/null 2>&1; then + echo OK + else + echo manifest-import took to long, you might have to control '$svc' manually. + fi + fi + else' + test -n "${solaris_sysv_init_start_states}" && + for state in ${solaris_sysv_init_start_states}; do + l="/etc/rc$state.d/$s" + echo "echo '$l'" + echo "installf -c run \$PKGINST \$PKG_INSTALL_ROOT$l=$file s" + pp_solaris_space /etc/rc$state.d 0 1 + done + test -n "${solaris_sysv_init_kill_states}" && + for state in ${solaris_sysv_init_kill_states}; do + l="/etc/rc$state.d/$k" + echo "echo '$l'" + echo "installf -c run \$PKGINST \$PKG_INSTALL_ROOT$l=$file s" + pp_solaris_space /etc/rc$state.d 0 1 + done + echo ' + fi +fi' +} + +pp_solaris_add_parent_dirs () { + typeset dir + + dir=${1%/*} + while test -n "$dir"; do + if awk "\$6 == \"$dir/\" {exit 1}" < $pp_wrkdir/%files.run; then + echo "d - - - - $dir/" >> $pp_wrkdir/%files.run + fi + dir=${dir%/*} + done +} + +pp_platforms="$pp_platforms deb" + +pp_backend_deb_detect () { + test -f /etc/debian_version +} + +pp_deb_cmp_full_name () { + local prefix + prefix="${pp_deb_name:-$name}" + case "$1" in + run) echo "${prefix}" ;; + dbg) echo "${prefix}-${pp_deb_dbg_pkgname}";; + dev) echo "${prefix}-${pp_deb_dev_pkgname}";; + doc) echo "${prefix}-${pp_deb_doc_pkgname}";; + *) pp_error "unknown component '$1'"; + esac +} + +pp_backend_deb_init () { + pp_deb_dpkg_version="2.0" + pp_deb_name= + pp_deb_version= + pp_deb_release= + pp_deb_arch= + pp_deb_arch_std= + pp_deb_maintainer="One Identity LLC " + pp_deb_copyright= + pp_deb_distro= + pp_deb_control_description= + pp_deb_summary= + pp_deb_description= + pp_deb_dbg_pkgname="dbg" + pp_deb_dev_pkgname="dev" + pp_deb_doc_pkgname="doc" + pp_deb_section=contrib # Free software that depends on non-free software + + # Detect the host architecture + pp_deb_detect_arch + + # Make sure any programs we require are installed + pp_deb_check_required_programs +} + +pp_deb_check_required_programs () { + local p needed notfound ok + needed= notfound= + for prog in dpkg dpkg-deb install md5sum fakeroot + do + if which $prog 2>/dev/null >/dev/null; then + pp_debug "$prog: found" + else + pp_debug "$prog: not found" + case "$prog" in + dpkg|dpkg-deb) p=dpkg;; + install|md5sum) p=coreutils;; + fakeroot) p=fakeroot;; + *) pp_die "unexpected dpkg tool $prog";; + esac + notfound="$notfound $prog" + pp_contains "$needed" "$p" || needed="$needed $p" + fi + done + if [ -n "$notfound" ]; then + pp_error "cannot find these programs: $notfound" + pp_error "please install these packages: $needed" + fi +} + +pp_deb_munge_description () { + # Insert a leading space on each line, replace blank lines with a + #space followed by a full-stop. + pp_deb_control_description="`echo ${pp_deb_description:-$description} | \ + sed 's,^\(.*\)$, \1, ' | sed 's,^[ \t]*$, .,g' | fmt -w 80`" +} + +pp_deb_detect_arch () { + pp_deb_arch=`dpkg-architecture -qDEB_HOST_ARCH` + pp_deb_arch_std=`uname -m` +} + +pp_deb_sanitize_version() { + echo "$@" | tr -d -c '[:alnum:].+-:~' +} + +pp_deb_version_final() { + if test -n "$pp_deb_version"; then + # Don't sanitize; assume the user is sane (hah!) + echo "$pp_deb_version" + else + pp_deb_sanitize_version "$version" + fi +} + +pp_deb_conflict () { + local _name _vers _conflicts + + _conflicts="Conflicts:" + while read _name _vers; do + case "$_name" in ""| "#"*) continue ;; esac + _conflicts="$_conflicts $_name" + test -n "$_vers" && _conflicts="$_conflicts $_name (>= $vers)" + _conflicts="${_conflicts}," + done + echo "${_conflicts%,}" +} + +pp_deb_make_control() { + local cmp="$1" + local installed_size + + # compute the installed size + installed_size=`pp_deb_files_size < $pp_wrkdir/%files.$cmp` + + package_name=`pp_deb_cmp_full_name "$cmp"` + cat <<-. + Package: ${package_name} + Version: `pp_deb_version_final`-${pp_deb_release:-1} + Section: ${pp_deb_section:-contrib} + Priority: optional + Architecture: ${pp_deb_arch} + Maintainer: ${pp_deb_maintainer:-$maintainer} + Description: ${pp_deb_summary:-$summary} + ${pp_deb_control_description} + Installed-Size: ${installed_size} +. + if test -s $pp_wrkdir/%depend."$cmp"; then + sed -ne '/^[ ]*$/!s/^[ ]*/Depends: /p' \ + < $pp_wrkdir/%depend."$cmp" + fi + if test -s $pp_wrkdir/%conflict."$cmp"; then + pp_deb_conflict < $pp_wrkdir/%conflict."$cmp" + fi +} + +pp_deb_make_md5sums() { + local cmp="$1"; shift + local pkg_dir + + pkg_dir=$pp_wrkdir/`pp_deb_cmp_full_name $cmp` + (cd $pkg_dir && md5sum "$@") > $pkg_dir/DEBIAN/md5sums || + pp_error "cannot make md5sums" +} + +pp_deb_make_package_maintainer_script() { + local output="$1" + local source="$2" + local desc="$3" + + # See if we need to create this script at all + if [ -s "$source" ] + then + + # Create header + cat <<-. >$output || pp_error "Cannot create $output" + #!/bin/sh + # $desc + # Generated by PolyPackage $pp_version + +. + + cat $source >> "$output" || pp_error "Cannot append to $output" + + # Set perms + chmod 755 "$output" || pp_error "Cannot chmod $output" + fi +} + +pp_deb_handle_services() { + local svc + + #-- add service start/stop code + if test -n "$pp_services"; then + #-- append common %post install code + pp_systemd_service_install_common >> $pp_wrkdir/%post.run + + #-- record the uninstall commands in reverse order + for svc in $pp_services; do + pp_load_service_vars $svc + + # Create init script and systemd service file (unless they exists) + pp_deb_service_make_service_files $svc || + pp_error "could not create service files for $svc" + + #-- append %post code to install the svc + test x"yes" = x"$enable" && + cat<<-. >> $pp_wrkdir/%post.run + + case "\$1" in + configure) + # Install the service links + _pp_systemd_init + if test -n "\$systemctl_cmd"; then + _pp_systemd_install $svc + _pp_systemd_enable $svc + else + update-rc.d $svc defaults + fi + ;; + esac +. + + #-- prepend %preun code to stop svc + cat<<-. | pp_prepend $pp_wrkdir/%preun.run + + case "\$1" in + remove|deconfigure|upgrade) + # Stop the $svc service + invoke-rc.d $svc stop + _pp_systemd_disable $svc + ;; + esac +. + + #-- prepend %postun code to remove service + cat<<-. | pp_prepend $pp_wrkdir/%postun.run + + case "\$1" in + purge) + # Remove the service links + update-rc.d $svc remove + _pp_systemd_remove $svc + ;; + esac +. + done + + pp_systemd_service_remove_common | pp_prepend $pp_wrkdir/%preun.run + #pp_deb_service_remove_common | pp_prepend $pp_wrkdir/%preun.run + + # Actual systemd service removal is done in %postun. + # Otherwise, systemd may pick up the init.d script if it exists. + pp_systemd_service_remove_common | pp_prepend $pp_wrkdir/%postun.run + fi + +} +pp_deb_fakeroot () { + if test -s $pp_wrkdir/fakeroot.save; then + fakeroot -i $pp_wrkdir/fakeroot.save -s $pp_wrkdir/fakeroot.save "$@" + else + fakeroot -s $pp_wrkdir/fakeroot.save "$@" + fi +} + +pp_deb_files_size () { + local t m o g f p st + while read t m o g f p st; do + case $t in + f|s) du -k "${pp_destdir}$p";; + d) echo 4;; + esac + done | awk '{n+=$1} END {print n}' +} + +pp_deb_make_DEBIAN() { + local cmp="${1:-run}" + local data cmp_full_name + local old_umask + + old_umask=`umask` + umask 0022 + cmp_full_name=`pp_deb_cmp_full_name $cmp` + data=$pp_wrkdir/$cmp_full_name + + # Create DEBIAN dir $data/DEBIAN + mkdir -p $data/DEBIAN + + # Create control file + pp_deb_make_control $cmp > $data/DEBIAN/control + + # Copy in conffiles + if test -f $pp_wrkdir/%conffiles.$cmp; then + cp $pp_wrkdir/%conffiles.$cmp $data/DEBIAN/conffiles + fi + + # Create preinst + pp_deb_make_package_maintainer_script "$data/DEBIAN/preinst" \ + "$pp_wrkdir/%pre.$cmp" "Pre-install script for $cmp_full_name"\ + || exit $? + + # Create postinst + pp_deb_make_package_maintainer_script "$data/DEBIAN/postinst" \ + "$pp_wrkdir/%post.$cmp" "Post-install script for $cmp_full_name"\ + || exit $? + + # Create prerm + pp_deb_make_package_maintainer_script "$data/DEBIAN/prerm" \ + "$pp_wrkdir/%preun.$cmp" "Pre-uninstall script for $cmp_full_name"\ + || exit $? + + # Create postrm + pp_deb_make_package_maintainer_script "$data/DEBIAN/postrm" \ + "$pp_wrkdir/%postun.$cmp" "Post-uninstall script for $cmp_full_name"\ + || exit $? + + umask $old_umask +} + +pp_deb_make_data() { + local _l t m o g f p st data + local data share_doc owner group + cmp=$1 + data=$pp_wrkdir/`pp_deb_cmp_full_name $cmp` + cat $pp_wrkdir/%files.${cmp} | while read t m o g f p st; do + if test x"$m" = x"-"; then + case "$t" in + d) m=755;; + f) m=644;; + esac + fi + test x"$o" = x"-" && o=root + test x"$g" = x"-" && g=root + case "$t" in + f) # Files + pp_deb_fakeroot install -D -o $o -g $g -m ${m} $pp_destdir/$p $data/$p; + if [ x"$f" = x"v" ] + then + # File marked as "volatile". Assume this means it's a conffile + # TODO: check this as admins like modified conffiles to be left + # behind + echo "$p" >> $pp_wrkdir/%conffiles.$cmp + fi;; + + d) # Directories + pp_deb_fakeroot install -m ${m} -o $o -g $g -d $data/$p;; + + s) # Symlinks + # Remove leading / from vars + rel_p=`echo $p | sed s,^/,,` + rel_st=`echo $st | sed s,^/,,` + # TODO: we are always doing absolute links here. We should follow + # the debian policy of relative links when in the same top-level + # directory + (cd $data; ln -sf $st $rel_p);; + *) pp_error "Unsupported data file type: $t";; + esac + done + + # If no copyright file is present add one. This is a debian requirement. + share_doc="/usr/share/doc/`pp_deb_cmp_full_name $cmp`" + if [ ! -f "$data/$share_doc/copyright" ] + then + echo "${pp_deb_copyright:-$copyright}" > "$pp_wrkdir/copyright" + install -D -m 644 "$pp_wrkdir/copyright" "$data/$share_doc/copyright" + fi + +} + +pp_deb_makedeb () { + local cmp + local package_build_dir + + cmp="$1" + + package_build_dir=$pp_wrkdir/`pp_deb_cmp_full_name $cmp` + + # Create package dir + mkdir -p $package_build_dir + + # Copy in data + pp_deb_make_data $cmp || + pp_die "Could not make DEBIAN data files for $cmp" + + # Make control files + # must be done after copying data so conffiles are found + pp_deb_make_DEBIAN $cmp || + pp_die "Could not make DEBIAN control files for $cmp" + + # Create md5sums + pp_deb_make_md5sums $cmp `(cd $package_build_dir; + find . -name DEBIAN -prune -o -type f -print | sed "s,^\./,,")` || + pp_die "Could not make DEBIAN md5sums for $cmp" +} + +pp_backend_deb () { + local debname + + # Munge description for control file inclusion + pp_deb_munge_description + + # Handle services + pp_deb_handle_services $cmp + + for cmp in $pp_components + do + debname=`pp_deb_name $cmp` + pp_deb_makedeb $cmp + done + + . $pp_wrkdir/%fixup + + for cmp in $pp_components + do + debname=`pp_deb_name $cmp` + # Create debian package + pp_debug "Building `pp_deb_cmp_full_name $cmp` -> $output" + pp_deb_fakeroot dpkg-deb \ + --build $pp_wrkdir/`pp_deb_cmp_full_name $cmp` \ + $pp_wrkdir/$debname || + pp_error "failed to create $cmp package" + done +} + +pp_backend_deb_cleanup () { + # rm -rf $pp_wrkdir + : +} + +pp_deb_name () { + local cmp="${1:-run}" + echo `pp_deb_cmp_full_name $cmp`"_"`pp_deb_version_final`"-${pp_deb_release:-1}_${pp_deb_arch}.deb" +} +pp_backend_deb_names () { + for cmp in $pp_components + do + pp_deb_name $cmp + done +} + +pp_backend_deb_install_script () { + local cmp _cmp_full_name + + echo "#!/bin/sh" + pp_install_script_common + + cat <<. + + cmp_to_pkgname () { + test x"\$*" = x"all" && + set -- $pp_components + for cmp + do + case \$cmp in +. + for cmp in $pp_components; do + echo "$cmp) echo '`pp_deb_cmp_full_name $cmp`';;" + done + cat <<. + *) usage;; + esac + done + } + + + cmp_to_pathname () { + test x"\$*" = x"all" && + set -- $pp_components + for cmp + do + case \$cmp in +. + for cmp in $pp_components; do + echo "$cmp) echo \${PP_PKGDESTDIR:-.}/'`pp_deb_name $cmp`';;" + done + cat <<. + *) usage;; + esac + done + } + + test \$# -eq 0 && usage + op="\$1"; shift + case "\$op" in + list-components) + test \$# -eq 0 || usage \$op + echo $pp_components + ;; + list-services) + test \$# -eq 0 || usage \$op + echo $pp_services + ;; + list-files) + test \$# -ge 1 || usage \$op + cmp_to_pathname "\$@" + ;; + install) + test \$# -ge 1 || usage \$op + dpkg --install \`cmp_to_pathname "\$@"\` + ;; + uninstall) + test \$# -ge 1 || usage \$op + dpkg --remove \`cmp_to_pkgname "\$@"\`; : + ;; + start|stop) + test \$# -ge 1 || usage \$op + ec=0 + for svc + do + /etc/init.d/\$svc \$op || ec=1 + done + exit \$ec + ;; + print-platform) + test \$# -eq 0 || usage \$op + echo "linux-${pp_deb_arch}" + ;; + *) + usage + ;; + esac +. +} + +pp_backend_deb_probe() { + local arch distro release + + pp_deb_detect_arch + + # /etc/debian_version exists on Debian & Ubuntu, so it's no use + # to us. Use lsb_release instead. + + case `(lsb_release -is || echo no-lsb) 2>/dev/null` in + Debian) + distro=deb + ;; + Ubuntu) + distro=ubu + ;; + no-lsb) + echo unknown-$pp_deb_arch_std + return 0 + ;; + *) + distro=unknown + ;; + esac + + release=`lsb_release -rs` + + # If release is not numeric, use the codename + case $release in + *[!.0-9r]*) + release=`lsb_release -cs` + case $release in + buzz) + release="11" + ;; + rex) + release="12" + ;; + bo) + release="13" + ;; + hamm) + release="20" + ;; + slink) + release="21" + ;; + potato) + release="22" + ;; + woody) + release="30" + ;; + sarge) + release="31" + ;; + etch) + release="40" + ;; + lenny) + release="50" + ;; + squeeze) + release="60" + ;; + wheezy) + release="70" + ;; + jessie) + release="80" + ;; + stretch) + release="90" + ;; + esac + ;; + *) + # Remove trailing revision number and any dots + release=`echo $release | cut -dr -f1 | tr -d .` + ;; + esac + + echo $distro$release-$pp_deb_arch_std +} + +pp_backend_deb_vas_platforms () { + case "$pp_deb_arch_std" in + x86_64) echo "linux-x86_64.deb";; # DO NOT add linux-x86.deb here!! + *86) echo "linux-x86.deb";; + *) pp_die "unknown architecture ${pp_deb_arch_std}";; + esac +} +pp_backend_deb_init_svc_vars () { + + reload_signal= + start_runlevels=${pp_deb_default_start_runlevels-"2 3 4 5"} # == lsb default-start + stop_runlevels=${pp_deb_default_stop_runlevels-"0 1 6"} # == lsb default-stop + svc_description="${pp_deb_default_svc_description}" # == lsb short descr + svc_process= + svc_init_filename="${pp_deb_svc_init_filename}" # == $svc.init + svc_init_filepath="${pp_deb_svc_init_filepath}" # == /etc/init.d/ by default + + lsb_required_start='$local_fs $network' + lsb_should_start= + lsb_required_stop='$local_fs' + lsb_description= + + start_priority=50 + stop_priority=50 #-- stop_priority = 100 - start_priority +} + +pp_deb_service_make_service_files () { + local svc=${svc_init_filename:-$1} + local script="${svc_init_filepath:-"/etc/init.d"}/$svc" + local out=$pp_destdir$script + local _process _cmd + + pp_add_file_if_missing $script run 755 v || return 0 + + #-- start out as an empty shell script + cat <<-'.' >$out + #!/bin/sh +. + + #-- determine the process name from $cmd unless $svc_process is given + set -- $cmd + #_process=${svc_process:-"$1"} --? WTF + + #-- construct a start command that builds a pid file if needed + #-- the command name in /proc/[pid]/stat is limited to 15 characters + _cmd="$cmd"; + _cmd_path=`echo $cmd | cut -d" " -f1` + _cmd_name=`basename $_cmd_path | cut -c1-15` + _cmd_args=`echo $cmd | cut -d" " -f2-` + test x"$_cmd_path" != x"$_cmd_args" || _cmd_args= + + #-- generate the LSB init info + cat <<-. >>$out + ### BEGIN INIT INFO + # Provides: ${svc} + # Required-Start: ${lsb_required_start} + # Should-Start: ${lsb_should_start} + # Required-Stop: ${lsb_required_stop} + # Default-Start: ${start_runlevels} + # Default-Stop: ${stop_runlevels} + # Short-Description: ${svc_description:-no description} + ### END INIT INFO + # Generated by PolyPackage ${pp_version} + # ${copyright} + +. + + if test x"${svc_description}" = x"${pp_deb_default_svc_description}"; then + svc_description= + fi + + #-- write service-specific definitions + cat <<. >>$out +NAME="${_cmd_name}" +DESC="${svc_description:-$svc service}" +USER="${user}" +GROUP="${group}" +PIDFILE="${pidfile}" +STOP_SIGNAL="${stop_signal}" +RELOAD_SIGNAL="${reload_signal}" +CMD="${_cmd}" +DAEMON="${_cmd_path}" +DAEMON_ARGS="${_cmd_args}" +SCRIPTNAME=${script} +. + + #-- write the generic part of the init script + cat <<'.' >>$out + +[ -x "$DAEMON" ] || exit 0 + +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +[ -f /etc/default/rcS ] && . /etc/default/rcS + +. /lib/lsb/init-functions + +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + if [ -n "$PIDFILE" ] + then + pidfile_opt="--pidfile $PIDFILE" + else + pidfile_opt="--make-pidfile --background --pidfile /var/run/$NAME.pid" + fi + if [ -n "$USER" ] + then + user_opt="--user $USER" + fi + if [ -n "$GROUP" ] + then + group_opt="--group $GROUP" + fi + + start-stop-daemon --start --quiet $pidfile_opt $user_opt --exec $DAEMON --test > /dev/null \ + || return 1 + + # Note: there seems to be no way to tell whether the daemon will fork itself or not, so pass + # --background for now + start-stop-daemon --start --quiet $pidfile_opt $user_opt --exec $DAEMON -- \ + $DAEMON_ARGS \ + || return 2 +} + +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + if [ -n "$PIDFILE" ] + then + pidfile_opt="--pidfile $PIDFILE" + else + pidfile_opt="--pidfile /var/run/$NAME.pid" + fi + if [ -n "$USER" ] + then + user_opt="--user $USER" + fi + if [ -n $STOP_SIGNAL ] + then + signal_opt="--signal $STOP_SIGNAL" + fi + start-stop-daemon --stop --quiet $signal_opt --retry=TERM/30/KILL/5 $pidfile_opt --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + test -z $PIDFILE || rm -f $PIDFILE + return "$RETVAL" +} + +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + if [ -n "$PIDFILE" ] + then + pidfile_opt="--pidfile $PIDFILE" + else + pidfile_opt="--pidfile /var/run/$NAME.pid" + fi + if [ -n "$RELOAD_SIGNAL" ] + then + start-stop-daemon --stop --signal $RELOAD_SIGNAL --quiet $pidfile_opt --name $NAME + fi + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + reload|force-reload) + if [ -n "$RELOAD_SIGNAL" ] + then + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + else + # Do a restart instead + "$0" restart + fi + ;; + restart) + # + # If the "reload" option is implemented then remove the + # 'force-reload' alias + # + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: +. + chmod 755 $out + + # Create systemd service file + pp_systemd_make_service_file $svc +} +pp_backend_deb_function() { + case "$1" in + pp_mkgroup) cat<<'.';; + /usr/sbin/groupmod "$1" 2>/dev/null && return 0 + /usr/sbin/groupadd "$1" +. + pp_mkuser:depends) echo pp_mkgroup;; + pp_mkuser) cat<<'.';; + pp_tmp_system= + id -u "$1" >/dev/null 2>/dev/null && return 0 + # deb 3.1's useradd changed API in 4.0. Gah! + /usr/sbin/useradd --help 2>&1 | /bin/grep -q .--system && + pp_tmp_system=--system + pp_mkgroup "${2:-$1}" || return 1 + /usr/sbin/useradd \ + -g "${2:-$1}" \ + -d "${3:-/nonexistent}" \ + -s "${4:-/bin/false}" \ + $pp_tmp_system \ + "$1" +. + pp_havelib) cat<<'.';; + for pp_tmp_dir in `echo "/usr/lib:/lib${3:+:$3}" | tr : ' '`; do + test -r "$pp_tmp_dir/lib$1.so{$2:+.$2}" && return 0 + done + return 1 +. + *) false;; + esac +} + +pp_platforms="$pp_platforms kit" + +pp_backend_kit_detect () { + test x"$1" = x"OSF1" +} + +pp_backend_kit_init () { + pp_kit_name= + pp_kit_package= + pp_kit_desc= + pp_kit_version= + pp_kit_subset= + pp_readlink_fn=pp_ls_readlink + pp_kit_startlevels="2 3" + pp_kit_stoplevels="0 2 3" +} + +pp_backend_kit () { + typeset mi_file k_file svc outfile + typeset desc + + pp_backend_kit_names > /dev/null + + if test -z "$pp_kit_desc"; then + pp_kit_desc="$description" + fi + + mi_file="$pp_wrkdir/$pp_kit_subset.mi" + k_file="$pp_wrkdir/$pp_kit_subset.k" + scp_file="$pp_wrkdir/$pp_kit_subset.scp" + + desc="${pp_kit_desc:-$description}" + + cat <<-. >> $k_file + NAME='$name' + CODE=$pp_kit_name + VERS=$pp_kit_version + MI=$mi_file + COMPRESS=0 + %% + $pp_kit_subset . 0 '$desc' +. + + if test -n "$pp_services"; then + for svc in $pp_services; do + pp_kit_make_service $svc + pp_prepend $pp_wrkdir/%preun.run <<-. + /sbin/init.d/$svc stop +. + done + fi + + pp_backend_kit_make_mi "$mi_file" + pp_backend_kit_make_scp + #rm -rf $pp_wrkdir/kit_dest + mkdir -p $pp_wrkdir/kit_dest + pp_backend_kit_kits $k_file $pp_opt_destdir $pp_wrkdir/kit_dest + tar cvf $pp_wrkdir/$pp_kit_subset.tar -C $pp_wrkdir/kit_dest . + gzip -c $pp_wrkdir/$pp_kit_subset.tar > $pp_wrkdir/$pp_kit_subset.tar.gz + #rm -rf $pp_wrkdir/$pp_kit_subset.tar $pp_wrkdir/scps +} + +pp_backend_kit_make_mi () { + # XXX this information should go into the .inv files + typeset t m o g f p st line dm + while read t m o g f p st; do + case $t in + f|d) + echo "0 .$p $pp_kit_subset" + echo " chmod $m $p" >> $pp_wrkdir/%post.run + if [ x"$o" = x"-" ] ; then + echo " chown root $p" >> $pp_wrkdir/%post.run + else + echo " chown $o $p" >> $pp_wrkdir/%post.run + fi + if [ x"$g" = x"-" ] ; then + echo " chgrp 0 $p" >> $pp_wrkdir/%post.run + else + echo " chgrp $g $p" >> $pp_wrkdir/%post.run + fi + ;; + s) + echo " ln -s $st $p" >> $pp_wrkdir/%post.run + echo " rm -f $p" >> $pp_wrkdir/%preun.run + ;; + esac + done < $pp_wrkdir/%files.run | sort -k3 |uniq > $1 +} + + +pp_backend_kit_make_scp () { + scpdir="$pp_wrkdir/scps" + mkdir "$scpdir" && touch "$scpdir"/$pp_kit_subset.scp + cat <"$scpdir"/$pp_kit_subset.scp + + . /usr/share/lib/shell/libscp + + case "\$ACT" in + PRE_L) + STL_ScpInit + + + + ;; + POST_L) + STL_ScpInit + STL_LinkCreate +EOF + + cat $pp_wrkdir/%post.run >>"$scpdir"/$pp_kit_subset.scp + cat >>"$scpdir"/$pp_kit_subset.scp <>"$scpdir"/$pp_kit_subset.scp + cat >>"$scpdir"/$pp_kit_subset.scp </dev/null || + /usr/sbin/groupadd $1 +. + pp_mkuser) cat <<'.';; + eval user=\$$# + grep "^$user:" /etc/passwd >/dev/null || + /usr/sbin/useradd -s /usr/bin/false "$@" +. + pp_havelib) cat <<'.';; + for dir in `echo /usr/lib${3+:$3} | tr : ' '`; do + test -r "$dir/lib$1.${2-sl}" && return 0 + done + return 1 +. + *) pp_error "unknown function request: $1";; + esac +} + +pp_backend_kit_init_svc_vars () { + : +} + +pp_backend_kit_probe () { + echo tru64-`uname -r | sed 's/V\([0-9]*\)\.\([0-9]*\)/\1\2/'` +} + +pp_kit_service_group_script () { + typeset grp svcs scriptpath out + grp="$1" + svcs="$2" + scriptpath="/sbin/init.d/$grp" + out="$pp_destdir$scriptpath" + + pp_add_file_if_missing $scriptpath run 755 || return 0 + + cat <<-. > $out + #!/sbin/sh + # generated by pp $pp_version + svcs="$svcs" +. + +cat <<-'.' >> $out + #-- starts services in order.. stops them all if any break + pp_start () { + undo= + for svc in $svcs; do + /sbin/init.d/$svc start + case $? in + 0|4) + undo="$svc $undo" + ;; + *) + if test -n "$undo"; then + for svc in $undo; do + /sbin/init.d/$svc stop + done + return 1 + fi + ;; + esac + done + return 0 + } + + #-- stops services in reverse + pp_stop () { + reverse= + for svc in $svcs; do + reverse="$svc $reverse" + done + rc=0 + for svc in $reverse; do + /sbin/init.d/$svc stop || rc=$? + done + return $rc + } + + case "$1" in + start_msg) echo "Starting $svcs";; + stop_msg) echo "Stopping $svcs";; + start) pp_start;; + stop) pp_stop;; + *) echo "usage: $0 {start|stop|start_msg|stop_msg}" + exit 1;; + esac +. +} + +pp_kit_service_script () { + typeset svc scriptpath out + + svc="$1" + scriptpath="/sbin/init.d/$svc" + + pp_load_service_vars "$svc" + + test -n "$user" -a x"$user" != x"root" && + cmd="SHELL=/usr/bin/sh /usr/bin/su $user -c \"exec `echo $cmd | sed -e 's,[$\\\`],\\&,g'`\"" + if test -z "$pidfile"; then + pidfile="/var/run/$svc.pid" + cmd="$cmd & echo \$! > \$pidfile" + fi + + pp_add_file_if_missing $scriptpath run 755 + + cat <<-. > $pp_destdir$scriptpath + svc="$svc" + pidfile="$pidfile" + + pp_start () { + $cmd + } +. + cat <<-'.' >>$pp_destdir$scriptpath + pp_stop () { + if test ! -s "$pidfile"; then + echo "Unable to stop $svc (no pid file)" + return 1 + else + read pid < "$pidfile" + if kill -0 "$pid" 2>/dev/null; then + if kill -${stop_signal:-TERM} "$pid"; then + rm -f "$pidfile" + return 0 + else + echo "Unable to stop $svc" + return 1 + fi + else + rm -f "$pidfile" + return 0 + fi + fi + } + + pp_running () { + if test ! -s "$pidfile"; then + return 1 + else + read pid < "$pidfile" + kill -0 "$pid" 2>/dev/null + fi + } + case "$1" in + start_msg) echo "Starting the $svc service";; + stop_msg) echo "Stopping the $svc service";; + start) + if pp_running; then + echo "$svc already running"; + exit 0 + elif pp_start; then + echo "$svc started"; + # rc(1M) says we should exit 4, but nobody expects it! + exit 0 + else + exit 1 + fi + ;; + stop) + if pp_stop; then + echo "$svc stopped"; + exit 0 + else + exit 1 + fi + ;; + *) echo "usage: $0 {start|stop|start_msg|stop_msg}" + exit 1 + ;; + esac +. +} + +pp_kit_make_service () { + typeset level priority startlevels stoplevels + typeset svc svcvar + + svc="$1" + svcvar=`pp_makevar $svc` + + #-- don't do anything if the script exists + if test -s "$pp_destdir/sbin/init.d/$svc"; then + pp_error "$pp_destdir/sbin/init.d/$svc exists" + return + fi + + # symlink the script, depending on the priorities chosen + eval priority='${pp_kit_priority_'$svcvar'}' + test -z "$priority" && priority="${pp_kit_priority:-50}" + + eval startlevels='${pp_kit_startlevels_'$svcvar'}' + test -z "$startlevels" && startlevels="$pp_kit_startlevels" + + eval stoplevels='${pp_kit_stoplevels_'$svcvar'}' + test -z "$stoplevels" && stoplevels="$pp_kit_stoplevels" + + # create the script and config file + pp_kit_service_script $svc + + # fix the priority up + case "$priority" in + ???) :;; + ??) priority=0$priority;; + ?) priority=00$priority;; + esac + + if test x"$stoplevels" = x"auto"; then + stoplevels= + test -z "$startlevels" || for level in $startlevels; do + stoplevels="$stoplevels `expr $level - 1`" + done + fi + + # create the symlinks + test -z "$startlevels" || for level in $startlevels; do + echo " ln -s /sbin/init.d/$svc /sbin/rc$level.d/S$priority$svc" >>$pp_wrkdir/%post.run + echo " rm /sbin/rc$level.d/S$priority$svc" >>$pp_wrkdir/%preun.run + done + test -z "$stoplevels" || for level in $stoplevels; do + echo " ln -s /sbin/init.d/$svc /sbin/rc$level.d/K$priority$svc" >>$pp_wrkdir/%post.run + echo " rm -f /sbin/rc$level.d/K$priority$svc" >>$pp_wrkdir/%preun.run + done +} + + + + +pp_backend_kit_sizes () { + awk ' + BEGIN { root = usr = var = 0; } + { + if (substr($9, 1, 1) != "l") + if (substr($10, 1, 6) == "./var/") + var += $2; + else if (substr($10, 1, 10) == "./usr/var/") + var += $2 + else if (substr($10, 1, 6) == "./usr/") + usr += $2 + else + root += $2 + } + END { printf "%d\t%d\t%d", root, usr, var } + ' "$@" +} + +pp_kit_kits_global () { + line=`sed -n '/^%%/q;/^'$2'=/{s/^'$2'=//p;q;}' <"$1"` + test -z "$line" && return 1 + eval "echo $line" + : +} + +pp_backend_kit_kits () { + typeset KITFILE FROMDIR TODIR + typeset SCPDIR + + SCPDIR="$pp_wrkdir/scps" + + PATH="/usr/lbin:/usr/bin:/etc:/usr/ucb:$PATH"; export PATH # XXX + #umask 2 # XXX + + test $# -ge 3 || pp_die "pp_backend_kit_kits: too few arguments" + KITFILE="$1"; shift + FROMDIR="$1"; shift + TODIR="$1"; shift + + test -f "$KITFILE" || pp_die "$KITFILE not found" + test -d "$FROMDIR" || pp_die "$FROMDIR not found" + test -d "$TODIR" || pp_die "$TODIR not found" + + INSTCTRL="$TODIR/instctrl" + mkdir -p "$INSTCTRL" || pp_die "cannot create instctrl directory" + chmod 775 "$INSTCTRL" + + grep "%%" $KITFILE > /dev/null || pp_die "no %% in $KITFILE" + + typeset NAME CODE VERS MI ROOT COMPRESS + typeset S_LIST ALLSUBS + + NAME=`pp_kit_kits_global "$KITFILE" NAME` || pp_die "no NAME in $KITFILE" + CODE=`pp_kit_kits_global "$KITFILE" CODE` || pp_die "no CODE in $KITFILE" + VERS=`pp_kit_kits_global "$KITFILE" VERS` || pp_die "no VERS in $KITFILE" + MI=`pp_kit_kits_global "$KITFILE" MI` || pp_die "no MI in $KITFILE" + ROOT=`pp_kit_kits_global "$KITFILE" ROOT` + COMPRESS=`pp_kit_kits_global "$KITFILE" COMPRESS` + + test -f "$MI" || pp_die "Inventory file $MI not found" + + case "$ROOT" in + *ROOT) + test -f "$TODIR/$ROOT" || + pp_die "Root image $ROOT not found in $TODIR" ;; + esac + + ALLSUBS=`awk 'insub==1 {print $1} /^%%/ {insub=1}' <"$KITFILE"` + test $# -eq 0 && set -- $ALLSUBS + + pp_debug "Creating $# $NAME subsets." + pp_debug "ALLSUBS=<$ALLSUBS>" + + if test x"$COMPRESS" = x"1"; then + COMPRESS=: + else + COMPRESS=false + fi + + #rm -f *.ctrl Volume* + + for SUB + do + test -z "$SUB" && pp_die "SUB is empty" + + typeset INV CTRL ROOTSIZE USRSIZE VARSIZE TSSUB + #rm -f Volume* + case $SUB in + .*) :;; + *) pp_verbose rm -f "$TODIR/$SUB"* "$INSTCTRL/$SUB"*;; + esac + + TSSUB="$pp_wrkdir/ts.$SUB" + + pp_debug "kits: Subset $SUB" + + INV="$SUB.inv" + CTRL="$SUB.ctrl" + pp_debug "kits: Generating media creation information..." + + # Invcutter takes as input + # SUB dir/path + # and generates stl_inv(4) files, like this + # f 0 00000 0 0 100644 2/11/09 010 f dir/path none SUB + grep " $SUB\$" "$MI" | + pp_verbose /usr/lbin/invcutter \ + -v "$VERS" -f "$FROMDIR" > "$INSTCTRL/$INV" || + pp_die "failed to create $INSTCTRL/$INV" + chmod 664 "$INSTCTRL/$INV" + + pp_backend_kit_sizes "$INSTCTRL/$INV" > "$pp_wrkdir/kit.sizes" + read ROOTSIZE USRSIZE VARSIZE < "$pp_wrkdir/kit.sizes" + + # Prefix each line with $FROMDIR. This will be stripped + awk '$1 != "d" {print from $10}' from="$FROMDIR/" \ + > "$TSSUB" < "$INSTCTRL/$INV" || + pp_die "failed" + + NVOLS=0 + + pp_debug "kits: Creating $SUB control file..." + + sed '1,/^%%/d;/^'"$SUB"'/{p;q;}' < "$KITFILE" > "$pp_wrkdir/kit.line" + read _SUB _IGNOR DEPS FLAGS DESC < "$pp_wrkdir/kit.line" + if test -z "$_SUB"; then + pp_warn "No such subset $SUB in $KITFILE" + continue + fi + DEPS=`echo $DEPS | tr '|' ' '` + case $FLAGS in + FLGEXP*) pp_verbose FLAGS='"${'"$FLAGS"'}"' ;; + esac + case $DESC in + *%*) DESC=`echo $DESC|awk -F% '{printf "%-36s%%%s\n", $1, $2}'`;; + esac + + cat > "$INSTCTRL/$CTRL" <<-. + NAME='$NAME $SUB' + DESC=$DESC + ROOTSIZE=$ROOTSIZE + USRSIZE=$USRSIZE + VARSIZE=$VARSIZE + NVOLS=1:$NVOLS + MTLOC=1:$TLOC + DEPS="$DEPS" + FLAGS=$FLAGS +. + chmod 664 "$INSTCTRL/$CTRL" + + pp_debug "kits: Making tar image" + + pp_verbose tar cfPR "$TODIR/$SUB" "$FROMDIR/" "$TSSUB" || + pp_error "problem creating kit file" + + if $COMPRESS; then + pp_debug "kits: Compressing" + (cd "$TODIR" && compress -f -v "$SUB") || + pp_die "problem compressing $TODIR/$SUB" + SPC=`expr $SUB : '\(...\).*'` # first three characters + SVC=`expr $SUB : '.*\(...\)'` # last three characters + : > "$INSTCTRL/$SPC$SVC.comp" + chmod 664 "$INSTCTRL/$SPC$SVC.comp" + pp_debug "kits: Padding compressed file to 10kB" # wtf? + rm -f "$TODIR/$SUB" + pp_verbose \ + dd if="$TODIR/$SUB.Z" of="$TODIR/$SUB" bs=10k conv=sync || + pp_die "problem moving compressed file" + rm -f "$TODIR/$SUB.Z" + fi + chmod 664 "$TODIR/$SUB" + + if test -f "$SCPDIR/$SUB.scp"; then + cp "$SCPDIR/$SUB.scp" "$INSTCTRL/$SUB.scp" + chmod 755 "$INSTCTRL/$SUB.scp" + else + pp_debug "kits: null subset control program for $SUB" + : > "$INSTCTRL/$SUB.scp" + chmod 744 "$INSTCTRL/$SUB.scp" + fi + + pp_debug "kits: Finished creating media image for $SUB" + done + + pp_debug "kits: Creating $CODE.image" + + case "$ROOT" in + *ROOT) ALLSUBS="$ROOT $ALLSUBS" + ;; + esac + + (cd "$TODIR" && sum $ALLSUBS) > "$INSTCTRL/$CODE.image" + chmod 664 "$INSTTRL/$CODE.image" + pp_debug "kits: Creating INSTCTRL" + (cd "$INSTCTRL" && tar cpvf - *) > "$TODIR/INSTCTRL" + chmod 664 "$TODIR/INSTCTRL" + cp "$INSTCTRL/$CODE.image" "$TODIR/$CODE.image" + chmod 664 "$TODIR/$CODE.image" + + pp_debug "kits: Media image production complete" +} + +pp_platforms="$pp_platforms rpm" + +pp_backend_rpm_detect () { + test x"$1" = x"Linux" -a ! -f /etc/debian_version +} + +pp_backend_rpm_init () { + + pp_rpm_version= + pp_rpm_summary= + pp_rpm_description= + pp_rpm_group="Applications/Internet" + pp_rpm_license="Unspecified" + pp_rpm_vendor= + pp_rpm_url= + pp_rpm_packager= + pp_rpm_provides= + pp_rpm_requires= + pp_rpm_requires_pre= + pp_rpm_requires_post= + pp_rpm_requires_preun= + pp_rpm_requires_postun= + pp_rpm_release= + pp_rpm_epoch= + pp_rpm_dev_group="Development/Libraries" + pp_rpm_dbg_group="Development/Tools" + pp_rpm_doc_group="Documentation" + pp_rpm_dev_description= + pp_rpm_dbg_description= + pp_rpm_doc_description= + pp_rpm_dev_requires= + pp_rpm_dev_requires_pre= + pp_rpm_dev_requires_post= + pp_rpm_dev_requires_preun= + pp_rpm_dev_requires_postun= + pp_rpm_dbg_requires= + pp_rpm_dbg_requires_pre= + pp_rpm_dbg_requires_post= + pp_rpm_dbg_requires_preun= + pp_rpm_dbg_requires_postun= + pp_rpm_doc_requires= + pp_rpm_doc_requires_pre= + pp_rpm_doc_requires_post= + pp_rpm_doc_requires_preun= + pp_rpm_doc_requires_postun= + pp_rpm_dev_provides= + pp_rpm_dbg_provides= + pp_rpm_doc_provides= + + pp_rpm_autoprov= + pp_rpm_autoreq= + pp_rpm_autoreqprov= + + pp_rpm_dbg_pkgname=debug + pp_rpm_dev_pkgname=devel + pp_rpm_doc_pkgname=doc + + pp_rpm_defattr_uid=root + pp_rpm_defattr_gid=root + + pp_rpm_detect_arch + pp_rpm_detect_distro + pp_rpm_rpmbuild=`pp_rpm_detect_rpmbuild` + + # SLES8 doesn't always come with readlink + test -x /usr/bin/readlink -o -x /bin/readlink || + pp_readlink_fn=pp_ls_readlink +} + +pp_rpm_detect_arch () { + pp_rpm_arch=auto + + #-- Find the default native architecture that RPM is configured to use + cat <<-. >$pp_wrkdir/dummy.spec + Name: dummy + Version: 1 + Release: 1 + Summary: dummy + Group: ${pp_rpm_group} + License: ${pp_rpm_license} + %description + dummy +. + $pp_opt_debug && cat $pp_wrkdir/dummy.spec + pp_rpm_arch_local=`rpm -q --qf '%{arch}\n' --specfile $pp_wrkdir/dummy.spec` + rm $pp_wrkdir/dummy.spec + + #-- Ask the kernel what machine architecture is in use + local arch + for arch in "`uname -m`" "`uname -p`"; do + case "$arch" in + i?86) + pp_rpm_arch_std=i386 + break + ;; + x86_64|ppc|ppc64|ppc64le|ia64|s390|s390x) + pp_rpm_arch_std="$arch" + break + ;; + powerpc) + # Probably AIX + case "`/usr/sbin/lsattr -El proc0 -a type -F value`" in + PowerPC_POWER*) pp_rpm_arch_std=ppc64;; + *) pp_rpm_arch_std=ppc;; + esac + break + ;; + *) pp_rpm_arch_std=unknown + ;; + esac + done + + #-- Later on, when files are processed, we use 'file' to determine + # what platform ABIs are used. This is used when pp_rpm_arch == auto + pp_rpm_arch_seen= +} + +pp_rpm_detect_distro () { + pp_rpm_distro= + if test -f /etc/whitebox-release; then + pp_rpm_distro=`awk ' + /^White Box Enterprise Linux release/ { print "wbel" $6; exit; } + ' /etc/whitebox-release` + elif test -f /etc/mandrakelinux-release; then + pp_rpm_distro=`awk ' + /^Mandrakelinux release/ { print "mand" $3; exit; } + ' /etc/mandrake-release` + elif test -f /etc/mandrake-release; then + pp_rpm_distro=`awk ' + /^Linux Mandrake release/ { print "mand" $4; exit; } + /^Mandrake Linux release/ { print "mand" $4; exit; } + ' /etc/mandrake-release` + elif test -f /etc/fedora-release; then + pp_rpm_distro=`awk ' + /^Fedora Core release/ { print "fc" $4; exit; } + /^Fedora release/ { print "f" $3; exit; } + ' /etc/fedora-release` + elif test -f /etc/redhat-release; then + pp_rpm_distro=`awk ' + /^Red Hat Enterprise Linux/ { print "rhel" $7; exit; } + /^CentOS release/ { print "centos" $3; exit; } + /^CentOS Linux release/ { print "centos" $4; exit; } + /^Red Hat Linux release/ { print "rh" $5; exit; } + ' /etc/redhat-release` + elif test -f /etc/SuSE-release; then + pp_rpm_distro=`awk ' + /^SuSE Linux [0-9]/ { print "suse" $3; exit; } + /^SUSE LINUX [0-9]/ { print "suse" $3; exit; } + /^openSUSE [0-9]/ { print "suse" $2; exit; } + /^S[uU]SE Linux Enterprise Server [0-9]/ { print "sles" $5; exit; } + /^S[uU]SE LINUX Enterprise Server [0-9]/ { print "sles" $5; exit; } + /^SuSE SLES-[0-9]/ { print "sles" substr($2,6); exit; } + ' /etc/SuSE-release` + elif test -f /etc/os-release; then + pp_rpm_distro="`. /etc/os-release && echo \$ID\$VERSION`" + elif test -f /etc/pld-release; then + pp_rpm_distro=`awk ' + /^[^ ]* PLD Linux/ { print "pld" $1; exit; } + ' /etc/pld-release` + elif test X"`uname -s 2>/dev/null`" = X"AIX"; then + local r v + r=`uname -r` + v=`uname -v` + pp_rpm_distro="aix$v$r" + fi + pp_rpm_distro=`echo $pp_rpm_distro | tr -d .` + test -z "$pp_rpm_distro" && + pp_warn "unknown distro" +} + +pp_rpm_detect_rpmbuild () { + local cmd + for cmd in rpmbuild rpm; do + if `which $cmd > /dev/null 2>&1`; then + echo $cmd + return 0 + fi + done + + pp_error "Could not find rpmbuild" + # Default to `rpmbuild` in case it magically appears + echo rpmbuild + return 1 +} + +pp_rpm_label () { + local label arg + label="$1"; shift + for arg + do + test -z "$arg" || echo "$label: $arg" + done +} + +pp_rpm_writefiles () { + local _l t m o g f p st fo farch + while read t m o g f p st; do + _l="$p" + test $t = d && _l="%dir ${_l%/}/" + if test $t = s; then + # rpm warns if %attr contains a mode for symlinks + m=- + elif test x"$m" = x"-"; then + case "$t" in + d) m=755;; + f) m=644;; + esac + fi + test x"$o" = x"-" && o="${pp_rpm_defattr_uid:-root}" + test x"$g" = x"-" && g="${pp_rpm_defattr_gid:-root}" + _l="%attr($m,$o,$g) $_l" + + if test "$t" = "f" -a x"$pp_rpm_arch" = x"auto"; then + fo=`file "${pp_destdir}$p" 2>/dev/null` + #NB: The following should match executables and shared objects, + #relocatable objects. It will not match .a files however. + case "$fo" in + *": ELF 32-bit LSB "*", Intel 80386"*) + farch=i386;; + *": ELF 64-bit LSB "*", AMD x86-64"*|\ + *": ELF 64-bit LSB "*", x86-64"*) + farch=x86_64;; + *": ELF 32-bit MSB "*", PowerPC"*) + farch=ppc;; + *": ELF 64-bit LSB "*", 64-bit PowerPC"*) + farch=ppc64le;; + *": ELF 64-bit MSB "*", 64-bit PowerPC"*) + farch=ppc64;; + *": ELF 64-bit LSB "*", IA-64"*) + farch=ia64;; + *": ELF 32-bit MSB "*", IBM S/390"*) + farch=s390;; + *": ELF 64-bit MSB "*", IBM S/390"*) + farch=s390x;; + *"executable (RISC System/6000)"*) + farch=ppc;; + *"64-bit XCOFF executable"*) + farch=ppc64;; + *": ELF 64-bit LSB "*", ARM aarch64"*) + farch=aarch64;; + *" ELF "*) + farch=ELF;; + *) + farch=noarch;; + esac + # If file(1) doesn't provide enough info, try readelf(1) + if test "$farch" = "ELF"; then + fo=`readelf -h "${pp_destdir}$p" | awk '{if ($1 == "Class:") {class=$2} else if ($1 == "Machine:") {machine=$0; sub(/^ *Machine: */, "", machine)}} END {print class " " machine}' 2>/dev/null` + case "$fo" in + "ELF32 Intel 80386") + farch=i386;; + "ELF64 "*[xX]"86-64") + farch=x86_64;; + "ELF32 PowerPC") + farch=ppc;; + "ELF64 PowerPC"*) + farch=ppc64;; + "ELF64 IA-64") + farch=ia64;; + "ELF32 IBM S/390") + farch=s390;; + "ELF64 IBM S/390") + farch=s390x;; + "ELF64 AArch64") + farch=aarch64;; + *) + farch=noarch;; + esac + fi + pp_debug "file: $fo -> $farch" + test x"$farch" = x"noarch" || pp_add_to_list pp_rpm_arch_seen $farch + fi + + case $f in *v*) _l="%config(noreplace) $_l";; esac + echo "$_l" + done + echo +} + +pp_rpm_subname () { + case "$1" in + run) : ;; + dbg) echo "${2}${pp_rpm_dbg_pkgname}";; + dev) echo "${2}${pp_rpm_dev_pkgname}";; + doc) echo "${2}${pp_rpm_doc_pkgname}";; + *) pp_error "unknown component '$1'"; + esac +} + +pp_rpm_depend () { + local _name _vers + while read _name _vers; do + case "$_name" in ""| "#"*) continue ;; esac + echo "Requires: $_name ${_vers:+>= $_vers}" + done +} + +pp_rpm_conflict () { + local _name _vers + while read _name _vers; do + case "$_name" in ""| "#"*) continue ;; esac + echo "Conflicts: $_name ${_vers:+>= $_vers}" + done +} + +pp_rpm_override_requires () { + local orig_find_requires + + if test -z "$pp_rpm_depend_filter_cmd"; then + return 0 + fi + + orig_find_requires=`rpm --eval '%{__find_requires}'` + cat << EOF > "$pp_wrkdir/filtered-find-requires" +$orig_find_requires \$@ | $pp_rpm_depend_filter_cmd +EOF + chmod +x "$pp_wrkdir/filtered-find-requires" + echo "%define __find_requires $pp_wrkdir/filtered-find-requires" + # Might be necessary for old versions of RPM? Not for 4.4.2. + #echo "%define _use_internal_dependency_generator 0" +} + +pp_backend_rpm () { + local cmp specfile _summary _group _desc _pkg _subname svc _script + + specfile=$pp_wrkdir/$name.spec + : > $specfile + + #-- force existence of a 'run' component + pp_add_component run + : >> $pp_wrkdir/%files.run + + if test -z "$pp_rpm_arch"; then + pp_error "Unknown RPM architecture" + return 1 + fi + + #-- Write the header components of the RPM spec file + cat <<-. >>$specfile + Name: ${pp_rpm_name:-$name} + Version: ${pp_rpm_version:-$version} + Release: ${pp_rpm_release:-1} + Summary: ${pp_rpm_summary:-$summary} + Group: ${pp_rpm_group} + License: ${pp_rpm_license} +. + pp_rpm_label "URL" "$pp_rpm_url" >>$specfile + pp_rpm_label "Vendor" "${pp_rpm_vendor:-$vendor}" >>$specfile + pp_rpm_label "Packager" "$pp_rpm_packager" >>$specfile + pp_rpm_label "Provides" "$pp_rpm_provides" >>$specfile + pp_rpm_label "Requires(pre)" "$pp_rpm_requires_pre" >>$specfile + pp_rpm_label "Requires(post)" "$pp_rpm_requires_post" >>$specfile + pp_rpm_label "Requires(preun)" "$pp_rpm_requires_preun" >>$specfile + pp_rpm_label "Requires(postun)" "$pp_rpm_requires_postun" >>$specfile + pp_rpm_label "AutoProv" "$pp_rpm_autoprov" >>$specfile + pp_rpm_label "AutoReq" "$pp_rpm_autoreq" >>$specfile + pp_rpm_label "AutoReqProv" "$pp_rpm_autoreqprov" >>$specfile + + test -n "$pp_rpm_serial" && pp_warn "pp_rpm_serial deprecated" + if test -n "$pp_rpm_epoch"; then + #-- Epoch was introduced in RPM 2.5.6 + case `$pp_rpm_rpmbuild --version 2>/dev/null` in + 1.*|2.[0-5].*|2.5.[0-5]) + pp_rpm_label "Serial" $pp_rpm_epoch >>$specfile;; + *) + pp_rpm_label "Epoch" $pp_rpm_epoch >>$specfile;; + esac + fi + + if test -n "$pp_rpm_requires"; then + pp_rpm_label "Requires" "$pp_rpm_requires" >>$specfile + elif test -s $pp_wrkdir/%depend.run; then + pp_rpm_depend < $pp_wrkdir/%depend.run >> $specfile + fi + if test -s $pp_wrkdir/%conflict.run; then + pp_rpm_conflict < $pp_wrkdir/%conflict.run >> $specfile + fi + + pp_rpm_override_requires >> $specfile + + cat <<-. >>$specfile + + %description + ${pp_rpm_description:-$description} +. + + for cmp in $pp_components; do + case $cmp in + run) continue;; + dev) _summary="development tools for $pp_rpm_summary" + _group="$pp_rpm_dev_group" + _desc="${pp_rpm_dev_description:-Development libraries for $name. $pp_rpm_description.}" + ;; + doc) _summary="documentation for $pp_rpm_summary" + _group="$pp_rpm_doc_group" + _desc="${pp_rpm_doc_description:-Documentation for $name. $pp_rpm_description.}" + ;; + dbg) _summary="diagnostic tools for $pp_rpm_summary" + _group="$pp_rpm_dbg_group" + _desc="${pp_rpm_dbg_description:-Diagnostic tools for $name.}" + ;; + esac + + _subname=`pp_rpm_subname $cmp` + cat <<-. + + %package $_subname + Summary: $name $_summary + Group: $_group +. + for _script in pre post preun postun; do + eval '_pkg="$pp_rpm_'$cmp'_requires_'$_script'"' + if test -n "$_pkg"; then + eval pp_rpm_label "Requires($_script)" $_pkg + fi + done + eval '_pkg="$pp_rpm_'$cmp'_requires"' + if test -n "$_pkg"; then + eval pp_rpm_label Requires ${pp_rpm_name:-$name} $_pkg + elif test -s $pp_wrkdir/%depend.$cmp; then + pp_rpm_depend < $pp_wrkdir/%depend.$cmp >> $specfile + fi + if test -s $pp_wrkdir/%conflict.$cmp; then + pp_rpm_conflict < $pp_wrkdir/%conflict.$cmp >> $specfile + fi + + eval '_pkg="$pp_rpm_'$cmp'_provides"' + eval pp_rpm_label Provides $_pkg + + cat <<-. + + %description $_subname + $_desc +. + done >>$specfile + + #-- NB: we do not put any %prep, %build or %install RPM sections + # into the spec file. + + #-- add service start/stop code + if test -n "$pp_services"; then + pp_rpm_service_install_common >> $pp_wrkdir/%post.run + + #-- record the uninstall commands in reverse order + for svc in $pp_services; do + pp_load_service_vars $svc + + pp_rpm_service_make_service_files $svc || + pp_error "could not create service files for $svc" + + #-- append %post code to install the svc + pp_rpm_service_install $svc >> $pp_wrkdir/%post.run + + #-- prepend %preun code to uninstall svc + # (use files in case vars are modified) + pp_rpm_service_remove $svc | pp_prepend $pp_wrkdir/%preun.run + done + + pp_rpm_service_remove_common | pp_prepend $pp_wrkdir/%preun.run + fi + + # make convenience service groups + if test -n "$pp_service_groups"; then + for grp in $pp_service_groups; do + pp_rpm_service_group_make_init_script \ + $grp "`pp_service_get_svc_group $grp`" + done + fi + + #-- Write the RPM %file sections + # (do this after services, since services adds to %files.run) + for cmp in $pp_components; do + _subname=`pp_rpm_subname $cmp` + + if test -s $pp_wrkdir/%check.$cmp; then + echo "" + echo "%pre $_subname" + cat $pp_wrkdir/%check.$cmp + echo : # causes script to exit true by default + fi + + if test -s $pp_wrkdir/%files.$cmp; then + echo "" + echo "%files $_subname" + pp_rpm_writefiles < $pp_wrkdir/%files.$cmp + fi + + if test -n "$pp_rpm_ghost"; then + for ghost in $pp_rpm_ghost; do + echo "%ghost $ghost" + done + fi + + if test -s $pp_wrkdir/%pre.$cmp; then + echo "" + echo "%pre $_subname" + cat $pp_wrkdir/%pre.$cmp + echo : # causes script to exit true + fi + + if test -s $pp_wrkdir/%post.$cmp; then + echo "" + echo "%post $_subname" + cat $pp_wrkdir/%post.$cmp + echo : # causes script to exit true + fi + + if test -s $pp_wrkdir/%preun.$cmp; then + echo "" + echo "%preun $_subname" + cat $pp_wrkdir/%preun.$cmp + echo : # causes script to exit true + fi + + if test -s $pp_wrkdir/%postun.$cmp; then + echo "" + echo "%postun $_subname" + cat $pp_wrkdir/%postun.$cmp + echo : # causes script to exit true + fi + done >>$specfile + + #-- create a suitable work area for rpmbuild + cat <<-. >$pp_wrkdir/.rpmmacros + %_topdir $pp_wrkdir + # XXX Note escaped %% for use in headerSprintf + %_rpmfilename %%{ARCH}/%%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm + . + mkdir $pp_wrkdir/RPMS + mkdir $pp_wrkdir/BUILD + + if test x"$pp_rpm_arch" = x"auto"; then + #-- Reduce the arch_seen list to exactly one item + case "$pp_rpm_arch_seen" in + "i386 x86_64"|"x86_64 i386") + pp_rpm_arch_seen=x86_64;; + *"s390 s390x"* | *"s390x s390"* ) + pp_rpm_arch_seen=s390x;; + *"aarch64"* ) + pp_rpm_arch_seen=aarch64;; + *" "*) + pp_error "detected multiple targets: $pp_rpm_arch_seen" + pp_rpm_arch_seen=unknown;; # not detected + "") + pp_warn "detected no binaries: using target noarch" + pp_rpm_arch_seen=noarch;; + *) + pp_debug "detected architecture $pp_rpm_arch_seen" + esac + pp_rpm_arch="$pp_rpm_arch_seen" + fi + + . $pp_wrkdir/%fixup + +$pp_opt_debug && cat $specfile + + pp_debug "creating: `pp_backend_rpm_names`" + +pp_debug "pp_rpm_arch_seen = <${pp_rpm_arch_seen}>" +pp_debug "pp_rpm_arch = <${pp_rpm_arch}>" + + HOME=$pp_wrkdir \ + pp_verbose \ + $pp_rpm_rpmbuild -bb \ + --buildroot="$pp_destdir/" \ + --target="${pp_rpm_arch}" \ + --define='_unpackaged_files_terminate_build 0' \ + --define='_use_internal_dependency_generator 0' \ + `$pp_opt_debug && echo --verbose || echo --quiet` \ + $pp_rpm_rpmbuild_extra_flags \ + $specfile || + pp_error "Problem creating RPM packages" + + for f in `pp_backend_rpm_names`; do + # The package might be in an arch-specific subdir + pkgfile=not-found + for dir in $pp_wrkdir/RPMS/${pp_rpm_arch} $pp_wrkdir/RPMS; do + if test -f $dir/$f; then + pkgfile=$dir/$f + fi + done + if test x"$pkgfile" = x"not-found"; then + pp_error "Problem predicting RPM filename: $f" + else + ln $pkgfile $pp_wrkdir/$f + fi + done +} + +pp_rpm_output_name () { + echo "${pp_rpm_name:-$name}`pp_rpm_subname "$1" -`-${pp_rpm_version:-$version}-${pp_rpm_release:-1}.${pp_rpm_arch}.rpm" +} + +pp_backend_rpm_names () { + local cmp _subname + for cmp in $pp_components; do + pp_rpm_output_name $cmp + done +} + +pp_backend_rpm_cleanup () { + : +} + +pp_rpm_print_requires () { + local _subname _name + + echo "CPU:$pp_rpm_arch" + ## XXX should be lines of the form (from file/ldd/objdump) + # EXEC:/bin/sh + # RTLD:libc.so.4:open + rpm -q --requires -p $pp_wrkdir/`pp_rpm_output_name $1` |sed -e '/^rpmlib(/d;s/ //g;s/^/RPM:/' | sort -u +} + +pp_backend_rpm_install_script () { + local cmp _subname + + echo "#!/bin/sh" + pp_install_script_common + + cat <<. + + cmp_to_pkgname () { + local oi name + if test x"\$1" = x"--only-installed"; then + #-- only print if installation detected + oi=false + shift + else + oi=true + fi + test x"\$*" = x"all" && + set -- $pp_components + for cmp + do + case \$cmp in +. + for cmp in $pp_components; do + _subname=`pp_rpm_subname $cmp -` + echo "$cmp) name=${pp_rpm_name:-$name}${_subname};;" + done + cat <<. + *) usage;; + esac + if \$oi || rpm -q "\$name" >/dev/null 2>/dev/null; then + echo "\$name" + fi + done + } + + + cmp_to_pathname () { + test x"\$*" = x"all" && + set -- $pp_components + for cmp + do + case \$cmp in +. + for cmp in $pp_components; do + echo "$cmp) echo \${PP_PKGDESTDIR:-.}/`pp_rpm_output_name $cmp` ;;" + done + cat <<. + *) usage;; + esac + done + } + + print_requires () { + test x"\$*" = x"all" && + set -- $pp_components + for cmp + do + case \$cmp in +. + for cmp in $pp_components; do + echo "$cmp) cat <<'._end'" + pp_rpm_print_requires $cmp + echo "._end"; echo ';;' + done + cat <<. + *) usage;; + esac + done + } + + test \$# -eq 0 && usage + op="\$1"; shift + case "\$op" in + list-components) + test \$# -eq 0 || usage \$op + echo $pp_components + ;; + list-services) + test \$# -eq 0 || usage \$op + echo $pp_services + ;; + list-files) + test \$# -ge 1 || usage \$op + cmp_to_pathname "\$@" + ;; + install) + test \$# -ge 1 || usage \$op + verbose rpm -U --replacepkgs --oldpackage \ + \`cmp_to_pathname "\$@"\` + ;; + uninstall) + test \$# -ge 1 || usage \$op + pkgs=\`cmp_to_pkgname --only-installed "\$@"\` + if test -z "\$pkgs"; then + verbosemsg "nothing to uninstall" + else + verbose rpm -e \$pkgs + fi + ;; + start|stop) + test \$# -ge 1 || usage \$op + ec=0 + for svc + do + verbose /etc/init.d/\$svc \$op || ec=1 + done + exit \$ec + ;; + print-platform) + test \$# -eq 0 || usage \$op + echo "linux-${pp_rpm_arch}" + ;; + print-requires) + test \$# -ge 1 || usage \$op + print_requires "\$@" + ;; + *) + usage + ;; + esac +. + +} + +pp_backend_rpm_probe () { + echo "${pp_rpm_distro}-${pp_rpm_arch_std}" +} + +pp_backend_rpm_vas_platforms () { + case "$pp_rpm_arch_std" in + x86_64) echo "linux-x86_64.rpm linux-x86.rpm";; + *86) echo "linux-x86.rpm";; + s390) echo "linux-s390";; + s390x) echo "linux-s390x";; + ppc*) echo "linux-glibc23-ppc64 linux-glibc22-ppc64";; + ia64) echo "linux-ia64";; + *) pp_die "unknown architecture $pp_rpm_arch_std";; + esac +} + +pp_rpm_service_install_common () { + cat <<-'.' + + _pp_install_service () { + local svc level + svc="$1" + if [ -x /usr/lib/lsb/install_initd -a ! -r /etc/redhat-release ] + then + # LSB-style install + /usr/lib/lsb/install_initd /etc/init.d/$svc &> /dev/null + elif [ -x /sbin/chkconfig ]; then + # Red Hat/chkconfig-style install + /sbin/chkconfig --add $svc &> /dev/null + /sbin/chkconfig $svc off &> /dev/null + else + : # manual links under /etc/init.d + fi + } + + _pp_enable_service () { + local svc level + svc="$1" + if [ -x /usr/lib/lsb/install_initd -a ! -r /etc/redhat-release ] + then + # LSB-style install + : # not sure how to enable + elif [ -x /sbin/chkconfig ]; then + # Red Hat/chkconfig-style install + /sbin/chkconfig $svc on &> /dev/null + else + # manual install + set -- `sed -n -e 's/^# Default-Start://p' /etc/init.d/$svc` + start_priority=`sed -n -e 's/^# X-Quest-Start-Priority:[[:space:]]*//p' /etc/init.d/$svc` + stop_priority=`sed -n -e 's/^# X-Quest-Stop-Priority:[[:space:]]*//p' /etc/init.d/$svc` + + # Provide default start & stop priorities of 20 & 80 in + # accordance with Debian update-rc.d defaults + if [ -z "$start_priority" ]; then + start_priority=20 + fi + if [ -z "$stop_priority" ]; then + stop_priority=80 + fi + + if [ -d "/etc/rc.d" ];then + rcdir=/etc/rc.d + else + rcdir=/etc + fi + + for level + do ln -sf /etc/init.d/$svc $rcdir/rc$level.d/S$start_priority$svc; done + set -- `sed -n -e 's/^# Default-Stop://p' /etc/init.d/$svc` + for level + do ln -sf /etc/init.d/$svc $rcdir/rc$level.d/K$stop_priority$svc; done + fi + } +. + pp_systemd_service_install_common +} + +pp_rpm_service_remove_common () { + cat <<-'.' + + _pp_remove_service () { + local svc + svc="$1" + /etc/init.d/$svc stop >/dev/null 2>&1 + if [ -x /usr/lib/lsb/remove_initd -a ! -r /etc/redhat-release ] + then + /usr/lib/lsb/remove_initd /etc/init.d/$svc &> /dev/null + elif [ -x /sbin/chkconfig ]; then + /sbin/chkconfig --del $svc &> /dev/null + else + if [ -d "/etc/rc.d" ];then + rcdir=/etc/rc.d + else + rcdir=/etc + fi + + rm -f $rcdir/rc?.d/[SK]??$svc + fi + } +. + pp_systemd_service_remove_common +} + +pp_rpm_service_install () { + echo "" + echo "_pp_systemd_init" + echo 'if test -n "$systemctl_cmd"; then' + echo " _pp_systemd_install $1" + test $enable = yes && echo " _pp_systemd_enable $1" + echo "else" + echo " _pp_install_service $1" + test $enable = yes && echo " _pp_enable_service $1" + echo "fi" +} + +pp_rpm_service_remove () { + cat <<-. + + if [ "\$1" = "remove" -o "\$1" = "0" ]; then + # only remove the service if not upgrade + _pp_remove_service $1 + _pp_systemd_disable $1 + _pp_systemd_remove $1 + fi +. +} + + +pp_backend_rpm_init_svc_vars () { + + reload_signal= + start_runlevels=${pp_rpm_default_start_runlevels-"2 3 4 5"} # == lsb default-start + stop_runlevels=${pp_rpm_default_stop_runlevels-"0 1 6"} # == lsb default-stop + svc_description="${pp_rpm_default_svc_description}" # == lsb short descr + svc_process= + svc_init_filename="${pp_rpm_svc_init_filename}" # == $svc.init + svc_init_filepath="${pp_rpm_svc_init_filepath}" # == /etc/init.d/ by default + + lsb_required_start='$local_fs $network' + lsb_should_start= + lsb_required_stop= + lsb_description= + + start_priority=50 + stop_priority=50 #-- stop_priority = 100 - start_priority +} + +pp_rpm_service_group_make_init_script () { + local grp=$1 + local svcs="$2" + local script=/etc/init.d/$grp + local out=$pp_destdir$script + + pp_add_file_if_missing $script run 755 || return 0 + + cat <<-. >>$out + #!/bin/sh + svcs="$svcs" +. + + cat <<-'.' >>$out + + #-- prints usage message + pp_usage () { + echo "usage: $0 {start|stop|status|restart|reload|condrestart|try-restart|force-reload}" >&2 + return 2 + } + + #-- starts services in order.. stops them all if any break + pp_start () { + undo= + for svc in $svcs; do + if /etc/init.d/$svc start; then + undo="$svc $undo" + else + if test -n "$undo"; then + for svc in $undo; do + /etc/init.d/$svc stop + done + return 1 + fi + fi + done + return 0 + } + + #-- stops services in reverse + pp_stop () { + reverse= + for svc in $svcs; do + reverse="$svc $reverse" + done + rc=0 + for svc in $reverse; do + /etc/init.d/$svc stop || rc=$? + done + return $rc + } + + #-- returns true only if all services return true status + pp_status () { + rc=0 + for svc in $svcs; do + /etc/init.d/$svc status || rc=$? + done + return $rc + } + + pp_reload () { + rc=0 + for svc in $svcs; do + /etc/init.d/$svc reload || rc=$? + done + return $rc + } + + case "$1" in + start) pp_start;; + stop) pp_stop;; + restart) pp_stop; pp_start;; + status) pp_status;; + try-restart|condrestart) + if pp_status >/dev/null; then + pp_restart + fi;; + reload) pp_reload;; + force-reload) if pp_status >/dev/null; then + pp_reload + else + pp_restart + fi;; + *) pp_usage;; + esac +. + chmod 755 $out +} + +pp_rpm_service_make_service_files () { + local svc=${svc_init_filename:-$1} + local script="${svc_init_filepath:-"/etc/init.d"}/$svc" + local out=$pp_destdir$script + local _process _cmd _rpmlevels + + pp_add_file_if_missing $script run 755 || return 0 + + #-- start out as an empty shell script + cat <<-'.' >$out + #!/bin/sh +. + + #-- determine the process name from $cmd unless $svc_process is given + set -- $cmd + _process=${svc_process:-"$1"} + + #-- construct a start command that builds a pid file if needed + _cmd="$cmd"; + if test -z "$pidfile"; then + pidfile=/var/run/$svc.pid + _cmd="$cmd & echo \$! > \$pidfile" + fi + if test "$user" != "root"; then + _cmd="su $user -c exec $_cmd"; + fi + + #-- generate the Red Hat chkconfig headers + _rpmlevels=`echo $start_runlevels | tr -d ' '` + cat <<-. >>$out + # chkconfig: ${_rpmlevels:--} ${start_priority:-50} ${stop_priority:-50} + # description: ${svc_description:-no description} + # processname: ${_process} + # pidfile: ${pidfile} +. + + #-- generate the LSB init info + cat <<-. >>$out + ### BEGIN INIT INFO + # Provides: ${svc} + # Required-Start: ${lsb_required_start} + # Should-Start: ${lsb_should_start} + # Required-Stop: ${lsb_required_stop} + # Default-Start: ${start_runlevels} + # Default-Stop: ${stop_runlevels} + # Short-Description: ${svc_description} + ### END INIT INFO + # Generated by PolyPackage ${pp_version} + # ${copyright} + + prog="`echo $cmd | sed -e 's: .*::' -e 's:^.*/::'`" + +. + + if test x"${svc_description}" = x"${pp_rpm_default_svc_description}"; then + svc_description= + fi + + #-- write service-specific definitions + cat <<. >>$out + #-- definitions specific to service ${svc} + svc_name="${svc_description:-$svc service}" + user="${user}" + pidfile="${pidfile}" + stop_signal="${stop_signal}" + reload_signal="${reload_signal}" + pp_exec_cmd () { $_cmd; } +. + + #-- write the generic part of the init script + cat <<'.' >>$out + + #-- use system message logging, if available + if [ -f /lib/lsb/init-functions -a ! -r /etc/redhat-release ]; then + . /lib/lsb/init-functions + pp_success_msg () { log_success_msg "$@"; } + pp_failure_msg () { log_failure_msg "$@"; } + pp_warning_msg () { log_warning_msg "$@"; } + elif [ -f /etc/init.d/functions ]; then + . /etc/init.d/functions + pp_success_msg () { echo -n "$*"; success "$@"; echo; } + pp_failure_msg () { echo -n "$*"; failure "$@"; echo; } + pp_warning_msg () { echo -n "$*"; warning "$@"; echo; } + else + pp_success_msg () { echo ${1:+"$*:"} OK; } + pp_failure_msg () { echo ${1:+"$*:"} FAIL; } + pp_warning_msg () { echo ${1:+"$*:"} WARNING; } + fi + + #-- prints a status message + pp_msg () { echo -n "$*: "; } + + #-- prints usage message + pp_usage () { + echo "usage: $0 {start|stop|status|restart|reload|condrestart|try-restart|force-reload}" >&2 + return 2 + } + + #-- reloads the service, if possible + # returns 0=success 1=failure 3=unimplemented + pp_reload () { + test -n "$reload_signal" || return 3 # unimplemented + pp_msg "Reloading ${svc_name}" + if pp_signal -${reload_signal}; then + pp_success_msg + return 0 + else + pp_failure_msg "not running" + return 1 + fi + } + + #-- delivers signal $1 to the pidfile + # returns 0=success 1=failure + pp_signal () { + if test -s "$pidfile"; then + read pid < "$pidfile" 2>/dev/null + kill "$@" "$pid" 2>/dev/null + else + return 1 + fi + } + + #-- verifies that ${svc_name} is running + # returns 0=success 1=failure + pp_running () { + if test -s "$pidfile"; then + read pid < "$pidfile" 2>/dev/null + if test ${pid:-0} -gt 1 && kill -0 "$pid" 2>/dev/null; then + # make sure name matches + pid="`ps -p $pid 2>/dev/null | sed -n \"s/^ *\($pid\) .*$prog *$/\1/p\"`" + if test -n "$pid"; then + return 0 + fi + fi + fi + return 1 + } + + #-- prints information about the service status + # returns 0=running 1=crashed 3=stopped + pp_status () { + pp_msg "Checking for ${svc_name}" + if pp_running; then + pp_success_msg "running" + return 0 + elif test -s "$pidfile"; then + pp_failure_msg "not running (crashed)" + return 1 + else + pp_failure_msg "not running" + return 3 + fi + } + + #-- starts the service + # returns 0=success 1=failure + pp_start () { + pp_msg "Starting ${svc_name}" + if pp_status >/dev/null; then + pp_warning_msg "already started" + return 0 + elif pp_exec_cmd; then + pp_success_msg + return 0 + else + pp_failure_msg "cannot start" + return 1 + fi + } + + #-- stops the service + # returns 0=success (always) + pp_stop () { + pp_msg "Stopping ${svc_name}" + if pp_signal -${stop_signal}; then + pp_success_msg + else + pp_success_msg "already stopped" + fi + rm -f "$pidfile" + return 0 + } + + #-- stops and starts the service + pp_restart () { + pp_stop + pp_start + } + + case "$1" in + start) pp_start;; + stop) pp_stop;; + restart) pp_restart;; + status) pp_status;; + try-restart|condrestart) + if pp_status >/dev/null; then + pp_restart + fi;; + reload) pp_reload;; + force-reload) if pp_status >/dev/null; then + pp_reload + else + pp_restart + fi;; + *) pp_usage;; + esac + +. + chmod 755 $out + + # Create systemd service file + pp_systemd_make_service_file $svc +} +pp_backend_rpm_function () { + case "$1" in + pp_mkgroup) cat<<'.';; + /usr/sbin/groupadd -f -r "$1" +. + pp_mkuser:depends) echo pp_mkgroup;; + pp_mkuser) cat<<'.';; + pp_mkgroup "${2:-$1}" || return 1 + /usr/sbin/useradd \ + -g "${2:-$1}" \ + -M -d "${3:-/nonexistent}" \ + -s "${4:-/bin/false}" \ + -r "$1" +. + pp_havelib) cat<<'.';; + for pp_tmp_dir in `echo "/usr/lib:/lib${3:+:$3}" | tr : ' '`; do + test -r "$pp_tmp_dir/lib$1.so{$2:+.$2}" && return 0 + done + return 1 +. + *) false;; + esac +} + +: NOTES <<. + + # creating a dmg file for publishing on the web + hdiutil create -srcfolder /path/foo foo.dmg + hdiutil internet-enable -yes /path/foo.dmg + # Layout for packages + -/component/ + -/extras/postinstall + -/extras/postupgrade + # /Developer/usr/bin/packagemaker (man packagemaker) + + Make a bunch of packages, and then build a 'distribution' + which is only understood by macos>10.4 + + # Message files in the resource path used are + Welcome.{rtf,html,rtfd,txt} - limited text shown in Intro + ReadMe.{rtf,html,rtfd,txt} - scrollable/printable, after Intro + License.{rtf,html,rtfd,txt} - ditto, user must click 'Accept' + background.{jpg,tif,gif,pict,eps,pdf} 620x418 background image + + # These scripts looked for in the resource path + InstallationCheck $pkgpath $defaultloc $targetvol + 0:ok 32:warn 32+x:warn[1] 64:stop 96+x:stop[2] + VolumeCheck $volpath + 0:ok 32:failure 32+x:failure[3] + preflight $pkgpath $targetloc $targetvol [priv] + preinstall $pkgpath $targetloc $targetvol [priv] + preupgrade $pkgpath $targetloc $targetvol [priv] + postinstall $pkgpath $targetloc $targetvol [priv] + postupgrade $pkgpath $targetloc $targetvol [priv] + postflight $pkgpath $targetloc $targetvol [priv] + 0:ok else fail (for all scripts) + + A detailed reason is deduced by finding an index x (16..31) + in the file InstallationCheck.strings or VolumeCheck.strings. + + Scripts marked [priv] are executed with root privileges. + None of the [priv] scripts are used by metapackages. + + # Default permissions + Permissions of existing directories should match those + of a clean install of the OS; typically root:admin 0775 + New directories or files should be 0775 or 0664 with the + appropriate user:group. + Exceptions: + /etc root:admin 0755 + /var root:admin 0755 + + + Info.plist = { + CFBundleGetInfoString: "1.2.3, One Identity LLC.", + CFBundleIdentifier: "com.quest.rc.openssh", + CFBundleShortVersionString: "1.2.3", + IFMajorVersion: 1, + IFMinorVersion: 2, + IFPkgFlagAllowBackRev: false, + IFPkgFlagAuthorizationAction: "AdminAuthorization", + IFPkgFlagDefaultLocation: "/", + IFPkgFlagFollowLinks: true, + IFPkgFlagInstallFat: false, + IFPkgFlagInstalledSize: , # this is added by packagemaker + IFPkgFlagIsRequired: false, + IFPkgFlagOverwritePermissions: false, + IFPkgFlagRelocatable: false, + IFPkgFlagRestartAction: "NoRestart", + IFPkgFlagRootVolumeOnly: false, + IFPkgFlagUpdateInstalledLanguages: false, + IFPkgFormatVersion= 0.10000000149011612, + IFRequirementDicts: [ { + Level = "requires", + SpecArgument = "/opt/quest/lib/libvas.4.2.0.dylib", + SpecType = "file", + TestObject = true, + TestOperator = "eq", } ] + } + + Description.plist = { + IFPkgDescriptionDescription = "this is the description text", + IFPkgDescriptionTitle = "quest-openssh" + } + + # Startup scripts + 'launchd' is a kind of combined inetd and rc/init.d system. + + Create a /Library/LaunchDaemons/$daemonname.plist file + Examples found in /System/Library/LaunchDaemons/ + See manual page launchd.plist(5) for details: + + { Label: "com.quest.rc.foo", # required + Program: "/sbin/program", + ProgramArguments: [ "/sbin/program", "arg1", "arg2" ], # required + RunAtLoad: true, + WatchPaths: [ "/etc/crontab" ], + QueueDirectories: [ "/var/cron/tabs" ], + inetdCompatibility: { Wait: false }, # inetd-only + OnDemand: false, # recommended + SessionCreate: true, + UserName: "nobody", + InitGroups: true, + Sockets: { # inetd only + Listeners: { + SockServiceName: "ssh", + Bonjour: ["ssh", "sftp-ssh"], } }, + Disabled: false, + StandardErrorPath: "/dev/null", + } + + + How to add a new user + dscl . -create /Users/$user + dscl . -create /Users/$user UserShell /bin/bash + dscl . -create /Users/$user RealName "$user" + dscl . -create /Users/$user UniqueID $uid + dscl . -create /Users/$user PrimaryGroupID $gid + dscl . -create /Users/$user NFSHomeDirectory /Users/$user + dscl . -passwd /Users/$user "$passwd" + mkdir /Users/$user + chown $uid.$gid /Users/$user + +. + + +pp_platforms="$pp_platforms macos" + +pp_backend_macos_detect () { + [ x"$1" = x"Darwin" ] +} + +pp_backend_macos_init () { + pp_macos_default_bundle_id_prefix="com.quest.rc." + pp_macos_bundle_id= + pp_macos_bundle_vendor= + pp_macos_bundle_version= + pp_macos_bundle_info_string= + pp_macos_pkg_type=bundle + pp_macos_pkg_license= + pp_macos_pkg_readme= + pp_macos_pkg_welcome= + pp_macos_sudo=sudo + pp_macos_installer_plugin= + # OS X puts the library version *before* the .dylib extension + pp_shlib_suffix='*.dylib' +} + +pp_macos_plist () { + typeset in + in="" + while test $# -gt 0; do + case "$1" in + + start-plist) cat <<-.; in=" "; shift ;; + + + +. + end-plist) echo ""; in=; shift;; + + '[') echo "$in"; in="$in "; shift;; + ']') echo "$in"; in="${in# }"; shift;; + '{') echo ""; in="$in "; shift;; + '}') echo ""; in="${in# }"; shift;; + key) shift; echo "$in$1"; shift;; + string) shift; + echo "$1" | sed -e 's/&/&/g;s//\>/g;' \ + -e 's/^/'"$in"'/;s/$/<\/string>/'; + shift;; + true) echo "$in"; shift;; + false) echo "$in"; shift;; + real) shift; echo "$in$1"; shift;; + integer) shift; echo "$in$1"; shift;; + date) shift; echo "$in$1"; shift;; # ISO 8601 format + data) shift; echo "$in$1"; shift;; # base64 encoded + *) pp_error "pp_macos_plist: bad argument '$1'"; shift;; + esac + done +} + +pp_macos_rewrite_cpio () { + typeset script + script=$pp_wrkdir/cpio-rewrite.pl + cat <<-'.' >$script + #!/usr/bin/perl + # + # Filter a cpio file, applying the user/group/mode specified in %files + # + # A CPIO header block has octal fields at the following offset/lengths: + # 0 6 magic + # 6 6 dev + # 12 6 ino + # 18 6 mode + # 24 6 uid + # 30 6 gid + # 36 6 nlink + # 42 6 rdev + # 48 11 mtime + # 59 6 namesize (including NUL terminator) + # 65 11 filesize + # 76 -- + # + use strict; + use warnings; + no strict 'subs'; + + # set %uid, %gid, %mode based on %files + my (%uid, %gid, %mode, %users, %groups); + my %type_map = ( d => 0040000, f => 0100000, s => 0120000 ); + while () { + my ($type,$mode,$uid,$gid,$flags,$name) = + m/^(.) (\S+) (\S+) (\S+) (\S+) (\S+)/; + $mode = $type eq "f" ? "0644" : "0755" if $mode eq "-"; + $uid = 0 if $uid eq "-"; + $gid = 0 if $gid eq "-"; + if ($uid ne "=" and $uid =~ m/\D/) { + unless (exists $users{$uid}) { + my @pw = getpwnam($uid) or die "bad username '$uid'"; + $users{$uid} = $pw[2]; + } + $uid = $users{$uid}; + } + if ($gid ne "=" and $gid =~ m/\D/) { + unless (exists $groups{$gid}) { + my @gr = getgrnam($gid) or die "bad group'$gid'"; + $groups{$gid} = $gr[2]; + } + $gid = $groups{$gid}; + } + $name =~ s:/$:: if $type eq "d"; + $name = ".".$name."\0"; + $uid{$name} = sprintf("%06o",int($uid)) unless $uid eq "="; + $gid{$name} = sprintf("%06o",int($gid)) unless $gid eq "="; + $mode{$name} = sprintf("%06o",oct($mode)|$type_map{$type}) unless $mode eq "="; + } + undef %users; + undef %groups; + # parse the cpio file + my $hdrlen = 76; + while (read(STDIN, my $header, $hdrlen)) { + my ($name, $namesize, $filesize); + my $filepad = 0; + if ($header =~ m/^07070[12]/) { + # SVR4 ASCII format, convert to ODC + if ($hdrlen == 76) { + # Read in rest of header and update header len for SVR4 + read(STDIN, $header, 110 - 76, 76); + $hdrlen = 110; + } + my $ino = hex(substr($header, 6, 8)) & 0x3ffff; + my $mode = hex(substr($header, 14, 8)) & 0x3ffff; + my $uid = hex(substr($header, 22, 8)) & 0x3ffff; + my $gid = hex(substr($header, 30, 8)) & 0x3ffff; + my $nlink = hex(substr($header, 38, 8)) & 0x3ffff; + my $mtime = hex(substr($header, 46, 8)) & 0xffffffff; + $filesize = hex(substr($header, 54, 8)) & 0xffffffff; + my $dev_maj = hex(substr($header, 62, 8)); + my $dev_min = hex(substr($header, 70, 8)); + my $dev = &makedev($dev_maj, $dev_min) & 0x3ffff; + my $rdev_maj = hex(substr($header, 78, 8)); + my $rdev_min = hex(substr($header, 86, 8)); + my $rdev = &makedev($rdev_maj, $rdev_min) & 0x3ffff; + $namesize = hex(substr($header, 94, 8)) & 0x3ffff; + read(STDIN, $name, $namesize); + # Header + name is padded to a multiple of 4 bytes + my $namepad = (($hdrlen + $namesize + 3) & 0xfffffffc) - ($hdrlen + $namesize); + read(STDIN, my $padding, $namepad) if ($namepad); + # File data is padded to be a multiple of 4 bytes + $filepad = (($filesize + 3) & 0xfffffffc) - $filesize; + + my $new_header = sprintf("070707%06o%06o%06o%06o%06o%06o%06o%011o%06o%011o", $dev, $ino, $mode, $uid, $gid, $nlink, $rdev, $mtime, $namesize, $filesize); + $header = $new_header; + } elsif ($header =~ m/^070707/) { + # POSIX Portable ASCII Format + $namesize = oct(substr($header, 59, 6)); + $filesize = oct(substr($header, 65, 11)); + read(STDIN, $name, $namesize); + } else { + die "bad magic"; + } + # update uid, gid and mode (already in octal) + substr($header, 24, 6) = $uid{$name} if exists $uid{$name}; + substr($header, 30, 6) = $gid{$name} if exists $gid{$name}; + substr($header, 18, 6) = $mode{$name} if exists $mode{$name}; + print($header, $name); + # check for trailer at EOF + last if $filesize == 0 && $name =~ /^TRAILER!!!\0/; + # copy-through the file data + while ($filesize > 0) { + my $seg = 8192; + $seg = $filesize if $filesize < $seg; + read(STDIN, my $data, $seg); + print $data; + $filesize -= $seg; + } + # If file data is padded, skip it + read(STDIN, my $padding, $filepad) if ($filepad); + } + # pass through any padding at the end (blocksize-dependent) + for (;;) { + my $numread = read(STDIN, my $data, 8192); + last unless $numread; + print $data; + } + exit(0); + + sub makedev { + (((($_[0] & 0xff)) << 24) | ($_[1] & 0xffffff)); + } + __DATA__ +. + # Append to the script the %files data + cat "$@" > $script + /usr/bin/perl $script || pp_error "pp_macos_rewrite_cpio error"; +} + +pp_macos_files_bom () { + typeset _l t m o g f p st owner + while read t m o g f p st; do + # make sure that $m is padded up to 4 digits long + case "$m" in + ?) m="000$m";; + ??) m="00$m";; + ???) m="0$m";; + ?????*) pp_error "pp_macos_writebom: mode '$m' too long";; + esac + + # convert owner,group into owner/group in octal + case $o in -) o=0;; esac + case $g in -) g=0;; esac + owner=`pp_d2o $o`/`pp_d2o $g` + + case $t in + f) + test x"$m" = x"000-" && m=0644 + echo ".$p 10$m $owner ` + /usr/bin/cksum < "${pp_destdir}$p" | + awk '{print $2 " " $1}'`" + ;; + d) + test x"$m" = x"000-" && m=0755 + echo ".${p%/} 4$m $owner" + ;; + s) + test x"$m" = x"000-" && m=0755 + rl=`/usr/bin/readlink "${pp_destdir}$p"` + #test x"$rl" = x"$st" || + # pp_error "symlink mismatch $rl != $st" + echo ".$p 12$m $owner ` + /usr/bin/readlink -n "${pp_destdir}$p" | + /usr/bin/cksum | + awk '{print $2 " " $1}'` $st" + ;; + esac + done +} + +pp_macos_bom_fix_parents () { + perl -pe ' + sub dirname { my $d=shift; $d=~s,/[^/]*$,,; $d; } + sub chk { my $d=shift; + &chk(&dirname($d)) if $d =~ m,/,; + unless ($seen{$d}++) { + # Make sure we do not override system directories + if ($d =~ m:^\./(etc|var)$:) { + my $tgt = "private/$1"; + my ($sum, $len) = split(/\s+/, `/usr/bin/printf "$tgt" | /usr/bin/cksum /dev/stdin`); + print "$d\t120755\t0/0\t$len\t$sum\t$tgt\n"; + } elsif ($d eq "." || $d eq "./Library") { + print "$d\t41775\t0/80\n"; + } elsif ($d eq "./Applications" || $d eq "./Developer") { + print "$d\t40775\t0/80\n"; + } else { + print "$d\t40755\t0/0\n"; + } + } + } + m/^(\S+)\s+(\d+)/; + if (oct($2) & 040000) { + $seen{$1}++; # directory + } + &chk(&dirname($1));' +} + +pp_macos_files_size () { + typeset _l t m o g f p st owner + while read t m o g f p st; do + case $t in + f) wc -c < "${pp_destdir}$p";; + s) echo 4095;; + d) ;; # always seems to be zero + esac + done | awk '{n+=1+int($1/4096)} END {print n*4}' +} + +pp_o2d () { + awk 'BEGIN { x=0; '`echo "$1" | + sed -e 's/./x=x*8+&;/g'`'print x;}' /dev/null; then + rm -f "$2" + /usr/bin/mkbom -i "$1" "$2" + return + fi + + # On 10.4 we have this nonsense. + pp_warn "mkbom workaround: copying source files to staging area" + + bomstage=$pp_wrkdir/bom_stage + $pp_macos_sudo /bin/mkdir "$bomstage" + while IFS=' ' read path mode ugid size cksumi linkpath; do + if test -h "$pp_destdir/$path"; then + $pp_macos_sudo /bin/ln -s "$linkpath" "$bomstage/$path" + else + if test -d "$pp_destdir/$path"; then + $pp_macos_sudo /bin/mkdir -p "$bomstage/$path" + else + $pp_macos_sudo /bin/cp "$pp_destdir/$path" "$bomstage/$path" + fi + $pp_macos_sudo /bin/chmod $mode "$bomstage/$path" + $pp_macos_sudo /usr/sbin/chown `echo $ugid| tr / :` "$bomstage/$path" + fi + done <"$1" + (cd $bomstage && $pp_macos_sudo mkbom . $pp_wrkdir/bom_stage.bom) || + pp_error "mkbom failed" + $pp_macos_sudo mv $pp_wrkdir/bom_stage.bom "$2" +} + +pp_backend_macos () { + : ${pp_macos_bundle_id:=$pp_macos_default_bundle_id_prefix$name} + case "$pp_macos_pkg_type" in + bundle) pp_backend_macos_bundle;; + flat) pp_backend_macos_flat;; + *) pp_error "unsupported package type $pp_macos_pkg_type";; + esac +} + +pp_backend_macos_bundle () { + typeset pkgdir Contents Resources lprojdir svc + typeset Info_plist Description_plist + typeset bundle_vendor bundle_version size cmp filelists + + mac_version=`sw_vers -productVersion` + bundle_vendor=${pp_macos_bundle_vendor:-$vendor} + + if test -z "$pp_macos_bundle_version"; then + bundle_version=`echo "$version.0.0.0" | sed -n -e 's/[^0-9.]//g' \ + -e 's/^\([0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\).*/\1/p'` + else + bundle_version="$pp_macos_bundle_version" + fi + source_version=`echo $version | sed 's/.*\.//'` + + # build the package layout + pkgdir=$pp_wrkdir/$name.pkg + Contents=$pkgdir/Contents + Resources=$Contents/Resources + lprojdir=$Resources/en.lproj + mkdir $pkgdir $Contents $Resources $lprojdir || + pp_error "Can't make package temporary directories" + + echo "major: 1" > $Resources/package_version + echo "minor: 0" >> $Resources/package_version + echo "pmkrpkg1" > $Contents/PkgInfo + case $mac_version in + "10.6"*) + xattr -w "com.apple.TextEncoding" "macintosh;0" "$Resources/package_version" + xattr -w "com.apple.TextEncoding" "macintosh;0" "$Contents/PkgInfo" + ;; + esac + + # Copy welcome file/dir for display at package install time. + if test -n "$pp_macos_pkg_welcome"; then + typeset sfx + sfx=`echo "$pp_macos_pkg_welcome"|sed 's/^.*\.\([^\.]*\)$/\1/'` + case "$sfx" in + rtf|html|rtfd|txt) ;; + *) sfx=txt;; + esac + cp -R ${pp_macos_pkg_welcome} $Resources/Welcome.$sfx + fi + + # Copy readme file/dir for display at package install time. + if test -n "$pp_macos_pkg_readme"; then + typeset sfx + sfx=`echo "$pp_macos_pkg_readme"|sed 's/^.*\.\([^\.]*\)$/\1/'` + case "$sfx" in + rtf|html|rtfd|txt) ;; + *) sfx=txt;; + esac + cp -R ${pp_macos_pkg_readme} $Resources/ReadMe.$sfx + fi + + # Copy license file/dir for display at package install time. + if test -n "$pp_macos_pkg_license"; then + typeset sfx + sfx=`echo "$pp_macos_pkg_license"|sed 's/^.*\.\([^\.]*\)$/\1/'` + case "$sfx" in + rtf|html|rtfd|txt) ;; + *) sfx=txt;; + esac + cp -R ${pp_macos_pkg_license} $Resources/License.$sfx + fi + + # Add services (may modify %files) + for svc in $pp_services .; do + test . = "$svc" && continue + pp_macos_add_service $svc + done + + # Find file lists (%files.* includes ignore files) + for cmp in $pp_components; do + test -f $pp_wrkdir/%files.$cmp && filelists="$filelists${filelists:+ }$pp_wrkdir/%files.$cmp" + done + + # compute the installed size + size=`cat $filelists | pp_macos_files_size` + + #-- Create Info.plist + Info_plist=$Contents/Info.plist + pp_macos_plist \ + start-plist \{ \ + key CFBundleGetInfoString string \ + "${pp_macos_bundle_info_string:-$version $bundle_vendor}" \ + key CFBundleIdentifier string \ + "${pp_macos_bundle_id}" \ + key CFBundleName string "$name" \ + key CFBundleShortVersionString string "$bundle_version.$source_version" \ + key IFMajorVersion integer 1 \ + key IFMinorVersion integer 0 \ + key IFPkgFlagAllowBackRev false \ + key IFPkgFlagAuthorizationAction string "RootAuthorization" \ + key IFPkgFlagDefaultLocation string "/" \ + key IFPkgFlagFollowLinks true \ + key IFPkgFlagInstallFat true \ + key IFPkgFlagInstalledSize integer $size \ + key IFPkgFlagIsRequired false \ + key IFPkgFlagOverwritePermissions true \ + key IFPkgFlagRelocatable false \ + key IFPkgFlagRestartAction string "NoRestart" \ + key IFPkgFlagRootVolumeOnly true \ + key IFPkgFlagUpdateInstalledLanguages false \ + key IFPkgFlagUseUserMask false \ + key IFPkgFormatVersion real 0.10000000149011612 \ + key SourceVersion string $source_version \ + \} end-plist> $Info_plist + + # write en.lproj/Description.plist + Description_plist=$lprojdir/Description.plist + pp_macos_plist \ + start-plist \{ \ + key IFPkgDescriptionDeleteWarning string "" \ + key IFPkgDescriptionDescription string "$pp_macos_bundle_info_string" \ + key IFPkgDescriptionTitle string "$name" \ + key IFPkgDescriptionVersion string "$bundle_version.$source_version" \ + \} end-plist > $Description_plist + + # write Resources/files + awk '{print $6}' $filelists > $Resources/files + + # write package size file + printf \ +"NumFiles 0 +InstalledSize $size +CompressedSize 0 +" > $Resources/$name.sizes + + # write Resources/preinstall + for cmp in $pp_components; do + if test -s $pp_wrkdir/%pre.$cmp; then + if test ! -s $Resources/preinstall; then + echo "#!/bin/sh" > $Resources/preinstall + chmod +x $Resources/preinstall + fi + cat $pp_wrkdir/%pre.$cmp >> $Resources/preinstall + echo : >> $Resources/preinstall + fi + done + + # write Resources/postinstall + for cmp in $pp_components; do + if test -s $pp_wrkdir/%post.$cmp; then + if test ! -s $Resources/postinstall; then + echo "#!/bin/sh" > $Resources/postinstall + chmod +x $Resources/postinstall + fi + cat $pp_wrkdir/%post.$cmp >> $Resources/postinstall + echo : >> $Resources/postinstall + fi + done + + # write Resources/postupgrade + for cmp in $pp_components; do + if test -s $pp_wrkdir/%postup.$cmp; then + if test ! -s $Resources/postupgrade; then + echo "#!/bin/sh" > $Resources/postupgrade + chmod +x $Resources/postupgrade + fi + cat $pp_wrkdir/%postup.$cmp >> $Resources/postupgrade + echo : >> $Resources/postupgrade + fi + done + + # write Resources/preremove + for cmp in $pp_components; do + if test -s $pp_wrkdir/%preun.$cmp; then + if test ! -s $Resources/preremove; then + echo "#!/bin/sh" > $Resources/preremove + chmod +x $Resources/preremove + fi + cat $pp_wrkdir/%preun.$cmp >> $Resources/preremove + echo : >> $Resources/preremove + fi + done + + # write Resources/postremove + for cmp in $pp_components; do + if test -s $pp_wrkdir/%postun.$cmp; then + if test ! -s $Resources/postremove; then + echo "#!/bin/sh" > $Resources/postremove + chmod +x $Resources/postremove + fi + cat $pp_wrkdir/%postun.$cmp >> $Resources/postremove + echo : >> $Resources/postremove + fi + done + + # write uninstall info + echo "version=$version" > $Resources/uninstall + if [ -n "$pp_macos_requires" ];then + echo "requires=$pp_macos_requires" >> $Resources/uninstall + fi + + . $pp_wrkdir/%fixup + + # Create the bill-of-materials (Archive.bom) + cat $filelists | pp_macos_files_bom | sort | + pp_macos_bom_fix_parents > $pp_wrkdir/tmp.bomls + + pp_macos_mkbom $pp_wrkdir/tmp.bomls $Contents/Archive.bom + + # Create the cpio archive (Archive.pax.gz) + ( + cd $pp_destdir && + awk '{ print "." $6 }' $filelists | sed 's:/$::' | sort | /usr/bin/cpio -o | pp_macos_rewrite_cpio $filelists | gzip -9f -c > $Contents/Archive.pax.gz + ) + + # Copy installer plugins if any + if test -n "$pp_macos_installer_plugin"; then + if test ! -f "$pp_macos_installer_plugin/InstallerSections.plist"; then + pp_error "Missing InstallerSections.plist file in $pp_macos_installer_plugin" + fi + mkdir -p $pkgdir/Plugins + cp -R "$pp_macos_installer_plugin"/* $pkgdir/Plugins + fi + + test -d $pp_wrkdir/bom_stage && $pp_macos_sudo rm -rf $pp_wrkdir/bom_stage + + rm -f ${name}-${version}.dmg + hdiutil create -fs HFS+ -srcfolder $pkgdir -volname $name ${name}-${version}.dmg +} + +pp_backend_macos_flat () { + typeset pkgdir bundledir Resources lprojdir svc + typeset Info_plist Description_plist + typeset bundle_vendor bundle_version size numfiles cmp filelists + + mac_version=`sw_vers -productVersion` + bundle_vendor=${pp_macos_bundle_vendor:-$vendor} + + if test -z "$pp_macos_bundle_version"; then + bundle_version=`echo "$version.0.0.0" | sed -n -e 's/[^0-9.]//g' \ + -e 's/^\([0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\).*/\1/p'` + else + bundle_version="$pp_macos_bundle_version" + fi + source_version=`echo $version | sed 's/.*\.//'` + + # build the flat package layout + pkgdir=$pp_wrkdir/pkg + pkgfile=$name-$version.pkg + bundledir=$pp_wrkdir/pkg/$pkgfile + Resources=$pkgdir/Resources + lprojdir=$Resources/en.lproj + mkdir $pkgdir $bundledir $Resources $lprojdir || + pp_error "Can't make package temporary directories" + + # Add services (may modify %files) + for svc in $pp_services .; do + test . = "$svc" && continue + pp_macos_add_service $svc + done + + # Find file lists (%files.* includes ignore files) + for cmp in $pp_components; do + test -f $pp_wrkdir/%files.$cmp && filelists="$filelists${filelists:+ }$pp_wrkdir/%files.$cmp" + done + + # compute the installed size and number of files/dirs + size=`cat $filelists | pp_macos_files_size` + numfiles=`cat $filelists | wc -l` + numfiles="${numfiles##* }" + + # Write Distribution file + cat <<-. >$pkgdir/Distribution + + + $name $version + + +. + if test -n "$pp_macos_pkg_welcome"; then + cp -R "${pp_macos_pkg_welcome}" $Resources + echo " " >>$pkgdir/Distribution + fi + if test -n "$pp_macos_pkg_readme"; then + cp -R "${pp_macos_pkg_readme}" $Resources + echo " " >>$pkgdir/Distribution + fi + if test -n "$pp_macos_pkg_license"; then + cp -R "${pp_macos_pkg_license}" $Resources + echo " " >>$pkgdir/Distribution + fi + cat <<-. >>$pkgdir/Distribution + + + + + + + #$pkgfile + +. + + # write scripts archive + # XXX - missing preupgrade, preflight, postflight + mkdir $pp_wrkdir/scripts + for cmp in $pp_components; do + if test -s $pp_wrkdir/%pre.$cmp; then + if test ! -s $pp_wrkdir/scripts/preinstall; then + echo "#!/bin/sh" > $pp_wrkdir/scripts/preinstall + chmod +x $pp_wrkdir/scripts/preinstall + fi + cat $pp_wrkdir/%pre.$cmp >> $pp_wrkdir/scripts/preinstall + echo : >> $pp_wrkdir/scripts/preinstall + fi + if test -s $pp_wrkdir/%post.$cmp; then + if test ! -s $pp_wrkdir/scripts/postinstall; then + echo "#!/bin/sh" > $pp_wrkdir/scripts/postinstall + chmod +x $pp_wrkdir/scripts/postinstall + fi + cat $pp_wrkdir/%post.$cmp >> $pp_wrkdir/scripts/postinstall + echo : >> $pp_wrkdir/scripts/postinstall + fi + if test -s $pp_wrkdir/%postup.$cmp; then + if test ! -s $pp_wrkdir/scripts/postupgrade; then + echo "#!/bin/sh" > $pp_wrkdir/scripts/postupgrade + chmod +x $pp_wrkdir/scripts/postupgrade + fi + cat $pp_wrkdir/%postup.$cmp >> $pp_wrkdir/scripts/postupgrade + echo : >> $pp_wrkdir/scripts/postupgrade + fi + # XXX - not supported + if test -s $pp_wrkdir/%preun.$cmp; then + if test ! -s $pp_wrkdir/scripts/preremove; then + echo "#!/bin/sh" > $pp_wrkdir/scripts/preremove + chmod +x $pp_wrkdir/scripts/preremove + fi + cat $pp_wrkdir/%preun.$cmp >> $pp_wrkdir/scripts/preremove + echo : >> $pp_wrkdir/scripts/preremove + fi + # XXX - not supported + if test -s $pp_wrkdir/%postun.$cmp; then + if test ! -s $pp_wrkdir/scripts/postremove; then + echo "#!/bin/sh" > $pp_wrkdir/scripts/postremove + chmod +x $pp_wrkdir/scripts/postremove + fi + cat $pp_wrkdir/%postun.$cmp >> $pp_wrkdir/scripts/postremove + echo : >> $pp_wrkdir/scripts/postremove + fi + done + if test "`echo $pp_wrkdir/scripts/*`" != "$pp_wrkdir/scripts/*"; then + # write scripts archive, scripts are mode 0755 uid/gid 0/0 + # resetting the owner and mode is not strictly required + ( + cd $pp_wrkdir/scripts || pp_error "Can't cd to $pp_wrkdir/scripts" + rm -f $pp_wrkdir/tmp.files.scripts + for s in *; do + echo "f 0755 0 0 - ./$s" >>$pp_wrkdir/tmp.files.scripts + done + find . -type f | /usr/bin/cpio -o | pp_macos_rewrite_cpio $pp_wrkdir/tmp.files.scripts | gzip -9f -c > $bundledir/Scripts + ) + fi + + # Write PackageInfo file + cat <<-. >$bundledir/PackageInfo + + + +. + if test -s $bundledir/Scripts; then + echo " " >>$bundledir/PackageInfo + for s in preflight postflight preinstall postinstall preupgrade postupgrade; do + if test -s "$pp_wrkdir/scripts/$s"; then + echo " <$s file=\"$s\"/>" >>$bundledir/PackageInfo + fi + done + echo " " >>$bundledir/PackageInfo + fi + cat <<-. >>$bundledir/PackageInfo + +. + + . $pp_wrkdir/%fixup + + # Create the bill-of-materials (Bom) + cat $filelists | pp_macos_files_bom | sort | + pp_macos_bom_fix_parents > $pp_wrkdir/tmp.bomls + pp_macos_mkbom $pp_wrkdir/tmp.bomls $bundledir/Bom + + # Create the cpio payload + ( + cd $pp_destdir || pp_error "Can't cd to $pp_destdir" + awk '{ print "." $6 }' $filelists | sed 's:/$::' | sort | /usr/bin/cpio -o | pp_macos_rewrite_cpio $filelists | gzip -9f -c > $bundledir/Payload + ) + awk '{print $6}' $filelists > $name.files + + # Copy installer plugins if any + if test -n "$pp_macos_installer_plugin"; then + if test ! -f "$pp_macos_installer_plugin/InstallerSections.plist"; then + pp_error "Missing InstallerSections.plist file in $pp_macos_installer_plugin" + fi + mkdir -p $pkgdir/Plugins + cp -R "$pp_macos_installer_plugin"/* $pkgdir/Plugins + fi + + test -d $pp_wrkdir/bom_stage && $pp_macos_sudo rm -rf $pp_wrkdir/bom_stage + + # Create the flat package with xar (like pkgutil --flatten does) + # Note that --distribution is only supported by Mac OS X 10.6 and above + xar_flags="--compression=bzip2 --no-compress Scripts --no-compress Payload" + case $mac_version in + "10.5"*) ;; + *) xar_flags="$xar_flags --distribution";; + esac + (cd $pkgdir && /usr/bin/xar $xar_flags -cf "../$pkgfile" *) + + echo "version=$version" > $name.uninstall +} + +pp_backend_macos_cleanup () { + : +} + +pp_backend_macos_names () { + case "$pp_macos_pkg_type" in + bundle) echo ${name}.pkg;; + flat) echo ${name}-${version}.pkg;; + *) pp_error "unsupported package type $pp_macos_pkg_type";; + esac +} + +pp_backend_macos_install_script () { + echo '#!/bin/sh' + typeset pkgname platform + + pkgname="`pp_backend_macos_names`" + platform="`pp_backend_macos_probe`" + pp_install_script_common + + cat <<. + test \$# -eq 0 && usage + op="\$1"; shift + + case "\$op" in + list-components) + test \$# -eq 0 || usage \$op + echo "$pp_components" + ;; + list-services) + test \$# -eq 0 || usage \$op + echo "$pp_services" + ;; + list-files) + test \$# -ge 1 || usage \$op + echo \${PP_PKGDESTDIR:-.}/"$pkgname" + ;; + install) + test \$# -ge 1 || usage \$op + vol=/Volumes/pp\$\$ + pkg=\$vol/${name}-${version}.pkg + hdiutil attach -readonly -mountpoint \$vol \ + \${PP_PKGDESTDIR:-.}/"$pkgname" + trap "hdiutil detach \$vol" 0 + installer -pkginfo -pkg \$pkg + installer -verbose -pkg \$pkg -target / + ;; + uninstall) + test \$# -ge 1 || usage \$op + # XXX + echo "Uninstall not implemented" >&2 + exit 1;; + start|stop) + test \$# -ge 1 || usage \$op + ec=0 + for svc + do + # XXX + echo "\${op} not implemented" >&2 + ec=1 + done + exit \$ec + ;; + print-platform) + echo "$platform" + ;; + *) + usage;; + esac +. +} + +pp_backend_macos_init_svc_vars () { + pp_macos_start_services_after_install=true + pp_macos_service_name= + pp_macos_default_service_id_prefix="com.quest.rc." + pp_macos_service_id= + pp_macos_service_user= + pp_macos_service_group= + pp_macos_service_initgroups= + pp_macos_service_umask= + pp_macos_service_cwd= + pp_macos_service_nice= + pp_macos_svc_plist_file= +} + +pp_macos_launchd_plist () { + typeset svc svc_id + + svc="$1" + svc_id="$2" + + set -- $cmd + + if [ -n "$pp_macos_svc_plist_file" ]; then + echo "## Launchd plist file already defined at $pp_macos_svc_plist_file" + return + fi + + echo "## Generating the launchd plist file for $svc" + pp_macos_svc_plist_file="$pp_wrkdir/$svc.plist" + cat <<-. > $pp_macos_svc_plist_file + + + + + Label + $svc_id + ProgramArguments + +. + while test $# != 0; do + printf " $1\n" >> $pp_macos_svc_plist_file + shift + done + cat <<-. >> $pp_macos_svc_plist_file + + KeepAlive + +. + if test -n "$pp_macos_service_user"; then + printf " UserName\n" >> $pp_macos_svc_plist_file + printf " $pp_macos_service_user\n" >> $pp_macos_svc_plist_file + fi + if test -n "$pp_macos_service_group"; then + printf " GroupName\n" >> $pp_macos_svc_plist_file + printf " $pp_macos_service_group\n" >> $pp_macos_svc_plist_file + fi + if test -n "$pp_macos_service_initgroups"; then + printf " InitGroups\n" >> $pp_macos_svc_plist_file + printf " $pp_macos_service_initgroups\n" >> $pp_macos_svc_plist_file + fi + if test -n "$pp_macos_service_umask"; then + printf " Umask\n" >> $pp_macos_svc_plist_file + printf " $pp_macos_service_umask\n" >> $pp_macos_svc_plist_file + fi + if test -n "$pp_macos_service_cwd"; then + printf " WorkingDirectory\n" >> $pp_macos_svc_plist_file + printf " $pp_macos_service_cwd\n" >> $pp_macos_svc_plist_file + fi + if test -n "$pp_macos_service_nice"; then + printf " Nice\n" >> $pp_macos_svc_plist_file + printf " $pp_macos_service_nice\n" >> $pp_macos_svc_plist_file + fi + cat <<-. >> $pp_macos_svc_plist_file + + +. +} + +pp_macos_add_service () { + typeset svc svc_id plist_file plist_dir + + pp_load_service_vars "$1" + svc=${pp_macos_service_name:-$1} + svc_id=${pp_macos_service_id:-$pp_macos_default_service_id_prefix$svc} + + #-- create a plist file for svc + pp_macos_launchd_plist "$svc" "$svc_id" + + #-- copy the plist file into place and add to %files + plist_dir="/Library/LaunchDaemons" + plist_file="$plist_dir/$svc_id.plist" + mkdir -p "$pp_destdir/$plist_dir" + cp "$pp_macos_svc_plist_file" "$pp_destdir/$plist_file" + pp_add_file_if_missing "$plist_file" + + #-- add code to start the service on install & upgrade + ${pp_macos_start_services_after_install} && <<-. >> $pp_wrkdir/%post.$svc + # start service '$svc' automatically after install + launchctl load "$plist_file" +. + ${pp_macos_start_services_after_install} && <<-. >> $pp_wrkdir/%postup.$svc + # start service '$svc' automatically after upgrade + # This is necessary if the service is new since the previous version. + # XXX: Does launchd automatically reload an service if its binary + # is replaced? + launchctl load "$plist_file" +. +} + +pp_backend_macos_probe () { + typeset name vers arch + case `sw_vers -productName` in + "Mac OS X") name="macos";; + *) name="unknown";; + esac + vers=`sw_vers -productVersion | sed -e 's/^\([^.]*\)\.\([^.]*\).*/\1\2/'` + arch=`arch` + echo "$name$vers-$arch" +} + +pp_backend_macos_vas_platforms () { + echo "osx" # XXX non-really sure what they do.. it should be "macos" +} +pp_backend_macos_function () { + case "$1" in + _pp_macos_search_unused) cat<<'.';; + # Find an unused value in the given path + # args: path attribute minid [maxid] + pp_tmp_val=$3 + while :; do + test $pp_tmp_val -ge ${4:-999999} && return 1 + /usr/bin/dscl . -search "$1" "$2" $pp_tmp_val | + grep . > /dev/null || break + pp_tmp_val=`expr $pp_tmp_val + 1` + done + echo $pp_tmp_val +. + pp_mkgroup:depends) echo _pp_macos_search_unused;; + pp_mkgroup) cat<<'.';; + set -e + /usr/bin/dscl . -read /Groups/"$1" >/dev/null 2>&1 && return + pp_tmp_gid=`_pp_macos_search_unused /Groups PrimaryGroupID 100` + /usr/bin/dscl . -create /Groups/"$1" + /usr/bin/dscl . -create /Groups/"$1" PrimaryGroupID $pp_tmp_gid + /usr/bin/dscl . -create /Groups/"$1" RealName "Group $1" + /usr/bin/dscl . -create /Groups/"$1" GroupMembership "" + /usr/bin/dscl . -create /Groups/"$1" Password '*' +. + pp_mkuser:depends) echo pp_mkgroup _pp_macos_search_unused;; + pp_mkuser) cat<<'.';; + set -e + /usr/bin/dscl . -read /Users/"$1" >/dev/null 2>&1 && return + pp_tmp_uid=`_pp_macos_search_unused /Users UniqueID 100` + pp_mkgroup "${2:-$1}" + pp_tmp_gid=`/usr/bin/dscl . -read /Groups/"${2:-$1}" \ + PrimaryGroupID | awk '{print $2}'` + /usr/bin/dscl . -create /Users/"$1" + /usr/bin/dscl . -create /Users/"$1" PrimaryGroupID $pp_tmp_gid + /usr/bin/dscl . -create /Users/"$1" NFSHomeDirectory \ + "${3:-/var/empty}" + /usr/bin/dscl . -create /Users/"$1" UserShell \ + "${4:-/usr/bin/false}" + /usr/bin/dscl . -create /Users/"$1" RealName "$1" + /usr/bin/dscl . -create /Users/"$1" UniqueID $pp_tmp_uid + /usr/bin/dscl . -create /Users/"$1" Password '*' +. + pp_havelib) cat<<'.';; + # (use otool -L to find dependent libraries) + for pp_tmp_dir in `echo "${3:+$3:}/usr/local/lib:/lib:/usr/lib" | + tr : ' '`; do + test -r "$pp_tmp_dir/lib$1{$2:+.$2}.dylib" && return 0 + done + return 1 +. + *) false;; + esac +} + +pp_platforms="$pp_platforms inst" + +pp_backend_inst_detect () { + case "$1" in + IRIX*) return 0;; + *) return 1;; + esac +} + +pp_backend_inst_init () { + pp_readlink_fn=pp_ls_readlink +} + +pp_backend_inst_create_idb() +{ + typeset t m o g f p st + + while read t m o g f p st; do + if test x"$o" = x"-"; then + o="root" + fi + if test x"$g" = x"-"; then + g="sys" + fi + case "$t" in + f) test x"$m" = x"-" && m=444 + echo "f 0$m $o $g $p $p $name.sw.base" + ;; + d) test x"$m" = x"-" && m=555 + echo "d 0$m $o $g $p $p $name.sw.base" + ;; + s) test x"$m" = x"-" && m=777 + test x"$m" = x"777" || + pp_warn "$p: invalid mode $m for symlink, should be 777 or -" + echo "l 0$m $o $g $p $p $name.sw.base symval($st)" + ;; + esac + done +} + +pp_backend_inst_create_spec() +{ + echo "product $name" + echo " id \"${summary}. Version: ${version}\"" + echo " image sw" + echo " id \"Software\"" + echo " version $version" + echo " order 9999" + echo " subsys base" + echo " id \"Base Software\"" + echo " replaces self" + echo " exp $name.sw.base" + echo " endsubsys" + echo " endimage" + echo "endproduct" +} + +pp_backend_inst () { + curdir=`pwd` + + cd "$pp_opt_wrkdir" + + # initialize + pp_inst_tardist=tardist + pp_inst_spec=${name}.spec + pp_inst_idb=${name}.idb + + rm -rf $pp_inst_tardist $pp_inst_spec $pp_inst_idb + mkdir -p $pp_inst_tardist + + # Create idb file + (for _cmp in $pp_components; do + cat %files.$_cmp | sort +4u -6 | pp_backend_inst_create_idb + done) >> $pp_inst_idb + + pp_backend_inst_create_spec >> $pp_inst_spec + + # Generate tardist + gendist -verbose -all -root / -source $pp_opt_destdir -idb $pp_inst_idb -spec $pp_inst_spec -dist $pp_inst_tardist $name + tar -cvf `pp_backend_inst_names` $pp_inst_tardist + + cd "$curdir" +} + +pp_backend_inst_cleanup () { + : +} + +pp_backend_inst_names () { + echo ${name}-${version}.tardist +} + +pp_backend_inst_install_script () { + : +} + +pp_backend_inst_function () { + echo false +} + +pp_backend_inst_init_svc_vars () { + : +} + +pp_backend_inst_probe () { + cpu=`hinv|sed -n '/^CPU/{s/000 /k /;s/^CPU: //;s/ Process.*//;s/^MIPS //;p;q;}'|tr A-Z a-z` + echo irix`uname -r`-$cpu +} + +pp_backend_inst_vas_platforms () { + echo "irix-65" +} + +pp_platforms="$pp_platforms null" + +pp_backend_null_detect () { + ! : +} + +pp_backend_null_init () { + : +} + + +pp_backend_null () { + : +} + +pp_backend_null_cleanup () { + : +} + +pp_backend_null_names () { + : +} + +pp_backend_null_install_script () { + : +} + +pp_backend_null_function () { + echo false +} + +pp_backend_null_init_svc_vars () { + : +} + +pp_backend_null_probe () { + echo unknown-unknown +} + +pp_backend_null_vas_platforms () { +: +} + +pp_platforms="$pp_platforms bsd" + +pp_bsd_munge_text () { + # Insert a leading space on each line, replace blank lines with a + #space followed by a full-stop. + test -z "$1" && pp_die "pp_bsd_munge_text requires a parameter" + echo ${1} | sed "s,^\(.*\)$, \1, " | sed "s,^[ \t]*$, .,g" +} + +pp_backend_bsd_detect () { + test x"$1" = x"FreeBSD" +} + +pp_backend_bsd_init () { + + # Get the OS revision + pp_bsd_detect_os + + # Get the arch (i386/amd64) + pp_bsd_detect_arch + + pp_bsd_name= + pp_bsd_version= + pp_bsd_origin= + pp_bsd_comment= + pp_bsd_arch= + pp_bsd_abi= + pp_bsd_www= + pp_bsd_maintainer= + pp_bsd_prefix="/usr/local/" + pp_bsd_desc= + pp_bsd_message= + + # pp_bsd_category must be in array format comma separated + # pp_bsd_category=[security,network] + pp_bsd_category= + + # pp_bsd_licenselogic can be one of the following: single, and, or unset + pp_bsd_licenselogic= + + # pp_bsd_licenses must be in array format comma separated + # pp_bsd_licenses=[GPLv2,MIT] + pp_bsd_licenses= + + # pp_bsd_annotations. These can be any key: value pair + # key must be separated by a : + # keyvalue pairs must be comma separated + # pp_bsd_annotations="repo_type: binary, somekey: somevalue" + # since all packages created by PolyPackage will be of type binary + # let's just set it now. + pp_bsd_annotations="repo_type: binary" + + pp_bsd_dbg_pkgname="debug" + pp_bsd_dev_pkgname="devel" + pp_bsd_doc_pkgname="doc" + + # Make sure any programs we require are installed + pp_bsd_check_required_programs + +} + +pp_bsd_cmp_full_name () { + typeset prefix + prefix="${pp_bsd_name:-$name}" + case "$1" in + run) echo "${prefix}" ;; + dbg) echo "${prefix}-${pp_bsd_dbg_pkgname}";; + dev) echo "${prefix}-${pp_bsd_dev_pkgname}";; + doc) echo "${prefix}-${pp_bsd_doc_pkgname}";; + *) pp_error "unknown component '$1'"; + esac +} + +pp_bsd_check_required_programs () { + local p needed notfound ok + needed= notfound= + + # list of programs FreeBSD needs in order to create a binary package + for prog in ${pp_bsd_required_programs:-"pkg"} + do + if which $prog 2>&1 > /dev/null; then + pp_debug "$prog: found" + else + pp_debug "$prog: not found" + case "$prog" in + pkg) p=pkg;; + *) pp_die "Unexpected pkg tool $prog";; + esac + notfound="$notfound $prod" + pp_contains "$needed" "$p" || needed="$needed $p" + fi + done + if [ -n "$notfound" ]; then + pp_error "cannot find these programs: $notfound" + pp_error "please install these packages: $needed" + fi +} + +pp_bsd_detect_os () { + typeset revision + + pp_bsd_os=`uname -s` + revision=`uname -r` + pp_bsd_os_rev=`echo $revision | awk -F '-' '{print $1}'` +} + +pp_bsd_detect_arch() { + pp_bsd_platform="`uname -m`" + case $pp_bsd_platform in + amd64) pp_bsd_platform_std=x86_64;; + i386) pp_bsd_platform_std=i386;; + *) pp_bsd_platform_std=unknown;; + esac +} + +pp_bsd_label () { + local label arg + label="$1"; shift + for arg + do + test -z "$arg" || echo "$label: $arg" + done +} + +pp_bsd_make_annotations () { + + test -z $1 && pp_die "pp_bsd_make_annotations requires a parameter" + manifest=$1 + + # Add annotations. These can be any key: value pair + # key must be separated by a : + # key:value pairs must be comma separated. + if test -n "$pp_bsd_annotations"; then + pp_debug "Processing annotations:" + pp_bsd_label "annotations" "{" >> $manifest + + SAVEIFS=$IFS + IFS=, + for annotate in $pp_bsd_annotations; do + # Remove any spaces at the start of the line + annotate=`echo $annotate | sed 's/^ *//'` + pp_debug " $annotate" + echo " $annotate" >> $manifest + done + IFS=$SAVEIFS + echo "}" >> $manifest + fi +} + +pp_bsd_make_depends() { + typeset package origin version + cmp=$1 + manifest=$2 + + if test -s $pp_wrkdir/%depend.${cmp}; then + echo "deps: {" >> $manifest + cat $pp_wrkdir/%depend.${cmp} | while read package origin version; do + if test x != x$package; then + pp_debug "Processing dependency: $package" + if test x != x$origin -a x != x$version; then + pp_debug " $package: {origin: \"$origin\", version: \"$version\"}" + echo " $package: {origin: \"$origin\", version: \"$version\"}" >> $manifest + else + pp_warn "Dependency $package is missing origin or version or both" + fi + fi + done + echo "}" >> $manifest + fi +} + +pp_bsd_make_messages () { + test -z $1 && pp_die "pp_bsd_make_messages requires a parameter" + manifest=$1 + + pp_debug "Processing messages" + + # Empty messages: [ ] is OK in the manifest + pp_bsd_label "messages" "[" >> $manifest + # Look for a single message in the variable pp_bsd_message + if test -n "$pp_bsd_message"; then + echo " { message: \"`pp_bsd_munge_text "$pp_bsd_message"`\" }," >> $manifest + fi + local a=1 + # Look for messages in the variables pp_bsd_message_[1..n] + var="pp_bsd_messages_1" + while [ -n "${!var}" ]; do + echo " { message: \"`pp_bsd_munge_text "${!var}"`\" }," >> $manifest + a=`expr $a + 1` + var="pp_bsd_messages_$a" + done + echo "]" >> $manifest +} + +pp_bsd_make_manifest() { + local cmp manifest + + cmp="$1" + manifest="$2" + + package_name=`pp_bsd_cmp_full_name $cmp` + + # Required for pkg +MANIFEST + cat <<-. >> $manifest + name: "${package_name}" + version: "${pp_bsd_version:-$version}" + origin: "${pp_bsd_origin}" + www: "${pp_bsd_www}" + desc: "`pp_bsd_munge_text "${pp_bsd_desc:-$description}"`" + comment: "${pp_bsd_comment:-$summary}" + maintainer: "${pp_bsd_maintainer}" + prefix: "${pp_bsd_prefix}" +. + + # Optional, so if they are not included in the pkg-product.pp file then do not create the label + pp_bsd_label "categories" "${pp_bsd_categories}" >> $manifest + pp_bsd_label "arch" "${pp_bsd_arch}" >> $manifest + pp_bsd_label "abi" "${pp_bsd_abi}" >> $manifest + pp_bsd_label "licenselogic" "${pp_bsd_licenselogic}" >> $manifest + pp_bsd_label "licenses" "${pp_bsd_licenses}" >> $manifest + + pp_bsd_make_annotations $manifest + pp_bsd_make_depends $cmp $manifest + + pp_bsd_make_messages $manifest +} + +pp_bsd_fakeroot () { + if test -s $pp_wrkdir/fakeroot.save; then + fakeroot -i $pp_wrkdir/fakeroot.save -s $pp_wrkdir/fakeroot.save "$@" + else + fakeroot -s $pp_wrkdir/fakeroot.save "$@" + fi +} + +pp_bsd_make_data() { + # t = file type + # m = file mode + # o = file owner + # g = file group + # f = ? + # p = file path + # st = file link + # + # EXAMPLE: f 755 root httpd v /usr/bin/hello goodbye + # -> /usr/bin/hello: {uname: root, gname: httpd, perm: 755 } goodbye + typeset _l t m o g f p st datadir + cmp=$1 + datadir=$pp_wrkdir/`pp_bsd_cmp_full_name $cmp` + local path + + outfilelist="$pp_wrkdir/files.list.$cmp" + outdirslist="$pp_wrkdir/dirs.list.$cmp" + + pp_debug "Processing $pp_wrkdir/%file.${cmp}" + + echo "files: {" > $outfilelist + echo "directories: {" > $outdirslist + + cat $pp_wrkdir/%files.${cmp} | while read t m o g f p st; do + test x"$o" = x"-" && o="${pp_bsd_defattr_uid:-root}" + test x"$g" = x"-" && g="${pp_bsd_defattr_gid:-wheel}" + path=$p + case "$t" in + f) # Files + # For now just skip the file if it is volatile, we will need to remove it in the pre uninstall script + if [ x"$f" != x"v" ]; then + # If the directory doesn't exist where we are going to copy this file, then create it first + if [ ! -d `dirname "$datadir$path"` ]; then + pp_debug "creating directory `dirname "$datadir$path"`" + mkdir -p `dirname "$datadir$path"` + fi + + pp_debug "install -D $datadir -o $o -g $g -h sha256 -m ${m} -v $pp_destdir$p $datadir$path"; + pp_bsd_fakeroot install -D $datadir -o $o -g $g -h sha256 -m ${m} -v $pp_destdir$p $datadir$path; + echo " \"$path\": \"-\", \"$path\": {uname: $o, gname: $g, perm: ${m}}" >> $outfilelist; + else + pp_warn "file $f was marked as volatile, skipping" + fi; + ;; + d) # Directories + pp_debug "install -D $datadir -o $o -g $g -m ${m} -d -v $datadir$path"; + pp_bsd_fakeroot install -D $datadir -o $o -g $g -m ${m} -d -v $datadir$path; + echo " \"$path\": \"-\", \"$path\": {uname: $o, gname: $g, perm: ${m}}" >> $outdirslist; + ;; + s) # Symlinks + pp_debug "Found symlink: $datadir$path"; + # Remove leading / + rel_p=`echo $p | sed s,^/,,` + (cd $datadir; ln -sf $st $rel_p); + # Do we care if the file doesn't exist? Just symnlink it regardless and throw a warning? This will be important in the case + # where we depend on other packages to be installed and will be using the libs from that package. + if [ ! -e "$datadir$path" ]; then + pp_warn "$datadir$path does not exist" + fi + echo " \"$path\": \"$st\"" >> $outfilelist; + ;; + *) pp_error "Unsupported data file type: %t";; + esac + done + + echo "}" >> $outfilelist + echo "}" >> $outdirslist + cat $outfilelist >> $manifest + cat $outdirslist >> $manifest + + pp_debug "Finished processing $pp_wrkdir/%file.${cmp}" +} + +pp_bsd_makebsd() { + typeset cmp + typeset package_build_dir + local manifest postinstall preinstall preuninstall postuninstall preupgrade postupgrade + + cmp="$1" + + if test -z "$pp_bsd_platform"; then + pp_error "Unknown BSD architecture" + return 1 + fi + + _subname=`pp_bsd_cmp_full_name $cmp` + package_build_dir=$pp_wrkdir/$_subname + + manifest="$package_build_dir/+MANIFEST" + postinstall="$package_build_dir/+POST_INSTALL" + preinstall="$package_build_dir/+PRE_INSTALL" + preuninstall="$package_build_dir/+PRE_DEINSTALL" + postuninstall="$package_build_dir/+POST_DEINSTALL" + preupgrade="$package_build_dir/+PRE_UPGRADE" + postupgrade="$package_build_dir/+POST_UPGRADE" + + # Create package dir + mkdir -p $package_build_dir + + pp_bsd_make_manifest $cmp $manifest + pp_bsd_make_data $cmp + + pp_debug "Processing pre/post install scripts" + + if test -s $pp_wrkdir/%pre.$cmp; then + pp_debug "Found %pre.$cmp" + { + cat "$pp_wrkdir/%pre.$cmp" + } > $preinstall + pp_debug "Created $preinstall" + fi + + if test -s $pp_wrkdir/%post.$cmp; then + pp_debug "Found %post.$cmp" + { + echo "# Post install script for " + cat "$pp_wrkdir/%post.$cmp" + } > $postinstall + pp_debug "Created $postinstall" + fi + + pp_debug "Processing pre/post uninstall scripts" + + if test -s $pp_wrkdir/%preun.$cmp; then + pp_debug "Found %preun.$cmp" + { + echo "# Pre uninstall script for ${pp_bsd_name:-$name}" + cat "$pp_wrkdir/%preun.$cmp" + } > $preuninstall + pp_debug "Created pkg $preuninstall" + fi + + if test -s $pp_wrkdir/%postun.$cmp; then + pp_debug "Found %postun.$cmp" + { + echo "# Post uninstall script for ${pp_bsd_name:-$name}" + cat "$pp_wrkdir/%postun.$cmp" + } > $postuninstall + pp_debug "Created $postuninstall" + fi + + if test -s $pp_wrkdir/%preup.$cmp; then + pp_debug "Found %preup.$cmp" + { + echo "# Pre upgrade script for ${pp_bsd_name:-$name}" + cat "$pp_wrkdir/%preup.$cmp" + } > $preupgrade + pp_debug "Created pkg $preupgrade" + fi + + if test -s $pp_wrkdir/%postup.$cmp; then + pp_debug "Found %postup.$cmp" + { + echo "# Post upgrade script for ${pp_bsd_name:-$name}" + cat "$pp_wrkdir/%postup.$cmp" + } > $postupgrade + pp_debug "Created $postupgrade" + fi +} + +pp_backend_bsd() { + #get-files-dir-entries + #create-manifest + #create-preuninstall + #create-postinstall + #create-package + # + pp_bsd_handle_services + + for cmp in $pp_components + do + _subname=`pp_bsd_cmp_full_name $cmp` + pp_debug "Generating packaging specific files for $_subname" + pp_bsd_makebsd $cmp + done + + # call this to fixup any files before creating the actual packages + . $pp_wrkdir/%fixup + + for cmp in $pp_components + do + _subname=`pp_bsd_cmp_full_name $cmp` + package_build_dir=$pp_wrkdir/$_subname + # Build the actual packages now + pp_debug "Building FreeBSD $_subname" + pp_debug "Running package create command: pkg create -m $package_build_dir -r $pp_wrkdir/`pp_bsd_cmp_full_name $cmp` -o $pp_wrkdir" + pp_bsd_fakeroot pkg create -m $package_build_dir -r $pp_wrkdir/`pp_bsd_cmp_full_name $cmp` -o $pp_wrkdir -v + done + +} + +pp_bsd_name () { + typeset cmp="${1:-run}" + echo `pp_bsd_cmp_full_name $cmp`"-${pp_bsd_version:-$version}.txz" +} + +pp_backend_bsd_names () { + for cmp in $pp_components; do + echo `pp_bsd_cmp_full_name $cmp`"-${pp_bsd_version:-$version}.txz" + done +} + +pp_backend_bsd_cleanup () { + : +} + +pp_backend_bsd_probe () { + echo "${pp_bsd_os}-${pp_bsd_platform_std}" + echo "${pp_bsd_os}${pp_bsd_os_rev}-${pp_bsd_platform_std}" +} + + +pp_backend_bsd_vas_platforms() { + case "${pp_bsd_platform_std}" in + x86_64) echo "FreeBSD-x86_64.txz FreeBSD-i386.txz";; + i386) echo "FreeBSD-i386.txz";; + *) pp_die "unknown architecture $pp_bsd_platform_std";; + esac +} + + +pp_backend_bsd_install_script () { + typeset cmp _cmp_full_name + + echo "#!/bin/sh" + pp_install_script_common + + cat <<. + + cmp_to_pkgname () { + test x"\$*" = x"all" && set -- $pp_components + for cmp + do + case \$cmp in +. + for cmp in $pp_components; do + echo " $cmp) echo '`pp_bsd_cmp_full_name $cmp`';;" + done + + cat <<. + *) usage;; + esac + done + } + + cmp_to_pathname () { + test x"\$*" = x"all" && + set -- $pp_components + for cmp + do + case \$cmp in +. + for cmp in $pp_components; do + echo " $cmp) echo \${PP_PKGDESTDIR:-.}/'`pp_bsd_name $cmp`';;" + done + + cat <<. + *) usage;; + esac + done + } + + test \$# -eq 0 && usage + op="\$1"; shift + case "\$op" in + list-components) + test \$# -eq 0 || usage \$op + echo $pp_components + ;; + list-services) + test \$# -eq 0 || usage \$op + echo $pp_services + ;; + list-files) + test \$# -ge 1 || usage \$op + cmp_to_pathname "\$@" + ;; + install) + test \$# -ge 1 || usage \$op + pkg add \`cmp_to_pathname "\$@"\` + ;; + uninstall) + test \$# -ge 1 || usage \$op + pkg remove \`cmp_to_pkgname "\$@"\`; : + ;; + start|stop) + test \$# -ge 1 || usage \$op + ec=0 + for svc + do + /etc/rc.d/\$svc \$op || ec=1 + done + exit \$ec + ;; + print-platform) + test \$# -eq 0 || usage \$op + echo "${pp_bsd_os}-${pp_bsd_platform}" + echo '`pp_backend_bsd_probe`' + ;; + *) + usage + ;; + esac +. +} +pp_backend_bsd_init_svc_vars () { + svc_process_regex="${pp_bsd_svc_process_regex}" + svc_description=$summary + svc_init_prefix="${pp_bsd_prefix}" + svc_init_filename="${pp_bsd_svc_init_filename}" # == $svc + svc_init_filepath="${pp_bsd_svc_init_filepath}" # == $pp_bsd_prefix/etc/rc.d/ by default + + bsd_svc_before="${pp_bsd_svc_before}" + bsd_svc_require="${pp_bsd_svc_require}" + bsd_svc_keyword="${pp_bsd_svc_keyword}" + +} + +pp_bsd_service_make_init_info() { + local svc=$1 + local out=$2 + cat <<-. >$out + #!/bin/sh + # + # FreeBSD Script Header Detail + # + # PROVIDE: $svc +. + + if [ ! -z "$bsd_svc_before" ]; then + cat <<-. >>$out + # BEFORE: $bsd_svc_before +. + fi + + if [ ! -z "$bsd_svc_require" ]; then + cat <<-. >>$out + # REQUIRE: $bsd_svc_require +. + fi + + if [ ! -z "$bsd_svc_keyword" ]; then + cat <<-. >>$out + # KEYWORD: $bsd_svc_keyword +. + fi + + cat <<-'.' >>$out + ### END INIT INFO + +. + +} + +pp_bsd_service_make_init_set_vars() { + local svc=$1 + local out=$2 + + svc_command="$cmd" + svc_pre_command="${pp_bsd_svc_pre_command}" + svc_pre_command_args="${pp_bsd_svc_pre_command_args}" + + local run_command="${svc_pre_command:-$svc_command}" + local run_pre_command_args="${svc_pre_command:+"${svc_pre_command_args}"}" + local run_post_command_args="${svc_command:+"${svc_command_args}"}" + local run_post_command_without_pre_command="${svc_pre_command:+"$svc_command"}" + local run_post_command_with_args="${run_post_command_without_pre_command}${run_post_command_args:+" $run_post_command_args"}" + local run_command_args="${run_pre_command_args:+"$run_pre_command_args"}${run_post_command_with_args:+" $run_post_command_with_args"}" + + # https://www.freebsd.org/cgi/man.cgi?query=rc.subr + cat <<-. >>$out + # FreeBSD rc subroutines + . /etc/rc.subr + + # 0: Not running. + # 1: Running normally + # 2: Running, but no PID file. + # 3: Running, but PID file doesn't match running processes. + # If the PID file is found but no process, the file is removed and 0 is returned. + DAEMON_RUNNING=0 + + name="$svc" + desc="${svc_description:-\$name}" + + start_cmd="\${name}_start" + status_cmd="\${name}_status" + stop_cmd="\${name}_stop" + + # Loads any variables set in /etc/rc.conf.d/\$name + load_rc_config \$name + + : \${${svc}_enable:="Yes"} + : \${${svc}_pidfile:="${pidfile:-/var/run/\${name\}.pid}"} + : \${${svc}_args:="$run_command_args"} + : \${${svc}_cmd:="$run_command"} + + # Regex used in the pp_check_daemon_running ps check to find our running processe(s) + # If it's set in /etc/rc.conf.d/\$name this will be used first + # then check if pp_bsd_svc_process_regex is set, finally set to the \${name}_cmd + # When set to \${name}_cmd pp_check_daemon_running will only find the parent process pid + : \${${svc}_process_regex:="${pp_bsd_svc_process_regex:-${cmd}}"} + + # For additional information about the rc.subr see: + # https://www.freebsd.org/cgi/man.cgi?query=rc.subr + rcvar="\${name}_enable" + + pidfile=\${${svc}_pidfile} + + command="\$${svc}_cmd" + command_args="\$${svc}_args" + +. + +} + +pp_bsd_service_make_init_body() { + local svc=$1 + local out=$2 + + cat<<-'.' >>$out + pp_exec_cmd() { (eval $command $command_args) } + + pp_success_msg () { echo ${1:+"$*:"} OK; } + pp_failure_msg () { echo ${1:+"$*:"} FAIL; } + pp_warning_msg () { echo ${1:+"$*:"} WARNING; } + + #-- prints a status message + pp_msg () { echo -n "$*: "; } + + # Kills process $1. + # First a sigterm, then wait up to 10 seconds + # before issuing a sig kill. + pp_signal () { + # Kill the processes the nice way first + if [ -z "$1" ]; then + # No pid file. Use the list from pp_check_daemon_running + kill $PROCESSES 2>/dev/null + else + kill $1 2>/dev/null + fi + count=1 + + #Check to make sure the processes died, if not kill them the hard way + while [ $count -le 10 ]; do + sleep 1 + pp_check_daemon_running + if [ $DAEMON_RUNNING -eq 0 ]; then + break; + fi + if [ $count -eq 1 ]; then + # We tried killing the pid associated to the pidfile, now try the ones we found from pp_check_daemon_running + kill $PROCESSES 2>/dev/null + fi + count=`expr $count + 1` + done + # Check one more time to make sure we got them all + if [ $DAEMON_RUNNING -ne 0 ]; then + # These guys don't want to go down the nice way, now just kill them + kill -9 $PROCESSES 2>/dev/null + fi + # make sure to remove the pidfile + rm -f $pidfile + } + + # Check to see if the daemon process is running + # Sets the PROCESSES global variable with all pids that match + # ${name}_process_regex + # Sets global variable DAEMON_RUNNING to one of the following: + # 0: Not Running + # 1: Running normally + # 2: Running, but no PID file + # 3: Running, but PID file doesn't match running processes. + # + pp_check_daemon_running() + { + DAEMON_RUNNING=0 +. + cat<<-. >>$out + + PROCESSES="\`eval ps -axo pid,args | grep "\${${svc}_process_regex}" | grep -v grep | awk '{print \$1}'\`" + +. + cat<<-'.' >>$out + if [ -f $pidfile ]; then + if [ ! -z "$PROCESSES" ]; then + PARENT_PID=`cat $pidfile 2>/dev/null` + PPROCESS=`echo $PROCESSES | grep "${PARENT_PID:-"NOPID"}"` + if [ $? -eq 0 ]; then + DAEMON_RUNNING=1 + else + DAEMON_RUNNING=3 + fi + else + rm -r $pidfile + fi + else + if [ ! -z "$PROCESSES" ]; then + DAEMON_RUNNING=2 + fi + fi + } +. + cat <<-. >>$out + + # starts the service + ${svc}_start() +. + cat <<-'.' >>$out + { + pp_msg "Starting ${desc}" + pp_check_daemon_running + + if [ $DAEMON_RUNNING -eq 0 ]; then + pp_exec_cmd + RETVAL=$? + if [ $RETVAL -eq 0 ]; then + pp_success_msg + else + pp_failure_msg "cannot start" + fi + else + if [ $DAEMON_RUNNING -eq 1 ]; then + pp_success_msg "${name} appears to be running already" + else + pp_warning_msg "${name} is already running but without a pid file" + fi + fi + } + +. + + cat <<-. >>$out + # stops the service + ${svc}_stop() +. + + cat <<-'.' >>$out + { + pp_msg "Stopping ${desc}" + pp_check_daemon_running + + if [ $DAEMON_RUNNING -ne 0 ]; then + pp_signal `cat $pidfile 2>/dev/null` + if [ -n "$pidfile" ]; then + loop_cnt=1 + while [ -e ${pidfile} ]; do + sleep 1 + loop_cnt=`expr $loop_cnt + 1` + if [ $loop_cnt -eq 10 ]; then + break + fi + done + fi + rm -f $pidfile + + pp_success_msg + else + pp_failure_msg + echo -n "$desc does not appear to be running." + echo + fi + } +. + + cat <<-. >>$out + # prints information about the service status + # returns: + # 0=running + # 1=Not running + # 2=Running without pidfile + # 3=Running with pid that doesn't match pidfile + ${svc}_status() +. + + cat <<-'.' >>$out + { + pp_msg "Checking ${desc}" + pp_check_daemon_running + if [ $DAEMON_RUNNING -eq 1 ]; then + pp_success_msg "PID $PARENT_PID: running" + return 0 + else + if [ $DAEMON_RUNNING -eq 0 ]; then + pp_failure_msg "not running" + return 1 + elif [ $DAEMON_RUNNING -eq 2 ]; then + pp_warning_msg "running without a pid file" + return 2 + else + pp_warning_msg "running but pid file doesn't match running processe()" + return 3 + fi + fi + } + + run_rc_command "$1" +. +} + +pp_bsd_service_make_init_script () { + local svc=${svc_init_filename:-$1} + local script="${svc_init_filepath:-"${svc_init_prefix}/etc/rc.d"}/$svc" + script=`echo $script | sed 's://*:/:g'` + local out=$pp_destdir$script + + pp_add_file_if_missing $script run 755 || return 0 + + pp_bsd_service_make_init_info "$svc" "$out" + pp_bsd_service_make_init_set_vars "$svc" "$out" + pp_bsd_service_make_init_body "$svc" "$out" + + chmod 755 $out + +} + +pp_bsd_handle_services () { + if test -n "$pp_services"; then + for svc in $pp_services; do + pp_load_service_vars $svc + # Append some code to %post to install the svc TODO: Figure out why/what + pp_bsd_service_make_init_script $svc + # prepend some code to %preun to uninstall svc TODO: Figure out why/what + done + fi +} +pp_backend_bsd_function() { + case "$1" in + pp_mkgroup) cat<<'.';; + /usr/sbin/pw group show "$1" 2>/dev/null && return 0 + /usr/sbin/pw group add "$1" +. + pp_mkuser:depends) echo pp_mkgroup;; + pp_mkuser) cat<<'.';; + #Check if user exists + /usr/sbin/pw user show "$1" 2>/dev/null && return 0 + pp_mkgroup "${2:-$1}" || return 1 + echo "Creating user $1" + /usr/sbin/pw user add \ + -n "$1" \ + -d "${3:-/nonexistent}" \ + -g "${2:-$1}" \ + -s "${4:-/bin/false}" +. + pp_havelib) cat<<'.';; + for pp_tmp_dir in `echo "/usr/local/lib:/usr/lib:/lib${3:+:$3}" | tr : ' '`; do + test -r "$pp_tmp_dir/lib$1.so{$2:+.$2}" && return 0 + done + return 1 +. + *) false;; + esac +} +pp_systemd_make_service_file() { + local svc f + + if [ "${pp_systemd_disabled:-false}" = "true" ]; then + return + fi + + svc="$1" + f="${pp_systemd_service_dir:-/opt/quest/libexec/vas}/$svc.service" + pp_add_file_if_missing $f run 644 v || return 0 + + cat <<. >$pp_destdir$f + +[Unit] +Description=${pp_systemd_service_description:-"systemd service file for $svc"} +${pp_systemd_service_man:+"Documentation=$pp_systemd_service_man"} +${pp_systemd_service_documentation:+"Documentation=$pp_systemd_service_documentation"} +${pp_systemd_service_requires:+"Requires=$pp_systemd_service_requires"} +After=${pp_systemd_service_after:-"syslog.target network.target auditd.service"} +${pp_systemd_service_before:+"Before=$pp_systemd_service_before"} +${pp_systemd_service_wants:+"Wants=$pp_systemd_service_wants"} +${pp_systemd_service_conflicts:+"Conflicts=$pp_systemd_service_conflicts"} + +[Service] +ExecStart=${pp_systemd_service_exec:-"/opt/quest/sbin/$svc"} ${pp_systemd_service_exec_args} +KillMode=${pp_systemd_service_killmode:-process} +Type=${pp_systemd_service_type:-forking} +${pp_systemd_service_pidfile:+"PIDFile=$pp_systemd_service_pidfile"} + +[Install] +WantedBy=${pp_systemd_system_target:-"multi-user.target"} +. +} + +pp_systemd_service_init_common () { + cat <<. + + _pp_systemd_init () { + systemd_service_dir=${pp_systemd_service_dir:-/opt/quest/libexec/vas} + systemd_target=${pp_systemd_system_target:-"multi-user.target"} + systemd_target_wants="\${systemd_target}.wants" + + pkg_config_cmd=${pp_systemd_pkg_config_cmd:-"\$(command -v pkg-config)"} + systemctl_cmd=${pp_systemd_systemctl_cmd:-"\$(command -v systemctl)"} + + # See if pkg-config is installed to get the default locations for this OS, if not installed then just use what we hard code. + # So far works on Debian 8, OpenSuse12.3, Ubuntu 16.04, RHEL 7.3 + # See systemd wiki for more OS interactions https://en.wikipedia.org/wiki/Systemd + if [ -x "\$pkg_config_cmd" ]; then + systemd_system_unit_dir="\$(pkg-config systemd --variable=systemdsystemunitdir)" + systemd_system_conf_dir="\$(pkg-config systemd --variable=systemdsystemconfdir)" + fi + + #if pkg-config does not exist or if the \$pkg_config_cmd command returns nothing + if test -z "\$systemd_system_unit_dir"; then + systemdsystemunitdirs="/lib/systemd/system /usr/lib/systemd/system" + for dir in \$systemdsystemunitdirs; do + if [ -d "\$dir/\$systemd_target_wants" ]; then + systemd_system_unit_dir="\$dir" + break + fi + done + fi + + # In the case where \$systemd_system_conf_dir is empty hard code the path + if test -z "\$systemd_system_conf_dir"; then + systemd_system_conf_dir="/etc/systemd/system" + fi + + # if the \$svc.pp file defines the systemd unit dir then use it. + ${pp_systemd_system_unit_dir:+"# systemd_system_unit_dir defined by variable pp_systemd_system_unit_dir from the \$svc.pp file"} + systemd_system_unit_dir="${pp_systemd_system_unit_dir:-"\$systemd_system_unit_dir"}" + + # if the \$svc.pp file defines the systemd conf dir then use it. + ${pp_systemd_system_conf_dir:+"# systemd_system_conf_dir defined by variable pp_systemd_system_conf_dir from the \$svc.pp file"} + systemd_system_conf_dir="${pp_systemd_system_conf_dir:-"\$systemd_system_conf_dir"}" + } +. +} + +pp_systemd_service_install_common () { + if [ "${pp_systemd_disabled:-false}" = "true" ]; then + cat<<'.' + + # systemd support disabled + _pp_systemd_init () { + return + } + + _pp_systemd_install () { + return + } + + _pp_systemd_enable () { + return + } +. + return + fi + + pp_systemd_service_init_common + + cat<<'.' + + _pp_systemd_install () { + local svc="$1" + + # If $systemctl_cmd is not set, then call _pp_systemd_init. If still not + # set, we do not know where the systemctl command is so do nothing; + # systemd must not be on this system. + if test -z "$systemctl_cmd"; then + _pp_systemd_init + fi + + if test -x "$systemctl_cmd" && test -d "$systemd_system_conf_dir/$systemd_target_wants"; then + # If our service file still exists (upgrade) remove the link/file and systemctl + # will recreate it if/when we enable the $svc service. + rm -f "$systemd_system_conf_dir/$systemd_target_wants/$svc.service" + + # Copy the $svc.service file to the correct systemd_system_unit_dir location + if [ "x$systemd_service_dir" != "x$systemd_system_unit_dir" ]; then + cp -f "$systemd_service_dir/$svc.service" "$systemd_system_unit_dir/$svc.service" + chmod 644 "$systemd_system_unit_dir/$svc.service" + fi + fi + } + + _pp_systemd_enable () { + local svc="$1" + local RUNNING + + # If $systemctl_cmd is not set, then call _pp_systemd_init. If still not + # set, we do not know where the systemctl command is so do nothing; + # systemd must not be on this system. + if test -z "$systemctl_cmd"; then + _pp_systemd_init + fi + + if test -x "$systemctl_cmd" && test -f "$systemd_system_unit_dir/$svc.service"; then + # stop the daemon using the old init script before enabling systemd for the service + # we do this so we do not "orphan" the process. Because init started it and if we enable systemd + # it will not know about this process and will not be able to stop it. + if [ -x "/etc/init.d/$svc" ]; then + /etc/init.d/$svc status > /dev/null 2>&1 + RUNNING=$? + if [ $RUNNING -eq 0 ]; then + /etc/init.d/$svc stop > /dev/null 2>&1 + fi + else + RUNNING=1 + fi + + # Enable the $svc.service + $systemctl_cmd daemon-reload >/dev/null 2>&1 + $systemctl_cmd enable $svc.service >/dev/null 2>&1 + + # Now that the service has been enabled, start it again if it was running before. + if [ $RUNNING -eq 0 ]; then + /etc/init.d/$svc start > /dev/null 2>&1 + fi + fi + } +. +} + +pp_systemd_service_remove_common () { + if [ "${pp_systemd_disabled:-false}" = "true" ]; then + cat<<'.' + + # systemd support disabled + _pp_systemd_init () { + return + } + + _pp_systemd_disable () { + return + } + + _pp_systemd_remove () { + return + } +. + return + fi + + pp_systemd_service_init_common + + cat<<'.' + + _pp_systemd_disable () { + local svc="$1" + + # If $systemctl_cmd is not set, then call _pp_systemd_init. + # If still not set, we do not know where the systemctl command + # is so do nothing; systemd must not be on this system. + if test -z "$systemctl_cmd"; then + _pp_systemd_init + fi + + systemd_service_file="$systemd_system_conf_dir/$systemd_target_wants/$svc.service" + + # Remove systemd symlink (enabled) unit service file + if test -e $systemd_service_file; then + # Disable the $svc service + if test -x "$systemctl_cmd"; then + $systemctl_cmd disable $svc.service > /dev/null 2>&1 + else + # For some reason systemctl is not install but our service file exists + # Just delete the symlink then + rm -f "$systemd_service_file" + fi + fi + } + + _pp_systemd_remove () { + local svc="$1" + + # If $systemctl_cmd is not set, then call _pp_systemd_init. + # If still not set, we do not know where the systemctl command + # is so do nothing; systemd must not be on this system. + if test -z "$systemctl_cmd"; then + _pp_systemd_init + fi + + # Remove the systemd unit service file + if [ "x$systemd_service_dir" != "x$systemd_system_unit_dir" ]; then + rm -f "$systemd_system_unit_dir/$svc.service" + fi + + if test -x "$systemctl_cmd"; then + $systemctl_cmd daemon-reload + $systemctl_cmd reset-failed $svc.service >/dev/null 2>&1 || true + fi + } +. +} + + +quest_require_vas () { + typeset v d + + if test $# -ne 1; then + return + fi + set -- `echo "$1" | tr . ' '` 0 0 0 + + for d + do + echo $d | grep '^[0-9][0-9]*$' > /dev/null || + pp_error "quest_require_vas: Bad version component $d" + done + + test $# -lt 4 && + pp_error "quest_require_vas: missing version number" + + case "$1.$2.$3.$4" in + *.0.0.0) v=$1;; + *.*.0.0) v=$1.$2;; + *.*.*.0) v=$1.$2.$3;; + *) v=$1.$2.$3.$4;; + esac + + cat <<. + if test -x /opt/quest/bin/vastool && + /opt/quest/bin/vastool -v | + awk 'NR == 1 {print \$4}' | + awk -F. '{ if (\$1<$1 || \$1==$1 && ( \ + \$2<$2 || \$2==$2 && ( \ + \$3<$3 || \$2==$3 && ( \ + \$4<$4 )))) exit(1); }' + then + exit 0 + else + echo "Requires VAS $v or later" + exit 1 + fi +. +} +pp_main ${1+"$@"} diff -Nru sudo-1.8.31/src/conversation.c sudo-1.9.0/src/conversation.c --- sudo-1.8.31/src/conversation.c 2019-11-12 01:09:25.000000000 +0000 +++ sudo-1.9.0/src/conversation.c 2020-05-11 16:28:23.000000000 +0000 @@ -54,7 +54,7 @@ struct sudo_conv_reply replies[], struct sudo_conv_callback *callback) { char *pass; - int fd, n; + int n; const int conv_debug_instance = sudo_debug_get_active_instance(); sudo_debug_set_active_instance(sudo_debug_instance); @@ -93,18 +93,37 @@ /* FALLTHROUGH */ case SUDO_CONV_INFO_MSG: if (msg->msg != NULL) { - if (ISSET(msg->msg_type, SUDO_CONV_PREFER_TTY)) { - /* Try writing to /dev/tty first. */ - if ((fd = open(_PATH_TTY, O_WRONLY)) != -1) { - ssize_t nwritten = - write(fd, msg->msg, strlen(msg->msg)); - close(fd); - if (nwritten != -1) - break; + size_t len = strlen(msg->msg); + const char *crnl = NULL; + bool written = false; + int ttyfd = -1; + + if (ISSET(msg->msg_type, SUDO_CONV_PREFER_TTY) && + !ISSET(tgetpass_flags, TGP_STDIN)) + ttyfd = open(_PATH_TTY, O_WRONLY); + if (len != 0 && (ttyfd != -1 || isatty(fileno(fp)))) { + /* Convert nl -> cr nl in case tty is in raw mode. */ + if (msg->msg[len - 1] == '\n') { + if (len == 1 || msg->msg[len - 2] != '\r') { + len--; + crnl = "\r\n"; + } } } - if (fputs(msg->msg, fp) == EOF) - goto err; + if (ttyfd != -1) { + /* Try writing to tty but fall back to fp on error. */ + if ((len == 0 || write(ttyfd, msg->msg, len) != -1) && + (crnl == NULL || write(ttyfd, crnl, 2) != -1)) { + written = true; + } + close(ttyfd); + } + if (!written) { + if (len != 0 && fwrite(msg->msg, 1, len, fp) == 0) + goto err; + if (crnl != NULL && fwrite(crnl, 1, 2, fp) == 0) + goto err; + } } break; default: @@ -150,7 +169,8 @@ sudo_debug_set_active_instance(sudo_debug_instance); - if (ISSET(msg_type, SUDO_CONV_PREFER_TTY)) { + if (ISSET(msg_type, SUDO_CONV_PREFER_TTY) && + !ISSET(tgetpass_flags, TGP_STDIN)) { /* Try writing to /dev/tty first. */ ttyfp = fopen(_PATH_TTY, "w"); } diff -Nru sudo-1.8.31/src/copy_file.c sudo-1.9.0/src/copy_file.c --- sudo-1.8.31/src/copy_file.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.0/src/copy_file.c 2020-05-11 16:28:23.000000000 +0000 @@ -0,0 +1,128 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include + +#include +#include +#include +#include + +#include "sudo.h" + +/* + * Extend the given fd to the specified size in bytes. + * We do this to allocate disk space up-front before overwriting + * the original file with the temporary. Otherwise, we could + * we run out of disk space after truncating the original file. + */ +static int +sudo_extend_file(int fd, const char *name, off_t new_size) +{ + off_t old_size, size; + ssize_t nwritten; + char zeroes[BUFSIZ] = { '\0' }; + debug_decl(sudo_extend_file, SUDO_DEBUG_UTIL); + + if ((old_size = lseek(fd, 0, SEEK_END)) == -1) { + sudo_warn("lseek"); + debug_return_int(-1); + } + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: extending %s from %lld to %lld", + __func__, name, (long long)old_size, (long long)new_size); + + for (size = old_size; size < new_size; size += nwritten) { + size_t len = new_size - size; + if (len > sizeof(zeroes)) + len = sizeof(zeroes); + nwritten = write(fd, zeroes, len); + if (nwritten == -1) { + int serrno = errno; + if (ftruncate(fd, old_size) == -1) { + sudo_debug_printf( + SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to truncate %s to %lld", name, (long long)old_size); + } + errno = serrno; + debug_return_int(-1); + } + } + if (lseek(fd, 0, SEEK_SET) == -1) { + sudo_warn("lseek"); + debug_return_int(-1); + } + + debug_return_int(0); +} + +/* + * Copy the contents of src_fd into dst_fd. + * Returns 0 on success or -1 on error. + */ +int +sudo_copy_file(const char *src, int src_fd, off_t src_len, const char *dst, + int dst_fd, off_t dst_len) +{ + char buf[BUFSIZ]; + ssize_t nwritten, nread; + debug_decl(sudo_copy_file, SUDO_DEBUG_UTIL); + + /* Extend the file to the new size if larger before copying. */ + if (dst_len > 0 && src_len > dst_len) { + if (sudo_extend_file(dst_fd, dst, src_len) == -1) + goto write_error; + } + + /* Overwrite the old file with the new contents. */ + while ((nread = read(src_fd, buf, sizeof(buf))) > 0) { + ssize_t off = 0; + do { + nwritten = write(dst_fd, buf + off, nread - off); + if (nwritten == -1) + goto write_error; + off += nwritten; + } while (nread > off); + } + if (nread == 0) { + /* success, read to EOF */ + if (src_len < dst_len) { + /* We don't open with O_TRUNC so must truncate manually. */ + if (ftruncate(dst_fd, src_len) == -1) { + sudo_debug_printf( + SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to truncate %s to %lld", dst, (long long)src_len); + goto write_error; + } + } + debug_return_int(0); + } else if (nread < 0) { + sudo_warn(U_("unable to read from %s"), src); + debug_return_int(-1); + } else { +write_error: + sudo_warn(U_("unable to write to %s"), dst); + debug_return_int(-1); + } +} diff -Nru sudo-1.8.31/src/exec.c sudo-1.9.0/src/exec.c --- sudo-1.8.31/src/exec.c 2019-11-03 13:48:35.000000000 +0000 +++ sudo-1.9.0/src/exec.c 2020-05-11 16:28:23.000000000 +0000 @@ -52,7 +52,6 @@ #include "sudo.h" #include "sudo_exec.h" -#include "sudo_event.h" #include "sudo_plugin.h" #include "sudo_plugin_int.h" @@ -61,7 +60,7 @@ { int fd, maxfd; unsigned char *debug_fds; - debug_decl(close_fds, SUDO_DEBUG_EXEC) + debug_decl(close_fds, SUDO_DEBUG_EXEC); if (details->closefrom < 0) debug_return; @@ -90,7 +89,7 @@ exec_setup(struct command_details *details, int errfd) { bool ret = false; - debug_decl(exec_setup, SUDO_DEBUG_EXEC) + debug_decl(exec_setup, SUDO_DEBUG_EXEC); if (details->pw != NULL) { #ifdef HAVE_PROJECT_H @@ -215,12 +214,15 @@ * specifies a different cwd. Must be done after uid change. */ if (details->cwd != NULL) { - if (details->chroot || user_details.cwd == NULL || + if (details->chroot != NULL || user_details.cwd == NULL || strcmp(details->cwd, user_details.cwd) != 0) { /* Note: cwd is relative to the new root, if any. */ - if (chdir(details->cwd) != 0) { + if (chdir(details->cwd) == -1) { sudo_warn(U_("unable to change directory to %s"), details->cwd); - goto done; + if (!details->cwd_optional) + goto done; + if (details->chroot != NULL) + sudo_warnx(U_("starting from %s"), "/"); } } } @@ -240,7 +242,7 @@ void exec_cmnd(struct command_details *details, int errfd) { - debug_decl(exec_cmnd, SUDO_DEBUG_EXEC) + debug_decl(exec_cmnd, SUDO_DEBUG_EXEC); restore_signals(); if (exec_setup(details, errfd) == true) { @@ -271,7 +273,7 @@ { int signo; bool sigtstp = false; - debug_decl(sudo_terminated, SUDO_DEBUG_EXEC) + debug_decl(sudo_terminated, SUDO_DEBUG_EXEC); for (signo = 0; signo < NSIG; signo++) { if (signal_pending(signo)) { @@ -314,7 +316,7 @@ debug_return_bool(false); } -#if SUDO_API_VERSION != SUDO_API_MKVERSION(1, 14) +#if SUDO_API_VERSION != SUDO_API_MKVERSION(1, 15) # error "Update sudo_needs_pty() after changing the plugin API" #endif static bool @@ -339,7 +341,7 @@ } /* - * Execute a command, potentially in a pty with I/O loggging, and + * Execute a command, potentially in a pty with I/O logging, and * wait for it to finish. * This is a little bit tricky due to how POSIX job control works and * we fact that we have two different controlling terminals to deal with. @@ -347,7 +349,7 @@ int sudo_execute(struct command_details *details, struct command_status *cstat) { - debug_decl(sudo_execute, SUDO_DEBUG_EXEC) + debug_decl(sudo_execute, SUDO_DEBUG_EXEC); /* If running in background mode, fork and exit. */ if (ISSET(details->flags, CD_BACKGROUND)) { @@ -364,7 +366,7 @@ /* parent exits (but does not flush buffers) */ sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, 0); - _exit(0); + _exit(EXIT_SUCCESS); } } diff -Nru sudo-1.8.31/src/exec_common.c sudo-1.9.0/src/exec_common.c --- sudo-1.8.31/src/exec_common.c 2019-10-28 12:27:39.000000000 +0000 +++ sudo-1.9.0/src/exec_common.c 2020-05-11 16:28:23.000000000 +0000 @@ -59,7 +59,7 @@ # else const bool enabled = true; # endif - debug_decl(preload_dso, SUDO_DEBUG_UTIL) + debug_decl(preload_dso, SUDO_DEBUG_UTIL); /* * Preload a DSO file. For a list of LD_PRELOAD-alikes, see @@ -161,7 +161,7 @@ char ** disable_execute(char *envp[], const char *dso) { - debug_decl(disable_execute, SUDO_DEBUG_UTIL) + debug_decl(disable_execute, SUDO_DEBUG_UTIL); #ifdef HAVE_PRIV_SET /* Solaris privileges, remove PRIV_PROC_EXEC post-execve. */ @@ -188,7 +188,7 @@ int sudo_execve(int fd, const char *path, char *const argv[], char *envp[], bool noexec) { - debug_decl(sudo_execve, SUDO_DEBUG_UTIL) + debug_decl(sudo_execve, SUDO_DEBUG_UTIL); sudo_debug_execve(SUDO_DEBUG_INFO, path, argv, envp); diff -Nru sudo-1.8.31/src/exec_monitor.c sudo-1.9.0/src/exec_monitor.c --- sudo-1.8.31/src/exec_monitor.c 2019-11-03 13:48:45.000000000 +0000 +++ sudo-1.9.0/src/exec_monitor.c 2020-05-11 16:28:23.000000000 +0000 @@ -43,7 +43,6 @@ #include #include "sudo.h" -#include "sudo_event.h" #include "sudo_exec.h" #include "sudo_plugin.h" #include "sudo_plugin_int.h" @@ -125,7 +124,7 @@ killpg(mc->cmnd_pid, SIGCONT); break; case SIGKILL: - _exit(1); /* XXX */ + _exit(EXIT_FAILURE); /* XXX */ /* NOTREACHED */ default: /* Relay signal to command. */ @@ -145,7 +144,7 @@ struct winsize wsize, owsize; debug_decl(handle_winch, SUDO_DEBUG_EXEC); - /* Rows and colums are stored as two shorts packed into a single int. */ + /* Rows and columns are stored as two shorts packed into a single int. */ wsize.ws_row = wsize_packed & 0xffff; wsize.ws_col = (wsize_packed >> 16) & 0xffff; @@ -404,33 +403,18 @@ setpgid(0, self); /* Wire up standard fds, note that stdout/stderr may be pipes. */ - if (io_fds[SFD_STDIN] != STDIN_FILENO) { - if (dup2(io_fds[SFD_STDIN], STDIN_FILENO) == -1) - sudo_fatal("dup2"); - if (io_fds[SFD_STDIN] != io_fds[SFD_SLAVE]) - close(io_fds[SFD_STDIN]); - } else { - if (fcntl(io_fds[SFD_STDIN], F_SETFD, 0) == -1) - sudo_fatal("fcntl"); - } - if (io_fds[SFD_STDOUT] != STDOUT_FILENO) { - if (dup2(io_fds[SFD_STDOUT], STDOUT_FILENO) == -1) - sudo_fatal("dup2"); - if (io_fds[SFD_STDOUT] != io_fds[SFD_SLAVE]) - close(io_fds[SFD_STDOUT]); - } else { - if (fcntl(io_fds[SFD_STDOUT], F_SETFD, 0) == -1) - sudo_fatal("fcntl"); - } - if (io_fds[SFD_STDERR] != STDERR_FILENO) { - if (dup2(io_fds[SFD_STDERR], STDERR_FILENO) == -1) - sudo_fatal("dup2"); - if (io_fds[SFD_STDERR] != io_fds[SFD_SLAVE]) - close(io_fds[SFD_STDERR]); - } else { - if (fcntl(io_fds[SFD_STDERR], F_SETFD, 0) == -1) - sudo_fatal("fcntl"); - } + if (dup3(io_fds[SFD_STDIN], STDIN_FILENO, 0) == -1) + sudo_fatal("dup3"); + if (io_fds[SFD_STDIN] != io_fds[SFD_SLAVE]) + close(io_fds[SFD_STDIN]); + if (dup3(io_fds[SFD_STDOUT], STDOUT_FILENO, 0) == -1) + sudo_fatal("dup3"); + if (io_fds[SFD_STDOUT] != io_fds[SFD_SLAVE]) + close(io_fds[SFD_STDOUT]); + if (dup3(io_fds[SFD_STDERR], STDERR_FILENO, 0) == -1) + sudo_fatal("dup3"); + if (io_fds[SFD_STDERR] != io_fds[SFD_SLAVE]) + close(io_fds[SFD_STDERR]); /* Wait for parent to grant us the tty if we are foreground. */ if (foreground && !ISSET(details->flags, CD_EXEC_BG)) { @@ -622,7 +606,7 @@ #ifdef HAVE_SELINUX if (ISSET(details->flags, CD_RBAC_ENABLED)) { if (selinux_setup(details->selinux_role, details->selinux_type, - details->tty, io_fds[SFD_SLAVE]) == -1) + details->tty, io_fds[SFD_SLAVE], true) == -1) goto bad; } #endif @@ -651,7 +635,7 @@ exec_cmnd_pty(details, foreground, errpipe[1]); if (write(errpipe[1], &errno, sizeof(int)) == -1) sudo_warn(U_("unable to execute %s"), details->command); - _exit(1); + _exit(EXIT_FAILURE); } close(errpipe[1]); @@ -737,7 +721,7 @@ } #endif sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, 1); - _exit(1); + _exit(EXIT_FAILURE); bad: debug_return_int(-1); diff -Nru sudo-1.8.31/src/exec_nopty.c sudo-1.9.0/src/exec_nopty.c --- sudo-1.8.31/src/exec_nopty.c 2019-10-28 12:27:39.000000000 +0000 +++ sudo-1.9.0/src/exec_nopty.c 2020-05-11 16:28:23.000000000 +0000 @@ -40,7 +40,6 @@ #include "sudo.h" #include "sudo_exec.h" -#include "sudo_event.h" #include "sudo_plugin.h" #include "sudo_plugin_int.h" @@ -119,7 +118,7 @@ struct sudo_ev_siginfo_container *sc = v; struct exec_closure_nopty *ec = sc->closure; char signame[SIG2STR_MAX]; - debug_decl(signal_cb_nopty, SUDO_DEBUG_EXEC) + debug_decl(signal_cb_nopty, SUDO_DEBUG_EXEC); if (ec->cmnd_pid == -1) debug_return; @@ -201,7 +200,7 @@ fill_exec_closure_nopty(struct exec_closure_nopty *ec, struct command_status *cstat, struct command_details *details, int errfd) { - debug_decl(fill_exec_closure_nopty, SUDO_DEBUG_EXEC) + debug_decl(fill_exec_closure_nopty, SUDO_DEBUG_EXEC); /* Fill in the non-event part of the closure. */ ec->ppgrp = getpgrp(); @@ -209,9 +208,8 @@ ec->details = details; /* Setup event base and events. */ - ec->evbase = sudo_ev_base_alloc(); - if (ec->evbase == NULL) - sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + ec->evbase = details->evbase; + details->evbase = NULL; /* Event for command status via errfd. */ ec->errpipe_event = sudo_ev_alloc(errfd, @@ -321,7 +319,7 @@ static void free_exec_closure_nopty(struct exec_closure_nopty *ec) { - debug_decl(free_exec_closure_nopty, SUDO_DEBUG_EXEC) + debug_decl(free_exec_closure_nopty, SUDO_DEBUG_EXEC); sudo_ev_base_free(ec->evbase); sudo_ev_free(ec->errpipe_event); @@ -350,7 +348,7 @@ struct exec_closure_nopty ec = { 0 }; sigset_t set, oset; int errpipe[2]; - debug_decl(exec_nopty, SUDO_DEBUG_EXEC) + debug_decl(exec_nopty, SUDO_DEBUG_EXEC); /* * The policy plugin's session init must be run before we fork @@ -381,7 +379,7 @@ #ifdef HAVE_SELINUX if (ISSET(details->flags, CD_RBAC_ENABLED)) { if (selinux_setup(details->selinux_role, details->selinux_type, - details->tty, -1) == -1) { + details->tty, -1, true) == -1) { cstat->type = CMD_ERRNO; cstat->val = errno; debug_return; @@ -404,7 +402,7 @@ break; } sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, 1); - _exit(1); + _exit(EXIT_FAILURE); } sudo_debug_printf(SUDO_DEBUG_INFO, "executed %s, pid %d", details->command, (int)ec.cmnd_pid); @@ -440,6 +438,7 @@ sudo_debug_printf(SUDO_DEBUG_ERROR, "event loop exited prematurely"); /* kill command */ terminate_command(ec.cmnd_pid, true); + ec.cmnd_pid = -1; } #ifdef HAVE_SELINUX @@ -466,7 +465,7 @@ pid_t pid; int status; char signame[SIG2STR_MAX]; - debug_decl(handle_sigchld_nopty, SUDO_DEBUG_EXEC) + debug_decl(handle_sigchld_nopty, SUDO_DEBUG_EXEC); /* Read command status. */ do { diff -Nru sudo-1.8.31/src/exec_pty.c sudo-1.9.0/src/exec_pty.c --- sudo-1.8.31/src/exec_pty.c 2019-11-03 13:48:45.000000000 +0000 +++ sudo-1.9.0/src/exec_pty.c 2020-05-11 16:28:23.000000000 +0000 @@ -43,7 +43,6 @@ #include /* for struct winsize on HP-UX */ #include "sudo.h" -#include "sudo_event.h" #include "sudo_exec.h" #include "sudo_plugin.h" #include "sudo_plugin_int.h" @@ -202,6 +201,7 @@ log_ttyin(const char *buf, unsigned int n, struct io_buffer *iob) { struct plugin_container *plugin; + const char *errstr = NULL; sigset_t omask; bool ret = true; debug_decl(log_ttyin, SUDO_DEBUG_EXEC); @@ -212,11 +212,17 @@ int rc; sudo_debug_set_active_instance(plugin->debug_instance); - rc = plugin->u.io->log_ttyin(buf, n); + rc = plugin->u.io->log_ttyin(buf, n, &errstr); if (rc <= 0) { if (rc < 0) { /* Error: disable plugin's I/O function. */ plugin->u.io->log_ttyin = NULL; + audit_error(plugin->name, SUDO_IO_PLUGIN, + errstr ? errstr : _("I/O plugin error"), NULL); + } else { + audit_reject(plugin->name, SUDO_IO_PLUGIN, + errstr ? errstr : _("command rejected by I/O plugin"), + NULL); } ret = false; break; @@ -234,6 +240,7 @@ log_stdin(const char *buf, unsigned int n, struct io_buffer *iob) { struct plugin_container *plugin; + const char *errstr = NULL; sigset_t omask; bool ret = true; debug_decl(log_stdin, SUDO_DEBUG_EXEC); @@ -244,11 +251,17 @@ int rc; sudo_debug_set_active_instance(plugin->debug_instance); - rc = plugin->u.io->log_stdin(buf, n); + rc = plugin->u.io->log_stdin(buf, n, &errstr); if (rc <= 0) { if (rc < 0) { /* Error: disable plugin's I/O function. */ plugin->u.io->log_stdin = NULL; + audit_error(plugin->name, SUDO_IO_PLUGIN, + errstr ? errstr : _("I/O plugin error"), NULL); + } else { + audit_reject(plugin->name, SUDO_IO_PLUGIN, + errstr ? errstr : _("command rejected by I/O plugin"), + NULL); } ret = false; break; @@ -266,6 +279,7 @@ log_ttyout(const char *buf, unsigned int n, struct io_buffer *iob) { struct plugin_container *plugin; + const char *errstr = NULL; sigset_t omask; bool ret = true; debug_decl(log_ttyout, SUDO_DEBUG_EXEC); @@ -276,11 +290,17 @@ int rc; sudo_debug_set_active_instance(plugin->debug_instance); - rc = plugin->u.io->log_ttyout(buf, n); + rc = plugin->u.io->log_ttyout(buf, n, &errstr); if (rc <= 0) { if (rc < 0) { /* Error: disable plugin's I/O function. */ plugin->u.io->log_ttyout = NULL; + audit_error(plugin->name, SUDO_IO_PLUGIN, + errstr ? errstr : _("I/O plugin error"), NULL); + } else { + audit_reject(plugin->name, SUDO_IO_PLUGIN, + errstr ? errstr : _("command rejected by I/O plugin"), + NULL); } ret = false; break; @@ -309,6 +329,7 @@ log_stdout(const char *buf, unsigned int n, struct io_buffer *iob) { struct plugin_container *plugin; + const char *errstr = NULL; sigset_t omask; bool ret = true; debug_decl(log_stdout, SUDO_DEBUG_EXEC); @@ -319,11 +340,17 @@ int rc; sudo_debug_set_active_instance(plugin->debug_instance); - rc = plugin->u.io->log_stdout(buf, n); + rc = plugin->u.io->log_stdout(buf, n, &errstr); if (rc <= 0) { if (rc < 0) { /* Error: disable plugin's I/O function. */ plugin->u.io->log_stdout = NULL; + audit_error(plugin->name, SUDO_IO_PLUGIN, + errstr ? errstr : _("I/O plugin error"), NULL); + } else { + audit_reject(plugin->name, SUDO_IO_PLUGIN, + errstr ? errstr : _("command rejected by I/O plugin"), + NULL); } ret = false; break; @@ -352,6 +379,7 @@ log_stderr(const char *buf, unsigned int n, struct io_buffer *iob) { struct plugin_container *plugin; + const char *errstr = NULL; sigset_t omask; bool ret = true; debug_decl(log_stderr, SUDO_DEBUG_EXEC); @@ -362,11 +390,17 @@ int rc; sudo_debug_set_active_instance(plugin->debug_instance); - rc = plugin->u.io->log_stderr(buf, n); + rc = plugin->u.io->log_stderr(buf, n, &errstr); if (rc <= 0) { if (rc < 0) { /* Error: disable plugin's I/O function. */ plugin->u.io->log_stderr = NULL; + audit_error(plugin->name, SUDO_IO_PLUGIN, + errstr ? errstr : _("I/O plugin error"), NULL); + } else { + audit_reject(plugin->name, SUDO_IO_PLUGIN, + errstr ? errstr : _("command rejected by I/O plugin"), + NULL); } ret = false; break; @@ -395,6 +429,7 @@ log_suspend(int signo) { struct plugin_container *plugin; + const char *errstr = NULL; sigset_t omask; debug_decl(log_suspend, SUDO_DEBUG_EXEC); @@ -406,12 +441,12 @@ int rc; sudo_debug_set_active_instance(plugin->debug_instance); - rc = plugin->u.io->log_suspend(signo); + rc = plugin->u.io->log_suspend(signo, &errstr); if (rc <= 0) { - if (rc < 0) { - /* Error: disable plugin's I/O function. */ - plugin->u.io->log_suspend = NULL; - } + /* Error: disable plugin's I/O function. */ + plugin->u.io->log_suspend = NULL; + audit_error(plugin->name, SUDO_IO_PLUGIN, + errstr ? errstr : _("error logging suspend"), NULL); break; } } @@ -427,6 +462,7 @@ log_winchange(unsigned int rows, unsigned int cols) { struct plugin_container *plugin; + const char *errstr = NULL; sigset_t omask; debug_decl(log_winchange, SUDO_DEBUG_EXEC); @@ -438,12 +474,12 @@ int rc; sudo_debug_set_active_instance(plugin->debug_instance); - rc = plugin->u.io->change_winsize(rows, cols); + rc = plugin->u.io->change_winsize(rows, cols, &errstr); if (rc <= 0) { - if (rc < 0) { - /* Error: disable plugin's I/O function. */ - plugin->u.io->change_winsize = NULL; - } + /* Error: disable plugin's I/O function. */ + plugin->u.io->change_winsize = NULL; + audit_error(plugin->name, SUDO_IO_PLUGIN, + errstr ? errstr : _("error changing window size"), NULL); break; } } @@ -614,7 +650,7 @@ switch (n) { case -1: if (got_sigttin) { - /* Schedule SIGTTIN to be forwared to the command. */ + /* Schedule SIGTTIN to be forwarded to the command. */ schedule_signal(iob->ec, SIGTTIN); } if (errno == EAGAIN || errno == EINTR) @@ -719,7 +755,7 @@ break; case EINTR: if (got_sigttou) { - /* Schedule SIGTTOU to be forwared to the command. */ + /* Schedule SIGTTOU to be forwarded to the command. */ schedule_signal(iob->ec, SIGTTOU); } /* FALLTHROUGH */ @@ -846,7 +882,7 @@ send_command_status(struct exec_closure_pty *ec, int type, int val) { struct monitor_message *msg; - debug_decl(send_command, SUDO_DEBUG_EXEC) + debug_decl(send_command, SUDO_DEBUG_EXEC); if ((msg = calloc(1, sizeof(*msg))) == NULL) sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); @@ -870,7 +906,7 @@ schedule_signal(struct exec_closure_pty *ec, int signo) { char signame[SIG2STR_MAX]; - debug_decl(schedule_signal, SUDO_DEBUG_EXEC) + debug_decl(schedule_signal, SUDO_DEBUG_EXEC); if (signo == SIGCONT_FG) strlcpy(signame, "CONT_FG", sizeof(signame)); @@ -891,7 +927,7 @@ struct exec_closure_pty *ec = v; struct command_status cstat; ssize_t nread; - debug_decl(backchannel_cb, SUDO_DEBUG_EXEC) + debug_decl(backchannel_cb, SUDO_DEBUG_EXEC); /* * Read command status from the monitor. @@ -986,7 +1022,7 @@ { int n, status; pid_t pid; - debug_decl(handle_sigchld_pty, SUDO_DEBUG_EXEC) + debug_decl(handle_sigchld_pty, SUDO_DEBUG_EXEC); /* * Monitor process was signaled; wait for it as needed. @@ -1038,7 +1074,7 @@ struct sudo_ev_siginfo_container *sc = v; struct exec_closure_pty *ec = sc->closure; char signame[SIG2STR_MAX]; - debug_decl(signal_cb_pty, SUDO_DEBUG_EXEC) + debug_decl(signal_cb_pty, SUDO_DEBUG_EXEC); if (ec->monitor_pid == -1) debug_return; @@ -1072,7 +1108,7 @@ debug_return; } } - /* Schedule signal to be forwared to the command. */ + /* Schedule signal to be forwarded to the command. */ schedule_signal(ec, signo); break; } @@ -1091,7 +1127,7 @@ char signame[SIG2STR_MAX]; struct monitor_message *msg; ssize_t nsent; - debug_decl(fwdchannel_cb, SUDO_DEBUG_EXEC) + debug_decl(fwdchannel_cb, SUDO_DEBUG_EXEC); while ((msg = TAILQ_FIRST(&ec->monitor_messages)) != NULL) { switch (msg->cstat.type) { @@ -1148,7 +1184,7 @@ fill_exec_closure_pty(struct exec_closure_pty *ec, struct command_status *cstat, struct command_details *details, pid_t ppgrp, int backchannel) { - debug_decl(fill_exec_closure_pty, SUDO_DEBUG_EXEC) + debug_decl(fill_exec_closure_pty, SUDO_DEBUG_EXEC); /* Fill in the non-event part of the closure. */ ec->cmnd_pid = -1; @@ -1159,10 +1195,13 @@ ec->cols = user_details.ts_cols; TAILQ_INIT(&ec->monitor_messages); + /* Reset cstat for running the command. */ + cstat->type = CMD_INVALID; + cstat->val = 0; + /* Setup event base and events. */ - ec->evbase = sudo_ev_base_alloc(); - if (ec->evbase == NULL) - sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + ec->evbase = details->evbase; + details->evbase = NULL; /* Event for command status via backchannel. */ ec->backchannel_event = sudo_ev_alloc(backchannel, @@ -1263,7 +1302,7 @@ free_exec_closure_pty(struct exec_closure_pty *ec) { struct monitor_message *msg; - debug_decl(free_exec_closure_pty, SUDO_DEBUG_EXEC) + debug_decl(free_exec_closure_pty, SUDO_DEBUG_EXEC); sudo_ev_base_free(ec->evbase); sudo_ev_free(ec->backchannel_event); @@ -1288,7 +1327,7 @@ } /* - * Execute a command in a pty, potentially with I/O loggging, and + * Execute a command in a pty, potentially with I/O logging, and * wait for it to finish. * This is a little bit tricky due to how POSIX job control works and * we fact that we have two different controlling terminals to deal with. @@ -1305,7 +1344,7 @@ struct stat sb; pid_t ppgrp; int sv[2]; - debug_decl(exec_pty, SUDO_DEBUG_EXEC) + debug_decl(exec_pty, SUDO_DEBUG_EXEC); /* * Allocate a pty. @@ -1518,7 +1557,7 @@ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, "%s: unable to send status to parent", __func__); } - _exit(1); + _exit(EXIT_FAILURE); } /* @@ -1583,7 +1622,15 @@ if (sudo_ev_got_break(ec.evbase)) { /* error from callback or monitor died */ sudo_debug_printf(SUDO_DEBUG_ERROR, "event loop exited prematurely"); - /* XXX - may need to terminate command if cmnd_pid != -1 */ + /* XXX: no good way to know if we should terminate the command. */ + if (cstat->val == CMD_INVALID && ec.cmnd_pid != -1) { + /* no status message, kill command */ + terminate_command(ec.cmnd_pid, true); + ec.cmnd_pid = -1; + /* TODO: need way to pass an error to the sudo front end */ + cstat->type = CMD_WSTATUS; + cstat->val = W_EXITCODE(1, SIGKILL); + } } /* Flush any remaining output, free I/O bufs and events, do logout. */ diff -Nru sudo-1.8.31/src/get_pty.c sudo-1.9.0/src/get_pty.c --- sudo-1.8.31/src/get_pty.c 2019-10-28 12:27:39.000000000 +0000 +++ sudo-1.9.0/src/get_pty.c 2020-05-11 16:28:23.000000000 +0000 @@ -62,7 +62,7 @@ struct group *gr; gid_t ttygid = -1; bool ret = false; - debug_decl(get_pty, SUDO_DEBUG_PTY) + debug_decl(get_pty, SUDO_DEBUG_PTY); if ((gr = getgrnam("tty")) != NULL) ttygid = gr->gr_gid; @@ -81,7 +81,7 @@ { char *line; bool ret = false; - debug_decl(get_pty, SUDO_DEBUG_PTY) + debug_decl(get_pty, SUDO_DEBUG_PTY); /* IRIX-style dynamic ptys (may fork) */ line = _getpty(master, O_RDWR, S_IRUSR|S_IWUSR|S_IWGRP, 0); @@ -119,7 +119,7 @@ { char *line; bool ret = false; - debug_decl(get_pty, SUDO_DEBUG_PTY) + debug_decl(get_pty, SUDO_DEBUG_PTY); *master = posix_openpt(O_RDWR|O_NOCTTY); if (*master != -1) { @@ -161,7 +161,7 @@ struct group *gr; gid_t ttygid = -1; bool ret = false; - debug_decl(get_pty, SUDO_DEBUG_PTY) + debug_decl(get_pty, SUDO_DEBUG_PTY); if ((gr = getgrnam("tty")) != NULL) ttygid = gr->gr_gid; diff -Nru sudo-1.8.31/src/hooks.c sudo-1.9.0/src/hooks.c --- sudo-1.8.31/src/hooks.c 2019-10-28 12:27:39.000000000 +0000 +++ sudo-1.9.0/src/hooks.c 2020-05-11 16:28:23.000000000 +0000 @@ -136,7 +136,7 @@ int (*hook_fn)(), void *closure) { struct sudo_hook_entry *hook; - debug_decl(register_hook_internal, SUDO_DEBUG_HOOKS) + debug_decl(register_hook_internal, SUDO_DEBUG_HOOKS); if ((hook = calloc(1, sizeof(*hook))) == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, @@ -155,7 +155,7 @@ register_hook(struct sudo_hook *hook) { int ret; - debug_decl(register_hook, SUDO_DEBUG_HOOKS) + debug_decl(register_hook, SUDO_DEBUG_HOOKS); if (SUDO_API_VERSION_GET_MAJOR(hook->hook_version) != SUDO_HOOK_VERSION_MAJOR) { /* Major versions must match. */ @@ -196,7 +196,7 @@ int (*hook_fn)(), void *closure) { struct sudo_hook_entry *hook, *prev = NULL; - debug_decl(deregister_hook_internal, SUDO_DEBUG_HOOKS) + debug_decl(deregister_hook_internal, SUDO_DEBUG_HOOKS); SLIST_FOREACH(hook, head, entries) { if (hook->u.generic_fn == hook_fn && hook->closure == closure) { @@ -219,7 +219,7 @@ deregister_hook(struct sudo_hook *hook) { int ret = 0; - debug_decl(deregister_hook, SUDO_DEBUG_HOOKS) + debug_decl(deregister_hook, SUDO_DEBUG_HOOKS); if (SUDO_API_VERSION_GET_MAJOR(hook->hook_version) != SUDO_HOOK_VERSION_MAJOR) { /* Major versions must match. */ diff -Nru sudo-1.8.31/src/limits.c sudo-1.9.0/src/limits.c --- sudo-1.8.31/src/limits.c 2019-12-26 02:16:37.000000000 +0000 +++ sudo-1.9.0/src/limits.c 2020-05-11 16:28:23.000000000 +0000 @@ -110,17 +110,25 @@ disable_coredump(void) { struct rlimit rl = { 0, 0 }; - debug_decl(disable_coredump, SUDO_DEBUG_UTIL) + debug_decl(disable_coredump, SUDO_DEBUG_UTIL); if (getrlimit(RLIMIT_CORE, &corelimit) == -1) sudo_warn("getrlimit(RLIMIT_CORE)"); + sudo_debug_printf(SUDO_DEBUG_INFO, "RLIMIT_CORE [%lld, %lld] -> [0, 0]", + (long long)corelimit.rlim_cur, (long long)corelimit.rlim_max); if (setrlimit(RLIMIT_CORE, &rl) == -1) sudo_warn("setrlimit(RLIMIT_CORE)"); #ifdef __linux__ /* On Linux, also set PR_SET_DUMPABLE to zero (reset by execve). */ - if ((dumpflag = prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) == -1) + if ((dumpflag = prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)"); dumpflag = 0; - (void) prctl(PR_SET_DUMPABLE, 0, 0, 0, 0); + } + if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "prctl(PR_SET_DUMPABLE, %d, 0, 0, 0)", dumpflag); + } #endif /* __linux__ */ coredump_disabled = true; @@ -133,13 +141,23 @@ static void restore_coredump(void) { - debug_decl(restore_coredump, SUDO_DEBUG_UTIL) + debug_decl(restore_coredump, SUDO_DEBUG_UTIL); if (coredump_disabled) { - if (setrlimit(RLIMIT_CORE, &corelimit) == -1) - sudo_warn("setrlimit(RLIMIT_CORE)"); + /* + * Linux containers don't allow RLIMIT_CORE to be set back to + * RLIM_INFINITY if we set the limit to zero, even for root. + */ + if (setrlimit(RLIMIT_CORE, &corelimit) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "setrlimit(RLIMIT_CORE, [%lld, %lld])", + (long long)corelimit.rlim_cur, (long long)corelimit.rlim_max); + } #ifdef __linux__ - (void) prctl(PR_SET_DUMPABLE, dumpflag, 0, 0, 0); + if (prctl(PR_SET_DUMPABLE, dumpflag, 0, 0, 0) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "prctl(PR_SET_DUMPABLE, %d, 0, 0, 0)", dumpflag); + } #endif /* __linux__ */ } debug_return; @@ -158,12 +176,18 @@ { #ifdef __linux__ struct rlimit rl = { RLIM_INFINITY, RLIM_INFINITY }; - debug_decl(unlimit_nproc, SUDO_DEBUG_UTIL) + debug_decl(unlimit_nproc, SUDO_DEBUG_UTIL); if (getrlimit(RLIMIT_NPROC, &nproclimit) != 0) sudo_warn("getrlimit(RLIMIT_NPROC)"); + sudo_debug_printf(SUDO_DEBUG_INFO, "RLIMIT_NPROC [%lld, %lld] -> [inf, inf]", + (long long)nproclimit.rlim_cur, (long long)nproclimit.rlim_max); if (setrlimit(RLIMIT_NPROC, &rl) == -1) { rl.rlim_cur = rl.rlim_max = nproclimit.rlim_max; + sudo_debug_printf(SUDO_DEBUG_INFO, + "RLIMIT_NPROC [%lld, %lld] -> [%lld, %lld]", + (long long)nproclimit.rlim_cur, (long long)nproclimit.rlim_max, + (long long)rl.rlim_cur, (long long)rl.rlim_max); if (setrlimit(RLIMIT_NPROC, &rl) != 0) sudo_warn("setrlimit(RLIMIT_NPROC)"); } @@ -178,10 +202,13 @@ restore_nproc(void) { #ifdef __linux__ - debug_decl(restore_nproc, SUDO_DEBUG_UTIL) + debug_decl(restore_nproc, SUDO_DEBUG_UTIL); - if (setrlimit(RLIMIT_NPROC, &nproclimit) != 0) - sudo_warn("setrlimit(RLIMIT_NPROC)"); + if (setrlimit(RLIMIT_NPROC, &nproclimit) != 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "setrlimit(RLIMIT_NPROC, [%lld, %lld])", + (long long)nproclimit.rlim_cur, (long long)nproclimit.rlim_max); + } debug_return; #endif /* __linux__ */ @@ -196,13 +223,18 @@ { unsigned int idx; int rc; - debug_decl(unlimit_sudo, SUDO_DEBUG_UTIL) + debug_decl(unlimit_sudo, SUDO_DEBUG_UTIL); /* Set resource limits to unlimited and stash the old values. */ for (idx = 0; idx < nitems(saved_limits); idx++) { struct saved_limit *lim = &saved_limits[idx]; if (getrlimit(lim->resource, &lim->oldlimit) == -1) continue; + sudo_debug_printf(SUDO_DEBUG_INFO, + "getrlimit(lim->name) -> [%lld, %lld]", + (long long)lim->oldlimit.rlim_cur, + (long long)lim->oldlimit.rlim_max); + lim->saved = true; if (lim->newlimit.rlim_cur != RLIM_INFINITY) { /* Don't reduce the soft resource limit. */ @@ -217,13 +249,28 @@ lim->newlimit.rlim_max = lim->oldlimit.rlim_max; } if ((rc = setrlimit(lim->resource, &lim->newlimit)) == -1) { - if (lim->fallback != NULL) - rc = setrlimit(lim->resource, lim->fallback); + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "setrlimit(%s, [%lld, %lld])", lim->name, + (long long)lim->newlimit.rlim_cur, + (long long)lim->newlimit.rlim_max); + if (lim->fallback != NULL) { + if ((rc = setrlimit(lim->resource, lim->fallback)) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "setrlimit(%s, [%lld, %lld])", lim->name, + (long long)lim->fallback->rlim_cur, + (long long)lim->fallback->rlim_max); + } + } if (rc == -1) { /* Try setting new rlim_cur to old rlim_max. */ lim->newlimit.rlim_cur = lim->oldlimit.rlim_max; lim->newlimit.rlim_max = lim->oldlimit.rlim_max; - rc = setrlimit(lim->resource, &lim->newlimit); + if ((rc = setrlimit(lim->resource, &lim->newlimit)) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "setrlimit(%s, [%lld, %lld])", lim->name, + (long long)lim->newlimit.rlim_cur, + (long long)lim->newlimit.rlim_max); + } } if (rc == -1) sudo_warn("setrlimit(%s)", lim->name); @@ -240,7 +287,7 @@ restore_limits(void) { unsigned int idx; - debug_decl(restore_limits, SUDO_DEBUG_UTIL) + debug_decl(restore_limits, SUDO_DEBUG_UTIL); /* Restore resource limits to saved values. */ for (idx = 0; idx < nitems(saved_limits); idx++) { @@ -254,6 +301,10 @@ if (rc != -1 || errno != EINVAL) break; + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "setrlimit(%s, [%lld, %lld])", lim->name, + (long long)rl.rlim_cur, (long long)rl.rlim_max); + /* * Soft limit could be lower than current resource usage. * This can be an issue on NetBSD with RLIMIT_STACK and ASLR. diff -Nru sudo-1.8.31/src/load_plugins.c sudo-1.9.0/src/load_plugins.c --- sudo-1.8.31/src/load_plugins.c 2019-10-28 12:27:46.000000000 +0000 +++ sudo-1.9.0/src/load_plugins.c 2020-05-11 16:28:23.000000000 +0000 @@ -50,7 +50,7 @@ size_t pathsize, struct stat *sb) { int status = -1; - debug_decl(sudo_stat_plugin, SUDO_DEBUG_PLUGIN) + debug_decl(sudo_stat_plugin, SUDO_DEBUG_PLUGIN); if (info->path[0] == '/') { if (strlcpy(fullpath, info->path, pathsize) >= pathsize) { @@ -116,7 +116,7 @@ { struct stat sb; bool ret = false; - debug_decl(sudo_check_plugin, SUDO_DEBUG_PLUGIN) + debug_decl(sudo_check_plugin, SUDO_DEBUG_PLUGIN); if (sudo_stat_plugin(info, fullpath, pathsize, &sb) != 0) { sudo_warnx(U_("error in %s, line %d while loading plugin \"%s\""), @@ -130,17 +130,20 @@ } goto done; } - if (sb.st_uid != ROOT_UID) { - sudo_warnx(U_("error in %s, line %d while loading plugin \"%s\""), - _PATH_SUDO_CONF, info->lineno, info->symbol_name); - sudo_warnx(U_("%s must be owned by uid %d"), fullpath, ROOT_UID); - goto done; - } - if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { - sudo_warnx(U_("error in %s, line %d while loading plugin \"%s\""), - _PATH_SUDO_CONF, info->lineno, info->symbol_name); - sudo_warnx(U_("%s must be only be writable by owner"), fullpath); - goto done; + + if (!sudo_conf_developer_mode()) { + if (sb.st_uid != ROOT_UID) { + sudo_warnx(U_("error in %s, line %d while loading plugin \"%s\""), + _PATH_SUDO_CONF, info->lineno, info->symbol_name); + sudo_warnx(U_("%s must be owned by uid %d"), fullpath, ROOT_UID); + goto done; + } + if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { + sudo_warnx(U_("error in %s, line %d while loading plugin \"%s\""), + _PATH_SUDO_CONF, info->lineno, info->symbol_name); + sudo_warnx(U_("%s must be only be writable by owner"), fullpath); + goto done; + } } ret = true; @@ -151,28 +154,137 @@ static bool sudo_check_plugin(struct plugin_info *info, char *fullpath, size_t pathsize) { - debug_decl(sudo_check_plugin, SUDO_DEBUG_PLUGIN) + debug_decl(sudo_check_plugin, SUDO_DEBUG_PLUGIN); (void)strlcpy(fullpath, info->path, pathsize); debug_return_bool(true); } #endif /* ENABLE_SUDO_PLUGIN_API */ +static bool +fill_container(struct plugin_container *container, void *handle, + const char *path, struct generic_plugin *plugin, struct plugin_info *info) +{ + debug_decl(fill_container, SUDO_DEBUG_PLUGIN); + + if ((container->path = strdup(path)) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + debug_return_bool(false); + } + container->handle = handle; + container->name = info->symbol_name; + container->options = info->options; + container->debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER; + container->u.generic = plugin; + container->debug_files = sudo_conf_debug_files(path); + + /* Zero out info strings that the container now owns. */ + info->symbol_name = NULL; + info->options = NULL; + + debug_return_bool(true); +} + +static struct plugin_container * +new_container(void *handle, const char *path, struct generic_plugin *plugin, + struct plugin_info *info) +{ + struct plugin_container *container = NULL; + debug_decl(new_container, SUDO_DEBUG_PLUGIN); + + if ((container = calloc(1, sizeof(*container))) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + goto bad; + } + if (!fill_container(container, handle, path, plugin, info)) + goto bad; + + debug_return_ptr(container); +bad: + free(container); + debug_return_ptr(NULL); +} + +static bool +plugin_exists(struct plugin_container_list *plugins, struct plugin_info *info) +{ + struct plugin_container *container; + debug_decl(find_plugin, SUDO_DEBUG_PLUGIN); + + TAILQ_FOREACH(container, plugins, entries) { + if (strcmp(container->name, info->symbol_name) == 0) + debug_return_bool(true); + } + debug_return_bool(false); +} + +typedef struct generic_plugin * (plugin_clone_func)(void); + +struct generic_plugin * +sudo_plugin_try_to_clone(void *so_handle, const char *symbol_name) +{ + debug_decl(sudo_plugin_clone, SUDO_DEBUG_PLUGIN); + struct generic_plugin * plugin = NULL; + char *clone_func_name = NULL; + + if (asprintf(&clone_func_name, "%s_clone", symbol_name) < 0) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + goto cleanup; + } + + plugin_clone_func *clone_func = (plugin_clone_func *)sudo_dso_findsym(so_handle, clone_func_name); + if (clone_func) { + plugin = (*clone_func)(); + } + +cleanup: + free(clone_func_name); + debug_return_ptr(plugin); +} + +static bool +sudo_insert_plugin(struct plugin_container_list *plugin_list, void *handle, + const char *path, struct generic_plugin *plugin, struct plugin_info *info) +{ + struct plugin_container *container; + debug_decl(sudo_insert_plugin, SUDO_DEBUG_PLUGIN); + + if (plugin_exists(plugin_list, info)) { + plugin = sudo_plugin_try_to_clone(handle, info->symbol_name); + if (plugin == NULL) { + sudo_warnx(U_("ignoring duplicate plugin \"%s\" in %s, line %d"), + info->symbol_name, _PATH_SUDO_CONF, info->lineno); + sudo_dso_unload(handle); + goto done; + } + } + + if ((container = new_container(handle, path, plugin, info)) == NULL) + debug_return_bool(false); + TAILQ_INSERT_TAIL(plugin_list, container, entries); + +done: + debug_return_bool(true); +} + /* * Load the plugin specified by "info". */ static bool sudo_load_plugin(struct plugin_container *policy_plugin, - struct plugin_container_list *io_plugins, struct plugin_info *info) + struct plugin_container_list *io_plugins, + struct plugin_container_list *audit_plugins, + struct plugin_container_list *approval_plugins, + struct plugin_info *info) { - struct plugin_container *container = NULL; struct generic_plugin *plugin; char path[PATH_MAX]; void *handle = NULL; - debug_decl(sudo_load_plugin, SUDO_DEBUG_PLUGIN) + bool ret = false; + debug_decl(sudo_load_plugin, SUDO_DEBUG_PLUGIN); /* Sanity check plugin and fill in path */ if (!sudo_check_plugin(info, path, sizeof(path))) - goto bad; + goto done; /* Open plugin and map in symbol */ handle = sudo_dso_load(path, SUDO_DSO_LAZY|SUDO_DSO_GLOBAL); @@ -182,89 +294,72 @@ _PATH_SUDO_CONF, info->lineno, info->symbol_name); sudo_warnx(U_("unable to load %s: %s"), path, errstr ? errstr : "unknown error"); - goto bad; + goto done; } plugin = sudo_dso_findsym(handle, info->symbol_name); if (!plugin) { sudo_warnx(U_("error in %s, line %d while loading plugin \"%s\""), _PATH_SUDO_CONF, info->lineno, info->symbol_name); sudo_warnx(U_("unable to find symbol \"%s\" in %s"), info->symbol_name, path); - goto bad; + goto done; } - if (plugin->type != SUDO_POLICY_PLUGIN && plugin->type != SUDO_IO_PLUGIN) { - sudo_warnx(U_("error in %s, line %d while loading plugin \"%s\""), - _PATH_SUDO_CONF, info->lineno, info->symbol_name); - sudo_warnx(U_("unknown policy type %d found in %s"), plugin->type, path); - goto bad; - } if (SUDO_API_VERSION_GET_MAJOR(plugin->version) != SUDO_API_VERSION_MAJOR) { sudo_warnx(U_("error in %s, line %d while loading plugin \"%s\""), _PATH_SUDO_CONF, info->lineno, info->symbol_name); sudo_warnx(U_("incompatible plugin major version %d (expected %d) found in %s"), SUDO_API_VERSION_GET_MAJOR(plugin->version), SUDO_API_VERSION_MAJOR, path); - goto bad; + goto done; } - if (plugin->type == SUDO_POLICY_PLUGIN) { + + switch (plugin->type) { + case SUDO_POLICY_PLUGIN: if (policy_plugin->handle != NULL) { /* Ignore duplicate entries. */ - if (strcmp(policy_plugin->name, info->symbol_name) != 0) { + if (strcmp(policy_plugin->name, info->symbol_name) == 0) { + sudo_warnx(U_("ignoring duplicate plugin \"%s\" in %s, line %d"), + info->symbol_name, _PATH_SUDO_CONF, info->lineno); + } else { sudo_warnx(U_("ignoring policy plugin \"%s\" in %s, line %d"), info->symbol_name, _PATH_SUDO_CONF, info->lineno); sudo_warnx(U_("only a single policy plugin may be specified")); - goto bad; - } - sudo_warnx(U_("ignoring duplicate policy plugin \"%s\" in %s, line %d"), - info->symbol_name, _PATH_SUDO_CONF, info->lineno); - goto bad; - } - policy_plugin->handle = handle; - policy_plugin->path = strdup(path); - if (policy_plugin->path == NULL) { - sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - goto bad; - } - policy_plugin->name = info->symbol_name; - policy_plugin->options = info->options; - policy_plugin->debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER; - policy_plugin->u.generic = plugin; - policy_plugin->debug_files = sudo_conf_debug_files(path); - } else if (plugin->type == SUDO_IO_PLUGIN) { - /* Check for duplicate entries. */ - TAILQ_FOREACH(container, io_plugins, entries) { - if (strcmp(container->name, info->symbol_name) == 0) { - sudo_warnx(U_("ignoring duplicate I/O plugin \"%s\" in %s, line %d"), - info->symbol_name, _PATH_SUDO_CONF, info->lineno); - sudo_dso_unload(handle); - handle = NULL; - break; + goto done; } + ret = true; + goto done; } - container = calloc(1, sizeof(*container)); - if (container == NULL || (container->path = strdup(path)) == NULL) { - sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - goto bad; - } - container->handle = handle; - container->name = info->symbol_name; - container->options = info->options; - container->debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER; - container->u.generic = plugin; - container->debug_files = sudo_conf_debug_files(path); - TAILQ_INSERT_TAIL(io_plugins, container, entries); + if (!fill_container(policy_plugin, handle, path, plugin, info)) + goto done; + break; + case SUDO_IO_PLUGIN: + if (!sudo_insert_plugin(io_plugins, handle, path, plugin, info)) + goto done; + break; + case SUDO_AUDIT_PLUGIN: + if (!sudo_insert_plugin(audit_plugins, handle, path, plugin, info)) + goto done; + break; + case SUDO_APPROVAL_PLUGIN: + if (!sudo_insert_plugin(approval_plugins, handle, path, plugin, info)) + goto done; + break; + default: + sudo_warnx(U_("error in %s, line %d while loading plugin \"%s\""), + _PATH_SUDO_CONF, info->lineno, info->symbol_name); + sudo_warnx(U_("unknown plugin type %d found in %s"), plugin->type, path); + goto done; } - /* Zero out info strings that we now own (see above). */ - info->symbol_name = NULL; - info->options = NULL; + /* Handle is either in use or has been closed. */ + handle = NULL; - debug_return_bool(true); -bad: - free(container); + ret = true; + +done: if (handle != NULL) sudo_dso_unload(handle); - debug_return_bool(false); + debug_return_bool(ret); } static void @@ -281,23 +376,83 @@ free(info); } +static void +sudo_register_hooks(struct plugin_container *policy_plugin, + struct plugin_container_list *io_plugins, + struct plugin_container_list *audit_plugins) +{ + struct plugin_container *container; + debug_decl(sudo_register_hooks, SUDO_DEBUG_PLUGIN); + + if (policy_plugin->u.policy->version >= SUDO_API_MKVERSION(1, 2)) { + if (policy_plugin->u.policy->register_hooks != NULL) { + sudo_debug_set_active_instance(policy_plugin->debug_instance); + policy_plugin->u.policy->register_hooks(SUDO_HOOK_VERSION, + register_hook); + sudo_debug_set_active_instance(sudo_debug_instance); + } + } + + TAILQ_FOREACH(container, io_plugins, entries) { + if (container->u.io->version >= SUDO_API_MKVERSION(1, 2)) { + if (container->u.io->register_hooks != NULL) { + sudo_debug_set_active_instance(container->debug_instance); + container->u.io->register_hooks(SUDO_HOOK_VERSION, + register_hook); + sudo_debug_set_active_instance(sudo_debug_instance); + } + } + } + + TAILQ_FOREACH(container, audit_plugins, entries) { + if (container->u.audit->register_hooks != NULL) { + sudo_debug_set_active_instance(container->debug_instance); + container->u.audit->register_hooks(SUDO_HOOK_VERSION, + register_hook); + sudo_debug_set_active_instance(sudo_debug_instance); + } + } + + debug_return; +} + +static void +sudo_init_event_alloc(struct plugin_container *policy_plugin, + struct plugin_container_list *io_plugins) +{ + struct plugin_container *container; + debug_decl(sudo_init_event_alloc, SUDO_DEBUG_PLUGIN); + + if (policy_plugin->u.policy->version >= SUDO_API_MKVERSION(1, 15)) + policy_plugin->u.policy->event_alloc = sudo_plugin_event_alloc; + + TAILQ_FOREACH(container, io_plugins, entries) { + if (container->u.io->version >= SUDO_API_MKVERSION(1, 15)) + container->u.io->event_alloc = sudo_plugin_event_alloc; + } + + debug_return; +} + /* * Load the plugins listed in sudo.conf. */ bool sudo_load_plugins(struct plugin_container *policy_plugin, - struct plugin_container_list *io_plugins) + struct plugin_container_list *io_plugins, + struct plugin_container_list *audit_plugins, + struct plugin_container_list *approval_plugins) { - struct plugin_container *container; struct plugin_info_list *plugins; struct plugin_info *info, *next; bool ret = false; - debug_decl(sudo_load_plugins, SUDO_DEBUG_PLUGIN) + debug_decl(sudo_load_plugins, SUDO_DEBUG_PLUGIN); /* Walk the plugin list from sudo.conf, if any and free it. */ plugins = sudo_conf_plugins(); TAILQ_FOREACH_SAFE(info, plugins, entries, next) { - ret = sudo_load_plugin(policy_plugin, io_plugins, info); + ret = sudo_load_plugin(policy_plugin, io_plugins, audit_plugins, + approval_plugins, info); if (!ret) goto done; free_plugin_info(info); @@ -323,7 +478,8 @@ goto done; } /* info->options = NULL; */ - ret = sudo_load_plugin(policy_plugin, io_plugins, info); + ret = sudo_load_plugin(policy_plugin, io_plugins, audit_plugins, + approval_plugins, info); free_plugin_info(info); if (!ret) goto done; @@ -343,12 +499,14 @@ goto done; } /* info->options = NULL; */ - ret = sudo_load_plugin(policy_plugin, io_plugins, info); + ret = sudo_load_plugin(policy_plugin, io_plugins, audit_plugins, + approval_plugins, info); free_plugin_info(info); if (!ret) goto done; } } + /* TODO: check all plugins for open function too */ if (policy_plugin->u.policy->check_policy == NULL) { sudo_warnx(U_("policy plugin %s does not include a check_policy method"), policy_plugin->name); @@ -356,19 +514,11 @@ goto done; } - /* Install hooks (XXX - later). */ - sudo_debug_set_active_instance(SUDO_DEBUG_INSTANCE_INITIALIZER); - if (policy_plugin->u.policy->version >= SUDO_API_MKVERSION(1, 2)) { - if (policy_plugin->u.policy->register_hooks != NULL) - policy_plugin->u.policy->register_hooks(SUDO_HOOK_VERSION, register_hook); - } - TAILQ_FOREACH(container, io_plugins, entries) { - if (container->u.io->version >= SUDO_API_MKVERSION(1, 2)) { - if (container->u.io->register_hooks != NULL) - container->u.io->register_hooks(SUDO_HOOK_VERSION, register_hook); - } - } - sudo_debug_set_active_instance(sudo_debug_instance); + /* Set event_alloc() in plugins. */ + sudo_init_event_alloc(policy_plugin, io_plugins); + + /* Install hooks (XXX - later, after open). */ + sudo_register_hooks(policy_plugin, io_plugins, audit_plugins); done: debug_return_bool(ret); diff -Nru sudo-1.8.31/src/Makefile.in sudo-1.9.0/src/Makefile.in --- sudo-1.8.31/src/Makefile.in 2019-12-10 13:11:46.000000000 +0000 +++ sudo-1.9.0/src/Makefile.in 2020-05-11 16:28:23.000000000 +0000 @@ -21,9 +21,13 @@ #### Start of system configuration section. #### srcdir = @srcdir@ -devdir = @devdir@ -top_builddir = @top_builddir@ +abs_srcdir = @abs_srcdir@ top_srcdir = @top_srcdir@ +abs_top_srcdir = @abs_top_srcdir@ +top_builddir = @top_builddir@ +abs_top_builddir = @abs_top_builddir@ +devdir = @devdir@ +scriptdir = $(top_srcdir)/scripts incdir = $(top_srcdir)/include rundir = @rundir@ cross_compiling = @CROSS_COMPILING@ @@ -47,8 +51,7 @@ -DLOCALEDIR=\"$(localedir)\" # C preprocessor flags -CPPFLAGS = -I$(incdir) -I$(top_builddir) -I. -I$(srcdir) -I$(top_srcdir) \ - $(CPPDEFS) @CPPFLAGS@ +CPPFLAGS = -I$(incdir) -I$(top_builddir) -I. -I$(srcdir) $(CPPDEFS) @CPPFLAGS@ # Usually -O and/or -g CFLAGS = @CFLAGS@ @@ -120,16 +123,17 @@ PROGS = @PROGS@ -OBJS = conversation.o env_hooks.o exec.o exec_common.o exec_monitor.o \ - exec_nopty.o exec_pty.o get_pty.o hooks.o limits.o load_plugins.o \ - net_ifs.o parse_args.o preserve_fds.o signal.o sudo.o sudo_edit.o \ - tcsetpgrp_nobg.o tgetpass.o ttyname.o utmp.o @SUDO_OBJS@ +OBJS = conversation.o copy_file.o env_hooks.o exec.o exec_common.o \ + exec_monitor.o exec_nopty.o exec_pty.o get_pty.o hooks.o \ + limits.o load_plugins.o net_ifs.o parse_args.o preserve_fds.o \ + signal.o sudo.o sudo_edit.o tcsetpgrp_nobg.o tgetpass.o \ + ttyname.o utmp.o @SUDO_OBJS@ IOBJS = $(OBJS:.o=.i) sesh.i POBJS = $(IOBJS:.i=.plog) -SESH_OBJS = sesh.o exec_common.o +SESH_OBJS = copy_file.o exec_common.o sesh.o CHECK_NOEXEC_OBJS = check_noexec.o exec_common.o @@ -142,8 +146,8 @@ all: $(PROGS) depend: - $(top_srcdir)/mkdep.pl --srcdir=$(top_srcdir) \ - --builddir=`pwd`/$(top_builddir) src/Makefile.in + $(scriptdir)/mkdep.pl --srcdir=$(abs_top_srcdir) \ + --builddir=$(abs_top_builddir) src/Makefile.in cd $(top_builddir) && ./config.status --file src/Makefile Makefile: $(srcdir)/Makefile.in @@ -194,28 +198,28 @@ install-dirs: # We only create the rc.d dir when installing to the actual system dir - $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(bindir) \ + $(SHELL) $(scriptdir)/mkinstalldirs $(DESTDIR)$(bindir) \ $(DESTDIR)$(libexecdir)/sudo $(DESTDIR)$(noexecdir) if test -n "$(INIT_SCRIPT)"; then \ - $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(INIT_DIR); \ + $(SHELL) $(scriptdir)/mkinstalldirs $(DESTDIR)$(INIT_DIR); \ if test -z "$(DESTDIR)"; then \ - $(SHELL) $(top_srcdir)/mkinstalldirs \ + $(SHELL) $(scriptdir)/mkinstalldirs \ `echo $(RC_LINK) | $(SED) 's,/[^/]*$$,,'`; \ fi; \ elif test -n "$(tmpfiles_d)"; then \ - $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(tmpfiles_d); \ + $(SHELL) $(scriptdir)/mkinstalldirs $(DESTDIR)$(tmpfiles_d); \ fi install-rc: install-dirs # We only create the rc.d link when installing to the actual system dir if [ -n "$(INIT_SCRIPT)" ]; then \ - $(INSTALL) $(INSTALL_OWNER) -m 0755 $(top_builddir)/init.d/$(INIT_SCRIPT) $(DESTDIR)$(INIT_DIR)/sudo; \ + $(INSTALL) $(INSTALL_OWNER) -m 0755 $(top_builddir)/etc/init.d/$(INIT_SCRIPT) $(DESTDIR)$(INIT_DIR)/sudo; \ if test -z "$(DESTDIR)"; then \ rm -f $(RC_LINK); \ ln -s $(INIT_DIR)/sudo $(RC_LINK); \ fi; \ elif test -n "$(tmpfiles_d)"; then \ - $(INSTALL) $(INSTALL_OWNER) -m 0644 $(top_builddir)/init.d/sudo.conf $(DESTDIR)$(tmpfiles_d)/sudo.conf; \ + $(INSTALL) $(INSTALL_OWNER) -m 0644 $(top_builddir)/etc/init.d/sudo.conf $(DESTDIR)$(tmpfiles_d)/sudo.conf; \ fi install-binaries: install-dirs $(PROGS) @@ -249,10 +253,10 @@ rm -f $(DESTDIR)$(RC_LINK) $(DESTDIR)$(INIT_DIR)/sudo splint: - splint $(SPLINT_OPTS) -I$(incdir) -I$(top_builddir) -I. -I$(srcdir) -I$(top_srcdir) $(srcdir)/*.c + splint $(SPLINT_OPTS) -I$(incdir) -I$(top_builddir) -I. -I$(srcdir) $(srcdir)/*.c cppcheck: - cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) -I. -I$(srcdir) -I$(top_srcdir) $(srcdir)/*.c + cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) -I. -I$(srcdir) $(srcdir)/*.c pvs-log-files: $(POBJS) @@ -271,7 +275,8 @@ clean: -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f $(PROGS) $(TEST_PROGS) \ - *.lo *.o *.la *.a *.i *.plog stamp-* core *.core core.* nohup.out + *.lo *.o *.la + -rm -f *.i *.plog stamp-* core *.core core.* mostlyclean: clean @@ -319,37 +324,55 @@ rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/ttyname/check_ttyname.c --i-file $< --output-file $@ conversation.o: $(srcdir)/conversation.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/sudo.h \ $(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/conversation.c conversation.i: $(srcdir)/conversation.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/sudo.h \ $(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< conversation.plog: conversation.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/conversation.c --i-file $< --output-file $@ +copy_file.o: $(srcdir)/copy_file.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/copy_file.c +copy_file.i: $(srcdir)/copy_file.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +copy_file.plog: copy_file.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/copy_file.c --i-file $< --output-file $@ env_hooks.o: $(srcdir)/env_hooks.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_dso.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/env_hooks.c env_hooks.i: $(srcdir)/env_hooks.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_dso.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< env_hooks.plog: env_hooks.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/env_hooks.c --i-file $< --output-file $@ @@ -371,17 +394,19 @@ rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/exec.c --i-file $< --output-file $@ exec_common.o: $(srcdir)/exec_common.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(srcdir)/sudo_exec.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/exec_common.c exec_common.i: $(srcdir)/exec_common.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(srcdir)/sudo_exec.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< exec_common.plog: exec_common.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/exec_common.c --i-file $< --output-file $@ @@ -447,65 +472,67 @@ rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/exec_pty.c --i-file $< --output-file $@ get_pty.o: $(srcdir)/get_pty.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/get_pty.c get_pty.i: $(srcdir)/get_pty.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< get_pty.plog: get_pty.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/get_pty.c --i-file $< --output-file $@ hooks.o: $(srcdir)/hooks.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ - $(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/sudo.h $(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/hooks.c hooks.i: $(srcdir)/hooks.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ - $(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/sudo.h $(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< hooks.plog: hooks.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/hooks.c --i-file $< --output-file $@ limits.o: $(srcdir)/limits.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/limits.c limits.i: $(srcdir)/limits.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< limits.plog: limits.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/limits.c --i-file $< --output-file $@ load_plugins.o: $(srcdir)/load_plugins.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_dso.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ $(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/load_plugins.c load_plugins.i: $(srcdir)/load_plugins.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_dso.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ $(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< @@ -527,35 +554,37 @@ rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/net_ifs.c --i-file $< --output-file $@ openbsd.o: $(srcdir)/openbsd.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/openbsd.c openbsd.i: $(srcdir)/openbsd.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< openbsd.plog: openbsd.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/openbsd.c --i-file $< --output-file $@ parse_args.o: $(srcdir)/parse_args.c $(incdir)/compat/getopt.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_lbuf.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h ./sudo_usage.h + $(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h \ + ./sudo_usage.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/parse_args.c parse_args.i: $(srcdir)/parse_args.c $(incdir)/compat/getopt.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_lbuf.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h ./sudo_usage.h + $(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h \ + ./sudo_usage.h $(CC) -E -o $@ $(CPPFLAGS) $< parse_args.plog: parse_args.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/parse_args.c --i-file $< --output-file $@ @@ -569,33 +598,35 @@ rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/preload.c --i-file $< --output-file $@ preserve_fds.o: $(srcdir)/preserve_fds.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/preserve_fds.c preserve_fds.i: $(srcdir)/preserve_fds.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< preserve_fds.plog: preserve_fds.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/preserve_fds.c --i-file $< --output-file $@ selinux.o: $(srcdir)/selinux.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(srcdir)/sudo_exec.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/selinux.c selinux.i: $(srcdir)/selinux.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(srcdir)/sudo_exec.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< selinux.plog: selinux.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/selinux.c --i-file $< --output-file $@ @@ -615,127 +646,133 @@ rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/sesh.c --i-file $< --output-file $@ signal.o: $(srcdir)/signal.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ - $(srcdir)/sudo_exec.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/signal.c signal.i: $(srcdir)/signal.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ - $(srcdir)/sudo_exec.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< signal.plog: signal.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/signal.c --i-file $< --output-file $@ solaris.o: $(srcdir)/solaris.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_dso.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(incdir)/sudo_debug.h $(incdir)/sudo_dso.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/solaris.c solaris.i: $(srcdir)/solaris.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_dso.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(incdir)/sudo_debug.h $(incdir)/sudo_dso.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< solaris.plog: solaris.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/solaris.c --i-file $< --output-file $@ sudo.o: $(srcdir)/sudo.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ - $(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/sudo.h $(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h ./sudo_usage.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/sudo.c sudo.i: $(srcdir)/sudo.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ - $(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/sudo.h $(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h ./sudo_usage.h $(CC) -E -o $@ $(CPPFLAGS) $< sudo.plog: sudo.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/sudo.c --i-file $< --output-file $@ sudo_edit.o: $(srcdir)/sudo_edit.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(srcdir)/sudo_exec.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/sudo_edit.c sudo_edit.i: $(srcdir)/sudo_edit.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(srcdir)/sudo_exec.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< sudo_edit.plog: sudo_edit.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/sudo_edit.c --i-file $< --output-file $@ tcsetpgrp_nobg.o: $(srcdir)/tcsetpgrp_nobg.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/sudo.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/sudo.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/tcsetpgrp_nobg.c tcsetpgrp_nobg.i: $(srcdir)/tcsetpgrp_nobg.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/sudo.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/sudo.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< tcsetpgrp_nobg.plog: tcsetpgrp_nobg.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/tcsetpgrp_nobg.c --i-file $< --output-file $@ tgetpass.o: $(srcdir)/tgetpass.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/tgetpass.c tgetpass.i: $(srcdir)/tgetpass.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< tgetpass.plog: tgetpass.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/tgetpass.c --i-file $< --output-file $@ ttyname.o: $(srcdir)/ttyname.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/ttyname.c ttyname.i: $(srcdir)/ttyname.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< ttyname.plog: ttyname.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/ttyname.c --i-file $< --output-file $@ utmp.o: $(srcdir)/utmp.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/sudo.h $(srcdir)/sudo_exec.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/utmp.c utmp.i: $(srcdir)/utmp.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/sudo.h $(srcdir)/sudo_exec.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< utmp.plog: utmp.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/utmp.c --i-file $< --output-file $@ diff -Nru sudo-1.8.31/src/net_ifs.c sudo-1.9.0/src/net_ifs.c --- sudo-1.8.31/src/net_ifs.c 2019-10-28 12:27:39.000000000 +0000 +++ sudo-1.9.0/src/net_ifs.c 2020-05-11 16:28:23.000000000 +0000 @@ -85,7 +85,7 @@ # include #endif -#define SUDO_NET_IFS_C /* to expose sudo_inet_ntop in sudo_compat.h */ +#define NEED_INET_NTOP /* to expose sudo_inet_ntop in sudo_compat.h */ #define DEFAULT_TEXT_DOMAIN "sudo" #include "sudo_gettext.h" /* must be included before sudo_compat.h */ @@ -126,7 +126,7 @@ #endif int ailen, len, num_interfaces = 0; char *cp; - debug_decl(get_net_ifs, SUDO_DEBUG_NETIF) + debug_decl(get_net_ifs, SUDO_DEBUG_NETIF); if (!sudo_conf_probe_interfaces()) debug_return_int(0); @@ -235,7 +235,7 @@ #ifdef _ISC struct strioctl strioctl; #endif /* _ISC */ - debug_decl(get_net_ifs, SUDO_DEBUG_NETIF) + debug_decl(get_net_ifs, SUDO_DEBUG_NETIF); if (!sudo_conf_probe_interfaces()) debug_return_int(0); @@ -367,7 +367,7 @@ int get_net_ifs(char **addrinfo) { - debug_decl(get_net_ifs, SUDO_DEBUG_NETIF) + debug_decl(get_net_ifs, SUDO_DEBUG_NETIF); debug_return_int(0); } diff -Nru sudo-1.8.31/src/parse_args.c sudo-1.9.0/src/parse_args.c --- sudo-1.8.31/src/parse_args.c 2019-10-28 12:28:54.000000000 +0000 +++ sudo-1.9.0/src/parse_args.c 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1993-1996, 1998-2017 Todd C. Miller + * Copyright (c) 1993-1996, 1998-2020 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -59,7 +59,7 @@ * Local functions. */ static void help(void) __attribute__((__noreturn__)); -static void usage_excl(int); +static void usage_excl(void) __attribute__((__noreturn__)); /* * Mapping of command line flags to name/value settings. @@ -173,7 +173,7 @@ static void env_insert(struct environment *e, char *pair) { - debug_decl(env_insert, SUDO_DEBUG_ARGS) + debug_decl(env_insert, SUDO_DEBUG_ARGS); /* Make sure we have at least two slots free (one for NULL). */ if (e->env_len + 1 >= e->env_size) { @@ -200,7 +200,7 @@ env_set(struct environment *e, char *var, char *val) { char *pair; - debug_decl(env_set, SUDO_DEBUG_ARGS) + debug_decl(env_set, SUDO_DEBUG_ARGS); pair = sudo_new_key_val(var, val); if (pair == NULL) { @@ -220,13 +220,13 @@ parse_env_list(struct environment *e, char *list) { char *cp, *last, *val; - debug_decl(parse_env_list, SUDO_DEBUG_ARGS) + debug_decl(parse_env_list, SUDO_DEBUG_ARGS); for ((cp = strtok_r(list, ",", &last)); cp != NULL; (cp = strtok_r(NULL, ",", &last))) { if (strchr(cp, '=') != NULL) { sudo_warnx(U_("invalid environment variable name: %s"), cp); - usage(1); + usage(); } if ((val = getenv(cp)) != NULL) env_set(e, cp, val); @@ -240,7 +240,7 @@ * for the command to be run (if we are running one). */ int -parse_args(int argc, char **argv, int *nargc, char ***nargv, +parse_args(int argc, char **argv, int *old_optind, int *nargc, char ***nargv, struct sudo_settings **settingsp, char ***env_addp) { struct environment extra_env; @@ -249,15 +249,13 @@ int valid_flags = DEFAULT_VALID_FLAGS; int ch, i; char *cp; - const char *runas_user = NULL; - const char *runas_group = NULL; const char *progname; int proglen; - debug_decl(parse_args, SUDO_DEBUG_ARGS) + debug_decl(parse_args, SUDO_DEBUG_ARGS); /* Is someone trying something funny? */ if (argc <= 0) - usage(1); + usage(); /* Pass progname to plugin so it can call initprogname() */ progname = getprogname(); @@ -313,7 +311,9 @@ case 'a': assert(optarg != NULL); if (*optarg == '\0') - usage(1); + usage(); + if (sudo_settings[ARG_BSDAUTH_TYPE].value != NULL) + usage(); sudo_settings[ARG_BSDAUTH_TYPE].value = optarg; break; #endif @@ -327,15 +327,19 @@ assert(optarg != NULL); if (sudo_strtonum(optarg, 3, INT_MAX, NULL) == 0) { sudo_warnx(U_("the argument to -C must be a number greater than or equal to 3")); - usage(1); + usage(); } + if (sudo_settings[ARG_CLOSEFROM].value != NULL) + usage(); sudo_settings[ARG_CLOSEFROM].value = optarg; break; #ifdef HAVE_LOGIN_CAP_H case 'c': assert(optarg != NULL); if (*optarg == '\0') - usage(1); + usage(); + if (sudo_settings[ARG_LOGIN_CLASS].value != NULL) + usage(); sudo_settings[ARG_LOGIN_CLASS].value = optarg; break; #endif @@ -357,7 +361,7 @@ break; case 'e': if (mode && mode != MODE_EDIT) - usage_excl(1); + usage_excl(); mode = MODE_EDIT; sudo_settings[ARG_SUDOEDIT].value = "true"; valid_flags = MODE_NONINTERACTIVE; @@ -365,8 +369,9 @@ case 'g': assert(optarg != NULL); if (*optarg == '\0') - usage(1); - runas_group = optarg; + usage(); + if (sudo_settings[ARG_RUNAS_GROUP].value != NULL) + usage(); sudo_settings[ARG_RUNAS_GROUP].value = optarg; break; case 'H': @@ -381,12 +386,14 @@ */ if (got_host_flag && !is_envar && argv[optind] != NULL && argv[optind][0] != '-') { + if (sudo_settings[ARG_REMOTE_HOST].value != NULL) + usage(); sudo_settings[ARG_REMOTE_HOST].value = argv[optind++]; continue; } if (mode && mode != MODE_HELP) { if (strcmp(progname, "sudoedit") != 0) - usage_excl(1); + usage_excl(); } mode = MODE_HELP; valid_flags = 0; @@ -396,7 +403,9 @@ case OPT_HOSTNAME: assert(optarg != NULL); if (*optarg == '\0') - usage(1); + usage(); + if (sudo_settings[ARG_REMOTE_HOST].value != NULL) + usage(); sudo_settings[ARG_REMOTE_HOST].value = optarg; break; case 'i': @@ -409,7 +418,7 @@ case 'K': sudo_settings[ARG_IGNORE_TICKET].value = "true"; if (mode && mode != MODE_KILL) - usage_excl(1); + usage_excl(); mode = MODE_KILL; valid_flags = 0; break; @@ -418,7 +427,7 @@ if (mode == MODE_LIST) SET(flags, MODE_LONG_LIST); else - usage_excl(1); + usage_excl(); } mode = MODE_LIST; valid_flags = MODE_NONINTERACTIVE|MODE_LONG_LIST; @@ -433,25 +442,33 @@ case 'p': /* An empty prompt is allowed. */ assert(optarg != NULL); + if (sudo_settings[ARG_PROMPT].value != NULL) + usage(); sudo_settings[ARG_PROMPT].value = optarg; break; #ifdef HAVE_SELINUX case 'r': assert(optarg != NULL); if (*optarg == '\0') - usage(1); + usage(); + if (sudo_settings[ARG_SELINUX_ROLE].value != NULL) + usage(); sudo_settings[ARG_SELINUX_ROLE].value = optarg; break; case 't': assert(optarg != NULL); if (*optarg == '\0') - usage(1); + usage(); + if (sudo_settings[ARG_SELINUX_TYPE].value != NULL) + usage(); sudo_settings[ARG_SELINUX_TYPE].value = optarg; break; #endif case 'T': /* Plugin determines whether empty timeout is allowed. */ assert(optarg != NULL); + if (sudo_settings[ARG_TIMEOUT].value != NULL) + usage(); sudo_settings[ARG_TIMEOUT].value = optarg; break; case 'S': @@ -463,31 +480,32 @@ break; case 'U': assert(optarg != NULL); - if (*optarg == '\0') - usage(1); + if (list_user != NULL || *optarg == '\0') + usage(); list_user = optarg; break; case 'u': assert(optarg != NULL); if (*optarg == '\0') - usage(1); - runas_user = optarg; + usage(); + if (sudo_settings[ARG_RUNAS_USER].value != NULL) + usage(); sudo_settings[ARG_RUNAS_USER].value = optarg; break; case 'v': if (mode && mode != MODE_VALIDATE) - usage_excl(1); + usage_excl(); mode = MODE_VALIDATE; valid_flags = MODE_NONINTERACTIVE; break; case 'V': if (mode && mode != MODE_VERSION) - usage_excl(1); + usage_excl(); mode = MODE_VERSION; valid_flags = 0; break; default: - usage(1); + usage(); } } else if (!got_end_of_args && is_envar) { /* Insert key=value pair, crank optind and resume getopt. */ @@ -501,6 +519,7 @@ argc -= optind; argv += optind; + *old_optind = optind; if (!mode) { /* Defer -k mode setting until we know whether it is a flag or not */ @@ -521,39 +540,40 @@ if (ISSET(flags, MODE_LOGIN_SHELL)) { if (ISSET(flags, MODE_SHELL)) { sudo_warnx(U_("you may not specify both the `-i' and `-s' options")); - usage(1); + usage(); } if (ISSET(flags, MODE_PRESERVE_ENV)) { sudo_warnx(U_("you may not specify both the `-i' and `-E' options")); - usage(1); + usage(); } SET(flags, MODE_SHELL); } if ((flags & valid_flags) != flags) - usage(1); + usage(); if (mode == MODE_EDIT && (ISSET(flags, MODE_PRESERVE_ENV) || extra_env.env_len != 0)) { if (ISSET(mode, MODE_PRESERVE_ENV)) sudo_warnx(U_("the `-E' option is not valid in edit mode")); if (extra_env.env_len != 0) sudo_warnx(U_("you may not specify environment variables in edit mode")); - usage(1); + usage(); } - if ((runas_user != NULL || runas_group != NULL) && + if ((sudo_settings[ARG_RUNAS_USER].value != NULL || + sudo_settings[ARG_RUNAS_GROUP].value != NULL) && !ISSET(mode, MODE_EDIT | MODE_RUN | MODE_CHECK | MODE_VALIDATE)) { - usage(1); + usage(); } if (list_user != NULL && mode != MODE_LIST && mode != MODE_CHECK) { sudo_warnx(U_("the `-U' option may only be used with the `-l' option")); - usage(1); + usage(); } if (ISSET(tgetpass_flags, TGP_STDIN) && ISSET(tgetpass_flags, TGP_ASKPASS)) { sudo_warnx(U_("the `-A' and `-S' options may not be used together")); - usage(1); + usage(); } if ((argc == 0 && mode == MODE_EDIT) || (argc > 0 && !ISSET(mode, MODE_RUN | MODE_EDIT | MODE_CHECK))) - usage(1); + usage(); if (argc == 0 && mode == MODE_RUN && !ISSET(flags, MODE_SHELL)) { SET(flags, (MODE_IMPLIED_SHELL | MODE_SHELL)); sudo_settings[ARG_IMPLIED_SHELL].value = "true"; @@ -582,7 +602,7 @@ if (cmnd == NULL) sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); if (!gc_add(GC_PTR, cmnd)) - exit(1); + exit(EXIT_FAILURE); for (av = argv; *av != NULL; av++) { for (src = *av; *src != '\0'; src++) { @@ -604,7 +624,7 @@ if (av == NULL) sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); if (!gc_add(GC_PTR, av)) - exit(1); + exit(EXIT_FAILURE); av[0] = (char *)user_details.shell; /* plugin may override shell */ if (cmnd != NULL) { @@ -617,12 +637,29 @@ argc = ac; } + /* + * For sudoedit we need to rewrite argv + */ if (mode == MODE_EDIT) { #if defined(HAVE_SETRESUID) || defined(HAVE_SETREUID) || defined(HAVE_SETEUID) + char **av; + int ac; + + av = reallocarray(NULL, argc + 2, sizeof(char *)); + if (av == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + if (!gc_add(GC_PTR, av)) + exit(EXIT_FAILURE); + /* Must have the command in argv[0]. */ - argc++; - argv--; - argv[0] = "sudoedit"; + av[0] = "sudoedit"; + for (ac = 0; argv[ac] != NULL; ac++) { + av[ac + 1] = argv[ac]; + } + av[++ac] = NULL; + + argv = av; + argc = ac; #else sudo_fatalx(U_("sudoedit is not supported on this platform")); #endif @@ -648,11 +685,11 @@ } /* - * Give usage message and exit. + * Display usage message. * The actual usage strings are in sudo_usage.h for configure substitution. */ -void -usage(int fatal) +static void +display_usage(int (*output)(const char *)) { struct sudo_lbuf lbuf; char *uvec[6]; @@ -678,27 +715,35 @@ * tty width. */ ulen = (int)strlen(getprogname()) + 8; - sudo_lbuf_init(&lbuf, fatal ? usage_err : usage_out, ulen, NULL, + sudo_lbuf_init(&lbuf, output, ulen, NULL, user_details.ts_cols); for (i = 0; uvec[i] != NULL; i++) { sudo_lbuf_append(&lbuf, "usage: %s%s", getprogname(), uvec[i]); sudo_lbuf_print(&lbuf); } sudo_lbuf_destroy(&lbuf); - if (fatal) - exit(1); +} + +/* + * Display usage message and exit. + */ +void +usage(void) +{ + display_usage(usage_err); + exit(EXIT_FAILURE); } /* * Tell which options are mutually exclusive and exit. */ static void -usage_excl(int fatal) +usage_excl(void) { - debug_decl(usage_excl, SUDO_DEBUG_ARGS) + debug_decl(usage_excl, SUDO_DEBUG_ARGS); sudo_warnx(U_("Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified")); - usage(fatal); + usage(); } static void @@ -707,7 +752,7 @@ struct sudo_lbuf lbuf; const int indent = 32; const char *pname = getprogname(); - debug_decl(help, SUDO_DEBUG_ARGS) + debug_decl(help, SUDO_DEBUG_ARGS); sudo_lbuf_init(&lbuf, usage_out, indent, NULL, user_details.ts_cols); if (strcmp(pname, "sudoedit") == 0) @@ -716,7 +761,7 @@ sudo_lbuf_append(&lbuf, _("%s - execute a command as another user\n\n"), pname); sudo_lbuf_print(&lbuf); - usage(0); + display_usage(usage_out); sudo_lbuf_append(&lbuf, _("\nOptions:\n")); sudo_lbuf_append(&lbuf, " -A, --askpass %s\n", @@ -790,5 +835,5 @@ sudo_lbuf_print(&lbuf); sudo_lbuf_destroy(&lbuf); sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, 0); - exit(0); + exit(EXIT_SUCCESS); } diff -Nru sudo-1.8.31/src/preload.c sudo-1.9.0/src/preload.c --- sudo-1.8.31/src/preload.c 2019-10-28 12:27:39.000000000 +0000 +++ sudo-1.9.0/src/preload.c 2020-05-11 16:28:23.000000000 +0000 @@ -53,8 +53,8 @@ /* XXX - can we autogenerate these? */ static struct sudo_preload_symbol sudo_sudoers_plugin_symbols[] = { - { "sudoers_policy", (void *)&sudoers_policy}, - { "sudoers_io", (void *)&sudoers_io}, + { "sudoers_policy", (void *)&sudoers_policy }, + { "sudoers_io", (void *)&sudoers_io }, { (const char *)0, (void *)0 } }; diff -Nru sudo-1.8.31/src/preserve_fds.c sudo-1.9.0/src/preserve_fds.c --- sudo-1.8.31/src/preserve_fds.c 2019-10-28 12:27:39.000000000 +0000 +++ sudo-1.9.0/src/preserve_fds.c 2020-05-11 16:28:23.000000000 +0000 @@ -47,7 +47,7 @@ add_preserved_fd(struct preserved_fd_list *pfds, int fd) { struct preserved_fd *pfd, *pfd_new; - debug_decl(add_preserved_fd, SUDO_DEBUG_UTIL) + debug_decl(add_preserved_fd, SUDO_DEBUG_UTIL); pfd_new = malloc(sizeof(*pfd)); if (pfd_new == NULL) @@ -96,7 +96,7 @@ int fd, lastfd = -1; struct preserved_fd *pfd, *pfd_next; unsigned char *fdbits; - debug_decl(closefrom_except, SUDO_DEBUG_UTIL) + debug_decl(closefrom_except, SUDO_DEBUG_UTIL); /* First, relocate preserved fds to be as contiguous as possible. */ TAILQ_FOREACH_REVERSE_SAFE(pfd, pfds, preserved_fd_list, entries, pfd_next) { @@ -201,7 +201,7 @@ const char *cp = fdstr; long lval; char *ep; - debug_decl(parse_preserved_fds, SUDO_DEBUG_UTIL) + debug_decl(parse_preserved_fds, SUDO_DEBUG_UTIL); do { errno = 0; diff -Nru sudo-1.8.31/src/regress/noexec/check_noexec.c sudo-1.9.0/src/regress/noexec/check_noexec.c --- sudo-1.8.31/src/regress/noexec/check_noexec.c 2019-10-28 12:27:39.000000000 +0000 +++ sudo-1.9.0/src/regress/noexec/check_noexec.c 2020-05-11 16:28:23.000000000 +0000 @@ -184,7 +184,7 @@ if (argc != 2) { fprintf(stderr, "usage: %s regress | /path/to/sudo_noexec.so\n", getprogname()); - exit(1); + exit(EXIT_FAILURE); } /* Disable execution for post-exec and re-exec ourself. */ diff -Nru sudo-1.8.31/src/selinux.c sudo-1.9.0/src/selinux.c --- sudo-1.8.31/src/selinux.c 2019-12-11 20:11:25.000000000 +0000 +++ sudo-1.9.0/src/selinux.c 2020-05-11 16:28:23.000000000 +0000 @@ -75,7 +75,7 @@ { int au_fd, rc = -1; char *message; - debug_decl(audit_role_change, SUDO_DEBUG_SELINUX) + debug_decl(audit_role_change, SUDO_DEBUG_SELINUX); au_fd = audit_open(); if (au_fd == -1) { @@ -113,7 +113,7 @@ { int ret = -1; security_context_t chk_tty_con_raw = NULL; - debug_decl(selinux_restore_tty, SUDO_DEBUG_SELINUX) + debug_decl(selinux_restore_tty, SUDO_DEBUG_SELINUX); if (se_state.ttyfd == -1 || se_state.new_tty_con_raw == NULL) { sudo_debug_printf(SUDO_DEBUG_INFO, "%s: no tty, skip relabel", @@ -171,7 +171,7 @@ security_context_t new_tty_con = NULL; struct stat sb; int fd; - debug_decl(relabel_tty, SUDO_DEBUG_SELINUX) + debug_decl(relabel_tty, SUDO_DEBUG_SELINUX); se_state.ttyfd = ptyfd; @@ -227,6 +227,8 @@ } if (ptyfd != -1) { + int oflags, flags = 0; + /* Reopen pty that was relabeled, std{in,out,err} are reset later. */ se_state.ttyfd = open(ttyn, O_RDWR|O_NOCTTY, 0); if (se_state.ttyfd == -1 || fstat(se_state.ttyfd, &sb) == -1) { @@ -238,8 +240,21 @@ ttyn); goto bad; } - if (dup2(se_state.ttyfd, ptyfd) == -1) { - sudo_warn("dup2"); + /* Preserve O_NONBLOCK and the close-on-exec flags. */ + if ((oflags = fcntl(ptyfd, F_GETFL)) == -1) { + sudo_warn("F_GETFL"); + goto bad; + } + if (ISSET(oflags, O_NONBLOCK)) + flags |= O_NONBLOCK; + if ((oflags = fcntl(ptyfd, F_GETFD)) == -1) { + sudo_warn("F_GETFD"); + goto bad; + } + if (ISSET(oflags, FD_CLOEXEC)) + flags |= O_CLOEXEC; + if (dup3(se_state.ttyfd, ptyfd, flags) == -1) { + sudo_warn("dup3"); goto bad; } } else { @@ -300,7 +315,7 @@ security_context_t new_context = NULL; context_t context = NULL; char *typebuf = NULL; - debug_decl(get_exec_context, SUDO_DEBUG_SELINUX) + debug_decl(get_exec_context, SUDO_DEBUG_SELINUX); /* We must have a role, the type is optional (we can use the default). */ if (role == NULL) { @@ -372,10 +387,10 @@ */ int selinux_setup(const char *role, const char *type, const char *ttyn, - int ptyfd) + int ptyfd, bool label_tty) { int ret = -1; - debug_decl(selinux_setup, SUDO_DEBUG_SELINUX) + debug_decl(selinux_setup, SUDO_DEBUG_SELINUX); /* Store the caller's SID in old_context. */ if (getprevcon(&se_state.old_context)) { @@ -401,7 +416,7 @@ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: new context %s", __func__, se_state.new_context); - if (relabel_tty(ttyn, ptyfd) == -1) { + if (label_tty && relabel_tty(ttyn, ptyfd) == -1) { sudo_warn(U_("unable to set tty context to %s"), se_state.new_context); goto done; } @@ -417,6 +432,28 @@ debug_return_int(ret); } +int +selinux_setcon(void) +{ + debug_decl(selinux_setcon, SUDO_DEBUG_SELINUX); + + if (setexeccon(se_state.new_context)) { + sudo_warn(U_("unable to set exec context to %s"), se_state.new_context); + if (se_state.enforcing) + debug_return_int(-1); + } + +#ifdef HAVE_SETKEYCREATECON + if (setkeycreatecon(se_state.new_context)) { + sudo_warn(U_("unable to set key creation context to %s"), se_state.new_context); + if (se_state.enforcing) + debug_return_int(-1); + } +#endif /* HAVE_SETKEYCREATECON */ + + debug_return_int(0); +} + void selinux_execve(int fd, const char *path, char *const argv[], char *envp[], bool noexec) @@ -424,7 +461,7 @@ char **nargv; const char *sesh; int argc, nargc, serrno; - debug_decl(selinux_execve, SUDO_DEBUG_SELINUX) + debug_decl(selinux_execve, SUDO_DEBUG_SELINUX); sesh = sudo_conf_sesh_path(); if (sesh == NULL) { @@ -433,19 +470,9 @@ debug_return; } - if (setexeccon(se_state.new_context)) { - sudo_warn(U_("unable to set exec context to %s"), se_state.new_context); - if (se_state.enforcing) - debug_return; - } - -#ifdef HAVE_SETKEYCREATECON - if (setkeycreatecon(se_state.new_context)) { - sudo_warn(U_("unable to set key creation context to %s"), se_state.new_context); - if (se_state.enforcing) - debug_return; - } -#endif /* HAVE_SETKEYCREATECON */ + /* Set SELinux exec and keycreate contexts. */ + if (selinux_setcon() == -1) + debug_return; /* * Build new argv with sesh as argv[0]. diff -Nru sudo-1.8.31/src/sesh.c sudo-1.9.0/src/sesh.c --- sudo-1.8.31/src/sesh.c 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/src/sesh.c 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2008, 2010-2018 Todd C. Miller + * Copyright (c) 2008, 2010-2018, 2020 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -67,7 +67,7 @@ main(int argc, char *argv[], char *envp[]) { int ret; - debug_decl(main, SUDO_DEBUG_MAIN) + debug_decl(main, SUDO_DEBUG_MAIN); initprogname(argc > 0 ? argv[0] : "sesh"); @@ -136,11 +136,9 @@ { int i, oflags_dst, post, ret = SESH_ERR_FAILURE; int fd_src = -1, fd_dst = -1, follow = 0; - ssize_t nread, nwritten; struct stat sb; struct timespec times[2]; - char buf[BUFSIZ]; - debug_decl(sesh_sudoedit, SUDO_DEBUG_EDIT) + debug_decl(sesh_sudoedit, SUDO_DEBUG_EDIT); /* Check for -h flag (don't follow links). */ if (strcmp(argv[2], "-h") == 0) { @@ -166,7 +164,7 @@ else /* invalid value */ debug_return_int(SESH_ERR_INVALID); - /* Align argv & argc to the beggining of the file list. */ + /* Align argv & argc to the beginning of the file list. */ argv += 3; argc -= 3; @@ -182,7 +180,7 @@ * so that it's ensured that the temporary files are * created by us and that we are not opening any symlinks. */ - oflags_dst = O_WRONLY|O_TRUNC|O_CREAT|(post ? follow : O_EXCL); + oflags_dst = O_WRONLY|O_CREAT|(post ? follow : O_EXCL); for (i = 0; i < argc - 1; i += 2) { const char *path_src = argv[i]; const char *path_dst = argv[i + 1]; @@ -214,14 +212,29 @@ } if (fd_src != -1) { - while ((nread = read(fd_src, buf, sizeof(buf))) > 0) { - if ((nwritten = write(fd_dst, buf, nread)) != nread) { - sudo_warn("%s", path_src); - if (post) { - ret = SESH_ERR_SOME_FILES; - goto nocleanup; - } else - goto cleanup_0; + off_t len_src = -1; + off_t len_dst = -1; + + if (post) { + if (fstat(fd_src, &sb) != 0) { + ret = SESH_ERR_SOME_FILES; + goto nocleanup; + } + len_src = sb.st_size; + if (fstat(fd_dst, &sb) != 0) { + ret = SESH_ERR_SOME_FILES; + goto nocleanup; + } + len_dst = sb.st_size; + } + + if (sudo_copy_file(path_src, fd_src, len_src, path_dst, fd_dst, + len_dst) == -1) { + if (post) { + ret = SESH_ERR_SOME_FILES; + goto nocleanup; + } else { + goto cleanup_0; } } } diff -Nru sudo-1.8.31/src/signal.c sudo-1.9.0/src/signal.c --- sudo-1.8.31/src/signal.c 2019-10-28 12:27:39.000000000 +0000 +++ sudo-1.9.0/src/signal.c 2020-05-11 16:28:23.000000000 +0000 @@ -83,7 +83,7 @@ save_signals(void) { struct signal_state *ss; - debug_decl(save_signals, SUDO_DEBUG_MAIN) + debug_decl(save_signals, SUDO_DEBUG_MAIN); for (ss = saved_signals; ss->signo != -1; ss++) { if (sigaction(ss->signo, NULL, &ss->sa) != 0) @@ -100,7 +100,7 @@ restore_signals(void) { struct signal_state *ss; - debug_decl(restore_signals, SUDO_DEBUG_MAIN) + debug_decl(restore_signals, SUDO_DEBUG_MAIN); for (ss = saved_signals; ss->signo != -1; ss++) { if (ss->restore) { @@ -129,7 +129,7 @@ { struct sigaction sa; struct signal_state *ss; - debug_decl(init_signals, SUDO_DEBUG_MAIN) + debug_decl(init_signals, SUDO_DEBUG_MAIN); memset(&sa, 0, sizeof(sa)); sigfillset(&sa.sa_mask); @@ -176,7 +176,7 @@ { struct signal_state *ss; int ret; - debug_decl(sudo_sigaction, SUDO_DEBUG_MAIN) + debug_decl(sudo_sigaction, SUDO_DEBUG_MAIN); for (ss = saved_signals; ss->signo > 0; ss++) { if (ss->signo == signo) { diff -Nru sudo-1.8.31/src/solaris.c sudo-1.9.0/src/solaris.c --- sudo-1.8.31/src/solaris.c 2019-10-28 12:27:39.000000000 +0000 +++ sudo-1.9.0/src/solaris.c 2020-05-11 16:28:23.000000000 +0000 @@ -66,7 +66,7 @@ struct project proj; char buf[PROJECT_BUFSZ]; int errval; - debug_decl(set_project, SUDO_DEBUG_UTIL) + debug_decl(set_project, SUDO_DEBUG_UTIL); /* * Collect the default project for the user and settaskid diff -Nru sudo-1.8.31/src/sudo.c sudo-1.9.0/src/sudo.c --- sudo-1.8.31/src/sudo.c 2019-10-28 12:28:54.000000000 +0000 +++ sudo-1.9.0/src/sudo.c 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2009-2019 Todd C. Miller + * Copyright (c) 2009-2020 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -31,6 +31,7 @@ #include #include #include +#include #include #include #ifdef HAVE_STRING_H @@ -74,11 +75,14 @@ */ struct plugin_container policy_plugin; struct plugin_container_list io_plugins = TAILQ_HEAD_INITIALIZER(io_plugins); +struct plugin_container_list audit_plugins = TAILQ_HEAD_INITIALIZER(audit_plugins); +struct plugin_container_list approval_plugins = TAILQ_HEAD_INITIALIZER(approval_plugins); struct user_details user_details; const char *list_user; /* extern for parse_args.c */ int sudo_debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER; static struct command_details command_details; static int sudo_mode; +static struct sudo_event_base *sudo_event_base; struct sudo_gc_entry { SLIST_ENTRY(sudo_gc_entry) entries; @@ -104,43 +108,58 @@ static void gc_init(void); /* Policy plugin convenience functions. */ -static int policy_open(struct plugin_container *plugin, - struct sudo_settings *settings, +static void policy_open(struct sudo_settings *settings, char * const user_info[], char * const user_env[]); -static void policy_close(struct plugin_container *plugin, int exit_status, - int error); -static int policy_show_version(struct plugin_container *plugin, int verbose); -static int policy_check(struct plugin_container *plugin, int argc, - char * const argv[], char *env_add[], char **command_info[], - char **argv_out[], char **user_env_out[]); -static int policy_list(struct plugin_container *plugin, int argc, - char * const argv[], int verbose, const char *list_user); -static int policy_validate(struct plugin_container *plugin); -static void policy_invalidate(struct plugin_container *plugin, int remove); +static void policy_close(int exit_status, int error); +static int policy_show_version(int verbose); +static void policy_check(int argc, char * const argv[], char *env_add[], + char **command_info[], char **argv_out[], char **user_env_out[]); +static void policy_list(int argc, char * const argv[], + int verbose, const char *list_user, char * const envp[]); +static void policy_validate(char * const argv[], char * const envp[]); +static void policy_invalidate(int remove); /* I/O log plugin convenience functions. */ -static int iolog_open(struct plugin_container *plugin, - struct sudo_settings *settings, char * const user_info[], +static void iolog_open(struct sudo_settings *settings, char * const user_info[], char * const command_details[], int argc, char * const argv[], char * const user_env[]); -static void iolog_close(struct plugin_container *plugin, int exit_status, - int error); -static int iolog_show_version(struct plugin_container *plugin, int verbose); -static void iolog_unlink(struct plugin_container *plugin); +static void iolog_close(int exit_status, int error); +static void iolog_show_version(int verbose, struct sudo_settings *settings, + char * const user_info[], int argc, char * const argv[], + char * const user_env[]); +static void unlink_plugin(struct plugin_container_list *plugin_list, struct plugin_container *plugin); static void free_plugin_container(struct plugin_container *plugin, bool ioplugin); +/* Audit plugin convenience functions. */ +static void audit_open(struct sudo_settings *settings, char * const user_info[], + int submit_optind, char * const submit_argv[], char * const submit_envp[]); +static void audit_close(int exit_status, int error); +static void audit_show_version(int verbose); +static void audit_accept(const char *plugin_name, + unsigned int plugin_type, char * const command_info[], + char * const run_argv[], char * const run_envp[]); + +/* Approval plugin convenience functions. */ +static void approval_check(struct sudo_settings *settings, + char * const user_info[], int submit_optind, char * const submit_argv[], + char * const submit_envp[], char * const command_info[], + char * const run_argv[], char * const run_envp[]); +static void approval_show_version(int verbose, struct sudo_settings *settings, + char * const user_info[], int submit_optind, char * const submit_argv[], + char * const submit_envp[]); + __dso_public int main(int argc, char *argv[], char *envp[]); int main(int argc, char *argv[], char *envp[]) { - int nargc, ok, status = 0; - char **nargv, **env_add; - char **user_info, **command_info, **argv_out, **user_env_out; + int nargc, status = 0; + char **nargv, **env_add, **user_info; + char **command_info = NULL, **argv_out = NULL, **user_env_out = NULL; struct sudo_settings *settings; - struct plugin_container *plugin, *next; + int submit_optind; sigset_t mask; - debug_decl_vars(main, SUDO_DEBUG_MAIN) + debug_decl_vars(main, SUDO_DEBUG_MAIN); initprogname(argc > 0 ? argv[0] : "sudo"); @@ -196,7 +215,8 @@ disable_coredump(); /* Parse command line arguments. */ - sudo_mode = parse_args(argc, argv, &nargc, &nargv, &settings, &env_add); + sudo_mode = parse_args(argc, argv, &submit_optind, &nargc, &nargv, + &settings, &env_add); sudo_debug_printf(SUDO_DEBUG_DEBUG, "sudo_mode %d", sudo_mode); /* Print sudo version early, in case of plugin init failure. */ @@ -210,84 +230,69 @@ sudo_warn_set_conversation(sudo_conversation); /* Load plugins. */ - if (!sudo_load_plugins(&policy_plugin, &io_plugins)) + if (!sudo_load_plugins(&policy_plugin, &io_plugins, &audit_plugins, + &approval_plugins)) sudo_fatalx(U_("fatal error, unable to load plugins")); - /* Open policy plugin. */ - ok = policy_open(&policy_plugin, settings, user_info, envp); - if (ok != 1) { - if (ok == -2) - usage(1); - else - sudo_fatalx(U_("unable to initialize policy plugin")); - } + /* Allocate event base so plugin can use it. */ + if ((sudo_event_base = sudo_ev_base_alloc()) == NULL) + sudo_fatalx("%s", U_("unable to allocate memory")); + + /* Open policy and audit plugins. */ + /* XXX - audit policy_open errors */ + audit_open(settings, user_info, submit_optind, argv, envp); + policy_open(settings, user_info, envp); switch (sudo_mode & MODE_MASK) { case MODE_VERSION: - policy_show_version(&policy_plugin, !user_details.uid); - TAILQ_FOREACH(plugin, &io_plugins, entries) { - ok = iolog_open(plugin, settings, user_info, NULL, - nargc, nargv, envp); - if (ok != -1) - iolog_show_version(plugin, !user_details.uid); - } + policy_show_version(!user_details.uid); + iolog_show_version(!user_details.uid, settings, user_info, + nargc, nargv, envp); + approval_show_version(!user_details.uid, settings, user_info, + submit_optind, argv, envp); + audit_show_version(!user_details.uid); break; case MODE_VALIDATE: case MODE_VALIDATE|MODE_INVALIDATE: - ok = policy_validate(&policy_plugin); - exit(ok != 1); + policy_validate(nargv, envp); + break; case MODE_KILL: case MODE_INVALIDATE: - policy_invalidate(&policy_plugin, sudo_mode == MODE_KILL); - exit(0); + policy_invalidate(sudo_mode == MODE_KILL); break; case MODE_CHECK: case MODE_CHECK|MODE_INVALIDATE: case MODE_LIST: case MODE_LIST|MODE_INVALIDATE: - ok = policy_list(&policy_plugin, nargc, nargv, - ISSET(sudo_mode, MODE_LONG_LIST), list_user); - exit(ok != 1); + policy_list(nargc, nargv, ISSET(sudo_mode, MODE_LONG_LIST), + list_user, envp); + break; case MODE_EDIT: case MODE_RUN: - ok = policy_check(&policy_plugin, nargc, nargv, env_add, - &command_info, &argv_out, &user_env_out); - sudo_debug_printf(SUDO_DEBUG_INFO, "policy plugin returns %d", ok); - if (ok != 1) { - if (ok == -2) - usage(1); - exit(EXIT_FAILURE); /* plugin printed error message */ - } + policy_check(nargc, nargv, env_add, &command_info, &argv_out, + &user_env_out); + /* Reset nargv/nargc based on argv_out. */ /* XXX - leaks old nargv in shell mode */ for (nargv = argv_out, nargc = 0; nargv[nargc] != NULL; nargc++) continue; if (nargc == 0) sudo_fatalx(U_("plugin did not return a command to execute")); - /* Open I/O plugins once policy plugin succeeds. */ - TAILQ_FOREACH_SAFE(plugin, &io_plugins, entries, next) { - ok = iolog_open(plugin, settings, user_info, - command_info, nargc, nargv, user_env_out); - switch (ok) { - case 1: - break; - case 0: - /* I/O plugin asked to be disabled, remove and free. */ - iolog_unlink(plugin); - break; - case -2: - usage(1); - break; - default: - sudo_fatalx(U_("error initializing I/O plugin %s"), - plugin->name); - } - } + + /* Approval plugins run after policy plugin accepts the command. */ + approval_check(settings, user_info, submit_optind, argv, envp, + command_info, nargv, user_env_out); + + /* Open I/O plugin once policy and approval plugins succeed. */ + iolog_open(settings, user_info, command_info, nargc, nargv, + user_env_out); + /* Setup command details and run command/edit. */ command_info_to_details(command_info, &command_details); command_details.tty = user_details.tty; command_details.argv = argv_out; command_details.envp = user_env_out; + command_details.evbase = sudo_event_base; if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) SET(command_details.flags, CD_LOGIN_SHELL); if (ISSET(sudo_mode, MODE_BACKGROUND)) @@ -348,7 +353,7 @@ fix_fds(void) { int miss[3], devnull = -1; - debug_decl(fix_fds, SUDO_DEBUG_UTIL) + debug_decl(fix_fds, SUDO_DEBUG_UTIL); /* * stdin, stdout and stderr must be open; set them to /dev/null @@ -382,7 +387,7 @@ fill_group_list(struct user_details *ud) { int ret = -1; - debug_decl(fill_group_list, SUDO_DEBUG_UTIL) + debug_decl(fill_group_list, SUDO_DEBUG_UTIL); /* * If user specified a max number of groups, use it, otherwise let @@ -420,7 +425,7 @@ char *cp, *gid_list = NULL; size_t glsize; int i, len, group_source; - debug_decl(get_user_groups, SUDO_DEBUG_UTIL) + debug_decl(get_user_groups, SUDO_DEBUG_UTIL); ud->groups = NULL; group_source = sudo_conf_group_source(); @@ -489,7 +494,7 @@ mode_t mask; struct passwd *pw; int fd; - debug_decl(get_user_info, SUDO_DEBUG_UTIL) + debug_decl(get_user_info, SUDO_DEBUG_UTIL); /* * On BSD systems you can set a hint to keep the password and @@ -514,13 +519,14 @@ ud->pid = getpid(); ud->ppid = getppid(); ud->pgid = getpgid(0); - ud->tcpgid = -1; fd = open(_PATH_TTY, O_RDWR); if (fd != -1) { - ud->tcpgid = tcgetpgrp(fd); + if ((ud->tcpgid = tcgetpgrp(fd)) == -1) + ud->tcpgid = 0; close(fd); } - ud->sid = getsid(0); + if ((ud->sid = getsid(0)) == -1) + ud->sid = 0; ud->uid = getuid(); ud->euid = geteuid(); @@ -553,18 +559,12 @@ goto oom; if (asprintf(&user_info[++i], "ppid=%d", (int)ud->ppid) == -1) goto oom; - if (ud->pgid != -1) { - if (asprintf(&user_info[++i], "pgid=%d", (int)ud->pgid) == -1) - goto oom; - } - if (ud->tcpgid != -1) { - if (asprintf(&user_info[++i], "tcpgid=%d", (int)ud->tcpgid) == -1) - goto oom; - } - if (ud->sid != -1) { - if (asprintf(&user_info[++i], "sid=%d", (int)ud->sid) == -1) - goto oom; - } + if (asprintf(&user_info[++i], "pgid=%d", (int)ud->pgid) == -1) + goto oom; + if (asprintf(&user_info[++i], "tcpgid=%d", (int)ud->tcpgid) == -1) + goto oom; + if (asprintf(&user_info[++i], "sid=%d", (int)ud->sid) == -1) + goto oom; if (asprintf(&user_info[++i], "uid=%u", (unsigned int)ud->uid) == -1) goto oom; if (asprintf(&user_info[++i], "euid=%u", (unsigned int)ud->euid) == -1) @@ -640,7 +640,7 @@ id_t id; char *cp; const char *errstr; - debug_decl(command_info_to_details, SUDO_DEBUG_PCOMM) + debug_decl(command_info_to_details, SUDO_DEBUG_PCOMM); memset(details, 0, sizeof(*details)); details->closefrom = -1; @@ -678,6 +678,15 @@ SET_STRING("chroot=", chroot) SET_STRING("command=", command) SET_STRING("cwd=", cwd) + if (strncmp("cwd_optional=", info[i], sizeof("cwd_optional=") - 1) == 0) { + cp = info[i] + sizeof("cwd_optional=") - 1; + details->cwd_optional = sudo_strtobool(cp); + if (details->cwd_optional == -1) { + errno = EINVAL; + sudo_fatal("%s", info[i]); + } + break; + } if (strncmp("closefrom=", info[i], sizeof("closefrom=") - 1) == 0) { cp = info[i] + sizeof("closefrom=") - 1; details->closefrom = sudo_strtonum(cp, 0, INT_MAX, &errstr); @@ -794,6 +803,7 @@ break; } #endif /* HAVE_PRIV_SET */ + SET_STRING("runas_user=", runas_user) break; case 's': SET_STRING("selinux_role=", selinux_role) @@ -839,7 +849,10 @@ #ifdef HAVE_SETAUTHDB aix_setauthdb(IDtouser(details->euid), NULL); #endif - details->pw = getpwuid(details->euid); + if (details->runas_user != NULL) + details->pw = getpwnam(details->runas_user); + if (details->pw == NULL) + details->pw = getpwuid(details->euid); #ifdef HAVE_SETAUTHDB aix_restoreauthdb(); #endif @@ -859,7 +872,7 @@ char pathbuf[PATH_MAX]; struct stat sb; bool qualified; - debug_decl(sudo_check_suid, SUDO_DEBUG_PCOMM) + debug_decl(sudo_check_suid, SUDO_DEBUG_PCOMM); if (geteuid() != ROOT_UID) { /* Search for sudo binary in PATH if not fully qualified. */ @@ -910,7 +923,7 @@ set_user_groups(struct command_details *details) { bool ret = false; - debug_decl(set_user_groups, SUDO_DEBUG_EXEC) + debug_decl(set_user_groups, SUDO_DEBUG_EXEC); if (!ISSET(details->flags, CD_PRESERVE_GROUPS)) { if (details->ngroups >= 0) { @@ -946,10 +959,9 @@ int run_command(struct command_details *details) { - struct plugin_container *plugin; struct command_status cstat; int status = W_EXITCODE(1, 0); - debug_decl(run_command, SUDO_DEBUG_EXEC) + debug_decl(run_command, SUDO_DEBUG_EXEC); cstat.type = CMD_INVALID; cstat.val = 0; @@ -959,32 +971,19 @@ switch (cstat.type) { case CMD_ERRNO: /* exec_setup() or execve() returned an error. */ - sudo_debug_printf(SUDO_DEBUG_DEBUG, - "calling policy close with errno %d", cstat.val); - policy_close(&policy_plugin, 0, cstat.val); - TAILQ_FOREACH(plugin, &io_plugins, entries) { - sudo_debug_printf(SUDO_DEBUG_DEBUG, - "calling I/O close with errno %d", cstat.val); - iolog_close(plugin, 0, cstat.val); - } + iolog_close(0, cstat.val); + policy_close(0, cstat.val); + audit_close(SUDO_PLUGIN_EXEC_ERROR, cstat.val); break; case CMD_WSTATUS: /* Command ran, exited or was killed. */ status = cstat.val; -#ifdef HAVE_SELINUX - if (ISSET(details->flags, CD_SUDOEDIT_COPY)) - break; -#endif - sudo_debug_printf(SUDO_DEBUG_DEBUG, - "calling policy close with wait status %d", status); - policy_close(&policy_plugin, status, 0); - TAILQ_FOREACH(plugin, &io_plugins, entries) { - sudo_debug_printf(SUDO_DEBUG_DEBUG, - "calling I/O close with wait status %d", status); - iolog_close(plugin, status, 0); - } + iolog_close(status, 0); + policy_close(status, 0); + audit_close(SUDO_PLUGIN_WAIT_STATUS, cstat.val); break; default: + /* TODO: handle front end error conditions. */ sudo_warnx(U_("unexpected child termination condition: %d"), cstat.type); break; } @@ -1004,7 +1003,7 @@ struct sudo_settings *setting; char **plugin_settings; unsigned int i = 0; - debug_decl(format_plugin_settings, SUDO_DEBUG_PCOMM) + debug_decl(format_plugin_settings, SUDO_DEBUG_PCOMM); /* Determine sudo_settings array size (including plugin_path and NULL) */ plugin_settings_size = 2; @@ -1054,147 +1053,265 @@ debug_return_ptr(NULL); } -static int -policy_open(struct plugin_container *plugin, struct sudo_settings *settings, - char * const user_info[], char * const user_env[]) +static void +policy_open(struct sudo_settings *settings, char * const user_info[], + char * const user_env[]) { char **plugin_settings; - int ret; - debug_decl(policy_open, SUDO_DEBUG_PCOMM) + const char *errstr = NULL; + int ok; + debug_decl(policy_open, SUDO_DEBUG_PCOMM); /* Convert struct sudo_settings to plugin_settings[] */ - plugin_settings = format_plugin_settings(plugin, settings); - if (plugin_settings == NULL) { - sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - debug_return_int(-1); - } + plugin_settings = format_plugin_settings(&policy_plugin, settings); + if (plugin_settings == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); /* * Backwards compatibility for older API versions */ sudo_debug_set_active_instance(SUDO_DEBUG_INSTANCE_INITIALIZER); - switch (plugin->u.generic->version) { + switch (policy_plugin.u.generic->version) { case SUDO_API_MKVERSION(1, 0): case SUDO_API_MKVERSION(1, 1): - ret = plugin->u.policy_1_0->open(plugin->u.io_1_0->version, + ok = policy_plugin.u.policy_1_0->open(policy_plugin.u.io_1_0->version, sudo_conversation_1_7, sudo_conversation_printf, plugin_settings, user_info, user_env); break; default: - ret = plugin->u.policy->open(SUDO_API_VERSION, sudo_conversation, + ok = policy_plugin.u.policy->open(SUDO_API_VERSION, sudo_conversation, sudo_conversation_printf, plugin_settings, user_info, user_env, - plugin->options); + policy_plugin.options, &errstr); } /* Stash plugin debug instance ID if set in open() function. */ - plugin->debug_instance = sudo_debug_get_active_instance(); + policy_plugin.debug_instance = sudo_debug_get_active_instance(); sudo_debug_set_active_instance(sudo_debug_instance); - debug_return_int(ret); + if (ok != 1) { + if (ok == -2) + usage(); + else { + /* XXX - audit */ + sudo_fatalx(U_("unable to initialize policy plugin")); + } + } + + debug_return; } static void -policy_close(struct plugin_container *plugin, int exit_status, int error_code) +policy_close(int exit_status, int error_code) { - debug_decl(policy_close, SUDO_DEBUG_PCOMM) - if (plugin->u.policy->close != NULL) { - sudo_debug_set_active_instance(plugin->debug_instance); - plugin->u.policy->close(exit_status, error_code); + debug_decl(policy_close, SUDO_DEBUG_PCOMM); + + if (error_code != 0) { + sudo_debug_printf(SUDO_DEBUG_DEBUG, + "%s: calling policy close with errno %d", + policy_plugin.name, error_code); + } else { + sudo_debug_printf(SUDO_DEBUG_DEBUG, + "%s: calling policy close with wait status %d", + policy_plugin.name, exit_status); + } + if (policy_plugin.u.policy->close != NULL) { + sudo_debug_set_active_instance(policy_plugin.debug_instance); + policy_plugin.u.policy->close(exit_status, error_code); sudo_debug_set_active_instance(sudo_debug_instance); } else if (error_code) { errno = error_code; sudo_warn(U_("unable to execute %s"), command_details.command); } + debug_return; } static int -policy_show_version(struct plugin_container *plugin, int verbose) +policy_show_version(int verbose) { - int ret; - debug_decl(policy_show_version, SUDO_DEBUG_PCOMM) + int ret = true; + debug_decl(policy_show_version, SUDO_DEBUG_PCOMM); - if (plugin->u.policy->show_version == NULL) - debug_return_int(true); - sudo_debug_set_active_instance(plugin->debug_instance); - ret = plugin->u.policy->show_version(verbose); + sudo_debug_set_active_instance(policy_plugin.debug_instance); + if (policy_plugin.u.policy->show_version != NULL) + ret = policy_plugin.u.policy->show_version(verbose); + if (policy_plugin.u.policy->version >= SUDO_API_MKVERSION(1, 15)) { + if (policy_plugin.u.policy->close != NULL) + policy_plugin.u.policy->close(0, 0); + } sudo_debug_set_active_instance(sudo_debug_instance); + debug_return_int(ret); } -static int -policy_check(struct plugin_container *plugin, int argc, char * const argv[], +static void +policy_check(int argc, char * const argv[], char *env_add[], char **command_info[], char **argv_out[], char **user_env_out[]) { - int ret; - debug_decl(policy_check, SUDO_DEBUG_PCOMM) + const char *errstr = NULL; + int ok; + debug_decl(policy_check, SUDO_DEBUG_PCOMM); - if (plugin->u.policy->check_policy == NULL) { + if (policy_plugin.u.policy->check_policy == NULL) { sudo_fatalx(U_("policy plugin %s is missing the `check_policy' method"), - plugin->name); + policy_plugin.name); } - sudo_debug_set_active_instance(plugin->debug_instance); - ret = plugin->u.policy->check_policy(argc, argv, env_add, command_info, - argv_out, user_env_out); + sudo_debug_set_active_instance(policy_plugin.debug_instance); + ok = policy_plugin.u.policy->check_policy(argc, argv, env_add, + command_info, argv_out, user_env_out, &errstr); sudo_debug_set_active_instance(sudo_debug_instance); - debug_return_int(ret); + sudo_debug_printf(SUDO_DEBUG_INFO, "policy plugin returns %d (%s)", + ok, errstr ? errstr : ""); + + /* On success, the close method will be called by sudo_edit/run_command. */ + if (ok != 1) { + switch (ok) { + case 0: + audit_reject(policy_plugin.name, SUDO_POLICY_PLUGIN, + errstr ? errstr : _("command rejected by policy"), + *command_info); + break; + case -1: + audit_error(policy_plugin.name, SUDO_POLICY_PLUGIN, + errstr ? errstr : _("policy plugin error"), + *command_info); + break; + case -2: + usage(); + break; + } + + /* Policy must be closed after auditing to avoid use after free. */ + if (policy_plugin.u.policy->version >= SUDO_API_MKVERSION(1, 15)) + policy_close(0, 0); + audit_close(SUDO_PLUGIN_NO_STATUS, 0); + exit(EXIT_FAILURE); /* policy plugin printed error message */ + } + audit_accept(policy_plugin.name, SUDO_POLICY_PLUGIN, *command_info, + *argv_out, *user_env_out); + + debug_return; } -static int -policy_list(struct plugin_container *plugin, int argc, char * const argv[], - int verbose, const char *list_user) +static void +policy_list(int argc, char * const argv[], int verbose, + const char *list_user, char * const envp[]) { - int ret; - debug_decl(policy_list, SUDO_DEBUG_PCOMM) - - if (plugin->u.policy->list == NULL) { - sudo_warnx(U_("policy plugin %s does not support listing privileges"), - plugin->name); - debug_return_int(false); + const char *errstr = NULL; + /* TODO: add list_user */ + char * const command_info[] = { + "command=list", + NULL + }; + int ok; + debug_decl(policy_list, SUDO_DEBUG_PCOMM); + + if (policy_plugin.u.policy->list == NULL) { + sudo_fatalx(U_("policy plugin %s does not support listing privileges"), + policy_plugin.name); } - sudo_debug_set_active_instance(plugin->debug_instance); - ret = plugin->u.policy->list(argc, argv, verbose, list_user); + sudo_debug_set_active_instance(policy_plugin.debug_instance); + ok = policy_plugin.u.policy->list(argc, argv, verbose, list_user, &errstr); sudo_debug_set_active_instance(sudo_debug_instance); - debug_return_int(ret); + + switch (ok) { + case 1: + audit_accept(policy_plugin.name, SUDO_POLICY_PLUGIN, + command_info, argv, envp); + break; + case 0: + audit_reject(policy_plugin.name, SUDO_POLICY_PLUGIN, + errstr ? errstr : _("command rejected by policy"), + command_info); + break; + default: + audit_error(policy_plugin.name, SUDO_POLICY_PLUGIN, + errstr ? errstr : _("policy plugin error"), + command_info); + break; + } + + /* Policy must be closed after auditing to avoid use after free. */ + if (policy_plugin.u.policy->version >= SUDO_API_MKVERSION(1, 15)) + policy_close(0, 0); + audit_close(SUDO_PLUGIN_NO_STATUS, 0); + + exit(ok != 1); } -static int -policy_validate(struct plugin_container *plugin) +static void +policy_validate(char * const argv[], char * const envp[]) { - int ret; - debug_decl(policy_validate, SUDO_DEBUG_PCOMM) - - if (plugin->u.policy->validate == NULL) { - sudo_warnx(U_("policy plugin %s does not support the -v option"), - plugin->name); - debug_return_int(false); + const char *errstr = NULL; + char * const command_info[] = { + "command=validate", + NULL + }; + int ok = 0; + debug_decl(policy_validate, SUDO_DEBUG_PCOMM); + + if (policy_plugin.u.policy->validate == NULL) { + sudo_fatalx(U_("policy plugin %s does not support the -v option"), + policy_plugin.name); } - sudo_debug_set_active_instance(plugin->debug_instance); - ret = plugin->u.policy->validate(); + sudo_debug_set_active_instance(policy_plugin.debug_instance); + ok = policy_plugin.u.policy->validate(&errstr); sudo_debug_set_active_instance(sudo_debug_instance); - debug_return_int(ret); + + switch (ok) { + case 1: + audit_accept(policy_plugin.name, SUDO_POLICY_PLUGIN, command_info, + argv, envp); + break; + case 0: + audit_reject(policy_plugin.name, SUDO_POLICY_PLUGIN, + errstr ? errstr : _("command rejected by policy"), + command_info); + break; + default: + audit_error(policy_plugin.name, SUDO_POLICY_PLUGIN, + errstr ? errstr : _("policy plugin error"), + command_info); + break; + } + + /* Policy must be closed after auditing to avoid use after free. */ + if (policy_plugin.u.policy->version >= SUDO_API_MKVERSION(1, 15)) + policy_close(0, 0); + audit_close(SUDO_PLUGIN_NO_STATUS, 0); + + exit(ok != 1); } static void -policy_invalidate(struct plugin_container *plugin, int remove) +policy_invalidate(int remove) { - debug_decl(policy_invalidate, SUDO_DEBUG_PCOMM) - if (plugin->u.policy->invalidate == NULL) { + debug_decl(policy_invalidate, SUDO_DEBUG_PCOMM); + + if (policy_plugin.u.policy->invalidate == NULL) { sudo_fatalx(U_("policy plugin %s does not support the -k/-K options"), - plugin->name); + policy_plugin.name); + } + sudo_debug_set_active_instance(policy_plugin.debug_instance); + policy_plugin.u.policy->invalidate(remove); + if (policy_plugin.u.policy->version >= SUDO_API_MKVERSION(1, 15)) { + if (policy_plugin.u.policy->close != NULL) + policy_plugin.u.policy->close(0, 0); } - sudo_debug_set_active_instance(plugin->debug_instance); - plugin->u.policy->invalidate(remove); sudo_debug_set_active_instance(sudo_debug_instance); - debug_return; + + audit_close(SUDO_PLUGIN_NO_STATUS, 0); + + exit(EXIT_SUCCESS); } int policy_init_session(struct command_details *details) { + const char *errstr = NULL; int ret = true; - debug_decl(policy_init_session, SUDO_DEBUG_PCOMM) + debug_decl(policy_init_session, SUDO_DEBUG_PCOMM); /* * We set groups, including supplementary group vector, @@ -1223,22 +1340,23 @@ break; default: ret = policy_plugin.u.policy->init_session(details->pw, - &details->envp); + &details->envp, &errstr); } sudo_debug_set_active_instance(sudo_debug_instance); + /* TODO: audit on error */ } done: debug_return_int(ret); } static int -iolog_open(struct plugin_container *plugin, struct sudo_settings *settings, +iolog_open_int(struct plugin_container *plugin, struct sudo_settings *settings, char * const user_info[], char * const command_info[], - int argc, char * const argv[], char * const user_env[]) + int argc, char * const argv[], char * const user_env[], const char **errstr) { char **plugin_settings; int ret; - debug_decl(iolog_open, SUDO_DEBUG_PCOMM) + debug_decl(iolog_open_int, SUDO_DEBUG_PCOMM); /* Convert struct sudo_settings to plugin_settings[] */ plugin_settings = format_plugin_settings(plugin, settings); @@ -1265,7 +1383,7 @@ default: ret = plugin->u.io->open(SUDO_API_VERSION, sudo_conversation, sudo_conversation_printf, plugin_settings, user_info, command_info, - argc, argv, user_env, plugin->options); + argc, argv, user_env, plugin->options, errstr); } /* Stash plugin debug instance ID if set in open() function. */ @@ -1276,62 +1394,657 @@ } static void -iolog_close(struct plugin_container *plugin, int exit_status, int error_code) +iolog_open(struct sudo_settings *settings, char * const user_info[], + char * const command_info[], int argc, char * const argv[], + char * const user_env[]) +{ + struct plugin_container *plugin, *next; + const char *errstr = NULL; + debug_decl(iolog_open, SUDO_DEBUG_PCOMM); + + /* XXX - iolog_open should audit errors */ + TAILQ_FOREACH_SAFE(plugin, &io_plugins, entries, next) { + int ok = iolog_open_int(plugin, settings, user_info, + command_info, argc, argv, user_env, &errstr); + switch (ok) { + case 1: + break; + case 0: + /* I/O plugin asked to be disabled, remove and free. */ + /* XXX - audit */ + unlink_plugin(&io_plugins, plugin); + break; + case -2: + usage(); + break; + default: + /* XXX - audit error */ + sudo_fatalx(U_("error initializing I/O plugin %s"), + plugin->name); + } + } + + debug_return; +} + +static void +iolog_close(int exit_status, int error_code) +{ + struct plugin_container *plugin; + debug_decl(iolog_close, SUDO_DEBUG_PCOMM); + + TAILQ_FOREACH(plugin, &io_plugins, entries) { + if (plugin->u.io->close != NULL) { + if (error_code != 0) { + sudo_debug_printf(SUDO_DEBUG_DEBUG, + "%s: calling I/O close with errno %d", + plugin->name, error_code); + } else { + sudo_debug_printf(SUDO_DEBUG_DEBUG, + "%s: calling I/O close with wait status %d", + plugin->name, exit_status); + } + sudo_debug_set_active_instance(plugin->debug_instance); + plugin->u.io->close(exit_status, error_code); + sudo_debug_set_active_instance(sudo_debug_instance); + } + } + + debug_return; +} + +static void +iolog_show_version(int verbose, struct sudo_settings *settings, + char * const user_info[], int argc, char * const argv[], + char * const user_env[]) { - debug_decl(iolog_close, SUDO_DEBUG_PCOMM) + const char *errstr = NULL; + struct plugin_container *plugin; + debug_decl(iolog_show_version, SUDO_DEBUG_PCOMM); - if (plugin->u.io->close != NULL) { + TAILQ_FOREACH(plugin, &io_plugins, entries) { + int ok = iolog_open_int(plugin, settings, user_info, NULL, + argc, argv, user_env, &errstr); + if (ok != -1) { + sudo_debug_set_active_instance(plugin->debug_instance); + if (plugin->u.io->show_version != NULL) { + /* Return value of show_version currently ignored. */ + plugin->u.io->show_version(verbose); + } + if (plugin->u.io->version >= SUDO_API_MKVERSION(1, 15)) { + if (plugin->u.io->close != NULL) + plugin->u.io->close(0, 0); + } + sudo_debug_set_active_instance(sudo_debug_instance); + } + } + + debug_return; +} + +/* + * Remove the specified plugin from the plugins list. + * Deregisters any hooks before unlinking, then frees the container. + */ +static void +unlink_plugin(struct plugin_container_list *plugin_list, + struct plugin_container *plugin) +{ + void (*deregister_hooks)(int , int (*)(struct sudo_hook *)) = NULL; + debug_decl(unlink_plugin, SUDO_DEBUG_PCOMM); + + /* Deregister hooks, if any. */ + if (plugin->u.generic->version >= SUDO_API_MKVERSION(1, 2)) { + switch (plugin->u.generic->type) { + case SUDO_IO_PLUGIN: + deregister_hooks = plugin->u.io->deregister_hooks; + break; + case SUDO_AUDIT_PLUGIN: + deregister_hooks = plugin->u.audit->deregister_hooks; + break; + default: + sudo_debug_printf(SUDO_DEBUG_ERROR, + "%s: unsupported plugin type %d", __func__, + plugin->u.generic->type); + break; + } + } + if (deregister_hooks != NULL) { sudo_debug_set_active_instance(plugin->debug_instance); - plugin->u.io->close(exit_status, error_code); + deregister_hooks(SUDO_HOOK_VERSION, deregister_hook); sudo_debug_set_active_instance(sudo_debug_instance); } + + /* Remove from plugin list and free. */ + TAILQ_REMOVE(plugin_list, plugin, entries); + free_plugin_container(plugin, true); + debug_return; } static int -iolog_show_version(struct plugin_container *plugin, int verbose) +audit_open_int(struct plugin_container *plugin, struct sudo_settings *settings, + char * const user_info[], int submit_optind, char * const submit_argv[], + char * const submit_envp[], const char **errstr) { + char **plugin_settings; int ret; - debug_decl(iolog_show_version, SUDO_DEBUG_PCOMM) + debug_decl(audit_open_int, SUDO_DEBUG_PCOMM); - if (plugin->u.io->show_version == NULL) - debug_return_int(true); + /* Convert struct sudo_settings to plugin_settings[] */ + plugin_settings = format_plugin_settings(plugin, settings); + if (plugin_settings == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + debug_return_int(-1); + } sudo_debug_set_active_instance(plugin->debug_instance); - ret = plugin->u.io->show_version(verbose); + ret = plugin->u.audit->open(SUDO_API_VERSION, sudo_conversation, + sudo_conversation_printf, plugin_settings, user_info, + submit_optind, submit_argv, submit_envp, plugin->options, errstr); + + /* Stash plugin debug instance ID if set in open() function. */ + plugin->debug_instance = sudo_debug_get_active_instance(); + sudo_debug_set_active_instance(sudo_debug_instance); + + debug_return_int(ret); +} + +static void +audit_open(struct sudo_settings *settings, char * const user_info[], + int submit_optind, char * const submit_argv[], char * const submit_envp[]) +{ + struct plugin_container *plugin, *next; + const char *errstr = NULL; + debug_decl(audit_open, SUDO_DEBUG_PCOMM); + + TAILQ_FOREACH_SAFE(plugin, &audit_plugins, entries, next) { + int ok = audit_open_int(plugin, settings, user_info, + submit_optind, submit_argv, submit_envp, &errstr); + switch (ok) { + case 1: + break; + case 0: + /* Audit plugin asked to be disabled, remove and free. */ + unlink_plugin(&audit_plugins, plugin); + break; + case -2: + usage(); + break; + default: + /* TODO: pass error message to other audit plugins */ + sudo_fatalx(U_("error initializing audit plugin %s"), + plugin->name); + } + } + + debug_return; +} + +static void +audit_close(int status_type, int status) +{ + struct plugin_container *plugin; + debug_decl(audit_close, SUDO_DEBUG_PCOMM); + + TAILQ_FOREACH(plugin, &audit_plugins, entries) { + if (plugin->u.audit->close != NULL) { + sudo_debug_set_active_instance(plugin->debug_instance); + plugin->u.audit->close(status_type, status); + sudo_debug_set_active_instance(sudo_debug_instance); + } + } + + debug_return; +} + +static void +audit_show_version(int verbose) +{ + struct plugin_container *plugin; + debug_decl(audit_show_version, SUDO_DEBUG_PCOMM); + + TAILQ_FOREACH(plugin, &audit_plugins, entries) { + sudo_debug_set_active_instance(plugin->debug_instance); + if (plugin->u.audit->show_version != NULL) { + /* Return value of show_version currently ignored. */ + plugin->u.audit->show_version(verbose); + } + if (plugin->u.audit->close != NULL) + plugin->u.audit->close(SUDO_PLUGIN_NO_STATUS, 0); + sudo_debug_set_active_instance(sudo_debug_instance); + } + + debug_return; +} + +/* + * Command accepted by policy. + * See command_info[] for additional info. + * XXX - actual environment may be updated by policy_init_session(). + */ +static void +audit_accept(const char *plugin_name, unsigned int plugin_type, + char * const command_info[], char * const run_argv[], + char * const run_envp[]) +{ + struct plugin_container *plugin; + const char *errstr = NULL; + int ok; + debug_decl(audit_accept, SUDO_DEBUG_PCOMM); + + /* XXX - kill command if can't audit accept event */ + TAILQ_FOREACH(plugin, &audit_plugins, entries) { + if (plugin->u.audit->accept == NULL) + continue; + + sudo_debug_set_active_instance(plugin->debug_instance); + ok = plugin->u.audit->accept(plugin_name, plugin_type, + command_info, run_argv, run_envp, &errstr); + if (ok != 1) { + /* XXX - fatal error? log error with other audit modules? */ + sudo_debug_printf(SUDO_DEBUG_ERROR, + "%s: plugin %s accept failed, ret %d", __func__, + plugin->name, ok); + } + sudo_debug_set_active_instance(sudo_debug_instance); + } + + debug_return; +} + +/* + * Command rejected by policy or I/O plugin. + */ +void +audit_reject(const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[]) +{ + struct plugin_container *plugin; + const char *errstr = NULL; + int ok; + debug_decl(audit_reject, SUDO_DEBUG_PCOMM); + + TAILQ_FOREACH(plugin, &audit_plugins, entries) { + if (plugin->u.audit->reject == NULL) + continue; + + sudo_debug_set_active_instance(plugin->debug_instance); + ok = plugin->u.audit->reject(plugin_name, plugin_type, + audit_msg, command_info, &errstr); + if (ok != 1) { + /* TODO: notify other audit plugins of the error. */ + sudo_debug_printf(SUDO_DEBUG_ERROR, + "%s: plugin %s reject failed, ret %d", __func__, + plugin->name, ok); + } + sudo_debug_set_active_instance(sudo_debug_instance); + } + + debug_return; +} + +/* + * Error from policy or I/O plugin. + */ +void +audit_error(const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[]) +{ + struct plugin_container *plugin; + const char *errstr = NULL; + int ok; + debug_decl(audit_error, SUDO_DEBUG_PCOMM); + + TAILQ_FOREACH(plugin, &audit_plugins, entries) { + if (plugin->u.audit->error == NULL) + continue; + + sudo_debug_set_active_instance(plugin->debug_instance); + ok = plugin->u.audit->error(plugin_name, plugin_type, + audit_msg, command_info, &errstr); + if (ok != 1) { + /* TODO: notify other audit plugins of the error. */ + sudo_debug_printf(SUDO_DEBUG_ERROR, + "%s: plugin %s error failed, ret %d", __func__, + plugin->name, ok); + } + sudo_debug_set_active_instance(sudo_debug_instance); + } + + debug_return; +} + +static int +approval_open_int(struct plugin_container *plugin, + struct sudo_settings *settings, char * const user_info[], + int submit_optind, char * const submit_argv[], char * const submit_envp[]) +{ + char **plugin_settings; + const char *errstr = NULL; + int ret; + debug_decl(approval_open_int, SUDO_DEBUG_PCOMM); + + /* Convert struct sudo_settings to plugin_settings[] */ + plugin_settings = format_plugin_settings(plugin, settings); + if (plugin_settings == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + + sudo_debug_set_active_instance(SUDO_DEBUG_INSTANCE_INITIALIZER); + ret = plugin->u.approval->open(SUDO_API_VERSION, sudo_conversation, + sudo_conversation_printf, plugin_settings, user_info, submit_optind, + submit_argv, submit_envp, plugin->options, &errstr); + + /* Stash plugin debug instance ID if set in open() function. */ + plugin->debug_instance = sudo_debug_get_active_instance(); sudo_debug_set_active_instance(sudo_debug_instance); + + switch (ret) { + case 1: + break; + case 0: + /* approval plugin asked to be disabled, remove and free. */ + unlink_plugin(&approval_plugins, plugin); + break; + case -2: + usage(); + break; + default: + /* XXX - audit */ + sudo_fatalx(U_("error initializing approval plugin %s"), + plugin->name); + } + debug_return_int(ret); } +static void +approval_show_version(int verbose, struct sudo_settings *settings, + char * const user_info[], int submit_optind, char * const submit_argv[], + char * const submit_envp[]) +{ + struct plugin_container *plugin, *next; + int ok; + debug_decl(approval_show_version, SUDO_DEBUG_PCOMM); + + /* + * Approval plugin us only open for the life of the show_version() call. + */ + TAILQ_FOREACH_SAFE(plugin, &approval_plugins, entries, next) { + if (plugin->u.approval->show_version == NULL) + continue; + + ok = approval_open_int(plugin, settings, user_info, submit_optind, + submit_argv, submit_envp); + if (ok == 1) { + /* Return value of show_version currently ignored. */ + sudo_debug_set_active_instance(plugin->debug_instance); + plugin->u.approval->show_version(verbose); + if (plugin->u.approval->close != NULL) + plugin->u.approval->close(); + sudo_debug_set_active_instance(sudo_debug_instance); + } + } + + debug_return; +} + /* - * Remove the specified I/O logging plugin from the io_plugins list. - * Deregisters any hooks before unlinking, then frees the container. + * Run approval checks (there may be more than one). + * This is a "one-shot" plugin that has no open/close and is only + * called if the policy plugin accepts the command first. */ static void -iolog_unlink(struct plugin_container *plugin) +approval_check(struct sudo_settings *settings, char * const user_info[], + int submit_optind, char * const submit_argv[], char * const submit_envp[], + char * const command_info[], char * const run_argv[], + char * const run_envp[]) { - debug_decl(iolog_unlink, SUDO_DEBUG_PCOMM) + struct plugin_container *plugin, *next; + const char *errstr = NULL; + int ok; + debug_decl(approval_check, SUDO_DEBUG_PCOMM); - /* Deregister hooks, if any. */ - if (plugin->u.io->version >= SUDO_API_MKVERSION(1, 2)) { - if (plugin->u.io->deregister_hooks != NULL) { + /* + * Approval plugin us only open for the life of the check() call. + */ + TAILQ_FOREACH_SAFE(plugin, &approval_plugins, entries, next) { + if (plugin->u.approval->check == NULL) + continue; + + ok = approval_open_int(plugin, settings, user_info, submit_optind, + submit_argv, submit_envp); + if (ok != 1) + continue; + + sudo_debug_set_active_instance(plugin->debug_instance); + ok = plugin->u.approval->check(command_info, run_argv, run_envp, + &errstr); + sudo_debug_set_active_instance(sudo_debug_instance); + sudo_debug_printf(SUDO_DEBUG_INFO, "approval plugin %s returns %d (%s)", + plugin->name, ok, errstr ? errstr : ""); + + switch (ok) { + case 0: + audit_reject(plugin->name, SUDO_APPROVAL_PLUGIN, + errstr ? errstr : _("command rejected by approver"), + command_info); + break; + case 1: + audit_accept(plugin->name, SUDO_APPROVAL_PLUGIN, command_info, + run_argv, run_envp); + break; + case -1: + audit_error(plugin->name, SUDO_APPROVAL_PLUGIN, + errstr ? errstr : _("approval plugin error"), + command_info); + break; + case -2: + usage(); + break; + } + + /* Close approval plugin now that errstr has been consumed. */ + if (plugin->u.approval->close != NULL) { sudo_debug_set_active_instance(plugin->debug_instance); - plugin->u.io->deregister_hooks(SUDO_HOOK_VERSION, - deregister_hook); + plugin->u.approval->close(); sudo_debug_set_active_instance(sudo_debug_instance); } + + /* On error, close policy and audit plugins then exit. */ + if (ok != 1) { + if (policy_plugin.u.policy->version >= SUDO_API_MKVERSION(1, 15)) + policy_close(0, EPERM); + audit_close(SUDO_PLUGIN_NO_STATUS, 0); + exit(EXIT_FAILURE); /* approval plugin printed error message */ + } } - /* Remove from io_plugins list and free. */ - TAILQ_REMOVE(&io_plugins, plugin, entries); - free_plugin_container(plugin, true); debug_return; } static void +plugin_event_callback(int fd, int what, void *v) +{ + struct sudo_plugin_event_int *ev_int = v; + int old_instance; + debug_decl(plugin_event_callback, SUDO_DEBUG_PCOMM); + + /* Run the real callback using the plugin's debug instance. */ + old_instance = sudo_debug_set_active_instance(ev_int->debug_instance); + ev_int->callback(fd, what, ev_int->closure); + sudo_debug_set_active_instance(old_instance); + + debug_return; +} + +/* + * Fill in a previously allocated struct sudo_plugin_event. + */ +static int +plugin_event_set(struct sudo_plugin_event *pev, int fd, int events, + sudo_ev_callback_t callback, void *closure) +{ + struct sudo_plugin_event_int *ev_int; + debug_decl(plugin_event_set, SUDO_DEBUG_PCOMM); + + ev_int = __containerof(pev, struct sudo_plugin_event_int, public); + if (sudo_ev_set(&ev_int->private, fd, events, plugin_event_callback, ev_int) == -1) + debug_return_int(-1); + + /* Stash active instance so we can restore it when callback runs. */ + ev_int->debug_instance = sudo_debug_get_active_instance(); + + /* Actual user-specified callback and closure. */ + ev_int->callback = callback; + ev_int->closure = closure; + + /* Plugin can only operate on the main event loop. */ + ev_int->private.base = sudo_event_base; + + debug_return_int(1); +} + +/* + * Add a struct sudo_plugin_event to the main event loop. + */ +static int +plugin_event_add(struct sudo_plugin_event *pev, struct timespec *timo) +{ + struct sudo_plugin_event_int *ev_int; + debug_decl(plugin_event_add, SUDO_DEBUG_PCOMM); + + ev_int = __containerof(pev, struct sudo_plugin_event_int, public); + if (sudo_ev_add(NULL, &ev_int->private, timo, 0) == -1) + debug_return_int(-1); + debug_return_int(1); +} + +/* + * Delete a struct sudo_plugin_event from the main event loop. + */ +static int +plugin_event_del(struct sudo_plugin_event *pev) +{ + struct sudo_plugin_event_int *ev_int; + debug_decl(plugin_event_del, SUDO_DEBUG_PCOMM); + + ev_int = __containerof(pev, struct sudo_plugin_event_int, public); + if (sudo_ev_del(NULL, &ev_int->private) == -1) + debug_return_int(-1); + debug_return_int(1); +} + +/* + * Get the amount of time remaining in a timeout event. + */ +static int +plugin_event_pending(struct sudo_plugin_event *pev, int events, + struct timespec *ts) +{ + struct sudo_plugin_event_int *ev_int; + debug_decl(plugin_event_pending, SUDO_DEBUG_PCOMM); + + ev_int = __containerof(pev, struct sudo_plugin_event_int, public); + debug_return_int(sudo_ev_pending(&ev_int->private, events, ts)); +} + +/* + * Get the file descriptor associated with an event. + */ +static int +plugin_event_fd(struct sudo_plugin_event *pev) +{ + struct sudo_plugin_event_int *ev_int; + debug_decl(plugin_event_fd, SUDO_DEBUG_PCOMM); + + ev_int = __containerof(pev, struct sudo_plugin_event_int, public); + debug_return_int(sudo_ev_get_fd(&ev_int->private)); +} + +/* + * Break out of the event loop, killing the command if it is running. + */ +static void +plugin_event_loopbreak(struct sudo_plugin_event *pev) +{ + struct sudo_plugin_event_int *ev_int; + debug_decl(plugin_event_loopbreak, SUDO_DEBUG_PCOMM); + + ev_int = __containerof(pev, struct sudo_plugin_event_int, public); + sudo_ev_loopbreak(ev_int->private.base); + debug_return; +} + +/* + * Reset the event base of a struct sudo_plugin_event. + * The event is removed from the old base (if any) first. + * A NULL base can be used to set the default sudo event base. + */ +static void +plugin_event_setbase(struct sudo_plugin_event *pev, void *base) +{ + struct sudo_plugin_event_int *ev_int; + debug_decl(plugin_event_setbase, SUDO_DEBUG_PCOMM); + + ev_int = __containerof(pev, struct sudo_plugin_event_int, public); + if (ev_int->private.base != NULL) + sudo_ev_del(ev_int->private.base, &ev_int->private); + ev_int->private.base = base ? base : sudo_event_base; + debug_return; +} + +/* + * Free a struct sudo_plugin_event allocated by plugin_event_alloc(). + */ +static void +plugin_event_free(struct sudo_plugin_event *pev) +{ + struct sudo_plugin_event_int *ev_int; + debug_decl(plugin_event_free, SUDO_DEBUG_PCOMM); + + /* The private field is first so sudo_ev_free() can free the struct. */ + ev_int = __containerof(pev, struct sudo_plugin_event_int, public); + sudo_ev_free(&ev_int->private); + + debug_return; +} + +/* + * Allocate a struct sudo_plugin_event and fill in the public fields. + */ +struct sudo_plugin_event * +sudo_plugin_event_alloc(void) +{ + struct sudo_plugin_event_int *ev_int; + debug_decl(plugin_event_alloc, SUDO_DEBUG_PCOMM); + + if ((ev_int = malloc(sizeof(*ev_int))) == NULL) + debug_return_ptr(NULL); + + /* Init public fields. */ + ev_int->public.set = plugin_event_set; + ev_int->public.add = plugin_event_add; + ev_int->public.del = plugin_event_del; + ev_int->public.fd = plugin_event_fd; + ev_int->public.pending = plugin_event_pending; + ev_int->public.setbase = plugin_event_setbase; + ev_int->public.loopbreak = plugin_event_loopbreak; + ev_int->public.free = plugin_event_free; + + /* Debug instance to use with the callback. */ + ev_int->debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER; + + /* Clear private portion in case caller tries to use us uninitialized. */ + memset(&ev_int->private, 0, sizeof(ev_int->private)); + + debug_return_ptr(&ev_int->public); +} + +static void free_plugin_container(struct plugin_container *plugin, bool ioplugin) { - debug_decl(free_plugin_container, SUDO_DEBUG_PLUGIN) + debug_decl(free_plugin_container, SUDO_DEBUG_PLUGIN); free(plugin->path); free(plugin->name); @@ -1352,7 +2065,7 @@ { #ifdef NO_LEAKS struct sudo_gc_entry *gc; - debug_decl(gc_add, SUDO_DEBUG_MAIN) + debug_decl(gc_add, SUDO_DEBUG_MAIN); if (v == NULL) debug_return_bool(false); @@ -1389,7 +2102,7 @@ struct plugin_container *plugin; struct sudo_gc_entry *gc; char **cur; - debug_decl(gc_run, SUDO_DEBUG_MAIN) + debug_decl(gc_run, SUDO_DEBUG_MAIN); /* Collect garbage. */ while ((gc = SLIST_FIRST(&sudo_gc_list))) { diff -Nru sudo-1.8.31/src/sudo_edit.c sudo-1.9.0/src/sudo_edit.c --- sudo-1.8.31/src/sudo_edit.c 2020-01-29 18:04:57.000000000 +0000 +++ sudo-1.9.0/src/sudo_edit.c 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2004-2008, 2010-2018 Todd C. Miller + * Copyright (c) 2004-2008, 2010-2020 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -42,7 +42,6 @@ #include #include #include -#include #include #include "sudo.h" @@ -66,7 +65,7 @@ switch_user(uid_t euid, gid_t egid, int ngroups, GETGROUPS_T *groups) { int serrno = errno; - debug_decl(switch_user, SUDO_DEBUG_EDIT) + debug_decl(switch_user, SUDO_DEBUG_EDIT); sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "set uid:gid to %u:%u(%u)", (unsigned int)euid, (unsigned int)egid, @@ -101,7 +100,7 @@ { struct stat sb; int rc; - debug_decl(dir_is_writable, SUDO_DEBUG_EDIT) + debug_decl(dir_is_writable, SUDO_DEBUG_EDIT); if (fstat(dfd, &sb) == -1) debug_return_int(-1); @@ -142,7 +141,7 @@ group_matches(gid_t target, gid_t gid, int ngroups, GETGROUPS_T *groups) { int i; - debug_decl(group_matches, SUDO_DEBUG_EDIT) + debug_decl(group_matches, SUDO_DEBUG_EDIT); if (target == gid) { sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, @@ -168,7 +167,7 @@ dir_is_writable(int dfd, struct user_details *ud, struct command_details *cd) { struct stat sb; - debug_decl(dir_is_writable, SUDO_DEBUG_EDIT) + debug_decl(dir_is_writable, SUDO_DEBUG_EDIT); if (fstat(dfd, &sb) == -1) debug_return_int(-1); @@ -220,7 +219,7 @@ unsigned int i; size_t len; int dfd; - debug_decl(set_tmpdir, SUDO_DEBUG_EDIT) + debug_decl(set_tmpdir, SUDO_DEBUG_EDIT); for (i = 0; tdir == NULL && i < nitems(tmpdirs); i++) { if ((dfd = open(tmpdirs[i], O_RDONLY)) != -1) { @@ -253,7 +252,7 @@ { const char *cp, *suff; int len, tfd; - debug_decl(sudo_edit_mktemp, SUDO_DEBUG_EDIT) + debug_decl(sudo_edit_mktemp, SUDO_DEBUG_EDIT); if ((cp = strrchr(ofile, '/')) != NULL) cp++; @@ -274,42 +273,11 @@ debug_return_int(tfd); } -#ifndef HAVE_OPENAT -static int -sudo_openat(int dfd, const char *path, int flags, mode_t mode) -{ - int fd, odfd; - debug_decl(sudo_openat, SUDO_DEBUG_EDIT) - - if (dfd == AT_FDCWD) - debug_return_int(open(path, flags, mode)); - - /* Save cwd */ - if ((odfd = open(".", O_RDONLY)) == -1) - debug_return_int(-1); - - if (fchdir(dfd) == -1) { - close(odfd); - debug_return_int(-1); - } - - fd = open(path, flags, mode); - - /* Restore cwd */ - if (fchdir(odfd) == -1) - sudo_fatal(U_("unable to restore current working directory")); - close(odfd); - - debug_return_int(fd); -} -#define openat sudo_openat -#endif /* HAVE_OPENAT */ - #ifdef O_NOFOLLOW static int sudo_edit_openat_nofollow(int dfd, char *path, int oflags, mode_t mode) { - debug_decl(sudo_edit_openat_nofollow, SUDO_DEBUG_EDIT) + debug_decl(sudo_edit_openat_nofollow, SUDO_DEBUG_EDIT); debug_return_int(openat(dfd, path, oflags|O_NOFOLLOW, mode)); } @@ -322,7 +290,7 @@ sudo_edit_is_symlink(int fd, char *path) { struct stat sb1, sb2; - debug_decl(sudo_edit_is_symlink, SUDO_DEBUG_EDIT) + debug_decl(sudo_edit_is_symlink, SUDO_DEBUG_EDIT); /* * Treat [fl]stat() failure like there was a symlink. @@ -347,7 +315,7 @@ { int fd = -1, odfd = -1; struct stat sb; - debug_decl(sudo_edit_openat_nofollow, SUDO_DEBUG_EDIT) + debug_decl(sudo_edit_openat_nofollow, SUDO_DEBUG_EDIT); /* Save cwd and chdir to dfd */ if ((odfd = open(".", O_RDONLY)) == -1) @@ -422,7 +390,7 @@ { const int dflags = DIR_OPEN_FLAGS; int dfd, fd, is_writable; - debug_decl(sudo_edit_open_nonwritable, SUDO_DEBUG_EDIT) + debug_decl(sudo_edit_open_nonwritable, SUDO_DEBUG_EDIT); if (path[0] == '/') { dfd = open("/", dflags); @@ -490,7 +458,7 @@ { const int sflags = command_details ? command_details->flags : 0; int fd; - debug_decl(sudo_edit_open, SUDO_DEBUG_EDIT) + debug_decl(sudo_edit_open, SUDO_DEBUG_EDIT); if (!ISSET(sflags, CD_SUDOEDIT_FOLLOW)) oflags |= O_NOFOLLOW; @@ -512,7 +480,7 @@ const int sflags = command_details ? command_details->flags : 0; struct stat sb; int fd; - debug_decl(sudo_edit_open, SUDO_DEBUG_EDIT) + debug_decl(sudo_edit_open, SUDO_DEBUG_EDIT); /* * Check if path is a symlink. This is racey but we detect whether @@ -563,11 +531,9 @@ struct tempfile *tf, char *files[], int nfiles) { int i, j, tfd, ofd, rc; - char buf[BUFSIZ]; - ssize_t nwritten, nread; struct timespec times[2]; struct stat sb; - debug_decl(sudo_edit_create_tfiles, SUDO_DEBUG_EDIT) + debug_decl(sudo_edit_create_tfiles, SUDO_DEBUG_EDIT); /* * For each file specified by the user, make a temporary version @@ -641,18 +607,7 @@ debug_return_int(-1); } if (ofd != -1) { - while ((nread = read(ofd, buf, sizeof(buf))) > 0) { - if ((nwritten = write(tfd, buf, nread)) != nread) { - if (nwritten == -1) - sudo_warn("%s", tf[j].tfile); - else - sudo_warnx(U_("%s: short write"), tf[j].tfile); - break; - } - } - if (nread != 0) { - if (nread < 0) - sudo_warn("%s", files[i]); + if (sudo_copy_file(tf[j].ofile, ofd, tf[j].osize, tf[j].tfile, tfd, -1) == -1) { close(ofd); close(tfd); debug_return_int(-1); @@ -689,17 +644,15 @@ sudo_edit_copy_tfiles(struct command_details *command_details, struct tempfile *tf, int nfiles, struct timespec *times) { - int i, tfd, ofd, rc, errors = 0; - char buf[BUFSIZ]; - ssize_t nwritten, nread; + int i, tfd, ofd, errors = 0; struct timespec ts; struct stat sb; mode_t oldmask; - debug_decl(sudo_edit_copy_tfiles, SUDO_DEBUG_EDIT) + debug_decl(sudo_edit_copy_tfiles, SUDO_DEBUG_EDIT); /* Copy contents of temp files to real ones. */ for (i = 0; i < nfiles; i++) { - rc = -1; + int rc = -1; sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "seteuid(%u)", (unsigned int)user_details.uid); if (seteuid(user_details.uid) != 0) @@ -712,8 +665,8 @@ "seteuid(%u)", ROOT_UID); if (seteuid(ROOT_UID) != 0) sudo_fatal("seteuid(ROOT_UID)"); - if (rc || !S_ISREG(sb.st_mode)) { - if (rc) + if (rc == -1 || !S_ISREG(sb.st_mode)) { + if (rc == -1) sudo_warn("%s", tf[i].tfile); else sudo_warnx(U_("%s: not a regular file"), tf[i].tfile); @@ -739,38 +692,26 @@ switch_user(command_details->euid, command_details->egid, command_details->ngroups, command_details->groups); oldmask = umask(command_details->umask); - ofd = sudo_edit_open(tf[i].ofile, O_WRONLY|O_TRUNC|O_CREAT, + ofd = sudo_edit_open(tf[i].ofile, O_WRONLY|O_CREAT, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH, command_details); umask(oldmask); switch_user(ROOT_UID, user_details.egid, user_details.ngroups, user_details.groups); if (ofd == -1) { sudo_warn(U_("unable to write to %s"), tf[i].ofile); - sudo_warnx(U_("contents of edit session left in %s"), tf[i].tfile); - close(tfd); - errors++; - continue; - } - while ((nread = read(tfd, buf, sizeof(buf))) > 0) { - if ((nwritten = write(ofd, buf, nread)) != nread) { - if (nwritten == -1) - sudo_warn("%s", tf[i].ofile); - else - sudo_warnx(U_("%s: short write"), tf[i].ofile); - break; - } + goto bad; } - if (nread == 0) { - /* success, got EOF */ - unlink(tf[i].tfile); - } else if (nread < 0) { - sudo_warn(U_("unable to read temporary file")); - sudo_warnx(U_("contents of edit session left in %s"), tf[i].tfile); - } else { - sudo_warn(U_("unable to write to %s"), tf[i].ofile); + + /* Overwrite the old file with the new contents. */ + if (sudo_copy_file(tf[i].tfile, tfd, sb.st_size, tf[i].ofile, ofd, + tf[i].osize) == -1) { +bad: sudo_warnx(U_("contents of edit session left in %s"), tf[i].tfile); + errors++; } - close(ofd); + + if (ofd != -1) + close(ofd); close(tfd); } debug_return_int(errors); @@ -778,28 +719,54 @@ #ifdef HAVE_SELINUX static int +selinux_run_helper(char *argv[], char *envp[]) +{ + int status, ret = SESH_ERR_FAILURE; + const char *sesh; + pid_t child, pid; + debug_decl(selinux_run_helper, SUDO_DEBUG_EDIT); + + sesh = sudo_conf_sesh_path(); + if (sesh == NULL) { + sudo_warnx("internal error: sesh path not set"); + debug_return_int(-1); + } + + child = sudo_debug_fork(); + switch (child) { + case -1: + sudo_warn(U_("unable to fork")); + break; + case 0: + /* child runs sesh in new context */ + if (selinux_setcon() == 0) + execve(sesh, argv, envp); + _exit(SESH_ERR_FAILURE); + default: + /* parent waits */ + do { + pid = waitpid(child, &status, 0); + } while (pid == -1 && errno == EINTR); + + ret = WIFSIGNALED(status) ? SESH_ERR_KILLED : WEXITSTATUS(status); + } + + debug_return_int(ret); +} + +static int selinux_edit_create_tfiles(struct command_details *command_details, struct tempfile *tf, char *files[], int nfiles) { char **sesh_args, **sesh_ap; int i, rc, sesh_nargs; struct stat sb; - struct command_details saved_command_details; - debug_decl(selinux_edit_create_tfiles, SUDO_DEBUG_EDIT) + debug_decl(selinux_edit_create_tfiles, SUDO_DEBUG_EDIT); - /* Prepare selinux stuff (setexeccon) */ - if (selinux_setup(command_details->selinux_role, - command_details->selinux_type, NULL, -1) != 0) - debug_return_int(-1); - if (nfiles < 1) debug_return_int(0); /* Construct common args for sesh */ - memcpy(&saved_command_details, command_details, sizeof(struct command_details)); - command_details->command = _PATH_SUDO_SESH; - command_details->flags |= CD_SUDOEDIT_COPY; - sesh_nargs = 4 + (nfiles * 2) + 1; sesh_args = sesh_ap = reallocarray(NULL, sesh_nargs, sizeof(char *)); if (sesh_args == NULL) { @@ -812,6 +779,7 @@ *sesh_ap++ = "-h"; *sesh_ap++ = "0"; + /* XXX - temp files should be created with user's context */ for (i = 0; i < nfiles; i++) { char *tfile, *ofile = files[i]; int tfd; @@ -841,8 +809,7 @@ *sesh_ap = NULL; /* Run sesh -e [-h] 0 ... */ - command_details->argv = sesh_args; - rc = run_command(command_details); + rc = selinux_run_helper(sesh_args, command_details->envp); switch (rc) { case SESH_SUCCESS: break; @@ -850,15 +817,12 @@ sudo_fatalx(U_("sesh: internal error: odd number of paths")); case SESH_ERR_NO_FILES: sudo_fatalx(U_("sesh: unable to create temporary files")); + case SESH_ERR_KILLED: + sudo_fatalx(U_("sesh: killed by a signal")); default: sudo_fatalx(U_("sesh: unknown error %d"), rc); } - /* Restore saved command_details. */ - command_details->command = saved_command_details.command; - command_details->flags = saved_command_details.flags; - command_details->argv = saved_command_details.argv; - /* Chown to user's UID so they can edit the temporary files. */ for (i = 0; i < nfiles; i++) { if (chown(tf[i].tfile, user_details.uid, user_details.gid) != 0) { @@ -879,24 +843,14 @@ { char **sesh_args, **sesh_ap; int i, rc, sesh_nargs, ret = 1; - struct command_details saved_command_details; struct timespec ts; struct stat sb; - debug_decl(selinux_edit_copy_tfiles, SUDO_DEBUG_EDIT) + debug_decl(selinux_edit_copy_tfiles, SUDO_DEBUG_EDIT); - /* Prepare selinux stuff (setexeccon) */ - if (selinux_setup(command_details->selinux_role, - command_details->selinux_type, NULL, -1) != 0) - debug_return_int(1); - if (nfiles < 1) debug_return_int(0); /* Construct common args for sesh */ - memcpy(&saved_command_details, command_details, sizeof(struct command_details)); - command_details->command = _PATH_SUDO_SESH; - command_details->flags |= CD_SUDOEDIT_COPY; - sesh_nargs = 3 + (nfiles * 2) + 1; sesh_args = sesh_ap = reallocarray(NULL, sesh_nargs, sizeof(char *)); if (sesh_args == NULL) { @@ -934,32 +888,29 @@ if (sesh_ap - sesh_args > 3) { /* Run sesh -e 1 ... */ - command_details->argv = sesh_args; - rc = run_command(command_details); + rc = selinux_run_helper(sesh_args, command_details->envp); switch (rc) { case SESH_SUCCESS: ret = 0; break; case SESH_ERR_NO_FILES: sudo_warnx(U_("unable to copy temporary files back to their original location")); - sudo_warnx(U_("contents of edit session left in %s"), edit_tmpdir); break; case SESH_ERR_SOME_FILES: sudo_warnx(U_("unable to copy some of the temporary files back to their original location")); - sudo_warnx(U_("contents of edit session left in %s"), edit_tmpdir); + break; + case SESH_ERR_KILLED: + sudo_warnx(U_("sesh: killed by a signal")); break; default: sudo_warnx(U_("sesh: unknown error %d"), rc); break; } + if (ret != 0) + sudo_warnx(U_("contents of edit session left in %s"), edit_tmpdir); } free(sesh_args); - /* Restore saved command_details. */ - command_details->command = saved_command_details.command; - command_details->flags = saved_command_details.flags; - command_details->argv = saved_command_details.argv; - debug_return_int(ret); } #endif /* HAVE_SELINUX */ @@ -978,7 +929,7 @@ int editor_argc = 0, nfiles = 0; struct timespec times[2]; struct tempfile *tf = NULL; - debug_decl(sudo_edit, SUDO_DEBUG_EDIT) + debug_decl(sudo_edit, SUDO_DEBUG_EDIT); if (!set_tmpdir(command_details)) goto cleanup; @@ -1011,6 +962,15 @@ goto cleanup; } +#ifdef HAVE_SELINUX + /* Compute new SELinux security context. */ + if (ISSET(command_details->flags, CD_RBAC_ENABLED)) { + if (selinux_setup(command_details->selinux_role, + command_details->selinux_type, NULL, -1, false) != 0) + goto cleanup; + } +#endif + /* Copy editor files to temporaries. */ tf = calloc(nfiles, sizeof(*tf)); if (tf == NULL) { @@ -1046,6 +1006,7 @@ /* * Run the editor with the invoking user's creds, * keeping track of the time spent in the editor. + * XXX - should run editor with user's context */ if (sudo_gettime_real(×[0]) == -1) { sudo_warn(U_("unable to read the clock")); @@ -1081,8 +1042,10 @@ else #endif errors = sudo_edit_copy_tfiles(command_details, tf, nfiles, times); - if (errors) - goto cleanup; + if (errors) { + /* Preserve the edited temporary files. */ + rc = W_EXITCODE(1, 0); + } for (i = 0; i < nfiles; i++) free(tf[i].tfile); @@ -1096,6 +1059,7 @@ for (i = 0; i < nfiles; i++) { if (tf[i].tfile != NULL) unlink(tf[i].tfile); + free(tf[i].tfile); } } free(tf); @@ -1111,7 +1075,7 @@ int sudo_edit(struct command_details *command_details) { - debug_decl(sudo_edit, SUDO_DEBUG_EDIT) + debug_decl(sudo_edit, SUDO_DEBUG_EDIT); debug_return_int(W_EXITCODE(1, 0)); } diff -Nru sudo-1.8.31/src/sudo_exec.h sudo-1.9.0/src/sudo_exec.h --- sudo-1.8.31/src/sudo_exec.h 2019-10-28 12:27:39.000000000 +0000 +++ sudo-1.9.0/src/sudo_exec.h 2020-05-11 16:28:23.000000000 +0000 @@ -73,6 +73,7 @@ */ #define SESH_SUCCESS 0 /* successful operation */ #define SESH_ERR_FAILURE 1 /* unspecified error */ +#define SESH_ERR_KILLED 2 /* killed by a signal */ #define SESH_ERR_INVALID 30 /* invalid -e arg value */ #define SESH_ERR_BAD_PATHS 31 /* odd number of paths */ #define SESH_ERR_NO_FILES 32 /* copy error, no files copied */ @@ -84,6 +85,9 @@ struct command_details; struct command_status; +/* copy_file.c */ +int sudo_copy_file(const char *src, int src_fd, off_t src_len, const char *dst, int dst_fd, off_t dst_len); + /* exec.c */ void exec_cmnd(struct command_details *details, int errfd); void terminate_command(pid_t pid, bool use_pgrp); diff -Nru sudo-1.8.31/src/sudo.h sudo-1.9.0/src/sudo.h --- sudo-1.8.31/src/sudo.h 2019-10-28 12:28:52.000000000 +0000 +++ sudo-1.9.0/src/sudo.h 2020-05-11 16:28:23.000000000 +0000 @@ -39,6 +39,7 @@ #include "sudo_conf.h" #include "sudo_debug.h" #include "sudo_queue.h" +#include "sudo_event.h" #include "sudo_util.h" #ifdef HAVE_PRIV_SET @@ -50,12 +51,6 @@ # define NDEBUG #endif -#ifdef __TANDEM -# define ROOT_UID 65535 -#else -# define ROOT_UID 0 -#endif - /* * Various modes sudo can be in (based on arguments) in hex */ @@ -135,12 +130,11 @@ #define CD_USE_PTY 0x001000 #define CD_SET_UTMP 0x002000 #define CD_EXEC_BG 0x004000 -#define CD_SUDOEDIT_COPY 0x008000 -#define CD_SUDOEDIT_FOLLOW 0x010000 -#define CD_SUDOEDIT_CHECKDIR 0x020000 -#define CD_SET_GROUPS 0x040000 -#define CD_LOGIN_SHELL 0x080000 -#define CD_OVERRIDE_UMASK 0x100000 +#define CD_SUDOEDIT_FOLLOW 0x008000 +#define CD_SUDOEDIT_CHECKDIR 0x010000 +#define CD_SET_GROUPS 0x020000 +#define CD_LOGIN_SHELL 0x040000 +#define CD_OVERRIDE_UMASK 0x080000 struct preserved_fd { TAILQ_ENTRY(preserved_fd) entries; @@ -162,10 +156,12 @@ int closefrom; int flags; int execfd; + int cwd_optional; struct preserved_fd_list preserved_fds; struct passwd *pw; GETGROUPS_T *groups; const char *command; + const char *runas_user; const char *cwd; const char *login_class; const char *chroot; @@ -175,6 +171,7 @@ const char *tty; char **argv; char **envp; + struct sudo_event_base *evbase; #ifdef HAVE_PRIV_SET priv_set_t *privs; priv_set_t *limitprivs; @@ -211,8 +208,8 @@ int sudo_execute(struct command_details *details, struct command_status *cstat); /* parse_args.c */ -int parse_args(int argc, char **argv, int *nargc, char ***nargv, - struct sudo_settings **settingsp, char ***env_addp); +int parse_args(int argc, char **argv, int *old_optind, int *nargc, + char ***nargv, struct sudo_settings **settingsp, char ***env_addp); extern int tgetpass_flags; /* get_pty.c */ @@ -224,6 +221,11 @@ int os_init_common(int argc, char *argv[], char *envp[]); bool gc_add(enum sudo_gc_types type, void *v); bool set_user_groups(struct command_details *details); +struct sudo_plugin_event *sudo_plugin_event_alloc(void); +void audit_reject(const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[]); +void audit_error(const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[]); extern const char *list_user; extern struct user_details user_details; extern int sudo_debug_instance; @@ -232,7 +234,7 @@ int sudo_edit(struct command_details *details); /* parse_args.c */ -void usage(int); +void usage(void) __attribute__((__noreturn__)); /* openbsd.c */ int os_init_openbsd(int argc, char *argv[], char *envp[]); @@ -240,7 +242,8 @@ /* selinux.c */ int selinux_restore_tty(void); int selinux_setup(const char *role, const char *type, const char *ttyn, - int ttyfd); + int ttyfd, bool label_tty); +int selinux_setcon(void); void selinux_execve(int fd, const char *path, char *const argv[], char *envp[], bool noexec); diff -Nru sudo-1.8.31/src/sudo_plugin_int.h sudo-1.9.0/src/sudo_plugin_int.h --- sudo-1.8.31/src/sudo_plugin_int.h 2019-10-28 12:27:39.000000000 +0000 +++ sudo-1.9.0/src/sudo_plugin_int.h 2020-05-11 16:28:23.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2010-2014 Todd C. Miller + * Copyright (c) 2010-2020 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -100,12 +100,27 @@ struct io_plugin *io; struct io_plugin_1_0 *io_1_0; struct io_plugin_1_1 *io_1_1; + struct audit_plugin *audit; + struct approval_plugin *approval; } u; }; TAILQ_HEAD(plugin_container_list, plugin_container); +/* + * Private implementation of struct sudo_plugin_event. + */ +struct sudo_plugin_event_int { + struct sudo_event private; /* must be first */ + int debug_instance; /* plugin's debug instance */ + void *closure; /* actual user closure */ + sudo_ev_callback_t callback; /* actual user callback */ + struct sudo_plugin_event public; /* user-visible portion */ +}; + extern struct plugin_container policy_plugin; extern struct plugin_container_list io_plugins; +extern struct plugin_container_list audit_plugins; +extern struct plugin_container_list approval_plugins; int sudo_conversation(int num_msgs, const struct sudo_conv_message msgs[], struct sudo_conv_reply replies[], struct sudo_conv_callback *callback); @@ -114,6 +129,8 @@ int sudo_conversation_printf(int msg_type, const char *fmt, ...); bool sudo_load_plugins(struct plugin_container *policy_plugin, - struct plugin_container_list *io_plugins); + struct plugin_container_list *io_plugins, + struct plugin_container_list *audit_plugins, + struct plugin_container_list *approval_plugins); #endif /* SUDO_PLUGIN_INT_H */ diff -Nru sudo-1.8.31/src/tgetpass.c sudo-1.9.0/src/tgetpass.c --- sudo-1.8.31/src/tgetpass.c 2020-01-30 12:51:39.000000000 +0000 +++ sudo-1.9.0/src/tgetpass.c 2020-05-11 16:28:23.000000000 +0000 @@ -68,7 +68,7 @@ suspend(int signo, struct sudo_conv_callback *callback) { int ret = 0; - debug_decl(suspend, SUDO_DEBUG_CONV) + debug_decl(suspend, SUDO_DEBUG_CONV); if (callback != NULL && SUDO_API_VERSION_GET_MAJOR(callback->version) != SUDO_CONV_CALLBACK_VERSION_MAJOR) { sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, @@ -93,7 +93,7 @@ static void tgetpass_display_error(enum tgetpass_errval errval) { - debug_decl(tgetpass_display_error, SUDO_DEBUG_CONV) + debug_decl(tgetpass_display_error, SUDO_DEBUG_CONV); switch (errval) { case TGP_ERRVAL_NOERROR: @@ -124,10 +124,9 @@ static const char *askpass; static char buf[SUDO_CONV_REPL_MAX + 1]; int i, input, output, save_errno, ttyfd; - bool need_restart, neednl = false; - bool feedback = ISSET(flags, TGP_MASK); + bool feedback, need_restart, neednl; enum tgetpass_errval errval; - debug_decl(tgetpass, SUDO_DEBUG_CONV) + debug_decl(tgetpass, SUDO_DEBUG_CONV); (void) fflush(stdout); @@ -141,8 +140,8 @@ /* Try to open /dev/tty if we are going to be using it for I/O. */ ttyfd = -1; if (!ISSET(flags, TGP_STDIN|TGP_ASKPASS)) { - ttyfd = open(_PATH_TTY, O_RDWR); /* If no tty present and we need to disable echo, try askpass. */ + ttyfd = open(_PATH_TTY, O_RDWR); if (ttyfd == -1 && !ISSET(flags, TGP_ECHO|TGP_NOECHO_TRY)) { if (askpass == NULL || getenv_unhooked("DISPLAY") == NULL) { sudo_warnx(U_("a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper")); @@ -164,12 +163,16 @@ signo[i] = 0; pass = NULL; save_errno = 0; + neednl = false; need_restart = false; + feedback = false; /* Use tty for reading/writing if available else use stdin/stderr. */ if (ttyfd == -1) { input = STDIN_FILENO; output = STDERR_FILENO; + /* Don't try to mask password if /dev/tty is not available. */ + CLR(flags, TGP_MASK); } else { input = ttyfd; output = ttyfd; @@ -181,23 +184,20 @@ */ if (!ISSET(flags, TGP_ECHO)) { for (;;) { - if (feedback) - neednl = sudo_term_cbreak(input); + if (ISSET(flags, TGP_MASK)) + neednl = feedback = sudo_term_cbreak(input); else neednl = sudo_term_noecho(input); if (neednl || errno != EINTR) break; /* Received SIGTTOU, suspend the process. */ if (suspend(SIGTTOU, callback) == -1) { - if (input != STDIN_FILENO) - (void) close(input); + if (ttyfd != -1) + (void) close(ttyfd); debug_return_ptr(NULL); } } } - /* Only use feedback mode when we can disable echo. */ - if (!neednl) - feedback = false; /* * Catch signals that would otherwise cause the user to end @@ -254,8 +254,8 @@ /* Restore old tty settings if possible. */ (void) sudo_term_restore(input, true); } - if (input != STDIN_FILENO) - (void) close(input); + if (ttyfd != -1) + (void) close(ttyfd); /* * If we were interrupted by a signal, resend it to ourselves @@ -298,7 +298,7 @@ enum tgetpass_errval errval; int pfd[2], status; pid_t child; - debug_decl(sudo_askpass, SUDO_DEBUG_CONV) + debug_decl(sudo_askpass, SUDO_DEBUG_CONV); /* Set SIGCHLD handler to default since we call waitpid() below. */ memset(&sa, 0, sizeof(sa)); @@ -315,17 +315,10 @@ sudo_fatal(U_("unable to fork")); if (child == 0) { - /* child, set stdout to write side of the pipe or clear FD_CLOEXEC */ - if (pfd[1] == STDOUT_FILENO) { - if (fcntl(pfd[1], F_SETFD, 0) == -1) { - sudo_warn("fcntl"); - _exit(255); - } - } else { - if (dup2(pfd[1], STDOUT_FILENO) == -1) { - sudo_warn("dup2"); - _exit(255); - } + /* child, set stdout to write side of the pipe */ + if (dup3(pfd[1], STDOUT_FILENO, 0) == -1) { + sudo_warn("dup3"); + _exit(255); } if (setuid(ROOT_UID) == -1) sudo_warn("setuid(%d)", ROOT_UID); @@ -384,7 +377,7 @@ ssize_t nr = -1; char *cp = buf; char c = '\0'; - debug_decl(getln, SUDO_DEBUG_CONV) + debug_decl(getln, SUDO_DEBUG_CONV); *errval = TGP_ERRVAL_NOERROR; diff -Nru sudo-1.8.31/src/ttyname.c sudo-1.9.0/src/ttyname.c --- sudo-1.8.31/src/ttyname.c 2019-10-28 12:28:54.000000000 +0000 +++ sudo-1.9.0/src/ttyname.c 2020-05-11 16:28:23.000000000 +0000 @@ -104,7 +104,7 @@ size_t size = sizeof(*ki_proc); int mib[6], rc, serrno = errno; char *ret = NULL; - debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL) + debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL); /* * Lookup controlling tty for this process via sysctl. @@ -158,7 +158,7 @@ struct psinfo psinfo; ssize_t nread; int fd, serrno = errno; - debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL) + debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL); /* Try to determine the tty from pr_ttydev in /proc/pid/psinfo. */ (void)snprintf(path, sizeof(path), "/proc/%u/psinfo", (unsigned int)getpid()); @@ -201,7 +201,7 @@ int serrno = errno; ssize_t nread; int fd; - debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL) + debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL); /* * Try to determine the tty from tty_nr in /proc/self/stat. @@ -284,7 +284,7 @@ struct pst_status pstat; char *ret = NULL; int rc, serrno = errno; - debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL) + debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL); /* * Determine the tty from psdev in struct pst_status. @@ -318,7 +318,7 @@ get_process_ttyname(char *name, size_t namelen) { char *tty; - debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL) + debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL); if ((tty = ttyname(STDIN_FILENO)) == NULL) { if ((tty = ttyname(STDOUT_FILENO)) == NULL) diff -Nru sudo-1.8.31/src/utmp.c sudo-1.9.0/src/utmp.c --- sudo-1.8.31/src/utmp.c 2019-10-28 12:27:39.000000000 +0000 +++ sudo-1.9.0/src/utmp.c 2020-05-11 16:28:23.000000000 +0000 @@ -109,7 +109,7 @@ { const char *line = new->ut_line; size_t idlen; - debug_decl(utmp_setid, SUDO_DEBUG_UTMP) + debug_decl(utmp_setid, SUDO_DEBUG_UTMP); /* Skip over "tty" in the id if old entry did too. */ if (old != NULL) { @@ -141,7 +141,7 @@ utmp_settime(sudo_utmp_t *ut) { struct timeval tv; - debug_decl(utmp_settime, SUDO_DEBUG_UTMP) + debug_decl(utmp_settime, SUDO_DEBUG_UTMP); if (gettimeofday(&tv, NULL) == 0) { #if defined(HAVE_STRUCT_UTMP_UT_TV) @@ -162,7 +162,7 @@ utmp_fill(const char *line, const char *user, sudo_utmp_t *ut_old, sudo_utmp_t *ut_new) { - debug_decl(utmp_file, SUDO_DEBUG_UTMP) + debug_decl(utmp_file, SUDO_DEBUG_UTMP); if (ut_old == NULL) { memset(ut_new, 0, sizeof(*ut_new)); @@ -204,7 +204,7 @@ { sudo_utmp_t utbuf, *ut_old = NULL; bool ret = false; - debug_decl(utmp_login, SUDO_DEBUG_UTMP) + debug_decl(utmp_login, SUDO_DEBUG_UTMP); /* Strip off /dev/ prefix from line as needed. */ if (strncmp(to_line, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) @@ -232,7 +232,7 @@ { bool ret = false; sudo_utmp_t *ut, utbuf; - debug_decl(utmp_logout, SUDO_DEBUG_UTMP) + debug_decl(utmp_logout, SUDO_DEBUG_UTMP); /* Strip off /dev/ prefix from line as needed. */ if (strncmp(line, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) @@ -269,7 +269,7 @@ { int slot = 1; struct ttyent *tty; - debug_decl(utmp_slot, SUDO_DEBUG_UTMP) + debug_decl(utmp_slot, SUDO_DEBUG_UTMP); setttyent(); while ((tty = getttyent()) != NULL) { @@ -285,7 +285,7 @@ utmp_slot(const char *line, int ttyfd) { int sfd, slot; - debug_decl(utmp_slot, SUDO_DEBUG_UTMP) + debug_decl(utmp_slot, SUDO_DEBUG_UTMP); /* * Temporarily point stdin to the tty since ttyslot() @@ -312,7 +312,7 @@ bool ret = false; int slot; FILE *fp; - debug_decl(utmp_login, SUDO_DEBUG_UTMP) + debug_decl(utmp_login, SUDO_DEBUG_UTMP); /* Strip off /dev/ prefix from line as needed. */ if (strncmp(to_line, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) @@ -344,11 +344,7 @@ } } utmp_fill(to_line, user, ut_old, &utbuf); -# ifdef HAVE_FSEEKO if (fseeko(fp, slot * (off_t)sizeof(utbuf), SEEK_SET) == 0) { -# else - if (fseek(fp, slot * (long)sizeof(utbuf), SEEK_SET) == 0) { -# endif if (fwrite(&utbuf, sizeof(utbuf), 1, fp) == 1) ret = true; } @@ -364,7 +360,7 @@ sudo_utmp_t utbuf; bool ret = false; FILE *fp; - debug_decl(utmp_logout, SUDO_DEBUG_UTMP) + debug_decl(utmp_logout, SUDO_DEBUG_UTMP); if ((fp = fopen(_PATH_UTMP, "r+")) == NULL) debug_return_int(ret); @@ -381,11 +377,7 @@ # endif utmp_settime(&utbuf); /* Back up and overwrite record. */ -# ifdef HAVE_FSEEKO if (fseeko(fp, (off_t)0 - (off_t)sizeof(utbuf), SEEK_CUR) == 0) { -# else - if (fseek(fp, 0L - (long)sizeof(utbuf), SEEK_CUR) == 0) { -# endif if (fwrite(&utbuf, sizeof(utbuf), 1, fp) == 1) ret = true; } diff -Nru sudo-1.8.31/sudo.pp sudo-1.9.0/sudo.pp --- sudo-1.8.31/sudo.pp 2019-10-28 12:27:46.000000000 +0000 +++ sudo-1.9.0/sudo.pp 1970-01-01 00:00:00.000000000 +0000 @@ -1,531 +0,0 @@ -%set - if test -n "$flavor"; then - name="sudo-$flavor" - pp_kit_package="sudo_$flavor" - else - name="sudo" - pp_kit_package="sudo" - fi - summary="Provide limited super-user privileges to specific users" - description="Sudo is a program designed to allow a sysadmin to give \ -limited root privileges to users and log root activity. \ -The basic philosophy is to give as few privileges as possible but \ -still allow people to get their work done." - vendor="Todd C. Miller" - copyright="(c) 1993-1996,1998-2019 Todd C. Miller" - sudoedit_man=`echo ${pp_destdir}$mandir/*/sudoedit.*|sed "s:^${pp_destdir}::"` - sudoedit_man_target=`basename $sudoedit_man | sed 's/edit//'` - -%if [aix] - # AIX package summary is limited to 40 characters - summary="Configurable super-user privileges" - - # Convert to 4 part version for AIX, including patch level - pp_aix_version=`echo $version|sed -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)p\([0-9]*\)$/\1.\2/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)[^0-9\.].*$/\1/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)$/\1.0/'` -%endif - -%if [kit] - # Strip off patchlevel for kit which only supports xyz versions - pp_kit_version="`echo $version|sed -e 's/\.//g' -e 's/[^0-9][^0-9]*[0-9][0-9]*$//'`" - pp_kit_name="TCM" -%endif - -%if [sd] - pp_sd_vendor_tag="TCM" -%endif - -%if [solaris] - pp_solaris_name="TCM${name}" - pp_solaris_pstamp=`/usr/bin/date "+%B %d, %Y"` -%endif - -%if [macos] - # System Integrity Protection on macOS won't allow us to write - # directly to /etc or /var. We must install in /private instead. - case "$sudoersdir" in - /etc|/etc/*) - mkdir -p ${pp_destdir}/private - chmod 755 ${pp_destdir}/private - if test -d ${pp_destdir}/etc; then - mv ${pp_destdir}/etc ${pp_destdir}/private/etc - fi - sudoersdir="/private${sudoersdir}" - ;; - esac - case "$vardir" in - /var|/var/*) - mkdir -p ${pp_destdir}/private - chmod 755 ${pp_destdir}/private - if test -d ${pp_destdir}/var; then - mv ${pp_destdir}/var ${pp_destdir}/private/var - fi - vardir="/private${vardir}" - ;; - esac - case "$rundir" in - /var|/var/*) - mkdir -p ${pp_destdir}/private - chmod 755 ${pp_destdir}/private - if test -d ${pp_destdir}/var; then - mv ${pp_destdir}/var ${pp_destdir}/private/var - fi - rundir="/private${rundir}" - ;; - esac -%endif - -%if [rpm,deb] - # Convert patch level into release and remove from version - pp_rpm_release="`expr \( $version : '.*p\([0-9][0-9]*\)$' \| 0 \) + 1`" - pp_rpm_version="`expr \( $version : '\(.*\)p[0-9][0-9]*$' \| $version \)`" - pp_rpm_license="BSD" - pp_rpm_url="https://www.sudo.ws" - pp_rpm_group="Applications/System" - pp_rpm_packager="Todd C. Miller " - if test -n "$linux_audit"; then - pp_rpm_requires="audit-libs >= $linux_audit" - fi - # The package manager will handle an existing sudoers file - rm -f ${pp_destdir}$sudoersdir/sudoers.dist -%else - # For all but RPM and Debian we copy sudoers in a post-install script. - rm -f ${pp_destdir}$sudoersdir/sudoers -%endif - -%if [deb] - pp_deb_maintainer="$pp_rpm_packager" - pp_deb_release="$pp_rpm_release" - pp_deb_version="$pp_rpm_version" - pp_deb_section=admin - install -D -m 644 ${pp_destdir}$docdir/LICENSE ${pp_wrkdir}/${name}/usr/share/doc/${name}/copyright - install -D -m 644 ${pp_destdir}$docdir/ChangeLog ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog - gzip -9f ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog - printf "$name ($pp_deb_version-$pp_deb_release) admin; urgency=low\n\n * see upstream changelog\n\n -- $pp_deb_maintainer `date '+%a, %d %b %Y %T %z'`\n" > ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian - chmod 644 ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian - gzip -9f ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian - # Create lintian override file - mkdir -p ${pp_wrkdir}/${name}/usr/share/lintian/overrides - cat >${pp_wrkdir}/${name}/usr/share/lintian/overrides/${name} <<-EOF - # The sudo binary must be setuid root - $name: setuid-binary usr/bin/sudo 4755 root/root - # Sudo configuration and data dirs must not be world-readable - $name: non-standard-file-perm etc/sudoers 0440 != 0644 - $name: non-standard-dir-perm etc/sudoers.d/ 0750 != 0755 - $name: non-standard-dir-perm var/lib/sudo/ 0700 != 0755 - # Sudo ships with debugging symbols - $name: unstripped-binary-or-object - EOF - chmod 644 ${pp_wrkdir}/${name}/usr/share/lintian/overrides/${name} -%endif - -%if [rpm] - # Add distro info to release - osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,2\}\).*/\1/'` - case "$pp_rpm_distro" in - centos*|rhel*|f[0-9]*) - pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}" - ;; - sles*) - pp_rpm_release="$pp_rpm_release.sles$osrelease" - ;; - esac - - # Uncomment some Defaults in sudoers - # Note that the order must match that of sudoers. - case "$pp_rpm_distro" in - centos*|rhel*|f[0-9]*) - chmod u+w ${pp_destdir}${sudoersdir}/sudoers - /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF' - /Locale settings/+1,s/^# // - /Desktop path settings/+1,s/^# // - /allow members of group wheel to execute any command/+1,s/^# // - w - q - EOF - chmod u-w ${pp_destdir}${sudoersdir}/sudoers - ;; - sles*) - chmod u+w ${pp_destdir}${sudoersdir}/sudoers - /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF' - /Locale settings/+1,s/^# // - /ConsoleKit session/+1,s/^# // - /allow any user to run sudo if they know the password/+2,s/^# // - /allow any user to run sudo if they know the password/+3,s/^# // - w - q - EOF - chmod u-w ${pp_destdir}${sudoersdir}/sudoers - ;; - esac - - # For RedHat the doc dir is expected to include version and release - case "$pp_rpm_distro" in - centos*|rhel*|f[0-9]*) - rhel_docdir="${docdir}-${pp_rpm_version}-${pp_rpm_release}" - if test "`dirname ${exampledir}`" = "${docdir}"; then - exampledir="${rhel_docdir}/`basename ${exampledir}`" - fi - mv "${pp_destdir}/${docdir}" "${pp_destdir}/${rhel_docdir}" - docdir="${rhel_docdir}" - ;; - esac - - # Choose the correct PAM file by distro, must be tab indented for "<<-" - case "$pp_rpm_distro" in - centos*|rhel*) - mkdir -p ${pp_destdir}/etc/pam.d - if test $osrelease -lt 50; then - cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF - #%PAM-1.0 - auth required pam_stack.so service=system-auth - account required pam_stack.so service=system-auth - password required pam_stack.so service=system-auth - session required pam_limits.so - EOF - else - cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF - #%PAM-1.0 - auth include system-auth - account include system-auth - password include system-auth - session optional pam_keyinit.so revoke - session required pam_limits.so - EOF - cat > ${pp_destdir}/etc/pam.d/sudo-i <<-EOF - #%PAM-1.0 - auth include sudo - account include sudo - password include sudo - session optional pam_keyinit.so force revoke - session required pam_limits.so - EOF - fi - ;; - f[0-9]*) - # XXX - share with rhel - mkdir -p ${pp_destdir}/etc/pam.d - cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF - #%PAM-1.0 - auth include system-auth - account include system-auth - password include system-auth - session optional pam_keyinit.so revoke - session required pam_limits.so - EOF - cat > ${pp_destdir}/etc/pam.d/sudo-i <<-EOF - #%PAM-1.0 - auth include sudo - account include sudo - password include sudo - session optional pam_keyinit.so force revoke - session required pam_limits.so - EOF - ;; - sles*) - mkdir -p ${pp_destdir}/etc/pam.d - if test $osrelease -lt 10; then - cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF - #%PAM-1.0 - auth required pam_unix2.so - session required pam_limits.so - EOF - else - cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF - #%PAM-1.0 - auth include common-auth - account include common-account - password include common-password - session include common-session - # session optional pam_xauth.so - EOF - fi - ;; - esac -%endif - -%if [deb] - # Uncomment some Defaults and the %sudo rule in sudoers - # Note that the order must match that of sudoers and be tab-indented. - chmod u+w ${pp_destdir}${sudoersdir}/sudoers - /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF' - /Locale settings/+1,s/^# // - /X11 resource/+1,s/^# // - /^# \%sudo/,s/^# // - /^# Defaults secure_path/,s/^# // - /^# Defaults mail_badpass/,s/^# // - w - q - EOF - chmod u-w ${pp_destdir}${sudoersdir}/sudoers - mkdir -p ${pp_destdir}/etc/pam.d - cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF - #%PAM-1.0 - - @include common-auth - @include common-account - - session required pam_permit.so - session required pam_limits.so - EOF -%endif - -%if [macos] - pp_macos_pkg_type=flat - pp_macos_bundle_id=ws.sudo.pkg.sudo - pp_macos_pkg_license=${pp_destdir}$docdir/LICENSE - pp_macos_pkg_readme=${pp_wrkdir}/ReadMe.txt - perl -pe 'last if (/^What/i && $seen++)' ${pp_destdir}$docdir/NEWS > ${pp_wrkdir}/ReadMe.txt -%endif - -%if X"$aix_freeware" = X"true" - # Create links from /opt/freeware/{bin,sbin} -> /usr/{bin.sbin} - mkdir -p ${pp_destdir}/usr/bin ${pp_destdir}/usr/sbin - ln -s -f ${bindir}/cvtsudoers ${pp_destdir}/usr/bin - ln -s -f ${bindir}/sudo ${pp_destdir}/usr/bin - ln -s -f ${bindir}/sudoedit ${pp_destdir}/usr/bin - ln -s -f ${bindir}/sudoreplay ${pp_destdir}/usr/bin - ln -s -f ${sbindir}/visudo ${pp_destdir}/usr/sbin -%endif - - # Package parent directories when not installing under /usr - if test "${prefix}" != "/usr"; then - extradirs=`echo ${pp_destdir}/${mandir}/[mc]* | sed "s#${pp_destdir}/##g"` - extradirs="$extradirs `dirname $docdir` `dirname $rundir` `dirname $vardir`" - test "`dirname $exampledir`" != "$docdir" && extradirs="$extradirs `dirname $exampledir`" - test -d ${pp_destdir}${localedir} && extradirs="$extradirs $localedir" - for dir in $bindir $sbindir $libexecdir $includedir $extradirs; do - while test "$dir" != "/"; do - parentdirs="${parentdirs}${parentdirs+ }$dir/" - dir=`dirname $dir` - done - done - parentdirs=`echo $parentdirs | tr " " "\n" | sort -u` - fi - -%depend [deb] - libc6, libpam0g, libpam-modules, zlib1g, libselinux1 - -%fixup [deb] - # Add Conflicts, Replaces headers and add libldap depedency as needed. - DEPENDS="%{linux_audit}" - if test -z "%{flavor}"; then - echo "Conflicts: sudo-ldap" >> %{pp_wrkdir}/%{name}/DEBIAN/control - echo "Replaces: sudo-ldap" >> %{pp_wrkdir}/%{name}/DEBIAN/control - elif test "%{flavor}" = "ldap"; then - echo "Conflicts: sudo" >> %{pp_wrkdir}/%{name}/DEBIAN/control - echo "Replaces: sudo" >> %{pp_wrkdir}/%{name}/DEBIAN/control - echo "Provides: sudo" >> %{pp_wrkdir}/%{name}/DEBIAN/control - DEPENDS="${DEPENDS}, libldap-2.4-2" - fi - cp -p %{pp_wrkdir}/%{name}/DEBIAN/control %{pp_wrkdir}/%{name}/DEBIAN/control.$$ - sed "s/^\(Depends:.*\) *$/\1, ${DEPENDS}/" %{pp_wrkdir}/%{name}/DEBIAN/control.$$ > %{pp_wrkdir}/%{name}/DEBIAN/control - rm -f %{pp_wrkdir}/%{name}/DEBIAN/control.$$ - echo "Homepage: https://www.sudo.ws" >> %{pp_wrkdir}/%{name}/DEBIAN/control - echo "Bugs: https://bugzilla.sudo.ws" >> %{pp_wrkdir}/%{name}/DEBIAN/control - -%files -%if X"$parentdirs" != X"" - $parentdirs - -%endif - $bindir/cvtsudoers 0755 root: - $bindir/sudo 4755 root: - $bindir/sudoedit 0755 root: symlink sudo - $bindir/sudoreplay 0755 - $sbindir/visudo 0755 - $includedir/sudo_plugin.h 0644 - $libexecdir/sudo/ 0755 - $libexecdir/sudo/sesh 0755 optional,ignore-others - $libexecdir/sudo/* $shlib_mode optional - $sudoersdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid - $rundir/ 0711 root: - $vardir/ 0711 root: ignore-others - $vardir/lectured/ 0700 root: - $docdir/ 0755 -%if [deb] - $docdir/LICENSE ignore,ignore-others - $docdir/ChangeLog ignore,ignore-others -%endif - $exampledir/ 0755 ignore-others - $exampledir/* 0644 ignore-others - $docdir/** 0644 - $localedir/*/ - optional - $localedir/*/LC_MESSAGES/ - optional - $localedir/*/LC_MESSAGES/* 0644 optional - /etc/pam.d/* 0644 volatile,optional -%if [rpm,deb] - $sudoersdir/sudoers $sudoers_mode $sudoers_uid:$sudoers_gid volatile -%else - $sudoersdir/sudoers.dist $sudoers_mode $sudoers_uid:$sudoers_gid -%endif -%if X"$aix_freeware" = X"true" - # Links for binaries from /opt/freeware to /usr - /usr/bin/cvtsudoers 0755 root: symlink $bindir/cvtsudoers - /usr/bin/sudo 0755 root: symlink $bindir/sudo - /usr/bin/sudoedit 0755 root: symlink $bindir/sudoedit - /usr/bin/sudoreplay 0755 root: symlink $bindir/sudoreplay - /usr/sbin/visudo 0755 root: symlink $sbindir/visudo -%endif -%if [rpm] - /etc/rc.d/init.d/sudo 0755 root: optional -%endif -%if [aix] - /etc/rc.d/ ignore - /etc/rc.d/rc2.d/ ignore - /etc/rc.d/rc2.d/** ignore - /etc/rc.d/init.d/ ignore - /etc/rc.d/init.d/sudo 0755 root: -%endif -%if [sd] - /sbin/ ignore - /sbin/rc2.d/ ignore - /sbin/rc2.d/** ignore - /sbin/init.d/ ignore - /sbin/init.d/sudo 0755 root: -%endif - -%files [!aix] - $mandir/man*/* 0644 - $sudoedit_man 0644 symlink,ignore-others $sudoedit_man_target - -%files [aix] - # Some versions use catpages, some use manpages. - $mandir/cat*/* 0644 optional - $mandir/man*/* 0644 optional - $sudoedit_man 0644 symlink,ignore-others $sudoedit_man_target - -%pre [aix] - if rpm -q %{name} >/dev/null 2>&1; then - echo "Another version of sudo is currently installed via rpm." 2>&1 - echo "Please either uninstall the rpm version of sudo by running \"rpm -e sudo\"" 2>&1 - echo "or upgrade the existing version of sudo using the .rpm packagae instead" 2>&1 - echo "instead of the .bff package." 2>&1 - echo "" 2>&1 - echo "Note that you may need to pass rpm the --oldpackage flag when upgrading" 2>&1 - echo "the AIX Toolbox version of sudo to the latest sudo rpm from sudo.ws." 2>&1 - echo "" 2>&1 - exit 1 - fi - -%post [!rpm,deb] - # Don't overwrite an existing sudoers file -%if [solaris] - sudoersdir=${PKG_INSTALL_ROOT}%{sudoersdir} -%else - sudoersdir=%{sudoersdir} -%endif - if test ! -r $sudoersdir/sudoers; then - cp $sudoersdir/sudoers.dist $sudoersdir/sudoers - chmod %{sudoers_mode} $sudoersdir/sudoers - chown %{sudoers_uid} $sudoersdir/sudoers - chgrp %{sudoers_gid} $sudoersdir/sudoers - fi - -%post [deb] - set -e - - # dpkg-deb does not maintain the mode on the sudoers file, and - # installs it 0640 when sudo requires 0440 - chmod %{sudoers_mode} %{sudoersdir}/sudoers - - # create symlink to ease transition to new path for ldap config - # if old config file exists and new one doesn't - if test X"%{flavor}" = X"ldap" -a \ - -r /etc/ldap/ldap.conf -a ! -r /etc/sudo-ldap.conf; then - ln -s /etc/ldap/ldap.conf /etc/sudo-ldap.conf - fi - - # Debian uses a sudo group in its default sudoers file - perl -e ' - exit 0 if getgrnam("sudo"); - $gid = 27; # default debian sudo gid - setgrent(); - while (getgrgid($gid)) { $gid++; } - if ($gid != 27) { - print "On Debian we normally use gid 27 for \"sudo\".\n"; - $gname = getgrgid(27); - print "However, on your system gid 27 is group \"$gname\".\n\n"; - print "Would you like me to stop configuring sudo so that you can change this? [n] "; - $ans = ; - if ($ans =~ /^[yY]/) { - print "\"dpkg --pending --configure\" will restart the configuration.\n\n"; - exit 1; - } - } - print "Creating group \"sudo\" with gid = $gid\n"; - system("groupadd -g $gid sudo"); - exit 0; - ' - -%post [rpm] - case "%{pp_rpm_distro}" in - aix*) - # Create /etc/rc.d/rc2.d/S90sudo link if possible - if [ -d /etc/rc.d/rc2.d ]; then - rm -f /etc/rc.d/rc2.d/S90sudo - ln -s /etc/rc.d/init.d/sudo /etc/rc.d/rc2.d/S90sudo - fi - ;; - esac - -%post [rpm,deb] - # Create /usr/lib/tmpfiles.d/sudo.conf if systemd is configured. - if [ -f /usr/lib/tmpfiles.d/systemd.conf ]; then - cat > /usr/lib/tmpfiles.d/sudo.conf <<-EOF - # Create an empty sudo time stamp directory on OSes using systemd. - # Sudo will create the directory itself but this can cause problems - # on systems that have SELinux enabled since the directories will be - # created with the user's security context. - d %{rundir} 0711 root root - D %{rundir}/ts 0700 root root - EOF - fi - -%post [aix] - # Create /etc/rc.d/rc2.d/S90sudo link if /etc/rc.d exists - if [ -d /etc/rc.d ]; then - rm -f /etc/rc.d/rc2.d/S90sudo - ln -s /etc/rc.d/init.d/sudo /etc/rc.d/rc2.d/S90sudo - fi - -%post [sd] - # Create /sbin/rc2.d/S900sudo link - rm -f /sbin/rc2.d/S900sudo - ln -s /sbin/init.d/sudo /sbin/rc2.d/S900sudo - -%preun - # Remove the time stamp dir and its contents - # We currently leave the lecture status files installed - rm -rf %{rundir}/ts -%if [deb] - set -e - - # Remove the /etc/ldap/ldap.conf -> /etc/sudo-ldap.conf symlink if - # it matches what we created in the postinstall script. - if test X"%{flavor}" = X"ldap" -a \ - X"`readlink /etc/sudo-ldap.conf 2>/dev/null`" = X"/etc/ldap/ldap.conf"; then - rm -f /etc/sudo-ldap.conf - fi - - # Remove systemd tmpfile config - rm -f /usr/lib/tmpfiles.d/sudo.conf -%endif -%if [rpm] - case "%{pp_rpm_distro}" in - aix*) - # Remove /etc/rc.d/rc2.d/S90sudo link - rm -f /etc/rc.d/rc2.d/S90sudo - ;; - *) - # Remove systemd tmpfile config - rm -f /usr/lib/tmpfiles.d/sudo.conf - ;; - esac -%endif -%if [aix] - # Remove /etc/rc.d/rc2.d/S90sudo link - rm -f /etc/rc.d/rc2.d/S90sudo -%endif -%if [sd] - # Remove /sbin/rc2.d/S900sudo link - rm -f /sbin/rc2.d/S900sudo -%endif